diff --git a/README.md b/README.md index d39cc24..f06df34 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,5 @@ +# Shaarli app for Yunohost +======= shaarli_ynh - Shaarli app for Yunohost =========== This app intends to provide to Yunohost's users Shaarli (https://github.com/shaarli/Shaarli), a simple but advanced bookmarking service. @@ -5,40 +7,34 @@ This app intends to provide to Yunohost's users Shaarli (https://github.com/shaa It is based on the community version of Shaarli (from @sebsauvage original software). You can get a demo [here](https://shaarli.readthedocs.io/en/master/#demo). -Current version: **0.9.6** -Maintainer: @Lapineige +[![Integration level](https://dash.yunohost.org/integration/shaarli.svg)](https://ci-apps.yunohost.org/jenkins/job/shaarli%20%28Community%29/lastBuild/consoleFull) [![Install Shaarli with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=shaarli) -**Work In Progress** - the packaging is usable and almost complete, but need more tests. -Please backup your data (with export + yunohost backup) before updating the app. +Current version: **0.9.7** -NB: see https://github.com/YunoHost-Apps/shaarli_ynh/tree/v0.0.41beta if you need a very stable (but old) version. -Related topic on Yunohost's forum: https://forum.yunohost.org/t/fr-en-shaarli-app-lets-remove-the-dust/2200/ +This app intends to provide to Yunohost's users Shaarli (https://github.com/shaarli/Shaarli), a simple but advanced bookmarking service. -Help for dev/testing hightly appreciated :) +It is based on the community version of Shaarli (from @sebsauvage original software). + +Maintainer: @Lapineige ## Current features - * Install / remove scripts - * Backup/restore scripts - * Adding / removing a link - * Upgrade *not tested* - * Configure Shaarli during installation +- [X] Install / remove scripts +- [X] Backup/restore scripts +- [X] Upgrade Script +- [X] Change url ## Installation information -When doing the installation you will be prompted if you want to have a public site, meaning that you don't have to be a user of this Yunohost instance to access the site. - -You will also be asked if you want to have a private instance, meaning that the authentication will be deactivated and the application will be only available to the owner designed during install. +After the installation go to the domain and create your account. After the creation of the account the registration will be locked. ## TODO - * Integrate the ssowat authentication (currently the authentication is done by Shaarli) - * Add upgrade script - * Refactoring of the code - * Add change_url +- [ ] Integrate the LDAP/SSOWAT authentication (currently the authentication is done by Shaarli) +- [ ] Integrate fail2ban for the app ## Changelog diff --git a/check_process b/check_process index 028169f..48d5cbd 100644 --- a/check_process +++ b/check_process @@ -1,40 +1,40 @@ +# See here for more informations +# https://github.com/YunoHost/package_check#syntax-check_process-file + +# Move this file from check_process.default to check_process when you have filled it. + ;; Test complet sans multisite - auto_remove=1 ; Manifest domain="domain.tld" (DOMAIN) path="/path" (PATH) - admin="john" (USER) - privatelinkbydefault="Yes" - privateinstance="No" - password="password" - title="shaarli" - is_public="Yes" (PUBLIC|public=Yes|private=No) + is_public=1 (PUBLIC|public=1|private=0) ; Checks pkg_linter=1 setup_sub_dir=1 - setup_root=0 + setup_root=1 setup_nourl=0 setup_private=1 setup_public=1 upgrade=1 - backup_restore=0 + backup_restore=1 multi_instance=1 - wrong_user=1 - wrong_path=1 incorrect_path=1 - corrupt_source=0 - fail_download_source=0 port_already_use=0 - final_path_already_use=0 + change_url=1 ;;; Levels Level 1=auto Level 2=auto Level 3=auto - Level 4=1 - Level 5=1 +# Level 4: + Level 4=0 +# Level 5: + Level 5=auto Level 6=auto Level 7=auto Level 8=0 Level 9=0 Level 10=0 +;;; Options +Email= +Notification=none diff --git a/conf/app.src b/conf/app.src new file mode 100644 index 0000000..edea6e5 --- /dev/null +++ b/conf/app.src @@ -0,0 +1,6 @@ +SOURCE_URL=https://github.com/shaarli/Shaarli/releases/download/v0.9.7/shaarli-v0.9.7-full.tar.gz +SOURCE_SUM=f4146c10b477713c1f25ab59d383e56c37dce2ad60a820a3a4eb3273c9b436a4 +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=tar.gz +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= diff --git a/conf/nginx.conf b/conf/nginx.conf index 563967d..5aaeab1 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,13 +1,18 @@ -location YNH_WWW_PATH { - alias YNH_ALIAS ; +location __PATH__ { + + # Path to source + alias __FINALPATH__/ ; + if ($scheme = http) { rewrite ^ https://$server_name$request_uri? permanent; } + + # Example PHP configuration (remove if not used) index index.php; try_files $uri $uri/ index.php; location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; - fastcgi_pass unix:/var/run/php5-fpm.sock; + fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock; fastcgi_index index.php; include fastcgi_params; fastcgi_param REMOTE_USER $remote_user; diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf new file mode 100644 index 0000000..8affbc2 --- /dev/null +++ b/conf/php-fpm.conf @@ -0,0 +1,392 @@ +; Start a new pool named 'www'. +; the variable $pool can we used in any directive and will be replaced by the +; pool name ('www' here) +[__NAMETOCHANGE__] + +; Per pool prefix +; It only applies on the following directives: +; - 'slowlog' +; - 'listen' (unixsocket) +; - 'chroot' +; - 'chdir' +; - 'php_values' +; - 'php_admin_values' +; When not set, the global prefix (or /usr) applies instead. +; Note: This directive can also be relative to the global prefix. +; Default Value: none +;prefix = /path/to/pools/$pool + +; Unix user/group of processes +; Note: The user is mandatory. If the group is not set, the default user's group +; will be used. +user = __USER__ +group = __USER__ + +; The address on which to accept FastCGI requests. +; Valid syntaxes are: +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses on a +; specific port; +; '/path/to/unix/socket' - to listen on a unix socket. +; Note: This value is mandatory. +listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock + +; Set listen(2) backlog. A value of '-1' means unlimited. +; Default Value: 128 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 128 + +; Set permissions for unix socket, if one is used. In Linux, read/write +; permissions must be set in order to allow connections from a web server. Many +; BSD-derived systems allow connections regardless of permissions. +; Default Values: user and group are set as the running user +; mode is set to 0660 +listen.owner = www-data +listen.group = www-data +;listen.mode = 0660 + +; List of ipv4 addresses of FastCGI clients which are allowed to connect. +; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original +; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address +; must be separated by a comma. If this value is left blank, connections will be +; accepted from any ip address. +; Default Value: any +;listen.allowed_clients = 127.0.0.1 + +; Specify the nice(2) priority to apply to the pool processes (only if set) +; The value can vary from -19 (highest priority) to 20 (lower priority) +; Note: - It will only work if the FPM master process is launched as root +; - The pool processes will inherit the master process priority +; unless it specified otherwise +; Default Value: no set +; priority = -19 + +; Choose how the process manager will control the number of child processes. +; Possible Values: +; static - a fixed number (pm.max_children) of child processes; +; dynamic - the number of child processes are set dynamically based on the +; following directives. With this process management, there will be +; always at least 1 children. +; pm.max_children - the maximum number of children that can +; be alive at the same time. +; pm.start_servers - the number of children created on startup. +; pm.min_spare_servers - the minimum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is less than this +; number then some children will be created. +; pm.max_spare_servers - the maximum number of children in 'idle' +; state (waiting to process). If the number +; of 'idle' processes is greater than this +; number then some children will be killed. +; ondemand - no children are created at startup. Children will be forked when +; new requests will connect. The following parameter are used: +; pm.max_children - the maximum number of children that +; can be alive at the same time. +; pm.process_idle_timeout - The number of seconds after which +; an idle process will be killed. +; Note: This value is mandatory. +pm = dynamic + +; The number of child processes to be created when pm is set to 'static' and the +; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. +; This value sets the limit on the number of simultaneous requests that will be +; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. +; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP +; CGI. The below defaults are based on a server without much resources. Don't +; forget to tweak pm.* to fit your needs. +; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' +; Note: This value is mandatory. +pm.max_children = 10 + +; The number of child processes created on startup. +; Note: Used only when pm is set to 'dynamic' +; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 +pm.start_servers = 2 + +; The desired minimum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.min_spare_servers = 1 + +; The desired maximum number of idle server processes. +; Note: Used only when pm is set to 'dynamic' +; Note: Mandatory when pm is set to 'dynamic' +pm.max_spare_servers = 3 + +; The number of seconds after which an idle process will be killed. +; Note: Used only when pm is set to 'ondemand' +; Default Value: 10s +;pm.process_idle_timeout = 10s; + +; The number of requests each child process should execute before respawning. +; This can be useful to work around memory leaks in 3rd party libraries. For +; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. +; Default Value: 0 +pm.max_requests = 500 + +; The URI to view the FPM status page. If this value is not set, no URI will be +; recognized as a status page. It shows the following informations: +; pool - the name of the pool; +; process manager - static, dynamic or ondemand; +; start time - the date and time FPM has started; +; start since - number of seconds since FPM has started; +; accepted conn - the number of request accepted by the pool; +; listen queue - the number of request in the queue of pending +; connections (see backlog in listen(2)); +; max listen queue - the maximum number of requests in the queue +; of pending connections since FPM has started; +; listen queue len - the size of the socket queue of pending connections; +; idle processes - the number of idle processes; +; active processes - the number of active processes; +; total processes - the number of idle + active processes; +; max active processes - the maximum number of active processes since FPM +; has started; +; max children reached - number of times, the process limit has been reached, +; when pm tries to start more children (works only for +; pm 'dynamic' and 'ondemand'); +; Value are updated in real time. +; Example output: +; pool: www +; process manager: static +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 62636 +; accepted conn: 190460 +; listen queue: 0 +; max listen queue: 1 +; listen queue len: 42 +; idle processes: 4 +; active processes: 11 +; total processes: 15 +; max active processes: 12 +; max children reached: 0 +; +; By default the status page output is formatted as text/plain. Passing either +; 'html', 'xml' or 'json' in the query string will return the corresponding +; output syntax. Example: +; http://www.foo.bar/status +; http://www.foo.bar/status?json +; http://www.foo.bar/status?html +; http://www.foo.bar/status?xml +; +; By default the status page only outputs short status. Passing 'full' in the +; query string will also return status for each pool process. +; Example: +; http://www.foo.bar/status?full +; http://www.foo.bar/status?json&full +; http://www.foo.bar/status?html&full +; http://www.foo.bar/status?xml&full +; The Full status returns for each process: +; pid - the PID of the process; +; state - the state of the process (Idle, Running, ...); +; start time - the date and time the process has started; +; start since - the number of seconds since the process has started; +; requests - the number of requests the process has served; +; request duration - the duration in µs of the requests; +; request method - the request method (GET, POST, ...); +; request URI - the request URI with the query string; +; content length - the content length of the request (only with POST); +; user - the user (PHP_AUTH_USER) (or '-' if not set); +; script - the main script called (or '-' if not set); +; last request cpu - the %cpu the last request consumed +; it's always 0 if the process is not in Idle state +; because CPU calculation is done when the request +; processing has terminated; +; last request memory - the max amount of memory the last request consumed +; it's always 0 if the process is not in Idle state +; because memory calculation is done when the request +; processing has terminated; +; If the process is in Idle state, then informations are related to the +; last request the process has served. Otherwise informations are related to +; the current request being served. +; Example output: +; ************************ +; pid: 31330 +; state: Running +; start time: 01/Jul/2011:17:53:49 +0200 +; start since: 63087 +; requests: 12808 +; request duration: 1250261 +; request method: GET +; request URI: /test_mem.php?N=10000 +; content length: 0 +; user: - +; script: /home/fat/web/docs/php/test_mem.php +; last request cpu: 0.00 +; last request memory: 0 +; +; Note: There is a real-time FPM status monitoring sample web page available +; It's available in: ${prefix}/share/fpm/status.html +; +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;pm.status_path = /status + +; The ping URI to call the monitoring page of FPM. If this value is not set, no +; URI will be recognized as a ping page. This could be used to test from outside +; that FPM is alive and responding, or to +; - create a graph of FPM availability (rrd or such); +; - remove a server from a group if it is not responding (load balancing); +; - trigger alerts for the operating team (24/7). +; Note: The value must start with a leading slash (/). The value can be +; anything, but it may not be a good idea to use the .php extension or it +; may conflict with a real PHP file. +; Default Value: not set +;ping.path = /ping + +; This directive may be used to customize the response of a ping request. The +; response is formatted as text/plain with a 200 response code. +; Default Value: pong +;ping.response = pong + +; The access log file +; Default: not set +;access.log = log/$pool.access.log + +; The access log format. +; The following syntax is allowed +; %%: the '%' character +; %C: %CPU used by the request +; it can accept the following format: +; - %{user}C for user CPU only +; - %{system}C for system CPU only +; - %{total}C for user + system CPU (default) +; %d: time taken to serve the request +; it can accept the following format: +; - %{seconds}d (default) +; - %{miliseconds}d +; - %{mili}d +; - %{microseconds}d +; - %{micro}d +; %e: an environment variable (same as $_ENV or $_SERVER) +; it must be associated with embraces to specify the name of the env +; variable. Some exemples: +; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e +; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e +; %f: script filename +; %l: content-length of the request (for POST request only) +; %m: request method +; %M: peak of memory allocated by PHP +; it can accept the following format: +; - %{bytes}M (default) +; - %{kilobytes}M +; - %{kilo}M +; - %{megabytes}M +; - %{mega}M +; %n: pool name +; %o: ouput header +; it must be associated with embraces to specify the name of the header: +; - %{Content-Type}o +; - %{X-Powered-By}o +; - %{Transfert-Encoding}o +; - .... +; %p: PID of the child that serviced the request +; %P: PID of the parent of the child that serviced the request +; %q: the query string +; %Q: the '?' character if query string exists +; %r: the request URI (without the query string, see %q and %Q) +; %R: remote IP address +; %s: status (response code) +; %t: server time the request was received +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; %T: time the log has been written (the request has finished) +; it can accept a strftime(3) format: +; %d/%b/%Y:%H:%M:%S %z (default) +; %u: remote user +; +; Default: "%R - %u %t \"%m %r\" %s" +;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" + +; The log file for slow requests +; Default Value: not set +; Note: slowlog is mandatory if request_slowlog_timeout is set +slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log + +; The timeout for serving a single request after which a PHP backtrace will be +; dumped to the 'slowlog' file. A value of '0s' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +request_slowlog_timeout = 5s + +; The timeout for serving a single request after which the worker process will +; be killed. This option should be used when the 'max_execution_time' ini option +; does not stop script execution for some reason. A value of '0' means 'off'. +; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) +; Default Value: 0 +request_terminate_timeout = 1d + +; Set open file descriptor rlimit. +; Default Value: system defined value +;rlimit_files = 1024 + +; Set max core size rlimit. +; Possible Values: 'unlimited' or an integer greater or equal to 0 +; Default Value: system defined value +;rlimit_core = 0 + +; Chroot to this directory at the start. This value must be defined as an +; absolute path. When this value is not set, chroot is not used. +; Note: you can prefix with '$prefix' to chroot to the pool prefix or one +; of its subdirectories. If the pool prefix is not set, the global prefix +; will be used instead. +; Note: chrooting is a great security feature and should be used whenever +; possible. However, all PHP paths will be relative to the chroot +; (error_log, sessions.save_path, ...). +; Default Value: not set +;chroot = + +; Chdir to this directory at the start. +; Note: relative path can be used. +; Default Value: current directory or / when chroot +chdir = __FINALPATH__ + +; Redirect worker stdout and stderr into main error log. If not set, stdout and +; stderr will be redirected to /dev/null according to FastCGI specs. +; Note: on highloaded environement, this can cause some delay in the page +; process time (several ms). +; Default Value: no +catch_workers_output = yes + +; Limits the extensions of the main script FPM will allow to parse. This can +; prevent configuration mistakes on the web server side. You should only limit +; FPM to .php extensions to prevent malicious users to use other extensions to +; exectute php code. +; Note: set an empty value to allow all extensions. +; Default Value: .php +;security.limit_extensions = .php .php3 .php4 .php5 + +; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from +; the current environment. +; Default Value: clean env +;env[HOSTNAME] = $HOSTNAME +;env[PATH] = /usr/local/bin:/usr/bin:/bin +;env[TMP] = /tmp +;env[TMPDIR] = /tmp +;env[TEMP] = /tmp + +; Additional php.ini defines, specific to this pool of workers. These settings +; overwrite the values previously defined in the php.ini. The directives are the +; same as the PHP SAPI: +; php_value/php_flag - you can set classic ini defines which can +; be overwritten from PHP call 'ini_set'. +; php_admin_value/php_admin_flag - these directives won't be overwritten by +; PHP call 'ini_set' +; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. + +; Defining 'extension' will load the corresponding shared extension from +; extension_dir. Defining 'disable_functions' or 'disable_classes' will not +; overwrite previously defined php.ini values, but will append the new value +; instead. + +; Note: path INI options can be relative and will be expanded with the prefix +; (pool, global or /usr) + +; Default Value: nothing is defined by default except the values in php.ini and +; specified at startup with the -d argument +;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com +;php_flag[display_errors] = off +;php_admin_value[error_log] = /var/log/fpm-php.www.log +;php_admin_flag[log_errors] = on +;php_admin_value[memory_limit] = 32M diff --git a/conf/php-fpm.ini b/conf/php-fpm.ini new file mode 100644 index 0000000..5c27d59 --- /dev/null +++ b/conf/php-fpm.ini @@ -0,0 +1,10 @@ +; Common values to change to increase file upload limit +; upload_max_filesize = 50M +; post_max_size = 50M +; mail.add_x_header = Off + +; Other common parameters +; max_execution_time = 600 +; max_input_time = 300 +; memory_limit = 256M +; short_open_tag = On diff --git a/manifest.json b/manifest.json index 0097dea..1739c30 100644 --- a/manifest.json +++ b/manifest.json @@ -3,7 +3,7 @@ "id": "shaarli", "packaging_format": 1, "requirements": { - "yunohost": ">> 2.3.15" + "yunohost": ">= 2.7.2" }, "description": { "en": "The personal, minimalist, super-fast, no-database delicious clone", @@ -16,8 +16,12 @@ }, "url": "https://github.com/shaarli/Shaarli", "license": "free", - "version": "0.9.6", + "version": "0.9.7", "multi_instance": "true", + "services": [ + "nginx", + "php5-fpm" + ], "arguments": { "install" : [ { @@ -41,56 +45,12 @@ }, { "name": "is_public", + "type": "boolean", "ask": { "en": "Is it a public Shaarli site ?", "fr": "Est-ce un site Shaarli public ?" }, - "choices": ["Yes", "No"], - "default": "No" - }, - { - "name": "privatelinkbydefault", - "ask": { - "en": "Are new links private by default ?", - "fr": "Les nouveaux liens sont-ils privés par défaut ?" - }, - "choices": ["Yes", "No"], - "default": "Yes" - }, - { - "name": "privateinstance", - "ask": { - "en": "Is this instance private?", - "fr": "Cette instance est-elle privée ?" - }, - "choices": ["Yes", "No"], - "default": "Yes" - }, - { - "name": "admin", - "type": "user", - "ask": { - "en": "Owner of the Shaarli instance", - "fr": "Propriétaire de l'instance Shaarli" - }, - "example": "test" - }, - { - "name": "password", - "type": "password", - "ask": { - "en": "Define password for Shaarli user", - "fr": "Définissez le mot de passe de l'utilisateur Shaarli" - } - }, - { - "name": "title", - "ask": { - "en": "Choose a title for Shaarli's page", - "fr": "Choissez un titre pour la page Shaarli" - }, - "example": "Shaarli", - "default": "Shaarli" + "default": false } ] } diff --git a/scripts/backup b/scripts/backup index 8408871..b308c7b 100644 --- a/scripts/backup +++ b/scripts/backup @@ -1,20 +1,52 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -set -eu +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -# See comments in install script -app=$YNH_APP_INSTANCE_NAME - -# Source YunoHost helpers +if [ ! -e _common.sh ]; then + # Get the _common.sh file if it's not in the current directory + cp ../settings/scripts/_common.sh ./_common.sh + chmod a+rx _common.sh +fi +source _common.sh source /usr/share/yunohost/helpers -# Backup sources & data -# Note: the last argument is where to save this path, see the restore script. -ynh_backup "/var/www/${app}" "sources" +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= -# Copy NGINX configuration -domain=$(ynh_app_setting_get "$app" domain) -ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" "nginx.conf" +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors +#================================================= +# LOAD SETTINGS +#================================================= +app=$YNH_APP_INSTANCE_NAME + +final_path=$(ynh_app_setting_get $app final_path) +domain=$(ynh_app_setting_get $app domain) + +#================================================= +# STANDARD BACKUP STEPS +#================================================= +# BACKUP THE APP MAIN DIR +#================================================= + +ynh_backup "$final_path" + +#================================================= +# BACKUP THE NGINX CONFIGURATION +#================================================= + +ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" + +#================================================= +# BACKUP THE PHP-FPM CONFIGURATION +#================================================= + +ynh_backup "/etc/php5/fpm/pool.d/$app.conf" +ynh_backup "/etc/php5/fpm/conf.d/20-$app.ini" diff --git a/scripts/change_url b/scripts/change_url new file mode 100644 index 0000000..2c5f46e --- /dev/null +++ b/scripts/change_url @@ -0,0 +1,82 @@ +#!/bin/bash + +#================================================= +# GENERIC STARTING +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# RETRIEVE ARGUMENTS +#================================================= + +old_domain=$YNH_APP_OLD_DOMAIN +old_path=$YNH_APP_OLD_PATH + +new_domain=$YNH_APP_NEW_DOMAIN +new_path=$YNH_APP_NEW_PATH + +app=$YNH_APP_INSTANCE_NAME + +#================================================= +# CHECK THE SYNTAX OF THE PATHS +#================================================= + +test -n "$old_path" || old_path="/" +test -n "$new_path" || new_path="/" +new_path=$(ynh_normalize_url_path $new_path) +old_path=$(ynh_normalize_url_path $old_path) + +#================================================= +# CHECK WHICH PARTS SHOULD BE CHANGED +#================================================= + +change_domain=0 +if [ "$old_domain" != "$new_domain" ] +then + change_domain=1 +fi + +change_path=0 +if [ "$old_path" != "$new_path" ] +then + change_path=1 +fi + +#================================================= +# STANDARD MODIFICATIONS +#================================================= +# MODIFY URL IN NGINX CONF +#================================================= + +nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf + +# Change the path in the nginx config file +if [ $change_path -eq 1 ] +then + # Make a backup of the original nginx config file if modified + ynh_backup_if_checksum_is_different "$nginx_conf_path" + # Replace locations starting with old_path + # Look for every location possible patterns (see https://nginx.org/en/docs/http/ngx_http_core_module.html#location) + ynh_replace_string "location\( \(=\|~\|~\*\|\^~\)\)\? $old_path" "location\1 $new_path" "$nginx_conf_path" + # Replace path in "return" directives + ynh_replace_string "return \([[:digit:]]\{3\}\) $old_path" "return \1 $new_path" "$nginx_conf_path" + # Calculate and store the nginx config file checksum + ynh_store_file_checksum "$nginx_conf_path" +fi + +# Change the domain for nginx +if [ $change_domain -eq 1 ] +then + # Delete file checksum for the old conf file location + ynh_delete_file_checksum "$nginx_conf_path" + mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf + # Store file checksum for the new config file location + ynh_store_file_checksum "/etc/nginx/conf.d/$new_domain.d/$app.conf" +fi + + +systemctl reload nginx diff --git a/scripts/install b/scripts/install index a76a7ae..ea6b108 100644 --- a/scripts/install +++ b/scripts/install @@ -1,7 +1,31 @@ #!/bin/bash -# causes the shell to exit if any subcommand or pipeline returns a non-zero status -set -e +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# RETRIEVE ARGUMENTS FROM THE MANIFEST +#================================================= + + +# Retrieve arguments +domain=$YNH_APP_ARG_DOMAIN +path_url=$YNH_APP_ARG_PATH +is_public=$YNH_APP_ARG_IS_PUBLIC + # This is a multi-instance app, meaning it can be installed several times independently # The id of the app as stated in the manifest is available as $YNH_APP_ID @@ -13,27 +37,25 @@ set -e # The app instance name is probably what you are interested the most, since this is # guaranteed to be unique. This is a good unique identifier to define installation path, # db names, ... + app=$YNH_APP_INSTANCE_NAME -# Retrieve arguments -domain=$YNH_APP_ARG_DOMAIN -path=$YNH_APP_ARG_PATH/ -admin=$YNH_APP_ARG_ADMIN -is_public=$YNH_APP_ARG_IS_PUBLIC -title=$YNH_APP_ARG_TITLE -privatelinkbydefault=$YNH_APP_ARG_PRIVATELINKBYDEFAULT -password=$YNH_APP_ARG_PASSWORD -privateinstance=$YNH_APP_ARG_PRIVATEINSTANCE -path_url=$YNH_APP_ARG_PATH - -# Load common variables and helpers -source ./_common.sh #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THIS ARGS #================================================= -path=$(ynh_normalize_url_path $path) # Vérifie et corrige la syntaxe du path. +final_path=/var/www/$app +test ! -e "$final_path" || ynh_die "This path already contains a folder" + +# Normalize the url path syntax +path_url=$(ynh_normalize_url_path $path_url) + +# Check web path availability +ynh_webpath_available $domain $path_url +# Register (book) web path +ynh_webpath_register $app $domain $path_url + # Check that the options are compatible @@ -43,87 +65,72 @@ if [ $is_public = "Yes" ]; then fi fi -# Check that admin user is an existing account -sudo yunohost user list --json | grep -q "\"username\": \"$admin\"" -if [[ ! $? -eq 0 ]]; then -ynh_die "Error : the chosen user does not exist" 1 -fi -sudo yunohost app setting $app admin -v $admin +#================================================= +# STORE SETTINGS FROM MANIFEST +#================================================= + +ynh_app_setting_set $app domain $domain +ynh_app_setting_set $app path $path_url +ynh_app_setting_set $app is_public $is_public -# Check domain/path availability -sudo yunohost app checkurl $domain$path -a $app -if [[ ! $? -eq 0 ]]; then -exit 1 -fi # Install dependencies -sudo apt-get install php5-cli -y -qq +ynh_install_app_dependencies php5-cli -# Copy files to the right place -app_home_path=/home/yunohost.app/$app -final_path=/var/www/$app -sudo mkdir -p $final_path -# Download and extract in /var/www -extract_shaarli +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= -# generate the salt -salt=$(dd if=/dev/urandom bs=1 count=200 2> /dev/null | tr -c -d 'A-Za-z0-9' | sed -n 's/\(.\{24\}\).*/\1/p') +ynh_app_setting_set $app final_path $final_path +# Download, check integrity, uncompress and patch the source from app.src +ynh_setup_source "$final_path" -# generate the hash with the password -password_hash=$(php ../conf/gen_hash.php $password $admin $salt) +#================================================= +# NGINX CONFIGURATION +#================================================= -# set the proper value for substitution -if [ $privatelinkbydefault = "No" ]; then -privatelinkbydefault_php=false -else -privatelinkbydefault_php=true -fi +# Create a dedicated nginx config +ynh_add_nginx_config -# Prepare the configuration file -sudo sed -i "s@YNH_SALT@$salt@g" ../conf/config.json.php -sudo sed -i "s@YNH_ADMIN@$admin@g" ../conf/config.json.php -sudo sed -i "s@YNH_HASH@$password_hash@g" ../conf/config.json.php -sudo sed -i "s@YNH_TIMEZONE@$(cat /etc/timezone)@g" ../conf/config.json.php -sudo sed -i "s@YNH_TITLE@$title@g" ../conf/config.json.php -sudo sed -i "s@YNH_PRIVATE_LINK_BY_DEFAULT@$privatelinkbydefault_php@g" ../conf/config.json.php -# turn off authentication on the instance -if [ $privateinstance = "Yes" ] ; then - sudo sed -i "/open_shaarli/s/false/true/" ../conf/config.json.php -fi +#================================================= +# CREATE DEDICATED USER +#================================================= -# Populate the data directory of the shaarli instance -sudo cp ../conf/config.json.php $final_path/data -sudo cp ../conf/datastore.php $final_path/data -sudo cp ../conf/ipbans.php $final_path/data -sudo cp ../conf/lastupdatecheck.txt $final_path/data -sudo cp ../conf/log.txt $final_path/data -sudo cp ../conf/updates.txt $final_path/data +# Create a system user +ynh_system_user_create $app + +#================================================= +# PHP-FPM CONFIGURATION +#================================================= + +# Create a dedicated php-fpm config +ynh_add_fpm_config # set proper permissions sudo find $final_path -type f | xargs sudo chmod 644 sudo find $final_path -type d | xargs sudo chmod 755 -#sudo chown -R root: $final_path -#set proper ownership of the files in /data -sudo chown www-data:www-data $final_path/data/config.json.php -sudo chown www-data:www-data $final_path/data/datastore.php -sudo chown www-data:www-data $final_path/data/ipbans.php -sudo chown www-data:www-data $final_path/data/lastupdatecheck.txt -sudo chown www-data:www-data $final_path/data/log.txt -sudo chown www-data:www-data $final_path/data/updates.txt +# Set right permissions for curl install +chown -R $app: $final_path -# Modify Nginx configuration file and copy it to Nginx conf directory -sudo sed -i "s@YNH_WWW_PATH@$path@g" ../conf/nginx.conf -sudo sed -i "s@YNH_ALIAS@$final_path@g" ../conf/nginx.conf -sudo cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf +#================================================= +# SETUP SSOWAT +#================================================= -# Reload Nginx and regenerate SSOwat conf -if [ $is_public = "Yes" ]; then -sudo yunohost app setting $app unprotected_uris -v "/" -elif [ $privateinstance = "Yes" ] ; then -# Configure SSOWat to prevent access for other users -sudo yunohost app setting $app allowed_users -v "$admin" +if [ $is_public -eq 0 ] +then # Remove the public access + ynh_app_setting_delete $app skipped_uris fi -sudo service nginx reload -sudo yunohost app ssowatconf +# Make app public if necessary +if [ $is_public -eq 1 ] +then + # unprotected_uris allows SSO credentials to be passed anyway. + ynh_app_setting_set $app unprotected_uris "/" +fi + +#================================================= +# RELOAD NGINX +#================================================= + +systemctl reload nginx diff --git a/scripts/remove b/scripts/remove index dd395b8..074a1a9 100644 --- a/scripts/remove +++ b/scripts/remove @@ -1,22 +1,48 @@ #!/bin/bash -set -u +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + + +#================================================= +# LOAD SETTINGS +#================================================= -# This is a multi-instance app, meaning it can be installed several times independently -# The id of the app as stated in the manifest is available as $YNH_APP_ID -# The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2", ...) -# The app instance name is available as $YNH_APP_INSTANCE_NAME -# - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample -# - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2 -# - ynhexample__{N} for the subsequent installations, with N=3,4, ... -# The app instance name is probably what you are interested the most, since this is -# guaranteed to be unique. This is a good unique identifier to define installation path, -# db names, ... app=$YNH_APP_INSTANCE_NAME -domain=$(sudo yunohost app setting $app domain) +domain=$(ynh_app_setting_get $app domain) +final_path=$(ynh_app_setting_get $app final_path) -sudo rm -rf /var/www/$app -sudo rm -f /etc/nginx/conf.d/$domain.d/$app.conf +#================================================= +# REMOVE APP MAIN DIR +#================================================= -sudo service nginx reload +# Remove the app directory securely +ynh_secure_remove "$final_path" + +#================================================= +# REMOVE NGINX CONFIGURATION +#================================================= + +# Remove the dedicated nginx config +ynh_remove_nginx_config + +#================================================= +# REMOVE PHP-FPM CONFIGURATION +#================================================= + +# Remove the dedicated php-fpm config +ynh_remove_fpm_config + +#================================================= +# REMOVE DEDICATED USER +#================================================= + +# Delete a system user +ynh_system_user_delete $app diff --git a/scripts/restore b/scripts/restore index 33a9ee1..dd9e7e2 100644 --- a/scripts/restore +++ b/scripts/restore @@ -1,35 +1,98 @@ #!/bin/bash -# Note: each files and directories you've saved using the ynh_backup helper -# will be located in the current directory, regarding the last argument. +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -# Exit on command errors and treat unset variables as an error -set -eu - -# See comments in install script -app=$YNH_APP_INSTANCE_NAME - -# Source YunoHost helpers +if [ ! -e _common.sh ]; then + # Get the _common.sh file if it's not in the current directory + cp ../settings/scripts/_common.sh ./_common.sh + chmod a+rx _common.sh +fi +source _common.sh source /usr/share/yunohost/helpers -# Retrieve old app settings -domain=$(ynh_app_setting_get "$app" domain) -path_url=$(ynh_app_setting_get "$app" path) +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= -# Check domain/path availability -sudo yunohost app checkurl "${domain}${path_url}" -a "$app" \ - || ynh_die "Path not available: ${domain}${path_url}" +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors -# Restore sources & data -src_path="/var/www/${app}" -sudo cp -a ./sources "$src_path" +#================================================= +# LOAD SETTINGS +#================================================= + +app=$YNH_APP_INSTANCE_NAME + +domain=$(ynh_app_setting_get $app domain) +path_url=$(ynh_app_setting_get $app path) +final_path=$(ynh_app_setting_get $app final_path) + + +#================================================= +# CHECK IF THE APP CAN BE RESTORED +#================================================= + +ynh_webpath_available $domain $path_url \ + || ynh_die "Path not available: ${domain}${path_url}" +test ! -d $final_path \ + || ynh_die "There is already a directory: $final_path " + +#================================================= +# STANDARD RESTORATION STEPS +#================================================= +# RESTORE THE NGINX CONFIGURATION +#================================================= + +ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" + +#================================================= +# RESTORE THE APP MAIN DIR +#================================================= + +ynh_restore_file "$final_path" + +#================================================= +# RECREATE THE DEDICATED USER +#================================================= + +# Create the dedicated user (if not existing) +ynh_system_user_create $app + +#================================================= +# RESTORE USER RIGHTS +#================================================= + +# Restore permissions on app files +chown -R $app: $final_path + +#================================================= +# RESTORE THE PHP-FPM CONFIGURATION +#================================================= + +ynh_restore_file "/etc/php5/fpm/pool.d/$app.conf" +ynh_restore_file "/etc/php5/fpm/conf.d/20-$app.ini" + +#================================================= +# SPECIFIC RESTORATION +#================================================= +# REINSTALL DEPENDENCIES +#================================================= + +# Define and install dependencies +ynh_install_app_dependencies php5-cli + +#================================================= +# GENERIC FINALIZATION +#================================================= +# RELOAD NGINX AND PHP-FPM +#================================================= + +systemctl reload php5-fpm +systemctl reload nginx -# Restore permissions to app files -# you may need to make some file and/or directory writeable by www-data (nginx user) -sudo chown -R www-data:www-data "$src_path" -# Restore NGINX configuration -sudo cp -a ./nginx.conf "/etc/nginx/conf.d/${domain}.d/${app}.conf" -# Restart webserver -sudo service nginx reload diff --git a/scripts/upgrade b/scripts/upgrade index 05a7907..47c7c3b 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,2 +1,127 @@ #!/bin/bash +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# LOAD SETTINGS +#================================================= + +app=$YNH_APP_INSTANCE_NAME + +domain=$(ynh_app_setting_get $app domain) +path_url=$(ynh_app_setting_get $app path) +is_public=$(ynh_app_setting_get $app is_public) +final_path=$(ynh_app_setting_get $app final_path) + +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= + +# Fix is_public as a boolean value +if [ "$is_public" = "Yes" ]; then + ynh_app_setting_set $app is_public 1 + is_public=1 +elif [ "$is_public" = "No" ]; then + ynh_app_setting_set $app is_public 0 + is_public=0 +fi + +# If final_path doesn't exist, create it +if [ -z $final_path ]; then + final_path=/var/www/$app + ynh_app_setting_set $app final_path $final_path +fi + +#================================================= +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +#================================================= + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# CHECK THE PATH +#================================================= + +# Normalize the URL path syntax +path_url=$(ynh_normalize_url_path $path_url) + +#================================================= +# REMOVE APP MAIN DIR +#================================================= + +# Create a temporary directory +tmpdir="$(mktemp -d)" +# Backup the config file in the temp dir +cp -a "$final_path/data" "$tmpdir/" + +# Remove the app directory securely +ynh_secure_remove "$final_path" + +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= + +# Download, check integrity, uncompress and patch the source from app.src +ynh_setup_source "$final_path" +sudo cp -a "$tmpdir/data" "${final_path}/" +sudo rm -Rf "$tmpdir" + +#================================================= +# NGINX CONFIGURATION +#================================================= + +# Create a dedicated nginx config +ynh_add_nginx_config + +#================================================= +# CREATE DEDICATED USER +#================================================= + +# Create a system user +ynh_system_user_create $app + +#================================================= +# PHP-FPM CONFIGURATION +#================================================= + +# Create a dedicated php-fpm config +ynh_add_fpm_config + +# Set right permissions +chown -R $app: $final_path + +#================================================= +# SETUP SSOWAT +#================================================= + +if [ $is_public -eq 0 ] +then # Remove the public access + ynh_app_setting_delete $app skipped_uris +fi +# Make app public if necessary +if [ $is_public -eq 1 ] +then + # unprotected_uris allows SSO credentials to be passed anyway + ynh_app_setting_set $app unprotected_uris "/" +fi + +#================================================= +# RELOAD NGINX +#================================================= + +systemctl reload nginx +