diff --git a/README.md b/README.md index 5e4c3c3..9604364 100644 --- a/README.md +++ b/README.md @@ -41,9 +41,9 @@ Supported, with LDAP. #### Supported architectures -* x86-64b - [![Build Status](https://ci-apps.yunohost.org/jenkins/job/teampass%20(Community)/badge/icon)](https://ci-apps.yunohost.org/jenkins/job/teampass%20(Community)/) -* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/jenkins/job/teampass%20(Community)%20(%7EARM%7E)/badge/icon)](https://ci-apps-arm.yunohost.org/jenkins/job/teampass%20(Community)%20(%7EARM%7E)/) -* Jessie x86-64b - [![Build Status](https://ci-stretch.nohost.me/jenkins/job/teampass%20(Community)/badge/icon)](https://ci-stretch.nohost.me/jenkins/job/teampass%20(Community)/) +* x86-64b - ![](https://ci-apps.yunohost.org/ci/logs/teampass%20%28Community%29.svg) +* ARMv8-A - ![](https://ci-apps-arm.yunohost.org/ci/logs/teampass%20%28Community%29.svg) +* Jessie x86-64b - ![](https://ci-stretch.nohost.me/ci/logs/teampass%20%28Community%29.svg) ## Limitations diff --git a/conf/settings.php b/conf/settings.php index 6525757..21fc9cc 100644 --- a/conf/settings.php +++ b/conf/settings.php @@ -12,6 +12,7 @@ $port = 3306; $encoding = "utf8"; @date_default_timezone_set($_SESSION['settings']['timezone']); -@define('SECUREPATH', '__FINALPATH__/includes'); -require_once "__SKPATH__sk.php"; -?> +@define('SECUREPATH', '__SKPATH__'); +if (file_exists("__SKPATH__sk.php")) { + require_once "__SKPATH__sk.php"; +} diff --git a/scripts/_common.sh b/scripts/_common.sh index 21234d0..8d58e36 100755 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -30,6 +30,24 @@ IS_PACKAGE_CHECK () { return $(env | grep -c container=lxc) } +#================================================= +# BOOLEAN CONVERTER +#================================================= + +bool_to_01 () { + local var="$1" + [ "$var" = "true" ] && var=1 + [ "$var" = "false" ] && var=0 + echo "$var" +} + +bool_to_true_false () { + local var="$1" + [ "$var" = "1" ] && var=true + [ "$var" = "0" ] && var=false + echo "$var" +} + #================================================= # EXPERIMENTAL HELPERS #================================================= @@ -517,7 +535,7 @@ EOF ynh_store_file_checksum "$finalfail2banjailconf" ynh_store_file_checksum "$finalfail2banfilterconf" - systemctl reload fail2ban + systemctl restart fail2ban local fail2ban_error="$(journalctl -u fail2ban | tail -n50 | grep "WARNING.*$app.*")" if [ -n "$fail2ban_error" ] then @@ -532,7 +550,7 @@ EOF ynh_remove_fail2ban_config () { ynh_secure_remove "/etc/fail2ban/jail.d/$app.conf" ynh_secure_remove "/etc/fail2ban/filter.d/$app.conf" - systemctl reload fail2ban + systemctl restart fail2ban } #================================================= diff --git a/scripts/install b/scripts/install index 7975636..988f35a 100644 --- a/scripts/install +++ b/scripts/install @@ -162,7 +162,7 @@ ynh_replace_string "__SALTKEY__" "$saltkey" ../conf/sk.php #================================================= cp ../conf/sk.php $path_sk_file/sk.php -chown -R root:$app $path_sk_file +chown -R $app $path_sk_file chmod 750 $path_sk_file cp ../conf/settings.php $final_path/includes/config/settings.php ynh_store_file_checksum "$final_path/includes/config/settings.php" # Enregistre la somme de contrôle du fichier de config diff --git a/scripts/restore b/scripts/restore index 25523e2..fa6436d 100644 --- a/scripts/restore +++ b/scripts/restore @@ -76,8 +76,8 @@ ynh_system_user_create $app # Recreate the dedicated user, if not exist # Les fichiers appartiennent à root chown -R root: $final_path -# Sauf les dossiers files et upload -chown -R $app: $final_path/files $final_path/upload +# Sauf les dossiers includes, files et upload +chown -R $app $final_path/{includes,files,upload} #================================================= # RESTORE OF THE PHP-FPM CONFIGURATION @@ -93,7 +93,7 @@ ynh_restore_file "/etc/php5/fpm/conf.d/20-$app.ini" #================================================= ynh_restore_file "/etc/$app/sk.php" -chown -R root:$app "/etc/$app/sk.php" +chown -R $app "/etc/$app/sk.php" #================================================= # RESTORE CRON FILE diff --git a/scripts/upgrade b/scripts/upgrade index 6e4e327..571d5d8 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -29,12 +29,12 @@ upgrade_type=$(ynh_check_app_version_changed) # ENSURE DOWNWARD COMPATIBILITY #================================================= -if [ -z $final_path ]; then # Si final_path n'est pas renseigné dans app setting +if [ -z "$final_path" ]; then # Si final_path n'est pas renseigné dans app setting final_path=/var/www/$app ynh_app_setting_set $app final_path $final_path fi -if [ -z $db_name ]; then # Si db_name n'est pas renseigné dans app setting +if [ -z "$db_name" ]; then # Si db_name n'est pas renseigné dans app setting db_name=$(ynh_sanitize_dbid $app) ynh_app_setting_set $app db_name $db_name fi @@ -75,7 +75,8 @@ then ynh_setup_source "$final_path" # Télécharge la source, décompresse et copie dans $final_path # Delete the install directory. - ynh_secure_remove "$final_path/install" + # Keep it for the manual upgrade process... +# ynh_secure_remove "$final_path/install" fi #================================================= @@ -126,19 +127,48 @@ echo "0 0 * * 0 $app cd $final_path/backups && php script.backup.php" > /etc/cro # ENSURE DOWNWARD COMPATIBILITY #================================================= -# Move settings.php from old teampass version -if [ ! -e "$final_path/includes/config/settings.php" ] +if [ "$upgrade_type" == "UPGRADE_APP" ] then - mv "$final_path/includes/settings.php" "$final_path/includes/config/settings.php" + # Move settings.php from old teampass version + if [ ! -e "$final_path/includes/config/settings.php" ] + then + mv "$final_path/includes/settings.php" "$final_path/includes/config/settings.php" + fi + + # Create csrfp.config.php + if [ ! -e "$final_path/includes/libraries/csrfp/libs/csrfp.config.php" ] + then + cp $final_path/includes/libraries/csrfp/libs/csrfp.config.sample.php $final_path/includes/libraries/csrfp/libs/csrfp.config.php # Créer le fichier de config de csrfp + ynh_replace_string "CSRFP_TOKEN\" => \"" "&$(head -n40 /dev/urandom | tr -c -d 'a-f0-9' | head -c50)" $final_path/includes/libraries/csrfp/libs/csrfp.config.php # Renseigne un token, valide en hexadécimal + ynh_replace_string "jsUrl\" => \"" "&includes/libraries/csrfp/js/csrfprotector.js" $final_path/includes/libraries/csrfp/libs/csrfp.config.php # Renseigne l'adresse de csrfprotector.js + fi + + # Run database upgrades + # Upgrade to 2.1.23.4 + ynh_mysql_execute_as_root "ALTER TABLE teampass_misc ADD id INT(12) NOT NULL AUTO_INCREMENT FIRST, ADD PRIMARY KEY (id);" $app >&2 + # Upgrade to 2.1.24.4 + ynh_mysql_execute_as_root "ALTER TABLE teampass_items CHANGE pw_len pw_len INT(5) NOT NULL DEFAULT '0';" $app >&2 + # Upgrade to 2.1.25.2 + ynh_mysql_execute_as_root "INSERT INTO teampass_misc (id, type, intitule, valeur) VALUES (NULL, 'admin', 'encryption_protocol', 'ctr');" $app >&2 + # Upgrade to 2.1.27.x + ynh_mysql_execute_as_root "ALTER TABLE teampass_misc CHANGE id increment_id INT(12) NOT NULL AUTO_INCREMENT;" $app >&2 fi -# Create csrfp.config.php -if [ ! -e "$final_path/includes/libraries/csrfp/libs/csrfp.config.php" ] -then - cp $final_path/includes/libraries/csrfp/libs/csrfp.config.sample.php $final_path/includes/libraries/csrfp/libs/csrfp.config.php # Créer le fichier de config de csrfp - ynh_replace_string "CSRFP_TOKEN\" => \"" "&$(head -n40 /dev/urandom | tr -c -d 'a-f0-9' | head -c50)" $final_path/includes/libraries/csrfp/libs/csrfp.config.php # Renseigne un token, valide en hexadécimal - ynh_replace_string "jsUrl\" => \"" "&includes/libraries/csrfp/js/csrfprotector.js" $final_path/includes/libraries/csrfp/libs/csrfp.config.php # Renseigne l'adresse de csrfprotector.js -fi +#================================================= +# UPDATE SETTINGS.PHP +#================================================= + +# Remplacement des variables dans le fichier settings.php +ynh_replace_string "__DBUSER__" "$db_name" ../conf/settings.php +db_pwd=$(ynh_app_setting_get $app mysqlpwd) +ynh_replace_string "__DBPWD__" "$db_pwd" ../conf/settings.php +ynh_replace_string "__FINALPATH__" "$final_path" ../conf/settings.php +path_sk_file=/etc/$app/ +ynh_replace_string "__SKPATH__" "$path_sk_file" ../conf/settings.php + +ynh_backup_if_checksum_is_different "$final_path/includes/config/settings.php" +cp ../conf/settings.php $final_path/includes/config/settings.php +ynh_store_file_checksum "$final_path/includes/config/settings.php" # Enregistre la somme de contrôle du fichier de config #================================================= # GENERIC FINALISATION @@ -148,8 +178,8 @@ fi # Les fichiers appartiennent à root chown -R root: $final_path -# Sauf certains dossiers includes, files et upload -chown -R $app $final_path/{includes,files,upload} +# Sauf certains dossiers includes, install, files et upload +chown -R $app $final_path/{includes,install,files,upload} # Restreint l'accès au dossier de backup chmod 750 $final_path/backups