YunoHost-Apps/spacedeck_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/spacedeck_ynh.git synced 2024-09-03 20:26:14 +02:00
Code Issues Activity Actions

Merge pull request #2 from YunoHost-Apps/example

Browse source 
Example
This commit is contained in:
yalh76 2022-03-03 02:17:40 +01:00 committed by GitHub
commit a48771cd0c
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
18 changed files with 114 additions and 196 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -1,2 +0,0 @@
*~
*.sw[op]

5
README.md
View file

@ -17,7 +17,8 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
A web based, real time, collaborative whiteboard application with rich media support A web based, real time, collaborative whiteboard application with rich media support
**Shipped version:** 2021-08-10~ynh1
**Shipped version:** 2021.08.10~ynh1
@ -31,7 +32,7 @@ A web based, real time, collaborative whiteboard application with rich media sup
* There is no integration with YunoHost SSO * There is no integration with YunoHost SSO
## Documentation and resources ## Documentation and resources
* Official app website: https://spacedeck.com/ * Official app website: https://spacedeck.com
* Upstream app code repository: https://github.com/spacedeck/spacedeck-open * Upstream app code repository: https://github.com/spacedeck/spacedeck-open
* YunoHost documentation for this app: https://yunohost.org/app_spacedeck * YunoHost documentation for this app: https://yunohost.org/app_spacedeck
* Report a bug: https://github.com/YunoHost-Apps/spacedeck_ynh/issues * Report a bug: https://github.com/YunoHost-Apps/spacedeck_ynh/issues

5
README_fr.md
View file

@ -11,9 +11,10 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour
## Vue d'ensemble ## Vue d'ensemble
A web based, real time, collaborative whiteboard application with rich media support
**Version incluse :** 2021-08-10~ynh1 **Version incluse :** 2021.08.10~ynh1
@ -27,7 +28,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour
* There is no integration with YunoHost SSO * There is no integration with YunoHost SSO
## Documentations et ressources ## Documentations et ressources
* Site officiel de l'app : https://spacedeck.com/ * Site officiel de l'app : https://spacedeck.com
* Dépôt de code officiel de l'app : https://github.com/spacedeck/spacedeck-open * Dépôt de code officiel de l'app : https://github.com/spacedeck/spacedeck-open
* Documentation YunoHost pour cette app : https://yunohost.org/app_spacedeck * Documentation YunoHost pour cette app : https://yunohost.org/app_spacedeck
* Signaler un bug : https://github.com/YunoHost-Apps/spacedeck_ynh/issues * Signaler un bug : https://github.com/YunoHost-Apps/spacedeck_ynh/issues

6
check_process
View file

@ -1,12 +1,6 @@
# See here for more information
# https://github.com/YunoHost/package_check#syntax-check_process-file
# Move this file from check_process.default to check_process when you have filled it.
;; Test complet ;; Test complet
; Manifest ; Manifest
domain="domain.tld" domain="domain.tld"
path="/"
is_public=1 is_public=1
; Checks ; Checks
pkg_linter=1 pkg_linter=1

2
conf/default.json
View file

@ -4,7 +4,7 @@
"host": "localhost", "host": "localhost",
"port": __PORT__, "port": __PORT__,
"endpoint": "https://__DOMAIN__/__PATH__", "endpoint": "https://__DOMAIN____PATH__",
"invite_code": "__INVITE_SECRET__", "invite_code": "__INVITE_SECRET__",
"storage_dialect": "sqlite", "storage_dialect": "sqlite",

5
conf/nginx.conf
View file

@ -1,11 +1,6 @@
#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; #sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
location __PATH__/ { location __PATH__/ {
# Force usage of https
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
proxy_pass http://127.0.0.1:__PORT__/; proxy_pass http://127.0.0.1:__PORT__/;
proxy_redirect off; proxy_redirect off;
proxy_set_header Host $host; proxy_set_header Host $host;

44
conf/systemd.service
View file

@ -16,31 +16,31 @@ StandardError=inherit
# Depending on specificities of your service/app, you may need to tweak these # Depending on specificities of your service/app, you may need to tweak these
# .. but this should be a good baseline # .. but this should be a good baseline
# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html # Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
NoNewPrivileges=yes #NoNewPrivileges=yes
PrivateTmp=yes #PrivateTmp=yes
PrivateDevices=yes #PrivateDevices=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 #RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes #RestrictNamespaces=yes
RestrictRealtime=yes #RestrictRealtime=yes
DevicePolicy=closed #DevicePolicy=closed
ProtectSystem=full #ProtectSystem=full
ProtectControlGroups=yes #ProtectControlGroups=yes
ProtectKernelModules=yes #ProtectKernelModules=yes
ProtectKernelTunables=yes #ProtectKernelTunables=yes
LockPersonality=yes #LockPersonality=yes
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap #SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
# Denying access to capabilities that should not be relevant for webapps # Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html # Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD #CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE #CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT #CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK #CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM #CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG #CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE #CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW #CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG #CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

1
doc/DESCRIPTION.md Normal file
View file

@ -0,0 +1 @@
A web based, real time, collaborative whiteboard application with rich media support

18
manifest.json
View file

@ -5,11 +5,11 @@
"description": { "description": {
"en": "A web based, real time, collaborative whiteboard application with rich media support" "en": "A web based, real time, collaborative whiteboard application with rich media support"
}, },
"version": "2021-08-10~ynh1", "version": "2021.08.10~ynh1",
"url": "https://spacedeck.com/", "url": "https://spacedeck.com",
"upstream": { "upstream": {
"license": "AGPL-3.0-only", "license": "AGPL-3.0-only",
"website": "https://spacedeck.com/", "website": "https://spacedeck.com",
"code": "https://github.com/spacedeck/spacedeck-open" "code": "https://github.com/spacedeck/spacedeck-open"
}, },
"license": "AGPL-3.0-only", "license": "AGPL-3.0-only",
@ -18,26 +18,22 @@
"email": "tituspijean@outlook.com" "email": "tituspijean@outlook.com"
}, },
"requirements": { "requirements": {
"yunohost": ">= 4.1.7" "yunohost": ">= 4.3.0"
}, },
"multi_instance": true, "multi_instance": true,
"services": [ "services": [
"nginx" "nginx"
], ],
"arguments": { "arguments": {
"install" : [ "install": [
{ {
"name": "domain", "name": "domain",
"type": "domain", "type": "domain"
"example": "example.com"
}, },
{ {
"name": "is_public", "name": "is_public",
"type": "boolean", "type": "boolean",
"default": true, "default": true
"help": {
"en": "Should any visitor be allowed to access Spacedeck without being a YunoHost user?"
}
} }
] ]
} }

2
scripts/_common.sh
View file

@ -4,6 +4,8 @@
# COMMON VARIABLES # COMMON VARIABLES
#================================================= #=================================================
NODEJS_VERSION=10
# dependencies used by the app # dependencies used by the app
pkg_dependencies="graphicsmagick ffmpeg ghostscript" pkg_dependencies="graphicsmagick ffmpeg ghostscript"

6
scripts/backup
View file

@ -15,7 +15,6 @@ source /usr/share/yunohost/helpers
#================================================= #=================================================
ynh_clean_setup () { ynh_clean_setup () {
### Remove this function if there's nothing to clean before calling the remove script.
true true
} }
# Exit if an error occurs during the execution of the script # Exit if an error occurs during the execution of the script
@ -37,11 +36,6 @@ datadir=$(ynh_app_setting_get --app=$app --key=datadir)
#================================================= #=================================================
ynh_print_info --message="Declaring files to be backed up..." ynh_print_info --message="Declaring files to be backed up..."
### N.B. : the following 'ynh_backup' calls are only a *declaration* of what needs
### to be backuped and not an actual copy of any file. The actual backup that
### creates and fill the archive with the files happens in the core after this
### script is called. Hence ynh_backups calls takes basically 0 seconds to run.
#================================================= #=================================================
# BACKUP THE APP MAIN DIR # BACKUP THE APP MAIN DIR
#================================================= #=================================================

14
scripts/change_url
View file

@ -28,6 +28,11 @@ ynh_script_progression --message="Loading installation settings..." --time --wei
# Needed for helper "ynh_add_nginx_config" # Needed for helper "ynh_add_nginx_config"
final_path=$(ynh_app_setting_get --app=$app --key=final_path) final_path=$(ynh_app_setting_get --app=$app --key=final_path)
domain=$(ynh_app_setting_get --app=$app --key=domain)
port=$(ynh_app_setting_get --app=$app --key=port)
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
api_secret=$(ynh_app_setting_get --app=$app --key=api_secret)
invite_secret=$(ynh_app_setting_get --app=$app --key=invite_secret)
# Add settings here as needed by your application # Add settings here as needed by your application
#db_name=$(ynh_app_setting_get --app=$app --key=db_name) #db_name=$(ynh_app_setting_get --app=$app --key=db_name)
@ -108,10 +113,14 @@ fi
#================================================= #=================================================
# SPECIFIC MODIFICATIONS # SPECIFIC MODIFICATIONS
#================================================= #=================================================
# ADD A CONFIGURATION # UPDATE A CONFIG FILE
#================================================= #=================================================
ynh_script_progression --message="Updating a config file..."
ynh_add_config --template="default.json" --destination="$final_path/config/default.json" domain=$new_domain
path_url=$new_path
ynh_add_config --template="../conf/default.json" --destination="$final_path/config/default.json"
chmod 400 "$final_path/config/default.json" chmod 400 "$final_path/config/default.json"
chown $app:$app "$final_path/config/default.json" chown $app:$app "$final_path/config/default.json"
@ -123,6 +132,7 @@ chown $app:$app "$final_path/config/default.json"
#================================================= #=================================================
ynh_script_progression --message="Starting a systemd service..." --time --weight=1 ynh_script_progression --message="Starting a systemd service..." --time --weight=1
# Start a systemd service
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
#================================================= #=================================================

33
scripts/install
View file

@ -14,7 +14,7 @@ source /usr/share/yunohost/helpers
#================================================= #=================================================
ynh_clean_setup () { ynh_clean_setup () {
read -p "debug me" ynh_clean_check_starting
} }
# Exit if an error occurs during the execution of the script # Exit if an error occurs during the execution of the script
ynh_abort_if_errors ynh_abort_if_errors
@ -24,7 +24,7 @@ ynh_abort_if_errors
#================================================= #=================================================
domain=$YNH_APP_ARG_DOMAIN domain=$YNH_APP_ARG_DOMAIN
path_url="/" #$YNH_APP_ARG_PATH path_url="/"
is_public=$YNH_APP_ARG_IS_PUBLIC is_public=$YNH_APP_ARG_IS_PUBLIC
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
@ -66,7 +66,7 @@ ynh_script_progression --message="Installing dependencies..." --time --weight=1
ynh_install_app_dependencies $pkg_dependencies ynh_install_app_dependencies $pkg_dependencies
ynh_install_nodejs --nodejs_version=10 ynh_install_nodejs --nodejs_version=$NODEJS_VERSION
#================================================= #=================================================
# CREATE DEDICATED USER # CREATE DEDICATED USER
@ -104,12 +104,6 @@ ynh_add_nginx_config
#================================================= #=================================================
ynh_script_progression --message="Installing NodeJS dependencies..." --time --weight=1 ynh_script_progression --message="Installing NodeJS dependencies..." --time --weight=1
invite_secret=$(ynh_string_random --length=32)
api_secret=$(ynh_string_random --length=32)
ynh_app_setting_set --app=$app --key=invite_secret --value=$invite_secret
ynh_app_setting_set --app=$app --key=api_secret --value=$api_secret
pushd $final_path pushd $final_path
ynh_exec_as $app $ynh_node_load_PATH $ynh_npm --loglevel=error install ynh_exec_as $app $ynh_node_load_PATH $ynh_npm --loglevel=error install
ynh_exec_as $app $ynh_node_load_PATH $ynh_npm --loglevel=error audit fix ynh_exec_as $app $ynh_node_load_PATH $ynh_npm --loglevel=error audit fix
@ -120,24 +114,11 @@ popd
#================================================= #=================================================
ynh_script_progression --message="Creating a data directory..." --time --weight=1 ynh_script_progression --message="Creating a data directory..." --time --weight=1
### Use these lines if you need to create a directory to store "persistent files" for the application.
### Usually this directory is used to store uploaded files or any file that won't be updated during
### an upgrade and that won't be deleted during app removal
### If you're not using these lines:
### - Remove the section "BACKUP THE DATA DIR" in the backup script
### - As well as the section "RESTORE THE DATA DIRECTORY" in the restore script
datadir=/home/yunohost.app/$app datadir=/home/yunohost.app/$app
ynh_app_setting_set --app=$app --key=datadir --value=$datadir ynh_app_setting_set --app=$app --key=datadir --value=$datadir
mkdir -p $datadir/storage mkdir -p $datadir/storage
# FIXME: this should be managed by the core in the future
# Here, as a packager, you may have to tweak the ownerhsip/permissions
# such that the appropriate users (e.g. maybe www-data) can access
# files in some cases.
# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder -
# this will be treated as a security issue.
chmod 750 "$datadir" chmod 750 "$datadir"
chmod -R o-rwx "$datadir" chmod -R o-rwx "$datadir"
chown -R $app:www-data "$datadir" chown -R $app:www-data "$datadir"
@ -147,7 +128,13 @@ chown -R $app:www-data "$datadir"
#================================================= #=================================================
ynh_script_progression --message="Adding a configuration file..." --time --weight=1 ynh_script_progression --message="Adding a configuration file..." --time --weight=1
ynh_add_config --template="default.json" --destination="$final_path/config/default.json" invite_secret=$(ynh_string_random --length=32)
api_secret=$(ynh_string_random --length=32)
ynh_app_setting_set --app=$app --key=invite_secret --value=$invite_secret
ynh_app_setting_set --app=$app --key=api_secret --value=$api_secret
ynh_add_config --template="../conf/default.json" --destination="$final_path/config/default.json"
chmod 400 "$final_path/config/default.json" chmod 400 "$final_path/config/default.json"
chown $app:$app "$final_path/config/default.json" chown $app:$app "$final_path/config/default.json"

32
scripts/remove
View file

@ -18,6 +18,7 @@ app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain) domain=$(ynh_app_setting_get --app=$app --key=domain)
final_path=$(ynh_app_setting_get --app=$app --key=final_path) final_path=$(ynh_app_setting_get --app=$app --key=final_path)
datadir=$(ynh_app_setting_get --app=$app --key=datadir)
#================================================= #=================================================
# STANDARD REMOVE # STANDARD REMOVE
@ -41,12 +42,12 @@ ynh_script_progression --message="Stopping and removing the systemd service..."
ynh_remove_systemd_config ynh_remove_systemd_config
#================================================= #=================================================
# REMOVE DEPENDENCIES # REMOVE LOGROTATE CONFIGURATION
#================================================= #=================================================
ynh_script_progression --message="Removing dependencies..." --time --weight=1 ynh_script_progression --message="Removing logrotate configuration..." --time --weight=1
# Remove metapackage and its dependencies # Remove the app-specific logrotate config
ynh_remove_app_dependencies ynh_remove_logrotate
#================================================= #=================================================
# REMOVE APP MAIN DIR # REMOVE APP MAIN DIR
@ -56,6 +57,17 @@ ynh_script_progression --message="Removing app main directory..." --time --weigh
# Remove the app directory securely # Remove the app directory securely
ynh_secure_remove --file="$final_path" ynh_secure_remove --file="$final_path"
#=================================================
# REMOVE DATA DIR
#=================================================
# Remove the data directory if --purge option is used
if [ "${YNH_APP_PURGE:-0}" -eq 1 ]
then
ynh_script_progression --message="Removing app data directory..."
ynh_secure_remove --file="$datadir"
fi
#================================================= #=================================================
# REMOVE NGINX CONFIGURATION # REMOVE NGINX CONFIGURATION
#================================================= #=================================================
@ -65,12 +77,13 @@ ynh_script_progression --message="Removing NGINX web server configuration..." --
ynh_remove_nginx_config ynh_remove_nginx_config
#================================================= #=================================================
# REMOVE LOGROTATE CONFIGURATION # REMOVE DEPENDENCIES
#================================================= #=================================================
ynh_script_progression --message="Removing logrotate configuration..." --time --weight=1 ynh_script_progression --message="Removing dependencies..." --time --weight=1
# Remove the app-specific logrotate config # Remove metapackage and its dependencies
ynh_remove_logrotate ynh_remove_nodejs
ynh_remove_app_dependencies
#================================================= #=================================================
# SPECIFIC REMOVE # SPECIFIC REMOVE
@ -79,9 +92,6 @@ ynh_remove_logrotate
#================================================= #=================================================
ynh_script_progression --message="Removing various files..." --time --weight=1 ynh_script_progression --message="Removing various files..." --time --weight=1
# Remove a cron file
ynh_secure_remove --file="/home/yunohost.app/$app"
# Remove the log files # Remove the log files
ynh_secure_remove --file="/var/log/$app" ynh_secure_remove --file="/var/log/$app"

34
scripts/restore
View file

@ -15,8 +15,7 @@ source /usr/share/yunohost/helpers
#================================================= #=================================================
ynh_clean_setup () { ynh_clean_setup () {
#### Remove this function if there's nothing to clean before calling the remove script. ynh_clean_check_starting
true
} }
# Exit if an error occurs during the execution of the script # Exit if an error occurs during the execution of the script
ynh_abort_if_errors ynh_abort_if_errors
@ -38,8 +37,6 @@ datadir=$(ynh_app_setting_get --app=$app --key=datadir)
#================================================= #=================================================
ynh_script_progression --message="Validating restoration parameters..." --time --weight=1 ynh_script_progression --message="Validating restoration parameters..." --time --weight=1
ynh_webpath_available --domain=$domain --path_url=$path_url \
|| ynh_die --message="Path not available: ${domain}${path_url}"
test ! -d $final_path \ test ! -d $final_path \
|| ynh_die --message="There is already a directory: $final_path " || ynh_die --message="There is already a directory: $final_path "
@ -67,12 +64,6 @@ ynh_script_progression --message="Restoring the app main directory..." --time --
ynh_restore_file --origin_path="$final_path" ynh_restore_file --origin_path="$final_path"
# FIXME: this should be managed by the core in the future
# Here, as a packager, you may have to tweak the ownerhsip/permissions
# such that the appropriate users (e.g. maybe www-data) can access
# files in some cases.
# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder -
# this will be treated as a security issue.
chmod 750 "$final_path" chmod 750 "$final_path"
chmod -R o-rwx "$final_path" chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path" chown -R $app:www-data "$final_path"
@ -82,7 +73,7 @@ chown -R $app:www-data "$final_path"
#================================================= #=================================================
ynh_script_progression --message="Restoring the data directory..." --time --weight=1 ynh_script_progression --message="Restoring the data directory..." --time --weight=1
ynh_restore_file --origin_path="$datadir" ynh_restore_file --origin_path="$datadir" --not_mandatory
mkdir -p $datadir mkdir -p $datadir
@ -100,6 +91,8 @@ ynh_script_progression --message="Reinstalling dependencies..." --time --weight=
# Define and install dependencies # Define and install dependencies
ynh_install_app_dependencies $pkg_dependencies ynh_install_app_dependencies $pkg_dependencies
ynh_install_nodejs --nodejs_version=$NODEJS_VERSION
#================================================= #=================================================
# RESTORE SYSTEMD # RESTORE SYSTEMD
#================================================= #=================================================
@ -108,6 +101,16 @@ ynh_script_progression --message="Restoring the systemd configuration..." --time
ynh_restore_file --origin_path="/etc/systemd/system/$app.service" ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
systemctl enable $app.service --quiet systemctl enable $app.service --quiet
#=================================================
# RESTORE THE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the logrotate configuration..." --time --weight=1
# Use logrotate to manage application logfile(s)
ynh_use_logrotate
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
#================================================= #=================================================
# INTEGRATE SERVICE IN YUNOHOST # INTEGRATE SERVICE IN YUNOHOST
#================================================= #=================================================
@ -122,17 +125,10 @@ ynh_script_progression --message="Starting a systemd service..." --time --weight
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
#=================================================
# RESTORE THE LOGROTATE CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the logrotate configuration..." --time --weight=1
ynh_restore_file --origin_path="/etc/logrotate.d/$app"
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
#================================================= #=================================================
# RELOAD NGINX AND PHP-FPM # RELOAD NGINX
#================================================= #=================================================
ynh_script_progression --message="Reloading NGINX web server..." --time --weight=1 ynh_script_progression --message="Reloading NGINX web server..." --time --weight=1

97
scripts/upgrade
View file

@ -18,21 +18,17 @@ app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain) domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path) path_url=$(ynh_app_setting_get --app=$app --key=path)
admin=$(ynh_app_setting_get --app=$app --key=admin)
final_path=$(ynh_app_setting_get --app=$app --key=final_path) final_path=$(ynh_app_setting_get --app=$app --key=final_path)
language=$(ynh_app_setting_get --app=$app --key=language) port=$(ynh_app_setting_get --app=$app --key=port)
db_name=$(ynh_app_setting_get --app=$app --key=db_name) datadir=$(ynh_app_setting_get --app=$app --key=datadir)
api_secret=$(ynh_app_setting_get --app=$app --key=api_secret)
invite_secret=$(ynh_app_setting_get --app=$app --key=invite_secret)
#================================================= #=================================================
# CHECK VERSION # CHECK VERSION
#================================================= #=================================================
ynh_script_progression --message="Checking version..."
### This helper will compare the version of the currently installed app and the version of the upstream package.
### $upgrade_type can have 2 different values
### - UPGRADE_APP if the upstream app version has changed
### - UPGRADE_PACKAGE if only the YunoHost package has changed
### ynh_check_app_version_changed will stop the upgrade if the app is up to date.
### UPGRADE_APP should be used to upgrade the core app only if there's an upgrade to do.
upgrade_type=$(ynh_check_app_version_changed) upgrade_type=$(ynh_check_app_version_changed)
#================================================= #=================================================
@ -43,6 +39,7 @@ ynh_script_progression --message="Backing up the app before upgrading (may take
# Backup the current version of the app # Backup the current version of the app
ynh_backup_before_upgrade ynh_backup_before_upgrade
ynh_clean_setup () { ynh_clean_setup () {
ynh_clean_check_starting
# Restore it if the upgrade fails # Restore it if the upgrade fails
ynh_restore_upgradebackup ynh_restore_upgradebackup
} }
@ -63,27 +60,6 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app
#================================================= #=================================================
ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1 ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1
#
# N.B. : the followings setting migrations snippets are provided as *EXAMPLES*
# of what you may want to do in some cases (e.g. a setting was not defined on
# some legacy installs and you therefore want to initiaze stuff during upgrade)
#
# If db_name doesn't exist, create it
#if [ -z "$db_name" ]; then
# db_name=$(ynh_sanitize_dbid --db_name=$app)
# ynh_app_setting_set --app=$app --key=db_name --value=$db_name
#fi
# If final_path doesn't exist, create it
#if [ -z "$final_path" ]; then
# final_path=/var/www/$app
# ynh_app_setting_set --app=$app --key=final_path --value=$final_path
#fi
### If nobody installed your app before 4.1,
### then you may safely remove these lines
# Cleaning legacy permissions # Cleaning legacy permissions
if ynh_legacy_permissions_exists; then if ynh_legacy_permissions_exists; then
ynh_legacy_permissions_delete_all ynh_legacy_permissions_delete_all
@ -91,16 +67,6 @@ if ynh_legacy_permissions_exists; then
ynh_app_setting_delete --app=$app --key=is_public ynh_app_setting_delete --app=$app --key=is_public
fi fi
if ! ynh_permission_exists --permission="admin"; then
# Create the required permissions
ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin
fi
# Create a permission if needed
if ! ynh_permission_exists --permission="api"; then
ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true"
fi
#================================================= #=================================================
# CREATE DEDICATED USER # CREATE DEDICATED USER
#================================================= #=================================================
@ -121,12 +87,6 @@ then
ynh_setup_source --dest_dir="$final_path" ynh_setup_source --dest_dir="$final_path"
fi fi
# FIXME: this should be managed by the core in the future
# Here, as a packager, you may have to tweak the ownerhsip/permissions
# such that the appropriate users (e.g. maybe www-data) can access
# files in some cases.
# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder -
# this will be treated as a security issue.
chmod 750 "$final_path" chmod 750 "$final_path"
chmod -R o-rwx "$final_path" chmod -R o-rwx "$final_path"
chown -R $app:www-data "$final_path" chown -R $app:www-data "$final_path"
@ -146,44 +106,29 @@ ynh_script_progression --message="Upgrading dependencies..." --time --weight=1
ynh_install_app_dependencies $pkg_dependencies ynh_install_app_dependencies $pkg_dependencies
#================================================= ynh_install_nodejs --nodejs_version=$NODEJS_VERSION
# PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading PHP-FPM configuration..." --time --weight=1
# Create a dedicated PHP-FPM config
ynh_add_fpm_config
#================================================= #=================================================
# SPECIFIC UPGRADE # SPECIFIC UPGRADE
#================================================= #=================================================
# ... # NODEJS INSTALL
#================================================= #=================================================
ynh_script_progression --message="Installing NodeJS dependencies..." --time --weight=1
pushd $final_path
ynh_exec_as $app $ynh_node_load_PATH $ynh_npm --loglevel=error install
ynh_exec_as $app $ynh_node_load_PATH $ynh_npm --loglevel=error audit fix
popd
#================================================= #=================================================
# UPDATE A CONFIG FILE # UPDATE A CONFIG FILE
#================================================= #=================================================
ynh_script_progression --message="Updating a configuration file..." --time --weight=1 ynh_script_progression --message="Updating a configuration file..." --time --weight=1
### Same as during install ynh_add_config --template="../conf/default.json" --destination="$final_path/config/default.json"
###
### The file will automatically be backed-up if it's found to be manually modified (because
### ynh_add_config keeps track of the file's checksum)
ynh_add_config --template="some_config_file" --destination="$final_path/some_config_file" chmod 400 "$final_path/config/default.json"
chown $app:$app "$final_path/config/default.json"
# FIXME: this should be handled by the core in the future
# You may need to use chmod 600 instead of 400,
# for example if the app is expected to be able to modify its own config
chmod 400 "$final_path/some_config_file"
chown $app:$app "$final_path/some_config_file"
### For more complex cases where you want to replace stuff using regexes,
### you shoud rely on ynh_replace_string (which is basically a wrapper for sed)
### When doing so, you also need to manually call ynh_store_file_checksum
###
### ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/some_config_file"
### ynh_store_file_checksum --file="$final_path/some_config_file"
#================================================= #=================================================
# SETUP SYSTEMD # SETUP SYSTEMD
@ -217,14 +162,6 @@ ynh_script_progression --message="Starting a systemd service..." --time --weight
ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
#=================================================
# UPGRADE FAIL2BAN
#=================================================
ynh_script_progression --message="Reconfiguring Fail2Ban..." --time --weight=1
# Create a dedicated Fail2Ban config
ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login"
#================================================= #=================================================
# RELOAD NGINX # RELOAD NGINX
#================================================= #=================================================

2
sources/extra_files/app/.gitignore vendored
View file

@ -1,2 +0,0 @@
*~
*.sw[op]

2
sources/patches/.gitignore vendored
View file

@ -1,2 +0,0 @@
*~
*.sw[op]