diff --git a/README.md b/README.md index 790d139..b8e537b 100644 --- a/README.md +++ b/README.md @@ -5,9 +5,9 @@ Nextcloud for YunoHost own data. A personal cloud which run on your own server. With Nextcloud you can synchronize your files over your devices. -**Shipped version:** 11.0.3 +**Shipped version:** 12.0.0 -[![Install Nextcloud with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=nextcloud) +![Install Nextcloud with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=nextcloud) ![](https://github.com/nextcloud/screenshots/blob/master/files/filelist.png) diff --git a/conf/nginx.conf b/conf/nginx.conf index 445eca8..82c54ad 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -15,7 +15,6 @@ location ^~ #LOCATION# { # Add headers to serve security related headers add_header Strict-Transport-Security "max-age=15768000;"; add_header X-Content-Type-Options nosniff; - add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; @@ -77,7 +76,6 @@ location ^~ #LOCATION# { # Add headers to serve security related headers add_header Strict-Transport-Security "max-age=15768000;"; add_header X-Content-Type-Options nosniff; - add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Robots-Tag none; add_header X-Download-Options noopen; diff --git a/conf/php-fpm.ini b/conf/php-fpm.ini new file mode 100644 index 0000000..104f242 --- /dev/null +++ b/conf/php-fpm.ini @@ -0,0 +1,7 @@ +opcache.enable=1 +opcache.enable_cli=1 +opcache.interned_strings_buffer=8 +opcache.max_accelerated_files=10000 +opcache.memory_consumption=128 +opcache.save_comments=1 +opcache.revalidate_freq=1 diff --git a/manifest.json b/manifest.json index a0c754c..324f3a3 100644 --- a/manifest.json +++ b/manifest.json @@ -8,7 +8,7 @@ }, "url": "https://nextcloud.com", "license": "AGPL-3", - "version": "11.0.3", + "version": "12.0.0", "maintainer": { "name": "-", "email": "-" diff --git a/scripts/_common.sh b/scripts/_common.sh index 5f85ebc..f9e5d2f 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -190,4 +190,85 @@ ynh_remove_logrotate () { if [ -e "/etc/logrotate.d/$app" ]; then sudo rm "/etc/logrotate.d/$app" fi -} \ No newline at end of file +} + +# Calculate and store a file checksum into the app settings +# +# $app should be defined when calling this helper +# +# usage: ynh_store_file_checksum file +# | arg: file - The file on which the checksum will performed, then stored. +ynh_store_file_checksum () { + local checksum_setting_name=checksum_${1//[\/ ]/_} # Replace all '/' and ' ' by '_' + ynh_app_setting_set $app $checksum_setting_name $(sudo md5sum "$1" | cut -d' ' -f1) +} + +# Verify the checksum and backup the file if it's different +# This helper is primarily meant to allow to easily backup personalised/manually +# modified config files. +# +# $app should be defined when calling this helper +# +# usage: ynh_backup_if_checksum_is_different file [compress] +# | arg: file - The file on which the checksum test will be perfomed. +# | arg: compress - 1 to compress the backup instead of a simple copy +# A compression is needed for a file which will be analyzed even if its name is different. +# +# | ret: Return the name a the backup file, or nothing +ynh_backup_if_checksum_is_different () { + local file=$1 + local compress_backup=${2:-0} # If $2 is empty, compress_backup will set at 0 + local checksum_setting_name=checksum_${file//[\/ ]/_} # Replace all '/' and ' ' by '_' + local checksum_value=$(ynh_app_setting_get $app $checksum_setting_name) + if [ -n "$checksum_value" ] + then # Proceed only if a value was stored into the app settings + if ! echo "$checksum_value $file" | sudo md5sum -c --status + then # If the checksum is now different + backup_file="$file.backup.$(date '+%d.%m.%y_%Hh%M,%Ss')" + if [ $compress_backup -eq 1 ] + then + sudo tar --create --gzip --file "$backup_file.tar.gz" "$file" # Backup the current file and compress + backup_file="$backup_file.tar.gz" + else + sudo cp -a "$file" "$backup_file" # Backup the current file + fi + echo "File $file has been manually modified since the installation or last upgrade. So it has been duplicated in $backup_file" >&2 + echo "$backup_file" # Return the name of the backup file + fi + fi +} + + +# Create a dedicated php-fpm config +final_path=$1 +# usage: ynh_add_fpm_config +ynh_add_fpm_config () { + finalphpconf="/etc/php5/fpm/pool.d/$app.conf" + ynh_backup_if_checksum_is_different "$finalphpconf" 1 + sudo cp ../conf/php-fpm.conf "$finalphpconf" + ynh_replace_string "__NAMETOCHANGE__" "$app" "$finalphpconf" + ynh_replace_string "__FINALPATH__" "$final_path" "$finalphpconf" + ynh_replace_string "__USER__" "$app" "$finalphpconf" + sudo chown root: "$finalphpconf" + ynh_store_file_checksum "$finalphpconf" + + if [ -e "../conf/php-fpm.ini" ] + then + finalphpini="/etc/php5/fpm/conf.d/20-$app.ini" + ynh_backup_if_checksum_is_different "$finalphpini" 1 + sudo cp ../conf/php-fpm.ini "$finalphpini" + sudo chown root: "$finalphpini" + ynh_store_file_checksum "$finalphpini" + fi + + sudo systemctl reload php5-fpm +} + +# Remove the dedicated php-fpm config +# +# usage: ynh_remove_fpm_config +ynh_remove_fpm_config () { + ynh_secure_remove "/etc/php5/fpm/pool.d/$app.conf" + ynh_secure_remove "/etc/php5/fpm/conf.d/20-$app.ini" 2>&1 + sudo systemctl reload php5-fpm +} diff --git a/scripts/install b/scripts/install index bc56e53..5cc4140 100755 --- a/scripts/install +++ b/scripts/install @@ -94,6 +94,7 @@ sed -i "s@#DESTDIR#@${DESTDIR}/@g" ../conf/php-fpm.conf sudo cp ../conf/php-fpm.conf "$phpfpm_conf" sudo chown root: $phpfpm_conf sudo chmod 644 $phpfpm_conf +ynh_add_fpm_config # occ helper for the current installation _exec_occ() { @@ -188,4 +189,4 @@ sudo chmod 644 "$cron_path" _exec_occ background:cron # Setup log rotation -ynh_use_logrotate "/home/yunohost.app/nextcloud/data/nextcloud.log" \ No newline at end of file +ynh_use_logrotate "/home/yunohost.app/nextcloud/data/nextcloud.log" diff --git a/scripts/upgrade b/scripts/upgrade index 22c169f..1ea8297 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -127,6 +127,7 @@ sed -i "s@#DESTDIR#@${DESTDIR}/@g" ../conf/php-fpm.conf sudo cp ../conf/php-fpm.conf "$phpfpm_conf" sudo chown root: $phpfpm_conf sudo chmod 644 $phpfpm_conf +ynh_add_fpm_config # Set system group in hooks sed -i "s@#GROUP#@${app}@g" ../hooks/post_user_create diff --git a/scripts/upgrade.d/upgrade.11.sh b/scripts/upgrade.d/upgrade.11.sh new file mode 100755 index 0000000..33419d6 --- /dev/null +++ b/scripts/upgrade.d/upgrade.11.sh @@ -0,0 +1,18 @@ +#!/bin/bash + +# Version cible de la mise à jour de Nextcloud +VERSION="12.0.0" + +# Nextcloud tarball checksum +NEXTCLOUD_SOURCE_SHA256="1b9d9cf05e657cd564a552b418fbf42d669ca51e0fd1f1f118fe44cbf93a243f" + +# Load common variables and helpers +source ./_common.sh + +# Source app helpers +source /usr/share/yunohost/helpers + +# Load common upgrade function +source ./upgrade.d/upgrade.generic.sh + +COMMON_UPGRADE # Met à jour Nextcloud vers la version suivante diff --git a/scripts/upgrade.d/upgrade.generic.sh b/scripts/upgrade.d/upgrade.generic.sh index 16f3307..cd09b99 100755 --- a/scripts/upgrade.d/upgrade.generic.sh +++ b/scripts/upgrade.d/upgrade.generic.sh @@ -17,9 +17,11 @@ COMMON_UPGRADE () { # Retrieve new Nextcloud sources in a temporary directory TMPDIR=$(mktemp -d) + + # Set temp folder ownership sudo chown -R $app: "$TMPDIR" extract_nextcloud "$TMPDIR" "$app" # Télécharge nextcloud, vérifie sa somme de contrôle et le décompresse. - + # Copy Nextcloud configuration file sed -i "s@#DOMAIN#@${domain}@g" ../conf/config.json sed -i "s@#DATADIR#@${DATADIR}@g" ../conf/config.json diff --git a/scripts/upgrade.d/upgrade.last.sh b/scripts/upgrade.d/upgrade.last.sh index 08bf50b..d8874f5 100755 --- a/scripts/upgrade.d/upgrade.last.sh +++ b/scripts/upgrade.d/upgrade.last.sh @@ -1,10 +1,10 @@ #!/bin/bash # Version cible de la mise à jour de Nextcloud -VERSION=11.0.3 +VERSION=12.0.0 # Nextcloud tarball checksum sha256 -NEXTCLOUD_SOURCE_SHA256=28d5ee39f31c6be20f037ad2eb300272ad9bb72a7d428eb0152c7a3fde87d545 +NEXTCLOUD_SOURCE_SHA256=1b9d9cf05e657cd564a552b418fbf42d669ca51e0fd1f1f118fe44cbf93a243f # Load common variables and helpers source ./_common.sh