From 06f2ff8dd9188a7191ee37f3ac162a0cec45b70a Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Thu, 25 Nov 2021 10:22:17 +0100 Subject: [PATCH] fix --- scripts/backup | 131 +++++++++++++++------------- scripts/remove | 160 ++++++++++++++++++++++++++-------- scripts/restore | 218 +++++++++++++++++++++++++--------------------- scripts/upgrade | 225 ++++++++++++++++++++++++++++++++++++++++++++---- 4 files changed, 521 insertions(+), 213 deletions(-) diff --git a/scripts/backup b/scripts/backup index 83b0a5b..f99225d 100755 --- a/scripts/backup +++ b/scripts/backup @@ -1,101 +1,114 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -set -eu #================================================= -# GENERIC STARTING -#================================================= - +# GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= -if [ ! -e _common.sh ]; then - # Get the functions file if not present in the current directory - sudo cp ../settings/scripts/_common.sh ./_common.sh - sudo chmod a+rx _common.sh -fi -source _common.sh +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +ynh_clean_setup () { + ### Remove this function if there's nothing to clean before calling the remove script. + true +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + #================================================= # LOAD SETTINGS #================================================= +ynh_print_info --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME -port=$(ynh_app_setting_get $app port) -domain=$(ynh_app_setting_get $app domain) -is_public=$(ynh_app_setting_get $app is_public) - -wwwhome=~wwwdata -final_path="$wwwhome/$app" -#================================================= -# STANDARD BACKUP STEPS -#================================================= -# BACKUP OF THE BDD AND ITS CONFIGURATION -#================================================= - -# Backup the configuration -CHECK_SIZE "/etc/rethinkdb/instances.d/turtl.conf" -ynh_backup "/etc/rethinkdb/instances.d/turtl.conf" - -# Dump data -/usr/local/bin/rethinkdb dump -q --overwrite-file -f "$final_path/rethinkdb_dump.tar.gz" +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +domain=$(ynh_app_setting_get --app=$app --key=domain) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) +phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) +datadir=$(ynh_app_setting_get --app=$app --key=datadir) #================================================= -# BACKUP OF THE MAIN DIR OF THE APP +# DECLARE DATA AND CONF FILES TO BACKUP #================================================= -CHECK_SIZE "$final_path" -ynh_backup "$final_path" +ynh_print_info --message="Declaring files to be backed up..." + +### N.B. : the following 'ynh_backup' calls are only a *declaration* of what needs +### to be backuped and not an actual copy of any file. The actual backup that +### creates and fill the archive with the files happens in the core after this +### script is called. Hence ynh_backups calls takes basically 0 seconds to run. #================================================= -# BACKUP OF THE SYSTEMD SERVICE +# BACKUP THE APP MAIN DIR #================================================= -CHECK_SIZE "/etc/systemd/system/$app.service" -ynh_backup "/etc/systemd/system/$app.service" + +ynh_backup --src_path="$final_path" #================================================= -# BACKUP OF THE NGINX CONFIGURATION +# BACKUP THE DATA DIR #================================================= -CHECK_SIZE "/etc/nginx/conf.d/$domain.d/$app.conf" -ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" + +ynh_backup --src_path="$datadir" --is_big + +#================================================= +# BACKUP THE NGINX CONFIGURATION +#================================================= + +ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" + +#================================================= +# BACKUP THE PHP-FPM CONFIGURATION +#================================================= + +ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" + +#================================================= +# BACKUP FAIL2BAN CONFIGURATION +#================================================= + +ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" +ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" #================================================= # SPECIFIC BACKUP #================================================= -# BACKUP OF APT PREFERENCES AND SOURCES.LIST +# BACKUP LOGROTATE #================================================= -CHECK_SIZE "/etc/apt/sources.list.d/$app.list" -ynh_backup "/etc/apt/sources.list.d/$app.list" -CHECK_SIZE "/etc/apt/preferences.d/00TurtlPinning" -ynh_backup "/etc/apt/preferences.d/00TurtlPinning" +ynh_backup --src_path="/etc/logrotate.d/$app" #================================================= -# BACKUP OF CCL DIRECTORIES +# BACKUP SYSTEMD #================================================= -CHECK_SIZE "$wwwhome/.ccl-init.lisp" -ynh_backup "$wwwhome/.ccl-init.lisp" -CHECK_SIZE "$wwwhome/quicklisp" -ynh_backup "$wwwhome/quicklisp" -CHECK_SIZE "$wwwhome/.cache" -ynh_backup "$wwwhome/.cache" + +ynh_backup --src_path="/etc/systemd/system/$app.service" #================================================= -# BACKUP OF RSYSLOG CONFIGURATION +# BACKUP VARIOUS FILES #================================================= -CHECK_SIZE "/etc/rsyslog.d/$app.conf" -ynh_backup "/etc/rsyslog.d/$app.conf" + +ynh_backup --src_path="/etc/cron.d/$app" + +ynh_backup --src_path="/etc/$app/" #================================================= -# BACKUP OF LOGS +# BACKUP THE MYSQL DATABASE #================================================= -CHECK_SIZE "/var/log/turtl" -ynh_backup "/var/log/turtl" +ynh_print_info --message="Backing up the MySQL database..." + +### (However, things like MySQL dumps *do* take some time to run, though the +### copy of the generated dump to the archive still happens later) + +ynh_mysql_dump_db --database="$db_name" > db.sql #================================================= -# BACKUP OF LOGROTATE CONFIGURATION +# END OF SCRIPT #================================================= -CHECK_SIZE "/etc/logrotate.d/$app" -ynh_backup "/etc/logrotate.d/$app" + +ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." diff --git a/scripts/remove b/scripts/remove index c29960d..ec0cb08 100755 --- a/scripts/remove +++ b/scripts/remove @@ -1,9 +1,7 @@ #!/bin/bash -set -u - #================================================= -# GENERIC STARTING +# GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= @@ -14,53 +12,143 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= +ynh_script_progression --message="Loading installation settings..." --time --weight=1 app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get "$app" domain) +domain=$(ynh_app_setting_get --app=$app --key=domain) +port=$(ynh_app_setting_get --app=$app --key=port) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) +db_user=$db_name +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +datadir=$(ynh_app_setting_get --app=$app --key=datadir) #================================================= # STANDARD REMOVE #================================================= -# DISABLE SERVICE IN ADMIN PANEL +# REMOVE SERVICE INTEGRATION IN YUNOHOST #================================================= -# Retire le service du monitoring de Yunohost. -if sudo yunohost service status | grep -q turtl # Test l'existence du service dans Yunohost +# Remove the service from the list of services known by YunoHost (added from `yunohost service add`) +if ynh_exec_warn_less yunohost service status $app >/dev/null then - echo "Remove turtl service" - sudo systemctl stop turtl - sudo systemctl disable turtl - ynh_secure_remove "/etc/systemd/system/turtl.service" - sudo systemctl daemon-reload - sudo yunohost service remove turtl + ynh_script_progression --message="Removing $app service integration..." --time --weight=1 + yunohost service remove $app fi +#================================================= +# STOP AND REMOVE SERVICE +#================================================= +ynh_script_progression --message="Stopping and removing the systemd service..." --time --weight=1 + +# Remove the dedicated systemd config +ynh_remove_systemd_config + +#================================================= +# REMOVE LOGROTATE CONFIGURATION +#================================================= +ynh_script_progression --message="Removing logrotate configuration..." --time --weight=1 + +# Remove the app-specific logrotate config +ynh_remove_logrotate + +#================================================= +# REMOVE THE MYSQL DATABASE +#================================================= +ynh_script_progression --message="Removing the MySQL database..." --time --weight=1 + +# Remove a database if it exists, along with the associated user +ynh_mysql_remove_db --db_user=$db_user --db_name=$db_name + +#================================================= +# REMOVE DEPENDENCIES +#================================================= +ynh_script_progression --message="Removing dependencies..." --time --weight=1 + +# Remove metapackage and its dependencies +ynh_remove_app_dependencies + +#================================================= +# REMOVE APP MAIN DIR +#================================================= +ynh_script_progression --message="Removing app main directory..." --time --weight=1 + +# Remove the app directory securely +ynh_secure_remove --file="$final_path" + +#================================================= +# REMOVE DATA DIR +#================================================= + +# Remove the data directory if --purge option is used +if [ "${YNH_APP_PURGE:-0}" -eq 1 ] +then + ynh_script_progression --message="Removing app data directory..." --time --weight=1 + ynh_secure_remove --file="$datadir" +fi + +#================================================= +# REMOVE NGINX CONFIGURATION +#================================================= +ynh_script_progression --message="Removing NGINX web server configuration..." --time --weight=1 + +# Remove the dedicated NGINX config +ynh_remove_nginx_config + +#================================================= +# REMOVE PHP-FPM CONFIGURATION +#================================================= +ynh_script_progression --message="Removing PHP-FPM configuration..." --time --weight=1 + +# Remove the dedicated PHP-FPM config +ynh_remove_fpm_config + +#================================================= +# CLOSE A PORT +#================================================= + +if yunohost firewall list | grep -q "\- $port$" +then + ynh_script_progression --message="Closing port $port..." --time --weight=1 + ynh_exec_warn_less yunohost firewall disallow TCP $port +fi + +#================================================= +# REMOVE FAIL2BAN CONFIGURATION +#================================================= +ynh_script_progression --message="Removing Fail2ban configuration..." --time --weight=1 + +# Remove the dedicated Fail2Ban config +ynh_remove_fail2ban_config + #================================================= # SPECIFIC REMOVE #================================================= -# REMOVE TURTL +# REMOVE VARIOUS FILES #================================================= -# Remove sources -sudo rm -rf "/var/www/$app/" -# Remove dependencies -sudo pip uninstall rethinkdb -y -ynh_remove_app_dependencies -ynh_secure_remove "/etc/rethinkdb/instances.d/turtl.conf" -sudo rm -rf "/var/lib/rethinkdb/turtl" -sudo rm -rf "/var/www/.cache/" -sudo rm -rf "/var/www/quicklisp/" -sudo rm -rf "/opt/ccl/" -ynh_secure_remove "/var/www/.ccl-init.lisp" -ynh_secure_remove "/usr/bin/ccl" -ynh_secure_remove "/etc/logrotate.d/turtl" -ynh_secure_remove "/etc/rsyslog.d/turtl.conf" -sudo rm -rf "/var/log/turtl/" -sudo service rsyslog restart -# Remove source.list -ynh_secure_remove "/etc/apt/sources.list.d/turtl.list" -# Remove nginx configuration file -ynh_secure_remove "/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_script_progression --message="Removing various files..." --time --weight=1 -# Reload nginx service -sudo service nginx reload +# Remove a cron file +ynh_secure_remove --file="/etc/cron.d/$app" + +# Remove a directory securely +ynh_secure_remove --file="/etc/$app" + +# Remove the log files +ynh_secure_remove --file="/var/log/$app" + +#================================================= +# GENERIC FINALIZATION +#================================================= +# REMOVE DEDICATED USER +#================================================= +ynh_script_progression --message="Removing the dedicated system user..." --time --weight=1 + +# Delete a system user +ynh_system_user_delete --username=$app + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Removal of $app completed" --time --last diff --git a/scripts/restore b/scripts/restore index 12ed6df..efaa477 100755 --- a/scripts/restore +++ b/scripts/restore @@ -6,162 +6,182 @@ # IMPORT GENERIC HELPERS #================================================= -if [ ! -e _common.sh ]; then - # Get the _common.sh file if it's not in the current directory - cp ../settings/scripts/_common.sh ./_common.sh - chmod a+rx _common.sh -fi -source _common.sh +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers #================================================= # MANAGE SCRIPT FAILURE #================================================= +ynh_clean_setup () { + #### Remove this function if there's nothing to clean before calling the remove script. + true +} # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= +ynh_script_progression --message="Loading installation settings..." --time --weight=1 app=$YNH_APP_INSTANCE_NAME -path=$(ynh_app_setting_get $app path) -port=$(ynh_app_setting_get $app port) -domain=$(ynh_app_setting_get $app domain) -is_public=$(ynh_app_setting_get $app is_public) - -wwwhome=~wwwdata -final_path="$wwwhome/$app" +domain=$(ynh_app_setting_get --app=$app --key=domain) +path_url=$(ynh_app_setting_get --app=$app --key=path) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) +db_user=$db_name +phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) +datadir=$(ynh_app_setting_get --app=$app --key=datadir) #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= +ynh_script_progression --message="Validating restoration parameters..." --time --weight=1 -yunohost app checkurl "${domain}${path_url}" -a "$app" \ test ! -d $final_path \ - || ynh_die "There is already a directory: $final_path " + || ynh_die --message="There is already a directory: $final_path " #================================================= -# RESTORE OF THE NGINX CONFIGURATION +# STANDARD RESTORATION STEPS #================================================= -ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" +# RESTORE THE NGINX CONFIGURATION +#================================================= +ynh_script_progression --message="Restoring the NGINX configuration..." --time --weight=1 + +ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= -# RESTORE OF THE MAIN DIR OF THE APP +# RECREATE THE DEDICATED USER #================================================= -ynh_restore_file "$final_path" +ynh_script_progression --message="Recreating the dedicated system user..." --time --weight=1 + +# Create the dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" #================================================= -# HANDLE LOG FILES AND LOGROTATE +# RESTORE THE APP MAIN DIR #================================================= -mkdir -p /var/log/turtl -# Restore rsyslog conf -ynh_restore_file "/etc/rsyslog.d/$app.conf" -# Restore logrotate conf -ynh_restore_file "/etc/logrotate.d/$app" +ynh_script_progression --message="Restoring the app main directory..." --time --weight=1 + +ynh_restore_file --origin_path="$final_path" + +# FIXME: this should be managed by the core in the future +# Here, as a packager, you may have to tweak the ownerhsip/permissions +# such that the appropriate users (e.g. maybe www-data) can access +# files in some cases. +# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder - +# this will be treated as a security issue. +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" #================================================= -# APT STUFF +# RESTORE THE DATA DIRECTORY #================================================= -ynh_restore_file "/etc/apt/sources.list.d/$app.list" -ynh_restore_file "/etc/apt/preferences.d/00TurtlPinning" +ynh_script_progression --message="Restoring the data directory..." --time --weight=1 + +ynh_restore_file --origin_path="$datadir" --not_mandatory + +mkdir -p $datadir + +# FIXME: this should be managed by the core in the future +# Here, as a packager, you may have to tweak the ownerhsip/permissions +# such that the appropriate users (e.g. maybe www-data) can access +# files in some cases. +# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder - +# this will be treated as a security issue. +chmod 750 "$datadir" +chmod -R o-rwx "$datadir" +chown -R $app:www-data "$datadir" #================================================= -# INSTALL DEPENDENCIES +# RESTORE THE PHP-FPM CONFIGURATION #================================================= -ynh_package_update -if ! ynh_package_is_installed "wget" ; then - ynh_install_app_dependencies wget -fi -if ! ynh_package_is_installed "git" ; then - ynh_install_app_dependencies git -fi +ynh_script_progression --message="Restoring the PHP-FPM configuration..." --time --weight=1 + +ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" #================================================= -# INSTALL CCL +# RESTORE FAIL2BAN CONFIGURATION #================================================= -cd /opt -if [ $archi == "armv7l" ] -then - wget -q ftp://ftp.clozure.com/pub/release/1.11/ccl-1.11-linuxarm.tar.gz - tar xf ccl-1.11-linuxarm.tar.gz -else - wget -q ftp://ftp.clozure.com/pub/release/1.11/ccl-1.11-linuxx86.tar.gz - tar xf ccl-1.11-linuxx86.tar.gz -fi +ynh_script_progression --message="Restoring the Fail2Ban configuration..." --time --weight=1 -cd ccl -if [ $(grep -c "flags.* lm .*" /proc/cpuinfo) -eq 0 ] -then - cp scripts/ccl /usr/bin/ccl -else - cp scripts/ccl64 /usr/bin/ccl -fi -sed -e "s@CCL_DEFAULT_DIRECTORY=/usr/local/src/ccl@CCL_DEFAULT_DIRECTORY=/opt/ccl@" -i /usr/bin/ccl - -# Install some dependencies -if [ $archi == "armv7l" ] -then - gpg --keyserver pgpkeys.mit.edu --recv-key 7638D0442B90D010 - gpg -a --export 7638D0442B90D010 | apt-key add - -fi -if ! ynh_package_is_installed "build-essential" ; then - ynh_install_app_dependencies build-essential -fi -ynh_install_app_dependencies libuv1-dev - -ynh_restore_file "$wwwhome/.ccl-init.lisp" -ynh_restore_file "$wwwhome/quicklisp" -ynh_restore_file "$wwwhome/.cache" +ynh_restore_file "/etc/fail2ban/jail.d/$app.conf" +ynh_restore_file "/etc/fail2ban/filter.d/$app.conf" +ynh_systemd_action --action=restart --service_name=fail2ban #================================================= -# INSTALL Rethinkdb +# SPECIFIC RESTORATION #================================================= -if [ $archi == "armv7l" ] -then - dpkg -i ../conf/rethinkdb_2.3.6_armhf.deb -else - release=$(lsb_release -cs) - echo "deb http://download.rethinkdb.com/apt $release main" | tee /etc/apt/sources.list.d/rethinkdb.list - wget -qO- https://download.rethinkdb.com/apt/pubkey.gpg | apt-key add - - ynh_package_update - ynh_install_app_dependencies rethinkdb -fi +# REINSTALL DEPENDENCIES +#================================================= +ynh_script_progression --message="Reinstalling dependencies..." --time --weight=1 -echo "http-port=8091" > /etc/rethinkdb/instances.d/turtl.conf -service rethinkdb restart - -# Install RethinkDB tools (needed for backup) -ynh_install_app_dependencies python-pip -pip install rethinkdb +# Define and install dependencies +ynh_install_app_dependencies $pkg_dependencies #================================================= -# RESTORE OF THE BDD +# RESTORE THE MYSQL DATABASE #================================================= -/usr/local/bin/rethinkdb restore "$final_path/rethinkdb_dump.tar.gz" +ynh_script_progression --message="Restoring the MySQL database..." --time --weight=1 + +db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) +ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd +ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql #================================================= -# RESTORE SYSTEMD SERVICE +# RESTORE VARIOUS FILES #================================================= +ynh_script_progression --message="Restoring various files..." --time --weight=1 -ynh_restore_file "/etc/systemd/system/$app.service" -systemctl daemon-reload -systemctl enable $app.service +ynh_restore_file --origin_path="/etc/cron.d/$app" + +ynh_restore_file --origin_path="/etc/$app/" #================================================= -# ENABLE SERVICE IN ADMIN PANEL +# RESTORE SYSTEMD #================================================= -systemctl daemon-reload -yunohost service add turtl --log "/var/log/turtl/$app.log" +ynh_script_progression --message="Restoring the systemd configuration..." --time --weight=1 + +ynh_restore_file --origin_path="/etc/systemd/system/$app.service" +systemctl enable $app.service --quiet #================================================= -# START SERVICE +# RESTORE THE LOGROTATE CONFIGURATION #================================================= -yunohost service start turtl +ynh_script_progression --message="Restoring the logrotate configuration..." --time --weight=1 + +ynh_restore_file --origin_path="/etc/logrotate.d/$app" #================================================= -# RELOAD NGINX +# INTEGRATE SERVICE IN YUNOHOST #================================================= -systemctl reload nginx +ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1 + +yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log" + +#================================================= +# START SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Starting a systemd service..." --time --weight=1 + +ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" + +#================================================= +# GENERIC FINALIZATION +#================================================= +# RELOAD NGINX AND PHP-FPM +#================================================= +ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." --time --weight=1 + +ynh_systemd_action --service_name=php$phpversion-fpm --action=reload +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Restoration completed for $app" --time --last diff --git a/scripts/upgrade b/scripts/upgrade index f79ea38..855b543 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,9 +1,7 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -set -eu #================================================= -# GENERIC STARTING +# GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= @@ -14,39 +12,228 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= +ynh_script_progression --message="Loading installation settings..." --time --weight=1 app=$YNH_APP_INSTANCE_NAME -path=$(ynh_app_setting_get $app path) -port=$(ynh_app_setting_get $app port) -domain=$(ynh_app_setting_get $app domain) -is_public=$(ynh_app_setting_get $app path) +domain=$(ynh_app_setting_get --app=$app --key=domain) +path_url=$(ynh_app_setting_get --app=$app --key=path) +admin=$(ynh_app_setting_get --app=$app --key=admin) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +language=$(ynh_app_setting_get --app=$app --key=language) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) #================================================= -# FIX OLD THINGS +# CHECK VERSION #================================================= -cp ../conf/rsyslogd.conf /etc/rsyslog.d/turtl.conf -service rsyslog restart -cp ../conf/logrotate.conf /etc/logrotate.d/turtl + +### This helper will compare the version of the currently installed app and the version of the upstream package. +### $upgrade_type can have 2 different values +### - UPGRADE_APP if the upstream app version has changed +### - UPGRADE_PACKAGE if only the YunoHost package has changed +### ynh_check_app_version_changed will stop the upgrade if the app is up to date. +### UPGRADE_APP should be used to upgrade the core app only if there's an upgrade to do. +upgrade_type=$(ynh_check_app_version_changed) #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --time --weight=1 + # Backup the current version of the app ynh_backup_before_upgrade ynh_clean_setup () { - # restore it if the upgrade fails - ynh_restore_upgradebackup + # Restore it if the upgrade fails + ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script ynh_abort_if_errors -#================================================= -# CHECK THE PATH -#================================================= -# Verify and correct path syntax -path_url=$(ynh_normalize_url_path $path_url) # VĂ©rifie et corrige la syntaxe du path. - #================================================= # STANDARD UPGRADE STEPS #================================================= +# STOP SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Stopping a systemd service..." --time --weight=1 + +ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" + +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= +ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1 + +# +# N.B. : the followings setting migrations snippets are provided as *EXAMPLES* +# of what you may want to do in some cases (e.g. a setting was not defined on +# some legacy installs and you therefore want to initiaze stuff during upgrade) +# + +# If db_name doesn't exist, create it +#if [ -z "$db_name" ]; then +# db_name=$(ynh_sanitize_dbid --db_name=$app) +# ynh_app_setting_set --app=$app --key=db_name --value=$db_name +#fi + +# If final_path doesn't exist, create it +#if [ -z "$final_path" ]; then +# final_path=/var/www/$app +# ynh_app_setting_set --app=$app --key=final_path --value=$final_path +#fi + +### If nobody installed your app before 4.1, +### then you may safely remove these lines + +# Cleaning legacy permissions +if ynh_legacy_permissions_exists; then + ynh_legacy_permissions_delete_all + + ynh_app_setting_delete --app=$app --key=is_public +fi + +if ! ynh_permission_exists --permission="admin"; then + # Create the required permissions + ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin +fi + +# Create a permission if needed +if ! ynh_permission_exists --permission="api"; then + ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true" +fi + +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." --time --weight=1 + +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= + +if [ "$upgrade_type" == "UPGRADE_APP" ] +then + ynh_script_progression --message="Upgrading source files..." --time --weight=1 + + # Download, check integrity, uncompress and patch the source from app.src + ynh_setup_source --dest_dir="$final_path" +fi + +# FIXME: this should be managed by the core in the future +# Here, as a packager, you may have to tweak the ownerhsip/permissions +# such that the appropriate users (e.g. maybe www-data) can access +# files in some cases. +# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder - +# this will be treated as a security issue. +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + +#================================================= +# NGINX CONFIGURATION +#================================================= +ynh_script_progression --message="Upgrading NGINX web server configuration..." --time --weight=1 + +# Create a dedicated NGINX config +ynh_add_nginx_config + +#================================================= +# UPGRADE DEPENDENCIES +#================================================= +ynh_script_progression --message="Upgrading dependencies..." --time --weight=1 + +ynh_install_app_dependencies $pkg_dependencies + +#================================================= +# PHP-FPM CONFIGURATION +#================================================= +ynh_script_progression --message="Upgrading PHP-FPM configuration..." --time --weight=1 + +# Create a dedicated PHP-FPM config +ynh_add_fpm_config + +#================================================= +# SPECIFIC UPGRADE +#================================================= +# ... +#================================================= + +#================================================= +# UPDATE A CONFIG FILE +#================================================= +ynh_script_progression --message="Updating a configuration file..." --time --weight=1 + +### Same as during install +### +### The file will automatically be backed-up if it's found to be manually modified (because +### ynh_add_config keeps track of the file's checksum) + +ynh_add_config --template="some_config_file" --destination="$final_path/some_config_file" + +# FIXME: this should be handled by the core in the future +# You may need to use chmod 600 instead of 400, +# for example if the app is expected to be able to modify its own config +chmod 400 "$final_path/some_config_file" +chown $app:$app "$final_path/some_config_file" + +### For more complex cases where you want to replace stuff using regexes, +### you shoud rely on ynh_replace_string (which is basically a wrapper for sed) +### When doing so, you also need to manually call ynh_store_file_checksum +### +### ynh_replace_string --match_string="match_string" --replace_string="replace_string" --target_file="$final_path/some_config_file" +### ynh_store_file_checksum --file="$final_path/some_config_file" + +#================================================= +# SETUP SYSTEMD +#================================================= +ynh_script_progression --message="Upgrading systemd configuration..." --time --weight=1 + +# Create a dedicated systemd config +ynh_add_systemd_config + +#================================================= +# GENERIC FINALIZATION +#================================================= +# SETUP LOGROTATE +#================================================= +ynh_script_progression --message="Upgrading logrotate configuration..." --time --weight=1 + +# Use logrotate to manage app-specific logfile(s) +ynh_use_logrotate --non-append + +#================================================= +# INTEGRATE SERVICE IN YUNOHOST +#================================================= +ynh_script_progression --message="Integrating service in YunoHost..." --time --weight=1 + +yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log" + +#================================================= +# START SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Starting a systemd service..." --time --weight=1 + +ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" + +#================================================= +# UPGRADE FAIL2BAN +#================================================= +ynh_script_progression --message="Reconfiguring Fail2Ban..." --time --weight=1 + +# Create a dedicated Fail2Ban config +ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" + +#================================================= +# RELOAD NGINX +#================================================= +ynh_script_progression --message="Reloading NGINX web server..." --time --weight=1 + +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Upgrade of $app completed" --time --last