From d0400f751d230cfa220a57529631db88d07cb1a1 Mon Sep 17 00:00:00 2001 From: Kayou Date: Thu, 8 Aug 2024 17:20:30 +0200 Subject: [PATCH] Testing (#713) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * Update manifest.toml * Auto-update READMEs * add pre upgrade warning for NC 29 * update to PHP8.3 * Auto-update READMEs * Update manifest.toml * Auto-update READMEs * Fix space splitting in phpflags on install (#690) * Auto-update READMEs * Update upgrade * Update manifest.toml * Auto-update READMEs * Fix phpflags (#691) * Fix upgrade: php version is 8.3 starting from 29.x ? (#692) * Update manifest.toml * Auto-update READMEs * Update tests.toml * [autopatch] Do not delete logs on app removal (#697) * [autopatch] Do not delete logs on app removal (#698) Co-authored-by: Yunohost-Bot <> * 29.0.3 * Auto-update READMEs * Update remove * Indent * Fix again upgrade ending with Nextcloud being in PHP 8.2 ? * Auto-update READMEs * Update nginx.conf * Update manifest.toml * Auto-update READMEs * Rework DESCRIPTION.md (#707) * Update DESCRIPTION_fr.md * Auto-update READMEs * Update DESCRIPTION.md * Auto-update READMEs * Update DESCRIPTION_fr.md * Auto-update READMEs --------- Co-authored-by: yunohost-bot * bump all old versions * oupsie * Auto-update READMEs * system_addressbook_exposed is a boolean * Auto-update READMEs * migrate system_addressbook_exposed to boolean, fix upgrade test * another fix for system_addressbook_exposed, update the dav conf accordingly * zblerg, do not modify system_addressbook_exposed config value in the upgrade script * add redis-server as deps * find files before chown them * chown the root folder too * fix find condition * find ... chmod is not faster, at least avoid to chown -R the data_dir in the upgrade script * add a button in the config panel to run chown/chmod on data_dir * we can avoid this chmod too i guess? * only nextcloud is allowed to read the config file * zblerg, the config file doesn't exist before install * wait until nginx has actually remove the nextcloud conf during upgrade before checking the url_handled * create a function for that * fix change-url dav detection * only if domain has changed... * Update scripts/_common.sh * moar sleep * oups * minor typos * Update backup * minor typos --------- Co-authored-by: Éric Gaspar <46165813+ericgaspar@users.noreply.github.com> Co-authored-by: yunohost-bot Co-authored-by: OniriCorpe Co-authored-by: lyyn <79758863+lyynd@users.noreply.github.com> Co-authored-by: tituspijean Co-authored-by: Alexandre Aubin <4533074+alexAubin@users.noreply.github.com> Co-authored-by: YunoHost Bot Co-authored-by: Alexandre Aubin --- config_panel.toml | 11 ++++++++--- scripts/_common.sh | 28 +++++++++++++++++++++------- scripts/backup | 28 +++++++--------------------- scripts/change_url | 25 ++++++++++++++----------- scripts/config | 18 ++++++++++++++++++ scripts/install | 5 +++-- scripts/restore | 2 +- scripts/upgrade | 11 +++++------ 8 files changed, 77 insertions(+), 51 deletions(-) diff --git a/config_panel.toml b/config_panel.toml index 4e458b6..e5e88ae 100644 --- a/config_panel.toml +++ b/config_panel.toml @@ -3,14 +3,19 @@ version = "1.0" [main] name = "Nextcloud configuration" - [main.maintenance_mode] - name = "Maintenance mode" + [main.maintenance] + name = "Maintenance" - [main.maintenance_mode.maintenance_mode] + [main.maintenance.maintenance_mode] ask = "Enable maintenance mode" type = "boolean" default = "0" + [main.maintenance.set_permissions_button] + ask.en = "Set permissions for all data (Can take up to several hours if users have a lot of data)" + type = "button" + style = "success" + [main.addressbook] name = "Address book configuration" diff --git a/scripts/_common.sh b/scripts/_common.sh index 65cce78..4cdc018 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -8,6 +8,20 @@ # EXPERIMENTAL HELPERS #================================================= +wait_nginx_reload() { + # NGINX may take some time to support the new configuration, + # wait for the Nextcloud configuration file to disappear from NGINX before checking the CalDAV/CardDAV URL. + timeout=30 + for i in $(seq 1 $timeout); do + if ! ynh_exec_warn_less nginx -T | grep --quiet "# configuration file /etc/nginx/conf.d/$domain.d/$app.conf:"; then + break + fi + sleep 1 + done + # Wait untils NGINX has fully reloaded (avoid cURL fail with http2) + sleep 2 +} + # Check if an URL is already handled # usage: is_url_handled --domain=DOMAIN --path=PATH_URI is_url_handled() { @@ -19,22 +33,22 @@ is_url_handled() { # Manage arguments with getopts ynh_handle_getopts_args "$@" - # Try to get the url with curl, and keep the http code and an eventual redirection url. + # Try to get the URL with cURL, and keep the http code and an eventual redirection URL. local curl_output="$(curl --insecure --silent --output /dev/null \ --write-out '%{http_code};%{redirect_url}' https://127.0.0.1$path --header "Host: $domain" --resolve $domain:443:127.0.0.1)" # Cut the output and keep only the first part to keep the http code local http_code="${curl_output%%;*}" - # Do the same thing but keep the second part, the redirection url + # Do the same thing but keep the second part, the redirection URL local redirection="${curl_output#*;}" - # Return 1 if the url isn't handled. - # Which means either curl got a 404 (or the admin) or the sso. - # A handled url should redirect to a publicly accessible url. - # Return 1 if the url has returned 404 + # Return 1 if the URL isn't handled. + # Which means either cURL got a 404 (or the admin) or the SSO. + # A handled URL should redirect to a publicly accessible URL. + # Return 1 if the URL has returned 404 if [ "$http_code" = "404" ] || [[ $redirection =~ "/yunohost/admin" ]]; then return 1 - # Return 1 if the url is redirected to the SSO + # Return 1 if the URL is redirected to the SSO elif [[ $redirection =~ "/yunohost/sso" ]]; then return 1 fi diff --git a/scripts/backup b/scripts/backup index da8f172..d56a518 100755 --- a/scripts/backup +++ b/scripts/backup @@ -28,42 +28,28 @@ ynh_backup --src_path="$install_dir" ynh_backup --src_path="$data_dir" --is_big #================================================= -# BACKUP THE NGINX CONFIGURATION -#================================================= - -ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" - -#================================================= -# BACKUP THE PHP-FPM CONFIGURATION +# SYSTEM CONFIGURATION #================================================= +# Backup the PHP-FPM configuration ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" -#================================================= -# SPECIFIC BACKUP -#================================================= -# BACKUP LOGROTATE -#================================================= +# Backup the nginx configuration +ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" +# Backup the logrotate configuration ynh_backup --src_path="/etc/logrotate.d/$app" -#================================================= -# BACKUP FAIL2BAN CONFIGURATION -#================================================= - +# Backup the Fail2Ban config ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" #================================================= -# BACKUP THE CRON FILE +# BACKUP VARIOUS FILES #================================================= ynh_backup --src_path="/etc/cron.d/$app" -#================================================= -# BACKUP LOGS -#================================================= - ynh_backup --src_path="/var/log/$app" #================================================= diff --git a/scripts/change_url b/scripts/change_url index aac12f0..2783932 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -14,6 +14,19 @@ source /usr/share/yunohost/helpers #================================================= ynh_script_progression --message="Updating NGINX web server configuration..." --weight=2 +if [ $change_domain -eq 1 ] +then + # Check if .well-known is available for this domain + if is_url_handled --domain="$new_domain" --path="/.well-known/caldav" || is_url_handled --domain="$new_domain" --path="/.well-known/carddav" + then + ynh_print_warn --message="Another app already uses the domain $new_domain to serve a CalDAV/CardDAV feature. You may encounter issues when dealing with your calendar or address book." + + # Remove lines about .well-known/carddav and caldav with sed. + sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "/etc/nginx/conf.d/$domain.d/$app.conf" + ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf" + fi +fi + ynh_change_url_nginx_config #================================================= @@ -35,18 +48,8 @@ then # Change hostname for activity notifications exec_occ config:system:set overwrite.cli.url --value="https://${new_domain}${new_path}" - # Reload php fpm, necessary for force nextcloud to re-read config.php, cf opcache.revalidate_freq + # Reload PHP-FPM, necessary for force Nextcloud to re-read config.php, cf opcache.revalidate_freq ynh_systemd_action --service_name=php${phpversion}-fpm --action=reload - - # Check if .well-known is available for this domain - if is_url_handled --domain="$new_domain" --path="/.well-known/caldav" || is_url_handled --domain="$new_domain" --path="/.well-known/carddav" - then - ynh_print_warn --message="Another app already uses the domain $new_domain to serve a CalDAV/CardDAV feature. You may encounter issues when dealing with your calendar or address book." - - # Remove lines about .well-known/carddav and caldav with sed. - sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "/etc/nginx/conf.d/$new_domain.d/$app.conf" - ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" - fi fi #================================================= diff --git a/scripts/config b/scripts/config index 93ced20..e231009 100644 --- a/scripts/config +++ b/scripts/config @@ -105,6 +105,24 @@ set__fpm_free_footprint() { fi } +#================================================= +# SPECIFIC RUNNERS FOR TOML SHORT KEYS +#================================================= + +function run__set_permissions_button() { + local data_dir=$(ynh_app_setting_get --app=$app --key=data_dir) + ynh_print_info "Set permissions, it may take some time..." + chown -R $app:www-data "$install_dir" + chown -R $app: "$data_dir" + find $install_dir/ -type f -print0 | xargs -r0 chmod 0644 + find $install_dir/ -type d -print0 | xargs -r0 chmod 0755 + find $data_dir/data/ -type f -print0 | xargs -r0 chmod 0640 + find $data_dir/data/ -type d -print0 | xargs -r0 chmod 0750 + chmod 640 "$install_dir/config/config.php" + chmod 755 /home/yunohost.app + chmod 750 $install_dir +} + #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/install b/scripts/install index 88c1c0d..0987b84 100755 --- a/scripts/install +++ b/scripts/install @@ -64,7 +64,8 @@ exec_occ() { } # Set write access for the following commands -chown -R $app: "$install_dir" "$data_dir" +chown -R $app:www-data "$install_dir" +chown -R $app: "$data_dir" # Define password in an intermediate var # The fact that it's called _password allows it to be @@ -240,7 +241,7 @@ find $install_dir/ -type f -print0 | xargs -r0 chmod 0644 find $install_dir/ -type d -print0 | xargs -r0 chmod 0755 find $data_dir/data/ -type f -print0 | xargs -r0 chmod 0640 find $data_dir/data/ -type d -print0 | xargs -r0 chmod 0750 -chmod 640 "$install_dir/config/config.php" +chmod 600 "$install_dir/config/config.php" chmod 755 /home/yunohost.app chmod 750 $install_dir diff --git a/scripts/restore b/scripts/restore index 1b0f63c..9ae3611 100755 --- a/scripts/restore +++ b/scripts/restore @@ -85,7 +85,7 @@ find $install_dir/ -type f -print0 | xargs -r0 chmod 0644 find $install_dir/ -type d -print0 | xargs -r0 chmod 0755 find $data_dir/data/ -type f -print0 | xargs -r0 chmod 0640 find $data_dir/data/ -type d -print0 | xargs -r0 chmod 0750 -chmod 640 "$install_dir/config/config.php" +chmod 600 "$install_dir/config/config.php" chmod 755 /home/yunohost.app chmod 750 $install_dir diff --git a/scripts/upgrade b/scripts/upgrade index e36d62e..c4b764c 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -138,7 +138,7 @@ then ynh_script_progression --message="Upgrading $app..." --weight=3 # Set write access for the following commands - chown -R $app: "$install_dir" "$data_dir" + chown -R $app:www-data "$install_dir" # Print the current version number of Nextcloud exec_occ -V @@ -207,7 +207,7 @@ then mv "$tmpdir" "$install_dir" # Set write access for the following commands - chown -R $app: "$install_dir" "$data_dir" + chown -R $app:www-data "$install_dir" # Upgrade Nextcloud (SUCCESS = 0, UP_TO_DATE = 3) exec_occ maintenance:mode --off @@ -325,12 +325,9 @@ ynh_script_progression --message="Reapplying file permissions..." --weight=2 # Fix app ownerships & permissions chown -R $app:www-data "$install_dir" -chown -R $app: "$data_dir" find $install_dir/ -type f -print0 | xargs -r0 chmod 0644 find $install_dir/ -type d -print0 | xargs -r0 chmod 0755 -find $data_dir/data/ -type f -print0 | xargs -r0 chmod 0640 -find $data_dir/data/ -type d -print0 | xargs -r0 chmod 0750 -chmod 640 "$install_dir/config/config.php" +chmod 600 "$install_dir/config/config.php" chmod 755 /home/yunohost.app chmod 750 $install_dir @@ -357,6 +354,8 @@ ynh_app_setting_delete --app=$app --key="checksum__etc_nginx_conf.d_$domain.d_$a # Wait untils NGINX has fully reloaded ynh_systemd_action --service_name=nginx --action=reload --line_match="Reloaded" --log_path="systemd" +wait_nginx_reload + # Check if .well-known is available for this domain if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav" then