diff --git a/conf/nginx.conf b/conf/nginx.conf index 9fc1869..cfdefca 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,17 +1,28 @@ -root __FINALPATH__/; -index index.php; -try_files $uri $uri/ /index.php?$args; +#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; +location __PATH__/ { -# Force usage of https - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; - } + # Path to source + alias __FINALPATH__/ ; -location ~ \.php$ { - try_files $uri =404; - fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; - fastcgi_index index.php; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; - include /etc/nginx/fastcgi_params; + # Force usage of https + if ($scheme = http) { + rewrite ^ https://$server_name$request_uri? permanent; + } + index index.php; + + try_files $uri $uri/ index.php; + location ~ [^/]\.php(/|$) { + fastcgi_split_path_info ^(.+?\.php)(/.*)$; + fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; + + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param REMOTE_USER $remote_user; + fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param SCRIPT_FILENAME $request_filename; + } + + # Include SSOWAT user panel. + include conf.d/yunohost_panel.conf.inc; } diff --git a/manifest.json b/manifest.json index 511005d..5a1567b 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "phpIPAM package for YunoHost.", "fr": "phpIPAM pour YunoHost." }, - "version": "1.4", + "version": "1.4.3~ynh1", "url": "https://phpipam.net/", "license": "GPL-3.0", "maintainer": { @@ -14,32 +14,24 @@ "email": "liberodark@gmail.com" }, "requirements": { - "yunohost": ">= 2.7.2" + "yunohost": ">= 4.2.4" }, "multi_instance": false, "services": [ "nginx", - "php5-fpm", + "php7.3-fpm", "mysql" ], "arguments": { "install": [{ "name": "domain", "type": "domain", - "ask": { - "en": "Choose a domain name for phpIPAM", - "fr": "Choisissez un nom de domaine pour phpIPAM" - }, "example": "example.com" }, { "name": "path", "type": "path", - "ask": { - "en": "Choose a path for phpIPAM /phpipam is accepted", - "fr": "Choisissez un chemin pour phpIPAM /phpipam est accepté" - }, "example": "/phpipam", "default": "/phpipam" }, @@ -47,11 +39,7 @@ { "name": "is_public", "type": "boolean", - "ask": { - "en": "Is it a public site ?", - "fr": "Est-ce un site public ?" - }, - "default": "true" + "default": true } ] } diff --git a/scripts/_common.sh b/scripts/_common.sh index 0f53f77..a709315 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,112 +1,21 @@ #!/bin/bash -# ============================================================================= -# YUNOHOST 2.7 FORTHCOMING HELPERS -# ============================================================================= +#================================================= +# COMMON VARIABLES +#================================================= -# Create a dedicated nginx config -# -# usage: ynh_add_nginx_config -ynh_add_nginx_config () { - finalnginxconf="/etc/nginx/conf.d/$domain.d/$app.conf" - ynh_backup_if_checksum_is_different "$finalnginxconf" - sudo cp ../conf/nginx.conf "$finalnginxconf" +YNH_PHP_VERSION="7.3" - # To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable. - # Substitute in a nginx config file only if the variable is not empty - if test -n "${path_url:-}"; then - ynh_replace_string "__PATH__" "$path_url" "$finalnginxconf" - fi - if test -n "${domain:-}"; then - ynh_replace_string "__DOMAIN__" "$domain" "$finalnginxconf" - fi - if test -n "${port:-}"; then - ynh_replace_string "__PORT__" "$port" "$finalnginxconf" - fi - if test -n "${app:-}"; then - ynh_replace_string "__NAME__" "$app" "$finalnginxconf" - fi - if test -n "${final_path:-}"; then - ynh_replace_string "__FINALPATH__" "$final_path" "$finalnginxconf" - fi - ynh_store_file_checksum "$finalnginxconf" +extra_php_dependencies="php${YNH_PHP_VERSION}-mysql php${YNH_PHP_VERSION}-json php${YNH_PHP_VERSION}-curl php${YNH_PHP_VERSION}-gd php${YNH_PHP_VERSION}-opcache php${YNH_PHP_VERSION}-fileinfo php${YNH_PHP_VERSION}-intl php${YNH_PHP_VERSION}-cli php${YNH_PHP_VERSION}-mbstring php${YNH_PHP_VERSION}-xml" - sudo systemctl reload nginx -} +#================================================= +# PERSONAL HELPERS +#================================================= -# Remove the dedicated nginx config -# -# usage: ynh_remove_nginx_config -ynh_remove_nginx_config () { - ynh_secure_remove "/etc/nginx/conf.d/$domain.d/$app.conf" - sudo systemctl reload nginx -} +#================================================= +# EXPERIMENTAL HELPERS +#================================================= -# Create a dedicated php-fpm config -# -# usage: ynh_add_fpm_config -ynh_add_fpm_config () { - finalphpconf="/etc/php5/fpm/pool.d/$app.conf" - ynh_backup_if_checksum_is_different "$finalphpconf" - sudo cp ../conf/php-fpm.conf "$finalphpconf" - ynh_replace_string "__NAMETOCHANGE__" "$app" "$finalphpconf" - ynh_replace_string "__FINALPATH__" "$final_path" "$finalphpconf" - ynh_replace_string "__USER__" "$app" "$finalphpconf" - sudo chown root: "$finalphpconf" - ynh_store_file_checksum "$finalphpconf" - - if [ -e "../conf/php-fpm.ini" ] - then - finalphpini="/etc/php5/fpm/conf.d/20-$app.ini" - ynh_backup_if_checksum_is_different "$finalphpini" - sudo cp ../conf/php-fpm.ini "$finalphpini" - sudo chown root: "$finalphpini" - ynh_store_file_checksum "$finalphpini" - fi - - sudo systemctl reload php5-fpm -} - -# Remove the dedicated php-fpm config -# -# usage: ynh_remove_fpm_config -ynh_remove_fpm_config () { - ynh_secure_remove "/etc/php5/fpm/pool.d/$app.conf" - ynh_secure_remove "/etc/php5/fpm/conf.d/20-$app.ini" 2>&1 - sudo systemctl reload php5-fpm -} - -# Create a dedicated systemd config -# -# usage: ynh_add_systemd_config -ynh_add_systemd_config () { - finalsystemdconf="/etc/systemd/system/$app.service" - ynh_backup_if_checksum_is_different "$finalsystemdconf" - sudo cp ../conf/systemd.service "$finalsystemdconf" - - # To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable. - # Substitute in a nginx config file only if the variable is not empty - if test -n "${final_path:-}"; then - ynh_replace_string "__FINALPATH__" "$final_path" "$finalsystemdconf" - fi - if test -n "${app:-}"; then - ynh_replace_string "__APP__" "$app" "$finalsystemdconf" - fi - ynh_store_file_checksum "$finalsystemdconf" - - sudo chown root: "$finalsystemdconf" - sudo systemctl enable $app - sudo systemctl daemon-reload -} - -# Remove the dedicated systemd config -# -# usage: ynh_remove_systemd_config -ynh_remove_systemd_config () { - finalsystemdconf="/etc/systemd/system/$app.service" - if [ -e "$finalsystemdconf" ]; then - sudo systemctl stop $app - sudo systemctl disable $app - ynh_secure_remove "$finalsystemdconf" - fi -} +#================================================= +# FUTURE OFFICIAL HELPERS +#================================================= diff --git a/scripts/install b/scripts/install index a1e6bbe..8fa4b5c 100644 --- a/scripts/install +++ b/scripts/install @@ -24,180 +24,157 @@ ynh_abort_if_errors # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= -# Retrieve arguments domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH is_public=$YNH_APP_ARG_IS_PUBLIC -### If it's a multi-instance app, meaning it can be installed several times independently -### The id of the app as stated in the manifest is available as $YNH_APP_ID -### The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2", ...) -### The app instance name is available as $YNH_APP_INSTANCE_NAME -### - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample -### - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2 -### - ynhexample__{N} for the subsequent installations, with N=3,4, ... -### The app instance name is probably what interests you most, since this is -### guaranteed to be unique. This is a good unique identifier to define installation path, -### db names, ... app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= +ynh_script_progression --message="Validating installation parameters..." --time --weight=1 -### If the app uses nginx as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app". -### If the app provides an internal web server (or uses another application server such as uwsgi), the final path should be "/opt/yunohost/$app" final_path=/var/www/$app -test ! -e "$final_path" || ynh_die "This path already contains a folder" +test ! -e "$final_path" || ynh_die --message="This path already contains a folder" -# Normalize the url path syntax -path_url=$(ynh_normalize_url_path "$path_url") - -# Check web path availability -ynh_webpath_available "$domain" "$path_url" # Register (book) web path -ynh_webpath_register "$app" "$domain" "$path_url" +ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= +ynh_script_progression --message="Storing installation settings..." --time --weight=1 -ynh_app_setting_set "$app" domain "$domain" -ynh_app_setting_set "$app" path "$path_url" -ynh_app_setting_set "$app" is_public "$is_public" +ynh_app_setting_set --app=$app --key=domain --value=$domain +ynh_app_setting_set --app=$app --key=path --value=$path_url + +#================================================= +# STANDARD MODIFICATIONS +#================================================= +# FIND AND OPEN A PORT +#================================================= +ynh_script_progression --message="Finding an available port..." --time --weight=1 + +# Find an available port +port=$(ynh_find_port --port=8095) +ynh_app_setting_set --app=$app --key=port --value=$port #================================================= # INSTALL DEPENDENCIES #================================================= +ynh_script_progression --message="Installing dependencies..." --time --weight=1 -ynh_script_progression --message="Installing dependencies..." --weight=9 - -### `ynh_install_app_dependencies` allows you to add any "apt" dependencies to the package. -### Those deb packages will be installed as dependencies of this package. -### If you're not using this helper: -### - Remove the section "REMOVE DEPENDENCIES" in the remove script -### - As well as the section "REINSTALL DEPENDENCIES" in the restore script -### - And the section "UPGRADE DEPENDENCIES" in the upgrade script - -ynh_install_app_dependencies php7.0-gmp php7.0-snmp php7.0-ldap php7.0-mbstring php7.0-json php7.0-gettext php7.0-xml php7.0-sockets - -#================================================= -# CREATE A MYSQL DATABASE -#================================================= - -ynh_script_progression --message="Creating a MySQL database..." - -### Use these lines if you need a database for the application. -### `ynh_mysql_setup_db` will create a database, an associated user and a ramdom password. -### The password will be stored as 'mysqlpwd' into the app settings, -### and will be available as $db_pwd -### If you're not using these lines: -### - Remove the section "BACKUP THE MYSQL DATABASE" in the backup script -### - Remove also the section "REMOVE THE MYSQL DATABASE" in the remove script -### - As well as the section "RESTORE THE MYSQL DATABASE" in the restore script - -db_name=$(ynh_sanitize_dbid "$app") -ynh_app_setting_set "$app" db_name "$db_name" -ynh_mysql_setup_db "$db_name" "$db_name" - -#================================================= -# DOWNLOAD, CHECK AND UNPACK SOURCE PHPIPAM -#================================================= - -ynh_script_progression --message="Setting up source files..." --weight=4 -ynh_app_setting_set "$app" final_path "$final_path" -# Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source "$final_path" - -#================================================= -# DOWNLOAD, CHECK AND UNPACK SOURCE PHPMAILER -#================================================= - -ynh_script_progression --message="Setting up source files..." --weight=4 -ynh_app_setting_set "$app" final_path "$final_path" -# Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source "$final_path/functions/PHPMailer/" "mail" - -#================================================= -# IMPORT PHPIPAM DB -#================================================= - -ynh_print_info --message="Import SQL..." -ynh_mysql_execute_file_as_root --file="$final_path/db/SCHEMA.sql" --database="$db_name" - -#================================================= -# NGINX CONFIGURATION -#================================================= - -# Create a dedicated nginx config -ynh_script_progression --message="Configuring nginx web server..." --weight=3 -ynh_add_nginx_config +ynh_install_app_dependencies $pkg_dependencies #================================================= # CREATE DEDICATED USER #================================================= +ynh_script_progression --message="Configuring system user..." --time --weight=1 # Create a system user -ynh_script_progression --message="Configuring system user..." --weight=3 -ynh_system_user_create "$app" +ynh_system_user_create --username=$app --home_dir="$final_path" #================================================= -# MODIFY A CONFIG FILE +# CREATE A MYSQL DATABASE #================================================= +ynh_script_progression --message="Creating a MySQL database..." --time --weight=1 -cp -a ../conf/config.dist.php "$final_path"/config.php - -ynh_replace_string "yunouser" "$db_name" "$final_path/config.php" -ynh_replace_string "yunopass" "$db_pwd" "$final_path/config.php" -ynh_replace_string "yunobase" "$db_name" "$final_path/config.php" +db_name=$(ynh_sanitize_dbid --db_name=$app) +db_user=$db_name +ynh_app_setting_set --app=$app --key=db_name --value=$db_name +ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name #================================================= -# STORE THE CONFIG FILE CHECKSUM +# DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= +ynh_script_progression --message="Setting up source files..." --time --weight=1 -### `ynh_store_file_checksum` is used to store the checksum of a file. -### That way, during the upgrade script, by using `ynh_backup_if_checksum_is_different`, -### you can make a backup of this file before modifying it again if the admin had modified it. +ynh_app_setting_set --app=$app --key=final_path --value=$final_path +# Download, check integrity, uncompress and patch the source from app.src +ynh_setup_source --dest_dir="$final_path" -# Calculate and store the config file checksum into the app settings -#ynh_store_file_checksum "/etc/onlyoffice/documentserver/nginx/onlyoffice-documentserver.conf" +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + +#================================================= +# NGINX CONFIGURATION +#================================================= +ynh_script_progression --message="Configuring NGINX web server..." --time --weight=1 + +# Create a dedicated NGINX config +ynh_add_nginx_config + +#================================================= +# PHP-FPM CONFIGURATION +#================================================= +ynh_script_progression --message="Configuring PHP-FPM..." --time --weight=1 + +# Create a dedicated PHP-FPM config +ynh_add_fpm_config --package="$extra_php_dependencies" +phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) + +#================================================= +# ADD A CONFIGURATION +#================================================= +ynh_script_progression --message="Adding a configuration file..." --time --weight=1 + +ynh_add_config --template="../conf/config.dist.php" --destination="$final_path/some_config_file" + +# FIXME: this should be handled by the core in the future +# You may need to use chmod 600 instead of 400, +# for example if the app is expected to be able to modify its own config +chmod 400 "$final_path/some_config_file" +chown $app:$app "$final_path/some_config_file" + +#================================================= +# SETUP SYSTEMD +#================================================= +ynh_script_progression --message="Configuring a systemd service..." --time --weight=1 + +# Create a dedicated systemd config +ynh_add_systemd_config #================================================= # GENERIC FINALIZATION #================================================= -# SECURE FILES AND DIRECTORIES +# SETUP LOGROTATE #================================================= +ynh_script_progression --message="Configuring log rotation..." --time --weight=1 -#ynh_script_progression --message="Configuring phpipam..." +# Use logrotate to manage application logfile(s) +ynh_use_logrotate -### For security reason, any app should set the permissions to root: before anything else. -### Then, if write authorization is needed, any access should be given only to directories -### that really need such authorization. +#================================================= +# INTEGRATE SERVICE IN YUNOHOST +#================================================= +ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1 -# Remove non utile files -ynh_secure_remove $final_path/config.dist.php -ynh_secure_remove $final_path/config.docker.php -ynh_secure_remove $final_path/INSTALL.txt -ynh_secure_remove $final_path/README.md -ynh_secure_remove $final_path/.htaccess -ynh_secure_remove $final_path/install -ynh_secure_remove $final_path/.gitmodules -ynh_secure_remove $final_path/.github -ynh_secure_remove $final_path/.gitignore - - -# Set permissions to app files -chown -R www-data: "$final_path" +yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log" #================================================= # SETUP SSOWAT #================================================= +ynh_script_progression --message="Configuring permissions..." --time --weight=1 -# If app is public, add url to SSOWat conf as skipped_uris -if [ "$is_public" -eq 1 ]; then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set "$app" unprotected_uris "/" +# Make app public if necessary +if [ $is_public -eq 1 ] +then + # Everyone can access the app. + # The "main" permission is automatically created before the install script. + ynh_permission_update --permission="main" --add="visitors" fi -# Reload services -systemctl reload nginx +#================================================= +# RELOAD NGINX +#================================================= +ynh_script_progression --message="Reloading NGINX web server..." --time --weight=1 + +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Installation of $app completed" --time --last diff --git a/scripts/remove b/scripts/remove index ed3c19d..28f6b34 100644 --- a/scripts/remove +++ b/scripts/remove @@ -12,122 +12,68 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= -ynh_print_info "Loading installation settings..." +ynh_script_progression --message="Loading installation settings..." --time --weight=1 app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get "$app" domain) -port=$(ynh_app_setting_get "$app" port) -db_name=$(ynh_app_setting_get "$app" db_name) +domain=$(ynh_app_setting_get --app=$app --key=domain) +port=$(ynh_app_setting_get --app=$app --key=port) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_user=$db_name -final_path=$(ynh_app_setting_get "$app" final_path) - -#================================================= -# STANDARD REMOVE -#================================================= -# REMOVE SERVICE FROM ADMIN PANEL -#================================================= - -# Remove a service from the admin panel, added by `yunohost service add` -if yunohost service status "$app" >/dev/null 2>&1 -then - ynh_print_info "Removing $app service" - yunohost service remove "$app" -fi - -#================================================= -# STOP AND REMOVE SERVICE -#================================================= -ynh_print_info "Stopping and removing the systemd service" - -# Remove the dedicated systemd config -ynh_remove_systemd_config +final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= # REMOVE THE MYSQL DATABASE #================================================= -ynh_print_info "Removing the MySQL database" +ynh_script_progression --message="Removing the MySQL database..." --time --weight=1 # Remove a database if it exists, along with the associated user -ynh_mysql_remove_db "$db_user" "$db_name" - -#================================================= -# REMOVE DEPENDENCIES -#================================================= -ynh_print_info "Removing dependencies" - -# Remove metapackage and its dependencies -ynh_remove_app_dependencies +ynh_mysql_remove_db --db_user=$db_user --db_name=$db_name #================================================= # REMOVE APP MAIN DIR #================================================= -ynh_print_info "Removing app main directory" +ynh_script_progression --message="Removing app main directory..." --time --weight=1 # Remove the app directory securely -ynh_secure_remove "$final_path" +ynh_secure_remove --file="$final_path" #================================================= # REMOVE NGINX CONFIGURATION #================================================= -ynh_print_info "Removing nginx web server configuration" +ynh_script_progression --message="Removing NGINX web server configuration..." --time --weight=1 -# Remove the dedicated nginx config +# Remove the dedicated NGINX config ynh_remove_nginx_config #================================================= # REMOVE PHP-FPM CONFIGURATION #================================================= -#ynh_print_info "Removing php-fpm configuration" +ynh_script_progression --message="Removing PHP-FPM configuration..." --time --weight=1 -# Remove the dedicated php-fpm config -#ynh_remove_fpm_config +# Remove the dedicated PHP-FPM config +ynh_remove_fpm_config #================================================= # REMOVE LOGROTATE CONFIGURATION #================================================= -ynh_print_info "Removing logrotate configuration" +ynh_script_progression --message="Removing logrotate configuration..." --time --weight=1 # Remove the app-specific logrotate config ynh_remove_logrotate -#================================================= -# CLOSE A PORT -#================================================= - -if yunohost firewall list | grep -q "\- $port$" -then - ynh_print_info "Closing port $port" - ynh_exec_warn_less yunohost firewall disallow TCP "$port" -fi - -#================================================= -# SPECIFIC REMOVE -#================================================= -# REMOVE THE CRON FILE -#================================================= - -# Remove a cron file -ynh_secure_remove "/etc/cron.d/$app" - -# Remove a directory securely -ynh_secure_remove "/etc/$app/" - -# Remove the log files -ynh_secure_remove "/var/log/$app/" - #================================================= # GENERIC FINALIZATION #================================================= # REMOVE DEDICATED USER #================================================= -ynh_print_info "Removing the dedicated system user" +ynh_script_progression --message="Removing the dedicated system user..." --time --weight=1 # Delete a system user -ynh_system_user_delete "$app" +ynh_system_user_delete --username=$app #================================================= # END OF SCRIPT #================================================= -ynh_print_info "Removal of $app completed" +ynh_script_progression --message="Removal of $app completed" --time --last