YunoHost-Apps/piwigo_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/piwigo_ynh.git synced 2024-09-03 20:06:03 +02:00
Code Issues Activity Actions 1

Merge pull request #36 from YunoHost-Apps/testing

Browse source 
Testing
This commit is contained in:
Alexandre Aubin 2019-07-26 10:23:45 +02:00 committed by GitHub
commit 1ad2f52499
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
17 changed files with 650 additions and 428 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

53
README.md
View file

@ -1,19 +1,35 @@
Piwigo for YunoHost
---------------------
# Piwigo for YunoHost
[![Integration level](https://dash.yunohost.org/integration/piwigo.svg)](https://dash.yunohost.org/appci/app/piwigo)
[![Install Piwigo with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=piwigo)
[![Integration level](https://dash.yunohost.org/integration/piwigo.svg)](https://ci-apps.yunohost.org/jenkins/job/piwigo%20%28Community%29/lastBuild/consoleFull)
> *This package allow you to install Piwigo quickly and simply on a YunoHost server.
If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.*
[Piwigo](http://piwigo.org) is a photo gallery software for the web, built by an active community of users and developers.
## Overview
[Piwigo](http://piwigo.org) is a photo gallery software for the web, built by an active community of users and developers
Extensions make Piwigo easily customizable. Icing on the cake, Piwigo is free and opensource.
**Shipped version:** 2.9.4
**Shipped version:** 2.9.5
## Screenshots
![](http://piwigo.org/screenshots/homepage/piwigo-batch-manager.png)
## Features
## Demo
* [YunoHost demo](https://demo.yunohost.org/piwigo/)
* [Official demo](http://piwigo.org/demo/)
## Configuration
## Documentation
* Official documentation: https://piwigo.org/doc/doku.php
* YunoHost documentation: https://yunohost.org/#/app_piwigo
## YunoHost specific features
In addition to Piwigo core features, the following are made available with
this package:
@ -25,14 +41,33 @@ this package:
* allow other users management, and guest mode
* Allow one YunoHost user to be the administrator (set at the installation)
#### Supported architectures
* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/piwigo%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/piwigo/)
* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/piwigo%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/piwigo/)
* Jessie x86-64b - [![Build Status](https://ci-stretch.nohost.me/ci/logs/piwigo%20%28Apps%29.svg)](https://ci-stretch.nohost.me/ci/apps/piwigo/)
## Limitations
No limitation known.
It has been tested on x86_64 and ARM.
## Additionnal informations
## Links
* Report a bug: https://github.com/YunoHost-Apps/piwigo_ynh/issues
* Piwigo website: http://piwigo.org/
* Piwigo repository: https://github.com/Piwigo/Piwigo
* YunoHost website: https://yunohost.org/
---
Developers infos
----------------
Please do your pull request to the [testing branch](https://github.com/YunoHost-Apps/piwigo_ynh/tree/testing).
To try the testing branch, please proceed like that.
```
sudo yunohost app install https://github.com/YunoHost-Apps/piwigo_ynh/tree/testing --debug
or
sudo yunohost app upgrade piwigo -u https://github.com/YunoHost-Apps/piwigo_ynh/tree/testing --debug
```

15
check_process
View file

@ -3,7 +3,7 @@
domain="domain.tld" (DOMAIN)
path="/path" (PATH)
admin="john" (USER)
language="fr"
language="fr"
is_public=1 (PUBLIC|public=1|private=0)
; Checks
pkg_linter=1
@ -20,18 +20,7 @@
port_already_use=0
change_url=1
;;; Levels
Level 1=auto
Level 2=auto
Level 3=auto
Level 4=1
# https://github.com/YunoHost-Apps/piwigo_ynh/issues/4
Level 5=1
# https://github.com/YunoHost-Apps/piwigo_ynh/issues/5
Level 6=auto
Level 7=auto
Level 8=0
Level 9=0
Level 10=0
Level 5=auto
;;; Options
Email=
Notification=none

7
conf/app.src
View file

@ -1,3 +1,6 @@
SOURCE_URL=http://piwigo.org/download/dlcounter.php?code=2.9.4
SOURCE_SUM=00fafe6887af62e34ee97dc9b8e4be0720af9f27ea1cdb16ab6217f462574a3c
SOURCE_URL=http://piwigo.org/download/dlcounter.php?code=2.9.5
SOURCE_SUM=3adce7bfe04b78dc807c532649f4737cbc3f0f83fdf203b80664c1780599b6b8
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=zip
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=

6
conf/database.inc.php
View file

@ -1,8 +1,8 @@
<?php
$conf['dblayer'] = 'mysqli';
$conf['db_base'] = 'DBTOCHANGE';
$conf['db_user'] = 'USERTOCHANGE';
$conf['db_password'] = 'PASSTOCHANGE';
$conf['db_base'] = '__DBTOCHANGE__';
$conf['db_user'] = '__USERTOCHANGE__';
$conf['db_password'] = '__PASSTOCHANGE__';
$conf['db_host'] = 'localhost';
$prefixeTable = '';

2
conf/ldap_plugin.src
View file

@ -1,4 +1,6 @@
SOURCE_URL=https://github.com/VSLCatena/ldap_login/archive/92fa2fc1abc7cd18e8005583855e468b57689616.zip
SOURCE_SUM=9fe8d2fe3be234939a5dd3a92836202400a38a6d8b8a9b4250a8a522fe53d437
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=zip
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=

3
conf/log_failed_logins_plugin.src
View file

@ -1,5 +1,6 @@
SOURCE_URL=http://piwigo.org/ext/download.php?rid=5525
SOURCE_SUM=85b9a06f2c7ca8ae9698e6151c7631f519c945f696b02da72f9ff53243d7e4ca
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=zip
SOURCE_IN_SUBDIR=false
SOURCE_FILENAME=

12
conf/nginx.conf
View file

@ -1,14 +1,20 @@
location __PATH__ {
alias __FINALPATH__/;
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location __PATH__/ {
# Path to source
alias __FINALPATH__/ ;
# Force usage of https
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
client_max_body_size 100M;
index index.php;
default_type text/html;
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock;
fastcgi_pass unix:/var/run/php/php7.0-fpm-__NAME__.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param REMOTE_USER $remote_user if_not_empty;

114
conf/php-fpm.conf
View file

@ -1,10 +1,11 @@
; Start a new pool named 'www'.
; the variable $pool can we used in any directive and will be replaced by the
; the variable $pool can be used in any directive and will be replaced by the
; pool name ('www' here)
[__NAMETOCHANGE__]
; Per pool prefix
; It only applies on the following directives:
; - 'access.log'
; - 'slowlog'
; - 'listen' (unixsocket)
; - 'chroot'
@ -24,28 +25,35 @@ group = __USER__
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses on a
; specific port;
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock
listen = /var/run/php/php7.0-fpm-__NAMETOCHANGE__.sock
; Set listen(2) backlog.
; Default Value: 128 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 128
; Default Value: 511 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 511
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
; mode is set to 0660
listen.owner = www-data
listen.group = www-data
;listen.mode = 0660
; List of ipv4 addresses of FastCGI clients which are allowed to connect.
; When POSIX Access Control Lists are supported you can set them using
; these options, value is a comma separated list of user/group names.
; When set, listen.owner and listen.group are ignored
;listen.acl_users =
;listen.acl_groups =
; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
@ -59,7 +67,13 @@ listen.group = www-data
; - The pool processes will inherit the master process priority
; unless it specified otherwise
; Default Value: no set
; priority = -19
; process.priority = -19
; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user
; or group is differrent than the master process user. It allows to create process
; core dump and ptrace the process for the pool user.
; Default Value: no
; process.dumpable = yes
; Choose how the process manager will control the number of child processes.
; Possible Values:
@ -96,7 +110,7 @@ pm = dynamic
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 10
pm.max_children = 5
; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
@ -117,12 +131,12 @@ pm.max_spare_servers = 3
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
;pm.process_idle_timeout = 10s;
; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
pm.max_requests = 500
;pm.max_requests = 500
; The URI to view the FPM status page. If this value is not set, no URI will be
; recognized as a status page. It shows the following informations:
@ -170,7 +184,7 @@ pm.max_requests = 500
;
; By default the status page only outputs short status. Passing 'full' in the
; query string will also return status for each pool process.
; Example:
; Example:
; http://www.foo.bar/status?full
; http://www.foo.bar/status?json&full
; http://www.foo.bar/status?html&full
@ -215,14 +229,14 @@ pm.max_requests = 500
; last request memory: 0
;
; Note: There is a real-time FPM status monitoring sample web page available
; It's available in: ${prefix}/share/fpm/status.html
; It's available in: /usr/share/php/7.0/fpm/status.html
;
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
; Default Value: not set
;pm.status_path = /status
; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
; that FPM is alive and responding, or to
@ -275,7 +289,7 @@ pm.max_requests = 500
; - %{megabytes}M
; - %{mega}M
; %n: pool name
; %o: ouput header
; %o: output header
; it must be associated with embraces to specify the name of the header:
; - %{Content-Type}o
; - %{X-Powered-By}o
@ -283,7 +297,7 @@ pm.max_requests = 500
; - ....
; %p: PID of the child that serviced the request
; %P: PID of the parent of the child that serviced the request
; %q: the query string
; %q: the query string
; %Q: the '?' character if query string exists
; %r: the request URI (without the query string, see %q and %Q)
; %R: remote IP address
@ -291,72 +305,85 @@ pm.max_requests = 500
; %t: server time the request was received
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
; %T: time the log has been written (the request has finished)
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
; %u: remote user
;
; Default: "%R - %u %t \"%m %r\" %s"
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
slowlog = /var/log/nginx/{POOLNAME}.slow.log
;slowlog = log/$pool.log.slow
; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
request_slowlog_timeout = 5s
;request_slowlog_timeout = 0
; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
request_terminate_timeout = 1d
; Set open file descriptor rlimit.
; Default Value: system defined value
;rlimit_files = 1024
; Set max core size rlimit.
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0
; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
; of its subdirectories. If the pool prefix is not set, the global prefix
; will be used instead.
; Note: chrooting is a great security feature and should be used whenever
; Note: chrooting is a great security feature and should be used whenever
; possible. However, all PHP paths will be relative to the chroot
; (error_log, sessions.save_path, ...).
; Default Value: not set
;chroot =
;chroot =
; Chdir to this directory at the start.
; Note: relative path can be used.
; Default Value: current directory or / when chroot
chdir = __FINALPATH__
; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Note: on highloaded environement, this can cause some delay in the page
; process time (several ms).
; Default Value: no
catch_workers_output = yes
;catch_workers_output = yes
; Clear environment in FPM workers
; Prevents arbitrary environment variables from reaching FPM worker processes
; by clearing the environment in workers before env vars specified in this
; pool configuration are added.
; Setting to "no" will make all environment variables available to PHP code
; via getenv(), $_ENV and $_SERVER.
; Default Value: yes
;clear_env = no
; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; exectute php code.
; execute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5
;security.limit_extensions = .php .php3 .php4 .php5 .php7
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
@ -370,7 +397,7 @@ catch_workers_output = yes
; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI:
; php_value/php_flag - you can set classic ini defines which can
; be overwritten from PHP call 'ini_set'.
; be overwritten from PHP call 'ini_set'.
; php_admin_value/php_admin_flag - these directives won't be overwritten by
; PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
@ -389,6 +416,19 @@ catch_workers_output = yes
;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M
; Common values to change to increase file upload limit
; php_admin_value[upload_max_filesize] = 50M
; php_admin_value[post_max_size] = 50M
; php_admin_flag[mail.add_x_header] = Off
; Other common parameters
; php_admin_value[max_execution_time] = 600
; php_admin_value[max_input_time] = 300
; php_admin_value[memory_limit] = 256M
; php_admin_flag[short_open_tag] = On
php_admin_value[memory_limit] = 64M
; Common values to change to increase file upload limit

7
manifest.json
View file

@ -6,7 +6,7 @@
"en": "photo gallery",
"fr": "Galerie photo"
},
"version": "2.9.4~ynh2",
"version": "2.9.5~ynh1",
"url": "http://piwigo.org",
"license": "GPL-2.0",
"maintainer": {
@ -15,12 +15,12 @@
"url": ""
},
"requirements": {
"yunohost": ">= 2.7.2"
"yunohost": ">= 3.5.0"
},
"multi_instance": true,
"services": [
"nginx",
"php5-fpm",
"php7.0-fpm",
"mysql"
],
"arguments": {
@ -64,6 +64,7 @@
},
{
"name": "language",
"type": "string",
"ask": {
"en": "Choose the application language",
"fr": "Choisissez la langue de l'application"

5
pull_request_template.md
View file

@ -19,7 +19,6 @@
- [ ] **Approval (LGTM)** :
- [ ] **Approval (LGTM)** :
- **CI succeeded** :
[![Build Status](https://ci-apps-dev.yunohost.org/jenkins/job/piwigo_ynh%20-BRANCH-%20(Official)/badge/icon)](https://ci-apps-dev.yunohost.org/jenkins/job/piwigo_ynh%20-BRANCH-%20(Official)/) *Please replace '-BRANCH-' in this link for a PR from a local branch.*
or
[![Build Status](https://ci-apps-dev.yunohost.org/jenkins/job/piwigo_ynh%20PR-NUM-%20(Official_fork)/badge/icon)](https://ci-apps-dev.yunohost.org/jenkins/job/piwigo_ynh%20PR-NUM-%20(Official_fork)/) *Replace '-NUM-' by the PR number in this link for a PR from a forked repository.*
[![Build Status](https://ci-apps-hq.yunohost.org/jenkins/job/piwigo_ynh%20PR-NUM-/badge/icon)](https://ci-apps-hq.yunohost.org/jenkins/job/piwigo_ynh%20PR-NUM-/)
*Please replace '-NUM-' in this link by the PR number.*
When the PR is marked as ready to merge, you have to wait for 3 days before really merging it.

111
scripts/_common.sh
View file

@ -1,79 +1,48 @@
#!/bin/bash
#=================================================
# COMMON VARIABLES
#=================================================
pkg_dependencies="php-gd php-imagick imagemagick"
#=================================================
# EXPERIMENTAL HELPERS
#=================================================
# Check available space before creating a temp directory.
#
# Common variables
# usage: ynh_smart_mktemp --min_size="Min size"
#
# | arg: -s, --min_size= - Minimal size needed for the temporary directory, in Mb
ynh_smart_mktemp () {
# Declare an array to define the options of this helper.
declare -Ar args_array=( [s]=min_size= )
local min_size
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
pkg_dependencies="php5-gd php5-imagick imagemagick"
min_size="${min_size:-300}"
# Transform the minimum size from megabytes to kilobytes
min_size=$(( $min_size * 1024 ))
# ============= FUTURE YUNOHOST HELPERS =============
# Check if there's enough free space in a directory
is_there_enough_space () {
local free_space=$(df --output=avail "$1" | sed 1d)
test $free_space -ge $min_size
}
# Create a dedicated fail2ban config (jail and filter conf files)
#
# usage: ynh_add_fail2ban_config log_file filter [max_retry [ports]]
# | arg: log_file - Log file to be checked by fail2ban
# | arg: failregex - Failregex to be looked for by fail2ban
# | arg: max_retry - Maximum number of retries allowed before banning IP address - default: 3
# | arg: ports - Ports blocked for a banned IP address - default: http,https
ynh_add_fail2ban_config () {
# Process parameters
logpath=$1
failregex=$2
max_retry=${3:-3}
ports=${4:-http,https}
test -n "$logpath" || ynh_die "ynh_add_fail2ban_config expects a logfile path as first argument and received nothing."
test -n "$failregex" || ynh_die "ynh_add_fail2ban_config expects a failure regex as second argument and received nothing."
finalfail2banjailconf="/etc/fail2ban/jail.d/$app.conf"
finalfail2banfilterconf="/etc/fail2ban/filter.d/$app.conf"
ynh_backup_if_checksum_is_different "$finalfail2banjailconf" 1
ynh_backup_if_checksum_is_different "$finalfail2banfilterconf" 1
sudo tee $finalfail2banjailconf <<EOF
[$app]
enabled = true
port = $ports
filter = $app
logpath = $logpath
maxretry = $max_retry
EOF
if is_there_enough_space /tmp; then
local tmpdir=/tmp
elif is_there_enough_space /var; then
local tmpdir=/var
elif is_there_enough_space /; then
local tmpdir=/
elif is_there_enough_space /home; then
local tmpdir=/home
else
ynh_die "Insufficient free space to continue..."
fi
sudo tee $finalfail2banfilterconf <<EOF
[INCLUDES]
before = common.conf
[Definition]
failregex = $failregex
ignoreregex =
EOF
ynh_store_file_checksum "$finalfail2banjailconf"
ynh_store_file_checksum "$finalfail2banfilterconf"
systemctl restart fail2ban
local fail2ban_error="$(journalctl -u fail2ban | tail -n50 | grep "WARNING.*$app.*")"
if [ -n "$fail2ban_error" ]
then
echo "[ERR] Fail2ban failed to load the jail for $app" >&2
echo "WARNING${fail2ban_error#*WARNING}" >&2
fi
}
# Remove the dedicated fail2ban config (jail and filter conf files)
#
# usage: ynh_remove_fail2ban_config
ynh_remove_fail2ban_config () {
ynh_secure_remove "/etc/fail2ban/jail.d/$app.conf"
ynh_secure_remove "/etc/fail2ban/filter.d/$app.conf"
sudo systemctl restart fail2ban
}
# Delete a file checksum from the app settings
#
# $app should be defined when calling this helper
#
# usage: ynh_remove_file_checksum file
# | arg: file - The file for which the checksum will be deleted
ynh_delete_file_checksum () {
local checksum_setting_name=checksum_${1//[\/ ]/_} # Replace all '/' and ' ' by '_'
ynh_app_setting_delete $app $checksum_setting_name
echo "$(sudo mktemp --directory --tmpdir="$tmpdir")"
}

75
scripts/backup
View file

@ -1,16 +1,12 @@
#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
if [ ! -e _common.sh ]; then
# Fetch helpers file if not in current directory
cp ../settings/scripts/_common.sh ./_common.sh
chmod a+rx _common.sh
fi
source _common.sh
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
@ -23,52 +19,63 @@ ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=2
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get $app domain)
final_path=$(ynh_app_setting_get "$app" final_path)
db_name=$(ynh_app_setting_get $app db_name)
domain=$(ynh_app_setting_get --app=$app --key=domain)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
#=================================================
# STANDARD BACKUP STEPS
#=================================================
# BACKUP APP MAIN DIR
# BACKUP THE APP MAIN DIR
#=================================================
ynh_script_progression --message="Backing up the main app directory..."
ynh_backup "$final_path"
ynh_backup --src_path="$final_path"
# Copy the data directory
backup_core_only=$(ynh_app_setting_get "$app" backup_core_only)
if [ -z $backup_core_only ] # If backup_core_only setting set, don't backup data directory
then
ynh_backup /home/yunohost.app/${app}/upload
else
echo "Data dir won't be saved, because backup_core_only is set." >&2
# Remove the option so that next regular backup will be complete
ynh_app_setting_delete $app backup_core_only
fi
#=================================================
# BACKUP THE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Backing up nginx web server configuration..."
ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# BACKUP THE PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Backing up php-fpm configuration..."
ynh_backup --src_path="/etc/php/7.0/fpm/pool.d/$app.conf"
#=================================================
# BACKUP THE MYSQL DATABASE
#=================================================
ynh_script_progression --message="Backing up the MySQL database..."
ynh_mysql_dump_db --database="$db_name" > db.sql
#=================================================
# BACKUP FAIL2BAN CONFIGURATION
#=================================================
ynh_backup "/etc/fail2ban/jail.d/$app.conf"
ynh_backup "/etc/fail2ban/filter.d/$app.conf"
ynh_script_progression --message="Backing up fail2ban configuration..."
ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
#=================================================
# BACKUP NGINX CONFIGURATION
# SPECIFIC BACKUP
#=================================================
# BACKUP THE DATA DIRECTORY
#=================================================
ynh_script_progression --message="Backing up data directory..."
ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_backup --src_path="/home/yunohost.app/${app}/upload" --is_big
#=================================================
# BACKUP PHP-FPM CONFIGURATION
# END OF SCRIPT
#=================================================
ynh_backup "/etc/php5/fpm/pool.d/$app.conf"
#=================================================
# BACKUP MYSQL DB
#=================================================
ynh_mysql_dump_db "$db_name" > db.sql
ynh_script_progression --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." --last

44
scripts/change_url
View file

@ -22,13 +22,12 @@ new_path=$YNH_APP_NEW_PATH
app=$YNH_APP_INSTANCE_NAME
#=================================================
# CHECK PATHS SYNTAX
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..."
test -n "$old_path" || old_path="/"
test -n "$new_path" || new_path="/"
new_path=$(ynh_normalize_url_path $new_path)
old_path=$(ynh_normalize_url_path $old_path)
# Needed for helper "ynh_add_nginx_config"
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#=================================================
# CHECK WHICH PARTS SHOULD BE CHANGED
@ -51,30 +50,30 @@ fi
#=================================================
# MODIFY URL IN NGINX CONF FILE
#=================================================
ynh_script_progression --message="Updating nginx web server configuration..." --weight=2
nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
# Change the path in the nginx config file
if [ $change_path -eq 1 ]
then
# Make a backup of the original nginx config file if modified
ynh_backup_if_checksum_is_different "$nginx_conf_path"
# Replace locations starting with old_path
# Look for every location possible patterns (see https://nginx.org/en/docs/http/ngx_http_core_module.html#location)
ynh_replace_string "location\( \(=\|~\|~\*\|\^~\)\)\? $old_path" "location\1 $new_path" "$nginx_conf_path"
# Replace path in "return" directives
ynh_replace_string "return \([[:digit:]]\{3\}\) $old_path" "return \1 $new_path" "$nginx_conf_path"
# Calculate and store the nginx config file checksum
ynh_store_file_checksum "$nginx_conf_path"
# Make a backup of the original nginx config file if modified
ynh_backup_if_checksum_is_different --file="$nginx_conf_path"
# Set global variables for nginx helper
domain="$old_domain"
path_url="$new_path"
# Create a dedicated nginx config
ynh_add_nginx_config
fi
# Change the domain for nginx
if [ $change_domain -eq 1 ]
then
ynh_delete_file_checksum "$nginx_conf_path"
mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf
# Store file checksum for the new config file location
ynh_store_file_checksum "/etc/nginx/conf.d/$new_domain.d/$app.conf"
# Delete file checksum for the old conf file location
ynh_delete_file_checksum --file="$nginx_conf_path"
mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf
# Store file checksum for the new config file location
ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
fi
#=================================================
@ -82,5 +81,12 @@ fi
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading nginx web server..."
systemctl reload nginx
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Change of URL completed for $app" --last

181
scripts/install
View file

@ -1,5 +1,4 @@
#!/bin/bash
shopt -s extglob # sets extended pattern matching options in the bash shell
#=================================================
# GENERIC STARTING
@ -14,93 +13,101 @@ source /usr/share/yunohost/helpers
# MANAGE SCRIPT FAILURE
#=================================================
ynh_abort_if_errors # Stop script if an error is detected
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
# Retrieve app id
app=$YNH_APP_INSTANCE_NAME
# Retrieve arguments
domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH
admin=$YNH_APP_ARG_ADMIN
is_public=$YNH_APP_ARG_IS_PUBLIC
language=$YNH_APP_ARG_LANGUAGE
if [ "$language" = "fr" ] ; then
applanguage="fr_FR"
else
applanguage="en_UK"
fi
app=$YNH_APP_INSTANCE_NAME
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
path_url=$(ynh_normalize_url_path $path_url) # Check and normalize path
ynh_script_progression --message="Validating installation parameters..."
final_path=/var/www/$app
test ! -e "$final_path" || ynh_die "This path already contains a folder"
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
# Check web path availability
ynh_webpath_available $domain $path_url
# Register (book) web path
ynh_webpath_register $app $domain $path_url
ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
ynh_script_progression --message="Storing installation settings..."
ynh_app_setting_set $app domain "$domain"
ynh_app_setting_set $app path_url "$path_url"
ynh_app_setting_set $app admin "$admin"
ynh_app_setting_set $app is_public "$is_public"
ynh_app_setting_set $app language "$language"
ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=admin --value=$admin
ynh_app_setting_set --app=$app --key=is_public --value=$is_public
ynh_app_setting_set --app=$app --key=language --value=$language
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# INSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Installing dependencies..." --weight=40
ynh_install_app_dependencies "$pkg_dependencies"
#=================================================
# CREATE A MYSQL DB
#=================================================
ynh_script_progression --message="Creating a MySQL database..."
db_name=$(ynh_sanitize_dbid $app)
db_user="$db_name"
ynh_app_setting_set "$app" db_name "$db_name"
# Initialize database
ynh_mysql_setup_db "$db_user" "$db_name"
db_name=$(ynh_sanitize_dbid --db_name=$app)
ynh_app_setting_set --app=$app --key=db_name --value=$db_name
ynh_mysql_setup_db --db_user=$db_name --db_name=$db_name
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_script_progression --message="Setting up source files..." --weight=5
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
ynh_app_setting_set $app final_path "$final_path"
# Create tmp directory and fetch app inside
tmpdir=$(mktemp -d)
ynh_setup_source "$tmpdir"
tmpdir="$(ynh_smart_mktemp --min_size=300)"
ynh_setup_source --dest_dir="$tmpdir"
# Fetch needed plugins
mkdir -p $tmpdir/plugins/Ldap_Login
ynh_setup_source "$tmpdir/plugins/Ldap_Login" ldap_plugin
ynh_setup_source "$tmpdir/plugins" log_failed_logins_plugin
ynh_setup_source --dest_dir="$tmpdir/plugins/Ldap_Login" --source_id=ldap_plugin
ynh_setup_source --dest_dir="$tmpdir/plugins" --source_id=log_failed_logins_plugin
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Configuring system user..." --weight=3
ynh_system_user_create $app # Create a dedicated system user
# Create a system user
ynh_system_user_create --username=$app
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring nginx web server..."
# Create a dedicated nginx config
ynh_add_nginx_config
#=================================================
# SPECIFIC SETUP
#=================================================
# COPY FILES TO $FINAL_PATH
#=================================================
# sets extended pattern matching options in the bash shell
shopt -s extglob
# Install files and set permissions
mkdir $final_path
@ -123,69 +130,111 @@ chown -R $app: $final_path
chown -R $app: $datapath
chmod 755 -R $final_path/_data
#=================================================
# NGINX AND PHP-FPM CONFIGURATION
#=================================================
ynh_secure_remove --file="$tmpdir"
ynh_add_nginx_config
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring php-fpm..." --weight=2
# Copy and set php-fpm configuration
# Create a dedicated php-fpm config
ynh_add_fpm_config
#=================================================
# SETUP APPLICATION WITH CURL
#=================================================
ynh_script_progression --message="Installing piwigo with Curl..." --weight=5
ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
# Reload SSOwat config
yunohost app ssowatconf
# Reload Nginx
ynh_systemd_action --service_name=nginx --action=reload
# Generate random password for admin
adm_pwd=$(ynh_string_random --length=24)
ynh_app_setting_set --app=$app --key=admin_pwd --value="$adm_pwd"
if [ "$language" = "fr" ]; then
applanguage="fr_FR"
else
applanguage="en_UK"
fi
# Configure piwigo via curl
mail="$(ynh_user_get_info --username=$admin --key=mail)"
# Installation with curl
ynh_local_curl "/install.php?language=$applanguage" "install=true" "dbuser=$db_name" "dbpasswd=$db_pwd" "dbname=$db_name" "admin_name=$admin" "admin_pass1=$adm_pwd" "admin_pass2=$adm_pwd" "admin_mail=$mail"
#=================================================
# CONFIGURE PIWIGO
#=================================================
ynh_app_setting_set "$app" unprotected_uris "/"
yunohost app ssowatconf
# Generate random password for admin
adm_pwd=$(ynh_string_random 24)
ynh_app_setting_set $app admin_pwd "$adm_pwd"
# Configure piwigo via curl
mail="$(ynh_user_get_info $admin mail)"
ynh_local_curl "/install.php?language=$applanguage" "install=true" "dbuser=$db_user" "dbpasswd=$db_pwd" "dbname=$db_name" "admin_name=$admin" "admin_pass1=$adm_pwd" "admin_pass2=$adm_pwd" "admin_mail=$mail"
ynh_script_progression --message="Configuring piwigo..."
# Change local config
cp ../conf/config.inc.php $final_path/local/config/
# Calculate and store the config file checksum
ynh_store_file_checksum "$final_path/local/config/config.inc.php"
ynh_store_file_checksum --file="$final_path/local/config/config.inc.php"
# Setup database in local/config/database.inc.php
ynh_replace_string "DBTOCHANGE" "$db_name" ../conf/database.inc.php
ynh_replace_string "USERTOCHANGE" "$db_user" ../conf/database.inc.php
ynh_replace_string "PASSTOCHANGE" "$db_pwd" ../conf/database.inc.php
ynh_replace_string --match_string="__DBTOCHANGE__" --replace_string="$db_name" --target_file=../conf/database.inc.php
ynh_replace_string --match_string="__USERTOCHANGE__" --replace_string="$db_name" --target_file=../conf/database.inc.php
ynh_replace_string --match_string="__PASSTOCHANGE__" --replace_string="$db_pwd" --target_file=../conf/database.inc.php
cp ../conf/database.inc.php $final_path/local/config/database.inc.php
# Calculate and store the database config file checksum
ynh_store_file_checksum "$final_path/local/config/database.inc.php"
ynh_store_file_checksum --file="$final_path/local/config/database.inc.php"
#=================================================
# ADD LDAP & FAIL2BAN PLUGINS
# ADD LDAP PLUGINS
#=================================================
ynh_script_progression --message="Configuring LDAP plugin..."
# Configure and activate LDAP plugin
ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "INSERT INTO plugins (id,state,version) VALUES ('Ldap_Login','active','1.1');"
ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "INSERT INTO plugins (id,state,version) VALUES ('Ldap_Login','active','1.1');"
cp ../conf/data.dat $final_path/plugins/Ldap_Login
#=================================================
# CONFIGURE FAIL2BAN
#=================================================
ynh_script_progression --message="Configuring fail2ban..." --weight=6
# Configure and activate log_failed_logins plugin
ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "INSERT INTO plugins (id,state,version) VALUES ('log_failed_logins','active','1.2');"
ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "INSERT INTO config (param, value) VALUES ('logFailedLoginsFilename','/var/log/${app}FailedLogins.log');"
ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "INSERT INTO plugins (id,state,version) VALUES ('log_failed_logins','active','1.2');"
ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "INSERT INTO config (param, value) VALUES ('logFailedLoginsFilename','/var/log/${app}FailedLogins.log');"
touch "/var/log/${app}FailedLogins.log"
chown $app: "/var/log/${app}FailedLogins.log"
# Set-up fail2ban
ynh_add_fail2ban_config "/var/log/${app}FailedLogins.log" "ip=<HOST>" 6
ynh_add_fail2ban_config --logpath="/var/log/${app}FailedLogins.log" --failregex="ip=<HOST>" --max_retry=6
#=================================================
# GENERIC FINALIZATION
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Configuring SSOwat..."
# Protect URIs if private
if [ $is_public -eq 0 ];
if [ $is_public -eq 0 ]
then
ynh_app_setting_delete "$app" unprotected_uris
ynh_app_setting_set "$app" protected_uris "/"
ynh_app_setting_delete --app=$app --key=unprotected_uris
ynh_app_setting_set --app=$app --key=protected_uris --value="/"
fi
#=================================================
# RELOAD NGINX
#=================================================
systemctl reload nginx
ynh_script_progression --message="Reloading nginx web server..."
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Installation of $app completed" --last

51
scripts/remove
View file

@ -12,48 +12,75 @@ source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get $app domain)
db_name=$(ynh_app_setting_get $app db_name)
domain=$(ynh_app_setting_get --app=$app --key=domain)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#=================================================
# STANDARD REMOVE
#=================================================
# REMOVE DEPENDENCIES
#=================================================
ynh_script_progression --message="Removing dependencies..."
# Remove metapackage and its dependencies
ynh_remove_app_dependencies
#=================================================
# REMOVE THE MYSQL DB
# REMOVE THE MYSQL DATABASE
#=================================================
ynh_script_progression --message="Removing the MySQL database..."
ynh_mysql_remove_db "$app" "$db_name"
# Remove a database if it exists, along with the associated user
ynh_mysql_remove_db --db_user=$db_name --db_name=$db_name
#=================================================
# REMOVE APP MAIN DIR
#=================================================
ynh_script_progression --message="Removing app main directory..."
ynh_secure_remove "/var/www/$app"
# Remove the app directory securely
ynh_secure_remove --file="$final_path"
#=================================================
# REMOVE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Removing nginx web server configuration..." --weight=2
# Remove the dedicated nginx config
ynh_remove_nginx_config
#=================================================
# REMOVE PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Removing php-fpm configuration..."
# Remove the dedicated php-fpm config
ynh_remove_fpm_config
#=================================================
# REMOVE FAIL2BAN CONFIGURATION
#=================================================
ynh_script_progression --message="Removing fail2ban configuration..." --weight=8
ynh_remove_fail2ban_config
#=================================================
# REMOVE NGINX AND PHP-FPM CONFIGURATION
#=================================================
ynh_remove_fpm_config
ynh_remove_nginx_config
# GENERIC FINALIZATION
#=================================================
# REMOVE DEDICATED USER
#=================================================
ynh_script_progression --message="Removing the dedicated system user..."
ynh_system_user_delete $app
# Delete a system user
ynh_system_user_delete --username=$app
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Removal of $app completed" --last

115
scripts/restore
View file

@ -1,15 +1,12 @@
#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
if [ ! -e _common.sh ]; then
# Fetch helpers file if not in current directory
cp ../settings/scripts/_common.sh ./_common.sh
chmod a+rx _common.sh
fi
source _common.sh
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
@ -22,92 +19,120 @@ ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading settings..." --weight=2
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get $app domain)
path_url=$(ynh_app_setting_get $app path)
is_public=$(ynh_app_setting_get $app is_public)
final_path=$(ynh_app_setting_get $app final_path)
db_name=$(ynh_app_setting_get $app db_name)
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
is_public=$(ynh_app_setting_get --app=$app --key=is_public)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
#=================================================
# CHECK IF THE APP CAN BE RESTORED
#=================================================
ynh_script_progression --message="Validating restoration parameters..."
ynh_webpath_available $domain $path_url \
|| ynh_die "Path not available: ${domain}${path_url}"
ynh_webpath_available --domain=$domain --path_url=$path_url \
|| ynh_die --message="Path not available: ${domain}${path_url}"
test ! -d $final_path \
|| ynh_die "There is already a directory: $final_path "
|| ynh_die --message="There is already a directory: $final_path "
#=================================================
# STANDARD RESTORE STEPS
# STANDARD RESTORATION STEPS
#=================================================
# RESTORE NGINX CONFIGURATION
# RESTORE THE NGINX CONFIGURATION
#=================================================
ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# RESTORE APP MAIN DIR
# RESTORE THE APP MAIN DIR
#=================================================
ynh_script_progression --message="Restoring the app main directory..."
ynh_restore_file "$final_path"
# Restore data directory if backed-up
if [ -d "$YNH_BACKUP_DIR/apps/${app}/backup/home/yunohost.app/${app}/upload" ] ; then
ynh_restore_file "/home/yunohost.app/${app}/upload"
else
# Create app data folder
mkdir /home/yunohost.app/${app}/upload
fi
# Create temporary data folder
mkdir -p /home/yunohost.app/${app}/_data
# Remove the option backup_core_only if it's in the settings.yml file
ynh_app_setting_delete $app backup_core_only
ynh_restore_file --origin_path="$final_path"
#=================================================
# RESTORE MYSQL DB
# RESTORE THE MYSQL DATABASE
#=================================================
ynh_script_progression --message="Restoring the MySQL database..." --weight=2
db_pwd=$(ynh_app_setting_get $app mysqlpwd)
ynh_mysql_create_db $db_name $db_name $db_pwd
ynh_mysql_connect_as $db_name $db_pwd $db_name < ./db.sql
db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
ynh_mysql_setup_db --db_user=$db_name --db_name=$db_name --db_pwd=$db_pwd
ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name < ./db.sql
#=================================================
# RECREATE OF THE DEDICATED USER
# RECREATE THE DEDICATED USER
#=================================================
ynh_script_progression --message="Recreating the dedicated system user..." --weight=3
ynh_system_user_create $app # Recreate the dedicated user, if not existing
# Create the dedicated user (if not existing)
ynh_system_user_create --username=$app
#=================================================
# RESTORE USER RIGHTS
# RESTORE THE PHP-FPM CONFIGURATION
#=================================================
chown -R $app: $final_path
chown -R $app: /home/yunohost.app/${app}
ynh_restore_file --origin_path="/etc/php/7.0/fpm/pool.d/$app.conf"
#=================================================
# RESTORE FAIL2BAN CONFIGURATION
# RESTORE THE FAIL2BAN CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the fail2ban configuration..." --weight=7
ynh_restore_file "/etc/fail2ban/jail.d/$app.conf"
ynh_restore_file "/etc/fail2ban/filter.d/$app.conf"
touch "/var/log/${app}FailedLogins.log"
chown $app: "/var/log/${app}FailedLogins.log"
systemctl restart fail2ban
ynh_systemd_action --action=restart --service_name=fail2ban
#=================================================
# RESTORE PHP-FPM CONFIGURATION
# SPECIFIC RESTORATION
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Reinstalling dependencies..." --weight=40
# Define and install dependencies
ynh_install_app_dependencies $pkg_dependencies
#=================================================
# RESTORE THE DATA DIRECTORY
#=================================================
ynh_script_progression --message="Restoring data directory..."
# Use --not_mandatory for the data directory, because if the backup has been made with BACKUP_CORE_ONLY, there's no data into the backup.
ynh_restore_file --origin_path="/home/yunohost.app/$app/upload" --not_mandatory
# Create app folders
mkdir -p "/home/yunohost.app/$app/upload"
# Create temporary data folder
mkdir -p /home/yunohost.app/$app/_data
#=================================================
# RESTORE USER RIGHTS
#=================================================
ynh_restore_file /etc/php5/fpm/pool.d/$app.conf
chown -R $app: $final_path
chown -R $app: /home/yunohost.app/$app
#=================================================
# GENERIC FINALIZATION
#=================================================
# RELOAD NGINX AND PHP-FPM
#=================================================
ynh_script_progression --message="Reloading nginx web server and php-fpm..." --weight=2
systemctl reload php5-fpm
systemctl reload nginx
ynh_systemd_action --service_name=php7.0-fpm --action=reload
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Restoration completed for $app" --last

277
scripts/upgrade
View file

@ -1,8 +1,5 @@
#!/bin/bash
shopt -s extglob # sets extended pattern matching options in the bash shell
# Exit on command errors and treat unset variables as an error
set -eu
#=================================================
# GENERIC STARTING
#=================================================
@ -15,123 +12,154 @@ source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
# Set app specific variables
ynh_script_progression --message="Loading installation settings..." --weight=2
app=$YNH_APP_INSTANCE_NAME
# Check destination directory
destdir="/var/www/$app"
[[ ! -d $destdir ]] && ynh_die \
"The destination directory '$destdir' does not exist.\
The app is not correctly installed, you should remove it first."
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
admin=$(ynh_app_setting_get --app=$app --key=admin)
is_public=$(ynh_app_setting_get --app=$app --key=is_public)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
language=$(ynh_app_setting_get --app=$app --key=language)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
admin_pwd=$(ynh_app_setting_get --app=$app --key=admin_pwd)
# Retrieve arguments
domain=$(ynh_app_setting_get "$app" domain)
#=================================================
# CHECK VERSION
#=================================================
path_url=$(ynh_app_setting_get "$app" path_url)
# Compatibility with previous version
if [ -z "$path_url" ] ; then
path_url=$(ynh_app_setting_get "$app" path)
ynh_app_setting_set $app path_url "$path_url"
fi
path_url=$(ynh_normalize_url_path $path_url)
upgrade_type=$(ynh_check_app_version_changed)
final_path=$(ynh_app_setting_get "$app" final_path)
# Compatibility with previous version
if [ -z "$final_path" ] ; then
final_path="/var/www/$app"
ynh_app_setting_set $app final_path "$final_path"
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
ynh_script_progression --message="Ensuring downward compatibility..."
# If db_name doesn't exist, create it
if [ -z "$db_name" ]; then
db_name=$(ynh_sanitize_dbid --db_name=$app)
ynh_app_setting_set --app=$app --key=db_name --value=$db_name
fi
db_name=$(ynh_app_setting_get "$app" db_name)
# Compatibility with previous version
if [ -z "$db_name" ] ; then
db_name=$app
ynh_app_setting_set "$app" db_name "$db_name"
# If final_path doesn't exist, create it
if [ -z "$final_path" ]; then
final_path=/var/www/$app
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
fi
db_user="$db_name"
db_pwd=$(ynh_app_setting_get "$app" mysqlpwd)
admin=$(ynh_app_setting_get "$app" admin)
admin_pwd=$(ynh_app_setting_get "$app" admin_pwd)
# Compatibility with previous version; password was not set
if [ -z "$admin_pwd" ] ; then
# Generate a new password
admin_pwd=$(ynh_string_random 24)
admin_pwd=$(ynh_string_random --length=24)
# Compute password hash with the Piwigo function
cp ../conf/hash_password.php $final_path
hashed_password=$(cd $final_path ; php hash_password.php $admin_pwd)
# Update password hash in database
ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "UPDATE users SET password='$hashed_password' WHERE username='$admin';"
ynh_app_setting_set $app admin_pwd "$admin_pwd"
db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "UPDATE users SET password='$hashed_password' WHERE username='$admin';"
ynh_app_setting_set --app=$app --key=admin_pwd --value="$admin_pwd"
# Remove the temporary hash generation script
ynh_secure_remove "$final_path/hash_password.php"
ynh_secure_remove --file="$final_path/hash_password.php"
fi
language=$(ynh_app_setting_get "$app" language)
if [ "$language" = "fr" ] ; then
applanguage="fr_FR"
else
applanguage="en_UK"
fi
is_public=$(ynh_app_setting_get "$app" is_public)
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
# Use prior backup and restore on error only if backup feature
# exists on installed instance
if [ -f "/etc/yunohost/apps/$app/scripts/backup" ] ; then
# Notify the backup process that it should not save the data directory
ynh_app_setting_set $app backup_core_only 1
ynh_backup_before_upgrade # Backup the current version of the app
ynh_clean_setup () {
ynh_restore_upgradebackup
}
ynh_abort_if_errors # Stop script if an error is detected
# Use path instead of path_url in settings.yml...
if [ -z "$path_url" ]
then
path_url=$(ynh_app_setting_get --app=$app --key=path_url)
ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_delete --app=$app --key=path_url
fi
#=================================================
# INSTALL DEPENDENCIES
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=6
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
# restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# CHECK THE PATH
#=================================================
ynh_install_app_dependencies "$pkg_dependencies"
# Normalize the URL path syntax
path_url=$(ynh_normalize_url_path --path_url=$path_url)
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
# Create tmp directory and fetch app inside
tmpdir=$(ynh_mkdir_tmp)
ynh_setup_source "$tmpdir"
# Fetch needed plugins
mkdir -p $tmpdir/plugins/Ldap_Login
ynh_setup_source "$tmpdir/plugins/Ldap_Login" ldap_plugin
ynh_setup_source "$tmpdir/plugins" log_failed_logins_plugin
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
ynh_script_progression --message="Upgrading source files..." --weight=3
# Create tmp directory and fetch app inside
tmpdir="$(ynh_smart_mktemp --min_size=300)"
ynh_setup_source --dest_dir="$tmpdir"
# Fetch needed plugins
mkdir -p $tmpdir/plugins/Ldap_Login
ynh_setup_source --dest_dir="$tmpdir/plugins/Ldap_Login" --source_id=ldap_plugin
ynh_setup_source --dest_dir="$tmpdir/plugins" --source_id=log_failed_logins_plugin
fi
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading nginx web server configuration..." --weight=2
# Create a dedicated nginx config
ynh_add_nginx_config
#=================================================
# UPGRADE DEPENDENCIES
#=================================================
ynh_script_progression --message="Upgrading dependencies..." --weight=6
ynh_install_app_dependencies "$pkg_dependencies"
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..."
ynh_system_user_create $app # Create dedicated user if not existing
# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app
#=================================================
# SPECIFIC SETUP
# PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading php-fpm configuration..." --weight=3
# Create a dedicated php-fpm config
ynh_add_fpm_config
#=================================================
# SPECIFIC UPGRADE
#=================================================
# COPY FILES TO $FINAL_PATH
#=================================================
# We store photos (potentially large data) on /home/yunohost.app
# sets extended pattern matching options in the bash shell
shopt -s extglob
datapath=/home/yunohost.app/$app
# Install files and set permissions
cp -a $tmpdir/!(upload|_data|galleries) $final_path
# Backward compatibility:
# If the _data subdirectory wasn't already moved to /home/yunohost.app/$app,
# then move it there
@ -152,68 +180,103 @@ chown -R $app: $final_path
chown -R $app: $datapath
chmod 755 -R $final_path/_data
#=================================================
# NGINX AND PHP-FPM CONFIGURATION
#=================================================
ynh_secure_remove --file="$tmpdir"
ynh_add_nginx_config
ynh_store_file_checksum "/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# UPGRADE APPLICATION WITH CURL
#=================================================
ynh_script_progression --message="Upgrading piwigo with Curl..." --weight=6
# Copy and set php-fpm configuration
ynh_add_fpm_config
ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
# Reload SSOwat config
yunohost app ssowatconf
# Reload Nginx
ynh_systemd_action --service_name=nginx --action=reload
if [ "$language" = "fr" ] ; then
applanguage="fr_FR"
else
applanguage="en_UK"
fi
# Upgrade piwigo via curl
ynh_local_curl "/upgrade.php?language=$applanguage&now=true" "language=$applanguage" "username=$admin" "password=$admin_pwd"
#=================================================
# CONFIGURE PIWIGO
#=================================================
ynh_app_setting_set "$app" unprotected_uris "/"
yunohost app ssowatconf
# Configure piwigo via curl
ynh_local_curl "/upgrade.php?language=$applanguage&now=true" "language=$applanguage" "username=$admin" "password=$admin_pwd"
ynh_script_progression --message="Configuring piwigo..."
# Make a backup of the original config file if modified
ynh_backup_if_checksum_is_different "$final_path/local/config/config.inc.php"
ynh_backup_if_checksum_is_different --file="$final_path/local/config/config.inc.php"
# Change local config
cp ../conf/config.inc.php $final_path/local/config/
# Calculate and store the config file checksum
ynh_store_file_checksum "$final_path/local/config/config.inc.php"
ynh_store_file_checksum --file="$final_path/local/config/config.inc.php"
# Make a backup of the original database config file if modified
ynh_backup_if_checksum_is_different "$final_path/local/config/database.inc.php"
ynh_backup_if_checksum_is_different --file="$final_path/local/config/database.inc.php"
# Setup database in local/config/database.inc.php
ynh_replace_string "DBTOCHANGE" "$db_name" ../conf/database.inc.php
ynh_replace_string "USERTOCHANGE" "$db_user" ../conf/database.inc.php
ynh_replace_string "PASSTOCHANGE" "$db_pwd" ../conf/database.inc.php
ynh_replace_string --match_string="__DBTOCHANGE__" --replace_string="$db_name" --target_file=../conf/database.inc.php
ynh_replace_string --match_string="__USERTOCHANGE__" --replace_string="$db_name" --target_file=../conf/database.inc.php
db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
ynh_replace_string --match_string="__PASSTOCHANGE__" --replace_string="$db_pwd" --target_file=../conf/database.inc.php
cp ../conf/database.inc.php $final_path/local/config/database.inc.php
# Calculate and store the database config file checksum
ynh_store_file_checksum "$final_path/local/config/database.inc.php"
ynh_store_file_checksum --file="$final_path/local/config/database.inc.php"
#=================================================
# ADD LDAP & FAIL2BAN PLUGINS
# ADD LDAP PLUGINS
#=================================================
ynh_script_progression --message="Configuring LDAP plugin..."
# Configure and activate LDAP plugin
ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "UPDATE plugins SET state='active' WHERE id='Ldap_Login';"
ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "UPDATE plugins SET state='active' WHERE id='Ldap_Login';"
cp ../conf/data.dat $final_path/plugins/Ldap_Login
#=================================================
# UPGRADE FAIL2BAN
#=================================================
ynh_script_progression --message="Reconfiguring fail2ban..." --weight=8
# Configure and activate log_failed_logins plugin
ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "INSERT INTO plugins (id,state,version) VALUES ('log_failed_logins','active','1.2');" 2>&1 > /dev/null ||ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "UPDATE plugins SET state='active' WHERE id='log_failed_logins';"
ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "INSERT INTO config (param, value) VALUES ('logFailedLoginsFilename','/var/log/${app}FailedLogins.log');" 2>&1 > /dev/null || ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "UPDATE config SET value='/var/log/${app}FailedLogins.log' WHERE param='logFailedLoginsFilename';"
ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "INSERT INTO plugins (id,state,version) VALUES ('log_failed_logins','active','1.2');" 2>&1 > /dev/null || ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "UPDATE plugins SET state='active' WHERE id='log_failed_logins';"
ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "INSERT INTO config (param, value) VALUES ('logFailedLoginsFilename','/var/log/${app}FailedLogins.log');" 2>&1 > /dev/null || ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "UPDATE config SET value='/var/log/${app}FailedLogins.log' WHERE param='logFailedLoginsFilename';"
touch "/var/log/${app}FailedLogins.log"
chown $app: "/var/log/${app}FailedLogins.log"
# Set-up fail2ban
ynh_add_fail2ban_config "/var/log/${app}FailedLogins.log" "ip=<HOST>" 6
ynh_add_fail2ban_config --logpath="/var/log/${app}FailedLogins.log" --failregex="ip=<HOST>" --max_retry=6
#=================================================
# GENERIC FINALIZATION
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Upgrading SSOwat configuration..."
# Protect URIs if private
if [ $is_public -eq 0 ];
if [ $is_public -eq 0 ]
then
ynh_app_setting_delete "$app" unprotected_uris
ynh_app_setting_set "$app" protected_uris "/"
ynh_app_setting_delete --app=$app --key=unprotected_uris
ynh_app_setting_set --app=$app --key=protected_uris --value="/"
fi
#=================================================
# RELOAD NGINX
#=================================================
systemctl reload nginx
ynh_script_progression --message="Reloading nginx web server..."
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Upgrade of $app completed" --last