From 33938d9f5f8d49ddc665d9dc7c9b99768ea4f66b Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Mon, 6 Sep 2021 07:42:50 +0200 Subject: [PATCH] Upgrade --- check_process | 5 ----- conf/app.src | 5 +++-- conf/app_addons.src | 4 ++-- conf/nginx.conf | 42 ++++++++++++++++-------------------------- conf/poller-cron | 2 +- manifest.json | 8 ++++---- scripts/install | 38 ++++++++++++++------------------------ scripts/upgrade | 12 +++--------- 8 files changed, 43 insertions(+), 73 deletions(-) diff --git a/check_process b/check_process index 219f897..34d5d00 100644 --- a/check_process +++ b/check_process @@ -1,8 +1,3 @@ -# See here for more information -# https://github.com/YunoHost/package_check#syntax-check_process-file - -# Move this file from check_process.default to check_process when you have filled it. - ;; Test complet ; Manifest domain="domain.tld" diff --git a/conf/app.src b/conf/app.src index 62ad1f9..b9fcb1f 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,6 @@ -SOURCE_URL=https://codeberg.org/zot/zap/archive/7d77d277d90dbb0b99c3680d1dc956323120e0d5.tar.gz -SOURCE_SUM=0e3e932514c877aad5a2bbc31703143c0df22d097a01a952505bbbca3976fd50 +SOURCE_URL=https://codeberg.org/zot/zap/archive/8f08b200fd6c410c88a3f24248da55185721ccf1.tar.gz +SOURCE_SUM=82eab96306b2c4fb1d2dfcded5ccbc9adfc0f3f82695bd2459aff9b35e71ff21 SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR= SOURCE_FILENAME= + diff --git a/conf/app_addons.src b/conf/app_addons.src index 230603b..5c526c5 100644 --- a/conf/app_addons.src +++ b/conf/app_addons.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://codeberg.org/zot/zap-addons/archive/096e7619f091652b3abdabd6f85141fb49c3f268.tar.gz -SOURCE_SUM=1c8c205f2811fed809bce71a97fdd8723096030473be1162766d8772c56f1511 +SOURCE_URL=https://codeberg.org/zot/zap-addons/archive/b2ddcc67735fb413f14efcc9c49780469b8b61cf.tar.gz +SOURCE_SUM=009f5047096fdbe3becaebfb7ac3ee34d7efd3f4f891e3a645484a7e406598a1 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR= diff --git a/conf/nginx.conf b/conf/nginx.conf index 45f487b..a4c8c5f 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,16 +1,14 @@ #sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; location __PATH__/ { - alias __FINALPATH__/; - # Force https - if ($scheme = http) - { + alias __FINALPATH__/; + + # Force https + if ($scheme = http) { rewrite ^ https://$server_name$request_uri? permanent; } - if (!-e $request_filename) - - { + if (!-e $request_filename) { rewrite ^(.*)$ /index.php?req=$1; } @@ -21,24 +19,19 @@ location __PATH__/ { index index.php; charset utf-8; - - # Example PHP configuration - location ~* \.php$ - { - try_files $uri =404; - fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; - fastcgi_index index.php; - include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; + location ~* \.php$ { + try_files $uri =404; + fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; + fastcgi_index index.php; + include fastcgi_params; + fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; } # make sure webfinger and other well known services aren't blocked # by denying dot files and rewrite request to the front controller - location ^~ /.well-known/ - { + location ^~ /.well-known/ { allow all; - if (!-e $request_filename) - { + if (!-e $request_filename) { rewrite ^(.*)$ /index.php?req=$1; } } @@ -53,20 +46,17 @@ location __PATH__/ { # } # block these file types - location ~* \.(tpl|md|tgz|log|out)$ - { + location ~* \.(tpl|md|tgz|log|out)$ { deny all; } # deny access to all dot files - location ~ /\. - { + location ~ /\. { deny all; } #deny access to store - location ~ /store - { + location ~ /store { deny all; } diff --git a/conf/poller-cron b/conf/poller-cron index 31ba32f..f991757 100644 --- a/conf/poller-cron +++ b/conf/poller-cron @@ -1,2 +1,2 @@ # Run poller periodically to update Hubzilla -*/10 * * * * __USER__ cd YNH_WWW_PATH; /usr/bin/php__PHP_VERSION__ Zotlabs/Daemon/Master.php Cron > /dev/null 2>&1 \ No newline at end of file +*/10 * * * * __APP__ cd __FINALPATH__; /usr/bin/php__PHPVERSION__ Zotlabs/Daemon/Master.php Cron > /dev/null 2>&1 \ No newline at end of file diff --git a/manifest.json b/manifest.json index 120fc66..a4e0aac 100644 --- a/manifest.json +++ b/manifest.json @@ -3,21 +3,21 @@ "id": "zap", "packaging_format": 1, "description": { - "en": "A fediverse server." + "en": "A fediverse server" }, - "version": "21.05.21~ynh1", + "version": "21.10.21~ynh1", "url": "https://zotlabs.com/zap/", "license": "MIT", "maintainer": { "name": "" }, "requirements": { - "yunohost": ">= 4.1.0" + "yunohost": ">= 4.2.4" }, "multi_instance": true, "services": [ "nginx", - "php7.0-fpm", + "php7.3-fpm", "mysql", "postgresql" ], diff --git a/scripts/install b/scripts/install index c75e6ad..e3ec52c 100755 --- a/scripts/install +++ b/scripts/install @@ -13,10 +13,6 @@ source /usr/share/yunohost/helpers # MANAGE SCRIPT FAILURE #================================================= -ynh_clean_setup () { - ### Remove this function if there's nothing to clean before calling the remove script. - true -} # Exit if an error occurs during the execution of the script ynh_abort_if_errors @@ -27,7 +23,7 @@ ynh_abort_if_errors domain=$YNH_APP_ARG_DOMAIN path_url="/" admin=$YNH_APP_ARG_ADMIN -email=$(yunohost user info $admin | grep "mail:" | cut -d' ' -f2) +email=$(ynh_user_get_info --username=$admin --key=mail) upload="256M" database="1" random_string="$(ynh_string_random)$(ynh_string_random)$(ynh_string_random)" @@ -70,6 +66,14 @@ if [ $database -eq 2 ]; then ynh_install_app_dependencies $pkg_dependencies fi +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." + +# Create a system user +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -192,14 +196,6 @@ ynh_script_progression --message="Configuring NGINX web server..." # Create a dedicated nginx config ynh_add_nginx_config -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." - -# Create a system user -ynh_system_user_create --username=$app - #================================================= # PHP-FPM CONFIGURATION #================================================= @@ -210,21 +206,15 @@ ynh_add_fpm_config --package="$extra_php_dependencies" # Set right permissions for Zap ynh_script_progression --message="Set right for Zap..." + chown -R $app: $final_path # Set up cron job ynh_script_progression --message="Setting up cron job..." -ynh_replace_string --match_string="YNH_WWW_PATH" --replace_string="$final_path" --target_file="../conf/poller-cron" -ynh_replace_string --match_string="__USER__" --replace_string="$app" --target_file="../conf/poller-cron" -ynh_replace_string --match_string="__PHP_VERSION__" --replace_string="$phpversion" --target_file="../conf/poller-cron" -cp ../conf/poller-cron /etc/cron.d/$app -#================================================= -# STORE THE CONFIG FILE CHECKSUM -#================================================= - -# Calculate and store the config file checksum into the app settings -ynh_store_file_checksum --file="$config" +ynh_add_config --template="../conf/poller-cron" --destination="/etc/cron.d/$app" +chown root: "/etc/cron.d/$app" +chmod 644 "/etc/cron.d/$app" #================================================= # SETUP LOGROTATE @@ -245,10 +235,10 @@ ynh_add_fail2ban_config --logpath="$final_path/php.log" --failregex="^.*auth\.ph # SETUP SSOWAT #================================================= ynh_script_progression --message="Configuring SSOwat..." + ynh_permission_update --permission="main" --add="visitors" # As Zap is social network and have its own permission there is no need to keep Zap behind SSO - #================================================= # RELOAD NGINX #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 8bd4596..2c6a908 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -52,6 +52,7 @@ ynh_abort_if_errors #================================================= # Migrate legacy permissions to new system #================================================= + if ynh_legacy_permissions_exists then ynh_legacy_permissions_delete_all @@ -59,7 +60,6 @@ then ynh_app_setting_delete --app=$app --key=is_public fi - #================================================= # STANDARD UPGRADE STEPS #================================================= @@ -69,8 +69,6 @@ ynh_script_progression --message="Upgrading source files..." # Create a temporary directory - - # Remove the app directory securely # ynh_secure_remove "$final_path" @@ -80,9 +78,6 @@ if [ -z "$final_path" ]; then ynh_app_setting_set --app=$app --key=final_path --value=$final_path fi - - - #================================================= # STANDARD UPGRADE STEPS #================================================= @@ -152,7 +147,6 @@ else chmod -R 777 $final_path/store mkdir $final_path/addon ynh_setup_source --dest_dir="$final_path/addon" --source_id="app_addons" - fi #================================================= @@ -198,7 +192,7 @@ ynh_use_logrotate --non-append # UPGRADE FAIL2BAN #================================================= -ynh_script_progression --message="Re-configure fail2ban..." +ynh_script_progression --message="Re-configure Fail2Ban..." ynh_add_fail2ban_config --logpath="$final_path/php.log" --failregex="^.*auth\.php.*failed login attempt.*from IP .*$" --max_retry="5" @@ -221,7 +215,7 @@ fi #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." +ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload