Improve packaging practices

conf/systemd-beat.service

@@ -1,10 +1,9 @@
 [Unit]
 Description=GPodder-beat
-After=network.target postgresql.service redis.service
+After=network.target postgresql.service redis.service __APP__.scoket
 
 
 [Service]
-Type=basic
 User=__APP__
 Group=__APP__
 WorkingDirectory=__FINALPATH__

conf/systemd-celery.service

@@ -1,10 +1,9 @@
 [Unit]
 Description=GPodder-celery
-After=network.target postgresql.service redis.service
+After=network.target postgresql.service redis.service __APP__.socket
 
 
 [Service]
-Type=basic
 User=__APP__
 Group=__APP__
 WorkingDirectory=__FINALPATH__

manifest.json

@@ -6,7 +6,7 @@
         "en": "Manage podcast subscriptions, and sync them between apps and devices",
         "fr": "Gérez vos sousciptions balado, et sychronisez-lez entre vos applis et appareils"
     },
-    "version": "2.11.1~ynh3",
+    "version": "2.11.1~ynh4",
     "url": "https://github.com/gpodder/mygpo",
     "license": "AGPL-3.0-only",
     "maintainer": {

scripts/_common.sh

@@ -10,6 +10,59 @@ pkg_dependencies="acl python3 python3-pip python3-venv postgresql postgresql-con
 # PERSONAL HELPERS
 #=================================================
 
+function set_permissions {
+	mkdir -p $data_path
+
+	env_path=$final_path/envs/prod
+	mkdir -p $env_path
+
+	chown -R $app:$app $data_path
+	chmod o-rwx $data_path
+	setfacl -n -R -m u:www-data:rx -m d:u:www-data:rx $data_path
+
+	chown -R root:$app $final_path
+	chmod -R g=u,g-w,o-rwx $final_path
+	setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $final_path
+	setfacl -n -R -m user:www-data:- -m default:user:www-data:- $final_path/envs
+}
+
+function set_up_virtualenv {
+	env_path=$final_path/envs/prod
+	mkdir -p $env_path
+
+	pushd $final_path || ynh_die
+		chown -R $app:$app $final_path
+		sudo -u $app python3 -m venv $final_path/venv
+		sudo -u $app $final_path/venv/bin/pip --cache-dir $final_path/.cache/pip install -U wheel pip --cache-dir $final_path/.cache/pip setuptools
+		sudo -u $app $final_path/venv/bin/pip --cache-dir $final_path/.cache/pip install -U --requirement $final_path/requirements.txt
+		sudo -u $app $final_path/venv/bin/pip --cache-dir $final_path/.cache/pip install -U --requirement $final_path/requirements-setup.txt
+		sudo -u $app $final_path/venv/bin/pip --cache-dir $final_path/.cache/pip install -U --requirement $final_path/requirements-ynh.txt
+		set_permissions
+	popd || ynh_dies
+}
+
+function initialize_db {
+	pushd $final_path || ynh_die
+		chown -R $app:$app $final_path
+		perform_db_migrations
+		sudo -u $app $final_path/venv/bin/envdir $env_path $final_path/venv/bin/python $final_path/manage.py createsuperuser --username "$admin" --email "$admin_email" --noinput -v 0
+		set_permissions
+	popd || ynh_die
+}
+
+function upgrade_db {
+	pushd $final_path || ynh_die
+		chown -R $app:$app $final_path
+		perform_db_migrations
+		set_permissions
+	popd || ynh_die
+}
+
+function perform_db_migrations {
+	sudo -u $app $final_path/venv/bin/envdir $env_path $final_path/venv/bin/python $final_path/manage.py makemigrations
+	sudo -u $app $final_path/venv/bin/envdir $env_path $final_path/venv/bin/python $final_path/manage.py migrate
+}
+
 #=================================================
 # EXPERIMENTAL HELPERS
 #=================================================

scripts/backup

@@ -26,6 +26,7 @@ ynh_print_info --message="Loading installation settings..."
 app=$YNH_APP_INSTANCE_NAME
 
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
+final_path=$(ynh_app_setting_get --app=$app --key=data_path)
 domain=$(ynh_app_setting_get --app=$app --key=domain)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 
@@ -34,7 +35,6 @@ db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 #=================================================
 ynh_print_info --message="Declaring files to be backed up..."
 
-
 #=================================================
 # BACKUP THE APP MAIN DIR
 #=================================================

scripts/change_url

@@ -54,7 +54,7 @@ fi
 #=================================================
 # STANDARD MODIFICATIONS
 #=================================================
-# STOP SYSTEMD SERVICE
+# STOP SYSTEMD SERVICES
 #=================================================
 ynh_script_progression --message="Stopping systemd services..." --weight=1
 
@@ -87,10 +87,12 @@ echo $new_domain > $final_path/envs/prod/DEFAULT_BASE_URL
 echo "$app@$new_domain" > $final_path/envs/prod/DEFAULT_FROM_EMAIL
 echo "$app@$new_domain" > $final_path/envs/prod/SERVER_EMAIL
 
+set_permissions
+
 #=================================================
 # GENERIC FINALISATION
 #=================================================
-# START SYSTEMD SERVICE
+# START SYSTEMD SERVICES
 #=================================================
 ynh_script_progression --message="Starting systemd services..." --weight=1
 

scripts/install

@@ -39,6 +39,9 @@ ynh_script_progression --message="Validating installation parameters..." --weigh
 final_path=/opt/yunohost/$app
 test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
 
+data_path=/home/yunohost.app/$app
+test ! -e "$data_path" || ynh_die --message="This path already contains a folder"
+
 # Register (book) web path
 ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
 
@@ -62,6 +65,14 @@ ynh_script_progression --message="Installing dependencies..." --weight=3
 
 ynh_install_app_dependencies $pkg_dependencies
 
+#=================================================
+# CREATE DEDICATED USER
+#=================================================
+ynh_script_progression --message="Configuring system user..." --weight=1
+
+# Create a q user
+ynh_system_user_create --username=$app
+
 #=================================================
 # CREATE A POSTGRESQL DATABASE
 #=================================================
@@ -69,11 +80,9 @@ ynh_script_progression --message="Creating a PostgreSQL database..."
 
 db_name=$(ynh_sanitize_dbid --db_name=$app)
 db_user=$db_name
-db_pwd=$(ynh_string_random --length=30)
 ynh_app_setting_set --app=$app --key=db_name --value=$db_name
-ynh_app_setting_set --app=$app --key=db_pwd --value=$db_pwd
 ynh_psql_test_if_first_run
-ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
+ynh_psql_setup_db --db_user=$db_user --db_name=$db_name
 ynh_psql_execute_as_root --sql="ALTER ROLE $db_user SET statement_timeout = 5000;" --database=$db_name
 
 #=================================================
@@ -82,9 +91,12 @@ ynh_psql_execute_as_root --sql="ALTER ROLE $db_user SET statement_timeout = 5000
 ynh_script_progression --message="Setting up source files..." --weight=1
 
 ynh_app_setting_set --app=$app --key=final_path --value=$final_path
+ynh_app_setting_set --app=$app --key=data_path --value=$data_path
 # Download, check integrity, uncompress and patch the source from app.src
 ynh_setup_source --dest_dir="$final_path"
 
+set_permissions
+
 #=================================================
 # NGINX CONFIGURATION
 #=================================================
@@ -93,43 +105,13 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=1
 # Create a dedicated NGINX config
 ynh_add_nginx_config
 
-#=================================================
-# CREATE DEDICATED USER
-#=================================================
-ynh_script_progression --message="Configuring system user..." --weight=1
-
-# Create a q user
-ynh_system_user_create --username=$app
-
 #=================================================
 # SPECIFIC SETUP
-#=================================================
-# CREATE THE DATA DIRECTORY
-#=================================================
-ynh_script_progression --message="Creating the data directory..."
-
-# Define app's data directory
-datadir="/home/yunohost.app/${app}"
-mkdir $datadir
-
-ynh_app_setting_set --app=$app --key=datadir --value="$datadir"
-
-# Give permission to the datadir
-chown -R $app:$app $datadir
-chmod o-rwx $datadir
-setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $datadir
-
-ynh_app_setting_set --app=$app --key=datadir --value="$datadir"
-
 #=================================================
 # ENVDIR CONFIGURATION
 #=================================================
 ynh_script_progression --message="Building configuration..." --weight=1
 
-env_path=$final_path/envs/prod
-
-mkdir -p $env_path
-
 echo "$admin <$admin_email>" > $env_path/ADMINS
 echo "None" > $env_path/BROKER_POOL_LIMIT
 echo "redis://localhost:6379" > $env_path/BROKER_URL
@@ -138,7 +120,7 @@ echo False > $env_path/DEBUG
 echo $domain > $env_path/DEFAULT_BASE_URL
 echo "$app@$domain" > $env_path/DEFAULT_FROM_EMAIL
 echo "django.core.mail.backends.console.EmailBackend" > $env_path/EMAIL_BACKEND
-echo "$datadir" > $env_path/MEDIA_ROOT
+echo "$data_path" > $env_path/MEDIA_ROOT
 echo $secret_key > $env_path/SECRET_KEY
 echo "$app@$domain" > $env_path/SERVER_EMAIL
 echo $staff_token > $env_path/STAFF_TOKEN
@@ -148,26 +130,12 @@ echo $staff_token > $env_path/STAFF_TOKEN
 #=================================================
 ynh_script_progression --message="Initializing Python virtualenv..." --weight=20
 
-pushd $final_path || ynh_die
-	chown -R $app:$app $final_path
-	sudo -u $app python3 -m venv $final_path/venv
-	sudo -u $app $final_path/venv/bin/pip --cache-dir $final_path/.cache/pip install -U wheel pip --cache-dir $final_path/.cache/pip setuptools
-	sudo -u $app $final_path/venv/bin/pip --cache-dir $final_path/.cache/pip install -U --requirement $final_path/requirements.txt
-	sudo -u $app $final_path/venv/bin/pip --cache-dir $final_path/.cache/pip install -U --requirement $final_path/requirements-setup.txt
-	sudo -u $app $final_path/venv/bin/pip --cache-dir $final_path/.cache/pip install -U --requirement $final_path/requirements-ynh.txt
-	chown -R root:root $final_path
-popd || ynh_die
+set_up_virtualenv
 
 #=================================================
 # INITIALIZE DATABASE
 #=================================================
-pushd $final_path || ynh_die
-	chown -R $app:$app $final_path
-	sudo -u $app $final_path/venv/bin/envdir $env_path $final_path/venv/bin/python $final_path/manage.py makemigrations
-	sudo -u $app $final_path/venv/bin/envdir $env_path $final_path/venv/bin/python $final_path/manage.py migrate
-	sudo -u $app $final_path/venv/bin/envdir $env_path $final_path/venv/bin/python $final_path/manage.py createsuperuser --username "$admin" --email "$admin_email" --noinput -v 0
-	chown -R root:root $final_path
-popd || ynh_die
+initialize_db
 
 #=================================================
 # SETUP SYSTEMD
@@ -185,15 +153,6 @@ systemctl daemon-reload --quiet
 
 #=================================================
 # GENERIC FINALIZATION
-#=================================================
-# SECURE FILES AND DIRECTORIES
-#=================================================
-# Set permissions to app files
-chown -R root:$app $final_path
-chmod -R g=u,g-w,o-rwx $final_path
-setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $final_path
-setfacl -n -R -m user:www-data:- -m default:user:www-data:- $final_path/envs
-
 #=================================================
 # INTEGRATE SERVICE IN YUNOHOST
 #=================================================

scripts/remove

@@ -19,7 +19,7 @@ domain=$(ynh_app_setting_get --app=$app --key=domain)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 db_user=$db_name
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
-datadir=$(ynh_app_setting_get --app=$app --key=datadir)
+data_path=$(ynh_app_setting_get --app=$app --key=data_path)
 
 #=================================================
 # STANDARD REMOVE
@@ -48,6 +48,7 @@ systemctl daemon-reload --quiet
 ynh_remove_systemd_config
 ynh_remove_systemd_config -s $app-celery
 ynh_remove_systemd_config -s $app-beat
+
 #=================================================
 # REMOVE THE POSTGRESQL DATABASE
 #=================================================
@@ -87,10 +88,10 @@ ynh_remove_nginx_config
 #=================================================
 
 # Remove the log files
-ynh_secure_remove --file="/var/log/$app/"
+ynh_secure_remove --file="/var/log/$app"
 
 # Remove data dir
-ynh_secure_remove --file="$datadir"
+ynh_secure_remove --file="$data_path"
 
 #=================================================
 # GENERIC FINALIZATION

scripts/restore

@@ -30,7 +30,7 @@ path_url=$(ynh_app_setting_get --app=$app --key=path)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 db_user="$db_name"
-datadir=$(ynh_app_setting_get --app=$app --key=datadir)
+data_path=$(ynh_app_setting_get --app=$app --key=data_path)
 
 #=================================================
 # CHECK IF THE APP CAN BE RESTORED
@@ -42,6 +42,9 @@ ynh_webpath_available --domain=$domain --path_url=$path_url \
 test ! -d $final_path \
 	|| ynh_die --message="There is already a directory: $final_path "
 
+test ! -d $data_path \
+	|| ynh_die --message="There is already a directory: $data_path "
+
 #=================================================
 # STANDARD RESTORATION STEPS
 #=================================================
@@ -49,13 +52,6 @@ test ! -d $final_path \
 #=================================================
 ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
 
-#=================================================
-# RESTORE THE APP MAIN DIR
-#=================================================
-ynh_script_progression --message="Restoring the app main directory..." --weight=1
-
-ynh_restore_file --origin_path="$final_path"
-
 #=================================================
 # RECREATE THE DEDICATED USER
 #=================================================
@@ -64,12 +60,19 @@ ynh_script_progression --message="Recreating the dedicated system user..." --wei
 # Create the dedicated user (if not existing)
 ynh_system_user_create --username=$app
 
+#=================================================
+# RESTORE THE APP MAIN DIR
+#=================================================
+ynh_script_progression --message="Restoring the app main directory..." --weight=1
+
+ynh_restore_file --origin_path="$final_path"
+
 #=================================================
 # RESTORE DATA DIR
 #=================================================
 ynh_script_progression --message="Restoring the app data directory..."
 
-ynh_restore_file --origin_path="$datadir" --not_mandatory
+ynh_restore_file --origin_path="$data_path" --not_mandatory
 
 #=================================================
 # REINSTALL DEPENDENCIES
@@ -83,13 +86,7 @@ ynh_install_app_dependencies $pkg_dependencies
 # RESTORE USER RIGHTS
 #=================================================
 # Restore permissions on app files
-chown -R root:$app $final_path
-chmod -R g=u,g-w,o-rwx $final_path
-setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $final_path
-setfacl -n -R -m user:www-data:- -m default:user:www-data:- $final_path/envs
-chown -R $app:$app $datadir
-chmod o-rwx $datadir
-setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $datadir
+set_permissions
 
 #=================================================
 # SPECIFIC RESTORATION
@@ -99,7 +96,7 @@ setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $datadir
 ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=1
 
 ynh_psql_test_if_first_run
-db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
+db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
 ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd
 ynh_psql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql
 

scripts/upgrade

@@ -18,13 +18,25 @@ app=$YNH_APP_INSTANCE_NAME
 domain=$(ynh_app_setting_get --app=$app --key=domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
-datadir=$(ynh_app_setting_get --app=$app --key=datadir)
+data_path=$(ynh_app_setting_get --app=$app --key=data_path)
 
 #=================================================
 # CHECK VERSION
 #=================================================
 upgrade_type=$(ynh_check_app_version_changed)
 
+#=================================================
+# ENSURE DOWNWARD COMPATIBILITY
+#=================================================
+ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1
+
+if [ -z "$data_path" ]; then
+	data_path=$(ynh_app_setting_get --app=$app --key=datadir)
+	ynh_app_setting_set --app=$app --key=data_path --value=$data_path
+	ynh_app_setting_delete --app=$app --key=datadir
+	ynh_app_setting_delete --app=$app --key=db_pwd
+fi
+
 #=================================================
 # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
 #=================================================
@@ -42,7 +54,7 @@ ynh_abort_if_errors
 #=================================================
 # STANDARD UPGRADE STEPS
 #=================================================
-# STOP SYSTEMD SERVICE
+# STOP SYSTEMD SERVICES
 #=================================================
 ynh_script_progression --message="Stopping systemd services..." --weight=1
 
@@ -56,6 +68,13 @@ systemctl disable $app --quiet
 systemctl disable $app-beat --quiet
 systemctl disable $app-celery --quiet
 
+#=================================================
+# UPGRADE DEPENDENCIES
+#=================================================
+ynh_script_progression --message="Upgrading dependencies..." --weight=1
+
+ynh_install_app_dependencies $pkg_dependencies
+
 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE
 #=================================================
@@ -67,6 +86,8 @@ then
 	ynh_setup_source --dest_dir="$final_path"
 fi
 
+set_permissions
+
 #=================================================
 # NGINX CONFIGURATION
 #=================================================
@@ -75,13 +96,6 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." -
 # Create a dedicated NGINX config
 ynh_add_nginx_config
 
-#=================================================
-# UPGRADE DEPENDENCIES
-#=================================================
-ynh_script_progression --message="Upgrading dependencies..." --weight=1
-
-ynh_install_app_dependencies $pkg_dependencies
-
 #=================================================
 # CREATE DEDICATED USER
 #=================================================
@@ -97,30 +111,14 @@ ynh_system_user_create --username=$app
 #=================================================
 ynh_script_progression --message="Upgrading Python virtualenv..." --weight=2
 
-env_path=$final_path/envs/prod
-mkdir -p $env_path
-
-pushd $final_path || ynh_die
-	chown -R $app:$app $final_path
-	sudo -u $app python3 -m venv $final_path/venv
-	sudo -u $app $final_path/venv/bin/pip --cache-dir $final_path/.cache/pip install -U wheel pip --cache-dir $final_path/.cache/pip setuptools
-	sudo -u $app $final_path/venv/bin/pip --cache-dir $final_path/.cache/pip install -U --requirement $final_path/requirements.txt
-	sudo -u $app $final_path/venv/bin/pip --cache-dir $final_path/.cache/pip install -U --requirement $final_path/requirements-setup.txt
-	sudo -u $app $final_path/venv/bin/pip --cache-dir $final_path/.cache/pip install -U --requirement $final_path/requirements-ynh.txt
-	chown -R root:root $final_path
-popd || ynh_die
+set_up_virtualenv
 
 #=================================================
 # PERFORM DATABASE MIGRATIONS
 #=================================================
 ynh_script_progression --message="Performing database migrations..." --weight=2
 
-pushd $final_path || ynh_die
-	chown -R $app:$app $final_path
-	sudo -u $app $final_path/venv/bin/envdir $env_path $final_path/venv/bin/python $final_path/manage.py makemigrations
-	sudo -u $app $final_path/venv/bin/envdir $env_path $final_path/venv/bin/python $final_path/manage.py migrate
-	chown -R root:root $final_path
-popd || ynh_die
+upgrade_db
 
 #=================================================
 # SETUP SYSTEMD
@@ -138,19 +136,6 @@ systemctl daemon-reload --quiet
 
 #=================================================
 # GENERIC FINALIZATION
-#=================================================
-# SECURE FILES AND DIRECTORIES
-#=================================================
-
-# Set permissions on app files
-chown -R root:$app $final_path
-chmod -R g=u,g-w,o-rwx $final_path
-setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $final_path
-setfacl -n -R -m user:www-data:- -m default:user:www-data:- $final_path/envs
-chown -R $app:$app $datadir
-chmod o-rwx $datadir
-setfacl -n -R -m user:www-data:rx -m default:user:www-data:rx $datadir
-
 #=================================================
 # INTEGRATE SERVICE IN YUNOHOST
 #=================================================