#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= ynh_script_progression --message="Loading installation settings..." --weight=1 app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) is_public=$(ynh_app_setting_get --app=$app --key=is_public) final_path=$(ynh_app_setting_get --app=$app --key=final_path) phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= # CHECK VERSION #================================================= upgrade_type=$(ynh_check_app_version_changed) #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= ynh_script_progression --message="Ensuring downward compatibility..." --weight=3 # Fix is_public as a boolean value if [ "$is_public" = "Yes" ]; then ynh_app_setting_set --app=$app --key=is_public --value=1 is_public=1 elif [ "$is_public" = "No" ]; then ynh_app_setting_set --app=$app --key=is_public --value=0 is_public=0 elif [ -z "$is_public" ] then if grep --quiet "unprotected_uris" "/etc/yunohost/apps/$app/settings.yml" then ynh_app_setting_set --app=$app --key=is_public --value=1 is_public=1 else ynh_app_setting_set --app=$app --key=is_public --value=0 is_public=0 fi fi # If final_path doesn't exist, create it if [ -z "$final_path" ]; then final_path=/var/www/$app ynh_app_setting_set --app=$app --key=final_path --value=$final_path fi #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= ynh_script_progression --message="Backing up PrivateBin before upgrading (may take a while)..." --weight=3 # Backup the current version of the app ynh_backup_before_upgrade ynh_clean_setup () { # restore it if the upgrade fails ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # STANDARD UPGRADE STEPS #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= if [ "$upgrade_type" == "UPGRADE_APP" ] then ynh_script_progression --message="Upgrading source files..." --weight=3 # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" fi #================================================= # NGINX CONFIGURATION #================================================= ynh_script_progression --message="Upgrading NGINX web server configuration..." # Create a dedicated NGINX config ynh_add_nginx_config #================================================= # CREATE DEDICATED USER #================================================= ynh_script_progression --message="Making sure dedicated system user exists..." --weight=2 # Create a dedicated user (if not existing) ynh_system_user_create --username=$app #================================================= # PHP-FPM CONFIGURATION #================================================= ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=3 # Create a dedicated PHP-FPM config ynh_add_fpm_config #================================================= # GENERIC FINALIZATION #================================================= # SECURE FILES AND DIRECTORIES #================================================= # Set permissions to app files chown -R root: $final_path # Files owned by user specific can just read find $final_path -type f | xargs chmod 644 find $final_path -type d | xargs chmod 755 # except for data and tmp subdir, where the user must have write permissions mkdir -p $final_path/{data,tmp} chown -R $app:root $final_path/{data,tmp} chmod 700 $final_path/{data,tmp} #================================================= # SETUP SSOWAT #================================================= ynh_script_progression --message="Upgrading SSOwat configuration..." --weight=1 # If app is public, add url to SSOWat conf as skipped_uris if [ $is_public -eq 1 ]; then # unprotected_uris allows SSO credentials to be passed anyway. ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" else # If the app is private, viewing paste stays publicly accessible. # Modify the domain to be used in a regex domain_regex=$(echo "$domain" | sed 's@-@.@g') ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/$" ynh_app_setting_set --app=$app --key=unprotected_regex --value="$domain_regex$path_url/.*$" fi #================================================= # RELOAD NGINX #================================================= ynh_script_progression --message="Reloading NGINX web server..." --weight=1 ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT #================================================= ynh_script_progression --message="Upgrade of PrivateBin completed" --last