From 231c8d50f421bca8564a37480cff164da7d81538 Mon Sep 17 00:00:00 2001 From: NorbiPeti Date: Tue, 28 May 2024 21:25:12 +0200 Subject: [PATCH 1/4] Run artisan commands as the Pixelfed user This fixes some permission issues caused by files created by root --- scripts/install | 32 +++++++++++++++++--------------- scripts/upgrade | 34 ++++++++++++++++++---------------- 2 files changed, 35 insertions(+), 31 deletions(-) diff --git a/scripts/install b/scripts/install index 9b385c3b..a7495b1b 100644 --- a/scripts/install +++ b/scripts/install @@ -108,22 +108,24 @@ ynh_add_supervisor_config --service="${app}-horizon" --template=horizon.conf #================================================= ynh_script_progression --message="Deploying..." --weight=1 +artisan="ynh_exec_as $app php$phpversion artisan" + pushd "$install_dir" - php$phpversion artisan -n key:generate --force - php$phpversion artisan horizon:install - php$phpversion artisan horizon:publish - php$phpversion artisan passport:keys - php$phpversion artisan config:clear - php$phpversion artisan config:cache - php$phpversion artisan route:cache - php$phpversion artisan view:cache - php$phpversion artisan storage:link - php$phpversion artisan migrate --force - php$phpversion artisan update - php$phpversion artisan horizon:purge - php$phpversion artisan import:cities 2>/dev/null - php$phpversion artisan instance:actor - php$phpversion artisan passport:client --personal <<< "\\n" + $artisan -n key:generate --force + $artisan horizon:install + $artisan horizon:publish + $artisan passport:keys + $artisan config:clear + $artisan config:cache + $artisan route:cache + $artisan view:cache + $artisan storage:link + $artisan migrate --force + $artisan update + $artisan horizon:purge + $artisan import:cities 2>/dev/null + $artisan instance:actor + $artisan passport:client --personal <<< "\\n" popd #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 76ef052e..ae0ea0d8 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -175,23 +175,25 @@ fi #================================================= ynh_script_progression --message="Deploying..." +artisan="ynh_exec_as $app php$phpversion artisan" + pushd "$install_dir" - php$phpversion artisan horizon:install - php$phpversion artisan horizon:publish - php$phpversion artisan passport:keys --force - php$phpversion artisan config:clear - php$phpversion artisan config:cache - php$phpversion artisan route:clear - php$phpversion artisan route:cache - php$phpversion artisan view:clear - php$phpversion artisan view:cache - php$phpversion artisan storage:link - php$phpversion artisan migrate --force - php$phpversion artisan update - php$phpversion artisan horizon:purge - php$phpversion artisan import:cities 2>/dev/null - php$phpversion artisan instance:actor - php$phpversion artisan passport:client --personal <<< "\\n" + $artisan horizon:install + $artisan horizon:publish + $artisan passport:keys --force + $artisan config:clear + $artisan config:cache + $artisan route:clear + $artisan route:cache + $artisan view:clear + $artisan view:cache + $artisan storage:link + $artisan migrate --force + $artisan update + $artisan horizon:purge + $artisan import:cities 2>/dev/null + $artisan instance:actor + $artisan passport:client --personal <<< "\\n" popd #================================================= From b48ad5dc762b896567da97bdccf17a87d0efffdc Mon Sep 17 00:00:00 2001 From: NorbiPeti Date: Tue, 28 May 2024 22:18:12 +0200 Subject: [PATCH 2/4] Fix permission issues - Run composer install as user, including its hooks - Move the permission fix before configs are cached --- scripts/_common.sh | 31 +++++++++++++++++++++++++++++++ scripts/install | 32 ++++++++++++++++---------------- 2 files changed, 47 insertions(+), 16 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index bb3f8d89..36cc4a08 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -184,3 +184,34 @@ ynh_supervisor_action() { ynh_clean_check_starting fi } + +# Execute a command with Composer +# +# usage: ynh_composer_exec [--phpversion=phpversion] [--workdir=$install_dir] --commands="commands" +# | arg: -v, --phpversion - PHP version to use with composer +# | arg: -w, --workdir - The directory from where the command will be executed. Default $install_dir or $final_path +# | arg: -c, --commands - Commands to execute. +# +# Requires YunoHost version 4.2 or higher. +ynh_composer_exec() { + local _globalphpversion=${phpversion-:} + # Declare an array to define the options of this helper. + local legacy_args=vwc + declare -Ar args_array=([v]=phpversion= [w]=workdir= [c]=commands=) + local phpversion + local workdir + local commands + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + workdir="${workdir:-${install_dir:-$final_path}}" + + if dpkg --compare-versions ${YNH_APP_PACKAGING_FORMAT:-0} lt 2; then + phpversion="${phpversion:-$YNH_PHP_VERSION}" + else + phpversion="${phpversion:-$_globalphpversion}" + fi + + COMPOSER_HOME="$workdir/.composer" COMPOSER_MEMORY_LIMIT=-1 \ + sudo -u $app php${phpversion} "$workdir/composer.phar" $commands \ + -d "$workdir" --no-interaction --no-ansi 2>&1 +} diff --git a/scripts/install b/scripts/install index a7495b1b..16a9dd83 100644 --- a/scripts/install +++ b/scripts/install @@ -103,6 +103,22 @@ ynh_script_progression --message="Configuring a supervisor service..." --weight= # Create a dedicated supervisor config ynh_add_supervisor_config --service="${app}-horizon" --template=horizon.conf +#================================================= +# PATCH PERMISSIONS for v0.11.5 versions and higher +#================================================= +ynh_script_progression --message="Patching permissions (for version 0.11.5 and newer)..." --weight=1 + +# Default configuration doesn't work +ynh_replace_string --match_string="'private' => 0700," --replace_string="'private' => 0750," --target_file=$install_dir/config/filesystems.php + +# Repair permissions for files created after v0.11.5 and before this patch +if [ -d "$install_dir/public/storage/m/_v2/" ]; then + chmod 750 -R "$install_dir/public/storage/m/_v2/"* # all files subdirectories (picture folders) should be readable and executable. But if there is no picture, there is no /*/* + chmod 770 "$install_dir/public/storage/m/_v2/"* # users folders should be 770 + chmod 770 "$install_dir/public/storage/m/_v2/" # this should be 770 + chown -R :www-data "$install_dir/public/storage/m/_v2/" # Fix the mess following packaging v2 upgrade - and make sure proper group owner is set. +fi + #================================================= # DEPLOY #================================================= @@ -146,22 +162,6 @@ ynh_script_progression --message="Configuring log rotation..." --weight=1 ynh_use_logrotate --logfile="/var/log/$app/${app}-horizon.log" ynh_use_logrotate --logfile="/var/www/$app/storage/logs/laravel.log" --specific_user=$app/www-data -#================================================= -# PATCH PERMISSIONS for v0.11.5 versions and higher -#================================================= -ynh_script_progression --message="Patching permissions (for version 0.11.5 and newer)..." --weight=1 - -# Default configuration doesn't work -ynh_replace_string --match_string="'private' => 0700," --replace_string="'private' => 0750," --target_file=$install_dir/config/filesystems.php - -# Repair permissions for files created after v0.11.5 and before this patch -if [ -d "$install_dir/public/storage/m/_v2/" ]; then - chmod 750 -R "$install_dir/public/storage/m/_v2/"* # all files subdirectories (picture folders) should be readable and executable. But if there is no picture, there is no /*/* - chmod 770 "$install_dir/public/storage/m/_v2/"* # users folders should be 770 - chmod 770 "$install_dir/public/storage/m/_v2/" # this should be 770 - chown -R :www-data "$install_dir/public/storage/m/_v2/" # Fix the mess following packaging v2 upgrade - and make sure proper group owner is set. -fi - #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= From 2c391ce6c93485d5c61f81c0d0a71be98b171fed Mon Sep 17 00:00:00 2001 From: NorbiPeti Date: Wed, 29 May 2024 00:04:22 +0200 Subject: [PATCH 3/4] Run clear commands as root on upgrade So that it can definitely delete the old files --- scripts/upgrade | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index ae0ea0d8..c62d1ce6 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -176,16 +176,17 @@ fi ynh_script_progression --message="Deploying..." artisan="ynh_exec_as $app php$phpversion artisan" +artisan_root="php$phpversion artisan" pushd "$install_dir" $artisan horizon:install $artisan horizon:publish $artisan passport:keys --force - $artisan config:clear + $artisan_root config:clear $artisan config:cache - $artisan route:clear + $artisan_root route:clear $artisan route:cache - $artisan view:clear + $artisan_root view:clear $artisan view:cache $artisan storage:link $artisan migrate --force From d7ca2601b9229445576cd326f045540d634b32e6 Mon Sep 17 00:00:00 2001 From: NorbiPeti Date: Wed, 29 May 2024 00:19:38 +0200 Subject: [PATCH 4/4] Revert running Composer update as user It might break updates and doesn't seem to provide much benefit --- scripts/_common.sh | 33 +-------------------------------- 1 file changed, 1 insertion(+), 32 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index 36cc4a08..b2d1b259 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -183,35 +183,4 @@ ynh_supervisor_action() { fi ynh_clean_check_starting fi -} - -# Execute a command with Composer -# -# usage: ynh_composer_exec [--phpversion=phpversion] [--workdir=$install_dir] --commands="commands" -# | arg: -v, --phpversion - PHP version to use with composer -# | arg: -w, --workdir - The directory from where the command will be executed. Default $install_dir or $final_path -# | arg: -c, --commands - Commands to execute. -# -# Requires YunoHost version 4.2 or higher. -ynh_composer_exec() { - local _globalphpversion=${phpversion-:} - # Declare an array to define the options of this helper. - local legacy_args=vwc - declare -Ar args_array=([v]=phpversion= [w]=workdir= [c]=commands=) - local phpversion - local workdir - local commands - # Manage arguments with getopts - ynh_handle_getopts_args "$@" - workdir="${workdir:-${install_dir:-$final_path}}" - - if dpkg --compare-versions ${YNH_APP_PACKAGING_FORMAT:-0} lt 2; then - phpversion="${phpversion:-$YNH_PHP_VERSION}" - else - phpversion="${phpversion:-$_globalphpversion}" - fi - - COMPOSER_HOME="$workdir/.composer" COMPOSER_MEMORY_LIMIT=-1 \ - sudo -u $app php${phpversion} "$workdir/composer.phar" $commands \ - -d "$workdir" --no-interaction --no-ansi 2>&1 -} +} \ No newline at end of file