YunoHost-Apps/piwigo_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/piwigo_ynh.git synced 2024-09-03 20:06:03 +02:00
Code Issues Activity Actions 1

Merge pull request #33 from YunoHost-Apps/package_upgrade

Browse source 
Package upgrade
This commit is contained in:
JimboJoe 2019-03-17 08:54:08 +01:00 committed by GitHub
commit 31b85ca9d0
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
16 changed files with 709 additions and 328 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

50
README.md
View file

@ -1,19 +1,35 @@
Piwigo for YunoHost
---------------------
# Piwigo for YunoHost
[![Integration level](https://dash.yunohost.org/integration/piwigo.svg)](https://dash.yunohost.org/appci/app/piwigo)
[![Install Piwigo with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=piwigo)
[![Integration level](https://dash.yunohost.org/integration/piwigo.svg)](https://ci-apps.yunohost.org/jenkins/job/piwigo%20%28Community%29/lastBuild/consoleFull)
> *This package allow you to install Piwigo quickly and simply on a YunoHost server.
If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.*
[Piwigo](http://piwigo.org) is a photo gallery software for the web, built by an active community of users and developers.
## Overview
[Piwigo](http://piwigo.org) is a photo gallery software for the web, built by an active community of users and developers
Extensions make Piwigo easily customizable. Icing on the cake, Piwigo is free and opensource.
**Shipped version:** 2.9.4
## Screenshots
![](http://piwigo.org/screenshots/homepage/piwigo-batch-manager.png)
## Features
## Demo
* [YunoHost demo](https://demo.yunohost.org/piwigo/)
* [Official demo](http://piwigo.org/demo/)
## Configuration
## Documentation
* Official documentation: https://piwigo.org/doc/doku.php
* YunoHost documentation: https://yunohost.org/#/app_piwigo
## YunoHost specific features
In addition to Piwigo core features, the following are made available with
this package:
@ -25,14 +41,32 @@ this package:
* allow other users management, and guest mode
* Allow one YunoHost user to be the administrator (set at the installation)
#### Supported architectures
* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/piwigo%20%28Official%29.svg)](https://ci-apps.yunohost.org/ci/apps/piwigo/)
* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/piwigo%20%28Official%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/piwigo/)
* Jessie x86-64b - [![Build Status](https://ci-stretch.nohost.me/ci/logs/piwigo%20%28Official%29.svg)](https://ci-stretch.nohost.me/ci/apps/piwigo/)
## Limitations
No limitation known.
It has been tested on x86_64 and ARM.
## Additionnal informations
## Links
* Report a bug: https://github.com/YunoHost-Apps/piwigo_ynh/issues
* Piwigo website: http://piwigo.org/
* YunoHost website: https://yunohost.org/
---
Developers infos
----------------
Please do your pull request to the [testing branch](https://github.com/YunoHost-Apps/piwigo_ynh/tree/testing).
To try the testing branch, please proceed like that.
```
sudo yunohost app install https://github.com/YunoHost-Apps/piwigo_ynh/tree/testing --debug
or
sudo yunohost app upgrade piwigo -u https://github.com/YunoHost-Apps/piwigo_ynh/tree/testing --debug
```

2
check_process
View file

@ -3,7 +3,7 @@
domain="domain.tld" (DOMAIN)
path="/path" (PATH)
admin="john" (USER)
language="fr"
language="fr"
is_public=1 (PUBLIC|public=1|private=0)
; Checks
pkg_linter=1

3
conf/app.src
View file

@ -1,3 +1,6 @@
SOURCE_URL=http://piwigo.org/download/dlcounter.php?code=2.9.4
SOURCE_SUM=00fafe6887af62e34ee97dc9b8e4be0720af9f27ea1cdb16ab6217f462574a3c
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=zip
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=

6
conf/database.inc.php
View file

@ -1,8 +1,8 @@
<?php
$conf['dblayer'] = 'mysqli';
$conf['db_base'] = 'DBTOCHANGE';
$conf['db_user'] = 'USERTOCHANGE';
$conf['db_password'] = 'PASSTOCHANGE';
$conf['db_base'] = '__DBTOCHANGE__';
$conf['db_user'] = '__USERTOCHANGE__';
$conf['db_password'] = '__PASSTOCHANGE__';
$conf['db_host'] = 'localhost';
$prefixeTable = '';

2
conf/ldap_plugin.src
View file

@ -1,4 +1,6 @@
SOURCE_URL=https://github.com/VSLCatena/ldap_login/archive/92fa2fc1abc7cd18e8005583855e468b57689616.zip
SOURCE_SUM=9fe8d2fe3be234939a5dd3a92836202400a38a6d8b8a9b4250a8a522fe53d437
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=zip
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=

3
conf/log_failed_logins_plugin.src
View file

@ -1,5 +1,6 @@
SOURCE_URL=http://piwigo.org/ext/download.php?rid=5525
SOURCE_SUM=85b9a06f2c7ca8ae9698e6151c7631f519c945f696b02da72f9ff53243d7e4ca
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=zip
SOURCE_IN_SUBDIR=false
SOURCE_FILENAME=

12
conf/nginx.conf
View file

@ -1,14 +1,20 @@
location __PATH__ {
alias __FINALPATH__/;
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location __PATH__/ {
# Path to source
alias __FINALPATH__/ ;
# Force usage of https
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
client_max_body_size 100M;
index index.php;
default_type text/html;
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock;
fastcgi_pass unix:/var/run/php/php7.0-fpm-__NAME__.sock;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param REMOTE_USER $remote_user if_not_empty;

114
conf/php-fpm.conf
View file

@ -1,10 +1,11 @@
; Start a new pool named 'www'.
; the variable $pool can we used in any directive and will be replaced by the
; the variable $pool can be used in any directive and will be replaced by the
; pool name ('www' here)
[__NAMETOCHANGE__]
; Per pool prefix
; It only applies on the following directives:
; - 'access.log'
; - 'slowlog'
; - 'listen' (unixsocket)
; - 'chroot'
@ -24,28 +25,35 @@ group = __USER__
; The address on which to accept FastCGI requests.
; Valid syntaxes are:
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on
; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses on a
; specific port;
; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on
; a specific port;
; 'port' - to listen on a TCP socket to all addresses
; (IPv6 and IPv4-mapped) on a specific port;
; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory.
listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock
listen = /var/run/php/php7.0-fpm-__NAMETOCHANGE__.sock
; Set listen(2) backlog.
; Default Value: 128 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 128
; Default Value: 511 (-1 on FreeBSD and OpenBSD)
;listen.backlog = 511
; Set permissions for unix socket, if one is used. In Linux, read/write
; permissions must be set in order to allow connections from a web server. Many
; BSD-derived systems allow connections regardless of permissions.
; BSD-derived systems allow connections regardless of permissions.
; Default Values: user and group are set as the running user
; mode is set to 0660
listen.owner = www-data
listen.group = www-data
;listen.mode = 0660
; List of ipv4 addresses of FastCGI clients which are allowed to connect.
; When POSIX Access Control Lists are supported you can set them using
; these options, value is a comma separated list of user/group names.
; When set, listen.owner and listen.group are ignored
;listen.acl_users =
;listen.acl_groups =
; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect.
; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original
; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address
; must be separated by a comma. If this value is left blank, connections will be
@ -59,7 +67,13 @@ listen.group = www-data
; - The pool processes will inherit the master process priority
; unless it specified otherwise
; Default Value: no set
; priority = -19
; process.priority = -19
; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user
; or group is differrent than the master process user. It allows to create process
; core dump and ptrace the process for the pool user.
; Default Value: no
; process.dumpable = yes
; Choose how the process manager will control the number of child processes.
; Possible Values:
@ -96,7 +110,7 @@ pm = dynamic
; forget to tweak pm.* to fit your needs.
; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand'
; Note: This value is mandatory.
pm.max_children = 10
pm.max_children = 5
; The number of child processes created on startup.
; Note: Used only when pm is set to 'dynamic'
@ -117,12 +131,12 @@ pm.max_spare_servers = 3
; Note: Used only when pm is set to 'ondemand'
; Default Value: 10s
;pm.process_idle_timeout = 10s;
; The number of requests each child process should execute before respawning.
; This can be useful to work around memory leaks in 3rd party libraries. For
; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS.
; Default Value: 0
pm.max_requests = 500
;pm.max_requests = 500
; The URI to view the FPM status page. If this value is not set, no URI will be
; recognized as a status page. It shows the following informations:
@ -170,7 +184,7 @@ pm.max_requests = 500
;
; By default the status page only outputs short status. Passing 'full' in the
; query string will also return status for each pool process.
; Example:
; Example:
; http://www.foo.bar/status?full
; http://www.foo.bar/status?json&full
; http://www.foo.bar/status?html&full
@ -215,14 +229,14 @@ pm.max_requests = 500
; last request memory: 0
;
; Note: There is a real-time FPM status monitoring sample web page available
; It's available in: ${prefix}/share/fpm/status.html
; It's available in: /usr/share/php/7.0/fpm/status.html
;
; Note: The value must start with a leading slash (/). The value can be
; anything, but it may not be a good idea to use the .php extension or it
; may conflict with a real PHP file.
; Default Value: not set
; Default Value: not set
;pm.status_path = /status
; The ping URI to call the monitoring page of FPM. If this value is not set, no
; URI will be recognized as a ping page. This could be used to test from outside
; that FPM is alive and responding, or to
@ -275,7 +289,7 @@ pm.max_requests = 500
; - %{megabytes}M
; - %{mega}M
; %n: pool name
; %o: ouput header
; %o: output header
; it must be associated with embraces to specify the name of the header:
; - %{Content-Type}o
; - %{X-Powered-By}o
@ -283,7 +297,7 @@ pm.max_requests = 500
; - ....
; %p: PID of the child that serviced the request
; %P: PID of the parent of the child that serviced the request
; %q: the query string
; %q: the query string
; %Q: the '?' character if query string exists
; %r: the request URI (without the query string, see %q and %Q)
; %R: remote IP address
@ -291,72 +305,85 @@ pm.max_requests = 500
; %t: server time the request was received
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
; %T: time the log has been written (the request has finished)
; it can accept a strftime(3) format:
; %d/%b/%Y:%H:%M:%S %z (default)
; The strftime(3) format must be encapsuled in a %{<strftime_format>}t tag
; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t
; %u: remote user
;
; Default: "%R - %u %t \"%m %r\" %s"
;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%"
; The log file for slow requests
; Default Value: not set
; Note: slowlog is mandatory if request_slowlog_timeout is set
slowlog = /var/log/nginx/{POOLNAME}.slow.log
;slowlog = log/$pool.log.slow
; The timeout for serving a single request after which a PHP backtrace will be
; dumped to the 'slowlog' file. A value of '0s' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
request_slowlog_timeout = 5s
;request_slowlog_timeout = 0
; The timeout for serving a single request after which the worker process will
; be killed. This option should be used when the 'max_execution_time' ini option
; does not stop script execution for some reason. A value of '0' means 'off'.
; Available units: s(econds)(default), m(inutes), h(ours), or d(ays)
; Default Value: 0
request_terminate_timeout = 1d
; Set open file descriptor rlimit.
; Default Value: system defined value
;rlimit_files = 1024
; Set max core size rlimit.
; Possible Values: 'unlimited' or an integer greater or equal to 0
; Default Value: system defined value
;rlimit_core = 0
; Chroot to this directory at the start. This value must be defined as an
; absolute path. When this value is not set, chroot is not used.
; Note: you can prefix with '$prefix' to chroot to the pool prefix or one
; of its subdirectories. If the pool prefix is not set, the global prefix
; will be used instead.
; Note: chrooting is a great security feature and should be used whenever
; Note: chrooting is a great security feature and should be used whenever
; possible. However, all PHP paths will be relative to the chroot
; (error_log, sessions.save_path, ...).
; Default Value: not set
;chroot =
;chroot =
; Chdir to this directory at the start.
; Note: relative path can be used.
; Default Value: current directory or / when chroot
chdir = __FINALPATH__
; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs.
; Note: on highloaded environement, this can cause some delay in the page
; process time (several ms).
; Default Value: no
catch_workers_output = yes
;catch_workers_output = yes
; Clear environment in FPM workers
; Prevents arbitrary environment variables from reaching FPM worker processes
; by clearing the environment in workers before env vars specified in this
; pool configuration are added.
; Setting to "no" will make all environment variables available to PHP code
; via getenv(), $_ENV and $_SERVER.
; Default Value: yes
;clear_env = no
; Limits the extensions of the main script FPM will allow to parse. This can
; prevent configuration mistakes on the web server side. You should only limit
; FPM to .php extensions to prevent malicious users to use other extensions to
; exectute php code.
; execute php code.
; Note: set an empty value to allow all extensions.
; Default Value: .php
;security.limit_extensions = .php .php3 .php4 .php5
;security.limit_extensions = .php .php3 .php4 .php5 .php7
; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from
; the current environment.
; Default Value: clean env
@ -370,7 +397,7 @@ catch_workers_output = yes
; overwrite the values previously defined in the php.ini. The directives are the
; same as the PHP SAPI:
; php_value/php_flag - you can set classic ini defines which can
; be overwritten from PHP call 'ini_set'.
; be overwritten from PHP call 'ini_set'.
; php_admin_value/php_admin_flag - these directives won't be overwritten by
; PHP call 'ini_set'
; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no.
@ -389,6 +416,19 @@ catch_workers_output = yes
;php_flag[display_errors] = off
;php_admin_value[error_log] = /var/log/fpm-php.www.log
;php_admin_flag[log_errors] = on
;php_admin_value[memory_limit] = 32M
; Common values to change to increase file upload limit
; php_admin_value[upload_max_filesize] = 50M
; php_admin_value[post_max_size] = 50M
; php_admin_flag[mail.add_x_header] = Off
; Other common parameters
; php_admin_value[max_execution_time] = 600
; php_admin_value[max_input_time] = 300
; php_admin_value[memory_limit] = 256M
; php_admin_flag[short_open_tag] = On
php_admin_value[memory_limit] = 64M
; Common values to change to increase file upload limit

5
manifest.json
View file

@ -15,12 +15,12 @@
"url": ""
},
"requirements": {
"yunohost": ">= 2.7.2"
"yunohost": ">= 3.4"
},
"multi_instance": true,
"services": [
"nginx",
"php5-fpm",
"php7.0-fpm",
"mysql"
],
"arguments": {
@ -64,6 +64,7 @@
},
{
"name": "language",
"type": "string",
"ask": {
"en": "Choose the application language",
"fr": "Choisissez la langue de l'application"

193
scripts/_common.sh
View file

@ -1,35 +1,122 @@
#!/bin/bash
#
# Common variables
#
pkg_dependencies="php5-gd php5-imagick imagemagick"
#=================================================
# COMMON VARIABLES
#=================================================
# ============= FUTURE YUNOHOST HELPERS =============
pkg_dependencies="php-gd php-imagick imagemagick"
#=================================================
# FUTURE OFFICIAL HELPERS
#=================================================
# Create a dedicated fail2ban config (jail and filter conf files)
#
# usage: ynh_add_fail2ban_config log_file filter [max_retry [ports]]
# | arg: log_file - Log file to be checked by fail2ban
# | arg: failregex - Failregex to be looked for by fail2ban
# | arg: max_retry - Maximum number of retries allowed before banning IP address - default: 3
# | arg: ports - Ports blocked for a banned IP address - default: http,https
# usage 1: ynh_add_fail2ban_config --logpath=log_file --failregex=filter [--max_retry=max_retry] [--ports=ports]
# | arg: -l, --logpath= - Log file to be checked by fail2ban
# | arg: -r, --failregex= - Failregex to be looked for by fail2ban
# | arg: -m, --max_retry= - Maximum number of retries allowed before banning IP address - default: 3
# | arg: -p, --ports= - Ports blocked for a banned IP address - default: http,https
#
# -----------------------------------------------------------------------------
#
# usage 2: ynh_add_fail2ban_config --use_template [--others_var="list of others variables to replace"]
# | arg: -t, --use_template - Use this helper in template mode
# | arg: -v, --others_var= - List of others variables to replace separeted by a space
# | for example : 'var_1 var_2 ...'
#
# This will use a template in ../conf/f2b_jail.conf and ../conf/f2b_filter.conf
# __APP__ by $app
#
# You can dynamically replace others variables by example :
# __VAR_1__ by $var_1
# __VAR_2__ by $var_2
#
# Generally your template will look like that by example (for synapse):
#
# f2b_jail.conf:
# [__APP__]
# enabled = true
# port = http,https
# filter = __APP__
# logpath = /var/log/__APP__/logfile.log
# maxretry = 3
#
# f2b_filter.conf:
# [INCLUDES]
# before = common.conf
# [Definition]
#
# # Part of regex definition (just used to make more easy to make the global regex)
# __synapse_start_line = .? \- synapse\..+ \-
#
# # Regex definition.
# failregex = ^%(__synapse_start_line)s INFO \- POST\-(\d+)\- <HOST> \- \d+ \- Received request\: POST /_matrix/client/r0/login\??<SKIPLINES>%(__synapse_start_line)s INFO \- POST\-\1\- Got login request with identifier: \{u'type': u'm.id.user', u'user'\: u'(.+?)'\}, medium\: None, address: None, user\: u'\5'<SKIPLINES>%(__synapse_start_line)s WARNING \- \- (Attempted to login as @\5\:.+ but they do not exist|Failed password login for user @\5\:.+)$
#
# ignoreregex =
#
# -----------------------------------------------------------------------------
#
# Note about the "failregex" option:
# regex to match the password failure messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
#
# You can find some more explainations about how to make a regex here :
# https://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Filters
#
# Note that the logfile need to exist before to call this helper !!
#
# To validate your regex you can test with this command:
# fail2ban-regex /var/log/YOUR_LOG_FILE_PATH /etc/fail2ban/filter.d/YOUR_APP.conf
#
ynh_add_fail2ban_config () {
# Process parameters
logpath=$1
failregex=$2
max_retry=${3:-3}
ports=${4:-http,https}
test -n "$logpath" || ynh_die "ynh_add_fail2ban_config expects a logfile path as first argument and received nothing."
test -n "$failregex" || ynh_die "ynh_add_fail2ban_config expects a failure regex as second argument and received nothing."
# Declare an array to define the options of this helper.
declare -Ar args_array=( [l]=logpath= [r]=failregex= [m]=max_retry= [p]=ports= [t]=use_template [v]=others_var=)
local logpath
local failregex
local max_retry
local ports
local others_var
local use_template
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
use_template="${use_template:-0}"
max_retry=${max_retry:-3}
ports=${ports:-http,https}
finalfail2banjailconf="/etc/fail2ban/jail.d/$app.conf"
finalfail2banfilterconf="/etc/fail2ban/filter.d/$app.conf"
ynh_backup_if_checksum_is_different "$finalfail2banjailconf" 1
ynh_backup_if_checksum_is_different "$finalfail2banfilterconf" 1
sudo tee $finalfail2banjailconf <<EOF
ynh_backup_if_checksum_is_different "$finalfail2banjailconf"
ynh_backup_if_checksum_is_different "$finalfail2banfilterconf"
if [ $use_template -eq 1 ]
then
# Usage 2, templates
cp ../conf/f2b_jail.conf $finalfail2banjailconf
cp ../conf/f2b_filter.conf $finalfail2banfilterconf
if [ -n "${app:-}" ]
then
ynh_replace_string "__APP__" "$app" "$finalfail2banjailconf"
ynh_replace_string "__APP__" "$app" "$finalfail2banfilterconf"
fi
# Replace all other variable given as arguments
for var_to_replace in ${others_var:-}; do
# ${var_to_replace^^} make the content of the variable on upper-cases
# ${!var_to_replace} get the content of the variable named $var_to_replace
ynh_replace_string "__${var_to_replace^^}__" "${!var_to_replace}" "$finalfail2banjailconf"
ynh_replace_string "__${var_to_replace^^}__" "${!var_to_replace}" "$finalfail2banfilterconf"
done
else
# Usage 1, no template. Build a config file from scratch.
test -n "$logpath" || ynh_die "ynh_add_fail2ban_config expects a logfile path as first argument and received nothing."
test -n "$failregex" || ynh_die "ynh_add_fail2ban_config expects a failure regex as second argument and received nothing."
tee $finalfail2banjailconf <<EOF
[$app]
enabled = true
port = $ports
@ -38,23 +125,25 @@ logpath = $logpath
maxretry = $max_retry
EOF
sudo tee $finalfail2banfilterconf <<EOF
tee $finalfail2banfilterconf <<EOF
[INCLUDES]
before = common.conf
[Definition]
failregex = $failregex
ignoreregex =
EOF
fi
# Common to usage 1 and 2.
ynh_store_file_checksum "$finalfail2banjailconf"
ynh_store_file_checksum "$finalfail2banfilterconf"
systemctl restart fail2ban
systemctl try-reload-or-restart fail2ban
local fail2ban_error="$(journalctl -u fail2ban | tail -n50 | grep "WARNING.*$app.*")"
if [ -n "$fail2ban_error" ]
then
echo "[ERR] Fail2ban failed to load the jail for $app" >&2
echo "WARNING${fail2ban_error#*WARNING}" >&2
if [[ -n "$fail2ban_error" ]]; then
ynh_print_err "Fail2ban failed to load the jail for $app"
ynh_print_warn "${fail2ban_error#*WARNING}"
fi
}
@ -64,16 +153,44 @@ EOF
ynh_remove_fail2ban_config () {
ynh_secure_remove "/etc/fail2ban/jail.d/$app.conf"
ynh_secure_remove "/etc/fail2ban/filter.d/$app.conf"
sudo systemctl restart fail2ban
systemctl try-reload-or-restart fail2ban
}
# Delete a file checksum from the app settings
#=================================================
# Check available space before creating a temp directory.
#
# $app should be defined when calling this helper
# usage: ynh_smart_mktemp --min_size="Min size"
#
# usage: ynh_remove_file_checksum file
# | arg: file - The file for which the checksum will be deleted
ynh_delete_file_checksum () {
local checksum_setting_name=checksum_${1//[\/ ]/_} # Replace all '/' and ' ' by '_'
ynh_app_setting_delete $app $checksum_setting_name
# | arg: -s, --min_size= - Minimal size needed for the temporary directory, in Mb
ynh_smart_mktemp () {
# Declare an array to define the options of this helper.
declare -Ar args_array=( [s]=min_size= )
local min_size
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
min_size="${min_size:-300}"
# Transform the minimum size from megabytes to kilobytes
min_size=$(( $min_size * 1024 ))
# Check if there's enough free space in a directory
is_there_enough_space () {
local free_space=$(df --output=avail "$1" | sed 1d)
test $free_space -ge $min_size
}
if is_there_enough_space /tmp; then
local tmpdir=/tmp
elif is_there_enough_space /var; then
local tmpdir=/var
elif is_there_enough_space /; then
local tmpdir=/
elif is_there_enough_space /home; then
local tmpdir=/home
else
ynh_die "Insufficient free space to continue..."
fi
echo "$(sudo mktemp --directory --tmpdir="$tmpdir")"
}

68
scripts/backup
View file

@ -1,16 +1,12 @@
#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
if [ ! -e _common.sh ]; then
# Fetch helpers file if not in current directory
cp ../settings/scripts/_common.sh ./_common.sh
chmod a+rx _common.sh
fi
source _common.sh
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
@ -23,6 +19,7 @@ ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info "Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
@ -33,42 +30,55 @@ db_name=$(ynh_app_setting_get $app db_name)
#=================================================
# STANDARD BACKUP STEPS
#=================================================
# BACKUP APP MAIN DIR
# BACKUP THE APP MAIN DIR
#=================================================
ynh_print_info "Backing up the main app directory..."
ynh_backup "$final_path"
# Copy the data directory
backup_core_only=$(ynh_app_setting_get "$app" backup_core_only)
if [ -z $backup_core_only ] # If backup_core_only setting set, don't backup data directory
then
ynh_backup /home/yunohost.app/${app}/upload
else
echo "Data dir won't be saved, because backup_core_only is set." >&2
# Remove the option so that next regular backup will be complete
ynh_app_setting_delete $app backup_core_only
fi
#=================================================
# BACKUP FAIL2BAN CONFIGURATION
#=================================================
ynh_backup "/etc/fail2ban/jail.d/$app.conf"
ynh_backup "/etc/fail2ban/filter.d/$app.conf"
#=================================================
# BACKUP NGINX CONFIGURATION
# BACKUP THE NGINX CONFIGURATION
#=================================================
ynh_print_info "Backing up nginx web server configuration..."
ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# BACKUP PHP-FPM CONFIGURATION
# BACKUP THE PHP-FPM CONFIGURATION
#=================================================
ynh_print_info "Backing up php-fpm configuration..."
ynh_backup "/etc/php5/fpm/pool.d/$app.conf"
ynh_backup "/etc/php/7.0/fpm/pool.d/$app.conf"
#=================================================
# BACKUP MYSQL DB
# BACKUP THE MYSQL DATABASE
#=================================================
ynh_print_info "Backing up the MySQL database..."
ynh_mysql_dump_db "$db_name" > db.sql
#=================================================
# BACKUP FAIL2BAN CONFIGURATION
#=================================================
ynh_print_info "Backing up fail2ban configuration..."
ynh_backup "/etc/fail2ban/jail.d/$app.conf"
ynh_backup "/etc/fail2ban/filter.d/$app.conf"
#=================================================
# SPECIFIC BACKUP
#=================================================
# BACKUP THE DATA DIRECTORY
#=================================================
ynh_print_info "Backing up data directory..."
# The 1 parameter indicates the directory is "big",
# so that it won't be backed up before upgrade
# This argument has to be the third one.
ynh_backup "/home/yunohost.app/${app}/upload" "/home/yunohost.app/${app}/upload" 1
#=================================================
# END OF SCRIPT
#=================================================
ynh_print_info "Backup script completed for $app. (YunoHost will then actually copy those files to the archive)."

41
scripts/change_url
View file

@ -21,6 +21,14 @@ new_path=$YNH_APP_NEW_PATH
app=$YNH_APP_INSTANCE_NAME
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info "Loading installation settings..."
# Needed for helper "ynh_add_nginx_config"
final_path=$(ynh_app_setting_get $app final_path)
#=================================================
# CHECK PATHS SYNTAX
#=================================================
@ -51,30 +59,30 @@ fi
#=================================================
# MODIFY URL IN NGINX CONF FILE
#=================================================
ynh_print_info "Updating nginx web server configuration..."
nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
# Change the path in the nginx config file
if [ $change_path -eq 1 ]
then
# Make a backup of the original nginx config file if modified
ynh_backup_if_checksum_is_different "$nginx_conf_path"
# Replace locations starting with old_path
# Look for every location possible patterns (see https://nginx.org/en/docs/http/ngx_http_core_module.html#location)
ynh_replace_string "location\( \(=\|~\|~\*\|\^~\)\)\? $old_path" "location\1 $new_path" "$nginx_conf_path"
# Replace path in "return" directives
ynh_replace_string "return \([[:digit:]]\{3\}\) $old_path" "return \1 $new_path" "$nginx_conf_path"
# Calculate and store the nginx config file checksum
ynh_store_file_checksum "$nginx_conf_path"
# Make a backup of the original nginx config file if modified
ynh_backup_if_checksum_is_different "$nginx_conf_path"
# Set global variables for nginx helper
domain="$old_domain"
path_url="$new_path"
# Create a dedicated nginx config
ynh_add_nginx_config
fi
# Change the domain for nginx
if [ $change_domain -eq 1 ]
then
ynh_delete_file_checksum "$nginx_conf_path"
mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf
# Store file checksum for the new config file location
ynh_store_file_checksum "/etc/nginx/conf.d/$new_domain.d/$app.conf"
# Delete file checksum for the old conf file location
ynh_delete_file_checksum "$nginx_conf_path"
mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf
# Store file checksum for the new config file location
ynh_store_file_checksum "/etc/nginx/conf.d/$new_domain.d/$app.conf"
fi
#=================================================
@ -82,5 +90,12 @@ fi
#=================================================
# RELOAD NGINX
#=================================================
ynh_print_info "Reloading nginx web server..."
systemctl reload nginx
#=================================================
# END OF SCRIPT
#=================================================
ynh_print_info "Change of url completed for $app"

166
scripts/install
View file

@ -1,5 +1,4 @@
#!/bin/bash
shopt -s extglob # sets extended pattern matching options in the bash shell
#=================================================
# GENERIC STARTING
@ -14,79 +13,75 @@ source /usr/share/yunohost/helpers
# MANAGE SCRIPT FAILURE
#=================================================
ynh_abort_if_errors # Stop script if an error is detected
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST
#=================================================
# Retrieve app id
app=$YNH_APP_INSTANCE_NAME
# Retrieve arguments
domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH
admin=$YNH_APP_ARG_ADMIN
is_public=$YNH_APP_ARG_IS_PUBLIC
language=$YNH_APP_ARG_LANGUAGE
if [ "$language" = "fr" ] ; then
applanguage="fr_FR"
else
applanguage="en_UK"
fi
app=$YNH_APP_INSTANCE_NAME
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#=================================================
path_url=$(ynh_normalize_url_path $path_url) # Check and normalize path
ynh_print_info "Validating installation parameters..."
final_path=/var/www/$app
test ! -e "$final_path" || ynh_die "This path already contains a folder"
# Check web path availability
ynh_webpath_available $domain $path_url
# Normalize the url path syntax
path_url=$(ynh_normalize_url_path $path_url)
# Register (book) web path
ynh_webpath_register $app $domain $path_url
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
ynh_print_info "Storing installation settings..."
ynh_app_setting_set $app domain "$domain"
ynh_app_setting_set $app path_url "$path_url"
ynh_app_setting_set $app admin "$admin"
ynh_app_setting_set $app is_public "$is_public"
ynh_app_setting_set $app language "$language"
ynh_app_setting_set $app domain $domain
ynh_app_setting_set $app path $path_url
ynh_app_setting_set $app admin $admin
ynh_app_setting_set $app is_public $is_public
ynh_app_setting_set $app language $language
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# INSTALL DEPENDENCIES
#=================================================
ynh_print_info "Installing dependencies..."
ynh_install_app_dependencies "$pkg_dependencies"
#=================================================
# CREATE A MYSQL DB
#=================================================
ynh_print_info "Creating a MySQL database..."
db_name=$(ynh_sanitize_dbid $app)
db_user="$db_name"
ynh_app_setting_set "$app" db_name "$db_name"
# Initialize database
ynh_mysql_setup_db "$db_user" "$db_name"
ynh_app_setting_set $app db_name $db_name
ynh_mysql_setup_db $db_name $db_name
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_print_info "Setting up source files..."
ynh_app_setting_set $app final_path $final_path
ynh_app_setting_set $app final_path "$final_path"
# Create tmp directory and fetch app inside
tmpdir=$(mktemp -d)
tmpdir="$(ynh_smart_mktemp --min_size=300)"
ynh_setup_source "$tmpdir"
# Fetch needed plugins
mkdir -p $tmpdir/plugins/Ldap_Login
ynh_setup_source "$tmpdir/plugins/Ldap_Login" ldap_plugin
@ -95,12 +90,27 @@ ynh_setup_source "$tmpdir/plugins" log_failed_logins_plugin
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_print_info "Configuring system user..."
ynh_system_user_create $app # Create a dedicated system user
# Create a system user
ynh_system_user_create $app
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_print_info "Configuring nginx web server..."
# Create a dedicated nginx config
ynh_add_nginx_config
#=================================================
# SPECIFIC SETUP
#=================================================
# COPY FILES TO $FINAL_PATH
#=================================================
# sets extended pattern matching options in the bash shell
shopt -s extglob
# Install files and set permissions
mkdir $final_path
@ -123,69 +133,111 @@ chown -R $app: $final_path
chown -R $app: $datapath
chmod 755 -R $final_path/_data
#=================================================
# NGINX AND PHP-FPM CONFIGURATION
#=================================================
ynh_secure_remove "$tmpdir"
ynh_add_nginx_config
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
ynh_print_info "Configuring php-fpm..."
# Copy and set php-fpm configuration
# Create a dedicated php-fpm config
ynh_add_fpm_config
#=================================================
# SETUP APPLICATION WITH CURL
#=================================================
ynh_print_info "Installing piwigo with Curl..."
ynh_app_setting_set $app unprotected_uris "/"
# Reload SSOwat config
yunohost app ssowatconf
# Reload Nginx
systemctl reload nginx
# Generate random password for admin
adm_pwd=$(ynh_string_random 24)
ynh_app_setting_set $app admin_pwd "$adm_pwd"
if [ "$language" = "fr" ] ; then
applanguage="fr_FR"
else
applanguage="en_UK"
fi
# Configure piwigo via curl
mail="$(ynh_user_get_info $admin mail)"
# Installation with curl
ynh_local_curl "/install.php?language=$applanguage" "install=true" "dbuser=$db_name" "dbpasswd=$db_pwd" "dbname=$db_name" "admin_name=$admin" "admin_pass1=$adm_pwd" "admin_pass2=$adm_pwd" "admin_mail=$mail"
#=================================================
# CONFIGURE PIWIGO
#=================================================
ynh_app_setting_set "$app" unprotected_uris "/"
yunohost app ssowatconf
# Generate random password for admin
adm_pwd=$(ynh_string_random 24)
ynh_app_setting_set $app admin_pwd "$adm_pwd"
# Configure piwigo via curl
mail="$(ynh_user_get_info $admin mail)"
ynh_local_curl "/install.php?language=$applanguage" "install=true" "dbuser=$db_user" "dbpasswd=$db_pwd" "dbname=$db_name" "admin_name=$admin" "admin_pass1=$adm_pwd" "admin_pass2=$adm_pwd" "admin_mail=$mail"
ynh_print_info "Configuring piwigo..."
# Change local config
cp ../conf/config.inc.php $final_path/local/config/
# Calculate and store the config file checksum
ynh_store_file_checksum "$final_path/local/config/config.inc.php"
# Setup database in local/config/database.inc.php
ynh_replace_string "DBTOCHANGE" "$db_name" ../conf/database.inc.php
ynh_replace_string "USERTOCHANGE" "$db_user" ../conf/database.inc.php
ynh_replace_string "PASSTOCHANGE" "$db_pwd" ../conf/database.inc.php
ynh_replace_string "__DBTOCHANGE__" "$db_name" ../conf/database.inc.php
ynh_replace_string "__USERTOCHANGE__" "$db_name" ../conf/database.inc.php
ynh_replace_string "__PASSTOCHANGE__" "$db_pwd" ../conf/database.inc.php
cp ../conf/database.inc.php $final_path/local/config/database.inc.php
# Calculate and store the database config file checksum
ynh_store_file_checksum "$final_path/local/config/database.inc.php"
#=================================================
# ADD LDAP & FAIL2BAN PLUGINS
# ADD LDAP PLUGINS
#=================================================
ynh_print_info "Configuring LDAP plugin..."
# Configure and activate LDAP plugin
ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "INSERT INTO plugins (id,state,version) VALUES ('Ldap_Login','active','1.1');"
ynh_mysql_connect_as $db_name $db_pwd $db_name <<< "INSERT INTO plugins (id,state,version) VALUES ('Ldap_Login','active','1.1');"
cp ../conf/data.dat $final_path/plugins/Ldap_Login
#=================================================
# CONFIGURE FAIL2BAN
#=================================================
ynh_print_info "Configuring fail2ban..."
# Configure and activate log_failed_logins plugin
ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "INSERT INTO plugins (id,state,version) VALUES ('log_failed_logins','active','1.2');"
ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "INSERT INTO config (param, value) VALUES ('logFailedLoginsFilename','/var/log/${app}FailedLogins.log');"
ynh_mysql_connect_as $db_name $db_pwd $db_name <<< "INSERT INTO plugins (id,state,version) VALUES ('log_failed_logins','active','1.2');"
ynh_mysql_connect_as $db_name $db_pwd $db_name <<< "INSERT INTO config (param, value) VALUES ('logFailedLoginsFilename','/var/log/${app}FailedLogins.log');"
touch "/var/log/${app}FailedLogins.log"
chown $app: "/var/log/${app}FailedLogins.log"
# Set-up fail2ban
ynh_add_fail2ban_config "/var/log/${app}FailedLogins.log" "ip=<HOST>" 6
ynh_add_fail2ban_config --logpath="/var/log/${app}FailedLogins.log" --failregex="ip=<HOST>" --max_retry=6
#=================================================
# GENERIC FINALIZATION
#=================================================
# SETUP SSOWAT
#=================================================
ynh_print_info "Configuring SSOwat..."
# Protect URIs if private
if [ $is_public -eq 0 ];
if [ $is_public -eq 0 ]
then
ynh_app_setting_delete "$app" unprotected_uris
ynh_app_setting_set "$app" protected_uris "/"
ynh_app_setting_delete $app unprotected_uris
ynh_app_setting_set $app protected_uris "/"
fi
#=================================================
# RELOAD NGINX
#=================================================
ynh_print_info "Reloading nginx web server..."
systemctl reload nginx
#=================================================
# END OF SCRIPT
#=================================================
ynh_print_info "Installation of $app completed"

47
scripts/remove
View file

@ -12,48 +12,75 @@ source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info "Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get $app domain)
db_name=$(ynh_app_setting_get $app db_name)
final_path=$(ynh_app_setting_get $app final_path)
#=================================================
# STANDARD REMOVE
#=================================================
# REMOVE DEPENDENCIES
#=================================================
ynh_print_info "Removing dependencies"
# Remove metapackage and its dependencies
ynh_remove_app_dependencies
#=================================================
# REMOVE THE MYSQL DB
# REMOVE THE MYSQL DATABASE
#=================================================
ynh_print_info "Removing the MySQL database"
ynh_mysql_remove_db "$app" "$db_name"
# Remove a database if it exists, along with the associated user
ynh_mysql_remove_db $db_name $db_name
#=================================================
# REMOVE APP MAIN DIR
#=================================================
ynh_print_info "Removing app main directory"
ynh_secure_remove "/var/www/$app"
# Remove the app directory securely
ynh_secure_remove "$final_path"
#=================================================
# REMOVE NGINX CONFIGURATION
#=================================================
ynh_print_info "Removing nginx web server configuration"
# Remove the dedicated nginx config
ynh_remove_nginx_config
#=================================================
# REMOVE PHP-FPM CONFIGURATION
#=================================================
ynh_print_info "Removing php-fpm configuration"
# Remove the dedicated php-fpm config
ynh_remove_fpm_config
#=================================================
# REMOVE FAIL2BAN CONFIGURATION
#=================================================
ynh_print_info "Removing fail2ban configuration"
ynh_remove_fail2ban_config
#=================================================
# REMOVE NGINX AND PHP-FPM CONFIGURATION
#=================================================
ynh_remove_fpm_config
ynh_remove_nginx_config
# GENERIC FINALIZATION
#=================================================
# REMOVE DEDICATED USER
#=================================================
ynh_print_info "Removing the dedicated system user"
ynh_system_user_delete $app
# Delete a system user
ynh_system_user_delete $app
#=================================================
# END OF SCRIPT
#=================================================
ynh_print_info "Removal of $app completed"

82
scripts/restore
View file

@ -1,15 +1,12 @@
#!/bin/bash
#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
if [ ! -e _common.sh ]; then
# Fetch helpers file if not in current directory
cp ../settings/scripts/_common.sh ./_common.sh
chmod a+rx _common.sh
fi
source _common.sh
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
@ -22,6 +19,7 @@ ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_print_info "Loading settings..."
app=$YNH_APP_INSTANCE_NAME
@ -34,6 +32,7 @@ db_name=$(ynh_app_setting_get $app db_name)
#=================================================
# CHECK IF THE APP CAN BE RESTORED
#=================================================
ynh_print_info "Validating restoration parameters..."
ynh_webpath_available $domain $path_url \
|| ynh_die "Path not available: ${domain}${path_url}"
@ -41,54 +40,48 @@ test ! -d $final_path \
|| ynh_die "There is already a directory: $final_path "
#=================================================
# STANDARD RESTORE STEPS
# STANDARD RESTORATION STEPS
#=================================================
# RESTORE NGINX CONFIGURATION
# RESTORE THE NGINX CONFIGURATION
#=================================================
ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# RESTORE APP MAIN DIR
# RESTORE THE APP MAIN DIR
#=================================================
ynh_print_info "Restoring the app main directory..."
ynh_restore_file "$final_path"
# Restore data directory if backed-up
if [ -d "$YNH_BACKUP_DIR/apps/${app}/backup/home/yunohost.app/${app}/upload" ] ; then
ynh_restore_file "/home/yunohost.app/${app}/upload"
else
# Create app data folder
mkdir /home/yunohost.app/${app}/upload
fi
# Create temporary data folder
mkdir -p /home/yunohost.app/${app}/_data
# Remove the option backup_core_only if it's in the settings.yml file
ynh_app_setting_delete $app backup_core_only
#=================================================
# RESTORE MYSQL DB
# RESTORE THE MYSQL DATABASE
#=================================================
ynh_print_info "Restoring the MySQL database..."
db_pwd=$(ynh_app_setting_get $app mysqlpwd)
ynh_mysql_create_db $db_name $db_name $db_pwd
ynh_mysql_setup_db $db_name $db_name $db_pwd
ynh_mysql_connect_as $db_name $db_pwd $db_name < ./db.sql
#=================================================
# RECREATE OF THE DEDICATED USER
# RECREATE THE DEDICATED USER
#=================================================
ynh_print_info "Recreating the dedicated system user..."
ynh_system_user_create $app # Recreate the dedicated user, if not existing
# Create the dedicated user (if not existing)
ynh_system_user_create $app
#=================================================
# RESTORE USER RIGHTS
# RESTORE THE PHP-FPM CONFIGURATION
#=================================================
chown -R $app: $final_path
chown -R $app: /home/yunohost.app/${app}
ynh_restore_file "/etc/php/7.0/fpm/pool.d/$app.conf"
#=================================================
# RESTORE FAIL2BAN CONFIGURATION
# RESTORE THE FAIL2BAN CONFIGURATION
#=================================================
ynh_print_info "Restoring the fail2ban configuration"
ynh_restore_file "/etc/fail2ban/jail.d/$app.conf"
ynh_restore_file "/etc/fail2ban/filter.d/$app.conf"
@ -98,16 +91,43 @@ chown $app: "/var/log/${app}FailedLogins.log"
systemctl restart fail2ban
#=================================================
# RESTORE PHP-FPM CONFIGURATION
# SPECIFIC RESTORATION
#=================================================
# RESTORE THE DATA DIRECTORY
#=================================================
ynh_print_info "Restoring data directory..."
# The data directory will be restored only if it exists in the backup archive
# So only if it was backup previously.
if [ -d "$YNH_BACKUP_DIR/apps/$app/backup/home/yunohost.app/${app}/upload" ]
then
ynh_restore_file "/home/yunohost.app/${app}/upload"
else
# Create app folders
mkdir -p "/home/yunohost.app/${app}/upload"
fi
# Create temporary data folder
mkdir -p /home/yunohost.app/${app}/_data
#=================================================
# RESTORE USER RIGHTS
#=================================================
ynh_restore_file /etc/php5/fpm/pool.d/$app.conf
chown -R $app: $final_path
chown -R $app: /home/yunohost.app/${app}
#=================================================
# GENERIC FINALIZATION
#=================================================
# RELOAD NGINX AND PHP-FPM
#=================================================
ynh_print_info "Reloading nginx web server and php-fpm..."
systemctl reload php5-fpm
systemctl reload php7.0-fpm
systemctl reload nginx
#=================================================
# END OF SCRIPT
#=================================================
ynh_print_info "Restoration completed for $app"

243
scripts/upgrade
View file

@ -1,8 +1,5 @@
#!/bin/bash
shopt -s extglob # sets extended pattern matching options in the bash shell
# Exit on command errors and treat unset variables as an error
set -eu
#=================================================
# GENERIC STARTING
#=================================================
@ -15,123 +12,144 @@ source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
# Set app specific variables
ynh_print_info "Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
# Check destination directory
destdir="/var/www/$app"
[[ ! -d $destdir ]] && ynh_die \
"The destination directory '$destdir' does not exist.\
The app is not correctly installed, you should remove it first."
domain=$(ynh_app_setting_get $app domain)
path_url=$(ynh_app_setting_get $app path)
admin=$(ynh_app_setting_get $app admin)
is_public=$(ynh_app_setting_get $app is_public)
final_path=$(ynh_app_setting_get $app final_path)
language=$(ynh_app_setting_get $app language)
db_name=$(ynh_app_setting_get $app db_name)
admin_pwd=$(ynh_app_setting_get $app admin_pwd)
# Retrieve arguments
domain=$(ynh_app_setting_get "$app" domain)
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
ynh_print_info "Ensuring downward compatibility..."
path_url=$(ynh_app_setting_get "$app" path_url)
# Compatibility with previous version
if [ -z "$path_url" ] ; then
path_url=$(ynh_app_setting_get "$app" path)
ynh_app_setting_set $app path_url "$path_url"
fi
path_url=$(ynh_normalize_url_path $path_url)
final_path=$(ynh_app_setting_get "$app" final_path)
# Compatibility with previous version
if [ -z "$final_path" ] ; then
final_path="/var/www/$app"
ynh_app_setting_set $app final_path "$final_path"
# If db_name doesn't exist, create it
if [ -z $db_name ]; then
db_name=$(ynh_sanitize_dbid $app)
ynh_app_setting_set $app db_name $db_name
fi
db_name=$(ynh_app_setting_get "$app" db_name)
# Compatibility with previous version
if [ -z "$db_name" ] ; then
db_name=$app
ynh_app_setting_set "$app" db_name "$db_name"
# If final_path doesn't exist, create it
if [ -z $final_path ]; then
final_path=/var/www/$app
ynh_app_setting_set $app final_path $final_path
fi
db_user="$db_name"
db_pwd=$(ynh_app_setting_get "$app" mysqlpwd)
admin=$(ynh_app_setting_get "$app" admin)
admin_pwd=$(ynh_app_setting_get "$app" admin_pwd)
# Compatibility with previous version; password was not set
if [ -z "$admin_pwd" ] ; then
# Generate a new password
admin_pwd=$(ynh_string_random 24)
# Compute password hash with the Piwigo function
cp ../conf/hash_password.php $final_path
hashed_password=$(cd $final_path ; php hash_password.php $admin_pwd)
# Update password hash in database
ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "UPDATE users SET password='$hashed_password' WHERE username='$admin';"
db_pwd=$(ynh_app_setting_get $app mysqlpwd)
ynh_mysql_connect_as $db_name $db_pwd $db_name <<< "UPDATE users SET password='$hashed_password' WHERE username='$admin';"
ynh_app_setting_set $app admin_pwd "$admin_pwd"
# Remove the temporary hash generation script
ynh_secure_remove "$final_path/hash_password.php"
fi
language=$(ynh_app_setting_get "$app" language)
if [ "$language" = "fr" ] ; then
applanguage="fr_FR"
else
applanguage="en_UK"
fi
is_public=$(ynh_app_setting_get "$app" is_public)
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
# Use prior backup and restore on error only if backup feature
# exists on installed instance
if [ -f "/etc/yunohost/apps/$app/scripts/backup" ] ; then
# Notify the backup process that it should not save the data directory
ynh_app_setting_set $app backup_core_only 1
ynh_backup_before_upgrade # Backup the current version of the app
ynh_clean_setup () {
ynh_restore_upgradebackup
}
ynh_abort_if_errors # Stop script if an error is detected
# Use path instead of path_url in settings.yml...
if [ -z "$path_url" ]
then
path_url=$(ynh_app_setting_get $app path_url)
ynh_app_setting_set $app path $path_url
ynh_app_setting_delete $app path_url
fi
#=================================================
# INSTALL DEPENDENCIES
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_print_info "Backing up the app before upgrading (may take a while)..."
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
# restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# CHECK THE PATH
#=================================================
ynh_install_app_dependencies "$pkg_dependencies"
# Normalize the URL path syntax
path_url=$(ynh_normalize_url_path $path_url)
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_print_info "Upgrading source files..."
# Create tmp directory and fetch app inside
tmpdir=$(ynh_mkdir_tmp)
tmpdir="$(ynh_smart_mktemp --min_size=300)"
ynh_setup_source "$tmpdir"
# Fetch needed plugins
mkdir -p $tmpdir/plugins/Ldap_Login
ynh_setup_source "$tmpdir/plugins/Ldap_Login" ldap_plugin
ynh_setup_source "$tmpdir/plugins" log_failed_logins_plugin
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_print_info "Upgrading nginx web server configuration..."
# Create a dedicated nginx config
ynh_add_nginx_config
#=================================================
# UPGRADE DEPENDENCIES
#=================================================
ynh_print_info "Upgrading dependencies..."
ynh_install_app_dependencies "$pkg_dependencies"
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_print_info "Making sure dedicated system user exists..."
ynh_system_user_create $app # Create dedicated user if not existing
# Create a dedicated user (if not existing)
ynh_system_user_create $app
#=================================================
# SPECIFIC SETUP
# PHP-FPM CONFIGURATION
#=================================================
ynh_print_info "Upgrading php-fpm configuration..."
# Create a dedicated php-fpm config
ynh_add_fpm_config
#=================================================
# SPECIFIC UPGRADE
#=================================================
# COPY FILES TO $FINAL_PATH
#=================================================
# We store photos (potentially large data) on /home/yunohost.app
# sets extended pattern matching options in the bash shell
shopt -s extglob
datapath=/home/yunohost.app/$app
# Install files and set permissions
cp -a $tmpdir/!(upload|_data|galleries) $final_path
# Backward compatibility:
# If the _data subdirectory wasn't already moved to /home/yunohost.app/$app,
# then move it there
@ -152,68 +170,103 @@ chown -R $app: $final_path
chown -R $app: $datapath
chmod 755 -R $final_path/_data
#=================================================
# NGINX AND PHP-FPM CONFIGURATION
#=================================================
ynh_secure_remove "$tmpdir"
ynh_add_nginx_config
ynh_store_file_checksum "/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# UPGRADE APPLICATION WITH CURL
#=================================================
ynh_print_info "Upgrading piwigo with Curl..."
# Copy and set php-fpm configuration
ynh_add_fpm_config
ynh_app_setting_set $app unprotected_uris "/"
# Reload SSOwat config
yunohost app ssowatconf
# Reload Nginx
systemctl reload nginx
if [ "$language" = "fr" ] ; then
applanguage="fr_FR"
else
applanguage="en_UK"
fi
# Upgrade piwigo via curl
ynh_local_curl "/upgrade.php?language=$applanguage&now=true" "language=$applanguage" "username=$admin" "password=$admin_pwd"
#=================================================
# CONFIGURE PIWIGO
#=================================================
ynh_app_setting_set "$app" unprotected_uris "/"
yunohost app ssowatconf
# Configure piwigo via curl
ynh_local_curl "/upgrade.php?language=$applanguage&now=true" "language=$applanguage" "username=$admin" "password=$admin_pwd"
ynh_print_info "Configuring piwigo..."
# Make a backup of the original config file if modified
ynh_backup_if_checksum_is_different "$final_path/local/config/config.inc.php"
# Change local config
cp ../conf/config.inc.php $final_path/local/config/
# Calculate and store the config file checksum
ynh_store_file_checksum "$final_path/local/config/config.inc.php"
# Make a backup of the original database config file if modified
ynh_backup_if_checksum_is_different "$final_path/local/config/database.inc.php"
# Setup database in local/config/database.inc.php
ynh_replace_string "DBTOCHANGE" "$db_name" ../conf/database.inc.php
ynh_replace_string "USERTOCHANGE" "$db_user" ../conf/database.inc.php
ynh_replace_string "PASSTOCHANGE" "$db_pwd" ../conf/database.inc.php
ynh_replace_string "__DBTOCHANGE__" "$db_name" ../conf/database.inc.php
ynh_replace_string "__USERTOCHANGE__" "$db_name" ../conf/database.inc.php
db_pwd=$(ynh_app_setting_get $app mysqlpwd)
ynh_replace_string "__PASSTOCHANGE__" "$db_pwd" ../conf/database.inc.php
cp ../conf/database.inc.php $final_path/local/config/database.inc.php
# Calculate and store the database config file checksum
ynh_store_file_checksum "$final_path/local/config/database.inc.php"
#=================================================
# ADD LDAP & FAIL2BAN PLUGINS
# ADD LDAP PLUGINS
#=================================================
ynh_print_info "Configuring LDAP plugin..."
# Configure and activate LDAP plugin
ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "UPDATE plugins SET state='active' WHERE id='Ldap_Login';"
ynh_mysql_connect_as $db_name $db_pwd $db_name <<< "UPDATE plugins SET state='active' WHERE id='Ldap_Login';"
cp ../conf/data.dat $final_path/plugins/Ldap_Login
#=================================================
# UPGRADE FAIL2BAN
#=================================================
ynh_print_info "Upgrading fail2ban..."
# Configure and activate log_failed_logins plugin
ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "INSERT INTO plugins (id,state,version) VALUES ('log_failed_logins','active','1.2');" 2>&1 > /dev/null ||ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "UPDATE plugins SET state='active' WHERE id='log_failed_logins';"
ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "INSERT INTO config (param, value) VALUES ('logFailedLoginsFilename','/var/log/${app}FailedLogins.log');" 2>&1 > /dev/null || ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "UPDATE config SET value='/var/log/${app}FailedLogins.log' WHERE param='logFailedLoginsFilename';"
ynh_mysql_connect_as $db_name $db_pwd $db_name <<< "INSERT INTO plugins (id,state,version) VALUES ('log_failed_logins','active','1.2');" 2>&1 > /dev/null ||ynh_mysql_connect_as $db_name $db_pwd $db_name <<< "UPDATE plugins SET state='active' WHERE id='log_failed_logins';"
ynh_mysql_connect_as $db_name $db_pwd $db_name <<< "INSERT INTO config (param, value) VALUES ('logFailedLoginsFilename','/var/log/${app}FailedLogins.log');" 2>&1 > /dev/null || ynh_mysql_connect_as $db_name $db_pwd $db_name <<< "UPDATE config SET value='/var/log/${app}FailedLogins.log' WHERE param='logFailedLoginsFilename';"
touch "/var/log/${app}FailedLogins.log"
chown $app: "/var/log/${app}FailedLogins.log"
# Set-up fail2ban
ynh_add_fail2ban_config "/var/log/${app}FailedLogins.log" "ip=<HOST>" 6
ynh_add_fail2ban_config --logpath="/var/log/${app}FailedLogins.log" --failregex="ip=<HOST>" --max_retry=6
#=================================================
# GENERIC FINALIZATION
#=================================================
# SETUP SSOWAT
#=================================================
ynh_print_info "Upgrading SSOwat configuration..."
# Protect URIs if private
if [ $is_public -eq 0 ];
if [ $is_public -eq 0 ]
then
ynh_app_setting_delete "$app" unprotected_uris
ynh_app_setting_set "$app" protected_uris "/"
ynh_app_setting_delete $app unprotected_uris
ynh_app_setting_set $app protected_uris "/"
fi
#=================================================
# RELOAD NGINX
#=================================================
systemctl reload nginx
ynh_print_info "Reloading nginx web server..."
systemctl reload nginx
#=================================================
# END OF SCRIPT
#=================================================
ynh_print_info "Upgrade of $app completed"