YunoHost-Apps/ofbiz_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/ofbiz_ynh.git synced 2024-09-03 19:46:33 +02:00
Code Issues Activity Actions

v2

Browse source
This commit is contained in:
Éric Gaspar 2024-01-10 12:50:39 +01:00 committed by Félix Piédallu
parent 82d5e0bbdc
commit 21767e3133
16 changed files with 1263 additions and 547 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
conf/app.src
View file

@ -1,7 +0,0 @@
SOURCE_URL=https://archive.apache.org/dist/ofbiz/apache-ofbiz-18.12.07.zip
SOURCE_SUM=b3f7b23167cae3ccc96c3d088e42c8df600485b8b7f88ac63b834a82e19fa5de
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=zip
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
SOURCE_EXTRACT=true

834
conf/entityengine.xml Normal file
View file

@ -0,0 +1,834 @@
<?xml version="1.0" encoding="UTF-8" ?>
<!--
Licensed to the Apache Software Foundation (ASF) under one
or more contributor license agreements. See the NOTICE file
distributed with this work for additional information
regarding copyright ownership. The ASF licenses this file
to you under the Apache License, Version 2.0 (the
"License"); you may not use this file except in compliance
with the License. You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing,
software distributed under the License is distributed on an
"AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
KIND, either express or implied. See the License for the
specific language governing permissions and limitations
under the License.
-->
<!--
- This file configures the Entity Engine JDBC (or other DataSource) and JTA
access. For a detailed description see the core/docs/entityconfig.html file.
-->
<entity-config xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:noNamespaceSchemaLocation="https://ofbiz.apache.org/dtds/entity-config.xsd">
<resource-loader name="fieldfile" class="org.apache.ofbiz.base.config.FileLoader"
prepend-env="ofbiz.home" prefix="/framework/entity/fieldtype/"/>
<!-- the transaction factory class to use, one is needed for each way of getting JTA interfaces -->
<!-- Use this one for Geronimo -->
<transaction-factory class="org.apache.ofbiz.entity.transaction.GeronimoTransactionFactory"/>
<!-- Use this one for getting the JTA objects from JNDI -->
<!-- NOTE: to use the JndiFactory you must specify the necessary JNDI properties
<transaction-factory class="org.apache.ofbiz.entity.transaction.JNDITransactionFactory">
<user-transaction-jndi jndi-server-name="default" jndi-name="java:comp/UserTransaction"/>
<transaction-manager-jndi jndi-server-name="default" jndi-name="java:comp/UserTransaction"/>
</transaction-factory>
-->
<!--
It is common to use UserTransaction for the TransactionManager, but if that doesn't work, try this: <transaction-manager-jndi jndi-server-name="default" jndi-name="java:comp/TransactionManager"/>
Common UserTransaction locations:
java:comp/UserTransaction (most servers: Resin, Orion, OC4J, etc)
UserTransaction (RexIP)
JBoss uses two different objects for the UserTransaction and TransactionManager interfaces;
they are located in JNDI at: "java:comp/UserTransaction" and "java:/TransactionManager" respectively
-->
<!-- the connection factory class to use, one is needed for obtaining connections/pools for defined resources -->
<connection-factory class="org.apache.ofbiz.entity.connection.DBCPConnectionFactory"/>
<debug-xa-resources value="false" /> <!-- see https://issues.apache.org/jira/browse/OFBIZ-4282 for more -->
<delegator name="default" entity-model-reader="main" entity-group-reader="main" entity-eca-reader="main" distributed-cache-clear-enabled="false">
<group-map group-name="org.apache.ofbiz" datasource-name="localderby"/>
<group-map group-name="org.apache.ofbiz.olap" datasource-name="localderbyolap"/>
<group-map group-name="org.apache.ofbiz.tenant" datasource-name="localderbytenant"/>
</delegator>
<!-- May be used when you create a service that manages many data for massive imports, this for performance reason or to escape functional cases -->
<delegator name="default-no-eca" entity-model-reader="main" entity-group-reader="main" entity-eca-reader="main" entity-eca-enabled="false" distributed-cache-clear-enabled="false">
<group-map group-name="org.apache.ofbiz" datasource-name="localderby"/>
<group-map group-name="org.apache.ofbiz.olap" datasource-name="localderbyolap"/>
<group-map group-name="org.apache.ofbiz.tenant" datasource-name="localderbytenant"/>
</delegator>
<!-- Be sure that your default delegator (or the one you use) uses the same datasource for test. You must run "gradlew loadAll" before running "gradlew testIntegration" -->
<delegator name="test" entity-model-reader="main" entity-group-reader="main" entity-eca-reader="main">
<group-map group-name="org.apache.ofbiz" datasource-name="localderby"/>
<group-map group-name="org.apache.ofbiz.olap" datasource-name="localderbyolap"/>
<group-map group-name="org.apache.ofbiz.tenant" datasource-name="localderbytenant"/>
</delegator>
<!-- need to at least define a name for each component to use -->
<entity-model-reader name="main"/>
<!-- need to at least define a name for each component to use -->
<entity-group-reader name="main"/>
<!-- need to at least define a name for each component to use -->
<entity-eca-reader name="main"/>
<!-- need to at least define a name for each component to use -->
<!-- defining:
tenant = OFBiz and External Tenant Data
seed = OFBiz and External Seed Data - to be maintained along with source and updated whenever a system deployment is updated
seed-initial = OFBiz and External Seed Data - to be maintained along with source like other seed data, but only loaded initially and not updated when a system is updated except manually reviewing each line
demo = OFBiz Only Demo Data
ext = External General Data (custom)
ext-test = External Test Data (custom)
ext-demo = External Demo Data (custom)
-->
<entity-data-reader name="tenant"/>
<entity-data-reader name="seed"/>
<entity-data-reader name="seed-initial"/>
<entity-data-reader name="demo"/>
<entity-data-reader name="ext"/>
<entity-data-reader name="ext-test"/>
<entity-data-reader name="ext-demo"/>
<field-type name="hsql" loader="fieldfile" location="fieldtypehsql.xml"/>
<field-type name="derby" loader="fieldfile" location="fieldtypederby.xml"/>
<field-type name="daffodil" loader="fieldfile" location="fieldtypedaffodil.xml"/>
<field-type name="axion" loader="fieldfile" location="fieldtypeaxion.xml"/>
<field-type name="mysql" loader="fieldfile" location="fieldtypemysql.xml"/>
<field-type name="postgres" loader="fieldfile" location="fieldtypepostgres.xml"/>
<field-type name="oracle" loader="fieldfile" location="fieldtypeoracle.xml"/>
<field-type name="sapdb" loader="fieldfile" location="fieldtypesapdb.xml"/>
<field-type name="sybase" loader="fieldfile" location="fieldtypesybase.xml"/>
<field-type name="firebird" loader="fieldfile" location="fieldtypefirebird.xml"/>
<field-type name="mssql" loader="fieldfile" location="fieldtypemssql.xml"/>
<field-type name="advantage" loader="fieldfile" location="fieldtypeadvantage.xml"/>
<!--
For DAO/JDBC Helper: Tries:
1. JNDI Datasource IF jdbc.jndi.name, context.provider, etc are specified
2. Embedded (JOTM) if available (uses jdbc.driver, jdbc.uri, jdbc.username, jdbc.password, isolation.level)
3. Direct to manually loaded JDBC driver (uses jdbc.driver, jdbc.uri, jdbc.username, jdbc.password)
Transaction Isolation Levels - (<helperName>.isolation.level) can be as follows:
* None
* ReadCommitted (Recommended)
* ReadUncommitted
* RepeatableRead
* Serializable (NOT Recommended)
* Not set uses database default
-->
<datasource name="localhsql"
helper-class="org.apache.ofbiz.entity.datasource.GenericHelperDAO"
field-type-name="hsql"
check-on-start="true"
add-missing-on-start="true"
check-indices-on-start="true"
use-foreign-keys="true"
use-foreign-key-indices="true"
use-fk-initially-deferred="false"
join-style="ansi-no-parenthesis"
alias-view-columns="true">
<read-data reader-name="tenant"/>
<read-data reader-name="seed"/>
<read-data reader-name="seed-initial"/>
<read-data reader-name="demo"/>
<read-data reader-name="ext"/>
<read-data reader-name="ext-test"/>
<read-data reader-name="ext-demo"/>
<inline-jdbc
jdbc-driver="org.hsqldb.jdbcDriver"
jdbc-uri="jdbc:hsqldb:runtime/data/hsqldb/ofbiz"
jdbc-username="ofbiz"
jdbc-password="ofbiz"
isolation-level="ReadCommitted"
pool-minsize="2"
pool-maxsize="250"
time-between-eviction-runs-millis="600000"/>
<!-- <jndi-jdbc jndi-server-name="localjndi" jndi-name="java:/HsqlDataSource" isolation-level="ReadUncommitted"/> -->
<!-- <jndi-jdbc jndi-server-name="default" jndi-name="comp/env/jdbc/xa/localhsql" isolation-level="ReadUncommitted"/> --> <!-- Orion Style JNDI name -->
<!-- <jndi-jdbc jndi-server-name="localjndi" jndi-name="localhsqlDataSource"/> --> <!-- Weblogic Style JNDI name -->
</datasource>
<datasource name="localderby"
helper-class="org.apache.ofbiz.entity.datasource.GenericHelperDAO"
schema-name="OFBIZ"
field-type-name="derby"
check-on-start="true"
add-missing-on-start="true"
use-pk-constraint-names="false"
use-indices-unique="false"
alias-view-columns="false"
use-order-by-nulls="true"
offset-style="fetch">
<read-data reader-name="tenant"/>
<read-data reader-name="seed"/>
<read-data reader-name="seed-initial"/>
<read-data reader-name="demo"/>
<read-data reader-name="ext"/>
<read-data reader-name="ext-test"/>
<read-data reader-name="ext-demo"/>
<!-- beware use-indices-unique="false" is needed because of Derby bug with null values in a unique index -->
<inline-jdbc
jdbc-driver="org.apache.derby.jdbc.EmbeddedDriver"
jdbc-uri="jdbc:derby:ofbiz;create=true"
jdbc-username="ofbiz"
jdbc-password-lookup="derby-ofbiz"
isolation-level="ReadCommitted"
pool-minsize="2"
pool-maxsize="250"
test-on-borrow="true"
pool-jdbc-test-stmt="values 1"
soft-min-evictable-idle-time-millis="600000"
time-between-eviction-runs-millis="600000"/>
<!-- <jndi-jdbc jndi-server-name="localjndi" jndi-name="java:/DerbyDataSource" isolation-level="ReadCommitted"/> -->
</datasource>
<datasource name="localderbyodbc"
helper-class="org.apache.ofbiz.entity.datasource.GenericHelperDAO"
schema-name="OFBIZ"
field-type-name="derby"
check-on-start="true"
add-missing-on-start="true"
use-pk-constraint-names="false"
use-indices-unique="false"
alias-view-columns="false"
use-order-by-nulls="true"
offset-style="fetch">
<!-- beware use-indices-unique="false" is needed because of Derby bug with null values in a unique index -->
<inline-jdbc
jdbc-driver="org.apache.derby.jdbc.EmbeddedDriver"
jdbc-uri="jdbc:derby:ofbizodbc;create=true"
jdbc-username="ofbiz"
jdbc-password-lookup="derby-ofbizodbc"
isolation-level="ReadCommitted"
pool-minsize="2"
pool-maxsize="250"
time-between-eviction-runs-millis="600000"/>
<!-- <jndi-jdbc jndi-server-name="localjndi" jndi-name="java:/DerbyDataSource" isolation-level="ReadCommitted"/> -->
</datasource>
<datasource name="localderbyolap"
helper-class="org.apache.ofbiz.entity.datasource.GenericHelperDAO"
schema-name="OFBIZ"
field-type-name="derby"
check-on-start="true"
add-missing-on-start="true"
use-pk-constraint-names="false"
use-indices-unique="false"
alias-view-columns="false"
use-order-by-nulls="true">
<!-- beware use-indices-unique="false" is needed because of Derby bug with null values in a unique index -->
<read-data reader-name="tenant"/>
<read-data reader-name="seed"/>
<read-data reader-name="seed-initial"/>
<read-data reader-name="demo"/>
<read-data reader-name="ext"/>
<read-data reader-name="ext-test"/>
<read-data reader-name="ext-demo"/>
<inline-jdbc
jdbc-driver="org.apache.derby.jdbc.EmbeddedDriver"
jdbc-uri="jdbc:derby:ofbizolap;create=true"
jdbc-username="ofbiz"
jdbc-password-lookup="derby-ofbizolap"
isolation-level="ReadCommitted"
pool-minsize="2"
pool-maxsize="250"
time-between-eviction-runs-millis="600000"/>
<!-- <jndi-jdbc jndi-server-name="localjndi" jndi-name="java:/DerbyDataSource" isolation-level="ReadCommitted"/> -->
</datasource>
<datasource name="localderbytenant"
helper-class="org.apache.ofbiz.entity.datasource.GenericHelperDAO"
schema-name="OFBIZ"
field-type-name="derby"
check-on-start="true"
add-missing-on-start="true"
use-pk-constraint-names="false"
use-indices-unique="false"
alias-view-columns="false"
use-order-by-nulls="true">
<read-data reader-name="tenant"/>
<read-data reader-name="seed"/>
<read-data reader-name="seed-initial"/>
<read-data reader-name="demo"/>
<read-data reader-name="ext"/>
<read-data reader-name="ext-test"/>
<read-data reader-name="ext-demo"/>
<!-- beware use-indices-unique="false" is needed because of Derby bug with null values in a unique index -->
<inline-jdbc
jdbc-driver="org.apache.derby.jdbc.EmbeddedDriver"
jdbc-uri="jdbc:derby:ofbiztenant;create=true"
jdbc-username="ofbiz"
jdbc-password-lookup="derby-ofbiztenant"
isolation-level="ReadCommitted"
pool-minsize="2"
pool-maxsize="250"
time-between-eviction-runs-millis="600000"/>
<!-- <jndi-jdbc jndi-server-name="localjndi" jndi-name="java:/DerbyDataSource" isolation-level="ReadCommitted"/> -->
</datasource>
<datasource name="localdaffodil"
helper-class="org.apache.ofbiz.entity.datasource.GenericHelperDAO"
field-type-name="daffodil"
check-on-start="true"
add-missing-on-start="true">
<read-data reader-name="tenant"/>
<read-data reader-name="seed"/>
<read-data reader-name="seed-initial"/>
<read-data reader-name="demo"/>
<read-data reader-name="ext"/>
<read-data reader-name="ext-test"/>
<read-data reader-name="ext-demo"/>
<!-- this setup is for the embedded version of Daffodil, with in.co.daffodil.db.jdbc.DaffodilDBDriver -->
<!-- note that Daffodil can also run in a network mode with the driver class: in.co.daffodil.db.rmi.RmiDaffodilDBDriver and URI: jdbc:daffodilDB://<hostname>:<port>/ofbiz;create=true -->
<inline-jdbc
jdbc-driver="in.co.daffodil.db.jdbc.DaffodilDBDriver"
jdbc-uri="jdbc:daffodilDB_embedded:ofbiz;create=true"
jdbc-username="ofbiz"
jdbc-password="ofbiz"
isolation-level="ReadCommitted"
pool-minsize="2"
pool-maxsize="250"
time-between-eviction-runs-millis="600000"/>
<!-- <jndi-jdbc jndi-server-name="localjndi" jndi-name="java:/DaffodilDataSource" isolation-level="ReadCommitted"/> -->
</datasource>
<datasource name="localaxion"
helper-class="org.apache.ofbiz.entity.datasource.GenericHelperDAO"
field-type-name="axion"
check-on-start="true"
add-missing-on-start="true"
use-pk-constraint-names="false">
<read-data reader-name="tenant"/>
<read-data reader-name="seed"/>
<read-data reader-name="seed-initial"/>
<read-data reader-name="demo"/>
<read-data reader-name="ext"/>
<read-data reader-name="ext-test"/>
<read-data reader-name="ext-demo"/>
<inline-jdbc
jdbc-driver="org.axiondb.jdbc.AxionDriver"
jdbc-uri="jdbc:axiondb:ofbiz:data/axion/ofbiz"
jdbc-username="ofbiz"
jdbc-password="ofbiz"
isolation-level="ReadCommitted"
pool-minsize="2"
pool-maxsize="250"
time-between-eviction-runs-millis="600000"/>
</datasource>
<!-- Also consider:
mysql.conf
[client]
default-character-set=utf8
[mysql]
default-character-set=utf8
[mysqld]
collation-server = utf8_unicode_ci
init-connect='SET NAMES utf8'
character-set-server = utf8
Mysql Version: > 5.6.4 (supports datetime milliseconds)
-->
<datasource name="localmysql"
helper-class="org.apache.ofbiz.entity.datasource.GenericHelperDAO"
field-type-name="mysql"
check-on-start="true"
add-missing-on-start="true"
check-pks-on-start="false"
use-foreign-keys="true"
join-style="ansi-no-parenthesis"
alias-view-columns="false"
drop-fk-use-foreign-key-keyword="true"
table-type="InnoDB"
character-set="utf8"
collate="utf8_general_ci">
<read-data reader-name="tenant"/>
<read-data reader-name="seed"/>
<read-data reader-name="seed-initial"/>
<read-data reader-name="demo"/>
<read-data reader-name="ext"/>
<read-data reader-name="ext-test"/>
<read-data reader-name="ext-demo"/>
<inline-jdbc
jdbc-driver="com.mysql.jdbc.Driver"
jdbc-uri="jdbc:mysql://127.0.0.1/ofbiz?autoReconnect=true&amp;characterEncoding=UTF-8"
jdbc-username="ofbiz"
jdbc-password="ofbiz"
isolation-level="ReadCommitted"
pool-minsize="2"
pool-maxsize="250"
time-between-eviction-runs-millis="600000"/><!-- Please note that at least one person has experienced a problem with this value with MySQL
and had to set it to -1 in order to avoid this issue.
For more look at http://markmail.org/thread/5sivpykv7xkl66px and http://commons.apache.org/dbcp/configuration.html-->
<!-- <jndi-jdbc jndi-server-name="localjndi" jndi-name="java:/MySqlDataSource" isolation-level="Serializable"/> -->
</datasource>
<datasource name="localmysqlolap"
helper-class="org.apache.ofbiz.entity.datasource.GenericHelperDAO"
field-type-name="mysql"
check-on-start="true"
add-missing-on-start="true"
check-pks-on-start="false"
use-foreign-keys="true"
join-style="ansi-no-parenthesis"
alias-view-columns="false"
drop-fk-use-foreign-key-keyword="true"
table-type="InnoDB"
character-set="utf8"
collate="utf8_general_ci">
<read-data reader-name="tenant"/>
<read-data reader-name="seed"/>
<read-data reader-name="seed-initial"/>
<read-data reader-name="demo"/>
<read-data reader-name="ext"/>
<read-data reader-name="ext-test"/>
<read-data reader-name="ext-demo"/>
<inline-jdbc
jdbc-driver="com.mysql.jdbc.Driver"
jdbc-uri="jdbc:mysql://127.0.0.1/ofbizolap?autoReconnect=true&amp;characterEncoding=UTF-8"
jdbc-username="ofbiz"
jdbc-password="ofbiz"
isolation-level="ReadCommitted"
pool-minsize="2"
pool-maxsize="250"
time-between-eviction-runs-millis="600000"/><!-- Please note that at least one person has experienced a problem with this value with MySQL
and had to set it to -1 in order to avoid this issue.
For more look at http://markmail.org/thread/5sivpykv7xkl66px and http://commons.apache.org/dbcp/configuration.html-->
<!-- <jndi-jdbc jndi-server-name="localjndi" jndi-name="java:/MySqlDataSource" isolation-level="Serializable"/> -->
</datasource>
<datasource name="localmysqltenant"
helper-class="org.apache.ofbiz.entity.datasource.GenericHelperDAO"
field-type-name="mysql"
check-on-start="true"
add-missing-on-start="true"
check-pks-on-start="false"
use-foreign-keys="true"
join-style="ansi-no-parenthesis"
alias-view-columns="false"
drop-fk-use-foreign-key-keyword="true"
table-type="InnoDB"
character-set="utf8"
collate="utf8_general_ci">
<read-data reader-name="tenant"/>
<read-data reader-name="seed"/>
<read-data reader-name="seed-initial"/>
<read-data reader-name="demo"/>
<read-data reader-name="ext"/>
<read-data reader-name="ext-test"/>
<read-data reader-name="ext-demo"/>
<inline-jdbc
jdbc-driver="com.mysql.jdbc.Driver"
jdbc-uri="jdbc:mysql://127.0.0.1/ofbiztenant?autoReconnect=true&amp;characterEncoding=UTF-8"
jdbc-username="ofbiz"
jdbc-password="ofbiz"
isolation-level="ReadCommitted"
pool-minsize="2"
pool-maxsize="250"
time-between-eviction-runs-millis="600000"/><!-- Please note that at least one person has experienced a problem with this value with MySQL
and had to set it to -1 in order to avoid this issue.
For more look at http://markmail.org/thread/5sivpykv7xkl66px and http://commons.apache.org/dbcp/configuration.html-->
<!-- <jndi-jdbc jndi-server-name="localjndi" jndi-name="java:/MySqlDataSource" isolation-level="Serializable"/> -->
</datasource>
<datasource name="odbcmysql"
helper-class="org.apache.ofbiz.entity.datasource.GenericHelperDAO"
field-type-name="mysql"
check-on-start="true"
add-missing-on-start="true"
check-pks-on-start="false"
use-foreign-keys="true"
join-style="ansi-no-parenthesis"
alias-view-columns="false"
drop-fk-use-foreign-key-keyword="true"
table-type="InnoDB"
character-set="utf8"
collate="utf8_general_ci">
<read-data reader-name="tenant"/>
<read-data reader-name="seed"/>
<inline-jdbc
jdbc-driver="com.mysql.jdbc.Driver"
jdbc-uri="jdbc:mysql://127.0.0.1/ofbiz_odbc?autoReconnect=true&amp;characterEncoding=UTF-8"
jdbc-username="ofbiz"
jdbc-password="ofbiz"
isolation-level="ReadCommitted"
pool-minsize="2"
pool-maxsize="250"
time-between-eviction-runs-millis="600000"/>
<!-- <jndi-jdbc jndi-server-name="localjndi" jndi-name="java:/MySqlDataSource" isolation-level="Serializable"/> -->
</datasource>
<datasource name="localpostgres"
helper-class="org.apache.ofbiz.entity.datasource.GenericHelperDAO"
schema-name="public"
field-type-name="postgres"
check-on-start="true"
add-missing-on-start="true"
use-fk-initially-deferred="false"
alias-view-columns="false"
join-style="ansi"
use-binary-type-for-blob="true"
use-order-by-nulls="true"
result-fetch-size="50"> <!-- Comment out the result-fetch-size attribute for jdbc driver versions older than 8.0.
Not recommended to use those though. They are archived unsupported versions: http://jdbc.postgresql.org/download.html -->
<read-data reader-name="tenant"/>
<read-data reader-name="seed"/>
<read-data reader-name="seed-initial"/>
<read-data reader-name="demo"/>
<read-data reader-name="ext"/>
<read-data reader-name="ext-test"/>
<read-data reader-name="ext-demo"/>
<inline-jdbc
jdbc-driver="org.postgresql.Driver"
jdbc-uri="jdbc:postgresql://127.0.0.1/ofbiz"
jdbc-username="ofbiz"
jdbc-password="ofbiz"
isolation-level="ReadCommitted"
pool-minsize="2"
pool-maxsize="250"
time-between-eviction-runs-millis="600000"/><!-- Be warned that at this date (2009-09-20) the max_connections parameters in postgresql.conf
is set by default to 100 by the initdb process see http://www.postgresql.org/docs/8.4/static/runtime-config-connection.html#GUC-MAX-CONNECTIONS-->
<!-- <jndi-jdbc jndi-server-name="default" jndi-name="java:comp/env/jdbc/localpostgres" isolation-level="ReadCommitted"/>-->
<!-- <jndi-jdbc jndi-server-name="default" jndi-name="comp/env/jdbc/xa/localpostgres" isolation-level="ReadCommitted"/> --> <!-- Orion Style JNDI name -->
<!-- <jndi-jdbc jndi-server-name="localweblogic" jndi-name="PostgresDataSource"/> --> <!-- Weblogic Style JNDI name -->
<!-- <jndi-jdbc jndi-server-name="default" jndi-name="jdbc/localpostgres" isolation-level="ReadCommitted"/> --> <!-- JRun4 Style JNDI name -->
<!-- <tyrex-dataSource dataSource-name="localpostgres" isolation-level="ReadCommitted"/> -->
</datasource>
<datasource name="localpostgresolap"
helper-class="org.apache.ofbiz.entity.datasource.GenericHelperDAO"
schema-name="public"
field-type-name="postgres"
check-on-start="true"
add-missing-on-start="true"
use-fk-initially-deferred="false"
alias-view-columns="false"
join-style="ansi"
result-fetch-size="50"
use-binary-type-for-blob="true"
use-order-by-nulls="true">
<read-data reader-name="tenant"/>
<read-data reader-name="seed"/>
<read-data reader-name="seed-initial"/>
<read-data reader-name="demo"/>
<read-data reader-name="ext"/>
<read-data reader-name="ext-test"/>
<read-data reader-name="ext-demo"/>
<inline-jdbc
jdbc-driver="org.postgresql.Driver"
jdbc-uri="jdbc:postgresql://127.0.0.1/ofbizolap"
jdbc-username="ofbiz"
jdbc-password="ofbiz"
isolation-level="ReadCommitted"
pool-minsize="2"
pool-maxsize="250"
time-between-eviction-runs-millis="600000"/><!-- Be warned that at this date (2009-09-20) the max_connections parameters in postgresql.conf
is set by default to 100 by the initdb process see http://www.postgresql.org/docs/8.4/static/runtime-config-connection.html#GUC-MAX-CONNECTIONS-->
<!-- <jndi-jdbc jndi-server-name="default" jndi-name="java:comp/env/jdbc/localpostgres" isolation-level="ReadCommitted"/>-->
<!-- <jndi-jdbc jndi-server-name="default" jndi-name="comp/env/jdbc/xa/localpostgres" isolation-level="ReadCommitted"/> --> <!-- Orion Style JNDI name -->
<!-- <jndi-jdbc jndi-server-name="localweblogic" jndi-name="PostgresDataSource"/> --> <!-- Weblogic Style JNDI name -->
<!-- <jndi-jdbc jndi-server-name="default" jndi-name="jdbc/localpostgres" isolation-level="ReadCommitted"/> --> <!-- JRun4 Style JNDI name -->
<!-- <tyrex-dataSource dataSource-name="localpostgres" isolation-level="ReadCommitted"/> -->
</datasource>
<datasource name="localpostgrestenant"
helper-class="org.apache.ofbiz.entity.datasource.GenericHelperDAO"
schema-name="public"
field-type-name="postgres"
check-on-start="true"
add-missing-on-start="true"
use-fk-initially-deferred="false"
alias-view-columns="false"
join-style="ansi"
result-fetch-size="50"
use-binary-type-for-blob="true"
use-order-by-nulls="true">
<read-data reader-name="tenant"/>
<read-data reader-name="seed"/>
<read-data reader-name="seed-initial"/>
<read-data reader-name="demo"/>
<read-data reader-name="ext"/>
<read-data reader-name="ext-test"/>
<read-data reader-name="ext-demo"/>
<inline-jdbc
jdbc-driver="org.postgresql.Driver"
jdbc-uri="jdbc:postgresql://127.0.0.1/ofbiztenant"
jdbc-username="ofbiz"
jdbc-password="ofbiz"
isolation-level="ReadCommitted"
pool-minsize="2"
pool-maxsize="250"
time-between-eviction-runs-millis="600000"/><!-- Be warned that at this date (2009-09-20) the max_connections parameters in postgresql.conf
is set by default to 100 by the initdb process see http://www.postgresql.org/docs/8.4/static/runtime-config-connection.html#GUC-MAX-CONNECTIONS-->
<!-- <jndi-jdbc jndi-server-name="default" jndi-name="java:comp/env/jdbc/localpostgres" isolation-level="ReadCommitted"/>-->
<!-- <jndi-jdbc jndi-server-name="default" jndi-name="comp/env/jdbc/xa/localpostgres" isolation-level="ReadCommitted"/> --> <!-- Orion Style JNDI name -->
<!-- <jndi-jdbc jndi-server-name="localweblogic" jndi-name="PostgresDataSource"/> --> <!-- Weblogic Style JNDI name -->
<!-- <jndi-jdbc jndi-server-name="default" jndi-name="jdbc/localpostgres" isolation-level="ReadCommitted"/> --> <!-- JRun4 Style JNDI name -->
<!-- <tyrex-dataSource dataSource-name="localpostgres" isolation-level="ReadCommitted"/> -->
</datasource>
<datasource name="localoracle"
helper-class="org.apache.ofbiz.entity.datasource.GenericHelperDAO"
schema-name="OFBIZ"
field-type-name="oracle"
check-on-start="true"
add-missing-on-start="true"
alias-view-columns="false"
join-style="ansi"
use-order-by-nulls="true">
<read-data reader-name="tenant"/>
<read-data reader-name="seed"/>
<read-data reader-name="seed-initial"/>
<read-data reader-name="demo"/>
<read-data reader-name="ext"/>
<read-data reader-name="ext-test"/>
<read-data reader-name="ext-demo"/>
<inline-jdbc
jdbc-driver="oracle.jdbc.driver.OracleDriver"
jdbc-uri="jdbc:oracle:thin:@127.0.0.1:1521:ofbiz"
jdbc-username="ofbiz"
jdbc-password="ofbiz"
pool-minsize="2"
pool-maxsize="250"
time-between-eviction-runs-millis="600000"/>
</datasource>
<datasource name="localoracledd"
helper-class="org.apache.ofbiz.entity.datasource.GenericHelperDAO"
schema-name="OFBIZ"
field-type-name="oracle"
check-on-start="true"
add-missing-on-start="true"
join-style="ansi"
use-order-by-nulls="true">
<read-data reader-name="main"/>
<inline-jdbc
jdbc-driver="com.ddtek.jdbc.oracle.OracleDriver"
jdbc-uri="jdbc:datadirect:oracle://127.0.0.1:1521;SID=ofbiz"
jdbc-username="ofbiz"
jdbc-password="ofbiz"
pool-minsize="2"
pool-maxsize="250"
time-between-eviction-runs-millis="600000"/>
</datasource>
<datasource name="localsybase"
helper-class="org.apache.ofbiz.entity.datasource.GenericHelperDAO"
field-type-name="sybase"
schema-name="dbo"
check-on-start="true"
add-missing-on-start="true"
use-fk-initially-deferred="false"
join-style="ansi">
<read-data reader-name="tenant"/>
<read-data reader-name="seed"/>
<read-data reader-name="seed-initial"/>
<read-data reader-name="demo"/>
<read-data reader-name="ext"/>
<read-data reader-name="ext-test"/>
<read-data reader-name="ext-demo"/>
<inline-jdbc
jdbc-driver="com.sybase.jdbc2.jdbc.SybDriver"
jdbc-uri="jdbc:sybase:Tds:10.1.1.10:11222/ofbiz?DYNAMIC_PREPARE=true"
jdbc-username="ofbiz"
jdbc-password="ofbiz1"
isolation-level="ReadCommitted"
pool-minsize="2"
pool-maxsize="250"
time-between-eviction-runs-millis="600000"/>
</datasource>
<datasource name="localsapdb"
helper-class="org.apache.ofbiz.entity.datasource.GenericHelperDAO"
field-type-name="sapdb"
check-on-start="true"
add-missing-on-start="true"
fk-style="name_fk"
use-fk-initially-deferred="false"
join-style="ansi-no-parenthesis">
<read-data reader-name="tenant"/>
<read-data reader-name="seed"/>
<read-data reader-name="seed-initial"/>
<read-data reader-name="demo"/>
<read-data reader-name="ext"/>
<read-data reader-name="ext-test"/>
<read-data reader-name="ext-demo"/>
<inline-jdbc
jdbc-driver="com.sap.dbtech.jdbc.DriverSapDB"
jdbc-uri="jdbc:sapdb://localhost/OFBIZ"
jdbc-username="ofbiz"
jdbc-password="ofbiz"
isolation-level="ReadCommitted"
pool-minsize="2"
pool-maxsize="250"
time-between-eviction-runs-millis="600000"/>
<!-- <jndi-jdbc jndi-server-name="default" jndi-name="comp/env/jdbc/xa/localsapdb" isolation-level="ReadCommitted"/> --> <!-- Orion Style JNDI name -->
<!-- <jndi-jdbc jndi-server-name="localweblogic" jndi-name="SapDBDataSource"/> --> <!-- Weblogic Style JNDI name -->
<!-- <jndi-jdbc jndi-server-name="default" jndi-name="jdbc/localsapdb" isolation-level="ReadCommitted"/> --> <!-- JRun4 Style JNDI name -->
<!-- <tyrex-dataSource dataSource-name="localsapdb" isolation-level="ReadCommitted"/> -->
</datasource>
<datasource name="localfirebird"
helper-class="org.apache.ofbiz.entity.datasource.GenericHelperDAO"
field-type-name="firebird"
check-on-start="true"
use-foreign-key-indices="false"
add-missing-on-start="true"
alias-view-columns="false"
join-style="ansi">
<read-data reader-name="tenant"/>
<read-data reader-name="seed"/>
<read-data reader-name="seed-initial"/>
<read-data reader-name="demo"/>
<read-data reader-name="ext"/>
<read-data reader-name="ext-test"/>
<read-data reader-name="ext-demo"/>
<inline-jdbc
jdbc-driver="org.firebirdsql.jdbc.FBDriver"
jdbc-uri="jdbc:firebirdsql:127.0.0.1:C:\\data\\ofbiz.gdb"
jdbc-username="SYSDBA"
jdbc-password="masterkey"
isolation-level="ReadCommitted"
pool-minsize="2"
pool-maxsize="250"
time-between-eviction-runs-millis="600000"/>
<!-- Sample remote URI: jdbc-uri="jdbc:firebirdsql://localhost:3050//opt/interbase/data/ofbiz.gdb" -->
<!-- <jndi-jdbc jndi-server-name="default" jndi-name="comp/env/jdbc/xa/localfirebird" isolation-level="ReadCommitted"/> --> <!-- Orion Style JNDI name -->
<!-- <tyrex-dataSource dataSource-name="firebird" isolation-level="ReadCommitted"/> -->
</datasource>
<!--
The following has been tested with SQL Server 2005 + MS SQL Server JDBC Driver 1.1
Tips:
1. Make sure your SQL Server has mixed mode authentication as per this post:
http://aspadvice.com/blogs/plitwin/archive/2006/09/10/Login-failed-_2E002E002E00_-not-associated-with-a-trusted-SQL-server-connection.aspx
2. Make sure you have copied JDBC driver jar to entity/lib/jdbc
3. Make sure you have installed JDBC Driver XA support as per MSSQL_JDBC_HOME/enu/xa/xa_install.sql
4. Make sure that you have created and authorized the ofbiz database and login
5. Make sure that schema-name, jdbc-username, jdbc-password and databaseName are all correct!
Notes:
a. The reason for putting SelectMethod=cursor property in URL is explained here:
http://forum.java.sun.com/thread.jspa?forumID=48&threadID=184797
b. If using an old version of the driver, beware of this resource leak:
http://support.microsoft.com/kb/820773/
-->
<datasource name="localmssql"
helper-class="org.apache.ofbiz.entity.datasource.GenericHelperDAO"
schema-name="dbo"
field-type-name="mssql"
check-on-start="true"
add-missing-on-start="true"
join-style="ansi"
alias-view-columns="false"
use-fk-initially-deferred="false">
<read-data reader-name="tenant"/>
<read-data reader-name="seed"/>
<read-data reader-name="seed-initial"/>
<read-data reader-name="demo"/>
<read-data reader-name="ext"/>
<read-data reader-name="ext-test"/>
<read-data reader-name="ext-demo"/>
<inline-jdbc
jdbc-driver="com.microsoft.sqlserver.jdbc.SQLServerDriver"
jdbc-uri="jdbc:sqlserver://localhost:1791;databaseName=ofbiz;SelectMethod=cursor;"
jdbc-username="ofbiz"
jdbc-password="ofbiz"
isolation-level="ReadCommitted"
pool-minsize="2"
pool-maxsize="250"
time-between-eviction-runs-millis="600000"/>
<!-- <jndi-jdbc jndi-server-name="default" jndi-name="comp/env/jdbc/xa/localmssql" isolation-level="ReadCommitted"/> --> <!-- Orion Style JNDI name -->
</datasource>
<datasource name="localp6spy"
helper-class="org.apache.ofbiz.entity.datasource.GenericHelperDAO"
schema-name="public"
field-type-name="postgres"
check-on-start="true"
add-missing-on-start="true"
join-style="ansi">
<read-data reader-name="tenant"/>
<read-data reader-name="seed"/>
<read-data reader-name="seed-initial"/>
<read-data reader-name="demo"/>
<read-data reader-name="ext"/>
<read-data reader-name="ext-test"/>
<read-data reader-name="ext-demo"/>
<inline-jdbc
jdbc-driver="com.p6spy.engine.spy.P6SpyDriver"
jdbc-uri="jdbc:postgresql://127.0.0.1/ofbiz"
jdbc-username="ofbiz"
jdbc-password="ofbiz"
isolation-level="ReadCommitted"
pool-minsize="2"
pool-maxsize="250"
time-between-eviction-runs-millis="600000"/>
<!-- <jndi-jdbc jndi-server-name="localjndi" jndi-name="java:/OracleDataSource" isolation-level="Serializable"/> -->
</datasource>
<datasource name="localadvantage"
helper-class="org.apache.ofbiz.entity.datasource.GenericHelperDAO"
field-type-name="advantage"
check-on-start="true"
add-missing-on-start="true"
check-indices-on-start="false"
use-foreign-keys="false"
use-foreign-key-indices="true"
join-style="ansi-no-parenthesis"
alias-view-columns="false"
always-use-constraint-keyword="true">
<read-data reader-name="tenant"/>
<read-data reader-name="seed"/>
<read-data reader-name="seed-initial"/>
<read-data reader-name="demo"/>
<read-data reader-name="ext"/>
<read-data reader-name="ext-test"/>
<read-data reader-name="ext-demo"/>
<inline-jdbc
jdbc-driver="com.extendedsystems.jdbc.advantage.ADSDriver"
jdbc-uri="jdbc:extendedsystems:advantage://localhost:6262;catalog=c:\\advantage\\OFBIZ.ADD;TableType=adt"
jdbc-username="ADSSYS"
jdbc-password="adssys"
isolation-level="ReadCommitted"
pool-minsize="2"
pool-maxsize="250"
time-between-eviction-runs-millis="600000"/>
</datasource>
<!-- According to http://markmail.org/message/s75sf6zhtizzkqbv Since version V6R1 (AS/400, db2) there is no need for an own fieldtype.xml - just use the derby-fieldtypes like this: -->
<!-- Beware use-indices-unique="false" is needed because of Derby bug with null values in a unique index, not sure it's needed with DB2 -->
<datasource name="DB2"
helper-class="org.apache.ofbiz.entity.datasource.GenericHelperDAO"
schema-name="OFBIZ"
field-type-name="derby"
check-on-start="true"
add-missing-on-start="true"
use-pk-constraint-names="false"
use-indices-unique="false"
alias-view-columns="false"
use-order-by-nulls="true"
offset-style="fetch">
<read-data reader-name="tenant"/>
<read-data reader-name="seed"/>
<read-data reader-name="seed-initial"/>
<read-data reader-name="demo"/>
<read-data reader-name="ext"/>
<read-data reader-name="ext-test"/>
<read-data reader-name="ext-demo"/>
<!-- There is an open source version of the jdbc driver at sourceforge: http://sourceforge.net/projects/jt400/ -->
<inline-jdbc
jdbc-driver="com.ibm.as400.access.AS400JDBCDriver"
jdbc-uri="jdbc:as400:192.168.1.10;prompt=false;libraries=ofbiz;lazyclose=true;translate binary=true"
jdbc-username="ofbiz"
jdbc-password="ofbiz"
isolation-level="ReadCommitted"
pool-minsize="2"
pool-maxsize="250"
time-between-eviction-runs-millis="600000"/>
</datasource>
</entity-config>

265
conf/security.properties Normal file
View file

@ -0,0 +1,265 @@
##############################################################################
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
###############################################################################
####
# OFBiz Security Settings
####
# -- define the password restrictions --
password.length.min=5
### -- pattern based password OFBIZ-4958
security.login.password.pattern.enable=true
security.login.password.pattern=^.*(?=.{5,}).*$
# This is a mix to handle the localisation of the OOTB pattern which is only a fixed length
security.login.password.pattern.description=loginservices.password_must_be_least_characters_long
# -- For More restrictive pattern you can use the following, no localisation-
#security.login.password.pattern=^.*(?=.{5,})(?=.*[a-zA-Z])(?=.*[!@#$%^&*]).*$
#security.login.password.pattern.description=Your password must be 5 characters long, Only contains alphanumeric(number optional) and at least one from following special characters: !@#$%^&*.
# Only contains alphanumeric and the following special characters: !@#$%^&*
# Contains at least 1 of the special characters in the list above
# The required special character can appear anywhere in the string (for example: !abc, a!bc, abc!)
# minimum length 5 digit.
# HELP
# Start of group
# (
# (?=.*\d) # must contains one digit from 0-9
# (?=.*[a-z]) # must contains one lowercase characters
# (?=.*[A-Z]) # must contains one uppercase characters
# (?=.*[!@#$%^&*]) # must contains one special symbols in the list "!@#$%^&*"
# . # match anything with previous condition checking
# {5,20} # length at least 5 characters and maximum of 20
# {5,} # minimum length 5 chars and no linitation to max length.
# )
# End of group
# For further password patterns look at
# http://docs.oracle.com/javase/1.4.2/docs/api/java/util/regex/Pattern.html#sum
# -- disable the account after this many logins --
max.failed.logins=3
# -- number of password change to be saved in UserLoginPasswordHistory.
# -- passwords saved in history of userLoginId will not be allowed to be reused.
# -- 0 to not save history at all
password.change.history.limit=0
# Security Policy : Force user to reset login password in fix number of days -
# To enable this functionality <password.change.history.limit> need to be a non zero number. And <user.auto.change.password.enable> need to set as true.
user.auto.change.password.enable=false
user.change.password.days=90
user.change.password.notification.days=5
# -- disable the account for this many minutes (if 0, then indefinite) --
login.disable.minutes=5
# -- disable global logout --
login.disable.global.logout=false
# -- store a record for each login attempt? --
store.login.history=true
store.login.history.on.service.auth=false
store.login.history.incorrect.password=true
# -- disable impersonation
security.disable.impersonation=true
# -- if you want that an user cannot operate during an administrator impersonate his account. If true, it can be helpful for QA and dev site
security.login.authorised.during.impersonate=false
# -- should we encrypt (SHA Hash) the password? --
password.encrypt=true
# -- specify the type of hash to use for one-way encryption, will be passed to java.security.MessageDigest.getInstance() --
# -- options may include: SHA, PBKDF2WithHmacSHA1, PBKDF2WithHmacSHA256, PBKDF2WithHmacSHA384, PBKDF2WithHmacSHA512 and etc
password.encrypt.hash.type=SHA
# -- if the type of hash to use for one-way encryption is PBKDF2WithHmacSHA1 or PBKDF2WithHmacSHA256 or PBKDF2WithHmacSHA384 or PBKDF2WithHmacSHA512
# -- the type of hash to use for one-way encryption needs iteration
password.encrypt.pbkdf2.iterations=10000
# -- this is helpful to recover old accounts or to be able to login at all sometimes --
# -- SHOULD GENERALLY NOT BE TRUE FOR PRODUCTION SITES, but is useful for interim periods when going to password encryption --
password.accept.encrypted.and.plain=false
# -- set request life time after a password change (like email) in hours, set -1 if you want disable it --
password.request.change.timeout=24
# -- should we convert usernames and passwords to lowercase? (useful for case insensitive usernames and passwords) --
username.lowercase=false
password.lowercase=false
# -- Use LDAP for user authentication? --
security.ldap.enable=false
# -- Fail login if LDAP authentication fails? --
security.ldap.fail.login=false
# -- should we allow x509 certificate login
security.login.cert.allow=true
# -- HTTP header based ID (for integrations; uncomment to enable)
#security.login.http.header=REMOTE_USER
# -- HttpServletRequest.getRemoteUser() based ID (for integration; uncomment to enable)
# Use for external authentication solutions like CAS which overload the getRemoteUser method.
#security.login.http.servlet.remoteuserlogin.allow=true
# -- pattern for the userlogin id in CN section of certificate
security.login.cert.pattern=^(\\w*\\s?\\w*)\\W*.*$
# -- Use Tomcat SingleSignOn valve to allow single sign on (SSO) and single log out (SLO).
# -- Remember to set security.login.externalLoginKey.enabled to false when using Tomcat SSO.
# -- Note Tomcat SSO is not implemented for cluster as Tomcat ClusterSingleSignOn is not used: OFBIZ-10123
security.login.tomcat.sso=false
# -- Hours after which EmailAdressVerification should expire
email_verification.expire.hours=48
# -- Name of the protect-view preprocessor method (this should not change, but in case...)
protect-view.preprocessor=java.org.apache.ofbiz.webapp.control.ProtectViewWorker.checkProtectedView
# -- Name of the default error response view for protected views ("none:" will be rendered as a blank page, see RequestHandler.java)
#default.error.response.view=none:
default.error.response.view=view:viewBlocked
# -- If false, then no externalLoginKey parameters will be added to cross-webapp urls
security.login.externalLoginKey.enabled=true
# -- Security key used to encrypt and decrypt the autogenerated password in forgot password functionality.
# Read Passwords and JWT (JSON Web Tokens) usage documentation to choose the way you want to store this key
login.secret_key_string=login.secret_key_string
# -- Time To Live of the token send to the external server in seconds, 10 seconds seems plenty enough OOTB. Custom projects might want set a lower value.
security.jwt.token.expireTime=1800
# -- Enables the internal Single Sign On feature which allows a token based login between OFBiz instances
# -- To make this work you also have to configure a secret key with security.token.key
security.internal.sso.enabled=false
# -- The secret key for the JWT token signature. Read Passwords and JWT (JSON Web Tokens) usage documentation to choose the way you want to store this key
security.token.key=security.token.key
# -- List of domains or IP addresses to be checked to prevent Host Header Injection,
# -- no spaces after commas,no wildcard, can be extended of course...
host-headers-allowed=localhost,127.0.0.1,__DOMAIN__
# -- By default the SameSite value in SameSiteFilter is 'strict'.
# -- This property allows to change to 'lax' if needed.
# -- If you use 'lax' we recommend that you set
# -- org.apache.ofbiz.security.CsrfDefenseStrategy
# -- for csrf.defense.strategy (see below)
SameSiteCookieAttribute=
# -- Freemarker TemplateClassResolver option, see OFBIZ-11709.
# -- By default OFBiz uses the SAFER_RESOLVER because OOTB it does not use any of the Freemarker classes
# -- that SAFER_RESOLVER prevents: ObjectConstructor, Execute and JythonRuntime.
# -- If you need to use one to these classes you need to change the TemplateClassResolver
# -- to UNRESTRICTED_RESOLVER and look at MemberAccessPolicy. In any cases better read
# -- https://freemarker.apache.org/docs/app_faq.html#faq_template_uploading_security
templateClassResolver=
#-- ===== UPLOAD: supported file formats are *safe* PNG, GIF, TIFF, JPEG, PDF, Audio and Video and ZIP
#--
#-- No proprietary file formats (Excel, Word, etc.) are handled OOTB.
#-- They can be handled by custom projects using https://github.com/righettod/document-upload-protection:
#-- https://github.com/OWASP/www-projectchapter-example/blob/master/cheatsheets/Protect_FileUpload_Against_Malicious_File.md
#-- Also Tika is an option, but you have to check Tika code, to be sure it's secure enough (ie don't use only metadata)
#--
#-- Apache Commons Imaging is used for images.
#-- For supported formats see https://commons.apache.org/proper/commons-imaging/formatsupport.html
#-- Notably https://commons.apache.org/proper/commons-imaging/formatsupport.html#Metadata_Format_Support
#-- OOTB OFBiz only supports PNG, GIF, TIFF and JPEG, it's a breeze to extend using more:
#-- commonsImagingSupportedFormats=BMP,GIF,JPEG/JFIF,ICNS,ICO/CUR,PCX/DCX,PNM/PGM/PBM/PPM/PAMPortablePixmap,PNG,PSD/Photoshop,RGBE/RadianceHDR,\
TIFF,WBMP,XBM,XPM
#-- You should then modify SupportedImageFormats label.
#--
#-- If you want to get more image formats then use imageJ:
#-- For imagejSupportedFormats see https://imagejdocu.tudor.lu/faq/general/which_file_formats_are_supported_by_imagej. NOTE: plugins support is important here
#-- imagejSupportedFormats=TIFF(.tiff,.tif),JPEG(.jpeg,.jpg),BMP(.bmp),FITS(.fits),PGM(.pgm),PPM(.ppm),PBM(.pbm),GIF(.gif),AnimatedGIF(.gif),\
PNG(.png),DICOM(.dic,.dcm,.dicom),PICT(.pict,.pic,.pct),PSD(.psd),TGA(.tga),ICO(.ico),CUR(.cur),Sunraster(.sun),\
XBM(.xbm),XPM(.xpm),PCX(.pcx),ANALYZE,NIfTi,AHF(.ahf),SPE(.spe),PIC(.pic),LeicaTIFF(.tiff,.lei),Quicktime(.pic,.mov),\
AVI(.avi),PDS(.pds),LSM(.lsm),RAW,ISAC,FluoViewTIFF(.tiff),FluoviewFV1000OIB(.oib),\
FluoviewFV1000OIF(.oif,.tif,-ro.pty,.lut,.bmp),IPLAB(.ipl),BrukerNMR(.fid,.ser,.2dseq,.2rr,.2ii,.3rrr,.3iii),FDF(.fdf),\
VFF(.vff),SIF(.sif),AxioVisionZVI(.zvi),DM3(.dm3),Deltavision(.dv,.r3d),MI,NII,NIII,IMG(.img),UNC,PerkinElmer(.tif,.tim,\
.zpo,.csv,.htm,.ano,.rec,.cfg,.2,.3,.4,.5,.6,.7,.8,\u2026),EPS(.eps,.epsi),SEQ(.seq),IPW(.ipw),OpenLabLIFF(.liff),\
OpenLabRAW(.raw),Metamorph(.stk),ICS(.ics,.ids),LeicaLif(.lif),Imaris(.ims),OME-XML(.ome),OME-TIFF(.tiff),\
ABD-TIFF(.tiff),GEL(.gel),Nikon(.nef,.tiff),Slidebook(.sld),SPCImage(.sdt),AL3D(.al3d),ND2(.nd2),μManager(.tif,.txt),\
MRC(.mrc),JPEG2000(.jp2),MNG(.mng),Flex(.flex),NRRD(.nrrd,.nhdr),VIFFbitmapimage(.xv),ROI(.roi),ERS(.ers),RS(.rs),HPGL
#--
#-- PDFBox and PDFReader are used for PDF files
#--
#-- For text files, the philosophy is we can't presume of all possible text contents used for attacks with payloads
#-- At least there is an easy way to prevent them in SecuredUpload::isValidTextFile
#--
#-- List of denied files suffixes to be uploaded
#-- OFBiz of course also check contents...
deniedFileExtensions=html,htm,php,php1,php2,hph3,php4,php5,php6,php7,phps,asp,aspx,asa,asax,ascx,ashx,asmx,jsp,jspa,jspx,jsw,jsv,jspf,jtml,cfm,cfc,bat,exe,com,dll,\
vbs,js,reg,cgi,asis,sh,phtm,pht,phtml,shtm,inc,asp,cdx,asa,cer,py,pl,shtml,hta,ps1,tag,pgif,htaccess,phar,inc,cgi,wss,do,action
#--
#-- The upload vulnerability is only a post-auth (needs a credential with suitable permissions),
#-- people may like to allow more than what is allowed OOTB
#-- As it name says, allowAllUploads opens all possibilities
allowAllUploads=
#--
#-- CSV format used to upload CSV files, cf. https://commons.apache.org/proper/commons-csv/apidocs/org/apache/commons/csv/CSVFormat.html
csvformat=CSVFormat.DEFAULT
#--
#-- List of denied tokens often part of webshells. Note that, for now at least, most are supposed to be used on a *nix system
#-- TODO.... to be continued with known webshell contents... a complete allow list is impossible anyway...
#--
#-- It could notably be improved by checking for all Javascripts payloads.
#-- As listed at https://portswigger.net/web-security/cross-site-scripting/cheat-sheet,
#-- at 2022-02-25 there are 8929 of them considering all tags, all events and all browsers...!
#--
#-- "freemarker" should be OK, should not be used in Freemarker templates, not part of the syntax.
#-- Else "template.utility.Execute" is a good replacement but not as much catching, who knows...
#--
#-- If you are sure you are safe for a token you can remove it, etc.
deniedWebShellTokens=java.,beans,freemarker,<script,javascript,<body,body ,<form,<jsp:,<c:out,taglib,<prefix,<%@ page,<?php,exec(,alert(,\
%eval,@eval,eval(,runtime,import,passthru,shell_exec,assert,str_rot13,system,decode,include,page ,\
chmod,mkdir,fopen,fclose,new file,upload,getfilename,download,getoutputstring,readfile,iframe,object,embed,onload,build,\
python,perl ,/perl,ruby ,/ruby,process,function,class,InputStream,to_server,wget ,static,assign,webappPath,\
ifconfig,route,crontab,netstat,uname ,hostname,iptables,whoami,"cmd",*cmd|,+cmd|,=cmd|,localhost,thread,require,gzdeflate
#-- Max line length for uploaded files, by default 10000
maxLineLength=
#-- Popup last-visited time from database after user has logged in.
#-- So users can know of any unauthorised access to their accounts.
#-- Default is false.
afterlogin.lastvisit.show=
#-- uri used for login (cf jira OFBIZ-12047)
#-- it's a list, each uri should be separated by comma, without space
login.uris=login
#-- If you need to use localhost or 127.0.0.1 in textareas URLs then you can uncomment the allowedProtocols property, here given as an example
#-- You may also put other protocols you want to use, instead or with those
allowedProtocols=localhost,127.0.0.1
#-- By default (OOTB) OFBiz is protected against Large File Denial of Service because build.gradle defines -Xmx1024M
#-- So you can at most upload a file around 500MB (see OFBIZ-11534 for more info)
#-- If you need to upload larger files then follow https://nightlies.apache.org/ofbiz/trunk/readme/html5/#passing-jvm-runtime-options-to-ofbiz
#-- Prevent Freemarker exploits
#-- eg: allowedURIsForFreemarkerInterpolation=createTextContentCms,updateTextContentCms,...
allowedURIsForFreemarkerInterpolation=

8
conf/systemd.service
View file

@ -1,14 +1,14 @@
[Unit]
Description=OFBiz Service
Description=OFBiz
After=network.target
[Service]
Type=simple
User=__APP__
Group=__APP__
WorkingDirectory=__FINALPATH__/
ExecStart=__FINALPATH__/gradlew ofbiz
ExecStop=__FINALPATH__/gradlew "ofbiz --shutdown"
WorkingDirectory=__INSTALL_DIR__/
ExecStart=__INSTALL_DIR__/gradlew ofbiz
ExecStop=__INSTALL_DIR__/gradlew "ofbiz --shutdown"
StandardOutput=append:/var/log/__APP__/__APP__.log
StandardError=inherit

47
conf/url.properties Normal file
View file

@ -0,0 +1,47 @@
###############################################################################
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
###############################################################################
####
# OFBiz Global URL Settings - WebSite specific settings found in WebSite entity
####
# If you want to use HTTP then set no.http=N. Else all requests will use HTTPS (also enforced by a HSTS header) except if put in the http.request-map.list
no.http=Y
http.request-map.list=SOAPService,viewShipmentLabel
# HTTPS Port (Secure port)
port.https.enabled=Y
# empty by default see OFBIZ-9206
port.https=443
force.https.host=__DOMAIN__
# HTTP Port (Not Secure port)
port.http=80
force.http.host=__DOMAIN__
# Static Content URLs to make it easy to move the serving load for static content to other machines
# -- these are for general content such as images, js & css files, or non-dynamic HTML files
content.url.prefix.secure=
content.url.prefix.standard=
# Here you can set the domain string to use for new cookies
cookie.domain=
# Exclude jsessionid for User-Agents (separated by comma's)
link.remove_lsessionid.user_agent_list = googlebot,yahoo,msnbot,mediapartners-google

0
doc/DISCLAIMER.md → doc/ADMIN.md
View file

41
manifest.json
View file

@ -1,41 +0,0 @@
{
"name": "OFBiz",
"id": "ofbiz",
"packaging_format": 1,
"description": {
"en": "Apache-OFBiz ERP"
},
"version": "18.12.07~ynh1",
"url": "https://ofbiz.apache.org",
"upstream": {
"license": "Apache-2.0",
"website": "https://ofbiz.apache.org",
"userdoc": "https://cwiki.apache.org/confluence/display/OFBIZ/Documentation",
"code": "https://github.com/apache/ofbiz-framework"
},
"license": "Apache-2.0",
"maintainer": {
"name": "JulienNICOLAS",
"email": "julien.nicolas@nomaka.fr",
"url": "http://www.nomaka.fr/"
},
"requirements": {
"yunohost": ">= 4.3.0"
},
"multi_instance": false,
"services": [
"nginx"
],
"arguments": {
"install": [
{
"name": "domain",
"type": "domain"
},
{
"name": "admin",
"type": "user"
}
]
}
}

56
manifest.toml Normal file
View file

@ -0,0 +1,56 @@
packaging_format = 2
id = "ofbiz"
name = "OFBiz"
description.en = "Apache-OFBiz ERP"
version = "18.12.07~ynh1"
maintainers = ["JulienNICOLAS"]
[upstream]
license = "Apache-2.0"
website = "https://ofbiz.apache.org"
userdoc = "https://cwiki.apache.org/confluence/display/OFBIZ/Documentation"
code = "https://github.com/apache/ofbiz-framework"
[integration]
yunohost = ">= 11.2"
architectures = "all"
multi_instance = false
ldap = false
sso = false
disk = "50M"
ram.build = "50M"
ram.runtime = "50M"
[install]
[install.domain]
type = "domain"
[install.admin]
type = "user"
[resources]
[resources.sources.main]
url = "https://dlcdn.apache.org/ofbiz/apache-ofbiz-18.12.07.zip"
sha256 = "b3f7b23167cae3ccc96c3d088e42c8df600485b8b7f88ac63b834a82e19fa5de"
[resources.system_user]
[resources.install_dir]
[resources.ports]
[resources.permissions]
main.url = "/"
[resources.apt]
packages = "openjdk-11-jdk, postgresql"
[resources.database]
type = "postgresql"

3
scripts/_common.sh
View file

@ -4,9 +4,6 @@
# COMMON VARIABLES
#=================================================
# dependencies used by the app
pkg_dependencies="openjdk-11-jdk postgresql"
#=================================================
# PERSONAL HELPERS
#=================================================

25
scripts/backup
View file

@ -10,27 +10,6 @@
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
true
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
domain=$(ynh_app_setting_get --app=$app --key=domain)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
#=================================================
# DECLARE DATA AND CONF FILES TO BACKUP
#=================================================
@ -40,7 +19,7 @@ ynh_print_info --message="Declaring files to be backed up..."
# BACKUP THE APP MAIN DIR
#=================================================
ynh_backup --src_path="$final_path"
ynh_backup --src_path="$install_dir"
#=================================================
# BACKUP THE NGINX CONFIGURATION
@ -48,8 +27,6 @@ ynh_backup --src_path="$final_path"
ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# SPECIFIC BACKUP
#=================================================
# BACKUP SYSTEMD
#=================================================

97
scripts/change_url
View file

@ -9,66 +9,6 @@
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# RETRIEVE ARGUMENTS
#=================================================
old_domain=$YNH_APP_OLD_DOMAIN
old_path=$YNH_APP_OLD_PATH
new_domain=$YNH_APP_NEW_DOMAIN
new_path="/"
app=$YNH_APP_INSTANCE_NAME
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..."
# Needed for helper "ynh_add_nginx_config"
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
port=$(ynh_app_setting_get --app=$app --key=port)
# Add settings here as needed by your application
#db_name=$(ynh_app_setting_get --app=$app --key=db_name)
#db_user=$db_name
#db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
#=================================================
# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..."
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
ynh_clean_check_starting
# Remove the new domain config file, the remove script won't do it as it doesn't know yet its location.
ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
# Restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# CHECK WHICH PARTS SHOULD BE CHANGED
#=================================================
change_domain=0
if [ "$old_domain" != "$new_domain" ]
then
change_domain=1
fi
change_path=0
if [ "$old_path" != "$new_path" ]
then
change_path=1
fi
#=================================================
# STANDARD MODIFICATIONS
#=================================================
@ -83,35 +23,7 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app
#=================================================
ynh_script_progression --message="Updating NGINX web server configuration..."
nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
# Change the path in the NGINX config file
if [ $change_path -eq 1 ]
then
# Make a backup of the original NGINX config file if modified
ynh_backup_if_checksum_is_different --file="$nginx_conf_path"
# Set global variables for NGINX helper
domain="$old_domain"
path_url="$new_path"
# Create a dedicated NGINX config
ynh_add_nginx_config
fi
# Change the domain for NGINX
if [ $change_domain -eq 1 ]
then
# Delete file checksum for the old conf file location
ynh_delete_file_checksum --file="$nginx_conf_path"
mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf
# Store file checksum for the new config file location
ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
fi
#=================================================
# SPECIFIC MODIFICATIONS
#=================================================
# ...
#=================================================
ynh_change_url_nginx_config
#=================================================
# GENERIC FINALISATION
@ -123,13 +35,6 @@ ynh_script_progression --message="Starting a systemd service..."
# Start a systemd service
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..."
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================

145
scripts/install
View file

@ -10,100 +10,24 @@ source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_script_progression --message="Setting up source files..."
ynh_clean_setup () {
ynh_clean_check_starting
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
ynh_setup_source --dest_dir="$install_dir"
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
domain=$YNH_APP_ARG_DOMAIN
path_url="/"
admin=$YNH_APP_ARG_ADMIN
app=$YNH_APP_INSTANCE_NAME
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
ynh_script_progression --message="Validating installation parameters..."
final_path=/var/www/$app
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
# Register (book) web path
ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
ynh_script_progression --message="Storing installation settings..."
ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=admin --value=$admin
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# FIND AND OPEN A PORT
#=================================================
ynh_script_progression --message="Finding an available port..."
# Find an available port
port=$(ynh_find_port --port=8095)
ynh_app_setting_set --app=$app --key=port --value=$port
#=================================================
# INSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Installing dependencies..."
ynh_install_app_dependencies $pkg_dependencies
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Configuring system user..."
# Create a system user
ynh_system_user_create --username=$app --home_dir="$final_path"
chmod -R o-rwx "$install_dir"
chown -R $app:www-data "$install_dir"
#=================================================
# CREATE A POSTGRESQL DATABASE
#=================================================
ynh_script_progression --message="Creating a PostgreSQL database..."
db_name=$(ynh_sanitize_dbid --db_name=$app)
db_user=$db_name
db_pwd=$(ynh_string_random --length=30)
ynh_app_setting_set --app=$app --key=db_name --value=$db_name
ynh_app_setting_set --app=$app --key=db_pwd --value=$db_pwd
ynh_psql_test_if_first_run
ynh_psql_create_user "$db_user" "$db_pwd"
ynh_psql_execute_as_root --sql="CREATE DATABASE ${db_name} WITH OWNER ${db_user} TEMPLATE template0 ENCODING 'UTF8';"
ynh_psql_execute_as_root --sql="CREATE DATABASE ${db_name}olap WITH OWNER ${db_user} TEMPLATE template0 ENCODING 'UTF8';"
ynh_psql_execute_as_root --sql="CREATE DATABASE ${db_name}tenant WITH OWNER ${db_user} TEMPLATE template0 ENCODING 'UTF8';"
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_script_progression --message="Setting up source files..."
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path"
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
#=================================================
# NGINX CONFIGURATION
#=================================================
@ -119,30 +43,28 @@ ynh_add_nginx_config
#=================================================
ynh_script_progression --message="Building app..."
ynh_replace_string --match_string="port.https=" --replace_string="port.https=443" --target_file="$final_path/framework/webapp/config/url.properties"
ynh_replace_string --match_string="force.https.host=" --replace_string="force.https.host=$domain" --target_file="$final_path/framework/webapp/config/url.properties"
ynh_replace_string --match_string="port.http=8080" --replace_string="port.http=80" --target_file="$final_path/framework/webapp/config/url.properties"
ynh_replace_string --match_string="force.http.host=" --replace_string="force.http.host=$domain" --target_file="$final_path/framework/webapp/config/url.properties"
ynh_add_config --template="url.properties" --destination="$install_dir/framework/webapp/config/url.properties"
ynh_replace_string --match_string="host-headers-allowed=.*" --replace_string="host-headers-allowed=$domain" --target_file="$final_path/framework/security/config/security.properties"
ynh_add_config --template="security.properties" --destination="$install_dir/framework/security/config/security.properties"
ynh_replace_string --match_string="8443" --replace_string="$port" --target_file="$final_path/framework/catalina/ofbiz-component.xml"
ynh_replace_string --match_string="8443" --replace_string="$port" --target_file="$install_dir/framework/catalina/ofbiz-component.xml"
ynh_replace_string --match_string="jdbc:postgresql://127.0.0.1/ofbiz" --replace_string="jdbc:postgresql://127.0.0.1:5432/${db_name}" --target_file="$final_path/framework/entity/config/entityengine.xml"
ynh_replace_string --match_string="jdbc:postgresql://127.0.0.1/ofbizolap" --replace_string="jdbc:postgresql://127.0.0.1:5432/${db_name}olap" --target_file="$final_path/framework/entity/config/entityengine.xml"
ynh_replace_string --match_string="jdbc:postgresql://127.0.0.1/ofbiztenant" --replace_string="jdbc:postgresql://127.0.0.1:5432/${db_name}tenant" --target_file="$final_path/framework/entity/config/entityengine.xml"
ynh_replace_string --match_string="jdbc-username=\"ofbiz\"" --replace_string="jdbc-username=\"$db_user\"" --target_file="$final_path/framework/entity/config/entityengine.xml"
ynh_replace_string --match_string="jdbc-password=\"ofbiz\"" --replace_string="jdbc-password=\"$db_pwd\"" --target_file="$final_path/framework/entity/config/entityengine.xml"
ynh_replace_string --match_string="group-map group-name=\"org.apache.ofbiz\" datasource-name=\"localderby\"" --replace_string="group-map group-name=\"org.apache.ofbiz\" datasource-name=\"localpostgres\"" --target_file="$final_path/framework/entity/config/entityengine.xml"
ynh_replace_string --match_string="group-map group-name=\"org.apache.ofbiz.olap\" datasource-name=\"localderbyolap\"" --replace_string="group-map group-name=\"org.apache.ofbiz.olap\" datasource-name=\"localpostgresolap\"" --target_file="$final_path/framework/entity/config/entityengine.xml"
ynh_replace_string --match_string="group-map group-name=\"org.apache.ofbiz.tenant\" datasource-name=\"localderbytenant\"" --replace_string="group-map group-name=\"org.apache.ofbiz.tenant\" datasource-name=\"localpostgrestenant\"" --target_file="$final_path/framework/entity/config/entityengine.xml"
ynh_replace_string --match_string="jdbc:postgresql://127.0.0.1/ofbiz" --replace_string="jdbc:postgresql://127.0.0.1:5432/${db_name}" --target_file="$install_dir/framework/entity/config/entityengine.xml"
ynh_replace_string --match_string="jdbc:postgresql://127.0.0.1/ofbizolap" --replace_string="jdbc:postgresql://127.0.0.1:5432/${db_name}olap" --target_file="$install_dir/framework/entity/config/entityengine.xml"
ynh_replace_string --match_string="jdbc:postgresql://127.0.0.1/ofbiztenant" --replace_string="jdbc:postgresql://127.0.0.1:5432/${db_name}tenant" --target_file="$install_dir/framework/entity/config/entityengine.xml"
ynh_replace_string --match_string="jdbc-username=\"ofbiz\"" --replace_string="jdbc-username=\"$db_user\"" --target_file="$install_dir/framework/entity/config/entityengine.xml"
ynh_replace_string --match_string="jdbc-password=\"ofbiz\"" --replace_string="jdbc-password=\"$db_pwd\"" --target_file="$install_dir/framework/entity/config/entityengine.xml"
ynh_replace_string --match_string="group-map group-name=\"org.apache.ofbiz\" datasource-name=\"localderby\"" --replace_string="group-map group-name=\"org.apache.ofbiz\" datasource-name=\"localpostgres\"" --target_file="$install_dir/framework/entity/config/entityengine.xml"
ynh_replace_string --match_string="group-map group-name=\"org.apache.ofbiz.olap\" datasource-name=\"localderbyolap\"" --replace_string="group-map group-name=\"org.apache.ofbiz.olap\" datasource-name=\"localpostgresolap\"" --target_file="$install_dir/framework/entity/config/entityengine.xml"
ynh_replace_string --match_string="group-map group-name=\"org.apache.ofbiz.tenant\" datasource-name=\"localderbytenant\"" --replace_string="group-map group-name=\"org.apache.ofbiz.tenant\" datasource-name=\"localpostgrestenant\"" --target_file="$install_dir/framework/entity/config/entityengine.xml"
ynh_replace_string --match_string="security.ldap.enable=false" --replace_string="security.ldap.enable=true" --target_file="$final_path/framework/security/config/security.properties"
ynh_replace_string --match_string="ldap.dn.template=cn=%u,ou=system" --replace_string="ldap.dn.template=uid=%u,ou=users,dc=yunohost,dc=org" --target_file="$final_path/framework/security/config/jndiLdap.properties"
ynh_replace_string --match_string="security.ldap.enable=false" --replace_string="security.ldap.enable=true" --target_file="$install_dir/framework/security/config/security.properties"
ynh_replace_string --match_string="ldap.dn.template=cn=%u,ou=system" --replace_string="ldap.dn.template=uid=%u,ou=users,dc=yunohost,dc=org" --target_file="$install_dir/framework/security/config/jndiLdap.properties"
cp -f ../conf/build.gradle "$final_path/build.gradle"
pushd "$final_path"
ynh_add_config --template="build.gradle" --destination="$install_dir/build.gradle"
pushd "$install_dir"
ynh_exec_as $app ./gradle/init-gradle-wrapper.sh
ynh_exec_as $app ./gradlew cleanAll loadAll 2>&1
popd
@ -155,13 +77,6 @@ ynh_script_progression --message="Configuring a systemd service..."
# Create a dedicated systemd config
ynh_add_systemd_config
#=================================================
# GENERIC FINALIZATION
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..."
yunohost service add $app --log="/var/log/$app/$app.log"
#=================================================
@ -173,23 +88,7 @@ mkdir -p /var/log/$app
chown -R $app:$app "/var/log/$app"
# Start a systemd service
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="is started and ready"
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Configuring permissions..."
# Everyone can access the app.
# The "main" permission is automatically created before the install script.
ynh_permission_update --permission="main" --add="visitors"
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..."
ynh_systemd_action --service_name=nginx --action=reload
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" #--line_match="is started and ready"
#=================================================
# END OF SCRIPT

74
scripts/remove
View file

@ -9,100 +9,28 @@
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$db_name
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#=================================================
# STANDARD REMOVE
#=================================================
# REMOVE SERVICE INTEGRATION IN YUNOHOST
#=================================================
ynh_script_progression --message="Removing system configurations related to $app..." --weight=1
# Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
if ynh_exec_warn_less yunohost service status $app >/dev/null
then
ynh_script_progression --message="Removing $app service integration..."
yunohost service remove $app
fi
#=================================================
# STOP SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Stopping a systemd service..."
ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" --line_match="Stopped OFBiz Service"
#=================================================
# STOP AND REMOVE SERVICE
#=================================================
ynh_script_progression --message="Stopping and removing the systemd service..."
# Remove the dedicated systemd config
ynh_remove_systemd_config
#=================================================
# REMOVE THE POSTGRESQL DATABASE
#=================================================
ynh_script_progression --message="Removing the PostgreSQL database..."
# Remove a database if it exists, along with the associated user
ynh_psql_drop_db ${db_name}tenant
ynh_psql_drop_db ${db_name}olap
ynh_psql_remove_db --db_user=$db_user --db_name=$db_name
#=================================================
# REMOVE APP MAIN DIR
#=================================================
ynh_script_progression --message="Removing app main directory..."
# Remove the app directory securely
ynh_secure_remove --file="$final_path"
#=================================================
# REMOVE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Removing NGINX web server configuration..."
# Remove the dedicated NGINX config
ynh_remove_nginx_config
#=================================================
# REMOVE DEPENDENCIES
#=================================================
ynh_script_progression --message="Removing dependencies..."
# Remove metapackage and its dependencies
ynh_remove_app_dependencies
#=================================================
# SPECIFIC REMOVE
#=================================================
# REMOVE VARIOUS FILES
#=================================================
ynh_script_progression --message="Removing various files..."
# Remove the log files
ynh_secure_remove --file="/var/log/$app"
#=================================================
# GENERIC FINALIZATION
#=================================================
# REMOVE DEDICATED USER
#=================================================
ynh_script_progression --message="Removing the dedicated system user..."
# Delete a system user
ynh_system_user_delete --username=$app
#=================================================
# END OF SCRIPT
#=================================================

101
scripts/restore
View file

@ -6,127 +6,50 @@
# IMPORT GENERIC HELPERS
#=================================================
# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
ynh_clean_check_starting
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$db_name
db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
port=$(ynh_app_setting_get --app=$app --key=port)
#=================================================
# CHECK IF THE APP CAN BE RESTORED
#=================================================
ynh_script_progression --message="Validating restoration parameters..."
test ! -d $final_path \
|| ynh_die --message="There is already a directory: $final_path "
#=================================================
# STANDARD RESTORATION STEPS
#=================================================
# RESTORE THE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the NGINX web server configuration..."
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
ynh_script_progression --message="Recreating the dedicated system user..."
# Create the dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir="$final_path"
#=================================================
# RESTORE THE APP MAIN DIR
#=================================================
ynh_script_progression --message="Restoring the app main directory..."
ynh_restore_file --origin_path="$final_path"
ynh_restore_file --origin_path="$install_dir"
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
#=================================================
# SPECIFIC RESTORATION
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Reinstalling dependencies..."
# Define and install dependencies
ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
chmod -R o-rwx "$install_dir"
chown -R $app:www-data "$install_dir"
#=================================================
# RESTORE THE POSTGRESQL DATABASE
#=================================================
ynh_script_progression --message="Restoring the PostgreSQL database..."
ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=1
ynh_psql_test_if_first_run
ynh_psql_create_user "$db_user" "$db_pwd"
ynh_psql_execute_as_root --sql="CREATE DATABASE ${db_name} WITH OWNER ${db_user} TEMPLATE template0 ENCODING 'UTF8';"
ynh_psql_execute_as_root --sql="CREATE DATABASE ${db_name}olap WITH OWNER ${db_user} TEMPLATE template0 ENCODING 'UTF8';"
ynh_psql_execute_as_root --sql="CREATE DATABASE ${db_name}tenant WITH OWNER ${db_user} TEMPLATE template0 ENCODING 'UTF8';"
ynh_psql_execute_file_as_root --file="./db.sql" --database=${db_name}
ynh_psql_execute_file_as_root --file="./dbolap.sql" --database=${db_name}olap
ynh_psql_execute_file_as_root --file="./dbtenant.sql" --database=${db_name}tenant
ynh_psql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql
#=================================================
# RESTORE SYSTEMD
#=================================================
ynh_script_progression --message="Restoring the systemd configuration..."
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
systemctl enable $app.service --quiet
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..."
yunohost service add $app --log="/var/log/$app/$app.log"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..."
mkdir -p /var/log/$app
chown -R $app:$app "/var/log/$app"
# Start a systemd service
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="is started and ready"
#=================================================
# GENERIC FINALIZATION
#=================================================
# RELOAD NGINX
# RELOAD NGINX AND PHP-FPM OR THE APP SERVICE
#=================================================
ynh_script_progression --message="Reloading NGINX web server..."
ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1
# Start a systemd service
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="is started and ready"
ynh_systemd_action --service_name=nginx --action=reload

107
scripts/upgrade
View file

@ -10,44 +10,12 @@ source _common.sh
source ynh_package_version
source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
admin=$(ynh_app_setting_get --app=$app --key=admin)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
db_user=$db_name
db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
port=$(ynh_app_setting_get --app=$app --key=port)
#=================================================
# CHECK VERSION
#=================================================
ynh_script_progression --message="Checking version..."
upgrade_type=$(ynh_check_app_version_changed)
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..."
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
ynh_clean_check_starting
# Restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
@ -57,19 +25,6 @@ ynh_script_progression --message="Stopping a systemd service..."
ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" --line_match="Stopped OFBiz Service"
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
ynh_script_progression --message="Ensuring downward compatibility..."
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..."
# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir=$final_path
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
@ -79,12 +34,11 @@ then
ynh_script_progression --message="Upgrading source files..."
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path"
ynh_setup_source --dest_dir="$install_dir"
fi
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path"
chmod -R o-rwx "$install_dir"
chown -R $app:www-data "$install_dir"
#=================================================
# NGINX CONFIGURATION
@ -94,13 +48,6 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..."
# Create a dedicated NGINX config
ynh_add_nginx_config
#=================================================
# UPGRADE DEPENDENCIES
#=================================================
ynh_script_progression --message="Upgrading dependencies..."
ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
#=================================================
# SPECIFIC UPGRADE
#=================================================
@ -111,28 +58,28 @@ if [ "$upgrade_type" == "UPGRADE_APP" ]
then
ynh_script_progression --message="Building app..."
ynh_replace_string --match_string="port.https=" --replace_string="port.https=443" --target_file="$final_path/framework/webapp/config/url.properties"
ynh_replace_string --match_string="force.https.host=" --replace_string="force.https.host=$domain" --target_file="$final_path/framework/webapp/config/url.properties"
ynh_replace_string --match_string="port.http=8080" --replace_string="port.http=80" --target_file="$final_path/framework/webapp/config/url.properties"
ynh_replace_string --match_string="force.http.host=" --replace_string="force.http.host=$domain" --target_file="$final_path/framework/webapp/config/url.properties"
ynh_replace_string --match_string="port.https=" --replace_string="port.https=443" --target_file="$install_dir/framework/webapp/config/url.properties"
ynh_replace_string --match_string="force.https.host=" --replace_string="force.https.host=$domain" --target_file="$install_dir/framework/webapp/config/url.properties"
ynh_replace_string --match_string="port.http=8080" --replace_string="port.http=80" --target_file="$install_dir/framework/webapp/config/url.properties"
ynh_replace_string --match_string="force.http.host=" --replace_string="force.http.host=$domain" --target_file="$install_dir/framework/webapp/config/url.properties"
ynh_replace_string --match_string="host-headers-allowed=.*" --replace_string="host-headers-allowed=$domain" --target_file="$final_path/framework/security/config/security.properties"
ynh_replace_string --match_string="host-headers-allowed=.*" --replace_string="host-headers-allowed=$domain" --target_file="$install_dir/framework/security/config/security.properties"
ynh_replace_string --match_string="8443" --replace_string="$port" --target_file="$final_path/framework/catalina/ofbiz-component.xml"
ynh_replace_string --match_string="8443" --replace_string="$port" --target_file="$install_dir/framework/catalina/ofbiz-component.xml"
ynh_replace_string --match_string="jdbc:postgresql://127.0.0.1/ofbiz" --replace_string="jdbc:postgresql://127.0.0.1:5432/${db_name}" --target_file="$final_path/framework/entity/config/entityengine.xml"
ynh_replace_string --match_string="jdbc:postgresql://127.0.0.1/ofbizolap" --replace_string="jdbc:postgresql://127.0.0.1:5432/${db_name}olap" --target_file="$final_path/framework/entity/config/entityengine.xml"
ynh_replace_string --match_string="jdbc:postgresql://127.0.0.1/ofbiztenant" --replace_string="jdbc:postgresql://127.0.0.1:5432/${db_name}tenant" --target_file="$final_path/framework/entity/config/entityengine.xml"
ynh_replace_string --match_string="jdbc-username=\"ofbiz\"" --replace_string="jdbc-username=\"$db_user\"" --target_file="$final_path/framework/entity/config/entityengine.xml"
ynh_replace_string --match_string="jdbc-password=\"ofbiz\"" --replace_string="jdbc-password=\"$db_pwd\"" --target_file="$final_path/framework/entity/config/entityengine.xml"
ynh_replace_string --match_string="group-map group-name=\"org.apache.ofbiz\" datasource-name=\"localderby\"" --replace_string="group-map group-name=\"org.apache.ofbiz\" datasource-name=\"localpostgres\"" --target_file="$final_path/framework/entity/config/entityengine.xml"
ynh_replace_string --match_string="group-map group-name=\"org.apache.ofbiz.olap\" datasource-name=\"localderbyolap\"" --replace_string="group-map group-name=\"org.apache.ofbiz.olap\" datasource-name=\"localpostgresolap\"" --target_file="$final_path/framework/entity/config/entityengine.xml"
ynh_replace_string --match_string="group-map group-name=\"org.apache.ofbiz.tenant\" datasource-name=\"localderbytenant\"" --replace_string="group-map group-name=\"org.apache.ofbiz.tenant\" datasource-name=\"localpostgrestenant\"" --target_file="$final_path/framework/entity/config/entityengine.xml"
ynh_replace_string --match_string="jdbc:postgresql://127.0.0.1/ofbiz" --replace_string="jdbc:postgresql://127.0.0.1:5432/${db_name}" --target_file="$install_dir/framework/entity/config/entityengine.xml"
ynh_replace_string --match_string="jdbc:postgresql://127.0.0.1/ofbizolap" --replace_string="jdbc:postgresql://127.0.0.1:5432/${db_name}olap" --target_file="$install_dir/framework/entity/config/entityengine.xml"
ynh_replace_string --match_string="jdbc:postgresql://127.0.0.1/ofbiztenant" --replace_string="jdbc:postgresql://127.0.0.1:5432/${db_name}tenant" --target_file="$install_dir/framework/entity/config/entityengine.xml"
ynh_replace_string --match_string="jdbc-username=\"ofbiz\"" --replace_string="jdbc-username=\"$db_user\"" --target_file="$install_dir/framework/entity/config/entityengine.xml"
ynh_replace_string --match_string="jdbc-password=\"ofbiz\"" --replace_string="jdbc-password=\"$db_pwd\"" --target_file="$install_dir/framework/entity/config/entityengine.xml"
ynh_replace_string --match_string="group-map group-name=\"org.apache.ofbiz\" datasource-name=\"localderby\"" --replace_string="group-map group-name=\"org.apache.ofbiz\" datasource-name=\"localpostgres\"" --target_file="$install_dir/framework/entity/config/entityengine.xml"
ynh_replace_string --match_string="group-map group-name=\"org.apache.ofbiz.olap\" datasource-name=\"localderbyolap\"" --replace_string="group-map group-name=\"org.apache.ofbiz.olap\" datasource-name=\"localpostgresolap\"" --target_file="$install_dir/framework/entity/config/entityengine.xml"
ynh_replace_string --match_string="group-map group-name=\"org.apache.ofbiz.tenant\" datasource-name=\"localderbytenant\"" --replace_string="group-map group-name=\"org.apache.ofbiz.tenant\" datasource-name=\"localpostgrestenant\"" --target_file="$install_dir/framework/entity/config/entityengine.xml"
ynh_replace_string --match_string="security.ldap.enable=false" --replace_string="security.ldap.enable=true" --target_file="$final_path/framework/security/config/security.properties"
ynh_replace_string --match_string="ldap.dn.template=cn=%u,ou=system" --replace_string="ldap.dn.template=uid=%u,ou=users,dc=yunohost,dc=org" --target_file="$final_path/framework/security/config/jndiLdap.properties"
ynh_replace_string --match_string="security.ldap.enable=false" --replace_string="security.ldap.enable=true" --target_file="$install_dir/framework/security/config/security.properties"
ynh_replace_string --match_string="ldap.dn.template=cn=%u,ou=system" --replace_string="ldap.dn.template=uid=%u,ou=users,dc=yunohost,dc=org" --target_file="$install_dir/framework/security/config/jndiLdap.properties"
cp -f ../conf/build.gradle "$final_path/build.gradle"
cp -f ../conf/build.gradle "$install_dir/build.gradle"
fi
#=================================================
@ -143,13 +90,6 @@ ynh_script_progression --message="Upgrading systemd configuration..."
# Create a dedicated systemd config
ynh_add_systemd_config
#=================================================
# GENERIC FINALIZATION
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..."
yunohost service add $app --log="/var/log/$app/$app.log"
#=================================================
@ -163,13 +103,6 @@ chown -R $app:$app "/var/log/$app"
# Start a systemd service
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="is started and ready"
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading NGINX web server..."
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================

0
tests.toml Normal file
View file