diff --git a/issue_template.md b/.github/ISSUE_TEMPLATE.md similarity index 87% rename from issue_template.md rename to .github/ISSUE_TEMPLATE.md index 37692b7..2729a6b 100644 --- a/issue_template.md +++ b/.github/ISSUE_TEMPLATE.md @@ -6,12 +6,12 @@ about: When creating a bug report, please use the following template to provide **How to post a meaningful bug report** 1. *Read this whole template first.* -2. *Make sure you are on the right place:* +2. *Determine if you are on the right place:* - *If you were performing an action on the app from the webadmin or the CLI (install, update, backup, restore, change_url...), you are on the right place!* - *Otherwise, the issue may be due to the app itself. Refer to its documentation or repository for help.* - - *In doubt, ask here and we will figure it out together.* -3. *Delete these italic comments as you write over them below, and remove this guide.* ---- + - *When in doubt, post here and we will figure it out together.* +3. *Delete the italic comments as you write over them below, and remove this guide.* +--- ### Describe the bug @@ -22,7 +22,7 @@ about: When creating a bug report, please use the following template to provide - Hardware: *VPS bought online / Old laptop or computer / Raspberry Pi at home / Internet Cube with VPN / Other ARM board / ...* - YunoHost version: x.x.x - I have access to my server: *Through SSH | through the webadmin | direct access via keyboard / screen | ...* -- Are you in a special context or did you perform some particular tweaking on your YunoHost instance ?: *no / yes* +- Are you in a special context or did you perform some particular tweaking on your YunoHost instance?: *no / yes* - If yes, please explain: - Using, or trying to install package version/branch: - If upgrading, current package version: *can be found in the admin, or with `yunohost app info $app_id`* @@ -31,13 +31,13 @@ about: When creating a bug report, please use the following template to provide - *If you performed a command from the CLI, the command itself is enough. For example:* ```sh - sudo yunohost app install owntracks + sudo yunohost app install the_app ``` - *If you used the webadmin, please perform the equivalent command from the CLI first.* - *If the error occurs in your browser, explain what you did:* 1. *Go to '...'* - 2. *Click on '....'* - 3. *Scroll down to '....'* + 2. *Click on '...'* + 3. *Scroll down to '...'* 4. *See error* ### Expected behavior diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..ef70e18 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,16 @@ +## Problem + +- *Description of why you made this PR* + +## Solution + +- *And how do you fix that problem* + +## PR Status + +- [ ] Code finished and ready to be reviewed/tested +- [ ] The fix/enhancement were manually tested (if applicable) + +## Automatic tests + +Automatic tests can be triggered on https://ci-apps-dev.yunohost.org/ *after creating the PR*, by commenting "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!". (N.B. : for this to work you need to be a member of the Yunohost-Apps organization) diff --git a/check_process b/check_process index f06c296..eb3cefc 100644 --- a/check_process +++ b/check_process @@ -1,12 +1,9 @@ -# See here for more information -# https://github.com/YunoHost/package_check#syntax-check_process-file - ;; Test complet ; Manifest - domain="domain.tld" (DOMAIN) - path="/path" (PATH) - user="package_checker" (USER) - is_public=1 (PUBLIC|public=1|private=0) + domain="domain.tld" + path="/path" + user="package_checker" + is_public=1 ; Checks pkg_linter=1 setup_sub_dir=1 @@ -18,7 +15,6 @@ upgrade=1 from_commit=86aa2259d605c9504e7e3e25f07e28b609d4ae5a backup_restore=1 multi_instance=1 - port_already_use=0 change_url=1 ;;; Options Email= diff --git a/conf/nginx.conf b/conf/nginx.conf index 7ee10c3..64fc3fe 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -29,7 +29,7 @@ location __PATH__/ { location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; - fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock; + fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; fastcgi_index index.php; include fastcgi_params; @@ -37,7 +37,6 @@ location __PATH__/ { fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $request_filename; } - # PHP configuration end # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index 2aec4a2..ab1a471 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -1,10 +1,11 @@ ; Start a new pool named 'www'. -; the variable $pool can we used in any directive and will be replaced by the +; the variable $pool can be used in any directive and will be replaced by the ; pool name ('www' here) [__NAMETOCHANGE__] ; Per pool prefix ; It only applies on the following directives: +; - 'access.log' ; - 'slowlog' ; - 'listen' (unixsocket) ; - 'chroot' @@ -24,17 +25,19 @@ group = __USER__ ; The address on which to accept FastCGI requests. ; Valid syntaxes are: -; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on ; a specific port; -; 'port' - to listen on a TCP socket to all addresses on a -; specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; ; '/path/to/unix/socket' - to listen on a unix socket. ; Note: This value is mandatory. -listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock +listen = /var/run/php/php__PHPVERSION__-fpm-__NAMETOCHANGE__.sock -; Set listen(2) backlog. A value of '-1' means unlimited. -; Default Value: 128 (-1 on FreeBSD and OpenBSD) -;listen.backlog = 128 +; Set listen(2) backlog. +; Default Value: 511 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 511 ; Set permissions for unix socket, if one is used. In Linux, read/write ; permissions must be set in order to allow connections from a web server. Many @@ -44,8 +47,13 @@ listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock listen.owner = www-data listen.group = www-data ;listen.mode = 0660 +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = -; List of ipv4 addresses of FastCGI clients which are allowed to connect. +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original ; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address ; must be separated by a comma. If this value is left blank, connections will be @@ -59,7 +67,13 @@ listen.group = www-data ; - The pool processes will inherit the master process priority ; unless it specified otherwise ; Default Value: no set -; priority = -19 +; process.priority = -19 + +; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user +; or group is differrent than the master process user. It allows to create process +; core dump and ptrace the process for the pool user. +; Default Value: no +; process.dumpable = yes ; Choose how the process manager will control the number of child processes. ; Possible Values: @@ -96,7 +110,7 @@ pm = dynamic ; forget to tweak pm.* to fit your needs. ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' ; Note: This value is mandatory. -pm.max_children = 10 +pm.max_children = 5 ; The number of child processes created on startup. ; Note: Used only when pm is set to 'dynamic' @@ -122,7 +136,7 @@ pm.max_spare_servers = 3 ; This can be useful to work around memory leaks in 3rd party libraries. For ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. ; Default Value: 0 -pm.max_requests = 500 +;pm.max_requests = 500 ; The URI to view the FPM status page. If this value is not set, no URI will be ; recognized as a status page. It shows the following informations: @@ -215,7 +229,7 @@ pm.max_requests = 500 ; last request memory: 0 ; ; Note: There is a real-time FPM status monitoring sample web page available -; It's available in: ${prefix}/share/fpm/status.html +; It's available in: /usr/share/php/7.0/fpm/status.html ; ; Note: The value must start with a leading slash (/). The value can be ; anything, but it may not be a good idea to use the .php extension or it @@ -275,7 +289,7 @@ pm.max_requests = 500 ; - %{megabytes}M ; - %{mega}M ; %n: pool name -; %o: ouput header +; %o: output header ; it must be associated with embraces to specify the name of the header: ; - %{Content-Type}o ; - %{X-Powered-By}o @@ -291,9 +305,13 @@ pm.max_requests = 500 ; %t: server time the request was received ; it can accept a strftime(3) format: ; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t ; %T: time the log has been written (the request has finished) ; it can accept a strftime(3) format: ; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t ; %u: remote user ; ; Default: "%R - %u %t \"%m %r\" %s" @@ -302,13 +320,13 @@ pm.max_requests = 500 ; The log file for slow requests ; Default Value: not set ; Note: slowlog is mandatory if request_slowlog_timeout is set -slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log +;slowlog = log/$pool.log.slow ; The timeout for serving a single request after which a PHP backtrace will be ; dumped to the 'slowlog' file. A value of '0s' means 'off'. ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Default Value: 0 -request_slowlog_timeout = 5s +;request_slowlog_timeout = 0 ; The timeout for serving a single request after which the worker process will ; be killed. This option should be used when the 'max_execution_time' ini option @@ -347,15 +365,24 @@ chdir = __FINALPATH__ ; Note: on highloaded environement, this can cause some delay in the page ; process time (several ms). ; Default Value: no -catch_workers_output = yes +;catch_workers_output = yes + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no ; Limits the extensions of the main script FPM will allow to parse. This can ; prevent configuration mistakes on the web server side. You should only limit ; FPM to .php extensions to prevent malicious users to use other extensions to -; exectute php code. +; execute php code. ; Note: set an empty value to allow all extensions. ; Default Value: .php -;security.limit_extensions = .php .php3 .php4 .php5 +;security.limit_extensions = .php .php3 .php4 .php5 .php7 ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from ; the current environment. @@ -390,3 +417,14 @@ catch_workers_output = yes ;php_admin_value[error_log] = /var/log/fpm-php.www.log ;php_admin_flag[log_errors] = on ;php_admin_value[memory_limit] = 32M + +; Common values to change to increase file upload limit +; php_admin_value[upload_max_filesize] = 50M +; php_admin_value[post_max_size] = 50M +; php_admin_flag[mail.add_x_header] = Off + +; Other common parameters +; php_admin_value[max_execution_time] = 600 +; php_admin_value[max_input_time] = 300 +; php_admin_value[memory_limit] = 256M +; php_admin_flag[short_open_tag] = On diff --git a/doc/.DS_Store b/doc/.DS_Store new file mode 100644 index 0000000..f659def Binary files /dev/null and b/doc/.DS_Store differ diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md new file mode 100644 index 0000000..6341700 --- /dev/null +++ b/doc/DISCLAIMER.md @@ -0,0 +1,19 @@ +## Features + +- [OwnTracks features for a HTTP API](http://owntracks.org/booklet/tech/http/), limited to the [features implemented by the PHP recorder](https://github.com/tomyvi/php-owntracks-recorder#features). Notably, no Friends feature. The [upstream PHP recorder has been tweaked](https://github.com/tituspijean/php-owntracks-recorder) to remove a cumbersome PHP dependency. +- Multi-user: each YunoHost user can connect though basic HTTP authentication, and has only access to their data. + +## Installation + +- Install the app on your YunoHost server +- Install the mobile app on your device, see [OwnTracks website](http://owntracks.org) +- Configure your mobile app: + - Allow it to access your location + - Preference > Connection + - Mode: `Private http` + - Host: `https://DOMAIN/PATH/record.php` + - Identification + - Authentication: `enabled` + - Username/password: your YNH credentials + - Device ID: as you wish + - Refer to the [OwnTracks documentation](http://owntracks.org/booklet) for the other settings diff --git a/doc/DISCLAIMER_fr.md b/doc/DISCLAIMER_fr.md new file mode 100644 index 0000000..22a3279 --- /dev/null +++ b/doc/DISCLAIMER_fr.md @@ -0,0 +1,19 @@ +## Caractéristiques + +- [Fonctionnalités d'OwnTracks pour une API HTTP](http://owntracks.org/booklet/tech/http/), limité aux [fonctionnalités implémentées par l'enregistreur PHP](https://github.com/tomyvi/php-owntracks-recorder#features). Notamment, pas de fonction Amis. L'[enregistreur PHP en amont a été modifié](https://github.com/tituspijean/php-owntracks-recorder) pour supprimer une dépendance PHP encombrante. +- Multi-utilisateur : chaque utilisateur YunoHost peut se connecter via l'authentification HTTP de base, et n'a accès qu'à ses données. + +## Installation + +- Installez l'application sur votre serveur YunoHost +- Installez l'application mobile sur votre appareil, consultez le [site Web d'OwnTracks](http://owntracks.org) +- Configurez votre application mobile : + - Autorisez-le à accéder à votre emplacement + - Préférence > Connexion + - Mode : `http privé` + - Hébergeur : `https://DOMAIN/PATH/record.php` + - Identification + - Authentification: `enabled` + - Nom d'utilisateur/mot de passe : vos identifiants YNH + - ID de l'appareil : comme vous le souhaitez + - Reportez-vous à la [documentation d'OwnTracks](http://owntracks.org/booklet) pour les autres paramètres diff --git a/doc/screenshots/screenshot.png b/doc/screenshots/screenshot.png new file mode 100644 index 0000000..3b2e2b0 Binary files /dev/null and b/doc/screenshots/screenshot.png differ diff --git a/manifest.json b/manifest.json index 34e2ecb..eac443c 100644 --- a/manifest.json +++ b/manifest.json @@ -1,13 +1,18 @@ { - "name": "Owntracks", + "name": "OwnTracks", "id": "owntracks", "packaging_format": 1, "description": { "en": "Keep track of your location history", "fr": "Gérez votre historique de géolocalisation" }, - "version": "0.1~ynh9", + "version": "0.1~ynh10", "url": "http://owntracks.org/", + "upstream": { + "license": "GPL-3.0", + "website": "https://owntracks.org/", + "code": "https://github.com/tomyvi/php-owntracks-recorder" + }, "license": "GPL-3.0", "maintainer": { "name": "tituspijean", @@ -15,7 +20,7 @@ "url": "https://github.com/tituspijean/owntracks_ynh" }, "requirements": { - "yunohost": ">= 4.1.7" + "yunohost": ">= 4.2.0" }, "multi_instance": true, "services": [ diff --git a/pull_request_template.md b/pull_request_template.md deleted file mode 100644 index 6c28fc5..0000000 --- a/pull_request_template.md +++ /dev/null @@ -1,16 +0,0 @@ -## Problem -- *Description of why you made this PR* - -## Solution -- *And how do you fix that problem* - -## PR Status -- [ ] Code finished. -- [ ] Tested with Package_check. -- [ ] Fix or enhancement tested. -- [ ] Upgrade from last version tested. -- [ ] Can be reviewed and tested. - -## Package_check results ---- -* An automatic package_check will be launch at https://ci-apps-dev.yunohost.org/, when you add a specific comment to your Pull Request: "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!"* diff --git a/scripts/_common.sh b/scripts/_common.sh index 572cd27..d7614e9 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,8 +4,7 @@ # COMMON VARIABLES #================================================= -# dependencies used by the app -#pkg_dependencies="deb1 deb2 php$YNH_DEFAULT_PHP_VERSION-deb1 php$YNH_DEFAULT_PHP_VERSION-deb2" +YNH_PHP_VERSION="7.3" #================================================= # PERSONAL HELPERS diff --git a/scripts/backup b/scripts/backup index 4038b67..d57362f 100644 --- a/scripts/backup +++ b/scripts/backup @@ -40,13 +40,6 @@ ynh_print_info --message="Declaring files to be backed up..." ynh_backup --src_path="$final_path" -#================================================= -# STANDARD BACKUP STEPS -#================================================= -# BACKUP THE APP MAIN DIR -#================================================= - -ynh_backup "$final_path" #================================================= # BACKUP THE NGINX CONFIGURATION diff --git a/scripts/change_url b/scripts/change_url index 6d5a6d4..8bae500 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -29,11 +29,10 @@ ynh_script_progression --message="Loading installation settings..." # Needed for helper "ynh_add_nginx_config" final_path=$(ynh_app_setting_get --app=$app --key=final_path) - #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= -ynh_script_progression --message="Backing up the app before changing its url (may take a while)..." +ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." # Backup the current version of the app ynh_backup_before_upgrade @@ -68,7 +67,7 @@ fi #================================================= # MODIFY URL IN NGINX CONF #================================================= -ynh_script_progression --message="Updating nginx web server configuration..." +ynh_script_progression --message="Updating NGINX web server configuration..." nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf @@ -99,7 +98,7 @@ fi #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." +ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/install b/scripts/install index 647f600..2254e43 100644 --- a/scripts/install +++ b/scripts/install @@ -37,7 +37,7 @@ test ! -e "$final_path" || ynh_die "This path already contains a folder" if [ $is_public -eq 1 ] && [ ! $user ] then - ynh_die "You must set up an user if owntracks is public" + ynh_die "You must set up an user if OwnTracks is public" fi # Register (book) web path @@ -52,6 +52,14 @@ ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=user --value=$user +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." + +# Create a system user +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # STANDARD MODIFICATIONS #================================================= @@ -73,28 +81,22 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= ynh_script_progression --message="Configuring NGINX web server..." -### `ynh_add_nginx_config` will use the file conf/nginx.conf - # Create a dedicated nginx config ynh_add_nginx_config -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." - -# Create a system user -ynh_system_user_create --username=$app - #================================================= # PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Configuring php-fpm..." +ynh_script_progression --message="Configuring PHP-FPM..." # Create a dedicated php-fpm config ynh_add_fpm_config @@ -115,15 +117,6 @@ ynh_mysql_connect_as $app $db_pwd $db_name < "$final_path/sql/schema.sql" ynh_replace_string "__USER__" "$app" "$final_path/config.inc.php" ynh_replace_string "__DB_PWD__" "$db_pwd" "$final_path/config.inc.php" -#================================================= -# GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= - -# Set permissions to app files -chown -R $app:www-data $final_path - #================================================= # SETUP PERMISSIONS #================================================= diff --git a/scripts/remove b/scripts/remove index f20e7d7..6b297e0 100644 --- a/scripts/remove +++ b/scripts/remove @@ -42,7 +42,7 @@ ynh_secure_remove --file="$final_path" #================================================= # REMOVE NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Removing nginx web server configuration..." +ynh_script_progression --message="Removing NGINX web server configuration..." # Remove the dedicated nginx config ynh_remove_nginx_config @@ -50,7 +50,7 @@ ynh_remove_nginx_config #================================================= # REMOVE PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Removing php-fpm configuration..." +ynh_script_progression --message="Removing PHP-FPM configuration..." # Remove the dedicated php-fpm config ynh_remove_fpm_config diff --git a/scripts/restore b/scripts/restore index 6a6d7f8..59eb08f 100644 --- a/scripts/restore +++ b/scripts/restore @@ -49,6 +49,14 @@ test ! -d $final_path \ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +#================================================= +# RECREATE THE DEDICATED USER +#================================================= +ynh_script_progression --message="Recreating the dedicated system user..." + +# Create the dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # RESTORE THE APP MAIN DIR #================================================= @@ -56,13 +64,9 @@ ynh_script_progression --message="Restoring the app main directory..." ynh_restore_file --origin_path="$final_path" -#================================================= -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." - -# Create the dedicated user (if not existing) -ynh_system_user_create --username=$app +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" #================================================= # RESTORE USER RIGHTS diff --git a/scripts/upgrade b/scripts/upgrade index 574da26..b8f24e0 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -29,6 +29,20 @@ db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) upgrade_type=$(ynh_check_app_version_changed) +#================================================= +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +#================================================= +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= @@ -46,33 +60,20 @@ if [ -z "$final_path" ]; then ynh_app_setting_set --app=$app --key=final_path --value=$final_path fi -### then you may safely remove these lines - # Cleaning legacy permissions -is_public=$(ynh_app_setting_get --app=$app --key=is_public) +if ynh_legacy_permissions_exists; then + ynh_legacy_permissions_delete_all -if [ -n "$is_public" ]; then - # Having this line first is important ynh_app_setting_delete --app=$app --key=is_public - # Delete legacy permission settings - ynh_app_setting_delete --app=$app --key=unprotected_uris - ynh_app_setting_delete --app=$app --key=protected_uris - ynh_app_setting_delete --app=$app --key=skipped_uris fi #================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +# CREATE DEDICATED USER #================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." +ynh_script_progression --message="Making sure dedicated system user exists..." -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - # restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" #================================================= # STANDARD UPGRADE STEPS @@ -88,6 +89,10 @@ then ynh_setup_source --dest_dir="$final_path" fi +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= @@ -96,14 +101,6 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." # Create a dedicated nginx config ynh_add_nginx_config -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." - -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app - #================================================= # PHP-FPM CONFIGURATION #================================================= @@ -121,15 +118,6 @@ ynh_add_fpm_config ynh_replace_string --match_string="__USER__" --replace_string="$app" --target_file="$final_path/config.inc.php" ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$final_path/config.inc.php" -#================================================= -# GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= - -# Set right permissions for curl installation -chown -R $app:www-data $final_path - #================================================= # RELOAD NGINX #=================================================