From 5604e052421eeaae46042ccde9d90b7cad229265 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Sun, 6 Jun 2021 23:11:44 +0200 Subject: [PATCH] fix --- README.md | 4 ++-- README_fr.md | 4 ++-- check_process | 14 ++++--------- manifest.json | 24 ++-------------------- scripts/install | 44 ++++++++++++++++------------------------ scripts/restore | 28 ++++++++++---------------- scripts/upgrade | 53 +++++++++++++++++++------------------------------ 7 files changed, 58 insertions(+), 113 deletions(-) diff --git a/README.md b/README.md index e6426db..174c982 100644 --- a/README.md +++ b/README.md @@ -39,8 +39,8 @@ Can the app be used by multiple users? **Yes** #### Supported architectures -* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/pluxml%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/pluxml/) -* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/pluxml%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/pluxml/) +* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/pluxml.svg)](https://ci-apps.yunohost.org/ci/apps/pluxml/) +* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/pluxml.svg)](https://ci-apps-arm.yunohost.org/ci/apps/pluxml/) ## Limitations diff --git a/README_fr.md b/README_fr.md index 4dc3047..511dfe5 100644 --- a/README_fr.md +++ b/README_fr.md @@ -39,8 +39,8 @@ Le panneau d'administration est accessible via https://domain.tld/path/core/admi #### Architectures supportées -* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/pluxml%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/pluxml/) -* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/pluxml%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/pluxml/) +* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/pluxml.svg)](https://ci-apps.yunohost.org/ci/apps/pluxml/) +* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/pluxml.svg)](https://ci-apps-arm.yunohost.org/ci/apps/pluxml/) ## Limitations diff --git a/check_process b/check_process index 1f0cc47..1d94513 100644 --- a/check_process +++ b/check_process @@ -1,15 +1,10 @@ -# See here for more information -# https://github.com/YunoHost/package_check#syntax-check_process-file - -# Move this file from check_process.default to check_process when you have filled it. - ;; Test complet ; Manifest - domain="domain.tld" (DOMAIN) - path="/path" (PATH) - admin="john" (USER) + domain="domain.tld" + path="/path" + admin="john" language="fr" - is_public=1 (PUBLIC|public=1|private=0) + is_public=1 password="pass" ; Checks pkg_linter=1 @@ -23,7 +18,6 @@ upgrade=1 from_commit=f618522e430dfcb63e1a5843535cf0da165025f3 backup_restore=1 multi_instance=1 - port_already_use=0 change_url=1 ;;; Options Email= diff --git a/manifest.json b/manifest.json index 7f93994..f82ac38 100644 --- a/manifest.json +++ b/manifest.json @@ -15,7 +15,7 @@ "url": "https://miaou.org" }, "requirements": { - "yunohost": ">= 4.0.0" + "yunohost": ">= 4.2.0" }, "multi_instance": true, "services": [ @@ -27,38 +27,22 @@ { "name": "domain", "type": "domain", - "ask": { - "en": "Choose a domain name for PluXml", - "fr": "Choisissez un nom de domaine pour PluXml" - }, "example": "example.com" }, { "name": "path", "type": "path", - "ask": { - "en": "Choose a path for PluXml", - "fr": "Choisissez un chemin pour PluXml" - }, "example": "/pluxml", "default": "/pluxml" }, { "name": "admin", "type": "user", - "ask": { - "en": "Choose an admin user for PluXml", - "fr": "Choisissez l'administrateur de PluXml" - }, "example": "John" }, { "name": "is_public", "type": "boolean", - "ask": { - "en": "Is it a public application?", - "fr": "Est-ce une application publique ?" - }, "help": { "en": "If checked, the app will be public", "fr": "Si cochée, votre application sera publique" @@ -67,7 +51,7 @@ }, { "name": "language", - "type": "string", + "type": "string", "ask": { "en": "Default language", "fr": "Langue par défaut" @@ -78,10 +62,6 @@ { "name": "password", "type": "password", - "ask": { - "en": "Choose an admin password for PluXml", - "fr": "Choisissez un mot de passe administrateur pour PluXml" - }, "example": "super_secret_password" } ] diff --git a/scripts/install b/scripts/install index 2aa3731..e150291 100755 --- a/scripts/install +++ b/scripts/install @@ -54,6 +54,14 @@ ynh_app_setting_set --app=$app --key=admin --value=$admin ynh_app_setting_set --app=$app --key=is_public --value=$is_public ynh_app_setting_set --app=$app --key=language --value=$language +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." + +# Create a system user +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # STANDARD MODIFICATIONS #================================================= @@ -65,6 +73,10 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= @@ -73,14 +85,6 @@ ynh_script_progression --message="Configuring NGINX web server..." # Create a dedicated NGINX config ynh_add_nginx_config -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." - -# Create a system user -ynh_system_user_create --username=$app - #================================================= # PHP-FPM CONFIGURATION #================================================= @@ -98,10 +102,10 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) ynh_script_progression --message="Setting up application with cURL..." # Set right permissions for curl install -chown -R $app: $final_path +chown -R $app $final_path # Set the app as temporarily public for cURL call -ynh_permission_update --permission "main" --add "visitors" +ynh_permission_update --permission="main" --add="visitors" # Reload NGINX ynh_systemd_action --service_name=nginx --action=reload @@ -110,33 +114,19 @@ ynh_systemd_action --service_name=nginx --action=reload ynh_script_progression --message="Finalizing installation..." ynh_local_curl "/install.php" "default_lang=$language" "install=Installer" "name=$admin" "login=$admin" "pwd=$password" "pwd2=$password" "data=1" "email=$admin@$domain" "timezone=Europe/Paris" -#================================================= -# REMOVING NO MORE NEEDED FILES -#================================================= -ynh_script_progression --message="Removing install.php and /update" - +#Removing install.php and /update" ynh_secure_remove --file="${final_path}/install.php" ynh_secure_remove --file="${final_path}/update" -#================================================= -# GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= -ynh_script_progression --message="Securing files and directories..." - -# Set permissions to app files -chown -R "$app":"$app" $final_path # modif perso - #================================================= # SETUP SSOWAT #================================================= -ynh_script_progression --message="Configuring SSOwat..." +ynh_script_progression --message="Configuring permissions..." # Make app public if necessary or protect it if [ $is_public -eq 0 ] then - ynh_permission_update --permission "main" --remove "visitors" + ynh_permission_update --permission="main" --remove="visitors" fi #================================================= diff --git a/scripts/restore b/scripts/restore index 2c3702e..c46d806 100755 --- a/scripts/restore +++ b/scripts/restore @@ -51,6 +51,14 @@ ynh_script_progression --message="Restoring the NGINX configuration..." ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +#================================================= +# RECREATE THE DEDICATED USER +#================================================= +ynh_script_progression --message="Recreating the dedicated system user..." + +# Create the dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # RESTORE THE APP MAIN DIR #================================================= @@ -58,21 +66,9 @@ ynh_script_progression --message="Restoring the app main directory..." ynh_restore_file --origin_path="$final_path" -#================================================= -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." - -# Create the dedicated user (if not existing) -ynh_system_user_create --username=$app - -#================================================= -# RESTORE USER RIGHTS -#================================================= -ynh_script_progression --message="Restoring user rights..." - -# Restore permissions on app files -chown -R $app:$app $final_path +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" #================================================= # RESTORE THE PHP-FPM CONFIGURATION @@ -81,8 +77,6 @@ ynh_script_progression --message="Restoring PHP-FPM configuration..." ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" -ynh_add_fpm_config #--package="$extra_php_dependencies" - #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 05c1364..e739e16 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -35,21 +35,19 @@ upgrade_type=$(ynh_check_app_version_changed) #================================================= ynh_script_progression --message="Ensuring downward compatibility..." -# Fix is_public as a boolean value -if [ "$is_public" = "Yes" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=1 - is_public=1 -elif [ "$is_public" = "No" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=0 - is_public=0 -fi - # If final_path doesn't exist, create it if [ -z "$final_path" ]; then final_path=/var/www/$app ynh_app_setting_set --app=$app --key=final_path --value=$final_path fi +# Cleaning legacy permissions +if ynh_legacy_permissions_exists; then + ynh_legacy_permissions_delete_all + + ynh_app_setting_delete --app=$app --key=is_public +fi + #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= @@ -64,6 +62,14 @@ ynh_clean_setup () { # Exit if an error occurs during the execution of the script ynh_abort_if_errors +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." + +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # STANDARD UPGRADE STEPS #================================================= @@ -78,6 +84,10 @@ then ynh_setup_source --dest_dir="$final_path" fi +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= @@ -86,14 +96,6 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." # Create a dedicated nginx config ynh_add_nginx_config -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." - -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app - #================================================= # PHP-FPM CONFIGURATION #================================================= @@ -109,27 +111,12 @@ ynh_add_fpm_config #--package="$extra_php_dependencies" #================================================= ynh_script_progression --message="Setting up application with cURL..." -chown -R "$app":"$app" $final_path ynh_local_curl "/update/index.php" "submit=submit" -#================================================= -# REMOVING NO MORE NEEDED FILES -#================================================= -ynh_script_progression --message="Removing install.php and /update" - +#Removing install.php and /update" ynh_secure_remove --file="${final_path}/install.php" ynh_secure_remove --file="${final_path}/update" -#================================================= -# GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= -ynh_script_progression --message="Securing files and directories..." - -# Set permissions on app files -chown -R $app:$app $final_path # modif perso - #================================================= # RELOAD NGINX #=================================================