YunoHost-Apps/radicale_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/radicale_ynh.git synced 2024-09-03 20:16:14 +02:00
Code Issues Activity Actions

Upgrade to v3

Browse source
This commit is contained in:
Maniack Crudelis 2022-11-22 13:40:41 +01:00
parent b68799a448
commit 11e6a7dfe1
20 changed files with 378 additions and 535 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

49
conf/nginx.conf
View file

@ -1,26 +1,35 @@
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
# location __PATH__/ {
# try_files $uri @radicale;
# }
#
# location @radicale {
# uwsgi_pass unix:///run/uwsgi/app/radicale/socket;
# include uwsgi_params;
# uwsgi_param QUERY_STRING $query_string;
# uwsgi_param REQUEST_METHOD $request_method;
# uwsgi_param CONTENT_TYPE $content_type;
# uwsgi_param CONTENT_LENGTH $content_length;
#
# uwsgi_param REQUEST_URI $request_uri;
# uwsgi_param PATH_INFO $document_uri;
# uwsgi_param DOCUMENT_ROOT $document_root;
# uwsgi_param SERVER_PROTOCOL $server_protocol;
# uwsgi_param HTTPS $https if_not_empty;
#
# uwsgi_param REMOTE_ADDR $remote_addr;
# uwsgi_param REMOTE_PORT $remote_port;
# uwsgi_param SERVER_PORT $server_port;
# uwsgi_param SERVER_NAME $server_name;
# }
location __PATH__/ {
try_files $uri @radicale;
}
proxy_pass http://localhost:__PORT__/;
proxy_set_header X-Script-Name __PATH__;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
location @radicale {
uwsgi_pass unix:///run/uwsgi/app/radicale/socket;
include uwsgi_params;
uwsgi_param QUERY_STRING $query_string;
uwsgi_param REQUEST_METHOD $request_method;
uwsgi_param CONTENT_TYPE $content_type;
uwsgi_param CONTENT_LENGTH $content_length;
uwsgi_param REQUEST_URI $request_uri;
uwsgi_param PATH_INFO $document_uri;
uwsgi_param DOCUMENT_ROOT $document_root;
uwsgi_param SERVER_PROTOCOL $server_protocol;
uwsgi_param HTTPS $https if_not_empty;
uwsgi_param REMOTE_ADDR $remote_addr;
uwsgi_param REMOTE_PORT $remote_port;
uwsgi_param SERVER_PORT $server_port;
uwsgi_param SERVER_NAME $server_name;
proxy_set_header X-Remote-User $remote_user;
# proxy_pass_header Authorization;
}
#INFCLOUD#location __PATH__/infcloud {

24
conf/radicale.ini
View file

@ -1,24 +0,0 @@
[uwsgi]
# Who will run the code
uid = radicale
gid = radicale
# Number of workers
workers = 4
# The right granted on the created socket
chmod-socket = 666
# Plugin to use and interpretor config
single-interpreter = true
master = true
plugin = python
# Application base folder
base = /opt/yunohost/radicale
# Virtualenv and python path
virtualenv = /opt/yunohost/radicale
pythonpath = /opt/yunohost/radicale
chdir= /var/www/radicale
wsgi-file=/var/www/radicale/radicale.wsgi

29
conf/radicale.wsgi
View file

@ -1,29 +0,0 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
# This file is part of Radicale Server - Calendar Server
# Copyright © 2011-2013 Guillaume Ayoub
#
# This library is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Radicale. If not, see <http://www.gnu.org/licenses/>.
"""
Radicale WSGI file (mod_wsgi and uWSGI compliant).
"""
import radicale
radicale.log.start()
application = radicale.Application()

24
conf/systemd.service Normal file
View file

@ -0,0 +1,24 @@
[Unit]
Description=A simple CalDAV (calendar) and CardDAV (contact) server
After=network.target
Requires=network.target
[Service]
ExecStart=/opt/yunohost/__APP__/bin/python3 -m radicale
Restart=on-failure
User=radicale
# Deny other users access to the calendar data
UMask=0027
# Optional security settings
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true
PrivateDevices=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
NoNewPrivileges=true
ReadWritePaths=__FINALPATH__/collections /var/log/__APP__
[Install]
WantedBy=multi-user.target

7
hooks/post_user_create
View file

@ -1,7 +0,0 @@
#!/bin/bash
user=$1
final_path=__FINALPATH__
sudo cp -a $final_path/default_collections/USER $final_path/collections/$user
sudo cp -a $final_path/default_collections/USER.props $final_path/collections/$user.props

6
hooks/post_user_delete
View file

@ -1,6 +0,0 @@
#!/bin/bash
user=$1
final_path=__FINALPATH__
sudo rm -r $final_path/collections/$user

2
manifest.json
View file

@ -6,7 +6,7 @@
"en": "CalDAV (calendar) and CardDAV (contact) synchronization server",
"fr": "Serveur de synchronisation CalDAV et CardDAV"
},
"version": "1.1.6~ynh6",
"version": "3.1.8~ynh1",
"url": "http://radicale.org",
"upstream": {
"license": "GPL-3.0,AGPL-3.0",

4
scripts/_common.sh
View file

@ -6,7 +6,9 @@
YNH_PHP_VERSION="7.3"
pkg_dependencies="python-pip python-virtualenv virtualenv python-dev libldap2-dev libsasl2-dev libssl-dev uwsgi uwsgi-plugin-python"
# pkg_dependencies="python-pip python-virtualenv virtualenv python-dev libldap2-dev libsasl2-dev libssl-dev uwsgi uwsgi-plugin-python"
pkg_dependencies="python3-pip python3-virtualenv virtualenv python3-dev libldap2-dev libsasl2-dev libssl-dev bcrypt apache2-utils"
# bcrypt and apache2-utils are used in replacement of ldap...
#=================================================
# BOOLEAN CONVERTER

7
scripts/backup
View file

@ -71,7 +71,12 @@ ynh_backup --src_path="/etc/logrotate.d/$app"
# BACKUP SYSTEMD
#=================================================
ynh_backup --src_path="/etc/uwsgi/apps-available/radicale.ini"
if [ -e "/etc/uwsgi/apps-available/radicale.ini" ]
then
ynh_backup --src_path="/etc/uwsgi/apps-available/radicale.ini"
else
ynh_backup --src_path="/etc/systemd/system/$app.service"
fi
#=================================================
# BACKUP VARIOUS FILES

23
scripts/change_url
View file

@ -28,6 +28,7 @@ ynh_script_progression --message="Loading installation settings..."
# Needed for helper "ynh_add_nginx_config"
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
port=$(ynh_app_setting_get --app=$app --key=port)
infcloud=$(ynh_app_setting_get --app=$app --key=infcloud)
@ -83,6 +84,11 @@ ynh_script_progression --message="Updating NGINX web server configuration..."
nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
# If path_url contains infcloud, remove it
if [[ "$path_url" =~ "/infcloud" ]]; then
path_url="${path_url%/*}"
fi
# Change the path in the NGINX config file
if [ $change_path -eq 1 ]
then
@ -110,26 +116,11 @@ fi
#=================================================
# MODIFY CONFIG FILES
#=================================================
ynh_replace_string --match_string="^base_prefix = $old_path.*" --replace_string="base_prefix = ${new_path%/}/" --target_file="/etc/$app/config"
if [ $infcloud -eq 1 ]; then
ynh_replace_string --match_string="href: 'https://$old_domain$old_path'," --replace_string="href: 'https://$new_domain${new_path%/}/'," --target_file="$final_path/infcloud/config.js"
fi
#=================================================
# UPDATE SSOWAT
#=================================================
if [ $infcloud -eq 1 ]
then
ynh_script_progression --message="Reconfigure SSOwat"
# Add /infcloud to the path of radicale to access it from the portal
echo "sudo yunohost --verbose app setting $app path -v \"${new_path%/}/infcloud\"; sudo yunohost app ssowatconf" | at now + 1 min >&2
domain_regex=$(echo "$new_domain" | sed 's@-@.@g')
# Radicale is always accessible (For access to ressources)
ynh_app_setting_set --app=$app --key=skipped_regex --value="$domain_regex$new_path"
fi
#=================================================
# GENERIC FINALISATION
#=================================================
@ -138,7 +129,7 @@ fi
ynh_script_progression --message="Starting a systemd service..."
# Start a systemd service
ynh_systemd_action --service_name=uwsgi --action="restart"
ynh_systemd_action --service_name=$app --action="restart"
#=================================================
# RELOAD NGINX

194
scripts/install
View file

@ -14,7 +14,7 @@ source /usr/share/yunohost/helpers
#=================================================
ynh_clean_setup () {
ynh_clean_check_starting
ynh_clean_check_starting
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
@ -33,6 +33,7 @@ app=$YNH_APP_INSTANCE_NAME
# Retrieve the version number in the manifest file.
version=$(ynh_app_upstream_version)
ynh_print_warn $version
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
@ -56,15 +57,24 @@ ynh_app_setting_set --app=$app --key=admin --value=$admin
ynh_app_setting_set --app=$app --key=infcloud --value=$infcloud
ynh_app_setting_set --app=$app --key=version --value=$version
ynh_app_setting_set --app=$app --key=overwrite_logging --value="1"
ynh_app_setting_set --app=$app --key=overwrite_config --value="1"
ynh_app_setting_set --app=$app --key=overwrite_infcloud --value="1"
ynh_app_setting_set --app=$app --key=overwrite_nginx --value="1"
ynh_app_setting_set --app=$app --key=overwrite_systemd --value="1"
ynh_app_setting_set --app=$app --key=overwrite_phpfpm --value="1"
ynh_app_setting_set --app=$app --key=admin_mail_html --value="1"
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# FIND AND OPEN A PORT
#=================================================
ynh_script_progression --message="Configuring firewall..."
# Find a free port
port=$(ynh_find_port --port=5232)
ynh_app_setting_set --app=$app --key=port --value=$port
#=================================================
# INSTALL DEPENDENCIES
#=================================================
@ -89,26 +99,15 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path
# Create the directory and set the path in the config
mkdir -p "$final_path/collections"
# Copy files to the right place
cp ../conf/radicale.wsgi $final_path
# Copy extra files
cp -a ../sources/extra_files_radicale/. "$final_path"
if [ $infcloud -eq 1 ]
then
# Download and uncompress the source into final_path
ynh_setup_source --dest_dir="$final_path/infcloud"
# Download and uncompress the source into final_path
ynh_setup_source --dest_dir="$final_path/infcloud"
fi
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chmod 750 -R "$final_path"
chown -R $app:www-data "$final_path"
# Set default permissions as radicale do.
chmod 666 -R $final_path/default_collections
chmod 777 $final_path/default_collections $final_path/default_collections/USER
#=================================================
# NGINX CONFIGURATION
#=================================================
@ -119,8 +118,8 @@ ynh_add_nginx_config
if [ $infcloud -eq 1 ]
then
# Add InfCloud in NGINX config
ynh_replace_string --match_string="#INFCLOUD#" --replace_string="" --target_file="/etc/nginx/conf.d/$domain.d/$app.conf"
# Add InfCloud in NGINX config
ynh_replace_string --match_string="#INFCLOUD#" --replace_string="" --target_file="/etc/nginx/conf.d/$domain.d/$app.conf"
fi
ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf"
@ -130,11 +129,11 @@ ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf"
if [ $infcloud -eq 1 ]
then
ynh_script_progression --message="Configuring PHP-FPM..."
ynh_script_progression --message="Configuring PHP-FPM..."
# Create a dedicated PHP-FPM config
ynh_add_fpm_config
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
# Create a dedicated PHP-FPM config
ynh_add_fpm_config
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
fi
#=================================================
@ -145,14 +144,23 @@ fi
ynh_script_progression --message="Install Radicale in a virtualenv"
# Init virtualenv
virtualenv /opt/yunohost/$app
version=$(ynh_app_setting_get --app=$app --key=version)
/opt/yunohost/$app/bin/pip install radicale==$version python-ldap
virtualenv -p python3 /opt/yunohost/$app
version=$(ynh_app_upstream_version)
ynh_app_setting_set --app=$app --key=version --value="$version"
/opt/yunohost/$app/bin/python3 -m pip install radicale==$version passlib bcrypt
# regex.py file is patched to fix the awful commit e807c3d35bea9cfcfcacac83b1b17d748ea15a39 that stop the reading of "rights" file after the first match.
mv "$final_path/regex.py" /opt/yunohost/$app/lib/python*/site-packages/radicale/rights/regex.py
# Add LDAP plugin
# (cd /opt/yunohost/$app
# set +u; source bin/activate
# # git clone https://github.com/marcoh00/radicale-auth-ldap
# git clone https://github.com/cloudron-io/radicale-auth-ldap
# cd radicale-auth-ldap
# python3 -m pip install .)
# Use htpasswd instead of ldap
touch /etc/radicale/users
# sudo htpasswd -B -c /etc/radicale/users username
# useradd radicale -d /opt/yunohost/$app
chown radicale: -R /opt/yunohost/$app
find /opt/yunohost/$app/ -type d -exec chmod 2755 {} \;
@ -167,8 +175,6 @@ mkdir -p /etc/$app
ynh_add_config --template="../conf/config" --destination="/etc/$app/config"
ynh_add_config --template="../conf/logging" --destination="/etc/$app/logging"
ynh_add_config --template="../conf/rights" --destination="/etc/$app/rights"
chmod 755 /etc/$app/
@ -176,76 +182,57 @@ chmod 644 /etc/$app/*
if [ $infcloud -eq 1 ]
then
# InfCloud configuration
# Set language
case "$language" in
"Czech") language="cs_CZ"
;;
"Danish") language="da_DK"
;;
"German") language="de_DE"
;;
"English/US") language="en_US"
;;
"Spanish") language="es_ES"
;;
"French") language="fr_FR"
;;
"Italian") language="it_IT"
;;
"Japan") language="ja_JP"
;;
"Hungarian") language="hu_HU"
;;
"Dutch") language="nl_NL"
;;
"Slovak") language="sk_SK"
;;
"Turkish") language="tr_TR"
;;
"Russian") language="ru_RU"
;;
"Ukrainian") language="uk_UA"
;;
"Chinese") language="zh_CN"
;;
esac
ynh_app_setting_set --app=$app --key=language --value=$language
timezone=$(cat /etc/timezone)
ynh_add_config --template="../conf/config.js" --destination="$final_path/infcloud/config.js"
# InfCloud configuration
# Set language
case "$language" in
"Czech") language="cs_CZ"
;;
"Danish") language="da_DK"
;;
"German") language="de_DE"
;;
"English/US") language="en_US"
;;
"Spanish") language="es_ES"
;;
"French") language="fr_FR"
;;
"Italian") language="it_IT"
;;
"Japan") language="ja_JP"
;;
"Hungarian") language="hu_HU"
;;
"Dutch") language="nl_NL"
;;
"Slovak") language="sk_SK"
;;
"Turkish") language="tr_TR"
;;
"Russian") language="ru_RU"
;;
"Ukrainian") language="uk_UA"
;;
"Chinese") language="zh_CN"
;;
esac
ynh_app_setting_set --app=$app --key=language --value=$language
timezone=$(cat /etc/timezone)
ynh_add_config --template="../conf/config.js" --destination="$final_path/infcloud/config.js"
chmod 440 "$final_path/infcloud/config.js"
chown $app:www-data "$final_path/infcloud/config.js"
chmod 440 "$final_path/infcloud/config.js"
chown $app:www-data "$final_path/infcloud/config.js"
fi
#=================================================
# GENERATE CALENDARS AND ADDRESS BOOKS FOR ALL USERS
#=================================================
ynh_script_progression --message="Generate calendars and address books for all users"
# Create default calendars and address books for each users
while read user
do
cp -a $final_path/default_collections/USER $final_path/collections/$user
cp -a $final_path/default_collections/USER.props $final_path/collections/$user.props
# List all users and remove the space after username
done <<< "$(yunohost user list | grep username | cut -d ":" -f 2 | cut -c 2-)"
#=================================================
# PREPARE THE HOOKS
#=================================================
# Modify the hooks for create user collections and to remove them.
ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="../hooks/post_user_create"
ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="../hooks/post_user_delete"
#=================================================
# SETUP SYSTEMD
#=================================================
ynh_script_progression --message="Configuring a systemd service..."
cp ../conf/radicale.ini /etc/uwsgi/apps-available/
ln -s /etc/uwsgi/apps-available/radicale.ini /etc/uwsgi/apps-enabled/
ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../conf/systemd.service"
ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="../conf/systemd.service"
# Create a dedicated systemd config
ynh_add_systemd_config
#=================================================
# GENERIC FINALIZATION
@ -266,7 +253,7 @@ ynh_use_logrotate
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..."
yunohost service add $app --log="/var/log/uwsgi/app/radicale.log"
yunohost service add $app --log="/var/log/$app"
#=================================================
# START SYSTEMD SERVICE
@ -274,7 +261,7 @@ yunohost service add $app --log="/var/log/uwsgi/app/radicale.log"
ynh_script_progression --message="Starting a systemd service..."
# Start a systemd service
ynh_systemd_action --service_name=uwsgi --action="restart"
ynh_systemd_action --service_name=$app --action="restart"
#=================================================
# SETUP SSOWAT
@ -283,19 +270,9 @@ ynh_script_progression --message="Configuring permissions..."
if [ $infcloud -eq 1 ]
then
# Add /infcloud to the path of radicale to access it from the portal
# Replace radicale by InfCloud into YunoHost portal
ynh_app_setting_set --app=$app --key=path --value="${path_url%/}/infcloud"
# Protect InfCloud access
ynh_app_setting_set --app=$app --key=protected_uris --value="/"
domain_regex=$(echo "$domain" | sed 's@-@.@g')
# Radicale is always accessible (For access to ressources)
ynh_app_setting_set --app=$app --key=skipped_regex --value="$domain_regex$path_url"
else
# If only radicale is installed
# Radicale is always accessible (For access to ressources)
ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
ynh_permission_create --permission="infcloud" --url="${path_url%/}/infcloud" --allowed="$admin" --show_tile=true
fi
ynh_permission_update --permission="main" --add="visitors" --show_tile=false
#=================================================
# RELOAD NGINX
@ -313,15 +290,14 @@ admin_panel="https://$(grep portal_domain /etc/ssowat/conf.json | cut -d'"' -f4)
if [ $infcloud -eq 1 ]
then
infcloud_config="
infcloud_config="
InfCloud has its own config file, at $final_path/infcloud/config.js
"
else
infcloud_config=""
infcloud_config=""
fi
echo "Use the file /etc/radicale/config to change the main configuration of radicale.
The file /etc/radicale/logging to change the level of logging.
And the file /etc/radicale/rights to edit the way the calendars will be shared.
$infcloud_config
You can configure this app easily by using the experimental __URL_TAG1__config-panel feature__URL_TAG2__$admin_panel/config-panel__URL_TAG3__.

10
scripts/remove
View file

@ -37,15 +37,7 @@ fi
#=================================================
ynh_script_progression --message="Stopping and removing the systemd service..."
# Delete uwsgi configuration
if [ -h "/etc/uwsgi/apps-enabled/radicale.ini" ]; then
echo "Delete uwsgi config"
ynh_secure_remove --file="/etc/uwsgi/apps-enabled/radicale.ini"
fi
ynh_secure_remove --file="/etc/uwsgi/apps-available/radicale.ini"
ynh_systemd_action --action="restart" --service_name=uwsgi
ynh_remove_systemd_config
#=================================================
# REMOVE LOGROTATE CONFIGURATION

16
scripts/restore
View file

@ -118,8 +118,16 @@ ynh_restore_file --origin_path="/etc/$app/"
#=================================================
ynh_script_progression --message="Restoring the systemd configuration..."
ynh_restore_file --origin_path="/etc/uwsgi/apps-available/radicale.ini"
ln -s /etc/uwsgi/apps-available/radicale.ini /etc/uwsgi/apps-enabled/
# if ynh_compare_current_package_version --comparison le --version 1.1.6~ynh6
version=$(ynh_app_upstream_version)
if [ $version == 1.1.6 ]
then
ynh_restore_file --origin_path="/etc/uwsgi/apps-available/radicale.ini"
ln -s /etc/uwsgi/apps-available/radicale.ini /etc/uwsgi/apps-enabled/
else
ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
systemctl enable $app.service
fi
#=================================================
# RESTORE THE LOGROTATE CONFIGURATION
@ -137,14 +145,14 @@ ynh_restore_file --origin_path="/etc/logrotate.d/$app"
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..."
yunohost service add $app --log="/var/log/uwsgi/app/radicale.log"
yunohost service add $app --log="/var/log/$app"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..."
ynh_systemd_action --service_name=uwsgi --action=restart
ynh_systemd_action --service_name=$app --action="restart"
#=================================================
# GENERIC FINALIZATION

377
scripts/upgrade
View file

@ -21,12 +21,13 @@ path_url=$(ynh_app_setting_get --app=$app --key=path)
language=$(ynh_app_setting_get --app=$app --key=language)
admin=$(ynh_app_setting_get --app=$app --key=admin)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
port=$(ynh_app_setting_get --app=$app --key=port)
infcloud=$(ynh_app_setting_get --app=$app --key=infcloud)
version=$(ynh_app_setting_get --app=$app --key=version)
overwrite_logging=$(ynh_app_setting_get --app=$app --key=overwrite_logging)
overwrite_config=$(ynh_app_setting_get --app=$app --key=overwrite_config)
overwrite_infcloud=$(ynh_app_setting_get --app=$app --key=overwrite_infcloud)
overwrite_nginx=$(ynh_app_setting_get --app=$app --key=overwrite_nginx)
overwrite_systemd=$(ynh_app_setting_get --app=$app --key=overwrite_systemd)
overwrite_phpfpm=$(ynh_app_setting_get --app=$app --key=overwrite_phpfpm)
# Optional parameters from config-panel feature
@ -52,9 +53,9 @@ ynh_script_progression --message="Backing up the app before upgrading (may take
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
ynh_clean_check_starting
# Restore it if the upgrade fails
ynh_restore_upgradebackup
ynh_clean_check_starting
# Restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
@ -77,63 +78,112 @@ ynh_app_setting_delete --app=$app --key=unprotected_regex
if [ -d /usr/local/radicale ]
then
mkdir -p /opt/yunohost
mv /usr/local/radicale /opt/yunohost/
fi
if [ -z "$version" ]
then
# Retrieve the version number in the manifest file.
version=$(ynh_app_upstream_version)
ynh_app_setting_set --app=$app --key=version --value="$version"
mkdir -p /opt/yunohost
mv /usr/local/radicale /opt/yunohost/
fi
# Fix infcloud as a boolean
if [ "$infcloud" = "Yes" ]; then
ynh_app_setting_set --app=$app --key=infcloud --value=1
infcloud=1
ynh_app_setting_set --app=$app --key=infcloud --value=1
infcloud=1
elif [ "$infcloud" = "No" ]; then
ynh_app_setting_set --app=$app --key=infcloud --value=0
infcloud=0
fi
# If overwrite_logging doesn't exist, create it
if [ -z "$overwrite_logging" ]; then
overwrite_logging=1
ynh_app_setting_set --app=$app --key=overwrite_logging --value=$overwrite_logging
ynh_app_setting_set --app=$app --key=infcloud --value=0
infcloud=0
fi
# If overwrite_config doesn't exist, create it
if [ -z "$overwrite_config" ]; then
overwrite_config=1
ynh_app_setting_set --app=$app --key=overwrite_config --value=$overwrite_config
overwrite_config=1
ynh_app_setting_set --app=$app --key=overwrite_config --value=$overwrite_config
fi
# If overwrite_infcloud doesn't exist, create it
if [ -z "$overwrite_infcloud" ]; then
overwrite_infcloud=1
ynh_app_setting_set --app=$app --key=overwrite_infcloud --value=$overwrite_infcloud
overwrite_infcloud=1
ynh_app_setting_set --app=$app --key=overwrite_infcloud --value=$overwrite_infcloud
fi
# If overwrite_nginx doesn't exist, create it
if [ -z "$overwrite_nginx" ]; then
overwrite_nginx=1
ynh_app_setting_set --app=$app --key=overwrite_nginx --value=$overwrite_nginx
overwrite_nginx=1
ynh_app_setting_set --app=$app --key=overwrite_nginx --value=$overwrite_nginx
fi
# If overwrite_systemd doesn't exist, create it
if [ -z "$overwrite_systemd" ]; then
overwrite_systemd=1
ynh_app_setting_set --app=$app --key=overwrite_systemd --value=$overwrite_systemd
fi
# If overwrite_phpfpm doesn't exist, create it
if [ -z "$overwrite_phpfpm" ]; then
overwrite_phpfpm=1
ynh_app_setting_set --app=$app --key=overwrite_phpfpm --value=$overwrite_phpfpm
overwrite_phpfpm=1
ynh_app_setting_set --app=$app --key=overwrite_phpfpm --value=$overwrite_phpfpm
fi
# Cleaning legacy permissions
if ynh_legacy_permissions_exists; then
ynh_legacy_permissions_delete_all
ynh_legacy_permissions_delete_all
ynh_app_setting_delete --app=$app --key=is_public
ynh_app_setting_delete --app=$app --key=is_public
fi
# If path_url still contains infcloud, then radicale_path doesn't exist
if [[ "$path_url" =~ "/infcloud" ]]; then
path_url="${path_url%/*}"
ynh_app_setting_set --app=$app --key=path --value=$path_url
fi
# Migrate to v2
if ynh_compare_current_package_version --comparison le --version 1.1.6~ynh6
then
ynh_print_warn --message="Migration to radicale v2+..."
# Force nginx upgrade
overwrite_nginx=1
# Force systemd upgrade
overwrite_systemd=1
# Force config upgrade
overwrite_config=1
# Migrate collections to v2 format
# Init a new temporary virtualenv
virtualenv -p python3 /opt/yunohost/radicale_v1_temp
# Install a v1 version
/opt/yunohost/radicale_v1_temp/bin/pip install radicale==1.1.* python-ldap
# Force the migration of calendars
if ! ynh_exec_warn /opt/yunohost/radicale_v1_temp/bin/python3 -m radicale --export-storage "$final_path/collections_new"
then
# Clean up if it fails to prevent further failures
ynh_secure_remove --file="/opt/yunohost/radicale_v1_temp"
ynh_secure_remove --file="$final_path/collections_new"
fi
# Backup the old collection
mv "$final_path/collections" "$final_path/collections_v1"
# And replace by the new one
mv "$final_path/collections_new" "$final_path/collections"
# Find a free port
port=$(ynh_find_port --port=5232)
ynh_app_setting_set --app=$app --key=port --value=$port
## Cleanup...
ynh_secure_remove --file="$final_path/default_collections"
ynh_secure_remove --file="$final_path/collections.props"
# Remove the temporary virtualenv
ynh_secure_remove --file="/opt/yunohost/radicale_v1_temp"
# Remove uwsgi config
ynh_secure_remove --file="$final_path/radicale.wsgi"
ynh_secure_remove --file="/etc/uwsgi/apps-enabled/radicale.ini"
ynh_secure_remove --file="/etc/uwsgi/apps-available/radicale.ini"
ynh_systemd_action --service_name=uwsgi --action="restart"
# Set permissions
if [ $infcloud -eq 1 ]
then
ynh_permission_create --permission="infcloud" --url="${path_url%/}/infcloud" --allowed="$admin" --show_tile=true
fi
ynh_permission_update --permission="main" --add="visitors" --show_tile=false
fi
#=================================================
# CREATE DEDICATED USER
#=================================================
@ -148,31 +198,21 @@ ynh_system_user_create --username=$app --home_dir="$final_path"
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
ynh_script_progression --message="Upgrading source files..."
ynh_script_progression --message="Upgrading source files..."
# Copy files to the right place
mkdir -p $final_path/collections
# Copy files to the right place
cp ../conf/radicale.wsgi $final_path
# Copy extra files
cp -a ../sources/extra_files_radicale/. "$final_path"
if [ $infcloud -eq 1 ]
then
# Download and uncompress the source into final_path
ynh_setup_source --dest_dir="$final_path/infcloud" --keep="config.js"
fi
# Copy files to the right place
mkdir -p $final_path/collections
if [ $infcloud -eq 1 ]
then
# Download and uncompress the source into final_path
ynh_setup_source --dest_dir="$final_path/infcloud" --keep="config.js"
fi
fi
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chmod 750 -R "$final_path"
chown -R $app:www-data "$final_path"
chmod 666 -R $final_path/default_collections
chmod 777 $final_path/default_collections $final_path/default_collections/USER
#=================================================
# NGINX CONFIGURATION
#=================================================
@ -180,16 +220,16 @@ chmod 777 $final_path/default_collections $final_path/default_collections/USER
# Overwrite the NGINX configuration only if it's allowed
if [ $overwrite_nginx -eq 1 ]
then
ynh_script_progression --message="Upgrading NGINX web server configuration..."
ynh_script_progression --message="Upgrading NGINX web server configuration..."
# Create a dedicated NGINX config
ynh_add_nginx_config
if [ $infcloud -eq 1 ]
then
# Add InfCloud in NGINX config
ynh_replace_string --match_string="#INFCLOUD#" --replace_string="" --target_file="/etc/nginx/conf.d/$domain.d/$app.conf"
fi
ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf"
# Create a dedicated NGINX config
ynh_add_nginx_config
if [ $infcloud -eq 1 ]
then
# Add InfCloud in NGINX config
ynh_replace_string --match_string="#INFCLOUD#" --replace_string="" --target_file="/etc/nginx/conf.d/$domain.d/$app.conf"
fi
ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf"
fi
#=================================================
@ -206,15 +246,15 @@ ynh_install_app_dependencies $pkg_dependencies
if [ $infcloud -eq 1 ]
then
# Overwrite the php-fpm configuration only if it's allowed
if [ $overwrite_phpfpm -eq 1 ]
then
ynh_script_progression --message="Upgrading PHP-FPM configuration..."
# Overwrite the php-fpm configuration only if it's allowed
if [ $overwrite_phpfpm -eq 1 ]
then
ynh_script_progression --message="Upgrading PHP-FPM configuration..."
# Create a dedicated PHP-FPM config
ynh_add_fpm_config
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
fi
# Create a dedicated PHP-FPM config
ynh_add_fpm_config
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
fi
fi
#=================================================
@ -225,18 +265,28 @@ fi
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
ynh_script_progression --message="Upgrade Radicale in its virtualenv"
# Upgrade pip packages
ynh_secure_remove --file="/opt/yunohost/$app"
virtualenv /opt/yunohost/$app
version=$(ynh_app_setting_get $app version $version)
bash -c "source /opt/yunohost/radicale/bin/activate && pip install radicale==$version python-ldap"
ynh_script_progression --message="Upgrade Radicale in its virtualenv"
# Upgrade pip packages
ynh_secure_remove --file="/opt/yunohost/$app"
virtualenv -p python3 /opt/yunohost/$app
version=$(ynh_app_upstream_version)
ynh_app_setting_set --app=$app --key=version --value="$version"
/opt/yunohost/$app/bin/python3 -m pip install radicale==$version passlib bcrypt
# regex.py file is patched to fix the awful commit e807c3d35bea9cfcfcacac83b1b17d748ea15a39 that stop the reading of "rights" file after the first match.
mv "$final_path/regex.py" /opt/yunohost/$app/lib/python*/site-packages/radicale/rights/regex.py
# Add LDAP plugin
# (cd /opt/yunohost/$app
# set +u; source bin/activate
# # git clone https://github.com/marcoh00/radicale-auth-ldap
# git clone https://github.com/cloudron-io/radicale-auth-ldap
# cd radicale-auth-ldap
# python3 -m pip install .)
# Use htpasswd instead of ldap
touch /etc/radicale/users
fi
chown radicale: -R /opt/yunohost/$app
find /opt/yunohost/$app/ -type d -exec chmod 2755 {} \;
find /opt/yunohost/$app/ -type f -exec chmod g+r,o+r {} \;
@ -245,16 +295,10 @@ find /opt/yunohost/$app/ -type f -exec chmod g+r,o+r {} \;
#=================================================
ynh_script_progression --message="Reconfigure Radicale"
# Overwrite the logging config file only if it's allowed
if [ $overwrite_logging -eq 1 ]
then
ynh_add_config --template="../conf/logging" --destination="/etc/$app/logging"
fi
# Overwrite the config file only if it's allowed
if [ $overwrite_config -eq 1 ]
then
ynh_add_config --template="../conf/config" --destination="/etc/$app/config"
ynh_add_config --template="../conf/config" --destination="/etc/$app/config"
fi
chmod 755 /etc/$app/
@ -263,86 +307,72 @@ chmod 644 /etc/$app/*
# Overwrite the InfCloud config file only if it's allowed
if [ $infcloud -eq 1 ]
then
if [ $overwrite_infcloud -eq 1 ]
then
# InfCloud configuration
# Set language
case "$language" in
"Czech") language="cs_CZ"
;;
"Danish") language="da_DK"
;;
"German") language="de_DE"
;;
"English/US") language="en_US"
;;
"Spanish") language="es_ES"
;;
"French") language="fr_FR"
;;
"Italian") language="it_IT"
;;
"Japan") language="ja_JP"
;;
"Hungarian") language="hu_HU"
;;
"Dutch") language="nl_NL"
;;
"Slovak") language="sk_SK"
;;
"Turkish") language="tr_TR"
;;
"Russian") language="ru_RU"
;;
"Ukrainian") language="uk_UA"
;;
"Chinese") language="zh_CN"
;;
esac
ynh_app_setting_set --app=$app --key=language --value=$language
timezone=$(cat /etc/timezone)
ynh_add_config --template="../conf/config.js" --destination="$final_path/infcloud/config.js"
if [ $overwrite_infcloud -eq 1 ]
then
# InfCloud configuration
# Set language
case "$language" in
"Czech") language="cs_CZ"
;;
"Danish") language="da_DK"
;;
"German") language="de_DE"
;;
"English/US") language="en_US"
;;
"Spanish") language="es_ES"
;;
"French") language="fr_FR"
;;
"Italian") language="it_IT"
;;
"Japan") language="ja_JP"
;;
"Hungarian") language="hu_HU"
;;
"Dutch") language="nl_NL"
;;
"Slovak") language="sk_SK"
;;
"Turkish") language="tr_TR"
;;
"Russian") language="ru_RU"
;;
"Ukrainian") language="uk_UA"
;;
"Chinese") language="zh_CN"
;;
esac
ynh_app_setting_set --app=$app --key=language --value=$language
timezone=$(cat /etc/timezone)
ynh_add_config --template="../conf/config.js" --destination="$final_path/infcloud/config.js"
# Optional parameters from config-panel feature
if [ -n "$firstdayofweek" ]; then
ynh_replace_string --match_string="\(^var globalDatepickerFirstDayOfWeek=\).*" --replace_string="\1$firstdayofweek;" --target_file="$final_path/infcloud/config.js"
fi
if [ -n "$activeview" ]; then
ynh_replace_string --match_string="\(^var globalActiveView=\).*" --replace_string="\1\'$activeview\';" --target_file="$final_path/infcloud/config.js"
fi
if [ -n "$openformmode" ]; then
ynh_replace_string --match_string="\(^var globalOpenFormMode=\).*" --replace_string="\1\'$openformmode\';" --target_file="$final_path/infcloud/config.js"
fi
if [ -n "$startofbusiness" ]; then
ynh_replace_string --match_string="\(^var globalCalendarStartOfBusiness=\).*" --replace_string="\1$startofbusiness;" --target_file="$final_path/infcloud/config.js"
fi
if [ -n "$endofbusiness" ]; then
ynh_replace_string --match_string="\(^var globalCalendarEndOfBusiness=\).*" --replace_string="\1$endofbusiness;" --target_file="$final_path/infcloud/config.js"
fi
if [ -n "$defaulteventduration" ]; then
ynh_replace_string --match_string="\(^var globalDefaultEventDuration=\).*" --replace_string="\1$defaulteventduration;" --target_file="$final_path/infcloud/config.js"
fi
# Recalculate and store the checksum of the file for the next upgrade.
ynh_store_file_checksum --file="$final_path/infcloud/config.js"
chmod 440 "$final_path/infcloud/config.js"
chown $app:www-data "$final_path/infcloud/config.js"
fi
# Optional parameters from config-panel feature
if [ -n "$firstdayofweek" ]; then
ynh_replace_string --match_string="\(^var globalDatepickerFirstDayOfWeek=\).*" --replace_string="\1$firstdayofweek;" --target_file="$final_path/infcloud/config.js"
fi
if [ -n "$activeview" ]; then
ynh_replace_string --match_string="\(^var globalActiveView=\).*" --replace_string="\1\'$activeview\';" --target_file="$final_path/infcloud/config.js"
fi
if [ -n "$openformmode" ]; then
ynh_replace_string --match_string="\(^var globalOpenFormMode=\).*" --replace_string="\1\'$openformmode\';" --target_file="$final_path/infcloud/config.js"
fi
if [ -n "$startofbusiness" ]; then
ynh_replace_string --match_string="\(^var globalCalendarStartOfBusiness=\).*" --replace_string="\1$startofbusiness;" --target_file="$final_path/infcloud/config.js"
fi
if [ -n "$endofbusiness" ]; then
ynh_replace_string --match_string="\(^var globalCalendarEndOfBusiness=\).*" --replace_string="\1$endofbusiness;" --target_file="$final_path/infcloud/config.js"
fi
if [ -n "$defaulteventduration" ]; then
ynh_replace_string --match_string="\(^var globalDefaultEventDuration=\).*" --replace_string="\1$defaulteventduration;" --target_file="$final_path/infcloud/config.js"
fi
# Recalculate and store the checksum of the file for the next upgrade.
ynh_store_file_checksum --file="$final_path/infcloud/config.js"
chmod 440 "$final_path/infcloud/config.js"
chown $app:www-data "$final_path/infcloud/config.js"
fi
fi
#=================================================
# CONFIGURE UWSGI FOR RADICALE
#=================================================
cp ../conf/radicale.ini /etc/uwsgi/apps-available/
#=================================================
# PREPARE THE HOOKS
#=================================================
# Modify the hooks for create user collections and to remove them.
ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="../hooks/post_user_create"
ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="../hooks/post_user_delete"
#=================================================
# GENERIC FINALIZATION
#=================================================
@ -357,19 +387,33 @@ chown radicale -R /var/log/$app
# Use logrotate to manage app-specific logfile(s)
ynh_use_logrotate --non-append
#=================================================
# SETUP SYSTEMD
#=================================================
ynh_script_progression --message="Upgrading systemd configuration..." --weight=2
# Overwrite the systemd configuration only if it's allowed
if [ $overwrite_systemd -eq 1 ]
then
ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../conf/systemd.service"
ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="../conf/systemd.service"
ynh_add_systemd_config
fi
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..."
yunohost service add $app --log="/var/log/uwsgi/app/radicale.log"
yunohost service add $app --log="/var/log/$app"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..."
ynh_systemd_action --service_name=uwsgi --action="restart"
# ynh_systemd_action --service_name=uwsgi --action="restart"
ynh_systemd_action --service_name=$app --action="restart"
#=================================================
# RELOAD NGINX
@ -397,15 +441,14 @@ ynh_app_changelog || true
if [ $infcloud -eq 1 ]
then
infcloud_config="
infcloud_config="
InfCloud has its own config file, at $final_path/infcloud/config.js
"
else
infcloud_config=""
infcloud_config=""
fi
echo "Use the file /etc/radicale/config to change the main configuration of radicale.
The file /etc/radicale/logging to change the level of logging.
And the file /etc/radicale/rights to edit the way the calendars will be shared.
$infcloud_config
You can configure this app easily by using the experimental __URL_TAG1__config-panel feature__URL_TAG2__$admin_panel/config-panel__URL_TAG3__.

1
sources/extra_files_radicale/default_collections/USER.props
View file

@ -1 +0,0 @@
{"ICAL:calendar-color": "#3353fe", "tag": "VCALENDAR"}

4
sources/extra_files_radicale/default_collections/USER/calendar.ics
View file

@ -1,4 +0,0 @@
BEGIN:VCALENDAR
PRODID:-//Radicale//NONSGML Radicale Server//EN
VERSION:2.0
END:VCALENDAR

1
sources/extra_files_radicale/default_collections/USER/calendar.ics.props
View file

@ -1 +0,0 @@
{"ICAL:calendar-color": "#b5036d", "tag": "VCALENDAR"}

0
sources/extra_files_radicale/default_collections/USER/contacts.vcf
View file

1
sources/extra_files_radicale/default_collections/USER/contacts.vcf.props
View file

@ -1 +0,0 @@
{"tag": "VADDRESSBOOK"}

134
sources/extra_files_radicale/regex.py
View file

@ -1,134 +0,0 @@
# -*- coding: utf-8 -*-
#
# This file is part of Radicale Server - Calendar Server
# Copyright © 2008 Nicolas Kandel
# Copyright © 2008 Pascal Halter
# Copyright © 2008-2013 Guillaume Ayoub
#
# This library is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Radicale. If not, see <http://www.gnu.org/licenses/>.
"""
Rights management.
Rights are based on a regex-based file whose name is specified in the config
(section "right", key "file").
Authentication login is matched against the "user" key, and collection's path
is matched against the "collection" key. You can use Python's ConfigParser
interpolation values %(login)s and %(path)s. You can also get groups from the
user regex in the collection with {0}, {1}, etc.
For example, for the "user" key, ".+" means "authenticated user" and ".*"
means "anybody" (including anonymous users).
Section names are only used for naming the rule.
Leading or ending slashes are trimmed from collection's path.
"""
import re
import sys
import os.path
from .. import config, log
# Manage Python2/3 different modules
if sys.version_info[0] == 2:
from ConfigParser import ConfigParser
from StringIO import StringIO
else:
from configparser import ConfigParser
from io import StringIO
DEFINED_RIGHTS = {
"authenticated": """
[rw]
user:.+
collection:.*
permission:rw
""",
"owner_write": """
[w]
user:.+
collection:^%(login)s(/.*)?$
permission:rw
[r]
user:.+
collection:.*
permission:r
""",
"owner_only": """
[rw]
user:.+
collection:^%(login)s(/.*)?$
permission:rw
"""}
def _read_from_sections(user, collection_url, permission):
"""Get regex sections."""
filename = os.path.expanduser(config.get("rights", "file"))
rights_type = config.get("rights", "type").lower()
# Prevent "regex injection"
user_escaped = re.escape(user)
collection_url_escaped = re.escape(collection_url)
regex = ConfigParser({"login": user_escaped, "path": collection_url_escaped})
if rights_type in DEFINED_RIGHTS:
log.LOGGER.debug("Rights type '%s'" % rights_type)
regex.readfp(StringIO(DEFINED_RIGHTS[rights_type]))
elif rights_type == "from_file":
log.LOGGER.debug("Reading rights from file %s" % filename)
if not regex.read(filename):
log.LOGGER.error("File '%s' not found for rights" % filename)
return False
else:
log.LOGGER.error("Unknown rights type '%s'" % rights_type)
return False
for section in regex.sections():
re_user = regex.get(section, "user")
re_collection = regex.get(section, "collection")
log.LOGGER.debug(
"Test if '%s:%s' matches against '%s:%s' from section '%s'" % (
user, collection_url, re_user, re_collection, section))
user_match = re.match(re_user, user)
if user_match:
re_collection = re_collection.format(*user_match.groups())
if re.match(re_collection, collection_url):
log.LOGGER.debug("Section '%s' matches" % section)
# Correction du commit https://github.com/Kozea/Radicale/commit/e807c3d35bea9cfcfcacac83b1b17d748ea15a39
# Ce commit force l'arrêt de l'analyse du fichier rights à la première règle valide.
if permission in regex.get(section, "permission"):
return True
# return permission in regex.get(section, "permission")
else:
log.LOGGER.debug("Section '%s' does not match" % section)
return False
def authorized(user, collection, permission):
"""Check if the user is allowed to read or write the collection.
If the user is empty, check for anonymous rights.
"""
collection_url = collection.url.rstrip("/") or "/"
if collection_url in (".well-known/carddav", ".well-known/caldav"):
return permission == "r"
rights_type = config.get("rights", "type").lower()
return (
rights_type == "none" or
_read_from_sections(user or "", collection_url, permission))