mirror of
https://github.com/YunoHost-Apps/rainloop_ynh.git
synced 2024-09-03 20:16:18 +02:00
215 lines
7.9 KiB
Bash
215 lines
7.9 KiB
Bash
#!/bin/bash
|
|
|
|
#=================================================
|
|
# GENERIC START
|
|
#=================================================
|
|
# IMPORT GENERIC HELPERS
|
|
#=================================================
|
|
|
|
source _common.sh
|
|
source /usr/share/yunohost/helpers
|
|
|
|
#=================================================
|
|
# LOAD SETTINGS
|
|
#=================================================
|
|
ynh_script_progression --message="Loading installation settings..." --weight=2
|
|
|
|
app=$YNH_APP_INSTANCE_NAME
|
|
|
|
domain=$(ynh_app_setting_get --app=$app --key=domain)
|
|
path_url=$(ynh_app_setting_get --app=$app --key=path)
|
|
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
|
|
language=$(ynh_app_setting_get --app=$app --key=language)
|
|
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
|
|
|
|
#=================================================
|
|
# CHECK VERSION
|
|
#=================================================
|
|
|
|
upgrade_type=$(ynh_check_app_version_changed)
|
|
|
|
#=================================================
|
|
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
|
|
#=================================================
|
|
ynh_script_progression --message="Backing up Rainloop before upgrading (may take a while)..." --weight=4
|
|
|
|
# Backup the current version of the app
|
|
ynh_backup_before_upgrade
|
|
ynh_clean_setup () {
|
|
# restore it if the upgrade fails
|
|
ynh_restore_upgradebackup
|
|
}
|
|
# Exit if an error occurs during the execution of the script
|
|
ynh_abort_if_errors
|
|
|
|
#=================================================
|
|
# ENSURE DOWNWARD COMPATIBILITY
|
|
#=================================================
|
|
ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
|
|
|
|
# If db_name doesn't exist, create it
|
|
if [ -z "$db_name" ]; then
|
|
db_name=$(ynh_sanitize_dbid --db_name=$app)
|
|
ynh_app_setting_set --app=$app --key=db_name --value=$db_name
|
|
fi
|
|
|
|
# If final_path doesn't exist, create it
|
|
if [ -z "$final_path" ]; then
|
|
final_path=/var/www/$app
|
|
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
|
|
fi
|
|
|
|
# If language doesn't exist, create it
|
|
if [ -z "$language" ]; then
|
|
language="en"
|
|
ynh_app_setting_set --app=$app --key=language --value=$language
|
|
fi
|
|
|
|
case "$language" in
|
|
Francais)
|
|
language="fr"
|
|
ynh_app_setting_set --app=$app --key=language --value=$language
|
|
;;
|
|
English)
|
|
language="en"
|
|
ynh_app_setting_set --app=$app --key=language --value=$language
|
|
;;
|
|
*)
|
|
;;
|
|
esac
|
|
|
|
# Delete legacy lang setting
|
|
if [ -n "$(ynh_app_setting_get --app=$app --key=lang)" ]; then
|
|
ynh_app_setting_delete --app=$app --key=lang
|
|
fi
|
|
|
|
# Cleaning legacy permissions
|
|
if ynh_legacy_permissions_exists; then
|
|
ynh_legacy_permissions_delete_all
|
|
|
|
ynh_app_setting_delete --app=$app --key=is_public
|
|
fi
|
|
|
|
#=================================================
|
|
# CREATE DEDICATED USER
|
|
#=================================================
|
|
ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1
|
|
|
|
# Create a dedicated user (if not existing)
|
|
ynh_system_user_create --username=$app --home_dir="$final_path"
|
|
|
|
#=================================================
|
|
# STANDARD UPGRADE STEPS
|
|
#=================================================
|
|
# DOWNLOAD, CHECK AND UNPACK SOURCE
|
|
#=================================================
|
|
|
|
if [ "$upgrade_type" == "UPGRADE_APP" ]
|
|
then
|
|
ynh_script_progression --message="Upgrading source files..." --weight=8
|
|
|
|
# Download, check integrity, uncompress and patch the source from app.src
|
|
ynh_setup_source --dest_dir="$final_path/app"
|
|
fi
|
|
|
|
ynh_script_progression --message="Patching CVE-2022-29360 code vulnerability..." --weight=1
|
|
ynh_print_warn --message="You should stop using Rainloop, its upstream code is not maintained anymore"
|
|
# Deploy CVE-2022-29360 patch
|
|
version=$(ynh_app_upstream_version)
|
|
# FIXME because we need to apply the patch manually with --binary flag
|
|
# while we should be able to simply use the patching feature of ynh_setup_source
|
|
ynh_add_config --template="../sources/patches/app-CVE-2022-29360.patch.template" --destination="../sources/patches/FIXMEapp-CVE-2022-29360.patch"
|
|
patched="$(patch --silent --binary --forward $final_path/app/rainloop/v/$version/app/libraries/MailSo/Base/HtmlUtils.php <../sources/patches/FIXMEapp-CVE-2022-29360.patch)" || echo "${patched}" | grep "Reversed (or previously applied) patch detected! Skipping patch." -q || (echo "$patched" && false);
|
|
|
|
#=================================================
|
|
# NGINX CONFIGURATION
|
|
#=================================================
|
|
ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=2
|
|
|
|
# Create a dedicated NGINX config
|
|
ynh_add_nginx_config
|
|
|
|
#=================================================
|
|
# UPGRADE DEPENDENCIES
|
|
#=================================================
|
|
ynh_script_progression --message="Upgrading dependencies..." --weight=1
|
|
|
|
ynh_install_app_dependencies $pkg_dependencies
|
|
|
|
#=================================================
|
|
# PHP-FPM CONFIGURATION
|
|
#=================================================
|
|
ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=2
|
|
|
|
# Create a dedicated PHP-FPM config
|
|
ynh_add_fpm_config
|
|
|
|
#=================================================
|
|
# SPECIFIC UPGRADE
|
|
#=================================================
|
|
# UPDATE SSO AND PGP
|
|
#=================================================
|
|
ynh_script_progression --message="Upgrading Rainloop configuration..." --weight=2
|
|
|
|
# Upgrade time_offset value for fail2ban
|
|
# FIXME Temporary fix for rainloop, waiting for https://github.com/YunoHost/yunohost/pull/752 to be released.
|
|
# ynh_replace_string --match_string="^time_offset = .*" --replace_string="time_offset = $(date +%:::z)" --target_file="$final_path/app/data/_data_/_default_/configs/application.ini"
|
|
timezone="$(date +%:::z)"
|
|
ynh_replace_string --match_string="^time_offset = .*" --replace_string="time_offset = ${timezone//-/\\-}" --target_file="$final_path/app/data/_data_/_default_/configs/application.ini"
|
|
|
|
# update SSO
|
|
ynh_add_config --template="../sources/sso/sso.php" --destination="$final_path/index.php"
|
|
|
|
# Install PGPback by chtixof to allow users to backup/restore their PGP private keys on the server
|
|
cp -rf ../sources/pgpback "$final_path/"
|
|
|
|
#=================================================
|
|
# SETUP LOGROTATE
|
|
#=================================================
|
|
ynh_script_progression --message="Upgrading logrotate configuration..." --weight=2
|
|
|
|
mkdir -p $final_path/app/data/_data_/_default_/logs/fail2ban
|
|
touch $final_path/app/data/_data_/_default_/logs/fail2ban/auth-fail.log
|
|
|
|
# Use logrotate to manage app-specific logfile(s)
|
|
ynh_use_logrotate --logfile=$final_path/app/data/_data_/_default_/logs/fail2ban/auth-fail.log --non-append
|
|
|
|
#=================================================
|
|
# GENERIC FINALIZATION
|
|
#=================================================
|
|
# SECURE FILES AND DIRECTORIES
|
|
#=================================================
|
|
|
|
# Set permissions on app files
|
|
chmod -R o-rwx $final_path
|
|
chown -R $app:www-data $final_path
|
|
find $final_path/. -type d -exec chmod 755 {} \;
|
|
find $final_path/. -type f -exec chmod 644 {} \;
|
|
|
|
#=================================================
|
|
# UPGRADE FAIL2BAN
|
|
#=================================================
|
|
ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=9
|
|
|
|
# Create a dedicated Fail2Ban config
|
|
ynh_add_fail2ban_config --logpath="$final_path/app/data/_data_/_default_/logs/fail2ban/auth-fail.log" --failregex="Auth failed: ip=<HOST>.*$"
|
|
|
|
#=================================================
|
|
# RELOAD NGINX
|
|
#=================================================
|
|
ynh_script_progression --message="Reloading NGINX web server..."
|
|
|
|
ynh_systemd_action --service_name=nginx --action=reload
|
|
|
|
#=================================================
|
|
# SEND README TO ADMIN
|
|
#=================================================
|
|
ynh_script_progression --message="Sending ReadMe to admin..."
|
|
|
|
ynh_send_readme_to_admin --app_message="../conf/email" --recipients="root" --type="warning"
|
|
|
|
#=================================================
|
|
# END OF SCRIPT
|
|
#=================================================
|
|
|
|
ynh_script_progression --message="Upgrade of $app completed" --last
|