From 9c772c67ab381828d3cc175c24c24d41dd503b92 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 18 Dec 2021 20:24:47 +0100 Subject: [PATCH 01/18] Move app data directory to /home/yunohost.app --- conf/config.xml | 16 ++++++++++++++++ conf/systemd.service | 2 +- scripts/backup | 7 +++++++ scripts/change_url | 10 +++++++++- scripts/install | 40 +++++++++++++++++++++++++--------------- scripts/remove | 9 +++++++++ scripts/restore | 25 ++++++++++++++++--------- scripts/upgrade | 20 ++++++++++++++++---- 8 files changed, 99 insertions(+), 30 deletions(-) create mode 100644 conf/config.xml diff --git a/conf/config.xml b/conf/config.xml new file mode 100644 index 0000000..93d4be9 --- /dev/null +++ b/conf/config.xml @@ -0,0 +1,16 @@ + + info + 127.0.0.1 + False + + __PORT__ + __PATH__ + __API_KEY__ + None + BuiltIn + master + __PORT__ + False + + False + diff --git a/conf/systemd.service b/conf/systemd.service index c928967..7eadf74 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -7,7 +7,7 @@ Type=simple User=__APP__ Group=__APP__ WorkingDirectory=__FINALPATH__/ -ExecStart=__FINALPATH__/Radarr -nobrowser -data=__FINALPATH__/.data +ExecStart=__FINALPATH__/Radarr -nobrowser -data=__DATA_PATH__ TimeoutStopSec=20 KillMode=process diff --git a/scripts/backup b/scripts/backup index 0670178..8555a32 100755 --- a/scripts/backup +++ b/scripts/backup @@ -29,6 +29,7 @@ ynh_print_info --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME final_path=$(ynh_app_setting_get --app=$app --key=final_path) +data_path=$(ynh_app_setting_get --app=$app --key=data_path) domain=$(ynh_app_setting_get --app=$app --key=domain) #================================================= @@ -47,6 +48,12 @@ ynh_print_info --message="Declaring files to be backed up..." ynh_backup --src_path="$final_path" +#================================================= +# BACKUP THE APP DATA DIR +#================================================= + +ynh_backup --src_path="$data_path" + #================================================= # BACKUP THE NGINX CONFIGURATION #================================================= diff --git a/scripts/change_url b/scripts/change_url index 1339e40..e13bc6e 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -28,7 +28,9 @@ ynh_script_progression --message="Loading installation settings..." --time --wei # Needed for helper "ynh_add_nginx_config" final_path=$(ynh_app_setting_get --app=$app --key=final_path) +data_path=$(ynh_app_setting_get --app=$app --key=data_path) port=$(ynh_app_setting_get --app=$app --key=port) +api_key=$(ynh_app_setting_get --app=$app --key=api_key) #================================================= # BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP @@ -104,9 +106,15 @@ fi #================================================= # SPECIFIC MODIFICATIONS #================================================= -# ... +# UPDATE CONFIGURATION FILE #================================================= +ynh_exec_warn_less 'ynh_add_config --template="../conf/config.xml" --destination="$data_path/config.xml"' + +chmod 750 "$data_path/config.xml" +chmod o-rwx "$data_path/config.xml" +chown $app "$data_path/config.xml" + #================================================= # GENERIC FINALISATION #================================================= diff --git a/scripts/install b/scripts/install index e8f9e19..b4066b2 100755 --- a/scripts/install +++ b/scripts/install @@ -35,8 +35,11 @@ app=$YNH_APP_INSTANCE_NAME #================================================= ynh_script_progression --message="Validating installation parameters..." --weight=1 -final_path=/opt/yunohost.app/$app -test ! -e "$final_path" || ynh_die --message="This path already contains a folder" +final_path=/opt/yunohost/$app +test ! -e "$final_path" || ynh_die --message="Installation path ($final_path) already exists" + +data_path=/home/yunohost.app/$app +test ! -e "$data_path" || ynh_die --message="Data directory ($data_path) already exists" # Register (book) web path ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url @@ -87,10 +90,8 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" --source_id="app.$architecture" -mkdir -p "$final_path/.data/logs" -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:$app "$final_path" +ynh_app_setting_set --app=$app --key=data_path --value=$data_path +mkdir -p "$data_path/logs" #================================================= # NGINX CONFIGURATION @@ -115,14 +116,23 @@ ynh_add_systemd_config #================================================= ynh_script_progression --message="Configuring Radarr..." --weight=2 -# Start a systemd service -ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Starting Web Server" -# Start a systemd service -ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" +api_key=$(ynh_string_random --length=32) +ynh_app_setting_set --app=$app --key=api_key --value=$api_key -ynh_replace_string --match_string="7878" --replace_string="$port" --target_file="$final_path/.data/config.xml" -ynh_replace_string --match_string="" --replace_string="$path_url" --target_file="$final_path/.data/config.xml" -ynh_replace_string --match_string="\*" --replace_string="127.0.0.1" --target_file="$final_path/.data/config.xml" +ynh_add_config --template="../conf/config.xml" --destination="$data_path/config.xml" + +#================================================= +# SETUP FILE PERMISSIONS +#================================================= +ynh_script_progression --message="Setting files permissions and ownership..." --weight=1 + +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app: "$final_path" + +chmod 750 "$data_path" +chmod -R o-rwx "$data_path" +chown -R $app: "$data_path" #================================================= # YUNOHOST MULTIMEDIA INTEGRATION @@ -143,14 +153,14 @@ ynh_script_progression --message="Configuring log rotation..." --weight=1 # Use logrotate to manage application logfile(s) ynh_use_logrotate -ynh_use_logrotate --logfile="$final_path/.data/logs" +ynh_use_logrotate --logfile="$data_path/logs" #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 -yunohost service add $app --description="Radarr daemon" --log="$final_path/.data/logs/radarr.txt" +yunohost service add $app --description="Radarr daemon" --log="$data_path/logs/radarr.txt" #================================================= # START SYSTEMD SERVICE diff --git a/scripts/remove b/scripts/remove index 6a5a83e..582f1c6 100755 --- a/scripts/remove +++ b/scripts/remove @@ -19,6 +19,7 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) port=$(ynh_app_setting_get --app=$app --key=port) final_path=$(ynh_app_setting_get --app=$app --key=final_path) +data_path=$(ynh_app_setting_get --app=$app --key=data_path) #================================================= # STANDARD REMOVE @@ -57,6 +58,14 @@ ynh_script_progression --message="Removing app main directory..." --weight=1 # Remove the app directory securely ynh_secure_remove --file="$final_path" +#================================================= +# REMOVE APP DATA DIR +#================================================= +ynh_script_progression --message="Removing app data directory..." --weight=1 + +# Remove the app directory securely +ynh_secure_remove --file="$data_path" + #================================================= # REMOVE NGINX CONFIGURATION #================================================= diff --git a/scripts/restore b/scripts/restore index 16de336..668ce1e 100755 --- a/scripts/restore +++ b/scripts/restore @@ -31,17 +31,19 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) +data_path=$(ynh_app_setting_get --app=$app --key=data_path) #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= ynh_script_progression --message="Validating restoration parameters..." --weight=1 -ynh_webpath_available --domain=$domain --path_url=$path_url \ - || ynh_die --message="Path not available: ${domain}${path_url}" test ! -d $final_path \ || ynh_die --message="There is already a directory: $final_path " +test ! -d $data_path \ + || ynh_die --message="There is already a directory: $data_path " + #================================================= # STANDARD RESTORATION STEPS #================================================= @@ -66,16 +68,21 @@ ynh_script_progression --message="Restoring the app main directory..." --weight= ynh_restore_file --origin_path="$final_path" -# FIXME: this should be managed by the core in the future -# Here, as a packager, you may have to tweak the ownerhsip/permissions -# such that the appropriate users (e.g. maybe www-data) can access -# files in some cases. -# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder - -# this will be treated as a security issue. chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:$app "$final_path" +#================================================= +# RESTORE THE APP DATA DIR +#================================================= +ynh_script_progression --message="Restoring the app data directory..." --weight=2 + +ynh_restore_file --origin_path="$data_path" + +chmod 750 "$data_path" +chmod -R o-rwx "$data_path" +chown -R $app: "$data_path" + #================================================= # YUNOHOST MULTIMEDIA INTEGRATION #================================================= @@ -109,7 +116,7 @@ systemctl enable $app.service --quiet #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 -yunohost service add $app --description="Radarr daemon" --log="$final_path/.data/logs/radarr.txt" +yunohost service add $app --description="Radarr daemon" --log="$data_path/logs/radarr.txt" #================================================= # START SYSTEMD SERVICE diff --git a/scripts/upgrade b/scripts/upgrade index b78dc2a..a206022 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -21,6 +21,7 @@ path_url=$(ynh_app_setting_get --app=$app --key=path) admin=$(ynh_app_setting_get --app=$app --key=admin) port=$(ynh_app_setting_get --app=$app --key=port) final_path=$(ynh_app_setting_get --app=$app --key=final_path) +data_path=$(ynh_app_setting_get --app=$app --key=data_path) #================================================= # CHECK VERSION @@ -67,6 +68,13 @@ if ! ynh_permission_exists --permission="api"; then ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true" fi +# Move data directory if needed +if [ -z "$data_path" ]; then + data_path=/home/yunohost.app/$app + ynh_app_setting_set --app=$app --key=data_path --value=$data_path + mv "$final_path/.data" "/home/yunohost.app/$app" +fi + #================================================= # CREATE DEDICATED USER #================================================= @@ -89,10 +97,14 @@ then ynh_setup_source --dest_dir="$final_path" --source_id="app.$architecture" fi -mkdir -p "$final_path/.data/logs" chmod 750 "$final_path" chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" +chown -R $app: "$final_path" + +mkdir -p "$data_path/logs" +chmod 750 "$data_path" +chmod -R o-rwx "$data_path" +chown -R $app: "$data_path" #================================================= # NGINX CONFIGURATION @@ -128,14 +140,14 @@ ynh_script_progression --message="Upgrading logrotate configuration..." --weight # Use logrotate to manage app-specific logfile(s) ynh_use_logrotate --non-append -ynh_use_logrotate --non-append --logfile="$final_path/.data/logs" +ynh_use_logrotate --non-append --logfile="$data_path/logs" #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 -yunohost service add $app --description="Radarr daemon" --log="$final_path/.data/logs/radarr.txt" +yunohost service add $app --description="Radarr daemon" --log="$data_path/logs/radarr.txt" #================================================= # START SYSTEMD SERVICE From a9508a1d8dc9b7f157f6b7ae07bc4f6e1c93c5e6 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 18 Dec 2021 20:27:02 +0100 Subject: [PATCH 02/18] Remove --time flags in change_url --- scripts/change_url | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/scripts/change_url b/scripts/change_url index e13bc6e..2ff1576 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -24,7 +24,7 @@ app=$YNH_APP_INSTANCE_NAME #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --time --weight=1 +ynh_script_progression --message="Loading installation settings..." --weight=1 # Needed for helper "ynh_add_nginx_config" final_path=$(ynh_app_setting_get --app=$app --key=final_path) @@ -35,7 +35,7 @@ api_key=$(ynh_app_setting_get --app=$app --key=api_key) #================================================= # BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP #================================================= -ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --time --weight=1 +ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --weight=3 # Backup the current version of the app ynh_backup_before_upgrade @@ -70,14 +70,14 @@ fi #================================================= # STOP SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Stopping a systemd service..." --time --weight=1 +ynh_script_progression --message="Stopping a systemd service..." --weight=1 ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" #================================================= # MODIFY URL IN NGINX CONF #================================================= -ynh_script_progression --message="Updating NGINX web server configuration..." --time --weight=1 +ynh_script_progression --message="Updating NGINX web server configuration..." --weight=1 nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf @@ -120,14 +120,14 @@ chown $app "$data_path/config.xml" #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --time --weight=1 +ynh_script_progression --message="Starting a systemd service..." --weight=2 -ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Starting Web Server" +ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Starting Web Server" --timeout=30 #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading NGINX web server..." --time --weight=1 +ynh_script_progression --message="Reloading NGINX web server..." --weight=1 ynh_systemd_action --service_name=nginx --action=reload @@ -135,4 +135,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Change of URL completed for $app" --time --last +ynh_script_progression --message="Change of URL completed for $app" --last From 3a60c08ca1e1b9a34fa4ab4888395af514889c14 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 18 Dec 2021 20:29:14 +0100 Subject: [PATCH 03/18] Add timeout to service start commands --- scripts/install | 2 +- scripts/restore | 2 +- scripts/upgrade | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/install b/scripts/install index b4066b2..d6afdad 100755 --- a/scripts/install +++ b/scripts/install @@ -168,7 +168,7 @@ yunohost service add $app --description="Radarr daemon" --log="$data_path/logs/r ynh_script_progression --message="Starting a systemd service..." --weight=2 # Start a systemd service -ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Starting Web Server" +ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Starting Web Server" --timeout=30 #================================================= # SETUP SSOWAT diff --git a/scripts/restore b/scripts/restore index 668ce1e..a1729f5 100755 --- a/scripts/restore +++ b/scripts/restore @@ -123,7 +123,7 @@ yunohost service add $app --description="Radarr daemon" --log="$data_path/logs/r #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=2 -ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Starting Web Server" +ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Starting Web Server" --timeout=30 #================================================= # RESTORE THE LOGROTATE CONFIGURATION diff --git a/scripts/upgrade b/scripts/upgrade index a206022..eee93d9 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -154,7 +154,7 @@ yunohost service add $app --description="Radarr daemon" --log="$data_path/logs/r #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=2 -ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" +ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Starting Web Server" --timeout=30 #================================================= # RELOAD NGINX From 63f0e5c960d62c1e9d22a35dde6fb7ef0504a812 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 18 Dec 2021 20:35:32 +0100 Subject: [PATCH 04/18] Bump package version --- check_process | 7 +++++-- manifest.json | 2 +- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/check_process b/check_process index 513b501..40e68ea 100644 --- a/check_process +++ b/check_process @@ -8,7 +8,6 @@ domain="domain.tld" path="/path" admin="john" - port="666" ; Checks pkg_linter=1 setup_sub_dir=1 @@ -19,6 +18,7 @@ upgrade=1 #upgrade=1 from_commit=CommitHash upgrade=1 from_commit=164fa2341225bc8ce7671d0f70cc696ed8ab58a7 + upgrade=1 from_commit=35c7ebe40c8893321c39570608ac0deacc9407c0 backup_restore=1 multi_instance=1 port_already_use=0 @@ -29,4 +29,7 @@ Notification=none ;;; Upgrade options ; commit=164fa2341225bc8ce7671d0f70cc696ed8ab58a7 name=2021-06-03 v3.2.0.5048 - manifest_arg=domain=DOMAIN&path=PATH&admin=USER&port=666& + manifest_arg=domain=DOMAIN&path=PATH&admin=USER& + ; commit=35c7ebe40c8893321c39570608ac0deacc9407c0 + name=2021-06-13 3.2.2.5080~ynh1 + manifest_arg=domain=DOMAIN&path=PATH&admin=USER& diff --git a/manifest.json b/manifest.json index aa95954..6771d09 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "A movie collection manager for Usenet and BitTorrent users.", "fr": "Un gestionnaire de filmothèque pour utilisateurs de Usenet et BitTorrent." }, - "version": "3.2.2.5080~ynh1", + "version": "3.2.2.5080~ynh2", "url": "https://radarr.video", "upstream": { "license": "GPL-3.0-only", From ea3b77a877d5ff38a0e913e1ae85139a373cb04b Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 18 Dec 2021 21:11:22 +0100 Subject: [PATCH 05/18] Appease linter --- conf/nginx.conf | 5 ----- manifest.json | 14 ++++++-------- 2 files changed, 6 insertions(+), 13 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 1331f6f..b374ab5 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,11 +1,6 @@ #sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; location __PATH__ { - # Force usage of https - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; - } - proxy_pass http://127.0.0.1:__PORT____PATH__; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; diff --git a/manifest.json b/manifest.json index 6771d09..8888052 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "A movie collection manager for Usenet and BitTorrent users.", "fr": "Un gestionnaire de filmothèque pour utilisateurs de Usenet et BitTorrent." }, - "version": "3.2.2.5080~ynh2", + "version": "3.2.2.5080~ynh3", "url": "https://radarr.video", "upstream": { "license": "GPL-3.0-only", @@ -20,7 +20,7 @@ "email": "tituspijean@outlook.com" }, "requirements": { - "yunohost": ">= 4.2" + "yunohost": ">= 4.3" }, "multi_instance": true, "services": [ @@ -32,19 +32,17 @@ "install" : [ { "name": "domain", - "type": "domain", - "example": "example.com" + "type": "domain" }, { "name": "path", "type": "path", - "example": "/radarr", - "default": "/radarr" + "default": "/radarr", + "example": "/radarr" }, { "name": "admin", - "type": "user", - "example": "johndoe" + "type": "user" } ] } From 47a53db46dd35e8539cc83e320e590a7790e5acf Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 18 Dec 2021 21:24:26 +0100 Subject: [PATCH 06/18] Implement systemd secure commands --- conf/systemd.service | 30 ++++++++++++++++++++++++++++++ 1 file changed, 30 insertions(+) diff --git a/conf/systemd.service b/conf/systemd.service index 7eadf74..24f0d6d 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -13,5 +13,35 @@ TimeoutStopSec=20 KillMode=process Restart=always +# Sandboxing options to harden security +# Depending on specificities of your service/app, you may need to tweak these +# .. but this should be a good baseline +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG + [Install] WantedBy=multi-user.target From 6bb6e3e1729d07d6c922926f6a46f92529c48742 Mon Sep 17 00:00:00 2001 From: Yunohost-Bot <> Date: Sat, 18 Dec 2021 20:27:59 +0000 Subject: [PATCH 07/18] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 03fd693..c3eb6e6 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in A movie collection manager for Usenet and BitTorrent users. -**Shipped version:** 3.2.2.5080~ynh1 +**Shipped version:** 3.2.2.5080~ynh3 diff --git a/README_fr.md b/README_fr.md index a985260..85ef1db 100644 --- a/README_fr.md +++ b/README_fr.md @@ -13,7 +13,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour Un gestionnaire de filmothèque pour utilisateurs de Usenet et BitTorrent. -**Version incluse :** 3.2.2.5080~ynh1 +**Version incluse :** 3.2.2.5080~ynh3 From 8fb163278cdc7354be994b6d54a82d3b4f9987c6 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 18 Dec 2021 21:39:43 +0100 Subject: [PATCH 08/18] Implement auto-updater --- .github/workflows/updater.sh | 136 ++++++++++++++++++++++++++++++++++ .github/workflows/updater.yml | 50 +++++++++++++ conf/app.src.default | 7 -- scripts/update_version.sh | 76 ------------------- 4 files changed, 186 insertions(+), 83 deletions(-) create mode 100644 .github/workflows/updater.sh create mode 100644 .github/workflows/updater.yml delete mode 100644 conf/app.src.default delete mode 100755 scripts/update_version.sh diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh new file mode 100644 index 0000000..4b1818b --- /dev/null +++ b/.github/workflows/updater.sh @@ -0,0 +1,136 @@ +#!/bin/bash + +#================================================= +# PACKAGE UPDATING HELPER +#================================================= + +# This script is meant to be run by GitHub Actions +# The YunoHost-Apps organisation offers a template Action to run this script periodically +# Since each app is different, maintainers can adapt its contents so as to perform +# automatic actions when a new upstream release is detected. + +#================================================= +# FETCHING LATEST RELEASE AND ITS ASSETS +#================================================= + +# Fetching information +current_version=$(cat manifest.json | jq -j '.version|split("~")[0]') +repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]') +# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions) +version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1) +assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'")) + +# Later down the script, we assume the version has only digits and dots +# Sometimes the release name starts with a "v", so let's filter it out. +# You may need more tweaks here if the upstream repository has different naming conventions. +if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then + version=${version:1} +fi + +# Setting up the environment variables +echo "Current version: $current_version" +echo "Latest release from upstream: $version" +echo "VERSION=$version" >> $GITHUB_ENV +# For the time being, let's assume the script will fail +echo "PROCEED=false" >> $GITHUB_ENV + +# Proceed only if the retrieved version is greater than the current one +if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then + echo "::warning ::No new version available" + exit 0 +# Proceed only if a PR for this new version does not already exist +elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then + echo "::warning ::A branch already exists for this update" + exit 0 +fi + +# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.) +echo "${#assets[@]} available asset(s)" + +#================================================= +# UPDATE SOURCE FILES +#================================================= + +# Here we use the $assets variable to get the resources published in the upstream release. +# Here is an example for Grav, it has to be adapted in accordance with how the upstream releases look like. + +# Let's loop over the array of assets URLs +for asset_url in ${assets[@]}; do + +echo "Handling asset at $asset_url" + +# Assign the asset to a source file in conf/ directory +# Here we base the source file name upon a unique keyword in the assets url (admin vs. update) +# Leave $src empty to ignore the asset +case $asset_url in + *"linux-core-arm"*) + src="app.arm" + ;; + *"linux-core-arm64"*) + src="app.arm64" + ;; + *"linux-core-x64"*) + src="app.x64" + ;; + *) + src="" + ;; +esac + +# If $src is not empty, let's process the asset +if [ ! -z "$src" ]; then + +# Create the temporary directory +tempdir="$(mktemp -d)" + +# Download sources and calculate checksum +filename=${asset_url##*/} +curl --silent -4 -L $asset_url -o "$tempdir/$filename" +checksum=$(sha256sum "$tempdir/$filename" | head -c 64) + +# Delete temporary directory +rm -rf $tempdir + +# Get extension +if [[ $filename == *.tar.gz ]]; then + extension=tar.gz +else + extension=${filename##*.} +fi + +# Rewrite source file +cat < conf/$src.src +SOURCE_URL=$asset_url +SOURCE_SUM=$checksum +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=$extension +SOURCE_IN_SUBDIR=true +EOT +echo "... conf/$src.src updated" + +else +echo "... asset ignored" +fi + +done + +#================================================= +# SPECIFIC UPDATE STEPS +#================================================= + +# Any action on the app's source code can be done. +# The GitHub Action workflow takes care of committing all changes after this script ends. + +#================================================= +# GENERIC FINALIZATION +#================================================= + +# Replace new version in manifest +echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json + +# No need to update the README, yunohost-bot takes care of it + +# The Action will proceed only if the PROCEED environment variable is set to true +echo "PROCEED=true" >> $GITHUB_ENV +exit 0 + diff --git a/.github/workflows/updater.yml b/.github/workflows/updater.yml new file mode 100644 index 0000000..6fe6d72 --- /dev/null +++ b/.github/workflows/updater.yml @@ -0,0 +1,50 @@ +# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected. +# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization. +# This file should be enough by itself, but feel free to tune it to your needs. +# It calls updater.sh, which is where you should put the app-specific update steps. +name: Check for new upstream releases +on: + # Allow to manually trigger the workflow + workflow_dispatch: + # Run it every day at 6:00 UTC + schedule: + - cron: '0 6 * * *' +jobs: + updater: + runs-on: ubuntu-latest + steps: + - name: Fetch the source code + uses: actions/checkout@v2 + with: + token: ${{ secrets.GITHUB_TOKEN }} + - name: Run the updater script + id: run_updater + run: | + # Setting up Git user + git config --global user.name 'yunohost-bot' + git config --global user.email 'yunohost-bot@users.noreply.github.com' + # Run the updater script + /bin/bash .github/workflows/updater.sh + - name: Commit changes + id: commit + if: ${{ env.PROCEED == 'true' }} + run: | + git commit -am "Upgrade to v$VERSION" + - name: Create Pull Request + id: cpr + if: ${{ env.PROCEED == 'true' }} + uses: peter-evans/create-pull-request@v3 + with: + token: ${{ secrets.GITHUB_TOKEN }} + commit-message: Update to version ${{ env.VERSION }} + committer: 'yunohost-bot ' + author: 'yunohost-bot ' + signoff: false + branch: ci-auto-update-v${{ env.VERSION }} + base: testing + delete-branch: true + title: 'Upgrade to version ${{ env.VERSION }}' + body: | + Upgrade to v${{ env.VERSION }} + draft: false + diff --git a/conf/app.src.default b/conf/app.src.default deleted file mode 100644 index eb18573..0000000 --- a/conf/app.src.default +++ /dev/null @@ -1,7 +0,0 @@ -SOURCE_URL=https://github.com/Radarr/Radarr/releases/download/v__VERSION__/Radarr.master.__VERSION__.linux-core-__ARCHITECTURE__.tar.gz -SOURCE_SUM=__CHECKSUM__ -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_IN_SUBDIR=true -SOURCE_EXTRACT=true -SOURCE_FILENAME=sonarr.tar.gz diff --git a/scripts/update_version.sh b/scripts/update_version.sh deleted file mode 100755 index 2d0143a..0000000 --- a/scripts/update_version.sh +++ /dev/null @@ -1,76 +0,0 @@ -#!/bin/bash - -source _common.sh -source /usr/share/yunohost/helpers - -#================================================= -# META HELPER FOR PACKAGE RELEASES -#================================================= - -# This script is meant to be manually run by the app packagers -# to automatically update the source files. -# Edit version numbers in _common.sh before running the script. - -prepare_source () { - # Declare an array to define the options of this helper. - local legacy_args=tda - local -A args_array=( [t]=template= [d]=destination= [a]=architecture= ) - local template - local destination - local architecture - # Manage arguments with getopts - ynh_handle_getopts_args "$@" - local template_path - - if [ -f "../conf/$template" ]; then - template_path="../conf/$template" - elif [ -f "../settings/conf/$template" ]; then - template_path="../settings/conf/$template" - elif [ -f "$template" ]; then - template_path=$template - else - ynh_die --message="The provided template $template doesn't exist" - fi - - cp "$template_path" "$destination" - - checksum="__CHECKSUM__" - ynh_replace_vars --file="$destination" - - local filename - local checksum - local url - - # Create the temporary directory - tempdir="$(mktemp -d)" - - url=$(grep "SOURCE_URL=" "$destination" | cut -d "=" -f 2) - echo $url - filename=${url##*/} - echo $filename - curl -s -4 -L $url -o "$tempdir/$filename" - checksum=$(sha256sum "$tempdir/$filename" | head -c 64) - - ynh_secure_remove $tempdir - - ynh_replace_vars --file="$destination" - - echo "$destination updated" -} - -for architecture in "${supported_architectures[@]}"; do - prepare_source --template="../conf/app.src.default" --destination="../conf/app.$architecture.src" --architecture="$architecture" -done - -sed -i "s# \"version\": \".*# \"version\": \"${version}\~ynh1\",#" ../manifest.json - -# TODO: Run README generator - -git add . - -message="Upgrade to v$version" -if [ "$message" == "$(git show -s --format=%s)" ]; then - git commit _common.sh ../manifest.json ../conf/app.*.src --amend -m "$message" -else - git commit _common.sh ../manifest.json ../conf/app.*.src -m "$message" -fi From c2cfaf9c70e3e2b43e7ed0879072a475607ec65d Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 18 Dec 2021 22:24:05 +0100 Subject: [PATCH 09/18] Fix change_url --- scripts/change_url | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/change_url b/scripts/change_url index 2ff1576..0a5fd03 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -89,8 +89,11 @@ then # Set global variables for NGINX helper domain="$old_domain" path_url="$new_path" + path="$new_path" # Create a dedicated NGINX config ynh_add_nginx_config +else + path="$old_path" fi # Change the domain for NGINX From 6a0597b87020f0179fdc5958df8f0bf83764e6d2 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 18 Dec 2021 23:21:35 +0100 Subject: [PATCH 10/18] Disable internal updater --- conf/config.xml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/conf/config.xml b/conf/config.xml index 93d4be9..e9e4e49 100644 --- a/conf/config.xml +++ b/conf/config.xml @@ -7,8 +7,8 @@ __PATH__ __API_KEY__ None - BuiltIn - master + External + develop __PORT__ False From b752fee1b1df83fa5fa3dd2016051f4778300f7d Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 18 Dec 2021 23:21:54 +0100 Subject: [PATCH 11/18] Bump package version --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index 8888052..c7e73aa 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "A movie collection manager for Usenet and BitTorrent users.", "fr": "Un gestionnaire de filmothèque pour utilisateurs de Usenet et BitTorrent." }, - "version": "3.2.2.5080~ynh3", + "version": "3.2.2.5080~ynh4", "url": "https://radarr.video", "upstream": { "license": "GPL-3.0-only", From 4aaf60fe3d6f558eb0f3d19ee860a6541dc76573 Mon Sep 17 00:00:00 2001 From: Yunohost-Bot <> Date: Sat, 18 Dec 2021 22:22:02 +0000 Subject: [PATCH 12/18] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c3eb6e6..f8531f0 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in A movie collection manager for Usenet and BitTorrent users. -**Shipped version:** 3.2.2.5080~ynh3 +**Shipped version:** 3.2.2.5080~ynh4 diff --git a/README_fr.md b/README_fr.md index 85ef1db..386f47a 100644 --- a/README_fr.md +++ b/README_fr.md @@ -13,7 +13,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour Un gestionnaire de filmothèque pour utilisateurs de Usenet et BitTorrent. -**Version incluse :** 3.2.2.5080~ynh3 +**Version incluse :** 3.2.2.5080~ynh4 From a4c722fd08e10f8e1af15253ce90d593c9252178 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 18 Dec 2021 23:47:19 +0100 Subject: [PATCH 13/18] Update config.xml in upgrade --- scripts/upgrade | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/scripts/upgrade b/scripts/upgrade index eee93d9..8e93e0c 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -22,6 +22,7 @@ admin=$(ynh_app_setting_get --app=$app --key=admin) port=$(ynh_app_setting_get --app=$app --key=port) final_path=$(ynh_app_setting_get --app=$app --key=final_path) data_path=$(ynh_app_setting_get --app=$app --key=data_path) +api_key=$(ynh_app_setting_get --app=$app --key=api_key) #================================================= # CHECK VERSION @@ -131,6 +132,13 @@ ynh_script_progression --message="Upgrading systemd configuration..." --weight=1 # Create a dedicated systemd config ynh_add_systemd_config +#================================================= +# UPDATE A CONFIG FILE +#================================================= +ynh_script_progression --message="Updating the configuration file.." --weight=1 + +ynh_add_config --template="../conf/config.xml" --destination="$data_path/config.xml" + #================================================= # GENERIC FINALIZATION #================================================= From 222a836c6d0de4d4c37214e8ea3660479a6b69a0 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 18 Dec 2021 23:47:40 +0100 Subject: [PATCH 14/18] Bump package version --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index c7e73aa..5e7b520 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "A movie collection manager for Usenet and BitTorrent users.", "fr": "Un gestionnaire de filmothèque pour utilisateurs de Usenet et BitTorrent." }, - "version": "3.2.2.5080~ynh4", + "version": "3.2.2.5080~ynh5", "url": "https://radarr.video", "upstream": { "license": "GPL-3.0-only", From 71cc77be4dc708f36eacab246b933979fa8dca3a Mon Sep 17 00:00:00 2001 From: Yunohost-Bot <> Date: Sat, 18 Dec 2021 22:48:06 +0000 Subject: [PATCH 15/18] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f8531f0..43a56cc 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in A movie collection manager for Usenet and BitTorrent users. -**Shipped version:** 3.2.2.5080~ynh4 +**Shipped version:** 3.2.2.5080~ynh5 diff --git a/README_fr.md b/README_fr.md index 386f47a..c2f196b 100644 --- a/README_fr.md +++ b/README_fr.md @@ -13,7 +13,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour Un gestionnaire de filmothèque pour utilisateurs de Usenet et BitTorrent. -**Version incluse :** 3.2.2.5080~ynh4 +**Version incluse :** 3.2.2.5080~ynh5 From f6abd27c8e35f0f5f8046e6e186f0b03f4c61235 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 18 Dec 2021 23:54:46 +0100 Subject: [PATCH 16/18] Update config.xml in upgrade and fix its permissions --- scripts/install | 3 +++ scripts/restore | 3 +++ scripts/upgrade | 3 +++ 3 files changed, 9 insertions(+) diff --git a/scripts/install b/scripts/install index d6afdad..f98125a 100755 --- a/scripts/install +++ b/scripts/install @@ -134,6 +134,9 @@ chmod 750 "$data_path" chmod -R o-rwx "$data_path" chown -R $app: "$data_path" +chmod 400 "$data_path/config.xml" +chown $app:$app "$data_path/config.xml" + #================================================= # YUNOHOST MULTIMEDIA INTEGRATION #================================================= diff --git a/scripts/restore b/scripts/restore index a1729f5..4ae52d8 100755 --- a/scripts/restore +++ b/scripts/restore @@ -83,6 +83,9 @@ chmod 750 "$data_path" chmod -R o-rwx "$data_path" chown -R $app: "$data_path" +chmod 400 "$data_path/config.xml" +chown $app:$app "$data_path/config.xml" + #================================================= # YUNOHOST MULTIMEDIA INTEGRATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 8e93e0c..0f99ae4 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -139,6 +139,9 @@ ynh_script_progression --message="Updating the configuration file.." --weight=1 ynh_add_config --template="../conf/config.xml" --destination="$data_path/config.xml" +chmod 400 "$data_path/config.xml" +chown $app:$app "$data_path/config.xml" + #================================================= # GENERIC FINALIZATION #================================================= From 68926687635e151dffb0036ed305c4a208a7ff11 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 18 Dec 2021 23:55:15 +0100 Subject: [PATCH 17/18] Bump package version --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index 5e7b520..8f2608c 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "A movie collection manager for Usenet and BitTorrent users.", "fr": "Un gestionnaire de filmothèque pour utilisateurs de Usenet et BitTorrent." }, - "version": "3.2.2.5080~ynh5", + "version": "3.2.2.5080~ynh6", "url": "https://radarr.video", "upstream": { "license": "GPL-3.0-only", From 14a16d5192b2682052cbc860f97d8c01feab4e1d Mon Sep 17 00:00:00 2001 From: Yunohost-Bot <> Date: Sat, 18 Dec 2021 22:55:23 +0000 Subject: [PATCH 18/18] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 43a56cc..4ab76e4 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in A movie collection manager for Usenet and BitTorrent users. -**Shipped version:** 3.2.2.5080~ynh5 +**Shipped version:** 3.2.2.5080~ynh6 diff --git a/README_fr.md b/README_fr.md index c2f196b..a023e31 100644 --- a/README_fr.md +++ b/README_fr.md @@ -13,7 +13,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour Un gestionnaire de filmothèque pour utilisateurs de Usenet et BitTorrent. -**Version incluse :** 3.2.2.5080~ynh5 +**Version incluse :** 3.2.2.5080~ynh6