1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/searxng_ynh.git synced 2024-09-03 20:26:00 +02:00

write upgrade script

This commit is contained in:
mh4ckt3mh4ckt1c4s 2023-03-01 19:36:12 +01:00
parent a0d8a72fea
commit abb6f49d98

View file

@ -18,10 +18,7 @@ app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
language=$(ynh_app_setting_get --app=$app --key=language)
admin=$(ynh_app_setting_get --app=$app --key=admin)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
db_name=$(ynh_app_setting_get --app=$app --key=db_name)
#=================================================
# CHECK VERSION
@ -51,13 +48,6 @@ ynh_abort_if_errors
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# STOP SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Stopping a systemd service..." --weight=1
ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log"
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
@ -76,30 +66,14 @@ ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
#fi
# If final_path doesn't exist, create it
#if [ -z "$final_path" ]; then
# final_path=/var/www/$app
# ynh_app_setting_set --app=$app --key=final_path --value=$final_path
#fi
### If nobody installed your app before 4.1,
### then you may safely remove these lines
# Cleaning legacy permissions
if ynh_legacy_permissions_exists; then
ynh_legacy_permissions_delete_all
ynh_app_setting_delete --app=$app --key=is_public
if [ -z "$final_path" ]; then
final_path=/var/www/$app
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
fi
if ! ynh_permission_exists --permission="admin"; then
# Create the required permissions
ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin
fi
# Create a permission if needed
if ! ynh_permission_exists --permission="api"; then
ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true"
fi
mkdir -p /var/log/uwsgi/$app
chown $app:$app /var/log/uwsgi/$app
chmod -R u=rwX,g=rX,o= /var/log/uwsgi/$app
#=================================================
# CREATE DEDICATED USER
@ -117,8 +91,20 @@ if [ "$upgrade_type" == "UPGRADE_APP" ]
then
ynh_script_progression --message="Upgrading source files..." --weight=1
# create a temporary directory
tmpdir=$(mktemp -d)
# backup the config file in the temp dir
cp -a "$final_path/searx/settings.yml" "$tmpdir/settings.yml"
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path"
# Copy the saved settings back to final path
cp -a "$tmpdir/settings.yml" "$final_path/searx/settings.yml"
# Remove the temporary directory safely
ynh_secure_remove --file="$tmpdir"
fi
# FIXME: this should be managed by the core in the future
@ -138,92 +124,59 @@ ynh_script_progression --message="Upgrading dependencies..." --weight=1
ynh_install_app_dependencies $pkg_dependencies
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=1
# Create a dedicated PHP-FPM config
ynh_add_fpm_config
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading NGINX web server configuration..." --time --weight=1
path_no_root=${path_url%/}
# Create a dedicated NGINX config
ynh_add_nginx_config
ynh_add_nginx_config "path_no_root"
#=================================================
# SPECIFIC UPGRADE
#=================================================
# ...
# UPGRADE SEARXNG IN ITS VIRTUALENV
#=================================================
ynh_script_progression --message="Upgrading SearXNG..." --weight=2
# Clean venv if it still on python2
if [ ! -e $final_path/bin/python3 ]
then
ynh_regex_secure_remove --file=$final_path/lib/ --regex='python[^/.]*'
ynh_regex_secure_remove --file=$final_path/lib64/ --regex='python[^/.]*'
ynh_regex_secure_remove --file=$final_path/share/python-wheels
fi
ynh_regex_secure_remove --file=$final_path/lib/python3/site-packages/setuptools
ynh_regex_secure_remove --file=$final_path/lib/python3/site-packages/ --regex='setuptools-[^/.]*'
python3 -m venv --system-site-packages "$final_path"
set +u; source $final_path/bin/activate; set -u
pip3 install -U setuptools
pip3 install --requirement $final_path/requirements-ynh.txt --upgrade
chown -R $app: "$final_path"
#=================================================
# UPDATE A CONFIG FILE
# CONFIGURE UWSGI FOR SEARX
#=================================================
ynh_script_progression --message="Updating a configuration file..." --weight=1
ynh_script_progression --message="Reconfiguring uWSGI for Searx..." --weight=2
### Same as during install
###
### The file will automatically be backed-up if it's found to be manually modified (because
### ynh_add_config keeps track of the file's checksum)
ynh_add_config --template="some_config_file" --destination="$final_path/some_config_file"
# FIXME: this should be handled by the core in the future
# You may need to use chmod 600 instead of 400,
# for example if the app is expected to be able to modify its own config
chmod 400 "$final_path/some_config_file"
chown $app:$app "$final_path/some_config_file"
### For more complex cases where you want to replace stuff using regexes,
### you shoud rely on ynh_replace_string (which is basically a wrapper for sed)
### When doing so, you also need to manually call ynh_store_file_checksum
###
### ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/some_config_file"
### ynh_store_file_checksum --file="$final_path/some_config_file"
#=================================================
# SETUP SYSTEMD
#=================================================
ynh_script_progression --message="Upgrading systemd configuration..." --weight=1
# Create a dedicated systemd config
ynh_add_systemd_config
# Clean old files
ynh_secure_remove --file="/etc/uwsgi/apps-enabled/$app.ini"
ynh_secure_remove --file="/etc/uwsgi/apps-available/$app.ini"
ynh_add_uwsgi_service
#=================================================
# GENERIC FINALIZATION
#=================================================
# SETUP LOGROTATE
#=================================================
ynh_script_progression --message="Upgrading logrotate configuration..." --weight=1
# Use logrotate to manage app-specific logfile(s)
ynh_use_logrotate --non-append
#=================================================
# INTEGRATE SERVICE IN YUNOHOST
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=1
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
#=================================================
# UPGRADE FAIL2BAN
#=================================================
ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=1
# Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
# Wait for searx to be fully started
ynh_systemd_action --service_name=uwsgi-app@$app.service --action=restart --line_match="spawned uWSGI master process" --log_path="/var/log/uwsgi/$app/$app.log"
#=================================================
# RELOAD NGINX