mirror of
https://github.com/YunoHost-Apps/phpmyadmin_ynh.git
synced 2024-09-03 19:56:46 +02:00
b6434dd74e
MySQL root access in Stretch is limited to socket access via the root system user (see here: https://stackoverflow.com/questions/39281594/error-1698-28000-access-denied-for-user-rootlocalhost/42742610#42742610) In order to be compatible with Stretch and Jessie, use another privileged account than root
185 lines
6.2 KiB
Bash
185 lines
6.2 KiB
Bash
#!/bin/bash
|
|
|
|
#=================================================
|
|
# GENERIC START
|
|
#=================================================
|
|
# IMPORT GENERIC HELPERS
|
|
#=================================================
|
|
|
|
source _common.sh
|
|
source /usr/share/yunohost/helpers
|
|
|
|
#=================================================
|
|
# LOAD SETTINGS
|
|
#=================================================
|
|
|
|
app=$YNH_APP_INSTANCE_NAME
|
|
|
|
domain=$(ynh_app_setting_get $app domain)
|
|
path_url=$(ynh_app_setting_get $app path)
|
|
admin=$(ynh_app_setting_get $app admin)
|
|
final_path=$(ynh_app_setting_get $app final_path)
|
|
db_name=$(ynh_app_setting_get $app db_name)
|
|
db_admin_user=$(ynh_app_setting_get $app db_admin_user)
|
|
db_admin_pwd=$(ynh_app_setting_get $app db_admin_pwd)
|
|
|
|
#=================================================
|
|
# ENSURE DOWNWARD COMPATIBILITY
|
|
#=================================================
|
|
|
|
# If db_name doesn't exist, create it
|
|
if [ -z $db_name ]; then
|
|
# In older version, db_name was always phpmyadmin
|
|
db_name=phpmyadmin
|
|
ynh_app_setting_set $app db_name $db_name
|
|
fi
|
|
|
|
# If final_path doesn't exist, create it
|
|
if [ -z $final_path ]; then
|
|
final_path="/var/www/$app"
|
|
ynh_app_setting_set $app final_path $final_path
|
|
fi
|
|
|
|
# In older version, the admin setting was admin_user
|
|
if [ -z $admin ]; then
|
|
admin=$(ynh_app_setting_get $app admin_user)
|
|
ynh_app_setting_set "$app" admin "$admin"
|
|
ynh_app_setting_delete $app admin_user
|
|
fi
|
|
|
|
# If db_admin_user doesn't exist, create it
|
|
if [ -z $db_admin_user ]; then
|
|
# Setup a privileged user for phpmyadmin (to prevent using MySQL root user)
|
|
db_admin_user="${app}_root"
|
|
ynh_app_setting_set $app db_admin_user $db_admin_user
|
|
db_admin_pwd="$(ynh_string_random)"
|
|
ynh_app_setting_set $app db_admin_pwd $db_admin_pwd
|
|
|
|
if ! ynh_mysql_user_exists "$db_admin_user" ; then
|
|
ynh_mysql_create_user "$db_admin_user" "$db_admin_pwd"
|
|
ynh_mysql_execute_as_root "GRANT ALL PRIVILEGES ON *.* TO '$db_admin_user'@'localhost' IDENTIFIED BY '$db_admin_pwd' WITH GRANT OPTION;
|
|
FLUSH PRIVILEGES;" mysql
|
|
fi
|
|
fi
|
|
|
|
#=================================================
|
|
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
|
|
#=================================================
|
|
|
|
ynh_backup_before_upgrade # Backup the current version of the app
|
|
ynh_clean_setup () {
|
|
ynh_restore_upgradebackup # restore it if the upgrade fails
|
|
}
|
|
ynh_abort_if_errors # Exit if an error occurs during the execution of the script
|
|
|
|
#=================================================
|
|
# CHECK THE PATH
|
|
#=================================================
|
|
|
|
# Normalize the URL path syntax
|
|
path_url=$(ynh_normalize_url_path $path_url)
|
|
|
|
#=================================================
|
|
# STANDARD UPGRADE STEPS
|
|
#=================================================
|
|
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
|
#=================================================
|
|
|
|
# Download, check integrity, uncompress and patch the source from app.src
|
|
ynh_setup_source "$final_path"
|
|
|
|
#=================================================
|
|
# NGINX CONFIGURATION
|
|
#=================================================
|
|
|
|
# Create a dedicated nginx config
|
|
ynh_add_nginx_config
|
|
|
|
#=================================================
|
|
# CREATE DEDICATED USER
|
|
#=================================================
|
|
|
|
# Create a system user
|
|
ynh_system_user_create $app
|
|
|
|
#=================================================
|
|
# PHP-FPM CONFIGURATION
|
|
#=================================================
|
|
|
|
# Create a dedicated php-fpm config
|
|
ynh_add_fpm_config
|
|
|
|
#=================================================
|
|
# SPECIFIC UPGRADE
|
|
#=================================================
|
|
# UPGRADE THE DATABASE
|
|
#=================================================
|
|
|
|
db_pwd=$(ynh_app_setting_get $app mysqlpwd)
|
|
# Handle upgrade from a version before latest version
|
|
# Ignore warnings and failures that will occur if already on latest version
|
|
ynh_replace_string "phpmyadmin" "$db_name" $final_path/sql/upgrade_column_info_4_3_0+.sql
|
|
ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" \
|
|
< $final_path/sql/upgrade_column_info_4_3_0+.sql > /dev/null 2>&1 || true
|
|
|
|
# Upgrade from last version (don't ignore failures)
|
|
ynh_replace_string "phpmyadmin" "$db_name" $final_path/sql/upgrade_tables_4_7_0+.sql
|
|
ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" \
|
|
< $final_path/sql/upgrade_tables_4_7_0+.sql
|
|
|
|
ynh_replace_string "phpmyadmin" "$db_name" $final_path/sql/create_tables.sql
|
|
ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" \
|
|
< $final_path/sql/create_tables.sql
|
|
|
|
#=================================================
|
|
# CONFIGURE PHPMYADMIN
|
|
#=================================================
|
|
|
|
# Verify the checksum and backup the file if it's different
|
|
ynh_backup_if_checksum_is_different "$final_path/config.inc.php"
|
|
|
|
ynh_replace_string "YNH_DOMAIN" "$domain" ../conf/config.inc.php
|
|
ynh_replace_string "YNH_PMA_ADMIN_USER" "$db_admin_user" ../conf/config.inc.php
|
|
ynh_replace_string "YNH_PMA_ADMIN_PASSWORD" "$db_admin_pwd" ../conf/config.inc.php
|
|
ynh_replace_string "YNH_PMA_USER" "$db_name" ../conf/config.inc.php
|
|
ynh_replace_string "YNH_PMA_PASSWORD" "$db_pwd" ../conf/config.inc.php
|
|
ynh_replace_string "YNH_MYSQL_ROOT_PASSWORD" "$(cat $MYSQL_ROOT_PWD_FILE)" ../conf/config.inc.php
|
|
cp ../conf/config.inc.php $final_path
|
|
|
|
# Recalculate and store the config file checksum into the app settings
|
|
ynh_store_file_checksum "$final_path/config.inc.php"
|
|
|
|
#=================================================
|
|
# INSTALL DEPENDENCIES
|
|
#=================================================
|
|
|
|
# Install composer
|
|
init_composer "$final_path"
|
|
|
|
# Install dependencies
|
|
exec_composer "$final_path" update --no-dev
|
|
|
|
#=================================================
|
|
# GENERIC FINALIZATION
|
|
#=================================================
|
|
# SECURE FILES AND DIRECTORIES
|
|
#=================================================
|
|
|
|
# Set permissions to app files
|
|
chown -R root: $final_path
|
|
# config.inc.php contains sensitive data, restrict its access
|
|
chown root:$app $final_path/config.inc.php
|
|
chmod 640 $final_path/config.inc.php
|
|
|
|
#=================================================
|
|
# SETUP SSOWAT
|
|
#=================================================
|
|
|
|
# Restrict access to admin only
|
|
yunohost app addaccess --users=$admin $app
|
|
|
|
#=================================================
|
|
# RELOAD NGINX
|
|
#=================================================
|
|
|
|
systemctl reload nginx
|