Merge pull request #73 from YunoHost-Apps/7.1

Upgrade to 7.1 and implement new group-permissions
2024-09-03 20:26:01 +02:00 · 2021-04-26 15:43:11 +02:00 · 2021-04-26 15:43:11 +02:00 · 4bb923fe1f
commit 4bb923fe1f
parent b0d07fba2f 2ab322b564
28 changed files with 369 additions and 243 deletions
--- a/README.md
+++ b/README.md
@ -14,7 +14,7 @@ Seafile is an open Source Cloud Storage application.

 It's a Enterprise file sync and share platform with high reliability and performance. It's a file hosting platform with high reliability and performance. Put files on your own server. Sync and share files across different devices, or access all the files as a virtual disk.

-**Shipped version:** 7.0.4
+**Shipped version:** 7.1.5

 Screenshots
 -----------
@ -88,6 +88,14 @@ From command line:

 ### Upgrade

+By default a backup is made before the upgrade. To avoid this you have theses following possibilites:
+- Pass the `NO_BACKUP_UPGRADE` env variable with `1` at each upgrade. By example `NO_BACKUP_UPGRADE=1 yunohost app upgrade synapse`.
+- Set the settings `disable_backup_before_upgrade` to `1`. You can set this with this command:
+
+`yunohost app setting synapse disable_backup_before_upgrade -v 1`
+
+After this settings will be applied for **all** next upgrade.
+
 From command line:

 `yunohost app upgrade seafile`
--- a/16
+++ b/16
@ -19,7 +19,7 @@
 		    upgrade=1
            upgrade=1    from_commit=db11d890922564dfdcb7937a3a682957082fbb31
            upgrade=1    from_commit=67e0869de25f4f58710c3d30d5533356745ea676
-            upgrade=1    from_commit=637a32aa57bc2dc6421e0e79d52862f0924be1cf
+            upgrade=1    from_commit=6786d9f65e60b2d2a96b9ea4c43897dde3a66199
 		    backup_restore=1
 		    multi_instance=0
 		    wrong_user=1
@ -30,23 +30,11 @@
 		    port_already_use=1	(8000)
 		    final_path_already_use=1
 		    change_url=1
-;;; Levels
-    Level 1=auto
-  	Level 2=auto
-  	Level 3=auto
-  	# https://github.com/YunoHost-Apps/seafile_ynh/issues/1
-  	Level 4=1
-  	Level 5=auto
-  	Level 6=auto
-  	Level 7=auto
-  	Level 8=0
-  	Level 9=0
-  	Level 10=0

 ;;; Upgrade options
    ; commit=db11d890922564dfdcb7937a3a682957082fbb31
        name=Version 6.3.4 - branch Old_version_for_CI_3
 	; commit=67e0869de25f4f58710c3d30d5533356745ea676
 		name=Before move main dir to opt - branch Old_version_for_CI_2
-	; commit=637a32aa57bc2dc6421e0e79d52862f0924be1cf
+	; commit=6786d9f65e60b2d2a96b9ea4c43897dde3a66199
 		name=The oldest installable version - branch Old_version_for_CI
--- a/conf/add_sso_conf.py
+++ b/conf/add_sso_conf.py
@ -1,12 +0,0 @@
-import json
-
-with open("/etc/ssowat/conf.json.persistent", "r", encoding='utf-8') as jsonFile:
-    data = json.load(jsonFile)
-    if "skipped_urls" in data:
-        data["skipped_urls"].append("/seafhttp")
-    else:
-        data["skipped_urls"] = ["/seafhttp"]
-    data["skipped_urls"].append("/seafdav")
-
-with open("/etc/ssowat/conf.json.persistent", "w", encoding='utf-8') as jsonFile:
-    jsonFile.write(json.dumps(data, indent=4, sort_keys=True))
--- a/conf/add_sso_conf_webdav.py
+++ b/conf/add_sso_conf_webdav.py
@ -1,8 +0,0 @@
-import json
-
-with open("/etc/ssowat/conf.json.persistent", "r", encoding='utf-8') as jsonFile:
-    data = json.load(jsonFile)
-    data["skipped_urls"].append("/seafdav")
-
-with open("/etc/ssowat/conf.json.persistent", "w", encoding='utf-8') as jsonFile:
-    jsonFile.write(json.dumps(data, indent=4, sort_keys=True))
--- a/conf/arm.src
+++ b/conf/arm.src
@ -1,5 +1,5 @@
-SOURCE_URL=https://github.com/haiwen/seafile-rpi/releases/download/v7.0.5/seafile-server_7.0.5_stable_pi.tar.gz
-SOURCE_SUM=dae9ab5d232a2b56f129aa29e7e54d2de05d838f0479955543cebcb14c9417db
+SOURCE_URL=https://github.com/haiwen/seafile-rpi/releases/download/v7.1.5/seafile-server-7.1.5-buster-armv7.tar.gz
+SOURCE_SUM=4baec21c1acaec6f50c7a1b229a728417d8fbf87fe3be98f128bc9d2ad399681
 # (Optional) Program to check the integrity (sha256sum, md5sum...)
 # default: sha256
 SOURCE_SUM_PRG=sha256sum
--- a/conf/arm64.src
+++ b/conf/arm64.src
@ -0,0 +1,11 @@
+SOURCE_URL=https://github.com/haiwen/seafile-rpi/releases/download/v7.1.5/seafile-server-7.1.5-buster-armv7.tar.gz
+SOURCE_SUM=4baec21c1acaec6f50c7a1b229a728417d8fbf87fe3be98f128bc9d2ad399681
+# (Optional) Program to check the integrity (sha256sum, md5sum...)
+# default: sha256
+SOURCE_SUM_PRG=sha256sum
+# (Optional) Archive format
+# default: tar.gz
+SOURCE_FORMAT=tar.gz
+# (Optional) Put false if sources are directly in the archive root
+# default: true
+SOURCE_IN_SUBDIR=true
--- a/conf/arm64_7_0.src
+++ b/conf/arm64_7_0.src
@ -0,0 +1,11 @@
+SOURCE_URL=https://github.com/haiwen/seafile-rpi/releases/download/v7.0.5/seafile-server_7.0.5_stable_pi.tar.gz
+SOURCE_SUM=dae9ab5d232a2b56f129aa29e7e54d2de05d838f0479955543cebcb14c9417db
+# (Optional) Program to check the integrity (sha256sum, md5sum...)
+# default: sha256
+SOURCE_SUM_PRG=sha256sum
+# (Optional) Archive format
+# default: tar.gz
+SOURCE_FORMAT=tar.gz
+# (Optional) Put false if sources are directly in the archive root
+# default: true
+SOURCE_IN_SUBDIR=true
--- a/conf/arm_7_0.src
+++ b/conf/arm_7_0.src
@ -0,0 +1,11 @@
+SOURCE_URL=https://github.com/haiwen/seafile-rpi/releases/download/v7.0.5/seafile-server_7.0.5_stable_pi.tar.gz
+SOURCE_SUM=dae9ab5d232a2b56f129aa29e7e54d2de05d838f0479955543cebcb14c9417db
+# (Optional) Program to check the integrity (sha256sum, md5sum...)
+# default: sha256
+SOURCE_SUM_PRG=sha256sum
+# (Optional) Archive format
+# default: tar.gz
+SOURCE_FORMAT=tar.gz
+# (Optional) Put false if sources are directly in the archive root
+# default: true
+SOURCE_IN_SUBDIR=true
--- a/conf/create_admin.json
+++ b/conf/create_admin.json
@ -0,0 +1 @@
+{"email": "__ADMIN__", "password": "__PASSWORD__"}
--- a/conf/remove_sso_conf.py
+++ b/conf/remove_sso_conf.py
@ -1,9 +0,0 @@
-import json
-
-with open("/etc/ssowat/conf.json.persistent", "r", encoding='utf-8') as jsonFile:
-    data = json.load(jsonFile)
-    data["skipped_urls"].remove("/seafhttp")
-    data["skipped_urls"].remove("/seafdav")
-
-with open("/etc/ssowat/conf.json.persistent", "w", encoding='utf-8') as jsonFile:
-    jsonFile.write(json.dumps(data, indent=4, sort_keys=True))
--- a/conf/update_sso_conf.py
+++ b/conf/update_sso_conf.py
@ -1,14 +0,0 @@
-import json
-
-with open("/etc/ssowat/conf.json.persistent", "r", encoding='utf-8') as jsonFile:
-    data = json.load(jsonFile)
-    data["unprotected_urls"].remove("/seafhttp")
-    data["unprotected_urls"].remove("/seafdav")
-    if "skipped_urls" in data:
-        data["skipped_urls"].append("/seafhttp")
-    else:
-        data["skipped_urls"] = ["/seafhttp"]
-    data["skipped_urls"].append("/seafdav")
-
-with open("/etc/ssowat/conf.json.persistent", "w", encoding='utf-8') as jsonFile:
-    jsonFile.write(json.dumps(data, indent=4, sort_keys=True))
--- a/conf/x86-64.src
+++ b/conf/x86-64.src
@ -1,5 +1,5 @@
-SOURCE_URL=https://download.seadrive.org/seafile-server_7.0.5_x86-64.tar.gz
-SOURCE_SUM=7eb8814f1bc8ee78c80741fa08cbdce2b5ea8895a87730bde2a1b32d031e8f53
+SOURCE_URL=https://s3.eu-central-1.amazonaws.com/download.seadrive.org/seafile-server_7.1.5_x86-64.tar.gz
+SOURCE_SUM=edf020de2324be33df3f6854c6383affca088807bfc1e27a375fbb0f44af0cb0
 # (Optional) Program to check the integrity (sha256sum, md5sum...)
 # default: sha256
 SOURCE_SUM_PRG=sha256sum
--- a/conf/x86-64_7_0.src
+++ b/conf/x86-64_7_0.src
@ -0,0 +1,11 @@
+SOURCE_URL=https://download.seadrive.org/seafile-server_7.0.5_x86-64.tar.gz
+SOURCE_SUM=7eb8814f1bc8ee78c80741fa08cbdce2b5ea8895a87730bde2a1b32d031e8f53
+# (Optional) Program to check the integrity (sha256sum, md5sum...)
+# default: sha256
+SOURCE_SUM_PRG=sha256sum
+# (Optional) Archive format
+# default: tar.gz
+SOURCE_FORMAT=tar.gz
+# (Optional) Put false if sources are directly in the archive root
+# default: true
+SOURCE_IN_SUBDIR=true
--- a/manifest.json
+++ b/manifest.json
@ -4,7 +4,7 @@
    "packaging_format": 1,
    "license": "AGPL-3.0,Apache-2.0,MIT,GPL-2.0",
    "url": "https://www.seafile.com",
-    "version": "7.0.5~ynh1",
+    "version": "7.1.5~ynh1",
    "description": {
        "en": "Open Source Cloud Storage",
        "fr": "Stockage Cloud Open Source"
@ -23,7 +23,7 @@
        "mysql"
    ],
    "requirements": {
-        "yunohost": ">= 3.5.2.2"
+        "yunohost": ">= 4.1"
    },
    "arguments": {
        "install": [
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@ -3,8 +3,6 @@
 #=================================================

 app=$YNH_APP_INSTANCE_NAME
-[[ -e "../settings/manifest.json" ]] || [[ -e "../manifest.json" ]] && \
-    seafile_version=$(ynh_app_upstream_version)

 #=================================================
 # DEFINE ALL COMMON FONCTIONS
@ -19,29 +17,49 @@ install_source() {
    ynh_setup_source "$final_path/seafile-server-$seafile_version" "$architecture"
 }

-install_dependance() {
-    if [ "$(lsb_release --codename --short)" == "stretch" ]; then
-        ynh_install_app_dependencies python2.7 python-pip libpython2.7 python-setuptools python-ldap python-urllib3 python-simplejson python-imaging python-mysqldb python-flup expect python-requests python-dev ffmpeg python-memcache \
-            libjpeg62-turbo-dev zlib1g-dev # For building pillow
-    else
-        ynh_install_app_dependencies python2.7 python-pip libpython2.7 python-setuptools python-ldap python-urllib3 python-simplejson python-pil python-mysqldb python-flup expect python-requests python-dev ffmpeg python-memcache \
-            libjpeg62-turbo-dev zlib1g-dev # For building pillow
+install_source_7_0() {
+    if ! [ -e $final_path/seafile-server-7.0.5 ]; then
+        mkdir "$final_path/seafile-server-7.0.5"
+        if [[ $architecture == "i386" ]]
+        then
+            ynh_die --message "Error : this architecture is no longer supported by the upstream. Please create en issue here : https://github.com/YunoHost-Apps/seafile_ynh/issues to ask to discuss about a support of this architecture"
+        fi
+        ynh_setup_source "$final_path/seafile-server-7.0.5" "$architecture"_7_0
    fi
+}
+
+install_dependance() {
+    ynh_install_app_dependencies python3 python3-setuptools python3-pip python3-requests python3-dev libmariadb-dev-compat libmariadb-dev \
+        expect ffmpeg \
+        memcached libmemcached-dev \
+        python3-scipy python3-matplotlib \
+        libjpeg62-turbo-dev zlib1g-dev  # For building pillow
    ynh_add_swap 2000
    # We need to do that because we can have some issue about the permission access to the pip cache without this
    set_permission
+
    # Note that we install imageio to force the dependance, without this imageio 2.8 is installed and it need python3.5
-    sudo -u $seafile_user pip install --user --upgrade Pillow 'moviepy<1.0' 'imageio<2.8' certifi idna
+    sudo -u $seafile_user pip3 install --user --no-warn-script-location --upgrade future mysqlclient pymysql Pillow pylibmc captcha jinja2 sqlalchemy psd-tools django-pylibmc django-simple-captcha python3-ldap
+    # TODO add dependance when upgrade to seafile 8: django==2.2.*
    ynh_del_swap
 }

+mv_expect_scripts() {
+    expect_scripts_dir=$(mktemp -d)
+    cp expect_scripts/* $expect_scripts_dir
+    chmod u=rwx,o= -R $expect_scripts_dir
+    chown $seafile_user -R $expect_scripts_dir
+}
+
 set_permission() {
    chown -R $seafile_user:$seafile_user $final_path
+    chmod -R o= $final_path
    # check that this directory exist because in some really old install the data could still be in the main seafile directory
    # We also check at the install time when data directory is not already initialised 
-    test -e /home/yunohost.app/seafile-data && chown -R $seafile_user:$seafile_user /home/yunohost.app/seafile-data
-    # Well need to put this here because if test return false, set_permission also return false and the install fail
-    true
+    if [ -e /home/yunohost.app/seafile-data ]; then
+        chown -R $seafile_user:$seafile_user /home/yunohost.app/seafile-data
+        chmod -R o= /home/yunohost.app/seafile-data
+    fi
 }

 ynh_clean_setup () {
--- a/scripts/actions
+++ b/scripts/actions
@ -4,16 +4,16 @@
 # GENERIC START
 #=================================================

+# Import common cmd
+source scripts/experimental_helper.sh
+source scripts/_common.sh
+
 # Source YunoHost helpers
 source /usr/share/yunohost/helpers

 # Stop script if errors
 ynh_abort_if_errors

-# Import common cmd
-source scripts/experimental_helper.sh
-source scripts/_common.sh
-
 ynh_print_info --message="Loading installation settings..."

 # Retrive arguments
--- a/scripts/backup
+++ b/scripts/backup
@ -4,17 +4,17 @@
 # GENERIC START
 #=================================================

+# Import common cmd
+source ../settings/scripts/experimental_helper.sh
+source ../settings/scripts/_common.sh
+
 # Source YunoHost helpers
 source /usr/share/yunohost/helpers

 # Stop script if errors
 ynh_abort_if_errors

-# Import common cmd
-source ../settings/scripts/experimental_helper.sh
-source ../settings/scripts/_common.sh
-
-ynh_script_progression --message="Loading installation settings..."
+ynh_print_info --message="Loading installation settings..."

 # retrieve useful param
 domain=$(ynh_app_setting_get --app $app --key domain)
@ -22,7 +22,7 @@ db_pwd=$(ynh_app_setting_get --app $app --key mysqlpwd)
 final_path=$(ynh_app_setting_get --app $app --key final_path)
 seafile_user=$app

-if [[ ! "$(systemctl status seafile)" =~ "Active: inactive (dead)" ]] || [[ ! "$(systemctl status seahub)" =~ "Active: inactive (dead)" ]]; then
+if [[ ! "$(systemctl status seafile)" =~ "Active: inactive (dead)" ]] || [[ ! "$(systemctl status seahub)" =~ "Active: failed (Result: signal)" ]]; then
    ynh_print_warn --message="It's hightly recommended to make your backup when the service is stopped. Please stop seafile service and seahub service with this command before to run the backup 'systemctl stop seafile.service seahub.service'"
 fi

@ -31,11 +31,11 @@ fi
 #=================================================

 # # Backup app files
-ynh_script_progression --message="Backing up code..." --weight=3
+ynh_print_info --message="Backing up code..."
 ynh_backup --src_path $final_path
-ynh_script_progression --message="Backing up user data..." --weight=10
+ynh_print_info --message="Backing up user data..."
 ynh_backup --src_path=/home/yunohost.app/seafile-data --dest_path="data" --is_big=1
-ynh_script_progression --message="Backing up configuration..."
+ynh_print_info --message="Backing up configuration..."
 ynh_backup --src_path /etc/nginx/conf.d/$domain.d/${app}.conf
 ynh_backup --src_path /etc/systemd/system/seafile.service
 ynh_backup --src_path /etc/systemd/system/seahub.service
@ -43,9 +43,9 @@ ynh_backup --src_path /etc/fail2ban/jail.d/$app.conf
 ynh_backup --src_path /etc/fail2ban/filter.d/$app.conf

 # Backup mysql
-ynh_script_progression --message="Backing up database"
+ynh_print_info --message="Backing up database"
 ynh_mysql_dump_db --database ccnetdb > ${YNH_CWD}/ccnetdb.dmp
 ynh_mysql_dump_db --database seafiledb > ${YNH_CWD}/seafiledb.dmp
 ynh_mysql_dump_db --database seahubdb > ${YNH_CWD}/seahubdb.dmp

-ynh_script_progression --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." --last
+ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)."
--- a/scripts/change_url
+++ b/scripts/change_url
@ -4,16 +4,16 @@
 # GENERIC START
 #=================================================

+# Import common cmd
+source ./experimental_helper.sh
+source ./_common.sh
+
 # Source YunoHost helpers
 source /usr/share/yunohost/helpers

 # Stop script if errors
 ynh_abort_if_errors

-# Import common cmd
-source ./experimental_helper.sh
-source ./_common.sh
-
 ynh_script_progression --message="Loading installation settings..."

 # Retrive arguments
--- a/scripts/expect_scripts/first_launch.exp
+++ b/scripts/expect_scripts/first_launch.exp
@ -1,20 +0,0 @@
-#!/usr/bin/expect
-set timeout 10
-
-set seafile_dir [lindex $argv 0]
-set admin_email [lindex $argv 1]
-
-spawn $seafile_dir/seahub.sh start
-
-expect "for the admin account?"
-send "$admin_email\r";
-
-expect "for the admin account?"
-send {__ADMIN_PASSWORD__};
-send '\r';
-
-expect "Enter the"
-send {__ADMIN_PASSWORD__};
-send '\r';
-
-expect eof
--- a/scripts/expect_scripts/install.exp
+++ b/scripts/expect_scripts/install.exp
@ -4,9 +4,8 @@ set timeout 10
 set seafile_dir [lindex $argv 0]
 set server_name [lindex $argv 1]
 set domain [lindex $argv 2]
-set seafile_data [lindex $argv 3]
-set fileserver_port [lindex $argv 4]
-set db_pwd [lindex $argv 5]
+set fileserver_port [lindex $argv 3]
+set db_pwd [lindex $argv 4]

 spawn $seafile_dir/setup-seafile-mysql.sh

@ -19,9 +18,6 @@ send "$server_name\r";
 expect "What is the ip or domain of the server?"
 send "$domain\r";

-expect "Where do you want to put your seafile data?"
-send "$seafile_data\r";
-
 expect "Which port do you want to use for the seafile fileserver?"
 send "$fileserver_port\r";

--- a/scripts/expect_scripts/upgrade_7.1.exp
+++ b/scripts/expect_scripts/upgrade_7.1.exp
@ -0,0 +1,19 @@
+#!/usr/bin/expect
+set timeout 5
+
+set seafile_dir [lindex $argv 0]
+
+spawn $seafile_dir/upgrade/upgrade_7.0_7.1.sh
+
+expect "to contiune"
+send "\r";
+
+sleep 10;
+
+send "\r";
+
+sleep 1;
+
+send "\r";
+
+interact
--- a/scripts/expect_scripts/upgrade_8.0.exp
+++ b/scripts/expect_scripts/upgrade_8.0.exp
@ -0,0 +1,11 @@
+#!/usr/bin/expect
+set timeout 5
+
+set seafile_dir [lindex $argv 0]
+
+spawn $seafile_dir/upgrade/upgrade_7.1_8.0.sh
+
+expect "to contiune"
+send "\r";
+
+interact
--- a/scripts/experimental_helper.sh
+++ b/scripts/experimental_helper.sh
@ -1,16 +1,27 @@
-# Detect the system architecture to download the right tarball
-# NOTE: `uname -m` is more accurate and universal than `arch`
-# See https://en.wikipedia.org/wiki/Uname
-if [ -n "$(uname -m | grep 64)" ]; then
-	architecture="x86-64"
-elif [ -n "$(uname -m | grep 86)" ]; then
-	architecture="i386"
-elif [ -n "$(uname -m | grep arm)" ]; then
-	architecture="arm"
-else
-	ynh_die --message "Unable to detect your achitecture, please open a bug describing \
-        your hardware and the result of the command \"uname -m\"." 1
-fi
+
+# Check the architecture
+#
+# example: architecture=$(ynh_detect_arch)
+#
+# usage: ynh_detect_arch
+#
+# Requires YunoHost version 2.2.4 or higher.
+
+ynh_detect_arch(){
+	local architecture
+	if [ -n "$(uname -m | grep arm64)" ] || [ -n "$(uname -m | grep aarch64)" ]; then
+		architecture="arm64"
+	elif [ -n "$(uname -m | grep 64)" ]; then
+		architecture="x86-64"
+	elif [ -n "$(uname -m | grep 86)" ]; then
+		architecture="i386"
+	elif [ -n "$(uname -m | grep arm)" ]; then
+		architecture="arm"
+	else
+		architecture="unknown"
+	fi
+	echo $architecture
+}


 # Add swap
--- a/scripts/install
+++ b/scripts/install
@ -4,21 +4,21 @@
 # GENERIC START
 #=================================================

+# Import common cmd
+source ./experimental_helper.sh
+source ./_common.sh
+
 # Source YunoHost helpers
 source /usr/share/yunohost/helpers

 # Stop script if errors
 ynh_abort_if_errors

-# Import common cmd
-source ./experimental_helper.sh
-source ./_common.sh
-
 ynh_script_progression --message="Validating installation parameters..."

 # Retrieve arguments
 domain=$YNH_APP_ARG_DOMAIN
-path_url=$(ynh_normalize_url_path --path_url $YNH_APP_ARG_PATH)
+path_url=$YNH_APP_ARG_PATH
 server_name="$YNH_APP_ARG_SERVER_NAME"
 admin=$YNH_APP_ARG_ADMIN
 is_public=$YNH_APP_ARG_IS_PUBLIC
@ -26,6 +26,8 @@ seafile_data=/home/yunohost.app/seafile-data
 final_path=/opt/yunohost/$app
 seafile_user=$app
 admin_password=$YNH_APP_ARG_ADMIN_PASSWORD
+seafile_version=$(ynh_app_upstream_version)
+architecture=$(ynh_detect_arch)

 # Create special path with / at the end
 if [[ $path_url == '/' ]]
@ -66,7 +68,6 @@ ynh_app_setting_set --app $app --key seahub_port --value $seahub_port
 ynh_app_setting_set --app $app --key fileserver_port --value $fileserver_port
 ynh_app_setting_set --app $app --key webdav_port --value $webdav_port
 ynh_app_setting_set --app $app --key is_public --value $is_public
-ynh_app_setting_set --app $app --key installed_version --value $seafile_version

 #=================================================
 # STANDARD MODIFICATIONS
@ -76,7 +77,8 @@ ynh_script_progression --message="Creating base directory..."
 mkdir -p $final_path
 mkdir -p $final_path/installed
 mkdir -p $final_path/logs
-mkdir -p $final_path/seafile-data
+mkdir -p $seafile_data
+ln -s $seafile_data $final_path/seafile-data

 # Create User
 ynh_script_progression --message="Configuring system user..."
@ -86,10 +88,6 @@ ynh_system_user_create --username $seafile_user --home_dir $final_path
 ynh_script_progression --message="Installing dependencies..." --weight=7
 install_dependance

-# Clean data directory
-ynh_script_progression --message="Cleaning data directory..."
-test -e $seafile_data && ynh_secure_remove --file="$seafile_data"
-
 # Download new version from sources
 ynh_script_progression --message="Installing sources files..." --weight=7
 install_source
@ -104,9 +102,9 @@ ynh_mysql_setup_db --db_user $db_user --db_name seahubdb --db_pwd "$db_pwd"
 ynh_script_progression --message="Configuring application..." --weight=3

 # Run install script
-chmod +x expect_scripts/install.exp
+mv_expect_scripts
 chmod +x $final_path/seafile-server-$seafile_version/setup-seafile-mysql.sh
-expect_scripts/install.exp "$final_path/seafile-server-$seafile_version" "$server_name" "$domain" "$seafile_data" "$fileserver_port" "$db_pwd"
+$expect_scripts_dir/install.exp "$final_path/seafile-server-$seafile_version" "$server_name" "$domain" "$fileserver_port" "$db_pwd"

 sleep 3

@ -143,15 +141,33 @@ echo '[LDAP]' | tee -a $final_path/conf/ccnet.conf
 echo 'HOST = ldap://localhost:389' | tee -a $final_path/conf/ccnet.conf
 echo 'BASE = ou=users,dc=yunohost,dc=org' | tee -a $final_path/conf/ccnet.conf
 echo 'LOGIN_ATTR = mail' | tee -a $final_path/conf/ccnet.conf
+echo "FILTER = permission=cn=$app.main,ou=permission,dc=yunohost,dc=org" | tee -a $final_path/conf/ccnet.conf

 # Enable manually wiki
 echo 'ENABLE_WIKI = True' | tee -a $final_path/conf/seahub_settings.py

+# Enable memcached
+cat >> $final_path/conf/seahub_settings.py <<EOF
+CACHES = {
+    'default': {
+        'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
+        'LOCATION': '127.0.0.1:11211',
+    },
+}
+EOF
+
+# Configure admin info
+# It will be used the first start
+admin_email=$(ynh_user_get_info --username $admin --key 'mail')
+cp ../conf/create_admin.json $final_path/conf/admin.txt
+ynh_replace_string         --match_string __ADMIN__ --replace_string $admin_email --target_file $final_path/conf/admin.txt
+ynh_replace_special_string --match_string __PASSWORD__ --replace_string $admin_password --target_file $final_path/conf/admin.txt
+
 # Fix local warning
 ynh_replace_string --match_string en_US.UTF-8 --replace_string ${LANG:-'en_US.UTF-8'} --target_file $final_path/seafile-server-$seafile_version/seahub.sh

 # Update gunicorn config
-sed --in-place -r "s@bind = \"127\.0\.0\.1:[[:digit:]]+\"@bind = \"127.0.0.1:$seahub_port\"@g" $final_path/conf/gunicorn.conf
+sed --in-place -r "s@bind = \"127\.0\.0\.1:[[:digit:]]+\"@bind = \"127.0.0.1:$seahub_port\"@g" $final_path/conf/gunicorn.conf.py

 # Add webdav
 cp ../conf/seafdav.conf $final_path/conf/seafdav.conf
@ -166,27 +182,6 @@ ynh_add_systemd_config --service seahub --template seahub.service
 ynh_script_progression --message="Configuring nginx..." --weight=1
 ynh_add_nginx_config 'seahub_port fileserver_port webdav_port'

-# Copy first launch script
-cp expect_scripts/first_launch.exp $final_path
-chmod +x $final_path/first_launch.exp
-
-# Set permissions to seafile directory
-chown -R $seafile_user:$seafile_user $final_path
-chown -R $seafile_user:$seafile_user $seafile_data
-
-# Sometime we have a current effect. We try to lunch seafile when not all permissions are already set.
-# So wait untils all permissions are cleanly set
-sleep 5
-ynh_debug_exec ls /opt/yunohost/seafile/ccnet
-
-# Start seafile, seahub and populate admin account
-su - $seafile_user -s /bin/bash -c "$final_path/seafile-server-$seafile_version/seafile.sh start"
-# We escape all char witch needed.
-ynh_replace_special_string --match_string __ADMIN_PASSWORD__ --replace_string "$admin_password" --target_file $final_path/first_launch.exp
-admin_email=$(ynh_user_get_info --username $admin --key 'mail')
-su - $seafile_user -s /bin/bash -c "$final_path/first_launch.exp $final_path/seafile-server-$seafile_version $admin_email"
-ynh_secure_remove --file="$final_path/first_launch.exp"
-
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
@ -195,19 +190,19 @@ ynh_secure_remove --file="$final_path/first_launch.exp"
 ynh_script_progression --message="Protecting directory..."
 set_permission

+# Add sso config to unprotect domain.tld/seafhttp + domain.tld/seafdav
 ynh_script_progression --message="Configuring permissions..."
-
-# Add sso config to unprotect domain.tld/seafhttp + domain.tld/seafdav do in /etc/ssowat/conf.json.persistent
-python3 ../conf/add_sso_conf.py || ynh_die --message="Your file /etc/ssowat/conf.json.persistent doesn't respect the json syntax. Please fix the syntax to install this app."
-
+ynh_permission_create --permission=file_server --url=$domain/seafhttp --auth_header=false \
+                      --label="File server" --protected=true --allowed=visitors
+ynh_permission_create --permission=webdav --url=$domain/seafdav --auth_header=true \
+                      --label="Webdav" --protected=true --allowed=visitors
 # unprotect media
-ynh_app_setting_set --app $app --key unprotected_uris --value "/media"
+ynh_permission_create --permission=media --url=/media --auth_header=true \
+                      --label="Media" --protected=true --allowed=visitors

-if [ "$is_public" = "0" ]
+if [ "$is_public" == '1' ];
 then
-	ynh_app_setting_delete --app seafile --key unprotected_uris
-else
-	ynh_app_setting_set --app $app --key unprotected_uris --value "/"
+    ynh_permission_update --permission "main" --add "visitors"
 fi

 # Add logrotate
@ -215,29 +210,21 @@ ynh_script_progression --message="Configuring log rotation..."
 ynh_use_logrotate --logfile $final_path/logs
 ln -s $final_path/logs /var/log/seafile

-# Add fail2ban
-ynh_script_progression --message="Configuring fail2ban..." --weight=10
-ynh_add_fail2ban_config --use_template --others_var 'final_path'
-
 # register yunohost service
 yunohost service add seafile
 yunohost service add seahub

 ynh_script_progression --message="Stoping services..." --weight=3

-# Kill all services launched for initialisation
-su - $seafile_user -s /bin/bash -c "$final_path/seafile-server-latest/seafile.sh stop"
-su - $seafile_user -s /bin/bash -c "$final_path/seafile-server-latest/seahub.sh stop"
-sleep 2
-
-# We kill all process lunched by the script
-pkill -f seafile-controller || true
-pkill -f seaf-server || true
-
 # Start service
 ynh_script_progression --message="Starting seafile services..." --weight=3
 ynh_systemd_action --service_name seafile -l "spawned seaf-server, pid " -p /var/log/seafile/controller.log
+sleep 2
 ynh_systemd_action --service_name seahub -l "Started Seafile hub." -p "systemd"
 sleep 2

+# Add fail2ban
+ynh_script_progression --message="Configuring fail2ban..." --weight=10
+ynh_add_fail2ban_config --use_template --others_var 'final_path'
+
 ynh_script_progression --message="Installation of $app completed" --last
--- a/scripts/remove
+++ b/scripts/remove
@ -4,13 +4,13 @@
 # GENERIC START
 #=================================================

-# Source YunoHost helpers
-source /usr/share/yunohost/helpers
-
 # Import common cmd
 source ./experimental_helper.sh
 source ./_common.sh

+# Source YunoHost helpers
+source /usr/share/yunohost/helpers
+
 ynh_script_progression --message="Loading installation settings..."

 # Retrieve arguments
@ -32,10 +32,6 @@ pkill -f seaf-server || true
 pkill -f ccnet-server || true
 pkill -f seahub || true

-# remove sso config to unprotect domain.tld/seafhttp in /etc/ssowat/conf.json.persistent
-ynh_script_progression --message="Cleaning SSO configuration..."
-python3 ../conf/remove_sso_conf.py
-
 ynh_script_progression --message="Removing logs..."
 ynh_secure_remove --file=/var/log/seafile
 ynh_script_progression --message="Removing code..."
--- a/scripts/remove_sso_conf_persistent.py
+++ b/scripts/remove_sso_conf_persistent.py
@ -0,0 +1,39 @@
+import json
+import sys
+
+with open("/etc/ssowat/" + "conf.json.persistent", "r", encoding='utf-8') as jsonFile:
+    data = json.load(jsonFile)
+
+    for domain in ("", sys.argv[1]):
+        for path in ("/seafhttp", "/seafdav"):
+            url = domain + path
+            try:
+                uri_list = data["skipped_urls"]
+                while url in uri_list:
+                    uri_list.remove(url)
+            except:
+                pass
+
+            try:
+                uri_list = data["protected_urls"]
+                while url in uri_list:
+                    uri_list.remove(url)
+            except:
+                pass
+
+            try:
+                uri_list = data["permissions"]["custom_protected"]["uris"]
+                while url in uri_list:
+                    uri_list.remove(url)
+            except:
+                pass
+
+            try:
+                uri_list = data["permissions"]["custom_skipped"]["uris"]
+                while url in uri_list:
+                    uri_list.remove(url)
+            except:
+                pass
+
+with open("/etc/ssowat/" + "conf.json.persistent", "w", encoding='utf-8') as jsonFile:
+    jsonFile.write(json.dumps(data, indent=4, sort_keys=True))
--- a/scripts/restore
+++ b/scripts/restore
@ -4,16 +4,16 @@
 # GENERIC START
 #=================================================

+# Import common cmd
+source ../settings/scripts/experimental_helper.sh
+source ../settings/scripts/_common.sh
+
 # Source YunoHost helpers
 source /usr/share/yunohost/helpers

 # Stop script if errors
 ynh_abort_if_errors

-# Import common cmd
-source ../settings/scripts/experimental_helper.sh
-source ../settings/scripts/_common.sh
-
 ynh_script_progression --message="Loading settings..."

 # Retrieve arguments
@ -23,6 +23,7 @@ seafile_data=/home/yunohost.app/seafile-data
 db_pwd=$(ynh_app_setting_get --app $app --key mysqlpwd)
 final_path=$(ynh_app_setting_get --app $app --key final_path)
 seafile_user=$app
+architecture=$(ynh_detect_arch)

 # Check domain/path availability
 ynh_webpath_available --domain $domain --path_url $path_url || ynh_die --message "$domain/$path_url is not available, please use an other domain or path."
@ -57,10 +58,6 @@ su -c "mysql -u ${app} -p$db_pwd seahubdb < ${YNH_CWD}/seahubdb.dmp"
 # GENERIC FINALIZATION
 #=================================================

-# Restore sso persistent config
-ynh_script_progression --message="Configuring permissions..."
-python3 ../settings/conf/add_sso_conf.py || ynh_die --message="Your file /etc/ssowat/conf.json.persistent doesn't respect the json syntax. Please fix the syntax to install this app."
-
 # Add logrotate
 ynh_script_progression --message="Configuring log rotation..."
 ynh_use_logrotate --logfile $final_path/logs
@ -73,8 +70,8 @@ set_permission
 # Enable service and start seafile
 ynh_script_progression --message="Reconfiguring application..."
 systemctl daemon-reload
-systemctl enable seafile
-systemctl enable seahub
+systemctl enable seafile --quiet
+systemctl enable seahub --quiet

 # Add Seafile to YunoHost's monitored services
 ynh_script_progression --message="Register seafile service..."
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -4,27 +4,35 @@
 # GENERIC START
 #=================================================

+# Import common cmd
+source ./experimental_helper.sh
+source ./_common.sh
+
 # Source YunoHost helpers
 source /usr/share/yunohost/helpers

 # Stop script if errors
 ynh_abort_if_errors

-# Import common cmd
-source ./experimental_helper.sh
-source ./_common.sh
-
 ynh_script_progression --message="Loading installation settings..."

 # Retrieve arguments
 domain=$(ynh_app_setting_get --app $app --key domain)
 path_url=$(ynh_normalize_url_path --path_url $(ynh_app_setting_get --app $app --key path))
-installed_version=$(ynh_app_setting_get --app $app --key installed_version)
 seahub_port=$(ynh_app_setting_get --app $app --key seahub_port)
 fileserver_port=$(ynh_app_setting_get --app $app --key fileserver_port)
 webdav_port=$(ynh_app_setting_get --app $app --key webdav_port)
 final_path=$(ynh_app_setting_get --app $app --key final_path)
 seafile_user=$app
+seafile_data=/home/yunohost.app/seafile-data
+installed_version=${YNH_APP_CURRENT_VERSION/~ynh*/}
+seafile_version=$(ynh_app_upstream_version)
+architecture=$(ynh_detect_arch)
+
+if [ "$YNH_APP_CURRENT_VERSION" == '-' ]; then
+    YNH_APP_CURRENT_VERSION="6.0.9~ynh0"
+    installed_version=${YNH_APP_CURRENT_VERSION/~ynh*/}
+fi

 ynh_script_progression --message="Stoping services..."

@ -32,20 +40,33 @@ ynh_script_progression --message="Stoping services..."
 if [ -e /etc/init.d/seafile-server ]
 then
    # Old init script support
-    systemctl stop seafile-server
-    systemctl disable seafile-server
+    systemctl stop seafile-server --quiet
+    systemctl disable seafile-server --quiet
    ynh_secure_remove --file=/etc/init.d/seafile-server
    yunohost service remove seafile-server
 else
    ynh_systemd_action --service_name seafile --action stop
    ynh_systemd_action --service_name seahub --action stop
 fi
-sleep 2
+sleep 5
 pkill -f seafile-controller || true
 pkill -f seaf-server || true
 pkill -f ccnet-server || true
 pkill -f seahub || true

+ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=30
+# Backup the current version of the app
+if [ "0$(ynh_app_setting_get --app=$app --key=disable_backup_before_upgrade)" -ne 1 ] \
+    && (ynh_compare_current_package_version --comparison=ge --version='7.0.5~ynh1')
+then
+    ynh_backup_before_upgrade
+    ynh_clean_setup () {
+        # Clean installation remainings that are not handled by the remove script.
+        ynh_clean_check_starting
+        ynh_restore_upgradebackup
+    }
+fi
+
 #=================================================
 # MIGRATION FROM OLD VERSION
 #=================================================
@ -93,10 +114,10 @@ install_dependance
 ynh_script_progression --message="Configuring application..."

 # permission to execute update script and expect helper
-chmod +x expect_scripts/upgrade_*.exp
-chmod +x expect_scripts/minor-upgrade.exp
-chmod +x $final_path/seafile-server-$seafile_version/upgrade/upgrade_*.sh
-chmod +x $final_path/seafile-server-$seafile_version/upgrade/minor-upgrade.sh
+mv_expect_scripts
+set_permission
+chmod u+x,o= $final_path/seafile-server-$seafile_version/upgrade/upgrade_*.sh
+chmod u+x,o= $final_path/seafile-server-$seafile_version/upgrade/minor-upgrade.sh

 # do the upgrade    ( the ";&" syntax mean when it go in the first case which is true it do all the next case)
 case $installed_version in
@ -106,47 +127,55 @@ case $installed_version in
 ;&
 "4.1."* )
 	# Update seafile by script
-	expect_scripts/upgrade_4.2.1.exp $final_path/seafile-server-$seafile_version
+	install_source_7_0
+	$expect_scripts_dir/upgrade_4.2.1.exp $final_path/seafile-server-7.0.5
 ;&
 "4.3."* )
 	# Update seafile by script
-	expect_scripts/upgrade_4.4.3.exp $final_path/seafile-server-$seafile_version
+	install_source_7_0
+	$expect_scripts_dir/upgrade_4.4.3.exp $final_path/seafile-server-7.0.5
 ;&
 "4.4."* )
 	# Update seafile by script
-	expect_scripts/upgrade_5.0.3.exp $final_path/seafile-server-$seafile_version
+	install_source_7_0
+	$expect_scripts_dir/upgrade_5.0.3.exp $final_path/seafile-server-7.0.5
 ;&
 "5.0."* )
 	# Update seafile by script
-	expect_scripts/upgrade_5.1.exp $final_path/seafile-server-$seafile_version
+	install_source_7_0
+	$expect_scripts_dir/upgrade_5.1.exp $final_path/seafile-server-7.0.5
 ;&
 "5.1."* )
 	# Update seafile by script
-	expect_scripts/upgrade_6.0.exp $final_path/seafile-server-$seafile_version
+	install_source_7_0
+	$expect_scripts_dir/upgrade_6.0.exp $final_path/seafile-server-7.0.5
 ;&
 "6.0."* )
-	python3 ../conf/update_sso_conf.py || true
-	
+    install_source_7_0
+
 	# Update seafile by script
-	expect_scripts/upgrade_6.1.exp $final_path/seafile-server-$seafile_version
-	
+	$expect_scripts_dir/upgrade_6.1.exp $final_path/seafile-server-7.0.5
+
 	# Enable manually wiki
 	echo 'ENABLE_WIKI = True' | tee -a $final_path/conf/seahub_settings.py
 ;&
 "6.1."* )
 	# Update seafile by script
-	expect_scripts/upgrade_6.2.exp $final_path/seafile-server-$seafile_version
+	install_source_7_0
+	$expect_scripts_dir/upgrade_6.2.exp $final_path/seafile-server-7.0.5
 ;&
 "6.2."* )
 	# Update seafile by script
-	expect_scripts/upgrade_6.3.exp $final_path/seafile-server-$seafile_version
-	
+	install_source_7_0
+	$expect_scripts_dir/upgrade_6.3.exp $final_path/seafile-server-7.0.5
+
 	# Update logrotate to have the last version
 	ynh_use_logrotate --logfile $final_path/logs --nonappend
 ;&
 "6.3."* )
 	# Update seafile by script
-	expect_scripts/upgrade_7.0.exp $final_path/seafile-server-$seafile_version
+	install_source_7_0
+	$expect_scripts_dir/upgrade_7.0.exp $final_path/seafile-server-7.0.5
 	# SSO authentication
    echo 'ENABLE_REMOTE_USER_AUTHENTICATION = True' | tee -a $final_path/conf/seahub_settings.py
    echo "REMOTE_USER_HEADER = 'HTTP_EMAIL'" | tee -a $final_path/conf/seahub_settings.py
@ -155,12 +184,43 @@ case $installed_version in

    # Clean connexion from the SSO. If we don't do this we could have some when the user was loged by the old SSO auth mecanisme
    ynh_mysql_execute_as_root --sql "DELETE FROM \`django_session\`" --database seahubdb
-    
+
    ynh_print_warn --message "To be able to continue to use the SSO you probybly need to migrate your account. You can use the command 'yunohost app action run seafile migrate_user_email_to_mail_email' to migrate all of theses account. Note that after this migratation you need to reconfigure all your client with the official email of the user."
 ;&
+"7.0"* )
+    # Fix file comment
+    pushd $final_path/seafile-server-$seafile_version
+    sudo -u $seafile_user $final_path/seafile-server-$seafile_version/seahub.sh python-env python3 seahub/manage.py migrate_file_comment
+    popd
+
+    # Update seafile by script
+    sudo -u $seafile_user $expect_scripts_dir/upgrade_7.1.exp $final_path/seafile-server-$seafile_version
+
+    ynh_secure_remove --file="$final_path/seafile-server-7.0.5"
+
+    # Enable memcached
+    cat >> $final_path/conf/seahub_settings.py <<EOF
+CACHES = {
+    'default': {
+        'BACKEND': 'django_pylibmc.memcached.PyLibMCCache',
+        'LOCATION': '127.0.0.1:11211',
+    },
+}
+EOF
+    # Fix seafile data link. Look like that the upgrade script of seafile don't always work correctly
+    if [ -e $final_path/seafile-data ]; then
+        old_data_dir_path="$final_path/seafile_data$(date '+%Y%m%d.%H%M%S')"
+        mv "$final_path/seafile-data" "$old_data_dir_path"
+    fi
+    ln -s $seafile_data $final_path/seafile-data
+;&
+# "7.1."* )
+# 	sudo -u $seafile_user $expect_scripts_dir/upgrade_8.0.exp $final_path/seafile-server-$seafile_version
+# 	echo "FILTER = permission=cn=$app.main,ou=permission,dc=yunohost,dc=org" | tee -a $final_path/conf/ccnet.conf
+# ;&
 esac

-expect_scripts/minor-upgrade.exp $final_path/seafile-server-$seafile_version
+sudo -u $seafile_user $expect_scripts_dir/minor-upgrade.exp $final_path/seafile-server-$seafile_version

 ## Install webdav and logrotate if not installed
 if [[ $installed_version = "4.0."* ]] || [[ $installed_version = "4.1."* ]]
@ -179,9 +239,6 @@ then
 	cp ../conf/seafdav.conf $final_path/conf/seafdav.conf
 	ynh_replace_string --match_string __WEBDAV_PORT__ --replace_string $webdav_port --target_file $final_path/conf/seafdav.conf
 	
-	# Add sso config to unprotect domain.tld/seafdav in /etc/ssowat/conf.json.persistent
-	python3 ../conf/add_sso_conf_webdav.py
-	
 	# Update seafile config
 	echo 'COMPRESS_URL = MEDIA_URL' | tee -a $final_path/conf/seahub_settings.py
 	echo "STATIC_URL = MEDIA_URL + 'assets/'" | tee -a $final_path/conf/seahub_settings.py
@ -202,7 +259,7 @@ fi
 ynh_replace_string --match_string en_US.UTF-8 --replace_string ${LANG:-'en_US.UTF-8'} --target_file $final_path/seafile-server-$seafile_version/seahub.sh

 # Update gunicorn config
-sed --in-place -r "s@bind = \"0\.0\.0\.0:[[:digit:]]+\"@bind = \"0.0.0.0:$seahub_port\"@g" $final_path/conf/gunicorn.conf
+sed --in-place -r "s@bind = \"0\.0\.0\.0:[[:digit:]]+\"@bind = \"0.0.0.0:$seahub_port\"@g" $final_path/conf/gunicorn.conf.py

 # In the 3.x seafile version package the seahub_port and fileserver_port wasn't saved in the settings. If the settings is empty we try to get it and save in the settings

@ -243,6 +300,26 @@ ynh_use_logrotate --logfile $final_path/logs --nonappend
 ynh_script_progression --message="Configuring fail2ban..." --weight=10
 ynh_add_fail2ban_config --use_template --others_var 'final_path'

+ynh_script_progression --message="Configuring permissions..." --weight=1
+ynh_legacy_permissions_delete_all
+if ! ynh_permission_exists --permission=file_server; then
+    ynh_permission_create --permission=file_server --url=$domain/seafhttp --auth_header=false \
+                          --label="File server" --protected=true --allowed=visitors
+    ynh_permission_create --permission=webdav --url=$domain/seafdav --auth_header=true \
+                          --label="Webdav" --protected=true --allowed=visitors
+    ynh_permission_create --permission=media --url=/media --auth_header=true \
+                          --label="Media" --protected=true --allowed=visitors
+    python3 remove_sso_conf_persistent.py $domain \
+        || ynh_print_warn --message="Your file /etc/ssowat/""conf.json.persistent doesn't respect the json syntax. The config file wasn't cleaned. Please clean it manually."
+else
+    ynh_permission_url --permission=file_server --url=$domain/seafhttp --auth_header=false
+    ynh_permission_update --permission=file_server --label="File server" --show_tile=false --protected=true
+    ynh_permission_url --permission=webdav --url=$domain/seafhttp --auth_header=false
+    ynh_permission_update --permission=webdav --label="Webdav" --show_tile=false --protected=true
+    ynh_permission_url --permission=media --url=/media --auth_header=true
+    ynh_permission_update --permission=media --label="Media" --show_tile=false --protected=true
+fi
+
 # register yunohost service
 ynh_script_progression --message="Register seafile service..."
 yunohost service add seafile
@ -266,7 +343,4 @@ do
    ynh_secure_remove --file=$final_path/$f
 done

-# store new installed version
-ynh_app_setting_set --app $app --key installed_version --value $seafile_version
-
 ynh_script_progression --message="Upgrade of $app completed" --last
				`@ -0,0 +1 @@`
				`{"email": "__ADMIN__", "password": "__PASSWORD__"}`