YunoHost-Apps/piwigo_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/piwigo_ynh.git synced 2024-09-03 20:06:03 +02:00
Code Issues Activity Actions 1
piwigo_ynh/scripts/upgrade

308 lines
12 KiB
Bash
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#!/bin/bash
#=================================================
# GENERIC STARTING
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source /usr/share/yunohost/helpers
source _ynh_local_curl
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=2
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
admin=$(ynh_app_setting_get --app=$app --key=admin)
is_public=$(ynh_app_setting_get --app=$app --key=is_public)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
language=$(ynh_app_setting_get --app=$app --key=language)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
admin_pwd=$(ynh_app_setting_get --app=$app --key=admin_pwd)
#=================================================
# CHECK VERSION
#=================================================
upgrade_type=$(ynh_check_app_version_changed)
# Workaround for now to force all instances to get the latest LDAP plugin
# in order to create the dedicated tables
upgrade_type="UPGRADE_APP"
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
ynh_script_progression --message="Ensuring downward compatibility..."
# If db_name doesn't exist, create it
if [ -z "$db_name" ]; then
db_name=$(ynh_sanitize_dbid --db_name=$app)
ynh_app_setting_set --app=$app --key=db_name --value=$db_name
fi
# If final_path doesn't exist, create it
if [ -z "$final_path" ]; then
final_path=/var/www/$app
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
fi
# Compatibility with previous version; password was not set
if [ -z "$admin_pwd" ] ; then
# Generate a new password
admin_pwd=$(ynh_string_random --length=24)
# Compute password hash with the Piwigo function
cp ../conf/hash_password.php $final_path
hashed_password=$(cd $final_path ; php hash_password.php $admin_pwd)
# Update password hash in database
db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "UPDATE users SET password='$hashed_password' WHERE username='$admin';"
ynh_app_setting_set --app=$app --key=admin_pwd --value="$admin_pwd"
# Remove the temporary hash generation script
ynh_secure_remove --file="$final_path/hash_password.php"
fi
# Use path instead of path_url in settings.yml...
if [ -z "$path_url" ]
then
path_url=$(ynh_app_setting_get --app=$app --key=path_url)
ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_delete --app=$app --key=path_url
fi
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=6
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
# restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# CHECK THE PATH
#=================================================
# Normalize the URL path syntax
path_url=$(ynh_normalize_url_path --path_url=$path_url)
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
ynh_script_progression --message="Upgrading source files..." --weight=3
# Create tmp directory and fetch app inside
tmpdir="$(ynh_smart_mktemp --min_size=300)"
ynh_setup_source --dest_dir="$tmpdir"
# Fetch needed plugins
mkdir -p $tmpdir/plugins/Ldap_Login
ynh_setup_source --dest_dir="$tmpdir/plugins/Ldap_Login" --source_id=ldap_plugin
ynh_setup_source --dest_dir="$tmpdir/plugins" --source_id=log_failed_logins_plugin
fi
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading nginx web server configuration..." --weight=2
# Create a dedicated nginx config
ynh_add_nginx_config
#=================================================
# UPGRADE DEPENDENCIES
#=================================================
ynh_script_progression --message="Upgrading dependencies..." --weight=6
ynh_install_app_dependencies "$pkg_dependencies"
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..."
# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading php-fpm configuration..." --weight=3
# Create a dedicated php-fpm config
ynh_add_fpm_config
#=================================================
# SPECIFIC UPGRADE
#=================================================
# COPY FILES TO $FINAL_PATH
#=================================================
# sets extended pattern matching options in the bash shell
shopt -s extglob
datapath=/home/yunohost.app/$app
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
# Install files and set permissions
cp -a $tmpdir/!(upload|_data|galleries) $final_path
# Backward compatibility:
# If the _data subdirectory wasn't already moved to /home/yunohost.app/$app,
# then move it there
if [ ! -h $final_path/_data ] ; then
mv $final_path/_data $datapath
ln -sd $datapath/_data $final_path/_data
fi
# Backward compatibility:
# If the galleries subdirectory wasn't already moved to /home/yunohost.app/$app,
# then move it there
if [ ! -h $final_path/galleries ] ; then
mv $final_path/galleries $datapath
ln -sd $datapath/galleries $final_path/galleries
fi
ynh_secure_remove --file="$tmpdir"
fi
chown -R $app: $final_path
chown -R $app: $datapath
chmod 755 -R $final_path/_data
#=================================================
# UPGRADE APPLICATION WITH CURL
#=================================================
ynh_script_progression --message="Upgrading piwigo with Curl..." --weight=6
ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
# Reload SSOwat config
yunohost app ssowatconf
# Reload Nginx
ynh_systemd_action --service_name=nginx --action=reload
if [ "$language" = "fr" ] ; then
applanguage="fr_FR"
else
applanguage="en_UK"
fi
# Upgrade piwigo via curl
ynh_local_curl "/upgrade.php?language=$applanguage&now=true" "language=$applanguage" "username=$admin" "password=$admin_pwd"
#=================================================
# CONFIGURE PIWIGO
#=================================================
ynh_script_progression --message="Configuring piwigo..."
# Make a backup of the original config file if modified
ynh_backup_if_checksum_is_different --file="$final_path/local/config/config.inc.php"
# Change local config
cp ../conf/config.inc.php $final_path/local/config/
# Calculate and store the config file checksum
ynh_store_file_checksum --file="$final_path/local/config/config.inc.php"
# Make a backup of the original database config file if modified
ynh_backup_if_checksum_is_different --file="$final_path/local/config/database.inc.php"
# Setup database in local/config/database.inc.php
ynh_replace_string --match_string="__DBTOCHANGE__" --replace_string="$db_name" --target_file=../conf/database.inc.php
ynh_replace_string --match_string="__USERTOCHANGE__" --replace_string="$db_name" --target_file=../conf/database.inc.php
db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
ynh_replace_string --match_string="__PASSTOCHANGE__" --replace_string="$db_pwd" --target_file=../conf/database.inc.php
cp ../conf/database.inc.php $final_path/local/config/database.inc.php
# Calculate and store the database config file checksum
ynh_store_file_checksum --file="$final_path/local/config/database.inc.php"
#=================================================
# CONFIGURE LDAP PLUGIN
#=================================================
ynh_script_progression --message="Configuring LDAP plugin..."
# Activate the LDAP plugin using the WS API
# Login with admin account
ynh_local_curl "/ws.php?format=json" "method=pwg.session.login" "username=$admin" "password=$admin_pwd"
# Get session token
status=$(ynh_local_curl "/ws.php?format=json" "method=pwg.session.getStatus")
pwg_token=$(jq --raw-output .result.pwg_token <<< $status)
# Activate the Ldap_Login plugin
ynh_local_curl "/ws.php?format=json" "method=pwg.plugins.performAction" "action=activate" "plugin=Ldap_Login" "pwg_token=$pwg_token"
# Log out
ynh_local_curl "/ws.php?format=json" "method=pwg.session.logout"
# Edit Ldap_Login plugin configuration
ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "UPDATE piwigo_ldap_login_config SET value='ou=users,dc=yunohost,dc=org' WHERE param = 'ld_basedn';
UPDATE piwigo_ldap_login_config SET value='uid' WHERE param = 'ld_user_attr';
UPDATE piwigo_ldap_login_config SET value='' WHERE param = 'ld_binddn';
UPDATE piwigo_ldap_login_config SET value='0' WHERE param = 'allow_new_users';
UPDATE piwigo_ldap_login_config SET value='0' WHERE param = 'ld_group_user_active';"
# Remove configuration file for older plugin version
if [ -f $final_path/plugins/Ldap_Login/data.dat ] ; then
ynh_secure_remove --file=$final_path/plugins/Ldap_Login/data.dat
fi
#=================================================
# UPGRADE FAIL2BAN
#=================================================
ynh_script_progression --message="Reconfiguring fail2ban..." --weight=8
# Configure and activate log_failed_logins plugin
ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "INSERT INTO plugins (id,state,version) VALUES ('log_failed_logins','active','1.2');" 2>&1 > /dev/null || ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "UPDATE plugins SET state='active' WHERE id='log_failed_logins';"
ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "INSERT INTO config (param, value) VALUES ('logFailedLoginsFilename','/var/log/${app}FailedLogins.log');" 2>&1 > /dev/null || ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "UPDATE config SET value='/var/log/${app}FailedLogins.log' WHERE param='logFailedLoginsFilename';"
touch "/var/log/${app}FailedLogins.log"
chown $app: "/var/log/${app}FailedLogins.log"
ynh_add_fail2ban_config --logpath="/var/log/${app}FailedLogins.log" --failregex="ip=<HOST>" --max_retry=6
#=================================================
# GENERIC FINALIZATION
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Upgrading SSOwat configuration..."
# Protect URIs if private
if [ $is_public -eq 0 ]
then
ynh_app_setting_delete --app=$app --key=unprotected_uris
ynh_app_setting_set --app=$app --key=protected_uris --value="/"
fi
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading nginx web server..."
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Upgrade of $app completed" --last
Reference in a new issue View git blame Copy permalink