mirror of
https://github.com/YunoHost-Apps/phpmyadmin_ynh.git
synced 2024-09-03 19:56:46 +02:00
e3bd41fd69
Fix stretch compatibility by creating and using a dedicated MySQL admin user (fixes #71)
166 lines
5.3 KiB
Bash
166 lines
5.3 KiB
Bash
#!/bin/bash
|
|
|
|
#=================================================
|
|
# GENERIC START
|
|
#=================================================
|
|
# IMPORT GENERIC HELPERS
|
|
#=================================================
|
|
|
|
source _common.sh
|
|
source /usr/share/yunohost/helpers
|
|
|
|
#=================================================
|
|
# MANAGE SCRIPT FAILURE
|
|
#=================================================
|
|
|
|
# Exit if an error occurs during the execution of the script
|
|
ynh_abort_if_errors
|
|
|
|
#=================================================
|
|
# RETRIEVE ARGUMENTS FROM THE MANIFEST
|
|
#=================================================
|
|
|
|
domain=$YNH_APP_ARG_DOMAIN
|
|
path_url=$YNH_APP_ARG_PATH
|
|
admin=$YNH_APP_ARG_ADMIN
|
|
|
|
app=$YNH_APP_INSTANCE_NAME
|
|
|
|
#=================================================
|
|
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
|
|
#=================================================
|
|
|
|
final_path=/var/www/$app
|
|
test ! -e "$final_path" || ynh_die "This path already contains a folder"
|
|
|
|
# Normalize the url path syntax
|
|
path_url=$(ynh_normalize_url_path $path_url)
|
|
|
|
# Check web path availability
|
|
ynh_webpath_available $domain $path_url
|
|
# Register (book) web path
|
|
ynh_webpath_register $app $domain $path_url
|
|
|
|
#=================================================
|
|
# STORE SETTINGS FROM MANIFEST
|
|
#=================================================
|
|
|
|
ynh_app_setting_set $app domain $domain
|
|
ynh_app_setting_set $app path $path_url
|
|
ynh_app_setting_set $app admin $admin
|
|
|
|
#=================================================
|
|
# STANDARD MODIFICATIONS
|
|
#=================================================
|
|
# CREATE A MYSQL DATABASE
|
|
#=================================================
|
|
|
|
db_name=$(ynh_sanitize_dbid $app)
|
|
ynh_app_setting_set $app db_name $db_name
|
|
ynh_mysql_setup_db $db_name $db_name
|
|
|
|
# Setup a privileged user for phpmyadmin (to prevent using MySQL root user)
|
|
db_admin_user="${app}_root"
|
|
ynh_app_setting_set $app db_admin_user $db_admin_user
|
|
db_admin_pwd="$(ynh_string_random)"
|
|
ynh_app_setting_set $app db_admin_pwd $db_admin_pwd
|
|
|
|
if ! ynh_mysql_user_exists "$db_admin_user" ; then
|
|
ynh_mysql_create_user "$db_admin_user" "$db_admin_pwd"
|
|
ynh_mysql_execute_as_root "GRANT ALL PRIVILEGES ON *.* TO '$db_admin_user'@'localhost' IDENTIFIED BY '$db_admin_pwd' WITH GRANT OPTION;
|
|
FLUSH PRIVILEGES;" mysql
|
|
fi
|
|
#=================================================
|
|
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
|
#=================================================
|
|
|
|
ynh_app_setting_set $app final_path $final_path
|
|
# Download, check integrity, uncompress and patch the source from app.src
|
|
ynh_setup_source "$final_path"
|
|
|
|
#=================================================
|
|
# NGINX CONFIGURATION
|
|
#=================================================
|
|
|
|
# Create a dedicated nginx config
|
|
ynh_add_nginx_config
|
|
|
|
#=================================================
|
|
# CREATE DEDICATED USER
|
|
#=================================================
|
|
|
|
# Create a system user
|
|
ynh_system_user_create $app
|
|
|
|
#=================================================
|
|
# PHP-FPM CONFIGURATION
|
|
#=================================================
|
|
|
|
# Create a dedicated php-fpm config
|
|
ynh_add_fpm_config
|
|
|
|
#=================================================
|
|
# SPECIFIC SETUP
|
|
#=================================================
|
|
# POPULATE THE DATABASE
|
|
#=================================================
|
|
|
|
ynh_replace_string "YNH_PMA_USER" "$db_name" ../conf/create_db.sql
|
|
ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" \
|
|
< ../conf/create_db.sql
|
|
ynh_replace_string "phpmyadmin" "$db_name" $final_path/sql/create_tables.sql
|
|
ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" \
|
|
< $final_path/sql/create_tables.sql
|
|
|
|
#=================================================
|
|
# CONFIGURE PHPMYADMIN
|
|
#=================================================
|
|
|
|
ynh_replace_string "YNH_DOMAIN" "$domain" ../conf/config.inc.php
|
|
ynh_replace_string "YNH_PMA_ADMIN_USER" "$db_admin_user" ../conf/config.inc.php
|
|
ynh_replace_string "YNH_PMA_ADMIN_PASSWORD" "$db_admin_pwd" ../conf/config.inc.php
|
|
ynh_replace_string "YNH_PMA_USER" "$db_name" ../conf/config.inc.php
|
|
ynh_replace_string "YNH_PMA_PASSWORD" "$db_pwd" ../conf/config.inc.php
|
|
ynh_replace_string "YNH_MYSQL_ROOT_PASSWORD" "$(cat $MYSQL_ROOT_PWD_FILE)" ../conf/config.inc.php
|
|
cp ../conf/config.inc.php $final_path
|
|
|
|
# Recalculate and store the config file checksum into the app settings
|
|
ynh_store_file_checksum "$final_path/config.inc.php"
|
|
|
|
#=================================================
|
|
# INSTALL DEPENDENCIES
|
|
#=================================================
|
|
|
|
# Install composer
|
|
init_composer "$final_path"
|
|
|
|
# Install dependencies
|
|
exec_composer "$final_path" update --no-dev
|
|
|
|
#=================================================
|
|
# GENERIC FINALIZATION
|
|
#=================================================
|
|
# SECURE FILES AND DIRECTORIES
|
|
#=================================================
|
|
|
|
# Set permissions to app files
|
|
chown -R root: $final_path
|
|
# config.inc.php contains sensitive data, restrict its access
|
|
chown root:$app $final_path/config.inc.php
|
|
chmod 640 $final_path/config.inc.php
|
|
# Setup phpMyAdmin temporary folder
|
|
mkdir -p $final_path/tmp
|
|
chown $app: $final_path/tmp
|
|
|
|
#=================================================
|
|
# SETUP SSOWAT
|
|
#=================================================
|
|
|
|
# Restrict access to admin only
|
|
yunohost app addaccess --users=$admin $app
|
|
|
|
#=================================================
|
|
# RELOAD NGINX
|
|
#=================================================
|
|
|
|
systemctl reload nginx
|