Apply example_ynh

check_process

@@ -49,6 +49,8 @@
 		#upgrade=1	from_commit=3e69fac2078f96ba5a4cb73966345f44a95147bf
 		# 1.18.2~ynh1
 		upgrade=1	from_commit=f0cfbbfd9acf04d7df4d2b7c6c6f80da4db04f24
+		# 1.18.6~ynh1
+		upgrade=1	from_commit=75e55a85c81efbd26a2b2120916becb6940367ba
 		backup_restore=1
 		multi_instance=1
 		port_already_use=0
@@ -95,3 +97,5 @@ Notification=all
 		name=1.18.1~ynh1
 	; commit=f0cfbbfd9acf04d7df4d2b7c6c6f80da4db04f24
 		name=1.18.2~ynh1
+	; commit=75e55a85c81efbd26a2b2120916becb6940367ba
+		name=1.18.6~ynh1

conf/systemd.service

@@ -10,12 +10,15 @@ Restart=on-failure
 SuccessExitStatus=3 4
 RestartForceExitStatus=3 4
 
-# Hardening
+# Sandboxing options to harden security
+# Depending on specificities of your service/app, you may need to tweak these 
+# .. but this should be a good baseline
+# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+NoNewPrivileges=true
+PrivateTmp=yes
 ProtectSystem=full
-PrivateTmp=true
 SystemCallArchitectures=native
 MemoryDenyWriteExecute=true
-NoNewPrivileges=true
 
 [Install]
 WantedBy=multi-user.target

manifest.json

@@ -6,7 +6,7 @@
         "en": "Continuous file synchronization program",
         "fr": "Programme de synchronisation de fichiers en continu"
     },
-    "version": "1.18.6~ynh1",
+    "version": "1.18.6~ynh2",
     "url": "https://syncthing.net/",
     "upstream": {
         "license": "MPL-2.0",

scripts/backup

@@ -29,7 +29,7 @@ app=$YNH_APP_INSTANCE_NAME
 
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 domain=$(ynh_app_setting_get --app=$app --key=domain)
-sync_home=$(ynh_app_setting_get --app=$app --key=sync_home)
+datadir=$(ynh_app_setting_get --app=$app --key=datadir)
 
 #=================================================
 # DECLARE DATA AND CONF FILES TO BACKUP
@@ -43,10 +43,10 @@ ynh_print_info --message="Declaring files to be backed up..."
 ynh_backup --src_path="$final_path"
 
 #=================================================
-# BACKUP THE DATA DIRECTORY
+# BACKUP THE DATA DIR
 #=================================================
 
-ynh_backup --src_path="$sync_home" --is_big
+ynh_backup --src_path="$datadir" --is_big
 
 #=================================================
 # BACKUP THE NGINX CONFIGURATION

scripts/install

@@ -58,15 +58,15 @@ ynh_app_setting_set --app=$app --key=admin --value=$admin
 ynh_script_progression --message="Finding an available port..."
 
 # Find an available port
+port=$(ynh_find_port --port=22000)
+ynh_app_setting_set --app=$app --key=port --value=$port
+
 gui_port=$(ynh_find_port --port=8384)
 ynh_app_setting_set --app=$app --key=gui_port --value=$gui_port
 
-sync_port=$(ynh_find_port --port=22000)
-ynh_app_setting_set --app=$app --key=sync_port --value=$sync_port
-
 # Open the port
 ynh_script_progression --message="Configuring firewall..."
-ynh_exec_warn_less yunohost firewall allow TCP $sync_port
+ynh_exec_warn_less yunohost firewall allow TCP $port
 
 #=================================================
 # CREATE DEDICATED USER
@@ -100,23 +100,23 @@ ynh_add_nginx_config
 #=================================================
 # SPECIFIC SETUP
 #=================================================
-# CREATE SYNC DIRECTORY
+# CREATE DATA DIRECTORY
 #=================================================
-ynh_script_progression --message="Creating sync directory..."
+ynh_script_progression --message="Creating a data directory..."
 
-sync_home=/home/yunohost.app/$app
-ynh_app_setting_set --app=$app --key=sync_home --value=$sync_home
+datadir=/home/yunohost.app/$app
+ynh_app_setting_set --app=$app --key=datadir --value=$datadir
 
-mkdir -p $sync_home
+mkdir -p $datadir
 
-chmod 750 "$sync_home"
-chmod -R o-rwx "$sync_home"
-chown -R $app:$app "$sync_home"
+chmod 750 "$datadir"
+chmod -R o-rwx "$datadir"
+chown -R $app:$app "$datadir"
 
 #=================================================
 # ADD A CONFIGURATION
 #=================================================
-ynh_script_progression --message="Adding a config file..."
+ynh_script_progression --message="Adding a configuration file..."
 
 mkdir -p "$final_path/.config/syncthing"
 config_file="$final_path/.config/syncthing/config.xml"
@@ -142,7 +142,7 @@ chown -R $app: $final_path
 
 ynh_systemd_action --service_name=$app --action="start" --log_path=systemd --line_match="Access the GUI via the following URL"
 
-ynh_replace_string --match_string="<listenAddress>tcp://quic:%2F%2F0.0.0.0:$sync_port</listenAddress>" --replace_string="<listenAddress>quic//0.0.0.0:$sync_port</listenAddress>" --target_file="$config_file"
+ynh_replace_string --match_string="<listenAddress>tcp://quic:%2F%2F0.0.0.0:$port</listenAddress>" --replace_string="<listenAddress>quic//0.0.0.0:$port</listenAddress>" --target_file="$config_file"
 
 ynh_systemd_action --service_name=$app --action="stop" --log_path=systemd
 
@@ -155,7 +155,7 @@ ynh_store_file_checksum --file="$config_file"
 #=================================================
 ynh_script_progression --message="Integrating service in YunoHost..."
 
-yunohost service add $app --description="$app daemon for Syncthing" --needs_exposed_ports=$sync_port
+yunohost service add $app --description="$app daemon for Syncthing" --needs_exposed_ports=$port
 
 #=================================================
 # START SYSTEMD SERVICE

scripts/remove

@@ -17,10 +17,9 @@ ynh_script_progression --message="Loading installation settings..."
 app=$YNH_APP_INSTANCE_NAME
 
 domain=$(ynh_app_setting_get --app=$app --key=domain)
+port=$(ynh_app_setting_get --app=$app --key=port)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
-sync_home=$(ynh_app_setting_get --app=$app --key=sync_home)
-
-sync_port=$(ynh_app_setting_get --app=$app --key=sync_port)
+datadir=$(ynh_app_setting_get --app=$app --key=datadir)
 
 #=================================================
 # STANDARD REMOVE
@@ -55,11 +54,11 @@ ynh_secure_remove --file="$final_path"
 # REMOVE DATA DIR
 #=================================================
 
-# Remove the app data directory with the command `yunohost app remove syncthing --purge`
+# Remove the data directory if --purge option is used
 if [ "${YNH_APP_PURGE:-0}" -eq 1 ]
 then
-  ynh_script_progression --message="Removing $app data directory..." --weight=2
-  ynh_secure_remove --file="$sync_home"
+	ynh_script_progression --message="Removing app data directory..."
+	ynh_secure_remove --file="$datadir"
 fi
 
 #=================================================
@@ -74,10 +73,10 @@ ynh_remove_nginx_config
 # CLOSE A PORT
 #=================================================
 
-if yunohost firewall list | grep -q "\- $sync_port$"
+if yunohost firewall list | grep -q "\- $port$"
 then
-	ynh_script_progression --message="Closing port $sync_port..."
-	ynh_exec_warn_less yunohost firewall disallow TCP $sync_port
+	ynh_script_progression --message="Closing port $port..."
+	ynh_exec_warn_less yunohost firewall disallow TCP $port
 fi
 
 #=================================================

scripts/restore

@@ -30,15 +30,16 @@ app=$YNH_APP_INSTANCE_NAME
 domain=$(ynh_app_setting_get --app=$app --key=domain)
 path_url=$(ynh_app_setting_get --app=$app --key=path)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
-sync_home=$(ynh_app_setting_get --app=$app --key=sync_home)
-sync_port=$(ynh_app_setting_get --app=$app --key=sync_port)
+port=$(ynh_app_setting_get --app=$app --key=port)
+datadir=$(ynh_app_setting_get --app=$app --key=datadir)
 
 #=================================================
 # CHECK IF THE APP CAN BE RESTORED
 #=================================================
 ynh_script_progression --message="Validating restoration parameters..."
 
-test ! -d $final_path || ynh_die --message="There is already a directory: $final_path "
+test ! -d $final_path \
+	|| ynh_die --message="There is already a directory: $final_path "
 
 #=================================================
 # STANDARD RESTORATION STEPS
@@ -48,7 +49,7 @@ test ! -d $final_path || ynh_die --message="There is already a directory: $final
 ynh_script_progression --message="Configuring firewall..."
 
 # Open the port
-ynh_exec_warn_less yunohost firewall allow TCP $sync_port
+ynh_exec_warn_less yunohost firewall allow TCP $port
 
 #=================================================
 # RESTORE THE NGINX CONFIGURATION
@@ -63,7 +64,7 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
 ynh_script_progression --message="Recreating the dedicated system user..."
 
 # Create the dedicated user (if not existing)
-ynh_system_user_create --username=$app --home_dir="$final_path"
+ynh_system_user_create --username=$app --home_dir=$final_path
 
 #=================================================
 # RESTORE THE APP MAIN DIR
@@ -77,17 +78,17 @@ chmod -R o-rwx "$final_path"
 chown -R $app:$app "$final_path"
 
 #=================================================
-# RECREATE SYNC DIRECTORY
+# RESTORE THE DATA DIRECTORY
 #=================================================
-ynh_script_progression --message="Recreating sync directory..."
+ynh_script_progression --message="Restoring the data directory..."
 
-ynh_restore_file --origin_path="$sync_home" --not_mandatory
+ynh_restore_file --origin_path="$datadir" --not_mandatory
 
-mkdir -p $sync_home
+mkdir -p $datadir
 
-chmod 750 "$sync_home"
-chmod -R o-rwx "$sync_home"
-chown -R $app:$app "$sync_home"
+chmod 750 "$datadir"
+chmod -R o-rwx "$datadir"
+chown -R $app:$app "$datadir"
 
 #=================================================
 # SPECIFIC RESTORATION
@@ -104,7 +105,7 @@ systemctl enable $app.service --quiet
 #=================================================
 ynh_script_progression --message="Integrating service in YunoHost..."
 
-yunohost service add $app --description="$app daemon for Syncthing" --needs_exposed_ports=$sync_port
+yunohost service add $app --description="$app daemon for Syncthing" --needs_exposed_ports=$port
 
 #=================================================
 # START SYSTEMD SERVICE

scripts/upgrade

@@ -21,8 +21,8 @@ path_url=$(ynh_app_setting_get --app=$app --key=path)
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 architecture=$YNH_ARCH
 
-sync_home=$(ynh_app_setting_get --app=$app --key=sync_home)
-sync_port=$(ynh_app_setting_get --app=$app --key=sync_port)
+datadir=$(ynh_app_setting_get --app=$app --key=datadir)
+port=$(ynh_app_setting_get --app=$app --key=port)
 gui_port=$(ynh_app_setting_get --app=$app --key=gui_port)
 
 #=================================================
@@ -78,16 +78,16 @@ if [ -z $gui_port ]; then
 	gui_port=$OLD_GUIPORT
 	ynh_app_setting_set --app=$app --key=gui_port --value=$gui_port
 
-	sync_home="/home/yunohost.app/$app"
-	ynh_app_setting_set --app=$app --key=sync_home --value=$sync_home
+	datadir="/home/yunohost.app/$app"
+	ynh_app_setting_set --app=$app --key=datadir --value=$datadir
 
-	sync_port=$OLD_SYNCPORT
-	ynh_app_setting_set --app=$app --key=sync_port --value=$sync_port
+	port=$OLD_SYNCPORT
+	ynh_app_setting_set --app=$app --key=port --value=$port
 
 	mkdir -p $final_path
 	cp -R $OLD_SYNCHOME/.config $final_path/.config
 
-	ynh_replace_string --match_string="~" --replace_string="$sync_home" --target_file="$final_path/.config/syncthing/config.xml"
+	ynh_replace_string --match_string="~" --replace_string="$datadir" --target_file="$final_path/.config/syncthing/config.xml"
 
 	systemctl stop syncthing@$OLD_SYNCUSER.service
 	yunohost service remove syncthing@$OLD_SYNCUSER.service
@@ -102,6 +102,13 @@ if [ -z $gui_port ]; then
 	ynh_remove_app_dependencies
 fi
 
+# If gui_port doesn't exist, create it
+if [ -z $datadir ]; then
+	datadir=$(ynh_app_setting_get --app=$app --key=sync_home)
+	ynh_app_setting_set --app=$app --key=datadir --value=$datadir
+	ynh_app_setting_delete --app="$app" --key="sync_home"
+fi
+
 # Cleaning legacy permissions
 if ynh_legacy_permissions_exists; then
 	ynh_legacy_permissions_delete_all
@@ -144,20 +151,20 @@ ynh_add_nginx_config
 #=================================================
 # SPECIFIC UPGRADE
 #=================================================
-# CREATE SYNC DIRECTORY
+# CREATE DATA DIRECTORY
 #=================================================
-ynh_script_progression --message="Creating sync directory..."
+ynh_script_progression --message="Creating a data directory..."
 
 # Make directories and set rights
-mkdir -p "$sync_home"
-chmod 750 "$sync_home"
-chmod -R o-rwx "$sync_home"
-chown -R $app:$app "$sync_home"
+mkdir -p "$datadir"
+chmod 750 "$datadir"
+chmod -R o-rwx "$datadir"
+chown -R $app:$app "$datadir"
 
 #=================================================
 # UPDATE A CONFIG FILE
 #=================================================
-ynh_script_progression --message="Updating a config file..."
+ynh_script_progression --message="Updating a configuration file..."
 
 config_file="$final_path/.config/syncthing/config.xml"
 
@@ -185,7 +192,7 @@ ynh_add_systemd_config
 #=================================================
 ynh_script_progression --message="Integrating service in YunoHost..."
 
-yunohost service add $app --description="$app daemon for Syncthing" --needs_exposed_ports=$sync_port
+yunohost service add $app --description="$app daemon for Syncthing" --needs_exposed_ports=$port
 
 #=================================================
 # START SYSTEMD SERVICE