mirror of
https://github.com/YunoHost-Apps/piwigo_ynh.git
synced 2024-09-03 20:06:03 +02:00
297 lines
11 KiB
Bash
297 lines
11 KiB
Bash
#!/bin/bash
|
||
|
||
#=================================================
|
||
# GENERIC START
|
||
#=================================================
|
||
# IMPORT GENERIC HELPERS
|
||
#=================================================
|
||
|
||
source _common.sh
|
||
source /usr/share/yunohost/helpers
|
||
|
||
#=================================================
|
||
# LOAD SETTINGS
|
||
#=================================================
|
||
ynh_script_progression --message="Loading installation settings..." --weight=2
|
||
|
||
app=$YNH_APP_INSTANCE_NAME
|
||
|
||
domain=$(ynh_app_setting_get --app=$app --key=domain)
|
||
path_url=$(ynh_app_setting_get --app=$app --key=path)
|
||
admin=$(ynh_app_setting_get --app=$app --key=admin)
|
||
is_public=$(ynh_app_setting_get --app=$app --key=is_public)
|
||
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
||
language=$(ynh_app_setting_get --app=$app --key=language)
|
||
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
||
admin_pwd=$(ynh_app_setting_get --app=$app --key=admin_pwd)
|
||
db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
|
||
|
||
#=================================================
|
||
# CHECK VERSION
|
||
#=================================================
|
||
ynh_script_progression --message="Checking version..."
|
||
|
||
upgrade_type=$(ynh_check_app_version_changed)
|
||
|
||
#=================================================
|
||
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
|
||
#=================================================
|
||
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=6
|
||
|
||
# Backup the current version of the app
|
||
ynh_backup_before_upgrade
|
||
ynh_clean_setup () {
|
||
# Restore it if the upgrade fails
|
||
ynh_restore_upgradebackup
|
||
}
|
||
# Exit if an error occurs during the execution of the script
|
||
ynh_abort_if_errors
|
||
|
||
#=================================================
|
||
# STANDARD UPGRADE STEPS
|
||
#=================================================
|
||
# ENSURE DOWNWARD COMPATIBILITY
|
||
#=================================================
|
||
ynh_script_progression --message="Ensuring downward compatibility..."
|
||
|
||
# If db_name doesn't exist, create it
|
||
if [ -z "$db_name" ]; then
|
||
db_name=$(ynh_sanitize_dbid --db_name=$app)
|
||
ynh_app_setting_set --app=$app --key=db_name --value=$db_name
|
||
fi
|
||
|
||
# If final_path doesn't exist, create it
|
||
if [ -z "$final_path" ]; then
|
||
final_path=/var/www/$app
|
||
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
|
||
fi
|
||
|
||
# Compatibility with previous version; password was not set
|
||
if [ -z "$admin_pwd" ] ; then
|
||
# Generate a new password
|
||
admin_pwd=$(ynh_string_random --length=24)
|
||
|
||
# Compute password hash with the Piwigo function
|
||
cp ../conf/hash_password.php $final_path
|
||
hashed_password=$(cd $final_path ; php hash_password.php $admin_pwd)
|
||
|
||
# Update password hash in database
|
||
db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
|
||
ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "UPDATE users SET password='$hashed_password' WHERE username='$admin';"
|
||
ynh_app_setting_set --app=$app --key=admin_pwd --value="$admin_pwd"
|
||
|
||
# Remove the temporary hash generation script
|
||
ynh_secure_remove --file="$final_path/hash_password.php"
|
||
fi
|
||
|
||
# Use path instead of path_url in settings.yml...
|
||
if [ -z "$path_url" ]
|
||
then
|
||
path_url=$(ynh_app_setting_get --app=$app --key=path_url)
|
||
ynh_app_setting_set --app=$app --key=path --value=$path_url
|
||
ynh_app_setting_delete --app=$app --key=path_url
|
||
fi
|
||
|
||
# Cleaning legacy permissions
|
||
if ynh_legacy_permissions_exists; then
|
||
ynh_legacy_permissions_delete_all
|
||
fi
|
||
|
||
#=================================================
|
||
# CREATE DEDICATED USER
|
||
#=================================================
|
||
ynh_script_progression --message="Making sure dedicated system user exists..."
|
||
|
||
# Create a dedicated user (if not existing)
|
||
ynh_system_user_create --username=$app --home_dir=$final_path
|
||
|
||
#=================================================
|
||
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
||
#=================================================
|
||
|
||
# sets extended pattern matching options in the bash shell
|
||
shopt -s extglob
|
||
|
||
datapath=/home/yunohost.app/$app
|
||
|
||
if [ "$upgrade_type" == "UPGRADE_APP" ]
|
||
then
|
||
ynh_script_progression --message="Upgrading source files..." --weight=3
|
||
|
||
# Create tmp directory and fetch app inside
|
||
tmpdir="$(ynh_smart_mktemp --min_size=300)"
|
||
ynh_setup_source --dest_dir="$tmpdir"
|
||
|
||
# Fetch needed plugins
|
||
mkdir -p $tmpdir/plugins/Ldap_Login
|
||
ynh_setup_source --dest_dir="$tmpdir/plugins/Ldap_Login" --source_id=ldap_plugin
|
||
ynh_setup_source --dest_dir="$tmpdir/plugins" --source_id=log_failed_logins_plugin
|
||
|
||
# Install files and set permissions
|
||
cp -a $tmpdir/!(upload|_data|galleries) $final_path
|
||
|
||
# Backward compatibility:
|
||
# If the _data subdirectory wasn't already moved to /home/yunohost.app/$app,
|
||
# then move it there
|
||
if [ ! -h $final_path/_data ] ; then
|
||
mv $final_path/_data $datapath
|
||
ln -sd $datapath/_data $final_path/_data
|
||
fi
|
||
|
||
# Backward compatibility:
|
||
# If the galleries subdirectory wasn't already moved to /home/yunohost.app/$app,
|
||
# then move it there
|
||
if [ ! -h $final_path/galleries ] ; then
|
||
mv $final_path/galleries $datapath
|
||
ln -sd $datapath/galleries $final_path/galleries
|
||
fi
|
||
|
||
ynh_secure_remove --file="$tmpdir"
|
||
fi
|
||
|
||
chmod 750 "$datapath"
|
||
chmod -R o-rwx "$datapath"
|
||
chown -R $app:www-data "$datapath"
|
||
|
||
chmod 750 "$final_path"
|
||
chmod -R o-rwx "$final_path"
|
||
chown -R $app:www-data "$final_path"
|
||
|
||
#=================================================
|
||
# NGINX CONFIGURATION
|
||
#=================================================
|
||
ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=2
|
||
|
||
# Create a dedicated NGINX config
|
||
ynh_add_nginx_config
|
||
|
||
#=================================================
|
||
# UPGRADE DEPENDENCIES
|
||
#=================================================
|
||
ynh_script_progression --message="Upgrading dependencies..." --weight=6
|
||
|
||
ynh_install_app_dependencies $pkg_dependencies
|
||
|
||
#=================================================
|
||
# PHP-FPM CONFIGURATION
|
||
#=================================================
|
||
ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=3
|
||
|
||
# Create a dedicated PHP-FPM config
|
||
ynh_add_fpm_config
|
||
|
||
#=================================================
|
||
# SPECIFIC UPGRADE
|
||
#=================================================
|
||
# UPGRADE APPLICATION WITH CURL
|
||
#=================================================
|
||
ynh_script_progression --message="Upgrading Piwigo with cURL..." --weight=6
|
||
|
||
# Set the app as temporarily public for cURL call
|
||
if ! ynh_permission_has_user --permission="main" --user="visitors"
|
||
then
|
||
ynh_permission_update --permission="main" --add="visitors"
|
||
fi
|
||
|
||
# Reload NGINX
|
||
ynh_systemd_action --service_name=nginx --action=reload
|
||
|
||
if [ "$language" = "fr" ] ; then
|
||
applanguage="fr_FR"
|
||
else
|
||
applanguage="en_UK"
|
||
fi
|
||
|
||
# Upgrade Piwigo via cURL
|
||
ynh_local_curl "/upgrade.php?language=$applanguage&now=true" "language=$applanguage" "username=$admin" "password=$admin_pwd"
|
||
|
||
#=================================================
|
||
# CONFIGURE PIWIGO
|
||
#=================================================
|
||
ynh_script_progression --message="Configuring Piwigo..."
|
||
|
||
# Change local config
|
||
ynh_add_config --template="../conf/config.inc.php" --destination="$final_path/local/config/config.inc.php"
|
||
|
||
# Setup database in local/config/database.inc.php
|
||
ynh_add_config --template="../conf/database.inc.php" --destination="$final_path/local/config/database.inc.php"
|
||
|
||
chmod 750 "$final_path"
|
||
chmod -R o-rwx "$final_path"
|
||
chown -R $app:www-data "$final_path"
|
||
|
||
#=================================================
|
||
# CONFIGURE LDAP PLUGIN
|
||
#=================================================
|
||
ynh_script_progression --message="Configuring LDAP plugin..."
|
||
|
||
# Disable LDAP plugin to avoid warning messages during API call
|
||
ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "DELETE FROM plugins WHERE id='Ldap_Login';"
|
||
|
||
# Activate the LDAP plugin using the WS API
|
||
|
||
# Login with admin account
|
||
ynh_local_curl "/ws.php?format=json" "method=pwg.session.login" "username=$admin" "password=$admin_pwd"
|
||
# Get session token
|
||
status=$(ynh_local_curl "/ws.php?format=json" "method=pwg.session.getStatus")
|
||
pwg_token=$(jq --raw-output .result.pwg_token <<< $status)
|
||
# Activate the Ldap_Login plugin
|
||
ynh_local_curl "/ws.php?format=json" "method=pwg.plugins.performAction" "action=activate" "plugin=Ldap_Login" "pwg_token=$pwg_token"
|
||
# Log out
|
||
ynh_local_curl "/ws.php?format=json" "method=pwg.session.logout"
|
||
|
||
# Edit Ldap_Login plugin configuration
|
||
ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "UPDATE piwigo_ldap_login_config SET value='ou=users,dc=yunohost,dc=org' WHERE param = 'ld_basedn';
|
||
UPDATE piwigo_ldap_login_config SET value='uid' WHERE param = 'ld_user_attr';
|
||
UPDATE piwigo_ldap_login_config SET value='' WHERE param = 'ld_binddn';
|
||
UPDATE piwigo_ldap_login_config SET value='0' WHERE param = 'allow_new_users';
|
||
UPDATE piwigo_ldap_login_config SET value='0' WHERE param = 'ld_group_user_active';"
|
||
# Remove configuration file for older plugin version
|
||
if [ -f $final_path/plugins/Ldap_Login/data.dat ] ; then
|
||
ynh_secure_remove --file=$final_path/plugins/Ldap_Login/data.dat
|
||
fi
|
||
|
||
# Remove the public access
|
||
ynh_permission_update --permission="main" --remove="visitors"
|
||
|
||
#=================================================
|
||
# GENERIC FINALIZATION
|
||
#=================================================
|
||
# UPGRADE FAIL2BAN
|
||
#=================================================
|
||
ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=8
|
||
|
||
# Configure and activate log_failed_logins plugin
|
||
ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "INSERT INTO plugins (id,state,version) VALUES ('log_failed_logins','active','1.2');" 2>&1 > /dev/null || ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "UPDATE plugins SET state='active' WHERE id='log_failed_logins';"
|
||
ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "INSERT INTO config (param, value) VALUES ('logFailedLoginsFilename','/var/log/${app}FailedLogins.log');" 2>&1 > /dev/null || ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name <<< "UPDATE config SET value='/var/log/${app}FailedLogins.log' WHERE param='logFailedLoginsFilename';"
|
||
|
||
touch "/var/log/${app}FailedLogins.log"
|
||
chown $app: "/var/log/${app}FailedLogins.log"
|
||
|
||
ynh_add_fail2ban_config --logpath="/var/log/${app}FailedLogins.log" --failregex="ip=<HOST>" --max_retry=6
|
||
|
||
#=================================================
|
||
# SETUP SSOWAT
|
||
#=================================================
|
||
ynh_script_progression --message="Configuring permissions..."
|
||
|
||
# Make app public if necessary
|
||
if [ $is_public -eq 1 ]
|
||
then
|
||
# Everyone can access the app.
|
||
# The "main" permission is automatically created before the install script.
|
||
ynh_permission_update --permission="main" --add="visitors"
|
||
fi
|
||
|
||
#=================================================
|
||
# RELOAD NGINX
|
||
#=================================================
|
||
ynh_script_progression --message="Reloading NGINX web server..."
|
||
|
||
ynh_systemd_action --service_name=nginx --action=reload
|
||
|
||
#=================================================
|
||
# END OF SCRIPT
|
||
#=================================================
|
||
|
||
ynh_script_progression --message="Upgrade of $app completed" --last
|