From 561b7c69b3044aab9c7dacd34fcfaf911c487b1d Mon Sep 17 00:00:00 2001 From: yalh76 Date: Sun, 16 May 2021 19:41:11 +0200 Subject: [PATCH] Apply example_ynh --- check_process | 8 ++--- manifest.json | 16 --------- scripts/_common.sh | 5 +++ scripts/backup | 22 +++++++------ scripts/change_url | 6 ++-- scripts/install | 76 +++++++++++++++++++++++++------------------ scripts/remove | 24 +++++++------- scripts/restore | 70 +++++++++++++++++++-------------------- scripts/upgrade | 81 +++++++++++++++++++++++++--------------------- 9 files changed, 160 insertions(+), 148 deletions(-) diff --git a/check_process b/check_process index 050f061..3fac6e1 100644 --- a/check_process +++ b/check_process @@ -1,10 +1,10 @@ ;; Test complet ; Manifest - domain="domain.tld" (DOMAIN) - path="/path" (PATH) - admin="john" (USER) + domain="domain.tld" + path="/path" + admin="john" language="fr" - is_public=1 (PUBLIC|public=1|private=0) + is_public=1 ; Checks pkg_linter=1 setup_sub_dir=1 diff --git a/manifest.json b/manifest.json index 27bd2fd..9cf0d1f 100644 --- a/manifest.json +++ b/manifest.json @@ -28,38 +28,22 @@ { "name": "domain", "type": "domain", - "ask": { - "en": "Choose a domain for Piwigo", - "fr": "Choisissez un nom de domaine pour Piwigo" - }, "example": "domain.org" }, { "name": "path", "type": "path", - "ask": { - "en": "Choose a path for Piwigo", - "fr": "Choisissez un chemin pour Piwigo" - }, "example": "/piwigo", "default": "/piwigo" }, { "name": "admin", "type": "user", - "ask": { - "en": "Choose an admin user", - "fr": "Choisissez l'administrateur" - }, "example": "homer" }, { "name": "is_public", "type": "boolean", - "ask": { - "en": "Is it a public application?", - "fr": "Est-ce une application publique ?" - }, "default": true }, { diff --git a/scripts/_common.sh b/scripts/_common.sh index 4a013c1..b44136a 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -6,8 +6,13 @@ YNH_PHP_VERSION="7.3" +# dependencies used by the app pkg_dependencies="php${YNH_PHP_VERSION}-gd php${YNH_PHP_VERSION}-imagick imagemagick" +#================================================= +# PERSONAL HELPERS +#================================================= + #================================================= # EXPERIMENTAL HELPERS #================================================= diff --git a/scripts/backup b/scripts/backup index 9791cc8..9cf719f 100644 --- a/scripts/backup +++ b/scripts/backup @@ -6,6 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers @@ -23,10 +24,11 @@ ynh_print_info --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get --app=$app --key=domain) final_path=$(ynh_app_setting_get --app=$app --key=final_path) +domain=$(ynh_app_setting_get --app=$app --key=domain) db_name=$(ynh_app_setting_get --app=$app --key=db_name) phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) +datapath=$(ynh_app_setting_get --app=$app --key=datapath) #================================================= # DECLARE DATA AND CONF FILES TO BACKUP @@ -51,13 +53,6 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" -#================================================= -# BACKUP THE MYSQL DATABASE -#================================================= -ynh_print_info --message="Backing up the MySQL database..." - -ynh_mysql_dump_db --database="$db_name" > db.sql - #================================================= # BACKUP FAIL2BAN CONFIGURATION #================================================= @@ -69,10 +64,17 @@ ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" # BACKUP THE DATA DIRECTORY #================================================= -ynh_backup --src_path="/home/yunohost.app/$app/upload" --is_big +ynh_backup --src_path="$datapath" --is_big + +#================================================= +# BACKUP THE MYSQL DATABASE +#================================================= +ynh_print_info --message="Backing up the MySQL database..." + +ynh_mysql_dump_db --database="$db_name" > db.sql #================================================= # END OF SCRIPT #================================================= -ynh_print_info --message="Backup script completed for Piwigo. (YunoHost will then actually copy those files to the archive)." +ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." diff --git a/scripts/change_url b/scripts/change_url index 9533ac5..243e746 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -59,7 +59,7 @@ if [ $change_path -eq 1 ] then # Make a backup of the original NGINX config file if modified ynh_backup_if_checksum_is_different --file="$nginx_conf_path" - # Set global variables for nginx helper + # Set global variables for NGINX helper domain="$old_domain" path_url="$new_path" # Create a dedicated NGINX config @@ -77,7 +77,7 @@ then fi #================================================= -# GENERIC FINALIZATION +# GENERIC FINALISATION #================================================= # RELOAD NGINX #================================================= @@ -89,4 +89,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Change of URL completed for Piwigo" --last +ynh_script_progression --message="Change of URL completed for $app" --last diff --git a/scripts/install b/scripts/install index 63de718..28c38ef 100644 --- a/scripts/install +++ b/scripts/install @@ -1,7 +1,7 @@ #!/bin/bash #================================================= -# GENERIC STARTING +# GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= @@ -47,7 +47,6 @@ ynh_script_progression --message="Storing installation settings..." ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=admin --value=$admin -ynh_app_setting_set --app=$app --key=is_public --value=$is_public ynh_app_setting_set --app=$app --key=language --value=$language #================================================= @@ -57,10 +56,18 @@ ynh_app_setting_set --app=$app --key=language --value=$language #================================================= ynh_script_progression --message="Installing dependencies..." --weight=40 -ynh_install_app_dependencies "$pkg_dependencies" +ynh_install_app_dependencies $pkg_dependencies #================================================= -# CREATE A MYSQL DB +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." --weight=3 + +# Create a system user +ynh_system_user_create --username=$app --home_dir=$final_path + +#================================================= +# CREATE A MYSQL DATABASE #================================================= ynh_script_progression --message="Creating a MySQL database..." @@ -85,14 +92,6 @@ mkdir -p $tmpdir/plugins/Ldap_Login ynh_setup_source --dest_dir="$tmpdir/plugins/Ldap_Login" --source_id=ldap_plugin ynh_setup_source --dest_dir="$tmpdir/plugins" --source_id=log_failed_logins_plugin -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." --weight=3 - -# Create a system user -ynh_system_user_create --username=$app - #================================================= # NGINX CONFIGURATION #================================================= @@ -101,6 +100,15 @@ ynh_script_progression --message="Configuring NGINX web server..." # Create a dedicated NGINX config ynh_add_nginx_config +#================================================= +# PHP-FPM CONFIGURATION +#================================================= +ynh_script_progression --message="Configuring PHP-FPM..." --weight=2 + +# Create a dedicated PHP-FPM config +ynh_add_fpm_config +phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) + #================================================= # SPECIFIC SETUP #================================================= @@ -127,27 +135,26 @@ cp -Rp $tmpdir/_data/. $final_path/_data cp -Rp $tmpdir/upload/. $final_path/upload cp -Rp $tmpdir/galleries/. $final_path/galleries -chown -R $app: $final_path -chown -R $app: $datapath -chmod 755 -R $final_path/_data +chmod 750 "$datapath" +chmod -R o-rwx "$datapath" +chown -R $app:www-data "$datapath" + +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + +ynh_app_setting_set --app=$app --key=datapath --value=$datapath ynh_secure_remove --file="$tmpdir" -#================================================= -# PHP-FPM CONFIGURATION -#================================================= -ynh_script_progression --message="Configuring PHP-FPM..." --weight=2 - -# Create a dedicated PHP-FPM config -ynh_add_fpm_config -phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) - #================================================= # SETUP APPLICATION WITH CURL #================================================= -ynh_script_progression --message="Installing Piwigo with cURL..." --weight=5 +ynh_script_progression --message="Setuping application with CURL..." --weight=5 -# Set the app as temporarily public for cURL call +# Set the app as temporarily public for curl call +ynh_script_progression --message="Configuring SSOwat..." +# Making the app public for curl ynh_permission_update --permission="main" --add="visitors" # Reload NGINX @@ -212,8 +219,13 @@ UPDATE piwigo_ldap_login_config SET value='' WHERE param = 'ld_binddn'; UPDATE piwigo_ldap_login_config SET value='0' WHERE param = 'allow_new_users'; UPDATE piwigo_ldap_login_config SET value='0' WHERE param = 'ld_group_user_active';" +# Remove the public access +ynh_permission_update --permission="main" --remove="visitors" + #================================================= -# CONFIGURE FAIL2BAN +# GENERIC FINALIZATION +#================================================= +# SETUP FAIL2BAN #================================================= ynh_script_progression --message="Configuring Fail2Ban..." --weight=6 @@ -226,17 +238,17 @@ chown $app: "/var/log/${app}FailedLogins.log" ynh_add_fail2ban_config --logpath="/var/log/${app}FailedLogins.log" --failregex="ip=" --max_retry=6 -#================================================= -# GENERIC FINALIZATION #================================================= # SETUP SSOWAT #================================================= ynh_script_progression --message="Configuring permissions..." # Make app public if necessary -if [ $is_public -eq 0 ] +if [ $is_public -eq 1 ] then - ynh_permission_update --permission="main" --remove="visitors" + # Everyone can access the app. + # The "main" permission is automatically created before the install script. + ynh_permission_update --permission="main" --add="visitors" fi #================================================= @@ -250,4 +262,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Installation of Piwigo completed" --last +ynh_script_progression --message="Installation of $app completed" --last diff --git a/scripts/remove b/scripts/remove index c63a0b9..c6ebafb 100644 --- a/scripts/remove +++ b/scripts/remove @@ -1,7 +1,7 @@ #!/bin/bash #================================================= -# GENERIC STARTING +# GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= @@ -18,10 +18,19 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) db_name=$(ynh_app_setting_get --app=$app --key=db_name) +db_user=$db_name final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= # STANDARD REMOVE +#================================================= +# REMOVE THE MYSQL DATABASE +#================================================= +ynh_script_progression --message="Removing the MySQL database..." + +# Remove a database if it exists, along with the associated user +ynh_mysql_remove_db --db_user=$db_user --db_name=$db_name + #================================================= # REMOVE DEPENDENCIES #================================================= @@ -30,18 +39,10 @@ ynh_script_progression --message="Removing dependencies..." # Remove metapackage and its dependencies ynh_remove_app_dependencies -#================================================= -# REMOVE THE MYSQL DATABASE -#================================================= -ynh_script_progression --message="Removing the MySQL database..." - -# Remove a database if it exists, along with the associated user -ynh_mysql_remove_db --db_user=$db_name --db_name=$db_name - #================================================= # REMOVE APP MAIN DIR #================================================= -ynh_script_progression --message="Removing Piwigo main directory..." +ynh_script_progression --message="Removing app main directory..." # Remove the app directory securely ynh_secure_remove --file="$final_path" @@ -67,6 +68,7 @@ ynh_remove_fpm_config #================================================= ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=8 +# Remove the dedicated Fail2Ban config ynh_remove_fail2ban_config #================================================= @@ -83,4 +85,4 @@ ynh_system_user_delete --username=$app # END OF SCRIPT #================================================= -ynh_script_progression --message="Removal of Piwigo completed" --last +ynh_script_progression --message="Removal of $app completed" --last diff --git a/scripts/restore b/scripts/restore index b267c64..00d0ac4 100644 --- a/scripts/restore +++ b/scripts/restore @@ -6,6 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers @@ -25,10 +26,11 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) -is_public=$(ynh_app_setting_get --app=$app --key=is_public) final_path=$(ynh_app_setting_get --app=$app --key=final_path) db_name=$(ynh_app_setting_get --app=$app --key=db_name) +db_user=$db_name phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) +datapath=$(ynh_app_setting_get --app=$app --key=datapath) #================================================= # CHECK IF THE APP CAN BE RESTORED @@ -45,51 +47,46 @@ test ! -d $final_path \ #================================================= # RESTORE THE NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Restoring the NGINX configuration..." ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" -#================================================= -# RESTORE THE APP MAIN DIR -#================================================= -ynh_script_progression --message="Restoring Piwigo main directory..." - -ynh_restore_file --origin_path="$final_path" - -#================================================= -# RESTORE THE MYSQL DATABASE -#================================================= -ynh_script_progression --message="Restoring the MySQL database..." --weight=2 - -db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) -ynh_mysql_setup_db --db_user=$db_name --db_name=$db_name --db_pwd=$db_pwd -ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name < ./db.sql - #================================================= # RECREATE THE DEDICATED USER #================================================= ynh_script_progression --message="Recreating the dedicated system user..." --weight=3 # Create the dedicated user (if not existing) -ynh_system_user_create --username=$app +ynh_system_user_create --username=$app --home_dir=$final_path + +#================================================= +# RESTORE THE APP MAIN DIR +#================================================= +ynh_script_progression --message="Restoring app main directory..." + +ynh_restore_file --origin_path="$final_path" + +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" #================================================= # RESTORE THE PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Reconfiguring PHP-FPM..." --weight=10 +ynh_script_progression --message="Restoring the PHP-FPM configuration..." --weight=10 ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" #================================================= -# RESTORE THE FAIL2BAN CONFIGURATION +# RESTORE FAIL2BAN CONFIGURATION #================================================= ynh_script_progression --message="Restoring the Fail2Ban configuration..." --weight=7 -ynh_restore_file "/etc/fail2ban/jail.d/$app.conf" -ynh_restore_file "/etc/fail2ban/filter.d/$app.conf" - touch "/var/log/${app}FailedLogins.log" chown $app: "/var/log/${app}FailedLogins.log" +ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf" +ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf" ynh_systemd_action --action=restart --service_name=fail2ban #================================================= @@ -100,7 +97,16 @@ ynh_systemd_action --action=restart --service_name=fail2ban ynh_script_progression --message="Reinstalling dependencies..." --weight=40 # Define and install dependencies -ynh_install_app_dependencies "$pkg_dependencies" +ynh_install_app_dependencies $pkg_dependencies + +#================================================= +# RESTORE THE MYSQL DATABASE +#================================================= +ynh_script_progression --message="Restoring the MySQL database..." --weight=2 + +db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) +ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd +ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql #================================================= # RESTORE THE DATA DIRECTORY @@ -108,20 +114,14 @@ ynh_install_app_dependencies "$pkg_dependencies" ynh_script_progression --message="Restoring data directory..." # Use --not_mandatory for the data directory, because if the backup has been made with BACKUP_CORE_ONLY, there's no data into the backup. -ynh_restore_file --origin_path="/home/yunohost.app/$app/upload" --not_mandatory +ynh_restore_file --origin_path="$datapath" --not_mandatory # Create app folders mkdir -p /home/yunohost.app/$app/upload -# Create temporary data folder -mkdir -p /home/yunohost.app/$app/_data - -#================================================= -# RESTORE USER RIGHTS -#================================================= - -chown -R $app: $final_path -chown -R $app: /home/yunohost.app/$app +chmod 750 "$datapath" +chmod -R o-rwx "$datapath" +chown -R $app:www-data "$datapath" #================================================= # GENERIC FINALIZATION @@ -137,4 +137,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Restoration completed for Piwigo" --last +ynh_script_progression --message="Restoration completed for $app" --last diff --git a/scripts/upgrade b/scripts/upgrade index d840c9a..038fe87 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,7 +1,7 @@ #!/bin/bash #================================================= -# GENERIC STARTING +# GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= @@ -32,6 +32,22 @@ db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) upgrade_type=$(ynh_check_app_version_changed) +#================================================= +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +#================================================= +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=6 + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # Restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# STANDARD UPGRADE STEPS #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= @@ -78,26 +94,16 @@ fi # Cleaning legacy permissions if ynh_legacy_permissions_exists; then ynh_legacy_permissions_delete_all - - ynh_app_setting_delete --app=$app --key=is_public fi #================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +# CREATE DEDICATED USER #================================================= -ynh_script_progression --message="Backing up Piwigo before upgrading (may take a while)..." --weight=6 +ynh_script_progression --message="Making sure dedicated system user exists..." -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - # restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir=$final_path -#================================================= -# STANDARD UPGRADE STEPS #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -107,13 +113,13 @@ then ynh_script_progression --message="Upgrading source files..." --weight=3 # Create tmp directory and fetch app inside - tmpdir="$(ynh_smart_mktemp --min_size=300)" - ynh_setup_source --dest_dir="$tmpdir" + tmpdir="$(ynh_smart_mktemp --min_size=300)" + ynh_setup_source --dest_dir="$tmpdir" - # Fetch needed plugins - mkdir -p $tmpdir/plugins/Ldap_Login - ynh_setup_source --dest_dir="$tmpdir/plugins/Ldap_Login" --source_id=ldap_plugin - ynh_setup_source --dest_dir="$tmpdir/plugins" --source_id=log_failed_logins_plugin + # Fetch needed plugins + mkdir -p $tmpdir/plugins/Ldap_Login + ynh_setup_source --dest_dir="$tmpdir/plugins/Ldap_Login" --source_id=ldap_plugin + ynh_setup_source --dest_dir="$tmpdir/plugins" --source_id=log_failed_logins_plugin fi #================================================= @@ -131,14 +137,6 @@ ynh_script_progression --message="Upgrading dependencies..." --weight=6 ynh_install_app_dependencies $pkg_dependencies -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." - -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app - #================================================= # PHP-FPM CONFIGURATION #================================================= @@ -182,9 +180,13 @@ then ynh_secure_remove --file="$tmpdir" fi -chown -R $app: $final_path -chown -R $app: $datapath -chmod 755 -R $final_path/_data +chmod 750 "$datapath" +chmod -R o-rwx "$datapath" +chown -R $app:www-data "$datapath" + +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" #================================================= # UPGRADE APPLICATION WITH CURL @@ -262,6 +264,11 @@ if [ -f $final_path/plugins/Ldap_Login/data.dat ] ; then ynh_secure_remove --file=$final_path/plugins/Ldap_Login/data.dat fi +# Remove the public access +ynh_permission_update --permission="main" --remove="visitors" + +#================================================= +# GENERIC FINALIZATION #================================================= # UPGRADE FAIL2BAN #================================================= @@ -282,13 +289,13 @@ ynh_add_fail2ban_config --logpath="/var/log/${app}FailedLogins.log" --failregex= ynh_script_progression --message="Configuring permissions..." # Make app public if necessary -if [ $is_public -eq 0 ] +if [ $is_public -eq 1 ] then - ynh_permission_update --permission="main" --remove="visitors" + # Everyone can access the app. + # The "main" permission is automatically created before the install script. + ynh_permission_update --permission="main" --add="visitors" fi -#================================================= -# GENERIC FINALIZATION #================================================= # RELOAD NGINX #================================================= @@ -300,4 +307,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Upgrade of Piwigo completed" --last +ynh_script_progression --message="Upgrade of $app completed" --last