nextcloud_ynh/scripts/upgrade

#!/bin/bash

source _common.sh
source /usr/share/yunohost/helpers

upgrade_type=$(ynh_check_app_version_changed)

#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
ynh_script_progression --message="Ensuring downward compatibility..."

if [ -z ${system_addressbook_exposed:-} ]; then
    ynh_app_setting_set --app=$app --key=system_addressbook_exposed --value=0
    system_addressbook_exposed=0
fi

# Fix system_addressbook_exposed as a boolean
if [ "${system_addressbook_exposed,,}" = "yes" ]; then
    ynh_app_setting_set --app=$app --key=system_addressbook_exposed --value=1
    system_addressbook_exposed=1
elif [ "${system_addressbook_exposed,,}" = "no" ]; then
    ynh_app_setting_set --app=$app --key=system_addressbook_exposed --value=0
    system_addressbook_exposed=0
fi

# Remove the option backup_core_only if it's in the settings.yml file
ynh_app_setting_delete --app=$app --key=backup_core_only

phpflags="--define apc.enable_cli=1"
ynh_app_setting_set --app=$app --key=phpflags --value="$phpflags"

if ynh_compare_current_package_version --comparison lt --version 22.2~ynh1
then
    ynh_die --message="Upgrading from Nextcloud < 22.2 is not supported anymore. You should first upgrade to 22.2 using: yunohost app upgrade nextcloud -u https://github.com/YunoHost-Apps/nextcloud_ynh/tree/41f5f902e7c7cd3c30a6793020562ba98b9bf3e9"
fi

#=================================================
# SPECIFIC UPGRADE
#=================================================
# MAKE SEQUENTIAL UPGRADES FROM EACH MAJOR
# VERSION TO THE NEXT ONE
#=================================================

filter_boring_occ_warnings() {
    # Filter stupid and boring messages such as the progress bar looking like:
    # 3/3 [============================] 100% Starting ...
    # and being pretty much useless, as well as the annoying warning about "only a limited number of commands" etc...

    sed -E 's@\s*([0-9]+\/[0-9]+\s+\[(-|>|=)+\]\s+[0-9]+%|\s*Starting ...|Nextcloud or one of the apps require upgrade - only a limited number of commands are available|You may use your browser or the occ upgrade command to do the upgrade)@@g'
}

# Define a function to execute commands with `occ`
exec_occ() {
    # Backward compatibility to upgrade from older versions
    if [ $current_major_version = "$last_major_version" ]
    then
        NEXTCLOUD_PHP_VERSION="8.3"
    elif [ $current_major_version -ge 26 ]
    then
        NEXTCLOUD_PHP_VERSION="8.2"
    elif [ $current_major_version -ge 24 ]
    then
        NEXTCLOUD_PHP_VERSION="8.1"
    else
        NEXTCLOUD_PHP_VERSION="7.4"
    fi

    # NB : be super careful when designing this part of the code, because calling ynh_install_app_dependencies
    # will do magic regarding php configuration and $phpversion when the php version of the dependencies changes ...
    phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
    if [[ "$NEXTCLOUD_PHP_VERSION" != "$phpversion" ]]; then
        local pkg_dependencies="$(dpkg-query --show --showformat='${Depends}' ${app}-ynh-deps)"
        pkg_dependencies="${pkg_dependencies//$phpversion/$NEXTCLOUD_PHP_VERSION}"
        # Packaging v1 ~legacy : ynh_install_app_dependencies is designed to be called several times
        # but the second time it will *append* the list of dependencies rather than replace the existing dependencies
        # resulting in a crash when parsing what's the php version the app uses, hence we need to force the full-replacement
        YNH_INSTALL_APP_DEPENDENCIES_REPLACE=true
        ynh_install_app_dependencies "$pkg_dependencies"
    fi
(cd "$install_dir" && ynh_exec_as "$app" \
    php$NEXTCLOUD_PHP_VERSION --define apc.enable_cli=1 occ --no-interaction --no-ansi "$@") 2> >(filter_boring_occ_warnings >&2)
}

# Define a function to add an external storage
# Create the external storage for the given folders and enable sharing
create_external_storage() {
    local mount_dir="$1"
    local mount_name="$2"
    local mount_id=$(exec_occ files_external:create --output=json \
        "$mount_name" 'local' 'null::null' -c "datadir=$mount_dir" || true)
    ! [[ $mount_id =~ ^[0-9]+$ ]] \
        && ynh_print_warn --message="Unable to create external storage" \
        || exec_occ files_external:option "$mount_id" enable_sharing true
}

function list_installed_apps_not_compatible_with_future_version()
{
    local nextcloud_destination_version="$1"
    local nextcloud_current_version="$(grep OC_VersionString "$install_dir/version.php" | cut -d\' -f2)"
    local installed_apps=$(mktemp)
    local core_apps_in_current_version=$(mktemp)
    local nextcloud_destination_appcatalog=$(mktemp)

    # Run a first "dummy" command just to make sure we have the appropriate php dependencies installed,
    # otherwise this creates funky stuff when tweaking the apt deps because the next command is piped into jq ...
    exec_occ -V >/dev/null
    # List installed apps
    exec_occ app:list --output json | jq -r ".enabled | keys[]" | sort > $installed_apps
    # Fetch Nextcloud list of core apps from their github repo for the current version
    curl -s https://raw.githubusercontent.com/nextcloud/server/v$nextcloud_current_version/core/shipped.json | jq -r '.shippedApps[]' | sort > $core_apps_in_current_version
    # Fetch Nextcloud app catalog (doesnt contain core app) for the future version
    curl -s https://apps.nextcloud.com/api/v1/platform/$nextcloud_destination_version.0.0/apps.json | jq -r '.[] | .id' | sort > $nextcloud_destination_appcatalog

    # Compute set complement, cf https://catonmat.net/set-operations-in-unix-shell
    # We want to list the installed apps which are neither core apps nor in the destination catalog
    comm -23 <(comm -23 $installed_apps $core_apps_in_current_version) $nextcloud_destination_appcatalog
}


current_version=$(grep OC_VersionString "$install_dir/version.php" | cut -d\' -f2)
current_major_version=${current_version%%.*}

last_version=$(ynh_read_manifest --manifest_key="resources.sources.main.url" | grep -o '[0-9][0-9]\.[0-9]\.[0-9]')
last_major_version=${last_version%%.*}

if [[ "$last_major_version" != "$current_major_version" ]]
then
    installed_apps_not_compatible_with_future_version="$(list_installed_apps_not_compatible_with_future_version $last_major_version)"
    if [[ -n "$installed_apps_not_compatible_with_future_version" ]]
    then
        ynh_die --message="The following apps are not (yet?) compatible with Nextcloud $last_major_version. You should make sure to upgrade the app, or disable it, or wait for it to become compatible before running this upgrade : $installed_apps_not_compatible_with_future_version"
    fi
fi

if [ "$upgrade_type" == "UPGRADE_APP" ]
then
    ynh_script_progression --message="Upgrading $app..." --weight=3

    # Set write access for the following commands
    chown -R $app:www-data "$install_dir"

    # Print the current version number of Nextcloud
    exec_occ -V

    if [ "$(exec_occ config:system:get mysql.utf8mb4)" != "true" ]; then
        db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
        # Change your databases character set and collation
        ynh_mysql_connect_as --user=$db_user --password="$db_pwd" --database=$db_name \
        <<< "ALTER DATABASE $db_name CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;"
        # Set the mysql.utf8mb4 config to true in config.php
        exec_occ config:system:set mysql.utf8mb4 --type boolean --value="true"
        exec_occ maintenance:repair
    fi

    # Upgrade may fail if this app is enabled
    # Take all apps enabled, and check if mail is one of them
    # Then temporary disable the mail app
    mail_app_must_be_reactived=0

    if exec_occ app:list | awk '/Enabled/{f=1;next} /Disabled/{f=0} f' | grep -q -w mail; then
        exec_occ app:disable mail
        mail_app_must_be_reactived=1
    fi

    # While the current version is not the last version, do an upgrade
    while [ "$last_version" != "$current_version" ]
    do

        next_major_version="$(( $current_major_version + 1 ))"
        if [[ "$next_major_version" -ge "$last_major_version" ]]; then
            ynh_print_info --message="Upgrading to Nextcloud $last_version"
            cp -a ../sources/patches_last_version/* ../sources/patches
            source_id="main"
        else
            ynh_print_info --message="Upgrading to Nextcloud $next_major_version"
            source_id="$next_major_version"
        fi

        # Create a temporary directory
        tmpdir="${install_dir}__tmp_upgrade"

        ynh_setup_source --dest_dir="$tmpdir" --source_id="$source_id"

        # Backup the config file in the temp dir
        cp -a "$install_dir/config/config.php" "$tmpdir/config/config.php"

        # Enable maintenance mode
        exec_occ maintenance:mode --on

        # Backup 3rd party applications from the current Nextcloud
        # But do not overwrite if there is any upgrade
        # (apps directory already exists in Nextcloud archive)
        (
        cd $install_dir/apps
        for nc_app_dir in */
        do
          if [ ! -d "$tmpdir/apps/$nc_app_dir" ]
          then
            cp -a "$nc_app_dir" "$tmpdir/apps/$nc_app_dir"
          fi
        done
        )

        # Replace the old Nextcloud by the new one
        ynh_secure_remove --file="$install_dir"
        mv "$tmpdir" "$install_dir"

        # Set write access for the following commands
        chown -R $app:www-data "$install_dir"

        # Upgrade Nextcloud (SUCCESS = 0, UP_TO_DATE = 3)
        exec_occ maintenance:mode --off
        exec_occ upgrade \
        || [ $? -eq 3 ] || ynh_die --message="Unable to upgrade $app"

        # Get the new current version number
        current_version=$(grep OC_VersionString "$install_dir/version.php" | cut -d\' -f2)
        current_major_version=${current_version%%.*}

        # Print the current version number of Nextcloud
        exec_occ -V
    done

    exec_occ db:add-missing-indices -n
    exec_occ db:add-missing-columns -n
    exec_occ db:add-missing-primary-keys -n
    exec_occ db:convert-filecache-bigint -n

    #=================================================
    # CONFIGURE NEXTCLOUD
    #=================================================
    ynh_script_progression --message="Reconfiguring $app..." --weight=9

    # Verify the checksum and backup the file if it's different
    ynh_backup_if_checksum_is_different --file="$install_dir/config/config.php"

    nc_conf="${install_dir}/config.json"
    ynh_add_config --template="config.json" --destination="$nc_conf"

    # Reneable the mail app
    if [ $mail_app_must_be_reactived -eq 1 ]; then
        exec_occ app:enable mail
    fi

    # Ensure that UpdateNotification app is disabled
    exec_occ app:disable updatenotification

    # Enable LDAP plugin
    exec_occ app:enable user_ldap

    # Update all installed apps
    exec_occ app:update --all

    # move the logs from the data_dir to the standard /var/log
    # it would be better in the ENSURE DOWNWARD COMPATIBILITY section
    # but it must be after the exec_occ() definition, so it's here
    if [ -f "$data_dir/data/nextcloud.log" ]; then
        mkdir -p "/var/log/$app"
        chmod 750 "/var/log/$app"
        mv "$data_dir"/data/nextcloud.log* "/var/log/$app"
        # adapt the nextcloud config
        exec_occ config:system:set logfile --value="/var/log/$app/nextcloud.log"
    fi

    # Load the config file in nextcloud
    exec_occ config:import "$nc_conf"

    # Then remove the config file
    ynh_secure_remove --file="$nc_conf"

    #=================================================
    # ALLOW USERS TO DISCONNECT FROM NEXTCLOUD
    #=================================================

    # Add dynamic logout URL to the config
    url_base64="$(echo -n "https://$domain$path" | base64)"
    old_logout_url="https://$(cat /etc/yunohost/current_host)/yunohost/sso/?action=logout"
    current_logout_url="$(exec_occ config:system:get logout_url 2> /dev/null)"
    if [[ "$current_logout_url" == "${old_logout_url}" ]] || [[ "$current_logout_url" == "" ]]
    then
        echo "
    //-YunoHost-
    // set logout_url according to main domain
    \$main_domain = file_get_contents('/etc/yunohost/current_host');
    \$CONFIG['logout_url'] = 'https://'.\$main_domain.'/yunohost/sso/?action=logout&r=${url_base64}';
    //-YunoHost-
        " >> "$install_dir/config/config.php"
    fi

    #=================================================
    # CHANGE HOSTNAME FOR ACTIVITY NOTIFICATIONS
    #=================================================

    exec_occ config:system:set overwrite.cli.url --value="https://${domain}${path}"

    #=================================================
    # MOUNT HOME FOLDERS AS EXTERNAL STORAGE
    #=================================================

    # Enable External Storage and create local mount to home folder as needed
    if [ $user_home -eq 1 ]; then
        exec_occ app:enable files_external
        exec_occ files_external:list --output=json \
        | grep -q '"storage":"\\\\OC\\\\Files\\\\Storage\\\\Local"' \
        || create_external_storage "/home/\$user" "Home"
        # Iterate over users to extend their home folder permissions
        for u in $(ynh_user_list); do
        setfacl --modify g:$app:rwx "/home/$u" || true
        done
    fi

    #=================================================
    # STORE THE CHECKSUM OF THE CONFIG FILE
    #=================================================

    # Calculate and store the config file checksum into the app settings
    ynh_store_file_checksum --file="${install_dir}/config/config.php"
fi

#=================================================
# REGEN PERMISSIONS
#=================================================
ynh_script_progression --message="Reapplying file permissions..." --weight=2

# Fix app ownerships & permissions
chown -R $app:www-data "$install_dir"
find $install_dir/ -type f -print0 | xargs -r0 chmod 0644
find $install_dir/ -type d -print0 | xargs -r0 chmod 0755
chmod 600 "$install_dir/config/config.php"
chmod 755 /home/yunohost.app
chmod 750 $install_dir

#=================================================
# REGEN SYSTEM CONFIGURATIONS
#=================================================
ynh_script_progression --message="Regenerating system configurations for $app..." --weight=2

#-------------------------------------------------
# PHP-FPM
#-------------------------------------------------

ynh_add_fpm_config

#-------------------------------------------------
# NGINX
#-------------------------------------------------

# Delete current NGINX configuration to be able to check if .well-known is already served.
ynh_backup_if_checksum_is_different --file="/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_remove_nginx_config
ynh_app_setting_delete --app=$app --key="checksum__etc_nginx_conf.d_$domain.d_$app.conf"

# Wait untils NGINX has fully reloaded
ynh_systemd_action --service_name=nginx --action=reload --line_match="Reloaded" --log_path="systemd"

wait_nginx_reload

# Check if .well-known is available for this domain
if is_url_handled --domain="$domain" --path="/.well-known/caldav" || is_url_handled --domain="$domain" --path="/.well-known/carddav"
then
    ynh_print_warn --message="Another app already uses the domain $domain to serve a CalDAV/CardDAV feature. You may encounter issues when dealing with your calendar or address book."

    # Remove lines about .well-known/carddav and caldav with sed.
    sed --in-place --regexp-extended '/location = \/\.well\-known\/(caldav|carddav)/d' "../conf/nginx.conf"
fi

# Create a dedicated NGINX config
ynh_add_nginx_config

#=================================================
# CRON JOB
#=================================================

cron_path="/etc/cron.d/$app"
ynh_add_config --template="nextcloud.cron" --destination="$cron_path"
chown root: "$cron_path"
chmod 644 "$cron_path"

exec_occ background:cron

#=================================================
# LOGROTATE
#=================================================

ynh_use_logrotate --non-append

#=================================================
# FAIL2BAN
#=================================================

# Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="/var/log/$app/nextcloud.log" --failregex="^.*Login failed: '.*' \(Remote IP: '<HOST>'.*$" --max_retry=5

#=================================================
# END OF SCRIPT
#=================================================

ynh_script_progression --message="Upgrade of $app completed" --last