Upgrade to v3

2024-09-03 20:16:14 +02:00 · 2022-11-22 13:40:41 +01:00 · 2022-11-22 13:40:41 +01:00 · 11e6a7dfe1
commit 11e6a7dfe1
parent b68799a448
20 changed files with 378 additions and 535 deletions
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@ -1,26 +1,35 @@
 #sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
 # location __PATH__/ {
 # 	try_files $uri @radicale;
 # }
 # 
 # location @radicale {
 # 	uwsgi_pass unix:///run/uwsgi/app/radicale/socket;
 # 	include uwsgi_params;
 # 	uwsgi_param  QUERY_STRING       $query_string;
 # 	uwsgi_param  REQUEST_METHOD     $request_method;
 # 	uwsgi_param  CONTENT_TYPE       $content_type;
 # 	uwsgi_param  CONTENT_LENGTH     $content_length;
 # 
 # 	uwsgi_param  REQUEST_URI        $request_uri;
 # 	uwsgi_param  PATH_INFO          $document_uri;
 # 	uwsgi_param  DOCUMENT_ROOT      $document_root;
 # 	uwsgi_param  SERVER_PROTOCOL    $server_protocol;
 # 	uwsgi_param  HTTPS              $https if_not_empty;
 # 
 # 	uwsgi_param  REMOTE_ADDR        $remote_addr;
 # 	uwsgi_param  REMOTE_PORT        $remote_port;
 # 	uwsgi_param  SERVER_PORT        $server_port;
 # 	uwsgi_param  SERVER_NAME        $server_name;
 # }
 location __PATH__/ {
-	try_files $uri @radicale;
+    proxy_pass           http://localhost:__PORT__/;
-}
+    proxy_set_header     X-Script-Name __PATH__;
    proxy_set_header     X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header     Host $http_host;
-location @radicale {
+    proxy_set_header     X-Remote-User $remote_user;
-	uwsgi_pass unix:///run/uwsgi/app/radicale/socket;
+#     proxy_pass_header Authorization;
 	include uwsgi_params;
 	uwsgi_param  QUERY_STRING       $query_string;
 	uwsgi_param  REQUEST_METHOD     $request_method;
 	uwsgi_param  CONTENT_TYPE       $content_type;
 	uwsgi_param  CONTENT_LENGTH     $content_length;
 	uwsgi_param  REQUEST_URI        $request_uri;
 	uwsgi_param  PATH_INFO          $document_uri;
 	uwsgi_param  DOCUMENT_ROOT      $document_root;
 	uwsgi_param  SERVER_PROTOCOL    $server_protocol;
 	uwsgi_param  HTTPS              $https if_not_empty;
 	uwsgi_param  REMOTE_ADDR        $remote_addr;
 	uwsgi_param  REMOTE_PORT        $remote_port;
 	uwsgi_param  SERVER_PORT        $server_port;
 	uwsgi_param  SERVER_NAME        $server_name;
 }
 #INFCLOUD#location __PATH__/infcloud {
--- a/conf/radicale.ini
+++ b/conf/radicale.ini
@ -1,24 +0,0 @@
 [uwsgi]
 # Who will run the code
 uid = radicale
 gid = radicale
 # Number of workers
 workers = 4
 # The right granted on the created socket
 chmod-socket = 666
 # Plugin to use and interpretor config
 single-interpreter = true
 master = true
 plugin = python
 # Application base folder
 base = /opt/yunohost/radicale
 # Virtualenv and python path
 virtualenv = /opt/yunohost/radicale
 pythonpath = /opt/yunohost/radicale
 chdir= /var/www/radicale
 wsgi-file=/var/www/radicale/radicale.wsgi
--- a/conf/radicale.wsgi
+++ b/conf/radicale.wsgi
@ -1,29 +0,0 @@
 #!/usr/bin/env python
 # -*- coding: utf-8 -*-
 #
 # This file is part of Radicale Server - Calendar Server
 # Copyright © 2011-2013 Guillaume Ayoub
 #
 # This library is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This library is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with Radicale.  If not, see <http://www.gnu.org/licenses/>.
 """
 Radicale WSGI file (mod_wsgi and uWSGI compliant).
 """
 import radicale
 radicale.log.start()
 application = radicale.Application()
--- a/conf/systemd.service
+++ b/conf/systemd.service
@ -0,0 +1,24 @@
 [Unit]
 Description=A simple CalDAV (calendar) and CardDAV (contact) server
 After=network.target
 Requires=network.target
 [Service]
 ExecStart=/opt/yunohost/__APP__/bin/python3 -m radicale
 Restart=on-failure
 User=radicale
 # Deny other users access to the calendar data
 UMask=0027
 # Optional security settings
 PrivateTmp=true
 ProtectSystem=strict
 ProtectHome=true
 PrivateDevices=true
 ProtectKernelTunables=true
 ProtectKernelModules=true
 ProtectControlGroups=true
 NoNewPrivileges=true
 ReadWritePaths=__FINALPATH__/collections /var/log/__APP__
 [Install]
 WantedBy=multi-user.target
--- a/hooks/post_user_create
+++ b/hooks/post_user_create
@ -1,7 +0,0 @@
 #!/bin/bash
 user=$1
 final_path=__FINALPATH__
 sudo cp -a $final_path/default_collections/USER $final_path/collections/$user
 sudo cp -a $final_path/default_collections/USER.props $final_path/collections/$user.props
--- a/hooks/post_user_delete
+++ b/hooks/post_user_delete
@ -1,6 +0,0 @@
 #!/bin/bash
 user=$1
 final_path=__FINALPATH__
 sudo rm -r $final_path/collections/$user
--- a/manifest.json
+++ b/manifest.json
@ -6,7 +6,7 @@
 		"en": "CalDAV (calendar) and CardDAV (contact) synchronization server",
 		"fr": "Serveur de synchronisation CalDAV et CardDAV"
 	},
-	"version": "1.1.6~ynh6",
+	"version": "3.1.8~ynh1",
 	"url": "http://radicale.org",
    "upstream": {
        "license": "GPL-3.0,AGPL-3.0",
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@ -6,7 +6,9 @@
 YNH_PHP_VERSION="7.3"
-pkg_dependencies="python-pip python-virtualenv virtualenv python-dev libldap2-dev libsasl2-dev libssl-dev uwsgi uwsgi-plugin-python"
+# pkg_dependencies="python-pip python-virtualenv virtualenv python-dev libldap2-dev libsasl2-dev libssl-dev uwsgi uwsgi-plugin-python"
 pkg_dependencies="python3-pip python3-virtualenv virtualenv python3-dev libldap2-dev libsasl2-dev libssl-dev bcrypt apache2-utils"
 # bcrypt and apache2-utils are used in replacement of ldap...
 #=================================================
 # BOOLEAN CONVERTER
--- a/scripts/backup
+++ b/scripts/backup
@ -71,7 +71,12 @@ ynh_backup --src_path="/etc/logrotate.d/$app"
 # BACKUP SYSTEMD
 #=================================================
 if [ -e "/etc/uwsgi/apps-available/radicale.ini" ]
 then
    ynh_backup --src_path="/etc/uwsgi/apps-available/radicale.ini"
 else
    ynh_backup --src_path="/etc/systemd/system/$app.service"
 fi
 #=================================================
 # BACKUP VARIOUS FILES
--- a/scripts/change_url
+++ b/scripts/change_url
@ -28,6 +28,7 @@ ynh_script_progression --message="Loading installation settings..."
 # Needed for helper "ynh_add_nginx_config"
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 port=$(ynh_app_setting_get --app=$app --key=port)
 infcloud=$(ynh_app_setting_get --app=$app --key=infcloud)
@ -83,6 +84,11 @@ ynh_script_progression --message="Updating NGINX web server configuration..."
 nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
 # If path_url contains infcloud, remove it
 if [[ "$path_url" =~ "/infcloud" ]]; then
    path_url="${path_url%/*}"
 fi
 # Change the path in the NGINX config file
 if [ $change_path -eq 1 ]
 then
@ -110,26 +116,11 @@ fi
 #=================================================
 # MODIFY CONFIG FILES
 #=================================================
 ynh_replace_string --match_string="^base_prefix = $old_path.*" --replace_string="base_prefix = ${new_path%/}/" --target_file="/etc/$app/config"
 if [ $infcloud -eq 1 ]; then
 	ynh_replace_string --match_string="href: 'https://$old_domain$old_path'," --replace_string="href: 'https://$new_domain${new_path%/}/'," --target_file="$final_path/infcloud/config.js"
 fi
 #=================================================
 # UPDATE SSOWAT
 #=================================================
 if [ $infcloud -eq 1 ]
 then
 	ynh_script_progression --message="Reconfigure SSOwat"
 	# Add /infcloud to the path of radicale to access it from the portal
 	echo "sudo yunohost --verbose app setting $app path -v \"${new_path%/}/infcloud\"; sudo yunohost app ssowatconf" | at now + 1 min >&2
 	domain_regex=$(echo "$new_domain" | sed 's@-@.@g')
 	# Radicale is always accessible (For access to ressources)
 	ynh_app_setting_set --app=$app --key=skipped_regex --value="$domain_regex$new_path"
 fi
 #=================================================
 # GENERIC FINALISATION
 #=================================================
@ -138,7 +129,7 @@ fi
 ynh_script_progression --message="Starting a systemd service..."
 # Start a systemd service
-ynh_systemd_action --service_name=uwsgi --action="restart"
+ynh_systemd_action --service_name=$app --action="restart"
 #=================================================
 # RELOAD NGINX
--- a/scripts/install
+++ b/scripts/install
@ -33,6 +33,7 @@ app=$YNH_APP_INSTANCE_NAME
 # Retrieve the version number in the manifest file.
 version=$(ynh_app_upstream_version)
 ynh_print_warn $version
 #=================================================
 # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
@ -56,15 +57,24 @@ ynh_app_setting_set --app=$app --key=admin --value=$admin
 ynh_app_setting_set --app=$app --key=infcloud --value=$infcloud
 ynh_app_setting_set --app=$app --key=version --value=$version
 ynh_app_setting_set --app=$app --key=overwrite_logging --value="1"
 ynh_app_setting_set --app=$app --key=overwrite_config --value="1"
 ynh_app_setting_set --app=$app --key=overwrite_infcloud --value="1"
 ynh_app_setting_set --app=$app --key=overwrite_nginx --value="1"
 ynh_app_setting_set --app=$app --key=overwrite_systemd --value="1"
 ynh_app_setting_set --app=$app --key=overwrite_phpfpm --value="1"
 ynh_app_setting_set --app=$app --key=admin_mail_html --value="1"
 #=================================================
 # STANDARD MODIFICATIONS
 #=================================================
 # FIND AND OPEN A PORT
 #=================================================
 ynh_script_progression --message="Configuring firewall..."
 # Find a free port
 port=$(ynh_find_port --port=5232)
 ynh_app_setting_set --app=$app --key=port --value=$port
 #=================================================
 # INSTALL DEPENDENCIES
 #=================================================
@ -89,26 +99,15 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path
 # Create the directory and set the path in the config
 mkdir -p "$final_path/collections"
 # Copy files to the right place
 cp ../conf/radicale.wsgi $final_path
 # Copy extra files
 cp -a ../sources/extra_files_radicale/. "$final_path"
 if [ $infcloud -eq 1 ]
 then
    # Download and uncompress the source into final_path
    ynh_setup_source --dest_dir="$final_path/infcloud"
 fi
-chmod 750 "$final_path"
+chmod 750 -R "$final_path"
 chmod -R o-rwx "$final_path"
 chown -R $app:www-data "$final_path"
 # Set default permissions as radicale do.
 chmod 666 -R $final_path/default_collections
 chmod 777 $final_path/default_collections $final_path/default_collections/USER
 #=================================================
 # NGINX CONFIGURATION
 #=================================================
@ -145,14 +144,23 @@ fi
 ynh_script_progression --message="Install Radicale in a virtualenv"
 # Init virtualenv
-virtualenv /opt/yunohost/$app
+virtualenv -p python3 /opt/yunohost/$app
-version=$(ynh_app_setting_get --app=$app --key=version)
+version=$(ynh_app_upstream_version)
-/opt/yunohost/$app/bin/pip install radicale==$version python-ldap
+ynh_app_setting_set --app=$app --key=version --value="$version"
 /opt/yunohost/$app/bin/python3 -m pip install radicale==$version passlib bcrypt
-# regex.py file is patched to fix the awful commit e807c3d35bea9cfcfcacac83b1b17d748ea15a39 that stop the reading of "rights" file after the first match.
+# Add LDAP plugin
-mv "$final_path/regex.py" /opt/yunohost/$app/lib/python*/site-packages/radicale/rights/regex.py
+# (cd /opt/yunohost/$app
 # set +u; source bin/activate
 # # git clone https://github.com/marcoh00/radicale-auth-ldap
 # git clone https://github.com/cloudron-io/radicale-auth-ldap
 # cd radicale-auth-ldap
 # python3 -m pip install .)
 # Use htpasswd instead of ldap
 touch /etc/radicale/users
 # sudo htpasswd -B -c /etc/radicale/users username
 # useradd radicale -d /opt/yunohost/$app
 chown radicale: -R /opt/yunohost/$app
 find /opt/yunohost/$app/ -type d -exec chmod 2755 {} \;
@ -167,8 +175,6 @@ mkdir -p /etc/$app
 ynh_add_config --template="../conf/config" --destination="/etc/$app/config"
 ynh_add_config --template="../conf/logging" --destination="/etc/$app/logging"
 ynh_add_config --template="../conf/rights" --destination="/etc/$app/rights"
 chmod 755 /etc/$app/
@ -218,34 +224,15 @@ then
    chown $app:www-data "$final_path/infcloud/config.js"
 fi
 #=================================================
 # GENERATE CALENDARS AND ADDRESS BOOKS FOR ALL USERS
 #=================================================
 ynh_script_progression --message="Generate calendars and address books for all users"
 # Create default calendars and address books for each users
 while read user
 do
 		cp -a $final_path/default_collections/USER $final_path/collections/$user
 		cp -a $final_path/default_collections/USER.props $final_path/collections/$user.props
 # List all users and remove the space after username
 done <<< "$(yunohost user list | grep username | cut -d ":" -f 2 | cut -c 2-)"
 #=================================================
 # PREPARE THE HOOKS
 #=================================================
 # Modify the hooks for create user collections and to remove them.
 ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="../hooks/post_user_create"
 ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="../hooks/post_user_delete"
 #=================================================
 # SETUP SYSTEMD
 #=================================================
 ynh_script_progression --message="Configuring a systemd service..."
-cp ../conf/radicale.ini /etc/uwsgi/apps-available/
+ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../conf/systemd.service"
-ln -s /etc/uwsgi/apps-available/radicale.ini /etc/uwsgi/apps-enabled/
+ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="../conf/systemd.service"
 # Create a dedicated systemd config
 ynh_add_systemd_config
 #=================================================
 # GENERIC FINALIZATION
@ -266,7 +253,7 @@ ynh_use_logrotate
 #=================================================
 ynh_script_progression --message="Integrating service in YunoHost..."
-yunohost service add $app --log="/var/log/uwsgi/app/radicale.log"
+yunohost service add $app --log="/var/log/$app"
 #=================================================
 # START SYSTEMD SERVICE
@ -274,7 +261,7 @@ yunohost service add $app --log="/var/log/uwsgi/app/radicale.log"
 ynh_script_progression --message="Starting a systemd service..."
 # Start a systemd service
-ynh_systemd_action --service_name=uwsgi --action="restart"
+ynh_systemd_action --service_name=$app --action="restart"
 #=================================================
 # SETUP SSOWAT
@ -283,19 +270,9 @@ ynh_script_progression --message="Configuring permissions..."
 if [ $infcloud -eq 1 ]
 then
-	# Add /infcloud to the path of radicale to access it from the portal
+    ynh_permission_create --permission="infcloud" --url="${path_url%/}/infcloud" --allowed="$admin" --show_tile=true
 	# Replace radicale by InfCloud into YunoHost portal
 	ynh_app_setting_set --app=$app --key=path --value="${path_url%/}/infcloud"
 	# Protect InfCloud access
 	ynh_app_setting_set --app=$app --key=protected_uris --value="/"
 	domain_regex=$(echo "$domain" | sed 's@-@.@g')
 	# Radicale is always accessible (For access to ressources)
 	ynh_app_setting_set --app=$app --key=skipped_regex --value="$domain_regex$path_url"
 else
 	# If only radicale is installed
 	# Radicale is always accessible (For access to ressources)
 	ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
 fi
 ynh_permission_update --permission="main" --add="visitors" --show_tile=false
 #=================================================
 # RELOAD NGINX
@ -321,7 +298,6 @@ else
 fi
 echo "Use the file /etc/radicale/config to change the main configuration of radicale.
 The file /etc/radicale/logging to change the level of logging.
 And the file /etc/radicale/rights to edit the way the calendars will be shared.
 $infcloud_config
 You can configure this app easily by using the experimental __URL_TAG1__config-panel feature__URL_TAG2__$admin_panel/config-panel__URL_TAG3__.
--- a/scripts/remove
+++ b/scripts/remove
@ -37,15 +37,7 @@ fi
 #=================================================
 ynh_script_progression --message="Stopping and removing the systemd service..."
-# Delete uwsgi configuration
+ynh_remove_systemd_config
 if [ -h "/etc/uwsgi/apps-enabled/radicale.ini" ]; then
 	echo "Delete uwsgi config"
 	ynh_secure_remove --file="/etc/uwsgi/apps-enabled/radicale.ini"
 fi
 ynh_secure_remove --file="/etc/uwsgi/apps-available/radicale.ini"
 ynh_systemd_action --action="restart" --service_name=uwsgi
 #=================================================
 # REMOVE LOGROTATE CONFIGURATION
--- a/scripts/restore
+++ b/scripts/restore
@ -118,8 +118,16 @@ ynh_restore_file --origin_path="/etc/$app/"
 #=================================================
 ynh_script_progression --message="Restoring the systemd configuration..."
 # if ynh_compare_current_package_version --comparison le --version 1.1.6~ynh6
 version=$(ynh_app_upstream_version)
 if [ $version == 1.1.6 ]
 then
    ynh_restore_file --origin_path="/etc/uwsgi/apps-available/radicale.ini"
    ln -s /etc/uwsgi/apps-available/radicale.ini /etc/uwsgi/apps-enabled/
 else
    ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
    systemctl enable $app.service
 fi
 #=================================================
 # RESTORE THE LOGROTATE CONFIGURATION
@ -137,14 +145,14 @@ ynh_restore_file --origin_path="/etc/logrotate.d/$app"
 #=================================================
 ynh_script_progression --message="Integrating service in YunoHost..."
-yunohost service add $app --log="/var/log/uwsgi/app/radicale.log"
+yunohost service add $app --log="/var/log/$app"
 #=================================================
 # START SYSTEMD SERVICE
 #=================================================
 ynh_script_progression --message="Starting a systemd service..."
-ynh_systemd_action --service_name=uwsgi --action=restart
+ynh_systemd_action --service_name=$app --action="restart"
 #=================================================
 # GENERIC FINALIZATION
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -21,12 +21,13 @@ path_url=$(ynh_app_setting_get --app=$app --key=path)
 language=$(ynh_app_setting_get --app=$app --key=language)
 admin=$(ynh_app_setting_get --app=$app --key=admin)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 port=$(ynh_app_setting_get --app=$app --key=port)
 infcloud=$(ynh_app_setting_get --app=$app --key=infcloud)
 version=$(ynh_app_setting_get --app=$app --key=version)
 overwrite_logging=$(ynh_app_setting_get --app=$app --key=overwrite_logging)
 overwrite_config=$(ynh_app_setting_get --app=$app --key=overwrite_config)
 overwrite_infcloud=$(ynh_app_setting_get --app=$app --key=overwrite_infcloud)
 overwrite_nginx=$(ynh_app_setting_get --app=$app --key=overwrite_nginx)
 overwrite_systemd=$(ynh_app_setting_get --app=$app --key=overwrite_systemd)
 overwrite_phpfpm=$(ynh_app_setting_get --app=$app --key=overwrite_phpfpm)
 # Optional parameters from config-panel feature
@ -81,13 +82,6 @@ then
    mv /usr/local/radicale /opt/yunohost/
 fi
 if [ -z "$version" ]
 then
 	# Retrieve the version number in the manifest file.
 	version=$(ynh_app_upstream_version)
 	ynh_app_setting_set --app=$app --key=version --value="$version"
 fi
 # Fix infcloud as a boolean
 if [ "$infcloud" = "Yes" ]; then
    ynh_app_setting_set --app=$app --key=infcloud --value=1
@ -97,12 +91,6 @@ elif [ "$infcloud" = "No" ]; then
    infcloud=0
 fi
 # If overwrite_logging doesn't exist, create it
 if [ -z "$overwrite_logging" ]; then
 	overwrite_logging=1
 	ynh_app_setting_set --app=$app --key=overwrite_logging --value=$overwrite_logging
 fi
 # If overwrite_config doesn't exist, create it
 if [ -z "$overwrite_config" ]; then
    overwrite_config=1
@ -121,6 +109,12 @@ if [ -z "$overwrite_nginx" ]; then
    ynh_app_setting_set --app=$app --key=overwrite_nginx --value=$overwrite_nginx
 fi
 # If overwrite_systemd doesn't exist, create it
 if [ -z "$overwrite_systemd" ]; then
    overwrite_systemd=1
    ynh_app_setting_set --app=$app --key=overwrite_systemd --value=$overwrite_systemd
 fi
 # If overwrite_phpfpm doesn't exist, create it
 if [ -z "$overwrite_phpfpm" ]; then
    overwrite_phpfpm=1
@ -134,6 +128,62 @@ if ynh_legacy_permissions_exists; then
    ynh_app_setting_delete --app=$app --key=is_public
 fi
 # If path_url still contains infcloud, then radicale_path doesn't exist
 if [[ "$path_url" =~ "/infcloud" ]]; then
    path_url="${path_url%/*}"
    ynh_app_setting_set --app=$app --key=path --value=$path_url
 fi
 # Migrate to v2
 if ynh_compare_current_package_version --comparison le --version 1.1.6~ynh6
 then
    ynh_print_warn --message="Migration to radicale v2+..."
    # Force nginx upgrade
    overwrite_nginx=1
    # Force systemd upgrade
    overwrite_systemd=1
    # Force config upgrade
    overwrite_config=1
    # Migrate collections to v2 format
    # Init a new temporary virtualenv
    virtualenv -p python3 /opt/yunohost/radicale_v1_temp
    # Install a v1 version
    /opt/yunohost/radicale_v1_temp/bin/pip install radicale==1.1.* python-ldap
    # Force the migration of calendars
    if ! ynh_exec_warn /opt/yunohost/radicale_v1_temp/bin/python3 -m radicale --export-storage "$final_path/collections_new"
    then
        # Clean up if it fails to prevent further failures
        ynh_secure_remove --file="/opt/yunohost/radicale_v1_temp"
        ynh_secure_remove --file="$final_path/collections_new"
    fi
    # Backup the old collection
    mv "$final_path/collections" "$final_path/collections_v1"
    # And replace by the new one
    mv "$final_path/collections_new" "$final_path/collections"
    # Find a free port
    port=$(ynh_find_port --port=5232)
    ynh_app_setting_set --app=$app --key=port --value=$port
    ## Cleanup...
    ynh_secure_remove --file="$final_path/default_collections"
    ynh_secure_remove --file="$final_path/collections.props"
    # Remove the temporary virtualenv
    ynh_secure_remove --file="/opt/yunohost/radicale_v1_temp"
    # Remove uwsgi config
    ynh_secure_remove --file="$final_path/radicale.wsgi"
    ynh_secure_remove --file="/etc/uwsgi/apps-enabled/radicale.ini"
    ynh_secure_remove --file="/etc/uwsgi/apps-available/radicale.ini"
    ynh_systemd_action --service_name=uwsgi --action="restart"
    # Set permissions
    if [ $infcloud -eq 1 ]
    then
        ynh_permission_create --permission="infcloud" --url="${path_url%/}/infcloud" --allowed="$admin" --show_tile=true
    fi
    ynh_permission_update --permission="main" --add="visitors" --show_tile=false
 fi
 #=================================================
 # CREATE DEDICATED USER
 #=================================================
@ -153,12 +203,6 @@ then
    # Copy files to the right place
    mkdir -p $final_path/collections
 	# Copy files to the right place
 	cp ../conf/radicale.wsgi $final_path
 	# Copy extra files
 	cp -a ../sources/extra_files_radicale/. "$final_path"
    if [ $infcloud -eq 1 ]
    then
        # Download and uncompress the source into final_path
@ -166,13 +210,9 @@ then
    fi
 fi
-chmod 750 "$final_path"
+chmod 750 -R "$final_path"
 chmod -R o-rwx "$final_path"
 chown -R $app:www-data "$final_path"
 chmod 666 -R $final_path/default_collections
 chmod 777 $final_path/default_collections $final_path/default_collections/USER
 #=================================================
 # NGINX CONFIGURATION
 #=================================================
@ -228,15 +268,25 @@ then
    ynh_script_progression --message="Upgrade Radicale in its virtualenv"
    # Upgrade pip packages
    ynh_secure_remove --file="/opt/yunohost/$app"
-	virtualenv /opt/yunohost/$app
+    virtualenv -p python3 /opt/yunohost/$app
-	version=$(ynh_app_setting_get $app version $version)
+    version=$(ynh_app_upstream_version)
-	bash -c "source /opt/yunohost/radicale/bin/activate && pip install radicale==$version python-ldap"
+    ynh_app_setting_set --app=$app --key=version --value="$version"
    /opt/yunohost/$app/bin/python3 -m pip install radicale==$version passlib bcrypt
-	# regex.py file is patched to fix the awful commit e807c3d35bea9cfcfcacac83b1b17d748ea15a39 that stop the reading of "rights" file after the first match.
+    # Add LDAP plugin
-	mv "$final_path/regex.py" /opt/yunohost/$app/lib/python*/site-packages/radicale/rights/regex.py
+#     (cd /opt/yunohost/$app
 #     set +u; source bin/activate
 # #     git clone https://github.com/marcoh00/radicale-auth-ldap
 #     git clone https://github.com/cloudron-io/radicale-auth-ldap
 #     cd radicale-auth-ldap
 #     python3 -m pip install .)
    # Use htpasswd instead of ldap
    touch /etc/radicale/users
 fi
 chown radicale: -R /opt/yunohost/$app
 find /opt/yunohost/$app/ -type d -exec chmod 2755 {} \;
 find /opt/yunohost/$app/ -type f -exec chmod g+r,o+r {} \;
@ -245,12 +295,6 @@ find /opt/yunohost/$app/ -type f -exec chmod g+r,o+r {} \;
 #=================================================
 ynh_script_progression --message="Reconfigure Radicale"
 # Overwrite the logging config file only if it's allowed
 if [ $overwrite_logging -eq 1 ]
 then
 	ynh_add_config --template="../conf/logging" --destination="/etc/$app/logging"
 fi
 # Overwrite the config file only if it's allowed
 if [ $overwrite_config -eq 1 ]
 then
@ -329,20 +373,6 @@ then
    fi
 fi
 #=================================================
 # CONFIGURE UWSGI FOR RADICALE
 #=================================================
 cp ../conf/radicale.ini /etc/uwsgi/apps-available/
 #=================================================
 # PREPARE THE HOOKS
 #=================================================
 # Modify the hooks for create user collections and to remove them.
 ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="../hooks/post_user_create"
 ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="../hooks/post_user_delete"
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
@ -357,19 +387,33 @@ chown radicale -R /var/log/$app
 # Use logrotate to manage app-specific logfile(s)
 ynh_use_logrotate --non-append
 #=================================================
 # SETUP SYSTEMD
 #=================================================
 ynh_script_progression --message="Upgrading systemd configuration..." --weight=2
 # Overwrite the systemd configuration only if it's allowed
 if [ $overwrite_systemd -eq 1 ]
 then
    ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../conf/systemd.service"
    ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="../conf/systemd.service"
    ynh_add_systemd_config
 fi
 #=================================================
 # INTEGRATE SERVICE IN YUNOHOST
 #=================================================
 ynh_script_progression --message="Integrating service in YunoHost..."
-yunohost service add $app --log="/var/log/uwsgi/app/radicale.log"
+yunohost service add $app --log="/var/log/$app"
 #=================================================
 # START SYSTEMD SERVICE
 #=================================================
 ynh_script_progression --message="Starting a systemd service..."
-ynh_systemd_action --service_name=uwsgi --action="restart"
+# ynh_systemd_action --service_name=uwsgi --action="restart"
 ynh_systemd_action --service_name=$app --action="restart"
 #=================================================
 # RELOAD NGINX
@ -405,7 +449,6 @@ else
 fi
 echo "Use the file /etc/radicale/config to change the main configuration of radicale.
 The file /etc/radicale/logging to change the level of logging.
 And the file /etc/radicale/rights to edit the way the calendars will be shared.
 $infcloud_config
 You can configure this app easily by using the experimental __URL_TAG1__config-panel feature__URL_TAG2__$admin_panel/config-panel__URL_TAG3__.
--- a/sources/extra_files_radicale/default_collections/USER.props
+++ b/sources/extra_files_radicale/default_collections/USER.props
@ -1 +0,0 @@
 {"ICAL:calendar-color": "#3353fe", "tag": "VCALENDAR"}
--- a/sources/extra_files_radicale/default_collections/USER/calendar.ics
+++ b/sources/extra_files_radicale/default_collections/USER/calendar.ics
@ -1,4 +0,0 @@
 BEGIN:VCALENDAR
 PRODID:-//Radicale//NONSGML Radicale Server//EN
 VERSION:2.0
 END:VCALENDAR
--- a/sources/extra_files_radicale/default_collections/USER/calendar.ics.props
+++ b/sources/extra_files_radicale/default_collections/USER/calendar.ics.props
@ -1 +0,0 @@
 {"ICAL:calendar-color": "#b5036d", "tag": "VCALENDAR"}
--- a/sources/extra_files_radicale/default_collections/USER/contacts.vcf
+++ b/sources/extra_files_radicale/default_collections/USER/contacts.vcf
--- a/sources/extra_files_radicale/default_collections/USER/contacts.vcf.props
+++ b/sources/extra_files_radicale/default_collections/USER/contacts.vcf.props
@ -1 +0,0 @@
 {"tag": "VADDRESSBOOK"}
--- a/sources/extra_files_radicale/regex.py
+++ b/sources/extra_files_radicale/regex.py
@ -1,134 +0,0 @@
 # -*- coding: utf-8 -*-
 #
 # This file is part of Radicale Server - Calendar Server
 # Copyright © 2008 Nicolas Kandel
 # Copyright © 2008 Pascal Halter
 # Copyright © 2008-2013 Guillaume Ayoub
 #
 # This library is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
 #
 # This library is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
 #
 # You should have received a copy of the GNU General Public License
 # along with Radicale.  If not, see <http://www.gnu.org/licenses/>.
 """
 Rights management.
 Rights are based on a regex-based file whose name is specified in the config
 (section "right", key "file").
 Authentication login is matched against the "user" key, and collection's path
 is matched against the "collection" key. You can use Python's ConfigParser
 interpolation values %(login)s and %(path)s. You can also get groups from the
 user regex in the collection with {0}, {1}, etc.
 For example, for the "user" key, ".+" means "authenticated user" and ".*"
 means "anybody" (including anonymous users).
 Section names are only used for naming the rule.
 Leading or ending slashes are trimmed from collection's path.
 """
 import re
 import sys
 import os.path
 from .. import config, log
 # Manage Python2/3 different modules
 if sys.version_info[0] == 2:
    from ConfigParser import ConfigParser
    from StringIO import StringIO
 else:
    from configparser import ConfigParser
    from io import StringIO
 DEFINED_RIGHTS = {
    "authenticated": """
 [rw]
 user:.+
 collection:.*
 permission:rw
    """,
    "owner_write": """
 [w]
 user:.+
 collection:^%(login)s(/.*)?$
 permission:rw
 [r]
 user:.+
 collection:.*
 permission:r
    """,
    "owner_only": """
 [rw]
 user:.+
 collection:^%(login)s(/.*)?$
 permission:rw
    """}
 def _read_from_sections(user, collection_url, permission):
    """Get regex sections."""
    filename = os.path.expanduser(config.get("rights", "file"))
    rights_type = config.get("rights", "type").lower()
    # Prevent "regex injection"
    user_escaped = re.escape(user)
    collection_url_escaped = re.escape(collection_url)
    regex = ConfigParser({"login": user_escaped, "path": collection_url_escaped})
    if rights_type in DEFINED_RIGHTS:
        log.LOGGER.debug("Rights type '%s'" % rights_type)
        regex.readfp(StringIO(DEFINED_RIGHTS[rights_type]))
    elif rights_type == "from_file":
        log.LOGGER.debug("Reading rights from file %s" % filename)
        if not regex.read(filename):
            log.LOGGER.error("File '%s' not found for rights" % filename)
            return False
    else:
        log.LOGGER.error("Unknown rights type '%s'" % rights_type)
        return False
    for section in regex.sections():
        re_user = regex.get(section, "user")
        re_collection = regex.get(section, "collection")
        log.LOGGER.debug(
            "Test if '%s:%s' matches against '%s:%s' from section '%s'" % (
                user, collection_url, re_user, re_collection, section))
        user_match = re.match(re_user, user)
        if user_match:
            re_collection = re_collection.format(*user_match.groups())
            if re.match(re_collection, collection_url):
                log.LOGGER.debug("Section '%s' matches" % section)
 #				Correction du commit https://github.com/Kozea/Radicale/commit/e807c3d35bea9cfcfcacac83b1b17d748ea15a39
 #				Ce commit force l'arrêt de l'analyse du fichier rights à la première règle valide.
                if permission in regex.get(section, "permission"):
                    return True
 #                return permission in regex.get(section, "permission")
            else:
                log.LOGGER.debug("Section '%s' does not match" % section)
    return False
 def authorized(user, collection, permission):
    """Check if the user is allowed to read or write the collection.
    If the user is empty, check for anonymous rights.
    """
    collection_url = collection.url.rstrip("/") or "/"
    if collection_url in (".well-known/carddav", ".well-known/caldav"):
        return permission == "r"
    rights_type = config.get("rights", "type").lower()
    return (
        rights_type == "none" or
        _read_from_sections(user or "", collection_url, permission))
		`@ -1 +0,0 @@`
			`{"ICAL:calendar-color": "#3353fe", "tag": "VCALENDAR"}`
		`@ -1 +0,0 @@`
			`{"ICAL:calendar-color": "#b5036d", "tag": "VCALENDAR"}`