YunoHost-Apps/nextcloud_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/nextcloud_ynh.git synced 2024-09-03 19:55:57 +02:00
Code Issues Activity Actions

Merge remote-tracking branch 'origin/testing' into enh_postgresql_migration

Browse source
This commit is contained in:
Kay0u 2020-12-18 11:08:40 +01:00
commit f4e4d4ed40
No known key found for this signature in database
GPG key ID: AAFEEB16CFA2AE2D
36 changed files with 1535 additions and 1159 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

124
README.md
View file

@ -1,68 +1,104 @@
Nextcloud for YunoHost
---------------------
[Nextcloud](https://nextcloud.com) gives you freedom and control over your
own data. A personal cloud which run on your own server. With Nextcloud
you can synchronize your files over your devices.
**Shipped version:** 13.0.2
# Nextcloud for YunoHost
[![Integration level](https://dash.yunohost.org/integration/nextcloud.svg)](https://dash.yunohost.org/appci/app/nextcloud) ![](https://ci-apps.yunohost.org/ci/badges/nextcloud.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/nextcloud.maintain.svg)
[![Install Nextcloud with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=nextcloud)
![](https://github.com/nextcloud/screenshots/blob/master/files/filelist.png)
## Features
*[Lire ce readme en français.](./README_fr.md)*
> *This package allow you to install Nextcloud quickly and simply on a YunoHost server.
If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.*
## Overview
[Nextcloud](https://nextcloud.com) gives you freedom and control over your own data. A personal cloud which runs on your own server. With Nextcloud you can synchronize your files over your devices.
**Shipped version:** 20.0.4
## Screenshots
![](https://raw.githubusercontent.com/nextcloud/screenshots/master/files/Files%20Overview.png)
## Demo
* [YunoHost demo](https://demo.yunohost.org/nextcloud/)
* [Official demo](https://demo.nextcloud.com/)
## Documentation
* Official documentation: https://docs.nextcloud.com/server/19/user_manual/
* YunoHost documentation: https://github.com/YunoHost/doc/blob/master/app_nextcloud.md
## Configuration
#### Configure OnlyOffice integration
Starting from Nextcloud 18, it features a direct integration of OnlyOffice (an online rich text document editor) through a Nextcloud app.
To install and configure it:
- Install *Community Document Server* application in your Nextcloud. That's the part that runs OnlyOffice server.
- Install *ONLYOFFICE* application. That's the client part that will connect to an OnlyOffice server.
- Then in Settings -> ONLYOFFICE (`https://yourdomain.tld/nextcloud/settings/admin/onlyoffice`), if you want to configure which file formats should be opened by OnlyOffice.
- Here you go :) You should be able to create new type of documents and open them.
*NB: OnlyOffice is only available for x86 architecture - **ARM** architecture is **not** supported (Raspberry Pi, OLinuXino...)*
## YunoHost specific features
In addition to Nextcloud core features, the following are made available with
this package:
* Integrate with YunoHost users and SSO - i.e. logout button
* Allow one user to be the administrator (set at the installation)
* Optionally access the user home folder from Nextcloud files (set at the
installation, the sharing is enabled by default)
* Serve `/.well-known` paths for CalDAV and CardDAV on the domain only if it's
not already served - i.e. by Baïkal
* Allow multiple instances of this application
* Optionally access the user home folder from Nextcloud files (set at the installation, the sharing is enabled by default)
* Serve `/.well-known` paths for CalDAV and CardDAV on the domain only if it's not already served - i.e. by Baïkal
#### Multi-users support
#### Supported architectures
* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/nextcloud%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/nextcloud/)
* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/nextcloud%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/nextcloud/)
## Limitations
To integrate the logout button to the SSO, we have to patch Nextcloud sources.
In waiting an upstream integration, the source code integrity checking has been
disabled to prevent the warning message.
To integrate the logout button to the SSO, we have to patch Nextcloud sources. In waiting an upstream integration, the source code integrity checking has been disabled to prevent the warning message.
Also, note we made the choice to disable third-parties applications at the
upgrade. It allows to prevent an unstable - and sometimes broken - Nextcloud
installation. You will just have to manually activate them after the upgrade.
Also, note we made the choice to disable third-parties applications at the upgrade. It allows to prevent an unstable - and sometimes broken - Nextcloud installation. You will just have to manually activate them after the upgrade.
Finally, the following error message in Nextcloud logs can be safely ignored:
```
Following symlinks is not allowed ('/home/yunohost.multimedia/user/Share' -> '/home/yunohost.multimedia/share/' not inside '/home/yunohost.multimedia/user/')
```
## Migrate from ownCloud
## Additionnal informations
**This is not considered as stable yet, please do it with care and only for
testing!**
#### `occ` command usage
This package handle the migration from ownCloud to Nextcloud. For that, your
ownCloud application must be **up-to-date** in YunoHost.
If you need/want to use Nextcloud `occ` command¹, you need to be in `/var/www/nextcloud/` folder (or `/var/www/nextcloud__n/` depending on your instance number in case of multiple concurrent installations), then use `sudo -u nextcloud php7.3 occ` instead of `occ` (as an alternative, you can use `/var/www/nextcloud/occ` to run the command from another directory).
You will then have to upgrade your ownCloud application with this repository.
This can only be done from the command-line interface - e.g. through SSH. Once
you're connected, you simply have to execute the following:
*NB: You may need to adapt `php7.3` to the PHP version that Nextcloud is using. Starting from Nextcloud 18, YunoHost uses php7.3, it used before php7.0.*
¹ See https://docs.nextcloud.com/server/18/admin_manual/configuration_server/occ_command.html
Use this only if you know what you're doing :)
#### Migrate from ownCloud
**This is not considered as stable yet, please do it with care and only for testing!**
This package handles the migration from ownCloud to Nextcloud. For that, your ownCloud application must be **up-to-date** in YunoHost.
You will then have to upgrade your ownCloud application with this repository. This can only be done from the command-line interface - e.g. through SSH. Once you're connected, you simply have to execute the following:
```bash
sudo yunohost app upgrade -u https://github.com/YunoHost-Apps/nextcloud_ynh owncloud --verbose
sudo yunohost app upgrade -u https://github.com/YunoHost-Apps/nextcloud_ynh owncloud --debug
```
The `--verbose` option will let you see the full output. If you encounter any
The `--debug` option will let you see the full output. If you encounter any
issue, please paste it.
Note that a cron job will be executed at some time after the end of this
command. You must wait that before doing any other application operations!
You should see that Nextcloud is installed after that.
Note that a cron job will be executed at some time after the end of this command. You must wait that before doing any other application operations! You should see that Nextcloud is installed after that.
Note that it does not change the application label nor the URL. To rename
the label, you can execute the following - replace `Nextcloud` with whatever
you want:
Note that it does not change the application label nor the URL. To rename the label, you can execute the following - replace `Nextcloud` with whatever you want:
```bash
sudo yunohost app setting nextcloud label -v "Nextcloud"
@ -71,6 +107,20 @@ sudo yunohost app ssowatconf
## Links
* Report a bug: https://dev.yunohost.org/projects/apps/issues
* Report a bug: https://github.com/YunoHost-Apps/nextcloud_ynh/issues
* Nextcloud website: https://nextcloud.com/
* Nextcloud repository: https://github.com/nextcloud/server
* YunoHost website: https://yunohost.org/
---
## Developers infos
Please do your pull request to the [testing branch](https://github.com/YunoHost-Apps/nextcloud_ynh/tree/testing).
To try the testing branch, please proceed like that.
```
sudo yunohost app install https://github.com/YunoHost-Apps/nextcloud_ynh/tree/testing --debug
or
sudo yunohost app upgrade nextcloud -u https://github.com/YunoHost-Apps/nextcloud_ynh/tree/testing --debug
```

117
README_fr.md Normal file
View file

@ -0,0 +1,117 @@
# Nextcloud pour YunoHost
[![Niveau d'integration](https://dash.yunohost.org/integration/nextcloud.svg)](https://dash.yunohost.org/appci/app/nextcloud) ![](https://ci-apps.yunohost.org/ci/badges/nextcloud.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/nextcloud.maintain.svg)
[![Installer Nextcloud avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=nextcloud)
*[Read this readme in english.](./README.md)*
> *Ce package vous permet d'installer Nextcloud rapidement et simplement sur un serveur YunoHost.
Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.*
## Vue d'ensemble
[Nextcloud](https://nextcloud.com) vous donne la liberté et le contrôle sur vos données. Un nuage personnel qui tourne sur votre serveur.
Avec NextCloud vous pouvez synchroniser vos fichiers sur vos appareils.
**Version incluse :** 20.0.4
## Captures d'écran
![](https://raw.githubusercontent.com/nextcloud/screenshots/master/files/Files%20Overview.png)
## Démo
* [Démo YunoHost](https://demo.yunohost.org/nextcloud/)
* [Démo officielle](https://demo.nextcloud.com/)
## Documentation
* Documentation officielle : https://docs.nextcloud.com/server/19/user_manual/
* Documentation YunoHost : https://github.com/YunoHost/doc/blob/master/app_nextcloud_fr.md
## Configuration
#### Configurer l'intégration d'OnlyOffice
À partir de sa version 18, Nextcloud inclut une intégration directe de OnlyOffice (un éditeur de texte enrichi en ligne) via une application Nextcloud.
Pour l'installer et la configurer :
- Installez l'application *Community Document Server* dans votre Nextcloud. C'est la partie qui fait tourner un serveur OnlyOffice.
- Installez l'application *ONLYOFFICE*. C'est la partie cliente qui va se connecter au serveur OnlyOffice.
- Ensuite dans les Paramètres -> ONLYOFFICE (`https://yourdomain.tld/nextcloud/settings/admin/onlyoffice`), si vous voulez configurer quels formats de fichier s'ouvrent avec OnlyOffice.
- Et voilà :) Vous devriez pouvoir créer de nouveaux types de documents, et les ouvrir.
*NB : OnlyOffice n'est disponible que sous architecture x86 - L'architecture **ARM** n'est **pas** supporté (Raspberry Pi, OLinuXino...)*
## Caractéristiques spécifiques YunoHost
En plus des fonctionnalités principales de Nextcloud, les fonctionnalités suivantes sont incluses dans ce package :
* Intégration avec les utilisateurs YunoHost et le SSO - exemple, le bouton de déconnexion
* Permet à un utilisateur d'être l'administrateur (choisi à l'installation)
* Permet de multiples instances de cette application
* Accès optionnel au répertoire home depuis les fichiers Nextcloud (à activer à l'installation, le partage étant activé par défaut)
* Utilise l'adresse `/.well-known` pour la synchronisation CalDAV et CardDAV du domaine si aucun autre service ne l'utilise déjà - par exemple, baikal
#### Support multi-utilisateurs
#### Architectures supportées
* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/nextcloud%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/nextcloud/)
* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/nextcloud%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/nextcloud/)
## Limitations
Pour intégrer le bouton de déconnexion du SSO, nous devons patcher les sources de Nextcloud.
En attendant un intégration de leur part, la vérification d'intégrité du code source est désactivée pour ne pas avoir de message d'avertissement.
Notez également que nous avons choisi de désactiver les applications tierces-parties lors des mises à jour. Ça permet d'éviter une installation de Nextcloud instable - ou qui pourrait planter.
Vous devrez juste les réactiver manuellement après chaque mise à jour.
Et enfin, le message d'erreur suivant dans les logs de Nextcloud peut être ignoré sans problème :
```
Following symlinks is not allowed ('/home/yunohost.multimedia/user/Share' -> '/home/yunohost.multimedia/share/' not inside '/home/yunohost.multimedia/user/')
```
## Informations supplémentaires
#### Migrer depuis ownCloud
**La migration n'est pas encore considérée comme stable, merci de la faire prudemment et uniquement pour tester !**
Ce package gère la migration de ownCloud vers Nextcloud. Pour ça, l'application ownCloud doit **être à jour** dans YunoHost.
Vous allez ensuite mettre à niveau votre ownCloud avec ce dépôt.
Ça ne peut être fait qu'en ligne de commande - par exemple via SSH. Une fois connecté, vous n'avez plus qu'à exécuter la commande suivante :
```bash
sudo yunohost app upgrade -u https://github.com/YunoHost-Apps/nextcloud_ynh owncloud --debug
```
L'option `--debug` va vous permettre de visualiser entièrement les retours de la mise à niveau. Si vous rencontrez un problème, merci de nous le transmettre.
Notez qu'une tâche cron va être exécutée une fois la fin de cette commande. Vous devez attendre qu'elle se fasse avant de faire une autre opération liée aux applications.
Vous devriez constater que Nextcloud sera installé après ça.
Notez que ça ne changera pas le label ni l'URL. Pour renommer le label, vous pouvez exécuter la commande suivante (en remplaçant `Nextcloud` par ce que vous voulez) :
```bash
sudo yunohost app setting nextcloud label -v "Nextcloud"
sudo yunohost app ssowatconf
```
## Liens
* Signaler un bug : https://github.com/YunoHost-Apps/nextcloud_ynh/issues
* Site web de Nextcloud : https://nextcloud.com/
* Dépôt de Nextcloud : https://github.com/nextcloud/server
* Site web de YunoHost : https://yunohost.org/
---
## Informations pour les développeurs
Merci de faire votre « pull request » sur la [branche testing](https://github.com/YunoHost-Apps/nextcloud_ynh/tree/testing).
Pour tester la branche testing, faites comme ceci.
```
sudo yunohost app install https://github.com/YunoHost-Apps/nextcloud_ynh/tree/testing --debug
ou
sudo yunohost app upgrade nextcloud -u https://github.com/YunoHost-Apps/nextcloud_ynh/tree/testing --debug
```

17
actions.toml Normal file
View file

@ -0,0 +1,17 @@
[disable_maintenance]
name = "Disable the maintenance mode of Nextcloud"
command = "/bin/bash scripts/actions/disable_maintenance"
# user = "root" # optional
# cwd = "/" # optional
# accepted_return_codes = [0, 1, 2, 3] # optional
accepted_return_codes = [0]
description = "Disable the maintenance mode of Nextcloud if you're stuck after an upgrade"
[add_multimedia_directories]
name = "Add multimedia directories"
command = "/bin/bash scripts/actions/add_multimedia_directories"
# user = "root" # optional
# cwd = "/" # optional
# accepted_return_codes = [0, 1, 2, 3] # optional
accepted_return_codes = [0]
description = "Add the multimedia and shared multimedia directories again"

23
check_process
View file

@ -12,29 +12,16 @@
setup_private=0
setup_public=0
upgrade=1
upgrade=1 from_commit=68c2f41da6b33bd8c949e5ba624bedba08c448be
upgrade=1 from_commit=c864e086625363d91dde6ba78a652011a991a027
backup_restore=1
multi_instance=0
multi_instance=1
incorrect_path=1
port_already_use=0
change_url=0
;;; Levels
Level 1=auto
Level 2=auto
Level 3=auto
# Level 4: LDAP and http auth
Level 4=1
# Level 5: https://github.com/YunoHost-Apps/nextcloud_ynh/issues/58
Level 5=1
Level 6=auto
Level 7=auto
Level 8=0
Level 9=0
Level 10=0
change_url=1
;;; Options
Email=
Notification=none
;;; Upgrade options
; commit=68c2f41da6b33bd8c949e5ba624bedba08c448be
name=Move patches to the right folder
; commit=c864e086625363d91dde6ba78a652011a991a027
name=[fix] php7.2-mcrypt doesn't exist (#253)
manifest_arg=domain=DOMAIN&path=PATH&admin=USER&user_home=1&

3
conf/config.json
View file

@ -10,7 +10,8 @@
"port": "6379",
"timeout": "0.0",
"password": ""
}
},
"hashing_default_password": true
},
"apps": {
"user_ldap": {

4
conf/config_install.json
View file

@ -1,9 +1,9 @@
{
"system": {
"datadirectory": "#DATADIR#",
"datadirectory": "__DATADIR__",
"trusted_domains": [
"localhost",
"#DOMAIN#"
"__DOMAIN__"
]
}
}

17
conf/extra_php-fpm.conf Normal file
View file

@ -0,0 +1,17 @@
; Additional php.ini defines, specific to this pool of workers.
env[PATH] = $PATH
php_admin_value[memory_limit] = 512M
php_value[upload_max_filesize] = 10G
php_value[post_max_size] = 10G
php_value[default_charset] = UTF-8
; OPcache is already activated by default
; php_value[opcache.enable]=1
; The following parameters are nevertheless recommended for Nextcloud
; see here: https://docs.nextcloud.com/server/15/admin_manual/installation/server_tuning.html#enable-php-opcache
php_value[opcache.enable_cli]=1
php_value[opcache.interned_strings_buffer]=8
php_value[opcache.max_accelerated_files]=10000
php_value[opcache.memory_consumption]=128
php_value[opcache.save_comments]=1
php_value[opcache.revalidate_freq]=1

2
conf/nextcloud.cron
View file

@ -1 +1 @@
*/15 * * * * #USER# /usr/bin/php -f #DESTDIR#/cron.php
*/15 * * * * __USER__ /usr/bin/php__YNH_PHP_VERSION__ -f __DESTDIR__/cron.php

154
conf/nginx.conf
View file

@ -1,48 +1,81 @@
location = /.well-known/carddav {
return 301 https://$server_name__PATH__/remote.php/dav;
}
location = /.well-known/caldav {
return 301 https://$server_name__PATH__/remote.php/dav;
location ^~ /.well-known {
# The following 6 rules are borrowed from `.htaccess`
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/\.well-known/host-meta\.json __PATH__/public.php?service=host-meta-json last;
#rewrite ^/\.well-known/host-meta __PATH__/public.php?service=host-meta last;
# The following 2 rules are only needed for the Social app.
# Uncomment it if you're planning to use this app.
#rewrite ^/\.well-known/webfinger __PATH__/public.php?service=webfinger last;
#rewrite ^/\.well-known/nodeinfo __PATH__/public.php?service=nodeinfo last;
location = /.well-known/carddav { return 301 __PATH__/remote.php/dav/; }
location = /.well-known/caldav { return 301 __PATH__/remote.php/dav/; }
try_files $uri $uri/ =404;
}
location ^~ __PATH__ {
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location ^~ __PATH__/ {
# Path to source
alias __FINALPATH__/;
# Force usage of https
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000;";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
more_set_headers "Strict-Transport-Security: max-age=15768000; includeSubDomains; preload;";
more_set_headers "Referrer-Policy: no-referrer";
more_set_headers "X-Content-Type-Options: nosniff";
more_set_headers "X-Download-Options: noopen";
more_set_headers "X-Frame-Options: SAMEORIGIN";
more_set_headers "X-Permitted-Cross-Domain-Policies: none";
more_set_headers "X-Robots-Tag: none";
more_set_headers "X-XSS-Protection: 1; mode=block";
# Set max upload size
client_max_body_size 10G;
fastcgi_buffers 64 4K;
# Extend timeouts
client_body_timeout 60m;
proxy_read_timeout 60m;
fastcgi_read_timeout 60m;
# Disable gzip to avoid the removal of the ETag header
gzip off;
# Errors pages
error_page 403 __PATH__/core/templates/403.php;
error_page 404 __PATH__/core/templates/404.php;
# Enable gzip but do not remove ETag headers
gzip on;
gzip_vary on;
gzip_comp_level 4;
gzip_min_length 256;
gzip_proxied expired no-cache no-store private no_last_modified no_etag auth;
gzip_types application/atom+xml application/javascript application/json application/ld+json application/manifest+json application/rss+xml application/vnd.geo+json application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/bmp image/svg+xml image/x-icon text/cache-manifest text/css text/plain text/vcard text/vnd.rim.location.xloc text/vtt text/x-component text/x-cross-domain-policy;
# The following 2 rules are only needed for the user_webfinger app.
# Uncomment it if you're planning to use this app.
#rewrite ^/.well-known/host-meta __PATH__/public.php?service=host-meta last;
#rewrite ^/.well-known/host-meta.json __PATH__/public.php?service=host-meta-json last;
# Pagespeed is not supported by Nextcloud, so if your server is built
# with the `ngx_pagespeed` module, uncomment this line to disable it.
#pagespeed off;
location __PATH__ {
rewrite ^ __PATH__/index.php$request_uri;
# Remove X-Powered-By, which is an information leak
fastcgi_hide_header X-Powered-By;
# Specify how to handle directories -- specifying `/nextcloud/index.php$request_uri`
# here as the fallback means that Nginx always exhibits the desired behaviour
# when a client requests a path that corresponds to a directory that exists
# on the server. In particular, if that directory contains an index.php file,
# that file is correctly served; if it doesn't, then the request is passed to
# the front-end controller. This consistent behaviour means that we don't need
# to specify custom rules for certain paths (e.g. images and other assets,
# `/updater`, `/ocm-provider`, `/ocs-provider`), and thus
# `try_files $uri $uri/ /nextcloud/index.php$request_uri`
# always provides the desired behaviour.
index index.php index.html __PATH__/index.php$request_uri;
# Default Cache-Control policy
expires 1m;
# Rule borrowed from `.htaccess` to handle Microsoft DAV clients
location = __PATH__/ {
if ( $http_user_agent ~ ^DavClnt ) {
return 302 __PATH__/remote.php/webdav/$is_args$args;
}
}
location = __PATH__/robots.txt {
@ -51,47 +84,50 @@ location ^~ __PATH__ {
access_log off;
}
location ~ ^__PATH__/(?:build|tests|config|lib|3rdparty|templates|data)/ {
deny all;
}
location ~ ^__PATH__/(?:\.|autotest|occ|issue|indie|db_|console) {
deny all;
}
# Rules borrowed from `.htaccess` to hide certain paths from clients
location ~ ^__PATH__/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; }
location ~ ^__PATH__/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; }
location ~ ^__PATH__/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) {
# Ensure this block, which passes PHP files to the PHP process, is above the blocks
# which handle static assets (as seen below). If this block is not declared first,
# then Nginx will encounter an infinite rewriting loop when it prepends
# `/nextcloud/index.php` to the URI, resulting in a HTTP 500 error response.
location ~ \.php(?:$|/) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
set $path_info $fastcgi_path_info;
try_files $fastcgi_script_name =404;
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
fastcgi_param HTTPS on;
fastcgi_param modHeadersAvailable true;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock;
fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice
fastcgi_param front_controller_active true; # Enable pretty urls
fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;
fastcgi_intercept_errors on;
fastcgi_request_buffering off;
}
location ~ ^__PATH__/(?:updater|ocs-provider)(?:$|/) {
try_files $uri/ =404;
index index.php;
location ~ \.(?:css|js|svg|gif)$ {
try_files $uri / __PATH__/index.php$request_uri;
expires 6M; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
# Adding the cache control header for js and css files
location ~* \.(?:css|js)$ {
add_header Cache-Control "public, max-age=7200";
# Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000;";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Robots-Tag none;
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
# Optional: Don't log access to assets
access_log off;
location ~ \.woff2?$ {
try_files $uri / __PATH__/index.php$request_uri;
expires 7d; # Cache-Control policy borrowed from `.htaccess`
access_log off; # Optional: Don't log access to assets
}
location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ {
# Optional: Don't log access to other assets
access_log off;
location ~ / {
if ($request_method ~ ^PUT$) {
rewrite ^ __PATH__/index.php$request_uri last;
}
if ($request_method ~ ^DELETE$) {
rewrite ^ __PATH__/index.php$request_uri last;
}
try_files $uri / __PATH__/index.php$request_uri;
}
# show YunoHost panel access

399
conf/php-fpm.conf
View file

@ -1,399 +0,0 @@
; Start a new pool named 'www'.
; the variable $pool can we used in any directive and will be replaced by the
; pool name ('www' here)
[__NAMETOCHANGE__]
; Per pool prefix
; It only applies on the following directives:
; - 'slowlog'
; - 'listen' (unixsocket)
; - 'chroot'
; - 'chdir'
; - 'php_values'
; - 'php_admin_values'
; When not set, the global prefix (or /usr) applies instead.
; Note: This directive can also be relative to the global prefix.
; Default Value: none
;prefix = /path/to/pools/$pool
; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group
; will be used.
user = __USER__
group = __USER__
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses on a
; specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock
; Set listen(2) backlog. A value of '-1' means unlimited.
; Default Value: 128 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 128
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
; mode is set to 0660
listen.owner = www-data
listen.group = www-data
;listen.mode = 0660
; List of ipv4 addresses of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
; accepted from any ip address.
; Default Value: any
;listen.allowed_clients = 127.0.0.1
; Specify the nice(2) priority to apply to the pool processes (only if set)
; The value can vary from -19 (highest priority) to 20 (lower priority)
; Note: - It will only work if the FPM master process is launched as root
; - The pool processes will inherit the master process priority
; unless it specified otherwise
; Default Value: no set
; priority = -19
; Choose how the process manager will control the number of child processes.
; Possible Values:
; static - a fixed number (pm.max_children) of child processes;
; dynamic - the number of child processes are set dynamically based on the
; following directives. With this process management, there will be
; always at least 1 children.
; pm.max_children - the maximum number of children that can
; be alive at the same time.
; pm.start_servers - the number of children created on startup.
; pm.min_spare_servers - the minimum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is less than this
; number then some children will be created.
; pm.max_spare_servers - the maximum number of children in 'idle'
; state (waiting to process). If the number
; of 'idle' processes is greater than this
; number then some children will be killed.
; ondemand - no children are created at startup. Children will be forked when
; new requests will connect. The following parameter are used:
; pm.max_children - the maximum number of children that
; can be alive at the same time.
; pm.process_idle_timeout - The number of seconds after which
; an idle process will be killed.
; Note: This value is mandatory.
pm = dynamic
; The number of child processes to be created when pm is set to 'static' and the
; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'.
; This value sets the limit on the number of simultaneous requests that will be
; served. Equivalent to the ApacheMaxClients directive with mpm_prefork.
; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP
; CGI. The below defaults are based on a server without much resources. Don't
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 10
; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2
pm.start_servers = 2
; The desired minimum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.min_spare_servers = 1
; The desired maximum number of idle server processes.
; Note: Used only when pm is set to 'dynamic'
; Note: Mandatory when pm is set to 'dynamic'
pm.max_spare_servers = 3
; The number of seconds after which an idle process will be killed.
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
;pm.process_idle_timeout = 10s;
; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
pm.max_requests = 500
; The URI to view the FPM status page. If this value is not set, no URI will be
; recognized as a status page. It shows the following informations:
; pool - the name of the pool;
; process manager - static, dynamic or ondemand;
; start time - the date and time FPM has started;
; start since - number of seconds since FPM has started;
; accepted conn - the number of request accepted by the pool;
; listen queue - the number of request in the queue of pending
; connections (see backlog in listen(2));
; max listen queue - the maximum number of requests in the queue
; of pending connections since FPM has started;
; listen queue len - the size of the socket queue of pending connections;
; idle processes - the number of idle processes;
; active processes - the number of active processes;
; total processes - the number of idle + active processes;
; max active processes - the maximum number of active processes since FPM
; has started;
; max children reached - number of times, the process limit has been reached,
; when pm tries to start more children (works only for
; pm 'dynamic' and 'ondemand');
; Value are updated in real time.
; Example output:
; pool: www
; process manager: static
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 62636
; accepted conn: 190460
; listen queue: 0
; max listen queue: 1
; listen queue len: 42
; idle processes: 4
; active processes: 11
; total processes: 15
; max active processes: 12
; max children reached: 0
;
; By default the status page output is formatted as text/plain. Passing either
; 'html', 'xml' or 'json' in the query string will return the corresponding
; output syntax. Example:
; http://www.foo.bar/status
; http://www.foo.bar/status?json
; http://www.foo.bar/status?html
; http://www.foo.bar/status?xml
;
; By default the status page only outputs short status. Passing 'full' in the
; query string will also return status for each pool process.
; Example:
; http://www.foo.bar/status?full
; http://www.foo.bar/status?json&full
; http://www.foo.bar/status?html&full
; http://www.foo.bar/status?xml&full
; The Full status returns for each process:
; pid - the PID of the process;
; state - the state of the process (Idle, Running, ...);
; start time - the date and time the process has started;
; start since - the number of seconds since the process has started;
; requests - the number of requests the process has served;
; request duration - the duration in µs of the requests;
; request method - the request method (GET, POST, ...);
; request URI - the request URI with the query string;
; content length - the content length of the request (only with POST);
; user - the user (PHP_AUTH_USER) (or '-' if not set);
; script - the main script called (or '-' if not set);
; last request cpu - the %cpu the last request consumed
; it's always 0 if the process is not in Idle state
; because CPU calculation is done when the request
; processing has terminated;
; last request memory - the max amount of memory the last request consumed
; it's always 0 if the process is not in Idle state
; because memory calculation is done when the request
; processing has terminated;
; If the process is in Idle state, then informations are related to the
; last request the process has served. Otherwise informations are related to
; the current request being served.
; Example output:
; ************************
; pid: 31330
; state: Running
; start time: 01/Jul/2011:17:53:49 +0200
; start since: 63087
; requests: 12808
; request duration: 1250261
; request method: GET
; request URI: /test_mem.php?N=10000
; content length: 0
; user: -
; script: /home/fat/web/docs/php/test_mem.php
; last request cpu: 0.00
; last request memory: 0
;
; Note: There is a real-time FPM status monitoring sample web page available
; It's available in: ${prefix}/share/fpm/status.html
;
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;pm.status_path = /status
; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
; that FPM is alive and responding, or to
; - create a graph of FPM availability (rrd or such);
; - remove a server from a group if it is not responding (load balancing);
; - trigger alerts for the operating team (24/7).
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
;ping.path = /ping
; This directive may be used to customize the response of a ping request. The
; response is formatted as text/plain with a 200 response code.
; Default Value: pong
;ping.response = pong
; The access log file
; Default: not set
;access.log = log/$pool.access.log
; The access log format.
; The following syntax is allowed
; %%: the '%' character
; %C: %CPU used by the request
; it can accept the following format:
; - %{user}C for user CPU only
; - %{system}C for system CPU only
; - %{total}C for user + system CPU (default)
; %d: time taken to serve the request
; it can accept the following format:
; - %{seconds}d (default)
; - %{miliseconds}d
; - %{mili}d
; - %{microseconds}d
; - %{micro}d
; %e: an environment variable (same as $_ENV or $_SERVER)
; it must be associated with embraces to specify the name of the env
; variable. Some exemples:
; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e
; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e
; %f: script filename
; %l: content-length of the request (for POST request only)
; %m: request method
; %M: peak of memory allocated by PHP
; it can accept the following format:
; - %{bytes}M (default)
; - %{kilobytes}M
; - %{kilo}M
; - %{megabytes}M
; - %{mega}M
; %n: pool name
; %o: ouput header
; it must be associated with embraces to specify the name of the header:
; - %{Content-Type}o
; - %{X-Powered-By}o
; - %{Transfert-Encoding}o
; - ....
; %p: PID of the child that serviced the request
; %P: PID of the parent of the child that serviced the request
; %q: the query string
; %Q: the '?' character if query string exists
; %r: the request URI (without the query string, see %q and %Q)
; %R: remote IP address
; %s: status (response code)
; %t: server time the request was received
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; %T: time the log has been written (the request has finished)
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; %u: remote user
;
; Default: "%R - %u %t \"%m %r\" %s"
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log
; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
request_slowlog_timeout = 5s
; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
request_terminate_timeout = 1d
; Set open file descriptor rlimit.
; Default Value: system defined value
;rlimit_files = 1024
; Set max core size rlimit.
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0
; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
; of its subdirectories. If the pool prefix is not set, the global prefix
; will be used instead.
; Note: chrooting is a great security feature and should be used whenever
; possible. However, all PHP paths will be relative to the chroot
; (error_log, sessions.save_path, ...).
; Default Value: not set
;chroot =
; Chdir to this directory at the start.
; Note: relative path can be used.
; Default Value: current directory or / when chroot
chdir = __FINALPATH__
; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Note: on highloaded environement, this can cause some delay in the page
; process time (several ms).
; Default Value: no
catch_workers_output = yes
; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; exectute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp
env[PATH] = $PATH
; Additional php.ini defines, specific to this pool of workers. These settings
; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI:
; php_value/php_flag - you can set classic ini defines which can
; be overwritten from PHP call 'ini_set'.
; php_admin_value/php_admin_flag - these directives won't be overwritten by
; PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
; Defining 'extension' will load the corresponding shared extension from
; extension_dir. Defining 'disable_functions' or 'disable_classes' will not
; overwrite previously defined php.ini values, but will append the new value
; instead.
; Note: path INI options can be relative and will be expanded with the prefix
; (pool, global or /usr)
; Default Value: nothing is defined by default except the values in php.ini and
; specified at startup with the -d argument
;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com
;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M
; Additional php.ini defines, specific to this pool of workers.
php_value[upload_max_filesize] = 10G
php_value[post_max_size] = 10G
php_value[default_charset] = UTF-8
php_value[always_populate_raw_post_data] = -1

7
conf/php-fpm.ini
View file

@ -1,7 +0,0 @@
opcache.enable=1
opcache.enable_cli=1
opcache.interned_strings_buffer=8
opcache.max_accelerated_files=10000
opcache.memory_consumption=128
opcache.save_comments=1
opcache.revalidate_freq=1

26
config_panel.toml Normal file
View file

@ -0,0 +1,26 @@
version = "0.1"
name = "Nextcloud configuration panel"
[main]
name = "Nextcloud configuration"
[main.php_fpm_config]
name = "PHP-FPM configuration"
[main.php_fpm_config.footprint]
ask = "Memory footprint of the service ?"
choices = ["low", "medium", "high", "specific"]
default = "low"
help = "low <= 20Mb per pool. medium between 20Mb and 40Mb per pool. high > 40Mb per pool.<br>Use specific to set a value with the following option."
[main.php_fpm_config.free_footprint]
ask = "Memory footprint of the service ?"
type = "number"
default = "0"
help = "Free field to specify exactly the footprint in Mb if you don't want to use one of the three previous values."
[main.php_fpm_config.usage]
ask = "Expected usage of the service ?"
choices = ["low", "medium", "high"]
default = "low"
help = "low: Personal usage, behind the sso. No RAM footprint when not used, but the impact on the processor can be high if many users are using the service.<br>medium: Low usage, few people or/and publicly accessible. Low RAM footprint, medium processor footprint when used.<br>high: High usage, frequently visited website. High RAM footprint, but lower on processor usage and quickly responding."

3
hooks/post_user_create
View file

@ -2,5 +2,4 @@
user=$1
sudo mkdir -p /home/$user
sudo setfacl -m g:#GROUP#:rwx /home/$user
sudo setfacl --modify g:__GROUP__:rwx /home/$user

16
manifest.json
View file

@ -3,23 +3,23 @@
"name": "Nextcloud",
"packaging_format": 1,
"description": {
"en": "Access & share your files, calendars, contacts, mail & more from any device, on your terms",
"fr": "Consultez et partagez vos fichiers, agendas, carnets d'adresses, emails et bien plus depuis les appareils de votre choix, sous vos conditions"
"en": "Online storage, file sharing platform and various other applications",
"fr": "Stockage en ligne, plateforme de partage de fichiers et diverses autres applications"
},
"version": "13.0.2~ynh1",
"version": "20.0.4~ynh1",
"url": "https://nextcloud.com",
"license": "AGPL-3.0",
"maintainer": {
"name": "-",
"email": "-"
"name": "YunoHost Contributors",
"email": "apps@yunohost.org"
},
"requirements": {
"yunohost": ">= 2.7.2"
"yunohost": ">= 3.8.1"
},
"multi_instance": false,
"multi_instance": true,
"services": [
"nginx",
"php5-fpm",
"php7.0-fpm",
"mysql"
],
"arguments": {

5
pull_request_template.md
View file

@ -19,7 +19,6 @@
- [ ] **Approval (LGTM)** :
- [ ] **Approval (LGTM)** :
- **CI succeeded** :
[![Build Status](https://ci-apps-dev.yunohost.org/jenkins/job/nextcloud_ynh%20-BRANCH-%20(Official)/badge/icon)](https://ci-apps-dev.yunohost.org/jenkins/job/nextcloud_ynh%20-BRANCH-%20(Official)/) *Please replace '-BRANCH-' in this link for a PR from a local branch.*
or
[![Build Status](https://ci-apps-dev.yunohost.org/jenkins/job/nextcloud_ynh%20PR-NUM-%20(Official_fork)/badge/icon)](https://ci-apps-dev.yunohost.org/jenkins/job/nextcloud_ynh%20PR-NUM-%20(Official_fork)/) *Replace '-NUM-' by the PR number in this link for a PR from a forked repository.*
[![Build Status](https://ci-apps-hq.yunohost.org/jenkins/job/nextcloud_ynh%20PR-NUM-/badge/icon)](https://ci-apps-hq.yunohost.org/jenkins/job/nextcloud_ynh%20PR-NUM-/)
*Please replace '-NUM-' in this link by the PR number.*
When the PR is marked as ready to merge, you have to wait for 3 days before really merging it.

295
scripts/_common.sh
View file

@ -3,53 +3,13 @@
# COMMON VARIABLES
#=================================================
pkg_dependencies="php5-gd php5-json php5-intl php5-mcrypt php5-curl php5-apcu php5-redis php5-ldap php5-imagick imagemagick acl tar smbclient postgresql php-pgsql"
pkg_dependencies="imagemagick acl tar smbclient at postgresql"
if [ "$(lsb_release --codename --short)" != "jessie" ]; then
pkg_dependencies="$pkg_dependencies php-zip php-apcu php-mbstring php-xml"
fi
YNH_PHP_VERSION="7.3"
extra_php_dependencies="php${YNH_PHP_VERSION}-bz2 php${YNH_PHP_VERSION}-imap php${YNH_PHP_VERSION}-smbclient php${YNH_PHP_VERSION}-gmp php${YNH_PHP_VERSION}-gd php${YNH_PHP_VERSION}-json php${YNH_PHP_VERSION}-intl php${YNH_PHP_VERSION}-curl php${YNH_PHP_VERSION}-apcu php${YNH_PHP_VERSION}-redis php${YNH_PHP_VERSION}-ldap php${YNH_PHP_VERSION}-imagick php${YNH_PHP_VERSION}-zip php${YNH_PHP_VERSION}-mbstring php${YNH_PHP_VERSION}-xml php${YNH_PHP_VERSION}-mysql php${YNH_PHP_VERSION}-igbinary php${YNH_PHP_VERSION}-bcmath php${YNH_PHP_VERSION}-pgsql"
#=================================================
# COMMON HELPERS
#=================================================
# Execute a command with occ
exec_occ() {
(cd "$final_path" && exec_as "$app" \
php occ --no-interaction --no-ansi "$@")
}
# Create the external storage for the given folders and enable sharing
create_external_storage() {
local datadir="$1"
local mount_name="$2"
local mount_id=`exec_occ files_external:create --output=json \
"$2" 'local' 'null::null' -c "datadir=$datadir" || true`
! [[ $mount_id =~ ^[0-9]+$ ]] \
&& echo "Unable to create external storage" >&2 \
|| exec_occ files_external:option "$mount_id" enable_sharing true
}
# Rename a MySQL database and user
# Usage: rename_mysql_db DBNAME DBUSER DBPASS NEW_DBNAME_AND_USER
rename_mysql_db() {
local db_name=$1 db_user=$2 db_pwd=$3 new_db_name=$4
local sqlpath="/tmp/${db_name}-$(date '+%s').sql"
# Dump the old database
mysqldump -u "$db_user" -p"$db_pwd" --no-create-db "$db_name" > "$sqlpath"
# Create the new database and user
ynh_mysql_create_db "$new_db_name" "$new_db_name" "$db_pwd"
ynh_mysql_connect_as "$new_db_name" "$db_pwd" "$new_db_name" < "$sqlpath"
# Remove the old database
ynh_mysql_remove_db $db_name $db_name
ynh_secure_remove "$sqlpath"
}
#=================================================
# COMMON HELPERS -- SHOULD BE ADDED TO YUNOHOST
# EXPERIMENTAL HELPERS
#=================================================
# Execute a command as another user
@ -65,15 +25,42 @@ exec_as() {
fi
}
#=================================================
# Check if an URL is already handled
# usage: is_url_handled URL
# usage: is_url_handled --domain=DOMAIN --path=PATH_URI
is_url_handled() {
local output=($(curl -k -s -o /dev/null \
-w 'x%{redirect_url} %{http_code}' "$1"))
# It's handled if it does not redirect to the SSO nor return 404
[[ ! ${output[0]} =~ \/yunohost\/sso\/ && ${output[1]} != 404 ]]
# Declare an array to define the options of this helper.
local legacy_args=dp
declare -Ar args_array=( [d]=domain= [p]=path= )
local domain
local path
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
# Try to get the url with curl, and keep the http code and an eventual redirection url.
local curl_output="$(curl --insecure --silent --output /dev/null \
--write-out '%{http_code};%{redirect_url}' https://127.0.0.1$path --header "Host: $domain" --resolve $domain:443:127.0.0.1)"
# Cut the output and keep only the first part to keep the http code
local http_code="${curl_output%%;*}"
# Do the same thing but keep the second part, the redirection url
local redirection="${curl_output#*;}"
# Return 1 if the url isn't handled.
# Which means either curl got a 404 (or the admin) or the sso.
# A handled url should redirect to a publicly accessible url.
# Return 1 if the url has returned 404
if [ "$http_code" = "404" ] || [[ $redirection =~ "/yunohost/admin" ]]; then
return 1
# Return 1 if the url is redirected to the SSO
elif [[ $redirection =~ "/yunohost/sso" ]]; then
return 1
fi
}
#=================================================
# Make the main steps to migrate an app to its fork.
#
# This helper has to be used for an app which needs to migrate to a new name or a new fork
@ -167,7 +154,7 @@ ynh_handle_app_migration () {
# TODO Handle multi instance apps...
# Check that there is not already an app installed for this id.
(yunohost app list --installed -f "$new_app" | grep -q id) \
yunohost app list | grep -q 'id: $appname' \
&& ynh_die "$new_app is already installed"
#=================================================
@ -318,10 +305,49 @@ ynh_handle_app_migration () {
fi
}
#=================================================
# Check available space before creating a temp directory.
#
# usage: ynh_smart_mktemp --min_size="Min size"
#
# | arg: -s, --min_size= - Minimal size needed for the temporary directory, in Mb
ynh_smart_mktemp () {
# Declare an array to define the options of this helper.
declare -Ar args_array=( [s]=min_size= )
local min_size
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
min_size="${min_size:-300}"
# Transform the minimum size from megabytes to kilobytes
min_size=$(( $min_size * 1024 ))
# Check if there's enough free space in a directory
is_there_enough_space () {
local free_space=$(df --output=avail "$1" | sed 1d)
test $free_space -ge $min_size
}
if is_there_enough_space /tmp; then
local tmpdir=/tmp
elif is_there_enough_space /var; then
local tmpdir=/var
elif is_there_enough_space /; then
local tmpdir=/
elif is_there_enough_space /home; then
local tmpdir=/home
else
ynh_die "Insufficient free space to continue..."
fi
echo "$(mktemp --directory --tmpdir="$tmpdir")"
}
#=================================================
# EXPERIMENTAL HELPERS
# FUTURE OFFICIAL HELPERS
#=================================================
#=================================================
# YUNOHOST MULTIMEDIA INTEGRATION
#=================================================
@ -330,16 +356,20 @@ ynh_handle_app_migration () {
#
# usage: ynh_multimedia_build_main_dir
ynh_multimedia_build_main_dir () {
local ynh_media_release="v1.0"
local checksum="4852c8607db820ad51f348da0dcf0c88"
local ynh_media_release="v1.2"
local checksum="806a827ba1902d6911095602a9221181"
# Download yunohost.multimedia scripts
wget -nv https://github.com/YunoHost-Apps/yunohost.multimedia/archive/${ynh_media_release}.tar.gz
wget -nv https://github.com/YunoHost-Apps/yunohost.multimedia/archive/${ynh_media_release}.tar.gz 2>&1
# Verify checksum
# Check the control sum
echo "${checksum} ${ynh_media_release}.tar.gz" | md5sum -c --status \
|| ynh_die "Corrupt source"
# Check if the package acl is installed. Or install it.
ynh_package_is_installed 'acl' \
|| ynh_package_install acl
# Extract
mkdir yunohost.multimedia-master
tar -xf ${ynh_media_release}.tar.gz -C yunohost.multimedia-master --strip-components 1
@ -356,158 +386,3 @@ ynh_multimedia_addaccess () {
groupadd -f multimedia
usermod -a -G multimedia $user_name
}
#=================================================
# POSTGRESQL HELPERS
#=================================================
# Create a master password and set up global settings
# Please always call this script in install and restore scripts
#
# usage: ynh_psql_test_if_first_run
ynh_psql_test_if_first_run() {
if [ -f /etc/yunohost/psql ];
then
echo "PostgreSQL is already installed, no need to create master password"
else
pgsql=$(ynh_string_random)
pg_hba=""
echo "$pgsql" >> /etc/yunohost/psql
if [ -e /etc/postgresql/9.4/ ]
then
pg_hba=/etc/postgresql/9.4/main/pg_hba.conf
elif [ -e /etc/postgresql/9.6/ ]
then
pg_hba=/etc/postgresql/9.6/main/pg_hba.conf
else
ynh_die "postgresql shoud be 9.4 or 9.6"
fi
systemctl start postgresql
sudo --login --user=postgres psql -c"ALTER user postgres WITH PASSWORD '$pgsql'" postgres
# force all user to connect to local database using passwords
# https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html#EXAMPLE-PG-HBA.CONF
# Note: we can't use peer since YunoHost create users with nologin
# See: https://github.com/YunoHost/yunohost/blob/unstable/data/helpers.d/user
sed -i '/local\s*all\s*all\s*peer/i \
local all all password' "$pg_hba"
systemctl enable postgresql
systemctl reload postgresql
fi
}
# Open a connection as a user
#
# example: ynh_psql_connect_as 'user' 'pass' <<< "UPDATE ...;"
# example: ynh_psql_connect_as 'user' 'pass' < /path/to/file.sql
#
# usage: ynh_psql_connect_as user pwd [db]
# | arg: user - the user name to connect as
# | arg: pwd - the user password
# | arg: db - the database to connect to
ynh_psql_connect_as() {
user="$1"
pwd="$2"
db="$3"
sudo --login --user=postgres PGUSER="$user" PGPASSWORD="$pwd" psql "$db"
}
# # Execute a command as root user
#
# usage: ynh_psql_execute_as_root sql [db]
# | arg: sql - the SQL command to execute
# | arg: db - the database to connect to
ynh_psql_execute_as_root () {
sql="$1"
sudo --login --user=postgres psql <<< "$sql"
}
# Execute a command from a file as root user
#
# usage: ynh_psql_execute_file_as_root file [db]
# | arg: file - the file containing SQL commands
# | arg: db - the database to connect to
ynh_psql_execute_file_as_root() {
file="$1"
db="$2"
sudo --login --user=postgres psql "$db" < "$file"
}
# Create a database, an user and its password. Then store the password in the app's config
#
# After executing this helper, the password of the created database will be available in $db_pwd
# It will also be stored as "psqlpwd" into the app settings.
#
# usage: ynh_psql_setup_db user name [pwd]
# | arg: user - Owner of the database
# | arg: name - Name of the database
# | arg: pwd - Password of the database. If not given, a password will be generated
ynh_psql_setup_db () {
db_user="$1"
db_name="$2"
new_db_pwd=$(ynh_string_random) # Generate a random password
# If $3 is not given, use new_db_pwd instead for db_pwd.
db_pwd="${3:-$new_db_pwd}"
ynh_psql_create_db "$db_name" "$db_user" "$db_pwd" # Create the database
ynh_app_setting_set "$app" psqlpwd "$db_pwd" # Store the password in the app's config
}
# Create a database and grant privilegies to a user
#
# usage: ynh_psql_create_db db [user [pwd]]
# | arg: db - the database name to create
# | arg: user - the user to grant privilegies
# | arg: pwd - the user password
ynh_psql_create_db() {
db="$1"
user="$2"
pwd="$3"
ynh_psql_create_user "$user" "$pwd"
sudo --login --user=postgres createdb --owner="$user" "$db"
}
# Drop a database
#
# usage: ynh_psql_drop_db db
# | arg: db - the database name to drop
# | arg: user - the user to drop
ynh_psql_remove_db() {
db="$1"
user="$2"
sudo --login --user=postgres dropdb "$db"
ynh_psql_drop_user "$user"
}
# Dump a database
#
# example: ynh_psql_dump_db 'roundcube' > ./dump.sql
#
# usage: ynh_psql_dump_db db
# | arg: db - the database name to dump
# | ret: the psqldump output
ynh_psql_dump_db() {
db="$1"
sudo --login --user=postgres pg_dump "$db"
}
# Create a user
#
# usage: ynh_psql_create_user user pwd [host]
# | arg: user - the user name to create
ynh_psql_create_user() {
user="$1"
pwd="$2"
sudo --login --user=postgres psql -c"CREATE USER $user WITH PASSWORD '$pwd'" postgres
}
# Drop a user
#
# usage: ynh_psql_drop_user user
# | arg: user - the user name to drop
ynh_psql_drop_user() {
user="$1"
sudo --login --user=postgres dropuser "$user"
}

66
scripts/actions/add_multimedia_directories Executable file
View file

@ -0,0 +1,66 @@
#!/bin/bash
#=================================================
# GENERIC STARTING
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
# RETRIEVE ARGUMENTS
#=================================================
app=$YNH_APP_INSTANCE_NAME
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#=================================================
# CHECK IF ARGUMENTS ARE CORRECT
#=================================================
#=================================================
# DEFINE FUNCTION
#=================================================
# Define a function to execute commands with `occ`
exec_occ() {
(cd "$final_path" && exec_as "$app" \
php$YNH_PHP_VERSION occ --no-interaction --no-ansi "$@")
}
# Define a function to add an external storage
# Create the external storage for the given folders and enable sharing
create_external_storage() {
local datadir="$1"
local mount_name="$2"
local mount_id=`exec_occ files_external:create --output=json \
"$mount_name" 'local' 'null::null' -c "datadir=$datadir" || true`
! [[ $mount_id =~ ^[0-9]+$ ]] \
&& ynh_print_warn --message="Unable to create external storage" \
|| exec_occ files_external:option "$mount_id" enable_sharing true
}
#=================================================
# SPECIFIC ACTION
#=================================================
# YUNOHOST MULTIMEDIA INTEGRATION
#=================================================
ynh_script_progression --message="Updating multimedia directories..." --weight=6
# Build YunoHost multimedia directories
ynh_multimedia_build_main_dir
# Mount the user directory in Nextcloud
exec_occ app:enable files_external
create_external_storage "/home/yunohost.multimedia/\$user" "Multimedia"
create_external_storage "/home/yunohost.multimedia/share" "Shared multimedia"
# Allow nextcloud to write into these directories
ynh_multimedia_addaccess $app
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Execution completed" --last

52
scripts/actions/disable_maintenance Executable file
View file

@ -0,0 +1,52 @@
#!/bin/bash
#=================================================
# GENERIC STARTING
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
# RETRIEVE ARGUMENTS
#=================================================
app=$YNH_APP_INSTANCE_NAME
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#=================================================
# CHECK IF ARGUMENTS ARE CORRECT
#=================================================
#=================================================
# CHECK IF AN ACTION HAS TO BE DONE
#=================================================
# Check the current status of the maintenance mode
if [ "$(grep "maintenance" "$final_path/config/config.php" | awk '{print $3}' | cut -d',' -f1)" != "true" ]
then
ynh_die --message="Nextcloud isn't currently under maintenance." --ret_code=0
fi
#=================================================
# SPECIFIC ACTION
#=================================================
# DISABLE THE MAINTENANCE MODE
#=================================================
ynh_script_progression --message="Disabling maintenance mode..." --weight=3
(
cd "$final_path" && exec_as "$app" \
php$YNH_PHP_VERSION occ --no-interaction --no-ansi maintenance:mode --off
)
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Execution completed" --last

57
scripts/backup
View file

@ -2,18 +2,11 @@
#=================================================
# GENERIC START
#=================================================
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
if [ ! -e _common.sh ]; then
# Get the _common.sh file if it's not in the current directory
cp ../settings/scripts/_common.sh ./_common.sh
chmod a+rx _common.sh
fi
source _common.sh
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
@ -26,39 +19,44 @@ ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
final_path=$(ynh_app_setting_get $app final_path)
domain=$(ynh_app_setting_get $app domain)
db_name=$(ynh_app_setting_get $app db_name)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
domain=$(ynh_app_setting_get --app=$app --key=domain)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
#=================================================
# STANDARD BACKUP STEPS
# DECLARE DATA AND CONF FILES TO BACKUP
#=================================================
ynh_print_info --message="Declaring files to be backed up..."
#=================================================
# BACKUP THE APP MAIN DIR
#=================================================
ynh_backup "$final_path"
ynh_backup --src_path="$final_path"
#=================================================
# BACKUP THE NGINX CONFIGURATION
#=================================================
ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# BACKUP THE PHP-FPM CONFIGURATION
#=================================================
ynh_backup "/etc/php5/fpm/pool.d/$app.conf"
ynh_backup "/etc/php5/fpm/conf.d/20-$app.ini"
ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
#=================================================
# BACKUP THE POSTGRESQL DATABASE
#=================================================
ynh_print_info --message="Backing up the PostgreSQL database..."
ynh_psql_dump_db "$db_name" > db.sql
ynh_psql_dump_db --database="$db_name" > db.sql
#=================================================
# SPECIFIC BACKUP
@ -68,21 +66,28 @@ ynh_psql_dump_db "$db_name" > db.sql
ynh_backup "/etc/logrotate.d/$app"
#=================================================
# BACKUP FAIL2BAN CONFIGURATION
#=================================================
ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
#=================================================
# BACKUP THE CRON FILE
#=================================================
ynh_backup "/etc/cron.d/$app"
ynh_backup --src_path="/etc/cron.d/$app"
#=================================================
# BACKUP THE DATA DIRECTORY
#=================================================
ynh_print_info --message="Backing up data directory..."
backup_core_only=$(ynh_app_setting_get "$app" backup_core_only)
# If backup_core_only have any value in the settings.yml file, do not backup the data directory
if [ -z $backup_core_only ]
then
ynh_backup "/home/yunohost.app/${app}/data"
else
echo "Data dir will not be saved, because backup_core_only is set." >&2
fi
ynh_backup --src_path="/home/yunohost.app/${app}/data" --is_big
#=================================================
# END OF SCRIPT
#=================================================
ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)."

126
scripts/change_url Normal file
View file

@ -0,0 +1,126 @@
#!/bin/bash
#=================================================
# GENERIC STARTING
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# RETRIEVE ARGUMENTS
#=================================================
old_domain=$YNH_APP_OLD_DOMAIN
old_path=$YNH_APP_OLD_PATH
new_domain=$YNH_APP_NEW_DOMAIN
new_path=$YNH_APP_NEW_PATH
app=$YNH_APP_INSTANCE_NAME
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..."
# Needed for helper "ynh_add_nginx_config"
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
#=================================================
# CHECK WHICH PARTS SHOULD BE CHANGED
#=================================================
change_domain=0
if [ "$old_domain" != "$new_domain" ]
then
change_domain=1
fi
change_path=0
if [ "$old_path" != "$new_path" ]
then
change_path=1
fi
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# MODIFY URL IN NGINX CONF
#=================================================
ynh_script_progression --message="Updating NGINX web server configuration..." --weight=2
nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
# Change the path in the NGINX config file
if [ $change_path -eq 1 ]
then
# Make a backup of the original NGINX config file if modified
ynh_backup_if_checksum_is_different --file="$nginx_conf_path"
# Set global variables for NGINX helper
domain="$old_domain"
path_url="$new_path"
# Create a dedicated NGINX config
ynh_add_nginx_config
fi
# Change the domain for NGINX
if [ $change_domain -eq 1 ]
then
# Delete file checksum for the old conf file location
ynh_delete_file_checksum --file="$nginx_conf_path"
mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf
# Store file checksum for the new config file location
ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
fi
#=================================================
# SPECIFIC MODIFICATIONS
#=================================================
ynh_script_progression --message="Applying Nextcloud specific modifications..." --weight=2
# Define a function to execute commands with `occ`
exec_occ() {
(cd "$final_path" && exec_as "$app" \
php${phpversion} occ --no-interaction --no-ansi "$@")
}
if [ $change_domain -eq 1 ]
then
# Change the trusted domain
exec_occ config:system:set trusted_domains 1 --value=$new_domain
# Change hostname for activity notifications
ynh_replace_string --match_string="'overwrite.cli.url' => 'http://${old_domain}'," --replace_string="'overwrite.cli.url' => 'https://${new_domain}'," --target_file="${final_path}/config/config.php"
fi
if [ $change_domain -eq 1 ]
then
# Check if .well-known is available for this domain
if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav"
then
ynh_print_warn --message="Another app already uses the domain $domain to serve a caldav/carddav feature. You may encounter issues when dealing with your calendar or address book."
# Remove lines about .well-known/carddav and caldav with sed.
sed --in-place --regexp-extended '/^location = \/\.well\-known\/(caldav|carddav) \{/,/\}/d' "/etc/nginx/conf.d/$new_domain.d/$app.conf"
ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
fi
fi
#=================================================
# GENERIC FINALISATION
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..."
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Change of URL completed for $app" --last

98
scripts/config Normal file
View file

@ -0,0 +1,98 @@
#!/bin/bash
#=================================================
# GENERIC STARTING
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# RETRIEVE ARGUMENTS
#=================================================
app=$YNH_APP_INSTANCE_NAME
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
#=================================================
# LOAD VALUES
#=================================================
# Load the real value from the app config or elsewhere.
# Then get the value from the form.
# If the form has a value for a variable, take the value from the form,
# Otherwise, keep the value from the app config.
# Footprint for php-fpm
old_fpm_footprint="$(ynh_app_setting_get --app=$app --key=fpm_footprint)"
fpm_footprint="${YNH_CONFIG_MAIN_PHP_FPM_CONFIG_FOOTPRINT:-$old_fpm_footprint}"
# Free footprint value for php-fpm
# Check if fpm_footprint is an integer
if [ "$fpm_footprint" -eq "$fpm_footprint" ] 2> /dev/null
then
# If fpm_footprint is an integer, that's a numeric value for the footprint
old_free_footprint=$fpm_footprint
fpm_footprint=specific
else
old_free_footprint=0
fi
free_footprint="${YNH_CONFIG_MAIN_PHP_FPM_CONFIG_FREE_FOOTPRINT:-$old_free_footprint}"
# Usage for php-fpm
old_fpm_usage="$(ynh_app_setting_get --app=$app --key=fpm_usage)"
fpm_usage="${YNH_CONFIG_MAIN_PHP_FPM_CONFIG_USAGE:-$old_fpm_usage}"
#=================================================
# SHOW_CONFIG FUNCTION FOR 'SHOW' COMMAND
#=================================================
show_config() {
# here you are supposed to read some config file/database/other then print the values
# ynh_return "YNH_CONFIG_${PANEL_ID}_${SECTION_ID}_${OPTION_ID}=value"
ynh_return "YNH_CONFIG_MAIN_PHP_FPM_CONFIG_FOOTPRINT=$fpm_footprint"
ynh_return "YNH_CONFIG_MAIN_PHP_FPM_CONFIG_FREE_FOOTPRINT=$free_footprint"
ynh_return "YNH_CONFIG_MAIN_PHP_FPM_CONFIG_USAGE=$fpm_usage"
}
#=================================================
# MODIFY THE CONFIGURATION
#=================================================
apply_config() {
#=================================================
# RECONFIGURE PHP-FPM
#=================================================
if [ "$fpm_usage" != "$old_fpm_usage" ] || [ "$fpm_footprint" != "$old_fpm_footprint" ] || [ "$free_footprint" != "$old_free_footprint" ]
then
# If fpm_footprint is set to 'specific', use $free_footprint value.
if [ "$fpm_footprint" = "specific" ]
then
fpm_footprint=$free_footprint
fi
if [ "$fpm_footprint" != "0" ]
then
ynh_add_fpm_config --phpversion=$phpversion --usage=$fpm_usage --footprint=$fpm_footprint --package="$extra_php_dependencies"
else
ynh_print_err --message="When selecting 'specific', you have to set a footprint value into the field below."
fi
fi
}
#=================================================
# GENERIC FINALIZATION
#=================================================
# SELECT THE ACTION FOLLOWING THE GIVEN ARGUMENT
#=================================================
case $1 in
show) show_config;;
apply) apply_config;;
esac

223
scripts/install
View file

@ -30,92 +30,98 @@ app=$YNH_APP_INSTANCE_NAME
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
ynh_script_progression --message="Validating installation parameters..."
final_path=/var/www/$app
test ! -e "$final_path" || ynh_die "This path already contains a folder"
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
# Normalize the url path syntax
path_url=$(ynh_normalize_url_path $path_url)
# Check web path availability
ynh_webpath_available $domain $path_url
# Register (book) web path
ynh_webpath_register $app $domain $path_url
ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
ynh_script_progression --message="Storing installation settings..."
ynh_app_setting_set $app domain $domain
ynh_app_setting_set $app path $path_url
ynh_app_setting_set $app admin $admin
ynh_app_setting_set $app user_home $user_home
ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=admin --value=$admin
ynh_app_setting_set --app=$app --key=user_home --value=$user_home
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# INSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Installing dependencies..." --weight=10
ynh_install_app_dependencies $pkg_dependencies
#=================================================
# CREATE A POSTGRESQL DATABASE
#=================================================
ynh_script_progression --message="Creating a PostgreSQL database..." --weight=2
db_name=$(ynh_sanitize_dbid $app)
db_pwd=$(ynh_string_random)
ynh_app_setting_set $app db_name $db_name
ynh_app_setting_set $app db_pwd $db_pwd
db_name=$(ynh_sanitize_dbid --db_name=$app)
ynh_app_setting_set --app=$app --key=db_name --value=$db_name
ynh_psql_test_if_first_run
ynh_psql_create_db $db_name $db_name $db_pwd
ynh_psql_create_db --db_user=$db_name --db_name=$db_name
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_script_progression --message="Setting up source files..."
# Load the last available version
source upgrade.d/upgrade.last.sh
# Create an app.src for the last version of nextcloud
cp ../conf/app.src.default ../conf/app.src
ynh_replace_string "__VERSION__" "$next_version" "../conf/app.src"
ynh_replace_string "__SHA256_SUM__" "$nextcloud_source_sha256" "../conf/app.src"
ynh_replace_string --match_string="__VERSION__" --replace_string="$next_version" --target_file="../conf/app.src"
ynh_replace_string --match_string="__SHA256_SUM__" --replace_string="$nextcloud_source_sha256" --target_file="../conf/app.src"
ynh_app_setting_set $app final_path $final_path
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
# Enable YunoHost patches on Nextcloud sources
cp -a ../sources/patches_last_version/* ../sources/patches
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source "$final_path"
ynh_setup_source --dest_dir="$final_path"
#=================================================
# NGINX CONFIGURATION
#=================================================
# Do not serve .well-known if it's already served on the domain
if is_url_handled "https://${domain}/.well-known/caldav" ; then
sed -ri '/^location = \/\.well\-known\/(caldav|carddav) \{/,/\}/d' \
"../conf/nginx.conf"
fi
# Handle root path, avoid double slash.
# Temporary fix, in waiting for an upgrade of the helper. (#361)
path_url_slash_less=${path_url%/}
ynh_replace_string "__PATH__/" "$path_url_slash_less/" "../conf/nginx.conf"
# Create a dedicated nginx config
ynh_add_nginx_config
# Allow Symlinks for multimedia folder
ynh_replace_string --match_string="protected \$allowSymlinks = false;" --replace_string="protected \$allowSymlinks = true;" --target_file="$final_path/lib/private/Files/Storage/Local.php"
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Configuring system user..." --weight=3
# Create a system user
ynh_system_user_create $app
ynh_system_user_create --username=$app
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring PHP-FPM..." --weight=50
# Create a dedicated php-fpm config
ynh_add_fpm_config
ynh_add_fpm_config --usage=medium --footprint=high --phpversion=$YNH_PHP_VERSION --package="$extra_php_dependencies"
# Used by ynh_add_nginx_config
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring NGINX web server..." --weight=2
# Check if .well-known is available for this domain
if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav"
then
ynh_print_warn --message="Another app already uses the domain $domain to serve a caldav/carddav feature. You may encounter issues when dealing with your calendar or address book."
# Remove lines about .well-known/carddav and caldav with sed.
sed --in-place --regexp-extended '/^location = \/\.well\-known\/(caldav|carddav) \{/,/\}/d' "../conf/nginx.conf"
fi
# Create a dedicated NGINX config
ynh_add_nginx_config
#=================================================
# SPECIFIC SETUP
@ -124,68 +130,97 @@ ynh_add_fpm_config
#=================================================
# Define app's data directory
datadir="/home/yunohost.app/${app}/data"
datadir="/home/yunohost.app/$app/data"
# Create app folders
mkdir -p "$datadir"
#=================================================
# INSTALL NEXTCLOUD
#=================================================
ynh_script_progression --message="Installing Nextcloud..." --weight=30
# Define a function to execute commands with `occ`
exec_occ() {
(cd "$final_path" && exec_as "$app" \
php${phpversion} occ --no-interaction --no-ansi "$@")
}
# Set write access for the following commands
chown -R $app: "$final_path" "$datadir"
# Install Nextcloud using a temporary admin user
exec_occ maintenance:install \
--database "pgsql" --database-name "$db_name" \
--database-user "$db_name" --database-pass "$db_pwd" \
--admin-user "admin" --admin-pass "$(ynh_string_random 6)" \
--database "pgsql" --database-name $db_name \
--database-user $db_name --database-pass "$db_pwd" \
--admin-user "admin" --admin-pass "$(ynh_string_random --length=6)" \
--data-dir "$datadir" \
|| ynh_die "Unable to install Nextcloud"
|| ynh_die --message="Unable to install Nextcloud"
#=================================================
# CONFIGURE NEXTCLOUD
#=================================================
ynh_script_progression --message="Configuring Nextcloud..." --weight=8
# Ensure that UpdateNotification app is disabled
exec_occ app:disable updatenotification
# Enable plugins
# Enable LDAP plugin
exec_occ app:enable user_ldap
exec_occ ldap:create-empty-config
# Load the installation config file in nextcloud
nc_conf="${final_path}/config_install.json"
# Load the installation config file in Nextcloud
nc_conf="$final_path/config_install.json"
cp ../conf/config_install.json "$nc_conf"
ynh_replace_string "#DOMAIN#" "$domain" "$nc_conf"
ynh_replace_string "#DATADIR#" "$datadir" "$nc_conf"
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$nc_conf"
ynh_replace_string --match_string="__DATADIR__" --replace_string="$datadir" --target_file="$nc_conf"
exec_occ config:import "$nc_conf"
# Then remove it
rm -f "$nc_conf"
# Then remove the config file
ynh_secure_remove --file="$nc_conf"
# Load the additional config file (used also for upgrade)
nc_conf="${final_path}/config_install.json"
nc_conf="$final_path/config.json"
cp ../conf/config.json "$nc_conf"
exec_occ config:import "$nc_conf"
# Then remove it
rm -f "$nc_conf"
# Then remove the config file
ynh_secure_remove --file="$nc_conf"
#=================================================
# CHECK THE LDAP CONFIG
#=================================================
# Check LDAP configuration to see if everything worked well
exec_occ ldap:test-config \'\' \
|| ynh_die "An error occured during LDAP configuration"
exec_occ ldap:test-config '' \
|| ynh_die --message="An error occured during LDAP configuration"
#=================================================
# MOUNT HOME FOLDERS AS EXTERNAL STORAGE
#=================================================
# Define a function to add an external storage
# Create the external storage for the given folders and enable sharing
create_external_storage() {
local datadir="$1"
local mount_name="$2"
local mount_id=`exec_occ files_external:create --output=json \
"$mount_name" 'local' 'null::null' -c "datadir=$datadir" || true`
! [[ $mount_id =~ ^[0-9]+$ ]] \
&& ynh_print_warn --message="Unable to create external storage" \
|| exec_occ files_external:option "$mount_id" enable_sharing true
}
# Enable External Storage and create local mount to home folder
if [ $user_home -eq 1 ]; then
if [ $user_home -eq 1 ]
then
exec_occ app:enable files_external
create_external_storage "/home/\$user" "Home"
# Iterate over users to extend their home folder permissions
for u in $(ynh_user_list); do
setfacl --modify g:$app:rwx "/home/$u" || true
done
fi
#=================================================
@ -200,14 +235,20 @@ exec_occ config:system:get logout_url >/dev/null 2>&1 \
\$main_domain = exec('cat /etc/yunohost/current_host');
\$CONFIG['logout_url'] = 'https://'.\$main_domain.'/yunohost/sso/?action=logout';
//-YunoHost-
" >> "${final_path}/config/config.php"
" >> "$final_path/config/config.php"
#=================================================
# CHANGE HOSTNAME FOR ACTIVITY NOTIFICATIONS
#=================================================
ynh_replace_string --match_string="'overwrite.cli.url' => 'http://localhost'," --replace_string="'overwrite.cli.url' => 'https://${domain}'," --target_file="${final_path}/config/config.php"
#=================================================
# REMOVE THE TEMPORARY ADMIN AND SET THE TRUE ONE
#=================================================
# Set the user as admin
ynh_psql_connect_as "$db_name" "$db_pwd" "$db_name" \
ynh_psql_connect_as --user=$db_name --password="$db_pwd" --database=$db_name \
<<< "INSERT INTO oc_group_user VALUES ('admin','$admin');"
# And delete admin user
exec_occ user:delete admin
@ -217,7 +258,7 @@ exec_occ user:delete admin
#=================================================
# Calculate and store the config file checksum into the app settings
ynh_store_file_checksum "${final_path}/config/config.php"
ynh_store_file_checksum --file="$final_path/config/config.php"
#=================================================
# ADD A CRON JOB
@ -228,21 +269,31 @@ cp -a ../conf/nextcloud.cron "$cron_path"
chown root: "$cron_path"
chmod 644 "$cron_path"
ynh_replace_string "#USER#" "$app" "$cron_path"
ynh_replace_string "#DESTDIR#" "$final_path" "$cron_path"
ynh_replace_string --match_string="__USER__" --replace_string="$app" --target_file="$cron_path"
ynh_replace_string --match_string="__DESTDIR__" --replace_string="$final_path" --target_file="$cron_path"
ynh_replace_string --match_string="__YNH_PHP_VERSION__" --replace_string="$phpversion" --target_file="$cron_path"
exec_occ background:cron
#=================================================
# POST-INSTALL MAINTENANCE
#=================================================
exec_occ db:add-missing-indices
exec_occ db:add-missing-columns
exec_occ db:convert-filecache-bigint -n
#=================================================
# CONFIGURE THE HOOK FILE FOR USER CREATE
#=================================================
# Set system group in hooks
ynh_replace_string "#GROUP#" "$app" ../hooks/post_user_create
ynh_replace_string --match_string="__GROUP__" --replace_string="$app" --target_file=../hooks/post_user_create
#=================================================
# YUNOHOST MULTIMEDIA INTEGRATION
#=================================================
ynh_script_progression --message="Adding multimedia directories..." --weight=6
# Build YunoHost multimedia directories
ynh_multimedia_build_main_dir
@ -261,37 +312,47 @@ ynh_multimedia_addaccess $app
# Fix app ownerships & permissions
chown -R $app: "$final_path" "$datadir"
find ${final_path}/ -type f -print0 | xargs -0 chmod 0644
find ${final_path}/ -type d -print0 | xargs -0 chmod 0755
find ${datadir}/ -type f -print0 | xargs -0 chmod 0640
find ${datadir}/ -type d -print0 | xargs -0 chmod 0750
chmod 640 "${final_path}/config/config.php"
find $final_path/ -type f -print0 | xargs -0 chmod 0644
find $final_path/ -type d -print0 | xargs -0 chmod 0755
find $datadir/ -type f -print0 | xargs -0 chmod 0640
find $datadir/ -type d -print0 | xargs -0 chmod 0750
chmod 640 "$final_path/config/config.php"
chmod 755 /home/yunohost.app
# Iterate over users to extend their home folder permissions - for the external
# storage plugin usage - and create relevant Nextcloud directories
for u in $(ynh_user_list); do
mkdir -p "${datadir}/${u}"
setfacl -m g:$app:rwx "/home/$u" || true
done
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Configuring log rotation..."
# Use logrotate to manage application logfile
ynh_use_logrotate "/home/yunohost.app/nextcloud/data/nextcloud.log"
# Use logrotate to manage application logfile(s)
ynh_use_logrotate --logfile="$datadir/nextcloud.log"
#=================================================
# SETUP FAIL2BAN
#=================================================
ynh_script_progression --message="Configuring Fail2Ban..." --weight=8
# Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="/home/yunohost.app/$app/data/nextcloud.log" --failregex="^.*Login failed: '.*' \(Remote IP: '<HOST>'.*$" --max_retry=5
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Configuring SSOwat..."
ynh_app_setting_set $app unprotected_uris "/"
ynh_app_setting_set $app skipped_regex \
"$(sed 's/[\.\-]/\%&/g' <<< $domain)/%.well%-known/.*"
ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
ynh_app_setting_set --app=$app --key=skipped_regex \
--value="$(sed 's/[\.\-]/\%&/g' <<< $domain)/%.well%-known/.*"
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..."
systemctl reload nginx
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Installation of $app completed" --last

43
scripts/remove
View file

@ -12,18 +12,20 @@ source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=2
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get $app domain)
db_name=$(ynh_app_setting_get $app db_name)
final_path=$(ynh_app_setting_get $app final_path)
domain=$(ynh_app_setting_get --app=$app --key=domain)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#=================================================
# STANDARD REMOVE
#=================================================
# REMOVE DEPENDENCIES
#=================================================
ynh_script_progression --message="Removing dependencies..." --weight=20
# Remove metapackage and its dependencies
ynh_remove_app_dependencies
@ -31,38 +33,51 @@ ynh_remove_app_dependencies
#=================================================
# REMOVE THE POSTGRESQL DATABASE
#=================================================
ynh_script_progression --message="Removing the PostgreSQL database..." --weight=5
# Remove a database if it exists, along with the associated user
ynh_psql_remove_db $db_name $db_name
ynh_psql_remove_db --db_user=$db_name --db_name=$db_name
#=================================================
# REMOVE APP MAIN DIR
#=================================================
ynh_script_progression --message="Removing app main directory..." --weight=3
# Remove the app directory securely
ynh_secure_remove "$final_path"
ynh_secure_remove --file="$final_path"
#=================================================
# REMOVE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Removing NGINX web server configuration..."
# Remove the dedicated nginx config
# Remove the dedicated NGINX config
ynh_remove_nginx_config
#=================================================
# REMOVE PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Removing PHP-FPM configuration..." --weight=2
# Remove the dedicated php-fpm config
# Remove the dedicated PHP-FPM config
ynh_remove_fpm_config
#=================================================
# REMOVE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Removing logrotate configuration..."
# Remove the app-specific logrotate config
ynh_remove_logrotate
#=================================================
# REMOVE FAIL2BAN CONFIGURATION
#=================================================
ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=8
# Remove the dedicated Fail2Ban config
ynh_remove_fail2ban_config
#=================================================
# SPECIFIC REMOVE
#=================================================
@ -71,15 +86,16 @@ ynh_remove_logrotate
# Remove a cron file
# TODO: Ensure that cron job is not running (How !?)
ynh_secure_remove "/etc/cron.d/$app"
ynh_secure_remove --file="/etc/cron.d/$app"
#=================================================
# CLEAN ACL IN HOME DIRECTORIES
#=================================================
for i in $(ls /home); do
# Clean ACL in every directories in /home, except those which start with 'yunohost.'
[[ ! $i == yunohost.* ]] \
&& setfacl -x g:$app:rwx 2>&1
&& setfacl --remove g:$app:rwx 2>&1
done
#=================================================
@ -87,6 +103,13 @@ done
#=================================================
# REMOVE DEDICATED USER
#=================================================
ynh_script_progression --message="Removing the dedicated system user..."
# Delete a system user
ynh_system_user_delete $app
ynh_system_user_delete --username=$app
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Removal of $app completed" --last

130
scripts/restore
View file

@ -2,18 +2,11 @@
#=================================================
# GENERIC START
#=================================================
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
if [ ! -e _common.sh ]; then
# Get the _common.sh file if it's not in the current directory
cp ../settings/scripts/_common.sh ./_common.sh
chmod a+rx _common.sh
fi
source _common.sh
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
@ -26,23 +19,28 @@ ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading settings..."
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get $app domain)
path_url=$(ynh_app_setting_get $app path)
final_path=$(ynh_app_setting_get $app final_path)
db_name=$(ynh_app_setting_get $app db_name)
db_pwd=$(ynh_app_setting_get $app db_pwd)
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
fpm_footprint=$(ynh_app_setting_get --app=$app --key=fpm_footprint)
fpm_usage=$(ynh_app_setting_get --app=$app --key=fpm_usage)
#=================================================
# CHECK IF THE APP CAN BE RESTORED
#=================================================
ynh_script_progression --message="Validating restoration parameters..." --weight=4
ynh_webpath_available $domain $path_url \
|| ynh_die "Path not available: ${domain}${path_url}"
ynh_webpath_available --domain=$domain --path_url=$path_url \
|| ynh_die --message="Path not available: ${domain}${path_url}"
test ! -d $final_path \
|| ynh_die "There is already a directory: $final_path "
|| ynh_die --message="There is already a directory: $final_path "
#=================================================
# STANDARD RESTORATION STEPS
@ -50,75 +48,87 @@ test ! -d $final_path \
# RESTORE THE NGINX CONFIGURATION
#=================================================
ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
# Check if .well-known is available for this domain
if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav"
then
ynh_print_warn --message="Another app already uses the domain $domain to serve a caldav/carddav feature. You may encounter issues when dealing with your calendar or address book."
# Remove lines about .well-known/carddav and caldav with sed.
sed --in-place --regexp-extended '/^location = \/\.well\-known\/(caldav|carddav) \{/,/\}/d' "/etc/nginx/conf.d/$domain.d/$app.conf"
fi
#=================================================
# RESTORE THE APP MAIN DIR
#=================================================
ynh_script_progression --message="Restoring the app main directory..."
ynh_restore_file "$final_path"
ynh_restore_file --origin_path="$final_path"
#=================================================
# RESTORE THE POSTGRESQL DATABASE
#=================================================
ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=9
ynh_psql_test_if_first_run
ynh_psql_setup_db "$db_name" "$db_name" "$db_pwd"
db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
ynh_psql_setup_db --db_user=$db_name --db_name=$db_name --db_pwd=$db_pwd
# Restore dump
ynh_psql_execute_file_as_root ./db.sql "$db_name"
ynh_psql_connect_as --user=$db_name --password=$db_pwd --database=$db_name < ./db.sql
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
ynh_script_progression --message="Recreating the dedicated system user..." --weight=3
# Create the dedicated user (if not existing)
ynh_system_user_create $app
#=================================================
# RESTORE THE PHP-FPM CONFIGURATION
#=================================================
ynh_restore_file "/etc/php5/fpm/pool.d/$app.conf"
ynh_restore_file "/etc/php5/fpm/conf.d/20-$app.ini"
ynh_system_user_create --username=$app
#=================================================
# SPECIFIC RESTORATION
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Reinstalling dependencies..." --weight=10
# Define and install dependencies
ynh_install_app_dependencies $pkg_dependencies
#=================================================
# RESTORE THE PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Reconfiguring PHP-FPM..." --weight=50
# Restore the file first, so it can have a backup if different
ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
# Recreate a dedicated php-fpm config
ynh_add_fpm_config --usage=$fpm_usage --footprint=$fpm_footprint --phpversion=$phpversion --package="$extra_php_dependencies"
#=================================================
# RESTORE THE CRON FILE
#=================================================
ynh_restore_file "/etc/cron.d/$app"
ynh_restore_file --origin_path="/etc/cron.d/$app"
#=================================================
# BACKUP THE LOGROTATE CONFIGURATION
#=================================================
ynh_restore_file "/etc/logrotate.d/$app"
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
#=================================================
# RESTORE THE DATA DIRECTORY
#=================================================
ynh_script_progression --message="Restoring data directory..." --weight=2
datadir="/home/yunohost.app/${app}/data"
datadir="/home/yunohost.app/$app/data"
# The data directory will be restored only if it exists in the backup archive
# So only if it was backup previously.
if [ -d "$YNH_BACKUP_DIR/apps/$app/backup/home/yunohost.app/$app" ]
then
ynh_restore_file "$datadir"
else
# Create app folders
mkdir -p "$datadir"
fi
# Remove the option backup_core_only if it's in the settings.yml file
ynh_app_setting_delete $app backup_core_only
# Use --not_mandatory for the data directory, because if the backup has been made with BACKUP_CORE_ONLY, there's no data into the backup.
ynh_restore_file --origin_path="$datadir" --not_mandatory
mkdir -p "$datadir"
#=================================================
# RESTORE USER RIGHTS
@ -126,30 +136,54 @@ ynh_app_setting_delete $app backup_core_only
# Fix app ownerships & permissions
chown -R $app: "$final_path" "$datadir"
chmod 640 "${final_path}/config/config.php"
chmod 640 "$final_path/config/config.php"
chmod 755 /home/yunohost.app
# Iterate over users to extend their home folder permissions - for the external
# storage plugin usage - and create relevant Nextcloud directories
for u in $(ynh_user_list); do
mkdir -p "${datadir}/${u}"
setfacl -m g:$app:rwx "/home/$u" || true
mkdir -p "$datadir/$u"
setfacl --modify g:$app:rwx "/home/$u" || true
done
#=================================================
# YUNOHOST MULTIMEDIA INTEGRATION
#=================================================
ynh_script_progression --message="Adding multimedia directories..." --weight=4
# Build YunoHost multimedia directories
ynh_multimedia_build_main_dir
# Allow nextcloud to write into these directories
ynh_multimedia_addaccess $app
#=================================================
# RESTORE THE FAIL2BAN CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the Fail2Ban configuration..." --weight=7
ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf"
ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf"
# Make sure a log file exists (mostly for CI tests)
logfile="/home/yunohost.app/$app/data/nextcloud.log"
if [ ! -f "$logfile" ]; then
touch "$logfile"
chown $app: "$logfile"
fi
ynh_systemd_action --action=restart --service_name=fail2ban
#=================================================
# GENERIC FINALIZATION
#=================================================
# RELOAD NGINX AND PHP-FPM
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..."
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================
systemctl reload php5-fpm
systemctl reload nginx
ynh_script_progression --message="Restoration completed for $app" --last

522
scripts/upgrade
View file

@ -12,39 +12,66 @@ source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=3
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get $app domain)
path_url=$(ynh_app_setting_get $app path)
admin=$(ynh_app_setting_get $app admin)
final_path=$(ynh_app_setting_get $app final_path)
db_name=$(ynh_app_setting_get $app db_name)
user_home=$(ynh_app_setting_get $app user_home)
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
admin=$(ynh_app_setting_get --app=$app --key=admin)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
user_home=$(ynh_app_setting_get --app=$app --key=user_home)
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
fpm_footprint=$(ynh_app_setting_get --app=$app --key=fpm_footprint)
fpm_usage=$(ynh_app_setting_get --app=$app --key=fpm_usage)
#=================================================
# CHECK VERSION
#=================================================
upgrade_type=$(ynh_check_app_version_changed)
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
ynh_script_progression --message="Ensuring downward compatibility..."
# If db_name doesn't exist, create it
if [ -z $db_name ]; then
db_name=$(ynh_sanitize_dbid $app)
ynh_app_setting_set $app db_name $db_name
if [ -z "$db_name" ]; then
db_name=$(ynh_sanitize_dbid --db_name=$app)
ynh_app_setting_set --app=$app --key=db_name --value=$db_name
fi
# If final_path doesn't exist, create it
if [ -z $final_path ]; then
if [ -z "$final_path" ]; then
final_path=/var/www/$app
ynh_app_setting_set $app final_path $final_path
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
fi
# Remove the option backup_core_only if it's in the settings.yml file
ynh_app_setting_delete --app=$app --key=backup_core_only
# If fpm_footprint doesn't exist, create it
if [ -z "$fpm_footprint" ]; then
fpm_footprint=high
ynh_app_setting_set --app=$app --key=fpm_footprint --value=$fpm_footprint
fi
# If fpm_usage doesn't exist, create it
if [ -z "$fpm_usage" ]; then
fpm_usage=medium
ynh_app_setting_set --app=$app --key=fpm_usage --value=$fpm_usage
fi
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=30
# Made a backup only after the version 11.0.0
# Before, the datas will be always saved.
# Get the current version number of nextcloud/owncloud
current_version=$(grep OC_VersionString "$final_path/version.php" | cut -d\' -f2)
current_major_version=${current_version%%.*}
@ -52,20 +79,25 @@ current_major_version=${current_version%%.*}
if [ $current_major_version -gt 11 ]
then
# Inform the backup/restore process that it should not save the data directory
ynh_app_setting_set $app backup_core_only 1
# Use only for the previous backup script that doesn't set 'is_big'
ynh_app_setting_set --app=$app --key=backup_core_only --value=1
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
# Remove the post migration script before its execution !
ynh_secure_remove "/tmp/owncloud_post_migration.sh" 2>&1
# restore it if the upgrade fails
ynh_restore_upgradebackup
# Remove the option backup_core_only after the backup.
ynh_app_setting_delete $app backup_core_only
ynh_clean_setup () {
# Remove the post migration script before its execution !
ynh_exec_warn_less ynh_secure_remove --file="/tmp/owncloud_post_migration.sh"
# restore it if the upgrade fails
ynh_restore_upgradebackup
}
fi
# Exit if an error occurs during the script execution
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
@ -75,10 +107,10 @@ ynh_abort_if_errors
ynh_handle_app_migration "owncloud" "owncloud_migration"
if [ $migration_process -eq 1 ]
then
# If a migration has been perform
# If a migration has been performed
# Reload some values changed by the migration process
final_path=$(ynh_app_setting_get $app final_path)
db_name=$(ynh_app_setting_get $app db_name)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
# Remove the old fake package for owncloud.
# Its name is specific, so the migration process can't remove it
@ -94,54 +126,73 @@ then
fi
#=================================================
# CHECK THE PATH
# UPGRADE DEPENDENCIES
#=================================================
ynh_script_progression --message="Upgrading dependencies..." --weight=7
# Normalize the URL path syntax
path_url=$(ynh_normalize_url_path $path_url)
ynh_install_app_dependencies $pkg_dependencies
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# NGINX CONFIGURATION
#=================================================
# Delete current nginx configuration to be able to check if .well-known is already served.
ynh_remove_nginx_config
ynh_app_setting_delete $app "checksum__etc_nginx_conf.d_$domain.d_$app.conf" || true
# Do not serve .well-known if it's already served on the domain
if is_url_handled "https://${domain}/.well-known/caldav" ; then
sed -ri '/^location = \/\.well\-known\/(caldav|carddav) \{/,/\}/d' \
"../conf/nginx.conf"
fi
# Handle root path, avoid double slash.
# Temporary fix, in waiting for an upgrade of the helper. (#361)
path_url_slash_less=${path_url%/}
ynh_replace_string "__PATH__/" "$path_url_slash_less/" "../conf/nginx.conf"
# Create a dedicated nginx config
ynh_add_nginx_config
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..."
# Create a system user
ynh_system_user_create $app
# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=2
# Create a dedicated php-fpm config
ynh_add_fpm_config
# If php has changed, remove the old fpm config file
if [ "$phpversion" != $YNH_PHP_VERSION ]
then
ynh_backup_if_checksum_is_different --file="/etc/php/$phpversion/fpm/pool.d/$app.conf"
ynh_secure_remove --file="/etc/php/$phpversion/fpm/pool.d/$app.conf"
if [ -f /etc/php/$phpversion/fpm/conf.d/20-$app.ini ]; then
ynh_secure_remove --file="/etc/php/$phpversion/fpm/conf.d/20-$app.ini"
fi
ynh_systemd_action --service_name="php${phpversion}-fpm" --action=reload
phpversion="$YNH_PHP_VERSION"
fi
# Recreate a dedicated PHP-FPM config
ynh_add_fpm_config --phpversion=$phpversion --usage=$fpm_usage --footprint=$fpm_footprint --package="$extra_php_dependencies"
# Delete existing ini configuration file (backward compatibility)
if [ -f /etc/php/$phpversion/fpm/conf.d/20-$app.ini ]; then
ynh_secure_remove --file=/etc/php/$phpversion/fpm/conf.d/20-$app.ini
fi
#=================================================
# UPGRADE DEPENDENCIES
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=2
ynh_install_app_dependencies $pkg_dependencies
ynh_backup_if_checksum_is_different --file="/etc/nginx/conf.d/$domain.d/$app.conf"
# Delete current NGINX configuration to be able to check if .well-known is already served.
ynh_remove_nginx_config
ynh_app_setting_delete --app=$app --key="checksum__etc_nginx_conf.d_$domain.d_$app.conf"
# Wait untils NGINX has fully reloaded
ynh_systemd_action --service_name=nginx --action=reload --line_match="Reloaded" --log_path="systemd"
# Check if .well-known is available for this domain
if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav"
then
ynh_print_warn --message="Another app already uses the domain $domain to serve a caldav/carddav feature. You may encounter issues when dealing with your calendar or address book."
# Remove lines about .well-known/carddav and caldav with sed.
sed --in-place --regexp-extended '/^location = \/\.well\-known\/(caldav|carddav) \{/,/\}/d' "../conf/nginx.conf"
fi
# Create a dedicated NGINX config
ynh_add_nginx_config
#=================================================
# SPECIFIC UPGRADE
@ -150,136 +201,207 @@ ynh_install_app_dependencies $pkg_dependencies
# VERSION TO THE NEXT ONE
#=================================================
# Load the last available version
source upgrade.d/upgrade.last.sh
last_version=$next_version
# Define app's data directory
datadir="/home/yunohost.app/${app}/data"
# Set write access for the following commands
chown -R $app: "$final_path" "$datadir"
# Print the current version number of nextcloud
exec_occ -V
# While the current version is not the last version, do an upgrade
while [ "$last_version" != "$current_version" ]
do
# The major version is the first part of the version number
# major_version=${next_version%%.*}
major_version=${last_version%%.*}
current_major_version=${current_version%%.*}
# If the current version has the same major version than the next one,
# then it's the last upgrade to do
if [ "$major_version" -eq "$current_major_version" ]; then
current_major_version=last
# Define a function to execute commands with `occ`
exec_occ() {
# Backward compatibility to upgrade from NC14 or older version
if [ $current_major_version = "last" ] || [ $current_major_version -ge 15 ]
then
NEXTCLOUD_PHP_VERSION=$phpversion
else
NEXTCLOUD_PHP_VERSION="7.0"
fi
(cd "$final_path" && exec_as "$app" \
php$NEXTCLOUD_PHP_VERSION occ --no-interaction --no-ansi "$@")
}
# Load the value for this version
source upgrade.d/upgrade.$current_major_version.sh
# Define a function to add an external storage
# Create the external storage for the given folders and enable sharing
create_external_storage() {
local datadir="$1"
local mount_name="$2"
local mount_id=$(exec_occ files_external:create --output=json \
"$mount_name" 'local' 'null::null' -c "datadir=$datadir" || true)
! [[ $mount_id =~ ^[0-9]+$ ]] \
&& ynh_print_warn --message="Unable to create external storage" \
|| exec_occ files_external:option "$mount_id" enable_sharing true
}
# Define app's data directory
datadir="/home/yunohost.app/$app/data"
echo -e "\nUpgrade to nextcloud $next_version" >&2
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
ynh_script_progression --message="Upgrading Nextcloud..." --weight=3
# Create an app.src for this version of nextcloud
cp ../conf/app.src.default ../conf/app.src
ynh_replace_string "__VERSION__" "$next_version" "../conf/app.src"
ynh_replace_string "__SHA256_SUM__" "$nextcloud_source_sha256" "../conf/app.src"
# Load the last available version
source upgrade.d/upgrade.last.sh
last_version=$next_version
# Create a temporary directory
tmpdir=$(mktemp -d)
# Install the next nextcloud version in $tmpdir
ynh_setup_source "$tmpdir"
# Enable maintenance mode
exec_occ maintenance:mode --on
# Backup the config file in the temp dir
cp -a "$final_path/config/config.php" "$tmpdir/config/config.php"
# Backup 3rd party applications from the current nextcloud
# But do not overwrite if there is any upgrade
cp -a --update "$final_path/apps" "$tmpdir/apps"
# Replace the old nextcloud by the new one
ynh_secure_remove "$final_path"
mv "$tmpdir" "$final_path"
last_major_version=${last_version%%.*}
# Set write access for the following commands
chown -R $app: "$final_path" "$datadir"
# Upgrade Nextcloud (SUCCESS = 0, UP_TO_DATE = 3)
exec_occ maintenance:mode --off
exec_occ upgrade \
|| ([[ $? -eq 3 ]] || ynh_die "Unable to upgrade Nextcloud")
# Get the new current version number
current_version=$(grep OC_VersionString "$final_path/version.php" | cut -d\' -f2)
current_major_version=${current_version%%.*}
# Print the current version number of nextcloud
# Print the current version number of Nextcloud
exec_occ -V
done
#=================================================
# CONFIGURE NEXTCLOUD
#=================================================
# While the current version is not the last version, do an upgrade
while [ "$last_version" != "$current_version" ]
do
# Verify the checksum and backup the file if it's different
ynh_backup_if_checksum_is_different "${final_path}/config/config.php"
# The major version is the first part of the version number
current_major_version=${current_version%%.*}
nc_conf="${final_path}/config.json"
cp ../conf/config.json "$nc_conf"
ynh_replace_string "#DOMAIN#" "$domain" "$nc_conf"
ynh_replace_string "#DATADIR#" "$datadir" "$nc_conf"
if [ ! -f upgrade.d/upgrade.$current_major_version.sh ]; then
source upgrade.d/upgrade.last.sh
else
source upgrade.d/upgrade.$current_major_version.sh
fi
# Ensure that UpdateNotification app is disabled
exec_occ app:disable updatenotification
# If the current version has the same major version than the next one,
# then it's the last upgrade to do
# We also cover the case where the last version is the first of the current major version series
# (e.g. 20.0.0 is the latest version)
if [[ ("$last_major_version" -eq "$current_major_version") || ( ("$last_major_version" -eq "$((current_major_version+1))") && ("$next_version" == "$last_version") ) ]]; then
current_major_version=last
# Enable YunoHost patches on Nextcloud sources
cp -a ../sources/patches_last_version/* ../sources/patches
fi
# Enable plugins
exec_occ app:enable user_ldap
# Load the value for this version
source upgrade.d/upgrade.$current_major_version.sh
# Load the config file in nextcloud
exec_occ config:import "$nc_conf"
# Then remove it
rm -f "$nc_conf"
ynh_print_info --message="Upgrade to nextcloud $next_version"
#=================================================
# ALLOW USERS TO DISCONNECT FROM NEXTCLOUD
#=================================================
# Create an app.src for this version of Nextcloud
cp ../conf/app.src.default ../conf/app.src
ynh_replace_string --match_string="__VERSION__" --replace_string="$next_version" --target_file="../conf/app.src"
ynh_replace_string --match_string="__SHA256_SUM__" --replace_string="$nextcloud_source_sha256" --target_file="../conf/app.src"
# Add dynamic logout URL to the config
exec_occ config:system:get logout_url >/dev/null 2>&1 \
|| echo "
//-YunoHost-
// set logout_url according to main domain
\$main_domain = exec('cat /etc/yunohost/current_host');
\$CONFIG['logout_url'] = 'https://'.\$main_domain.'/yunohost/sso/?action=logout';
//-YunoHost-
" >> "${final_path}/config/config.php"
# Create a temporary directory
tmpdir="$(ynh_smart_mktemp min_size=300)"
#=================================================
# MOUNT HOME FOLDERS AS EXTERNAL STORAGE
#=================================================
# Install the next nextcloud version in $tmpdir
ynh_setup_source --dest_dir="$tmpdir"
# Enable External Storage and create local mount to home folder as needed
if [ $user_home -eq 1 ]; then
exec_occ app:enable files_external
exec_occ files_external:list --output=json \
| grep -q '"storage":"\\\\OC\\\\Files\\\\Storage\\\\Local"' \
|| create_external_storage "/home/\$user" "Home"
# Allow Symlinks for multimedia folder
ynh_replace_string --match_string="protected \$allowSymlinks = false;" --replace_string="protected \$allowSymlinks = true;" --target_file="$tmpdir/lib/private/Files/Storage/Local.php"
# Enable maintenance mode
exec_occ maintenance:mode --on
# Backup the config file in the temp dir
cp -a "$final_path/config/config.php" "$tmpdir/config/config.php"
# Backup 3rd party applications from the current Nextcloud
# But do not overwrite if there is any upgrade
# (apps directory already exists in Nextcloud archive)
(
cd $final_path/apps
for nc_app_dir in */
do
if [ ! -d "$tmpdir/apps/$nc_app_dir" ]
then
cp -a "$nc_app_dir" "$tmpdir/apps/$nc_app_dir"
fi
done
)
# Replace the old nextcloud by the new one
ynh_secure_remove --file="$final_path"
mv "$tmpdir" "$final_path"
ynh_secure_remove --file="$tmpdir"
# Set write access for the following commands
chown -R $app: "$final_path" "$datadir"
# Upgrade Nextcloud (SUCCESS = 0, UP_TO_DATE = 3)
exec_occ maintenance:mode --off
exec_occ upgrade \
|| [ $? -eq 3 ] || ynh_die --message="Unable to upgrade Nextcloud"
# Get the new current version number
current_version=$(grep OC_VersionString "$final_path/version.php" | cut -d\' -f2)
current_major_version=${current_version%%.*}
# Print the current version number of nextcloud
exec_occ -V
done
exec_occ db:add-missing-indices -n
exec_occ db:add-missing-columns -n
exec_occ db:add-missing-primary-keys -n
exec_occ db:convert-filecache-bigint -n
#=================================================
# CONFIGURE NEXTCLOUD
#=================================================
ynh_script_progression --message="Reconfiguring Nextcloud..." --weight=9
# Verify the checksum and backup the file if it's different
ynh_backup_if_checksum_is_different --file="$final_path/config/config.php"
nc_conf="${final_path}/config.json"
cp ../conf/config.json "$nc_conf"
ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$nc_conf"
ynh_replace_string --match_string="__DATADIR__" --replace_string="$datadir" --target_file="$nc_conf"
# Ensure that UpdateNotification app is disabled
exec_occ app:disable updatenotification
# Enable LDAP plugin
exec_occ app:enable user_ldap
# Load the config file in nextcloud
exec_occ config:import "$nc_conf"
# Then remove the config file
ynh_secure_remove --file="$nc_conf"
#=================================================
# ALLOW USERS TO DISCONNECT FROM NEXTCLOUD
#=================================================
# Add dynamic logout URL to the config
exec_occ config:system:get logout_url >/dev/null 2>&1 \
|| echo "
//-YunoHost-
// set logout_url according to main domain
\$main_domain = exec('cat /etc/yunohost/current_host');
\$CONFIG['logout_url'] = 'https://'.\$main_domain.'/yunohost/sso/?action=logout';
//-YunoHost-
" >> "$final_path/config/config.php"
#=================================================
# CHANGE HOSTNAME FOR ACTIVITY NOTIFICATIONS
#=================================================
ynh_replace_string --match_string="'overwrite.cli.url' => 'http://localhost'," --replace_string="'overwrite.cli.url' => 'https://${domain}'," --target_file="${final_path}/config/config.php"
#=================================================
# MOUNT HOME FOLDERS AS EXTERNAL STORAGE
#=================================================
# Enable External Storage and create local mount to home folder as needed
if [ $user_home -eq 1 ]; then
exec_occ app:enable files_external
exec_occ files_external:list --output=json \
| grep -q '"storage":"\\\\OC\\\\Files\\\\Storage\\\\Local"' \
|| create_external_storage "/home/\$user" "Home"
# Iterate over users to extend their home folder permissions
for u in $(ynh_user_list); do
setfacl --modify g:$app:rwx "/home/$u" || true
done
fi
#=================================================
# STORE THE CHECKSUM OF THE CONFIG FILE
#=================================================
# Calculate and store the config file checksum into the app settings
ynh_store_file_checksum --file="${final_path}/config/config.php"
fi
#=================================================
# STORE THE CHECKSUM OF THE CONFIG FILE
#=================================================
# Calculate and store the config file checksum into the app settings
ynh_store_file_checksum "${final_path}/config/config.php"
#=================================================
# UPDATE THE CRON JOB
#=================================================
@ -289,8 +411,9 @@ cp -a ../conf/nextcloud.cron "$cron_path"
chown root: "$cron_path"
chmod 644 "$cron_path"
ynh_replace_string "#USER#" "$app" "$cron_path"
ynh_replace_string "#DESTDIR#" "$final_path" "$cron_path"
ynh_replace_string --match_string="__USER__" --replace_string="$app" --target_file="$cron_path"
ynh_replace_string --match_string="__DESTDIR__" --replace_string="$final_path" --target_file="$cron_path"
ynh_replace_string --match_string="__YNH_PHP_VERSION__" --replace_string="$phpversion" --target_file="$cron_path"
exec_occ background:cron
@ -299,20 +422,7 @@ exec_occ background:cron
#=================================================
# Set system group in hooks
ynh_replace_string "#GROUP#" "$app" ../hooks/post_user_create
#=================================================
# YUNOHOST MULTIMEDIA INTEGRATION
#=================================================
# Build YunoHost multimedia directories
ynh_multimedia_build_main_dir
# Mount the user directory in Nextcloud
exec_occ app:enable files_external
create_external_storage "/home/yunohost.multimedia/\$user" "Multimedia"
create_external_storage "/home/yunohost.multimedia/share" "Shared multimedia"
# Allow nextcloud to write into these directories
ynh_multimedia_addaccess $app
ynh_replace_string --match_string="__GROUP__" --replace_string="$app" --target_file=../hooks/post_user_create
#=================================================
# GENERIC FINALIZATION
@ -322,50 +432,58 @@ ynh_multimedia_addaccess $app
# Fix app ownerships & permissions
chown -R $app: "$final_path" "$datadir"
find ${final_path}/ -type f -print0 | xargs -0 chmod 0644
find ${final_path}/ -type d -print0 | xargs -0 chmod 0755
find ${datadir}/ -type f -print0 | xargs -0 chmod 0640
find ${datadir}/ -type d -print0 | xargs -0 chmod 0750
chmod 640 "${final_path}/config/config.php"
find $final_path/ -type f -print0 | xargs -0 chmod 0644
find $final_path/ -type d -print0 | xargs -0 chmod 0755
find $datadir/ -type f -print0 | xargs -0 chmod 0640
find $datadir/ -type d -print0 | xargs -0 chmod 0750
chmod 640 "$final_path/config/config.php"
chmod 755 /home/yunohost.app
# Iterate over users to extend their home folder permissions - for the external
# storage plugin usage - and create relevant Nextcloud directories
for u in $(ynh_user_list); do
mkdir -p "${datadir}/${u}"
setfacl -m g:$app:rwx "/home/$u" || true
done
#=================================================
# WARNING ABOUT THIRD-PARTY APPS
#=================================================
# Warn about possible disabled apps
echo "Note that if you've installed some third-parties Nextcloud applications, \
they are probably disabled and you'll have to manually enable them again." >&2
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
# Warn about possible disabled apps
ynh_print_warn --message="Note that if you've installed some third-parties Nextcloud applications, \
they are probably disabled and you'll have to manually enable them again."
fi
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Upgrading logrotate configuration..."
# Use logrotate to manage app-specific logfile(s)
ynh_use_logrotate --non-append
#=================================================
# SETUP FAIL2BAN
#=================================================
ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=7
# Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="/home/yunohost.app/$app/data/nextcloud.log" --failregex="^.*Login failed: '.*' \(Remote IP: '<HOST>'.*$" --max_retry=5
#=================================================
# GENERIC FINALIZATION
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Upgrading SSOwat configuration..." --weight=2
ynh_app_setting_set $app unprotected_uris "/"
ynh_app_setting_set $app skipped_regex \
"$(sed 's/[\.\-]/\%&/g' <<< $domain)/%.well%-known/.*"
ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
ynh_app_setting_set --app=$app --key=skipped_regex \
--value="$(sed 's/[\.\-]/\%&/g' <<< $domain)/%.well%-known/.*"
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..."
systemctl reload nginx
ynh_systemd_action --service_name=nginx --action=reload
ynh_systemd_action --service_name="php${phpversion}-fpm" --action=reload
#=================================================
# FINISH MIGRATION PROCESS
@ -373,17 +491,23 @@ systemctl reload nginx
if [ $migration_process -eq 1 ]
then
echo "ownCloud has been successfully migrated to Nextcloud! \
ynh_print_info --message="ownCloud has been successfully migrated to Nextcloud! \
A last scheduled operation will run in a couple of minutes to finish the \
migration in YunoHost side. Do not proceed any application operation while \
you don't see Nextcloud as installed." >&2
you don't see Nextcloud as installed."
# Execute a post migration script after the end of this upgrade.
# Mainly for some cleaning
script_post_migration=owncloud_post_migration.sh
ynh_replace_string "__OLD_APP__" "$old_app" ../conf/$script_post_migration
ynh_replace_string "__NEW_APP__" "$app" ../conf/$script_post_migration
ynh_replace_string --match_string="__OLD_APP__" --replace_string="$old_app" --target_file=../conf/$script_post_migration
ynh_replace_string --match_string="__NEW_APP__" --replace_string="$app" --target_file=../conf/$script_post_migration
cp ../conf/$script_post_migration /tmp
chmod +x /tmp/$script_post_migration
(cd /tmp; echo "/tmp/$script_post_migration > /tmp/$script_post_migration.log 2>&1" | at now + 2 minutes)
fi
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Upgrade of $app completed" --last

7
scripts/upgrade.d/upgrade.13.sh Normal file
View file

@ -0,0 +1,7 @@
#!/bin/bash
# Last available nextcloud version
next_version="14.0.0"
# Nextcloud tarball checksum sha256
nextcloud_source_sha256="f965c14286e7aabbfe49c947d86af59597af302c35d10e0b5440e7e6c53b8f47"

7
scripts/upgrade.d/upgrade.14.sh Executable file
View file

@ -0,0 +1,7 @@
#!/bin/bash
# Last available nextcloud version
next_version="15.0.0"
# Nextcloud tarball checksum sha256
nextcloud_source_sha256="5bb0c58171353da844019b64080c21078002a59ab956ab72adb958844a98eb78"

7
scripts/upgrade.d/upgrade.15.sh Normal file
View file

@ -0,0 +1,7 @@
#!/bin/bash
# Last available nextcloud version
next_version="16.0.0"
# Nextcloud tarball checksum sha256
nextcloud_source_sha256="4532f7028b1d9bf060f75ac4fbbde52a59ecd9c9155f3178a038d3cf3609402e"

7
scripts/upgrade.d/upgrade.16.sh Executable file
View file

@ -0,0 +1,7 @@
#!/bin/bash
# Last available nextcloud version
next_version="17.0.0"
# Nextcloud tarball checksum sha256
nextcloud_source_sha256="6081421b33ecdb3130b2bfb2293a3f4045aeb0b471ee570e675de3d931a142a6"

7
scripts/upgrade.d/upgrade.17.sh Executable file
View file

@ -0,0 +1,7 @@
#!/bin/bash
# Last available nextcloud version
next_version="18.0.0"
# Nextcloud tarball checksum sha256
nextcloud_source_sha256="194095a5586d84040bc455f77b8aa6c80f9a6a6dd713c9aebdad046713d4267b"

7
scripts/upgrade.d/upgrade.18.sh Normal file
View file

@ -0,0 +1,7 @@
#!/bin/bash
# Last available nextcloud version
next_version="19.0.0"
# Nextcloud tarball checksum sha256
nextcloud_source_sha256="d23d429657c5e3476d7e73af1eafc70e42a81cfe2ed65b20655a005724fe0aae"

7
scripts/upgrade.d/upgrade.19.sh Normal file
View file

@ -0,0 +1,7 @@
#!/bin/bash
# Last available nextcloud version
next_version="20.0.0"
# Nextcloud tarball checksum sha256
nextcloud_source_sha256="a273e0151f68567f729d9a82a7e3f124ff0f0471aa17bae6bfd83c5362d84cd8"

10
scripts/upgrade.d/upgrade.last.sh
View file

@ -1,11 +1,7 @@
#!/bin/bash
# Last available nextcloud version
next_version="13.0.2"
# Last available Nextcloud version
next_version="20.0.4"
# Nextcloud tarball checksum sha256
nextcloud_source_sha256="7396f98a1a53a9f4b144f55360d87c89cb6ee899feef1cfbf29a736219f9c47d"
# Patch nextcloud files only for the last version
cp -a ../sources/patches_last_version/* ../sources/patches
nextcloud_source_sha256="269f1622e326f5d11e387d3861aad4e2b0e79334ae97eed5a7b3352ba7661420"

23
sources/patches_last_version/app-00-add-logout_url-conf.patch
View file

@ -1,14 +1,21 @@
diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php
index 13aef8f67a..55d8dbf9d1 100644
--- a/core/Controller/LoginController.php
+++ b/core/Controller/LoginController.php
@@ -119,7 +119,10 @@
@@ -119,11 +119,12 @@ class LoginController extends Controller {
}
$this->userSession->logout();
- $response = new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm'));
- $response = new RedirectResponse($this->urlGenerator->linkToRouteAbsolute(
- 'core.login.showLoginForm',
- ['clear' => true] // this param the the code in login.js may be removed when the "Clear-Site-Data" is working in the browsers
+ $redirectUrl = $this->config->getSystemValue('logout_url',
+ $this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm')
+ );
+ $this->urlGenerator->linkToRouteAbsolute(
+ 'core.login.showLoginForm',
+ ['clear' => true] // this param the the code in login.js may be removed when the "Clear-Site-Data" is working in the browsers)
));
-
+ $response = new RedirectResponse($redirectUrl);
$response->addHeader('Clear-Site-Data', '"cache", "cookies", "storage", "executionContexts"');
return $response;
}
$this->session->set('clearingExecutionContexts', '1');
$this->session->close();

66
sources/patches_last_version/app-01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch
View file

@ -1,33 +1,33 @@
lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php | 4 ++++
lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php | 3 ++-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
index 85ae127f5f..91618a09fc 100644
--- a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
+++ b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
@@ -65,6 +65,10 @@ class ContentSecurityPolicyNonceManager {
* @return bool
*/
public function browserSupportsCspV3() {
+ // YunoHost patch: disable CSPv3 nonces to:
+ // - avoid white page on first login from YunoHost portal
+ // - allow YunoHost tile display
+ return false;
$browserWhitelist = [
Request::USER_AGENT_CHROME,
// Firefox 45+
diff --git a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
index 64d4eb6e5d..59d5885620 100644
--- a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
+++ b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
@@ -377,7 +377,8 @@ class EmptyContentSecurityPolicy {
if(!empty($this->allowedFontDomains)) {
$policy .= 'font-src ' . implode(' ', $this->allowedFontDomains);
- $policy .= ';';
+ // YunoHost patch: extend font-src to load data fonts embedded in YunoHost tile script
+ $policy .= ' data:;';
}
if(!empty($this->allowedConnectDomains)) {
.../Security/CSP/ContentSecurityPolicyNonceManager.php | 4 ++++
lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php | 3 ++-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
index 795d8cc864..5f3c961445 100644
--- a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
+++ b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
@@ -70,6 +70,10 @@ class ContentSecurityPolicyNonceManager {
* @return bool
*/
public function browserSupportsCspV3(): bool {
+ // YunoHost patch: disable CSPv3 nonces to:
+ // - avoid white page on first login from YunoHost portal
+ // - allow YunoHost tile display
+ return false;
$browserWhitelist = [
Request::USER_AGENT_CHROME,
// Firefox 45+
diff --git a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
index 3fcef1d0ef..7ce01a68fc 100644
--- a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
+++ b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
@@ -449,7 +449,8 @@ class EmptyContentSecurityPolicy {
if(!empty($this->allowedFontDomains)) {
$policy .= 'font-src ' . implode(' ', $this->allowedFontDomains);
- $policy .= ';';
+ // YunoHost patch: extend font-src to load data fonts embedded in YunoHost tile script
+ $policy .= ' data:;';
}
if(!empty($this->allowedConnectDomains)) {

17
sources/patches_last_version/app-02-Allow-for-eval-in-JS-scripts-for-YunoHost-tile.patch Normal file
View file

@ -0,0 +1,17 @@
lib/public/AppFramework/Http/ContentSecurityPolicy.php | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/public/AppFramework/Http/ContentSecurityPolicy.php b/lib/public/AppFramework/Http/ContentSecurityPolicy.php
index e9ecf00036..8e69c8d2dc 100644
--- a/lib/public/AppFramework/Http/ContentSecurityPolicy.php
+++ b/lib/public/AppFramework/Http/ContentSecurityPolicy.php
@@ -44,7 +44,8 @@ class ContentSecurityPolicy extends EmptyContentSecurityPolicy {
/** @var bool Whether inline JS snippets are allowed */
protected $inlineScriptAllowed = false;
/** @var bool Whether eval in JS scripts is allowed */
- protected $evalScriptAllowed = false;
+ // YunoHost patch: allow for eval in JS scripts for YunoHost tile
+ protected $evalScriptAllowed = true;
/** @var array Domains from which scripts can get loaded */
protected $allowedScriptDomains = [
'\'self\'',