#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= #REMOVEME? ynh_script_progression --message="Loading installation settings..." --weight=2 #REMOVEME? app=$YNH_APP_INSTANCE_NAME #REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain) #REMOVEME? path=$(ynh_app_setting_get --app=$app --key=path) #REMOVEME? language=$(ynh_app_setting_get --app=$app --key=language) #REMOVEME? admin=$(ynh_app_setting_get --app=$app --key=admin) #REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir) #REMOVEME? db_name=$(ynh_app_setting_get --app=$app --key=db_name) #REMOVEME? db_user=$db_name #REMOVEME? db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) #REMOVEME? admin_pwd=$(ynh_app_setting_get --app=$app --key=admin_pwd) #REMOVEME? data_dir=$(ynh_app_setting_get --app=$app --key=data_dir) #REMOVEME? phpversion=$YNH_PHP_VERSION #REMOVEME? fpm_footprint=$(ynh_app_setting_get --app=$app --key=fpm_footprint) #REMOVEME? fpm_free_footprint=$(ynh_app_setting_get --app=$app --key=fpm_free_footprint) #REMOVEME? fpm_usage=$(ynh_app_setting_get --app=$app --key=fpm_usage) #================================================= # CHECK VERSION #================================================= upgrade_type=$(ynh_check_app_version_changed) #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= #REMOVEME? ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=6 # Backup the current version of the app #REMOVEME? ynh_backup_before_upgrade #REMOVEME? ynh_clean_setup () { # Restore it if the upgrade fails #REMOVEME? ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script #REMOVEME? ynh_abort_if_errors #================================================= # STANDARD UPGRADE STEPS #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= ynh_script_progression --message="Ensuring downward compatibility..." # If fpm_footprint doesn't exist, create it if [ -z "$fpm_footprint" ]; then fpm_footprint=low ynh_app_setting_set --app=$app --key=fpm_footprint --value=$fpm_footprint fi # If fpm_free_footprint doesn't exist, create it if [ -z "$fpm_free_footprint" ]; then fpm_free_footprint=0 ynh_app_setting_set --app=$app --key=fpm_free_footprint --value=$fpm_free_footprint fi # If fpm_usage doesn't exist, create it if [ -z "$fpm_usage" ]; then fpm_usage=low ynh_app_setting_set --app=$app --key=fpm_usage --value=$fpm_usage fi # Cleaning legacy permissions #REMOVEME? if ynh_legacy_permissions_exists; then #REMOVEME? ynh_legacy_permissions_delete_all fi # If data_dir doesn't exist, create it if [ -z "$data_dir" ]; then data_dir=/home/yunohost.app/$app #REMOVEME? ynh_app_setting_set --app=$app --key=data_dir --value=$data_dir fi # If db_name doesn't exist, create it if [ -z "$db_name" ]; then db_name=$(ynh_sanitize_dbid --db_name=$app) #REMOVEME? ynh_app_setting_set --app=$app --key=db_name --value=$db_name fi # If install_dir doesn't exist, create it if [ -z "$install_dir" ]; then #REMOVEME? install_dir=/var/www/$app #REMOVEME? ynh_app_setting_set --app=$app --key=install_dir --value=$install_dir fi # Compatibility with previous version; password was not set if [ -z "$admin_pwd" ] ; then # Generate a new password admin_pwd=$(ynh_string_random --length=24) # Compute password hash with the Piwigo function cp ../conf/hash_password.php $install_dir hashed_password=$(cd $install_dir ; php hash_password.php $admin_pwd) # Update password hash in database #REMOVEME? db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "UPDATE users SET password='$hashed_password' WHERE username='$admin';" #REMOVEME? ynh_app_setting_set --app=$app --key=admin_pwd --value="$admin_pwd" # Remove the temporary hash generation script #REMOVEME? ynh_secure_remove --file="$install_dir/hash_password.php" fi # Use path instead of path in settings.yml... if [ -z "$path" ] then #REMOVEME? path=$(ynh_app_setting_get --app=$app --key=path) #REMOVEME? ynh_app_setting_set --app=$app --key=path --value=$path ynh_app_setting_delete --app=$app --key=path fi #================================================= # CREATE DEDICATED USER #================================================= #REMOVEME? ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 # Create a dedicated user (if not existing) #REMOVEME? ynh_system_user_create --username=$app --home_dir="$install_dir" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= # sets extended pattern matching options in the bash shell shopt -s extglob if [ "$upgrade_type" == "UPGRADE_APP" ] then ynh_script_progression --message="Upgrading source files..." --weight=3 # Create tmp directory and fetch app inside tmpdir="$(ynh_smart_mktemp --min_size=300)" ynh_setup_source --dest_dir="$tmpdir" # Fetch needed plugins mkdir -p $tmpdir/plugins/Ldap_Login ynh_setup_source --dest_dir="$tmpdir/plugins/Ldap_Login" --source_id=ldap_plugin ynh_setup_source --dest_dir="$tmpdir/plugins" --source_id=log_failed_logins_plugin # Install files and set permissions cp -a $tmpdir/!(upload|_data|galleries) $install_dir # Backward compatibility: # If the _data subdirectory wasn't already moved to /home/yunohost.app/$app, # then move it there if [ ! -h $install_dir/_data ] ; then mv $install_dir/_data $data_dir ln -sd $data_dir/_data $install_dir/_data fi # Backward compatibility: # If the galleries subdirectory wasn't already moved to /home/yunohost.app/$app, # then move it there if [ ! -h $install_dir/galleries ] ; then mv $install_dir/galleries $data_dir ln -sd $data_dir/galleries $install_dir/galleries fi ynh_secure_remove --file="$tmpdir" fi chmod 750 "$data_dir" chmod -R o-rwx "$data_dir" chown -R $app:www-data "$data_dir" chmod 750 "$install_dir" chmod -R o-rwx "$install_dir" chown -R $app:www-data "$install_dir" #================================================= # UPGRADE DEPENDENCIES #================================================= #REMOVEME? ynh_script_progression --message="Upgrading dependencies..." --weight=6 #REMOVEME? ynh_install_app_dependencies $pkg_dependencies #================================================= # PHP-FPM CONFIGURATION #================================================= ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=3 # Create a dedicated PHP-FPM config ynh_add_fpm_config --phpversion=$phpversion --usage=$fpm_usage --footprint=$fpm_footprint #REMOVEME? phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= # NGINX CONFIGURATION #================================================= ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=2 # Create a dedicated NGINX config ynh_add_nginx_config #================================================= # SPECIFIC UPGRADE #================================================= # UPGRADE APPLICATION WITH CURL #================================================= ynh_script_progression --message="Upgrading Piwigo with cURL..." --weight=6 # Reload NGINX #REMOVEME? ynh_systemd_action --service_name=nginx --action=reload if [ "$language" = "fr" ] ; then applanguage="fr_FR" else applanguage="en_UK" fi # Upgrade Piwigo via cURL ynh_local_curl "/upgrade.php?language=$applanguage&now=true" "language=$applanguage" "username=$admin" "password=$admin_pwd" #================================================= # CONFIGURE PIWIGO #================================================= ynh_script_progression --message="Configuring Piwigo..." # Change local config ynh_add_config --template="../conf/config.inc.php" --destination="$install_dir/local/config/config.inc.php" # Setup database in local/config/database.inc.php ynh_add_config --template="../conf/database.inc.php" --destination="$install_dir/local/config/database.inc.php" chmod 750 "$install_dir" chmod -R o-rwx "$install_dir" chown -R $app:www-data "$install_dir" #================================================= # CONFIGURE LDAP PLUGIN #================================================= ynh_script_progression --message="Configuring LDAP plugin..." # Disable LDAP plugin to avoid warning messages during API call ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "DELETE FROM plugins WHERE id='Ldap_Login';" # Activate the LDAP plugin using the WS API # Login with admin account ynh_local_curl "/ws.php?format=json" "method=pwg.session.login" "username=$admin" "password=$admin_pwd" # Get session token status=$(ynh_local_curl "/ws.php?format=json" "method=pwg.session.getStatus") pwg_token=$(jq --raw-output .result.pwg_token <<< $status) # Activate the Ldap_Login plugin ynh_local_curl "/ws.php?format=json" "method=pwg.plugins.performAction" "action=activate" "plugin=Ldap_Login" "pwg_token=$pwg_token" # Log out ynh_local_curl "/ws.php?format=json" "method=pwg.session.logout" # Edit Ldap_Login plugin configuration ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "UPDATE piwigo_ldap_login_config SET value='ou=users,dc=yunohost,dc=org' WHERE param = 'ld_basedn'; UPDATE piwigo_ldap_login_config SET value='uid' WHERE param = 'ld_user_attr'; UPDATE piwigo_ldap_login_config SET value='' WHERE param = 'ld_binddn'; UPDATE piwigo_ldap_login_config SET value='0' WHERE param = 'allow_new_users'; UPDATE piwigo_ldap_login_config SET value='0' WHERE param = 'ld_group_user_active';" # Remove configuration file for older plugin version if [ -f $install_dir/plugins/Ldap_Login/data.dat ] ; then #REMOVEME? ynh_secure_remove --file=$install_dir/plugins/Ldap_Login/data.dat fi #================================================= # GENERIC FINALIZATION #================================================= # UPGRADE FAIL2BAN #================================================= ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=8 # Configure and activate log_failed_logins plugin ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "INSERT INTO plugins (id,state,version) VALUES ('log_failed_logins','active','1.2');" 2>&1 > /dev/null || ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "UPDATE plugins SET state='active' WHERE id='log_failed_logins';" ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "INSERT INTO config (param, value) VALUES ('logFailedLoginsFilename','/var/log/${app}FailedLogins.log');" 2>&1 > /dev/null || ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "UPDATE config SET value='/var/log/${app}FailedLogins.log' WHERE param='logFailedLoginsFilename';" touch "/var/log/${app}FailedLogins.log" chown $app: "/var/log/${app}FailedLogins.log" ynh_add_fail2ban_config --logpath="/var/log/${app}FailedLogins.log" --failregex="ip=" --max_retry=6 #================================================= # RELOAD NGINX #================================================= #REMOVEME? ynh_script_progression --message="Reloading NGINX web server..." --weight=1 #REMOVEME? ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT #================================================= ynh_script_progression --message="Upgrade of $app completed" --last