YunoHost-Apps/pgadmin_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/pgadmin_ynh.git synced 2024-09-03 19:56:38 +02:00
Code Issues Activity Actions

Full rework of package following PR #35

Browse source 
- Fix regression #35 - python dependancy
- Fix regression #35 - armv7 support
- Fix regression #35 - bad install dir
- Fix DB setup and don't request password to user
- Fix data storage path
- Add SSO support
- Update app to 8.3 (will be updated to 8.4 by auto update)
- Add mail support
- Remove legacy uwsig and use gunicorn instead
- Remove expect dependancy
- Set permission explicitly
- Add multi instance support
- Simplify again restore script
This commit is contained in:
Josué Tille 2024-02-27 23:20:13 +01:00
parent 55a5fd6788
commit 72c3a867da
No known key found for this signature in database
GPG key ID: 5F259226AD51F2F5
25 changed files with 686 additions and 354 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

126
conf/config_local.py
View file

@ -1,5 +1,127 @@
#!/usr/bin/env python3
DESKTOP_USER = '__APP__@__DOMAIN__'
import builtins
import logging
import os
import sys
##########################################################################
# Server settings
##########################################################################
SERVER_MODE = True
DATA_DIR = '__DATA_DIR__'
REGISTRY_CONFIG_FILE = '__INSTALL_DIR__/postgres-reg.ini'
##########################################################################
# Log settings
##########################################################################
# Debug mode?
DEBUG = False
# Application log level - one of:
# CRITICAL 50
# ERROR 40
# WARNING 30
# SQL 25
# INFO 20
# DEBUG 10
# NOTSET 0
CONSOLE_LOG_LEVEL = logging.WARNING
FILE_LOG_LEVEL = logging.WARNING
# Log format.
CONSOLE_LOG_FORMAT = '%(asctime)s: %(levelname)s\t%(name)s:\t%(message)s'
FILE_LOG_FORMAT = '%(asctime)s: %(levelname)s\t%(name)s:\t%(message)s'
# Log file name
LOG_FILE = '/var/log/__APP__/pgadmin4.log'
# Log rotation setting
# Log file will be rotated considering values for LOG_ROTATION_SIZE
# & LOG_ROTATION_AGE. Rotated file will be named in format
# - LOG_FILE.Y-m-d_H-M-S
LOG_ROTATION_SIZE = 10 # In MBs
LOG_ROTATION_AGE = 1440 # In minutes
LOG_ROTATION_MAX_LOG_FILES = 90 # Maximum number of backups to retain
##########################################################################
# Mail server settings
##########################################################################
# These settings are used when running in web server mode for confirming
# and resetting passwords etc.
# See: http://pythonhosted.org/Flask-Mail/ for more info
MAIL_SERVER = '__DOMAIN__'
MAIL_PORT = 587
MAIL_USE_SSL = True
MAIL_USE_TLS = False
MAIL_USERNAME = '__APP__'
MAIL_PASSWORD = '__MAIL_PWD__'
MAIL_DEBUG = False
# Flask-Security overrides Flask-Mail's MAIL_DEFAULT_SENDER setting, so
# that should be set as such:
SECURITY_EMAIL_SENDER = '__APP__@__DOMAIN__'
##########################################################################
# Master password is used to encrypt/decrypt saved server passwords
# Applicable for desktop mode only
##########################################################################
MASTER_PASSWORD_REQUIRED = True
##########################################################################
# pgAdmin encrypts the database connection and ssh tunnel password using a
# master password or pgAdmin login password (for other authentication sources)
# before storing it in the pgAdmin configuration database.
#
# Below setting is used to allow the user to specify the path to a script
# or program that will return an encryption key which will be used to
# encrypt the passwords. This setting is used only in server mode when
# auth sources are oauth, Kerberos, and webserver.
#
# You can pass the current username as an argument to the external script
# by specifying %u in config value.
# E.g. - MASTER_PASSWORD_HOOK = '<PATH>/passwdgen_script.sh %u'
##########################################################################
MASTER_PASSWORD_HOOK = 'cat __DATA_DIR__/master_pwd'
##########################################################################
# External Authentication Sources
##########################################################################
# Default setting is internal
# External Supported Sources: ldap, kerberos, oauth2
# Multiple authentication can be achieved by setting this parameter to
# ['ldap', 'internal'] or ['oauth2', 'internal'] or
# ['webserver', 'internal'] etc.
# pgAdmin will authenticate the user with ldap/oauth2 whatever first in the
# list, in case of failure the second authentication option will be considered.
AUTHENTICATION_SOURCES = ['webserver']
##########################################################################
# Webserver Configuration
##########################################################################
WEBSERVER_AUTO_CREATE_USER = True
# REMOTE_USER variable will be used to check the environment variable
# is set or not first, if not available,
# request header will be checked for the same.
# Possible values: REMOTE_USER, HTTP_X_FORWARDED_USER, X-Forwarded-User
WEBSERVER_REMOTE_USER = 'REMOTE_USER'
##########################################################################
# PSQL tool settings
##########################################################################
# This will enable PSQL tool in pgAdmin when running in server mode.
# PSQL is always enabled in Desktop mode, however in server mode it is
# disabled by default because users can run arbitrary commands on the
# server through it.
ENABLE_PSQL = True
DATA_DIR = '__INSTALL_DIR__/data'

11
conf/nginx.conf
View file

@ -1,9 +1,8 @@
location __PATH__ {
include uwsgi_params;
uwsgi_pass unix:///run/__NAME__/app.socket;
uwsgi_read_timeout 180;
uwsgi_send_timeout 180;
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location __PATH__/ {
include proxy_params;
proxy_pass http://unix:/run/__APP__/app.socket;
proxy_set_header X-Script-Name __PATH__;
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;

46
conf/pgadmin.service Normal file
View file

@ -0,0 +1,46 @@
[Unit]
Description=PgAdmin service
After=network.target
[Service]
Type=simple
User=__APP__
WorkingDirectory=__INSTALL_DIR__
RuntimeDirectory=__APP__
# Note don't increase workers > 1 as it don't work
ExecStart=__INSTALL_DIR__/venv/bin/gunicorn --bind unix:/run/__APP__/app.socket --workers=1 --threads=10 --chdir __INSTALL_DIR__/venv/lib/python__PYTHON_VERSION__/site-packages/pgadmin4 pgAdmin4:app
Restart=always
RestartSec=3
# Sandboxing options to harden security
# Depending on specificities of your service/app, you may need to tweak these
# .. but this should be a good baseline
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
DevicePolicy=closed
ProtectSystem=full
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
# Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
[Install]
WantedBy=multi-user.target

6
conf/postgres-reg.ini Normal file
View file

@ -0,0 +1,6 @@
[PostgreSQL/__POSTGRESQL_VERSION__]
DataDirectory=/var/lib/postgresql/__POSTGRESQL_VERSION__/main/
Description=Yunohost Server
Port=5432
Superuser=__DB_USER__
Password=__DB_PWD__

116
conf/requirement_bookworm.txt Normal file
View file

@ -0,0 +1,116 @@
alembic==1.13.1
Authlib==1.2.1
azure-common==1.1.28
azure-core==1.30.0
azure-identity==1.15.0
azure-mgmt-core==1.4.0
azure-mgmt-rdbms==10.1.0
azure-mgmt-resource==23.0.1
azure-mgmt-subscription==3.1.1
Babel==2.14.0
bcrypt==4.0.1
bidict==0.22.1
blinker==1.7.0
boto3==1.33.13
botocore==1.33.13
Brotli==1.1.0
cachetools==5.3.2
certifi==2024.2.2
cffi==1.16.0
charset-normalizer==3.3.2
click==8.1.7
colorama==0.4.6
cryptography==41.0.7
dnspython==2.5.0
email-validator==2.1.0.post1
eventlet==0.34.2
Flask==2.3.3
flask-babel==4.0.0
Flask-Compress==1.14
Flask-Gravatar==0.5.0
Flask-Login==0.6.3
Flask-Mail==0.9.1
Flask-Migrate==4.0.5
Flask-Paranoid==0.3.0
Flask-Principal==0.4.0
Flask-Security-Too==5.2.0
Flask-SocketIO==5.3.6
Flask-SQLAlchemy==3.1.1
Flask-WTF==1.2.1
google-api-core==2.17.0
google-api-python-client==2.117.0
google-auth==2.27.0
google-auth-httplib2==0.2.0
google-auth-oauthlib==1.1.0
googleapis-common-protos==1.62.0
greenlet==3.0.3
h11==0.14.0
httpagentparser==1.9.5
httplib2==0.22.0
idna==3.6
importlib-metadata==7.0.1
importlib-resources==6.1.1
isodate==0.6.1
itsdangerous==2.1.2
jaraco.classes==3.3.1
jeepney==0.8.0
Jinja2==3.1.3
jmespath==1.0.1
keyring==24.3.0
ldap3==2.9.1
Mako==1.3.2
markdown-it-py==3.0.0
MarkupSafe==2.1.5
mdurl==0.1.2
more-itertools==10.2.0
msal==1.26.0
msal-extensions==1.1.0
msrest==0.7.1
oauthlib==3.2.2
packaging==23.2
paramiko==3.4.0
passlib==1.7.4
pgadmin4==8.3
portalocker==2.8.2
protobuf==4.25.2
psutil==5.9.8
psycopg==3.1.12
psycopg-c==3.1.12
pyasn1==0.5.1
pyasn1-modules==0.3.0
pycparser==2.21
Pygments==2.17.2
PyJWT==2.8.0
PyNaCl==1.5.0
pyotp==2.9.0
pyparsing==3.1.1
pypng==0.20220715.0
python-dateutil==2.8.2
python-engineio==4.9.0
python-socketio==5.11.1
pytz==2023.4
qrcode==7.4.2
requests==2.31.0
requests-oauthlib==1.3.1
rich==13.7.0
rsa==4.9
s3transfer==0.8.2
SecretStorage==3.3.3
shellingham==1.5.4
simple-websocket==1.0.0
six==1.16.0
speaklater3==1.4
SQLAlchemy==2.0.25
sqlparse==0.4.4
sshtunnel==0.4.0
typer==0.9.0
typing_extensions==4.9.0
ua-parser==0.18.0
uritemplate==4.1.1
urllib3==1.26.18
user-agents==2.2.0
Werkzeug==2.3.8
wsproto==1.2.0
WTForms==3.1.2
zipp==3.17.0
gunicorn==21.2.0

117
conf/requirement_bullseye.txt Normal file
View file

@ -0,0 +1,117 @@
alembic==1.13.1
Authlib==1.2.1
azure-common==1.1.28
azure-core==1.30.0
azure-identity==1.15.0
azure-mgmt-core==1.4.0
azure-mgmt-rdbms==10.1.0
azure-mgmt-resource==23.0.1
azure-mgmt-subscription==3.1.1
Babel==2.14.0
bcrypt==4.0.1
bidict==0.22.1
blinker==1.7.0
boto3==1.33.13
botocore==1.33.13
Brotli==1.1.0
cachetools==5.3.2
certifi==2024.2.2
cffi==1.16.0
charset-normalizer==3.3.2
click==8.1.7
colorama==0.4.6
cryptography==41.0.7
dnspython==2.5.0
email-validator==2.1.0.post1
eventlet==0.34.2
Flask==2.3.3
flask-babel==4.0.0
Flask-Compress==1.14
Flask-Gravatar==0.5.0
Flask-Login==0.6.3
Flask-Mail==0.9.1
Flask-Migrate==4.0.5
Flask-Paranoid==0.3.0
Flask-Principal==0.4.0
Flask-Security-Too==5.2.0
Flask-SocketIO==5.3.6
Flask-SQLAlchemy==3.1.1
Flask-WTF==1.2.1
google-api-core==2.17.0
google-api-python-client==2.117.0
google-auth==2.27.0
google-auth-httplib2==0.2.0
google-auth-oauthlib==1.1.0
googleapis-common-protos==1.62.0
greenlet==1.1.2
h11==0.14.0
httpagentparser==1.9.5
httplib2==0.22.0
idna==3.6
importlib-metadata==7.0.1
importlib-resources==6.1.1
isodate==0.6.1
itsdangerous==2.1.2
jaraco.classes==3.3.1
jeepney==0.8.0
Jinja2==3.1.3
jmespath==1.0.1
keyring==24.3.0
ldap3==2.9.1
Mako==1.3.2
markdown-it-py==3.0.0
MarkupSafe==2.1.5
mdurl==0.1.2
more-itertools==10.2.0
msal==1.26.0
msal-extensions==1.1.0
msrest==0.7.1
oauthlib==3.2.2
packaging==23.2
paramiko==3.4.0
passlib==1.7.4
pgadmin4==8.3
pkg_resources==0.0.0
portalocker==2.8.2
protobuf==4.25.2
psutil==5.9.8
psycopg==3.1.12
psycopg-c==3.1.12
pyasn1==0.5.1
pyasn1-modules==0.3.0
pycparser==2.21
Pygments==2.17.2
PyJWT==2.8.0
PyNaCl==1.5.0
pyotp==2.9.0
pyparsing==3.1.1
pypng==0.20220715.0
python-dateutil==2.8.2
python-engineio==4.9.0
python-socketio==5.11.1
pytz==2023.4
qrcode==7.4.2
requests==2.31.0
requests-oauthlib==1.3.1
rich==13.7.0
rsa==4.9
s3transfer==0.8.2
SecretStorage==3.3.3
shellingham==1.5.4
simple-websocket==1.0.0
six==1.16.0
speaklater3==1.4
SQLAlchemy==2.0.25
sqlparse==0.4.4
sshtunnel==0.4.0
typer==0.9.0
typing_extensions==4.9.0
ua-parser==0.18.0
uritemplate==4.1.1
urllib3==1.26.18
user-agents==2.2.0
Werkzeug==2.3.8
wsproto==1.2.0
WTForms==3.1.2
zipp==3.17.0
gunicorn==21.2.0

18
conf/server.json
View file

@ -1,18 +0,0 @@
{
"Servers": {
"1": {
"Name": "YunoHost Server",
"Group": "Servers",
"Host": "localhost",
"Port": 5432,
"MaintenanceDB": "postgres",
"Username": "__DB_USER__",
"Shared": false,
"KerberosAuthentication": false,
"ConnectionParameters": {
"sslmode": "prefer",
"connect_timeout": 10
}
}
}
}

20
conf/setup.exp
View file

@ -1,20 +0,0 @@
#!/usr/bin/expect
set timeout 20
set cmd [lindex $argv 0]
set arguments [lrange $argv 1 end]
spawn $cmd {*}$arguments
expect "Email address:"
send "__EMAIL__\r";
expect "Password:"
send {__PASSWORD__};
send "\r";
expect "Retype password:"
send {__PASSWORD__};
send "\r";
interact

27
conf/uwsgi.ini
View file

@ -1,27 +0,0 @@
[uwsgi]
# Who will run the code
uid = __APP__
gid = __APP__
# Number of workers
workers = 1
# The right granted on the created socket
chmod-socket = 666
# Plugin to use and interpretor config
single-interpreter = true
master = true
plugin = python3
# Manage the subpath
manage-script-name = true
mount = __PATH__=pgAdmin4.py
# Virtualenv and python path
virtualenv = __INSTALL_DIR__/venv
pythonpath = __INSTALL_DIR__/venv
chdir = __INSTALL_DIR__/venv/lib/python__PYTHON_VERSION__/site-packages/pgadmin4
# The variable holding flask application
callable = app

4
doc/ADMIN.md
View file

@ -1,4 +0,0 @@
The Postgresql admin user credentials:
Username: __DB_USER__
Password: __DB_PWD__

5
doc/POST_INSTALL.md
View file

@ -1,5 +0,0 @@
You can connect to pgAdmin with your email and the password you provided at installation time.
You will need to provide the Postgresql admin password once, so here it is: `__DB_PWD__`.
pgAdmin will then store it encrypted, so you won't need anymore.

5
doc/POST_UPGRADE.d/7.7~ynh2.md
View file

@ -1,5 +0,0 @@
This upgrade fixes authentication with PostgreSQL.
You might need to re-enter in pgAdmin the Postgresql admin password: `__DB_PWD__`.
You can log into pgAdmin with your email and the password you provided during installation.

32
manifest.toml
View file

@ -7,7 +7,7 @@ name = "pgAdmin4"
description.en = "Manage PostgreSQL databases over the web"
description.fr = "Application web de gestion des bases de données PostgreSQL"
version = "8.2~ynh2"
version = "8.3~ynh2"
maintainers = ["Josué Tille"]
@ -20,9 +20,9 @@ cpe = "cpe:2.3:a:pgadmin:pgadmin"
[integration]
yunohost = ">= 11.0.11"
architectures = "all"
multi_instance = false
ldap = false
sso = false
multi_instance = true
ldap = true
sso = true
disk = "700M"
ram.build = "300M"
ram.runtime = "200M"
@ -39,16 +39,25 @@ ram.runtime = "200M"
type = "group"
default = "admins"
[install.admin]
type = "user"
[install.password]
type = "password"
[resources]
[resources.sources.pgadmin_prebuilt_armv7_bookworm]
prefetch = false
armhf.url = "https://github.com/YunoHost-Apps/pgadmin_python_build/releases/download/v4-8.3/pgadmin_4-8.3-bookworm-bin1_armv7l.tar.gz"
armhf.sha256 = "b2fdf884fe74e2e6a41d8f5f8f4b1967bc4ad6fffcfa5a76fc34ef6fe6c62e7e"
[resources.sources.pgadmin_prebuilt_armv7_bullseye]
prefetch = false
armhf.url = "https://github.com/YunoHost-Apps/pgadmin_python_build/releases/download/v4-8.3/pgadmin_4-8.3-bullseye-bin1_armv7l.tar.gz"
armhf.sha256 = "bf1136e71b52a9bb75b6e3bc75a23a5d49fa104291f8b3f0114593e123e0d078"
[resources.system_user]
allow_email = true
home = "/opt/yunohost/__APP__"
[resources.install_dir]
dir = "/opt/yunohost/__APP__"
[resources.data_dir]
[resources.permissions]
main.url = "/"
@ -60,9 +69,6 @@ ram.runtime = "200M"
"python3-dev",
"python3-venv",
"postgresql",
"uwsgi",
"uwsgi-plugin-python3",
"expect",
"libpq-dev",
"libkrb5-dev",
]

71
scripts/_common.sh
View file

@ -5,26 +5,71 @@
#=================================================
python_version="$(python3 -V | cut -d' ' -f2 | cut -d. -f1-2)"
postgresql_version="$(psql -V | cut -d' ' -f3 | cut -d. -f1)"
#=================================================
# DEFINE ALL COMMON FONCTIONS
#=================================================
ynh_install_venv() {
if [ -f "$install_dir/venv/bin/python" ]; then
ynh_exec_as "$app" python3 -m venv "$install_dir/venv" --upgrade
else
ynh_exec_as "$app" python3 -m venv "$install_dir/venv"
install_source() {
# Clean venv is it was on python with an old version in case major upgrade of debian
if [ ! -e $install_dir/venv/lib/python$python_version ]; then
ynh_secure_remove --file=$install_dir/venv/bin
ynh_secure_remove --file=$install_dir/venv/lib
ynh_secure_remove --file=$install_dir/venv/lib64
ynh_secure_remove --file=$install_dir/venv/include
ynh_secure_remove --file=$install_dir/venv/share
ynh_secure_remove --file=$install_dir/venv/pyvenv.cfg
fi
ynh_use_venv
ynh_exec_as "$app" "$venvpy" -m pip install --upgrade --no-cache-dir pip wheel
}
ynh_use_venv() {
venvpy="$install_dir/venv/bin/python3"
if uname -m | grep -q arm
then
# Clean old file, sometime it could make some big issues if we don't do this !!
ynh_secure_remove --file=$install_dir/venv/bin
ynh_secure_remove --file=$install_dir/venv/lib
ynh_secure_remove --file=$install_dir/venv/include
ynh_secure_remove --file=$install_dir/venv/share
ynh_setup_source --dest_dir $install_dir/ --source_id "pgadmin_prebuilt_armv7_$(lsb_release --codename --short)"
else
# Install virtualenv if it don't exist
test -e $install_dir/venv/bin/python3 || python3 -m venv $install_dir/venv
# Install pgadmin in virtualenv
pip=$install_dir/venv/bin/pip
$pip install --upgrade pip wheel
$pip install --upgrade -r $YNH_APP_BASEDIR/conf/requirement_$(lsb_release --codename --short).txt
fi
# Apply patchs if needed
if ! grep -F -q '# BEGIN Yunohost Patch' $install_dir/venv/lib/python$python_version/site-packages/pgadmin4/migrations/versions/fdc58d9bd449_.py; then
pushd $install_dir/venv/lib/python$python_version/site-packages/pgadmin4
patch -p1 < $YNH_APP_BASEDIR/sources/avoid_create_user_on_setup_db.patch
popd
fi
if ! grep -F -q '# BEGIN Yunohost Patch' $install_dir/venv/lib/python$python_version/site-packages/pgadmin4/pgadmin/__init__.py; then
pushd $install_dir/venv/lib/python$python_version/site-packages/pgadmin4
patch -p1 < $YNH_APP_BASEDIR/sources/fix_add_local_db.patch
popd
fi
if ! grep -F -q '# BEGIN Yunohost Patch' $install_dir/venv/lib/python$python_version/site-packages/pgadmin4/pgadmin/authenticate/webserver.py; then
pushd $install_dir/venv/lib/python$python_version/site-packages/pgadmin4
patch -p1 < $YNH_APP_BASEDIR/sources/change_default_webserver_new_user_role_to_admin.patch
popd
fi
}
_install_pgadmin_pip() {
version=$(ynh_app_upstream_version)
ynh_exec_as "$app" "$venvpy" -m pip install --upgrade "pgadmin4==$version"
set_permission() {
# Set permission
chown $app:$app -R $install_dir
chmod u+rw,o= -R $install_dir
chown $app:$app -R $data_dir
chmod u+rw,o= -R $data_dir
chown $app:$app -R /var/log/$app
chmod u=rwX,g=rX,o= -R /var/log/$app
# Criticals files
chown $app:root $data_dir/master_pwd
chmod u=r,g=,o= $data_dir/master_pwd
chown $app:root $install_dir/postgres-reg.ini
chmod u=r,g=,o= $install_dir/postgres-reg.ini
}

16
scripts/backup
View file

@ -22,24 +22,24 @@ ynh_print_info --message="Declaring files to be backed up..."
ynh_backup --src_path="$install_dir"
#=================================================
# BACKUP DATA
#=================================================
ynh_backup --src_path="$data_dir" --is_big=1
#=================================================
# SYSTEM CONFIGURATION
#=================================================
ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_backup --src_path="/etc/logrotate.d/$app"
ynh_backup --src_path="/etc/uwsgi/apps-available/$app.ini"
ynh_backup --src_path=/etc/systemd/system/$app.service
#=================================================
# BACKUP VARIOUS FILES
#=================================================
# Backup hashed password
ynh_psql_execute_as_root --sql="SELECT rolpassword FROM pg_authid WHERE rolname='$app';" | head -3 | tail -1 > hashed_password.txt
ynh_backup --src_path="/var/log/pgadmin"
ynh_backup --src_path="/var/log/$app"
#=================================================
# END OF SCRIPT

10
scripts/change_url
View file

@ -18,7 +18,7 @@ source /usr/share/yunohost/helpers
#=================================================
ynh_script_progression --message="Stopping a systemd service..." --weight=1
ynh_systemd_action --service_name="uwsgi-app@$app.service" --action="stop" --log_path="/var/log/uwsgi/$app/$app.log"
ynh_systemd_action --service_name="$app.service" --action="stop" --log_path="/var/log/$app/$app.log"
#=================================================
# MODIFY URL IN NGINX CONF
@ -30,12 +30,8 @@ ynh_change_url_nginx_config
#=================================================
# SPECIFIC MODIFICATIONS
#=================================================
# UPDATE CONFIGURATION
#=================================================
ynh_script_progression --message="Updating configuration..." --weight=1
# Update UWSGI Config
ynh_add_uwsgi_service "python_version"
set_permission
#=================================================
# GENERIC FINALISATION
@ -45,7 +41,7 @@ ynh_add_uwsgi_service "python_version"
ynh_script_progression --message="Starting a systemd service..." --weight=3
# Start a systemd service
ynh_systemd_action --service_name="uwsgi-app@$app.service" --action="restart" --line_match="WSGI app 0 \(mountpoint='[/[:alnum:]_-]*'\) ready in [[:digit:]]* seconds on interpreter" --log_path="/var/log/uwsgi/$app/$app.log"
ynh_systemd_action --service_name="$app.service" --action="restart" --line_match "Listening at: unix:/run/$app/app.socket" --log_path systemd
#=================================================
# END OF SCRIPT

145
scripts/experimental_helper.sh
View file

@ -1,145 +0,0 @@
#=================================================
# UWSGI HELPERS
#=================================================
# Check if system wide templates are available and correcly configured
#
# usage: ynh_check_global_uwsgi_config
ynh_check_global_uwsgi_config () {
uwsgi --version || ynh_die --message="You need to add uwsgi (and appropriate plugin) as a dependency"
cat > /etc/systemd/system/uwsgi-app@.service <<EOF
Description=%i uWSGI app
After=syslog.target
[Service]
RuntimeDirectory=%i
ExecStart=/usr/bin/uwsgi \
--ini /etc/uwsgi/apps-available/%i.ini \
--socket /run/%i/app.socket \
--logto /var/log/uwsgi/%i/%i.log
User=%i
Group=www-data
Restart=always
RestartSec=10
KillSignal=SIGQUIT
Type=notify
StandardError=syslog
NotifyAccess=all
[Install]
WantedBy=multi-user.target
EOF
systemctl daemon-reload
}
# Create a dedicated uwsgi ini file to use with generic uwsgi service
#
# This will use a template in ../conf/uwsgi.ini
# and will replace the following keywords with
# global variables that should be defined before calling
# this helper :
#
# __APP__ by $app
# __PATH__ by $path_url
# __FINALPATH__ by $install_dir
#
# And dynamic variables (from the last example) :
# __PATH_2__ by $path_2
# __PORT_2__ by $port_2
#
# To be able to customise the settings of the systemd unit you can override the rules with the file "conf/uwsgi-app@override.service".
# This file will be automatically placed on the good place
#
# Note that the service need to be started manually at the end of the installation.
# Generally you can start the service with this command:
# ynh_systemd_action --service_name "uwsgi-app@$app.service" --line_match "WSGI app 0 \(mountpoint='[/[:alnum:]_-]*'\) ready in [[:digit:]]* seconds on interpreter" --log_path "/var/log/uwsgi/$app/$app.log"
#
# usage: ynh_add_uwsgi_service
#
# to interact with your service: `systemctl <action> uwsgi-app@app`
ynh_add_uwsgi_service () {
ynh_check_global_uwsgi_config
local others_var=${1:-}
local finaluwsgiini="/etc/uwsgi/apps-available/$app.ini"
# www-data group is needed since it is this nginx who will start the service
usermod --append --groups www-data "$app" || ynh_die --message="It wasn't possible to add user $app to group www-data"
ynh_backup_if_checksum_is_different --file="$finaluwsgiini"
cp ../conf/uwsgi.ini "$finaluwsgiini"
# To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable.
# Substitute in a nginx config file only if the variable is not empty
if test -n "${install_dir:-}"; then
ynh_replace_string --match_string="__INSTALL_DIR__" --replace_string="$install_dir" --target_file="$finaluwsgiini"
fi
if test -n "${path_url:-}"; then
ynh_replace_string --match_string="__PATH__" --replace_string="$path_url" --target_file="$finaluwsgiini"
fi
if test -n "${app:-}"; then
ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$finaluwsgiini"
fi
# Replace all other variable given as arguments
for var_to_replace in $others_var
do
# ${var_to_replace^^} make the content of the variable on upper-cases
# ${!var_to_replace} get the content of the variable named $var_to_replace
ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finaluwsgiini"
done
ynh_store_file_checksum --file="$finaluwsgiini"
chown $app:root "$finaluwsgiini"
# make sure the folder for logs exists and set authorizations
mkdir -p /var/log/uwsgi/$app
chown $app:root /var/log/uwsgi/$app
chmod -R u=rwX,g=rX,o= /var/log/uwsgi/$app
# Setup specific Systemd rules if necessary
test -e ../conf/uwsgi-app@override.service && \
mkdir /etc/systemd/system/uwsgi-app@$app.service.d && \
cp ../conf/uwsgi-app@override.service /etc/systemd/system/uwsgi-app@$app.service.d/override.conf
systemctl daemon-reload
systemctl enable "uwsgi-app@$app.service"
# Add as a service
yunohost service add "uwsgi-app@$app" --log "/var/log/uwsgi/$app/$app.log" --description="UWSGI service for $app"
}
# Remove the dedicated uwsgi ini file
#
# usage: ynh_remove_uwsgi_service
ynh_remove_uwsgi_service () {
local finaluwsgiini="/etc/uwsgi/apps-available/$app.ini"
if [ -e "$finaluwsgiini" ]; then
yunohost service remove "uwsgi-app@$app"
systemctl stop "uwsgi-app@$app.service"
systemctl disable "uwsgi-app@$app.service"
ynh_secure_remove --file="$finaluwsgiini"
ynh_secure_remove --file="/var/log/uwsgi/$app"
ynh_secure_remove --file="/etc/systemd/system/uwsgi-app@$app.service.d"
fi
}
ynh_restore_uwsgi_service () {
ynh_check_global_uwsgi_config
systemctl enable "uwsgi-app@$app" --quiet
# make sure the folder for logs exists and set authorizations
mkdir -p /var/log/uwsgi/$app
chown $app:root /var/log/uwsgi/$app
chmod -R u=rwX,g=rX,o= /var/log/uwsgi/$app
yunohost service add "uwsgi-app@$app" --log "/var/log/uwsgi/$app/$app.log" --description="UWSGI service for $app"
}
#=================================================
# OTHERS HELPERS
#=================================================

54
scripts/install
View file

@ -10,13 +10,6 @@ source experimental_helper.sh
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# INITIALIZE AND STORE SETTINGS
#=================================================
# Used in expect script
email=$(ynh_user_get_info --username $admin --key 'mail')
#=================================================
# Postgresql superuser
#=================================================
@ -24,19 +17,24 @@ ynh_script_progression --message="Configuring Postgresql superuser..." --weight
ynh_psql_execute_as_root --sql "ALTER USER $db_user WITH SUPERUSER CREATEDB CREATEROLE REPLICATION"
ynh_script_progression --message='Creating base directory...'
if [ -n "$(ls -A $data_dir)" ]; then
old_data_dir_path="${data_dir}_$(date '+%Y%m%d.%H%M%S')"
ynh_print_warn "Data directory was not empty. Data was moved to $old_data_dir_path"
mkdir -p $old_data_dir_path
mv -t "$old_data_dir_path" "$data_dir"/*
fi
mkdir -p /var/log/$app
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_script_progression --message="Setting up source files..." --weight=5
ynh_install_venv
_install_pgadmin_pip
mkdir -p "$install_dir/data"
chown -R "$app:root" "$install_dir"
mkdir -p /var/log/pgadmin
chown -R "$app:root" /var/log/pgadmin
install_source
#=================================================
# ADD A CONFIGURATION
@ -44,17 +42,11 @@ chown -R "$app:root" /var/log/pgadmin
ynh_script_progression --message="Configuring pgAdmin..." --weight=1
ynh_add_config --template="config_local.py" --destination="$install_dir/venv/lib/python$python_version/site-packages/pgadmin4/config_local.py"
chown -R "$app:root" "$install_dir"
ynh_add_config --template=postgres-reg.ini --destination="$install_dir"/postgres-reg.ini
ynh_string_random --length=60 > "$data_dir"/master_pwd
set_permission
ynh_add_config --template="setup.exp" --destination="$install_dir/setup.exp"
chmod +x "$install_dir/setup.exp"
ynh_exec_as "$app" "$install_dir/setup.exp" "$install_dir/venv/bin/python3" "$install_dir/venv/lib/python$python_version/site-packages/pgadmin4/setup.py" setup-db
ynh_add_config --template="server.json" --destination="$install_dir/server.json"
ynh_exec_as "$app" "$install_dir/venv/bin/python3" "$install_dir/venv/lib/python$python_version/site-packages/pgadmin4/setup.py" load-servers --user "$email" "$install_dir/server.json"
# looks like we need to run one command as pgadmin to get access to the dbs ?
ynh_psql_connect_as --user="$db_user" --password="$db_pwd" <<< '\list' >/dev/null
$install_dir/venv/bin/python3 "$install_dir/venv/lib/python$python_version/site-packages/pgadmin4/setup.py" setup-db
#=================================================
# SYSTEM CONFIGURATION
@ -64,18 +56,20 @@ ynh_script_progression --message="Adding system configurations related to $app..
# Create a dedicated NGINX config
ynh_add_nginx_config
# Config uwsgi
ynh_add_uwsgi_service "python_version"
# Add systemd config
ynh_add_systemd_config --service=$app --template=pgadmin.service
ynh_use_logrotate --logfile="/var/log/pgadmin"
chown -R "$app:root" /var/log/pgadmin
yunohost service add $app --log "/var/log/$app/$app.log" --description 'PgAdmin application'
ynh_use_logrotate --logfile="/var/log/$app"
set_permission
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=3
ynh_systemd_action --service_name "uwsgi-app@$app.service" --action="restart" --line_match "WSGI app 0 \(mountpoint='[/[:alnum:]_-]*'\) ready in [[:digit:]]* seconds on interpreter" --log_path "/var/log/uwsgi/$app/$app.log"
ynh_systemd_action --service_name "$app.service" --action="restart" --line_match "Listening at: unix:/run/$app/app.socket" --log_path systemd
#=================================================
# END OF SCRIPT

10
scripts/remove
View file

@ -16,10 +16,9 @@ source /usr/share/yunohost/helpers
ynh_script_progression --message="Removing system configurations related to $app..." --weight=1
# Stop service
ynh_systemd_action --service_name "uwsgi-app@$app.service" --action stop
# Remove uwsgi config
ynh_remove_uwsgi_service
ynh_systemd_action --service_name "$app.service" --action stop
ynh_remove_systemd_config --service=$app
yunohost service remove $app
# Remove the app-specific logrotate config
ynh_remove_logrotate
@ -37,9 +36,6 @@ ynh_script_progression --message="Removing various files..." --weight=1
# Remove the log files
ynh_secure_remove --file="/var/log/$app"
# Remove the log files
ynh_secure_remove --file="/var/log/uwsgi/$app"
#=================================================
# END OF SCRIPT
#=================================================

40
scripts/restore
View file

@ -19,54 +19,38 @@ ynh_script_progression --message="Restoring the Postgresql superuser..." --weigh
ynh_psql_execute_as_root --sql "ALTER USER $app WITH SUPERUSER CREATEDB CREATEROLE REPLICATION"
#=================================================
# RESTORE THE APP MAIN DIR
# RESTORE ALL CONFIG AND DATA
#=================================================
ynh_script_progression --message="Restoring the app main directory..." --weight=1
ynh_restore_file --origin_path="$install_dir"
chown -R "$app:root" "$install_dir"
ynh_script_progression --message="Restoring directory and configuration..." --weight=10
ynh_restore
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Updating python virtualenv..." --weight=5
ynh_install_venv
install_source
#=================================================
# RESTORE SYSTEM CONFIGURATIONS
# RESTORE SYSTEMD
#=================================================
ynh_script_progression --message="Restoring system configurations related to $app..." --weight=1
ynh_script_progression --message="Enable systemd services" --weight=2
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
# systemctl daemon-reload
systemctl enable $app.service --quiet
yunohost service add $app --log "/var/log/$app/$app.log" --description 'PgAdmin application'
ynh_restore_file --origin_path="/etc/uwsgi/apps-available/$app.ini"
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# RESTORE VARIOUS FILES
#=================================================
ynh_script_progression --message="Restoring various files..." --weight=1
ynh_restore_file --origin_path="/var/log/$app/"
chmod -R 750 /var/log/pgadmin
chown -R "$app:root" /var/log/pgadmin
# Restore systemd configuration
ynh_script_progression --message="Reconfiguring application..." --weight=1
ynh_restore_uwsgi_service
set_permission
#=================================================
# GENERIC FINALIZATION
#=================================================
# RELOAD NGINX AND PHP-FPM OR THE APP SERVICE
# RELOAD NGINX AND THE APP SERVICE
#=================================================
ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1
ynh_systemd_action --service_name "uwsgi-app@$app.service" --action="restart" --line_match "WSGI app 0 \(mountpoint='[/[:alnum:]_-]*'\) ready in [[:digit:]]* seconds on interpreter" --log_path "/var/log/uwsgi/$app/$app.log"
ynh_systemd_action --service_name "$app.service" --action="restart" --line_match "Listening at: unix:/run/$app/app.socket" --log_path systemd
ynh_systemd_action --service_name=nginx --action=reload

38
scripts/upgrade
View file

@ -19,6 +19,8 @@ ynh_script_progression --message="Stopping a systemd service..." --weight=1
if [ -f "/etc/uwsgi/apps-available/$app.ini" ]; then
ynh_systemd_action --service_name "uwsgi-app@$app.service" --action stop
else
ynh_systemd_action --service_name "$app.service" --action stop
fi
#=================================================
@ -26,18 +28,25 @@ fi
#=================================================
ynh_script_progression --message="Ensuring downward compatibility..." --weight=2
# Set the proper home directory
usermod -d "$install_dir" "$app"
# Clean old uwsgi config
ynh_secure_remove /etc/uwsgi/apps-enabled/pgadmin.ini
# Migrate data path
if [ -d "/var/lib/pgadmin" ]; then
if [ ! -d "$install_dir/data" ]; then
mv "/var/lib/pgadmin" "$install_dir/data"
mv -t "$data_dir" /var/lib/pgadmin/*
fi
ynh_secure_remove "/var/lib/pgadmin"
fi
if [ -d "$install_dir/data" ]; then
if [ ! -d "$install_dir/data" ]; then
mv -t "$data_dir" "$install_dir"/data/*
fi
ynh_secure_remove "$install_dir/data"
fi
if [ ! -e $data_dir/master_pwd ]; then
ynh_string_random --length=60 > $data_dir/master_pwd
fi
#=================================================
# Postgresql superuser
@ -51,11 +60,7 @@ ynh_psql_execute_as_root --sql "ALTER USER $app WITH PASSWORD '$db_pwd' SUPERUSE
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_script_progression --message="Upgrading source files..." --weight=6
ynh_install_venv
_install_pgadmin_pip
chown -R "$app:root" "$install_dir"
install_source
#=================================================
# UPDATE A CONFIG FILE
@ -64,7 +69,7 @@ ynh_script_progression --message="Updating a configuration file..." --weight=1
# CONFIGURE PGADMIN
ynh_add_config --template="config_local.py" --destination="$install_dir/venv/lib/python$python_version/site-packages/pgadmin4/config_local.py"
chown -R "$app:root" "$install_dir"
ynh_add_config --template=postgres-reg.ini --destination="$install_dir"/postgres-reg.ini
#=================================================
# REAPPLY SYSTEM CONFIGURATIONS
@ -74,19 +79,22 @@ ynh_script_progression --message="Upgrading system configurations related to $ap
# Create a dedicated NGINX config
ynh_add_nginx_config
# Config uwsgi
ynh_add_uwsgi_service "python_version"
# Add systemd config
ynh_add_systemd_config --service=$app --template=pgadmin.service
yunohost service add $app --log "/var/log/$app/$app.log" --description 'PgAdmin application'
# Use logrotate to manage app-specific logfile(s)
ynh_use_logrotate --logfile /var/log/pgadmin --nonappend
chown -R "$app:root" /var/log/pgadmin
ynh_use_logrotate --logfile /var/log/$app --nonappend
set_permission
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=3
ynh_systemd_action --service_name "uwsgi-app@$app.service" --action="restart" --line_match "WSGI app 0 \(mountpoint='[/[:alnum:]_-]*'\) ready in [[:digit:]]* seconds on interpreter" --log_path "/var/log/uwsgi/$app/$app.log"
ynh_systemd_action --service_name "$app.service" --action="restart" --line_match "Listening at: unix:/run/$app/app.socket" --log_path systemd
#=================================================
# END OF SCRIPT

41
sources/avoid_create_user_on_setup_db.patch Normal file
View file

@ -0,0 +1,41 @@
diff --git a/migrations/versions/fdc58d9bd449_.py b/migrations/versions/fdc58d9bd449_.py
index 3a9991a5c..27fe21692 100644
--- a/migrations/versions/fdc58d9bd449_.py
+++ b/migrations/versions/fdc58d9bd449_.py
@@ -35,7 +35,8 @@ depends_on = None
def upgrade():
# ### commands auto generated by Alembic - please adjust! ###
- email, password = user_info()
+ # BEGIN Yunohost Patch
+ # END Yunohost Patch
version_table = op.create_table(
'version', sa.Column('name', sa.String(length=32), nullable=False),
@@ -122,11 +123,8 @@ def upgrade():
setattr(config, 'SECURITY_PASSWORD_SALT', current_salt)
setattr(config, 'SECRET_KEY', secret_key)
- password = hash_password(password)
-
- op.bulk_insert(user_table,
- [{'email': email, 'password': password,
- 'active': 1, 'confirmed_at': None}])
+ # BEGIN Yunohost Patch
+ # END Yunohost Patch
op.bulk_insert(version_table,
[{'name': 'ConfigDB', 'value': 2}])
@@ -135,11 +133,8 @@ def upgrade():
[{'name': 'Administrators',
'description': 'pgAdmin Administrators Role'}])
- op.bulk_insert(roles_users_table,
- [{'user_id': 1, 'role_id': 1}])
-
- op.bulk_insert(server_group_table,
- [{'user_id': 1, 'name': 'Servers'}])
+ # BEGIN Yunohost Patch
+ # END Yunohost Patch
# ### end Alembic commands ###

15
sources/change_default_webserver_new_user_role_to_admin.patch Normal file
View file

@ -0,0 +1,15 @@
diff --git a/pgadmin/authenticate/webserver.py b/pgadmin/authenticate/webserver.py
index 5a9e4533c..9693593dc 100644
--- a/pgadmin/authenticate/webserver.py
+++ b/pgadmin/authenticate/webserver.py
@@ -121,7 +121,9 @@ class WebserverAuthentication(BaseAuthentication):
return create_user({
'username': username,
'email': useremail,
- 'role': 2,
+ # BEGIN Yunohost Patch
+ 'role': 1,
+ # END Yunohost Patch
'active': True,
'auth_source': WEBSERVER
})

64
sources/fix_add_local_db.patch Normal file
View file

@ -0,0 +1,64 @@
diff --git a/pgadmin/__init__.py b/pgadmin/__init__.py
index c20016bbc..42ccfd874 100644
--- a/pgadmin/__init__.py
+++ b/pgadmin/__init__.py
@@ -586,10 +586,22 @@ def create_app(app_name=None):
servergroup = servergroups.first()
servergroup_id = servergroup.id
+ # BEGIN Yunohost Patch
+ from pgadmin.utils.master_password import get_crypt_key
+ from pgadmin.utils.exception import CryptKeyMissing
+ from pgadmin.utils.crypto import encrypt
+
+ crypt_key_present, crypt_key = get_crypt_key()
+ if not crypt_key_present:
+ raise CryptKeyMissing
+ # END Yunohost Patch
+
'''Add a server to the config database'''
+ # BEGIN Yunohost Patch
def add_server(user_id, servergroup_id, name, superuser, port,
- discovery_id, comment):
+ discovery_id, comment, password):
+ # END Yunohost Patch
# Create a server object if needed, and store it.
servers = Server.query.filter_by(
user_id=user_id,
@@ -609,7 +621,11 @@ def create_app(app_name=None):
connection_params={'sslmode': 'prefer',
'connect_timeout': 10},
comment=comment,
- discovery_id=discovery_id)
+ # BEGIN Yunohost Patch
+ discovery_id=discovery_id,
+ password=encrypt(password, crypt_key),
+ save_password=1)
+ # END Yunohost Patch
db.session.add(svr)
db.session.commit()
@@ -676,7 +692,7 @@ def create_app(app_name=None):
registry = ConfigParser()
try:
- registry.read('/etc/postgres-reg.ini')
+ registry.read(config.REGISTRY_CONFIG_FILE)
sections = registry.sections()
# Loop the sections, and get the data from any that are PG or PPAS
@@ -703,9 +719,12 @@ def create_app(app_name=None):
svr_comment = gettext("Auto-detected {0} installation "
"with the data directory at {1}"
).format(description, data_directory)
+ # BEGIN Yunohost Patch
+ password = registry.get(section, 'Password')
add_server(user_id, servergroup_id, svr_name,
svr_superuser, svr_port, svr_discovery_id,
- svr_comment)
+ svr_comment, password)
+ # END Yunohost Patch
except Exception as e:
print(str(e))

3
tests.toml
View file

@ -4,5 +4,6 @@ test_format = 1.0
[default]
test_upgrade_from.da90e7957a1a365f3c840df02c41cd14592030db.name = "Last packaging v1 version"
test_upgrade_from.067601ed5bb19dde70f74a1fa1f6230a30efe6b5.name = "7.2~ynh1"
test_upgrade_from.da90e7957a1a365f3c840df02c41cd14592030db.name = "Last packaging v1 version"
test_upgrade_from.55a5fd67889da37d03a5d4614168db76a8817cdb.name = "Pre improvements"