#!/bin/bash #================================================= # GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= source _common.sh source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= ynh_script_progression --message="Loading installation settings..." --weight=2 app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) language=$(ynh_app_setting_get --app=$app --key=language) db_name=$(ynh_app_setting_get --app=$app --key=db_name) #================================================= # CHECK VERSION #================================================= upgrade_type=$(ynh_check_app_version_changed) #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= ynh_script_progression --message="Backing up Rainloop before upgrading (may take a while)..." --weight=4 # Backup the current version of the app ynh_backup_before_upgrade ynh_clean_setup () { # restore it if the upgrade fails ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 # If db_name doesn't exist, create it if [ -z "$db_name" ]; then db_name=$(ynh_sanitize_dbid --db_name=$app) ynh_app_setting_set --app=$app --key=db_name --value=$db_name fi # If final_path doesn't exist, create it if [ -z "$final_path" ]; then final_path=/var/www/$app ynh_app_setting_set --app=$app --key=final_path --value=$final_path fi # If language doesn't exist, create it if [ -z "$language" ]; then language="en" ynh_app_setting_set --app=$app --key=language --value=$language ynh_app_setting_delete --app=$app --key=$lang fi case "$language" in Francais) language="fr" ynh_app_setting_set --app=$app --key=language --value=$language ;; English) language="en" ynh_app_setting_set --app=$app --key=language --value=$language ;; *) ;; esac # Cleaning legacy permissions if ynh_legacy_permissions_exists; then ynh_legacy_permissions_delete_all ynh_app_setting_delete --app=$app --key=is_public fi #================================================= # CREATE DEDICATED USER #================================================= ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 # Create a dedicated user (if not existing) ynh_system_user_create --username=$app --home_dir="$final_path" #================================================= # STANDARD UPGRADE STEPS #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= if [ "$upgrade_type" == "UPGRADE_APP" ] then ynh_script_progression --message="Upgrading source files..." --weight=8 # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path/app" # Deploy CVE-2022-29360 patch version=$(ynh_app_upstream_version) # FIXME because we need to apply the patch manually with --binary flag # while we should be able to simply use the patching feature of ynh_setup_source ynh_add_config --template="../sources/patches/app-CVE-2022-29360.patch.template" --destination="../sources/patches/FIXMEapp-CVE-2022-29360.patch" patch --binary $final_path/app/rainloop/v/$version/app/libraries/MailSo/Base/HtmlUtils.php <../sources/patches/FIXMEapp-CVE-2022-29360.patch fi #================================================= # NGINX CONFIGURATION #================================================= ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=2 # Create a dedicated NGINX config ynh_add_nginx_config #================================================= # UPGRADE DEPENDENCIES #================================================= ynh_script_progression --message="Upgrading dependencies..." --weight=1 ynh_install_app_dependencies $pkg_dependencies #================================================= # PHP-FPM CONFIGURATION #================================================= ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=2 # Create a dedicated PHP-FPM config ynh_add_fpm_config #================================================= # SPECIFIC UPGRADE #================================================= # UPDATE SSO AND PGP #================================================= ynh_script_progression --message="Upgrading Rainloop configuration..." --weight=2 # Upgrade time_offset value for fail2ban # FIXME Temporary fix for rainloop, waiting for https://github.com/YunoHost/yunohost/pull/752 to be released. # ynh_replace_string --match_string="^time_offset = .*" --replace_string="time_offset = $(date +%:::z)" --target_file="$final_path/app/data/_data_/_default_/configs/application.ini" timezone="$(date +%:::z)" ynh_replace_string --match_string="^time_offset = .*" --replace_string="time_offset = ${timezone//-/\\-}" --target_file="$final_path/app/data/_data_/_default_/configs/application.ini" # update SSO ynh_add_config --template="../sources/sso/sso.php" --destination="$final_path/index.php" # Install PGPback by chtixof to allow users to backup/restore their PGP private keys on the server cp -rf ../sources/pgpback "$final_path/" #================================================= # SETUP LOGROTATE #================================================= ynh_script_progression --message="Upgrading logrotate configuration..." --weight=2 mkdir -p $final_path/app/data/_data_/_default_/logs/fail2ban touch $final_path/app/data/_data_/_default_/logs/fail2ban/auth-fail.log # Use logrotate to manage app-specific logfile(s) ynh_use_logrotate --logfile=$final_path/app/data/_data_/_default_/logs/fail2ban/auth-fail.log --non-append #================================================= # GENERIC FINALIZATION #================================================= # SECURE FILES AND DIRECTORIES #================================================= # Set permissions on app files chmod -R o-rwx $final_path chown -R $app:www-data $final_path find $final_path/. -type d -exec chmod 755 {} \; find $final_path/. -type f -exec chmod 644 {} \; #================================================= # UPGRADE FAIL2BAN #================================================= ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=9 # Create a dedicated Fail2Ban config ynh_add_fail2ban_config --logpath="$final_path/app/data/_data_/_default_/logs/fail2ban/auth-fail.log" --failregex="Auth failed: ip=.*$" #================================================= # RELOAD NGINX #================================================= ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT #================================================= ynh_script_progression --message="Upgrade of $app completed" --last