From 64ba2b6ff1f3646ca0e04b0e34c733ad39568d76 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89ric=20Gaspar?=
 <46165813+ericgaspar@users.noreply.github.com>
Date: Tue, 28 Dec 2021 09:58:39 +0100
Subject: [PATCH] Upgrade config file (#108)

Patches that allows to connect to the app without authentication are not working anymore.
I see 3 possible solutions:

- rework patches to work with upstream changes
- use built-in authentication
- set authentication to false and protect app access with SSO (as in this PR)
---
 check_process                               |  10 +-
 conf/app.src                                |   5 +-
 conf/config.php                             | 129 +++++---------------
 conf/cron                                   |   1 +
 conf/nginx.conf                             |   5 -
 manifest.json                               |  32 ++---
 scripts/_common.sh                          |  38 +-----
 scripts/install                             |  32 ++++-
 scripts/remove                              |   8 ++
 scripts/restore                             |  15 ++-
 scripts/upgrade                             |  46 ++++---
 sources/patches/app-init.patch              |  21 ----
 sources/patches/app-login_remote_user.patch |  21 ----
 sources/patches/app-update.patch            |  21 ----
 14 files changed, 124 insertions(+), 260 deletions(-)
 create mode 100644 conf/cron
 delete mode 100644 sources/patches/app-init.patch
 delete mode 100644 sources/patches/app-login_remote_user.patch
 delete mode 100644 sources/patches/app-update.patch

diff --git a/check_process b/check_process
index d550696..7b34872 100644
--- a/check_process
+++ b/check_process
@@ -2,14 +2,16 @@
 	; Manifest
 		domain="domain.tld"
 		path="/path"
+		is_public=1
 	; Checks
 		pkg_linter=1
 		setup_sub_dir=1
 		setup_root=1
 		setup_nourl=0
-		setup_private=0
-		setup_public=0
+		setup_private=1
+		setup_public=1
 		upgrade=1
+		upgrade=1	from_commit=be16ff54ae531329590ef6576d6f928315ebe0cf
 		backup_restore=1
 		multi_instance=1
 		change_url=1
@@ -17,3 +19,7 @@
 Email=
 Notification=none
 ;;; Upgrade options
+	; commit=be16ff54ae531329590ef6576d6f928315ebe0cf
+		name=Create cron
+		manifest_arg=domain=DOMAIN&path=PATH&admin=USER&language=fr&is_public=1&password=pass&port=666&
+
diff --git a/conf/app.src b/conf/app.src
index aed3709..5c4a4c6 100644
--- a/conf/app.src
+++ b/conf/app.src
@@ -1,7 +1,6 @@
-SOURCE_URL=https://git.tt-rss.org/fox/tt-rss/archive/9d3c79498368fa99cfde684c759a1c40825aaaa9.tar.gz
-SOURCE_SUM=cb5a39a61f6319734606f06fafbb0eb60aa488cdc911ec84ee6738da533124cb
+SOURCE_URL=https://git.tt-rss.org/fox/tt-rss/archive/7aeaa1b039b269c75e543045dcf8c077b3aa258d.tar.gz
+SOURCE_SUM=379d96fc026e76c6325908638e953a93ab4f6bb29da99ad7a0ea203fb88a6e6c
 SOURCE_SUM_PRG=sha256sum
 SOURCE_FORMAT=tar.gz
 SOURCE_IN_SUBDIR=true
-SOURCE_FILENAME=
 SOURCE_EXTRACT=true
diff --git a/conf/config.php b/conf/config.php
index e8527bc..0d4cc0e 100644
--- a/conf/config.php
+++ b/conf/config.php
@@ -1,16 +1,17 @@
 <?php
+
 	// *******************************************
 	// *** Database configuration (important!) ***
 	// *******************************************
 
-	define('DB_TYPE', "mysql"); // or mysql
-	define('DB_HOST', "localhost");
-	define('DB_USER', "__DB_NAME__");
-	define('DB_NAME', "__DB_NAME__");
-	define('DB_PASS', "__DB_PWD__");
-	define('DB_PORT', '3306'); // usually 5432 for PostgreSQL, 3306 for MySQL
+	putenv('TTRSS_DB_TYPE=mysql'); // or mysql
+	putenv('TTRSS_DB_HOST=localhost');
+	putenv('TTRSS_DB_USER=__DB_NAME__');
+	putenv('TTRSS_DB_NAME=__DB_NAME__');
+	putenv('TTRSS_DB_PASS=__DB_PWD__');
+	putenv('TTRSS_DB_PORT=3306'); // usually 5432 for PostgreSQL, 3306 for MySQL
 
-	define('MYSQL_CHARSET', 'UTF8');
+	putenv('TTRSS_MYSQL_CHARSET=UTF8');
 	// Connection charset for MySQL. If you have a legacy database and/or experience
 	// garbage unicode characters with this option, try setting it to a blank string.
 
@@ -18,30 +19,18 @@
 	// *** Basic settings (important!) ***
 	// ***********************************
 
-	define('SELF_URL_PATH', '__DOMAIN_PATH__');
+	putenv('TTRSS_SELF_URL_PATH=__DOMAIN_PATH__');
 	// Full URL of your tt-rss installation. This should be set to the
 	// location of tt-rss directory, e.g. http://example.org/tt-rss/
 	// You need to set this option correctly otherwise several features
 	// including PUSH, bookmarklets and browser integration will not work properly.
 
-	define('FEED_CRYPT_KEY', '');
-	// WARNING: mcrypt is deprecated in php 7.1. This directive exists for backwards
-	// compatibility with existing installs, new passwords are NOT going to be encrypted.
-	// Use update.php --decrypt-feeds to decrypt existing passwords in the database while
-	// mcrypt is still available.
-
-	// Key used for encryption of passwords for password-protected feeds
-	// in the database. A string of 24 random characters. If left blank, encryption
-	// is not used. Requires mcrypt functions.
-	// Warning: changing this key will make your stored feed passwords impossible
-	// to decrypt.
-	
-	define('SINGLE_USER_MODE', false);
+	putenv('TTRSS_SINGLE_USER_MODE=true');
 	// Operate in single user mode, disables all functionality related to
 	// multiple users and authentication. Enabling this assumes you have
 	// your tt-rss directory protected by other means (e.g. http auth).
 
-	define('SIMPLE_UPDATE_MODE', false);
+	putenv('TTRSS_SIMPLE_UPDATE_MODE=false');
 	// Enables fallback update mode where tt-rss tries to update feeds in
 	// background while tt-rss is open in your browser. 
 	// If you don't have a lot of feeds and don't want to or can't run 
@@ -54,37 +43,39 @@
 	// *** Files and directories ***
 	// *****************************
 
-	define('PHP_EXECUTABLE', '/usr/bin/php');
+	putenv('TTRSS_PHP_EXECUTABLE=/usr/bin/php');
 	// Path to PHP *COMMAND LINE* executable, used for various command-line tt-rss 
 	// programs and update daemon. Do not try to use CGI binary here, it won't work. 
 	// If you see HTTP headers being displayed while running tt-rss scripts, 
 	// then most probably you are using the CGI binary. If you are unsure what to 
 	// put in here, ask your hosting provider.
 
-	define('LOCK_DIRECTORY', 'lock');
+	putenv('TTRSS_LOCK_DIRECTORY=lock');
 	// Directory for lockfiles, must be writable to the user you run
 	// daemon process or cronjobs under.
 
-	define('CACHE_DIR', 'cache');
+	putenv('TTRSS_CACHE_DIR=cache');
 	// Local cache directory for RSS feed content.
 
-	define('ICONS_DIR', "feed-icons");
-	define('ICONS_URL', "feed-icons");
+	putenv('TTRSS_ICONS_DIR=feed-icons');
+	putenv('TTRSS_ICONS_URL=feed-icons');
 	// Local and URL path to the directory, where feed favicons are stored.
 	// Unless you really know what you're doing, please keep those relative
 	// to tt-rss main directory.
 
+	//putenv('TTRSS_SIMPLE_UPDATE_MODE=true');
+
 	// **********************
 	// *** Authentication ***
 	// **********************
 
 	// Please see PLUGINS below to configure various authentication modules.
 
-	define('AUTH_AUTO_CREATE', true);
+	putenv('TTRSS_AUTH_AUTO_CREATE=true');
 	// Allow authentication modules to auto-create users in tt-rss internal
 	// database when authenticated successfully.
 
-	define('AUTH_AUTO_LOGIN', true);
+	putenv('TTRSS_AUTH_AUTO_LOGIN=true');
 	// Automatically login user on remote or other kind of externally supplied
 	// authentication, otherwise redirect to login form as normal.
 	// If set to true, users won't be able to set application language
@@ -94,18 +85,14 @@
 	// *** Feed settings ***
 	// *********************
 
-	define('FORCE_ARTICLE_PURGE', 0);
+	putenv('TTRSS_FORCE_ARTICLE_PURGE=0');
 	// When this option is not 0, users ability to control feed purging
 	// intervals is disabled and all articles (which are not starred) 
 	// older than this amount of days are purged.
 
 	// *** PubSubHubbub settings ***
 
-	define('PUBSUBHUBBUB_HUB', '');
-	// URL to a PubSubHubbub-compatible hub server. If defined, "Published
-	// articles" generated feed would automatically become PUSH-enabled.
-
-	define('PUBSUBHUBBUB_ENABLED', false);
+	putenv('TTRSS_PUBSUBHUBBUB_ENABLED=false');
 	// Enable client PubSubHubbub support in tt-rss. When disabled, tt-rss
 	// won't try to subscribe to PUSH feed updates.
 
@@ -113,10 +100,10 @@
 	// *** Sphinx search plugin ***
 	// ****************************
 
-	define('SPHINX_SERVER', 'localhost:9312');
+	putenv('TTRSS_SPHINX_SERVER=localhost:9312');
 	// Hostname:port combination for the Sphinx server.
 
-	define('SPHINX_INDEX', 'ttrss, delta');
+	putenv('TTRSS_SPHINX_INDEX=ttrss, delta');
 	// Index name in Sphinx configuration. You can specify multiple indexes
 	// as a comma-separated string.
 	// Example configuration files are available on tt-rss wiki.
@@ -125,16 +112,16 @@
 	// *** Self-registrations by users ***
 	// ***********************************
 
-	define('ENABLE_REGISTRATION', false);
+	putenv('TTRSS_ENABLE_REGISTRATION=false');
 	// Allow users to register themselves. Please be aware that allowing
 	// random people to access your tt-rss installation is a security risk
 	// and potentially might lead to data loss or server exploit. Disabled
 	// by default.
 
-	define('REG_NOTIFY_ADDRESS', 'user@your.domain.dom');
+	putenv('TTRSS_REG_NOTIFY_ADDRESS=user@your.domain.dom');
 	// Email address to send new user notifications to.
 
-	define('REG_MAX_USERS', 10);
+	putenv('TTRSS_REG_MAX_USERS=10');
 	// Maximum amount of users which will be allowed to register on this
 	// system. 0 - no limit.
 
@@ -142,66 +129,6 @@
 	// *** Cookies and login sessions ***
 	// **********************************
 	
-	define('SESSION_COOKIE_LIFETIME', 86400);
+	putenv('TTRSS_SESSION_COOKIE_LIFETIME='.(86400*30));
 	// Default lifetime of a session (e.g. login) cookie. In seconds, 
 	// 0 means cookie will be deleted when browser closes.
-
-	// *********************************
-	// *** Email and digest settings ***
-	// *********************************
-
-	define('SMTP_FROM_NAME', 'Tiny Tiny RSS');
-	define('SMTP_FROM_ADDRESS', 'noreply@your.domain.dom');
-	// Name, address and subject for sending outgoing mail. This applies
-	// to password reset notifications, digest emails and any other mail.
-
-	define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours');
-	// Subject line for email digests
-
-	define('SMTP_SERVER', '');
-	// Hostname:port combination to send outgoing mail (i.e. localhost:25). 
-	// Blank - use system MTA.
-	
-	define('SMTP_LOGIN', '');
-	define('SMTP_PASSWORD', '');
-	// These two options enable SMTP authentication when sending
-	// outgoing mail. Only used with SMTP_SERVER.
-
-	define('SMTP_SECURE', '');
-	// Used to select a secure SMTP connection. Allowed values: ssl, tls,
-	// or empty.
-	
-	// ***************************************
-	// *** Other settings (less important) ***
-	// ***************************************
-
-	define('CHECK_FOR_UPDATES', true);
-	// Check for updates automatically if running Git version
- 
-	define('ENABLE_GZIP_OUTPUT', false);
-	// Selectively gzip output to improve wire performance. This requires
-	// PHP Zlib extension on the server.
-	// Enabling this can break tt-rss in several httpd/php configurations,
-	// if you experience weird errors and tt-rss failing to start, blank pages
-	// after login, or content encoding errors, disable it.
-
-	define('PLUGINS', 'auth_remote, auth_internal, note');
-	// Comma-separated list of plugins to load automatically for all users.
-	// System plugins have to be specified here. Please enable at least one
-	// authentication plugin here (auth_*).
-	// Users may enable other user plugins from Preferences/Plugins but may not
-	// disable plugins specified in this list.
-	// Disabling auth_internal in this list would automatically disable
-	// reset password link on the login form.
-	
-	define('LOG_DESTINATION', 'sql');
-	// Log destination to use. Possible values: sql (uses internal logging
-	// you can read in Preferences -> System), syslog - logs to system log.
-	// Setting this to blank uses PHP logging (usually to http server 
-	// error.log).
-
-	define('CONFIG_VERSION', 26);
-	// Expected config version. Please update this option in config.php
-	// if necessary (after migrating all new options from this file).
-
-	// vim:ft=php
diff --git a/conf/cron b/conf/cron
new file mode 100644
index 0000000..84bed3f
--- /dev/null
+++ b/conf/cron
@@ -0,0 +1 @@
+*/30 * * * * /usr/bin/php__PHPVERSION__ __FINALPATH__/update.php --feeds --quiet
\ No newline at end of file
diff --git a/conf/nginx.conf b/conf/nginx.conf
index 556b622..549b52a 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -4,11 +4,6 @@ location __PATH__/ {
   # Path to source
   alias __FINALPATH__/ ;
 
-  # Force usage of https
-  if ($scheme = http) {
-    rewrite ^ https://$server_name$request_uri? permanent;
-  }
-
   index index.php;
 
   # Common parameter to increase upload size limit in conjunction with dedicated php-fpm file
diff --git a/manifest.json b/manifest.json
index ed059df..64c3f8d 100644
--- a/manifest.json
+++ b/manifest.json
@@ -3,10 +3,10 @@
   "id": "ttrss",
   "packaging_format": 1,
   "description": {
-    "en": "News feed (RSS/Atom) reader and aggregator.",
-    "fr": "Lecteur de flux d’actualité utilisant les protocoles RSS et Atom."
+    "en": "News feed (RSS/Atom) reader and aggregator",
+    "fr": "Lecteur de flux d’actualité utilisant les protocoles RSS et Atom"
   },
-  "version": "20200916~ynh5",
+  "version": "20211221~ynh1",
   "url": "http://tt-rss.org",
   "license": "GPL-3.0-only",
   "maintainer": {
@@ -14,7 +14,7 @@
     "email": ""
   },
   "requirements": {
-    "yunohost": ">= 4.1.7"
+    "yunohost": ">= 4.3.0"
   },
   "multi_instance": true,
   "services": [
@@ -24,16 +24,20 @@
   ],
   "arguments": {
     "install" : [
-    {
-      "name": "domain",
-      "type": "domain",
-      "example": "domain.org"
-    },
-    {
-      "name": "path",
-      "type": "path",
-      "example": "/ttrss",
-      "default": "/ttrss"
+      {
+        "name": "domain",
+        "type": "domain"
+      },
+      {
+        "name": "path",
+        "type": "path",
+        "example": "/ttrss",
+        "default": "/ttrss"
+        },
+      {
+        "name": "is_public",
+        "type": "boolean",
+        "default": true
       }
     ]
   }
diff --git a/scripts/_common.sh b/scripts/_common.sh
index 082941e..d77187a 100644
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@@ -6,46 +6,10 @@
 
 YNH_PHP_VERSION="7.3"
 
-extra_php_dependencies="php${YNH_PHP_VERSION}-mysql php${YNH_PHP_VERSION}-json php${YNH_PHP_VERSION}-curl php${YNH_PHP_VERSION}-gd php${YNH_PHP_VERSION}-opcache \
+pkg_dependencies="php${YNH_PHP_VERSION}-mysql php${YNH_PHP_VERSION}-json php${YNH_PHP_VERSION}-curl php${YNH_PHP_VERSION}-gd php${YNH_PHP_VERSION}-opcache \
     php${YNH_PHP_VERSION}-fileinfo php${YNH_PHP_VERSION}-intl php${YNH_PHP_VERSION}-cli php${YNH_PHP_VERSION}-mbstring php${YNH_PHP_VERSION}-xml"
 
 #=================================================
 # EXPERIMENTAL HELPERS
 #=================================================
 
-# Check available space before creating a temp directory.
-#
-# usage: ynh_smart_mktemp --min_size="Min size"
-#
-# | arg: -s, --min_size= - Minimal size needed for the temporary directory, in Mb
-ynh_smart_mktemp () {
-        # Declare an array to define the options of this helper.
-        declare -Ar args_array=( [s]=min_size= )
-        local min_size
-        # Manage arguments with getopts
-        ynh_handle_getopts_args "$@"
-
-        min_size="${min_size:-300}"
-        # Transform the minimum size from megabytes to kilobytes
-        min_size=$(( $min_size * 1024 ))
-
-        # Check if there's enough free space in a directory
-        is_there_enough_space () {
-                local free_space=$(df --output=avail "$1" | sed 1d)
-                test $free_space -ge $min_size
-        }
-
-        if is_there_enough_space /tmp; then
-                local tmpdir=/tmp
-        elif is_there_enough_space /var; then
-                local tmpdir=/var
-        elif is_there_enough_space /; then
-                local tmpdir=/   
-        elif is_there_enough_space /home; then
-                local tmpdir=/home
-        else
-                ynh_die "Insufficient free space to continue..."
-        fi
-
-        echo "$(mktemp --directory --tmpdir="$tmpdir")"
-}
diff --git a/scripts/install b/scripts/install
index 6ace68a..c45af95 100644
--- a/scripts/install
+++ b/scripts/install
@@ -22,6 +22,7 @@ ynh_abort_if_errors
 
 domain=$YNH_APP_ARG_DOMAIN
 path_url=$YNH_APP_ARG_PATH
+is_public=$YNH_APP_ARG_IS_PUBLIC
 
 app=$YNH_APP_INSTANCE_NAME
 
@@ -44,6 +45,13 @@ ynh_script_progression --message="Storing installation settings..." --weight=1
 ynh_app_setting_set --app=$app --key=domain --value=$domain
 ynh_app_setting_set --app=$app --key=path --value=$path_url
 
+#=================================================
+# INSTALL DEPENDENCIES
+#=================================================
+ynh_script_progression --message="Installing dependencies..." --weight=1
+
+ynh_install_app_dependencies $pkg_dependencies
+
 #=================================================
 # STANDARD MODIFICATIONS
 #=================================================
@@ -63,7 +71,6 @@ db_name=$(ynh_sanitize_dbid --db_name=$app)
 db_user=$db_name
 ynh_app_setting_set --app=$app --key=db_name --value=$db_name
 ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name
-db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
 
 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE
@@ -92,7 +99,7 @@ ynh_add_nginx_config
 ynh_script_progression --message="Configuring PHP-FPM..." --weight=2
 
 # Create a dedicated PHP-FPM config
-ynh_add_fpm_config --package="$extra_php_dependencies"
+ynh_add_fpm_config
 phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
 
 #=================================================
@@ -107,7 +114,7 @@ domain_path=https://$domain$path_url
 ynh_add_config --template="../conf/config.php" --destination="$final_path/config.php"
 
 chmod 400 "$final_path/config.php"
-chown $app:$app "$final_path/config.php"
+chown $app "$final_path/config.php"
 
 #=================================================
 # SETUP SYSTEMD
@@ -125,7 +132,7 @@ ynh_script_progression --message="Initializing database..." --weight=6
 ynh_mysql_connect_as --user="$db_name" --password="$db_pwd" --database="$db_name" \
     < "$final_path/schema/ttrss_schema_mysql.sql"
 
-ynh_exec_as $app php${phpversion} ${final_path}/update.php --update-schema
+sudo -u $app php${phpversion} ${final_path}/update.php --update-schema=force-yes
 
 #=================================================
 # GENERIC FINALIZATION
@@ -144,12 +151,27 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1
 # Start a systemd service
 ynh_systemd_action --service_name=$app --action="start"
 
+#=================================================
+# SETUP A CRON
+#=================================================
+ynh_script_progression --message="Setuping a cron..." --weight=1
+
+ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/$app"
+chown root: "/etc/cron.d/$app"
+chmod 644 "/etc/cron.d/$app"
+
 #=================================================
 # SETUP SSOWAT
 #=================================================
 ynh_script_progression --message="Configuring permissions..." --weight=1
 
-ynh_app_setting_set --app=$app --key=skipped_uris --value="/public.php,/api,/opml.php?op=publish"
+# ynh_app_setting_set --app=$app --key=skipped_uris --value="/public.php,/api,/opml.php?op=publish"
+# Make app public if necessary
+
+if [ $is_public -eq 1 ]
+then
+	ynh_permission_update --permission="main" --add="visitors"
+fi
 
 #=================================================
 # RELOAD NGINX
diff --git a/scripts/remove b/scripts/remove
index f071464..53b546e 100644
--- a/scripts/remove
+++ b/scripts/remove
@@ -74,6 +74,14 @@ ynh_script_progression --message="Removing PHP-FPM configuration..." --weight=3
 # Remove the dedicated PHP-FPM config
 ynh_remove_fpm_config
 
+#=================================================
+# REMOVE DEPENDENCIES
+#=================================================
+ynh_script_progression --message="Removing dependencies..." --weight=1
+
+# Remove metapackage and its dependencies
+ynh_remove_app_dependencies
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
diff --git a/scripts/restore b/scripts/restore
index 4c6bdeb..7a5b057 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -36,10 +36,7 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
 #=================================================
 ynh_script_progression --message="Validating restoration parameters..." --weight=2
 
-ynh_webpath_available --domain=$domain --path_url=$path_url \
-	|| ynh_die --message="Path not available: ${domain}${path_url}"
-test ! -d $final_path \
-	|| ynh_die --message="There is already a directory: $final_path "
+test ! -d $final_path || ynh_die --message="There is already a directory: $final_path "
 
 #=================================================
 # STANDARD RESTORATION STEPS
@@ -76,7 +73,15 @@ ynh_script_progression --message="Restoring the PHP-FPM configuration..." --weig
 
 ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
 
-ynh_add_fpm_config --package="$extra_php_dependencies"
+ynh_add_fpm_config
+
+#=================================================
+# REINSTALL DEPENDENCIES
+#=================================================
+ynh_script_progression --message="Reinstalling dependencies..." --weight=1
+
+# Define and install dependencies
+ynh_install_app_dependencies $pkg_dependencies
 
 #=================================================
 # RESTORE THE MYSQL DATABASE
diff --git a/scripts/upgrade b/scripts/upgrade
index 6dd8108..3f8dde7 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -27,7 +27,6 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
 #=================================================
 # CHECK VERSION
 #=================================================
-ynh_script_progression --message="Checking version..."
 
 upgrade_type=$(ynh_check_app_version_changed)
 
@@ -71,6 +70,13 @@ if [ -z "$db_name" ]; then
 	ynh_app_setting_set --app=$app --key=db_name --value=$db_name
 fi
 
+# Cleaning legacy permissions
+if ynh_legacy_permissions_exists; then
+	ynh_legacy_permissions_delete_all
+
+	ynh_app_setting_delete --app=$app --key=is_public
+fi
+
 # Do not remove the file before the backup, to not fail the backup.
 # Remove old cron job
 ynh_secure_remove --file="/etc/cron.d/$app"
@@ -89,21 +95,10 @@ ynh_system_user_create --username=$app --home_dir=$final_path
 
 if [ "$upgrade_type" == "UPGRADE_APP" ]
 then
-	ynh_script_progression --message="Upgrading source files..." --weight=7
-
-	# Create a temporary directory
-	tmpdir="$(ynh_smart_mktemp --min_size=10)"
+	ynh_script_progression --message="Upgrading source files..." --weight=1
 
 	# Download, check integrity, uncompress and patch the source from app.src
-	ynh_setup_source --dest_dir="$tmpdir"
-
-	# Backup the config file in the temp dir
-	cp -a "$final_path/config.php" "$tmpdir/config.php"
-
-	# Replace the old ttrss by the new one
-	ynh_secure_remove --file="$final_path"
-	mv "$tmpdir" "$final_path"
-	ynh_secure_remove --file="$tmpdir"
+	ynh_setup_source --dest_dir="$final_path"
 fi
 
 chmod 750 "$final_path"
@@ -118,13 +113,20 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." -
 # Create a dedicated NGINX config
 ynh_add_nginx_config
 
+#=================================================
+# UPGRADE DEPENDENCIES
+#=================================================
+ynh_script_progression --message="Upgrading dependencies..." --weight=1
+
+ynh_install_app_dependencies $pkg_dependencies
+
 #=================================================
 # PHP-FPM CONFIGURATION
 #=================================================
 ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=2
 
 # Create a dedicated PHP-FPM config
-ynh_add_fpm_config --package="$extra_php_dependencies"
+ynh_add_fpm_config
 
 #=================================================
 # SPECIFIC UPGRADE
@@ -138,19 +140,13 @@ then
 
 	domain_path=https://$domain$path_url
 	ynh_add_config --template="../conf/config.php" --destination="$final_path/config.php"
+
+	ynh_script_progression --message="Upgrading ttrss database..." --weight=2
+	sudo -u $app php${phpversion} ${final_path}/update.php --update-schema=force-yes
 fi
+
 chmod 400 "$final_path/config.php"
 chown $app:$app "$final_path/config.php"
-	
-#=================================================
-# UPGRADE DATABASE
-#=================================================
-
-if [ "$upgrade_type" == "UPGRADE_APP" ]
-then
-	ynh_script_progression --message="Upgrading ttrss database..." --weight=2
-	ynh_exec_as $app php"${phpversion}" ${final_path}/update.php --update-schema
-fi
 
 #=================================================
 # SETUP SYSTEMD
diff --git a/sources/patches/app-init.patch b/sources/patches/app-init.patch
deleted file mode 100644
index 5f0356a..0000000
--- a/sources/patches/app-init.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-*** /plugins/auth_remote/init.php	2015-01-22 17:56:31.641845090 +0100
---- /plugins/auth_remote/init.php.1	2015-02-20 09:23:16.515269911 +0100
-***************
-*** 69,74 ****
---- 69,84 ----
-  						db_query("UPDATE ttrss_users SET email = '$email' WHERE id = " .
-  							$user_id);
-  					}
-+ 					// update user password to allow api access
-+ 					if (isset($_SERVER['PHP_AUTH_PW'])){
-+ 						$currentpassword = $_SERVER['PHP_AUTH_PW'];
-+ 						$new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
-+ 						$new_password_hash = encrypt_password($currentpassword, $new_salt, true);
-+ 
-+ 						db_query("UPDATE ttrss_users SET
-+ 							pwd_hash = '$new_password_hash', salt = '$new_salt', otp_enabled = false
-+ 							WHERE login = '$try_login'");
-+ 					}
-  				}
-  
-  				return $user_id;
diff --git a/sources/patches/app-login_remote_user.patch b/sources/patches/app-login_remote_user.patch
deleted file mode 100644
index 0ae748b..0000000
--- a/sources/patches/app-login_remote_user.patch
+++ /dev/null
@@ -1,21 +0,0 @@
---- /include/functions.php
-+++ /include/functions.php
-@@ -825,6 +825,18 @@
- 				}
- 
- 			} else {
-+				/* We need to check that the "REMOTE_USER" and "uid" are same.
-+				 * If it has changed it's probably that the user logged out and
-+				 * was authenticated with a other username.
-+				 * In this case we need to reauthenticate the user
-+				 */
-+				if (AUTH_AUTO_LOGIN && $_SERVER["REMOTE_USER"] != $_SESSION["uid"]) {
-+					if (authenticate_user(null, null)) {
-+						$_SESSION["ref_schema_version"] = get_schema_version(true);
-+					} else {
-+						authenticate_user(null, null, true);
-+					}
-+				}
- 				/* bump login timestamp */
- 				$sth = $pdo->prepare("UPDATE ttrss_users SET last_login = NOW() WHERE id = ?");
- 				$sth->execute([$_SESSION['uid']]);
diff --git a/sources/patches/app-update.patch b/sources/patches/app-update.patch
deleted file mode 100644
index 3dd871e..0000000
--- a/sources/patches/app-update.patch
+++ /dev/null
@@ -1,21 +0,0 @@
-*** /update.php	2015-02-20 09:41:40.231462387 +0100
---- /update.php.1	2015-02-20 09:42:07.911466665 +0100
-***************
-*** 311,318 ****
-  			_debug("WARNING: please backup your database before continuing.");
-  			_debug("Type 'yes' to continue.");
-  
-! 			if (read_stdin() != 'yes')
-! 				exit;
-  
-  			for ($i = $updater->getSchemaVersion() + 1; $i <= SCHEMA_VERSION; $i++) {
-  				_debug("performing update up to version $i...");
---- 311,318 ----
-  			_debug("WARNING: please backup your database before continuing.");
-  			_debug("Type 'yes' to continue.");
-  
-! 			//if (read_stdin() != 'yes')
-! 			//	exit;
-  
-  			for ($i = $updater->getSchemaVersion() + 1; $i <= SCHEMA_VERSION; $i++) {
-  				_debug("performing update up to version $i...");