From b44ce0211530b4aa2f0b0339e901413befc2d878 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Tue, 2 Apr 2019 01:36:58 +0200 Subject: [PATCH 1/3] add ynh_add_secure_repos__3 --- scripts/_common.sh | 3 +- scripts/install | 24 +-- scripts/remove | 8 - scripts/restore | 25 ++- scripts/upgrade | 25 ++- scripts/ynh_add_secure_repos__3 | 294 ++++++++++++++++++++++++++++++++ 6 files changed, 325 insertions(+), 54 deletions(-) create mode 100644 scripts/ynh_add_secure_repos__3 diff --git a/scripts/_common.sh b/scripts/_common.sh index 2592400..5faffde 100755 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -5,7 +5,8 @@ #================================================= # dependencies used by the app -pkg_dependencies="git build-essential postgresql postgresql-contrib elixir erlang-dev erlang-tools erlang-parsetools erlang-eldap erlang-xmerl openssl ssh sudo" +pkg_dependencies="git build-essential postgresql postgresql-contrib openssl ssh sudo" +extra_pkg_dependencies="elixir erlang-dev erlang-tools erlang-parsetools erlang-eldap erlang-xmerl" #================================================= # PERSONAL HELPERS diff --git a/scripts/install b/scripts/install index e7bdb38..bdd721f 100755 --- a/scripts/install +++ b/scripts/install @@ -8,6 +8,7 @@ source _common.sh source ynh_systemd_action +source ynh_add_secure_repos__3 source /usr/share/yunohost/helpers #================================================= @@ -85,21 +86,6 @@ ynh_print_info "Configuring firewall ..." port=$(ynh_find_port 8095) ynh_app_setting_set $app port $port -#================================================= -# ADD ERLANG REPOSITORY -#================================================= -ynh_print_info "Adding Erlang repository..." - -if [ "$(lsb_release --codename --short)" == "jessie" ]; then - echo "deb http://packages.erlang-solutions.com/debian jessie contrib" | tee /etc/apt/sources.list.d/erlang-solutions.list -elif [ "$(lsb_release --codename --short)" == "stretch" ]; then - echo "deb http://packages.erlang-solutions.com/debian stretch contrib" | tee /etc/apt/sources.list.d/erlang-solutions.list -fi -wget https://packages.erlang-solutions.com/debian/erlang_solutions.asc -apt-key add erlang_solutions.asc -rm erlang_solutions.asc -ynh_package_update - #================================================= # INSTALL DEPENDENCIES #================================================= @@ -107,6 +93,14 @@ ynh_print_info "Installing dependencies ..." ynh_install_app_dependencies $pkg_dependencies +#================================================= +# INSTALL EXTRA DEPENDENCIES +#================================================= +ynh_print_info "Installing extra dependencies ..." + +lsb_name="$(lsb_release --codename --short)" +ynh_install_extra_app_dependencies --repo="deb http://packages.erlang-solutions.com/debian $lsb_name contrib" --package="$extra_pkg_dependencies" --key='https://packages.erlang-solutions.com/debian/erlang_solutions.asc' + #================================================= # CREATE A POSTGRESQL DATABASE #================================================= diff --git a/scripts/remove b/scripts/remove index 0926a6a..9674279 100755 --- a/scripts/remove +++ b/scripts/remove @@ -69,14 +69,6 @@ ynh_print_info "Removing dependencies" # Remove metapackage and its dependencies ynh_remove_app_dependencies -#================================================= -# REMOVE ERLANG REPOSITORY -#================================================= -ynh_print_info "Removing erlang repository..." - -ynh_secure_remove "/etc/apt/sources.list.d/erlang-solutions.list" -apt-key del A14F4FCA - #================================================= # REMOVE APP MAIN DIR #================================================= diff --git a/scripts/restore b/scripts/restore index 7188101..c84fb76 100755 --- a/scripts/restore +++ b/scripts/restore @@ -8,6 +8,7 @@ source ../settings/scripts/_common.sh source ../settings/scripts/ynh_systemd_action +source ../settings/scriptsynh_add_secure_repos__3 source /usr/share/yunohost/helpers #================================================= @@ -82,21 +83,6 @@ chown -R "$app":"$app" "$final_path" #================================================= # SPECIFIC RESTORATION -#================================================= -# ADD ERLANG REPOSITORY -#================================================= -ynh_print_info "Adding Erlang repository..." - -if [ "$(lsb_release --codename --short)" == "jessie" ]; then - echo "deb http://packages.erlang-solutions.com/debian jessie contrib" | tee /etc/apt/sources.list.d/erlang-solutions.list -elif [ "$(lsb_release --codename --short)" == "stretch" ]; then - echo "deb http://packages.erlang-solutions.com/debian stretch contrib" | tee /etc/apt/sources.list.d/erlang-solutions.list -fi -wget https://packages.erlang-solutions.com/debian/erlang_solutions.asc -apt-key add erlang_solutions.asc -rm erlang_solutions.asc -ynh_package_update - #================================================= # REINSTALL DEPENDENCIES #================================================= @@ -105,6 +91,15 @@ ynh_print_info "Reinstalling dependencies..." # Define and install dependencies ynh_install_app_dependencies $pkg_dependencies +#================================================= +# REINSTALL EXTRA DEPENDENCIES +#================================================= +ynh_print_info "Reinstalling extra dependencies ..." + +lsb_name="$(lsb_release --codename --short)" +ynh_install_extra_app_dependencies --repo="deb http://packages.erlang-solutions.com/debian $lsb_name contrib" --package="$extra_pkg_dependencies" --key="https://packages.erlang-solutions.com/debian/erlang_solutions.asc" + + #================================================= # RESTORE THE POSTGRESQL DATABASE #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 1926d25..b536962 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -8,6 +8,7 @@ source _common.sh source ynh_systemd_action +source ynh_add_secure_repos__3 source /usr/share/yunohost/helpers #================================================= @@ -82,6 +83,7 @@ fi # Remove old repository ynh_secure_remove "/etc/apt/sources.list.d/erlang-solutions.list" +apt-key del A14F4FCA #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP @@ -142,21 +144,6 @@ then ynh_store_file_checksum "/etc/nginx/conf.d/$domain.d/$app.conf" fi -#================================================= -# ADD ERLANG REPOSITORY -#================================================= -ynh_print_info "Adding Erlang repository..." - -if [ "$(lsb_release --codename --short)" == "jessie" ]; then - echo "deb http://packages.erlang-solutions.com/debian jessie contrib" | tee /etc/apt/sources.list.d/erlang-solutions.list -elif [ "$(lsb_release --codename --short)" == "stretch" ]; then - echo "deb http://packages.erlang-solutions.com/debian stretch contrib" | tee /etc/apt/sources.list.d/erlang-solutions.list -fi -wget https://packages.erlang-solutions.com/debian/erlang_solutions.asc -apt-key add erlang_solutions.asc -rm erlang_solutions.asc -ynh_package_update - #================================================= # UPGRADE DEPENDENCIES #================================================= @@ -165,6 +152,14 @@ ynh_print_info "Upgrading dependencies..." # install dependencies ynh_install_app_dependencies $pkg_dependencies +#================================================= +# INSTALL EXTRA DEPENDENCIES +#================================================= +ynh_print_info "Installing extra dependencies ..." + +lsb_name="$(lsb_release --codename --short)" +ynh_install_extra_app_dependencies --repo="deb http://packages.erlang-solutions.com/debian $lsb_name contrib" --package="$extra_pkg_dependencies" --key="https://packages.erlang-solutions.com/debian/erlang_solutions.asc" + #================================================= # CREATE DEDICATED USER #================================================= diff --git a/scripts/ynh_add_secure_repos__3 b/scripts/ynh_add_secure_repos__3 new file mode 100644 index 0000000..3276f00 --- /dev/null +++ b/scripts/ynh_add_secure_repos__3 @@ -0,0 +1,294 @@ +#!/bin/bash + +# Pin a repository. +# +# usage: ynh_pin_repo --package=packages --pin=pin_filter [--priority=priority_value] [--name=name] [--append] +# | arg: -p, --package - Packages concerned by the pin. Or all, *. +# | arg: -i, --pin - Filter for the pin. +# | arg: -p, --priority - Priority for the pin +# | arg: -n, --name - Name for the files for this repo, $app as default value. +# | arg: -a, --append - Do not overwrite existing files. +# +# See https://manpages.debian.org/stretch/apt/apt_preferences.5.en.html for information about pinning. +# +ynh_pin_repo () { + # Declare an array to define the options of this helper. + local legacy_args=pirna + declare -Ar args_array=( [p]=package= [i]=pin= [r]=priority= [n]=name= [a]=append ) + local package + local pin + local priority + local name + local append + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + package="${package:-*}" + priority=${priority:-50} + name="${name:-$app}" + append=${append:-0} + + if [ $append -eq 1 ] + then + append="tee -a" + else + append="tee" + fi + + mkdir -p "/etc/apt/preferences.d" + echo "Package: $package +Pin: $pin +Pin-Priority: $priority" \ + | $append "/etc/apt/preferences.d/$name" +} + +# Add a repository. +# +# usage: ynh_add_repo --uri=uri --suite=suite --component=component [--name=name] [--append] +# | arg: -u, --uri - Uri of the repository. +# | arg: -s, --suite - Suite of the repository. +# | arg: -c, --component - Component of the repository. +# | arg: -n, --name - Name for the files for this repo, $app as default value. +# | arg: -a, --append - Do not overwrite existing files. +# +# Example for a repo like deb http://forge.yunohost.org/debian/ stretch stable +# uri suite component +# ynh_add_repo --uri=http://forge.yunohost.org/debian/ --suite=stretch --component=stable +# +ynh_add_repo () { + # Declare an array to define the options of this helper. + local legacy_args=uscna + declare -Ar args_array=( [u]=uri= [s]=suite= [c]=component= [n]=name= [a]=append ) + local uri + local suite + local component + local name + local append + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + name="${name:-$app}" + append=${append:-0} + + if [ $append -eq 1 ] + then + append="tee -a" + else + append="tee" + fi + + mkdir -p "/etc/apt/sources.list.d" + # Add the new repo in sources.list.d + echo "deb $uri $suite $component" \ + | $append "/etc/apt/sources.list.d/$name.list" +} + +# Add an extra repository correctly, pin it and get the key. +# +# usage: ynh_install_extra_repo --repo="repo" [--key=key_url] [--priority=priority_value] [--name=name] [--append] +# | arg: -r, --repo - Complete url of the extra repository. +# | arg: -k, --key - url to get the public key. +# | arg: -p, --priority - Priority for the pin +# | arg: -n, --name - Name for the files for this repo, $app as default value. +# | arg: -a, --append - Do not overwrite existing files. +ynh_install_extra_repo () { + # Declare an array to define the options of this helper. + local legacy_args=rkpna + declare -Ar args_array=( [r]=repo= [k]=key= [p]=priority= [n]=name= [a]=append ) + local repo + local key + local priority + local name + local append + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + name="${name:-$app}" + append=${append:-0} + key=${key:-0} + priority=${priority:-} + + if [ $append -eq 1 ] + then + append="--append" + wget_append="tee -a" + else + append="" + wget_append="tee" + fi + + # Split the repository into uri, suite and components. + # Remove "deb " at the beginning of the repo. + repo="${repo#deb }" + + # Get the uri + local uri="$(echo "$repo" | awk '{ print $1 }')" + + # Get the suite + local suite="$(echo "$repo" | awk '{ print $2 }')" + + # Get the components + local component="${repo##$uri $suite }" + + # Add the repository into sources.list.d + ynh_add_repo --uri="$uri" --suite="$suite" --component="$component" --name="$name" $append + + # Pin the new repo with the default priority, so it won't be used for upgrades. + # Build $pin from the uri without http and any sub path + local pin="${uri#*://}" + pin="${pin%%/*}" + # Set a priority only if asked + if [ -n "$priority" ] + then + priority="--priority=$priority" + fi + ynh_pin_repo --package="*" --pin="origin \"$pin\"" $priority --name="$name" $append + + # Get the public key for the repo + if [ -n "$key" ] + then + mkdir -p "/etc/apt/trusted.gpg.d" + wget -q "$key" -O - | gpg --dearmor | $wget_append /etc/apt/trusted.gpg.d/$name.gpg > /dev/null + fi + + # Update the list of package with the new repo + ynh_package_update +} + +# Remove an extra repository and the assiociated configuration. +# +# usage: ynh_remove_extra_repo [--name=name] +# | arg: -n, --name - Name for the files for this repo, $app as default value. +ynh_remove_extra_repo () { + # Declare an array to define the options of this helper. + local legacy_args=n + declare -Ar args_array=( [n]=name= ) + local name + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + name="${name:-$app}" + + ynh_secure_remove "/etc/apt/sources.list.d/$name.list" + ynh_secure_remove "/etc/apt/preferences.d/$name" + ynh_secure_remove "/etc/apt/trusted.gpg.d/$name.gpg" + ynh_secure_remove "/etc/apt/trusted.gpg.d/$name.asc" + + # Update the list of package to exclude the old repo + ynh_package_update +} + +# Install packages from an extra repository properly. +# +# usage: ynh_install_extra_app_dependencies --repo="repo" --package="dep1 dep2" [--key=key_url] [--name=name] +# | arg: -r, --repo - Complete url of the extra repository. +# | arg: -p, --package - The packages to install from this extra repository +# | arg: -k, --key - url to get the public key. +# | arg: -n, --name - Name for the files for this repo, $app as default value. +ynh_install_extra_app_dependencies () { + # Declare an array to define the options of this helper. + local legacy_args=rpkn + declare -Ar args_array=( [r]=repo= [p]=package= [k]=key= [n]=name= ) + local repo + local package + local key + local name + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + name="${name:-$app}" + key=${key:-0} + + # Set a key only if asked + if [ -n "$key" ] + then + key="--key=$key" + fi + # Add an extra repository for those packages + ynh_install_extra_repo --repo="$repo" $key --priority=995 --name=$name + + # Install requested dependencies from this extra repository. + ynh_add_app_dependencies --package="$package" + + # Remove this extra repository after packages are installed + ynh_remove_extra_repo --name=$app +} + +#================================================= + +# patched version of ynh_install_app_dependencies to be used with ynh_add_app_dependencies + +# Define and install dependencies with a equivs control file +# This helper can/should only be called once per app +# +# usage: ynh_install_app_dependencies dep [dep [...]] +# | arg: dep - the package name to install in dependence +# You can give a choice between some package with this syntax : "dep1|dep2" +# Example : ynh_install_app_dependencies dep1 dep2 "dep3|dep4|dep5" +# This mean in the dependence tree : dep1 & dep2 & (dep3 | dep4 | dep5) +# +# Requires YunoHost version 2.6.4 or higher. +ynh_install_app_dependencies () { + local dependencies=$@ + dependencies="$(echo "$dependencies" | sed 's/\([^\<=\>]\)\ \([^(]\)/\1, \2/g')" + dependencies=${dependencies//|/ | } + local manifest_path="../manifest.json" + if [ ! -e "$manifest_path" ]; then + manifest_path="../settings/manifest.json" # Into the restore script, the manifest is not at the same place + fi + + local version=$(grep '\"version\": ' "$manifest_path" | cut -d '"' -f 4) # Retrieve the version number in the manifest file. + if [ ${#version} -eq 0 ]; then + version="1.0" + fi + local dep_app=${app//_/-} # Replace all '_' by '-' + + # Handle specific versions + if [[ "$dependencies" =~ [\<=\>] ]] + then + # Replace version specifications by relationships syntax + # https://www.debian.org/doc/debian-policy/ch-relationships.html + # Sed clarification + # [^(\<=\>] ignore if it begins by ( or < = >. To not apply twice. + # [\<=\>] matches < = or > + # \+ matches one or more occurence of the previous characters, for >= or >>. + # [^,]\+ matches all characters except ',' + # Ex: package>=1.0 will be replaced by package (>= 1.0) + dependencies="$(echo "$dependencies" | sed 's/\([^(\<=\>]\)\([\<=\>]\+\)\([^,]\+\)/\1 (\2 \3)/g')" + fi + + cat > /tmp/${dep_app}-ynh-deps.control << EOF # Make a control file for equivs-build +Section: misc +Priority: optional +Package: ${dep_app}-ynh-deps +Version: ${version} +Depends: ${dependencies} +Architecture: all +Description: Fake package for $app (YunoHost app) dependencies + This meta-package is only responsible of installing its dependencies. +EOF + ynh_package_install_from_equivs /tmp/${dep_app}-ynh-deps.control \ + || ynh_die --message="Unable to install dependencies" # Install the fake package and its dependencies + rm /tmp/${dep_app}-ynh-deps.control + ynh_app_setting_set --app=$app --key=apt_dependencies --value="$dependencies" +} + +ynh_add_app_dependencies () { + # Declare an array to define the options of this helper. + local legacy_args=pr + declare -Ar args_array=( [p]=package= [r]=replace) + local package + local replace + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + replace=${replace:-0} + + local current_dependencies="" + if [ $replace -eq 0 ] + then + local dep_app=${app//_/-} # Replace all '_' by '-' + if ynh_package_is_installed --package="${dep_app}-ynh-deps" + then + current_dependencies="$(dpkg-query --show --showformat='${Depends}' ${dep_app}-ynh-deps) " + fi + + current_dependencies=${current_dependencies// | /|} + fi + + ynh_install_app_dependencies "${current_dependencies}${package}" +} From e6431531386f34dc3afe1ea4e9186fdafa78759e Mon Sep 17 00:00:00 2001 From: yalh76 Date: Tue, 2 Apr 2019 03:02:55 +0200 Subject: [PATCH 2/3] fix restore --- scripts/restore | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/restore b/scripts/restore index c84fb76..2c8d5a7 100755 --- a/scripts/restore +++ b/scripts/restore @@ -8,7 +8,7 @@ source ../settings/scripts/_common.sh source ../settings/scripts/ynh_systemd_action -source ../settings/scriptsynh_add_secure_repos__3 +source ../settings/scripts/ynh_add_secure_repos__3 source /usr/share/yunohost/helpers #================================================= From ba1ae5fc756f03966402d6c1306bf85aff656e9f Mon Sep 17 00:00:00 2001 From: yalh76 Date: Wed, 3 Apr 2019 13:55:58 +0200 Subject: [PATCH 3/3] Increase version --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index 9aa8596..b711b77 100755 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Pleroma is an OStatus-compatible social networking server written in Elixir, compatible with GNU Social and Mastodon", "fr": "Pleroma est un réseau social écrit en Elixir, compatible avec OStatus, GNU Social et Mastodon" }, - "version": "0.9.999~ynh4", + "version": "0.9.999~ynh5", "url": "https://git.pleroma.social/pleroma/pleroma", "license": "AGPL-3.0-only", "maintainer": [