diff --git a/README.md b/README.md index 0160f1e..5b8a14b 100644 --- a/README.md +++ b/README.md @@ -20,8 +20,7 @@ Nextcloud Hub is a fully open-source on-premises content collaboration platform. ### YunoHost-specific features -In addition to Nextcloud core features, the following are made available with -this package: +In addition to Nextcloud core features, the following are made available with this package: * Integrate with YunoHost users and SSO - i.e. logout button * Allow one user to be the administrator (set at the installation) @@ -30,7 +29,7 @@ this package: * Serve `/.well-known` paths for CalDAV and CardDAV on the domain only if it's not already served - i.e. by Baïkal -**Shipped version:** 27.1.4~ynh1 +**Shipped version:** 28.0.1~ynh1 **Demo:** https://demo.nextcloud.com/ @@ -38,25 +37,6 @@ this package: ![Screenshot of Nextcloud](./doc/screenshots/screenshot.png) -## Disclaimers / important information - -### Configure ONLYOFFICE integration - -#### With Nextcloud App (no ARM support, lower performance) - -Starting from Nextcloud 18, it features a direct integration of ONLYOFFICE (an online rich text document editor) through a Nextcloud app. -To install and configure it: -- Install *Community Document Server* application in your Nextcloud. That's the part that runs ONLYOFFICE server. -- Install *ONLYOFFICE* application. That's the client part that will connect to an ONLYOFFICE server. -- Then in Settings -> ONLYOFFICE (`https://yourdomain.tld/nextcloud/settings/admin/onlyoffice`), if you want to configure which file formats should be opened by ONLYOFFICE. -- Here you go :) You should be able to create new type of documents and open them. - -*NB: ONLYOFFICE Nextcloud App is only available for x86 architecture - for **ARM** architecture (Raspberry Pi, OLinuXino...), consider the YunoHost App below* - -#### With YunoHost App (ARM64 support, better performance) - -For better performance and ARM64 support, install ONLYOFFICE YunoHost App and connect it to Nextcloud, see the tutorial in the [doc of onlyoffice_ynh package](https://github.com/YunoHost-Apps/onlyoffice_ynh/blob/master/README_fr.md#configuration-de-onlyoffice-server) - ## Documentation and resources * Official app website: diff --git a/README_fr.md b/README_fr.md index 6dd2462..8b6334c 100644 --- a/README_fr.md +++ b/README_fr.md @@ -29,7 +29,7 @@ En plus des fonctionnalités principales de Nextcloud, les fonctionnalités suiv * Utilise l'adresse `/.well-known` pour la synchronisation CalDAV et CardDAV du domaine si aucun autre service ne l'utilise déjà - par exemple, Baïkal -**Version incluse :** 27.1.4~ynh1 +**Version incluse :** 28.0.1~ynh1 **Démo :** https://demo.nextcloud.com/ @@ -37,25 +37,6 @@ En plus des fonctionnalités principales de Nextcloud, les fonctionnalités suiv ![Capture d’écran de Nextcloud](./doc/screenshots/screenshot.png) -## Avertissements / informations importantes - -### Configurer l'intégration d'ONLYOFFICE - -#### Avec l'application Nextcloud (pas de support ARM, performances limitées) - -À partir de sa version 18, Nextcloud inclut une intégration directe de ONLYOFFICE (un éditeur de texte enrichi en ligne) via une application Nextcloud. -Pour l'installer et la configurer : -- Installez l'application *Community Document Server* dans votre Nextcloud. C'est la partie qui fait tourner un serveur ONLYOFFICE. -- Installez l'application *ONLYOFFICE*. C'est la partie cliente qui va se connecter au serveur ONLYOFFICE. -- Ensuite dans les Paramètres -> ONLYOFFICE (`https://yourdomain.tld/nextcloud/settings/admin/onlyoffice`), si vous voulez configurer quels formats de fichier s'ouvrent avec ONLYOFFICE. -- Et voilà :) Vous devriez pouvoir créer de nouveaux types de documents, et les ouvrir. - -*NB : l'app Nextcloud ONLYOFFICE Community Document Server n'est disponible que sous architecture x86 - Pour un support de l'architecture **ARM** (Raspberry Pi, OLinuXino...), installez plutôt l'App YunoHost, voir ci-dessous* - -#### Avec l'application YunoHost (support ARM64, meilleures performances) - -Pour de meilleures performances et le support de ARM64, installez l'app YunoHost ONLYOFFICE, voir le tutoriel dans la [doc du paquet onlyoffice_ynh](https://github.com/YunoHost-Apps/onlyoffice_ynh/blob/master/README_fr.md#configuration-de-onlyoffice-server) - ## Documentations et ressources * Site officiel de l’app : diff --git a/check_process b/check_process deleted file mode 100644 index 2d2adce..0000000 --- a/check_process +++ /dev/null @@ -1,27 +0,0 @@ -;; Test complet - ; Manifest - domain="domain.tld" - path="/path" - admin="homer" - is_public=1 - user_home="1" - ; Checks - pkg_linter=1 - setup_sub_dir=1 - setup_root=1 - setup_nourl=0 - setup_private=1 - setup_public=1 - upgrade=1 - #26.0.3 - upgrade=1 from_commit=d02166a533dcf8aa82d49dbb6a3a2dd9a7411812 - backup_restore=1 - multi_instance=1 - change_url=1 -;;; Options -Email= -Notification=none -;;; Upgrade options - ; commit=d02166a533dcf8aa82d49dbb6a3a2dd9a7411812 - name=Merge pull request #495 from 26.0.3 - manifest_arg=domain=DOMAIN&path=PATH&admin=USER&user_home=1& diff --git a/conf/config.json b/conf/config.json index 9e1c8f0..1cd7f95 100644 --- a/conf/config.json +++ b/conf/config.json @@ -13,7 +13,23 @@ }, "hashing_default_password": true, "localstorage.allowsymlinks": true, - "simpleSignUpLink.shown": false + "simpleSignUpLink.shown": false, + "mail_smtpmode": "smtp", + "mail_smtpport": "25", + "mail_smtpauth": 1, + "mail_smtpname": "__APP__", + "mail_smtppassword": "__MAIL_PWD__", + "mail_sendmailmode": "smtp", + "mail_from_address": "__APP__", + "mail_domain": "__DOMAIN__", + "mail_smtphost": "localhost", + "mail_smtpstreamoptions": { + "ssl": { + "allow_self_signed": true, + "verify_peer": false, + "verify_peer_name": false + } + } }, "apps": { "user_ldap": { diff --git a/conf/config_install.json b/conf/config_install.json index 10db7cf..616c276 100644 --- a/conf/config_install.json +++ b/conf/config_install.json @@ -1,9 +1,9 @@ -{ - "system": { - "datadirectory": "__DATADIR__", - "trusted_domains": [ - "localhost", - "__DOMAIN__" - ] - } -} +{ + "system": { + "datadirectory": "__DATA_DIR__/data/", + "trusted_domains": [ + "localhost", + "__DOMAIN__" + ] + } +} diff --git a/conf/extra_php-fpm.conf b/conf/extra_php-fpm.conf index feee90b..fd92447 100644 --- a/conf/extra_php-fpm.conf +++ b/conf/extra_php-fpm.conf @@ -14,7 +14,7 @@ php_value[opcache.interned_strings_buffer]=32 php_value[opcache.max_accelerated_files]=10000 php_value[opcache.memory_consumption]=128 php_value[opcache.save_comments]=1 -php_value[opcache.revalidate_freq]=1 +php_value[opcache.revalidate_freq]=60 ; https://docs.nextcloud.com/server/latest/admin_manual/configuration_server/caching_configuration.html#id1 php_value[apc.enabled]=1 php_value[apc.enable_cli]=1 diff --git a/conf/nextcloud.cron b/conf/nextcloud.cron index a2be7ed..31bfe2f 100644 --- a/conf/nextcloud.cron +++ b/conf/nextcloud.cron @@ -1 +1 @@ -*/5 * * * * __APP__ /usr/bin/php__PHPVERSION__ --define apc.enable_cli=1 -f __FINAL_PATH__/cron.php +*/5 * * * * __APP__ /usr/bin/php__PHPVERSION__ --define apc.enable_cli=1 -f __INSTALL_DIR__/cron.php diff --git a/conf/nginx.conf b/conf/nginx.conf index d8c5a82..9ab915b 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,3 +1,12 @@ +# Add .mjs as a file extension for javascript +# Either include it in the default mime.types list +# or include you can include that list explicitly and add the file extension +# only for Nextcloud like below: +include mime.types; +types { + text/javascript js mjs; +} + location ^~ /.well-known { # The following 6 rules are borrowed from `.htaccess` @@ -9,29 +18,21 @@ location ^~ /.well-known { location = /.well-known/carddav { return 301 __PATH__/remote.php/dav/; } location = /.well-known/caldav { return 301 __PATH__/remote.php/dav/; } - location = /.well-known/webfinger { return 301 __PATH__/index.php$uri; } + location = /.well-known/webfinger { return 301 __PATH__/index.php$request_uri; } location = /.well-known/nodeinfo { return 301 __PATH__/index.php$uri; } - try_files $uri $uri/ =404; + # Let Nextcloud's API for `/.well-known` URIs handle all other + # requests by passing them to the front-end controller. + return 301 __PATH__/index.php$request_uri; } #sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; location ^~ __PATH__/ { # Path to source - alias __FINALPATH__/; + alias __INSTALL_DIR__/; - # Add headers to serve security related headers - more_set_headers "Strict-Transport-Security: max-age=15768000; includeSubDomains; preload;"; - more_set_headers "Referrer-Policy: no-referrer"; - more_set_headers "X-Content-Type-Options: nosniff"; - more_set_headers "X-Download-Options: noopen"; - more_set_headers "X-Frame-Options: SAMEORIGIN"; - more_set_headers "X-Permitted-Cross-Domain-Policies: none"; - more_set_headers "X-Robots-Tag: noindex, nofollow"; - more_set_headers "X-XSS-Protection: 1; mode=block"; - - # Set max upload size + # set max upload size and increase upload timeout: client_max_body_size 10G; client_body_timeout 300s; fastcgi_buffers 64 4K; @@ -53,6 +54,16 @@ location ^~ __PATH__/ { # for tunning hints client_body_buffer_size 512k; + # HTTP response headers borrowed from Nextcloud `.htaccess` + more_set_headers "Strict-Transport-Security: max-age=15768000; includeSubDomains; preload;"; + more_set_headers "Referrer-Policy: no-referrer"; + more_set_headers "X-Content-Type-Options: nosniff"; + more_set_headers "X-Download-Options: noopen"; + more_set_headers "X-Frame-Options: SAMEORIGIN"; + more_set_headers "X-Permitted-Cross-Domain-Policies: none"; + more_set_headers "X-Robots-Tag: noindex, nofollow"; + more_set_headers "X-XSS-Protection: 1; mode=block"; + # Remove X-Powered-By, which is an information leak fastcgi_hide_header X-Powered-By; @@ -80,7 +91,7 @@ location ^~ __PATH__/ { log_not_found off; access_log off; } - + # Rules borrowed from `.htaccess` to hide certain paths from clients location ~ ^__PATH__/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } location ~ ^__PATH__/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } @@ -91,8 +102,6 @@ location ^~ __PATH__/ { # `/nextcloud/index.php` to the URI, resulting in a HTTP 500 error response. location ~ \.php(?:$|/) { # Required for legacy support - # https://github.com/nextcloud/documentation/pull/2197#issuecomment-721432337 - # This line fix the ldap admin page rewrite ^__PATH__/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|ocs-provider\/.+|.+\/richdocumentscode\/proxy) __PATH__/index.php$request_uri; fastcgi_split_path_info ^(.+?\.php)(/.*)$; @@ -107,10 +116,19 @@ location ^~ __PATH__/ { fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice fastcgi_param front_controller_active true; # Enable pretty urls - fastcgi_param HTTP_ACCEPT_ENCODING ""; # Disable encoding of nextcloud response to inject ynh scripts + fastcgi_param HTTP_ACCEPT_ENCODING ""; # Disable encoding of Nextcloud response to inject ynh scripts fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; + fastcgi_intercept_errors on; fastcgi_request_buffering off; + + fastcgi_read_timeout 600; + fastcgi_send_timeout 600; + fastcgi_connect_timeout 600; + proxy_connect_timeout 600; + proxy_send_timeout 600; + proxy_read_timeout 600; + send_timeout 600; } location ~ ^__PATH__/(?:updater|ocs-provider)(?:$|/) { @@ -118,6 +136,7 @@ location ^~ __PATH__/ { index index.php; } + # Serve static files location ~ \.(?:css|js|mjs|svg|gif|png|jpg|ico|wasm|tflite|map)$ { try_files $uri / __PATH__/index.php$request_uri; expires 6M; # Cache-Control policy borrowed from `.htaccess` @@ -134,8 +153,13 @@ location ^~ __PATH__/ { access_log off; # Optional: Don't log access to assets } + # Rule borrowed from `.htaccess` + location __PATH__/remote { + return 301 __PATH__/remote.php$request_uri; + } + location ~ / { - if ($request_method ~ ^(PUT|DELETE|PATCH)$) { + if ($request_method ~ ^(PUT|DELETE|PATCH|PROPFIND|PROPPATCH)$) { rewrite ^ __PATH__/index.php$request_uri last; } try_files $uri / __PATH__/index.php$request_uri; diff --git a/doc/ADMIN.md b/doc/ADMIN.md new file mode 100644 index 0000000..e9b7da8 --- /dev/null +++ b/doc/ADMIN.md @@ -0,0 +1,24 @@ +### Manually running Nextcloud commands + +You can run Nextcloud commands from the command line using: + +``` +sudo -u __APP__ php__YNH_PHP_VERSION__ --define apc.enable_cli=1 __INSTALL_DIR__/occ ... +``` + +Alternatively, you may open a 'Nextcloud shell' with `sudo yunohost app shell __APP__`, then run `php occ ...` + +### ONLYOFFICE integration + +ONLYOFFICE is an online rich text document editor which can be integrated in Nextcloud + +#### With YunoHost App (ARM64 support, better performance) + +For better performance and ARM64 support (Raspberry Pi, OLinuXino...), install the [OnlyOffice YunoHost app](https://apps.yunohost.org/app/onlyoffice) and connect it to Nextcloud, see the tutorial in the [doc of onlyoffice_ynh package](https://github.com/YunoHost-Apps/onlyoffice_ynh/blob/master/README_fr.md#configuration-de-onlyoffice-server) + +#### Alternative: With Nextcloud App (no ARM support, lower performance) + +Nextcloud features a direct integration of ONLYOFFICE through a Nextcloud app. +- Install *Community Document Server* application in your Nextcloud. That's the part that runs ONLYOFFICE server. +- Install *ONLYOFFICE* application. That's the client part that will connect to an ONLYOFFICE server. +- Then in Settings -> ONLYOFFICE (`https://__DOMAIN____PATH__/settings/admin/onlyoffice`), if you want to configure which file formats should be opened by ONLYOFFICE. diff --git a/doc/ADMIN_fr.md b/doc/ADMIN_fr.md new file mode 100644 index 0000000..85445bd --- /dev/null +++ b/doc/ADMIN_fr.md @@ -0,0 +1,24 @@ +### Exécuter manuellement des commandes Nextcloud + +Vous pouvez lancer des commandes Nextcloud depuis la ligne de commande avec: + +``` +sudo -u __APP__ php__YNH_PHP_VERSION__ --define apc.enable_cli=1 __INSTALL_DIR__/occ ... +``` + +Ou bien, vous pouvez ouvrir un "shell Nextcloud" avec `sudo yunohost app shell __APP__`, puis lancer `php occ ...` + +### Intégration d'ONLYOFFICE + +ONLYOFFICE est un éditeur de texte enrichi en ligne qui peut s'intégrer dans Nextcloud + +#### Avec l'application YunoHost (support ARM64, meilleures performances) + +Pour de meilleures performances et le support de ARM64 (Raspberry Pi, OLinuXino...), installez l'[app YunoHost OnlyOffice](https://apps.yunohost.org/app/onlyoffice), puis connectez-la à Nextcloud : voir le tutoriel dans la [doc du paquet onlyoffice_ynh](https://github.com/YunoHost-Apps/onlyoffice_ynh/blob/master/README_fr.md#configuration-de-onlyoffice-server) + +#### Alternative: avec l'application Nextcloud (pas de support ARM, performances limitées) + +Nextcloud inclut une intégration directe via une application Nextcloud. +- Installez l'application *Community Document Server* dans votre Nextcloud. C'est la partie qui fait tourner un serveur ONLYOFFICE. +- Installez l'application *ONLYOFFICE*. C'est la partie cliente qui va se connecter au serveur ONLYOFFICE. +- Ensuite dans les Paramètres -> ONLYOFFICE (`https://__DOMAIN____PATH__/settings/admin/onlyoffice`), si vous voulez configurer quels formats de fichier s'ouvrent avec ONLYOFFICE. diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md index 4a3dbc8..3d35dc4 100644 --- a/doc/DESCRIPTION.md +++ b/doc/DESCRIPTION.md @@ -2,8 +2,7 @@ Nextcloud Hub is a fully open-source on-premises content collaboration platform. ### YunoHost-specific features -In addition to Nextcloud core features, the following are made available with -this package: +In addition to Nextcloud core features, the following are made available with this package: * Integrate with YunoHost users and SSO - i.e. logout button * Allow one user to be the administrator (set at the installation) diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md deleted file mode 100644 index a6d6711..0000000 --- a/doc/DISCLAIMER.md +++ /dev/null @@ -1,16 +0,0 @@ -### Configure ONLYOFFICE integration - -#### With Nextcloud App (no ARM support, lower performance) - -Starting from Nextcloud 18, it features a direct integration of ONLYOFFICE (an online rich text document editor) through a Nextcloud app. -To install and configure it: -- Install *Community Document Server* application in your Nextcloud. That's the part that runs ONLYOFFICE server. -- Install *ONLYOFFICE* application. That's the client part that will connect to an ONLYOFFICE server. -- Then in Settings -> ONLYOFFICE (`https://yourdomain.tld/nextcloud/settings/admin/onlyoffice`), if you want to configure which file formats should be opened by ONLYOFFICE. -- Here you go :) You should be able to create new type of documents and open them. - -*NB: ONLYOFFICE Nextcloud App is only available for x86 architecture - for **ARM** architecture (Raspberry Pi, OLinuXino...), consider the YunoHost App below* - -#### With YunoHost App (ARM64 support, better performance) - -For better performance and ARM64 support, install ONLYOFFICE YunoHost App and connect it to Nextcloud, see the tutorial in the [doc of onlyoffice_ynh package](https://github.com/YunoHost-Apps/onlyoffice_ynh/blob/master/README_fr.md#configuration-de-onlyoffice-server) diff --git a/doc/DISCLAIMER_fr.md b/doc/DISCLAIMER_fr.md deleted file mode 100644 index 2110000..0000000 --- a/doc/DISCLAIMER_fr.md +++ /dev/null @@ -1,16 +0,0 @@ -### Configurer l'intégration d'ONLYOFFICE - -#### Avec l'application Nextcloud (pas de support ARM, performances limitées) - -À partir de sa version 18, Nextcloud inclut une intégration directe de ONLYOFFICE (un éditeur de texte enrichi en ligne) via une application Nextcloud. -Pour l'installer et la configurer : -- Installez l'application *Community Document Server* dans votre Nextcloud. C'est la partie qui fait tourner un serveur ONLYOFFICE. -- Installez l'application *ONLYOFFICE*. C'est la partie cliente qui va se connecter au serveur ONLYOFFICE. -- Ensuite dans les Paramètres -> ONLYOFFICE (`https://yourdomain.tld/nextcloud/settings/admin/onlyoffice`), si vous voulez configurer quels formats de fichier s'ouvrent avec ONLYOFFICE. -- Et voilà :) Vous devriez pouvoir créer de nouveaux types de documents, et les ouvrir. - -*NB : l'app Nextcloud ONLYOFFICE Community Document Server n'est disponible que sous architecture x86 - Pour un support de l'architecture **ARM** (Raspberry Pi, OLinuXino...), installez plutôt l'App YunoHost, voir ci-dessous* - -#### Avec l'application YunoHost (support ARM64, meilleures performances) - -Pour de meilleures performances et le support de ARM64, installez l'app YunoHost ONLYOFFICE, voir le tutoriel dans la [doc du paquet onlyoffice_ynh](https://github.com/YunoHost-Apps/onlyoffice_ynh/blob/master/README_fr.md#configuration-de-onlyoffice-server) diff --git a/doc/POST_UPGRADE.md b/doc/POST_UPGRADE.md new file mode 100644 index 0000000..b0a56e5 --- /dev/null +++ b/doc/POST_UPGRADE.md @@ -0,0 +1 @@ +Note that if you've installed any third-party Nextcloud applications, they have probably been disabled. If so, you'll need to manually enable them again. diff --git a/doc/POST_UPGRADE_fr.md b/doc/POST_UPGRADE_fr.md new file mode 100644 index 0000000..9fe2b10 --- /dev/null +++ b/doc/POST_UPGRADE_fr.md @@ -0,0 +1 @@ +Notez que si vous avez installé des applications Nextcloud tierces, elles sont probablement désactivées et vous devrez les réactiver manuellement. \ No newline at end of file diff --git a/hooks/post_user_delete b/hooks/post_user_delete new file mode 100644 index 0000000..d824c12 --- /dev/null +++ b/hooks/post_user_delete @@ -0,0 +1,16 @@ +#!/bin/bash + +source /usr/share/yunohost/helpers + +user="$1" +app="$(basename $0 | cut -d- -f 2-)" # Extract the app name from the script name, which is supposed to be something like "50-app_id" +install_dir=$(ynh_app_setting_get --app=$app --key=install_dir) +phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) + +# Define a function to execute commands with `occ` +exec_occ() { + (cd "$install_dir" && ynh_exec_as "$app" \ + php${phpversion} --define apc.enable_cli=1 occ --no-interaction --no-ansi "$@") +} + +exec_occ user:delete $user diff --git a/manifest.json b/manifest.json deleted file mode 100644 index 6e781ef..0000000 --- a/manifest.json +++ /dev/null @@ -1,70 +0,0 @@ -{ - "id": "nextcloud", - "name": "Nextcloud", - "packaging_format": 1, - "description": { - "en": "Online storage, file sharing platform and various other applications", - "fr": "Stockage en ligne, plateforme de partage de fichiers et diverses autres applications" - }, - "version": "27.1.4~ynh1", - "url": "https://nextcloud.com", - "upstream": { - "license": "AGPL-3.0", - "website": "https://nextcloud.com", - "demo": "https://demo.nextcloud.com/", - "admindoc": "https://docs.nextcloud.com/server/stable/admin_manual/", - "userdoc": "https://docs.nextcloud.com/server/latest/user_manual/en/", - "code": "https://github.com/nextcloud/server", - "cpe": "cpe:2.3:a:nextcloud:nextcloud" - }, - "license": "AGPL-3.0", - "maintainer": { - "name": "kay0u", - "email": "pierre@kayou.io" - }, - "requirements": { - "yunohost": ">= 11.2" - }, - "multi_instance": true, - "services": [ - "nginx", - "php8.1-fpm", - "mysql" - ], - "arguments": { - "install": [ - { - "name": "domain", - "type": "domain" - }, - { - "name": "path", - "type": "path", - "example": "/nextcloud", - "default": "/nextcloud" - }, - { - "name": "admin", - "type": "user" - }, - { - "name": "is_public", - "type": "boolean", - "help": { - "en": "You need to enable public if you want to connect Nextcloud Desktop client to Nextcloud server. This can be changed later via the webadmin.", - "fr": "Vous devez cocher cette case si vous souhaitez connecter le client Nextcloud Desktop au serveur Nextcloud. Cela peut être modifié ultérieurement via l'administrateur Web." - }, - "default": true - }, - { - "name": "user_home", - "type": "boolean", - "ask": { - "en": "Access the users home folder from Nextcloud?", - "fr": "Accéder au dossier personnel des utilisateurs depuis Nextcloud ?" - }, - "default": false - } - ] - } -} diff --git a/manifest.toml b/manifest.toml new file mode 100644 index 0000000..4d53e38 --- /dev/null +++ b/manifest.toml @@ -0,0 +1,80 @@ +packaging_format = 2 + +id = "nextcloud" +name = "Nextcloud" +description.en = "Online storage, file sharing platform and various other applications" +description.fr = "Stockage en ligne, plateforme de partage de fichiers et diverses autres applications" + +version = "28.0.1~ynh1" + +maintainers = ["kay0u"] + +[upstream] +license = "AGPL-3.0" +website = "https://nextcloud.com" +demo = "https://demo.nextcloud.com/" +admindoc = "https://docs.nextcloud.com/server/stable/admin_manual/" +userdoc = "https://docs.nextcloud.com/server/latest/user_manual/en/" +code = "https://github.com/nextcloud/server" +cpe = "cpe:2.3:a:nextcloud:nextcloud" + +[integration] +yunohost = ">= 11.2" +architectures = ["amd64", "arm64", "armhf"] +multi_instance = true + +ldap = true + +sso = true + +disk = "50M" +ram.build = "500M" +ram.runtime = "512M" + +[install] + [install.domain] + type = "domain" + + [install.path] + type = "path" + default = "/nextcloud" + + [install.admin] + type = "user" + + [install.init_main_permission] + help.en = "You must activate 'Visitors' if you want to connect Nextcloud Desktop client to Nextcloud server. This can be changed later via the webadmin." + help.fr = "Vous devez activer 'Visiteurs' si vous souhaitez connecter le client Nextcloud Desktop au serveur Nextcloud. Cela peut être modifié ultérieurement via l'administrateur Web." + type = "group" + default = "visitors" + + [install.user_home] + ask.en = "Access the users home folder from Nextcloud?" + ask.fr = "Accéder au dossier personnel des utilisateurs depuis Nextcloud ?" + type = "boolean" + default = false + +[resources] + [resources.system_user] + allow_email = true + + [resources.install_dir] + + [resources.data_dir] + subdirs = ["data"] + + [resources.permissions] + main.url = "/" + + api.url = "re:__DOMAIN__\\/.well-known\\/.*" + api.auth_header = false + api.show_tile = false + api.protected= true + api.allowed = ["visitors", "all_users"] + + [resources.apt] + packages = "mariadb-server, imagemagick, libmagickcore-6.q16-6-extra, acl, tar, smbclient, at, php8.2-fpm, php8.2-bz2, php8.2-imap, php8.2-gmp, php8.2-gd, php8.2-intl, php8.2-curl, php8.2-apcu, php8.2-redis, php8.2-ldap, php8.2-imagick, php8.2-zip, php8.2-mbstring, php8.2-xml, php8.2-mysql, php8.2-igbinary, php8.2-bcmath" + + [resources.database] + type = "mysql" + \ No newline at end of file diff --git a/scripts/_common.sh b/scripts/_common.sh index 669e9ba..19e6a36 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,12 +4,6 @@ # COMMON VARIABLES #================================================= -YNH_PHP_VERSION="8.2" - -php_dependencies="php${YNH_PHP_VERSION}-fpm php${YNH_PHP_VERSION}-bz2 php${YNH_PHP_VERSION}-imap php${YNH_PHP_VERSION}-gmp php${YNH_PHP_VERSION}-gd php${YNH_PHP_VERSION}-intl php${YNH_PHP_VERSION}-curl php${YNH_PHP_VERSION}-apcu php${YNH_PHP_VERSION}-redis php${YNH_PHP_VERSION}-ldap php${YNH_PHP_VERSION}-imagick php${YNH_PHP_VERSION}-zip php${YNH_PHP_VERSION}-mbstring php${YNH_PHP_VERSION}-xml php${YNH_PHP_VERSION}-mysql php${YNH_PHP_VERSION}-igbinary php${YNH_PHP_VERSION}-bcmath" - -pkg_dependencies="imagemagick libmagickcore-6.q16-6-extra acl tar smbclient at $php_dependencies" - #================================================= # EXPERIMENTAL HELPERS #================================================= @@ -46,7 +40,6 @@ is_url_handled() { fi } - #================================================= # Check available space before creating a temp directory. diff --git a/scripts/backup b/scripts/backup index 6fd1086..924f0bd 100755 --- a/scripts/backup +++ b/scripts/backup @@ -10,26 +10,6 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers source ../settings/scripts/_ynh_mysql_dump_db.sh -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_print_info --message="Loading installation settings..." - -app=$YNH_APP_INSTANCE_NAME - -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -domain=$(ynh_app_setting_get --app=$app --key=domain) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) -datadir=$(ynh_app_setting_get --app=$app --key=datadir) - #================================================= # DECLARE DATA AND CONF FILES TO BACKUP #================================================= @@ -39,7 +19,13 @@ ynh_print_info --message="Declaring files to be backed up..." # BACKUP THE APP MAIN DIR #================================================= -ynh_backup --src_path="$final_path" +ynh_backup --src_path="$install_dir" + +#================================================= +# BACKUP THE DATA DIRECTORY +#================================================= + +ynh_backup --src_path="$data_dir" --is_big #================================================= # BACKUP THE NGINX CONFIGURATION @@ -53,13 +39,6 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" -#================================================= -# BACKUP THE MYSQL DATABASE -#================================================= -ynh_print_info --message="Backing up the MySQL database..." - -ynh_mysql_dump_db --database="$db_name" --default_character_set="utf8mb4" > db.sql - #================================================= # SPECIFIC BACKUP #================================================= @@ -82,11 +61,11 @@ ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" ynh_backup --src_path="/etc/cron.d/$app" #================================================= -# BACKUP THE DATA DIRECTORY +# BACKUP THE MYSQL DATABASE #================================================= -ynh_print_info --message="Backing up data directory..." +ynh_print_info --message="Backing up the MySQL database..." -ynh_backup --src_path="$datadir" --is_big +ynh_mysql_dump_db --database="$db_name" --default_character_set="utf8mb4" > db.sql #================================================= # END OF SCRIPT diff --git a/scripts/change_url b/scripts/change_url index e4e3696..4ba48b3 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -9,132 +9,53 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# RETRIEVE ARGUMENTS -#================================================= - -old_domain=$YNH_APP_OLD_DOMAIN -old_path=$YNH_APP_OLD_PATH - -new_domain=$YNH_APP_NEW_DOMAIN -new_path=$YNH_APP_NEW_PATH - -app=$YNH_APP_INSTANCE_NAME - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." - -# Needed for helper "ynh_add_nginx_config" -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) - -#================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP -#================================================= -ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --weight=1 - -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location. - ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" - - # Restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# CHECK WHICH PARTS SHOULD BE CHANGED -#================================================= - -change_domain=0 -if [ "$old_domain" != "$new_domain" ] -then - change_domain=1 -fi - -change_path=0 -if [ "$old_path" != "$new_path" ] -then - change_path=1 -fi - -#================================================= -# STANDARD MODIFICATIONS #================================================= # MODIFY URL IN NGINX CONF #================================================= ynh_script_progression --message="Updating NGINX web server configuration..." --weight=2 -nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf - -# Change the path in the NGINX config file -if [ $change_path -eq 1 ] -then - # Make a backup of the original NGINX config file if modified - ynh_backup_if_checksum_is_different --file="$nginx_conf_path" - # Set global variables for NGINX helper - domain="$old_domain" - path_url="$new_path" - # Create a dedicated NGINX config - ynh_add_nginx_config -fi - -# Change the domain for NGINX -if [ $change_domain -eq 1 ] -then - # Delete file checksum for the old conf file location - ynh_delete_file_checksum --file="$nginx_conf_path" - mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf - # Store file checksum for the new config file location - ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" -fi +ynh_change_url_nginx_config #================================================= # SPECIFIC MODIFICATIONS #================================================= -ynh_script_progression --message="Applying Nextcloud specific modifications..." --weight=2 +ynh_script_progression --message="Applying $app specific modifications..." --weight=2 # Define a function to execute commands with `occ` exec_occ() { - (cd "$final_path" && ynh_exec_as "$app" \ + (cd "$install_dir" && ynh_exec_as "$app" \ php${phpversion} --define apc.enable_cli=1 occ --no-interaction --no-ansi "$@") } if [ $change_domain -eq 1 ] then - # Change the trusted domain - exec_occ config:system:set trusted_domains 1 --value=$new_domain + # Change the trusted domain + exec_occ config:system:set trusted_domains 1 --value=$new_domain - # Change hostname for activity notifications - exec_occ config:system:set overwrite.cli.url --value="https://${new_domain}" -fi + # Change hostname for activity notifications + exec_occ config:system:set overwrite.cli.url --value="https://${new_domain}${new_path}" -if [ $change_domain -eq 1 ] -then - # Check if .well-known is available for this domain - if is_url_handled --domain="$new_domain" --path="/.well-known/caldav" || is_url_handled --domain="$new_domain" --path="/.well-known/carddav" - then - ynh_print_warn --message="Another app already uses the domain $new_domain to serve a caldav/carddav feature. You may encounter issues when dealing with your calendar or address book." + # Reload php fpm, necessary for force nextcloud to re-read config.php, cf opcache.revalidate_freq + ynh_systemd_action --service_name=php${phpversion}-fpm --action=reload - # Remove lines about .well-known/carddav and caldav with sed. - sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "/etc/nginx/conf.d/$new_domain.d/$app.conf" - ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" - fi + # Check if .well-known is available for this domain + if is_url_handled --domain="$new_domain" --path="/.well-known/caldav" || is_url_handled --domain="$new_domain" --path="/.well-known/carddav" + then + ynh_print_warn --message="Another app already uses the domain $new_domain to serve a CalDAV/CardDAV feature. You may encounter issues when dealing with your calendar or address book." + + # Remove lines about .well-known/carddav and caldav with sed. + sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "/etc/nginx/conf.d/$new_domain.d/$app.conf" + ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" + fi fi #================================================= -# GENERIC FINALISATION +# SETUP SSOWAT #================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." +ynh_script_progression --message="Configuring permissions..." -ynh_systemd_action --service_name=nginx --action=reload +# Temporary fix for the API permission +ynh_permission_url --permission="api" --url="re:$new_domain\/.well-known\/.*" --auth_header="false" --clear_urls #================================================= # END OF SCRIPT diff --git a/scripts/config b/scripts/config index 7b6b67e..1b5e26b 100644 --- a/scripts/config +++ b/scripts/config @@ -24,7 +24,7 @@ current_fpm_footprint=$(ynh_app_setting_get --app=$app --key=fpm_footprint) get__maintenance_mode() { # Maintenance mode status - maintenance_mode_status="$(cd "$final_path" && ynh_exec_as "$app" \ + maintenance_mode_status="$(cd "$install_dir" && ynh_exec_as "$app" \ php${phpversion} --define apc.enable_cli=1 occ --no-interaction --no-ansi maintenance:mode)" 2> /dev/null if echo $maintenance_mode_status | grep -q "disabled" then @@ -49,7 +49,7 @@ get__fpm_footprint() { fi } -get__free_footprint() { +get__fpm_free_footprint() { # Free footprint value for php-fpm # Check if current_fpm_footprint is an integer if [ "$current_fpm_footprint" -eq "$current_fpm_footprint" ] 2> /dev/null @@ -68,12 +68,12 @@ get__free_footprint() { set__maintenance_mode() { if [ "$maintenance_mode" -eq "0" ]; then # If maintenance_mode was set to 0, disable maintenance mode - (cd "$final_path" && ynh_exec_as "$app" \ + (cd "$install_dir" && ynh_exec_as "$app" \ php${phpversion} --define apc.enable_cli=1 occ --no-interaction --no-ansi maintenance:mode --off) ynh_print_info "Maintenance mode disabled" elif [ "$maintenance_mode" -eq "1" ]; then # If maintenance_mode was set to 1, enable maintenance mode - (cd "$final_path" && ynh_exec_as "$app" \ + (cd "$install_dir" && ynh_exec_as "$app" \ php${phpversion} --define apc.enable_cli=1 occ --no-interaction --no-ansi maintenance:mode --on) ynh_print_info "Maintenance mode enabled" fi @@ -120,7 +120,7 @@ ynh_app_config_validate() { ynh_app_config_apply() { _ynh_app_config_apply - ynh_add_fpm_config --phpversion=$phpversion --usage=$fpm_usage --footprint=$fpm_footprint + ynh_add_fpm_config } ynh_app_config_run $1 diff --git a/scripts/install b/scripts/install index 102e984..6e5858a 100755 --- a/scripts/install +++ b/scripts/install @@ -1,83 +1,17 @@ #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - source _common.sh source /usr/share/yunohost/helpers source _ynh_mysql_connect_as.sh -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= +phpflags="--define apc.enable_cli=1" -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# RETRIEVE ARGUMENTS FROM THE MANIFEST -#================================================= - -domain=$YNH_APP_ARG_DOMAIN -path_url=$YNH_APP_ARG_PATH -admin=$YNH_APP_ARG_ADMIN -user_home=$YNH_APP_ARG_USER_HOME -is_public=$YNH_APP_ARG_IS_PUBLIC -phpversion=$YNH_PHP_VERSION - -app=$YNH_APP_INSTANCE_NAME - -#================================================= -# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS -#================================================= -ynh_script_progression --message="Validating installation parameters..." - -final_path=/var/www/$app -test ! -e "$final_path" || ynh_die --message="This path already contains a folder" - -# Register (book) web path -ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url - -# Check machine architecture (Nextcloud will soon deprecate 32-bit support) -if [ $YNH_ARCH == "i386" ] || [ $YNH_ARCH == "armhf" ] -then - ynh_print_warn --message="Nextcloud will soon deprecate 32-bit support. It is recommended to upgrade to a 64-bit architecture." -fi - -#================================================= -# STORE SETTINGS FROM MANIFEST -#================================================= -ynh_script_progression --message="Storing installation settings..." - -ynh_app_setting_set --app=$app --key=domain --value=$domain -ynh_app_setting_set --app=$app --key=path --value=$path_url -ynh_app_setting_set --app=$app --key=admin --value=$admin -ynh_app_setting_set --app=$app --key=user_home --value=$user_home - -maintenance_mode=0 -ynh_app_setting_set --app=$app --key=maintenance_mode --value=$maintenance_mode - -#================================================= -# STANDARD MODIFICATIONS -#================================================= -# INSTALL DEPENDENCIES -#================================================= -ynh_script_progression --message="Installing dependencies..." --weight=10 - -ynh_install_app_dependencies $pkg_dependencies +ynh_app_setting_set --app=$app --key=phpflags --value=$phpflags #================================================= # CREATE A MYSQL DATABASE #================================================= -ynh_script_progression --message="Creating a MySQL database..." --weight=2 - -db_name=$(ynh_sanitize_dbid --db_name=$app) -db_user=$db_name -ynh_app_setting_set --app=$app --key=db_name --value=$db_name -ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name +ynh_script_progression --message="Migrate MySQL database to utf8..." --weight=2 ynh_mysql_connect_as --user=$db_user --password="$db_pwd" --database=$db_name \ <<< "ALTER DATABASE $db_name CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;" @@ -85,7 +19,7 @@ ynh_mysql_connect_as --user=$db_user --password="$db_pwd" --database=$db_name \ #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_script_progression --message="Setting up source files..." +ynh_script_progression --message="Setting up source files..." --weight=5 # Load the last available version source upgrade.d/upgrade.last.sh @@ -99,37 +33,19 @@ SOURCE_FORMAT=tar.bz2 SOURCE_IN_SUBDIR=true EOF -ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Enable YunoHost patches on Nextcloud sources cp -a ../sources/patches_last_version/* ../sources/patches # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source --dest_dir="$final_path" - -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." --weight=3 - -# Create a system user -ynh_system_user_create --username=$app +ynh_setup_source --dest_dir="$install_dir" #================================================= # PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Configuring PHP-FPM..." --weight=50 +ynh_script_progression --message="Configuring PHP-FPM..." --weight=5 -fpm_footprint="high" -fpm_free_footprint=0 -fpm_usage="medium" - -ynh_app_setting_set --app=$app --key=fpm_footprint --value=$fpm_footprint -ynh_app_setting_set --app=$app --key=fpm_free_footprint --value=$fpm_free_footprint -ynh_app_setting_set --app=$app --key=fpm_usage --value=$fpm_usage - -# Create a dedicated php-fpm config -ynh_add_fpm_config --usage=$fpm_usage --footprint=$fpm_footprint --phpversion=$YNH_PHP_VERSION -# Used by ynh_add_nginx_config -phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) +ynh_app_setting_set --app=$app --key=fpm_footprint --value=high +ynh_app_setting_set --app=$app --key=fpm_usage --value=medium +ynh_add_fpm_config #================================================= # NGINX CONFIGURATION @@ -139,7 +55,7 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=2 # Check if .well-known is available for this domain if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav" then - ynh_print_warn --message="Another app already uses the domain $domain to serve a caldav/carddav feature. You may encounter issues when dealing with your calendar or address book." + ynh_print_warn --message="Another app already uses the domain $domain to serve a CalDAV/CardDAV feature. You may encounter issues when dealing with your calendar or address book." # Remove lines about .well-known/carddav and caldav with sed. sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "../conf/nginx.conf" @@ -148,37 +64,23 @@ fi # Create a dedicated NGINX config ynh_add_nginx_config -#================================================= -# SPECIFIC SETUP -#================================================= -# CREATE THE DATA DIRECTORY -#================================================= -ynh_script_progression --message="Creating a data directory..." --weight=1 - -# Define app's data directory -datadir="/home/yunohost.app/$app/data" -ynh_app_setting_set --app=$app --key=datadir --value=$datadir - -# Create app folders -mkdir -p "$datadir" - #================================================= # INSTALL NEXTCLOUD #================================================= -ynh_script_progression --message="Installing Nextcloud..." --weight=30 +ynh_script_progression --message="Installing $app..." --weight=30 # Define a function to execute commands with `occ` exec_occ() { - (cd "$final_path" && ynh_exec_as "$app" \ + (cd "$install_dir" && ynh_exec_as "$app" \ php${phpversion} --define apc.enable_cli=1 occ --no-interaction --no-ansi "$@") } # Set write access for the following commands -chown -R $app: "$final_path" "$datadir" +chown -R $app: "$install_dir" "$data_dir" # Define password in an intermediate var # The fact that it's called _password allows it to be -# picked up by Yunohost's auto-redact mecanism +# picked up by YunoHost's auto-redact mecanism admin_password="$(ynh_string_random --length=6)" # Install Nextcloud using a temporary admin user @@ -186,13 +88,13 @@ exec_occ maintenance:install \ --database "mysql" --database-name $db_name \ --database-user $db_user --database-pass "$db_pwd" \ --admin-user "admin" --admin-pass "$admin_password" \ - --data-dir "$datadir" \ + --data-dir "$data_dir/data" \ || ynh_die --message="Unable to install Nextcloud" #================================================= # CONFIGURE NEXTCLOUD #================================================= -ynh_script_progression --message="Configuring Nextcloud..." --weight=8 +ynh_script_progression --message="Configuring $app..." --weight=8 # Set the mysql.utf8mb4 config to true in config.php exec_occ config:system:set mysql.utf8mb4 --type boolean --value="true" @@ -205,7 +107,7 @@ exec_occ app:enable user_ldap exec_occ ldap:create-empty-config # Load the installation config file in Nextcloud -nc_conf="$final_path/config_install.json" +nc_conf="$install_dir/config_install.json" ynh_add_config --template="../conf/config_install.json" --destination="$nc_conf" exec_occ config:import "$nc_conf" @@ -214,7 +116,7 @@ exec_occ config:import "$nc_conf" ynh_secure_remove --file="$nc_conf" # Load the additional config file (used also for upgrade) -nc_conf="$final_path/config.json" +nc_conf="$install_dir/config.json" ynh_add_config --template="../conf/config.json" --destination="$nc_conf" exec_occ config:import "$nc_conf" @@ -237,10 +139,10 @@ exec_occ ldap:test-config '' \ # Define a function to add an external storage # Create the external storage for the given folders and enable sharing create_external_storage() { - local datadir="$1" + local mount_dir="$1" local mount_name="$2" local mount_id=`exec_occ files_external:create --output=json \ - "$mount_name" 'local' 'null::null' -c "datadir=$datadir" || true` + "$mount_name" 'local' 'null::null' -c "datadir=$mount_dir" || true` ! [[ $mount_id =~ ^[0-9]+$ ]] \ && ynh_print_warn --message="Unable to create external storage" \ || exec_occ files_external:option "$mount_id" enable_sharing true @@ -269,13 +171,13 @@ exec_occ config:system:get logout_url >/dev/null 2>&1 \ \$main_domain = exec('cat /etc/yunohost/current_host'); \$CONFIG['logout_url'] = 'https://'.\$main_domain.'/yunohost/sso/?action=logout'; //-YunoHost- -" >> "$final_path/config/config.php" +" >> "$install_dir/config/config.php" #================================================= # CHANGE HOSTNAME FOR ACTIVITY NOTIFICATIONS #================================================= -exec_occ config:system:set overwrite.cli.url --value="https://${domain}" +exec_occ config:system:set overwrite.cli.url --value="https://${domain}${path}" #================================================= # REMOVE THE TEMPORARY ADMIN AND SET THE TRUE ONE @@ -292,7 +194,7 @@ exec_occ user:delete admin #================================================= # Calculate and store the config file checksum into the app settings -ynh_store_file_checksum --file="$final_path/config/config.php" +ynh_store_file_checksum --file="$install_dir/config/config.php" #================================================= # ADD A CRON JOB @@ -334,23 +236,23 @@ ynh_multimedia_addaccess $app #================================================= # Fix app ownerships & permissions -chown -R $app:www-data "$final_path" -chown -R $app: "$datadir" -find $final_path/ -type f -print0 | xargs -r0 chmod 0644 -find $final_path/ -type d -print0 | xargs -r0 chmod 0755 -find $datadir/ -type f -print0 | xargs -r0 chmod 0640 -find $datadir/ -type d -print0 | xargs -r0 chmod 0750 -chmod 640 "$final_path/config/config.php" +chown -R $app:www-data "$install_dir" +chown -R $app: "$data_dir" +find $install_dir/ -type f -print0 | xargs -r0 chmod 0644 +find $install_dir/ -type d -print0 | xargs -r0 chmod 0755 +find $data_dir/data/ -type f -print0 | xargs -r0 chmod 0640 +find $data_dir/data/ -type d -print0 | xargs -r0 chmod 0750 +chmod 640 "$install_dir/config/config.php" chmod 755 /home/yunohost.app -chmod 750 $final_path +chmod 750 $install_dir #================================================= # SETUP LOGROTATE #================================================= -ynh_script_progression --message="Configuring log rotation..." +ynh_script_progression --message="Configuring log rotation..." --weight=1 # Use logrotate to manage application logfile(s) -ynh_use_logrotate --logfile="$datadir/nextcloud.log" +ynh_use_logrotate --logfile="$data_dir/data/nextcloud.log" #================================================= # SETUP FAIL2BAN @@ -358,27 +260,7 @@ ynh_use_logrotate --logfile="$datadir/nextcloud.log" ynh_script_progression --message="Configuring Fail2Ban..." --weight=8 # Create a dedicated Fail2Ban config -ynh_add_fail2ban_config --logpath="/home/yunohost.app/$app/data/nextcloud.log" --failregex="^.*Login failed: '.*' \(Remote IP: ''.*$" --max_retry=5 - -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Configuring permissions..." - -# Make app public if necessary -if [ $is_public -eq 1 ] -then - ynh_permission_update --permission="main" --add="visitors" -fi - -ynh_permission_create --permission="api" --label="api" --url="re:$domain\/.well-known\/.*" --allowed="visitors" "all_users" --auth_header="false" --show_tile="false" --protected="true" - -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." - -ynh_systemd_action --service_name=nginx --action=reload +ynh_add_fail2ban_config --logpath="$data_dir/data/nextcloud.log" --failregex="^.*Login failed: '.*' \(Remote IP: ''.*$" --max_retry=5 #================================================= # END OF SCRIPT diff --git a/scripts/remove b/scripts/remove index 36db879..c39ac68 100755 --- a/scripts/remove +++ b/scripts/remove @@ -1,126 +1,38 @@ #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - source _common.sh source /usr/share/yunohost/helpers #================================================= -# LOAD SETTINGS +# REMOVE SYSTEM CONFIGURATIONS #================================================= -ynh_script_progression --message="Loading installation settings..." --weight=2 - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$db_name -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -datadir=$(ynh_app_setting_get --app=$app --key=datadir) - +# REMOVE SYSTEMD SERVICE #================================================= -# STANDARD REMOVE -#================================================= -# REMOVE DEPENDENCIES -#================================================= -ynh_script_progression --message="Removing dependencies..." --weight=20 - -# Remove metapackage and its dependencies -ynh_remove_app_dependencies - -#================================================= -# REMOVE THE MYSQL DATABASE -#================================================= -ynh_script_progression --message="Removing the MySQL database..." --weight=5 - -# Remove a database if it exists, along with the associated user -ynh_mysql_remove_db --db_user=$db_user --db_name=$db_name - -#================================================= -# REMOVE APP MAIN DIR -#================================================= -ynh_script_progression --message="Removing app main directory..." --weight=3 - -# Remove the app directory securely -ynh_secure_remove --file="$final_path" - -#================================================= -# REMOVE DATA DIR -#================================================= - -# Remove the data directory if --purge option is used -if [ "${YNH_APP_PURGE:-0}" -eq 1 ] -then - ynh_script_progression --message="Removing app data directory..." --weight=1 - ynh_secure_remove --file="$datadir" -fi - -#================================================= -# REMOVE NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Removing NGINX web server configuration..." +ynh_script_progression --message="Removing system configurations related to $app..." --weight=5 # Remove the dedicated NGINX config ynh_remove_nginx_config -#================================================= -# REMOVE PHP-FPM CONFIGURATION -#================================================= -ynh_script_progression --message="Removing PHP-FPM configuration..." --weight=2 - # Remove the dedicated PHP-FPM config ynh_remove_fpm_config -#================================================= -# REMOVE LOGROTATE CONFIGURATION -#================================================= -ynh_script_progression --message="Removing logrotate configuration..." - # Remove the app-specific logrotate config ynh_remove_logrotate -#================================================= -# REMOVE FAIL2BAN CONFIGURATION -#================================================= -ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=8 - # Remove the dedicated Fail2Ban config ynh_remove_fail2ban_config -#================================================= -# SPECIFIC REMOVE -#================================================= -# REMOVE THE CRON FILE -#================================================= - # Remove a cron file # TODO: Ensure that cron job is not running (How !?) ynh_secure_remove --file="/etc/cron.d/$app" -#================================================= -# CLEAN ACL IN HOME DIRECTORIES -#================================================= - +# Cleaning ACL in home directories for i in $(ls /home); do # Clean ACL in every directories in /home, except those which start with 'yunohost.' [[ ! $i == yunohost.* ]] \ && setfacl --remove g:$app:rwx 2>&1 done -#================================================= -# GENERIC FINALIZATION -#================================================= -# REMOVE DEDICATED USER -#================================================= -ynh_script_progression --message="Removing the dedicated system user..." - -# Delete a system user -ynh_system_user_delete --username=$app - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index 42e6dcc..fe6be1e 100755 --- a/scripts/restore +++ b/scripts/restore @@ -1,48 +1,9 @@ #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers source ../settings/scripts/_ynh_mysql_connect_as.sh -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading settings..." - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$db_name -phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) -datadir=$(ynh_app_setting_get --app=$app --key=datadir) - -fpm_footprint=$(ynh_app_setting_get --app=$app --key=fpm_footprint) -fpm_usage=$(ynh_app_setting_get --app=$app --key=fpm_usage) - -#================================================= -# CHECK IF THE APP CAN BE RESTORED -#================================================= -ynh_script_progression --message="Validating restoration parameters..." --weight=4 - -test ! -d $final_path \ - || ynh_die --message="There is already a directory: $final_path " - #================================================= # STANDARD RESTORATION STEPS #================================================= @@ -50,38 +11,15 @@ test ! -d $final_path \ #================================================= ynh_script_progression --message="Restoring the app main directory..." -ynh_restore_file --origin_path="$final_path" +ynh_restore_file --origin_path="$install_dir" #================================================= # RESTORE THE MYSQL DATABASE #================================================= ynh_script_progression --message="Restoring the MySQL database..." --weight=9 -db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) -ynh_mysql_setup_db --db_user=$db_name --db_name=$db_name --db_pwd=$db_pwd -ynh_mysql_connect_as --user=$db_name --password="$db_pwd" --database=$db_name \ - <<< "ALTER DATABASE $db_name CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;" - ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name --default_character_set="utf8mb4" < ./db.sql -#================================================= -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." --weight=3 - -# Create the dedicated user (if not existing) -ynh_system_user_create --username=$app - -#================================================= -# SPECIFIC RESTORATION -#================================================= -# REINSTALL DEPENDENCIES -#================================================= -ynh_script_progression --message="Reinstalling dependencies..." --weight=10 - -# Define and install dependencies -ynh_install_app_dependencies $pkg_dependencies - #================================================= # RESTORE THE PHP-FPM CONFIGURATION #================================================= @@ -91,7 +29,7 @@ ynh_script_progression --message="Reconfiguring PHP-FPM..." --weight=50 ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" # Recreate a dedicated php-fpm config -ynh_add_fpm_config --usage=$fpm_usage --footprint=$fpm_footprint --phpversion=$phpversion +ynh_add_fpm_config #================================================= # RESTORE THE NGINX CONFIGURATION @@ -102,9 +40,9 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" # Check if .well-known is available for this domain if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav" then - ynh_print_warn --message="Another app already uses the domain $domain to serve a caldav/carddav feature. You may encounter issues when dealing with your calendar or address book." + ynh_print_warn --message="Another app already uses the domain $domain to serve a CalDAV/CardDAV feature. You may encounter issues when dealing with your calendar or address book." - # Remove lines about .well-known/carddav and caldav with sed. + # Remove lines about .well-known/CardDAV and CalDAV with sed. sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "/etc/nginx/conf.d/$domain.d/$app.conf" fi @@ -128,29 +66,27 @@ ynh_restore_file --origin_path="/etc/logrotate.d/$app" ynh_script_progression --message="Restoring data directory..." --weight=2 # Use --not_mandatory for the data directory, because if the backup has been made with BACKUP_CORE_ONLY, there's no data into the backup. -ynh_restore_file --origin_path="$datadir" --not_mandatory - -mkdir -p "$datadir" +ynh_restore_file --origin_path="$data_dir" --not_mandatory #================================================= # RESTORE USER RIGHTS #================================================= # Fix app ownerships & permissions -chown -R $app:www-data "$final_path" -chown -R $app: "$datadir" -find $final_path/ -type f -print0 | xargs -r0 chmod 0644 -find $final_path/ -type d -print0 | xargs -r0 chmod 0755 -find $datadir/ -type f -print0 | xargs -r0 chmod 0640 -find $datadir/ -type d -print0 | xargs -r0 chmod 0750 -chmod 640 "$final_path/config/config.php" +chown -R $app:www-data "$install_dir" +chown -R $app: "$data_dir" +find $install_dir/ -type f -print0 | xargs -r0 chmod 0644 +find $install_dir/ -type d -print0 | xargs -r0 chmod 0755 +find $data_dir/data/ -type f -print0 | xargs -r0 chmod 0640 +find $data_dir/data/ -type d -print0 | xargs -r0 chmod 0750 +chmod 640 "$install_dir/config/config.php" chmod 755 /home/yunohost.app -chmod 750 $final_path +chmod 750 $install_dir # Iterate over users to extend their home folder permissions - for the external # storage plugin usage - and create relevant Nextcloud directories for u in $(ynh_user_list); do - mkdir -p "$datadir/$u" + mkdir -p "$data_dir/$u" setfacl --modify g:$app:rwx "/home/$u" || true done @@ -172,8 +108,8 @@ ynh_script_progression --message="Restoring the Fail2Ban configuration..." --wei ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf" ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf" -# Make sure a log file exists (mostly for CI tests) -logfile="/home/yunohost.app/$app/data/nextcloud.log" +# Make sure a log file exists (mostly for CI tests) +logfile="$data_dir/data/nextcloud.log" if [ ! -f "$logfile" ]; then touch "$logfile" chown $app: "$logfile" diff --git a/scripts/upgrade b/scripts/upgrade index eb1adb6..280eb7d 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,105 +1,22 @@ #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - source _common.sh source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=3 - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -admin=$(ynh_app_setting_get --app=$app --key=admin) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$db_name -user_home=$(ynh_app_setting_get --app=$app --key=user_home) - -maintenance_mode=$(ynh_app_setting_get --app=$app --key=maintenance_mode) -fpm_footprint=$(ynh_app_setting_get --app=$app --key=fpm_footprint) -fpm_usage=$(ynh_app_setting_get --app=$app --key=fpm_usage) - -#================================================= -# CHECK VERSION -#================================================= - upgrade_type=$(ynh_check_app_version_changed) -# Check machine architecture (Nextcloud will soon deprecate 32-bit support) -if [ $YNH_ARCH == "i386" ] || [ $YNH_ARCH == "armhf" ] -then - ynh_print_warn --message="Nextcloud will soon deprecate 32-bit support. It is recommended to upgrade to a 64-bit architecture." -fi - #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= ynh_script_progression --message="Ensuring downward compatibility..." -# If db_name doesn't exist, create it -if [ -z "$db_name" ]; then - db_name=$(ynh_sanitize_dbid --db_name=$app) - ynh_app_setting_set --app=$app --key=db_name --value=$db_name -fi - -# If final_path doesn't exist, create it -if [ -z "$final_path" ]; then - final_path=/var/www/$app - ynh_app_setting_set --app=$app --key=final_path --value=$final_path -fi - -# If datadir doesn't exist, create it -if [ -z "$datadir" ]; then - datadir=/home/yunohost.app/$app - ynh_app_setting_set --app=$app --key=datadir --value=$datadir -fi - # Remove the option backup_core_only if it's in the settings.yml file ynh_app_setting_delete --app=$app --key=backup_core_only -# If maintenance_mode doesn't exist, create it -if [ -z "$maintenance_mode" ]; then - maintenance_mode=0 - ynh_app_setting_set --app=$app --key=maintenance_mode --value=$maintenance_mode -fi - -# If fpm_footprint doesn't exist, create it -if [ -z "$fpm_footprint" ]; then - fpm_footprint=high - ynh_app_setting_set --app=$app --key=fpm_footprint --value=$fpm_footprint -fi - -# If fpm_free_footprint doesn't exist, create it -if [ -z "$fpm_free_footprint" ]; then - fpm_free_footprint=0 - ynh_app_setting_set --app=$app --key=fpm_free_footprint --value=$fpm_free_footprint -fi - -# If fpm_usage doesn't exist, create it -if [ -z "$fpm_usage" ]; then - fpm_usage=medium - ynh_app_setting_set --app=$app --key=fpm_usage --value=$fpm_usage -fi - -# Cleaning legacy permissions -if ynh_legacy_permissions_exists; then - ynh_legacy_permissions_delete_all - - ynh_app_setting_delete --app=$app --key=is_public -fi - -# Create a permission if needed -if ! ynh_permission_exists --permission="api"; then - ynh_permission_create --permission="api" --label="api" --url="re:$domain\/.well-known\/.*" --allowed="visitors" "all_users" --auth_header="false" --show_tile="false" --protected="true" +# If phpflags doesn't exist, create it +if [ -z "${phpflags:-}" ]; then + phpflags="--define apc.enable_cli=1" + ynh_app_setting_set --app=$app --key=phpflags --value=$phpflags fi # Delete existing ini configuration file (backward compatibility) @@ -107,97 +24,6 @@ if [ -f /etc/php/$YNH_PHP_VERSION/fpm/conf.d/20-$app.ini ]; then ynh_secure_remove --file=/etc/php/$YNH_PHP_VERSION/fpm/conf.d/20-$app.ini fi -#================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP -#================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=30 - -# Made a backup only after the version 11.0.0 -# Before, the datas will be always saved. -# Get the current version number of nextcloud/owncloud -current_version=$(grep OC_VersionString "$final_path/version.php" | cut -d\' -f2) -current_major_version=${current_version%%.*} - -if [ $current_major_version -gt 11 ] -then - # Inform the backup/restore process that it should not save the data directory - # Use only for the previous backup script that doesn't set 'is_big' - ynh_app_setting_set --app=$app --key=backup_core_only --value=1 - - # Backup the current version of the app - ynh_backup_before_upgrade - - # Remove the option backup_core_only after the backup. - ynh_app_setting_delete $app backup_core_only - - ynh_clean_setup () { - # restore it if the upgrade fails - ynh_restore_upgradebackup - } -fi - -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -if ynh_legacy_permissions_exists; then - ynh_legacy_permissions_delete_all - - ynh_permission_create --permission="api" --label="api" --url="re:$domain\/.well-known\/.*" --allowed="visitors" "all_users" --auth_header="false" --show_tile="false" --protected="true" -fi - -#================================================= -# UPGRADE DEPENDENCIES -#================================================= -ynh_script_progression --message="Upgrading dependencies..." --weight=7 - -ynh_install_app_dependencies $pkg_dependencies - -#================================================= -# STANDARD UPGRADE STEPS -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." - -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app - -#================================================= -# PHP-FPM CONFIGURATION -#================================================= -ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=2 - -# Recreate a dedicated PHP-FPM config -ynh_add_fpm_config --usage=$fpm_usage --footprint=$fpm_footprint - -phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) - -#================================================= -# NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=2 - -ynh_backup_if_checksum_is_different --file="/etc/nginx/conf.d/$domain.d/$app.conf" - -# Delete current NGINX configuration to be able to check if .well-known is already served. -ynh_remove_nginx_config -ynh_app_setting_delete --app=$app --key="checksum__etc_nginx_conf.d_$domain.d_$app.conf" - -# Wait untils NGINX has fully reloaded -ynh_systemd_action --service_name=nginx --action=reload --line_match="Reloaded" --log_path="systemd" - -# Check if .well-known is available for this domain -if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav" -then - ynh_print_warn --message="Another app already uses the domain $domain to serve a caldav/carddav feature. You may encounter issues when dealing with your calendar or address book." - - # Remove lines about .well-known/carddav and caldav with sed. - sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "../conf/nginx.conf" -fi - -# Create a dedicated NGINX config -ynh_add_nginx_config - #================================================= # SPECIFIC UPGRADE #================================================= @@ -205,35 +31,48 @@ ynh_add_nginx_config # VERSION TO THE NEXT ONE #================================================= +current_version=$(grep OC_VersionString "$install_dir/version.php" | cut -d\' -f2) +current_major_version=${current_version%%.*} + # Define a function to execute commands with `occ` exec_occ() { # Backward compatibility to upgrade from older versions - if [ $current_major_version = "last" ] || [ $current_major_version -ge 24 ] + if [ $current_major_version = "last" ] || [ $current_major_version -ge 26 ] then - NEXTCLOUD_PHP_VERSION=$phpversion - elif [ $current_major_version -ge 15 ] + NEXTCLOUD_PHP_VERSION="8.2" + elif [ $current_major_version -ge 24 ] + then + NEXTCLOUD_PHP_VERSION="8.1" + elif [ $current_major_version -ge 18 ] then NEXTCLOUD_PHP_VERSION="7.4" else - NEXTCLOUD_PHP_VERSION="7.0" + NEXTCLOUD_PHP_VERSION="7.1" fi -(cd "$final_path" && ynh_exec_as "$app" \ + + # NB : be super careful when designing this part of the code, because calling ynh_install_app_dependencies + # will do magic regarding php configuration and $phpversion when the php version of the dependencies changes ... + phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) + if [[ "$NEXTCLOUD_PHP_VERSION" != "$phpversion" ]]; then + local pkg_dependencies="$(dpkg-query --show --showformat='${Depends}' ${app}-ynh-deps)" + pkg_dependencies="${pkg_dependencies//$phpversion/$NEXTCLOUD_PHP_VERSION}" + ynh_install_app_dependencies "$pkg_dependencies" + fi +(cd "$install_dir" && ynh_exec_as "$app" \ php$NEXTCLOUD_PHP_VERSION --define apc.enable_cli=1 occ --no-interaction --no-ansi "$@") } # Define a function to add an external storage # Create the external storage for the given folders and enable sharing create_external_storage() { -local datadir="$1" +local mount_dir="$1" local mount_name="$2" local mount_id=$(exec_occ files_external:create --output=json \ - "$mount_name" 'local' 'null::null' -c "datadir=$datadir" || true) + "$mount_name" 'local' 'null::null' -c "datadir=$mount_dir" || true) ! [[ $mount_id =~ ^[0-9]+$ ]] \ && ynh_print_warn --message="Unable to create external storage" \ || exec_occ files_external:option "$mount_id" enable_sharing true } -# Define app's data directory -datadir="/home/yunohost.app/$app/data" if [ "$upgrade_type" == "UPGRADE_APP" ] then @@ -246,13 +85,13 @@ then last_major_version=${last_version%%.*} # Set write access for the following commands - chown -R $app: "$final_path" "$datadir" + chown -R $app: "$install_dir" "$data_dir" # Print the current version number of Nextcloud exec_occ -V if [ "$(exec_occ config:system:get mysql.utf8mb4)" != "true" ]; then - db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) + db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd) # Change your databases character set and collation ynh_mysql_connect_as --user=$db_user --password="$db_pwd" --database=$db_name \ <<< "ALTER DATABASE $db_name CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;" @@ -297,7 +136,7 @@ then # Load the value for this version source upgrade.d/upgrade.$current_major_version.sh - ynh_print_info --message="Upgrade to nextcloud $next_version" + ynh_print_info --message="Upgrade to Nextcloud $next_version" # Create an app.src for this version of Nextcloud cat > ../conf/app.src << EOF @@ -314,17 +153,17 @@ EOF # Install the next nextcloud version in $tmpdir ynh_setup_source --dest_dir="$tmpdir" + # Backup the config file in the temp dir + cp -a "$install_dir/config/config.php" "$tmpdir/config/config.php" + # Enable maintenance mode exec_occ maintenance:mode --on - # Backup the config file in the temp dir - cp -a "$final_path/config/config.php" "$tmpdir/config/config.php" - # Backup 3rd party applications from the current Nextcloud # But do not overwrite if there is any upgrade # (apps directory already exists in Nextcloud archive) ( - cd $final_path/apps + cd $install_dir/apps for nc_app_dir in */ do if [ ! -d "$tmpdir/apps/$nc_app_dir" ] @@ -334,13 +173,13 @@ EOF done ) - # Replace the old nextcloud by the new one - ynh_secure_remove --file="$final_path" - mv "$tmpdir" "$final_path" + # Replace the old Nextcloud by the new one + ynh_secure_remove --file="$install_dir" + mv "$tmpdir" "$install_dir" ynh_secure_remove --file="$tmpdir" # Set write access for the following commands - chown -R $app: "$final_path" "$datadir" + chown -R $app: "$install_dir" "$data_dir" # Upgrade Nextcloud (SUCCESS = 0, UP_TO_DATE = 3) exec_occ maintenance:mode --off @@ -348,10 +187,10 @@ EOF || [ $? -eq 3 ] || ynh_die --message="Unable to upgrade Nextcloud" # Get the new current version number - current_version=$(grep OC_VersionString "$final_path/version.php" | cut -d\' -f2) + current_version=$(grep OC_VersionString "$install_dir/version.php" | cut -d\' -f2) current_major_version=${current_version%%.*} - # Print the current version number of nextcloud + # Print the current version number of Nextcloud exec_occ -V done @@ -366,9 +205,9 @@ EOF ynh_script_progression --message="Reconfiguring Nextcloud..." --weight=9 # Verify the checksum and backup the file if it's different - ynh_backup_if_checksum_is_different --file="$final_path/config/config.php" + ynh_backup_if_checksum_is_different --file="$install_dir/config/config.php" - nc_conf="${final_path}/config.json" + nc_conf="${install_dir}/config.json" ynh_add_config --template="../conf/config.json" --destination="$nc_conf" # Reneable the mail app @@ -382,6 +221,9 @@ EOF # Enable LDAP plugin exec_occ app:enable user_ldap + # Update all installed apps + exec_occ app:update --all + # Load the config file in nextcloud exec_occ config:import "$nc_conf" @@ -400,13 +242,13 @@ EOF \$main_domain = exec('cat /etc/yunohost/current_host'); \$CONFIG['logout_url'] = 'https://'.\$main_domain.'/yunohost/sso/?action=logout'; //-YunoHost- - " >> "$final_path/config/config.php" + " >> "$install_dir/config/config.php" #================================================= # CHANGE HOSTNAME FOR ACTIVITY NOTIFICATIONS #================================================= - exec_occ config:system:set overwrite.cli.url --value="https://${domain}" + exec_occ config:system:set overwrite.cli.url --value="https://${domain}${path}" #================================================= # MOUNT HOME FOLDERS AS EXTERNAL STORAGE @@ -429,13 +271,63 @@ EOF #================================================= # Calculate and store the config file checksum into the app settings - ynh_store_file_checksum --file="${final_path}/config/config.php" + ynh_store_file_checksum --file="${install_dir}/config/config.php" fi #================================================= -# UPDATE THE CRON JOB +# REGEN SYSTEM CONFIGURATIONS #================================================= +ynh_script_progression --message="Reapplying file permissions..." --weight=2 +# Fix app ownerships & permissions +chown -R $app:www-data "$install_dir" +chown -R $app: "$data_dir" +find $install_dir/ -type f -print0 | xargs -r0 chmod 0644 +find $install_dir/ -type d -print0 | xargs -r0 chmod 0755 +find $data_dir/data/ -type f -print0 | xargs -r0 chmod 0640 +find $data_dir/data/ -type d -print0 | xargs -r0 chmod 0750 +chmod 640 "$install_dir/config/config.php" +chmod 755 /home/yunohost.app +chmod 750 $install_dir + +#================================================= +# REGEN SYSTEM CONFIGURATIONS +#================================================= +ynh_script_progression --message="Regenerating system configurations for $app..." --weight=2 + +# ------- +# PHP-FPM +# ------- + +ynh_add_fpm_config + +# ------- +# NGINX +# ------- + +# Delete current NGINX configuration to be able to check if .well-known is already served. +ynh_backup_if_checksum_is_different --file="/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_remove_nginx_config +ynh_app_setting_delete --app=$app --key="checksum__etc_nginx_conf.d_$domain.d_$app.conf" + +# Wait untils NGINX has fully reloaded +ynh_systemd_action --service_name=nginx --action=reload --line_match="Reloaded" --log_path="systemd" + +# Check if .well-known is available for this domain +if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav" +then + ynh_print_warn --message="Another app already uses the domain $domain to serve a CalDAV/CardDAV feature. You may encounter issues when dealing with your calendar or address book." + + # Remove lines about .well-known/carddav and caldav with sed. + sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "../conf/nginx.conf" +fi + +# Create a dedicated NGINX config +ynh_add_nginx_config + +# ------- +# CRON JOB +# ------- cron_path="/etc/cron.d/$app" ynh_add_config --template="../conf/nextcloud.cron" --destination="$cron_path" chown root: "$cron_path" @@ -443,60 +335,18 @@ chmod 644 "$cron_path" exec_occ background:cron -#================================================= -# GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= - -# Fix app ownerships & permissions -chown -R $app:www-data "$final_path" -chown -R $app: "$datadir" -find $final_path/ -type f -print0 | xargs -r0 chmod 0644 -find $final_path/ -type d -print0 | xargs -r0 chmod 0755 -find $datadir/ -type f -print0 | xargs -r0 chmod 0640 -find $datadir/ -type d -print0 | xargs -r0 chmod 0750 -chmod 640 "$final_path/config/config.php" -chmod 755 /home/yunohost.app -chmod 750 $final_path - -#================================================= -# WARNING ABOUT THIRD-PARTY APPS -#================================================= - -if [ "$upgrade_type" == "UPGRADE_APP" ] -then - # Warn about possible disabled apps - ynh_print_warn --message="Note that if you've installed some third-parties Nextcloud applications, \ - they are probably disabled and you'll have to manually enable them again." -fi - -#================================================= -# SETUP LOGROTATE -#================================================= -ynh_script_progression --message="Upgrading logrotate configuration..." - -# Use logrotate to manage app-specific logfile(s) +# ------- +# LOGROTATE +# ------- ynh_use_logrotate --non-append -#================================================= -# SETUP FAIL2BAN -#================================================= -ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=7 +# ------- +# FAIL2BAN +# ------- # Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="/home/yunohost.app/$app/data/nextcloud.log" --failregex="^.*Login failed: '.*' \(Remote IP: ''.*$" --max_retry=5 -#================================================= -# GENERIC FINALIZATION -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." - -ynh_systemd_action --service_name=nginx --action=reload -ynh_systemd_action --service_name="php${phpversion}-fpm" --action=reload - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/upgrade.d/upgrade.27.sh b/scripts/upgrade.d/upgrade.27.sh new file mode 100644 index 0000000..3716a7f --- /dev/null +++ b/scripts/upgrade.d/upgrade.27.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +# Last available Nextcloud version +next_version="28.0.0" + +# Nextcloud tarball checksum sha256 +nextcloud_source_sha256="4e8b0b74b40221e85f92ab869d0873c69a52d7e43889d9259c6259428a6a36f2" diff --git a/scripts/upgrade.d/upgrade.last.sh b/scripts/upgrade.d/upgrade.last.sh index b31e5b5..067e91b 100644 --- a/scripts/upgrade.d/upgrade.last.sh +++ b/scripts/upgrade.d/upgrade.last.sh @@ -1,7 +1,7 @@ #!/bin/bash # Last available Nextcloud version -next_version="27.1.4" +next_version="28.0.1" # Nextcloud tarball checksum sha256 -nextcloud_source_sha256="bec65f2166b82c9303baf476c1e424f71aa196dad010ffe4c0c39d03990d594c" +nextcloud_source_sha256="2f80735b443082272fe6a3b5e32137957f1fc448c75342b94b5200b29725f3a4" diff --git a/sources/patches_last_version/app-00-add-logout_url-conf.patch b/sources/patches_last_version/app-00-add-logout_url-conf.patch index 919f2d4..2c81a65 100644 --- a/sources/patches_last_version/app-00-add-logout_url-conf.patch +++ b/sources/patches_last_version/app-00-add-logout_url-conf.patch @@ -2,17 +2,17 @@ diff --git a/core/Controller/LoginController.php b/core/Controller/LoginControll index 13aef8f67a..55d8dbf9d1 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php -@@ -119,11 +119,12 @@ class LoginController extends Controller { +@@ -97,11 +97,12 @@ class LoginController extends Controller { } $this->userSession->logout(); - $response = new RedirectResponse($this->urlGenerator->linkToRouteAbsolute( - 'core.login.showLoginForm', -- ['clear' => true] // this param the the code in login.js may be removed when the "Clear-Site-Data" is working in the browsers +- ['clear' => true] // this param the code in login.js may be removed when the "Clear-Site-Data" is working in the browsers + $redirectUrl = $this->config->getSystemValue('logout_url', + $this->urlGenerator->linkToRouteAbsolute( + 'core.login.showLoginForm', -+ ['clear' => true] // this param the the code in login.js may be removed when the "Clear-Site-Data" is working in the browsers) ++ ['clear' => true] // this param the code in login.js may be removed when the "Clear-Site-Data" is working in the browsers) )); - + $response = new RedirectResponse($redirectUrl); diff --git a/sources/patches_last_version/app-02-Allow-for-eval-in-JS-scripts-for-YunoHost-tile.patch b/sources/patches_last_version/app-02-Allow-for-eval-in-JS-scripts-for-YunoHost-tile.patch index 43159c3..abe9ad4 100644 --- a/sources/patches_last_version/app-02-Allow-for-eval-in-JS-scripts-for-YunoHost-tile.patch +++ b/sources/patches_last_version/app-02-Allow-for-eval-in-JS-scripts-for-YunoHost-tile.patch @@ -5,13 +5,13 @@ diff --git a/lib/public/AppFramework/Http/ContentSecurityPolicy.php b/lib/public index e9ecf00036..8e69c8d2dc 100644 --- a/lib/public/AppFramework/Http/ContentSecurityPolicy.php +++ b/lib/public/AppFramework/Http/ContentSecurityPolicy.php -@@ -44,7 +44,8 @@ class ContentSecurityPolicy extends EmptyContentSecurityPolicy { +@@ -42,7 +42,8 @@ class ContentSecurityPolicy extends EmptyContentSecurityPolicy { /** @var bool Whether inline JS snippets are allowed */ protected $inlineScriptAllowed = false; /** @var bool Whether eval in JS scripts is allowed */ - protected $evalScriptAllowed = false; + // YunoHost patch: allow for eval in JS scripts for YunoHost tile + protected $evalScriptAllowed = true; + /** @var bool Whether WebAssembly compilation is allowed */ + protected ?bool $evalWasmAllowed = false; /** @var bool Whether strict-dynamic should be set */ - protected $strictDynamicAllowed = null; - /** @var array Domains from which scripts can get loaded */ diff --git a/tests.toml b/tests.toml new file mode 100644 index 0000000..0e8e459 --- /dev/null +++ b/tests.toml @@ -0,0 +1,12 @@ +test_format = 1.0 + +[default] + + # ------------------------------- + # Commits to test upgrade from + # ------------------------------- + + test_upgrade_from.c5cf91ad.name = "Upgrade from 25.0.2" + test_upgrade_from.caf917f3.name = "Upgrade from 26.0.2" + test_upgrade_from.9c6d1eea.name = "Upgrade from 27.1.4" + \ No newline at end of file