#!/bin/bash shopt -s extglob # sets extended pattern matching options in the bash shell # Exit on command errors and treat unset variables as an error set -eu #================================================= # GENERIC STARTING #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= # Set app specific variables app=$YNH_APP_INSTANCE_NAME # Check destination directory DESTDIR="/var/www/$app" [[ ! -d $DESTDIR ]] && ynh_die \ "The destination directory '$DESTDIR' does not exist.\ The app is not correctly installed, you should remove it first." # Retrieve arguments domain=$(ynh_app_setting_get "$app" domain) path_url=$(ynh_app_setting_get "$app" path_url) # Compatibility with previous version if [ -z "$path_url" ] ; then path_url=$(ynh_app_setting_get "$app" path) ynh_app_setting_set $app path_url "$path_url" fi path_url=$(ynh_normalize_url_path $path_url) final_path=$(ynh_app_setting_get "$app" final_path) # Compatibility with previous version if [ -z "$final_path" ] ; then final_path="/var/www/$app" ynh_app_setting_set $app final_path "$final_path" fi db_name=$(ynh_app_setting_get "$app" db_name) # Compatibility with previous version if [ -z "$db_name" ] ; then db_name=$app ynh_app_setting_set "$app" db_name "$db_name" fi db_user="$db_name" db_pwd=$(ynh_app_setting_get "$app" mysqlpwd) admin=$(ynh_app_setting_get "$app" admin) admin_pwd=$(ynh_app_setting_get "$app" admin_pwd) # Compatibility with previous version; password was not set if [ -z "$admin_pwd" ] ; then # Generate a new password admin_pwd=$(ynh_string_random 24) # Compute password hash with the Piwigo function cp ../conf/hash_password.php $final_path hashed_password=$(cd $final_path ; php hash_password.php $admin_pwd) # Update password hash in database ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "UPDATE users SET password='$hashed_password' WHERE username='$admin';" ynh_app_setting_set $app admin_pwd "$admin_pwd" # Remove the temporary hash generation script ynh_secure_remove "$final_path/hash_password.php" fi language=$(ynh_app_setting_get "$app" language) if [ "$language" = "fr" ] ; then applanguage="fr_FR" else applanguage="en_UK" fi is_public=$(ynh_app_setting_get "$app" is_public) #================================================= # MANAGE SCRIPT FAILURE #================================================= # Use prior backup and restore on error only if backup feature # exists on installed instance if [ -f "/etc/yunohost/apps/$app/scripts/backup" ] ; then ynh_backup_before_upgrade # Backup the current version of the app ynh_clean_setup () { ynh_restore_upgradebackup } ynh_abort_if_errors # Stop script if an error is detected fi #================================================= # INSTALL DEPENDENCIES #================================================= ynh_install_app_dependencies "$pkg_dependencies" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= # Create tmp directory and fetch app inside TMPDIR=$(ynh_mkdir_tmp) ynh_setup_source "$TMPDIR" # Fetch needed plugins mkdir -p $TMPDIR/plugins/Ldap_Login ynh_setup_source "$TMPDIR/plugins/Ldap_Login" ldap_plugin ynh_setup_source "$TMPDIR/plugins" log_failed_logins_plugin #================================================= # CREATE DEDICATED USER #================================================= ynh_system_user_create $app # Create dedicated user if not existing #================================================= # SPECIFIC SETUP #================================================= # We store photos (potentially large data) on /home/yunohost.app datapath=/home/yunohost.app/$app # Backward compatibility: # If the galleries subdirectory was moved, # remove the link and overwrite it # (this directory always includes only a single index.php file...) if [ -h $final_path/galleries ] ; then rm -f $final_path/galleries # only a symbolic link, ynh_secure_remove can't handle that ynh_secure_remove $datapath/galleries fi # Install files and set permissions cp -a $TMPDIR/!(upload|_data) $final_path # Backward compatibility: # If the _data subdirectory wasn't already moved to /home/yunohost.app/$app, # then move it there if [ ! -h $final_path/_data ] ; then mv $final_path/_data $datapath ln -sd $datapath/_data $final_path/_data fi chown -R $app: $final_path chown -R $app: $datapath chmod 755 -R $final_path/_data #================================================= # NGINX AND PHP-FPM CONFIGURATION #================================================= ynh_add_nginx_config ynh_store_file_checksum "/etc/nginx/conf.d/$domain.d/$app.conf" # Copy and set php-fpm configuration ynh_add_fpm_config #================================================= # CONFIGURE PIWIGO #================================================= ynh_app_setting_set "$app" unprotected_uris "/" yunohost app ssowatconf # Configure piwigo via curl ynh_local_curl "/upgrade.php?language=$applanguage&now=true" "language=$applanguage" "username=$admin" "password=$admin_pwd" # Make a backup of the original config file if modified ynh_backup_if_checksum_is_different "$final_path/local/config/config.inc.php" # Change local config cp ../conf/config.inc.php $final_path/local/config/ # Calculate and store the config file checksum ynh_store_file_checksum "$final_path/local/config/config.inc.php" # Make a backup of the original database config file if modified ynh_backup_if_checksum_is_different "$final_path/local/config/database.inc.php" # Setup database in local/config/database.inc.php ynh_replace_string "DBTOCHANGE" "$db_name" ../conf/database.inc.php ynh_replace_string "USERTOCHANGE" "$db_user" ../conf/database.inc.php ynh_replace_string "PASSTOCHANGE" "$db_pwd" ../conf/database.inc.php cp ../conf/database.inc.php $final_path/local/config/database.inc.php # Calculate and store the database config file checksum ynh_store_file_checksum "$final_path/local/config/database.inc.php" #================================================= # ADD LDAP & FAIL2BAN PLUGINS #================================================= # Activate ldap plugin ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "UPDATE plugins SET state='active' WHERE id='Ldap_Login';" # Configure and activate log_failed_logins plugin ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "INSERT INTO plugins (id,state,version) VALUES ('log_failed_logins','active','1.2');" 2>&1 > /dev/null ||ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "UPDATE plugins SET state='active' WHERE id='log_failed_logins';" ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "INSERT INTO config (param, value) VALUES ('logFailedLoginsFilename','/var/log/${app}FailedLogins.log');" 2>&1 > /dev/null || ynh_mysql_connect_as $db_name $db_pwd $db_user <<< "UPDATE config SET value='/var/log/${app}FailedLogins.log' WHERE param='logFailedLoginsFilename';" touch "/var/log/${app}FailedLogins.log" chown $app: "/var/log/${app}FailedLogins.log" # Set-up fail2ban ynh_add_fail2ban_config "/var/log/${app}FailedLogins.log" "ip=" 6 # Protect URIs if private if [ $is_public -eq 0 ]; then ynh_app_setting_delete "$app" unprotected_uris ynh_app_setting_set "$app" protected_uris "/" fi #================================================= # RELOAD NGINX #================================================= systemctl restart php5-fpm systemctl reload nginx