From 3e51013a9970e090e1d5138f9a8fed29c4ea8722 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Sun, 17 Feb 2019 19:28:37 +0100 Subject: [PATCH 1/5] Normalization from example_ynh --- README.md | 50 +++++-- check_process | 2 +- conf/app.src | 3 + conf/database.inc.php | 6 +- conf/ldap_plugin.src | 3 +- conf/log_failed_logins_plugin.src | 3 +- conf/nginx.conf | 12 +- manifest.json | 3 +- scripts/_common.sh | 35 +++++ scripts/backup | 56 ++++---- scripts/change_url | 33 +++-- scripts/install | 145 ++++++++++++-------- scripts/remove | 34 +++-- scripts/restore | 65 +++++---- scripts/upgrade | 220 +++++++++++++++++------------- 15 files changed, 423 insertions(+), 247 deletions(-) diff --git a/README.md b/README.md index c98ad3a..9380609 100644 --- a/README.md +++ b/README.md @@ -1,19 +1,35 @@ -Piwigo for YunoHost ---------------------- +# Piwigo for YunoHost +[![Integration level](https://dash.yunohost.org/integration/piwigo.svg)](https://dash.yunohost.org/appci/app/piwigo) [![Install Piwigo with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=piwigo) -[![Integration level](https://dash.yunohost.org/integration/piwigo.svg)](https://ci-apps.yunohost.org/jenkins/job/piwigo%20%28Community%29/lastBuild/consoleFull) +> *This package allow you to install Piwigo quickly and simply on a YunoHost server. +If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.* -[Piwigo](http://piwigo.org) is a photo gallery software for the web, built by an active community of users and developers. +## Overview +[Piwigo](http://piwigo.org) is a photo gallery software for the web, built by an active community of users and developers Extensions make Piwigo easily customizable. Icing on the cake, Piwigo is free and opensource. **Shipped version:** 2.9.4 +## Screenshots + ![](http://piwigo.org/screenshots/homepage/piwigo-batch-manager.png) -## Features +## Demo + +* [YunoHost demo](https://demo.yunohost.org/piwigo/) +* [Official demo](http://piwigo.org/demo/) + +## Configuration + +## Documentation + + * Official documentation: https://piwigo.org/doc/doku.php + * YunoHost documentation: https://yunohost.org/#/app_piwigo + +## YunoHost specific features In addition to Piwigo core features, the following are made available with this package: @@ -25,14 +41,32 @@ this package: * allow other users management, and guest mode * Allow one YunoHost user to be the administrator (set at the installation) +#### Supported architectures + +* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/piwigo%20%28Official%29.svg)](https://ci-apps.yunohost.org/ci/apps/piwigo/) +* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/piwigo%20%28Official%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/piwigo/) +* Jessie x86-64b - [![Build Status](https://ci-stretch.nohost.me/ci/logs/piwigo%20%28Official%29.svg)](https://ci-stretch.nohost.me/ci/apps/piwigo/) + ## Limitations -No limitation known. - -It has been tested on x86_64 and ARM. +## Additionnal informations ## Links * Report a bug: https://github.com/YunoHost-Apps/piwigo_ynh/issues * Piwigo website: http://piwigo.org/ * YunoHost website: https://yunohost.org/ + +--- + +Developers infos +---------------- + +Please do your pull request to the [testing branch](https://github.com/YunoHost-Apps/piwigo_ynh/tree/testing). + +To try the testing branch, please proceed like that. +``` +sudo yunohost app install https://github.com/YunoHost-Apps/piwigo_ynh/tree/testing --debug +or +sudo yunohost app upgrade piwigo -u https://github.com/YunoHost-Apps/piwigo_ynh/tree/testing --debug +``` diff --git a/check_process b/check_process index 3e14e66..c40bce7 100644 --- a/check_process +++ b/check_process @@ -3,7 +3,7 @@ domain="domain.tld" (DOMAIN) path="/path" (PATH) admin="john" (USER) - language="fr" + language="fr" is_public=1 (PUBLIC|public=1|private=0) ; Checks pkg_linter=1 diff --git a/conf/app.src b/conf/app.src index bf52705..97529b6 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,3 +1,6 @@ SOURCE_URL=http://piwigo.org/download/dlcounter.php?code=2.9.4 SOURCE_SUM=00fafe6887af62e34ee97dc9b8e4be0720af9f27ea1cdb16ab6217f462574a3c +SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=zip +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= diff --git a/conf/database.inc.php b/conf/database.inc.php index c7db0ee..fe6160c 100644 --- a/conf/database.inc.php +++ b/conf/database.inc.php @@ -1,8 +1,8 @@ &2 - # Remove the option so that next regular backup will be complete - ynh_app_setting_delete $app backup_core_only -fi - #================================================= -# BACKUP FAIL2BAN CONFIGURATION -#================================================= -ynh_backup "/etc/fail2ban/jail.d/$app.conf" -ynh_backup "/etc/fail2ban/filter.d/$app.conf" - -#================================================= -# BACKUP NGINX CONFIGURATION +# BACKUP THE NGINX CONFIGURATION #================================================= ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= -# BACKUP PHP-FPM CONFIGURATION +# BACKUP THE PHP-FPM CONFIGURATION #================================================= -ynh_backup "/etc/php5/fpm/pool.d/$app.conf" #================================================= -# BACKUP MYSQL DB +# BACKUP THE MYSQL DATABASE #================================================= ynh_mysql_dump_db "$db_name" > db.sql + +#================================================= +# BACKUP FAIL2BAN CONFIGURATION +#================================================= + +ynh_backup "/etc/php5/fpm/pool.d/$app.conf" +ynh_backup "/etc/fail2ban/jail.d/$app.conf" +ynh_backup "/etc/fail2ban/filter.d/$app.conf" + +#================================================= +# SPECIFIC BACKUP +#================================================= +# BACKUP THE DATA DIRECTORY +#================================================= + +# The 1 parameter indicates the directory is "big", +# so that it won't be backed up before upgrade +# This argument has to be the third one. +ynh_backup "/home/yunohost.app/${app}/upload" "/home/yunohost.app/${app}/upload" 1 + diff --git a/scripts/change_url b/scripts/change_url index 5ca358b..07c17fc 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -21,6 +21,13 @@ new_path=$YNH_APP_NEW_PATH app=$YNH_APP_INSTANCE_NAME +#================================================= +# LOAD SETTINGS +#================================================= + +# Needed for helper "ynh_add_nginx_config" +final_path=$(ynh_app_setting_get $app final_path) + #================================================= # CHECK PATHS SYNTAX #================================================= @@ -57,24 +64,23 @@ nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf # Change the path in the nginx config file if [ $change_path -eq 1 ] then - # Make a backup of the original nginx config file if modified - ynh_backup_if_checksum_is_different "$nginx_conf_path" - # Replace locations starting with old_path - # Look for every location possible patterns (see https://nginx.org/en/docs/http/ngx_http_core_module.html#location) - ynh_replace_string "location\( \(=\|~\|~\*\|\^~\)\)\? $old_path" "location\1 $new_path" "$nginx_conf_path" - # Replace path in "return" directives - ynh_replace_string "return \([[:digit:]]\{3\}\) $old_path" "return \1 $new_path" "$nginx_conf_path" - # Calculate and store the nginx config file checksum - ynh_store_file_checksum "$nginx_conf_path" + # Make a backup of the original nginx config file if modified + ynh_backup_if_checksum_is_different "$nginx_conf_path" + # Set global variables for nginx helper + domain="$old_domain" + path_url="$new_path" + # Create a dedicated nginx config + ynh_add_nginx_config fi # Change the domain for nginx if [ $change_domain -eq 1 ] then - ynh_delete_file_checksum "$nginx_conf_path" - mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf - # Store file checksum for the new config file location - ynh_store_file_checksum "/etc/nginx/conf.d/$new_domain.d/$app.conf" + # Delete file checksum for the old conf file location + ynh_delete_file_checksum "$nginx_conf_path" + mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf + # Store file checksum for the new config file location + ynh_store_file_checksum "/etc/nginx/conf.d/$new_domain.d/$app.conf" fi #================================================= @@ -84,3 +90,4 @@ fi #================================================= systemctl reload nginx + diff --git a/scripts/install b/scripts/install index 9cb15be..4967119 100644 --- a/scripts/install +++ b/scripts/install @@ -1,5 +1,4 @@ #!/bin/bash -shopt -s extglob # sets extended pattern matching options in the bash shell #================================================= # GENERIC STARTING @@ -14,39 +13,31 @@ source /usr/share/yunohost/helpers # MANAGE SCRIPT FAILURE #================================================= -ynh_abort_if_errors # Stop script if an error is detected +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= -# Retrieve app id -app=$YNH_APP_INSTANCE_NAME - -# Retrieve arguments domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH admin=$YNH_APP_ARG_ADMIN is_public=$YNH_APP_ARG_IS_PUBLIC language=$YNH_APP_ARG_LANGUAGE -if [ "$language" = "fr" ] ; then - applanguage="fr_FR" -else - applanguage="en_UK" -fi +app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= -path_url=$(ynh_normalize_url_path $path_url) # Check and normalize path - final_path=/var/www/$app test ! -e "$final_path" || ynh_die "This path already contains a folder" -# Check web path availability -ynh_webpath_available $domain $path_url +# Normalize the url path syntax +path_url=$(ynh_normalize_url_path $path_url) + # Register (book) web path ynh_webpath_register $app $domain $path_url @@ -54,11 +45,11 @@ ynh_webpath_register $app $domain $path_url # STORE SETTINGS FROM MANIFEST #================================================= -ynh_app_setting_set $app domain "$domain" -ynh_app_setting_set $app path_url "$path_url" -ynh_app_setting_set $app admin "$admin" -ynh_app_setting_set $app is_public "$is_public" -ynh_app_setting_set $app language "$language" +ynh_app_setting_set $app domain $domain +ynh_app_setting_set $app path $path_url +ynh_app_setting_set $app admin $admin +ynh_app_setting_set $app is_public $is_public +ynh_app_setting_set $app language $language #================================================= # STANDARD MODIFICATIONS @@ -73,20 +64,19 @@ ynh_install_app_dependencies "$pkg_dependencies" #================================================= db_name=$(ynh_sanitize_dbid $app) -db_user="$db_name" -ynh_app_setting_set "$app" db_name "$db_name" - -# Initialize database -ynh_mysql_setup_db "$db_user" "$db_name" +ynh_app_setting_set $app db_name $db_name +ynh_mysql_setup_db $db_name $db_name #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_app_setting_set $app final_path "$final_path" +ynh_app_setting_set $app final_path $final_path + # Create tmp directory and fetch app inside -tmpdir=$(mktemp -d) +tmpdir="$(ynh_smart_mktemp --min_size=300)" ynh_setup_source "$tmpdir" + # Fetch needed plugins mkdir -p $tmpdir/plugins/Ldap_Login ynh_setup_source "$tmpdir/plugins/Ldap_Login" ldap_plugin @@ -96,11 +86,24 @@ ynh_setup_source "$tmpdir/plugins" log_failed_logins_plugin # CREATE DEDICATED USER #================================================= -ynh_system_user_create $app # Create a dedicated system user +# Create a system user +ynh_system_user_create $app + +#================================================= +# NGINX CONFIGURATION +#================================================= + +# Create a dedicated nginx config +ynh_add_nginx_config #================================================= # SPECIFIC SETUP #================================================= +# COPY FILES TO $FINAL_PATH +#================================================= + +# sets extended pattern matching options in the bash shell +shopt -s extglob # Install files and set permissions mkdir $final_path @@ -123,69 +126,99 @@ chown -R $app: $final_path chown -R $app: $datapath chmod 755 -R $final_path/_data +ynh_secure_remove "$tmpdir" + #================================================= -# NGINX AND PHP-FPM CONFIGURATION +# PHP-FPM CONFIGURATION #================================================= -ynh_add_nginx_config - -# Copy and set php-fpm configuration +# Create a dedicated php-fpm config ynh_add_fpm_config +#================================================= +# SETUP APPLICATION WITH CURL +#================================================= + +ynh_app_setting_set $app unprotected_uris "/" +# Reload SSOwat config +yunohost app ssowatconf + +# Reload Nginx +systemctl reload nginx + +# Generate random password for admin +adm_pwd=$(ynh_string_random 24) +ynh_app_setting_set $app admin_pwd "$adm_pwd" + +if [ "$language" = "fr" ] ; then + applanguage="fr_FR" +else + applanguage="en_UK" +fi + +# Configure piwigo via curl +mail="$(ynh_user_get_info $admin mail)" + +# Installation with curl +ynh_local_curl "/install.php?language=$applanguage" "install=true" "dbuser=$db_name" "dbpasswd=$db_pwd" "dbname=$db_name" "admin_name=$admin" "admin_pass1=$adm_pwd" "admin_pass2=$adm_pwd" "admin_mail=$mail" + #================================================= # CONFIGURE PIWIGO #================================================= -ynh_app_setting_set "$app" unprotected_uris "/" -yunohost app ssowatconf - -# Generate random password for admin - -adm_pwd=$(ynh_string_random 24) -ynh_app_setting_set $app admin_pwd "$adm_pwd" - -# Configure piwigo via curl -mail="$(ynh_user_get_info $admin mail)" -ynh_local_curl "/install.php?language=$applanguage" "install=true" "dbuser=$db_user" "dbpasswd=$db_pwd" "dbname=$db_name" "admin_name=$admin" "admin_pass1=$adm_pwd" "admin_pass2=$adm_pwd" "admin_mail=$mail" - # Change local config cp ../conf/config.inc.php $final_path/local/config/ + # Calculate and store the config file checksum ynh_store_file_checksum "$final_path/local/config/config.inc.php" # Setup database in local/config/database.inc.php -ynh_replace_string "DBTOCHANGE" "$db_name" ../conf/database.inc.php -ynh_replace_string "USERTOCHANGE" "$db_user" ../conf/database.inc.php -ynh_replace_string "PASSTOCHANGE" "$db_pwd" ../conf/database.inc.php +ynh_replace_string "__DBTOCHANGE__" "$db_name" ../conf/database.inc.php +ynh_replace_string "__USERTOCHANGE__" "$db_name" ../conf/database.inc.php +ynh_replace_string "__PASSTOCHANGE__" "$db_pwd" ../conf/database.inc.php + cp ../conf/database.inc.php $final_path/local/config/database.inc.php + # Calculate and store the database config file checksum ynh_store_file_checksum "$final_path/local/config/database.inc.php" #================================================= -# ADD LDAP & FAIL2BAN PLUGINS +# ADD LDAP PLUGINS #================================================= # Configure and activate LDAP plugin -ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "INSERT INTO plugins (id,state,version) VALUES ('Ldap_Login','active','1.1');" +ynh_mysql_connect_as $db_name $db_pwd $db_name <<< "INSERT INTO plugins (id,state,version) VALUES ('Ldap_Login','active','1.1');" cp ../conf/data.dat $final_path/plugins/Ldap_Login +#================================================= +# CONFIGURE FAIL2BAN +#================================================= + # Configure and activate log_failed_logins plugin -ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "INSERT INTO plugins (id,state,version) VALUES ('log_failed_logins','active','1.2');" -ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "INSERT INTO config (param, value) VALUES ('logFailedLoginsFilename','/var/log/${app}FailedLogins.log');" +ynh_mysql_connect_as $db_name $db_pwd $db_name <<< "INSERT INTO plugins (id,state,version) VALUES ('log_failed_logins','active','1.2');" +ynh_mysql_connect_as $db_name $db_pwd $db_name <<< "INSERT INTO config (param, value) VALUES ('logFailedLoginsFilename','/var/log/${app}FailedLogins.log');" + touch "/var/log/${app}FailedLogins.log" chown $app: "/var/log/${app}FailedLogins.log" -# Set-up fail2ban -ynh_add_fail2ban_config "/var/log/${app}FailedLogins.log" "ip=" 6 +ynh_add_fail2ban_config --logpath="/var/log/${app}FailedLogins.log" --failregex="ip=" --max_retry=6 + +#================================================= +# GENERIC FINALIZATION +#================================================= +# SETUP SSOWAT +#================================================= # Protect URIs if private -if [ $is_public -eq 0 ]; +if [ $is_public -eq 0 ] then - ynh_app_setting_delete "$app" unprotected_uris - ynh_app_setting_set "$app" protected_uris "/" + ynh_app_setting_delete $app unprotected_uris + ynh_app_setting_set $app protected_uris "/" fi #================================================= # RELOAD NGINX #================================================= + systemctl reload nginx + diff --git a/scripts/remove b/scripts/remove index 6106ac3..ce8a17a 100644 --- a/scripts/remove +++ b/scripts/remove @@ -17,6 +17,7 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get $app domain) db_name=$(ynh_app_setting_get $app db_name) +final_path=$(ynh_app_setting_get $app final_path) #================================================= # STANDARD REMOVE @@ -28,16 +29,32 @@ db_name=$(ynh_app_setting_get $app db_name) ynh_remove_app_dependencies #================================================= -# REMOVE THE MYSQL DB +# REMOVE THE MYSQL DATABASE #================================================= -ynh_mysql_remove_db "$app" "$db_name" +# Remove a database if it exists, along with the associated user +ynh_mysql_remove_db $db_name $db_name #================================================= # REMOVE APP MAIN DIR #================================================= -ynh_secure_remove "/var/www/$app" +# Remove the app directory securely +ynh_secure_remove "$final_path" + +#================================================= +# REMOVE NGINX CONFIGURATION +#================================================= + +# Remove the dedicated nginx config +ynh_remove_nginx_config + +#================================================= +# REMOVE PHP-FPM CONFIGURATION +#================================================= + +# Remove the dedicated php-fpm config +ynh_remove_fpm_config #================================================= # REMOVE FAIL2BAN CONFIGURATION @@ -46,14 +63,11 @@ ynh_secure_remove "/var/www/$app" ynh_remove_fail2ban_config #================================================= -# REMOVE NGINX AND PHP-FPM CONFIGURATION -#================================================= - -ynh_remove_fpm_config -ynh_remove_nginx_config - +# GENERIC FINALIZATION #================================================= # REMOVE DEDICATED USER #================================================= -ynh_system_user_delete $app \ No newline at end of file +# Delete a system user +ynh_system_user_delete $app + diff --git a/scripts/restore b/scripts/restore index 7b7bdd5..c69de96 100644 --- a/scripts/restore +++ b/scripts/restore @@ -1,15 +1,12 @@ #!/bin/bash +#================================================= +# GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= -if [ ! -e _common.sh ]; then - # Fetch helpers file if not in current directory - cp ../settings/scripts/_common.sh ./_common.sh - chmod a+rx _common.sh -fi -source _common.sh +source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers #================================================= @@ -41,53 +38,42 @@ test ! -d $final_path \ || ynh_die "There is already a directory: $final_path " #================================================= -# STANDARD RESTORE STEPS +# STANDARD RESTORATION STEPS #================================================= -# RESTORE NGINX CONFIGURATION +# RESTORE THE NGINX CONFIGURATION #================================================= ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= -# RESTORE APP MAIN DIR +# RESTORE THE APP MAIN DIR #================================================= ynh_restore_file "$final_path" -# Restore data directory if backed-up -if [ -d "$YNH_BACKUP_DIR/apps/${app}/backup/home/yunohost.app/${app}/upload" ] ; then - ynh_restore_file "/home/yunohost.app/${app}/upload" -else - # Create app data folder - mkdir /home/yunohost.app/${app}/upload -fi -# Create temporary data folder -mkdir -p /home/yunohost.app/${app}/_data -# Remove the option backup_core_only if it's in the settings.yml file -ynh_app_setting_delete $app backup_core_only #================================================= -# RESTORE MYSQL DB +# RESTORE THE MYSQL DATABASE #================================================= db_pwd=$(ynh_app_setting_get $app mysqlpwd) -ynh_mysql_create_db $db_name $db_name $db_pwd +ynh_mysql_setup_db $db_name $db_name $db_pwd ynh_mysql_connect_as $db_name $db_pwd $db_name < ./db.sql #================================================= -# RECREATE OF THE DEDICATED USER +# RECREATE THE DEDICATED USER #================================================= -ynh_system_user_create $app # Recreate the dedicated user, if not existing +# Create the dedicated user (if not existing) +ynh_system_user_create $app #================================================= -# RESTORE USER RIGHTS +# RESTORE THE PHP-FPM CONFIGURATION #================================================= -chown -R $app: $final_path -chown -R $app: /home/yunohost.app/${app} +ynh_restore_file "/etc/php/7.0/fpm/pool.d/$app.conf" #================================================= -# RESTORE FAIL2BAN CONFIGURATION +# RESTORE THE FAIL2BAN CONFIGURATION #================================================= ynh_restore_file "/etc/fail2ban/jail.d/$app.conf" ynh_restore_file "/etc/fail2ban/filter.d/$app.conf" @@ -98,10 +84,30 @@ chown $app: "/var/log/${app}FailedLogins.log" systemctl restart fail2ban #================================================= -# RESTORE PHP-FPM CONFIGURATION +# SPECIFIC RESTORATION +#================================================= +# RESTORE THE DATA DIRECTORY +#================================================= + +# The data directory will be restored only if it exists in the backup archive +# So only if it was backup previously. +if [ -d "$YNH_BACKUP_DIR/apps/$app/backup/home/yunohost.app/${app}/upload" ] +then + ynh_restore_file "/home/yunohost.app/${app}/upload" +else + # Create app folders + mkdir -p "/home/yunohost.app/${app}/upload" +fi +# Create temporary data folder +mkdir -p /home/yunohost.app/${app}/_data + +#================================================= +# RESTORE USER RIGHTS #================================================= ynh_restore_file /etc/php5/fpm/pool.d/$app.conf +chown -R $app: $final_path +chown -R $app: /home/yunohost.app/${app} #================================================= # GENERIC FINALIZATION @@ -111,3 +117,4 @@ ynh_restore_file /etc/php5/fpm/pool.d/$app.conf systemctl reload php5-fpm systemctl reload nginx + diff --git a/scripts/upgrade b/scripts/upgrade index 518363c..bd6dd5d 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,8 +1,5 @@ #!/bin/bash -shopt -s extglob # sets extended pattern matching options in the bash shell -# Exit on command errors and treat unset variables as an error -set -eu #================================================= # GENERIC STARTING #================================================= @@ -15,123 +12,137 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= -# Set app specific variables + app=$YNH_APP_INSTANCE_NAME -# Check destination directory -destdir="/var/www/$app" -[[ ! -d $destdir ]] && ynh_die \ -"The destination directory '$destdir' does not exist.\ - The app is not correctly installed, you should remove it first." +domain=$(ynh_app_setting_get $app domain) +path_url=$(ynh_app_setting_get $app path) +admin=$(ynh_app_setting_get $app admin) +is_public=$(ynh_app_setting_get $app is_public) +final_path=$(ynh_app_setting_get $app final_path) +language=$(ynh_app_setting_get $app language) +db_name=$(ynh_app_setting_get $app db_name) +admin_pwd=$(ynh_app_setting_get $app admin_pwd) -# Retrieve arguments -domain=$(ynh_app_setting_get "$app" domain) +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= -path_url=$(ynh_app_setting_get "$app" path_url) -# Compatibility with previous version -if [ -z "$path_url" ] ; then - path_url=$(ynh_app_setting_get "$app" path) - ynh_app_setting_set $app path_url "$path_url" -fi -path_url=$(ynh_normalize_url_path $path_url) - -final_path=$(ynh_app_setting_get "$app" final_path) -# Compatibility with previous version -if [ -z "$final_path" ] ; then - final_path="/var/www/$app" - ynh_app_setting_set $app final_path "$final_path" +# If db_name doesn't exist, create it +if [ -z $db_name ]; then + db_name=$(ynh_sanitize_dbid $app) + ynh_app_setting_set $app db_name $db_name fi -db_name=$(ynh_app_setting_get "$app" db_name) -# Compatibility with previous version -if [ -z "$db_name" ] ; then - db_name=$app - ynh_app_setting_set "$app" db_name "$db_name" +# If final_path doesn't exist, create it +if [ -z $final_path ]; then + final_path=/var/www/$app + ynh_app_setting_set $app final_path $final_path fi -db_user="$db_name" -db_pwd=$(ynh_app_setting_get "$app" mysqlpwd) -admin=$(ynh_app_setting_get "$app" admin) - -admin_pwd=$(ynh_app_setting_get "$app" admin_pwd) # Compatibility with previous version; password was not set if [ -z "$admin_pwd" ] ; then # Generate a new password admin_pwd=$(ynh_string_random 24) - + # Compute password hash with the Piwigo function cp ../conf/hash_password.php $final_path hashed_password=$(cd $final_path ; php hash_password.php $admin_pwd) - + # Update password hash in database - ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "UPDATE users SET password='$hashed_password' WHERE username='$admin';" + db_pwd=$(ynh_app_setting_get $app mysqlpwd) + ynh_mysql_connect_as $db_name $db_pwd $db_name <<< "UPDATE users SET password='$hashed_password' WHERE username='$admin';" ynh_app_setting_set $app admin_pwd "$admin_pwd" - + # Remove the temporary hash generation script ynh_secure_remove "$final_path/hash_password.php" fi -language=$(ynh_app_setting_get "$app" language) -if [ "$language" = "fr" ] ; then - applanguage="fr_FR" -else - applanguage="en_UK" -fi - -is_public=$(ynh_app_setting_get "$app" is_public) - -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -# Use prior backup and restore on error only if backup feature -# exists on installed instance -if [ -f "/etc/yunohost/apps/$app/scripts/backup" ] ; then - # Notify the backup process that it should not save the data directory - ynh_app_setting_set $app backup_core_only 1 - - ynh_backup_before_upgrade # Backup the current version of the app - ynh_clean_setup () { - ynh_restore_upgradebackup - } - ynh_abort_if_errors # Stop script if an error is detected +# Use path instead of path_url in settings.yml... +if [ -z "$path_url" ] +then + path_url=$(ynh_app_setting_get $app path_url) + ynh_app_setting_set $app path $path_url + ynh_app_setting_delete $app path_url fi #================================================= -# INSTALL DEPENDENCIES +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= -ynh_install_app_dependencies "$pkg_dependencies" +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors +#================================================= +# CHECK THE PATH +#================================================= + +# Normalize the URL path syntax +path_url=$(ynh_normalize_url_path $path_url) + +#================================================= +# STANDARD UPGRADE STEPS #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= # Create tmp directory and fetch app inside tmpdir=$(ynh_mkdir_tmp) +tmpdir="$(ynh_smart_mktemp --min_size=300)" ynh_setup_source "$tmpdir" + # Fetch needed plugins mkdir -p $tmpdir/plugins/Ldap_Login ynh_setup_source "$tmpdir/plugins/Ldap_Login" ldap_plugin ynh_setup_source "$tmpdir/plugins" log_failed_logins_plugin +#================================================= +# NGINX CONFIGURATION +#================================================= + +# Create a dedicated nginx config +ynh_add_nginx_config + +#================================================= +# UPGRADE DEPENDENCIES +#================================================= + +ynh_install_app_dependencies "$pkg_dependencies" + #================================================= # CREATE DEDICATED USER #================================================= -ynh_system_user_create $app # Create dedicated user if not existing +# Create a dedicated user (if not existing) +ynh_system_user_create $app #================================================= -# SPECIFIC SETUP +# PHP-FPM CONFIGURATION #================================================= -# We store photos (potentially large data) on /home/yunohost.app +# Create a dedicated php-fpm config +ynh_add_fpm_config + +#================================================= +# SPECIFIC UPGRADE +#================================================= +# COPY FILES TO $FINAL_PATH +#================================================= + +# sets extended pattern matching options in the bash shell +shopt -s extglob + datapath=/home/yunohost.app/$app # Install files and set permissions cp -a $tmpdir/!(upload|_data|galleries) $final_path - # Backward compatibility: # If the _data subdirectory wasn't already moved to /home/yunohost.app/$app, # then move it there @@ -152,68 +163,93 @@ chown -R $app: $final_path chown -R $app: $datapath chmod 755 -R $final_path/_data +ynh_secure_remove "$tmpdir" + #================================================= -# NGINX AND PHP-FPM CONFIGURATION +# UPGRADE APPLICATION WITH CURL #================================================= -ynh_add_nginx_config -ynh_store_file_checksum "/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_app_setting_set $app unprotected_uris "/" +# Reload SSOwat config +yunohost app ssowatconf -# Copy and set php-fpm configuration -ynh_add_fpm_config +# Reload Nginx +systemctl reload nginx + +if [ "$language" = "fr" ] ; then + applanguage="fr_FR" +else + applanguage="en_UK" +fi + +# Upgrade piwigo via curl +ynh_local_curl "/upgrade.php?language=$applanguage&now=true" "language=$applanguage" "username=$admin" "password=$admin_pwd" #================================================= # CONFIGURE PIWIGO #================================================= - -ynh_app_setting_set "$app" unprotected_uris "/" -yunohost app ssowatconf - -# Configure piwigo via curl -ynh_local_curl "/upgrade.php?language=$applanguage&now=true" "language=$applanguage" "username=$admin" "password=$admin_pwd" +ynh_print_info "Configuring piwigo..." # Make a backup of the original config file if modified ynh_backup_if_checksum_is_different "$final_path/local/config/config.inc.php" + # Change local config cp ../conf/config.inc.php $final_path/local/config/ + # Calculate and store the config file checksum ynh_store_file_checksum "$final_path/local/config/config.inc.php" # Make a backup of the original database config file if modified ynh_backup_if_checksum_is_different "$final_path/local/config/database.inc.php" + # Setup database in local/config/database.inc.php -ynh_replace_string "DBTOCHANGE" "$db_name" ../conf/database.inc.php -ynh_replace_string "USERTOCHANGE" "$db_user" ../conf/database.inc.php -ynh_replace_string "PASSTOCHANGE" "$db_pwd" ../conf/database.inc.php +ynh_replace_string "__DBTOCHANGE__" "$db_name" ../conf/database.inc.php +ynh_replace_string "__USERTOCHANGE__" "$db_name" ../conf/database.inc.php +db_pwd=$(ynh_app_setting_get $app mysqlpwd) +ynh_replace_string "__PASSTOCHANGE__" "$db_pwd" ../conf/database.inc.php + cp ../conf/database.inc.php $final_path/local/config/database.inc.php + # Calculate and store the database config file checksum ynh_store_file_checksum "$final_path/local/config/database.inc.php" #================================================= -# ADD LDAP & FAIL2BAN PLUGINS +# ADD LDAP PLUGINS #================================================= # Configure and activate LDAP plugin -ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "UPDATE plugins SET state='active' WHERE id='Ldap_Login';" +ynh_mysql_connect_as $db_name $db_pwd $db_name <<< "UPDATE plugins SET state='active' WHERE id='Ldap_Login';" cp ../conf/data.dat $final_path/plugins/Ldap_Login +#================================================= +# UPGRADE FAIL2BAN +#================================================= + # Configure and activate log_failed_logins plugin -ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "INSERT INTO plugins (id,state,version) VALUES ('log_failed_logins','active','1.2');" 2>&1 > /dev/null ||ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "UPDATE plugins SET state='active' WHERE id='log_failed_logins';" -ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "INSERT INTO config (param, value) VALUES ('logFailedLoginsFilename','/var/log/${app}FailedLogins.log');" 2>&1 > /dev/null || ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "UPDATE config SET value='/var/log/${app}FailedLogins.log' WHERE param='logFailedLoginsFilename';" +ynh_mysql_connect_as $db_name $db_pwd $db_name <<< "INSERT INTO plugins (id,state,version) VALUES ('log_failed_logins','active','1.2');" 2>&1 > /dev/null ||ynh_mysql_connect_as $db_name $db_pwd $db_name <<< "UPDATE plugins SET state='active' WHERE id='log_failed_logins';" +ynh_mysql_connect_as $db_name $db_pwd $db_name <<< "INSERT INTO config (param, value) VALUES ('logFailedLoginsFilename','/var/log/${app}FailedLogins.log');" 2>&1 > /dev/null || ynh_mysql_connect_as $db_name $db_pwd $db_name <<< "UPDATE config SET value='/var/log/${app}FailedLogins.log' WHERE param='logFailedLoginsFilename';" + touch "/var/log/${app}FailedLogins.log" chown $app: "/var/log/${app}FailedLogins.log" -# Set-up fail2ban -ynh_add_fail2ban_config "/var/log/${app}FailedLogins.log" "ip=" 6 +ynh_add_fail2ban_config --logpath="/var/log/${app}FailedLogins.log" --failregex="ip=" --max_retry=6 + +#================================================= +# GENERIC FINALIZATION +#================================================= +# SETUP SSOWAT +#================================================= # Protect URIs if private -if [ $is_public -eq 0 ]; +if [ $is_public -eq 0 ] then - ynh_app_setting_delete "$app" unprotected_uris - ynh_app_setting_set "$app" protected_uris "/" + ynh_app_setting_delete $app unprotected_uris + ynh_app_setting_set $app protected_uris "/" fi #================================================= # RELOAD NGINX #================================================= -systemctl reload nginx \ No newline at end of file + +systemctl reload nginx + From b459605ddb2c43e6b59ee09f2e40fb3224d3b4dd Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Sun, 17 Feb 2019 19:30:01 +0100 Subject: [PATCH 2/5] Use php7 --- conf/php-fpm.conf | 114 +++++++++++++++++++++++++++++++--------------- manifest.json | 4 +- scripts/backup | 2 +- scripts/restore | 4 +- scripts/upgrade | 1 - 5 files changed, 82 insertions(+), 43 deletions(-) diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index 0b8df22..948989e 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -1,10 +1,11 @@ ; Start a new pool named 'www'. -; the variable $pool can we used in any directive and will be replaced by the +; the variable $pool can be used in any directive and will be replaced by the ; pool name ('www' here) [__NAMETOCHANGE__] ; Per pool prefix ; It only applies on the following directives: +; - 'access.log' ; - 'slowlog' ; - 'listen' (unixsocket) ; - 'chroot' @@ -24,28 +25,35 @@ group = __USER__ ; The address on which to accept FastCGI requests. ; Valid syntaxes are: -; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on ; a specific port; -; 'port' - to listen on a TCP socket to all addresses on a -; specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; ; '/path/to/unix/socket' - to listen on a unix socket. ; Note: This value is mandatory. -listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock +listen = /var/run/php/php7.0-fpm-__NAMETOCHANGE__.sock ; Set listen(2) backlog. -; Default Value: 128 (-1 on FreeBSD and OpenBSD) -;listen.backlog = 128 +; Default Value: 511 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 511 ; Set permissions for unix socket, if one is used. In Linux, read/write ; permissions must be set in order to allow connections from a web server. Many -; BSD-derived systems allow connections regardless of permissions. +; BSD-derived systems allow connections regardless of permissions. ; Default Values: user and group are set as the running user ; mode is set to 0660 listen.owner = www-data listen.group = www-data ;listen.mode = 0660 - -; List of ipv4 addresses of FastCGI clients which are allowed to connect. +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = + +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original ; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address ; must be separated by a comma. If this value is left blank, connections will be @@ -59,7 +67,13 @@ listen.group = www-data ; - The pool processes will inherit the master process priority ; unless it specified otherwise ; Default Value: no set -; priority = -19 +; process.priority = -19 + +; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user +; or group is differrent than the master process user. It allows to create process +; core dump and ptrace the process for the pool user. +; Default Value: no +; process.dumpable = yes ; Choose how the process manager will control the number of child processes. ; Possible Values: @@ -96,7 +110,7 @@ pm = dynamic ; forget to tweak pm.* to fit your needs. ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' ; Note: This value is mandatory. -pm.max_children = 10 +pm.max_children = 5 ; The number of child processes created on startup. ; Note: Used only when pm is set to 'dynamic' @@ -117,12 +131,12 @@ pm.max_spare_servers = 3 ; Note: Used only when pm is set to 'ondemand' ; Default Value: 10s ;pm.process_idle_timeout = 10s; - + ; The number of requests each child process should execute before respawning. ; This can be useful to work around memory leaks in 3rd party libraries. For ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. ; Default Value: 0 -pm.max_requests = 500 +;pm.max_requests = 500 ; The URI to view the FPM status page. If this value is not set, no URI will be ; recognized as a status page. It shows the following informations: @@ -170,7 +184,7 @@ pm.max_requests = 500 ; ; By default the status page only outputs short status. Passing 'full' in the ; query string will also return status for each pool process. -; Example: +; Example: ; http://www.foo.bar/status?full ; http://www.foo.bar/status?json&full ; http://www.foo.bar/status?html&full @@ -215,14 +229,14 @@ pm.max_requests = 500 ; last request memory: 0 ; ; Note: There is a real-time FPM status monitoring sample web page available -; It's available in: ${prefix}/share/fpm/status.html +; It's available in: /usr/share/php/7.0/fpm/status.html ; ; Note: The value must start with a leading slash (/). The value can be ; anything, but it may not be a good idea to use the .php extension or it ; may conflict with a real PHP file. -; Default Value: not set +; Default Value: not set ;pm.status_path = /status - + ; The ping URI to call the monitoring page of FPM. If this value is not set, no ; URI will be recognized as a ping page. This could be used to test from outside ; that FPM is alive and responding, or to @@ -275,7 +289,7 @@ pm.max_requests = 500 ; - %{megabytes}M ; - %{mega}M ; %n: pool name -; %o: ouput header +; %o: output header ; it must be associated with embraces to specify the name of the header: ; - %{Content-Type}o ; - %{X-Powered-By}o @@ -283,7 +297,7 @@ pm.max_requests = 500 ; - .... ; %p: PID of the child that serviced the request ; %P: PID of the parent of the child that serviced the request -; %q: the query string +; %q: the query string ; %Q: the '?' character if query string exists ; %r: the request URI (without the query string, see %q and %Q) ; %R: remote IP address @@ -291,72 +305,85 @@ pm.max_requests = 500 ; %t: server time the request was received ; it can accept a strftime(3) format: ; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t ; %T: time the log has been written (the request has finished) ; it can accept a strftime(3) format: ; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t ; %u: remote user ; ; Default: "%R - %u %t \"%m %r\" %s" ;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" - + ; The log file for slow requests ; Default Value: not set ; Note: slowlog is mandatory if request_slowlog_timeout is set -slowlog = /var/log/nginx/{POOLNAME}.slow.log - +;slowlog = log/$pool.log.slow + ; The timeout for serving a single request after which a PHP backtrace will be ; dumped to the 'slowlog' file. A value of '0s' means 'off'. ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Default Value: 0 -request_slowlog_timeout = 5s - +;request_slowlog_timeout = 0 + ; The timeout for serving a single request after which the worker process will ; be killed. This option should be used when the 'max_execution_time' ini option ; does not stop script execution for some reason. A value of '0' means 'off'. ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Default Value: 0 request_terminate_timeout = 1d - + ; Set open file descriptor rlimit. ; Default Value: system defined value ;rlimit_files = 1024 - + ; Set max core size rlimit. ; Possible Values: 'unlimited' or an integer greater or equal to 0 ; Default Value: system defined value ;rlimit_core = 0 - + ; Chroot to this directory at the start. This value must be defined as an ; absolute path. When this value is not set, chroot is not used. ; Note: you can prefix with '$prefix' to chroot to the pool prefix or one ; of its subdirectories. If the pool prefix is not set, the global prefix ; will be used instead. -; Note: chrooting is a great security feature and should be used whenever +; Note: chrooting is a great security feature and should be used whenever ; possible. However, all PHP paths will be relative to the chroot ; (error_log, sessions.save_path, ...). ; Default Value: not set -;chroot = - +;chroot = + ; Chdir to this directory at the start. ; Note: relative path can be used. ; Default Value: current directory or / when chroot chdir = __FINALPATH__ - + ; Redirect worker stdout and stderr into main error log. If not set, stdout and ; stderr will be redirected to /dev/null according to FastCGI specs. ; Note: on highloaded environement, this can cause some delay in the page ; process time (several ms). ; Default Value: no -catch_workers_output = yes +;catch_workers_output = yes + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no ; Limits the extensions of the main script FPM will allow to parse. This can ; prevent configuration mistakes on the web server side. You should only limit ; FPM to .php extensions to prevent malicious users to use other extensions to -; exectute php code. +; execute php code. ; Note: set an empty value to allow all extensions. ; Default Value: .php -;security.limit_extensions = .php .php3 .php4 .php5 - +;security.limit_extensions = .php .php3 .php4 .php5 .php7 + ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from ; the current environment. ; Default Value: clean env @@ -370,7 +397,7 @@ catch_workers_output = yes ; overwrite the values previously defined in the php.ini. The directives are the ; same as the PHP SAPI: ; php_value/php_flag - you can set classic ini defines which can -; be overwritten from PHP call 'ini_set'. +; be overwritten from PHP call 'ini_set'. ; php_admin_value/php_admin_flag - these directives won't be overwritten by ; PHP call 'ini_set' ; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. @@ -389,6 +416,19 @@ catch_workers_output = yes ;php_flag[display_errors] = off ;php_admin_value[error_log] = /var/log/fpm-php.www.log ;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M + +; Common values to change to increase file upload limit +; php_admin_value[upload_max_filesize] = 50M +; php_admin_value[post_max_size] = 50M +; php_admin_flag[mail.add_x_header] = Off + +; Other common parameters +; php_admin_value[max_execution_time] = 600 +; php_admin_value[max_input_time] = 300 +; php_admin_value[memory_limit] = 256M +; php_admin_flag[short_open_tag] = On + php_admin_value[memory_limit] = 64M ; Common values to change to increase file upload limit diff --git a/manifest.json b/manifest.json index f214406..5b2caba 100644 --- a/manifest.json +++ b/manifest.json @@ -15,12 +15,12 @@ "url": "" }, "requirements": { - "yunohost": ">= 2.7.2" + "yunohost": ">= 3.4" }, "multi_instance": true, "services": [ "nginx", - "php5-fpm", + "php7.0-fpm", "mysql" ], "arguments": { diff --git a/scripts/backup b/scripts/backup index 22120c4..7935fe7 100644 --- a/scripts/backup +++ b/scripts/backup @@ -44,6 +44,7 @@ ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" # BACKUP THE PHP-FPM CONFIGURATION #================================================= +ynh_backup "/etc/php/7.0/fpm/pool.d/$app.conf" #================================================= # BACKUP THE MYSQL DATABASE @@ -55,7 +56,6 @@ ynh_mysql_dump_db "$db_name" > db.sql # BACKUP FAIL2BAN CONFIGURATION #================================================= -ynh_backup "/etc/php5/fpm/pool.d/$app.conf" ynh_backup "/etc/fail2ban/jail.d/$app.conf" ynh_backup "/etc/fail2ban/filter.d/$app.conf" diff --git a/scripts/restore b/scripts/restore index c69de96..783cafd 100644 --- a/scripts/restore +++ b/scripts/restore @@ -75,6 +75,7 @@ ynh_restore_file "/etc/php/7.0/fpm/pool.d/$app.conf" #================================================= # RESTORE THE FAIL2BAN CONFIGURATION #================================================= + ynh_restore_file "/etc/fail2ban/jail.d/$app.conf" ynh_restore_file "/etc/fail2ban/filter.d/$app.conf" @@ -105,7 +106,6 @@ mkdir -p /home/yunohost.app/${app}/_data # RESTORE USER RIGHTS #================================================= -ynh_restore_file /etc/php5/fpm/pool.d/$app.conf chown -R $app: $final_path chown -R $app: /home/yunohost.app/${app} @@ -115,6 +115,6 @@ chown -R $app: /home/yunohost.app/${app} # RELOAD NGINX AND PHP-FPM #================================================= -systemctl reload php5-fpm +systemctl reload php7.0-fpm systemctl reload nginx diff --git a/scripts/upgrade b/scripts/upgrade index bd6dd5d..6bc92b0 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -93,7 +93,6 @@ path_url=$(ynh_normalize_url_path $path_url) #================================================= # Create tmp directory and fetch app inside -tmpdir=$(ynh_mkdir_tmp) tmpdir="$(ynh_smart_mktemp --min_size=300)" ynh_setup_source "$tmpdir" From aec1b4027a89d06ec3b6f60fd958f96c0b9b0559 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Sun, 17 Feb 2019 19:30:40 +0100 Subject: [PATCH 3/5] Update helpers --- scripts/_common.sh | 156 ++++++++++++++++++++++++++++++++++----------- 1 file changed, 119 insertions(+), 37 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index a7041b1..87ff072 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,35 +1,122 @@ #!/bin/bash -# -# Common variables -# + +#================================================= +# COMMON VARIABLES +#================================================= pkg_dependencies="php5-gd php5-imagick imagemagick" -# ============= FUTURE YUNOHOST HELPERS ============= +#================================================= +# FUTURE OFFICIAL HELPERS +#================================================= # Create a dedicated fail2ban config (jail and filter conf files) # -# usage: ynh_add_fail2ban_config log_file filter [max_retry [ports]] -# | arg: log_file - Log file to be checked by fail2ban -# | arg: failregex - Failregex to be looked for by fail2ban -# | arg: max_retry - Maximum number of retries allowed before banning IP address - default: 3 -# | arg: ports - Ports blocked for a banned IP address - default: http,https +# usage 1: ynh_add_fail2ban_config --logpath=log_file --failregex=filter [--max_retry=max_retry] [--ports=ports] +# | arg: -l, --logpath= - Log file to be checked by fail2ban +# | arg: -r, --failregex= - Failregex to be looked for by fail2ban +# | arg: -m, --max_retry= - Maximum number of retries allowed before banning IP address - default: 3 +# | arg: -p, --ports= - Ports blocked for a banned IP address - default: http,https +# +# ----------------------------------------------------------------------------- +# +# usage 2: ynh_add_fail2ban_config --use_template [--others_var="list of others variables to replace"] +# | arg: -t, --use_template - Use this helper in template mode +# | arg: -v, --others_var= - List of others variables to replace separeted by a space +# | for example : 'var_1 var_2 ...' +# +# This will use a template in ../conf/f2b_jail.conf and ../conf/f2b_filter.conf +# __APP__ by $app +# +# You can dynamically replace others variables by example : +# __VAR_1__ by $var_1 +# __VAR_2__ by $var_2 +# +# Generally your template will look like that by example (for synapse): +# +# f2b_jail.conf: +# [__APP__] +# enabled = true +# port = http,https +# filter = __APP__ +# logpath = /var/log/__APP__/logfile.log +# maxretry = 3 +# +# f2b_filter.conf: +# [INCLUDES] +# before = common.conf +# [Definition] +# +# # Part of regex definition (just used to make more easy to make the global regex) +# __synapse_start_line = .? \- synapse\..+ \- +# +# # Regex definition. +# failregex = ^%(__synapse_start_line)s INFO \- POST\-(\d+)\- \- \d+ \- Received request\: POST /_matrix/client/r0/login\??%(__synapse_start_line)s INFO \- POST\-\1\- Got login request with identifier: \{u'type': u'm.id.user', u'user'\: u'(.+?)'\}, medium\: None, address: None, user\: u'\5'%(__synapse_start_line)s WARNING \- \- (Attempted to login as @\5\:.+ but they do not exist|Failed password login for user @\5\:.+)$ +# +# ignoreregex = +# +# ----------------------------------------------------------------------------- +# +# Note about the "failregex" option: +# regex to match the password failure messages in the logfile. The +# host must be matched by a group named "host". The tag "" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P[\w\-.^_]+) +# +# You can find some more explainations about how to make a regex here : +# https://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Filters +# +# Note that the logfile need to exist before to call this helper !! +# +# To validate your regex you can test with this command: +# fail2ban-regex /var/log/YOUR_LOG_FILE_PATH /etc/fail2ban/filter.d/YOUR_APP.conf +# ynh_add_fail2ban_config () { - # Process parameters - logpath=$1 - failregex=$2 - max_retry=${3:-3} - ports=${4:-http,https} - - test -n "$logpath" || ynh_die "ynh_add_fail2ban_config expects a logfile path as first argument and received nothing." - test -n "$failregex" || ynh_die "ynh_add_fail2ban_config expects a failure regex as second argument and received nothing." - + # Declare an array to define the options of this helper. + declare -Ar args_array=( [l]=logpath= [r]=failregex= [m]=max_retry= [p]=ports= [t]=use_template [v]=others_var=) + local logpath + local failregex + local max_retry + local ports + local others_var + local use_template + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + use_template="${use_template:-0}" + max_retry=${max_retry:-3} + ports=${ports:-http,https} + finalfail2banjailconf="/etc/fail2ban/jail.d/$app.conf" finalfail2banfilterconf="/etc/fail2ban/filter.d/$app.conf" - ynh_backup_if_checksum_is_different "$finalfail2banjailconf" 1 - ynh_backup_if_checksum_is_different "$finalfail2banfilterconf" 1 - - sudo tee $finalfail2banjailconf <&2 - echo "WARNING${fail2ban_error#*WARNING}" >&2 + if [[ -n "$fail2ban_error" ]]; then + ynh_print_err "Fail2ban failed to load the jail for $app" + ynh_print_warn "${fail2ban_error#*WARNING}" fi } @@ -64,22 +153,15 @@ EOF ynh_remove_fail2ban_config () { ynh_secure_remove "/etc/fail2ban/jail.d/$app.conf" ynh_secure_remove "/etc/fail2ban/filter.d/$app.conf" - sudo systemctl restart fail2ban + systemctl try-reload-or-restart fail2ban } -# Delete a file checksum from the app settings #================================================= # Check available space before creating a temp directory. # -# $app should be defined when calling this helper # usage: ynh_smart_mktemp --min_size="Min size" # -# usage: ynh_remove_file_checksum file -# | arg: file - The file for which the checksum will be deleted -ynh_delete_file_checksum () { - local checksum_setting_name=checksum_${1//[\/ ]/_} # Replace all '/' and ' ' by '_' - ynh_app_setting_delete $app $checksum_setting_name # | arg: -s, --min_size= - Minimal size needed for the temporary directory, in Mb ynh_smart_mktemp () { # Declare an array to define the options of this helper. From 56db279bfbab481dbc551aa517213491bb1c5adb Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Sun, 17 Feb 2019 20:58:31 +0100 Subject: [PATCH 4/5] Add progression with ynh_print_info --- scripts/backup | 12 ++++++++++++ scripts/change_url | 8 ++++++++ scripts/install | 19 +++++++++++++++++++ scripts/remove | 13 +++++++++++++ scripts/restore | 13 +++++++++++++ scripts/upgrade | 18 ++++++++++++++++++ 6 files changed, 83 insertions(+) diff --git a/scripts/backup b/scripts/backup index 7935fe7..afb0089 100644 --- a/scripts/backup +++ b/scripts/backup @@ -19,6 +19,7 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= +ynh_print_info "Loading installation settings..." app=$YNH_APP_INSTANCE_NAME @@ -31,30 +32,35 @@ db_name=$(ynh_app_setting_get $app db_name) #================================================= # BACKUP THE APP MAIN DIR #================================================= +ynh_print_info "Backing up the main app directory..." ynh_backup "$final_path" #================================================= # BACKUP THE NGINX CONFIGURATION #================================================= +ynh_print_info "Backing up nginx web server configuration..." ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # BACKUP THE PHP-FPM CONFIGURATION #================================================= +ynh_print_info "Backing up php-fpm configuration..." ynh_backup "/etc/php/7.0/fpm/pool.d/$app.conf" #================================================= # BACKUP THE MYSQL DATABASE #================================================= +ynh_print_info "Backing up the MySQL database..." ynh_mysql_dump_db "$db_name" > db.sql #================================================= # BACKUP FAIL2BAN CONFIGURATION #================================================= +ynh_print_info "Backing up fail2ban configuration..." ynh_backup "/etc/fail2ban/jail.d/$app.conf" ynh_backup "/etc/fail2ban/filter.d/$app.conf" @@ -64,9 +70,15 @@ ynh_backup "/etc/fail2ban/filter.d/$app.conf" #================================================= # BACKUP THE DATA DIRECTORY #================================================= +ynh_print_info "Backing up data directory..." # The 1 parameter indicates the directory is "big", # so that it won't be backed up before upgrade # This argument has to be the third one. ynh_backup "/home/yunohost.app/${app}/upload" "/home/yunohost.app/${app}/upload" 1 +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." diff --git a/scripts/change_url b/scripts/change_url index 07c17fc..1b4fded 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -24,6 +24,7 @@ app=$YNH_APP_INSTANCE_NAME #================================================= # LOAD SETTINGS #================================================= +ynh_print_info "Loading installation settings..." # Needed for helper "ynh_add_nginx_config" final_path=$(ynh_app_setting_get $app final_path) @@ -58,6 +59,7 @@ fi #================================================= # MODIFY URL IN NGINX CONF FILE #================================================= +ynh_print_info "Updating nginx web server configuration..." nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf @@ -88,6 +90,12 @@ fi #================================================= # RELOAD NGINX #================================================= +ynh_print_info "Reloading nginx web server..." systemctl reload nginx +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Change of url completed for $app" diff --git a/scripts/install b/scripts/install index 4967119..0508412 100644 --- a/scripts/install +++ b/scripts/install @@ -31,6 +31,7 @@ app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= +ynh_print_info "Validating installation parameters..." final_path=/var/www/$app test ! -e "$final_path" || ynh_die "This path already contains a folder" @@ -44,6 +45,7 @@ ynh_webpath_register $app $domain $path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= +ynh_print_info "Storing installation settings..." ynh_app_setting_set $app domain $domain ynh_app_setting_set $app path $path_url @@ -56,12 +58,14 @@ ynh_app_setting_set $app language $language #================================================= # INSTALL DEPENDENCIES #================================================= +ynh_print_info "Installing dependencies..." ynh_install_app_dependencies "$pkg_dependencies" #================================================= # CREATE A MYSQL DB #================================================= +ynh_print_info "Creating a MySQL database..." db_name=$(ynh_sanitize_dbid $app) ynh_app_setting_set $app db_name $db_name @@ -70,6 +74,7 @@ ynh_mysql_setup_db $db_name $db_name #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= +ynh_print_info "Setting up source files..." ynh_app_setting_set $app final_path $final_path @@ -85,6 +90,7 @@ ynh_setup_source "$tmpdir/plugins" log_failed_logins_plugin #================================================= # CREATE DEDICATED USER #================================================= +ynh_print_info "Configuring system user..." # Create a system user ynh_system_user_create $app @@ -92,6 +98,7 @@ ynh_system_user_create $app #================================================= # NGINX CONFIGURATION #================================================= +ynh_print_info "Configuring nginx web server..." # Create a dedicated nginx config ynh_add_nginx_config @@ -131,6 +138,7 @@ ynh_secure_remove "$tmpdir" #================================================= # PHP-FPM CONFIGURATION #================================================= +ynh_print_info "Configuring php-fpm..." # Create a dedicated php-fpm config ynh_add_fpm_config @@ -138,6 +146,7 @@ ynh_add_fpm_config #================================================= # SETUP APPLICATION WITH CURL #================================================= +ynh_print_info "Installing piwigo with Curl..." ynh_app_setting_set $app unprotected_uris "/" # Reload SSOwat config @@ -165,6 +174,7 @@ ynh_local_curl "/install.php?language=$applanguage" "install=true" "dbuser=$db_n #================================================= # CONFIGURE PIWIGO #================================================= +ynh_print_info "Configuring piwigo..." # Change local config cp ../conf/config.inc.php $final_path/local/config/ @@ -185,6 +195,7 @@ ynh_store_file_checksum "$final_path/local/config/database.inc.php" #================================================= # ADD LDAP PLUGINS #================================================= +ynh_print_info "Configuring LDAP plugin..." # Configure and activate LDAP plugin ynh_mysql_connect_as $db_name $db_pwd $db_name <<< "INSERT INTO plugins (id,state,version) VALUES ('Ldap_Login','active','1.1');" @@ -193,6 +204,7 @@ cp ../conf/data.dat $final_path/plugins/Ldap_Login #================================================= # CONFIGURE FAIL2BAN #================================================= +ynh_print_info "Configuring fail2ban..." # Configure and activate log_failed_logins plugin ynh_mysql_connect_as $db_name $db_pwd $db_name <<< "INSERT INTO plugins (id,state,version) VALUES ('log_failed_logins','active','1.2');" @@ -208,6 +220,7 @@ ynh_add_fail2ban_config --logpath="/var/log/${app}FailedLogins.log" --failregex= #================================================= # SETUP SSOWAT #================================================= +ynh_print_info "Configuring SSOwat..." # Protect URIs if private if [ $is_public -eq 0 ] @@ -219,6 +232,12 @@ fi #================================================= # RELOAD NGINX #================================================= +ynh_print_info "Reloading nginx web server..." systemctl reload nginx +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Installation of $app completed" diff --git a/scripts/remove b/scripts/remove index ce8a17a..3b0305a 100644 --- a/scripts/remove +++ b/scripts/remove @@ -12,6 +12,7 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= +ynh_print_info "Loading installation settings..." app=$YNH_APP_INSTANCE_NAME @@ -24,6 +25,7 @@ final_path=$(ynh_app_setting_get $app final_path) #================================================= # REMOVE DEPENDENCIES #================================================= +ynh_print_info "Removing dependencies" # Remove metapackage and its dependencies ynh_remove_app_dependencies @@ -31,6 +33,7 @@ ynh_remove_app_dependencies #================================================= # REMOVE THE MYSQL DATABASE #================================================= +ynh_print_info "Removing the MySQL database" # Remove a database if it exists, along with the associated user ynh_mysql_remove_db $db_name $db_name @@ -38,6 +41,7 @@ ynh_mysql_remove_db $db_name $db_name #================================================= # REMOVE APP MAIN DIR #================================================= +ynh_print_info "Removing app main directory" # Remove the app directory securely ynh_secure_remove "$final_path" @@ -45,6 +49,7 @@ ynh_secure_remove "$final_path" #================================================= # REMOVE NGINX CONFIGURATION #================================================= +ynh_print_info "Removing nginx web server configuration" # Remove the dedicated nginx config ynh_remove_nginx_config @@ -52,6 +57,7 @@ ynh_remove_nginx_config #================================================= # REMOVE PHP-FPM CONFIGURATION #================================================= +ynh_print_info "Removing php-fpm configuration" # Remove the dedicated php-fpm config ynh_remove_fpm_config @@ -59,6 +65,7 @@ ynh_remove_fpm_config #================================================= # REMOVE FAIL2BAN CONFIGURATION #================================================= +ynh_print_info "Removing fail2ban configuration" ynh_remove_fail2ban_config @@ -67,7 +74,13 @@ ynh_remove_fail2ban_config #================================================= # REMOVE DEDICATED USER #================================================= +ynh_print_info "Removing the dedicated system user" # Delete a system user ynh_system_user_delete $app +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Removal of $app completed" diff --git a/scripts/restore b/scripts/restore index 783cafd..7746fa3 100644 --- a/scripts/restore +++ b/scripts/restore @@ -19,6 +19,7 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= +ynh_print_info "Loading settings..." app=$YNH_APP_INSTANCE_NAME @@ -31,6 +32,7 @@ db_name=$(ynh_app_setting_get $app db_name) #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= +ynh_print_info "Validating restoration parameters..." ynh_webpath_available $domain $path_url \ || ynh_die "Path not available: ${domain}${path_url}" @@ -48,12 +50,14 @@ ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # RESTORE THE APP MAIN DIR #================================================= +ynh_print_info "Restoring the app main directory..." ynh_restore_file "$final_path" #================================================= # RESTORE THE MYSQL DATABASE #================================================= +ynh_print_info "Restoring the MySQL database..." db_pwd=$(ynh_app_setting_get $app mysqlpwd) ynh_mysql_setup_db $db_name $db_name $db_pwd @@ -62,6 +66,7 @@ ynh_mysql_connect_as $db_name $db_pwd $db_name < ./db.sql #================================================= # RECREATE THE DEDICATED USER #================================================= +ynh_print_info "Recreating the dedicated system user..." # Create the dedicated user (if not existing) ynh_system_user_create $app @@ -75,6 +80,7 @@ ynh_restore_file "/etc/php/7.0/fpm/pool.d/$app.conf" #================================================= # RESTORE THE FAIL2BAN CONFIGURATION #================================================= +ynh_print_info "Restoring the fail2ban configuration" ynh_restore_file "/etc/fail2ban/jail.d/$app.conf" ynh_restore_file "/etc/fail2ban/filter.d/$app.conf" @@ -89,6 +95,7 @@ systemctl restart fail2ban #================================================= # RESTORE THE DATA DIRECTORY #================================================= +ynh_print_info "Restoring data directory..." # The data directory will be restored only if it exists in the backup archive # So only if it was backup previously. @@ -114,7 +121,13 @@ chown -R $app: /home/yunohost.app/${app} #================================================= # RELOAD NGINX AND PHP-FPM #================================================= +ynh_print_info "Reloading nginx web server and php-fpm..." systemctl reload php7.0-fpm systemctl reload nginx +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Restoration completed for $app" diff --git a/scripts/upgrade b/scripts/upgrade index 6bc92b0..517a243 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -12,6 +12,7 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= +ynh_print_info "Loading installation settings..." app=$YNH_APP_INSTANCE_NAME @@ -27,6 +28,7 @@ admin_pwd=$(ynh_app_setting_get $app admin_pwd) #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= +ynh_print_info "Ensuring downward compatibility..." # If db_name doesn't exist, create it if [ -z $db_name ]; then @@ -69,6 +71,7 @@ fi #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= +ynh_print_info "Backing up the app before upgrading (may take a while)..." # Backup the current version of the app ynh_backup_before_upgrade @@ -91,6 +94,7 @@ path_url=$(ynh_normalize_url_path $path_url) #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= +ynh_print_info "Upgrading source files..." # Create tmp directory and fetch app inside tmpdir="$(ynh_smart_mktemp --min_size=300)" @@ -104,6 +108,7 @@ ynh_setup_source "$tmpdir/plugins" log_failed_logins_plugin #================================================= # NGINX CONFIGURATION #================================================= +ynh_print_info "Upgrading nginx web server configuration..." # Create a dedicated nginx config ynh_add_nginx_config @@ -111,12 +116,14 @@ ynh_add_nginx_config #================================================= # UPGRADE DEPENDENCIES #================================================= +ynh_print_info "Upgrading dependencies..." ynh_install_app_dependencies "$pkg_dependencies" #================================================= # CREATE DEDICATED USER #================================================= +ynh_print_info "Making sure dedicated system user exists..." # Create a dedicated user (if not existing) ynh_system_user_create $app @@ -124,6 +131,7 @@ ynh_system_user_create $app #================================================= # PHP-FPM CONFIGURATION #================================================= +ynh_print_info "Upgrading php-fpm configuration..." # Create a dedicated php-fpm config ynh_add_fpm_config @@ -167,6 +175,7 @@ ynh_secure_remove "$tmpdir" #================================================= # UPGRADE APPLICATION WITH CURL #================================================= +ynh_print_info "Upgrading piwigo with Curl..." ynh_app_setting_set $app unprotected_uris "/" # Reload SSOwat config @@ -215,6 +224,7 @@ ynh_store_file_checksum "$final_path/local/config/database.inc.php" #================================================= # ADD LDAP PLUGINS #================================================= +ynh_print_info "Configuring LDAP plugin..." # Configure and activate LDAP plugin ynh_mysql_connect_as $db_name $db_pwd $db_name <<< "UPDATE plugins SET state='active' WHERE id='Ldap_Login';" @@ -223,6 +233,7 @@ cp ../conf/data.dat $final_path/plugins/Ldap_Login #================================================= # UPGRADE FAIL2BAN #================================================= +ynh_print_info "Upgrading fail2ban..." # Configure and activate log_failed_logins plugin ynh_mysql_connect_as $db_name $db_pwd $db_name <<< "INSERT INTO plugins (id,state,version) VALUES ('log_failed_logins','active','1.2');" 2>&1 > /dev/null ||ynh_mysql_connect_as $db_name $db_pwd $db_name <<< "UPDATE plugins SET state='active' WHERE id='log_failed_logins';" @@ -238,6 +249,7 @@ ynh_add_fail2ban_config --logpath="/var/log/${app}FailedLogins.log" --failregex= #================================================= # SETUP SSOWAT #================================================= +ynh_print_info "Upgrading SSOwat configuration..." # Protect URIs if private if [ $is_public -eq 0 ] @@ -249,6 +261,12 @@ fi #================================================= # RELOAD NGINX #================================================= +ynh_print_info "Reloading nginx web server..." systemctl reload nginx +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Upgrade of $app completed" From a39ccedb0b0c23c95bf70935c95276a07a8aca77 Mon Sep 17 00:00:00 2001 From: JimboJoe Date: Sun, 10 Mar 2019 11:18:40 +0100 Subject: [PATCH 5/5] Update scripts/_common.sh Co-Authored-By: maniackcrudelis --- scripts/_common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index 87ff072..6380eea 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,7 +4,7 @@ # COMMON VARIABLES #================================================= -pkg_dependencies="php5-gd php5-imagick imagemagick" +pkg_dependencies="php-gd php-imagick imagemagick" #================================================= # FUTURE OFFICIAL HELPERS