From 7693c0526af3e2df285e5a46af30877fb7e5ba4b Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Sun, 27 May 2018 21:19:10 +0200 Subject: [PATCH 1/4] Fix alias traversal bug --- conf/nginx.conf | 3 ++- scripts/install | 5 +++++ scripts/upgrade | 5 +++++ 3 files changed, 12 insertions(+), 1 deletion(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 58d32a3..891813e 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,4 +1,5 @@ -location __PATH__ { +#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; +location __PATH__/ { alias __FINALPATH__/ ; if ($scheme = http) { rewrite ^ https://$server_name$request_uri? permanent; diff --git a/scripts/install b/scripts/install index 3fc564f..97acafc 100644 --- a/scripts/install +++ b/scripts/install @@ -77,6 +77,11 @@ ynh_setup_source "$final_path" # Create a dedicated nginx config ynh_add_nginx_config +if [ "$path_url" != "/" ] +then + ynh_replace_string "^#sub_path_only" "" "/etc/nginx/conf.d/$domain.d/$app.conf" +fi +ynh_store_file_checksum "/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # CREATE DEDICATED USER diff --git a/scripts/upgrade b/scripts/upgrade index c8e8b97..45ff9df 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -69,6 +69,11 @@ ynh_setup_source "$final_path" # Create a dedicated nginx config ynh_add_nginx_config +if [ "$path_url" != "/" ] +then + ynh_replace_string "^#sub_path_only" "" "/etc/nginx/conf.d/$domain.d/$app.conf" +fi +ynh_store_file_checksum "/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # CREATE DEDICATED USER From 7c587e0fbeecdb62206a5c2c2887c1f0404ff8b5 Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Sun, 27 May 2018 21:20:04 +0200 Subject: [PATCH 2/4] Add missing ynh_abort_if_errors in backup/restore --- scripts/backup | 16 +++++++--------- scripts/restore | 16 +++++++--------- 2 files changed, 14 insertions(+), 18 deletions(-) diff --git a/scripts/backup b/scripts/backup index a3ef46e..369de1e 100644 --- a/scripts/backup +++ b/scripts/backup @@ -1,14 +1,5 @@ #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -# Exit on command errors and treat access to unset variables as an error -set -eu - #================================================= # IMPORT GENERIC HELPERS #================================================= @@ -21,6 +12,13 @@ set -eu # source _common.sh source /usr/share/yunohost/helpers +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + #================================================= # LOAD SETTINGS #================================================= diff --git a/scripts/restore b/scripts/restore index b4d7ca0..e994b10 100644 --- a/scripts/restore +++ b/scripts/restore @@ -1,14 +1,5 @@ #!/bin/bash -#================================================= -# GENERIC START -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -# Exit on command errors and treat access to unset variables as an error -set -eu - #================================================= # IMPORT GENERIC HELPERS #================================================= @@ -21,6 +12,13 @@ set -eu # source _common.sh source /usr/share/yunohost/helpers +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + #================================================= # LOAD SETTINGS #================================================= From ff9fc6cadb1312ce57c7e8bf72c6d9d850ed407c Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Sun, 27 May 2018 21:20:39 +0200 Subject: [PATCH 3/4] Add change_url script --- check_process | 2 +- manifest.json | 4 +- scripts/_common.sh | 16 +++++++ scripts/change_url | 105 +++++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 124 insertions(+), 3 deletions(-) create mode 100644 scripts/_common.sh create mode 100644 scripts/change_url diff --git a/check_process b/check_process index 27aefc5..ae4ecc9 100644 --- a/check_process +++ b/check_process @@ -15,7 +15,7 @@ multi_instance=1 incorrect_path=1 port_already_use=0 - change_url=0 + change_url=1 ;;; Levels Level 1=auto Level 2=auto diff --git a/manifest.json b/manifest.json index 724e7a5..0d4dc66 100644 --- a/manifest.json +++ b/manifest.json @@ -7,14 +7,14 @@ "fr": "Un lecteur de flux en PHP et Ajax" }, "url": "http://tt-rss.org", - "license": "GPL-3", + "license": "GPL-3.0-only", "version": "153cb6d30510f9804fe596ac6777bc2f35111ae2", "maintainer": { "name": "titoko", "email": "titoko@titoko.fr" }, "requirements": { - "yunohost": ">= 2.6.4" + "yunohost": ">= 2.7.12" }, "multi_instance": true, "services": [ diff --git a/scripts/_common.sh b/scripts/_common.sh new file mode 100644 index 0000000..d92d1ad --- /dev/null +++ b/scripts/_common.sh @@ -0,0 +1,16 @@ +#!/bin/bash + +#================================================= +# EXPERIMENTAL HELPERS +#================================================= + +# Delete a file checksum from the app settings +# +# $app should be defined when calling this helper +# +# usage: ynh_remove_file_checksum file +# | arg: file - The file for which the checksum will be deleted +ynh_delete_file_checksum () { + local checksum_setting_name=checksum_${1//[\/ ]/_} # Replace all '/' and ' ' by '_' + ynh_app_setting_delete $app $checksum_setting_name +} diff --git a/scripts/change_url b/scripts/change_url new file mode 100644 index 0000000..a4e80ee --- /dev/null +++ b/scripts/change_url @@ -0,0 +1,105 @@ +#!/bin/bash + +#================================================= +# GENERIC STARTING +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# RETRIEVE ARGUMENTS +#================================================= + +old_domain=$YNH_APP_OLD_DOMAIN +old_path=$YNH_APP_OLD_PATH + +new_domain=$YNH_APP_NEW_DOMAIN +new_path=$YNH_APP_NEW_PATH + +app=$YNH_APP_INSTANCE_NAME + +#================================================= +# LOAD SETTINGS +#================================================= + +final_path=$(ynh_app_setting_get "$app" final_path) + +#================================================= +# CHECK PATHS SYNTAX +#================================================= + +test -n "$old_path" || old_path="/" +test -n "$new_path" || new_path="/" +new_path=$(ynh_normalize_url_path $new_path) +old_path=$(ynh_normalize_url_path $old_path) + +#================================================= +# CHECK WHICH PARTS SHOULD BE CHANGED +#================================================= + +change_domain=0 +if [ "$old_domain" != "$new_domain" ] +then + change_domain=1 +fi + +change_path=0 +if [ "$old_path" != "$new_path" ] +then + change_path=1 +fi + +#================================================= +# STANDARD MODIFICATIONS +#================================================= +# MODIFY URL IN NGINX CONF +#================================================= + +nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf + +# Change the path in the nginx config file +if [ $change_path -eq 1 ] +then + # Make a backup of the original nginx config file if modified + ynh_backup_if_checksum_is_different "$nginx_conf_path" + # Set global variables for nginx helper + domain="$old_domain" + path_url="$new_path" + # Store path_url setting + ynh_app_setting_set $app path_url "$path_url" + # Create a dedicated nginx config + ynh_add_nginx_config + if [ "$path_url" != "/" ] + then + ynh_replace_string "^#sub_path_only" "" "$nginx_conf_path" + fi + ynh_store_file_checksum "$nginx_conf_path" +fi + +# Change the domain for nginx +if [ $change_domain -eq 1 ] +then + # Delete file checksum for the old conf file location + ynh_delete_file_checksum "$nginx_conf_path" + mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf + # Store file checksum for the new config file location + ynh_store_file_checksum "/etc/nginx/conf.d/$new_domain.d/$app.conf" +fi + +#================================================= +# SPECIFIC MODIFICATIONS +#================================================= + +# Change domain name in parameters.yml +ynh_replace_string "define('SELF_URL_PATH'.*" "define('SELF_URL_PATH', 'https://$new_domain$new_path');" "$final_path/config.php" + +#================================================= +# GENERIC FINALIZATION +#================================================= +# RELOAD NGINX +#================================================= + +systemctl reload nginx From b3e1365b57e76e1ae7cf14740cafd13d07ed2635 Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Thu, 31 May 2018 07:32:18 +0200 Subject: [PATCH 4/4] Add systemd service in YunoHost panel No log file to provide as everything is written in systemd journal --- scripts/install | 6 ++++++ scripts/upgrade | 6 ++++++ 2 files changed, 12 insertions(+) diff --git a/scripts/install b/scripts/install index 97acafc..7b6e465 100644 --- a/scripts/install +++ b/scripts/install @@ -142,6 +142,12 @@ sudo -u $app php ${final_path}/update.php --update-schema sudo systemctl start $app +#================================================= +# ADVERTISE SERVICE IN ADMIN PANEL +#================================================= + +yunohost service add $app + #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 45ff9df..72b3a69 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -131,6 +131,12 @@ chown -R $app $final_path/{cache,feed-icons,lock} ynh_add_systemd_config systemctl restart $app +#================================================= +# ADVERTISE SERVICE IN ADMIN PANEL +#================================================= + +yunohost service add $app + #================================================= # GENERIC FINALIZATION #=================================================