From 28a64f3af99e14e498833608fa7d0f28970a1dec Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 9 Dec 2020 17:39:51 +0100 Subject: [PATCH 1/7] Remove systemd stop/start --- scripts/backup | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/scripts/backup b/scripts/backup index bac28eb..91b17e3 100755 --- a/scripts/backup +++ b/scripts/backup @@ -22,13 +22,6 @@ final_path=$(ynh_app_setting_get --app="$app" --key=final_path) domain=$(ynh_app_setting_get --app="$app" --key=domain) db_name=$(ynh_app_setting_get --app="$app" --key=db_name) -#================================================= -# STOP SYSTEMD SERVICE -#================================================= -ynh_print_info --message="Stopping systemd services..." - -ynh_systemd_action --service_name="$app" --action="stop" - #================================================= # DECLARE DATA AND CONF FILES TO BACKUP #================================================= @@ -66,12 +59,6 @@ ynh_backup --src_path="/etc/logrotate.d/$app" ynh_backup --src_path="/etc/systemd/system/$app.service" -#================================================= -# START SYSTEMD SERVICE -#================================================= - -ynh_systemd_action --service_name="$app" --action="start" - #================================================= # END OF SCRIPT #================================================= From eeb294dceb40b196947a9290635ee32037458a9e Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 9 Dec 2020 17:41:43 +0100 Subject: [PATCH 2/7] Remove sudo --- scripts/install | 8 ++++---- scripts/restore | 2 +- scripts/upgrade | 8 ++++---- 3 files changed, 9 insertions(+), 9 deletions(-) diff --git a/scripts/install b/scripts/install index 5158caf..39ebc2e 100755 --- a/scripts/install +++ b/scripts/install @@ -191,7 +191,7 @@ ynh_use_logrotate "$log_file" #================================================= ynh_script_progression --message="Integrating service in YunoHost..." -yunohost service add "$app" --log "${log_file}" +yunohost service add "$app" --log="${log_file}" #================================================= # GENERIC FINALIZATION @@ -200,9 +200,9 @@ yunohost service add "$app" --log "${log_file}" #================================================= # Set permissions to app files -sudo chown -R "$app" "$log_path" -sudo chown -R "$app" "$public_path" -sudo chown -R "$app" "$final_path" +chown -R "$app" "$log_path" +chown -R "$app" "$public_path" +chown -R "$app" "$final_path" #================================================= # SETUP SYSTEMD diff --git a/scripts/restore b/scripts/restore index d1a21aa..23b36a9 100755 --- a/scripts/restore +++ b/scripts/restore @@ -102,7 +102,7 @@ systemctl enable $app.service --quiet #================================================= ynh_script_progression --message="Integrating service in YunoHost..." -yunohost service add "$app" --log "/var/log/$app/pyinventory.log" +yunohost service add "$app" --log="${log_file}" #================================================= # RESTORE THE LOGROTATE CONFIGURATION diff --git a/scripts/upgrade b/scripts/upgrade index 74c621e..d244b34 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -180,7 +180,7 @@ ynh_use_logrotate --non-append #================================================= ynh_script_progression --message="Integrating service in YunoHost..." -yunohost service add "$app" --log "${log_file}" +yunohost service add "$app" --log="${log_file}" #================================================= # GENERIC FINALIZATION @@ -189,9 +189,9 @@ yunohost service add "$app" --log "${log_file}" #================================================= # Set permissions to app files -sudo chown -R "$app" "$log_path" -sudo chown -R "$app" "$public_path" -sudo chown -R "$app" "$final_path" +chown -R "$app" "$log_path" +chown -R "$app" "$public_path" +chown -R "$app" "$final_path" #================================================= # SETUP SSOWAT From 0cfa0bd871dcf4beafa6225334033b40fa8c57f9 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 9 Dec 2020 17:44:40 +0100 Subject: [PATCH 3/7] Create check_process --- check_process | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) create mode 100644 check_process diff --git a/check_process b/check_process new file mode 100644 index 0000000..2757e35 --- /dev/null +++ b/check_process @@ -0,0 +1,33 @@ +# See here for more information +# https://github.com/YunoHost/package_check#syntax-check_process-file + +# Move this file from check_process.default to check_process when you have filled it. + +;; Test complet + ; Manifest + domain="domain.tld" (DOMAIN) + path="/path" (PATH) + admin="john" (USER) + is_public=1 (PUBLIC|public=1|private=0) + password="pass" + port="666" (PORT) + ; Checks + pkg_linter=1 + setup_sub_dir=1 + setup_root=1 + setup_nourl=0 + setup_private=1 + setup_public=1 + upgrade=1 + backup_restore=1 + multi_instance=1 + port_already_use=0 + change_url=1 +;;; Options +Email= +Notification=none +;;; Upgrade options + ; commit=CommitHash + name=Name and date of the commit. + manifest_arg=domain=DOMAIN&path=PATH&admin=USER&language=fr&is_public=1&password=pass&port=666& + From 83f4ee4a1dee60a631f0616fd922df83e7e130fe Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 9 Dec 2020 17:49:11 +0100 Subject: [PATCH 4/7] Use ynh_exec_as instead of sudo --- scripts/_common.sh | 15 +++++++++++++++ scripts/install | 16 +++++++++------- scripts/upgrade | 8 ++++---- 3 files changed, 28 insertions(+), 11 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index bf76472..522e19c 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -71,4 +71,19 @@ ynh_redis_get_free_db() { ynh_redis_remove_db() { local db=$1 redis-cli -n "$db" flushall +} + +#================================================= + +# Execute a command as another user +# usage: ynh_exec_as USER COMMAND [ARG ...] +ynh_exec_as() { + local USER=$1 + shift 1 + + if [[ $USER = $(whoami) ]]; then + eval "$@" + else + sudo -u "$USER" "$@" + fi } \ No newline at end of file diff --git a/scripts/install b/scripts/install index 39ebc2e..40f4a86 100755 --- a/scripts/install +++ b/scripts/install @@ -31,8 +31,8 @@ ynh_webpath_register --app="$app" --domain="$domain" --path_url="$path_url" mkdir -p "$public_path/media" "$public_path/static" mkdir -p "$final_path" -sudo mkdir -p "$log_path" -sudo touch "${log_file}" +mkdir -p "$log_path" +touch "${log_file}" #================================================= # STORE SETTINGS FROM MANIFEST @@ -103,16 +103,16 @@ ynh_system_user_create --username="$app" --home_dir="$final_path" --use_shell ynh_script_progression --message="Install PyInventory using PIP..." --weight=80 virtualenv --python=python3 "${final_path}/venv" -sudo chown -R "$app" "$final_path" +chown -R "$app" "$final_path" #run source in a 'sub shell' ( set +o nounset source "${final_path}/venv/bin/activate" set -o nounset - sudo -u $app $final_path/venv/bin/pip install --upgrade pip - sudo -u $app $final_path/venv/bin/pip install --upgrade setuptools wheel psycopg2-binary - sudo -u $app $final_path/venv/bin/pip install --upgrade pyinventory=="$pyinventory_version" + ynh_exec_as $app $final_path/venv/bin/pip install --upgrade pip + ynh_exec_as $app $final_path/venv/bin/pip install --upgrade setuptools wheel psycopg2-binary + ynh_exec_as $app $final_path/venv/bin/pip install --upgrade pyinventory=="$pyinventory_version" ) #================================================= @@ -238,6 +238,8 @@ ynh_script_progression --message="Reloading nginx web server..." ynh_systemd_action --service_name="nginx" --action="reload" - +#================================================= +# END OF SCRIPT +#================================================= ynh_script_progression --message="Installation of $app completed" --last diff --git a/scripts/upgrade b/scripts/upgrade index d244b34..2ab2f72 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -95,9 +95,9 @@ sudo chown -R "$app" "$final_path" set +o nounset source "${final_path}/venv/bin/activate" set -o nounset - sudo -u $app $final_path/venv/bin/pip install --upgrade pip - sudo -u $app $final_path/venv/bin/pip install --upgrade setuptools wheel psycopg2-binary - sudo -u $app $final_path/venv/bin/pip install --upgrade pyinventory=="$pyinventory_version" + ynh_exec_as $app $final_path/venv/bin/pip install --upgrade pip + ynh_exec_as $app $final_path/venv/bin/pip install --upgrade setuptools wheel psycopg2-binary + ynh_exec_as $app $final_path/venv/bin/pip install --upgrade pyinventory=="$pyinventory_version" ) #================================================= @@ -223,4 +223,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Upgrade of $app completed" --last \ No newline at end of file +ynh_script_progression --message="Upgrade of $app completed" --last From 874cf00deb4c1aa70b3756bfe2ccb5fe13aba60e Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 9 Dec 2020 17:54:22 +0100 Subject: [PATCH 5/7] Update upgrade --- scripts/upgrade | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/upgrade b/scripts/upgrade index 2ab2f72..3027177 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -88,7 +88,7 @@ ynh_add_systemd_config --service="$app" --template="pyinventory.service" ynh_script_progression --message="Install pyinventory using PIP..." --weight=15 virtualenv --python=python3 "${final_path}/venv" -sudo chown -R "$app" "$final_path" +chown -R "$app" "$final_path" #run source in a 'sub shell' ( From 70676e7fb3dcd0ac467a052ce7b520e064cac7c8 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 9 Dec 2020 17:58:19 +0100 Subject: [PATCH 6/7] Add description to service --- scripts/install | 2 +- scripts/restore | 2 +- scripts/upgrade | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/install b/scripts/install index 40f4a86..643ff90 100755 --- a/scripts/install +++ b/scripts/install @@ -191,7 +191,7 @@ ynh_use_logrotate "$log_file" #================================================= ynh_script_progression --message="Integrating service in YunoHost..." -yunohost service add "$app" --log="${log_file}" +yunohost service add $app --description="Web based management to catalog things" --log="${log_file}" #================================================= # GENERIC FINALIZATION diff --git a/scripts/restore b/scripts/restore index 23b36a9..1bbf501 100755 --- a/scripts/restore +++ b/scripts/restore @@ -102,7 +102,7 @@ systemctl enable $app.service --quiet #================================================= ynh_script_progression --message="Integrating service in YunoHost..." -yunohost service add "$app" --log="${log_file}" +yunohost service add $app --description="Web based management to catalog things" --log="${log_file}" #================================================= # RESTORE THE LOGROTATE CONFIGURATION diff --git a/scripts/upgrade b/scripts/upgrade index 3027177..afec6bf 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -180,7 +180,7 @@ ynh_use_logrotate --non-append #================================================= ynh_script_progression --message="Integrating service in YunoHost..." -yunohost service add "$app" --log="${log_file}" +yunohost service add $app --description="Web based management to catalog things" --log="${log_file}" #================================================= # GENERIC FINALIZATION From 9cc0952612cee8789b945cfe183d7414d2cabbaf Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 9 Dec 2020 17:59:17 +0100 Subject: [PATCH 7/7] Set new permissions --- scripts/install | 9 +++++---- scripts/upgrade | 12 ------------ 2 files changed, 5 insertions(+), 16 deletions(-) diff --git a/scripts/install b/scripts/install index 643ff90..3b8bf00 100755 --- a/scripts/install +++ b/scripts/install @@ -217,11 +217,12 @@ ynh_add_systemd_config --service="$app" --template="pyinventory.service" #================================================= ynh_script_progression --message="Configuring SSOwat..." -# Make app public if necessary -if [ "$is_public" -eq 1 ] +# Make app public if necessary or protect it +if [ $is_public -eq 1 ] then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set --app="$app" --key=unprotected_uris --value="/" + # Everyone can access the app. + # The "main" permission is automatically created before the install script. + ynh_permission_update --permission "main" --add "visitors" fi #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index afec6bf..3e53e98 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -193,18 +193,6 @@ chown -R "$app" "$log_path" chown -R "$app" "$public_path" chown -R "$app" "$final_path" -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Upgrading SSOwat configuration..." - -# Make app public if necessary -if [ "$is_public" -eq 1 ] -then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set --app="$app" --key=unprotected_uris --value="/" -fi - #================================================= # Start pyinventory via systemd #=================================================