From bc1f0276530ed9c2fca1cba6fd941de45087a785 Mon Sep 17 00:00:00 2001 From: navanchauhan Date: Sun, 7 Aug 2022 14:44:30 -0400 Subject: [PATCH 01/17] update disclaimer --- doc/DISCLAIMER.md | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md index baa5263..421957b 100644 --- a/doc/DISCLAIMER.md +++ b/doc/DISCLAIMER.md @@ -1,16 +1,3 @@ -* Any known limitations, constrains or stuff not working, such as (but not limited to): - * requiring a full dedicated domain ? - * architectures not supported ? - * not-working single-sign on or LDAP integration ? - * the app requires an important amount of RAM / disk / .. to install or to work properly - * etc... - -* Other infos that people should be aware of, such as: - * any specific step to perform after installing (such as manually finishing the install, specific admin credentials, ...) - * how to configure / administrate the application if it ain't obvious - * upgrade process / specificities / things to be aware of ? - * security considerations ? - * Known limitations: * Requires a full dedicated domain for now From 7167b1558f928a48760404589fb43874a3ce264e Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Sun, 7 Aug 2022 18:44:54 +0000 Subject: [PATCH 02/17] Auto-update README --- README.md | 13 ------------- README_fr.md | 13 ------------- 2 files changed, 26 deletions(-) diff --git a/README.md b/README.md index 06579aa..50f7615 100644 --- a/README.md +++ b/README.md @@ -54,19 +54,6 @@ a public page. ## Disclaimers / important information -* Any known limitations, constrains or stuff not working, such as (but not limited to): - * requiring a full dedicated domain ? - * architectures not supported ? - * not-working single-sign on or LDAP integration ? - * the app requires an important amount of RAM / disk / .. to install or to work properly - * etc... - -* Other infos that people should be aware of, such as: - * any specific step to perform after installing (such as manually finishing the install, specific admin credentials, ...) - * how to configure / administrate the application if it ain't obvious - * upgrade process / specificities / things to be aware of ? - * security considerations ? - * Known limitations: * Requires a full dedicated domain for now diff --git a/README_fr.md b/README_fr.md index 69bf7a0..fe2c4c8 100644 --- a/README_fr.md +++ b/README_fr.md @@ -54,19 +54,6 @@ a public page. ## Avertissements / informations importantes -* Any known limitations, constrains or stuff not working, such as (but not limited to): - * requiring a full dedicated domain ? - * architectures not supported ? - * not-working single-sign on or LDAP integration ? - * the app requires an important amount of RAM / disk / .. to install or to work properly - * etc... - -* Other infos that people should be aware of, such as: - * any specific step to perform after installing (such as manually finishing the install, specific admin credentials, ...) - * how to configure / administrate the application if it ain't obvious - * upgrade process / specificities / things to be aware of ? - * security considerations ? - * Known limitations: * Requires a full dedicated domain for now From dfa2d9d5d0bbba180ecb60292518870f204b1cc7 Mon Sep 17 00:00:00 2001 From: navanchauhan Date: Sun, 7 Aug 2022 16:05:28 -0400 Subject: [PATCH 03/17] specify license --- manifest.json | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/manifest.json b/manifest.json index d84967b..9fc40c4 100644 --- a/manifest.json +++ b/manifest.json @@ -16,7 +16,7 @@ "userdoc": "https://docs.tandoor.dev", "code": "https://github.com/TandoorRecipes/recipes" }, - "license": "free", + "license": "MIT", "maintainer": { "name": "Navan Chauhan", "email": "tandoor@navan.email" @@ -37,7 +37,10 @@ { "name": "is_public", "type": "boolean", - "default": true + "default": false, + "help": { + "en": "Should the login be exposed to public?" + } } ] } From c60b5ffbce86b64ca91ae396556ac66eaba6cd76 Mon Sep 17 00:00:00 2001 From: navanchauhan Date: Sun, 7 Aug 2022 16:05:39 -0400 Subject: [PATCH 04/17] fix description --- scripts/install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install b/scripts/install index b167f73..dff51a3 100755 --- a/scripts/install +++ b/scripts/install @@ -182,7 +182,7 @@ ynh_use_logrotate #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 -yunohost service add $app --description="Smart recuoe management" --log="/var/log/$app/$app.log" +yunohost service add $app --description="Smart recipe management" --log="/var/log/$app/$app.log" #================================================= # START SYSTEMD SERVICE From 73f7ad9b0fde03ec97e6ecdb3a2508369b1e2964 Mon Sep 17 00:00:00 2001 From: navanchauhan Date: Sun, 7 Aug 2022 16:08:40 -0400 Subject: [PATCH 05/17] fix warnings --- scripts/install | 8 ++++---- scripts/restore | 2 +- scripts/upgrade | 2 +- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/scripts/install b/scripts/install index dff51a3..90d901a 100755 --- a/scripts/install +++ b/scripts/install @@ -140,17 +140,17 @@ ynh_exec_as $app python3 -m venv "$final_path/venv" ynh_script_progression --message="Installing dependencies via pip..." --weight=4 pushd "$final_path" - ynh_exec_as $app "$final_path/venv/bin/pip3" install -r requirements.txt + ynh_exec_warn_less ynh_exec_as $app "$final_path/venv/bin/pip3" install -r requirements.txt popd ynh_script_progression --message="Building frontend..." --weight=5 pushd "$final_path/vue" ynh_use_nodejs - yarn install - yarn build + ynh_exec_warn_less yarn install + ynh_exec_warn_less yarn build popd -ynh_script_progression --message="Running migrations and generatic static files..." --weight=2 +ynh_script_progression --message="Running migrations and generating static files..." --weight=2 pushd "$final_path" # load environment variables export $(cat "/var/www/$app/.env" |grep "^[^#]" | xargs) diff --git a/scripts/restore b/scripts/restore index dc4a283..e1667d7 100755 --- a/scripts/restore +++ b/scripts/restore @@ -115,7 +115,7 @@ ynh_restore_file --origin_path="/etc/logrotate.d/$app" #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 -yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log" +yunohost service add $app --description="Smart recipe management" --log="/var/log/$app/$app.log" #================================================= # START SYSTEMD SERVICE diff --git a/scripts/upgrade b/scripts/upgrade index 0b7f6b8..588489a 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -181,7 +181,7 @@ ynh_use_logrotate --non-append #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 -yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log" +yunohost service add $app --description="Smart recipe management" --log="/var/log/$app/$app.log" #================================================= # START SYSTEMD SERVICE From b62d8c33b5ff52808b13b09a8cf400c5b1753e4a Mon Sep 17 00:00:00 2001 From: navanchauhan Date: Sun, 7 Aug 2022 17:15:19 -0400 Subject: [PATCH 06/17] fix --- check_process | 14 ++------------ conf/systemd.service | 38 +++++++++++++++++++++++++++++++++++--- 2 files changed, 37 insertions(+), 15 deletions(-) diff --git a/check_process b/check_process index f41c4c9..ac4363b 100644 --- a/check_process +++ b/check_process @@ -1,30 +1,20 @@ -# See here for more information -# https://github.com/YunoHost/package_check#syntax-check_process-file - -# Move this file from check_process.default to check_process when you have filled it. - ;; Test complet ; Manifest domain="domain.tld" - path="/path" is_public=1 - language="fr" - admin="john" - password="1Strong-Password" port="666" ; Checks pkg_linter=1 - setup_sub_dir=1 + setup_sub_dir=0 setup_root=1 setup_nourl=0 setup_private=1 setup_public=1 upgrade=1 - upgrade=1 from_commit=CommitHash backup_restore=1 multi_instance=1 port_already_use=0 - change_url=1 + change_url=0 ;;; Options Email= Notification=none diff --git a/conf/systemd.service b/conf/systemd.service index 92202ee..1613e78 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -1,5 +1,5 @@ [Unit] -Description=gunicorn daemon for recipes +Description=Tandoor, smart recipe mangement After=network.target [Service] @@ -7,10 +7,42 @@ Type=simple Restart=always RestartSec=3 User=__APP__ -Group=www-data +Group=__APP__ WorkingDirectory=__FINALPATH__ EnvironmentFile=__FINALPATH__/.env -ExecStart=__FINALPATH__/venv/bin/gunicorn --error-logfile /tmp/gunicorn_err.log --log-level debug --capture-output --bind 127.0.0.1:__PORT__ recipes.wsgi:application +ExecStart=__FINALPATH__/venv/bin/gunicorn --error-logfile /var/log/__APP__/__APP__.log --bind 127.0.0.1:__PORT__ recipes.wsgi:application +Restart=on-failure +RestartSec=10 + +# Sandboxing options to harden security +# Depending on specificities of your service/app, you may need to tweak these +# .. but this should be a good baseline +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG [Install] WantedBy=multi-user.target \ No newline at end of file From 1436e013a336793d9e8c0a370be255f9514b711b Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Sun, 7 Aug 2022 21:15:30 +0000 Subject: [PATCH 07/17] Auto-update README --- README.md | 1 + README_fr.md | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 50f7615..1d22369 100644 --- a/README.md +++ b/README.md @@ -46,6 +46,7 @@ a public page. **Shipped version:** 1.3.3~ynh1 + **Demo:** https://app.tandoor.dev/accounts/login/?demo ## Screenshots diff --git a/README_fr.md b/README_fr.md index fe2c4c8..9637611 100644 --- a/README_fr.md +++ b/README_fr.md @@ -44,7 +44,8 @@ a public page. - 📥️ **Import your collection** from many other [recipe managers](https://docs.tandoor.dev/features/import_export/) - ➕ Many more like recipe scaling, image compression, printing views and supermarkets -**Version incluse :** 1.3.3~ynh1 +**Version incluse :** 1.3.3~ynh1 + **Démo :** https://app.tandoor.dev/accounts/login/?demo From 493ca488fc5b08e0bc8044ad2c7613d761671453 Mon Sep 17 00:00:00 2001 From: navanchauhan Date: Sun, 7 Aug 2022 17:49:16 -0400 Subject: [PATCH 08/17] specify min yunohost version --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index 9fc40c4..9370fa9 100644 --- a/manifest.json +++ b/manifest.json @@ -22,7 +22,7 @@ "email": "tandoor@navan.email" }, "requirements": { - "yunohost": ">= 4.3.0" + "yunohost": ">= 11.0.7" }, "multi_instance": true, "services": [ From 522bcf31a49371399534f39ddc0160c699c99cea Mon Sep 17 00:00:00 2001 From: navanchauhan Date: Sun, 7 Aug 2022 17:50:49 -0400 Subject: [PATCH 09/17] added license --- LICENSE | 23 ++++++++++++++++++++--- 1 file changed, 20 insertions(+), 3 deletions(-) diff --git a/LICENSE b/LICENSE index 7d1e40b..2fbf60f 100644 --- a/LICENSE +++ b/LICENSE @@ -1,4 +1,21 @@ -File containing the license of your package. +MIT License -More information here: -https://yunohost.org/packaging_apps_guidelines#yep-1-3 +Copyright (c) 2022 YunoHost-Apps + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. From 30ab1951b00317d2c1dfc78806c548aef3b57ab9 Mon Sep 17 00:00:00 2001 From: navanchauhan Date: Sun, 7 Aug 2022 17:52:20 -0400 Subject: [PATCH 10/17] remove logfile --- conf/systemd.service | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/conf/systemd.service b/conf/systemd.service index 1613e78..ad2dfad 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -10,7 +10,7 @@ User=__APP__ Group=__APP__ WorkingDirectory=__FINALPATH__ EnvironmentFile=__FINALPATH__/.env -ExecStart=__FINALPATH__/venv/bin/gunicorn --error-logfile /var/log/__APP__/__APP__.log --bind 127.0.0.1:__PORT__ recipes.wsgi:application +ExecStart=__FINALPATH__/venv/bin/gunicorn --bind 127.0.0.1:__PORT__ recipes.wsgi:application Restart=on-failure RestartSec=10 @@ -45,4 +45,4 @@ CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG [Install] -WantedBy=multi-user.target \ No newline at end of file +WantedBy=multi-user.target From d75dd7e3960050542fa2dbff9820ae0dab1e5689 Mon Sep 17 00:00:00 2001 From: navanchauhan Date: Mon, 8 Aug 2022 00:23:26 -0400 Subject: [PATCH 11/17] temp remove hardening --- conf/systemd.service | 30 ------------------------------ 1 file changed, 30 deletions(-) diff --git a/conf/systemd.service b/conf/systemd.service index ad2dfad..fd3ab1d 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -14,35 +14,5 @@ ExecStart=__FINALPATH__/venv/bin/gunicorn --bind 127.0.0.1:__PORT__ recipes.wsgi Restart=on-failure RestartSec=10 -# Sandboxing options to harden security -# Depending on specificities of your service/app, you may need to tweak these -# .. but this should be a good baseline -# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html -NoNewPrivileges=yes -PrivateTmp=yes -PrivateDevices=yes -RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 -RestrictNamespaces=yes -RestrictRealtime=yes -DevicePolicy=closed -ProtectSystem=full -ProtectControlGroups=yes -ProtectKernelModules=yes -ProtectKernelTunables=yes -LockPersonality=yes -SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap - -# Denying access to capabilities that should not be relevant for webapps -# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html -CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD -CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE -CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT -CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK -CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM -CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG -CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE -CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW -CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG - [Install] WantedBy=multi-user.target From f70692e0d31337526f2dd80997384d2fe1287107 Mon Sep 17 00:00:00 2001 From: navanchauhan Date: Mon, 8 Aug 2022 00:44:05 -0400 Subject: [PATCH 12/17] build py3.9 on buster --- scripts/_common.sh | 87 +++++++++++++++++++++++++++++++++++++++++++++- scripts/install | 8 ++++- 2 files changed, 93 insertions(+), 2 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index 01f8228..81163c5 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -5,14 +5,99 @@ #================================================= # dependencies used by the app (must be on a single line) -pkg_dependencies="git curl python3 python3-pip python3-venv libpq-dev postgresql libsasl2-dev python3-dev libldap2-dev libssl-dev" +pkg_dependencies="git curl python3 python3-pip python3-venv libpq-dev postgresql libsasl2-dev python3-dev libldap2-dev libssl-dev libffi-dev autoconf build-essential" nodejs_version=16 +py_required_version=3.9.2 #================================================= # PERSONAL HELPERS #================================================= +# Install specific python version +# usage: myynh_install_python --python="3.8.6" +# | arg: -p, --python= - the python version to install +myynh_install_python () { + # Declare an array to define the options of this helper. + local legacy_args=u + local -A args_array=( [p]=python= ) + local python + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + # Check python version from APT + local py_apt_version=$(python3 --version | cut -d ' ' -f 2) + + # Check existing built version of python in /usr/local/bin + if [ -e "/usr/local/bin/python${python:0:3}" ] + then + local py_built_version=$(/usr/local/bin/python${python:0:3} --version \ + | cut -d ' ' -f 2) + else + local py_built_version=0 + fi + + # Compare version + if $(dpkg --compare-versions $py_apt_version ge $python) + then + # APT >= Required + ynh_print_info --message="Using provided python3..." + + py_app_version="python3" + + else + # Either python already built or to build + if $(dpkg --compare-versions $py_built_version ge $python) + then + # Built >= Required + ynh_print_info --message="Using already used python3 built version..." + + py_app_version="/usr/local/bin/python${py_built_version:0:3}" + + else + ynh_print_info --message="Installing additional dependencies to build python..." + + pkg_dependencies="${pkg_dependencies} tk-dev libncurses5-dev libncursesw5-dev libreadline6-dev libdb5.3-dev libgdbm-dev libsqlite3-dev libbz2-dev libexpat1-dev liblzma-dev wget tar" + ynh_install_app_dependencies "${pkg_dependencies}" + + # APT < Minimal & Actual < Minimal => Build & install Python into /usr/local/bin + ynh_print_info --message="Building python (may take a while)..." + + # Store current direcotry + local MY_DIR=$(pwd) + + # Create a temp direcotry + tmpdir="$(mktemp --directory)" + cd "$tmpdir" + + # Download + wget --output-document="Python-$python.tar.xz" \ + "https://www.python.org/ftp/python/$python/Python-$python.tar.xz" 2>&1 + + # Extract + tar xf "Python-$python.tar.xz" + + # Install + cd "Python-$python" + ./configure --enable-optimizations + ynh_exec_warn_less make -j4 + ynh_exec_warn_less make altinstall + + # Go back to working directory + cd "$MY_DIR" + + # Clean + ynh_secure_remove "$tmpdir" + + # Set version + py_app_version="/usr/local/bin/python${python:0:3}" + fi + fi + # Save python version in settings + ynh_app_setting_set --app=$app --key=python --value="$python" +} + + #================================================= # EXPERIMENTAL HELPERS #================================================= diff --git a/scripts/install b/scripts/install index 90d901a..9b5cfe4 100755 --- a/scripts/install +++ b/scripts/install @@ -136,7 +136,13 @@ chown $app:$app "$final_path/.env" #================================================= ynh_script_progression --message="Setting up Tandoor venv..." --weight=1 -ynh_exec_as $app python3 -m venv "$final_path/venv" +if [[ $(ynh_get_debian_release) == "bullseye" ]]; then + py_app_version="python3" +else + myynh_install_python --python="$py_required_version" +fi + +ynh_exec_as $app $py_app_version -m venv "$final_path/venv" ynh_script_progression --message="Installing dependencies via pip..." --weight=4 pushd "$final_path" From 60d424a16a2ee859b5a983d7c09824ec34bc1044 Mon Sep 17 00:00:00 2001 From: navanchauhan Date: Mon, 8 Aug 2022 00:44:54 -0400 Subject: [PATCH 13/17] bump v --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index 9370fa9..9fc40c4 100644 --- a/manifest.json +++ b/manifest.json @@ -22,7 +22,7 @@ "email": "tandoor@navan.email" }, "requirements": { - "yunohost": ">= 11.0.7" + "yunohost": ">= 4.3.0" }, "multi_instance": true, "services": [ From b25671e9221ee8fe40db9e92c86721f32c53bb83 Mon Sep 17 00:00:00 2001 From: navanchauhan Date: Mon, 8 Aug 2022 13:15:21 -0400 Subject: [PATCH 14/17] fix upgrade --- check_process | 2 +- scripts/upgrade | 12 ++---------- 2 files changed, 3 insertions(+), 11 deletions(-) diff --git a/check_process b/check_process index ac4363b..6cd9557 100644 --- a/check_process +++ b/check_process @@ -8,7 +8,7 @@ setup_sub_dir=0 setup_root=1 setup_nourl=0 - setup_private=1 + setup_private=0 setup_public=1 upgrade=1 backup_restore=1 diff --git a/scripts/upgrade b/scripts/upgrade index 588489a..d373b35 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -104,14 +104,6 @@ ynh_script_progression --message="Upgrading dependencies..." --weight=1 ynh_install_app_dependencies $pkg_dependencies -#================================================= -# PHP-FPM CONFIGURATION -#================================================= -ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=1 - -# Create a dedicated PHP-FPM config -ynh_add_fpm_config - #================================================= # NGINX CONFIGURATION #================================================= @@ -130,8 +122,8 @@ ynh_add_config --template=".env.template" --destination="$final_path/.env" # FIXME: this should be handled by the core in the future # You may need to use chmod 600 instead of 400, # for example if the app is expected to be able to modify its own config -chmod 400 "$final_path/some_config_file" -chown $app:$app "$final_path/some_config_file" +chmod 400 "$final_path/.env" +chown $app:$app "$final_path/.env" #================================================= # SPECIFIC UPGRADE From 92e3f76d836cb2494942bb31e233bfbafe4b426f Mon Sep 17 00:00:00 2001 From: navanchauhan Date: Tue, 9 Aug 2022 13:40:43 -0400 Subject: [PATCH 15/17] initialise vars --- scripts/restore | 3 +++ scripts/upgrade | 3 +++ 2 files changed, 6 insertions(+) diff --git a/scripts/restore b/scripts/restore index e1667d7..4c0114c 100755 --- a/scripts/restore +++ b/scripts/restore @@ -29,9 +29,12 @@ ynh_script_progression --message="Loading installation settings..." --weight=1 app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) +port=$(ynh_app_setting_get --app=$app --key=port) path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) db_name=$(ynh_app_setting_get --app=$app --key=db_name) +db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd) +secretkey=$(ynh_app_setting_get --app=$app --key=secretkey) db_user=$db_name #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index d373b35..e69daa0 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -17,9 +17,12 @@ ynh_script_progression --message="Loading installation settings..." --weight=1 app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) +port=$(ynh_app_setting_get --app=$app --key=port) path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) db_name=$(ynh_app_setting_get --app=$app --key=db_name) +db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd) +secretkey=$(ynh_app_setting_get --app=$app --key=secretkey) #================================================= # CHECK VERSION From 824daad3a5dd3cc44b5fbfd2fc25f57ac0f5fe84 Mon Sep 17 00:00:00 2001 From: navanchauhan Date: Tue, 9 Aug 2022 13:52:43 -0400 Subject: [PATCH 16/17] call ynh_psql_test_if_first_run --- scripts/install | 1 + scripts/restore | 1 + 2 files changed, 2 insertions(+) diff --git a/scripts/install b/scripts/install index 9b5cfe4..b8e7c4c 100755 --- a/scripts/install +++ b/scripts/install @@ -94,6 +94,7 @@ ynh_script_progression --message="Creating a PostgreSQL database..." --weight=1 db_name=$(ynh_sanitize_dbid --db_name=$app) db_user=$db_name ynh_app_setting_set --app=$app --key=db_name --value=$db_name +ynh_psql_test_if_first_run ynh_psql_setup_db --db_user=$db_user --db_name=$db_name ynh_psql_execute_as_root --sql="GRANT ALL PRIVILEGES ON DATABASE $db_user TO $db_user;" diff --git a/scripts/restore b/scripts/restore index 4c0114c..c60e202 100755 --- a/scripts/restore +++ b/scripts/restore @@ -95,6 +95,7 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_script_progression --message="Restoring the PostgreSQL database..." --weight=1 db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) +ynh_psql_test_if_first_run ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd ynh_psql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql From b065a956d33f7a98ca724864bc51e553e53dc60b Mon Sep 17 00:00:00 2001 From: navanchauhan Date: Tue, 9 Aug 2022 16:40:16 -0400 Subject: [PATCH 17/17] fixed psql pwd --- scripts/restore | 2 +- scripts/upgrade | 7 +++---- 2 files changed, 4 insertions(+), 5 deletions(-) diff --git a/scripts/restore b/scripts/restore index c60e202..5f2ef60 100755 --- a/scripts/restore +++ b/scripts/restore @@ -33,7 +33,7 @@ port=$(ynh_app_setting_get --app=$app --key=port) path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd) +db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) secretkey=$(ynh_app_setting_get --app=$app --key=secretkey) db_user=$db_name diff --git a/scripts/upgrade b/scripts/upgrade index e69daa0..52d3ab8 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -21,7 +21,7 @@ port=$(ynh_app_setting_get --app=$app --key=port) path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd) +db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) secretkey=$(ynh_app_setting_get --app=$app --key=secretkey) #================================================= @@ -135,11 +135,10 @@ chown $app:$app "$final_path/.env" if [ "$upgrade_type" == "UPGRADE_APP" ] then - # load environment variables - export $(cat "/var/www/$app/.env" |grep "^[^#]" | xargs) - ynh_script_progression --message="Running migrations and generatic static files..." --weight=2 pushd "$final_path" + # load environment variables + export $(cat "/var/www/$app/.env" |grep "^[^#]" | xargs) ynh_exec_as $app "$final_path/venv/bin/python3" manage.py migrate ynh_exec_as $app "$final_path/venv/bin/python3" manage.py collectstatic --no-input ynh_exec_as $app "$final_path/venv/bin/python3" manage.py collectstatic_js_reverse