From 15e1300f64b51c1918959e2af4c7eeac768666bf Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Fri, 22 Sep 2017 19:13:43 +0200 Subject: [PATCH 01/11] Set nginx and php-fpm configurations accordingly --- conf/nginx.conf | 2 +- conf/php-fpm.ini | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index f997658..eef6ba5 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,6 +1,6 @@ location __PATH__ { alias __FINALPATH__/; - client_max_body_size 1G; + client_max_body_size 100M; index index.php; default_type text/html; location ~ [^/]\.php(/|$) { diff --git a/conf/php-fpm.ini b/conf/php-fpm.ini index c3d888a..3fbeb35 100644 --- a/conf/php-fpm.ini +++ b/conf/php-fpm.ini @@ -1,7 +1,7 @@ ; Common values to change to increase file upload limit -upload_max_filesize = 1G -post_max_size = 1G +upload_max_filesize = 100M +post_max_size = 100M ; Other common parameters -max_execution_time = 600 -max_input_time = 300 +max_execution_time = 3600 +max_input_time = 3600 From 81247871f786213f8542f35706a95d4d7c3cecd4 Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Fri, 22 Sep 2017 21:18:12 +0200 Subject: [PATCH 02/11] Use final_path setting in backup script --- scripts/backup | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/backup b/scripts/backup index b675bb8..f5b753c 100644 --- a/scripts/backup +++ b/scripts/backup @@ -22,7 +22,7 @@ source /usr/share/yunohost/helpers app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get $app domain) -final_path="/var/www/${app}" +final_path=$(ynh_app_setting_get "$app" final_path) db_name=$(ynh_app_setting_get $app db_name) #================================================= From 8d061f1651ad36baaea955f3e2ef36e55fc79a22 Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Fri, 22 Sep 2017 21:18:40 +0200 Subject: [PATCH 03/11] Add "big" comments in install --- scripts/install | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/scripts/install b/scripts/install index 5f37f17..56f8a7b 100644 --- a/scripts/install +++ b/scripts/install @@ -116,7 +116,7 @@ chown -R $app: $datapath chmod 755 -R $final_path/galleries #================================================= -# NGINX CONFIGURATION +# NGINX AND PHP-FPM CONFIGURATION #================================================= ynh_add_nginx_config @@ -125,6 +125,10 @@ ynh_store_file_checksum "/etc/nginx/conf.d/$domain.d/$app.conf" # Copy and set php-fpm configuration ynh_add_fpm_config +#================================================= +# CONFIGURE PIWIGO +#================================================= + # Set permissions and reload nginx (needed at this stage for the PHP piwigo installation process) systemctl reload nginx sleep 5s @@ -155,6 +159,10 @@ cp ../conf/database.inc.php $final_path/local/config/database.inc.php # Calculate and store the database config file checksum ynh_store_file_checksum "$final_path/local/config/database.inc.php" +#================================================= +# ADD LDAP & FAIL2BAN PLUGINS +#================================================= + # Activate LDAP plugin ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "INSERT INTO plugins (id,state,version) VALUES ('Ldap_Login','active','1.1');" From 6780bd4a758f69a1339d4aceb41e8515a4d04f68 Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Fri, 22 Sep 2017 21:19:18 +0200 Subject: [PATCH 04/11] Remove "set -u" and avoidable services restarts from remove --- scripts/remove | 7 ------- 1 file changed, 7 deletions(-) diff --git a/scripts/remove b/scripts/remove index c9d0b71..0a3954f 100644 --- a/scripts/remove +++ b/scripts/remove @@ -1,7 +1,5 @@ #!/bin/bash -# Treat unset variables as an error -set -u #================================================= # GENERIC STARTING #================================================= @@ -36,7 +34,6 @@ ynh_mysql_remove_db "$app" "$db_name" #================================================= ynh_secure_remove "/var/www/$app" -ynh_secure_remove "/home/yunohost.app/$app" #================================================= # REMOVE FAIL2BAN CONFIGURATION @@ -51,10 +48,6 @@ ynh_remove_fail2ban_config ynh_remove_fpm_config ynh_remove_nginx_config -# Reload services -systemctl restart php5-fpm -systemctl reload nginx - #================================================= # REMOVE DEDICATED USER #================================================= From 89eddb9e13c04236b965583bc3f98869965538ca Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Fri, 22 Sep 2017 21:21:52 +0200 Subject: [PATCH 05/11] Add comments and spacings in upgrade --- scripts/upgrade | 25 +++++++++++++++++++++---- 1 file changed, 21 insertions(+), 4 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index af83a4a..2926fdf 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -26,6 +26,7 @@ DESTDIR="/var/www/$app" # Retrieve arguments domain=$(ynh_app_setting_get "$app" domain) + path_url=$(ynh_app_setting_get "$app" path_url) # Compatibility with previous version if [ -z "$path_url" ] ; then @@ -33,34 +34,43 @@ if [ -z "$path_url" ] ; then ynh_app_setting_set $app path_url "$path_url" fi path_url=$(ynh_normalize_url_path $path_url) + final_path=$(ynh_app_setting_get "$app" final_path) # Compatibility with previous version if [ -z "$final_path" ] ; then final_path="/var/www/$app" ynh_app_setting_set $app final_path "$final_path" fi + db_name=$(ynh_app_setting_get "$app" db_name) # Compatibility with previous version if [ -z "$db_name" ] ; then db_name=$app ynh_app_setting_set "$app" db_name "$db_name" fi + db_user="$db_name" db_pwd=$(ynh_app_setting_get "$app" mysqlpwd) admin=$(ynh_app_setting_get "$app" admin) + admin_pwd=$(ynh_app_setting_get "$app" admin_pwd) -# Compatibility with previous version; password not set +# Compatibility with previous version; password was not set if [ -z "$admin_pwd" ] ; then # Generate a new password admin_pwd=$(dd if=/dev/urandom bs=1 count=200 2> /dev/null | tr -c -d 'A-Za-z0-9' | sed -n 's/\(.\{24\}\).*/\1/p') + # Compute password hash with the Piwigo function cp ../conf/hash_password.php $final_path hashed_password=$(cd $final_path ; php hash_password.php $admin_pwd) + # Update password hash in database ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "UPDATE users SET password='$hashed_password' WHERE username='$admin';" ynh_app_setting_set $app admin_pwd "$admin_pwd" + + # Remove the temporary hash generation script ynh_secure_remove "$final_path/hash_password.php" fi + language=$(ynh_app_setting_get "$app" language) if [ "$language" = "fr" ] ; then applanguage="fr_FR" @@ -68,9 +78,8 @@ else applanguage="en_UK" fi - - is_public=$(ynh_app_setting_get "$app" is_public) + #================================================= # MANAGE SCRIPT FAILURE #================================================= @@ -117,7 +126,7 @@ chown -R $app: /home/yunohost.app/$app chmod 755 -R $final_path/galleries #================================================= -# NGINX CONFIGURATION +# NGINX AND PHP-FPM CONFIGURATION #================================================= ynh_add_nginx_config @@ -126,6 +135,10 @@ ynh_store_file_checksum "/etc/nginx/conf.d/$domain.d/$app.conf" # Copy and set php-fpm configuration ynh_add_fpm_config +#================================================= +# CONFIGURE PIWIGO +#================================================= + # Set permissions and reload nginx (needed at this stage for the PHP piwigo installation process) systemctl reload nginx sleep 5s @@ -154,6 +167,10 @@ cp ../conf/database.inc.php $final_path/local/config/database.inc.php # Calculate and store the database config file checksum ynh_store_file_checksum "$final_path/local/config/database.inc.php" +#================================================= +# ADD LDAP & FAIL2BAN PLUGINS +#================================================= + # Activate ldap plugin ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "UPDATE plugins SET state='active' WHERE id='Ldap_Login';" From b927abb98bea0e725e8670a9fba6e6d5bd9ecad2 Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Fri, 22 Sep 2017 21:34:28 +0200 Subject: [PATCH 06/11] Fix restore on failed upgrade --- scripts/upgrade | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/upgrade b/scripts/upgrade index 2926fdf..97d6133 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -89,7 +89,7 @@ is_public=$(ynh_app_setting_get "$app" is_public) if [ -f "/etc/yunohost/apps/$app/scripts/backup" ] ; then ynh_backup_before_upgrade # Backup the current version of the app ynh_clean_setup () { - ynh_backup_after_failed_upgrade + ynh_restore_upgradebackup } ynh_abort_if_errors # Stop script if an error is detected fi From 90d3303b28466641a4cc2b668b4fbaf318a5e58f Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Fri, 22 Sep 2017 21:47:50 +0200 Subject: [PATCH 07/11] Remove unwanted services reload and pauses --- scripts/install | 4 ---- scripts/upgrade | 4 ---- 2 files changed, 8 deletions(-) diff --git a/scripts/install b/scripts/install index 56f8a7b..e9147cc 100644 --- a/scripts/install +++ b/scripts/install @@ -129,10 +129,6 @@ ynh_add_fpm_config # CONFIGURE PIWIGO #================================================= -# Set permissions and reload nginx (needed at this stage for the PHP piwigo installation process) -systemctl reload nginx -sleep 5s -systemctl reload php5-fpm ynh_app_setting_set "$app" unprotected_uris "/" yunohost app ssowatconf diff --git a/scripts/upgrade b/scripts/upgrade index 97d6133..3e72842 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -139,10 +139,6 @@ ynh_add_fpm_config # CONFIGURE PIWIGO #================================================= -# Set permissions and reload nginx (needed at this stage for the PHP piwigo installation process) -systemctl reload nginx -sleep 5s -systemctl reload php5-fpm ynh_app_setting_set "$app" unprotected_uris "/" yunohost app ssowatconf From 7b2e320b004b21d3ac339a25e2e13a22b3df40d8 Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Sat, 23 Sep 2017 10:25:23 +0200 Subject: [PATCH 08/11] Add php5-gd dependency --- scripts/_common.sh | 2 ++ scripts/install | 4 ++++ scripts/remove | 5 +++++ scripts/upgrade | 6 ++++++ 4 files changed, 17 insertions(+) diff --git a/scripts/_common.sh b/scripts/_common.sh index beef539..2a3b1f5 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -3,6 +3,8 @@ # Common variables # +pkg_dependencies="php5-gd" + # ============= FUTURE YUNOHOST HELPERS ============= # Create a dedicated fail2ban config (jail and filter conf files) diff --git a/scripts/install b/scripts/install index e9147cc..f78b839 100644 --- a/scripts/install +++ b/scripts/install @@ -63,6 +63,10 @@ ynh_app_setting_set $app language "$language" #================================================= # STANDARD MODIFICATIONS #================================================= +# INSTALL DEPENDENCIES +#================================================= + +ynh_install_app_dependencies "$pkg_dependencies" #================================================= # CREATE A MYSQL DB diff --git a/scripts/remove b/scripts/remove index 0a3954f..b9cb134 100644 --- a/scripts/remove +++ b/scripts/remove @@ -22,6 +22,11 @@ domain=$(ynh_app_setting_get "$app" domain) #================================================= # STANDARD REMOVE #================================================= +# REMOVE DEPENDENCIES +#================================================= + +# Remove metapackage and its dependencies +ynh_remove_app_dependencies #================================================= # REMOVE THE MYSQL DB diff --git a/scripts/upgrade b/scripts/upgrade index 3e72842..5617f48 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -94,6 +94,12 @@ if [ -f "/etc/yunohost/apps/$app/scripts/backup" ] ; then ynh_abort_if_errors # Stop script if an error is detected fi +#================================================= +# INSTALL DEPENDENCIES +#================================================= + +ynh_install_app_dependencies "$pkg_dependencies" + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= From 8194d574c10839ff41712dfc71adbafb66b3badf Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Sun, 1 Oct 2017 21:58:39 +0200 Subject: [PATCH 09/11] Fallback to official Ldap_login plugin (higher website availability) --- conf/ldap_plugin.src | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/conf/ldap_plugin.src b/conf/ldap_plugin.src index 6802bd1..bf7697f 100644 --- a/conf/ldap_plugin.src +++ b/conf/ldap_plugin.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://gitlab.lindenaar.net/piwigo/Ldap_Login/repository/archive.zip?ref=master -SOURCE_SUM=e33b35deb7fc2f23a185fc278c7f2208dedde2153d23f710579c4bdd23ef1b36 +SOURCE_URL=http://piwigo.org/ext/download.php?rid=4849 +SOURCE_SUM=523c532b9fec1328510bdb12f6ffd2af4f134a33b86b22cf6fc4c7eaebb6e954 SOURCE_FORMAT=zip SOURCE_IN_SUBDIR=true From 7812409128d7c16be4be30508427bcc52bb8f013 Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Sun, 1 Oct 2017 21:59:40 +0200 Subject: [PATCH 10/11] Move actual data directories to /home/yunohost.app (used to move galleries directory instead of _data directory) --- scripts/install | 10 ++++------ scripts/upgrade | 32 ++++++++++++++++++++++++++------ 2 files changed, 30 insertions(+), 12 deletions(-) diff --git a/scripts/install b/scripts/install index f78b839..18f9ba5 100644 --- a/scripts/install +++ b/scripts/install @@ -104,20 +104,18 @@ ynh_system_user_create $app # Create a dedicated system user # Install files and set permissions mkdir $final_path -cp -a $TMPDIR/!(upload|galleries) $final_path +cp -a $TMPDIR/!(upload|_data) $final_path datapath=/home/yunohost.app/$app -mkdir -p $datapath -mkdir -p $datapath/galleries +mkdir -p $datapath/_data mkdir -p $datapath/upload -ln -sd $datapath/galleries $final_path/galleries -cp -a $TMPDIR/galleries/* $final_path/galleries/ +ln -sd $datapath/_data $final_path/_data ln -sd $datapath/upload $final_path/upload chown -R $app: $final_path chown -R $app: $datapath -chmod 755 -R $final_path/galleries +chmod 755 -R $final_path/_data #================================================= # NGINX AND PHP-FPM CONFIGURATION diff --git a/scripts/upgrade b/scripts/upgrade index 5617f48..c2b01a5 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -57,7 +57,7 @@ admin_pwd=$(ynh_app_setting_get "$app" admin_pwd) # Compatibility with previous version; password was not set if [ -z "$admin_pwd" ] ; then # Generate a new password - admin_pwd=$(dd if=/dev/urandom bs=1 count=200 2> /dev/null | tr -c -d 'A-Za-z0-9' | sed -n 's/\(.\{24\}\).*/\1/p') + admin_pwd=$(ynh_string_random 24) # Compute password hash with the Piwigo function cp ../conf/hash_password.php $final_path @@ -122,14 +122,34 @@ ynh_system_user_create $app # Create dedicated user if not existing # SPECIFIC SETUP #================================================= -# Install files and set permissions -cp -a $TMPDIR/!(upload|galleries) $final_path +# We store photos (potentially large data) on /home/yunohost.app +datapath=/home/yunohost.app/$app + +# Backward compatibility: +# If the galleries subdirectory was moved, +# remove the link and overwrite it +# (this directory always includes only a single index.php file...) +if [ -h $final_path/galleries ] ; then + rm -f $final_path/galleries # only a symbolic link, ynh_secure_remove can't handle that + ynh_secure_remove $datapath/galleries +fi + +# Install files and set permissions +cp -a $TMPDIR/!(upload|_data) $final_path + + +# Backward compatibility: +# If the _data subdirectory wasn't already moved to /home/yunohost.app/$app, +# then move it there +if [ ! -h $final_path/_data ] ; then + mv $final_path/_data $datapath + ln -sd $datapath/_data $final_path/_data +fi -cp -a $TMPDIR/galleries/* $final_path/galleries/ chown -R $app: $final_path -chown -R $app: /home/yunohost.app/$app -chmod 755 -R $final_path/galleries +chown -R $app: $datapath +chmod 755 -R $final_path/_data #================================================= # NGINX AND PHP-FPM CONFIGURATION From 2c824f4be81c0d1c307f2f62f920cff5dca1bab6 Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Mon, 2 Oct 2017 18:11:50 +0200 Subject: [PATCH 11/11] Remove sleep statements (can't reproduce initial issues on ARM...) --- scripts/install | 1 - scripts/upgrade | 1 - 2 files changed, 2 deletions(-) diff --git a/scripts/install b/scripts/install index 18f9ba5..a84bb03 100644 --- a/scripts/install +++ b/scripts/install @@ -140,7 +140,6 @@ adm_pwd=$(ynh_string_random 24) ynh_app_setting_set $app admin_pwd "$adm_pwd" # Configure piwigo via curl -sleep 5s mail="$(ynh_user_get_info $admin mail)" ynh_local_curl "/install.php?language=$applanguage" "install=true" "dbuser=$db_user" "dbpasswd=$db_pwd" "dbname=$db_name" "admin_name=$admin" "admin_pass1=$adm_pwd" "admin_pass2=$adm_pwd" "admin_mail=$mail" diff --git a/scripts/upgrade b/scripts/upgrade index c2b01a5..62b0424 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -169,7 +169,6 @@ ynh_app_setting_set "$app" unprotected_uris "/" yunohost app ssowatconf # Configure piwigo via curl -sleep 5s ynh_local_curl "/upgrade.php?language=$applanguage&now=true" "language=$applanguage" "username=$admin" "password=$admin_pwd" # Make a backup of the original config file if modified