mirror of
https://github.com/YunoHost-Apps/privatebin_ynh.git
synced 2024-09-03 20:15:56 +02:00
[fix] Create user for this app + add helpers into common
This commit is contained in:
parent
92717d19fa
commit
3f81447f36
5 changed files with 163 additions and 53 deletions
|
@ -19,8 +19,8 @@
|
|||
; Unix user/group of processes
|
||||
; Note: The user is mandatory. If the group is not set, the default user's group
|
||||
; will be used.
|
||||
user = www-data
|
||||
group = www-data
|
||||
user = __USER__
|
||||
group = __USER__
|
||||
|
||||
; The address on which to accept FastCGI requests.
|
||||
; Valid syntaxes are:
|
||||
|
|
143
scripts/_common
143
scripts/_common
|
@ -2,6 +2,26 @@ PRIVATEBIN_VERSION="1.1"
|
|||
PRIVATEBIN_SOURCE_URL="https://github.com/PrivateBin/PrivateBin/archive/${PRIVATEBIN_VERSION}.tar.gz"
|
||||
PRIVATEBIN_SOURCE_SHA256="61d18753c792d83f54ad9e414d1d32198ab873054907081e732effd5ccbe96ef"
|
||||
|
||||
# Substitute a string by another in a file
|
||||
#
|
||||
# usage: ynh_substitute_char string_to_find replace_string file_to_analyse
|
||||
# | arg: string_to_find - String to replace in the file
|
||||
# | arg: replace_string - New string that will replace
|
||||
# | arg: file_to_analyse - File where the string will be replaced.
|
||||
ynh_substitute_char () {
|
||||
delimit=@
|
||||
match_char=${1//${delimit}/"\\${delimit}"} # Escape the delimiter if it's in the string.
|
||||
replace_char=${2//${delimit}/"\\${delimit}"}
|
||||
workfile=$3
|
||||
|
||||
sudo sed --in-place "s${delimit}${match_char}${delimit}${replace_char}${delimit}g" "$workfile"
|
||||
}
|
||||
|
||||
ynh_store_checksum_config () {
|
||||
config_file_checksum=checksum_${1//[\/ ]/_} # Replace all '/' and ' ' by '_'
|
||||
ynh_app_setting_set $app $config_file_checksum $(sudo md5sum "$1" | cut -d' ' -f1)
|
||||
}
|
||||
|
||||
extract_source() {
|
||||
local DESTDIR=$1
|
||||
|
||||
|
@ -16,31 +36,112 @@ extract_source() {
|
|||
sudo rm "$rc_tarball"
|
||||
}
|
||||
|
||||
ynh_pool_fpm () { # Create the php-fpm pool configuration file and configure it.
|
||||
sed -i "s@__NAMETOCHANGE__@$app@g" ../conf/php-fpm.conf
|
||||
sed -i "s@__FINALPATH__@$final_path@g" ../conf/php-fpm.conf
|
||||
finalphpconf=/etc/php5/fpm/pool.d/$app.conf
|
||||
sudo cp ../conf/php-fpm.conf $finalphpconf
|
||||
sudo chown root: $finalphpconf
|
||||
finalphpini=/etc/php5/fpm/conf.d/20-$app.ini
|
||||
sudo cp ../conf/php-fpm.ini $finalphpini
|
||||
sudo chown root: $finalphpini
|
||||
ynh_fpm_config () {
|
||||
finalphpconf="/etc/php5/fpm/pool.d/$app.conf"
|
||||
ynh_compare_checksum_config "$finalphpconf" 1
|
||||
sudo cp ../conf/php-fpm.conf "$finalphpconf"
|
||||
ynh_substitute_char "__NAMETOCHANGE__" "$app" "$finalphpconf"
|
||||
ynh_substitute_char "__FINALPATH__" "$final_path" "$finalphpconf"
|
||||
ynh_substitute_char "__USER__" "$app" "$finalphpconf"
|
||||
sudo chown root: "$finalphpconf"
|
||||
ynh_store_checksum_config "$finalphpconf"
|
||||
|
||||
if [ -e "../conf/php-fpm.ini" ]
|
||||
then
|
||||
finalphpini="/etc/php5/fpm/conf.d/20-$app.ini"
|
||||
ynh_compare_checksum_config "$finalphpini" 1
|
||||
sudo cp ../conf/php-fpm.ini "$finalphpini"
|
||||
sudo chown root: "$finalphpini"
|
||||
ynh_store_checksum_config "$finalphpini"
|
||||
fi
|
||||
|
||||
sudo systemctl reload php5-fpm
|
||||
}
|
||||
|
||||
ynh_remove_fpm () { # Delete pool php-fpm configuration
|
||||
if [ -e "/etc/php5/fpm/pool.d/$app.conf" ]; then # Delete fpm config
|
||||
echo "Delete fpm config"
|
||||
sudo rm "/etc/php5/fpm/pool.d/$app.conf"
|
||||
fi
|
||||
if [ -e "/etc/php5/fpm/conf.d/20-$app.ini" ]; then # Delete php config
|
||||
echo "Delete php config"
|
||||
sudo rm "/etc/php5/fpm/conf.d/20-$app.ini"
|
||||
fi
|
||||
ynh_remove_fpm_config () {
|
||||
ynh_secure_remove "/etc/php5/fpm/pool.d/$app.conf"
|
||||
ynh_secure_remove "/etc/php5/fpm/conf.d/20-$app.ini"
|
||||
sudo systemctl reload php5-fpm
|
||||
}
|
||||
|
||||
ynh_secure_rm () {
|
||||
[[ "/var/www /opt /home/yunohost.app" =~ $1 ]] \
|
||||
|| (test -n "$1" && sudo rm -Rf $1 )
|
||||
# Remove a file or a directory securely
|
||||
#
|
||||
# usage: ynh_secure_remove path_to_remove
|
||||
# | arg: path_to_remove - File or directory to remove
|
||||
ynh_secure_remove () {
|
||||
path_to_remove=$1
|
||||
forbidden_path=" \
|
||||
/var/www \
|
||||
/home/yunohost.app"
|
||||
|
||||
if [[ "$forbidden_path" =~ "$path_to_remove" \
|
||||
# Match all path or subpath in $forbidden_path
|
||||
|| "$path_to_remove" =~ ^/[[:alnum:]]+$ \
|
||||
# Match all first level path from / (Like /var, /root, etc...)
|
||||
|| "${path_to_remove:${#path_to_remove}-1}" = "/" ]]
|
||||
# Match if the path finish by /. Because it's seems there is an empty variable
|
||||
then
|
||||
echo "Avoid deleting of $path_to_remove." >&2
|
||||
else
|
||||
if [ -e "$path_to_remove" ]
|
||||
then
|
||||
sudo rm -R "$path_to_remove"
|
||||
else
|
||||
echo "$path_to_remove doesn't deleted because it's not exist." >&2
|
||||
fi
|
||||
fi
|
||||
}
|
||||
|
||||
# Create a system user
|
||||
#
|
||||
# usage: ynh_system_user_create user_name [home_dir]
|
||||
# | arg: user_name - Name of the system user that will be create
|
||||
# | arg: home_dir - Path of the home dir for the user. Usually the final path of the app. If this argument is omitted, the user will be created without home
|
||||
ynh_system_user_create () {
|
||||
if ! ynh_system_user_exists "$1" # Check if the user exists on the system
|
||||
then # If the user doesn't exist
|
||||
if [ $# -ge 2 ]; then # If a home dir is mentioned
|
||||
user_home_dir="-d $2"
|
||||
else
|
||||
user_home_dir="--no-create-home"
|
||||
fi
|
||||
sudo useradd $user_home_dir --system --user-group $1 --shell /usr/sbin/nologin || ynh_die "Unable to create $1 system account"
|
||||
fi
|
||||
}
|
||||
|
||||
# Delete a system user
|
||||
#
|
||||
# usage: ynh_system_user_delete user_name
|
||||
# | arg: user_name - Name of the system user that will be create
|
||||
ynh_system_user_delete () {
|
||||
if ynh_system_user_exists "$1" # Check if the user exists on the system
|
||||
then
|
||||
echo "Remove the user $1" >&2
|
||||
sudo userdel $1
|
||||
else
|
||||
echo "The user $1 was not found" >&2
|
||||
fi
|
||||
}
|
||||
|
||||
ynh_compare_checksum_config () {
|
||||
current_config_file=$1
|
||||
compress_backup=${2:-0} # If $2 is empty, compress_backup will set at 0
|
||||
config_file_checksum=checksum_${current_config_file//[\/ ]/_} # Replace all '/' and ' ' by '_'
|
||||
checksum_value=$(ynh_app_setting_get $app $config_file_checksum)
|
||||
if [ -n "$checksum_value" ]
|
||||
then # Proceed only if a value was stocked into the app config
|
||||
if ! echo "$checksum_value $current_config_file" | md5sum -c --status
|
||||
then # If the checksum is now different
|
||||
backup_config_file="$current_config_file.backup.$(date '+%d.%m.%y_%Hh%M,%Ss')"
|
||||
if [ compress_backup -eq 1 ]
|
||||
then
|
||||
sudo tar --create --gzip --file "$backup_config_file.tar.gz" "$current_config_file" # Backup the current config file and compress
|
||||
backup_config_file="$backup_config_file.tar.gz"
|
||||
else
|
||||
sudo cp -a "$current_config_file" "$backup_config_file" # Backup the current config file
|
||||
fi
|
||||
echo "Config file $current_config_file has been manually modified since the installation or last upgrade. So it has been duplicated in $backup_config_file" >&2
|
||||
echo "$backup_config_file" # Return the name of the backup file
|
||||
fi
|
||||
fi
|
||||
}
|
|
@ -3,8 +3,9 @@
|
|||
# Exit on command errors and treat unset variables as an error
|
||||
set -eu
|
||||
|
||||
source /usr/share/yunohost/helpers
|
||||
# Source app helpers
|
||||
source ./_common
|
||||
source /usr/share/yunohost/helpers
|
||||
|
||||
# Retrieve arguments
|
||||
domain=$YNH_APP_ARG_DOMAIN
|
||||
|
@ -27,14 +28,17 @@ final_path=/var/www/$app
|
|||
sudo mkdir -p $final_path
|
||||
extract_source $final_path
|
||||
|
||||
# Files owned by root, www-data can just read
|
||||
# Create system user dedicace for this app
|
||||
ynh_system_user_create $app
|
||||
|
||||
# Files owned by user specific can just read
|
||||
sudo find $final_path -type f | xargs sudo chmod 644
|
||||
sudo find $final_path -type d | xargs sudo chmod 755
|
||||
sudo chown -R root: $final_path
|
||||
sudo chown -R $app: $final_path
|
||||
|
||||
# except for data and tmp subdir, where www-data must have write permissions
|
||||
sudo mkdir -p $final_path/{data,tmp}
|
||||
sudo chown -R www-data:root $final_path/{data,tmp}
|
||||
sudo chown -R $app:root $final_path/{data,tmp}
|
||||
sudo chmod 700 $final_path/{data,tmp}
|
||||
|
||||
# Modify Nginx configuration file and copy it to Nginx conf directory
|
||||
|
@ -46,7 +50,7 @@ sudo chown root: $nginxconf
|
|||
sudo chmod 600 $nginxconf
|
||||
|
||||
# Create the php-fpm pool config
|
||||
ynh_pool_fpm
|
||||
ynh_fpm_config
|
||||
|
||||
# Set ssowat config
|
||||
if [ "$is_public" = "No" ];
|
||||
|
|
|
@ -4,8 +4,8 @@
|
|||
set -u
|
||||
|
||||
# Source app helpers
|
||||
source /usr/share/yunohost/helpers
|
||||
source ./_common
|
||||
source /usr/share/yunohost/helpers
|
||||
|
||||
# Get multi-instances specific variables
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
|
@ -13,8 +13,10 @@ app=$YNH_APP_INSTANCE_NAME
|
|||
# Retrieve arguments
|
||||
domain=$(ynh_app_setting_get "$app" domain)
|
||||
|
||||
ynh_secure_rm /var/www/$app
|
||||
ynh_secure_rm /etc/nginx/conf.d/$domain.d/$app.conf
|
||||
ynh_remove_fpm
|
||||
ynh_secure_remove /var/www/$app
|
||||
ynh_secure_remove /etc/nginx/conf.d/$domain.d/$app.conf
|
||||
ynh_remove_fpm_config
|
||||
|
||||
ynh_system_user_delete $app
|
||||
|
||||
sudo systemctl reload nginx
|
|
@ -2,9 +2,9 @@
|
|||
|
||||
# Exit on command errors and treat unset variables as an error
|
||||
set -eu
|
||||
|
||||
source /usr/share/yunohost/helpers
|
||||
# Source app helpers
|
||||
source ./_common
|
||||
source /usr/share/yunohost/helpers
|
||||
|
||||
app=$YNH_APP_INSTANCE_NAME
|
||||
|
||||
|
@ -18,27 +18,30 @@ if [[ ! "$path" == "/" ]]; then
|
|||
path=${path%/}
|
||||
fi
|
||||
|
||||
# Create system user dedicace for this app
|
||||
ynh_system_user_create $app
|
||||
|
||||
# Init final_path, if ever it got deleted somehow
|
||||
final_path=/var/www/$app
|
||||
sudo mkdir -p $final_path
|
||||
|
||||
# Clean all files and directory except the data directory
|
||||
ynh_secure_rm $final_path/cfg
|
||||
ynh_secure_rm $final_path/CREDITS.md
|
||||
ynh_secure_rm $final_path/i18n
|
||||
ynh_secure_rm $final_path/index.php
|
||||
ynh_secure_rm $final_path/js
|
||||
ynh_secure_rm $final_path/README.md
|
||||
ynh_secure_rm $final_path/tmp
|
||||
ynh_secure_rm $final_path/CHANGELOG.md
|
||||
ynh_secure_rm $final_path/css
|
||||
ynh_secure_rm $final_path/favicon.ico
|
||||
ynh_secure_rm $final_path/img
|
||||
ynh_secure_rm $final_path/INSTALL.md
|
||||
ynh_secure_rm $final_path/lib
|
||||
ynh_secure_rm $final_path/robots.txt
|
||||
ynh_secure_rm $final_path/tpl
|
||||
ynh_secure_rm $final_path/data
|
||||
ynh_secure_remove $final_path/cfg
|
||||
ynh_secure_remove $final_path/CREDITS.md
|
||||
ynh_secure_remove $final_path/i18n
|
||||
ynh_secure_remove $final_path/index.php
|
||||
ynh_secure_remove $final_path/js
|
||||
ynh_secure_remove $final_path/README.md
|
||||
ynh_secure_remove $final_path/tmp
|
||||
ynh_secure_remove $final_path/CHANGELOG.md
|
||||
ynh_secure_remove $final_path/css
|
||||
ynh_secure_remove $final_path/favicon.ico
|
||||
ynh_secure_remove $final_path/img
|
||||
ynh_secure_remove $final_path/INSTALL.md
|
||||
ynh_secure_remove $final_path/lib
|
||||
ynh_secure_remove $final_path/robots.txt
|
||||
ynh_secure_remove $final_path/tpl
|
||||
ynh_secure_remove $final_path/data
|
||||
|
||||
# Copy files to the right place
|
||||
extract_source $final_path
|
||||
|
@ -46,11 +49,11 @@ extract_source $final_path
|
|||
# Files owned by root, www-data can just read
|
||||
sudo find $final_path -type f | xargs sudo chmod 644
|
||||
sudo find $final_path -type d | xargs sudo chmod 755
|
||||
sudo chown -R root: $final_path
|
||||
sudo chown -R $app: $final_path
|
||||
|
||||
# except for data and tmp subdir, where www-data must have write permissions
|
||||
sudo mkdir -p $final_path/{data,tmp}
|
||||
sudo chown -R www-data:root $final_path/{data,tmp}
|
||||
sudo chown -R $app:root $final_path/{data,tmp}
|
||||
sudo chmod 700 $final_path/{data,tmp}
|
||||
|
||||
# Modify Nginx configuration file and copy it to Nginx conf directory
|
||||
|
@ -62,7 +65,7 @@ sudo chown root: $nginxconf
|
|||
sudo chmod 600 $nginxconf
|
||||
|
||||
# Create the php-fpm pool config
|
||||
ynh_pool_fpm
|
||||
ynh_fpm_config
|
||||
|
||||
# Set ssowat config
|
||||
ynh_app_setting_set "$app" is_public "$is_public"
|
||||
|
|
Loading…
Reference in a new issue