From 635368b11c5aeb6eba396ea3cb75c48216f5aff6 Mon Sep 17 00:00:00 2001 From: Jules Bertholet Date: Sat, 17 Apr 2021 12:21:01 -0400 Subject: [PATCH] Improve packaging practices --- conf/systemd-beat.service | 3 +- conf/systemd-celery.service | 3 +- manifest.json | 2 +- scripts/_common.sh | 53 +++++++++++++++++++++++++ scripts/backup | 2 +- scripts/change_url | 6 ++- scripts/install | 77 +++++++++---------------------------- scripts/remove | 7 ++-- scripts/restore | 31 +++++++-------- scripts/upgrade | 65 ++++++++++++------------------- 10 files changed, 122 insertions(+), 127 deletions(-) diff --git a/conf/systemd-beat.service b/conf/systemd-beat.service index 877956c..c2709bd 100644 --- a/conf/systemd-beat.service +++ b/conf/systemd-beat.service @@ -1,10 +1,9 @@ [Unit] Description=GPodder-beat -After=network.target postgresql.service redis.service +After=network.target postgresql.service redis.service __APP__.scoket [Service] -Type=basic User=__APP__ Group=__APP__ WorkingDirectory=__FINALPATH__ diff --git a/conf/systemd-celery.service b/conf/systemd-celery.service index 3a008eb..5c39756 100644 --- a/conf/systemd-celery.service +++ b/conf/systemd-celery.service @@ -1,10 +1,9 @@ [Unit] Description=GPodder-celery -After=network.target postgresql.service redis.service +After=network.target postgresql.service redis.service __APP__.socket [Service] -Type=basic User=__APP__ Group=__APP__ WorkingDirectory=__FINALPATH__ diff --git a/manifest.json b/manifest.json index 6a45f0c..fb88c7f 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Manage podcast subscriptions, and sync them between apps and devices", "fr": "GĂ©rez vos sousciptions balado, et sychronisez-lez entre vos applis et appareils" }, - "version": "2.11.1~ynh3", + "version": "2.11.1~ynh4", "url": "https://github.com/gpodder/mygpo", "license": "AGPL-3.0-only", "maintainer": { diff --git a/scripts/_common.sh b/scripts/_common.sh index d9d72e1..146de15 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -10,6 +10,59 @@ pkg_dependencies="acl python3 python3-pip python3-venv postgresql postgresql-con # PERSONAL HELPERS #================================================= +function set_permissions { + mkdir -p $data_path + + env_path=$final_path/envs/prod + mkdir -p $env_path + + chown -R $app:$app $data_path + chmod o-rwx $data_path + setfacl -n -R -m u:www-data:rx -m d:u:www-data:rx $data_path + + chown -R root:$app $final_path + chmod -R g=u,g-w,o-rwx $final_path + setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $final_path + setfacl -n -R -m user:www-data:- -m default:user:www-data:- $final_path/envs +} + +function set_up_virtualenv { + env_path=$final_path/envs/prod + mkdir -p $env_path + + pushd $final_path || ynh_die + chown -R $app:$app $final_path + sudo -u $app python3 -m venv $final_path/venv + sudo -u $app $final_path/venv/bin/pip --cache-dir $final_path/.cache/pip install -U wheel pip --cache-dir $final_path/.cache/pip setuptools + sudo -u $app $final_path/venv/bin/pip --cache-dir $final_path/.cache/pip install -U --requirement $final_path/requirements.txt + sudo -u $app $final_path/venv/bin/pip --cache-dir $final_path/.cache/pip install -U --requirement $final_path/requirements-setup.txt + sudo -u $app $final_path/venv/bin/pip --cache-dir $final_path/.cache/pip install -U --requirement $final_path/requirements-ynh.txt + set_permissions + popd || ynh_dies +} + +function initialize_db { + pushd $final_path || ynh_die + chown -R $app:$app $final_path + perform_db_migrations + sudo -u $app $final_path/venv/bin/envdir $env_path $final_path/venv/bin/python $final_path/manage.py createsuperuser --username "$admin" --email "$admin_email" --noinput -v 0 + set_permissions + popd || ynh_die +} + +function upgrade_db { + pushd $final_path || ynh_die + chown -R $app:$app $final_path + perform_db_migrations + set_permissions + popd || ynh_die +} + +function perform_db_migrations { + sudo -u $app $final_path/venv/bin/envdir $env_path $final_path/venv/bin/python $final_path/manage.py makemigrations + sudo -u $app $final_path/venv/bin/envdir $env_path $final_path/venv/bin/python $final_path/manage.py migrate +} + #================================================= # EXPERIMENTAL HELPERS #================================================= diff --git a/scripts/backup b/scripts/backup index d739d98..9bcb0e4 100755 --- a/scripts/backup +++ b/scripts/backup @@ -26,6 +26,7 @@ ynh_print_info --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME final_path=$(ynh_app_setting_get --app=$app --key=final_path) +final_path=$(ynh_app_setting_get --app=$app --key=data_path) domain=$(ynh_app_setting_get --app=$app --key=domain) db_name=$(ynh_app_setting_get --app=$app --key=db_name) @@ -34,7 +35,6 @@ db_name=$(ynh_app_setting_get --app=$app --key=db_name) #================================================= ynh_print_info --message="Declaring files to be backed up..." - #================================================= # BACKUP THE APP MAIN DIR #================================================= diff --git a/scripts/change_url b/scripts/change_url index 4f143eb..e3f6270 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -54,7 +54,7 @@ fi #================================================= # STANDARD MODIFICATIONS #================================================= -# STOP SYSTEMD SERVICE +# STOP SYSTEMD SERVICES #================================================= ynh_script_progression --message="Stopping systemd services..." --weight=1 @@ -87,10 +87,12 @@ echo $new_domain > $final_path/envs/prod/DEFAULT_BASE_URL echo "$app@$new_domain" > $final_path/envs/prod/DEFAULT_FROM_EMAIL echo "$app@$new_domain" > $final_path/envs/prod/SERVER_EMAIL +set_permissions + #================================================= # GENERIC FINALISATION #================================================= -# START SYSTEMD SERVICE +# START SYSTEMD SERVICES #================================================= ynh_script_progression --message="Starting systemd services..." --weight=1 diff --git a/scripts/install b/scripts/install index e92777a..5c2897b 100755 --- a/scripts/install +++ b/scripts/install @@ -39,6 +39,9 @@ ynh_script_progression --message="Validating installation parameters..." --weigh final_path=/opt/yunohost/$app test ! -e "$final_path" || ynh_die --message="This path already contains a folder" +data_path=/home/yunohost.app/$app +test ! -e "$data_path" || ynh_die --message="This path already contains a folder" + # Register (book) web path ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url @@ -62,6 +65,14 @@ ynh_script_progression --message="Installing dependencies..." --weight=3 ynh_install_app_dependencies $pkg_dependencies +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." --weight=1 + +# Create a q user +ynh_system_user_create --username=$app + #================================================= # CREATE A POSTGRESQL DATABASE #================================================= @@ -69,11 +80,9 @@ ynh_script_progression --message="Creating a PostgreSQL database..." db_name=$(ynh_sanitize_dbid --db_name=$app) db_user=$db_name -db_pwd=$(ynh_string_random --length=30) ynh_app_setting_set --app=$app --key=db_name --value=$db_name -ynh_app_setting_set --app=$app --key=db_pwd --value=$db_pwd ynh_psql_test_if_first_run -ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd +ynh_psql_setup_db --db_user=$db_user --db_name=$db_name ynh_psql_execute_as_root --sql="ALTER ROLE $db_user SET statement_timeout = 5000;" --database=$db_name #================================================= @@ -82,9 +91,12 @@ ynh_psql_execute_as_root --sql="ALTER ROLE $db_user SET statement_timeout = 5000 ynh_script_progression --message="Setting up source files..." --weight=1 ynh_app_setting_set --app=$app --key=final_path --value=$final_path +ynh_app_setting_set --app=$app --key=data_path --value=$data_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" +set_permissions + #================================================= # NGINX CONFIGURATION #================================================= @@ -93,43 +105,13 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=1 # Create a dedicated NGINX config ynh_add_nginx_config -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." --weight=1 - -# Create a q user -ynh_system_user_create --username=$app - #================================================= # SPECIFIC SETUP -#================================================= -# CREATE THE DATA DIRECTORY -#================================================= -ynh_script_progression --message="Creating the data directory..." - -# Define app's data directory -datadir="/home/yunohost.app/${app}" -mkdir $datadir - -ynh_app_setting_set --app=$app --key=datadir --value="$datadir" - -# Give permission to the datadir -chown -R $app:$app $datadir -chmod o-rwx $datadir -setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $datadir - -ynh_app_setting_set --app=$app --key=datadir --value="$datadir" - #================================================= # ENVDIR CONFIGURATION #================================================= ynh_script_progression --message="Building configuration..." --weight=1 -env_path=$final_path/envs/prod - -mkdir -p $env_path - echo "$admin <$admin_email>" > $env_path/ADMINS echo "None" > $env_path/BROKER_POOL_LIMIT echo "redis://localhost:6379" > $env_path/BROKER_URL @@ -138,7 +120,7 @@ echo False > $env_path/DEBUG echo $domain > $env_path/DEFAULT_BASE_URL echo "$app@$domain" > $env_path/DEFAULT_FROM_EMAIL echo "django.core.mail.backends.console.EmailBackend" > $env_path/EMAIL_BACKEND -echo "$datadir" > $env_path/MEDIA_ROOT +echo "$data_path" > $env_path/MEDIA_ROOT echo $secret_key > $env_path/SECRET_KEY echo "$app@$domain" > $env_path/SERVER_EMAIL echo $staff_token > $env_path/STAFF_TOKEN @@ -148,26 +130,12 @@ echo $staff_token > $env_path/STAFF_TOKEN #================================================= ynh_script_progression --message="Initializing Python virtualenv..." --weight=20 -pushd $final_path || ynh_die - chown -R $app:$app $final_path - sudo -u $app python3 -m venv $final_path/venv - sudo -u $app $final_path/venv/bin/pip --cache-dir $final_path/.cache/pip install -U wheel pip --cache-dir $final_path/.cache/pip setuptools - sudo -u $app $final_path/venv/bin/pip --cache-dir $final_path/.cache/pip install -U --requirement $final_path/requirements.txt - sudo -u $app $final_path/venv/bin/pip --cache-dir $final_path/.cache/pip install -U --requirement $final_path/requirements-setup.txt - sudo -u $app $final_path/venv/bin/pip --cache-dir $final_path/.cache/pip install -U --requirement $final_path/requirements-ynh.txt - chown -R root:root $final_path -popd || ynh_die +set_up_virtualenv #================================================= # INITIALIZE DATABASE #================================================= -pushd $final_path || ynh_die - chown -R $app:$app $final_path - sudo -u $app $final_path/venv/bin/envdir $env_path $final_path/venv/bin/python $final_path/manage.py makemigrations - sudo -u $app $final_path/venv/bin/envdir $env_path $final_path/venv/bin/python $final_path/manage.py migrate - sudo -u $app $final_path/venv/bin/envdir $env_path $final_path/venv/bin/python $final_path/manage.py createsuperuser --username "$admin" --email "$admin_email" --noinput -v 0 - chown -R root:root $final_path -popd || ynh_die +initialize_db #================================================= # SETUP SYSTEMD @@ -185,15 +153,6 @@ systemctl daemon-reload --quiet #================================================= # GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= -# Set permissions to app files -chown -R root:$app $final_path -chmod -R g=u,g-w,o-rwx $final_path -setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $final_path -setfacl -n -R -m user:www-data:- -m default:user:www-data:- $final_path/envs - #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= diff --git a/scripts/remove b/scripts/remove index fd67bed..ad142e9 100755 --- a/scripts/remove +++ b/scripts/remove @@ -19,7 +19,7 @@ domain=$(ynh_app_setting_get --app=$app --key=domain) db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_user=$db_name final_path=$(ynh_app_setting_get --app=$app --key=final_path) -datadir=$(ynh_app_setting_get --app=$app --key=datadir) +data_path=$(ynh_app_setting_get --app=$app --key=data_path) #================================================= # STANDARD REMOVE @@ -48,6 +48,7 @@ systemctl daemon-reload --quiet ynh_remove_systemd_config ynh_remove_systemd_config -s $app-celery ynh_remove_systemd_config -s $app-beat + #================================================= # REMOVE THE POSTGRESQL DATABASE #================================================= @@ -87,10 +88,10 @@ ynh_remove_nginx_config #================================================= # Remove the log files -ynh_secure_remove --file="/var/log/$app/" +ynh_secure_remove --file="/var/log/$app" # Remove data dir -ynh_secure_remove --file="$datadir" +ynh_secure_remove --file="$data_path" #================================================= # GENERIC FINALIZATION diff --git a/scripts/restore b/scripts/restore index c4bb4c2..ac949b3 100755 --- a/scripts/restore +++ b/scripts/restore @@ -30,7 +30,7 @@ path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_user="$db_name" -datadir=$(ynh_app_setting_get --app=$app --key=datadir) +data_path=$(ynh_app_setting_get --app=$app --key=data_path) #================================================= # CHECK IF THE APP CAN BE RESTORED @@ -42,6 +42,9 @@ ynh_webpath_available --domain=$domain --path_url=$path_url \ test ! -d $final_path \ || ynh_die --message="There is already a directory: $final_path " +test ! -d $data_path \ + || ynh_die --message="There is already a directory: $data_path " + #================================================= # STANDARD RESTORATION STEPS #================================================= @@ -49,13 +52,6 @@ test ! -d $final_path \ #================================================= ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" -#================================================= -# RESTORE THE APP MAIN DIR -#================================================= -ynh_script_progression --message="Restoring the app main directory..." --weight=1 - -ynh_restore_file --origin_path="$final_path" - #================================================= # RECREATE THE DEDICATED USER #================================================= @@ -64,12 +60,19 @@ ynh_script_progression --message="Recreating the dedicated system user..." --wei # Create the dedicated user (if not existing) ynh_system_user_create --username=$app +#================================================= +# RESTORE THE APP MAIN DIR +#================================================= +ynh_script_progression --message="Restoring the app main directory..." --weight=1 + +ynh_restore_file --origin_path="$final_path" + #================================================= # RESTORE DATA DIR #================================================= ynh_script_progression --message="Restoring the app data directory..." -ynh_restore_file --origin_path="$datadir" --not_mandatory +ynh_restore_file --origin_path="$data_path" --not_mandatory #================================================= # REINSTALL DEPENDENCIES @@ -83,13 +86,7 @@ ynh_install_app_dependencies $pkg_dependencies # RESTORE USER RIGHTS #================================================= # Restore permissions on app files -chown -R root:$app $final_path -chmod -R g=u,g-w,o-rwx $final_path -setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $final_path -setfacl -n -R -m user:www-data:- -m default:user:www-data:- $final_path/envs -chown -R $app:$app $datadir -chmod o-rwx $datadir -setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $datadir +set_permissions #================================================= # SPECIFIC RESTORATION @@ -99,7 +96,7 @@ setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $datadir ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=1 ynh_psql_test_if_first_run -db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd) +db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd ynh_psql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql diff --git a/scripts/upgrade b/scripts/upgrade index d6624f3..6e15cf1 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -18,13 +18,25 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) -datadir=$(ynh_app_setting_get --app=$app --key=datadir) +data_path=$(ynh_app_setting_get --app=$app --key=data_path) #================================================= # CHECK VERSION #================================================= upgrade_type=$(ynh_check_app_version_changed) +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= +ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1 + +if [ -z "$data_path" ]; then + data_path=$(ynh_app_setting_get --app=$app --key=datadir) + ynh_app_setting_set --app=$app --key=data_path --value=$data_path + ynh_app_setting_delete --app=$app --key=datadir + ynh_app_setting_delete --app=$app --key=db_pwd +fi + #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= @@ -42,7 +54,7 @@ ynh_abort_if_errors #================================================= # STANDARD UPGRADE STEPS #================================================= -# STOP SYSTEMD SERVICE +# STOP SYSTEMD SERVICES #================================================= ynh_script_progression --message="Stopping systemd services..." --weight=1 @@ -56,6 +68,13 @@ systemctl disable $app --quiet systemctl disable $app-beat --quiet systemctl disable $app-celery --quiet +#================================================= +# UPGRADE DEPENDENCIES +#================================================= +ynh_script_progression --message="Upgrading dependencies..." --weight=1 + +ynh_install_app_dependencies $pkg_dependencies + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -67,6 +86,8 @@ then ynh_setup_source --dest_dir="$final_path" fi +set_permissions + #================================================= # NGINX CONFIGURATION #================================================= @@ -75,13 +96,6 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." - # Create a dedicated NGINX config ynh_add_nginx_config -#================================================= -# UPGRADE DEPENDENCIES -#================================================= -ynh_script_progression --message="Upgrading dependencies..." --weight=1 - -ynh_install_app_dependencies $pkg_dependencies - #================================================= # CREATE DEDICATED USER #================================================= @@ -97,30 +111,14 @@ ynh_system_user_create --username=$app #================================================= ynh_script_progression --message="Upgrading Python virtualenv..." --weight=2 -env_path=$final_path/envs/prod -mkdir -p $env_path - -pushd $final_path || ynh_die - chown -R $app:$app $final_path - sudo -u $app python3 -m venv $final_path/venv - sudo -u $app $final_path/venv/bin/pip --cache-dir $final_path/.cache/pip install -U wheel pip --cache-dir $final_path/.cache/pip setuptools - sudo -u $app $final_path/venv/bin/pip --cache-dir $final_path/.cache/pip install -U --requirement $final_path/requirements.txt - sudo -u $app $final_path/venv/bin/pip --cache-dir $final_path/.cache/pip install -U --requirement $final_path/requirements-setup.txt - sudo -u $app $final_path/venv/bin/pip --cache-dir $final_path/.cache/pip install -U --requirement $final_path/requirements-ynh.txt - chown -R root:root $final_path -popd || ynh_die +set_up_virtualenv #================================================= # PERFORM DATABASE MIGRATIONS #================================================= ynh_script_progression --message="Performing database migrations..." --weight=2 -pushd $final_path || ynh_die - chown -R $app:$app $final_path - sudo -u $app $final_path/venv/bin/envdir $env_path $final_path/venv/bin/python $final_path/manage.py makemigrations - sudo -u $app $final_path/venv/bin/envdir $env_path $final_path/venv/bin/python $final_path/manage.py migrate - chown -R root:root $final_path -popd || ynh_die +upgrade_db #================================================= # SETUP SYSTEMD @@ -138,19 +136,6 @@ systemctl daemon-reload --quiet #================================================= # GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= - -# Set permissions on app files -chown -R root:$app $final_path -chmod -R g=u,g-w,o-rwx $final_path -setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $final_path -setfacl -n -R -m user:www-data:- -m default:user:www-data:- $final_path/envs -chown -R $app:$app $datadir -chmod o-rwx $datadir -setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $datadir - #================================================= # INTEGRATE SERVICE IN YUNOHOST #=================================================