Fix backup, restore, upgrade and change_url (#6)

* Fix backup and restore. * Don't 302 to docs on / * Update nginx.conf * Fix linter * Fix more scripts. * Anoter fix * Increase verbosity. * Update scripts. * Use dedicated domain. * Fixup restore. * Only create dir if it does not exist. * Update manifest.toml * Update install --------- Co-authored-by: Éric Gaspar <46165813+ericgaspar@users.noreply.github.com>
2024-09-03 20:26:32 +02:00 · 2023-10-24 01:11:29 +02:00 · 2023-10-24 01:11:29 +02:00 · c9c83e3f93
commit c9c83e3f93
parent 25258e1d77
8 changed files with 101 additions and 130 deletions
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@ -1,9 +1,11 @@
-rewrite ^__PATH__$ __PATH__/ permanent;
+#rewrite ^__PATH__$ __PATH__/ permanent;
+
+location = __PATH__/ {
+    more_set_headers "Content-Type: text/plain";
+    return 200 'Syncstorage is running';
+}
+
 location __PATH__/ {
-
-    # Path to source
-    alias __INSTALL_DIR__/ ;
-
    include uwsgi_params;
    # Needed for long running operations in admin interface
    proxy_pass                 http://127.0.0.1:__PORT__/;
--- a/conf/systemd.service
+++ b/conf/systemd.service
@ -13,7 +13,7 @@ StandardOutput=append:/var/log/__APP__/__APP__.log
 StandardError=inherit
 Environment=PATH="__INSTALL_DIR__/venv/bin:$(PATH)"
 Environment=PYTHONPATH=$(PYTHON_SITE_PACKGES)
-Environment=RUST_LOG=error
+Environment=RUST_LOG=info
 Environment=RUST_BACKTRACE=full

 # Sandboxing options to harden security
--- a/manifest.toml
+++ b/manifest.toml
@ -35,17 +35,6 @@ ram.runtime = "50M"
    # this is a generic question - ask strings are automatically handled by YunoHost's core
    type = "domain" 

-    [install.path]
-    # this is a generic question - ask strings are automatically handled by YunoHost's core
-    type = "path"
-    default = "/syncserver"
-
-    [install.init_main_permission]
-    # this is a generic question - ask strings are automatically handled by YunoHost's core
-    # This won't be saved as setting and will instead be used to initialize the SSOwat permission
-    type = "group"
-    default = "visitors"
-
 [resources]
    # See the packaging documentation for the full set
    # of explanation regarding the behavior and properties for each of those
@ -72,6 +61,8 @@ ram.runtime = "50M"
    [resources.permissions]
        main.url = "/"
        main.show_tile = false
+        main.allowed = "visitors"
+        main.protected = true

    # This will pick a random port for reverse-proxying and store it as the $port setting
    [resources.ports]
--- a/scripts/backup
+++ b/scripts/backup
@ -1,8 +1,5 @@
 #!/bin/bash
-#### App file generated with YoloGen, the Yunohost app generator, version 0.6.5.
-# This is the tutorial version of the app.
-# It contains extra commands to explain what should be done in case you want to adjust some part of the script.
-# Once you are done, you may remove them.
+
 #=================================================
 # GENERIC START
 #=================================================
@ -18,10 +15,6 @@ source /usr/share/yunohost/helpers
 #=================================================
 ynh_print_info --message="Declaring files to be backed up..."

-### N.B. : the following 'ynh_backup' calls are only a *declaration* of what needs
-### to be backuped and not an actual copy of any file. The actual backup that
-### creates and fill the archive with the files happens in the core after this
-### script is called. Hence ynh_backups calls takes basically 0 seconds to run.
 #=================================================
 # BACKUP THE APP MAIN DIR
 #=================================================
@ -34,12 +27,6 @@ ynh_backup --src_path="$install_dir"

 ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"

-#=================================================
-# BACKUP FAIL2BAN CONFIGURATION
-#=================================================
-
-ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
-ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
 #=================================================
 # SPECIFIC BACKUP
 #=================================================
@ -47,19 +34,12 @@ ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
 #=================================================

 ynh_backup --src_path="/etc/logrotate.d/$app"
+
 #=================================================
 # BACKUP SYSTEMD
 #=================================================

 ynh_backup --src_path="/etc/systemd/system/$app.service"
-#=================================================
-# BACKUP VARIOUS FILES
-#=================================================
-
-ynh_backup --src_path="/etc/cron.d/$app"
-
-ynh_backup --src_path="/etc/$app/"
-

 #=================================================
 # BACKUP THE DATABASE
@ -70,6 +50,8 @@ ynh_print_info --message="Backing up the mysql database..."
 ### copy of the generated dump to the archive still happens later)

 ynh_mysql_dump_db --database="$db_name" > db.sql
+ynh_mysql_dump_db --database="$db_name_tokenserver" > db_tokenserver.sql
+
 #=================================================
 # END OF SCRIPT
 #=================================================
--- a/scripts/change_url
+++ b/scripts/change_url
@ -16,7 +16,7 @@ source /usr/share/yunohost/helpers
 #=================================================
 ynh_script_progression --message="Stopping a systemd service..." --weight=1

-ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" --line_match="Server closing"

 #=================================================
 # MODIFY URL IN NGINX CONF
@ -28,9 +28,11 @@ ynh_change_url_nginx_config
 #=================================================
 # SPECIFIC MODIFICATIONS
 #=================================================
-# ...
+# Retarget worker nodes
 #=================================================

+ynh_mysql_execute_as_root --sql="UPDATE nodes set node='https://$new_domain' WHERE node='https://$old_domain'" --database="$db_name_tokenserver";
+
 #=================================================
 # GENERIC FINALISATION
 #=================================================
@ -38,7 +40,7 @@ ynh_change_url_nginx_config
 #=================================================
 ynh_script_progression --message="Starting a systemd service..." --weight=1

-ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="Server running on http://127.0.0.1"

 #=================================================
 # END OF SCRIPT
--- a/scripts/install
+++ b/scripts/install
@ -14,12 +14,15 @@ source /usr/share/yunohost/helpers
 secret=$(ynh_string_random --length=40)
 master_secret=$(ynh_string_random --length=40)
 db_name_tokenserver="${db_name}_tokenserver"
+
 ynh_app_setting_set --app=$app --key=db_name_tokenserver --value=$db_name_tokenserver
+ynh_app_setting_set --app=$app --key=secret --value=$secret
+ynh_app_setting_set --app=$app --key=master_secret --value=$master_secret

 #=================================================
 # INSTALL DEPENDENCIES
 #=================================================
-ynh_script_progression --message="Installing dependencies..." --weight=10
+ynh_script_progression --message="Installing dependencies..." --weight=5

 ynh_exec_warn_less ynh_exec_as $app RUSTUP_HOME="$install_dir"/.rustup CARGO_HOME="$install_dir"/.cargo bash -c 'curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -q -y'
 export PATH="$install_dir/.cargo/bin:$PATH"
@ -98,7 +101,7 @@ ynh_add_nginx_config
 # Create a dedicated systemd config
 ynh_add_systemd_config

-mkdir /var/log/$app
+mkdir -p /var/log/$app
 touch /var/log/$app/$app.log
 chown -R $app: /var/log/$app

@ -107,8 +110,6 @@ yunohost service add $app --description="Firefox Sync Server (Rust)" --log="/var
 # Use logrotate to manage application logfile(s)
 ynh_use_logrotate

-# Create a dedicated Fail2Ban config
-#ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex=""
 #=================================================
 # APP INITIAL CONFIGURATION
 #=================================================
@ -132,7 +133,8 @@ chown $app:$app "$install_dir/config.toml"
 ynh_script_progression --message="Starting a systemd service..." --weight=1

 # Start a systemd service
-ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="Server running on http://127.0.0.1"
+
 #=================================================
 # END OF SCRIPT
 #=================================================
--- a/scripts/restore
+++ b/scripts/restore
@ -1,8 +1,5 @@
 #!/bin/bash
-#### App file generated with YoloGen, the Yunohost app generator, version 0.6.5.
-# This is the tutorial version of the app.
-# It contains extra commands to explain what should be done in case you want to adjust some part of the script.
-# Once you are done, you may remove them.
+
 #=================================================
 # GENERIC START
 #=================================================
@ -20,9 +17,6 @@ ynh_script_progression --message="Restoring the app main directory..." --weight=

 ynh_restore_file --origin_path="$install_dir"

-# $install_dir will automatically be initialized with some decent
-# permission by default ... however, you may need to recursively reapply
-# ownership to all files such as after the ynh_setup_source step
 chown -R $app:www-data "$install_dir"

 #=================================================
@ -31,6 +25,11 @@ chown -R $app:www-data "$install_dir"
 ynh_script_progression --message="Restoring the MySQL database..." --weight=1

 ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql
+
+ynh_script_progression --message="Restoring tokenserver database..." --weight=1
+ynh_mysql_create_db "$db_name_tokenserver" "$db_user" "$db_pwd"
+ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name_tokenserver < ./db_tokenserver.sql
+
 #=================================================
 # RESTORE SYSTEM CONFIGURATIONS
 #=================================================
@ -45,15 +44,12 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
 ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
 systemctl enable $app.service --quiet

+mkdir -p /var/log/$app
+touch /var/log/$app/$app.log
+chown -R $app: /var/log/$app
+
 yunohost service add $app --description="Firefox Sync Server (Rust)" --log="/var/log/$app/$app.log"
 ynh_restore_file --origin_path="/etc/logrotate.d/$app"
-ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf"
-ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf"
-ynh_systemd_action --action=restart --service_name=fail2ban
-# Other various files...
-
-ynh_restore_file --origin_path="/etc/cron.d/$app"
-ynh_restore_file --origin_path="/etc/$app/"

 #=================================================
 # GENERIC FINALIZATION
@ -62,10 +58,11 @@ ynh_restore_file --origin_path="/etc/$app/"
 #=================================================
 ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1

-# Typically you only have either $app or php-fpm but not both at the same time...
-ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
 ynh_systemd_action --service_name=nginx --action=reload

+# Typically you only have either $app or php-fpm but not both at the same time...
+ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="Server running on http://127.0.0.1"
+
 #=================================================
 # END OF SCRIPT
 #=================================================
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -1,8 +1,5 @@
 #!/bin/bash
-#### App file generated with YoloGen, the Yunohost app generator, version 0.6.5.
-# This is the tutorial version of the app.
-# It contains extra commands to explain what should be done in case you want to adjust some part of the script.
-# Once you are done, you may remove them.
+
 #=================================================
 # GENERIC START
 #=================================================
@ -12,57 +9,26 @@
 source _common.sh
 source /usr/share/yunohost/helpers

-# Settings are automatically loaded as bash variables
-# in every app script context, therefore typically these will exist:
-# - $domain
-# - $path
-# - $language
-# - $install_dir
-# - $port
-# ...
-
-# In the context of upgrade,
-# - resources are automatically provisioned / updated / deleted (depending on existing resources)
-# - a safety backup is automatically created by the core and will be restored if the upgrade fails
-
-### This helper will compare the version of the currently installed app and the version of the upstream package.
-### $upgrade_type can have 2 different values
-### - UPGRADE_APP if the upstream app version has changed
-### - UPGRADE_PACKAGE if only the YunoHost package has changed
-### ynh_check_app_version_changed will stop the upgrade if the app is up to date.
-### UPGRADE_APP should be used to upgrade the core app only if there's an upgrade to do.
 upgrade_type=$(ynh_check_app_version_changed)

 #=================================================
 # STANDARD UPGRADE STEPS
 #=================================================
-# ENSURE DOWNWARD COMPATIBILITY
-#=================================================
-#ynh_script_progression --message="Ensuring downward compatibility..." --weight=1
-
-#
-# N.B. : the followings setting migrations snippets are provided as *EXAMPLES*
-# of what you may want to do in some cases (e.g. a setting was not defined on
-# some legacy installs and you therefore want to initiaze stuff during upgrade)
-#
-
-# If db_name doesn't exist, create it
-#if [ -z "$db_name" ]; then
-#	db_name=$(ynh_sanitize_dbid --db_name=$app)
-#	ynh_app_setting_set --app=$app --key=db_name --value=$db_name
-#fi
-
-# If install_dir doesn't exist, create it
-#if [ -z "$install_dir" ]; then
-#	install_dir=/var/www/$app
-#	ynh_app_setting_set --app=$app --key=install_dir --value=$install_dir
-#fi
-#=================================================
 # STOP SYSTEMD SERVICE
 #=================================================
 ynh_script_progression --message="Stopping a systemd service..." --weight=1

-ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" --line_match="Server closing"
+
+#=================================================
+# INSTALL DEPENDENCIES
+#=================================================
+ynh_script_progression --message="Installing dependencies..." --weight=5
+
+ynh_exec_warn_less ynh_exec_as $app RUSTUP_HOME="$install_dir"/.rustup CARGO_HOME="$install_dir"/.cargo bash -c 'curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -q -y'
+export PATH="$install_dir/.cargo/bin:$PATH"
+ynh_exec_warn_less ynh_exec_as $app env PATH=$PATH cargo install diesel_cli --no-default-features --features 'mysql'
+
 #=================================================
 # "REBUILD" THE APP (DEPLOY NEW SOURCES, RERUN NPM BUILD...)
 #=================================================
@ -74,7 +40,7 @@ then
 	ynh_script_progression --message="Upgrading source files..." --weight=1

 	# Download, check integrity, uncompress and patch the source from app.src
-	ynh_setup_source --dest_dir="$install_dir"
+	ynh_setup_source --dest_dir="$install_dir/build"
 fi

 # $install_dir will automatically be initialized with some decent
@ -82,6 +48,39 @@ fi
 # ownership to all files such as after the ynh_setup_source step
 chown -R $app:www-data "$install_dir"

+#=================================================
+# BUILD
+#=================================================
+
+ynh_script_progression --message="Building the sources (it will take some time)..." --weight=10
+
+ynh_exec_as $app python -m venv "${install_dir}/venv"
+(
+	set +o nounset
+	source "${install_dir}/venv/bin/activate"
+	set -o nounset
+
+	ynh_exec_warn_less ynh_exec_as $app env PATH=$PATH $install_dir/venv/bin/pip install --upgrade pip
+	ynh_exec_warn_less ynh_exec_as $app env PATH=$PATH $install_dir/venv/bin/pip install --upgrade setuptools
+    pushd $install_dir/build
+        ynh_exec_warn_less ynh_exec_as $app env PATH=$PATH $install_dir/venv/bin/pip install -r requirements.txt
+		ynh_exec_warn_less ynh_exec_as $app env PATH=$PATH $install_dir/venv/bin/pip install -r tools/tokenserver/requirements.txt
+        ynh_exec_warn_less ynh_exec_as $app env PATH=$PATH cargo install --path ./syncserver --locked --root $install_dir  --no-default-features --features=syncstorage-db/mysql
+
+		ynh_script_progression --message="Seeding the databases..."
+		# syncstorage db
+		diesel --database-url "mysql://$db_user:${db_pwd}@localhost/$db_name" migration --migration-dir syncstorage-mysql/migrations run
+
+		# tokenserver db
+		diesel --database-url "mysql://$db_user:${db_pwd}@localhost/$db_name_tokenserver" migration --migration-dir tokenserver-db/migrations run
+    popd
+)
+
+ynh_secure_remove --file="$install_dir/.cargo"
+ynh_secure_remove --file="$install_dir/.rustup"
+ynh_secure_remove --file="$install_dir/.cache"
+ynh_secure_remove --file="$install_dir/build"
+
 #=================================================
 # REAPPLY SYSTEM CONFIGURATIONS
 #=================================================
@ -92,10 +91,15 @@ ynh_add_nginx_config

 ynh_add_systemd_config

+mkdir -p /var/log/$app
+touch /var/log/$app/$app.log
+chown -R $app: /var/log/$app
+
 yunohost service add $app --description="Firefox Sync Server (Rust)" --log="/var/log/$app/$app.log"
-ynh_use_logrotate --non-append
-# Create a dedicated Fail2Ban config
-ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex=""
+
+# Use logrotate to manage application logfile(s)
+ynh_use_logrotate
+
 #=================================================
 # RECONFIGURE THE APP (UPDATE CONF, APPLY MIGRATIONS...)
 #=================================================
@ -103,30 +107,21 @@ ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failreg
 #=================================================
 ynh_script_progression --message="Updating a configuration file..." --weight=1

-### Same as during install
-###
-### The file will automatically be backed-up if it's found to be manually modified (because
-### ynh_add_config keeps track of the file's checksum)
-ynh_add_config --template="sync.ini" --destination="$install_dir/sync.ini"
+ynh_add_config --template="config.toml" --destination="$install_dir/config.toml"

 # FIXME: this should be handled by the core in the future
 # You may need to use chmod 600 instead of 400,
 # for example if the app is expected to be able to modify its own config
-chmod 400 "$install_dir/some_config_file"
-chown $app:$app "$install_dir/some_config_file"
+chmod 400 "$install_dir/config.toml"
+chown $app:$app "$install_dir/config.toml"

-### For more complex cases where you want to replace stuff using regexes,
-### you shoud rely on ynh_replace_string (which is basically a wrapper for sed)
-### When doing so, you also need to manually call ynh_store_file_checksum
-###
-### ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$install_dir/some_config_file"
-### ynh_store_file_checksum --file="$install_dir/some_config_file"
 #=================================================
 # START SYSTEMD SERVICE
 #=================================================
 ynh_script_progression --message="Starting a systemd service..." --weight=1

-ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="Server running on http://127.0.0.1"
+
 #=================================================
 # END OF SCRIPT
 #=================================================