diff --git a/conf/nginx.conf b/conf/nginx.conf index fe428f7..864573c 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -2,9 +2,8 @@ location __PATH__/ { # Path to source - alias __FINALPATH__/ ; + alias __FINALPATH__/; -### Example PHP configuration (remove it if not used) index index.html; # Include SSOWAT user panel. diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md index 00092c0..1ee3e2f 100644 --- a/doc/DESCRIPTION.md +++ b/doc/DESCRIPTION.md @@ -1,54 +1,4 @@ -# TrustyHash - A Trustable Hash Calculator - TrustyHash is a small [client-side](https://unhosted.org/) web application that computes SHA-256 hash values on both local files and on remote URLs, with a strong emphasis on a process that will allow you to trust the results. Works offline! - -TrustyHash homepage: https://github.com/sprin/TrustyHash - -[Use it here](https://sprin.github.io/TrustyHash/) - -## How is this useful? - -Integrity: "We have in hand the same set of sequences of bits that came into -existence when the object was created" - [Lynch](http://www.clir.org/pubs/reports/pub92/lynch.html) - -"Friends don't let friends use unverified downloads." - -This fills a need for a verifiable, web-based hash calculator written in free -JavaScript. If you already use the command-line hash utilities on your -system, you should continue to use those. This is targeted towards users who do -not have or are unable to use the hash utilities on their local systems. While -universal command-line-literacy is a good goal, the concepts of file integrity and -authenticity and the ability to use tools for verification are perhaps more -fundamental. - -Integrity is the first link in secure systems, and key to determining -authenticity. If we trust the association between an author and the hash value -of a file they created, perhaps because we trust them and they gave us the -hash in person, we can authenticate whether a file we believe to be the same -really did come from them. We can achieve the same result if the author had -used a signing key, and signed and distributed a hash value along with the -file, and we could trust the association between a particular key and the -author - albeit with somewhat more complexity and caveats (eg, has the signing -key been kept private?). - -In a few words, this tool aims to enable verification of integrity and -authenticity claims in an accessible way that depends only on a trusted hash -value and the correctness and integrity of the TrustyHash app and the browser -it executes in. See the section "Trust" below for recommendations on -how to verify integrity of this application. - -## Usage - -Local files can be opened from a file select dialog, or dragged into the "drop -area". Remote URLs can be entered, and if the remote server allows cross-origin -GET requests via -[CORS](https://developer.mozilla.org/en-US/docs/Web/HTTP/Access_control_CORS), -the file will be downloaded to the browser, with the option of saving locally. - -It's recommended to save the application, verify the integrity, and use the -saved copy from then on. To save from the browser, use "Save Page" > "Web Page, -HTML Only", and use a filename of `TrustyHash.html`. To verify, read the -section on "Trust" below. diff --git a/manifest.json b/manifest.json index 3821bdc..973062c 100644 --- a/manifest.json +++ b/manifest.json @@ -3,8 +3,8 @@ "id": "trustyhash", "packaging_format": 1, "description": { - "en": "a small client-side web application that computes SHA-256 hash values on both local files and on remote URLs. Works offline!", - "fr": "une petite application Web côté client qui calcule les valeurs de hachage SHA-256 sur les fichiers locaux et sur les URL distantes. Fonctionne hors ligne !" + "en": "SHA-256 Hash Calculator", + "fr": "Calculateur de hachage SHA-256" }, "version": "1.0~ynh1", "url": "https://github.com/sprin/TrustyHash", @@ -21,12 +21,12 @@ "email": "" }, "requirements": { - "yunohost": ">= 4.3.0" + "yunohost": ">= 11.0.9" }, "multi_instance": true, "services": [ "nginx", - "php7.3-fpm" + "php7.4-fpm" ], "arguments": { "install" : [ diff --git a/scripts/_common.sh b/scripts/_common.sh index 4468f0b..408ed02 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -5,7 +5,7 @@ #================================================= # dependencies used by the app -YNH_PHP_VERSION="7.3" +YNH_PHP_VERSION="7.4" #================================================= # PERSONAL HELPERS diff --git a/scripts/backup b/scripts/backup index d0b7cd8..3001fff 100755 --- a/scripts/backup +++ b/scripts/backup @@ -30,20 +30,13 @@ app=$YNH_APP_INSTANCE_NAME final_path=$(ynh_app_setting_get --app=$app --key=final_path) domain=$(ynh_app_setting_get --app=$app --key=domain) -# db_name=$(ynh_app_setting_get --app=$app --key=db_name) phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) -# datadir=$(ynh_app_setting_get --app=$app --key=datadir) #================================================= # DECLARE DATA AND CONF FILES TO BACKUP #================================================= ynh_print_info --message="Declaring files to be backed up..." -### N.B. : the following 'ynh_backup' calls are only a *declaration* of what needs -### to be backuped and not an actual copy of any file. The actual backup that -### creates and fill the archive with the files happens in the core after this -### script is called. Hence ynh_backups calls takes basically 0 seconds to run. - #================================================= # BACKUP THE APP MAIN DIR #================================================= @@ -68,45 +61,6 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" -#================================================= -# BACKUP FAIL2BAN CONFIGURATION -#================================================= - -# ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" -# ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" - -#================================================= -# SPECIFIC BACKUP -#================================================= -# BACKUP LOGROTATE -#================================================= - -# ynh_backup --src_path="/etc/logrotate.d/$app" - -#================================================= -# BACKUP SYSTEMD -#================================================= - -# ynh_backup --src_path="/etc/systemd/system/$app.service" - -#================================================= -# BACKUP VARIOUS FILES -#================================================= - -# ynh_backup --src_path="/etc/cron.d/$app" - -# ynh_backup --src_path="/etc/$app/" - -#================================================= -# BACKUP THE MYSQL DATABASE -#================================================= -# ynh_print_info --message="Backing up the MySQL database..." - -### (However, things like MySQL dumps *do* take some time to run, though the -### copy of the generated dump to the archive still happens later) - -# ynh_mysql_dump_db --database="$db_name" > db.sql - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/change_url b/scripts/change_url index d0e5ff8..ff06606 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -24,20 +24,15 @@ app=$YNH_APP_INSTANCE_NAME #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 +ynh_script_progression --message="Loading installation settings..." --weight=1 # Needed for helper "ynh_add_nginx_config" final_path=$(ynh_app_setting_get --app=$app --key=final_path) -# Add settings here as needed by your application -#db_name=$(ynh_app_setting_get --app=$app --key=db_name) -#db_user=$db_name -#db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd) - #================================================= # BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP #================================================= -ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --weight=1 +ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --weight=1 # Backup the current version of the app ynh_backup_before_upgrade @@ -67,19 +62,10 @@ then change_path=1 fi -#================================================= -# STANDARD MODIFICATIONS -#================================================= -# STOP SYSTEMD SERVICE -#================================================= -ynh_script_progression --message="Stopping a systemd service..." --weight=1 - -ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" - #================================================= # MODIFY URL IN NGINX CONF #================================================= -ynh_script_progression --message="Updating NGINX web server configuration..." --weight=1 +ynh_script_progression --message="Updating NGINX web server configuration..." --weight=1 nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf @@ -105,25 +91,10 @@ then ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" fi -#================================================= -# SPECIFIC MODIFICATIONS -#================================================= -# ... -#================================================= - -#================================================= -# GENERIC FINALISATION -#================================================= -# START SYSTEMD SERVICE -#================================================= -# ynh_script_progression --message="Starting a systemd service..." --weight=1 - -# ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" - #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 +ynh_script_progression --message="Reloading NGINX web server..." --weight=1 ynh_systemd_action --service_name=nginx --action=reload @@ -131,4 +102,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Change of URL completed for $app" --last +ynh_script_progression --message="Change of URL completed for $app" --last diff --git a/scripts/install b/scripts/install index e0d882a..4eb8d1f 100755 --- a/scripts/install +++ b/scripts/install @@ -28,38 +28,13 @@ domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH phpversion=$YNH_PHP_VERSION -# is_public=$YNH_APP_ARG_IS_PUBLIC -# language=$YNH_APP_ARG_LANGUAGE -# admin=$YNH_APP_ARG_ADMIN -# password=$YNH_APP_ARG_PASSWORD - -### If it's a multi-instance app, meaning it can be installed several times independently -### The id of the app as stated in the manifest is available as $YNH_APP_ID -### The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2"...) -### The app instance name is available as $YNH_APP_INSTANCE_NAME -### - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample -### - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2 -### - ynhexample__{N} for the subsequent installations, with N=3,4... -### The app instance name is probably what interests you most, since this is -### guaranteed to be unique. This is a good unique identifier to define installation path, -### db names... app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= -### About --weight and -### ynh_script_progression will show to your final users the progression of each scripts. -### In order to do that, --weight will represent the relative time of execution compared to the other steps in the script. -### is a packager option, it will show you the execution time since the previous call. -### This option should be removed before releasing your app. -### Use the execution time, given by , to estimate the weight of a step. -### A common way to do it is to set a weight equal to the execution time in second +1. -### The execution time is given for the duration since the previous call. So the weight should be applied to this previous call. -ynh_script_progression --message="Validating installation parameters..." --weight=1 +ynh_script_progression --message="Validating installation parameters..." --weight=1 -### If the app uses NGINX as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app". -### If the app provides an internal web server (or uses another application server such as uWSGI), the final path should be "/opt/yunohost/$app" final_path=/var/www/$app test ! -e "$final_path" || ynh_die --message="This path already contains a folder" @@ -69,342 +44,54 @@ ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= -ynh_script_progression --message="Storing installation settings..." --weight=1 +ynh_script_progression --message="Storing installation settings..." --weight=1 ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=phpversion --value=$phpversion ynh_app_setting_set --app=$app --key=final_path --value=$final_path -# ynh_app_setting_set --app=$app --key=language --value=$language -# ynh_app_setting_set --app=$app --key=admin --value=$admin - -#================================================= -# STANDARD MODIFICATIONS -#================================================= -# FIND AND OPEN A PORT -#================================================= -# ynh_script_progression --message="Finding an available port..." --weight=1 - -### Use these lines if you have to open a port for the application -### `ynh_find_port` will find the first available port starting from the given port. -### If you're not using these lines: -### - Remove the section "CLOSE A PORT" in the remove script - -# Find an available port -# port=$(ynh_find_port --port=8095) -# ynh_app_setting_set --app=$app --key=port --value=$port - -# Optional: Expose this port publicly -# (N.B.: you only need to do this if the app actually needs to expose the port publicly. -# If you do this and the app doesn't actually need you are CREATING SECURITY HOLES IN THE SERVER !) - -# Open the port -# ynh_script_progression --message="Configuring firewall..." --weight=1 -# ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port - -#================================================= -# INSTALL DEPENDENCIES -#================================================= -# ynh_script_progression --message="Installing dependencies..." --weight=1 - -### `ynh_install_app_dependencies` allows you to add any "apt" dependencies to the package. -### Those deb packages will be installed as dependencies of this package. -### If you're not using this helper: -### - Remove the section "REMOVE DEPENDENCIES" in the remove script -### - Remove the variable "pkg_dependencies" in _common.sh -### - As well as the section "REINSTALL DEPENDENCIES" in the restore script -### - And the section "UPGRADE DEPENDENCIES" in the upgrade script - -# ynh_install_app_dependencies $pkg_dependencies - #================================================= # CREATE DEDICATED USER #================================================= -ynh_script_progression --message="Configuring system user..." --weight=1 +ynh_script_progression --message="Configuring system user..." --weight=1 # Create a system user ynh_system_user_create --username=$app --home_dir="$final_path" -#================================================= -# CREATE A MYSQL DATABASE -#================================================= -# ynh_script_progression --message="Creating a MySQL database..." --weight=1 - -### Use these lines if you need a database for the application. -### `ynh_mysql_setup_db` will create a database, an associated user and a ramdom password. -### The password will be stored as 'mysqlpwd' into the app settings, -### and will be available as $db_pwd -### If you're not using these lines: -### - Remove the section "BACKUP THE MYSQL DATABASE" in the backup script -### - Remove also the section "REMOVE THE MYSQL DATABASE" in the remove script -### - As well as the section "RESTORE THE MYSQL DATABASE" in the restore script - -# db_name=$(ynh_sanitize_dbid --db_name=$app) -# db_user=$db_name -# ynh_app_setting_set --app=$app --key=db_name --value=$db_name -# ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_script_progression --message="Setting up source files..." --weight=1 - -### `ynh_setup_source` is used to install an app from a zip or tar.gz file, -### downloaded from an upstream source, like a git repository. -### `ynh_setup_source` use the file conf/app.src +ynh_script_progression --message="Setting up source files..." --weight=1 ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" -# FIXME: this should be managed by the core in the future -# Here, as a packager, you may have to tweak the ownerhsip/permissions -# such that the appropriate users (e.g. maybe www-data) can access -# files in some cases. -# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder - -# this will be treated as a security issue. chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:www-data "$final_path" -#================================================= -# NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Configuring NGINX web server..." --weight=1 - -### `ynh_add_nginx_config` will use the file conf/nginx.conf - -# Create a dedicated NGINX config -ynh_add_nginx_config - #================================================= # PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Configuring PHP-FPM..." --weight=1 - -### `ynh_add_fpm_config` is used to set up a PHP config. -### You can remove it if your app doesn't use PHP. -### `ynh_add_fpm_config` will use the files conf/php-fpm.conf -### If you're not using these lines: -### - You can remove these files in conf/. -### - Remove the section "BACKUP THE PHP-FPM CONFIGURATION" in the backup script -### - Remove also the section "REMOVE PHP-FPM CONFIGURATION" in the remove script -### - As well as the section "RESTORE THE PHP-FPM CONFIGURATION" in the restore script -### with the reload at the end of the script. -### - And the section "PHP-FPM CONFIGURATION" in the upgrade script +ynh_script_progression --message="Configuring PHP-FPM..." --weight=1 # Create a dedicated PHP-FPM config ynh_add_fpm_config #================================================= -# SPECIFIC SETUP -#================================================= -# ... +# NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Configuring NGINX web server..." --weight=1 -#================================================= -# CREATE DATA DIRECTORY -#================================================= -# ynh_script_progression --message="Creating a data directory..." --weight=1 - -### Use these lines if you need to create a directory to store "persistent files" for the application. -### Usually this directory is used to store uploaded files or any file that won't be updated during -### an upgrade and that won't be deleted during app removal unless "--purge" option is used. -### If you're not using these lines: -### - Remove the section "BACKUP THE DATA DIR" in the backup script -### - Remove the section "RESTORE THE DATA DIRECTORY" in the restore script -### - As well as the section "REMOVE DATA DIR" in the remove script - -# datadir=/home/yunohost.app/$app -# ynh_app_setting_set --app=$app --key=datadir --value=$datadir - -# mkdir -p $datadir - -# FIXME: this should be managed by the core in the future -# Here, as a packager, you may have to tweak the ownerhsip/permissions -# such that the appropriate users (e.g. maybe www-data) can access -# files in some cases. -# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder - -# this will be treated as a security issue. -# chmod 750 "$datadir" -# chmod -R o-rwx "$datadir" -# chown -R $app:www-data "$datadir" - -#================================================= -# ADD A CONFIGURATION -#================================================= -# ynh_script_progression --message="Adding a configuration file..." --weight=1 - -### You can add specific configuration files. -### -### Typically, put your template conf file in ../conf/your_config_file -### The template may contain strings such as __FOO__ or __FOO_BAR__, -### which will automatically be replaced by the values of $foo and $foo_bar -### -### ynh_add_config will also keep track of the config file's checksum, -### which later during upgrade may allow to automatically backup the config file -### if it's found that the file was manually modified -### -### Check the documentation of `ynh_add_config` for more info. - -# ynh_add_config --template="some_config_file" --destination="$final_path/some_config_file" - -# FIXME: this should be handled by the core in the future -# You may need to use chmod 600 instead of 400, -# for example if the app is expected to be able to modify its own config -# chmod 400 "$final_path/some_config_file" -# chown $app:$app "$final_path/some_config_file" - -### For more complex cases where you want to replace stuff using regexes, -### you shoud rely on ynh_replace_string (which is basically a wrapper for sed) -### When doing so, you also need to manually call ynh_store_file_checksum -### -### ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/some_config_file" -### ynh_store_file_checksum --file="$final_path/some_config_file" - -#================================================= -# SETUP SYSTEMD -#================================================= -# ynh_script_progression --message="Configuring a systemd service..." --weight=1 - -### `ynh_systemd_config` is used to configure a systemd script for an app. -### It can be used for apps that use sysvinit (with adaptation) or systemd. -### Have a look at the app to be sure this app needs a systemd script. -### `ynh_systemd_config` will use the file conf/systemd.service -### If you're not using these lines: -### - You can remove those files in conf/. -### - Remove the section "BACKUP SYSTEMD" in the backup script -### - Remove also the section "STOP AND REMOVE SERVICE" in the remove script -### - As well as the section "RESTORE SYSTEMD" in the restore script -### - And the section "SETUP SYSTEMD" in the upgrade script - -# Create a dedicated systemd config -# ynh_add_systemd_config - -#================================================= -# SETUP APPLICATION WITH CURL -#================================================= - -### Use these lines only if the app installation needs to be finalized through -### web forms. We generally don't want to ask the final user, -### so we're going to use curl to automatically fill the fields and submit the -### forms. - -# Set the app as temporarily public for curl call -# ynh_script_progression --message="Configuring SSOwat..." --weight=1 -# Making the app public for curl -# ynh_permission_update --permission="main" --add="visitors" - -# Installation with curl -# ynh_script_progression --message="Finalizing installation..." --weight=1 -# ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3" - -# Remove the public access -# ynh_permission_update --permission="main" --remove="visitors" - -#================================================= -# GENERIC FINALIZATION -#================================================= -# SETUP LOGROTATE -#================================================= -# ynh_script_progression --message="Configuring log rotation..." --weight=1 - -### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app. -### Use this helper only if there is effectively a log file for this app. -### If you're not using this helper: -### - Remove the section "BACKUP LOGROTATE" in the backup script -### - Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script -### - As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script -### - And the section "SETUP LOGROTATE" in the upgrade script - -# Use logrotate to manage application logfile(s) -# ynh_use_logrotate - -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -# ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 - -### `yunohost service add` integrates a service in YunoHost. It then gets -### displayed in the admin interface and through the others `yunohost service` commands. -### (N.B.: this line only makes sense if the app adds a service to the system!) -### If you're not using these lines: -### - You can remove these files in conf/. -### - Remove the section "REMOVE SERVICE INTEGRATION IN YUNOHOST" in the remove script -### - As well as the section "INTEGRATE SERVICE IN YUNOHOST" in the restore script -### - And the section "INTEGRATE SERVICE IN YUNOHOST" in the upgrade script - -# yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log" - -### Additional options starting with 3.8: -### -### --needs_exposed_ports "$port" a list of ports that needs to be publicly exposed -### which will then be checked by YunoHost's diagnosis system -### (N.B. DO NOT USE THIS is the port is only internal!!!) -### -### --test_status "some command" a custom command to check the status of the service -### (only relevant if 'systemctl status' doesn't do a good job) -### -### --test_conf "some command" some command similar to "nginx -t" that validates the conf of the service -### -### Re-calling 'yunohost service add' during the upgrade script is the right way -### to proceed if you later realize that you need to enable some flags that -### weren't enabled on old installs (be careful it'll override the existing -### service though so you should re-provide all relevant flags when doing so) - -#================================================= -# START SYSTEMD SERVICE -#================================================= -# ynh_script_progression --message="Starting a systemd service..." --weight=1 - -### `ynh_systemd_action` is used to start a systemd service for an app. -### Only needed if you have configure a systemd service -### If you're not using these lines: -### - Remove the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the backup script -### - As well as the section "START SYSTEMD SERVICE" in the restore script -### - As well as the section"STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the upgrade script -### - And the section "STOP SYSTEMD SERVICE" and "START SYSTEMD SERVICE" in the change_url script - -# Start a systemd service -# ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" - -#================================================= -# SETUP FAIL2BAN -#================================================= -# ynh_script_progression --message="Configuring Fail2Ban..." --weight=1 - -# Create a dedicated Fail2Ban config -# ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" - -#================================================= -# SETUP SSOWAT -#================================================= -# ynh_script_progression --message="Configuring permissions..." --weight=1 - -# Make app public if necessary -# if [ $is_public -eq 1 ] -# then - # Everyone can access the app. - # The "main" permission is automatically created before the install script. -# ynh_permission_update --permission="main" --add="visitors" -# fi - -### N.B. : the following extra permissions only make sense if your app -### does have for example an admin interface or an API. - -# Only the admin can access the admin panel of the app (if the app has an admin panel) -# ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin - -# Everyone can access the API part -# We don't want to display the tile in the SSO so we put --show_tile="false" -# And we don't want the YunoHost admin to be able to remove visitors group to this permission, so we put --protected="true" -# ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true" +# Create a dedicated NGINX config +ynh_add_nginx_config #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 +ynh_script_progression --message="Reloading NGINX web server..." --weight=1 ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/remove b/scripts/remove index 58312dc..94db125 100755 --- a/scripts/remove +++ b/scripts/remove @@ -12,137 +12,43 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 +ynh_script_progression --message="Loading installation settings..." --weight=1 app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) -# port=$(ynh_app_setting_get --app=$app --key=port) -# db_name=$(ynh_app_setting_get --app=$app --key=db_name) -# db_user=$db_name final_path=$(ynh_app_setting_get --app=$app --key=final_path) -# datadir=$(ynh_app_setting_get --app=$app --key=datadir) - -#================================================= -# STANDARD REMOVE -#================================================= -# REMOVE SERVICE INTEGRATION IN YUNOHOST -#================================================= - -# Remove the service from the list of services known by YunoHost (added from `yunohost service add`) -# if ynh_exec_warn_less yunohost service status $app >/dev/null -# then -# ynh_script_progression --message="Removing $app service integration..." --weight=1 -# yunohost service remove $app -# fi - -#================================================= -# STOP AND REMOVE SERVICE -#================================================= -# ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1 - -# Remove the dedicated systemd config -# ynh_remove_systemd_config - -#================================================= -# REMOVE LOGROTATE CONFIGURATION -#================================================= -# ynh_script_progression --message="Removing logrotate configuration..." --weight=1 - -# Remove the app-specific logrotate config -# ynh_remove_logrotate - -#================================================= -# REMOVE THE MYSQL DATABASE -#================================================= -# ynh_script_progression --message="Removing the MySQL database..." --weight=1 - -# Remove a database if it exists, along with the associated user -# ynh_mysql_remove_db --db_user=$db_user --db_name=$db_name #================================================= # REMOVE APP MAIN DIR #================================================= -ynh_script_progression --message="Removing app main directory..." --weight=1 +ynh_script_progression --message="Removing app main directory..." --weight=1 # Remove the app directory securely ynh_secure_remove --file="$final_path" -#================================================= -# REMOVE DATA DIR -#================================================= - -# Remove the data directory if --purge option is used -# if [ "${YNH_APP_PURGE:-0}" -eq 1 ] -# then -# ynh_script_progression --message="Removing app data directory..." --weight=1 -# ynh_secure_remove --file="$datadir" -# fi - -#================================================= -# REMOVE NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1 - -# Remove the dedicated NGINX config -ynh_remove_nginx_config - #================================================= # REMOVE PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Removing PHP-FPM configuration..." --weight=1 +ynh_script_progression --message="Removing PHP-FPM configuration..." --weight=1 # Remove the dedicated PHP-FPM config ynh_remove_fpm_config #================================================= -# REMOVE DEPENDENCIES +# REMOVE NGINX CONFIGURATION #================================================= -# ynh_script_progression --message="Removing dependencies..." --weight=1 +ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1 -# Remove metapackage and its dependencies -# ynh_remove_app_dependencies - -#================================================= -# CLOSE A PORT -#================================================= - -# if yunohost firewall list | grep -q "\- $port$" -# then -# ynh_script_progression --message="Closing port $port..." --weight=1 -# ynh_exec_warn_less yunohost firewall disallow TCP $port -# fi - -#================================================= -# REMOVE FAIL2BAN CONFIGURATION -#================================================= -# ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=1 - -# Remove the dedicated Fail2Ban config -# ynh_remove_fail2ban_config - -#================================================= -# SPECIFIC REMOVE -#================================================= -# REMOVE VARIOUS FILES -#================================================= -# ynh_script_progression --message="Removing various files..." --weight=1 - -# Remove a cron file -# ynh_secure_remove --file="/etc/cron.d/$app" - -# Remove a directory securely -# ynh_secure_remove --file="/etc/$app" - -# Remove the log files -# ynh_secure_remove --file="/var/log/$app" +# Remove the dedicated NGINX config +ynh_remove_nginx_config #================================================= # GENERIC FINALIZATION #================================================= # REMOVE DEDICATED USER #================================================= -ynh_script_progression --message="Removing the dedicated system user..." --weight=1 +ynh_script_progression --message="Removing the dedicated system user..." --weight=1 # Delete a system user ynh_system_user_delete --username=$app @@ -151,4 +57,4 @@ ynh_system_user_delete --username=$app # END OF SCRIPT #================================================= -ynh_script_progression --message="Removal of $app completed" --last +ynh_script_progression --message="Removal of $app completed" --last diff --git a/scripts/restore b/scripts/restore index bba214e..2a476e9 100755 --- a/scripts/restore +++ b/scripts/restore @@ -31,10 +31,7 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) -# db_name=$(ynh_app_setting_get --app=$app --key=db_name) -# db_user=$db_name phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) -# datadir=$(ynh_app_setting_get --app=$app --key=datadir) #================================================= # CHECK IF THE APP CAN BE RESTORED @@ -68,35 +65,10 @@ ynh_script_progression --message="Restoring the app main directory..." --weight ynh_restore_file --origin_path="$final_path" -# FIXME: this should be managed by the core in the future -# Here, as a packager, you may have to tweak the ownerhsip/permissions -# such that the appropriate users (e.g. maybe www-data) can access -# files in some cases. -# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder - -# this will be treated as a security issue. chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:www-data "$final_path" -#================================================= -# RESTORE THE DATA DIRECTORY -#================================================= -# ynh_script_progression --message="Restoring the data directory..." --weight=1 - -# ynh_restore_file --origin_path="$datadir" --not_mandatory - -# mkdir -p $datadir - -# FIXME: this should be managed by the core in the future -# Here, as a packager, you may have to tweak the ownerhsip/permissions -# such that the appropriate users (e.g. maybe www-data) can access -# files in some cases. -# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder - -# this will be treated as a security issue. -# chmod 750 "$datadir" -# chmod -R o-rwx "$datadir" -# chown -R $app:www-data "$datadir" - #================================================= # RESTORE THE PHP-FPM CONFIGURATION #================================================= @@ -104,72 +76,6 @@ ynh_script_progression --message="Restoring the PHP-FPM configuration..." --wei ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" -#================================================= -# RESTORE FAIL2BAN CONFIGURATION -#================================================= -# ynh_script_progression --message="Restoring the Fail2Ban configuration..." --weight=1 - -# ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf" -# ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf" -# ynh_systemd_action --action=restart --service_name=fail2ban - -#================================================= -# SPECIFIC RESTORATION -#================================================= -# REINSTALL DEPENDENCIES -#================================================= -# ynh_script_progression --message="Reinstalling dependencies..." --weight=1 - -# Define and install dependencies -# ynh_install_app_dependencies $pkg_dependencies - -#================================================= -# RESTORE THE MYSQL DATABASE -#================================================= -# ynh_script_progression --message="Restoring the MySQL database..." --weight=1 - -# db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) -# ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd -# ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql - -#================================================= -# RESTORE VARIOUS FILES -#================================================= -# ynh_script_progression --message="Restoring various files..." --weight=1 - -# ynh_restore_file --origin_path="/etc/cron.d/$app" - -# ynh_restore_file --origin_path="/etc/$app/" - -#================================================= -# RESTORE SYSTEMD -#================================================= -# ynh_script_progression --message="Restoring the systemd configuration..." --weight=1 - -# ynh_restore_file --origin_path="/etc/systemd/system/$app.service" -# systemctl enable $app.service --quiet - -#================================================= -# RESTORE THE LOGROTATE CONFIGURATION -#================================================= -# ynh_script_progression --message="Restoring the logrotate configuration..." --weight=1 - -# ynh_restore_file --origin_path="/etc/logrotate.d/$app" - -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -# ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 - -# yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log" - -#================================================= -# START SYSTEMD SERVICE -#================================================= -# ynh_script_progression --message="Starting a systemd service..." --weight=1 - -# ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" - #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 985299d..1b0e664 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -12,33 +12,24 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 +ynh_script_progression --message="Loading installation settings..." --weight=1 app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) -# language=$(ynh_app_setting_get --app=$app --key=language) -# admin=$(ynh_app_setting_get --app=$app --key=admin) final_path=$(ynh_app_setting_get --app=$app --key=final_path) -# db_name=$(ynh_app_setting_get --app=$app --key=db_name) #================================================= # CHECK VERSION #================================================= -### This helper will compare the version of the currently installed app and the version of the upstream package. -### $upgrade_type can have 2 different values -### - UPGRADE_APP if the upstream app version has changed -### - UPGRADE_PACKAGE if only the YunoHost package has changed -### ynh_check_app_version_changed will stop the upgrade if the app is up to date. -### UPGRADE_APP should be used to upgrade the core app only if there's an upgrade to do. upgrade_type=$(ynh_check_app_version_changed) #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1 +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1 # Backup the current version of the app ynh_backup_before_upgrade @@ -49,40 +40,10 @@ ynh_clean_setup () { # Exit if an error occurs during the execution of the script ynh_abort_if_errors -#================================================= -# STANDARD UPGRADE STEPS -#================================================= -# STOP SYSTEMD SERVICE -#================================================= -# ynh_script_progression --message="Stopping a systemd service..." --weight=1 - -# ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" - #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= -ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 - -# -# N.B. : the followings setting migrations snippets are provided as *EXAMPLES* -# of what you may want to do in some cases (e.g. a setting was not defined on -# some legacy installs and you therefore want to initiaze stuff during upgrade) -# - -# If db_name doesn't exist, create it -#if [ -z "$db_name" ]; then -# db_name=$(ynh_sanitize_dbid --db_name=$app) -# ynh_app_setting_set --app=$app --key=db_name --value=$db_name -#fi - -# If final_path doesn't exist, create it -#if [ -z "$final_path" ]; then -# final_path=/var/www/$app -# ynh_app_setting_set --app=$app --key=final_path --value=$final_path -#fi - -### If nobody installed your app before 4.1, -### then you may safely remove these lines +ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 # Cleaning legacy permissions if ynh_legacy_permissions_exists; then @@ -91,20 +52,10 @@ if ynh_legacy_permissions_exists; then ynh_app_setting_delete --app=$app --key=is_public fi -# if ! ynh_permission_exists --permission="admin"; then - # Create the required permissions -# ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin -# fi - -# Create a permission if needed -# if ! ynh_permission_exists --permission="api"; then -# ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true" -# fi - #================================================= # CREATE DEDICATED USER #================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 +ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 # Create a dedicated user (if not existing) ynh_system_user_create --username=$app --home_dir="$final_path" @@ -115,120 +66,36 @@ ynh_system_user_create --username=$app --home_dir="$final_path" if [ "$upgrade_type" == "UPGRADE_APP" ] then - ynh_script_progression --message="Upgrading source files..." --weight=1 + ynh_script_progression --message="Upgrading source files..." --weight=1 # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" fi -# FIXME: this should be managed by the core in the future -# Here, as a packager, you may have to tweak the ownerhsip/permissions -# such that the appropriate users (e.g. maybe www-data) can access -# files in some cases. -# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder - -# this will be treated as a security issue. chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:www-data "$final_path" -#================================================= -# NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=1 - -# Create a dedicated NGINX config -ynh_add_nginx_config - -#================================================= -# UPGRADE DEPENDENCIES -#================================================= -# ynh_script_progression --message="Upgrading dependencies..." --weight=1 - -# ynh_install_app_dependencies $pkg_dependencies - #================================================= # PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=1 +ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=1 # Create a dedicated PHP-FPM config ynh_add_fpm_config #================================================= -# SPECIFIC UPGRADE -#================================================= -# ... +# NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=1 -#================================================= -# UPDATE A CONFIG FILE -#================================================= -# ynh_script_progression --message="Updating a configuration file..." --weight=1 - -### Same as during install -### -### The file will automatically be backed-up if it's found to be manually modified (because -### ynh_add_config keeps track of the file's checksum) - -# ynh_add_config --template="some_config_file" --destination="$final_path/some_config_file" - -# FIXME: this should be handled by the core in the future -# You may need to use chmod 600 instead of 400, -# for example if the app is expected to be able to modify its own config -# chmod 400 "$final_path/some_config_file" -# chown $app:$app "$final_path/some_config_file" - -### For more complex cases where you want to replace stuff using regexes, -### you shoud rely on ynh_replace_string (which is basically a wrapper for sed) -### When doing so, you also need to manually call ynh_store_file_checksum -### -### ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/some_config_file" -### ynh_store_file_checksum --file="$final_path/some_config_file" - -#================================================= -# SETUP SYSTEMD -#================================================= -# ynh_script_progression --message="Upgrading systemd configuration..." --weight=1 - -# Create a dedicated systemd config -# ynh_add_systemd_config - -#================================================= -# GENERIC FINALIZATION -#================================================= -# SETUP LOGROTATE -#================================================= -# ynh_script_progression --message="Upgrading logrotate configuration..." --weight=1 - -# Use logrotate to manage app-specific logfile(s) -# ynh_use_logrotate --non-append - -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -# ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 - -# yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log" - -#================================================= -# START SYSTEMD SERVICE -#================================================= -# ynh_script_progression --message="Starting a systemd service..." --weight=1 - -# ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" - -#================================================= -# UPGRADE FAIL2BAN -#================================================= -# ynh_script_progression --message="Reconfiguring Fail2Ban..." --weight=1 - -# Create a dedicated Fail2Ban config -# ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" +# Create a dedicated NGINX config +ynh_add_nginx_config #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 +ynh_script_progression --message="Reloading NGINX web server..." --weight=1 ynh_systemd_action --service_name=nginx --action=reload