diff --git a/check_process b/check_process index 8028b3e..8ac07eb 100644 --- a/check_process +++ b/check_process @@ -1,5 +1,4 @@ ;; Test complet - auto_remove=1 ; Manifest domain="domain.tld" (DOMAIN) path="/path" (PATH) @@ -14,21 +13,21 @@ upgrade=1 backup_restore=1 multi_instance=0 - wrong_user=1 - wrong_path=1 incorrect_path=1 - corrupt_source=0 - fail_download_source=0 port_already_use=0 - final_path_already_use=0 + change_url=0 ;;; Levels Level 1=auto Level 2=auto Level 3=auto Level 4=na - Level 5=auto +# Level 5: https://github.com/YunoHost-Apps/phpmyadmin_ynh/issues/62 + Level 5=1 Level 6=auto Level 7=auto Level 8=0 Level 9=0 Level 10=0 +;;; Options +Email= +Notification=none diff --git a/conf/app.src b/conf/app.src new file mode 100644 index 0000000..021b984 --- /dev/null +++ b/conf/app.src @@ -0,0 +1,6 @@ +SOURCE_URL=https://github.com/phpmyadmin/phpmyadmin/archive/RELEASE_4_7_4.tar.gz +SOURCE_SUM=c3b49600af094ec09c9098588973a8afbaa76e334bb47b072e70adf8d5c12704 +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=tar.gz +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= diff --git a/conf/config.inc.php b/conf/config.inc.php index 19a8862..504ddf4 100644 --- a/conf/config.inc.php +++ b/conf/config.inc.php @@ -5,28 +5,24 @@ * manual configuration. For easier setup you can use setup/ * * All directives are explained in documentation in the doc/ folder - * or at . + * or at . * * @package PhpMyAdmin */ -/* +/** * This is needed for cookie based authentication to encrypt password in - * cookie + * cookie. Needs to be 32 chars long. */ -/* [YunoHost] - * We use the 'config' auth mode, so we don't care about settings - * specific to the 'cookie' auth mode - */ -$cfg['blowfish_secret'] = 'NOT_USED'; +$cfg['blowfish_secret'] = ''; /* YOU MUST FILL IN THIS FOR COOKIE AUTH! */ -/* +/** * Servers configuration */ $i = 0; -/* +/** * First server */ $i++; @@ -35,18 +31,18 @@ $cfg['Servers'][$i]['auth_type'] = 'config'; $cfg['Servers'][$i]['user'] = 'root'; $cfg['Servers'][$i]['password'] = 'YNH_MYSQL_ROOT_PASSWORD'; /* Server parameters */ - /* $cfg['Servers'][$i]['host'] = 'localhost'; $cfg['Servers'][$i]['connect_type'] = 'tcp'; $cfg['Servers'][$i]['compress'] = false; +$cfg['Servers'][$i]['AllowNoPassword'] = false; */ /* Select mysql if your server does not have mysqli */ $cfg['Servers'][$i]['extension'] = 'mysqli'; $cfg['Servers'][$i]['AllowNoPassword'] = false; -/* +/** * phpMyAdmin configuration storage settings. */ @@ -77,24 +73,29 @@ $cfg['Servers'][$i]['savedsearches'] = 'pma__savedsearches'; $cfg['Servers'][$i]['favorite'] = 'pma__favorite'; $cfg['Servers'][$i]['central_columns'] = 'pma__central_columns'; $cfg['Servers'][$i]['tracking'] = 'pma__tracking'; - -// 4.5.3.1 update $cfg['Servers'][$i]['designer_settings'] = 'pma__designer_settings'; $cfg['Servers'][$i]['export_templates'] = 'pma__export_templates'; /* Contrib / Swekey authentication */ // $cfg['Servers'][$i]['auth_swekey_config'] = '/etc/swekey-pma.conf'; -/* +/** * End of servers configuration */ -/* +/** * Directories for saving/loading files from server */ $cfg['UploadDir'] = ''; $cfg['SaveDir'] = ''; +/** + * Whether to display icons or text or both icons and text in table row + * action segment. Value can be either of 'icons', 'text' or 'both'. + * default = 'both' + */ +//$cfg['RowActionType'] = 'icons'; + /** * Defines whether a user should be displayed a "show all (records)" * button in browse mode or not. @@ -105,20 +106,21 @@ $cfg['SaveDir'] = ''; /** * Number of rows displayed when browsing a result set. If the result * set contains more rows, "Previous" and "Next". - * default = 30 + * Possible values: 25, 50, 100, 250, 500 + * default = 25 */ //$cfg['MaxRows'] = 50; /** - * disallow editing of binary fields + * Disallow editing of binary fields * valid values are: * false allow editing * 'blob' allow editing except for BLOB fields * 'noblob' disallow editing except for BLOB fields * 'all' disallow editing - * default = blob + * default = 'blob' */ -//$cfg['ProtectBinary'] = 'false'; +//$cfg['ProtectBinary'] = false; /** * Default language to use, if not browser-defined or user-defined @@ -129,12 +131,6 @@ $cfg['SaveDir'] = ''; //$cfg['DefaultLang'] = 'en'; //$cfg['DefaultLang'] = 'de'; -/** - * default display direction (horizontal|vertical|horizontalflipped) - */ -//$cfg['DefaultDisplay'] = 'vertical'; - - /** * How many columns should be used for table display of a database? * (a value larger than 1 results in some information being hidden) @@ -153,20 +149,21 @@ $cfg['SaveDir'] = ''; /** * When using DB-based query history, how many entries should be kept? - * * default = 25 */ //$cfg['QueryHistoryMax'] = 100; /** - * Should error reporting be enabled for JavaScript errors + * Whether or not to query the user before sending the error report to + * the phpMyAdmin team when a JavaScript error occurs * - * default = 'ask' + * Available options + * ('ask' | 'always' | 'never') + * default = 'ask' */ -//$cfg['SendErrorReports'] = 'ask'; +//$cfg['SendErrorReports'] = 'always'; -/* +/** * You can find more configuration options in the documentation - * in the doc/ folder or at . + * in the doc/ folder or at . */ -?> diff --git a/conf/nginx.conf b/conf/nginx.conf index d0819fc..fac6349 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,14 +1,19 @@ -location YNH_WWW_PATH { - alias YNH_WWW_ALIAS/ ; +location __PATH__ { + + alias __FINALPATH__/ ; + if ($scheme = http) { rewrite ^ https://$server_name$request_uri? permanent; } + index index.php; + client_max_body_size 50M; + try_files $uri $uri/ index.php; location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; - fastcgi_pass unix:/var/run/php5-fpm-NAMETOCHANGE.sock; + fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_param REMOTE_USER $remote_user; diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index 23c6fa7..261c431 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -1,7 +1,7 @@ ; Start a new pool named 'www'. ; the variable $pool can we used in any directive and will be replaced by the ; pool name ('www' here) -[NAMETOCHANGE] +[__NAMETOCHANGE__] ; Per pool prefix ; It only applies on the following directives: @@ -16,6 +16,12 @@ ; Default Value: none ;prefix = /path/to/pools/$pool +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = __USER__ +group = __USER__ + ; The address on which to accept FastCGI requests. ; Valid syntaxes are: ; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on @@ -24,12 +30,21 @@ ; specific port; ; '/path/to/unix/socket' - to listen on a unix socket. ; Note: This value is mandatory. -listen = /var/run/php5-fpm-NAMETOCHANGE.sock +listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock ; Set listen(2) backlog. A value of '-1' means unlimited. ; Default Value: 128 (-1 on FreeBSD and OpenBSD) -;listen.backlog = -1 +;listen.backlog = 128 +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. +; Default Values: user and group are set as the running user +; mode is set to 0660 +listen.owner = www-data +listen.group = www-data +;listen.mode = 0660 + ; List of ipv4 addresses of FastCGI clients which are allowed to connect. ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original ; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address @@ -38,26 +53,20 @@ listen = /var/run/php5-fpm-NAMETOCHANGE.sock ; Default Value: any ;listen.allowed_clients = 127.0.0.1 -; Set permissions for unix socket, if one is used. In Linux, read/write -; permissions must be set in order to allow connections from a web server. Many -; BSD-derived systems allow connections regardless of permissions. -; Default Values: user and group are set as the running user -; mode is set to 0666 -listen.owner = www-data -listen.group = www-data -listen.mode = 0600 - -; Unix user/group of processes -; Note: The user is mandatory. If the group is not set, the default user's group -; will be used. -user = www-data -group = www-data +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; priority = -19 ; Choose how the process manager will control the number of child processes. ; Possible Values: ; static - a fixed number (pm.max_children) of child processes; ; dynamic - the number of child processes are set dynamically based on the -; following directives: +; following directives. With this process management, there will be +; always at least 1 children. ; pm.max_children - the maximum number of children that can ; be alive at the same time. ; pm.start_servers - the number of children created on startup. @@ -69,34 +78,46 @@ group = www-data ; state (waiting to process). If the number ; of 'idle' processes is greater than this ; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. ; Note: This value is mandatory. pm = dynamic ; The number of child processes to be created when pm is set to 'static' and the -; maximum number of child processes to be created when pm is set to 'dynamic'. +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. ; This value sets the limit on the number of simultaneous requests that will be ; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. ; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP -; CGI. -; Note: Used when pm is set to either 'static' or 'dynamic' +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' ; Note: This value is mandatory. -pm.max_children = 6 +pm.max_children = 10 ; The number of child processes created on startup. ; Note: Used only when pm is set to 'dynamic' ; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 -pm.start_servers = 3 +pm.start_servers = 2 ; The desired minimum number of idle server processes. ; Note: Used only when pm is set to 'dynamic' ; Note: Mandatory when pm is set to 'dynamic' -pm.min_spare_servers = 3 +pm.min_spare_servers = 1 ; The desired maximum number of idle server processes. ; Note: Used only when pm is set to 'dynamic' ; Note: Mandatory when pm is set to 'dynamic' -pm.max_spare_servers = 5 +pm.max_spare_servers = 3 +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + ; The number of requests each child process should execute before respawning. ; This can be useful to work around memory leaks in 3rd party libraries. For ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. @@ -104,38 +125,103 @@ pm.max_spare_servers = 5 pm.max_requests = 500 ; The URI to view the FPM status page. If this value is not set, no URI will be -; recognized as a status page. By default, the status page shows the following -; information: -; accepted conn - the number of request accepted by the pool; +; recognized as a status page. It shows the following informations: ; pool - the name of the pool; -; process manager - static or dynamic; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; ; idle processes - the number of idle processes; ; active processes - the number of active processes; -; total processes - the number of idle + active processes. +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; ; max children reached - number of times, the process limit has been reached, ; when pm tries to start more children (works only for -; pm 'dynamic') -; The values of 'idle processes', 'active processes' and 'total processes' are -; updated each second. The value of 'accepted conn' is updated in real time. +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. ; Example output: -; accepted conn: 12073 ; pool: www ; process manager: static -; idle processes: 35 -; active processes: 65 -; total processes: 100 -; max children reached: 1 +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; ; By default the status page output is formatted as text/plain. Passing either -; 'html' or 'json' as a query string will return the corresponding output -; syntax. Example: +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: ; http://www.foo.bar/status ; http://www.foo.bar/status?json ; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: ${prefix}/share/fpm/status.html +; ; Note: The value must start with a leading slash (/). The value can be ; anything, but it may not be a good idea to use the .php extension or it ; may conflict with a real PHP file. ; Default Value: not set -pm.status_path = /fpm-status +;pm.status_path = /status ; The ping URI to call the monitoring page of FPM. If this value is not set, no ; URI will be recognized as a ping page. This could be used to test from outside @@ -147,46 +233,105 @@ pm.status_path = /fpm-status ; anything, but it may not be a good idea to use the .php extension or it ; may conflict with a real PHP file. ; Default Value: not set -ping.path = /ping +;ping.path = /ping ; This directive may be used to customize the response of a ping request. The ; response is formatted as text/plain with a 200 response code. ; Default Value: pong ;ping.response = pong -; The timeout for serving a single request after which the worker process will -; be killed. This option should be used when the 'max_execution_time' ini option -; does not stop script execution for some reason. A value of '0' means 'off'. -; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) -; Default Value: 0 -request_terminate_timeout = 600s +; The access log file +; Default: not set +;access.log = log/$pool.access.log +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{miliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some exemples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: ouput header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log + ; The timeout for serving a single request after which a PHP backtrace will be ; dumped to the 'slowlog' file. A value of '0s' means 'off'. ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Default Value: 0 request_slowlog_timeout = 5s - -; The log file for slow requests -; Default Value: not set -; Note: slowlog is mandatory if request_slowlog_timeout is set -slowlog = /var/log/nginx/NAMETOCHANGE.slow.log - + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +request_terminate_timeout = 1d + ; Set open file descriptor rlimit. ; Default Value: system defined value -rlimit_files = 4096 - +;rlimit_files = 1024 + ; Set max core size rlimit. ; Possible Values: 'unlimited' or an integer greater or equal to 0 ; Default Value: system defined value -rlimit_core = 0 - +;rlimit_core = 0 + ; Chroot to this directory at the start. This value must be defined as an ; absolute path. When this value is not set, chroot is not used. ; Note: you can prefix with '$prefix' to chroot to the pool prefix or one ; of its subdirectories. If the pool prefix is not set, the global prefix ; will be used instead. -; Note: chrooting is a great security feature and should be used whenever +; Note: chrooting is a great security feature and should be used whenever ; possible. However, all PHP paths will be relative to the chroot ; (error_log, sessions.save_path, ...). ; Default Value: not set @@ -195,7 +340,7 @@ rlimit_core = 0 ; Chdir to this directory at the start. ; Note: relative path can be used. ; Default Value: current directory or / when chroot -chdir = /var/www/NAMETOCHANGE +chdir = __FINALPATH__ ; Redirect worker stdout and stderr into main error log. If not set, stdout and ; stderr will be redirected to /dev/null according to FastCGI specs. @@ -204,6 +349,14 @@ chdir = /var/www/NAMETOCHANGE ; Default Value: no catch_workers_output = yes +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; exectute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 + ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from ; the current environment. ; Default Value: clean env @@ -217,7 +370,7 @@ catch_workers_output = yes ; overwrite the values previously defined in the php.ini. The directives are the ; same as the PHP SAPI: ; php_value/php_flag - you can set classic ini defines which can -; be overwritten from PHP call 'ini_set'. +; be overwritten from PHP call 'ini_set'. ; php_admin_value/php_admin_flag - these directives won't be overwritten by ; PHP call 'ini_set' ; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. diff --git a/manifest.json b/manifest.json index 3a48966..48b1dc5 100644 --- a/manifest.json +++ b/manifest.json @@ -6,15 +6,16 @@ "en": "Manage MySQL databases over the web", "fr": "Application web de gestion des bases de données MySQL" }, + "version": "4.7.4", "url": "http://www.phpmyadmin.net", + "license": "GPL-2", "maintainer": { "name": "julien", "email": "julien.malik@paraiso.me" }, "requirements": { - "yunohost": ">= 2.4" + "yunohost": ">= 2.7.2" }, - "license": "free", "multi_instance": false, "services": [ "nginx", diff --git a/scripts/.fonctions b/scripts/.fonctions deleted file mode 100755 index 2eaaa56..0000000 --- a/scripts/.fonctions +++ /dev/null @@ -1,227 +0,0 @@ -#!/bin/bash - -CHECK_VAR () { # Vérifie que la variable n'est pas vide. -# $1 = Variable à vérifier -# $2 = Texte à afficher en cas d'erreur - test -n "$1" || (echo "$2" >&2 && false) -} - -EXIT_PROPERLY () { # Provoque l'arrêt du script en cas d'erreur. Et nettoye les résidus. - exit_code=$? - if [ "$exit_code" -eq 0 ]; then - exit 0 # Quitte sans erreur si le script se termine correctement. - fi - trap '' EXIT - set +eu - echo -e "\e[91m \e[1m" # Shell in light red bold - echo -e "!!\n $app install's script has encountered an error. Installation was cancelled.\n!!" >&2 - - if type -t CLEAN_SETUP > /dev/null; then # Vérifie l'existance de la fonction avant de l'exécuter. - CLEAN_SETUP # Appel la fonction de nettoyage spécifique du script install. - fi - - # Compense le bug de ssowat qui ne supprime pas l'entrée de l'app en cas d'erreur d'installation. - sudo sed -i "\@\"$domain$path/\":@d" /etc/ssowat/conf.json - - ynh_die -} - -TRAP_ON () { # Activate signal capture - set -eu # Exit if a command fail, and if a variable is used unset. - trap EXIT_PROPERLY EXIT # Capturing exit signals on shell script -} - -# Ignore the yunohost-cli log to prevent errors with conditionals commands -# usage: NO_LOG COMMAND -# Simply duplicate the log, execute the yunohost command and replace the log without the result of this command -# It's a very badly hack... -# Petite copie perso à mon usage ;) -NO_LOG() { - ynh_cli_log=/var/log/yunohost/yunohost-cli.log - sudo cp -a ${ynh_cli_log} ${ynh_cli_log}-move - eval $@ - exit_code=$? - sudo mv ${ynh_cli_log}-move ${ynh_cli_log} - return $? -} - -CHECK_USER () { # Vérifie la validité de l'user admin -# $1 = Variable de l'user admin. - ynh_user_exists "$1" || (echo "Wrong admin" >&2 && false) -} - -CHECK_PATH () { # Vérifie la présence du / en début de path. Et son absence à la fin. - if [ "${path:0:1}" != "/" ]; then # Si le premier caractère n'est pas un / - path="/$path" # Ajoute un / en début de path - fi - if [ "${path:${#path}-1}" == "/" ] && [ ${#path} -gt 1 ]; then # Si le dernier caractère est un / et que ce n'est pas le seul caractère. - path="${path:0:${#path}-1}" # Supprime le dernier caractère - fi -} - -CHECK_DOMAINPATH () { # Vérifie la disponibilité du path et du domaine. - sudo yunohost app checkurl $domain$path -a $app -} - -CHECK_FINALPATH () { # Vérifie que le dossier de destination n'est pas déjà utilisé. - final_path=/var/www/$app - if [ -e "$final_path" ] - then - echo "This path already contains a folder" >&2 - false - fi -} - -GENERATE_DB () { # Créer une base de données et un utilisateur dédié au nom de l'app. -# $1 = Nom de la base de donnée - db_user=$1 - db_user=${db_user//-/_} # mariadb ne supporte pas les - dans les noms de base de données. Ils sont donc remplacé par des _ - # Génère un mot de passe aléatoire. -# db_pwd=$(head -n20 /dev/urandom | tr -c -d 'A-Za-z0-9' | head -c20) - db_pwd=$(ynh_string_random) - CHECK_VAR "$db_pwd" "db_pwd empty" - # Utilise '$app' comme nom d'utilisateur et de base de donnée - # Initialise la base de donnée et stocke le mot de passe mysql. - ynh_mysql_create_db "$db_user" "$db_user" $db_pwd - ynh_app_setting_set $app mysqlpwd $db_pwd -} - -SETUP_SOURCE () { # Télécharge la source, décompresse et copie dans $final_path -# $1 = Nom de l'archive téléchargée. - wget -nv -i ../sources/source_url -O $1 - # Vérifie la somme de contrôle de la source téléchargée. - md5sum -c ../sources/source_md5 --status || (echo "Corrupt source" >&2 && false) - # Décompresse la source - if [ "$(echo ${1##*.})" == "gz" ]; then - tar -x -f $1 - elif [ "$(echo ${1##*.})" == "zip" ]; then - unzip -q $1 - else - false # Format d'archive non pris en charge. - fi - # Copie les fichiers sources - sudo cp -a $(cat ../sources/source_dir)/. "$final_path" - # Copie les fichiers additionnels ou modifiés. - if test -e "../sources/ajouts"; then - sudo cp -a ../sources/ajouts/. "$final_path" - fi -} - -ADD_SYS_USER () { # Créer un utilisateur système dédié à l'app - if ! ynh_system_user_exists "$app" # Test l'existence de l'utilisateur - then - sudo useradd -d /var/www/$app --system --user-group $app --shell /usr/sbin/nologin || (echo "Unable to create $app system account" >&2 && false) - fi -} - -POOL_FPM () { # Créer le fichier de configuration du pool php-fpm et le configure. - sed -i "s@__NAMETOCHANGE__@$app@g" ../conf/php-fpm.conf - sed -i "s@__FINALPATH__@$final_path@g" ../conf/php-fpm.conf - sed -i "s@__USER__@$app@g" ../conf/php-fpm.conf - finalphpconf=/etc/php5/fpm/pool.d/$app.conf - sudo cp ../conf/php-fpm.conf $finalphpconf - sudo chown root: $finalphpconf - finalphpini=/etc/php5/fpm/conf.d/20-$app.ini - sudo cp ../conf/php-fpm.ini $finalphpini - sudo chown root: $finalphpini - sudo service php5-fpm reload -} - -STORE_MD5_CONFIG () { # Enregistre la somme de contrôle du fichier de config -# $1 = Nom du fichier de conf pour le stockage dans settings.yml -# $2 = Nom complet et chemin du fichier de conf. - ynh_app_setting_set $app $1_file_md5 $(sudo md5sum "$2" | cut -d' ' -f1) -} - -CHECK_MD5_CONFIG () { # Créé un backup du fichier de config si il a été modifié. -# $1 = Nom du fichier de conf pour le stockage dans settings.yml -# $2 = Nom complet et chemin du fichier de conf. - if [ "$(ynh_app_setting_get $app $1_file_md5)" != $(sudo md5sum "$2" | cut -d' ' -f1) ]; then - sudo cp -a "$2" "$2.backup.$(date '+%d.%m.%y_%Hh%M,%Ss')" # Si le fichier de config a été modifié, créer un backup. - fi -} - -FIND_PORT () { # Cherche un port libre. -# $1 = Numéro de port pour débuter la recherche. - port=$1 - while ! sudo yunohost app checkport $port ; do - port=$((port+1)) - done - CHECK_VAR "$port" "port empty" -} - - -### REMOVE SCRIPT - -REMOVE_NGINX_CONF () { # Suppression de la configuration nginx - if [ -e "/etc/nginx/conf.d/$domain.d/$app.conf" ]; then # Delete nginx config - echo "Delete nginx config" - sudo rm "/etc/nginx/conf.d/$domain.d/$app.conf" -# sudo service nginx reload - fi -} - -REMOVE_FPM_CONF () { # Suppression de la configuration du pool php-fpm - if [ -e "/etc/php5/fpm/pool.d/$app.conf" ]; then # Delete fpm config - echo "Delete fpm config" - sudo rm "/etc/php5/fpm/pool.d/$app.conf" - fi - if [ -e "/etc/php5/fpm/conf.d/20-$app.ini" ]; then # Delete php config - echo "Delete php config" - sudo rm "/etc/php5/fpm/conf.d/20-$app.ini" - fi -# sudo service php5-fpm reload -} - -REMOVE_LOGROTATE_CONF () { # Suppression de la configuration de logrotate - if [ -e "/etc/logrotate.d/$app" ]; then - echo "Delete logrotate config" - sudo rm "/etc/logrotate.d/$app" - fi -} - -SECURE_REMOVE () { # Suppression de dossier avec vérification des variables - chaine="$1" # L'argument doit être donné entre quotes simple '', pour éviter d'interpréter les variables. - no_var=0 - while (echo "$chaine" | grep -q '\$') # Boucle tant qu'il y a des $ dans la chaine - do - no_var=1 - global_var=$(echo "$chaine" | cut -d '$' -f 2) # Isole la première variable trouvée. - only_var=\$$(expr "$global_var" : '\([A-Za-z0-9_]*\)') # Isole complètement la variable en ajoutant le $ au début et en gardant uniquement le nom de la variable. Se débarrasse surtout du / et d'un éventuel chemin derrière. - real_var=$(eval "echo ${only_var}") # `eval "echo ${var}` permet d'interpréter une variable contenue dans une variable. - if test -z "$real_var" || [ "$real_var" = "/" ]; then - echo "Variable $only_var is empty, suppression of $chaine cancelled." >&2 - return 1 - fi - chaine=$(echo "$chaine" | sed "s@$only_var@$real_var@") # remplace la variable par sa valeur dans la chaine. - done - if [ "$no_var" -eq 1 ] - then - if [ -e "$chaine" ]; then - echo "Delete directory $chaine" - sudo rm -r "$chaine" - fi - return 0 - else - echo "No detected variable." >&2 - return 1 - fi -} - -REMOVE_BDD () { # Suppression de la base de donnée et de l'utilisateur associé. -# $1 = Nom de la base de donnée - # Utilise '$app' comme nom d'utilisateur et de base de donnée - db_user=$1 - if mysqlshow -u root -p$(sudo cat $MYSQL_ROOT_PWD_FILE) | grep -q "^| $db_user"; then - echo "Delete db" - ynh_mysql_drop_db $db_user - ynh_mysql_drop_user $db_user - fi -} - -REMOVE_SYS_USER () { # Supprime l'utilisateur système dédié à l'app - if ynh_system_user_exists "$app" # Test l'existence de l'utilisateur - then - sudo userdel $app - fi -} diff --git a/scripts/backup b/scripts/backup index 88947a2..9bdb6f7 100644 --- a/scripts/backup +++ b/scripts/backup @@ -1,30 +1,58 @@ #!/bin/bash + +#================================================= +# GENERIC START +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +# Exit on command errors and treat access to unset variables as an error set -eu -# Source app helpers + +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +# if [ ! -e _common.sh ]; then +# # Get the _common.sh file if it's not in the current directory +# cp ../settings/scripts/_common.sh ./_common.sh +# chmod a+rx _common.sh +# fi +# source _common.sh source /usr/share/yunohost/helpers -# Récupère les infos de l'application. +#================================================= +# LOAD SETTINGS +#================================================= + app=$YNH_APP_INSTANCE_NAME final_path=$(ynh_app_setting_get $app final_path) domain=$(ynh_app_setting_get $app domain) -db_user=$(ynh_app_setting_get $app db_user) +db_name=$(ynh_app_setting_get $app db_name) -# The parameter $1 is the backup directory location -# which will be compressed afterward +#================================================= +# STANDARD BACKUP STEPS +#================================================= +# BACKUP THE APP MAIN DIR +#================================================= -# Backup sources & data -ynh_backup "$final_path" "sources" +ynh_backup "$final_path" -# Copy Nginx and YunoHost parameters to make the script "standalone" -ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" "nginx.conf" +#================================================= +# BACKUP THE NGINX CONFIGURATION +#================================================= -ynh_backup "/etc/yunohost/apps/$app/" "yunohost" +ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" -# Copy dedicated php-fpm process to backup folder -ynh_backup "/etc/php5/fpm/pool.d/$app.conf" "php-fpm.conf" +#================================================= +# BACKUP THE PHP-FPM CONFIGURATION +#================================================= -# Backup db -root_pwd=$(sudo cat /etc/yunohost/mysql) -sudo mysqldump -u root -p$root_pwd --no-create-db $db_user --result-file="db.sql" -ynh_backup "db.sql" "backupdb.sql" +ynh_backup "/etc/php5/fpm/pool.d/$app.conf" + +#================================================= +# BACKUP THE MYSQL DATABASE +#================================================= + +ynh_mysql_dump_db "$db_name" > db.sql diff --git a/scripts/install b/scripts/install index 9ce4b14..8a0c07b 100644 --- a/scripts/install +++ b/scripts/install @@ -1,96 +1,140 @@ #!/bin/bash -source .fonctions # Charge les fonctions génériques habituellement utilisées dans le script +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -TRAP_ON # Active trap pour arrêter le script si une erreur est détectée. - -# Retrieve arguments -app=$YNH_APP_INSTANCE_NAME -domain=$YNH_APP_ARG_DOMAIN -path=$YNH_APP_ARG_PATH -admin=$YNH_APP_ARG_ADMIN - - -# Source app helpers +# source _common.sh source /usr/share/yunohost/helpers -# Vérifie que les variables ne sont pas vides. -CHECK_VAR "$app" "app name not set" +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= -CHECK_USER "$admin" # Vérifie la validité de l'user admin +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors -CHECK_PATH # Vérifie et corrige la syntaxe du path. -CHECK_DOMAINPATH # Vérifie la disponibilité du path et du domaine. +#================================================= +# RETRIEVE ARGUMENTS FROM THE MANIFEST +#================================================= -# Créer le repertoire de destination et stocke son emplacement. -CHECK_FINALPATH # Vérifie que le dossier de destination n'est pas déjà utilisé. -sudo mkdir "$final_path" -ynh_app_setting_set $app final_path $final_path +domain=$YNH_APP_ARG_DOMAIN +path_url=$YNH_APP_ARG_PATH +admin=$YNH_APP_ARG_ADMIN + +app=$YNH_APP_INSTANCE_NAME + +#================================================= +# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS +#================================================= + +final_path=/var/www/$app +test ! -e "$final_path" || ynh_die "This path already contains a folder" + +# Normalize the url path syntax +path_url=$(ynh_normalize_url_path $path_url) + +# Check web path availability +ynh_webpath_available $domain $path_url +# Register (book) web path +ynh_webpath_register $app $domain $path_url + +#================================================= +# STORE SETTINGS FROM MANIFEST +#================================================= -# Enregistre les infos dans la config YunoHost ynh_app_setting_set $app domain $domain -ynh_app_setting_set $app path $path +ynh_app_setting_set $app path $path_url ynh_app_setting_set $app admin $admin -# Copy files to the right place -version=$(cat ../sources/upstream_version) -sudo wget -nv https://files.phpmyadmin.net/phpMyAdmin/$version/phpMyAdmin-$version-all-languages.tar.gz -O phpMyAdmin-$version-all-languages.tar.gz -sudo wget -nv https://files.phpmyadmin.net/phpMyAdmin/$version/phpMyAdmin-$version-all-languages.tar.gz.sha256 -O phpMyAdmin-$version-all-languages.tar.gz.sha256 -sudo sha256sum -c phpMyAdmin-$version-all-languages.tar.gz.sha256 --status || (echo "Corrupt source" >&2 && false) -sudo tar xzf phpMyAdmin-$version-all-languages.tar.gz -C ../sources/ > /dev/null 2>&1 -sudo cp -a ../sources/phpMyAdmin-$version-all-languages/. "$final_path" +#================================================= +# STANDARD MODIFICATIONS +#================================================= +# CREATE A MYSQL DATABASE +#================================================= -# Create db -db_user=$app -db_user=${db_user//-/_} # mariadb ne supporte pas les - dans les noms de base de données. Ils sont donc remplacé par des _ -# Génère un mot de passe aléatoire. -db_pwd=$(ynh_string_random) -CHECK_VAR "$db_pwd" "db_pwd empty" -ynh_mysql_create_db "$db_user" "$db_user" $db_pwd -ynh_app_setting_set $app mysqlpwd $db_pwd -ynh_app_setting_set $app db_user $db_user -sed -i "s@YNH_PMA_USER@$db_user@g" ../conf/create_db.sql -sudo mysql -u root -p$(sudo cat /etc/yunohost/mysql) < ../conf/create_db.sql -sudo sed -i "s@phpmyadmin@$db_user@g" $final_path/sql/create_tables.sql -sudo mysql -u $db_user -p$db_pwd < $final_path/sql/create_tables.sql +db_name=$(ynh_sanitize_dbid $app) +ynh_app_setting_set $app db_name $db_name +ynh_mysql_setup_db $db_name $db_name -# Configuration -echo "Configuring application..." -sed -i "s@YNH_DOMAIN@$domain@g" ../conf/config.inc.php -sed -i "s@YNH_PMA_USER@$db_user@g" ../conf/config.inc.php -sed -i "s@YNH_PMA_PASSWORD@$db_pwd@g" ../conf/config.inc.php -sed -i "s@YNH_MYSQL_ROOT_PASSWORD@$(sudo cat /etc/yunohost/mysql)@g" ../conf/config.inc.php -sudo cp ../conf/config.inc.php $final_path +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= -# Files owned by root, www-data can just read -echo "Setting permission..." -sudo chown -R root: $final_path -sudo find $final_path -type f -exec chmod 644 {} \; -sudo find $final_path -type d -exec chmod 755 {} \; +ynh_app_setting_set $app final_path $final_path +# Download, check integrity, uncompress and patch the source from app.src +ynh_setup_source "$final_path" + +#================================================= +# NGINX CONFIGURATION +#================================================= + +# Create a dedicated nginx config +ynh_add_nginx_config + +#================================================= +# CREATE DEDICATED USER +#================================================= + +# Create a system user +ynh_system_user_create $app + +#================================================= +# PHP-FPM CONFIGURATION +#================================================= + +# Create a dedicated php-fpm config +ynh_add_fpm_config + +#================================================= +# SPECIFIC SETUP +#================================================= +# POPULATE THE DATABASE +#================================================= + +ynh_replace_string "YNH_PMA_USER" "$db_name" ../conf/create_db.sql +ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" \ + < ../conf/create_db.sql +ynh_replace_string "phpmyadmin" "$db_name" $final_path/sql/create_tables.sql +ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" \ + < $final_path/sql/create_tables.sql + +#================================================= +# CONFIGURE PHPMYADMIN +#================================================= + +ynh_replace_string "YNH_DOMAIN" "$domain" ../conf/config.inc.php +ynh_replace_string "YNH_PMA_USER" "$db_name" ../conf/config.inc.php +ynh_replace_string "YNH_PMA_PASSWORD" "$db_pwd" ../conf/config.inc.php +ynh_replace_string "YNH_MYSQL_ROOT_PASSWORD" "$(cat $MYSQL_ROOT_PWD_FILE)" ../conf/config.inc.php +cp ../conf/config.inc.php $final_path + +# Recalculate and store the config file checksum into the app settings +ynh_store_file_checksum "$final_path/config.inc.php" + +#================================================= +# GENERIC FINALIZATION +#================================================= +# SECURE FILES AND DIRECTORIES +#================================================= + +# Set permissions to app files +chown -R root: $final_path # config.inc.php contains sensitive data, restrict its access -sudo chown root:www-data $final_path/config.inc.php -sudo chmod 640 $final_path/config.inc.php +chown root:$app $final_path/config.inc.php +chmod 640 $final_path/config.inc.php -# Modify Nginx configuration file and copy it to Nginx conf directory -echo "Setting up nginx configuration..." -sed -i "s@YNH_WWW_PATH@$path@g" ../conf/nginx.conf -sed -i "s@YNH_WWW_ALIAS@$final_path@g" ../conf/nginx.conf -sed -i "s@NAMETOCHANGE@$app@g" ../conf/nginx.conf -nginxconf=/etc/nginx/conf.d/$domain.d/$app.conf -sudo cp ../conf/nginx.conf $nginxconf -sudo chown root: $nginxconf -sudo chmod 644 $nginxconf +#================================================= +# SETUP SSOWAT +#================================================= -# Add dedicated php-fpm to be able to upload bigger database -sed -i "s@NAMETOCHANGE@$app@g" ../conf/php-fpm.conf -phpfpmconf=/etc/php5/fpm/pool.d/$app.conf -sudo cp ../conf/php-fpm.conf $phpfpmconf -sudo chown root: $phpfpmconf -sudo chmod 644 $phpfpmconf +# Restrict access to admin only +yunohost app addaccess --users=$admin $app -# We grant access to admin only -sudo yunohost app addaccess --users=$admin $app +#================================================= +# RELOAD NGINX +#================================================= -sudo service php5-fpm reload -sudo service nginx reload -sudo yunohost app ssowatconf +systemctl reload nginx diff --git a/scripts/remove b/scripts/remove index aec41e7..73d2504 100644 --- a/scripts/remove +++ b/scripts/remove @@ -1,30 +1,59 @@ #!/bin/bash -set -u -source .fonctions # Charge les fonctions génériques habituellement utilisées dans le script +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -# Récupère les infos de l'application. -app=$YNH_APP_INSTANCE_NAME - -# Source app helpers +# source _common.sh source /usr/share/yunohost/helpers +#================================================= +# LOAD SETTINGS +#================================================= + +app=$YNH_APP_INSTANCE_NAME + domain=$(ynh_app_setting_get $app domain) -db_user=$(ynh_app_setting_get $app db_user) +db_name=$(ynh_app_setting_get $app db_name) +final_path=$(ynh_app_setting_get $app final_path) -REMOVE_BDD $db_user # Suppression de la base de donnée et de l'utilisateur associé. +#================================================= +# STANDARD REMOVE +#================================================= +# REMOVE THE MYSQL DATABASE +#================================================= -SECURE_REMOVE '/var/www/$app' # Suppression du dossier de l'application +# Remove a database if it exists, along with the associated user +ynh_mysql_remove_db $db_name $db_name -REMOVE_NGINX_CONF # Suppression de la configuration nginx +#================================================= +# REMOVE APP MAIN DIR +#================================================= -REMOVE_FPM_CONF # Suppression de la configuration du pool php-fpm +# Remove the app directory securely +ynh_secure_remove "$final_path" -# Reload services after cleaning -sudo service php5-fpm reload -sudo service nginx reload +#================================================= +# REMOVE NGINX CONFIGURATION +#================================================= -# Régénère la configuration de SSOwat -sudo yunohost app ssowatconf +# Remove the dedicated nginx config +ynh_remove_nginx_config -echo -e "\e[0m" # Restore normal color +#================================================= +# REMOVE PHP-FPM CONFIGURATION +#================================================= + +# Remove the dedicated php-fpm config +ynh_remove_fpm_config + +#================================================= +# GENERIC FINALIZATION +#================================================= +# REMOVE DEDICATED USER +#================================================= + +# Delete a system user +ynh_system_user_delete $app diff --git a/scripts/restore b/scripts/restore index 7a00cdd..611e363 100644 --- a/scripts/restore +++ b/scripts/restore @@ -1,51 +1,94 @@ #!/bin/bash + +#================================================= +# GENERIC START +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +# Exit on command errors and treat access to unset variables as an error set -eu -# Source app helpers +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +# if [ ! -e _common.sh ]; then +# # Get the _common.sh file if it's not in the current directory +# cp ../settings/scripts/_common.sh ./_common.sh +# chmod a+rx _common.sh +# fi +# source _common.sh source /usr/share/yunohost/helpers -# Récupère les infos de l'application. +#================================================= +# LOAD SETTINGS +#================================================= + app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get $app domain) -path=$(ynh_app_setting_get $app path) +path_url=$(ynh_app_setting_get $app path) admin=$(ynh_app_setting_get $app admin) final_path=$(ynh_app_setting_get $app final_path) -db_user=$(ynh_app_setting_get $app db_user) +db_name=$(ynh_app_setting_get $app db_name) + +#================================================= +# CHECK IF THE APP CAN BE RESTORED +#================================================= + +ynh_webpath_available $domain $path_url \ + || ynh_die "Path not available: ${domain}${path_url}" +test ! -d $final_path \ + || ynh_die "There is already a directory: $final_path " + +#================================================= +# STANDARD RESTORATION STEPS +#================================================= +# RESTORE THE NGINX CONFIGURATION +#================================================= + +ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" + +#================================================= +# RESTORE THE APP MAIN DIR +#================================================= + +ynh_restore_file "$final_path" + +#================================================= +# RESTORE THE MYSQL DATABASE +#================================================= + db_pwd=$(ynh_app_setting_get $app mysqlpwd) +ynh_mysql_setup_db $db_name $db_name $db_pwd +ynh_mysql_connect_as $db_name $db_pwd $db_name < ./db.sql -if [ -d $final_path ]; then - echo "There is already a directory: $final_path " >&2 - ynh_die -fi +#================================================= +# RECREATE THE DEDICATED USER +#================================================= -# Restore Nginx -conf=/etc/nginx/conf.d/$domain.d/$app.conf -if [ -f $conf ]; then - echo "There is already a nginx conf file at this path: $conf " >&2 - ynh_die -fi -sudo cp -a ./nginx.conf $conf +# Create the dedicated user (if not existing) +ynh_system_user_create $app -# Restore YunoHost parameters -sudo cp -a ./yunohost/. /etc/yunohost/apps/$app/ +#================================================= +# RESTORE USER RIGHTS +#================================================= -# Restore sources & data -sudo mkdir -p $final_path -sudo cp -a ./sources/* $final_path/ +# config.inc.php contains sensitive data, restrict its access +chown root:$app $final_path/config.inc.php -ynh_mysql_create_db $db_user $db_user $db_pwd -mysql --debug-check -u $db_user -p$db_pwd $db_user < ./backupdb.sql +#================================================= +# RESTORE THE PHP-FPM CONFIGURATION +#================================================= -# Copy dedicated php-fpm process from backup folder to the right location -sudo cp -a ./php-fpm.conf /etc/php5/fpm/pool.d/$app.conf +ynh_restore_file "/etc/php5/fpm/pool.d/$app.conf" -# We grant access to admin only -sudo yunohost app addaccess --users=$admin $app - -# And Reload services -sudo service php5-fpm reload -sudo service nginx reload - -sudo yunohost app ssowatconf +#================================================= +# GENERIC FINALIZATION +#================================================= +# RELOAD NGINX AND PHP-FPM +#================================================= +systemctl reload php5-fpm +systemctl reload nginx diff --git a/scripts/upgrade b/scripts/upgrade index 67fa5ea..5692f63 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,107 +1,156 @@ #!/bin/bash -set -eu -source .fonctions # Charge les fonctions génériques habituellement utilisées dans le script +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -# Récupère les infos de l'application. -app=$YNH_APP_INSTANCE_NAME - -# Source app helpers +# source _common.sh source /usr/share/yunohost/helpers +#================================================= +# LOAD SETTINGS +#================================================= + +app=$YNH_APP_INSTANCE_NAME + domain=$(ynh_app_setting_get $app domain) -path=$(ynh_app_setting_get $app path) +path_url=$(ynh_app_setting_get $app path) admin=$(ynh_app_setting_get $app admin) final_path=$(ynh_app_setting_get $app final_path) -db_pwd=$(ynh_app_setting_get $app mysqlpwd) -db_user=$(ynh_app_setting_get $app db_user) +db_name=$(ynh_app_setting_get $app db_name) -CHECK_PATH # Vérifie et corrige la syntaxe du path. +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= -# We make the app retro-compatible with previous versions -if [[ -z "$final_path" ]]; -then - final_path="/var/www/$app" - ynh_app_setting_set "$app" final_path "$final_path" -else - echo "${final_path} exists, we don't create it." +# If db_name doesn't exist, create it +if [ -z $db_name ]; then + # In older version, db_name was always phpmyadmin + db_name=phpmyadmin + ynh_app_setting_set $app db_name $db_name fi -# In older version, db_user was always phpmyadmin -if [[ -z "$db_user" ]]; -then - db_user="phpmyadmin" - ynh_app_setting_set "$app" db_user "$db_user" -else - echo "${db_user} exists, we don't create it." +# If final_path doesn't exist, create it +if [ -z $final_path ]; then + final_path="/var/www/$app" + ynh_app_setting_set $app final_path $final_path fi # In older version, the admin setting was admin_user -if [[ -z "$admin" ]]; then - admin=$(ynh_app_setting_get $app admin_user) - ynh_app_setting_set "$app" admin "$admin" - ynh_app_setting_delete $app admin_user +if [ -z $admin ]; then + admin=$(ynh_app_setting_get $app admin_user) + ynh_app_setting_set "$app" admin "$admin" + ynh_app_setting_delete $app admin_user fi +#================================================= +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +#================================================= -# Copy files to the right place -version=$(cat ../sources/upstream_version) -sudo wget -nv https://files.phpmyadmin.net/phpMyAdmin/$version/phpMyAdmin-$version-all-languages.tar.gz -O phpMyAdmin-$version-all-languages.tar.gz -sudo wget -nv https://files.phpmyadmin.net/phpMyAdmin/$version/phpMyAdmin-$version-all-languages.tar.gz.sha256 -O phpMyAdmin-$version-all-languages.tar.gz.sha256 -sudo sha256sum -c phpMyAdmin-$version-all-languages.tar.gz.sha256 --status || (echo "Corrupt source" >&2 && false) -sudo tar xzf phpMyAdmin-$version-all-languages.tar.gz -C ../sources/ > /dev/null 2>&1 -sudo cp -r ../sources/phpMyAdmin-$version-all-languages/. "$final_path" +ynh_backup_before_upgrade # Backup the current version of the app +ynh_clean_setup () { + ynh_restore_upgradebackup # restore it if the upgrade fails +} +ynh_abort_if_errors # Exit if an error occurs during the execution of the script -# Update tables +#================================================= +# CHECK THE PATH +#================================================= +# Normalize the URL path syntax +path_url=$(ynh_normalize_url_path $path_url) + +#================================================= +# STANDARD UPGRADE STEPS +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= + +# Download, check integrity, uncompress and patch the source from app.src +ynh_setup_source "$final_path" + +#================================================= +# NGINX CONFIGURATION +#================================================= + +# Create a dedicated nginx config +ynh_add_nginx_config + +#================================================= +# CREATE DEDICATED USER +#================================================= + +# Create a system user +ynh_system_user_create $app + +#================================================= +# PHP-FPM CONFIGURATION +#================================================= + +# Create a dedicated php-fpm config +ynh_add_fpm_config + +#================================================= +# SPECIFIC UPGRADE +#================================================= +# UPGRADE THE DATABASE +#================================================= + +db_pwd=$(ynh_app_setting_get $app mysqlpwd) # Handle upgrade from a version before latest version # Ignore warnings and failures that will occur if already on latest version -sudo sed -i "s@phpmyadmin@$db_user@g" $final_path/sql/upgrade_column_info_4_3_0+.sql -sudo mysql -u $db_user -p$db_pwd < $final_path/sql/upgrade_column_info_4_3_0+.sql 2>&1 > /dev/null || true +ynh_replace_string "phpmyadmin" "$db_name" $final_path/sql/upgrade_column_info_4_3_0+.sql +ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" \ + < $final_path/sql/upgrade_column_info_4_3_0+.sql > /dev/null 2>&1 || true # Upgrade from last version (don't ignore failures) -sudo sed -i "s@phpmyadmin@$db_user@g" $final_path/sql/upgrade_tables_4_7_0+.sql -sudo mysql -u $db_user -p$db_pwd < $final_path/sql/upgrade_tables_4_7_0+.sql -sudo sed -i "s@phpmyadmin@$db_user@g" $final_path/sql/create_tables.sql -sudo mysql -u $db_user -p$db_pwd < $final_path/sql/create_tables.sql +ynh_replace_string "phpmyadmin" "$db_name" $final_path/sql/upgrade_tables_4_7_0+.sql +ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" \ + < $final_path/sql/upgrade_tables_4_7_0+.sql -# Configuration -echo "Configuring application..." -sed -i "s@YNH_DOMAIN@$domain@g" ../conf/config.inc.php -sed -i "s@YNH_PMA_USER@$db_user@g" ../conf/config.inc.php -sed -i "s@YNH_PMA_PASSWORD@$db_pwd@g" ../conf/config.inc.php -sed -i "s@YNH_MYSQL_ROOT_PASSWORD@$(sudo cat /etc/yunohost/mysql)@g" ../conf/config.inc.php -sudo cp ../conf/config.inc.php $final_path +ynh_replace_string "phpmyadmin" "$db_name" $final_path/sql/create_tables.sql +ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" \ + < $final_path/sql/create_tables.sql -# Files owned by root, www-data can just read -echo "Setting permission..." -sudo chown -R root: $final_path -sudo find $final_path -type f -exec chmod 644 {} \; -sudo find $final_path -type d -exec chmod 755 {} \; +#================================================= +# CONFIGURE PHPMYADMIN +#================================================= + +# Verify the checksum and backup the file if it's different +ynh_backup_if_checksum_is_different "$final_path/config.inc.php" + +ynh_replace_string "YNH_DOMAIN" "$domain" ../conf/config.inc.php +ynh_replace_string "YNH_PMA_USER" "$db_name" ../conf/config.inc.php +ynh_replace_string "YNH_PMA_PASSWORD" "$db_pwd" ../conf/config.inc.php +ynh_replace_string "YNH_MYSQL_ROOT_PASSWORD" "$(cat $MYSQL_ROOT_PWD_FILE)" ../conf/config.inc.php +cp ../conf/config.inc.php $final_path + +# Recalculate and store the config file checksum into the app settings +ynh_store_file_checksum "$final_path/config.inc.php" + +#================================================= +# GENERIC FINALIZATION +#================================================= +# SECURE FILES AND DIRECTORIES +#================================================= + +# Set permissions to app files +chown -R root: $final_path # config.inc.php contains sensitive data, restrict its access -sudo chown root:www-data $final_path/config.inc.php -sudo chmod 640 $final_path/config.inc.php +chown root:$app $final_path/config.inc.php +chmod 640 $final_path/config.inc.php -# Modify Nginx configuration file and copy it to Nginx conf directory -echo "Setting up nginx configuration..." -sed -i "s@YNH_WWW_PATH@$path@g" ../conf/nginx.conf -sed -i "s@YNH_WWW_ALIAS@$final_path@g" ../conf/nginx.conf -sed -i "s@NAMETOCHANGE@$app@g" ../conf/nginx.conf -nginxconf=/etc/nginx/conf.d/$domain.d/$app.conf -sudo cp ../conf/nginx.conf $nginxconf -sudo chown root: $nginxconf -sudo chmod 644 $nginxconf +#================================================= +# SETUP SSOWAT +#================================================= -# Add dedicated php-fpm to be able to upload bigger database -sed -i "s@NAMETOCHANGE@$app@g" ../conf/php-fpm.conf -phpfpmconf=/etc/php5/fpm/pool.d/$app.conf -sudo cp ../conf/php-fpm.conf $phpfpmconf -sudo chown root: $phpfpmconf -sudo chmod 644 $phpfpmconf +# Restrict access to admin only +yunohost app addaccess --users=$admin $app -# We grant access to admin only -sudo yunohost app addaccess --users=$admin $app +#================================================= +# RELOAD NGINX +#================================================= -sudo service php5-fpm reload -sudo service nginx reload -sudo yunohost app ssowatconf +systemctl reload nginx diff --git a/sources/upstream_version b/sources/upstream_version deleted file mode 100644 index 87b18a5..0000000 --- a/sources/upstream_version +++ /dev/null @@ -1 +0,0 @@ -4.7.3