#!/bin/bash source _common.sh source /usr/share/yunohost/helpers upgrade_type=$(ynh_check_app_version_changed) #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= ynh_script_progression --message="Ensuring downward compatibility..." if [ -z ${system_addressbook_exposed:-} ]; then ynh_app_setting_set --app=$app --key=system_addressbook_exposed --value=0 system_addressbook_exposed=0 fi # Fix system_addressbook_exposed as a boolean if [ "${system_addressbook_exposed,,}" = "yes" ]; then ynh_app_setting_set --app=$app --key=system_addressbook_exposed --value=1 system_addressbook_exposed=1 elif [ "${system_addressbook_exposed,,}" = "no" ]; then ynh_app_setting_set --app=$app --key=system_addressbook_exposed --value=0 system_addressbook_exposed=0 fi # Remove the option backup_core_only if it's in the settings.yml file ynh_app_setting_delete --app=$app --key=backup_core_only phpflags="--define apc.enable_cli=1" ynh_app_setting_set --app=$app --key=phpflags --value="$phpflags" if ynh_compare_current_package_version --comparison lt --version 22.2~ynh1 then ynh_die --message="Upgrading from Nextcloud < 22.2 is not supported anymore. You should first upgrade to 22.2 using: yunohost app upgrade nextcloud -u https://github.com/YunoHost-Apps/nextcloud_ynh/tree/41f5f902e7c7cd3c30a6793020562ba98b9bf3e9" fi #================================================= # SPECIFIC UPGRADE #================================================= # MAKE SEQUENTIAL UPGRADES FROM EACH MAJOR # VERSION TO THE NEXT ONE #================================================= filter_boring_occ_warnings() { # Filter stupid and boring messages such as the progress bar looking like: # 3/3 [============================] 100% Starting ... # and being pretty much useless, as well as the annoying warning about "only a limited number of commands" etc... sed -E 's@\s*([0-9]+\/[0-9]+\s+\[(-|>|=)+\]\s+[0-9]+%|\s*Starting ...|Nextcloud or one of the apps require upgrade - only a limited number of commands are available|You may use your browser or the occ upgrade command to do the upgrade)@@g' } # Define a function to execute commands with `occ` exec_occ() { # Backward compatibility to upgrade from older versions if [ $current_major_version = "$last_major_version" ] then NEXTCLOUD_PHP_VERSION="8.3" elif [ $current_major_version -ge 26 ] then NEXTCLOUD_PHP_VERSION="8.2" elif [ $current_major_version -ge 24 ] then NEXTCLOUD_PHP_VERSION="8.1" else NEXTCLOUD_PHP_VERSION="7.4" fi # NB : be super careful when designing this part of the code, because calling ynh_install_app_dependencies # will do magic regarding php configuration and $phpversion when the php version of the dependencies changes ... phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) if [[ "$NEXTCLOUD_PHP_VERSION" != "$phpversion" ]]; then local pkg_dependencies="$(dpkg-query --show --showformat='${Depends}' ${app}-ynh-deps)" pkg_dependencies="${pkg_dependencies//$phpversion/$NEXTCLOUD_PHP_VERSION}" # Packaging v1 ~legacy : ynh_install_app_dependencies is designed to be called several times # but the second time it will *append* the list of dependencies rather than replace the existing dependencies # resulting in a crash when parsing what's the php version the app uses, hence we need to force the full-replacement YNH_INSTALL_APP_DEPENDENCIES_REPLACE=true ynh_install_app_dependencies "$pkg_dependencies" fi (cd "$install_dir" && ynh_exec_as "$app" \ php$NEXTCLOUD_PHP_VERSION --define apc.enable_cli=1 occ --no-interaction --no-ansi "$@") 2> >(filter_boring_occ_warnings >&2) } # Define a function to add an external storage # Create the external storage for the given folders and enable sharing create_external_storage() { local mount_dir="$1" local mount_name="$2" local mount_id=$(exec_occ files_external:create --output=json \ "$mount_name" 'local' 'null::null' -c "datadir=$mount_dir" || true) ! [[ $mount_id =~ ^[0-9]+$ ]] \ && ynh_print_warn --message="Unable to create external storage" \ || exec_occ files_external:option "$mount_id" enable_sharing true } function list_installed_apps_not_compatible_with_future_version() { local nextcloud_destination_version="$1" local nextcloud_current_version="$(grep OC_VersionString "$install_dir/version.php" | cut -d\' -f2)" local installed_apps=$(mktemp) local core_apps_in_current_version=$(mktemp) local nextcloud_destination_appcatalog=$(mktemp) # Run a first "dummy" command just to make sure we have the appropriate php dependencies installed, # otherwise this creates funky stuff when tweaking the apt deps because the next command is piped into jq ... exec_occ -V >/dev/null # List installed apps exec_occ app:list --output json | jq -r ".enabled | keys[]" | sort > $installed_apps # Fetch Nextcloud list of core apps from their github repo for the current version curl -s https://raw.githubusercontent.com/nextcloud/server/v$nextcloud_current_version/core/shipped.json | jq -r '.shippedApps[]' | sort > $core_apps_in_current_version # Fetch Nextcloud app catalog (doesnt contain core app) for the future version curl -s https://apps.nextcloud.com/api/v1/platform/$nextcloud_destination_version.0.0/apps.json | jq -r '.[] | .id' | sort > $nextcloud_destination_appcatalog # Compute set complement, cf https://catonmat.net/set-operations-in-unix-shell # We want to list the installed apps which are neither core apps nor in the destination catalog comm -23 <(comm -23 $installed_apps $core_apps_in_current_version) $nextcloud_destination_appcatalog } current_version=$(grep OC_VersionString "$install_dir/version.php" | cut -d\' -f2) current_major_version=${current_version%%.*} last_version=$(ynh_read_manifest --manifest_key="resources.sources.main.url" | grep -o '[0-9][0-9]\.[0-9]\.[0-9]') last_major_version=${last_version%%.*} if [[ "$last_major_version" != "$current_major_version" ]] then installed_apps_not_compatible_with_future_version="$(list_installed_apps_not_compatible_with_future_version $last_major_version)" if [[ -n "$installed_apps_not_compatible_with_future_version" ]] then ynh_die --message="The following apps are not (yet?) compatible with Nextcloud $last_major_version. You should make sure to upgrade the app, or disable it, or wait for it to become compatible before running this upgrade : $installed_apps_not_compatible_with_future_version" fi fi if [ "$upgrade_type" == "UPGRADE_APP" ] then ynh_script_progression --message="Upgrading $app..." --weight=3 # Set write access for the following commands chown -R $app:www-data "$install_dir" # Print the current version number of Nextcloud exec_occ -V if [ "$(exec_occ config:system:get mysql.utf8mb4)" != "true" ]; then db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd) # Change your databases character set and collation ynh_mysql_connect_as --user=$db_user --password="$db_pwd" --database=$db_name \ <<< "ALTER DATABASE $db_name CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;" # Set the mysql.utf8mb4 config to true in config.php exec_occ config:system:set mysql.utf8mb4 --type boolean --value="true" exec_occ maintenance:repair fi # Upgrade may fail if this app is enabled # Take all apps enabled, and check if mail is one of them # Then temporary disable the mail app mail_app_must_be_reactived=0 if exec_occ app:list | awk '/Enabled/{f=1;next} /Disabled/{f=0} f' | grep -q -w mail; then exec_occ app:disable mail mail_app_must_be_reactived=1 fi # While the current version is not the last version, do an upgrade while [ "$last_version" != "$current_version" ] do next_major_version="$(( $current_major_version + 1 ))" if [[ "$next_major_version" -ge "$last_major_version" ]]; then ynh_print_info --message="Upgrading to Nextcloud $last_version" cp -a ../sources/patches_last_version/* ../sources/patches source_id="main" else ynh_print_info --message="Upgrading to Nextcloud $next_major_version" source_id="$next_major_version" fi # Create a temporary directory tmpdir="${install_dir}__tmp_upgrade" ynh_setup_source --dest_dir="$tmpdir" --source_id="$source_id" # Backup the config file in the temp dir cp -a "$install_dir/config/config.php" "$tmpdir/config/config.php" # Enable maintenance mode exec_occ maintenance:mode --on # Backup 3rd party applications from the current Nextcloud # But do not overwrite if there is any upgrade # (apps directory already exists in Nextcloud archive) ( cd $install_dir/apps for nc_app_dir in */ do if [ ! -d "$tmpdir/apps/$nc_app_dir" ] then cp -a "$nc_app_dir" "$tmpdir/apps/$nc_app_dir" fi done ) # Replace the old Nextcloud by the new one ynh_secure_remove --file="$install_dir" mv "$tmpdir" "$install_dir" # Set write access for the following commands chown -R $app:www-data "$install_dir" # Upgrade Nextcloud (SUCCESS = 0, UP_TO_DATE = 3) exec_occ maintenance:mode --off exec_occ upgrade \ || [ $? -eq 3 ] || ynh_die --message="Unable to upgrade $app" # Get the new current version number current_version=$(grep OC_VersionString "$install_dir/version.php" | cut -d\' -f2) current_major_version=${current_version%%.*} # Print the current version number of Nextcloud exec_occ -V done exec_occ db:add-missing-indices -n exec_occ db:add-missing-columns -n exec_occ db:add-missing-primary-keys -n exec_occ db:convert-filecache-bigint -n #================================================= # CONFIGURE NEXTCLOUD #================================================= ynh_script_progression --message="Reconfiguring $app..." --weight=9 # Verify the checksum and backup the file if it's different ynh_backup_if_checksum_is_different --file="$install_dir/config/config.php" nc_conf="${install_dir}/config.json" ynh_add_config --template="config.json" --destination="$nc_conf" # Reneable the mail app if [ $mail_app_must_be_reactived -eq 1 ]; then exec_occ app:enable mail fi # Ensure that UpdateNotification app is disabled exec_occ app:disable updatenotification # Enable LDAP plugin exec_occ app:enable user_ldap # Update all installed apps exec_occ app:update --all # move the logs from the data_dir to the standard /var/log # it would be better in the ENSURE DOWNWARD COMPATIBILITY section # but it must be after the exec_occ() definition, so it's here if [ -f "$data_dir/data/nextcloud.log" ]; then mkdir -p "/var/log/$app" chmod 750 "/var/log/$app" mv "$data_dir"/data/nextcloud.log* "/var/log/$app" # adapt the nextcloud config exec_occ config:system:set logfile --value="/var/log/$app/nextcloud.log" fi # Load the config file in nextcloud exec_occ config:import "$nc_conf" # Then remove the config file ynh_secure_remove --file="$nc_conf" #================================================= # ALLOW USERS TO DISCONNECT FROM NEXTCLOUD #================================================= # Add dynamic logout URL to the config url_base64="$(echo -n "https://$domain$path" | base64)" old_logout_url="https://$(cat /etc/yunohost/current_host)/yunohost/sso/?action=logout" current_logout_url="$(exec_occ config:system:get logout_url 2> /dev/null)" if [[ "$current_logout_url" == "${old_logout_url}" ]] || [[ "$current_logout_url" == "" ]] then echo " //-YunoHost- // set logout_url according to main domain \$main_domain = file_get_contents('/etc/yunohost/current_host'); \$CONFIG['logout_url'] = 'https://'.\$main_domain.'/yunohost/sso/?action=logout&r=${url_base64}'; //-YunoHost- " >> "$install_dir/config/config.php" fi #================================================= # CHANGE HOSTNAME FOR ACTIVITY NOTIFICATIONS #================================================= exec_occ config:system:set overwrite.cli.url --value="https://${domain}${path}" #================================================= # MOUNT HOME FOLDERS AS EXTERNAL STORAGE #================================================= # Enable External Storage and create local mount to home folder as needed if [ $user_home -eq 1 ]; then exec_occ app:enable files_external exec_occ files_external:list --output=json \ | grep -q '"storage":"\\\\OC\\\\Files\\\\Storage\\\\Local"' \ || create_external_storage "/home/\$user" "Home" # Iterate over users to extend their home folder permissions for u in $(ynh_user_list); do setfacl --modify g:$app:rwx "/home/$u" || true done fi #================================================= # STORE THE CHECKSUM OF THE CONFIG FILE #================================================= # Calculate and store the config file checksum into the app settings ynh_store_file_checksum --file="${install_dir}/config/config.php" fi #================================================= # REGEN PERMISSIONS #================================================= ynh_script_progression --message="Reapplying file permissions..." --weight=2 # Fix app ownerships & permissions chown -R $app:www-data "$install_dir" find $install_dir/ -type f -print0 | xargs -r0 chmod 0644 find $install_dir/ -type d -print0 | xargs -r0 chmod 0755 chmod 600 "$install_dir/config/config.php" chmod 755 /home/yunohost.app chmod 750 $install_dir #================================================= # REGEN SYSTEM CONFIGURATIONS #================================================= ynh_script_progression --message="Regenerating system configurations for $app..." --weight=2 #------------------------------------------------- # PHP-FPM #------------------------------------------------- ynh_add_fpm_config #------------------------------------------------- # NGINX #------------------------------------------------- # Delete current NGINX configuration to be able to check if .well-known is already served. ynh_backup_if_checksum_is_different --file="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_remove_nginx_config ynh_app_setting_delete --app=$app --key="checksum__etc_nginx_conf.d_$domain.d_$app.conf" # Wait untils NGINX has fully reloaded ynh_systemd_action --service_name=nginx --action=reload --line_match="Reloaded" --log_path="systemd" wait_nginx_reload # Check if .well-known is available for this domain if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav" then ynh_print_warn --message="Another app already uses the domain $domain to serve a CalDAV/CardDAV feature. You may encounter issues when dealing with your calendar or address book." # Remove lines about .well-known/carddav and caldav with sed. sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "../conf/nginx.conf" fi # Create a dedicated NGINX config ynh_add_nginx_config #================================================= # CRON JOB #================================================= cron_path="/etc/cron.d/$app" ynh_add_config --template="nextcloud.cron" --destination="$cron_path" chown root: "$cron_path" chmod 644 "$cron_path" exec_occ background:cron #================================================= # LOGROTATE #================================================= ynh_use_logrotate --non-append #================================================= # FAIL2BAN #================================================= # Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="/var/log/$app/nextcloud.log" --failregex="^.*Login failed: '.*' \(Remote IP: ''.*$" --max_retry=5 #================================================= # END OF SCRIPT #================================================= ynh_script_progression --message="Upgrade of $app completed" --last