YunoHost-Apps/radicale_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/radicale_ynh.git synced 2024-09-03 20:16:14 +02:00
Code Issues Activity Actions

Merge 62a58461e7 into 8fd34e47db

Browse source
This commit is contained in:
Maniack Crudelis 2022-11-22 13:50:34 +01:00 committed by GitHub
commit 5eed676af4
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
25 changed files with 584 additions and 765 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

22
README.md
View file

@ -5,7 +5,7 @@ It shall NOT be edited by hand.
# Radicale for YunoHost
[![Integration level](https://dash.yunohost.org/integration/radicale.svg)](https://dash.yunohost.org/appci/app/radicale) ![](https://ci-apps.yunohost.org/ci/badges/radicale.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/radicale.maintain.svg)
[![Integration level](https://dash.yunohost.org/integration/radicale.svg)](https://dash.yunohost.org/appci/app/radicale) ![Working status](https://ci-apps.yunohost.org/ci/badges/radicale.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/radicale.maintain.svg)
[![Install Radicale with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=radicale)
*[Lire ce readme en français.](./README_fr.md)*
@ -18,10 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
Radicale is a small but powerful CalDAV (calendars, todo-lists) and CardDAV (contacts) server.
**Shipped version:** 1.1.6~ynh6
**Shipped version:** 3.1.8~ynh1
## Disclaimers / important information
## Configuration
@ -46,21 +43,22 @@ Supported, with LDAP and SSO only with radicale, not for InfCloud.
## Documentation and resources
* Official app website: http://radicale.org
* Official admin documentation: https://github.com/Kozea/Radicale/blob/website/pages/user_documentation.rst
* Upstream app code repository: https://github.com/Kozea/Radicale
* YunoHost documentation for this app: https://yunohost.org/app_radicale
* Report a bug: https://github.com/YunoHost-Apps/radicale_ynh/issues
* Official app website: <http://radicale.org>
* Official admin documentation: <https://github.com/Kozea/Radicale/blob/website/pages/user_documentation.rst>
* Upstream app code repository: <https://github.com/Kozea/Radicale>
* YunoHost documentation for this app: <https://yunohost.org/app_radicale>
* Report a bug: <https://github.com/YunoHost-Apps/radicale_ynh/issues>
## Developer info
Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/radicale_ynh/tree/testing).
To try the testing branch, please proceed like that.
```
``` bash
sudo yunohost app install https://github.com/YunoHost-Apps/radicale_ynh/tree/testing --debug
or
sudo yunohost app upgrade radicale -u https://github.com/YunoHost-Apps/radicale_ynh/tree/testing --debug
```
**More info regarding app packaging:** https://yunohost.org/packaging_apps
**More info regarding app packaging:** <https://yunohost.org/packaging_apps>

28
README_fr.md
View file

@ -1,10 +1,14 @@
<!--
N.B.: This README was automatically generated by https://github.com/YunoHost/apps/tree/master/tools/README-generator
It shall NOT be edited by hand.
-->
# Radicale pour YunoHost
[![Niveau d'intégration](https://dash.yunohost.org/integration/radicale.svg)](https://dash.yunohost.org/appci/app/radicale) ![](https://ci-apps.yunohost.org/ci/badges/radicale.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/radicale.maintain.svg)
[![Niveau d'intégration](https://dash.yunohost.org/integration/radicale.svg)](https://dash.yunohost.org/appci/app/radicale) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/radicale.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/radicale.maintain.svg)
[![Installer Radicale avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=radicale)
*[Read this readme in english.](./README.md)*
*[Lire ce readme en français.](./README_fr.md)*
> *Ce package vous permet d'installer Radicale rapidement et simplement sur un serveur YunoHost.
Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.*
@ -14,10 +18,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour
Radicale est un petit mais puissant serveur CalDAV (calendriers, listes de tâches) et CardDAV (contacts).
**Version incluse :** 1.1.6~ynh6
**Version incluse :** 3.1.8~ynh1
## Avertissements / informations importantes
## Configuration
@ -42,21 +43,22 @@ Supportée, avec LDAP et SSO seulement avec radicale, pas pour InfCloud.
## Documentations et ressources
* Site officiel de l'app : http://radicale.org
* Documentation officielle de l'admin : https://github.com/Kozea/Radicale/blob/website/pages/user_documentation.rst
* Dépôt de code officiel de l'app : https://github.com/Kozea/Radicale
* Documentation YunoHost pour cette app : https://yunohost.org/app_radicale
* Signaler un bug : https://github.com/YunoHost-Apps/radicale_ynh/issues
* Site officiel de l'app : <http://radicale.org>
* Documentation officielle de l'admin : <https://github.com/Kozea/Radicale/blob/website/pages/user_documentation.rst>
* Dépôt de code officiel de l'app : <https://github.com/Kozea/Radicale>
* Documentation YunoHost pour cette app : <https://yunohost.org/app_radicale>
* Signaler un bug : <https://github.com/YunoHost-Apps/radicale_ynh/issues>
## Informations pour les développeurs
Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/radicale_ynh/tree/testing).
Pour essayer la branche testing, procédez comme suit.
```
``` bash
sudo yunohost app install https://github.com/YunoHost-Apps/radicale_ynh/tree/testing --debug
ou
sudo yunohost app upgrade radicale -u https://github.com/YunoHost-Apps/radicale_ynh/tree/testing --debug
```
**Plus d'infos sur le packaging d'applications :** https://yunohost.org/packaging_apps
**Plus d'infos sur le packaging d'applications :** <https://yunohost.org/packaging_apps>

171
conf/config
View file

@ -15,41 +15,29 @@
# IPv4 syntax: address:port
# IPv6 syntax: [address]:port
# For example: 0.0.0.0:9999, [::]:9999
# IPv6 adresses are configured to only allow IPv6 connections
#hosts = 0.0.0.0:5232
hosts = localhost:__PORT__
# Daemon flag
#daemon = False
# Max parallel connections
#max_connections = 8
# File storing the PID in daemon mode
#pid =
# Max size of request body (bytes)
#max_content_length = 100000000
# Socket timeout (seconds)
#timeout = 30
# SSL flag, enable HTTPS protocol
#ssl = False
# SSL certificate path
#certificate = /etc/apache2/ssl/server.crt
#certificate = /etc/ssl/radicale.cert.pem
# SSL private key
#key = /etc/apache2/ssl/server.key
#key = /etc/ssl/radicale.key.pem
# SSL Protocol used. See python's ssl module for available values
#protocol = PROTOCOL_SSLv23
# Ciphers available. See python's ssl module for available ciphers
#ciphers =
# Reverse DNS to resolve client address in logs
dns_lookup = True
# Root URL of Radicale (starting and ending with a slash)
base_prefix = __PATH__
# Possibility to allow URLs cleaned by a HTTP server, without the base_prefix
#can_skip_base_prefix = False
# Message displayed in the client when a password is needed
#realm = Radicale - Password Required
# CA certificate for validating clients. This can be used to secure
# TCP traffic between Radicale and a reverse proxy
#certificate_authority =
[encoding]
@ -61,89 +49,63 @@ request = utf-8
stock = utf-8
[well-known]
# Path where /.well-known/caldav/ is redirected
#caldav = '/%(user)s/caldav/'
# Path where /.well-known/carddav/ is redirected
#carddav = '/%(user)s/carddav/'
[auth]
# Authentication method
# Value: None | htpasswd | IMAP | LDAP | PAM | courier | http | remote_user | custom
type = LDAP
# Custom authentication handler
#custom_handler =
# Value: none | htpasswd | remote_user | http_x_remote_user
#type = none
type = htpasswd
# Htpasswd filename
#htpasswd_filename = /etc/radicale/users
htpasswd_filename = /etc/radicale/users
# Htpasswd encryption method
# Value: plain | sha1 | ssha | crypt
#htpasswd_encryption = crypt
# Value: plain | bcrypt | md5
# bcrypt requires the installation of radicale[bcrypt].
htpasswd_encryption = bcrypt
# Incorrect authentication delay (seconds)
#delay = 1
# Message displayed in the client when a password is needed
#realm = Radicale - Password Required
# LDAP doesn't work for now...
# type = radicale_auth_ldap
# LDAP server URL, with protocol and port
ldap_url = ldap://localhost:389/
# ldap_url = ldap://localhost:389/
# LDAP base path
ldap_base = ou=users,dc=yunohost,dc=org
# ldap_base = ou=users,dc=yunohost,dc=org
# LDAP login attribute
ldap_attribute = uid
# ldap_attribute = uid
# LDAP filter string
# placed as X in a query of the form (&(...)X)
# example: (objectCategory=Person)(objectClass=User)(memberOf=cn=calenderusers,ou=users,dc=example,dc=org)
# leave empty if no additional filter is needed
ldap_filter =
# ldap_filter =
# LDAP dn for initial login, used if LDAP server does not allow anonymous searches
# Leave empty if searches are anonymous
#ldap_binddn =
# ldap_binddn =
# LDAP password for initial login, used with ldap_binddn
#ldap_password =
# ldap_password =
# LDAP scope of the search
ldap_scope = OneLevel
# IMAP Configuration
#imap_hostname = localhost
#imap_port = 143
#imap_ssl = False
# PAM group user should be member of
#pam_group_membership =
# Path to the Courier Authdaemon socket
#courier_socket =
# HTTP authentication request URL endpoint
#http_url =
# POST parameter to use for username
#http_user_parameter =
# POST parameter to use for password
#http_password_parameter =
[git]
# Git default options
#committer = Radicale <radicale@example.com>
# ldap_scope = OneLevel
# LDAP extended option
# If the server is samba, ldap_support_extended is should be no
# ldap_support_extended = yes
[rights]
# Rights backend
# Value: None | authenticated | owner_only | owner_write | from_file | custom
type = from_file
# Custom rights handler
#custom_handler =
# Value: none | authenticated | owner_only | owner_write | from_file
#type = owner_only
# File for rights management from_file
file = /etc/radicale/rights
@ -152,37 +114,35 @@ file = /etc/radicale/rights
[storage]
# Storage backend
# -------
# WARNING: ONLY "filesystem" IS DOCUMENTED AND TESTED,
# OTHER BACKENDS ARE NOT READY FOR PRODUCTION.
# -------
# Value: filesystem | multifilesystem | database | custom
type = filesystem
# Custom storage handler
#custom_handler =
# Value: multifilesystem | multifilesystem_nolock
#type = multifilesystem
# Folder for storing local collections, created if not present
filesystem_folder = __FINALPATH__/collections
# Database URL for SQLAlchemy
# dialect+driver://user:password@host/dbname[?key=value..]
# For example: sqlite:///var/db/radicale.db, postgresql://user:password@localhost/radicale
# See http://docs.sqlalchemy.org/en/rel_0_8/core/engines.html#sqlalchemy.create_engine
#database_url =
# Delete sync token that are older (seconds)
#max_sync_token_age = 2592000
# Command that is run after changes to storage
# Example: ([ -d .git ] || git init) && git add -A && (git diff --cached --quiet || git commit -m "Changes by "%(user)s)
#hook =
[web]
# Web interface backend
# Value: none | internal
#type = internal
[logging]
# Logging configuration file
# If no config is given, simple information is printed on the standard output
# For more information about the syntax of the configuration file, see:
# http://docs.python.org/library/logging.config.html
config = /etc/radicale/logging
# Set the default logging level to debug
debug = False
# Store all environment variables (including those set in the shell)
full_environment = False
# Threshold for the logger
# Value: debug | info | warning | error | critical
#level = warning
# Don't include passwords in logs
#mask_passwords = True
[headers]
@ -192,3 +152,10 @@ Access-Control-Allow-Origin = *
Access-Control-Allow-Methods = GET, POST, OPTIONS, PROPFIND, PROPPATCH, REPORT, PUT, MOVE, DELETE, LOCK, UNLOCK
Access-Control-Allow-Headers = User-Agent, Authorization, Content-type, Depth, If-match, If-None-Match, Lock-Token, Timeout, Destination, Overwrite, X-clie$
Access-Control-Expose-Headers = Etag
#type = LDAP
#ldap_url = ldap://localhost:389/
#ldap_base = ou=users,dc=yunohost,dc=org
#ldap_attribute = uid
#ldap_filter =
#ldap_scope = OneLevel

49
conf/logging
View file

@ -1,49 +0,0 @@
# Loggers, handlers and formatters keys
[loggers]
# Loggers names, main configuration slots
keys = root
[handlers]
# Logging handlers, defining logging output methods
keys = console,file
[formatters]
# Logging formatters
keys = simple,full
# Loggers
[logger_root]
# Root logger
level = INFO
handlers = console,file
# Handlers
[handler_console]
# Console handler
class = StreamHandler
level = INFO
args = (sys.stdout,)
formatter = simple
[handler_file]
# File handler
class = FileHandler
level = INFO
args = ('/var/log/radicale/radicale.log',)
formatter = full
# Formatters
[formatter_simple]
# Simple output format
format = %(message)s
[formatter_full]
# Full output format
format = %(asctime)s - %(levelname)s: %(message)s

49
conf/nginx.conf
View file

@ -1,26 +1,35 @@
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
# location __PATH__/ {
# try_files $uri @radicale;
# }
#
# location @radicale {
# uwsgi_pass unix:///run/uwsgi/app/radicale/socket;
# include uwsgi_params;
# uwsgi_param QUERY_STRING $query_string;
# uwsgi_param REQUEST_METHOD $request_method;
# uwsgi_param CONTENT_TYPE $content_type;
# uwsgi_param CONTENT_LENGTH $content_length;
#
# uwsgi_param REQUEST_URI $request_uri;
# uwsgi_param PATH_INFO $document_uri;
# uwsgi_param DOCUMENT_ROOT $document_root;
# uwsgi_param SERVER_PROTOCOL $server_protocol;
# uwsgi_param HTTPS $https if_not_empty;
#
# uwsgi_param REMOTE_ADDR $remote_addr;
# uwsgi_param REMOTE_PORT $remote_port;
# uwsgi_param SERVER_PORT $server_port;
# uwsgi_param SERVER_NAME $server_name;
# }
location __PATH__/ {
try_files $uri @radicale;
}
proxy_pass http://localhost:__PORT__/;
proxy_set_header X-Script-Name __PATH__;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
location @radicale {
uwsgi_pass unix:///run/uwsgi/app/radicale/socket;
include uwsgi_params;
uwsgi_param QUERY_STRING $query_string;
uwsgi_param REQUEST_METHOD $request_method;
uwsgi_param CONTENT_TYPE $content_type;
uwsgi_param CONTENT_LENGTH $content_length;
uwsgi_param REQUEST_URI $request_uri;
uwsgi_param PATH_INFO $document_uri;
uwsgi_param DOCUMENT_ROOT $document_root;
uwsgi_param SERVER_PROTOCOL $server_protocol;
uwsgi_param HTTPS $https if_not_empty;
uwsgi_param REMOTE_ADDR $remote_addr;
uwsgi_param REMOTE_PORT $remote_port;
uwsgi_param SERVER_PORT $server_port;
uwsgi_param SERVER_NAME $server_name;
proxy_set_header X-Remote-User $remote_user;
# proxy_pass_header Authorization;
}
#INFCLOUD#location __PATH__/infcloud {

24
conf/radicale.ini
View file

@ -1,24 +0,0 @@
[uwsgi]
# Who will run the code
uid = radicale
gid = radicale
# Number of workers
workers = 4
# The right granted on the created socket
chmod-socket = 666
# Plugin to use and interpretor config
single-interpreter = true
master = true
plugin = python
# Application base folder
base = /opt/yunohost/radicale
# Virtualenv and python path
virtualenv = /opt/yunohost/radicale
pythonpath = /opt/yunohost/radicale
chdir= /var/www/radicale
wsgi-file=/var/www/radicale/radicale.wsgi

29
conf/radicale.wsgi
View file

@ -1,29 +0,0 @@
#!/usr/bin/env python
# -*- coding: utf-8 -*-
#
# This file is part of Radicale Server - Calendar Server
# Copyright © 2011-2013 Guillaume Ayoub
#
# This library is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Radicale. If not, see <http://www.gnu.org/licenses/>.
"""
Radicale WSGI file (mod_wsgi and uWSGI compliant).
"""
import radicale
radicale.log.start()
application = radicale.Application()

166
conf/rights
View file

@ -1,12 +1,116 @@
# Rights are based on a regex-based file whose name is specified in the config (section "right", key "file").
# -*- mode: conf -*-
# vim:ft=cfg
# Rights management file for Radicale - A simple calendar server
#
# Authentication login is matched against the "user" key, and collection's path is matched against the "collection" key. You can use Python's ConfigParser interpolation values %(login)s and %(path)s. You can also get groups from the user regex in the collection with {0}, {1}, etc.
# The default path for this file is /etc/radicale/rights
# The path can be specified in the rights section of the configuration file
#
# For example, for the "user" key, ".+" means "authenticated user" and ".*" means "anybody" (including anonymous users).
#
# Section names are only used for naming the rule.
#
# Leading or ending slashes are trimmed from collection's path.
# Section names are used for naming rules and must be unique.
# The first rule matching both user and collection patterns will be used.
# Example: owner_only plugin
# Allow reading root collection for authenticated users
#[root]
#user: .+
#collection:
#permissions: R
# Allow reading and writing principal collection (same as username)
#[principal]
#user: .+
#collection: {user}
#permissions: RW
# Allow reading and writing calendars and address books that are direct
# children of the principal collection
#[calendars]
#user: .+
#collection: {user}/[^/]+
#permissions: rw
# Example: owner_write plugin
# Only listed additional rules for the owner_only plugin example.
# Allow reading principal collections of all users
#[read-all-principals]
#user: .+
#collection: [^/]+
#permissions: R
# Allow reading all calendars and address books that are direct children of any
# principal collection
#[read-all-calendars]
#user: .+
#collection: [^/]+/[^/]+
#permissions: r
# Example: authenticated plugin
# Allow reading and writing root and principal collections of all users
#[root-and-principals]
#user: .+
#collection: [^/]*
#permissions: RW
# Allow reading and writing all calendars and address books that are direct
# children of any principal collection
#[calendars]
#user: .+
#collection: [^/]+/[^/]+
#permissions: rw
# Example: Allow user "admin" to read everything
#[admin-read-all]
#user: admin
#collection: .*
#permissions: Rr
# Example: Allow everybody (including unauthenticated users) to read
# the collection "public"
# Allow reading collection "public" for authenticated users
#[public-principal]
#user: .+
#collection: public
#permissions: R
# Allow reading all calendars and address books that are direct children of
# the collection "public" for authenticated users
#[public-calendars]
#user: .+
#collection: public/[^/]+
#permissions: r
# Allow access to public calendars and address books via HTTP GET for everyone
#[public-calendars-restricted]
#user: .*
#collection: public/[^/]+
#permissions: i
# Example: Grant users of the form user@domain.tld read access to the
# collection "domain.tld"
# Allow reading the domain collection
#[read-domain-principal]
#user: .+@([^@]+)
#collection: {0}
#permissions: R
# Allow reading all calendars and address books that are direct children of
# the domain collection
#[read-domain-calendars]
#user: .+@([^@]+)
#collection: {0}/[^/]+
#permissions: r
# User can read the root of all collection. And discovers your collection.
[user-read-root-collection]
@ -17,51 +121,5 @@ permission: r
# Give read and write access to owners
[owner-read-write]
user: .+
collection: ^%(login)s|^%(login)s/.*
collection: ^{user}|^{user}/.*
permission: rw
### EXAMPLES:
## Allow authenticated user to read all collections
# [allow-everyone-read]
# user: .+
# collection: .*
# permission: r
## This means all users starting with "admin" may read any collection
# [admin]
# user: ^admin.*$
# collection: .*
# permission: r
## A little more complex: give read access to users from a domain for all
# collections of all the users (ie. user@domain.tld can read domain/\*).
# [domain-wide-access]
# user: ^.+@(.+)\..+$
# collection: ^{0}/.+$
# permission: r
## This means all users may read and write any collection starting with public.
# [public]
# user: .*
# collection: ^public(/.+)?$
# permission: rw
## Partage public en lecture seule d'un agenda
# [public for readonly]
# user: .*
# collection: ^utilisateur/nom_calendrier.ics$
# permission: r
## Partage public en lecture/écriture d'un agenda
# [public for read/write]
# user: .*
# collection: ^utilisateur/nom_calendrier.ics$
# permission: rw
# [user1 can read and write user2/shared2]
# user: ^user1$
# collection: ^user2/shared2.ics$
# permission: rw

24
conf/systemd.service Normal file
View file

@ -0,0 +1,24 @@
[Unit]
Description=A simple CalDAV (calendar) and CardDAV (contact) server
After=network.target
Requires=network.target
[Service]
ExecStart=/opt/yunohost/__APP__/bin/python3 -m radicale
Restart=on-failure
User=radicale
# Deny other users access to the calendar data
UMask=0027
# Optional security settings
PrivateTmp=true
ProtectSystem=strict
ProtectHome=true
PrivateDevices=true
ProtectKernelTunables=true
ProtectKernelModules=true
ProtectControlGroups=true
NoNewPrivileges=true
ReadWritePaths=__FINALPATH__/collections /var/log/__APP__
[Install]
WantedBy=multi-user.target

7
hooks/post_user_create
View file

@ -1,7 +0,0 @@
#!/bin/bash
user=$1
final_path=__FINALPATH__
sudo cp -a $final_path/default_collections/USER $final_path/collections/$user
sudo cp -a $final_path/default_collections/USER.props $final_path/collections/$user.props

6
hooks/post_user_delete
View file

@ -1,6 +0,0 @@
#!/bin/bash
user=$1
final_path=__FINALPATH__
sudo rm -r $final_path/collections/$user

2
manifest.json
View file

@ -6,7 +6,7 @@
"en": "CalDAV (calendar) and CardDAV (contact) synchronization server",
"fr": "Serveur de synchronisation CalDAV et CardDAV"
},
"version": "1.1.6~ynh6",
"version": "3.1.8~ynh1",
"url": "http://radicale.org",
"upstream": {
"license": "GPL-3.0,AGPL-3.0",

4
scripts/_common.sh
View file

@ -6,7 +6,9 @@
YNH_PHP_VERSION="7.3"
pkg_dependencies="python-pip python-virtualenv virtualenv python-dev libldap2-dev libsasl2-dev libssl-dev uwsgi uwsgi-plugin-python"
# pkg_dependencies="python-pip python-virtualenv virtualenv python-dev libldap2-dev libsasl2-dev libssl-dev uwsgi uwsgi-plugin-python"
pkg_dependencies="python3-pip python3-virtualenv virtualenv python3-dev libldap2-dev libsasl2-dev libssl-dev bcrypt apache2-utils"
# bcrypt and apache2-utils are used in replacement of ldap...
#=================================================
# BOOLEAN CONVERTER

7
scripts/backup
View file

@ -71,7 +71,12 @@ ynh_backup --src_path="/etc/logrotate.d/$app"
# BACKUP SYSTEMD
#=================================================
ynh_backup --src_path="/etc/uwsgi/apps-available/radicale.ini"
if [ -e "/etc/uwsgi/apps-available/radicale.ini" ]
then
ynh_backup --src_path="/etc/uwsgi/apps-available/radicale.ini"
else
ynh_backup --src_path="/etc/systemd/system/$app.service"
fi
#=================================================
# BACKUP VARIOUS FILES

23
scripts/change_url
View file

@ -28,6 +28,7 @@ ynh_script_progression --message="Loading installation settings..."
# Needed for helper "ynh_add_nginx_config"
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
port=$(ynh_app_setting_get --app=$app --key=port)
infcloud=$(ynh_app_setting_get --app=$app --key=infcloud)
@ -83,6 +84,11 @@ ynh_script_progression --message="Updating NGINX web server configuration..."
nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
# If path_url contains infcloud, remove it
if [[ "$path_url" =~ "/infcloud" ]]; then
path_url="${path_url%/*}"
fi
# Change the path in the NGINX config file
if [ $change_path -eq 1 ]
then
@ -110,26 +116,11 @@ fi
#=================================================
# MODIFY CONFIG FILES
#=================================================
ynh_replace_string --match_string="^base_prefix = $old_path.*" --replace_string="base_prefix = ${new_path%/}/" --target_file="/etc/$app/config"
if [ $infcloud -eq 1 ]; then
ynh_replace_string --match_string="href: 'https://$old_domain$old_path'," --replace_string="href: 'https://$new_domain${new_path%/}/'," --target_file="$final_path/infcloud/config.js"
fi
#=================================================
# UPDATE SSOWAT
#=================================================
if [ $infcloud -eq 1 ]
then
ynh_script_progression --message="Reconfigure SSOwat"
# Add /infcloud to the path of radicale to access it from the portal
echo "sudo yunohost --verbose app setting $app path -v \"${new_path%/}/infcloud\"; sudo yunohost app ssowatconf" | at now + 1 min >&2
domain_regex=$(echo "$new_domain" | sed 's@-@.@g')
# Radicale is always accessible (For access to ressources)
ynh_app_setting_set --app=$app --key=skipped_regex --value="$domain_regex$new_path"
fi
#=================================================
# GENERIC FINALISATION
#=================================================
@ -138,7 +129,7 @@ fi
ynh_script_progression --message="Starting a systemd service..."
# Start a systemd service
ynh_systemd_action --service_name=uwsgi --action="restart"
ynh_systemd_action --service_name=$app --action="restart"
#=================================================
# RELOAD NGINX

194
scripts/install
View file

@ -14,7 +14,7 @@ source /usr/share/yunohost/helpers
#=================================================
ynh_clean_setup () {
ynh_clean_check_starting
ynh_clean_check_starting
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
@ -33,6 +33,7 @@ app=$YNH_APP_INSTANCE_NAME
# Retrieve the version number in the manifest file.
version=$(ynh_app_upstream_version)
ynh_print_warn $version
#=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
@ -56,15 +57,24 @@ ynh_app_setting_set --app=$app --key=admin --value=$admin
ynh_app_setting_set --app=$app --key=infcloud --value=$infcloud
ynh_app_setting_set --app=$app --key=version --value=$version
ynh_app_setting_set --app=$app --key=overwrite_logging --value="1"
ynh_app_setting_set --app=$app --key=overwrite_config --value="1"
ynh_app_setting_set --app=$app --key=overwrite_infcloud --value="1"
ynh_app_setting_set --app=$app --key=overwrite_nginx --value="1"
ynh_app_setting_set --app=$app --key=overwrite_systemd --value="1"
ynh_app_setting_set --app=$app --key=overwrite_phpfpm --value="1"
ynh_app_setting_set --app=$app --key=admin_mail_html --value="1"
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# FIND AND OPEN A PORT
#=================================================
ynh_script_progression --message="Configuring firewall..."
# Find a free port
port=$(ynh_find_port --port=5232)
ynh_app_setting_set --app=$app --key=port --value=$port
#=================================================
# INSTALL DEPENDENCIES
#=================================================
@ -89,26 +99,15 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path
# Create the directory and set the path in the config
mkdir -p "$final_path/collections"
# Copy files to the right place
cp ../conf/radicale.wsgi $final_path
# Copy extra files
cp -a ../sources/extra_files_radicale/. "$final_path"
if [ $infcloud -eq 1 ]
then
# Download and uncompress the source into final_path
ynh_setup_source --dest_dir="$final_path/infcloud"
# Download and uncompress the source into final_path
ynh_setup_source --dest_dir="$final_path/infcloud"
fi
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chmod 750 -R "$final_path"
chown -R $app:www-data "$final_path"
# Set default permissions as radicale do.
chmod 666 -R $final_path/default_collections
chmod 777 $final_path/default_collections $final_path/default_collections/USER
#=================================================
# NGINX CONFIGURATION
#=================================================
@ -119,8 +118,8 @@ ynh_add_nginx_config
if [ $infcloud -eq 1 ]
then
# Add InfCloud in NGINX config
ynh_replace_string --match_string="#INFCLOUD#" --replace_string="" --target_file="/etc/nginx/conf.d/$domain.d/$app.conf"
# Add InfCloud in NGINX config
ynh_replace_string --match_string="#INFCLOUD#" --replace_string="" --target_file="/etc/nginx/conf.d/$domain.d/$app.conf"
fi
ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf"
@ -130,11 +129,11 @@ ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf"
if [ $infcloud -eq 1 ]
then
ynh_script_progression --message="Configuring PHP-FPM..."
ynh_script_progression --message="Configuring PHP-FPM..."
# Create a dedicated PHP-FPM config
ynh_add_fpm_config
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
# Create a dedicated PHP-FPM config
ynh_add_fpm_config
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
fi
#=================================================
@ -145,14 +144,23 @@ fi
ynh_script_progression --message="Install Radicale in a virtualenv"
# Init virtualenv
virtualenv /opt/yunohost/$app
version=$(ynh_app_setting_get --app=$app --key=version)
/opt/yunohost/$app/bin/pip install radicale==$version python-ldap
virtualenv -p python3 /opt/yunohost/$app
version=$(ynh_app_upstream_version)
ynh_app_setting_set --app=$app --key=version --value="$version"
/opt/yunohost/$app/bin/python3 -m pip install radicale==$version passlib bcrypt
# regex.py file is patched to fix the awful commit e807c3d35bea9cfcfcacac83b1b17d748ea15a39 that stop the reading of "rights" file after the first match.
mv "$final_path/regex.py" /opt/yunohost/$app/lib/python*/site-packages/radicale/rights/regex.py
# Add LDAP plugin
# (cd /opt/yunohost/$app
# set +u; source bin/activate
# # git clone https://github.com/marcoh00/radicale-auth-ldap
# git clone https://github.com/cloudron-io/radicale-auth-ldap
# cd radicale-auth-ldap
# python3 -m pip install .)
# Use htpasswd instead of ldap
touch /etc/radicale/users
# sudo htpasswd -B -c /etc/radicale/users username
# useradd radicale -d /opt/yunohost/$app
chown radicale: -R /opt/yunohost/$app
find /opt/yunohost/$app/ -type d -exec chmod 2755 {} \;
@ -167,8 +175,6 @@ mkdir -p /etc/$app
ynh_add_config --template="../conf/config" --destination="/etc/$app/config"
ynh_add_config --template="../conf/logging" --destination="/etc/$app/logging"
ynh_add_config --template="../conf/rights" --destination="/etc/$app/rights"
chmod 755 /etc/$app/
@ -176,76 +182,57 @@ chmod 644 /etc/$app/*
if [ $infcloud -eq 1 ]
then
# InfCloud configuration
# Set language
case "$language" in
"Czech") language="cs_CZ"
;;
"Danish") language="da_DK"
;;
"German") language="de_DE"
;;
"English/US") language="en_US"
;;
"Spanish") language="es_ES"
;;
"French") language="fr_FR"
;;
"Italian") language="it_IT"
;;
"Japan") language="ja_JP"
;;
"Hungarian") language="hu_HU"
;;
"Dutch") language="nl_NL"
;;
"Slovak") language="sk_SK"
;;
"Turkish") language="tr_TR"
;;
"Russian") language="ru_RU"
;;
"Ukrainian") language="uk_UA"
;;
"Chinese") language="zh_CN"
;;
esac
ynh_app_setting_set --app=$app --key=language --value=$language
timezone=$(cat /etc/timezone)
ynh_add_config --template="../conf/config.js" --destination="$final_path/infcloud/config.js"
# InfCloud configuration
# Set language
case "$language" in
"Czech") language="cs_CZ"
;;
"Danish") language="da_DK"
;;
"German") language="de_DE"
;;
"English/US") language="en_US"
;;
"Spanish") language="es_ES"
;;
"French") language="fr_FR"
;;
"Italian") language="it_IT"
;;
"Japan") language="ja_JP"
;;
"Hungarian") language="hu_HU"
;;
"Dutch") language="nl_NL"
;;
"Slovak") language="sk_SK"
;;
"Turkish") language="tr_TR"
;;
"Russian") language="ru_RU"
;;
"Ukrainian") language="uk_UA"
;;
"Chinese") language="zh_CN"
;;
esac
ynh_app_setting_set --app=$app --key=language --value=$language
timezone=$(cat /etc/timezone)
ynh_add_config --template="../conf/config.js" --destination="$final_path/infcloud/config.js"
chmod 440 "$final_path/infcloud/config.js"
chown $app:www-data "$final_path/infcloud/config.js"
chmod 440 "$final_path/infcloud/config.js"
chown $app:www-data "$final_path/infcloud/config.js"
fi
#=================================================
# GENERATE CALENDARS AND ADDRESS BOOKS FOR ALL USERS
#=================================================
ynh_script_progression --message="Generate calendars and address books for all users"
# Create default calendars and address books for each users
while read user
do
cp -a $final_path/default_collections/USER $final_path/collections/$user
cp -a $final_path/default_collections/USER.props $final_path/collections/$user.props
# List all users and remove the space after username
done <<< "$(yunohost user list | grep username | cut -d ":" -f 2 | cut -c 2-)"
#=================================================
# PREPARE THE HOOKS
#=================================================
# Modify the hooks for create user collections and to remove them.
ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="../hooks/post_user_create"
ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="../hooks/post_user_delete"
#=================================================
# SETUP SYSTEMD
#=================================================
ynh_script_progression --message="Configuring a systemd service..."
cp ../conf/radicale.ini /etc/uwsgi/apps-available/
ln -s /etc/uwsgi/apps-available/radicale.ini /etc/uwsgi/apps-enabled/
ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../conf/systemd.service"
ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="../conf/systemd.service"
# Create a dedicated systemd config
ynh_add_systemd_config
#=================================================
# GENERIC FINALIZATION
@ -266,7 +253,7 @@ ynh_use_logrotate
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..."
yunohost service add $app --log="/var/log/uwsgi/app/radicale.log"
yunohost service add $app --log="/var/log/$app"
#=================================================
# START SYSTEMD SERVICE
@ -274,7 +261,7 @@ yunohost service add $app --log="/var/log/uwsgi/app/radicale.log"
ynh_script_progression --message="Starting a systemd service..."
# Start a systemd service
ynh_systemd_action --service_name=uwsgi --action="restart"
ynh_systemd_action --service_name=$app --action="restart"
#=================================================
# SETUP SSOWAT
@ -283,19 +270,9 @@ ynh_script_progression --message="Configuring permissions..."
if [ $infcloud -eq 1 ]
then
# Add /infcloud to the path of radicale to access it from the portal
# Replace radicale by InfCloud into YunoHost portal
ynh_app_setting_set --app=$app --key=path --value="${path_url%/}/infcloud"
# Protect InfCloud access
ynh_app_setting_set --app=$app --key=protected_uris --value="/"
domain_regex=$(echo "$domain" | sed 's@-@.@g')
# Radicale is always accessible (For access to ressources)
ynh_app_setting_set --app=$app --key=skipped_regex --value="$domain_regex$path_url"
else
# If only radicale is installed
# Radicale is always accessible (For access to ressources)
ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
ynh_permission_create --permission="infcloud" --url="${path_url%/}/infcloud" --allowed="$admin" --show_tile=true
fi
ynh_permission_update --permission="main" --add="visitors" --show_tile=false
#=================================================
# RELOAD NGINX
@ -313,15 +290,14 @@ admin_panel="https://$(grep portal_domain /etc/ssowat/conf.json | cut -d'"' -f4)
if [ $infcloud -eq 1 ]
then
infcloud_config="
infcloud_config="
InfCloud has its own config file, at $final_path/infcloud/config.js
"
else
infcloud_config=""
infcloud_config=""
fi
echo "Use the file /etc/radicale/config to change the main configuration of radicale.
The file /etc/radicale/logging to change the level of logging.
And the file /etc/radicale/rights to edit the way the calendars will be shared.
$infcloud_config
You can configure this app easily by using the experimental __URL_TAG1__config-panel feature__URL_TAG2__$admin_panel/config-panel__URL_TAG3__.

10
scripts/remove
View file

@ -37,15 +37,7 @@ fi
#=================================================
ynh_script_progression --message="Stopping and removing the systemd service..."
# Delete uwsgi configuration
if [ -h "/etc/uwsgi/apps-enabled/radicale.ini" ]; then
echo "Delete uwsgi config"
ynh_secure_remove --file="/etc/uwsgi/apps-enabled/radicale.ini"
fi
ynh_secure_remove --file="/etc/uwsgi/apps-available/radicale.ini"
ynh_systemd_action --action="restart" --service_name=uwsgi
ynh_remove_systemd_config
#=================================================
# REMOVE LOGROTATE CONFIGURATION

16
scripts/restore
View file

@ -118,8 +118,16 @@ ynh_restore_file --origin_path="/etc/$app/"
#=================================================
ynh_script_progression --message="Restoring the systemd configuration..."
ynh_restore_file --origin_path="/etc/uwsgi/apps-available/radicale.ini"
ln -s /etc/uwsgi/apps-available/radicale.ini /etc/uwsgi/apps-enabled/
# if ynh_compare_current_package_version --comparison le --version 1.1.6~ynh6
version=$(ynh_app_upstream_version)
if [ $version == 1.1.6 ]
then
ynh_restore_file --origin_path="/etc/uwsgi/apps-available/radicale.ini"
ln -s /etc/uwsgi/apps-available/radicale.ini /etc/uwsgi/apps-enabled/
else
ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
systemctl enable $app.service
fi
#=================================================
# RESTORE THE LOGROTATE CONFIGURATION
@ -137,14 +145,14 @@ ynh_restore_file --origin_path="/etc/logrotate.d/$app"
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..."
yunohost service add $app --log="/var/log/uwsgi/app/radicale.log"
yunohost service add $app --log="/var/log/$app"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..."
ynh_systemd_action --service_name=uwsgi --action=restart
ynh_systemd_action --service_name=$app --action="restart"
#=================================================
# GENERIC FINALIZATION

377
scripts/upgrade
View file

@ -21,12 +21,13 @@ path_url=$(ynh_app_setting_get --app=$app --key=path)
language=$(ynh_app_setting_get --app=$app --key=language)
admin=$(ynh_app_setting_get --app=$app --key=admin)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
port=$(ynh_app_setting_get --app=$app --key=port)
infcloud=$(ynh_app_setting_get --app=$app --key=infcloud)
version=$(ynh_app_setting_get --app=$app --key=version)
overwrite_logging=$(ynh_app_setting_get --app=$app --key=overwrite_logging)
overwrite_config=$(ynh_app_setting_get --app=$app --key=overwrite_config)
overwrite_infcloud=$(ynh_app_setting_get --app=$app --key=overwrite_infcloud)
overwrite_nginx=$(ynh_app_setting_get --app=$app --key=overwrite_nginx)
overwrite_systemd=$(ynh_app_setting_get --app=$app --key=overwrite_systemd)
overwrite_phpfpm=$(ynh_app_setting_get --app=$app --key=overwrite_phpfpm)
# Optional parameters from config-panel feature
@ -52,9 +53,9 @@ ynh_script_progression --message="Backing up the app before upgrading (may take
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
ynh_clean_check_starting
# Restore it if the upgrade fails
ynh_restore_upgradebackup
ynh_clean_check_starting
# Restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
@ -77,63 +78,112 @@ ynh_app_setting_delete --app=$app --key=unprotected_regex
if [ -d /usr/local/radicale ]
then
mkdir -p /opt/yunohost
mv /usr/local/radicale /opt/yunohost/
fi
if [ -z "$version" ]
then
# Retrieve the version number in the manifest file.
version=$(ynh_app_upstream_version)
ynh_app_setting_set --app=$app --key=version --value="$version"
mkdir -p /opt/yunohost
mv /usr/local/radicale /opt/yunohost/
fi
# Fix infcloud as a boolean
if [ "$infcloud" = "Yes" ]; then
ynh_app_setting_set --app=$app --key=infcloud --value=1
infcloud=1
ynh_app_setting_set --app=$app --key=infcloud --value=1
infcloud=1
elif [ "$infcloud" = "No" ]; then
ynh_app_setting_set --app=$app --key=infcloud --value=0
infcloud=0
fi
# If overwrite_logging doesn't exist, create it
if [ -z "$overwrite_logging" ]; then
overwrite_logging=1
ynh_app_setting_set --app=$app --key=overwrite_logging --value=$overwrite_logging
ynh_app_setting_set --app=$app --key=infcloud --value=0
infcloud=0
fi
# If overwrite_config doesn't exist, create it
if [ -z "$overwrite_config" ]; then
overwrite_config=1
ynh_app_setting_set --app=$app --key=overwrite_config --value=$overwrite_config
overwrite_config=1
ynh_app_setting_set --app=$app --key=overwrite_config --value=$overwrite_config
fi
# If overwrite_infcloud doesn't exist, create it
if [ -z "$overwrite_infcloud" ]; then
overwrite_infcloud=1
ynh_app_setting_set --app=$app --key=overwrite_infcloud --value=$overwrite_infcloud
overwrite_infcloud=1
ynh_app_setting_set --app=$app --key=overwrite_infcloud --value=$overwrite_infcloud
fi
# If overwrite_nginx doesn't exist, create it
if [ -z "$overwrite_nginx" ]; then
overwrite_nginx=1
ynh_app_setting_set --app=$app --key=overwrite_nginx --value=$overwrite_nginx
overwrite_nginx=1
ynh_app_setting_set --app=$app --key=overwrite_nginx --value=$overwrite_nginx
fi
# If overwrite_systemd doesn't exist, create it
if [ -z "$overwrite_systemd" ]; then
overwrite_systemd=1
ynh_app_setting_set --app=$app --key=overwrite_systemd --value=$overwrite_systemd
fi
# If overwrite_phpfpm doesn't exist, create it
if [ -z "$overwrite_phpfpm" ]; then
overwrite_phpfpm=1
ynh_app_setting_set --app=$app --key=overwrite_phpfpm --value=$overwrite_phpfpm
overwrite_phpfpm=1
ynh_app_setting_set --app=$app --key=overwrite_phpfpm --value=$overwrite_phpfpm
fi
# Cleaning legacy permissions
if ynh_legacy_permissions_exists; then
ynh_legacy_permissions_delete_all
ynh_legacy_permissions_delete_all
ynh_app_setting_delete --app=$app --key=is_public
ynh_app_setting_delete --app=$app --key=is_public
fi
# If path_url still contains infcloud, then radicale_path doesn't exist
if [[ "$path_url" =~ "/infcloud" ]]; then
path_url="${path_url%/*}"
ynh_app_setting_set --app=$app --key=path --value=$path_url
fi
# Migrate to v2
if ynh_compare_current_package_version --comparison le --version 1.1.6~ynh6
then
ynh_print_warn --message="Migration to radicale v2+..."
# Force nginx upgrade
overwrite_nginx=1
# Force systemd upgrade
overwrite_systemd=1
# Force config upgrade
overwrite_config=1
# Migrate collections to v2 format
# Init a new temporary virtualenv
virtualenv -p python3 /opt/yunohost/radicale_v1_temp
# Install a v1 version
/opt/yunohost/radicale_v1_temp/bin/pip install radicale==1.1.* python-ldap
# Force the migration of calendars
if ! ynh_exec_warn /opt/yunohost/radicale_v1_temp/bin/python3 -m radicale --export-storage "$final_path/collections_new"
then
# Clean up if it fails to prevent further failures
ynh_secure_remove --file="/opt/yunohost/radicale_v1_temp"
ynh_secure_remove --file="$final_path/collections_new"
fi
# Backup the old collection
mv "$final_path/collections" "$final_path/collections_v1"
# And replace by the new one
mv "$final_path/collections_new" "$final_path/collections"
# Find a free port
port=$(ynh_find_port --port=5232)
ynh_app_setting_set --app=$app --key=port --value=$port
## Cleanup...
ynh_secure_remove --file="$final_path/default_collections"
ynh_secure_remove --file="$final_path/collections.props"
# Remove the temporary virtualenv
ynh_secure_remove --file="/opt/yunohost/radicale_v1_temp"
# Remove uwsgi config
ynh_secure_remove --file="$final_path/radicale.wsgi"
ynh_secure_remove --file="/etc/uwsgi/apps-enabled/radicale.ini"
ynh_secure_remove --file="/etc/uwsgi/apps-available/radicale.ini"
ynh_systemd_action --service_name=uwsgi --action="restart"
# Set permissions
if [ $infcloud -eq 1 ]
then
ynh_permission_create --permission="infcloud" --url="${path_url%/}/infcloud" --allowed="$admin" --show_tile=true
fi
ynh_permission_update --permission="main" --add="visitors" --show_tile=false
fi
#=================================================
# CREATE DEDICATED USER
#=================================================
@ -148,31 +198,21 @@ ynh_system_user_create --username=$app --home_dir="$final_path"
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
ynh_script_progression --message="Upgrading source files..."
ynh_script_progression --message="Upgrading source files..."
# Copy files to the right place
mkdir -p $final_path/collections
# Copy files to the right place
cp ../conf/radicale.wsgi $final_path
# Copy extra files
cp -a ../sources/extra_files_radicale/. "$final_path"
if [ $infcloud -eq 1 ]
then
# Download and uncompress the source into final_path
ynh_setup_source --dest_dir="$final_path/infcloud" --keep="config.js"
fi
# Copy files to the right place
mkdir -p $final_path/collections
if [ $infcloud -eq 1 ]
then
# Download and uncompress the source into final_path
ynh_setup_source --dest_dir="$final_path/infcloud" --keep="config.js"
fi
fi
chmod 750 "$final_path"
chmod -R o-rwx "$final_path"
chmod 750 -R "$final_path"
chown -R $app:www-data "$final_path"
chmod 666 -R $final_path/default_collections
chmod 777 $final_path/default_collections $final_path/default_collections/USER
#=================================================
# NGINX CONFIGURATION
#=================================================
@ -180,16 +220,16 @@ chmod 777 $final_path/default_collections $final_path/default_collections/USER
# Overwrite the NGINX configuration only if it's allowed
if [ $overwrite_nginx -eq 1 ]
then
ynh_script_progression --message="Upgrading NGINX web server configuration..."
ynh_script_progression --message="Upgrading NGINX web server configuration..."
# Create a dedicated NGINX config
ynh_add_nginx_config
if [ $infcloud -eq 1 ]
then
# Add InfCloud in NGINX config
ynh_replace_string --match_string="#INFCLOUD#" --replace_string="" --target_file="/etc/nginx/conf.d/$domain.d/$app.conf"
fi
ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf"
# Create a dedicated NGINX config
ynh_add_nginx_config
if [ $infcloud -eq 1 ]
then
# Add InfCloud in NGINX config
ynh_replace_string --match_string="#INFCLOUD#" --replace_string="" --target_file="/etc/nginx/conf.d/$domain.d/$app.conf"
fi
ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf"
fi
#=================================================
@ -206,15 +246,15 @@ ynh_install_app_dependencies $pkg_dependencies
if [ $infcloud -eq 1 ]
then
# Overwrite the php-fpm configuration only if it's allowed
if [ $overwrite_phpfpm -eq 1 ]
then
ynh_script_progression --message="Upgrading PHP-FPM configuration..."
# Overwrite the php-fpm configuration only if it's allowed
if [ $overwrite_phpfpm -eq 1 ]
then
ynh_script_progression --message="Upgrading PHP-FPM configuration..."
# Create a dedicated PHP-FPM config
ynh_add_fpm_config
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
fi
# Create a dedicated PHP-FPM config
ynh_add_fpm_config
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
fi
fi
#=================================================
@ -225,18 +265,28 @@ fi
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
ynh_script_progression --message="Upgrade Radicale in its virtualenv"
# Upgrade pip packages
ynh_secure_remove --file="/opt/yunohost/$app"
virtualenv /opt/yunohost/$app
version=$(ynh_app_setting_get $app version $version)
bash -c "source /opt/yunohost/radicale/bin/activate && pip install radicale==$version python-ldap"
ynh_script_progression --message="Upgrade Radicale in its virtualenv"
# Upgrade pip packages
ynh_secure_remove --file="/opt/yunohost/$app"
virtualenv -p python3 /opt/yunohost/$app
version=$(ynh_app_upstream_version)
ynh_app_setting_set --app=$app --key=version --value="$version"
/opt/yunohost/$app/bin/python3 -m pip install radicale==$version passlib bcrypt
# regex.py file is patched to fix the awful commit e807c3d35bea9cfcfcacac83b1b17d748ea15a39 that stop the reading of "rights" file after the first match.
mv "$final_path/regex.py" /opt/yunohost/$app/lib/python*/site-packages/radicale/rights/regex.py
# Add LDAP plugin
# (cd /opt/yunohost/$app
# set +u; source bin/activate
# # git clone https://github.com/marcoh00/radicale-auth-ldap
# git clone https://github.com/cloudron-io/radicale-auth-ldap
# cd radicale-auth-ldap
# python3 -m pip install .)
# Use htpasswd instead of ldap
touch /etc/radicale/users
fi
chown radicale: -R /opt/yunohost/$app
find /opt/yunohost/$app/ -type d -exec chmod 2755 {} \;
find /opt/yunohost/$app/ -type f -exec chmod g+r,o+r {} \;
@ -245,16 +295,10 @@ find /opt/yunohost/$app/ -type f -exec chmod g+r,o+r {} \;
#=================================================
ynh_script_progression --message="Reconfigure Radicale"
# Overwrite the logging config file only if it's allowed
if [ $overwrite_logging -eq 1 ]
then
ynh_add_config --template="../conf/logging" --destination="/etc/$app/logging"
fi
# Overwrite the config file only if it's allowed
if [ $overwrite_config -eq 1 ]
then
ynh_add_config --template="../conf/config" --destination="/etc/$app/config"
ynh_add_config --template="../conf/config" --destination="/etc/$app/config"
fi
chmod 755 /etc/$app/
@ -263,86 +307,72 @@ chmod 644 /etc/$app/*
# Overwrite the InfCloud config file only if it's allowed
if [ $infcloud -eq 1 ]
then
if [ $overwrite_infcloud -eq 1 ]
then
# InfCloud configuration
# Set language
case "$language" in
"Czech") language="cs_CZ"
;;
"Danish") language="da_DK"
;;
"German") language="de_DE"
;;
"English/US") language="en_US"
;;
"Spanish") language="es_ES"
;;
"French") language="fr_FR"
;;
"Italian") language="it_IT"
;;
"Japan") language="ja_JP"
;;
"Hungarian") language="hu_HU"
;;
"Dutch") language="nl_NL"
;;
"Slovak") language="sk_SK"
;;
"Turkish") language="tr_TR"
;;
"Russian") language="ru_RU"
;;
"Ukrainian") language="uk_UA"
;;
"Chinese") language="zh_CN"
;;
esac
ynh_app_setting_set --app=$app --key=language --value=$language
timezone=$(cat /etc/timezone)
ynh_add_config --template="../conf/config.js" --destination="$final_path/infcloud/config.js"
if [ $overwrite_infcloud -eq 1 ]
then
# InfCloud configuration
# Set language
case "$language" in
"Czech") language="cs_CZ"
;;
"Danish") language="da_DK"
;;
"German") language="de_DE"
;;
"English/US") language="en_US"
;;
"Spanish") language="es_ES"
;;
"French") language="fr_FR"
;;
"Italian") language="it_IT"
;;
"Japan") language="ja_JP"
;;
"Hungarian") language="hu_HU"
;;
"Dutch") language="nl_NL"
;;
"Slovak") language="sk_SK"
;;
"Turkish") language="tr_TR"
;;
"Russian") language="ru_RU"
;;
"Ukrainian") language="uk_UA"
;;
"Chinese") language="zh_CN"
;;
esac
ynh_app_setting_set --app=$app --key=language --value=$language
timezone=$(cat /etc/timezone)
ynh_add_config --template="../conf/config.js" --destination="$final_path/infcloud/config.js"
# Optional parameters from config-panel feature
if [ -n "$firstdayofweek" ]; then
ynh_replace_string --match_string="\(^var globalDatepickerFirstDayOfWeek=\).*" --replace_string="\1$firstdayofweek;" --target_file="$final_path/infcloud/config.js"
fi
if [ -n "$activeview" ]; then
ynh_replace_string --match_string="\(^var globalActiveView=\).*" --replace_string="\1\'$activeview\';" --target_file="$final_path/infcloud/config.js"
fi
if [ -n "$openformmode" ]; then
ynh_replace_string --match_string="\(^var globalOpenFormMode=\).*" --replace_string="\1\'$openformmode\';" --target_file="$final_path/infcloud/config.js"
fi
if [ -n "$startofbusiness" ]; then
ynh_replace_string --match_string="\(^var globalCalendarStartOfBusiness=\).*" --replace_string="\1$startofbusiness;" --target_file="$final_path/infcloud/config.js"
fi
if [ -n "$endofbusiness" ]; then
ynh_replace_string --match_string="\(^var globalCalendarEndOfBusiness=\).*" --replace_string="\1$endofbusiness;" --target_file="$final_path/infcloud/config.js"
fi
if [ -n "$defaulteventduration" ]; then
ynh_replace_string --match_string="\(^var globalDefaultEventDuration=\).*" --replace_string="\1$defaulteventduration;" --target_file="$final_path/infcloud/config.js"
fi
# Recalculate and store the checksum of the file for the next upgrade.
ynh_store_file_checksum --file="$final_path/infcloud/config.js"
chmod 440 "$final_path/infcloud/config.js"
chown $app:www-data "$final_path/infcloud/config.js"
fi
# Optional parameters from config-panel feature
if [ -n "$firstdayofweek" ]; then
ynh_replace_string --match_string="\(^var globalDatepickerFirstDayOfWeek=\).*" --replace_string="\1$firstdayofweek;" --target_file="$final_path/infcloud/config.js"
fi
if [ -n "$activeview" ]; then
ynh_replace_string --match_string="\(^var globalActiveView=\).*" --replace_string="\1\'$activeview\';" --target_file="$final_path/infcloud/config.js"
fi
if [ -n "$openformmode" ]; then
ynh_replace_string --match_string="\(^var globalOpenFormMode=\).*" --replace_string="\1\'$openformmode\';" --target_file="$final_path/infcloud/config.js"
fi
if [ -n "$startofbusiness" ]; then
ynh_replace_string --match_string="\(^var globalCalendarStartOfBusiness=\).*" --replace_string="\1$startofbusiness;" --target_file="$final_path/infcloud/config.js"
fi
if [ -n "$endofbusiness" ]; then
ynh_replace_string --match_string="\(^var globalCalendarEndOfBusiness=\).*" --replace_string="\1$endofbusiness;" --target_file="$final_path/infcloud/config.js"
fi
if [ -n "$defaulteventduration" ]; then
ynh_replace_string --match_string="\(^var globalDefaultEventDuration=\).*" --replace_string="\1$defaulteventduration;" --target_file="$final_path/infcloud/config.js"
fi
# Recalculate and store the checksum of the file for the next upgrade.
ynh_store_file_checksum --file="$final_path/infcloud/config.js"
chmod 440 "$final_path/infcloud/config.js"
chown $app:www-data "$final_path/infcloud/config.js"
fi
fi
#=================================================
# CONFIGURE UWSGI FOR RADICALE
#=================================================
cp ../conf/radicale.ini /etc/uwsgi/apps-available/
#=================================================
# PREPARE THE HOOKS
#=================================================
# Modify the hooks for create user collections and to remove them.
ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="../hooks/post_user_create"
ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="../hooks/post_user_delete"
#=================================================
# GENERIC FINALIZATION
#=================================================
@ -357,19 +387,33 @@ chown radicale -R /var/log/$app
# Use logrotate to manage app-specific logfile(s)
ynh_use_logrotate --non-append
#=================================================
# SETUP SYSTEMD
#=================================================
ynh_script_progression --message="Upgrading systemd configuration..." --weight=2
# Overwrite the systemd configuration only if it's allowed
if [ $overwrite_systemd -eq 1 ]
then
ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../conf/systemd.service"
ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="../conf/systemd.service"
ynh_add_systemd_config
fi
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..."
yunohost service add $app --log="/var/log/uwsgi/app/radicale.log"
yunohost service add $app --log="/var/log/$app"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..."
ynh_systemd_action --service_name=uwsgi --action="restart"
# ynh_systemd_action --service_name=uwsgi --action="restart"
ynh_systemd_action --service_name=$app --action="restart"
#=================================================
# RELOAD NGINX
@ -397,15 +441,14 @@ ynh_app_changelog || true
if [ $infcloud -eq 1 ]
then
infcloud_config="
infcloud_config="
InfCloud has its own config file, at $final_path/infcloud/config.js
"
else
infcloud_config=""
infcloud_config=""
fi
echo "Use the file /etc/radicale/config to change the main configuration of radicale.
The file /etc/radicale/logging to change the level of logging.
And the file /etc/radicale/rights to edit the way the calendars will be shared.
$infcloud_config
You can configure this app easily by using the experimental __URL_TAG1__config-panel feature__URL_TAG2__$admin_panel/config-panel__URL_TAG3__.

1
sources/extra_files_radicale/default_collections/USER.props
View file

@ -1 +0,0 @@
{"ICAL:calendar-color": "#3353fe", "tag": "VCALENDAR"}

4
sources/extra_files_radicale/default_collections/USER/calendar.ics
View file

@ -1,4 +0,0 @@
BEGIN:VCALENDAR
PRODID:-//Radicale//NONSGML Radicale Server//EN
VERSION:2.0
END:VCALENDAR

1
sources/extra_files_radicale/default_collections/USER/calendar.ics.props
View file

@ -1 +0,0 @@
{"ICAL:calendar-color": "#b5036d", "tag": "VCALENDAR"}

0
sources/extra_files_radicale/default_collections/USER/contacts.vcf
View file

1
sources/extra_files_radicale/default_collections/USER/contacts.vcf.props
View file

@ -1 +0,0 @@
{"tag": "VADDRESSBOOK"}

134
sources/extra_files_radicale/regex.py
View file

@ -1,134 +0,0 @@
# -*- coding: utf-8 -*-
#
# This file is part of Radicale Server - Calendar Server
# Copyright © 2008 Nicolas Kandel
# Copyright © 2008 Pascal Halter
# Copyright © 2008-2013 Guillaume Ayoub
#
# This library is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This library is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Radicale. If not, see <http://www.gnu.org/licenses/>.
"""
Rights management.
Rights are based on a regex-based file whose name is specified in the config
(section "right", key "file").
Authentication login is matched against the "user" key, and collection's path
is matched against the "collection" key. You can use Python's ConfigParser
interpolation values %(login)s and %(path)s. You can also get groups from the
user regex in the collection with {0}, {1}, etc.
For example, for the "user" key, ".+" means "authenticated user" and ".*"
means "anybody" (including anonymous users).
Section names are only used for naming the rule.
Leading or ending slashes are trimmed from collection's path.
"""
import re
import sys
import os.path
from .. import config, log
# Manage Python2/3 different modules
if sys.version_info[0] == 2:
from ConfigParser import ConfigParser
from StringIO import StringIO
else:
from configparser import ConfigParser
from io import StringIO
DEFINED_RIGHTS = {
"authenticated": """
[rw]
user:.+
collection:.*
permission:rw
""",
"owner_write": """
[w]
user:.+
collection:^%(login)s(/.*)?$
permission:rw
[r]
user:.+
collection:.*
permission:r
""",
"owner_only": """
[rw]
user:.+
collection:^%(login)s(/.*)?$
permission:rw
"""}
def _read_from_sections(user, collection_url, permission):
"""Get regex sections."""
filename = os.path.expanduser(config.get("rights", "file"))
rights_type = config.get("rights", "type").lower()
# Prevent "regex injection"
user_escaped = re.escape(user)
collection_url_escaped = re.escape(collection_url)
regex = ConfigParser({"login": user_escaped, "path": collection_url_escaped})
if rights_type in DEFINED_RIGHTS:
log.LOGGER.debug("Rights type '%s'" % rights_type)
regex.readfp(StringIO(DEFINED_RIGHTS[rights_type]))
elif rights_type == "from_file":
log.LOGGER.debug("Reading rights from file %s" % filename)
if not regex.read(filename):
log.LOGGER.error("File '%s' not found for rights" % filename)
return False
else:
log.LOGGER.error("Unknown rights type '%s'" % rights_type)
return False
for section in regex.sections():
re_user = regex.get(section, "user")
re_collection = regex.get(section, "collection")
log.LOGGER.debug(
"Test if '%s:%s' matches against '%s:%s' from section '%s'" % (
user, collection_url, re_user, re_collection, section))
user_match = re.match(re_user, user)
if user_match:
re_collection = re_collection.format(*user_match.groups())
if re.match(re_collection, collection_url):
log.LOGGER.debug("Section '%s' matches" % section)
# Correction du commit https://github.com/Kozea/Radicale/commit/e807c3d35bea9cfcfcacac83b1b17d748ea15a39
# Ce commit force l'arrêt de l'analyse du fichier rights à la première règle valide.
if permission in regex.get(section, "permission"):
return True
# return permission in regex.get(section, "permission")
else:
log.LOGGER.debug("Section '%s' does not match" % section)
return False
def authorized(user, collection, permission):
"""Check if the user is allowed to read or write the collection.
If the user is empty, check for anonymous rights.
"""
collection_url = collection.url.rstrip("/") or "/"
if collection_url in (".well-known/carddav", ".well-known/caldav"):
return permission == "r"
rights_type = config.get("rights", "type").lower()
return (
rights_type == "none" or
_read_from_sections(user or "", collection_url, permission))