1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/ttrss_ynh.git synced 2024-10-01 13:34:46 +02:00

Upgrade config file (#108)

Patches that allows to connect to the app without authentication are not working anymore.
I see 3 possible solutions:

- rework patches to work with upstream changes
- use built-in authentication
- set authentication to false and protect app access with SSO (as in this PR)
This commit is contained in:
Éric Gaspar 2021-12-28 09:58:39 +01:00 committed by GitHub
parent cd9414150c
commit 64ba2b6ff1
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
14 changed files with 124 additions and 260 deletions

View file

@ -2,14 +2,16 @@
; Manifest ; Manifest
domain="domain.tld" domain="domain.tld"
path="/path" path="/path"
is_public=1
; Checks ; Checks
pkg_linter=1 pkg_linter=1
setup_sub_dir=1 setup_sub_dir=1
setup_root=1 setup_root=1
setup_nourl=0 setup_nourl=0
setup_private=0 setup_private=1
setup_public=0 setup_public=1
upgrade=1 upgrade=1
upgrade=1 from_commit=be16ff54ae531329590ef6576d6f928315ebe0cf
backup_restore=1 backup_restore=1
multi_instance=1 multi_instance=1
change_url=1 change_url=1
@ -17,3 +19,7 @@
Email= Email=
Notification=none Notification=none
;;; Upgrade options ;;; Upgrade options
; commit=be16ff54ae531329590ef6576d6f928315ebe0cf
name=Create cron
manifest_arg=domain=DOMAIN&path=PATH&admin=USER&language=fr&is_public=1&password=pass&port=666&

View file

@ -1,7 +1,6 @@
SOURCE_URL=https://git.tt-rss.org/fox/tt-rss/archive/9d3c79498368fa99cfde684c759a1c40825aaaa9.tar.gz SOURCE_URL=https://git.tt-rss.org/fox/tt-rss/archive/7aeaa1b039b269c75e543045dcf8c077b3aa258d.tar.gz
SOURCE_SUM=cb5a39a61f6319734606f06fafbb0eb60aa488cdc911ec84ee6738da533124cb SOURCE_SUM=379d96fc026e76c6325908638e953a93ab4f6bb29da99ad7a0ea203fb88a6e6c
SOURCE_SUM_PRG=sha256sum SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=
SOURCE_EXTRACT=true SOURCE_EXTRACT=true

View file

@ -1,16 +1,17 @@
<?php <?php
// ******************************************* // *******************************************
// *** Database configuration (important!) *** // *** Database configuration (important!) ***
// ******************************************* // *******************************************
define('DB_TYPE', "mysql"); // or mysql putenv('TTRSS_DB_TYPE=mysql'); // or mysql
define('DB_HOST', "localhost"); putenv('TTRSS_DB_HOST=localhost');
define('DB_USER', "__DB_NAME__"); putenv('TTRSS_DB_USER=__DB_NAME__');
define('DB_NAME', "__DB_NAME__"); putenv('TTRSS_DB_NAME=__DB_NAME__');
define('DB_PASS', "__DB_PWD__"); putenv('TTRSS_DB_PASS=__DB_PWD__');
define('DB_PORT', '3306'); // usually 5432 for PostgreSQL, 3306 for MySQL putenv('TTRSS_DB_PORT=3306'); // usually 5432 for PostgreSQL, 3306 for MySQL
define('MYSQL_CHARSET', 'UTF8'); putenv('TTRSS_MYSQL_CHARSET=UTF8');
// Connection charset for MySQL. If you have a legacy database and/or experience // Connection charset for MySQL. If you have a legacy database and/or experience
// garbage unicode characters with this option, try setting it to a blank string. // garbage unicode characters with this option, try setting it to a blank string.
@ -18,30 +19,18 @@
// *** Basic settings (important!) *** // *** Basic settings (important!) ***
// *********************************** // ***********************************
define('SELF_URL_PATH', '__DOMAIN_PATH__'); putenv('TTRSS_SELF_URL_PATH=__DOMAIN_PATH__');
// Full URL of your tt-rss installation. This should be set to the // Full URL of your tt-rss installation. This should be set to the
// location of tt-rss directory, e.g. http://example.org/tt-rss/ // location of tt-rss directory, e.g. http://example.org/tt-rss/
// You need to set this option correctly otherwise several features // You need to set this option correctly otherwise several features
// including PUSH, bookmarklets and browser integration will not work properly. // including PUSH, bookmarklets and browser integration will not work properly.
define('FEED_CRYPT_KEY', ''); putenv('TTRSS_SINGLE_USER_MODE=true');
// WARNING: mcrypt is deprecated in php 7.1. This directive exists for backwards
// compatibility with existing installs, new passwords are NOT going to be encrypted.
// Use update.php --decrypt-feeds to decrypt existing passwords in the database while
// mcrypt is still available.
// Key used for encryption of passwords for password-protected feeds
// in the database. A string of 24 random characters. If left blank, encryption
// is not used. Requires mcrypt functions.
// Warning: changing this key will make your stored feed passwords impossible
// to decrypt.
define('SINGLE_USER_MODE', false);
// Operate in single user mode, disables all functionality related to // Operate in single user mode, disables all functionality related to
// multiple users and authentication. Enabling this assumes you have // multiple users and authentication. Enabling this assumes you have
// your tt-rss directory protected by other means (e.g. http auth). // your tt-rss directory protected by other means (e.g. http auth).
define('SIMPLE_UPDATE_MODE', false); putenv('TTRSS_SIMPLE_UPDATE_MODE=false');
// Enables fallback update mode where tt-rss tries to update feeds in // Enables fallback update mode where tt-rss tries to update feeds in
// background while tt-rss is open in your browser. // background while tt-rss is open in your browser.
// If you don't have a lot of feeds and don't want to or can't run // If you don't have a lot of feeds and don't want to or can't run
@ -54,37 +43,39 @@
// *** Files and directories *** // *** Files and directories ***
// ***************************** // *****************************
define('PHP_EXECUTABLE', '/usr/bin/php'); putenv('TTRSS_PHP_EXECUTABLE=/usr/bin/php');
// Path to PHP *COMMAND LINE* executable, used for various command-line tt-rss // Path to PHP *COMMAND LINE* executable, used for various command-line tt-rss
// programs and update daemon. Do not try to use CGI binary here, it won't work. // programs and update daemon. Do not try to use CGI binary here, it won't work.
// If you see HTTP headers being displayed while running tt-rss scripts, // If you see HTTP headers being displayed while running tt-rss scripts,
// then most probably you are using the CGI binary. If you are unsure what to // then most probably you are using the CGI binary. If you are unsure what to
// put in here, ask your hosting provider. // put in here, ask your hosting provider.
define('LOCK_DIRECTORY', 'lock'); putenv('TTRSS_LOCK_DIRECTORY=lock');
// Directory for lockfiles, must be writable to the user you run // Directory for lockfiles, must be writable to the user you run
// daemon process or cronjobs under. // daemon process or cronjobs under.
define('CACHE_DIR', 'cache'); putenv('TTRSS_CACHE_DIR=cache');
// Local cache directory for RSS feed content. // Local cache directory for RSS feed content.
define('ICONS_DIR', "feed-icons"); putenv('TTRSS_ICONS_DIR=feed-icons');
define('ICONS_URL', "feed-icons"); putenv('TTRSS_ICONS_URL=feed-icons');
// Local and URL path to the directory, where feed favicons are stored. // Local and URL path to the directory, where feed favicons are stored.
// Unless you really know what you're doing, please keep those relative // Unless you really know what you're doing, please keep those relative
// to tt-rss main directory. // to tt-rss main directory.
//putenv('TTRSS_SIMPLE_UPDATE_MODE=true');
// ********************** // **********************
// *** Authentication *** // *** Authentication ***
// ********************** // **********************
// Please see PLUGINS below to configure various authentication modules. // Please see PLUGINS below to configure various authentication modules.
define('AUTH_AUTO_CREATE', true); putenv('TTRSS_AUTH_AUTO_CREATE=true');
// Allow authentication modules to auto-create users in tt-rss internal // Allow authentication modules to auto-create users in tt-rss internal
// database when authenticated successfully. // database when authenticated successfully.
define('AUTH_AUTO_LOGIN', true); putenv('TTRSS_AUTH_AUTO_LOGIN=true');
// Automatically login user on remote or other kind of externally supplied // Automatically login user on remote or other kind of externally supplied
// authentication, otherwise redirect to login form as normal. // authentication, otherwise redirect to login form as normal.
// If set to true, users won't be able to set application language // If set to true, users won't be able to set application language
@ -94,18 +85,14 @@
// *** Feed settings *** // *** Feed settings ***
// ********************* // *********************
define('FORCE_ARTICLE_PURGE', 0); putenv('TTRSS_FORCE_ARTICLE_PURGE=0');
// When this option is not 0, users ability to control feed purging // When this option is not 0, users ability to control feed purging
// intervals is disabled and all articles (which are not starred) // intervals is disabled and all articles (which are not starred)
// older than this amount of days are purged. // older than this amount of days are purged.
// *** PubSubHubbub settings *** // *** PubSubHubbub settings ***
define('PUBSUBHUBBUB_HUB', ''); putenv('TTRSS_PUBSUBHUBBUB_ENABLED=false');
// URL to a PubSubHubbub-compatible hub server. If defined, "Published
// articles" generated feed would automatically become PUSH-enabled.
define('PUBSUBHUBBUB_ENABLED', false);
// Enable client PubSubHubbub support in tt-rss. When disabled, tt-rss // Enable client PubSubHubbub support in tt-rss. When disabled, tt-rss
// won't try to subscribe to PUSH feed updates. // won't try to subscribe to PUSH feed updates.
@ -113,10 +100,10 @@
// *** Sphinx search plugin *** // *** Sphinx search plugin ***
// **************************** // ****************************
define('SPHINX_SERVER', 'localhost:9312'); putenv('TTRSS_SPHINX_SERVER=localhost:9312');
// Hostname:port combination for the Sphinx server. // Hostname:port combination for the Sphinx server.
define('SPHINX_INDEX', 'ttrss, delta'); putenv('TTRSS_SPHINX_INDEX=ttrss, delta');
// Index name in Sphinx configuration. You can specify multiple indexes // Index name in Sphinx configuration. You can specify multiple indexes
// as a comma-separated string. // as a comma-separated string.
// Example configuration files are available on tt-rss wiki. // Example configuration files are available on tt-rss wiki.
@ -125,16 +112,16 @@
// *** Self-registrations by users *** // *** Self-registrations by users ***
// *********************************** // ***********************************
define('ENABLE_REGISTRATION', false); putenv('TTRSS_ENABLE_REGISTRATION=false');
// Allow users to register themselves. Please be aware that allowing // Allow users to register themselves. Please be aware that allowing
// random people to access your tt-rss installation is a security risk // random people to access your tt-rss installation is a security risk
// and potentially might lead to data loss or server exploit. Disabled // and potentially might lead to data loss or server exploit. Disabled
// by default. // by default.
define('REG_NOTIFY_ADDRESS', 'user@your.domain.dom'); putenv('TTRSS_REG_NOTIFY_ADDRESS=user@your.domain.dom');
// Email address to send new user notifications to. // Email address to send new user notifications to.
define('REG_MAX_USERS', 10); putenv('TTRSS_REG_MAX_USERS=10');
// Maximum amount of users which will be allowed to register on this // Maximum amount of users which will be allowed to register on this
// system. 0 - no limit. // system. 0 - no limit.
@ -142,66 +129,6 @@
// *** Cookies and login sessions *** // *** Cookies and login sessions ***
// ********************************** // **********************************
define('SESSION_COOKIE_LIFETIME', 86400); putenv('TTRSS_SESSION_COOKIE_LIFETIME='.(86400*30));
// Default lifetime of a session (e.g. login) cookie. In seconds, // Default lifetime of a session (e.g. login) cookie. In seconds,
// 0 means cookie will be deleted when browser closes. // 0 means cookie will be deleted when browser closes.
// *********************************
// *** Email and digest settings ***
// *********************************
define('SMTP_FROM_NAME', 'Tiny Tiny RSS');
define('SMTP_FROM_ADDRESS', 'noreply@your.domain.dom');
// Name, address and subject for sending outgoing mail. This applies
// to password reset notifications, digest emails and any other mail.
define('DIGEST_SUBJECT', '[tt-rss] New headlines for last 24 hours');
// Subject line for email digests
define('SMTP_SERVER', '');
// Hostname:port combination to send outgoing mail (i.e. localhost:25).
// Blank - use system MTA.
define('SMTP_LOGIN', '');
define('SMTP_PASSWORD', '');
// These two options enable SMTP authentication when sending
// outgoing mail. Only used with SMTP_SERVER.
define('SMTP_SECURE', '');
// Used to select a secure SMTP connection. Allowed values: ssl, tls,
// or empty.
// ***************************************
// *** Other settings (less important) ***
// ***************************************
define('CHECK_FOR_UPDATES', true);
// Check for updates automatically if running Git version
define('ENABLE_GZIP_OUTPUT', false);
// Selectively gzip output to improve wire performance. This requires
// PHP Zlib extension on the server.
// Enabling this can break tt-rss in several httpd/php configurations,
// if you experience weird errors and tt-rss failing to start, blank pages
// after login, or content encoding errors, disable it.
define('PLUGINS', 'auth_remote, auth_internal, note');
// Comma-separated list of plugins to load automatically for all users.
// System plugins have to be specified here. Please enable at least one
// authentication plugin here (auth_*).
// Users may enable other user plugins from Preferences/Plugins but may not
// disable plugins specified in this list.
// Disabling auth_internal in this list would automatically disable
// reset password link on the login form.
define('LOG_DESTINATION', 'sql');
// Log destination to use. Possible values: sql (uses internal logging
// you can read in Preferences -> System), syslog - logs to system log.
// Setting this to blank uses PHP logging (usually to http server
// error.log).
define('CONFIG_VERSION', 26);
// Expected config version. Please update this option in config.php
// if necessary (after migrating all new options from this file).
// vim:ft=php

1
conf/cron Normal file
View file

@ -0,0 +1 @@
*/30 * * * * /usr/bin/php__PHPVERSION__ __FINALPATH__/update.php --feeds --quiet

View file

@ -4,11 +4,6 @@ location __PATH__/ {
# Path to source # Path to source
alias __FINALPATH__/ ; alias __FINALPATH__/ ;
# Force usage of https
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
index index.php; index index.php;
# Common parameter to increase upload size limit in conjunction with dedicated php-fpm file # Common parameter to increase upload size limit in conjunction with dedicated php-fpm file

View file

@ -3,10 +3,10 @@
"id": "ttrss", "id": "ttrss",
"packaging_format": 1, "packaging_format": 1,
"description": { "description": {
"en": "News feed (RSS/Atom) reader and aggregator.", "en": "News feed (RSS/Atom) reader and aggregator",
"fr": "Lecteur de flux dactualité utilisant les protocoles RSS et Atom." "fr": "Lecteur de flux dactualité utilisant les protocoles RSS et Atom"
}, },
"version": "20200916~ynh5", "version": "20211221~ynh1",
"url": "http://tt-rss.org", "url": "http://tt-rss.org",
"license": "GPL-3.0-only", "license": "GPL-3.0-only",
"maintainer": { "maintainer": {
@ -14,7 +14,7 @@
"email": "" "email": ""
}, },
"requirements": { "requirements": {
"yunohost": ">= 4.1.7" "yunohost": ">= 4.3.0"
}, },
"multi_instance": true, "multi_instance": true,
"services": [ "services": [
@ -24,16 +24,20 @@
], ],
"arguments": { "arguments": {
"install" : [ "install" : [
{ {
"name": "domain", "name": "domain",
"type": "domain", "type": "domain"
"example": "domain.org" },
}, {
{ "name": "path",
"name": "path", "type": "path",
"type": "path", "example": "/ttrss",
"example": "/ttrss", "default": "/ttrss"
"default": "/ttrss" },
{
"name": "is_public",
"type": "boolean",
"default": true
} }
] ]
} }

View file

@ -6,46 +6,10 @@
YNH_PHP_VERSION="7.3" YNH_PHP_VERSION="7.3"
extra_php_dependencies="php${YNH_PHP_VERSION}-mysql php${YNH_PHP_VERSION}-json php${YNH_PHP_VERSION}-curl php${YNH_PHP_VERSION}-gd php${YNH_PHP_VERSION}-opcache \ pkg_dependencies="php${YNH_PHP_VERSION}-mysql php${YNH_PHP_VERSION}-json php${YNH_PHP_VERSION}-curl php${YNH_PHP_VERSION}-gd php${YNH_PHP_VERSION}-opcache \
php${YNH_PHP_VERSION}-fileinfo php${YNH_PHP_VERSION}-intl php${YNH_PHP_VERSION}-cli php${YNH_PHP_VERSION}-mbstring php${YNH_PHP_VERSION}-xml" php${YNH_PHP_VERSION}-fileinfo php${YNH_PHP_VERSION}-intl php${YNH_PHP_VERSION}-cli php${YNH_PHP_VERSION}-mbstring php${YNH_PHP_VERSION}-xml"
#================================================= #=================================================
# EXPERIMENTAL HELPERS # EXPERIMENTAL HELPERS
#================================================= #=================================================
# Check available space before creating a temp directory.
#
# usage: ynh_smart_mktemp --min_size="Min size"
#
# | arg: -s, --min_size= - Minimal size needed for the temporary directory, in Mb
ynh_smart_mktemp () {
# Declare an array to define the options of this helper.
declare -Ar args_array=( [s]=min_size= )
local min_size
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
min_size="${min_size:-300}"
# Transform the minimum size from megabytes to kilobytes
min_size=$(( $min_size * 1024 ))
# Check if there's enough free space in a directory
is_there_enough_space () {
local free_space=$(df --output=avail "$1" | sed 1d)
test $free_space -ge $min_size
}
if is_there_enough_space /tmp; then
local tmpdir=/tmp
elif is_there_enough_space /var; then
local tmpdir=/var
elif is_there_enough_space /; then
local tmpdir=/
elif is_there_enough_space /home; then
local tmpdir=/home
else
ynh_die "Insufficient free space to continue..."
fi
echo "$(mktemp --directory --tmpdir="$tmpdir")"
}

View file

@ -22,6 +22,7 @@ ynh_abort_if_errors
domain=$YNH_APP_ARG_DOMAIN domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH path_url=$YNH_APP_ARG_PATH
is_public=$YNH_APP_ARG_IS_PUBLIC
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
@ -44,6 +45,13 @@ ynh_script_progression --message="Storing installation settings..." --weight=1
ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=path --value=$path_url
#=================================================
# INSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Installing dependencies..." --weight=1
ynh_install_app_dependencies $pkg_dependencies
#================================================= #=================================================
# STANDARD MODIFICATIONS # STANDARD MODIFICATIONS
#================================================= #=================================================
@ -63,7 +71,6 @@ db_name=$(ynh_sanitize_dbid --db_name=$app)
db_user=$db_name db_user=$db_name
ynh_app_setting_set --app=$app --key=db_name --value=$db_name ynh_app_setting_set --app=$app --key=db_name --value=$db_name
ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name
db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd)
#================================================= #=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE # DOWNLOAD, CHECK AND UNPACK SOURCE
@ -92,7 +99,7 @@ ynh_add_nginx_config
ynh_script_progression --message="Configuring PHP-FPM..." --weight=2 ynh_script_progression --message="Configuring PHP-FPM..." --weight=2
# Create a dedicated PHP-FPM config # Create a dedicated PHP-FPM config
ynh_add_fpm_config --package="$extra_php_dependencies" ynh_add_fpm_config
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
#================================================= #=================================================
@ -107,7 +114,7 @@ domain_path=https://$domain$path_url
ynh_add_config --template="../conf/config.php" --destination="$final_path/config.php" ynh_add_config --template="../conf/config.php" --destination="$final_path/config.php"
chmod 400 "$final_path/config.php" chmod 400 "$final_path/config.php"
chown $app:$app "$final_path/config.php" chown $app "$final_path/config.php"
#================================================= #=================================================
# SETUP SYSTEMD # SETUP SYSTEMD
@ -125,7 +132,7 @@ ynh_script_progression --message="Initializing database..." --weight=6
ynh_mysql_connect_as --user="$db_name" --password="$db_pwd" --database="$db_name" \ ynh_mysql_connect_as --user="$db_name" --password="$db_pwd" --database="$db_name" \
< "$final_path/schema/ttrss_schema_mysql.sql" < "$final_path/schema/ttrss_schema_mysql.sql"
ynh_exec_as $app php${phpversion} ${final_path}/update.php --update-schema sudo -u $app php${phpversion} ${final_path}/update.php --update-schema=force-yes
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
@ -144,12 +151,27 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1
# Start a systemd service # Start a systemd service
ynh_systemd_action --service_name=$app --action="start" ynh_systemd_action --service_name=$app --action="start"
#=================================================
# SETUP A CRON
#=================================================
ynh_script_progression --message="Setuping a cron..." --weight=1
ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/$app"
chown root: "/etc/cron.d/$app"
chmod 644 "/etc/cron.d/$app"
#================================================= #=================================================
# SETUP SSOWAT # SETUP SSOWAT
#================================================= #=================================================
ynh_script_progression --message="Configuring permissions..." --weight=1 ynh_script_progression --message="Configuring permissions..." --weight=1
ynh_app_setting_set --app=$app --key=skipped_uris --value="/public.php,/api,/opml.php?op=publish" # ynh_app_setting_set --app=$app --key=skipped_uris --value="/public.php,/api,/opml.php?op=publish"
# Make app public if necessary
if [ $is_public -eq 1 ]
then
ynh_permission_update --permission="main" --add="visitors"
fi
#================================================= #=================================================
# RELOAD NGINX # RELOAD NGINX

View file

@ -74,6 +74,14 @@ ynh_script_progression --message="Removing PHP-FPM configuration..." --weight=3
# Remove the dedicated PHP-FPM config # Remove the dedicated PHP-FPM config
ynh_remove_fpm_config ynh_remove_fpm_config
#=================================================
# REMOVE DEPENDENCIES
#=================================================
ynh_script_progression --message="Removing dependencies..." --weight=1
# Remove metapackage and its dependencies
ynh_remove_app_dependencies
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
#================================================= #=================================================

View file

@ -36,10 +36,7 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
#================================================= #=================================================
ynh_script_progression --message="Validating restoration parameters..." --weight=2 ynh_script_progression --message="Validating restoration parameters..." --weight=2
ynh_webpath_available --domain=$domain --path_url=$path_url \ test ! -d $final_path || ynh_die --message="There is already a directory: $final_path "
|| ynh_die --message="Path not available: ${domain}${path_url}"
test ! -d $final_path \
|| ynh_die --message="There is already a directory: $final_path "
#================================================= #=================================================
# STANDARD RESTORATION STEPS # STANDARD RESTORATION STEPS
@ -76,7 +73,15 @@ ynh_script_progression --message="Restoring the PHP-FPM configuration..." --weig
ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
ynh_add_fpm_config --package="$extra_php_dependencies" ynh_add_fpm_config
#=================================================
# REINSTALL DEPENDENCIES
#=================================================
ynh_script_progression --message="Reinstalling dependencies..." --weight=1
# Define and install dependencies
ynh_install_app_dependencies $pkg_dependencies
#================================================= #=================================================
# RESTORE THE MYSQL DATABASE # RESTORE THE MYSQL DATABASE

View file

@ -27,7 +27,6 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
#================================================= #=================================================
# CHECK VERSION # CHECK VERSION
#================================================= #=================================================
ynh_script_progression --message="Checking version..."
upgrade_type=$(ynh_check_app_version_changed) upgrade_type=$(ynh_check_app_version_changed)
@ -71,6 +70,13 @@ if [ -z "$db_name" ]; then
ynh_app_setting_set --app=$app --key=db_name --value=$db_name ynh_app_setting_set --app=$app --key=db_name --value=$db_name
fi fi
# Cleaning legacy permissions
if ynh_legacy_permissions_exists; then
ynh_legacy_permissions_delete_all
ynh_app_setting_delete --app=$app --key=is_public
fi
# Do not remove the file before the backup, to not fail the backup. # Do not remove the file before the backup, to not fail the backup.
# Remove old cron job # Remove old cron job
ynh_secure_remove --file="/etc/cron.d/$app" ynh_secure_remove --file="/etc/cron.d/$app"
@ -89,21 +95,10 @@ ynh_system_user_create --username=$app --home_dir=$final_path
if [ "$upgrade_type" == "UPGRADE_APP" ] if [ "$upgrade_type" == "UPGRADE_APP" ]
then then
ynh_script_progression --message="Upgrading source files..." --weight=7 ynh_script_progression --message="Upgrading source files..." --weight=1
# Create a temporary directory
tmpdir="$(ynh_smart_mktemp --min_size=10)"
# Download, check integrity, uncompress and patch the source from app.src # Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$tmpdir" ynh_setup_source --dest_dir="$final_path"
# Backup the config file in the temp dir
cp -a "$final_path/config.php" "$tmpdir/config.php"
# Replace the old ttrss by the new one
ynh_secure_remove --file="$final_path"
mv "$tmpdir" "$final_path"
ynh_secure_remove --file="$tmpdir"
fi fi
chmod 750 "$final_path" chmod 750 "$final_path"
@ -118,13 +113,20 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." -
# Create a dedicated NGINX config # Create a dedicated NGINX config
ynh_add_nginx_config ynh_add_nginx_config
#=================================================
# UPGRADE DEPENDENCIES
#=================================================
ynh_script_progression --message="Upgrading dependencies..." --weight=1
ynh_install_app_dependencies $pkg_dependencies
#================================================= #=================================================
# PHP-FPM CONFIGURATION # PHP-FPM CONFIGURATION
#================================================= #=================================================
ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=2 ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=2
# Create a dedicated PHP-FPM config # Create a dedicated PHP-FPM config
ynh_add_fpm_config --package="$extra_php_dependencies" ynh_add_fpm_config
#================================================= #=================================================
# SPECIFIC UPGRADE # SPECIFIC UPGRADE
@ -138,20 +140,14 @@ then
domain_path=https://$domain$path_url domain_path=https://$domain$path_url
ynh_add_config --template="../conf/config.php" --destination="$final_path/config.php" ynh_add_config --template="../conf/config.php" --destination="$final_path/config.php"
ynh_script_progression --message="Upgrading ttrss database..." --weight=2
sudo -u $app php${phpversion} ${final_path}/update.php --update-schema=force-yes
fi fi
chmod 400 "$final_path/config.php" chmod 400 "$final_path/config.php"
chown $app:$app "$final_path/config.php" chown $app:$app "$final_path/config.php"
#=================================================
# UPGRADE DATABASE
#=================================================
if [ "$upgrade_type" == "UPGRADE_APP" ]
then
ynh_script_progression --message="Upgrading ttrss database..." --weight=2
ynh_exec_as $app php"${phpversion}" ${final_path}/update.php --update-schema
fi
#================================================= #=================================================
# SETUP SYSTEMD # SETUP SYSTEMD
#================================================= #=================================================

View file

@ -1,21 +0,0 @@
*** /plugins/auth_remote/init.php 2015-01-22 17:56:31.641845090 +0100
--- /plugins/auth_remote/init.php.1 2015-02-20 09:23:16.515269911 +0100
***************
*** 69,74 ****
--- 69,84 ----
db_query("UPDATE ttrss_users SET email = '$email' WHERE id = " .
$user_id);
}
+ // update user password to allow api access
+ if (isset($_SERVER['PHP_AUTH_PW'])){
+ $currentpassword = $_SERVER['PHP_AUTH_PW'];
+ $new_salt = substr(bin2hex(get_random_bytes(125)), 0, 250);
+ $new_password_hash = encrypt_password($currentpassword, $new_salt, true);
+
+ db_query("UPDATE ttrss_users SET
+ pwd_hash = '$new_password_hash', salt = '$new_salt', otp_enabled = false
+ WHERE login = '$try_login'");
+ }
}
return $user_id;

View file

@ -1,21 +0,0 @@
--- /include/functions.php
+++ /include/functions.php
@@ -825,6 +825,18 @@
}
} else {
+ /* We need to check that the "REMOTE_USER" and "uid" are same.
+ * If it has changed it's probably that the user logged out and
+ * was authenticated with a other username.
+ * In this case we need to reauthenticate the user
+ */
+ if (AUTH_AUTO_LOGIN && $_SERVER["REMOTE_USER"] != $_SESSION["uid"]) {
+ if (authenticate_user(null, null)) {
+ $_SESSION["ref_schema_version"] = get_schema_version(true);
+ } else {
+ authenticate_user(null, null, true);
+ }
+ }
/* bump login timestamp */
$sth = $pdo->prepare("UPDATE ttrss_users SET last_login = NOW() WHERE id = ?");
$sth->execute([$_SESSION['uid']]);

View file

@ -1,21 +0,0 @@
*** /update.php 2015-02-20 09:41:40.231462387 +0100
--- /update.php.1 2015-02-20 09:42:07.911466665 +0100
***************
*** 311,318 ****
_debug("WARNING: please backup your database before continuing.");
_debug("Type 'yes' to continue.");
! if (read_stdin() != 'yes')
! exit;
for ($i = $updater->getSchemaVersion() + 1; $i <= SCHEMA_VERSION; $i++) {
_debug("performing update up to version $i...");
--- 311,318 ----
_debug("WARNING: please backup your database before continuing.");
_debug("Type 'yes' to continue.");
! //if (read_stdin() != 'yes')
! // exit;
for ($i = $updater->getSchemaVersion() + 1; $i <= SCHEMA_VERSION; $i++) {
_debug("performing update up to version $i...");