From 72c3a867da2f38e0fdf4ebcaedce125677fca165 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Tue, 27 Feb 2024 23:20:13 +0100 Subject: [PATCH] Full rework of package following PR #35 - Fix regression #35 - python dependancy - Fix regression #35 - armv7 support - Fix regression #35 - bad install dir - Fix DB setup and don't request password to user - Fix data storage path - Add SSO support - Update app to 8.3 (will be updated to 8.4 by auto update) - Add mail support - Remove legacy uwsig and use gunicorn instead - Remove expect dependancy - Set permission explicitly - Add multi instance support - Simplify again restore script --- conf/config_local.py | 126 ++++++++++++++- conf/nginx.conf | 11 +- conf/pgadmin.service | 46 ++++++ conf/postgres-reg.ini | 6 + conf/requirement_bookworm.txt | 116 ++++++++++++++ conf/requirement_bullseye.txt | 117 ++++++++++++++ conf/server.json | 18 --- conf/setup.exp | 20 --- conf/uwsgi.ini | 27 ---- doc/ADMIN.md | 4 - doc/POST_INSTALL.md | 5 - doc/POST_UPGRADE.d/7.7~ynh2.md | 5 - manifest.toml | 32 ++-- scripts/_common.sh | 71 +++++++-- scripts/backup | 16 +- scripts/change_url | 10 +- scripts/experimental_helper.sh | 145 ------------------ scripts/install | 54 +++---- scripts/remove | 10 +- scripts/restore | 40 ++--- scripts/upgrade | 38 +++-- sources/avoid_create_user_on_setup_db.patch | 41 +++++ ...ult_webserver_new_user_role_to_admin.patch | 15 ++ sources/fix_add_local_db.patch | 64 ++++++++ tests.toml | 3 +- 25 files changed, 686 insertions(+), 354 deletions(-) create mode 100644 conf/pgadmin.service create mode 100644 conf/postgres-reg.ini create mode 100644 conf/requirement_bookworm.txt create mode 100644 conf/requirement_bullseye.txt delete mode 100644 conf/server.json delete mode 100755 conf/setup.exp delete mode 100644 conf/uwsgi.ini delete mode 100644 doc/POST_INSTALL.md delete mode 100644 doc/POST_UPGRADE.d/7.7~ynh2.md create mode 100644 sources/avoid_create_user_on_setup_db.patch create mode 100644 sources/change_default_webserver_new_user_role_to_admin.patch create mode 100644 sources/fix_add_local_db.patch diff --git a/conf/config_local.py b/conf/config_local.py index 40da066..949ceec 100644 --- a/conf/config_local.py +++ b/conf/config_local.py @@ -1,5 +1,127 @@ #!/usr/bin/env python3 -DESKTOP_USER = '__APP__@__DOMAIN__' +import builtins +import logging +import os +import sys + +########################################################################## +# Server settings +########################################################################## + +SERVER_MODE = True + +DATA_DIR = '__DATA_DIR__' +REGISTRY_CONFIG_FILE = '__INSTALL_DIR__/postgres-reg.ini' + +########################################################################## +# Log settings +########################################################################## + +# Debug mode? +DEBUG = False + +# Application log level - one of: +# CRITICAL 50 +# ERROR 40 +# WARNING 30 +# SQL 25 +# INFO 20 +# DEBUG 10 +# NOTSET 0 +CONSOLE_LOG_LEVEL = logging.WARNING +FILE_LOG_LEVEL = logging.WARNING + +# Log format. +CONSOLE_LOG_FORMAT = '%(asctime)s: %(levelname)s\t%(name)s:\t%(message)s' +FILE_LOG_FORMAT = '%(asctime)s: %(levelname)s\t%(name)s:\t%(message)s' + +# Log file name +LOG_FILE = '/var/log/__APP__/pgadmin4.log' + +# Log rotation setting +# Log file will be rotated considering values for LOG_ROTATION_SIZE +# & LOG_ROTATION_AGE. Rotated file will be named in format +# - LOG_FILE.Y-m-d_H-M-S +LOG_ROTATION_SIZE = 10 # In MBs +LOG_ROTATION_AGE = 1440 # In minutes +LOG_ROTATION_MAX_LOG_FILES = 90 # Maximum number of backups to retain + +########################################################################## +# Mail server settings +########################################################################## + +# These settings are used when running in web server mode for confirming +# and resetting passwords etc. +# See: http://pythonhosted.org/Flask-Mail/ for more info +MAIL_SERVER = '__DOMAIN__' +MAIL_PORT = 587 +MAIL_USE_SSL = True +MAIL_USE_TLS = False +MAIL_USERNAME = '__APP__' +MAIL_PASSWORD = '__MAIL_PWD__' +MAIL_DEBUG = False + +# Flask-Security overrides Flask-Mail's MAIL_DEFAULT_SENDER setting, so +# that should be set as such: +SECURITY_EMAIL_SENDER = '__APP__@__DOMAIN__' + +########################################################################## +# Master password is used to encrypt/decrypt saved server passwords +# Applicable for desktop mode only +########################################################################## +MASTER_PASSWORD_REQUIRED = True + +########################################################################## + +# pgAdmin encrypts the database connection and ssh tunnel password using a +# master password or pgAdmin login password (for other authentication sources) +# before storing it in the pgAdmin configuration database. +# +# Below setting is used to allow the user to specify the path to a script +# or program that will return an encryption key which will be used to +# encrypt the passwords. This setting is used only in server mode when +# auth sources are oauth, Kerberos, and webserver. +# +# You can pass the current username as an argument to the external script +# by specifying %u in config value. +# E.g. - MASTER_PASSWORD_HOOK = '/passwdgen_script.sh %u' +########################################################################## +MASTER_PASSWORD_HOOK = 'cat __DATA_DIR__/master_pwd' + +########################################################################## +# External Authentication Sources +########################################################################## + +# Default setting is internal +# External Supported Sources: ldap, kerberos, oauth2 +# Multiple authentication can be achieved by setting this parameter to +# ['ldap', 'internal'] or ['oauth2', 'internal'] or +# ['webserver', 'internal'] etc. +# pgAdmin will authenticate the user with ldap/oauth2 whatever first in the +# list, in case of failure the second authentication option will be considered. + +AUTHENTICATION_SOURCES = ['webserver'] + +########################################################################## +# Webserver Configuration +########################################################################## + +WEBSERVER_AUTO_CREATE_USER = True + +# REMOTE_USER variable will be used to check the environment variable +# is set or not first, if not available, +# request header will be checked for the same. +# Possible values: REMOTE_USER, HTTP_X_FORWARDED_USER, X-Forwarded-User + +WEBSERVER_REMOTE_USER = 'REMOTE_USER' + +########################################################################## +# PSQL tool settings +########################################################################## +# This will enable PSQL tool in pgAdmin when running in server mode. +# PSQL is always enabled in Desktop mode, however in server mode it is +# disabled by default because users can run arbitrary commands on the +# server through it. +ENABLE_PSQL = True -DATA_DIR = '__INSTALL_DIR__/data' diff --git a/conf/nginx.conf b/conf/nginx.conf index e184597..ff079c9 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,9 +1,8 @@ -location __PATH__ { - include uwsgi_params; - uwsgi_pass unix:///run/__NAME__/app.socket; - - uwsgi_read_timeout 180; - uwsgi_send_timeout 180; +#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; +location __PATH__/ { + include proxy_params; + proxy_pass http://unix:/run/__APP__/app.socket; + proxy_set_header X-Script-Name __PATH__; # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; diff --git a/conf/pgadmin.service b/conf/pgadmin.service new file mode 100644 index 0000000..90d1308 --- /dev/null +++ b/conf/pgadmin.service @@ -0,0 +1,46 @@ +[Unit] +Description=PgAdmin service +After=network.target + +[Service] +Type=simple +User=__APP__ +WorkingDirectory=__INSTALL_DIR__ +RuntimeDirectory=__APP__ +# Note don't increase workers > 1 as it don't work +ExecStart=__INSTALL_DIR__/venv/bin/gunicorn --bind unix:/run/__APP__/app.socket --workers=1 --threads=10 --chdir __INSTALL_DIR__/venv/lib/python__PYTHON_VERSION__/site-packages/pgadmin4 pgAdmin4:app +Restart=always +RestartSec=3 + +# Sandboxing options to harden security +# Depending on specificities of your service/app, you may need to tweak these +# .. but this should be a good baseline +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG + +[Install] +WantedBy=multi-user.target diff --git a/conf/postgres-reg.ini b/conf/postgres-reg.ini new file mode 100644 index 0000000..ee3fd73 --- /dev/null +++ b/conf/postgres-reg.ini @@ -0,0 +1,6 @@ +[PostgreSQL/__POSTGRESQL_VERSION__] +DataDirectory=/var/lib/postgresql/__POSTGRESQL_VERSION__/main/ +Description=Yunohost Server +Port=5432 +Superuser=__DB_USER__ +Password=__DB_PWD__ diff --git a/conf/requirement_bookworm.txt b/conf/requirement_bookworm.txt new file mode 100644 index 0000000..946917c --- /dev/null +++ b/conf/requirement_bookworm.txt @@ -0,0 +1,116 @@ +alembic==1.13.1 +Authlib==1.2.1 +azure-common==1.1.28 +azure-core==1.30.0 +azure-identity==1.15.0 +azure-mgmt-core==1.4.0 +azure-mgmt-rdbms==10.1.0 +azure-mgmt-resource==23.0.1 +azure-mgmt-subscription==3.1.1 +Babel==2.14.0 +bcrypt==4.0.1 +bidict==0.22.1 +blinker==1.7.0 +boto3==1.33.13 +botocore==1.33.13 +Brotli==1.1.0 +cachetools==5.3.2 +certifi==2024.2.2 +cffi==1.16.0 +charset-normalizer==3.3.2 +click==8.1.7 +colorama==0.4.6 +cryptography==41.0.7 +dnspython==2.5.0 +email-validator==2.1.0.post1 +eventlet==0.34.2 +Flask==2.3.3 +flask-babel==4.0.0 +Flask-Compress==1.14 +Flask-Gravatar==0.5.0 +Flask-Login==0.6.3 +Flask-Mail==0.9.1 +Flask-Migrate==4.0.5 +Flask-Paranoid==0.3.0 +Flask-Principal==0.4.0 +Flask-Security-Too==5.2.0 +Flask-SocketIO==5.3.6 +Flask-SQLAlchemy==3.1.1 +Flask-WTF==1.2.1 +google-api-core==2.17.0 +google-api-python-client==2.117.0 +google-auth==2.27.0 +google-auth-httplib2==0.2.0 +google-auth-oauthlib==1.1.0 +googleapis-common-protos==1.62.0 +greenlet==3.0.3 +h11==0.14.0 +httpagentparser==1.9.5 +httplib2==0.22.0 +idna==3.6 +importlib-metadata==7.0.1 +importlib-resources==6.1.1 +isodate==0.6.1 +itsdangerous==2.1.2 +jaraco.classes==3.3.1 +jeepney==0.8.0 +Jinja2==3.1.3 +jmespath==1.0.1 +keyring==24.3.0 +ldap3==2.9.1 +Mako==1.3.2 +markdown-it-py==3.0.0 +MarkupSafe==2.1.5 +mdurl==0.1.2 +more-itertools==10.2.0 +msal==1.26.0 +msal-extensions==1.1.0 +msrest==0.7.1 +oauthlib==3.2.2 +packaging==23.2 +paramiko==3.4.0 +passlib==1.7.4 +pgadmin4==8.3 +portalocker==2.8.2 +protobuf==4.25.2 +psutil==5.9.8 +psycopg==3.1.12 +psycopg-c==3.1.12 +pyasn1==0.5.1 +pyasn1-modules==0.3.0 +pycparser==2.21 +Pygments==2.17.2 +PyJWT==2.8.0 +PyNaCl==1.5.0 +pyotp==2.9.0 +pyparsing==3.1.1 +pypng==0.20220715.0 +python-dateutil==2.8.2 +python-engineio==4.9.0 +python-socketio==5.11.1 +pytz==2023.4 +qrcode==7.4.2 +requests==2.31.0 +requests-oauthlib==1.3.1 +rich==13.7.0 +rsa==4.9 +s3transfer==0.8.2 +SecretStorage==3.3.3 +shellingham==1.5.4 +simple-websocket==1.0.0 +six==1.16.0 +speaklater3==1.4 +SQLAlchemy==2.0.25 +sqlparse==0.4.4 +sshtunnel==0.4.0 +typer==0.9.0 +typing_extensions==4.9.0 +ua-parser==0.18.0 +uritemplate==4.1.1 +urllib3==1.26.18 +user-agents==2.2.0 +Werkzeug==2.3.8 +wsproto==1.2.0 +WTForms==3.1.2 +zipp==3.17.0 +gunicorn==21.2.0 diff --git a/conf/requirement_bullseye.txt b/conf/requirement_bullseye.txt new file mode 100644 index 0000000..76e800a --- /dev/null +++ b/conf/requirement_bullseye.txt @@ -0,0 +1,117 @@ +alembic==1.13.1 +Authlib==1.2.1 +azure-common==1.1.28 +azure-core==1.30.0 +azure-identity==1.15.0 +azure-mgmt-core==1.4.0 +azure-mgmt-rdbms==10.1.0 +azure-mgmt-resource==23.0.1 +azure-mgmt-subscription==3.1.1 +Babel==2.14.0 +bcrypt==4.0.1 +bidict==0.22.1 +blinker==1.7.0 +boto3==1.33.13 +botocore==1.33.13 +Brotli==1.1.0 +cachetools==5.3.2 +certifi==2024.2.2 +cffi==1.16.0 +charset-normalizer==3.3.2 +click==8.1.7 +colorama==0.4.6 +cryptography==41.0.7 +dnspython==2.5.0 +email-validator==2.1.0.post1 +eventlet==0.34.2 +Flask==2.3.3 +flask-babel==4.0.0 +Flask-Compress==1.14 +Flask-Gravatar==0.5.0 +Flask-Login==0.6.3 +Flask-Mail==0.9.1 +Flask-Migrate==4.0.5 +Flask-Paranoid==0.3.0 +Flask-Principal==0.4.0 +Flask-Security-Too==5.2.0 +Flask-SocketIO==5.3.6 +Flask-SQLAlchemy==3.1.1 +Flask-WTF==1.2.1 +google-api-core==2.17.0 +google-api-python-client==2.117.0 +google-auth==2.27.0 +google-auth-httplib2==0.2.0 +google-auth-oauthlib==1.1.0 +googleapis-common-protos==1.62.0 +greenlet==1.1.2 +h11==0.14.0 +httpagentparser==1.9.5 +httplib2==0.22.0 +idna==3.6 +importlib-metadata==7.0.1 +importlib-resources==6.1.1 +isodate==0.6.1 +itsdangerous==2.1.2 +jaraco.classes==3.3.1 +jeepney==0.8.0 +Jinja2==3.1.3 +jmespath==1.0.1 +keyring==24.3.0 +ldap3==2.9.1 +Mako==1.3.2 +markdown-it-py==3.0.0 +MarkupSafe==2.1.5 +mdurl==0.1.2 +more-itertools==10.2.0 +msal==1.26.0 +msal-extensions==1.1.0 +msrest==0.7.1 +oauthlib==3.2.2 +packaging==23.2 +paramiko==3.4.0 +passlib==1.7.4 +pgadmin4==8.3 +pkg_resources==0.0.0 +portalocker==2.8.2 +protobuf==4.25.2 +psutil==5.9.8 +psycopg==3.1.12 +psycopg-c==3.1.12 +pyasn1==0.5.1 +pyasn1-modules==0.3.0 +pycparser==2.21 +Pygments==2.17.2 +PyJWT==2.8.0 +PyNaCl==1.5.0 +pyotp==2.9.0 +pyparsing==3.1.1 +pypng==0.20220715.0 +python-dateutil==2.8.2 +python-engineio==4.9.0 +python-socketio==5.11.1 +pytz==2023.4 +qrcode==7.4.2 +requests==2.31.0 +requests-oauthlib==1.3.1 +rich==13.7.0 +rsa==4.9 +s3transfer==0.8.2 +SecretStorage==3.3.3 +shellingham==1.5.4 +simple-websocket==1.0.0 +six==1.16.0 +speaklater3==1.4 +SQLAlchemy==2.0.25 +sqlparse==0.4.4 +sshtunnel==0.4.0 +typer==0.9.0 +typing_extensions==4.9.0 +ua-parser==0.18.0 +uritemplate==4.1.1 +urllib3==1.26.18 +user-agents==2.2.0 +Werkzeug==2.3.8 +wsproto==1.2.0 +WTForms==3.1.2 +zipp==3.17.0 +gunicorn==21.2.0 diff --git a/conf/server.json b/conf/server.json deleted file mode 100644 index e30fa78..0000000 --- a/conf/server.json +++ /dev/null @@ -1,18 +0,0 @@ -{ - "Servers": { - "1": { - "Name": "YunoHost Server", - "Group": "Servers", - "Host": "localhost", - "Port": 5432, - "MaintenanceDB": "postgres", - "Username": "__DB_USER__", - "Shared": false, - "KerberosAuthentication": false, - "ConnectionParameters": { - "sslmode": "prefer", - "connect_timeout": 10 - } - } - } -} diff --git a/conf/setup.exp b/conf/setup.exp deleted file mode 100755 index 2338cae..0000000 --- a/conf/setup.exp +++ /dev/null @@ -1,20 +0,0 @@ -#!/usr/bin/expect -set timeout 20 - -set cmd [lindex $argv 0] -set arguments [lrange $argv 1 end] - -spawn $cmd {*}$arguments - -expect "Email address:" -send "__EMAIL__\r"; - -expect "Password:" -send {__PASSWORD__}; -send "\r"; - -expect "Retype password:" -send {__PASSWORD__}; -send "\r"; - -interact diff --git a/conf/uwsgi.ini b/conf/uwsgi.ini deleted file mode 100644 index 02be2d0..0000000 --- a/conf/uwsgi.ini +++ /dev/null @@ -1,27 +0,0 @@ -[uwsgi] -# Who will run the code -uid = __APP__ -gid = __APP__ - -# Number of workers -workers = 1 - -# The right granted on the created socket -chmod-socket = 666 - -# Plugin to use and interpretor config -single-interpreter = true -master = true -plugin = python3 - -# Manage the subpath -manage-script-name = true -mount = __PATH__=pgAdmin4.py - -# Virtualenv and python path -virtualenv = __INSTALL_DIR__/venv -pythonpath = __INSTALL_DIR__/venv -chdir = __INSTALL_DIR__/venv/lib/python__PYTHON_VERSION__/site-packages/pgadmin4 - -# The variable holding flask application -callable = app diff --git a/doc/ADMIN.md b/doc/ADMIN.md index 0b5199f..e69de29 100644 --- a/doc/ADMIN.md +++ b/doc/ADMIN.md @@ -1,4 +0,0 @@ -The Postgresql admin user credentials: - -Username: __DB_USER__ -Password: __DB_PWD__ diff --git a/doc/POST_INSTALL.md b/doc/POST_INSTALL.md deleted file mode 100644 index a0e8170..0000000 --- a/doc/POST_INSTALL.md +++ /dev/null @@ -1,5 +0,0 @@ -You can connect to pgAdmin with your email and the password you provided at installation time. - -You will need to provide the Postgresql admin password once, so here it is: `__DB_PWD__`. - -pgAdmin will then store it encrypted, so you won't need anymore. diff --git a/doc/POST_UPGRADE.d/7.7~ynh2.md b/doc/POST_UPGRADE.d/7.7~ynh2.md deleted file mode 100644 index 0b49770..0000000 --- a/doc/POST_UPGRADE.d/7.7~ynh2.md +++ /dev/null @@ -1,5 +0,0 @@ -This upgrade fixes authentication with PostgreSQL. - -You might need to re-enter in pgAdmin the Postgresql admin password: `__DB_PWD__`. - -You can log into pgAdmin with your email and the password you provided during installation. diff --git a/manifest.toml b/manifest.toml index 1bb10cb..2c4c3a1 100644 --- a/manifest.toml +++ b/manifest.toml @@ -7,7 +7,7 @@ name = "pgAdmin4" description.en = "Manage PostgreSQL databases over the web" description.fr = "Application web de gestion des bases de données PostgreSQL" -version = "8.2~ynh2" +version = "8.3~ynh2" maintainers = ["Josué Tille"] @@ -20,9 +20,9 @@ cpe = "cpe:2.3:a:pgadmin:pgadmin" [integration] yunohost = ">= 11.0.11" architectures = "all" -multi_instance = false -ldap = false -sso = false +multi_instance = true +ldap = true +sso = true disk = "700M" ram.build = "300M" ram.runtime = "200M" @@ -39,16 +39,25 @@ ram.runtime = "200M" type = "group" default = "admins" - [install.admin] - type = "user" - - [install.password] - type = "password" - [resources] + [resources.sources.pgadmin_prebuilt_armv7_bookworm] + prefetch = false + armhf.url = "https://github.com/YunoHost-Apps/pgadmin_python_build/releases/download/v4-8.3/pgadmin_4-8.3-bookworm-bin1_armv7l.tar.gz" + armhf.sha256 = "b2fdf884fe74e2e6a41d8f5f8f4b1967bc4ad6fffcfa5a76fc34ef6fe6c62e7e" + + [resources.sources.pgadmin_prebuilt_armv7_bullseye] + prefetch = false + armhf.url = "https://github.com/YunoHost-Apps/pgadmin_python_build/releases/download/v4-8.3/pgadmin_4-8.3-bullseye-bin1_armv7l.tar.gz" + armhf.sha256 = "bf1136e71b52a9bb75b6e3bc75a23a5d49fa104291f8b3f0114593e123e0d078" + [resources.system_user] + allow_email = true + home = "/opt/yunohost/__APP__" [resources.install_dir] + dir = "/opt/yunohost/__APP__" + + [resources.data_dir] [resources.permissions] main.url = "/" @@ -60,9 +69,6 @@ ram.runtime = "200M" "python3-dev", "python3-venv", "postgresql", - "uwsgi", - "uwsgi-plugin-python3", - "expect", "libpq-dev", "libkrb5-dev", ] diff --git a/scripts/_common.sh b/scripts/_common.sh index 5ac19ff..fe1fa92 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -5,26 +5,71 @@ #================================================= python_version="$(python3 -V | cut -d' ' -f2 | cut -d. -f1-2)" +postgresql_version="$(psql -V | cut -d' ' -f3 | cut -d. -f1)" #================================================= # DEFINE ALL COMMON FONCTIONS #================================================= -ynh_install_venv() { - if [ -f "$install_dir/venv/bin/python" ]; then - ynh_exec_as "$app" python3 -m venv "$install_dir/venv" --upgrade - else - ynh_exec_as "$app" python3 -m venv "$install_dir/venv" +install_source() { + # Clean venv is it was on python with an old version in case major upgrade of debian + if [ ! -e $install_dir/venv/lib/python$python_version ]; then + ynh_secure_remove --file=$install_dir/venv/bin + ynh_secure_remove --file=$install_dir/venv/lib + ynh_secure_remove --file=$install_dir/venv/lib64 + ynh_secure_remove --file=$install_dir/venv/include + ynh_secure_remove --file=$install_dir/venv/share + ynh_secure_remove --file=$install_dir/venv/pyvenv.cfg fi - ynh_use_venv - ynh_exec_as "$app" "$venvpy" -m pip install --upgrade --no-cache-dir pip wheel -} -ynh_use_venv() { - venvpy="$install_dir/venv/bin/python3" + if uname -m | grep -q arm + then + # Clean old file, sometime it could make some big issues if we don't do this !! + ynh_secure_remove --file=$install_dir/venv/bin + ynh_secure_remove --file=$install_dir/venv/lib + ynh_secure_remove --file=$install_dir/venv/include + ynh_secure_remove --file=$install_dir/venv/share + ynh_setup_source --dest_dir $install_dir/ --source_id "pgadmin_prebuilt_armv7_$(lsb_release --codename --short)" + else + # Install virtualenv if it don't exist + test -e $install_dir/venv/bin/python3 || python3 -m venv $install_dir/venv + + # Install pgadmin in virtualenv + pip=$install_dir/venv/bin/pip + $pip install --upgrade pip wheel + $pip install --upgrade -r $YNH_APP_BASEDIR/conf/requirement_$(lsb_release --codename --short).txt + fi + + # Apply patchs if needed + if ! grep -F -q '# BEGIN Yunohost Patch' $install_dir/venv/lib/python$python_version/site-packages/pgadmin4/migrations/versions/fdc58d9bd449_.py; then + pushd $install_dir/venv/lib/python$python_version/site-packages/pgadmin4 + patch -p1 < $YNH_APP_BASEDIR/sources/avoid_create_user_on_setup_db.patch + popd + fi + if ! grep -F -q '# BEGIN Yunohost Patch' $install_dir/venv/lib/python$python_version/site-packages/pgadmin4/pgadmin/__init__.py; then + pushd $install_dir/venv/lib/python$python_version/site-packages/pgadmin4 + patch -p1 < $YNH_APP_BASEDIR/sources/fix_add_local_db.patch + popd + fi + if ! grep -F -q '# BEGIN Yunohost Patch' $install_dir/venv/lib/python$python_version/site-packages/pgadmin4/pgadmin/authenticate/webserver.py; then + pushd $install_dir/venv/lib/python$python_version/site-packages/pgadmin4 + patch -p1 < $YNH_APP_BASEDIR/sources/change_default_webserver_new_user_role_to_admin.patch + popd + fi } -_install_pgadmin_pip() { - version=$(ynh_app_upstream_version) - ynh_exec_as "$app" "$venvpy" -m pip install --upgrade "pgadmin4==$version" +set_permission() { + # Set permission + chown $app:$app -R $install_dir + chmod u+rw,o= -R $install_dir + chown $app:$app -R $data_dir + chmod u+rw,o= -R $data_dir + chown $app:$app -R /var/log/$app + chmod u=rwX,g=rX,o= -R /var/log/$app + # Criticals files + chown $app:root $data_dir/master_pwd + chmod u=r,g=,o= $data_dir/master_pwd + chown $app:root $install_dir/postgres-reg.ini + chmod u=r,g=,o= $install_dir/postgres-reg.ini } + diff --git a/scripts/backup b/scripts/backup index 1485371..39bd4a3 100644 --- a/scripts/backup +++ b/scripts/backup @@ -22,24 +22,24 @@ ynh_print_info --message="Declaring files to be backed up..." ynh_backup --src_path="$install_dir" +#================================================= +# BACKUP DATA +#================================================= + +ynh_backup --src_path="$data_dir" --is_big=1 + #================================================= # SYSTEM CONFIGURATION #================================================= ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" - -ynh_backup --src_path="/etc/logrotate.d/$app" - -ynh_backup --src_path="/etc/uwsgi/apps-available/$app.ini" +ynh_backup --src_path=/etc/systemd/system/$app.service #================================================= # BACKUP VARIOUS FILES #================================================= -# Backup hashed password -ynh_psql_execute_as_root --sql="SELECT rolpassword FROM pg_authid WHERE rolname='$app';" | head -3 | tail -1 > hashed_password.txt - -ynh_backup --src_path="/var/log/pgadmin" +ynh_backup --src_path="/var/log/$app" #================================================= # END OF SCRIPT diff --git a/scripts/change_url b/scripts/change_url index 49fd205..c46db0e 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -18,7 +18,7 @@ source /usr/share/yunohost/helpers #================================================= ynh_script_progression --message="Stopping a systemd service..." --weight=1 -ynh_systemd_action --service_name="uwsgi-app@$app.service" --action="stop" --log_path="/var/log/uwsgi/$app/$app.log" +ynh_systemd_action --service_name="$app.service" --action="stop" --log_path="/var/log/$app/$app.log" #================================================= # MODIFY URL IN NGINX CONF @@ -30,12 +30,8 @@ ynh_change_url_nginx_config #================================================= # SPECIFIC MODIFICATIONS #================================================= -# UPDATE CONFIGURATION -#================================================= -ynh_script_progression --message="Updating configuration..." --weight=1 -# Update UWSGI Config -ynh_add_uwsgi_service "python_version" +set_permission #================================================= # GENERIC FINALISATION @@ -45,7 +41,7 @@ ynh_add_uwsgi_service "python_version" ynh_script_progression --message="Starting a systemd service..." --weight=3 # Start a systemd service -ynh_systemd_action --service_name="uwsgi-app@$app.service" --action="restart" --line_match="WSGI app 0 \(mountpoint='[/[:alnum:]_-]*'\) ready in [[:digit:]]* seconds on interpreter" --log_path="/var/log/uwsgi/$app/$app.log" +ynh_systemd_action --service_name="$app.service" --action="restart" --line_match "Listening at: unix:/run/$app/app.socket" --log_path systemd #================================================= # END OF SCRIPT diff --git a/scripts/experimental_helper.sh b/scripts/experimental_helper.sh index 4691926..e69de29 100644 --- a/scripts/experimental_helper.sh +++ b/scripts/experimental_helper.sh @@ -1,145 +0,0 @@ -#================================================= -# UWSGI HELPERS -#================================================= - -# Check if system wide templates are available and correcly configured -# -# usage: ynh_check_global_uwsgi_config -ynh_check_global_uwsgi_config () { - uwsgi --version || ynh_die --message="You need to add uwsgi (and appropriate plugin) as a dependency" - - cat > /etc/systemd/system/uwsgi-app@.service < uwsgi-app@app` -ynh_add_uwsgi_service () { - ynh_check_global_uwsgi_config - - local others_var=${1:-} - local finaluwsgiini="/etc/uwsgi/apps-available/$app.ini" - - # www-data group is needed since it is this nginx who will start the service - usermod --append --groups www-data "$app" || ynh_die --message="It wasn't possible to add user $app to group www-data" - - ynh_backup_if_checksum_is_different --file="$finaluwsgiini" - cp ../conf/uwsgi.ini "$finaluwsgiini" - - # To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable. - # Substitute in a nginx config file only if the variable is not empty - if test -n "${install_dir:-}"; then - ynh_replace_string --match_string="__INSTALL_DIR__" --replace_string="$install_dir" --target_file="$finaluwsgiini" - fi - if test -n "${path_url:-}"; then - ynh_replace_string --match_string="__PATH__" --replace_string="$path_url" --target_file="$finaluwsgiini" - fi - if test -n "${app:-}"; then - ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$finaluwsgiini" - fi - - # Replace all other variable given as arguments - for var_to_replace in $others_var - do - # ${var_to_replace^^} make the content of the variable on upper-cases - # ${!var_to_replace} get the content of the variable named $var_to_replace - ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finaluwsgiini" - done - - ynh_store_file_checksum --file="$finaluwsgiini" - - chown $app:root "$finaluwsgiini" - - # make sure the folder for logs exists and set authorizations - mkdir -p /var/log/uwsgi/$app - chown $app:root /var/log/uwsgi/$app - chmod -R u=rwX,g=rX,o= /var/log/uwsgi/$app - - # Setup specific Systemd rules if necessary - test -e ../conf/uwsgi-app@override.service && \ - mkdir /etc/systemd/system/uwsgi-app@$app.service.d && \ - cp ../conf/uwsgi-app@override.service /etc/systemd/system/uwsgi-app@$app.service.d/override.conf - - systemctl daemon-reload - systemctl enable "uwsgi-app@$app.service" - - # Add as a service - yunohost service add "uwsgi-app@$app" --log "/var/log/uwsgi/$app/$app.log" --description="UWSGI service for $app" -} - -# Remove the dedicated uwsgi ini file -# -# usage: ynh_remove_uwsgi_service -ynh_remove_uwsgi_service () { - local finaluwsgiini="/etc/uwsgi/apps-available/$app.ini" - if [ -e "$finaluwsgiini" ]; then - yunohost service remove "uwsgi-app@$app" - systemctl stop "uwsgi-app@$app.service" - systemctl disable "uwsgi-app@$app.service" - - ynh_secure_remove --file="$finaluwsgiini" - ynh_secure_remove --file="/var/log/uwsgi/$app" - ynh_secure_remove --file="/etc/systemd/system/uwsgi-app@$app.service.d" - fi -} - -ynh_restore_uwsgi_service () { - ynh_check_global_uwsgi_config - systemctl enable "uwsgi-app@$app" --quiet - - # make sure the folder for logs exists and set authorizations - mkdir -p /var/log/uwsgi/$app - chown $app:root /var/log/uwsgi/$app - chmod -R u=rwX,g=rX,o= /var/log/uwsgi/$app - - yunohost service add "uwsgi-app@$app" --log "/var/log/uwsgi/$app/$app.log" --description="UWSGI service for $app" -} - -#================================================= -# OTHERS HELPERS -#================================================= diff --git a/scripts/install b/scripts/install index 229b1f9..5827001 100644 --- a/scripts/install +++ b/scripts/install @@ -10,13 +10,6 @@ source experimental_helper.sh source _common.sh source /usr/share/yunohost/helpers -#================================================= -# INITIALIZE AND STORE SETTINGS -#================================================= - -# Used in expect script -email=$(ynh_user_get_info --username $admin --key 'mail') - #================================================= # Postgresql superuser #================================================= @@ -24,19 +17,24 @@ ynh_script_progression --message="Configuring Postgresql superuser..." --weight ynh_psql_execute_as_root --sql "ALTER USER $db_user WITH SUPERUSER CREATEDB CREATEROLE REPLICATION" + +ynh_script_progression --message='Creating base directory...' + +if [ -n "$(ls -A $data_dir)" ]; then + old_data_dir_path="${data_dir}_$(date '+%Y%m%d.%H%M%S')" + ynh_print_warn "Data directory was not empty. Data was moved to $old_data_dir_path" + mkdir -p $old_data_dir_path + mv -t "$old_data_dir_path" "$data_dir"/* +fi +mkdir -p /var/log/$app + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= + ynh_script_progression --message="Setting up source files..." --weight=5 -ynh_install_venv -_install_pgadmin_pip -mkdir -p "$install_dir/data" - -chown -R "$app:root" "$install_dir" - -mkdir -p /var/log/pgadmin -chown -R "$app:root" /var/log/pgadmin +install_source #================================================= # ADD A CONFIGURATION @@ -44,17 +42,11 @@ chown -R "$app:root" /var/log/pgadmin ynh_script_progression --message="Configuring pgAdmin..." --weight=1 ynh_add_config --template="config_local.py" --destination="$install_dir/venv/lib/python$python_version/site-packages/pgadmin4/config_local.py" -chown -R "$app:root" "$install_dir" +ynh_add_config --template=postgres-reg.ini --destination="$install_dir"/postgres-reg.ini +ynh_string_random --length=60 > "$data_dir"/master_pwd +set_permission -ynh_add_config --template="setup.exp" --destination="$install_dir/setup.exp" -chmod +x "$install_dir/setup.exp" -ynh_exec_as "$app" "$install_dir/setup.exp" "$install_dir/venv/bin/python3" "$install_dir/venv/lib/python$python_version/site-packages/pgadmin4/setup.py" setup-db - -ynh_add_config --template="server.json" --destination="$install_dir/server.json" -ynh_exec_as "$app" "$install_dir/venv/bin/python3" "$install_dir/venv/lib/python$python_version/site-packages/pgadmin4/setup.py" load-servers --user "$email" "$install_dir/server.json" - -# looks like we need to run one command as pgadmin to get access to the dbs ? -ynh_psql_connect_as --user="$db_user" --password="$db_pwd" <<< '\list' >/dev/null +$install_dir/venv/bin/python3 "$install_dir/venv/lib/python$python_version/site-packages/pgadmin4/setup.py" setup-db #================================================= # SYSTEM CONFIGURATION @@ -64,18 +56,20 @@ ynh_script_progression --message="Adding system configurations related to $app.. # Create a dedicated NGINX config ynh_add_nginx_config -# Config uwsgi -ynh_add_uwsgi_service "python_version" +# Add systemd config +ynh_add_systemd_config --service=$app --template=pgadmin.service -ynh_use_logrotate --logfile="/var/log/pgadmin" -chown -R "$app:root" /var/log/pgadmin +yunohost service add $app --log "/var/log/$app/$app.log" --description 'PgAdmin application' + +ynh_use_logrotate --logfile="/var/log/$app" +set_permission #================================================= # START SYSTEMD SERVICE #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=3 -ynh_systemd_action --service_name "uwsgi-app@$app.service" --action="restart" --line_match "WSGI app 0 \(mountpoint='[/[:alnum:]_-]*'\) ready in [[:digit:]]* seconds on interpreter" --log_path "/var/log/uwsgi/$app/$app.log" +ynh_systemd_action --service_name "$app.service" --action="restart" --line_match "Listening at: unix:/run/$app/app.socket" --log_path systemd #================================================= # END OF SCRIPT diff --git a/scripts/remove b/scripts/remove index 25c6b3a..5752a1e 100644 --- a/scripts/remove +++ b/scripts/remove @@ -16,10 +16,9 @@ source /usr/share/yunohost/helpers ynh_script_progression --message="Removing system configurations related to $app..." --weight=1 # Stop service -ynh_systemd_action --service_name "uwsgi-app@$app.service" --action stop - -# Remove uwsgi config -ynh_remove_uwsgi_service +ynh_systemd_action --service_name "$app.service" --action stop +ynh_remove_systemd_config --service=$app +yunohost service remove $app # Remove the app-specific logrotate config ynh_remove_logrotate @@ -37,9 +36,6 @@ ynh_script_progression --message="Removing various files..." --weight=1 # Remove the log files ynh_secure_remove --file="/var/log/$app" -# Remove the log files -ynh_secure_remove --file="/var/log/uwsgi/$app" - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index 36b8025..eb87410 100644 --- a/scripts/restore +++ b/scripts/restore @@ -19,54 +19,38 @@ ynh_script_progression --message="Restoring the Postgresql superuser..." --weigh ynh_psql_execute_as_root --sql "ALTER USER $app WITH SUPERUSER CREATEDB CREATEROLE REPLICATION" #================================================= -# RESTORE THE APP MAIN DIR +# RESTORE ALL CONFIG AND DATA #================================================= -ynh_script_progression --message="Restoring the app main directory..." --weight=1 -ynh_restore_file --origin_path="$install_dir" - -chown -R "$app:root" "$install_dir" +ynh_script_progression --message="Restoring directory and configuration..." --weight=10 +ynh_restore #================================================= # REINSTALL DEPENDENCIES #================================================= ynh_script_progression --message="Updating python virtualenv..." --weight=5 -ynh_install_venv +install_source #================================================= -# RESTORE SYSTEM CONFIGURATIONS +# RESTORE SYSTEMD #================================================= -ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1 +ynh_script_progression --message="Enable systemd services" --weight=2 -ynh_restore_file --origin_path="/etc/logrotate.d/$app" +# systemctl daemon-reload +systemctl enable $app.service --quiet +yunohost service add $app --log "/var/log/$app/$app.log" --description 'PgAdmin application' -ynh_restore_file --origin_path="/etc/uwsgi/apps-available/$app.ini" - -ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" - -#================================================= -# RESTORE VARIOUS FILES -#================================================= -ynh_script_progression --message="Restoring various files..." --weight=1 - -ynh_restore_file --origin_path="/var/log/$app/" -chmod -R 750 /var/log/pgadmin -chown -R "$app:root" /var/log/pgadmin - - -# Restore systemd configuration -ynh_script_progression --message="Reconfiguring application..." --weight=1 -ynh_restore_uwsgi_service +set_permission #================================================= # GENERIC FINALIZATION #================================================= -# RELOAD NGINX AND PHP-FPM OR THE APP SERVICE +# RELOAD NGINX AND THE APP SERVICE #================================================= ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1 -ynh_systemd_action --service_name "uwsgi-app@$app.service" --action="restart" --line_match "WSGI app 0 \(mountpoint='[/[:alnum:]_-]*'\) ready in [[:digit:]]* seconds on interpreter" --log_path "/var/log/uwsgi/$app/$app.log" +ynh_systemd_action --service_name "$app.service" --action="restart" --line_match "Listening at: unix:/run/$app/app.socket" --log_path systemd ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/upgrade b/scripts/upgrade index 3641d36..4c6230b 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -19,6 +19,8 @@ ynh_script_progression --message="Stopping a systemd service..." --weight=1 if [ -f "/etc/uwsgi/apps-available/$app.ini" ]; then ynh_systemd_action --service_name "uwsgi-app@$app.service" --action stop +else + ynh_systemd_action --service_name "$app.service" --action stop fi #================================================= @@ -26,18 +28,25 @@ fi #================================================= ynh_script_progression --message="Ensuring downward compatibility..." --weight=2 -# Set the proper home directory -usermod -d "$install_dir" "$app" - # Clean old uwsgi config ynh_secure_remove /etc/uwsgi/apps-enabled/pgadmin.ini +# Migrate data path if [ -d "/var/lib/pgadmin" ]; then if [ ! -d "$install_dir/data" ]; then - mv "/var/lib/pgadmin" "$install_dir/data" + mv -t "$data_dir" /var/lib/pgadmin/* fi ynh_secure_remove "/var/lib/pgadmin" fi +if [ -d "$install_dir/data" ]; then + if [ ! -d "$install_dir/data" ]; then + mv -t "$data_dir" "$install_dir"/data/* + fi + ynh_secure_remove "$install_dir/data" +fi +if [ ! -e $data_dir/master_pwd ]; then + ynh_string_random --length=60 > $data_dir/master_pwd +fi #================================================= # Postgresql superuser @@ -51,11 +60,7 @@ ynh_psql_execute_as_root --sql "ALTER USER $app WITH PASSWORD '$db_pwd' SUPERUSE # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Upgrading source files..." --weight=6 -ynh_install_venv - -_install_pgadmin_pip - -chown -R "$app:root" "$install_dir" +install_source #================================================= # UPDATE A CONFIG FILE @@ -64,7 +69,7 @@ ynh_script_progression --message="Updating a configuration file..." --weight=1 # CONFIGURE PGADMIN ynh_add_config --template="config_local.py" --destination="$install_dir/venv/lib/python$python_version/site-packages/pgadmin4/config_local.py" -chown -R "$app:root" "$install_dir" +ynh_add_config --template=postgres-reg.ini --destination="$install_dir"/postgres-reg.ini #================================================= # REAPPLY SYSTEM CONFIGURATIONS @@ -74,19 +79,22 @@ ynh_script_progression --message="Upgrading system configurations related to $ap # Create a dedicated NGINX config ynh_add_nginx_config -# Config uwsgi -ynh_add_uwsgi_service "python_version" +# Add systemd config +ynh_add_systemd_config --service=$app --template=pgadmin.service + +yunohost service add $app --log "/var/log/$app/$app.log" --description 'PgAdmin application' # Use logrotate to manage app-specific logfile(s) -ynh_use_logrotate --logfile /var/log/pgadmin --nonappend -chown -R "$app:root" /var/log/pgadmin +ynh_use_logrotate --logfile /var/log/$app --nonappend + +set_permission #================================================= # START SYSTEMD SERVICE #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=3 -ynh_systemd_action --service_name "uwsgi-app@$app.service" --action="restart" --line_match "WSGI app 0 \(mountpoint='[/[:alnum:]_-]*'\) ready in [[:digit:]]* seconds on interpreter" --log_path "/var/log/uwsgi/$app/$app.log" +ynh_systemd_action --service_name "$app.service" --action="restart" --line_match "Listening at: unix:/run/$app/app.socket" --log_path systemd #================================================= # END OF SCRIPT diff --git a/sources/avoid_create_user_on_setup_db.patch b/sources/avoid_create_user_on_setup_db.patch new file mode 100644 index 0000000..e650cf0 --- /dev/null +++ b/sources/avoid_create_user_on_setup_db.patch @@ -0,0 +1,41 @@ +diff --git a/migrations/versions/fdc58d9bd449_.py b/migrations/versions/fdc58d9bd449_.py +index 3a9991a5c..27fe21692 100644 +--- a/migrations/versions/fdc58d9bd449_.py ++++ b/migrations/versions/fdc58d9bd449_.py +@@ -35,7 +35,8 @@ depends_on = None + + def upgrade(): + # ### commands auto generated by Alembic - please adjust! ### +- email, password = user_info() ++ # BEGIN Yunohost Patch ++ # END Yunohost Patch + + version_table = op.create_table( + 'version', sa.Column('name', sa.String(length=32), nullable=False), +@@ -122,11 +123,8 @@ def upgrade(): + + setattr(config, 'SECURITY_PASSWORD_SALT', current_salt) + setattr(config, 'SECRET_KEY', secret_key) +- password = hash_password(password) +- +- op.bulk_insert(user_table, +- [{'email': email, 'password': password, +- 'active': 1, 'confirmed_at': None}]) ++ # BEGIN Yunohost Patch ++ # END Yunohost Patch + + op.bulk_insert(version_table, + [{'name': 'ConfigDB', 'value': 2}]) +@@ -135,11 +133,8 @@ def upgrade(): + [{'name': 'Administrators', + 'description': 'pgAdmin Administrators Role'}]) + +- op.bulk_insert(roles_users_table, +- [{'user_id': 1, 'role_id': 1}]) +- +- op.bulk_insert(server_group_table, +- [{'user_id': 1, 'name': 'Servers'}]) ++ # BEGIN Yunohost Patch ++ # END Yunohost Patch + + # ### end Alembic commands ### diff --git a/sources/change_default_webserver_new_user_role_to_admin.patch b/sources/change_default_webserver_new_user_role_to_admin.patch new file mode 100644 index 0000000..c366ef3 --- /dev/null +++ b/sources/change_default_webserver_new_user_role_to_admin.patch @@ -0,0 +1,15 @@ +diff --git a/pgadmin/authenticate/webserver.py b/pgadmin/authenticate/webserver.py +index 5a9e4533c..9693593dc 100644 +--- a/pgadmin/authenticate/webserver.py ++++ b/pgadmin/authenticate/webserver.py +@@ -121,7 +121,9 @@ class WebserverAuthentication(BaseAuthentication): + return create_user({ + 'username': username, + 'email': useremail, +- 'role': 2, ++ # BEGIN Yunohost Patch ++ 'role': 1, ++ # END Yunohost Patch + 'active': True, + 'auth_source': WEBSERVER + }) diff --git a/sources/fix_add_local_db.patch b/sources/fix_add_local_db.patch new file mode 100644 index 0000000..911fc18 --- /dev/null +++ b/sources/fix_add_local_db.patch @@ -0,0 +1,64 @@ +diff --git a/pgadmin/__init__.py b/pgadmin/__init__.py +index c20016bbc..42ccfd874 100644 +--- a/pgadmin/__init__.py ++++ b/pgadmin/__init__.py +@@ -586,10 +586,22 @@ def create_app(app_name=None): + servergroup = servergroups.first() + servergroup_id = servergroup.id + ++ # BEGIN Yunohost Patch ++ from pgadmin.utils.master_password import get_crypt_key ++ from pgadmin.utils.exception import CryptKeyMissing ++ from pgadmin.utils.crypto import encrypt ++ ++ crypt_key_present, crypt_key = get_crypt_key() ++ if not crypt_key_present: ++ raise CryptKeyMissing ++ # END Yunohost Patch ++ + '''Add a server to the config database''' + ++ # BEGIN Yunohost Patch + def add_server(user_id, servergroup_id, name, superuser, port, +- discovery_id, comment): ++ discovery_id, comment, password): ++ # END Yunohost Patch + # Create a server object if needed, and store it. + servers = Server.query.filter_by( + user_id=user_id, +@@ -609,7 +621,11 @@ def create_app(app_name=None): + connection_params={'sslmode': 'prefer', + 'connect_timeout': 10}, + comment=comment, +- discovery_id=discovery_id) ++ # BEGIN Yunohost Patch ++ discovery_id=discovery_id, ++ password=encrypt(password, crypt_key), ++ save_password=1) ++ # END Yunohost Patch + + db.session.add(svr) + db.session.commit() +@@ -676,7 +692,7 @@ def create_app(app_name=None): + registry = ConfigParser() + + try: +- registry.read('/etc/postgres-reg.ini') ++ registry.read(config.REGISTRY_CONFIG_FILE) + sections = registry.sections() + + # Loop the sections, and get the data from any that are PG or PPAS +@@ -703,9 +719,12 @@ def create_app(app_name=None): + svr_comment = gettext("Auto-detected {0} installation " + "with the data directory at {1}" + ).format(description, data_directory) ++ # BEGIN Yunohost Patch ++ password = registry.get(section, 'Password') + add_server(user_id, servergroup_id, svr_name, + svr_superuser, svr_port, svr_discovery_id, +- svr_comment) ++ svr_comment, password) ++ # END Yunohost Patch + + except Exception as e: + print(str(e)) diff --git a/tests.toml b/tests.toml index fef783d..0b67c0b 100644 --- a/tests.toml +++ b/tests.toml @@ -4,5 +4,6 @@ test_format = 1.0 [default] - test_upgrade_from.da90e7957a1a365f3c840df02c41cd14592030db.name = "Last packaging v1 version" test_upgrade_from.067601ed5bb19dde70f74a1fa1f6230a30efe6b5.name = "7.2~ynh1" + test_upgrade_from.da90e7957a1a365f3c840df02c41cd14592030db.name = "Last packaging v1 version" + test_upgrade_from.55a5fd67889da37d03a5d4614168db76a8817cdb.name = "Pre improvements"