From f4805d6996af14fb4715a240ce6f53c8f32be5be Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= <josue@tille.ch>
Date: Sat, 18 Feb 2017 11:41:31 +0100
Subject: [PATCH 1/4] Add check_process

---
 check_process   | 62 ++++++++++++++++++++++++++++---------------------
 scripts/upgrade |  2 --
 2 files changed, 35 insertions(+), 29 deletions(-)

diff --git a/check_process b/check_process
index c774682..53881e3 100644
--- a/check_process
+++ b/check_process
@@ -1,27 +1,35 @@
-;; Test complet
-	auto_remove=1
-	; Manifest
-		domain="domain.tld"	(DOMAIN)
-		path="/path"	(PATH)
-		admin="john"	(USER)
-		language="fr"
-		is_public="Yes"	(PUBLIC|public=Yes|private=No)
-		password="pass"	(PASSWORD)
-		port="666"	(PORT)
-	; Checks
-		pkg_linter=1
-		setup_sub_dir=1
-		setup_root=1
-		setup_nourl=0
-		setup_private=1
-		setup_public=1
-		upgrade=1
-		backup_restore=1
-		multi_instance=1
-		wrong_user=1
-		wrong_path=1
-		incorrect_path=1
-		corrupt_source=0
-		fail_download_source=0
-		port_already_use=1
-		final_path_already_use=0
+;; General
+    auto_remove=1
+# Commentaire ignoré
+    ; Manifest
+        domain="$DOMAIN"    (DOMAIN)
+        path="$PATH"    (PATH)
+        is_public=1 (PUBLIC|public=1|private=0)
+    ; Checks
+        pkg_linter=1
+        setup_sub_dir=1
+        setup_root=1
+        setup_nourl=0
+        setup_private=1
+        setup_public=1
+        upgrade=1
+        backup_restore=1
+        multi_instance=0
+        wrong_user=1
+        wrong_path=1
+        incorrect_path=1
+        corrupt_source=1
+        fail_download_source=1
+        port_already_use=1 (8008)
+        final_path_already_use=1
+;;; Levels
+    Level 1=auto
+    Level 2=auto
+    Level 3=auto
+    Level 4=1
+    Level 5=auto
+    Level 6=auto
+    Level 7=auto
+    Level 8=0
+    Level 9=0
+    Level 10=0
\ No newline at end of file
diff --git a/scripts/upgrade b/scripts/upgrade
index 495952f..f8b8dec 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -12,10 +12,8 @@ path=$(ynh_app_setting_get $app path)
 is_public=$(ynh_app_setting_get $app is_public)
 synapse_port=$(ynh_app_setting_get $app synapse_port)
 synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port)
-turnserver_dbpass=$(ynh_app_setting_get "$app" turnserver_mysqlpwd)
 turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
 turnserver_pwd=$(ynh_app_setting_get $app turnserver_pwd)
-turnserver_dbuser="turnserver"
 
 CHECK_PATH	# Vérifie et corrige la syntaxe du path.
 

From 0dcd75eeebb50c8815c64d6df9e773fde457fc50 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= <josue@tille.ch>
Date: Sat, 18 Feb 2017 22:40:22 +0100
Subject: [PATCH 2/4] Solve error with custom certificat

---
 check_process      | 11 +++++-----
 scripts/_common.sh | 42 +++++++++++++++++++++++++++++++++++++-
 scripts/install    | 12 +++++------
 scripts/restore    | 51 ++++++++++++++++++++++++++++++++++++++++------
 scripts/upgrade    |  9 ++++++++
 5 files changed, 106 insertions(+), 19 deletions(-)

diff --git a/check_process b/check_process
index 53881e3..2145e14 100644
--- a/check_process
+++ b/check_process
@@ -3,21 +3,20 @@
 # Commentaire ignoré
     ; Manifest
         domain="$DOMAIN"    (DOMAIN)
-        path="$PATH"    (PATH)
         is_public=1 (PUBLIC|public=1|private=0)
     ; Checks
         pkg_linter=1
         setup_sub_dir=1
-        setup_root=1
-        setup_nourl=0
+        setup_root=0
+        setup_nourl=1
         setup_private=1
         setup_public=1
         upgrade=1
         backup_restore=1
         multi_instance=0
-        wrong_user=1
-        wrong_path=1
-        incorrect_path=1
+        wrong_user=0
+        wrong_path=2
+        incorrect_path=0
         corrupt_source=1
         fail_download_source=1
         port_already_use=1 (8008)
diff --git a/scripts/_common.sh b/scripts/_common.sh
index 46f7cda..8c45ee6 100755
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -50,13 +50,53 @@ GET_DEBIAN_VERSION() {
 }
 
 enable_backport_repos() {
-    if [[ -z "$(grep -e "^deb .*/.* $debian_version-backports main" /etc/apt/sources.list ; grep -e "^deb .*/.* $debian_version-backports main" /etc/apt/sources.list.d/*)" ]]
+    if [[ -z "$(grep -e "^deb .*/.* $debian_version-backports main" /etc/apt/sources.list ; grep -e "^deb .*/.* $debian_version-backports main" /etc/apt/sources.list.d/*.list)" ]]
     then
         echo "deb $(grep -m 1 "^deb .* $debian_version .*main" /etc/apt/sources.list | cut -d ' ' -f2) $debian_version-backports main contrib non-free" | sudo tee -a "/etc/apt/sources.list"
     fi
     ynh_package_update
 }
 
+set_access() { # example : set_access USER FILE
+user="$1"
+file_to_set="$2"
+while [[ 0 ]]
+do    
+    path_to_set=""
+    oldIFS="$IFS"
+    IFS="/"
+    for dirname in $file_to_set
+    do
+        if [[ -n "$dirname" ]]
+        then
+            sudo test -f "$path_to_set"/"$dirname" && sudo setfacl -m d:u:$user:r "$path_to_set"
+            
+            path_to_set="$path_to_set/$dirname"
+            
+            if $(sudo sudo -u $user test ! -r "$path_to_set")
+            then
+                sudo test -d "$path_to_set" && sudo setfacl -m user:$user:rx  "$path_to_set"
+                sudo test -f "$path_to_set" && sudo setfacl -m user:$user:r  "$path_to_set"
+                sudo test -L "$path_to_set" && sudo setfacl -m user:$user:r  "$path_to_set"
+            fi
+        fi
+    done
+    IFS="$oldIFS"
+    
+    if $(sudo test -L "$file_to_set")
+    then
+        if [[ -n "$(sudo readlink "$file_to_set" | grep -e "^/")" ]]
+        then
+            file_to_set=$(sudo readlink "$file_to_set") # If it is an absolute path
+        else
+            file_to_set=$(sudo realpath -s -m "$(echo "$file_to_set" | cut -d'/' -f-$(echo "$file_to_set" | grep -o '/' | wc -l))/$(sudo readlink "$file_to_set")") # If it is an relative path (we get with realpath the absolute path)
+        fi
+    else
+        break
+    fi
+done
+}
+
 CHECK_VAR () {	# Vérifie que la variable n'est pas vide.
 # $1 = Variable à vérifier
 # $2 = Texte à afficher en cas d'erreur
diff --git a/scripts/install b/scripts/install
index 89c401d..7f674cd 100644
--- a/scripts/install
+++ b/scripts/install
@@ -99,13 +99,13 @@ sudo sed -i "s@__DOMAIN__@$domain@g" /etc/turnserver.conf
 sudo sed -i "s@__TLS_PORT__@$turnserver_tls_port@g" /etc/turnserver.conf
 
 # Configure access for certificates
-sudo setfacl -m user:matrix-synapse:r /etc/yunohost/certs/$domain/crt.pem
-sudo setfacl -m user:matrix-synapse:r /etc/yunohost/certs/$domain/key.pem
-sudo setfacl -m user:matrix-synapse:r /etc/yunohost/certs/$domain/dh.pem
+set_access matrix-synapse /etc/yunohost/certs/$domain/crt.pem
+set_access matrix-synapse /etc/yunohost/certs/$domain/key.pem
+set_access matrix-synapse /etc/yunohost/certs/$domain/dh.pem
 
-sudo setfacl -m user:turnserver:r /etc/yunohost/certs/$domain/crt.pem
-sudo setfacl -m user:turnserver:r /etc/yunohost/certs/$domain/key.pem
-sudo setfacl -m user:turnserver:r /etc/yunohost/certs/$domain/dh.pem
+set_access turnserver /etc/yunohost/certs/$domain/crt.pem
+set_access turnserver /etc/yunohost/certs/$domain/key.pem
+set_access turnserver /etc/yunohost/certs/$domain/dh.pem
 
 # Configuration de logrotate
 sed -i "s@__APP__@$app@g" ../conf/logrotate
diff --git a/scripts/restore b/scripts/restore
index 21cf499..128f7ab 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -66,6 +66,45 @@ enable_backport_repos() {
     ynh_package_update
 }
 
+set_access() { # example : set_access USER FILE
+user="$1"
+file_to_set="$2"
+while [[ 0 ]]
+do    
+    path_to_set=""
+    oldIFS="$IFS"
+    IFS="/"
+    for dirname in $file_to_set
+    do
+        if [[ -n "$dirname" ]]
+        then
+            sudo test -f "$path_to_set"/"$dirname" && sudo setfacl -m d:u:$user:r "$path_to_set"
+            
+            path_to_set="$path_to_set/$dirname"
+            
+            if $(sudo sudo -u $user test ! -r "$path_to_set")
+            then
+                sudo test -d "$path_to_set" && sudo setfacl -m user:$user:rx  "$path_to_set"
+                sudo test -f "$path_to_set" && sudo setfacl -m user:$user:r  "$path_to_set"
+            fi
+        fi
+    done
+    IFS="$oldIFS"
+    
+    if $(sudo test -L "$file_to_set")
+    then
+        if [[ -n "$(sudo readlink "$file_to_set" | grep -e "^/")" ]]
+        then
+            file_to_set=$(sudo readlink "$file_to_set") # If it is an absolute path
+        else
+            file_to_set=$(sudo realpath -s -m "$(echo "$file_to_set" | cut -d'/' -f-$(echo "$file_to_set" | grep -o '/' | wc -l))/$(sudo readlink "$file_to_set")") # If it is an relative path (we get with realpath the absolute path)
+        fi
+    else
+        break
+    fi
+done
+}
+
 CHECK_VAR () {	# Vérifie que la variable n'est pas vide.
 # $1 = Variable à vérifier
 # $2 = Texte à afficher en cas d'erreur
@@ -201,13 +240,13 @@ sudo cp -a ./coturn_config_default "/etc/default/coturn"
 sudo cp -a ./data/. "/var/lib/matrix-synapse/."
 
 # Configure access for certificates
-sudo setfacl -m user:matrix-synapse:r /etc/yunohost/certs/$domain/crt.pem
-sudo setfacl -m user:matrix-synapse:r /etc/yunohost/certs/$domain/key.pem
-sudo setfacl -m user:matrix-synapse:r /etc/yunohost/certs/$domain/dh.pem
+set_access matrix-synapse /etc/yunohost/certs/$domain/crt.pem
+set_access matrix-synapse /etc/yunohost/certs/$domain/key.pem
+set_access matrix-synapse /etc/yunohost/certs/$domain/dh.pem
 
-sudo setfacl -m user:turnserver:r /etc/yunohost/certs/$domain/crt.pem
-sudo setfacl -m user:turnserver:r /etc/yunohost/certs/$domain/key.pem
-sudo setfacl -m user:turnserver:r /etc/yunohost/certs/$domain/dh.pem
+set_access turnserver /etc/yunohost/certs/$domain/crt.pem
+set_access turnserver /etc/yunohost/certs/$domain/key.pem
+set_access turnserver /etc/yunohost/certs/$domain/dh.pem
 
 # Ouvre le port dans le firewall
 sudo yunohost firewall allow --no-upnp TCP $synapse_tls_port > /dev/null 2>&1
diff --git a/scripts/upgrade b/scripts/upgrade
index f8b8dec..27e402c 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -37,6 +37,15 @@ sudo sed -i "s@__TLS_PORT__@$synapse_tls_port@g" /etc/matrix-synapse/homeserver.
 sudo sed -i "s@__TURNSERVER_TLS_PORT__@$turnserver_tls_port@g" /etc/matrix-synapse/homeserver.yaml
 sudo sed -i "s@__TURNPWD__@$turnserver_pwd@g" /etc/matrix-synapse/homeserver.yaml
 
+# Configure access for certificates
+set_access matrix-synapse /etc/yunohost/certs/$domain/crt.pem
+set_access matrix-synapse /etc/yunohost/certs/$domain/key.pem
+set_access matrix-synapse /etc/yunohost/certs/$domain/dh.pem
+
+set_access turnserver /etc/yunohost/certs/$domain/crt.pem
+set_access turnserver /etc/yunohost/certs/$domain/key.pem
+set_access turnserver /etc/yunohost/certs/$domain/dh.pem
+
 if [ "$is_public" = "0" ]
 then
     sudo sed -i "s@__ALLOWED_ACCESS__@False@g" /etc/matrix-synapse/homeserver.yaml

From b699cab1e056499d2421d67ad1dcab4c8d707836 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= <josue@tille.ch>
Date: Mon, 27 Feb 2017 08:11:50 +0100
Subject: [PATCH 3/4] Add link to chattroom

---
 README.md          | 3 +++
 check_process      | 2 +-
 scripts/_common.sh | 1 -
 3 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 6c90a02..7f3a2de 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,9 @@
 Synapse for YunoHost
 ==================
 
+Yunohost chattroom with matrix : [https://riot.im/app/#/room/#yunohost:matrix.org](https://riot.im/app/#/room/#yunohost:matrix.org)
+
+[Yunohost project](https://yunohost.org/#/)
 
 ## For ARM arch (or slow arch)
 
diff --git a/check_process b/check_process
index 2145e14..7c8ac68 100644
--- a/check_process
+++ b/check_process
@@ -15,7 +15,7 @@
         backup_restore=1
         multi_instance=0
         wrong_user=0
-        wrong_path=2
+        wrong_path=1
         incorrect_path=0
         corrupt_source=1
         fail_download_source=1
diff --git a/scripts/_common.sh b/scripts/_common.sh
index 8c45ee6..cb93e0e 100755
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -77,7 +77,6 @@ do
             then
                 sudo test -d "$path_to_set" && sudo setfacl -m user:$user:rx  "$path_to_set"
                 sudo test -f "$path_to_set" && sudo setfacl -m user:$user:r  "$path_to_set"
-                sudo test -L "$path_to_set" && sudo setfacl -m user:$user:r  "$path_to_set"
             fi
         fi
     done

From f10c9c9270e0d700e61d901e122a5f64db8fd9ab Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Josu=C3=A9=20Tille?= <josue@tille.ch>
Date: Sat, 4 Mar 2017 21:17:00 +0100
Subject: [PATCH 4/4] Fix issue :
 https://github.com/YunoHost-Apps/synapse_ynh/issues/4

---
 scripts/remove  | 3 ---
 scripts/restore | 1 -
 2 files changed, 4 deletions(-)

diff --git a/scripts/remove b/scripts/remove
index bba644f..2e5aac3 100755
--- a/scripts/remove
+++ b/scripts/remove
@@ -8,7 +8,6 @@ init_script
 
 domain=$(ynh_app_setting_get $app domain)
 synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port)
-turnserver_port=$(ynh_app_setting_get $app turnserver_port)
 turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
 
 sudo service matrix-synapse stop || true
@@ -29,8 +28,6 @@ closeport() {
 
 port=$synapse_tls_port
 closeport
-port=$turnserver_port
-closeport
 port=$turnserver_tls_port
 closeport
 
diff --git a/scripts/restore b/scripts/restore
index 128f7ab..a979e43 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -183,7 +183,6 @@ init_script
 domain=$(ynh_app_setting_get $app domain)
 synapse_port=$(ynh_app_setting_get $app synapse_port)
 synapse_tls_port=$(ynh_app_setting_get $app synapse_tls_port)
-turnserver_port=$(ynh_app_setting_get $app turnserver_port)
 turnserver_tls_port=$(ynh_app_setting_get $app turnserver_tls_port)
 
 # Restore Nginx