From 0d0343da791772e54e4654be78b31f16db7154c6 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Thu, 28 Mar 2019 20:40:10 +0100 Subject: [PATCH] Apply example_ynh --- README.md | 39 ++++++++++++++++++++++++++-- check_process | 9 ++----- conf/nginx.conf | 3 +-- conf/php-fpm.conf | 64 ++++++++++++++++++++++++++++++++++++---------- manifest.json | 32 +++++++++++++---------- scripts/_common.sh | 19 ++++++++++++++ scripts/install | 57 ++++++++++++++++++----------------------- scripts/remove | 23 +++++++++++++---- 8 files changed, 171 insertions(+), 75 deletions(-) diff --git a/README.md b/README.md index 892a92ae..521618bd 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,12 @@ -# pixelfed_ynh +# Pixelfed for YunoHost + +[![Integration level](https://dash.yunohost.org/integration/pixelfed.svg)](https://dash.yunohost.org/appci/app/pixelfed) +[![Install pixelfed with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=pixelfed) + +> *This package allow you to install pixelfed quickly and simply on a YunoHost server. +If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.* + +## Overview The federated image shareing service Pixelfed, for YunoHost **Shipped version:** NONE, THIS PACKAGE DOESN'T WORK YET! @@ -18,9 +26,36 @@ Don't hesitate to give a hand if you wish, I assume only the nginx file needs im * to be added: * [ ] everything +## Documentation + + * Official documentation: https://docs.pixelfed.org/master/ + +## YunoHost specific features + +#### Supported architectures + +* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/pixelfed%20%28Community%29.svg)](https://ci-apps.yunohost.org/ci/apps/pixelfed/) +* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/pixelfed%20%28Community%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/pixelfed/) +* Jessie x86-64b - [![Build Status](https://ci-stretch.nohost.me/ci/logs/pixelfed%20%28Community%29.svg)](https://ci-stretch.nohost.me/ci/apps/pixelfed/) + ## Links * Report a bug about this package: https://github.com/YunoHost-Apps/pixelfed_ynh - * Report a bug about Pixelfed itself: https://github.com/pixelfed/pixelfed * Pixelfed website: https://pixelfed.org + * Pixelfed github website: https://github.com/pixelfed/pixelfed * YunoHost website: https://yunohost.org + +--- + +Developers info +---------------- + +**Only if you want to use a testing branch for coding, instead of merging directly into master.** +Please do your pull request to the [testing branch](https://github.com/YunoHost-Apps/pixelfed_ynh/tree/testing). + +To try the testing branch, please proceed like that. +``` +sudo yunohost app install https://github.com/YunoHost-Apps/pixelfed_ynh/tree/testing --debug +or +sudo yunohost app upgrade pixelfed -u https://github.com/YunoHost-Apps/pixelfed_ynh/tree/testing --debug +``` diff --git a/check_process b/check_process index 03f1f6b2..2402e30b 100644 --- a/check_process +++ b/check_process @@ -1,5 +1,4 @@ ;; Test complet - auto_remove=1 ; Manifest domain="domain.tld" (DOMAIN) path="/path" (PATH) @@ -14,13 +13,9 @@ upgrade=0 backup_restore=0 multi_instance=0 - wrong_user=0 - wrong_path=0 incorrect_path=0 - corrupt_source=0 - fail_download_source=0 port_already_use=0 - final_path_already_use=0 + change_url=0 ;;; Levels Level 1=auto Level 2=auto @@ -34,4 +29,4 @@ Level 10=0 ;;; Options Email=jean-baptiste@holcroft.fr -Notification=all \ No newline at end of file +Notification=all diff --git a/conf/nginx.conf b/conf/nginx.conf index 4bafe039..a8a969d9 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -7,7 +7,6 @@ location __PATH__ { rewrite ^ https://$server_name$request_uri? permanent; } - # Example PHP configuration (remove if not used) index index.php; # Common parameter to increase upload size limit in conjuction with dedicated php-fpm file @@ -34,4 +33,4 @@ location __PATH__ { # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; -} \ No newline at end of file +} diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index da287b39..38af5827 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -1,10 +1,11 @@ ; Start a new pool named 'www'. -; the variable $pool can we used in any directive and will be replaced by the +; the variable $pool can be used in any directive and will be replaced by the ; pool name ('www' here) [__NAMETOCHANGE__] ; Per pool prefix ; It only applies on the following directives: +; - 'access.log' ; - 'slowlog' ; - 'listen' (unixsocket) ; - 'chroot' @@ -24,17 +25,19 @@ group = __USER__ ; The address on which to accept FastCGI requests. ; Valid syntaxes are: -; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on ; a specific port; -; 'port' - to listen on a TCP socket to all addresses on a -; specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; ; '/path/to/unix/socket' - to listen on a unix socket. ; Note: This value is mandatory. listen = /var/run/php7-fpm-__NAMETOCHANGE__.sock -; Set listen(2) backlog. A value of '-1' means unlimited. -; Default Value: 128 (-1 on FreeBSD and OpenBSD) -;listen.backlog = 128 +; Set listen(2) backlog. +; Default Value: 511 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 511 ; Set permissions for unix socket, if one is used. In Linux, read/write ; permissions must be set in order to allow connections from a web server. Many @@ -44,8 +47,13 @@ listen = /var/run/php7-fpm-__NAMETOCHANGE__.sock listen.owner = www-data listen.group = www-data ;listen.mode = 0660 +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = -; List of ipv4 addresses of FastCGI clients which are allowed to connect. +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original ; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address ; must be separated by a comma. If this value is left blank, connections will be @@ -59,7 +67,13 @@ listen.group = www-data ; - The pool processes will inherit the master process priority ; unless it specified otherwise ; Default Value: no set -; priority = -19 +; process.priority = -19 + +; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user +; or group is differrent than the master process user. It allows to create process +; core dump and ptrace the process for the pool user. +; Default Value: no +; process.dumpable = yes ; Choose how the process manager will control the number of child processes. ; Possible Values: @@ -215,7 +229,7 @@ pm.max_requests = 500 ; last request memory: 0 ; ; Note: There is a real-time FPM status monitoring sample web page available -; It's available in: ${prefix}/share/fpm/status.html +; It's available in: /usr/share/php/7.0/fpm/status.html ; ; Note: The value must start with a leading slash (/). The value can be ; anything, but it may not be a good idea to use the .php extension or it @@ -275,7 +289,7 @@ pm.max_requests = 500 ; - %{megabytes}M ; - %{mega}M ; %n: pool name -; %o: ouput header +; %o: output header ; it must be associated with embraces to specify the name of the header: ; - %{Content-Type}o ; - %{X-Powered-By}o @@ -291,9 +305,13 @@ pm.max_requests = 500 ; %t: server time the request was received ; it can accept a strftime(3) format: ; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t ; %T: time the log has been written (the request has finished) ; it can accept a strftime(3) format: ; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t ; %u: remote user ; ; Default: "%R - %u %t \"%m %r\" %s" @@ -349,13 +367,22 @@ chdir = __FINALPATH__ ; Default Value: no catch_workers_output = yes +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no + ; Limits the extensions of the main script FPM will allow to parse. This can ; prevent configuration mistakes on the web server side. You should only limit ; FPM to .php extensions to prevent malicious users to use other extensions to -; exectute php code. +; execute php code. ; Note: set an empty value to allow all extensions. ; Default Value: .php -;security.limit_extensions = .php .php3 .php4 .php5 +;security.limit_extensions = .php .php3 .php4 .php5 .php7 ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from ; the current environment. @@ -390,3 +417,14 @@ catch_workers_output = yes ;php_admin_value[error_log] = /var/log/fpm-php.www.log ;php_admin_flag[log_errors] = on ;php_admin_value[memory_limit] = 32M + +; Common values to change to increase file upload limit +; php_admin_value[upload_max_filesize] = 50M +; php_admin_value[post_max_size] = 50M +; php_admin_flag[mail.add_x_header] = Off + +; Other common parameters +; php_admin_value[max_execution_time] = 600 +; php_admin_value[max_input_time] = 300 +; php_admin_value[memory_limit] = 256M +; php_admin_flag[short_open_tag] = On diff --git a/manifest.json b/manifest.json index 5182c919..d791f120 100644 --- a/manifest.json +++ b/manifest.json @@ -3,18 +3,19 @@ "id": "pixelfed", "packaging_format": 1, "description": { - "en": "Federated Image Sharing" + "en": "ActivityPub Federated Image Sharing", + "fr": "Partage d'image fédéré avec ActivityPub." }, "version": "0.0.0~ynh2", "url": "https://pixelfed.org/", "license": "MIT", - "requirements": { - "yunohost": ">= 3.0.0" - }, "maintainer": { "name": "jibec", "email": "jean-baptiste@holcroft.fr" }, + "requirements": { + "yunohost": ">= 3.0.0" + }, "multi_instance": false, "services": [ "nginx" @@ -23,28 +24,31 @@ "install": [ { "name": "domain", + "type": "domain", "ask": { - "en": "Choose a domain for Pixelfed" + "en": "Choose a domain for Pixelfed", + "fr": "Choisissez un nom de domaine pour Pixelfed" }, - "example": "domain.org", - "type": "domain" + "example": "domain.org" }, { "name": "path", - "ask": { - "en": "Choose a path for Pixelfed" - }, "type": "path", + "ask": { + "en": "Choose a path for Pixelfed", + "fr": "Choisissez un chemin pour Pixelfed" + }, "example": "/pixelfed", "default": "/pixelfed" }, { "name": "is_public", - "ask": { - "en": "Is it a public site ?" - }, "type": "boolean", - "default": "0" + "ask": { + "en": "Is it a public application?", + "fr": "Est-ce une application publique ?" + }, + "default": true } ] } diff --git a/scripts/_common.sh b/scripts/_common.sh index 354f8f60..ecdc29c8 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,5 +1,24 @@ #!/bin/bash +#================================================= +# COMMON VARIABLES +#================================================= + +# dependencies used by the app +pkg_dependencies="deb1 deb2" + +#================================================= +# PERSONAL HELPERS +#================================================= + +#================================================= +# EXPERIMENTAL HELPERS +#================================================= + +#================================================= +# FUTURE OFFICIAL HELPERS +#================================================= + ynh_install_php7 () { wget -q -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" | tee /etc/apt/sources.list.d/php7.list diff --git a/scripts/install b/scripts/install index e64a09d9..1bc16018 100644 --- a/scripts/install +++ b/scripts/install @@ -25,55 +25,42 @@ domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH is_public=$YNH_APP_ARG_IS_PUBLIC -# This is a multi-instance app, meaning it can be installed several times independently -# The id of the app as stated in the manifest is available as $YNH_APP_ID -# The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2", ...) -# The app instance name is available as $YNH_APP_INSTANCE_NAME -# - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample -# - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2 -# - ynhexample__{N} for the subsequent installations, with N=3,4, ... -# The app instance name is probably what you are interested the most, since this is -# guaranteed to be unique. This is a good unique identifier to define installation path, -# db names, ... app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= +ynh_print_info "Validating installation parameters..." final_path=/var/www/$app test ! -e "$final_path" || ynh_die "This path already contains a folder" -# Normalize the url path syntax -path_url=$(ynh_normalize_url_path "$path_url") - -# Check web path availability -ynh_webpath_available "$domain" "$path_url" # Register (book) web path -ynh_webpath_register "$app" "$domain" "$path_url" +ynh_webpath_register $app $domain $path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= -ynh_app_setting_set "$app" domain "$domain" -ynh_app_setting_set "$app" path "$path_url" -ynh_app_setting_set "$app" is_public "$is_public" +ynh_app_setting_set $app domain $domain +ynh_app_setting_set $app path $path_url +ynh_app_setting_set $app is_public $is_public #================================================= # STANDARD MODIFICATIONS #================================================= # INSTALL DEPENDENCIES #================================================= +ynh_print_info "Installing dependencies..." ynh_install_php7 -ynh_install_app_dependencies php7.1 php7.1-fpm php7.1-mbstring \ - postgresql redis-server +ynh_install_app_dependencies php7.1 php7.1-fpm php7.1-mbstring postgresql redis-server #================================================= -# CREATE A PostgreSQL DATABASE +# CREATE A POSTGRESQL DATABASE #================================================= +ynh_print_info "Creating a PostgreSQL database..." ynh_psql_test_if_first_run @@ -98,6 +85,7 @@ ynh_setup_source "$final_path" #================================================= # NGINX CONFIGURATION #================================================= +ynh_print_info "Configuring nginx web server..." # Create a dedicated nginx config ynh_add_nginx_config @@ -105,9 +93,10 @@ ynh_add_nginx_config #================================================= # CREATE DEDICATED USER #================================================= +ynh_print_info "Configuring system user..." # Create a system user -ynh_system_user_create "$app" +ynh_system_user_create $app #================================================= # PHP-FPM CONFIGURATION @@ -127,7 +116,7 @@ init_composer "$app" "$final_path" #================================================= # SPECIFIC SETUP #================================================= -# MODIFY A .ENV +# MODIFY A CONFIG FILE #================================================= config="$final_path/.env" @@ -148,7 +137,7 @@ ynh_replace_string "__DB_PWD__" "$db_pwd" "$config" ynh_store_file_checksum "$config" #================================================= -# STORE THE CHECKSUM OF THE CONFIG FILE +# GENERATE KEY AND CLEAR CACHE #================================================= # generate key and clear cache @@ -171,20 +160,24 @@ chown -R "$app": "$final_path/storage/" #================================================= # SETUP SSOWAT #================================================= +ynh_print_info "Configuring SSOwat..." -if [ "$is_public" -eq 0 ] -then # Remove the public access - ynh_app_setting_delete "$app" skipped_uris -fi # Make app public if necessary -if [ "$is_public" -eq 1 ] +if [ $is_public -eq 1 ] then # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set "$app" unprotected_uris "/" + ynh_app_setting_set $app unprotected_uris "/" fi #================================================= # RELOAD NGINX #================================================= +ynh_print_info "Reloading nginx web server..." -systemctl reload nginx \ No newline at end of file +systemctl reload nginx + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Installation of $app completed" diff --git a/scripts/remove b/scripts/remove index fe78650f..a9d638f5 100644 --- a/scripts/remove +++ b/scripts/remove @@ -13,19 +13,21 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= +ynh_print_info "Loading installation settings..." app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get "$app" domain) -db_name=$(ynh_app_setting_get "$app" db_name) +domain=$(ynh_app_setting_get $app domain) +db_name=$(ynh_app_setting_get $app db_name) db_user=$db_name -final_path=$(ynh_app_setting_get "$app" final_path) +final_path=$(ynh_app_setting_get $app final_path) #================================================= # STANDARD REMOVE #================================================= -# REMOVE THE PostgreSQL DATABASE +# REMOVE THE POSTGRESQL DATABASE #================================================= +ynh_print_info "Removing the PostgreSQL database" # Remove a database if it exists, along with the associated user ynh_psql_remove_db "$db_name" "$app" @@ -33,6 +35,7 @@ ynh_psql_remove_db "$db_name" "$app" #================================================= # REMOVE DEPENDENCIES #================================================= +ynh_print_info "Removing dependencies" # Remove metapackage and its dependencies ynh_remove_app_dependencies @@ -40,6 +43,7 @@ ynh_remove_app_dependencies #================================================= # REMOVE APP MAIN DIR #================================================= +ynh_print_info "Removing app main directory" # Remove the app directory securely ynh_secure_remove "$final_path" @@ -47,6 +51,7 @@ ynh_secure_remove "$final_path" #================================================= # REMOVE NGINX CONFIGURATION #================================================= +ynh_print_info "Removing nginx web server configuration" # Remove the dedicated nginx config ynh_remove_nginx_config @@ -54,6 +59,7 @@ ynh_remove_nginx_config #================================================= # REMOVE PHP-FPM CONFIGURATION #================================================= +ynh_print_info "Removing php-fpm configuration" # Remove the dedicated php-fpm config ynh_remove_php71-fpm_config @@ -63,6 +69,13 @@ ynh_remove_php71-fpm_config #================================================= # REMOVE DEDICATED USER #================================================= +ynh_print_info "Removing the dedicated system user" # Delete a system user -ynh_system_user_delete "$app" \ No newline at end of file +ynh_system_user_delete $app + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Removal of $app completed"