From ecfa471d565e53d534ee9daa810da2a7a862c123 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Fri, 3 May 2019 20:04:21 +0200 Subject: [PATCH 1/2] Normalization from example_ynh --- README.md | 94 +++++++++++++++++++++----------------- check_process | 9 ---- conf/nginx.conf | 12 ++++- conf/php-fpm.conf | 112 +++++++++++++++++++++++++++++++--------------- manifest.json | 6 +-- scripts/backup | 22 ++++++--- scripts/install | 41 ++++++++++------- scripts/remove | 22 ++++++--- scripts/restore | 36 ++++++++++----- scripts/upgrade | 100 ++++++++++++++++++++--------------------- 10 files changed, 271 insertions(+), 183 deletions(-) diff --git a/README.md b/README.md index 7a83591..f32cf51 100644 --- a/README.md +++ b/README.md @@ -1,38 +1,12 @@ -# PrivateBin package for YunoHost +# PrivateBin for YunoHost +[![Integration level](https://dash.yunohost.org/integration/zerobin.svg)](https://dash.yunohost.org/appci/app/zerobin) [![Install PrivateBin with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=zerobin) -## PrivateBin c’est quoi ? +> *This package allow you to install PrivateBin quickly and simply on a YunoHost server. +If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.* -PrivateBin est un pastebin en ligne open source minimaliste où le serveur n'a aucune connaissance des données collées. - -Les données sont chiffrées / déchiffrées dans le navigateur à l'aide de 256bit AES en mode Galois Counter. - -C'est un fork de ZeroBin, développée à l'origine par Sébastien Sauvage. Il a été recodé pour permettre des extensions plus faciles et plus propres et a maintenant beaucoup plus de fonctionnalités que l'original. Cependant, il est encore entièrement compatible avec le système de stockage de données original ZeroBin 0.19. Par conséquent, de telles installations peuvent être mises à niveau vers ce fork sans perdre de données. - -Source : [privatebin.info](https://privatebin.info) - -### Installation -```bash -$ sudo yunohost app install zerobin -``` - -### Mise à jour -```bash -$ sudo yunohost app upgrade --verbose zerobin -u https://github.com/YunoHost-Apps/zerobin_ynh.git -``` - -### Recommandation - -Dans la [documentation de mise à jour](https://github.com/PrivateBin/PrivateBin/wiki/Configuration#zerobincompatibility) de Parsebin, il est précisé que : - -> Pour une compatibilité totale avec ZeroBin et pour pouvoir décrypter les anciennes données, vous autoriseriez cette option. Cependant, cela n'est pas recommandé pour les nouvelles installations car cela affaiblit la sécurité de votre instance PrivateBin. - -Ce qui veut dire que nous avons pris le parti de supprimer le répertoire qui permet de sauvegarder les données. Vous pouvez sauvegarder le répertoire 'data', si vous souhaitez concerver vos données. Mais vous devez savoir que celà affaibli la sécurité de cette application. - ---- - -## What is PrivateBin? +## Overview PrivateBin is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. @@ -40,22 +14,60 @@ Data is encrypted/decrypted in the browser using 256bit AES in Galois Counter mo This is a fork of ZeroBin, originally developed by Sébastien Sauvage. It was refactored to allow easier and cleaner extensions and has now much more features than the original. It is however still fully compatible to the original ZeroBin 0.19 data storage scheme. Therefore such installations can be upgraded to this fork without loosing any data. -Source: [privatebin.info](https://privatebin.info) +**Shipped version:** 1.1.1 -### Install -```bash -$ sudo yunohost app install zerobin -``` +## Screenshots -### Update -```bash -$ sudo yunohost app upgrade --verbose zerobin -u https://github.com/YunoHost-Apps/zerobin_ynh.git -``` +![](https://privatebin.info/img/1.0/bootstrap.png) -### Recommandation +## Demo + +* [YunoHost demo](https://demo.yunohost.org/zerobin/) +* [Official demo](https://privatebin.net/) + +## Configuration + +## Documentation + + * Official documentation: https://github.com/PrivateBin/PrivateBin/wiki + +## YunoHost specific features + +#### Multi-users support + +#### Supported architectures + +* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/zerobin%20%28Official%29.svg)](https://ci-apps.yunohost.org/ci/apps/zerobin/) +* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/zerobin%20%28Official%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/zerobin/) +* Jessie x86-64b - [![Build Status](https://ci-stretch.nohost.me/ci/logs/zerobin%20%28Official%29.svg)](https://ci-stretch.nohost.me/ci/apps/zerobin/) + +## Limitations + +## Additional information In the [update documentation](https://github.com/PrivateBin/PrivateBin/wiki/Configuration#zerobincompatibility) of Parsebin, it is specified that: For full compatibility with ZeroBin and to be able to decrypt old pastes, you would enable this option. However this is not recommend for new installations as it weakens the security of your PrivateBin instance. This means that we have decided to delete the directory that allows us to save the data. You can save the 'data' directory, if you want to keep your data. But you should know that this weakens the security of this application. + +## Links + + * Report a bug: https://github.com/YunoHost-Apps/zerobin_ynh/issues + * PrivateBin website: https://privatebin.info/ + * YunoHost website: https://yunohost.org/ + +--- + +Developers info +---------------- + +**Only if you want to use a testing branch for coding, instead of merging directly into master.** +Please do your pull request to the [testing branch](https://github.com/YunoHost-Apps/zerobin_ynh/tree/testing). + +To try the testing branch, please proceed like that. +``` +sudo yunohost app install https://github.com/YunoHost-Apps/zerobin_ynh/tree/testing --debug +or +sudo yunohost app upgrade zerobin -u https://github.com/YunoHost-Apps/zerobin_ynh/tree/testing --debug +``` diff --git a/check_process b/check_process index 8cd16db..689adb4 100644 --- a/check_process +++ b/check_process @@ -18,16 +18,7 @@ port_already_use=0 change_url=0 ;;; Levels - Level 1=auto - Level 2=auto - Level 3=auto - Level 4=na Level 5=auto - Level 6=auto - Level 7=auto - Level 8=0 - Level 9=0 - Level 10=0 ;;; Options Email= Notification=none diff --git a/conf/nginx.conf b/conf/nginx.conf index 026b928..9d6af69 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,13 +1,21 @@ -location __PATH__ { +#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; +location __PATH__/ { + + # Path to source alias __FINALPATH__/; + + # Force usage of https if ($scheme = http) { rewrite ^ https://$server_name$request_uri? permanent; } + index index.php; + try_files $uri $uri/ index.php; location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; - fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock; + fastcgi_pass unix:/var/run/php/php7.0-fpm-__NAME__.sock; + fastcgi_index index.php; include fastcgi_params; fastcgi_param REMOTE_USER $remote_user; diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index cec73f5..2b5d7b2 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -1,10 +1,11 @@ ; Start a new pool named 'www'. -; the variable $pool can we used in any directive and will be replaced by the +; the variable $pool can be used in any directive and will be replaced by the ; pool name ('www' here) [__NAMETOCHANGE__] ; Per pool prefix ; It only applies on the following directives: +; - 'access.log' ; - 'slowlog' ; - 'listen' (unixsocket) ; - 'chroot' @@ -24,28 +25,35 @@ group = __USER__ ; The address on which to accept FastCGI requests. ; Valid syntaxes are: -; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on ; a specific port; -; 'port' - to listen on a TCP socket to all addresses on a -; specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; ; '/path/to/unix/socket' - to listen on a unix socket. ; Note: This value is mandatory. -listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock +listen = /var/run/php/php7.0-fpm-__NAMETOCHANGE__.sock ; Set listen(2) backlog. -; Default Value: 128 (-1 on FreeBSD and OpenBSD) -;listen.backlog = 128 +; Default Value: 511 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 511 ; Set permissions for unix socket, if one is used. In Linux, read/write ; permissions must be set in order to allow connections from a web server. Many -; BSD-derived systems allow connections regardless of permissions. +; BSD-derived systems allow connections regardless of permissions. ; Default Values: user and group are set as the running user ; mode is set to 0660 listen.owner = www-data listen.group = www-data ;listen.mode = 0660 - -; List of ipv4 addresses of FastCGI clients which are allowed to connect. +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = + +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original ; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address ; must be separated by a comma. If this value is left blank, connections will be @@ -59,7 +67,13 @@ listen.group = www-data ; - The pool processes will inherit the master process priority ; unless it specified otherwise ; Default Value: no set -; priority = -19 +; process.priority = -19 + +; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user +; or group is differrent than the master process user. It allows to create process +; core dump and ptrace the process for the pool user. +; Default Value: no +; process.dumpable = yes ; Choose how the process manager will control the number of child processes. ; Possible Values: @@ -96,7 +110,7 @@ pm = dynamic ; forget to tweak pm.* to fit your needs. ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' ; Note: This value is mandatory. -pm.max_children = 10 +pm.max_children = 5 ; The number of child processes created on startup. ; Note: Used only when pm is set to 'dynamic' @@ -117,12 +131,12 @@ pm.max_spare_servers = 3 ; Note: Used only when pm is set to 'ondemand' ; Default Value: 10s ;pm.process_idle_timeout = 10s; - + ; The number of requests each child process should execute before respawning. ; This can be useful to work around memory leaks in 3rd party libraries. For ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. ; Default Value: 0 -pm.max_requests = 500 +;pm.max_requests = 500 ; The URI to view the FPM status page. If this value is not set, no URI will be ; recognized as a status page. It shows the following informations: @@ -170,7 +184,7 @@ pm.max_requests = 500 ; ; By default the status page only outputs short status. Passing 'full' in the ; query string will also return status for each pool process. -; Example: +; Example: ; http://www.foo.bar/status?full ; http://www.foo.bar/status?json&full ; http://www.foo.bar/status?html&full @@ -215,14 +229,14 @@ pm.max_requests = 500 ; last request memory: 0 ; ; Note: There is a real-time FPM status monitoring sample web page available -; It's available in: ${prefix}/share/fpm/status.html +; It's available in: /usr/share/php/7.0/fpm/status.html ; ; Note: The value must start with a leading slash (/). The value can be ; anything, but it may not be a good idea to use the .php extension or it ; may conflict with a real PHP file. -; Default Value: not set +; Default Value: not set ;pm.status_path = /status - + ; The ping URI to call the monitoring page of FPM. If this value is not set, no ; URI will be recognized as a ping page. This could be used to test from outside ; that FPM is alive and responding, or to @@ -275,7 +289,7 @@ pm.max_requests = 500 ; - %{megabytes}M ; - %{mega}M ; %n: pool name -; %o: ouput header +; %o: output header ; it must be associated with embraces to specify the name of the header: ; - %{Content-Type}o ; - %{X-Powered-By}o @@ -283,7 +297,7 @@ pm.max_requests = 500 ; - .... ; %p: PID of the child that serviced the request ; %P: PID of the parent of the child that serviced the request -; %q: the query string +; %q: the query string ; %Q: the '?' character if query string exists ; %r: the request URI (without the query string, see %q and %Q) ; %R: remote IP address @@ -291,72 +305,85 @@ pm.max_requests = 500 ; %t: server time the request was received ; it can accept a strftime(3) format: ; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t ; %T: time the log has been written (the request has finished) ; it can accept a strftime(3) format: ; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t ; %u: remote user ; ; Default: "%R - %u %t \"%m %r\" %s" ;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" - + ; The log file for slow requests ; Default Value: not set ; Note: slowlog is mandatory if request_slowlog_timeout is set -slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log - +;slowlog = log/$pool.log.slow + ; The timeout for serving a single request after which a PHP backtrace will be ; dumped to the 'slowlog' file. A value of '0s' means 'off'. ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Default Value: 0 -request_slowlog_timeout = 5s - +;request_slowlog_timeout = 0 + ; The timeout for serving a single request after which the worker process will ; be killed. This option should be used when the 'max_execution_time' ini option ; does not stop script execution for some reason. A value of '0' means 'off'. ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Default Value: 0 request_terminate_timeout = 1d - + ; Set open file descriptor rlimit. ; Default Value: system defined value ;rlimit_files = 1024 - + ; Set max core size rlimit. ; Possible Values: 'unlimited' or an integer greater or equal to 0 ; Default Value: system defined value ;rlimit_core = 0 - + ; Chroot to this directory at the start. This value must be defined as an ; absolute path. When this value is not set, chroot is not used. ; Note: you can prefix with '$prefix' to chroot to the pool prefix or one ; of its subdirectories. If the pool prefix is not set, the global prefix ; will be used instead. -; Note: chrooting is a great security feature and should be used whenever +; Note: chrooting is a great security feature and should be used whenever ; possible. However, all PHP paths will be relative to the chroot ; (error_log, sessions.save_path, ...). ; Default Value: not set -;chroot = - +;chroot = + ; Chdir to this directory at the start. ; Note: relative path can be used. ; Default Value: current directory or / when chroot chdir = __FINALPATH__ - + ; Redirect worker stdout and stderr into main error log. If not set, stdout and ; stderr will be redirected to /dev/null according to FastCGI specs. ; Note: on highloaded environement, this can cause some delay in the page ; process time (several ms). ; Default Value: no -catch_workers_output = yes +;catch_workers_output = yes + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no ; Limits the extensions of the main script FPM will allow to parse. This can ; prevent configuration mistakes on the web server side. You should only limit ; FPM to .php extensions to prevent malicious users to use other extensions to -; exectute php code. +; execute php code. ; Note: set an empty value to allow all extensions. ; Default Value: .php -;security.limit_extensions = .php .php3 .php4 .php5 - +;security.limit_extensions = .php .php3 .php4 .php5 .php7 + ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from ; the current environment. ; Default Value: clean env @@ -370,7 +397,7 @@ catch_workers_output = yes ; overwrite the values previously defined in the php.ini. The directives are the ; same as the PHP SAPI: ; php_value/php_flag - you can set classic ini defines which can -; be overwritten from PHP call 'ini_set'. +; be overwritten from PHP call 'ini_set'. ; php_admin_value/php_admin_flag - these directives won't be overwritten by ; PHP call 'ini_set' ; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. @@ -391,5 +418,16 @@ catch_workers_output = yes ;php_admin_flag[log_errors] = on ;php_admin_value[memory_limit] = 32M +; Common values to change to increase file upload limit +; php_admin_value[upload_max_filesize] = 50M +; php_admin_value[post_max_size] = 50M +; php_admin_flag[mail.add_x_header] = Off + +; Other common parameters +; php_admin_value[max_execution_time] = 600 +; php_admin_value[max_input_time] = 300 +; php_admin_value[memory_limit] = 256M +; php_admin_flag[short_open_tag] = On + php_admin_value[upload_max_filesize] = 30M php_admin_value[post_max_size] = 30M diff --git a/manifest.json b/manifest.json index ed33f1c..d34a079 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "A minimalist, opensource online pastebin where the server has zero knowledge of pasted data", "fr": "Un pastebin minimaliste, libre et où le serveur n'a aucune connaissance des données copiées" }, - "version": "1.1.1", + "version": "1.1.1~ynh2", "url": "http://sebsauvage.net/wiki/doku.php?id=php:zerobin", "license": "Zlib", "maintainer": { @@ -14,7 +14,7 @@ "email": "julien.malik@paraiso.me" }, "requirements": { - "yunohost": ">= 2.7.2" + "yunohost": ">= 3.5" }, "multi_instance": true, "services": [ @@ -49,7 +49,7 @@ "en": "Is it a public Zerobin site ?", "fr": "Est-ce un site public ?" }, - "default": "true" + "default": true } ] } diff --git a/scripts/backup b/scripts/backup index 01e8284..892b966 100644 --- a/scripts/backup +++ b/scripts/backup @@ -2,11 +2,11 @@ #================================================= # GENERIC START - #================================================= # IMPORT GENERIC HELPERS #================================================= +# source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers #================================================= @@ -19,28 +19,38 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= +ynh_script_progression --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME -final_path=$(ynh_app_setting_get $app final_path) -domain=$(ynh_app_setting_get $app domain) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +domain=$(ynh_app_setting_get --app=$app --key=domain) #================================================= # STANDARD BACKUP STEPS #================================================= # BACKUP THE APP MAIN DIR #================================================= +ynh_script_progression --message="Backing up the main app directory..." -ynh_backup "$final_path" +ynh_backup --src_path="$final_path" #================================================= # BACKUP THE NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Backing up nginx web server configuration..." -ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # BACKUP THE PHP-FPM CONFIGURATION #================================================= +ynh_script_progression --message="Backing up php-fpm configuration..." -ynh_backup "/etc/php5/fpm/pool.d/$app.conf" +ynh_backup --src_path="/etc/php/7.0/fpm/pool.d/$app.conf" + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." --last diff --git a/scripts/install b/scripts/install index 8631e71..5ba2e9e 100644 --- a/scripts/install +++ b/scripts/install @@ -6,6 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= +# source _common.sh source /usr/share/yunohost/helpers #================================================= @@ -19,7 +20,6 @@ ynh_abort_if_errors # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= -# Retrieve arguments domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH is_public=$YNH_APP_ARG_IS_PUBLIC @@ -29,39 +29,38 @@ app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= +ynh_script_progression --message="Validating installation parameters..." final_path=/var/www/$app test ! -e "$final_path" || ynh_die "This path already contains a folder" -# Normalize the url path syntax -path_url=$(ynh_normalize_url_path $path_url) - -# Check web path availability -ynh_webpath_available $domain $path_url # Register (book) web path -ynh_webpath_register $app $domain $path_url +ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= +ynh_script_progression --message="Storing installation settings..." -ynh_app_setting_set $app domain $domain -ynh_app_setting_set $app path $path_url -ynh_app_setting_set $app is_public $is_public +ynh_app_setting_set --app=$app --key=domain --value=$domain +ynh_app_setting_set --app=$app --key=path --value=$path_url +ynh_app_setting_set --app=$app --key=is_public --value=$is_public #================================================= # STANDARD MODIFICATIONS #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= +ynh_script_progression --message="Setting up source files..." --weight=3 -ynh_app_setting_set $app final_path $final_path +ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source "$final_path" +ynh_setup_source --dest_dir="$final_path" #================================================= # NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Configuring nginx web server..." # Create a dedicated nginx config ynh_add_nginx_config @@ -69,13 +68,15 @@ ynh_add_nginx_config #================================================= # CREATE DEDICATED USER #================================================= +ynh_script_progression --message="Configuring system user..." --weight=3 # Create a system user -ynh_system_user_create $app +ynh_system_user_create --username=$app #================================================= # PHP-FPM CONFIGURATION #================================================= +ynh_script_progression --message="Configuring php-fpm..." --weight=2 # Create a dedicated php-fpm config ynh_add_fpm_config @@ -92,7 +93,7 @@ chown -R root: $final_path find $final_path -type f | xargs chmod 644 find $final_path -type d | xargs chmod 755 -# except for data and tmp subdir, where the user must have write permissions +# Except for data and tmp subdir, where the user must have write permissions mkdir -p $final_path/{data,tmp} chown -R $app:root $final_path/{data,tmp} chmod 700 $final_path/{data,tmp} @@ -100,15 +101,23 @@ chmod 700 $final_path/{data,tmp} #================================================= # SETUP SSOWAT #================================================= +ynh_script_progression --message="Configuring SSOwat..." # If app is public, add url to SSOWat conf as skipped_uris if [ $is_public -eq 1 ]; then # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set "$app" unprotected_uris "/" + ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" fi #================================================= # RELOAD NGINX #================================================= +ynh_script_progression --message="Reloading nginx web server..." -systemctl reload nginx +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Installation of $app completed" --last diff --git a/scripts/remove b/scripts/remove index 19e3821..89dfbfc 100644 --- a/scripts/remove +++ b/scripts/remove @@ -6,31 +6,33 @@ # IMPORT GENERIC HELPERS #================================================= +# source _common.sh source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= +ynh_script_progression --message="Loading installation settings..." --weight=2 -# Get multi-instances specific variables app=$YNH_APP_INSTANCE_NAME -# Retrieve arguments -domain=$(ynh_app_setting_get "$app" domain) -final_path=$(ynh_app_setting_get $app final_path) +domain=$(ynh_app_setting_get --app=$app --key=domain) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= # STANDARD REMOVE #================================================= # REMOVE APP MAIN DIR #================================================= +ynh_script_progression --message="Removing app main directory" --weight=2 # Remove the app directory securely -ynh_secure_remove "$final_path" +ynh_secure_remove --file="$final_path" #================================================= # REMOVE NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Removing nginx web server configuration" --weight=3 # Remove the dedicated nginx config ynh_remove_nginx_config @@ -38,6 +40,7 @@ ynh_remove_nginx_config #================================================= # REMOVE PHP-FPM CONFIGURATION #================================================= +ynh_script_progression --message="Removing php-fpm configuration" # Remove the dedicated php-fpm config ynh_remove_fpm_config @@ -47,6 +50,13 @@ ynh_remove_fpm_config #================================================= # REMOVE DEDICATED USER #================================================= +ynh_script_progression --message="Removing the dedicated system user" # Delete a system user -ynh_system_user_delete $app +ynh_system_user_delete --username=$app + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Removal of $app completed" --last diff --git a/scripts/restore b/scripts/restore index 9551f33..19176b2 100644 --- a/scripts/restore +++ b/scripts/restore @@ -6,6 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= +# source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers #================================================= @@ -18,21 +19,23 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= +ynh_script_progression --message="Loading settings..." app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get $app domain) -path_url=$(ynh_app_setting_get $app path) -final_path=$(ynh_app_setting_get $app final_path) +domain=$(ynh_app_setting_get --app=$app --key=domain) +path_url=$(ynh_app_setting_get --app=$app --key=path) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= +ynh_script_progression --message="Validating restoration parameters..." --weight=2 -ynh_webpath_available $domain $path_url \ - || ynh_die "Path not available: ${domain}${path_url}" +ynh_webpath_available --domain=$domain --path_url=$path_url \ + || ynh_die --message="Path not available: ${domain}${path_url}" test ! -d $final_path \ - || ynh_die "There is already a directory: $final_path " + || ynh_die --message="There is already a directory: $final_path " #================================================= # STANDARD RESTORATION STEPS @@ -40,20 +43,22 @@ test ! -d $final_path \ # RESTORE THE NGINX CONFIGURATION #================================================= -ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # RESTORE THE APP MAIN DIR #================================================= +ynh_script_progression --message="Restoring the app main directory..." -ynh_restore_file "$final_path" +ynh_restore_file --origin_path="$final_path" #================================================= # RECREATE THE DEDICATED USER #================================================= +ynh_script_progression --message="Recreating the dedicated system user..." --weight=4 # Create the dedicated user (if not existing) -ynh_system_user_create $app +ynh_system_user_create --username=$app #================================================= # RESTORE USER RIGHTS @@ -65,13 +70,20 @@ chown -R $app:root $final_path/{data,tmp} # RESTORE THE PHP-FPM CONFIGURATION #================================================= -ynh_restore_file "/etc/php5/fpm/pool.d/$app.conf" +ynh_restore_file --origin_path="/etc/php/7.0/fpm/pool.d/$app.conf" #================================================= # GENERIC FINALIZATION #================================================= # RELOAD NGINX AND PHP-FPM #================================================= +ynh_script_progression --message="Reloading nginx web server and php-fpm..." -systemctl reload php5-fpm -systemctl reload nginx +ynh_systemd_action --service_name=php7.0-fpm --action=reload +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Restoration completed for $app" --last diff --git a/scripts/upgrade b/scripts/upgrade index 09ddaf4..bf94e62 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -6,50 +6,61 @@ # IMPORT GENERIC HELPERS #================================================= +# source _common.sh source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= +ynh_script_progression --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get $app domain) -path_url=$(ynh_app_setting_get $app path) -is_public=$(ynh_app_setting_get $app is_public) -final_path=$(ynh_app_setting_get $app final_path) +domain=$(ynh_app_setting_get --app=$app --key=domain) +path_url=$(ynh_app_setting_get --app=$app --key=path) +is_public=$(ynh_app_setting_get --app=$app --key=is_public) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) + +#================================================= +# CHECK VERSION +#================================================= + +upgrade_type=$(ynh_check_app_version_changed) #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= +ynh_script_progression --message="Ensuring downward compatibility..." # Fix is_public as a boolean value if [ "$is_public" = "Yes" ]; then - ynh_app_setting_set $app is_public 1 + ynh_app_setting_set --app=$app --key=is_public --value=1 is_public=1 elif [ "$is_public" = "No" ]; then - ynh_app_setting_set $app is_public 0 + ynh_app_setting_set --app=$app --key=is_public --value=0 is_public=0 -elif [ -z "$is_public" ]; then +elif [ -z "$is_public" ] +then if grep --quiet "unprotected_uris" "/etc/yunohost/apps/$app/settings.yml" then - ynh_app_setting_set $app is_public 1 + ynh_app_setting_set --app=$app --key=is_public --value=1 is_public=1 else - ynh_app_setting_set $app is_public 0 + ynh_app_setting_set --app=$app --key=is_public --value=0 is_public=0 fi fi # If final_path doesn't exist, create it -if [ -z $final_path ]; then +if [ -z "$final_path" ]; then final_path=/var/www/$app - ynh_app_setting_set $app final_path $final_path + ynh_app_setting_set --app=$app --key=final_path --value=$final_path fi #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=3 # Backup the current version of the app ynh_backup_before_upgrade @@ -69,9 +80,22 @@ path_url=$(ynh_normalize_url_path $path_url) #================================================= # STANDARD UPGRADE STEPS +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= + +if [ "$upgrade_type" == "UPGRADE_APP" ] +then + ynh_script_progression --message="Upgrading source files..." --weight=3 + + # Download, check integrity, uncompress and patch the source from app.src + ynh_setup_source --dest_dir="$final_path" +fi + #================================================= # NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Upgrading nginx web server configuration..." # Create a dedicated nginx config ynh_add_nginx_config @@ -79,49 +103,19 @@ ynh_add_nginx_config #================================================= # CREATE DEDICATED USER #================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." --weight=2 -# Create a system user -ynh_system_user_create $app +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app #================================================= # PHP-FPM CONFIGURATION #================================================= +ynh_script_progression --message="Upgrading php-fpm configuration..." --weight=3 # Create a dedicated php-fpm config ynh_add_fpm_config -#================================================= -# SPECIFIC UPGRADE -#================================================= -# REMOVE OLD FILES -#================================================= - -# ??? Maybe julienmalik can explain us why he would remove all this files. -# Clean all files and directory except the data directory -ynh_secure_remove $final_path/cfg -ynh_secure_remove $final_path/CREDITS.md -ynh_secure_remove $final_path/i18n -ynh_secure_remove $final_path/index.php -ynh_secure_remove $final_path/js -ynh_secure_remove $final_path/README.md -ynh_secure_remove $final_path/tmp -ynh_secure_remove $final_path/CHANGELOG.md -ynh_secure_remove $final_path/css -ynh_secure_remove $final_path/favicon.ico -ynh_secure_remove $final_path/img -ynh_secure_remove $final_path/INSTALL.md -ynh_secure_remove $final_path/lib -ynh_secure_remove $final_path/robots.txt -ynh_secure_remove $final_path/tpl -ynh_secure_remove $final_path/data - -#================================================= -# DOWNLOAD, CHECK AND UNPACK SOURCE -#================================================= - -# Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source "$final_path" - #================================================= # GENERIC FINALIZATION #================================================= @@ -142,19 +136,23 @@ chmod 700 $final_path/{data,tmp} #================================================= # SETUP SSOWAT #================================================= - -#================================================= -# SETUP SSOWAT -#================================================= +ynh_script_progression --message="Upgrading SSOwat configuration..." # If app is public, add url to SSOWat conf as skipped_uris if [ $is_public -eq 1 ]; then # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set "$app" unprotected_uris "/" + ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" fi #================================================= # RELOAD NGINX #================================================= +ynh_script_progression --message="Reloading nginx web server..." -systemctl reload nginx +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Upgrade of $app completed" --last From 2f3f833c1b070be3eecabaccee937132d2fa65e7 Mon Sep 17 00:00:00 2001 From: Kayou Date: Thu, 9 May 2019 10:29:06 +0200 Subject: [PATCH 2/2] ynh_die getops --- scripts/install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install b/scripts/install index 5ba2e9e..c22e678 100644 --- a/scripts/install +++ b/scripts/install @@ -32,7 +32,7 @@ app=$YNH_APP_INSTANCE_NAME ynh_script_progression --message="Validating installation parameters..." final_path=/var/www/$app -test ! -e "$final_path" || ynh_die "This path already contains a folder" +test ! -e "$final_path" || ynh_die --message="This path already contains a folder" # Register (book) web path ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url