Testing (#713)

* Update manifest.toml * Auto-update READMEs * add pre upgrade warning for NC 29 * update to PHP8.3 * Auto-update READMEs * Update manifest.toml * Auto-update READMEs * Fix space splitting in phpflags on install (#690) * Auto-update READMEs * Update upgrade * Update manifest.toml * Auto-update READMEs * Fix phpflags (#691) * Fix upgrade: php version is 8.3 starting from 29.x ? (#692) * Update manifest.toml * Auto-update READMEs * Update tests.toml * [autopatch] Do not delete logs on app removal (#697) * [autopatch] Do not delete logs on app removal (#698) Co-authored-by: Yunohost-Bot <> * 29.0.3 * Auto-update READMEs * Update remove * Indent * Fix again upgrade ending with Nextcloud being in PHP 8.2 ? * Auto-update READMEs * Update nginx.conf * Update manifest.toml * Auto-update READMEs * Rework DESCRIPTION.md (#707) * Update DESCRIPTION_fr.md * Auto-update READMEs * Update DESCRIPTION.md * Auto-update READMEs * Update DESCRIPTION_fr.md * Auto-update READMEs --------- Co-authored-by: yunohost-bot <yunohost@yunohost.org> * bump all old versions * oupsie * Auto-update READMEs * system_addressbook_exposed is a boolean * Auto-update READMEs * migrate system_addressbook_exposed to boolean, fix upgrade test * another fix for system_addressbook_exposed, update the dav conf accordingly * zblerg, do not modify system_addressbook_exposed config value in the upgrade script * add redis-server as deps * find files before chown them * chown the root folder too * fix find condition * find ... chmod is not faster, at least avoid to chown -R the data_dir in the upgrade script * add a button in the config panel to run chown/chmod on data_dir * we can avoid this chmod too i guess? * only nextcloud is allowed to read the config file * zblerg, the config file doesn't exist before install * wait until nginx has actually remove the nextcloud conf during upgrade before checking the url_handled * create a function for that * fix change-url dav detection * only if domain has changed... * Update scripts/_common.sh * moar sleep * oups * minor typos * Update backup * minor typos --------- Co-authored-by: Éric Gaspar <46165813+ericgaspar@users.noreply.github.com> Co-authored-by: yunohost-bot <yunohost@yunohost.org> Co-authored-by: OniriCorpe <oniricorpe@disroot.org> Co-authored-by: lyyn <79758863+lyynd@users.noreply.github.com> Co-authored-by: tituspijean <titus+yunohost@pijean.ovh> Co-authored-by: Alexandre Aubin <4533074+alexAubin@users.noreply.github.com> Co-authored-by: YunoHost Bot <yunohost-bot@users.noreply.github.com> Co-authored-by: Alexandre Aubin <alex.aubin@mailoo.org>
2024-09-03 19:55:57 +02:00 · 2024-08-08 17:20:30 +02:00 · 2024-08-08 17:20:30 +02:00 · d0400f751d
commit d0400f751d
parent 79bbe7d11e
8 changed files with 77 additions and 51 deletions
--- a/config_panel.toml
+++ b/config_panel.toml
@ -3,14 +3,19 @@ version = "1.0"
 [main]
 name = "Nextcloud configuration"

-    [main.maintenance_mode]
-    name = "Maintenance mode"
+    [main.maintenance]
+    name = "Maintenance"

-        [main.maintenance_mode.maintenance_mode]
+        [main.maintenance.maintenance_mode]
        ask = "Enable maintenance mode"
        type = "boolean"
        default = "0"

+        [main.maintenance.set_permissions_button]
+        ask.en = "Set permissions for all data (Can take up to several hours if users have a lot of data)"
+        type = "button"
+        style = "success"
+
    [main.addressbook]
    name = "Address book configuration"

--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@ -8,6 +8,20 @@
 # EXPERIMENTAL HELPERS
 #=================================================

+wait_nginx_reload() {
+    # NGINX may take some time to support the new configuration,
+    # wait for the Nextcloud configuration file to disappear from NGINX before checking the CalDAV/CardDAV URL.
+    timeout=30
+    for i in $(seq 1 $timeout); do
+        if ! ynh_exec_warn_less nginx -T | grep --quiet "# configuration file /etc/nginx/conf.d/$domain.d/$app.conf:"; then
+            break
+        fi
+        sleep 1
+    done
+    # Wait untils NGINX has fully reloaded (avoid cURL fail with http2) 
+    sleep 2
+}
+
 # Check if an URL is already handled
 # usage: is_url_handled --domain=DOMAIN --path=PATH_URI
 is_url_handled() {
@ -19,22 +33,22 @@ is_url_handled() {
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"

-    # Try to get the url with curl, and keep the http code and an eventual redirection url.
+    # Try to get the URL with cURL, and keep the http code and an eventual redirection URL.
    local curl_output="$(curl --insecure --silent --output /dev/null \
      --write-out '%{http_code};%{redirect_url}' https://127.0.0.1$path --header "Host: $domain" --resolve $domain:443:127.0.0.1)"

    # Cut the output and keep only the first part to keep the http code
    local http_code="${curl_output%%;*}"
-    # Do the same thing but keep the second part, the redirection url
+    # Do the same thing but keep the second part, the redirection URL
    local redirection="${curl_output#*;}"

-    # Return 1 if the url isn't handled.
-    # Which means either curl got a 404 (or the admin) or the sso.
-    # A handled url should redirect to a publicly accessible url.
-    # Return 1 if the url has returned 404
+    # Return 1 if the URL isn't handled.
+    # Which means either cURL got a 404 (or the admin) or the SSO.
+    # A handled URL should redirect to a publicly accessible URL.
+    # Return 1 if the URL has returned 404
    if [ "$http_code" = "404" ] || [[ $redirection =~ "/yunohost/admin" ]]; then
        return 1
-    # Return 1 if the url is redirected to the SSO
+    # Return 1 if the URL is redirected to the SSO
    elif [[ $redirection =~ "/yunohost/sso" ]]; then
        return 1
    fi
--- a/scripts/backup
+++ b/scripts/backup
@ -28,42 +28,28 @@ ynh_backup --src_path="$install_dir"
 ynh_backup --src_path="$data_dir" --is_big

 #=================================================
-# BACKUP THE NGINX CONFIGURATION
-#=================================================
-
-ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
-
-#=================================================
-# BACKUP THE PHP-FPM CONFIGURATION
+# SYSTEM CONFIGURATION
 #=================================================

+# Backup the PHP-FPM configuration
 ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"

-#=================================================
-# SPECIFIC BACKUP
-#=================================================
-# BACKUP LOGROTATE
-#=================================================
+# Backup the nginx configuration
+ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"

+# Backup the logrotate configuration
 ynh_backup --src_path="/etc/logrotate.d/$app"

-#=================================================
-# BACKUP FAIL2BAN CONFIGURATION
-#=================================================
-
+# Backup the Fail2Ban config
 ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
 ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"

 #=================================================
-# BACKUP THE CRON FILE
+# BACKUP VARIOUS FILES
 #=================================================

 ynh_backup --src_path="/etc/cron.d/$app"

-#=================================================
-# BACKUP LOGS
-#=================================================
-
 ynh_backup --src_path="/var/log/$app"

 #=================================================
--- a/scripts/change_url
+++ b/scripts/change_url
@ -14,6 +14,19 @@ source /usr/share/yunohost/helpers
 #=================================================
 ynh_script_progression --message="Updating NGINX web server configuration..." --weight=2

+if [ $change_domain -eq 1 ]
+then
+    # Check if .well-known is available for this domain
+    if is_url_handled --domain="$new_domain" --path="/.well-known/caldav" || is_url_handled --domain="$new_domain" --path="/.well-known/carddav"
+    then
+        ynh_print_warn --message="Another app already uses the domain $new_domain to serve a CalDAV/CardDAV feature. You may encounter issues when dealing with your calendar or address book."
+
+        # Remove lines about .well-known/carddav and caldav with sed.
+        sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "/etc/nginx/conf.d/$domain.d/$app.conf"
+        ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf"
+    fi
+fi
+
 ynh_change_url_nginx_config

 #=================================================
@ -35,18 +48,8 @@ then
    # Change hostname for activity notifications
    exec_occ config:system:set overwrite.cli.url --value="https://${new_domain}${new_path}"

-    # Reload php fpm, necessary for force nextcloud to re-read config.php, cf opcache.revalidate_freq
+    # Reload PHP-FPM, necessary for force Nextcloud to re-read config.php, cf opcache.revalidate_freq
    ynh_systemd_action --service_name=php${phpversion}-fpm --action=reload
-
-    # Check if .well-known is available for this domain
-    if is_url_handled --domain="$new_domain" --path="/.well-known/caldav" || is_url_handled --domain="$new_domain" --path="/.well-known/carddav"
-    then
-        ynh_print_warn --message="Another app already uses the domain $new_domain to serve a CalDAV/CardDAV feature. You may encounter issues when dealing with your calendar or address book."
-
-        # Remove lines about .well-known/carddav and caldav with sed.
-        sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "/etc/nginx/conf.d/$new_domain.d/$app.conf"
-        ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
-    fi
 fi

 #=================================================
--- a/scripts/config
+++ b/scripts/config
@ -105,6 +105,24 @@ set__fpm_free_footprint() {
    fi
 }

+#=================================================
+# SPECIFIC RUNNERS FOR TOML SHORT KEYS
+#=================================================
+
+function run__set_permissions_button() {
+    local data_dir=$(ynh_app_setting_get --app=$app --key=data_dir)
+    ynh_print_info "Set permissions, it may take some time..."
+    chown -R $app:www-data "$install_dir"
+    chown -R $app: "$data_dir"
+    find $install_dir/ -type f -print0 | xargs -r0 chmod 0644
+    find $install_dir/ -type d -print0 | xargs -r0 chmod 0755
+    find $data_dir/data/ -type f -print0 | xargs -r0 chmod 0640
+    find $data_dir/data/ -type d -print0 | xargs -r0 chmod 0750
+    chmod 640 "$install_dir/config/config.php"
+    chmod 755 /home/yunohost.app
+    chmod 750 $install_dir
+}
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
--- a/scripts/install
+++ b/scripts/install
@ -64,7 +64,8 @@ exec_occ() {
 }

 # Set write access for the following commands
-chown -R $app: "$install_dir" "$data_dir"
+chown -R $app:www-data "$install_dir"
+chown -R $app: "$data_dir"

 # Define password in an intermediate var
 # The fact that it's called _password allows it to be
@ -240,7 +241,7 @@ find $install_dir/ -type f -print0 | xargs -r0 chmod 0644
 find $install_dir/ -type d -print0 | xargs -r0 chmod 0755
 find $data_dir/data/ -type f -print0 | xargs -r0 chmod 0640
 find $data_dir/data/ -type d -print0 | xargs -r0 chmod 0750
-chmod 640 "$install_dir/config/config.php"
+chmod 600 "$install_dir/config/config.php"
 chmod 755 /home/yunohost.app
 chmod 750 $install_dir

--- a/scripts/restore
+++ b/scripts/restore
@ -85,7 +85,7 @@ find $install_dir/ -type f -print0 | xargs -r0 chmod 0644
 find $install_dir/ -type d -print0 | xargs -r0 chmod 0755
 find $data_dir/data/ -type f -print0 | xargs -r0 chmod 0640
 find $data_dir/data/ -type d -print0 | xargs -r0 chmod 0750
-chmod 640 "$install_dir/config/config.php"
+chmod 600 "$install_dir/config/config.php"
 chmod 755 /home/yunohost.app
 chmod 750 $install_dir

--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -138,7 +138,7 @@ then
    ynh_script_progression --message="Upgrading $app..." --weight=3

    # Set write access for the following commands
-    chown -R $app: "$install_dir" "$data_dir"
+    chown -R $app:www-data "$install_dir"

    # Print the current version number of Nextcloud
    exec_occ -V
@ -207,7 +207,7 @@ then
        mv "$tmpdir" "$install_dir"

        # Set write access for the following commands
-        chown -R $app: "$install_dir" "$data_dir"
+        chown -R $app:www-data "$install_dir"

        # Upgrade Nextcloud (SUCCESS = 0, UP_TO_DATE = 3)
        exec_occ maintenance:mode --off
@ -325,12 +325,9 @@ ynh_script_progression --message="Reapplying file permissions..." --weight=2

 # Fix app ownerships & permissions
 chown -R $app:www-data "$install_dir"
-chown -R $app: "$data_dir"
 find $install_dir/ -type f -print0 | xargs -r0 chmod 0644
 find $install_dir/ -type d -print0 | xargs -r0 chmod 0755
-find $data_dir/data/ -type f -print0 | xargs -r0 chmod 0640
-find $data_dir/data/ -type d -print0 | xargs -r0 chmod 0750
-chmod 640 "$install_dir/config/config.php"
+chmod 600 "$install_dir/config/config.php"
 chmod 755 /home/yunohost.app
 chmod 750 $install_dir

@ -357,6 +354,8 @@ ynh_app_setting_delete --app=$app --key="checksum__etc_nginx_conf.d_$domain.d_$a
 # Wait untils NGINX has fully reloaded
 ynh_systemd_action --service_name=nginx --action=reload --line_match="Reloaded" --log_path="systemd"

+wait_nginx_reload
+
 # Check if .well-known is available for this domain
 if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav"
 then