YunoHost-Apps/wallabag2_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/wallabag2_ynh.git synced 2024-10-01 13:35:06 +02:00
Code Issues Activity Actions

Fix upgrade, use more forthcoming helpers

Browse source
This commit is contained in:
Jimmy Monin 2017-05-06 11:34:04 +02:00
parent fd00882e7c
commit 3439a80c22
11 changed files with 438 additions and 263 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
conf/app.src Normal file
View file

@ -0,0 +1,3 @@
SOURCE_URL=https://static.wallabag.org/releases/wallabag-release-2.2.2.tar.gz
SOURCE_SUM=40d98bd556116dbc28f92339f0e5b93836ece87dcb01e7aaa628ea98855a1f51
ARCH_FORMAT=tar.gz

20
conf/nginx_sub_dir.conf → conf/nginx.conf
View file

@ -1,19 +1,19 @@
location {LOCATION}/ { location __PATH__/ {
alias {DESTDIR}/web/; alias __FINALPATH__/web/;
if ($scheme = http) { if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent; rewrite ^ https://$server_name$request_uri? permanent;
} }
try_files $uri @{APP}; try_files $uri @__NAME__;
location ~ ^{PATH}/app\.php(/|$) { location ~ ^__PATH__/app\.php(/|$) {
include fastcgi_params; include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.*)$; fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param REMOTE_USER $remote_user; fastcgi_param REMOTE_USER $remote_user;
fastcgi_pass unix:/var/run/php5-fpm-{POOLNAME}.sock; fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock;
fastcgi_intercept_errors on; fastcgi_intercept_errors on;
} }
@ -27,11 +27,11 @@ location {LOCATION}/ {
include conf.d/yunohost_panel.conf.inc; include conf.d/yunohost_panel.conf.inc;
} }
location @{APP} { location @__NAME__ {
rewrite ^ {PATH}/app.php/$is_args$args; rewrite ^ __PATH__/app.php/$is_args$args;
} }
location {LOCATION} { #noroot location __PATH__ {
return 301 {LOCATION}/; #noroot return 301 __PATH__/;
} #noroot }

32
conf/nginx_root.conf
View file

@ -1,32 +0,0 @@
location {LOCATION} {
alias {DESTDIR}/web/;
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
try_files $uri @{APP};
location ~ ^{PATH}/app\.php(/|$) {
include fastcgi_params;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
fastcgi_param SCRIPT_FILENAME $request_filename;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param REMOTE_USER $remote_user;
fastcgi_pass unix:/var/run/php5-fpm-{POOLNAME}.sock;
fastcgi_intercept_errors on;
}
# return 404 for all other php files not matching the front controller
# this prevents access to other php files you don't want to be accessible.
location ~ \.php$ {
return 404;
}
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;
}
location @{APP} {
rewrite ^ {PATH}/app.php/$is_args$args;
}

10
conf/php-fpm.conf
View file

@ -1,7 +1,7 @@
; Start a new pool named 'www'. ; Start a new pool named 'www'.
; the variable $pool can we used in any directive and will be replaced by the ; the variable $pool can we used in any directive and will be replaced by the
; pool name ('www' here) ; pool name ('www' here)
[{POOLNAME}] [__NAMETOCHANGE__]
; Per pool prefix ; Per pool prefix
; It only applies on the following directives: ; It only applies on the following directives:
@ -19,8 +19,8 @@
; Unix user/group of processes ; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group ; Note: The user is mandatory. If the group is not set, the default user's group
; will be used. ; will be used.
user = {USER} user = __USER__
group = {USER} group = __USER__
; The address on which to accept FastCGI requests. ; The address on which to accept FastCGI requests.
; Valid syntaxes are: ; Valid syntaxes are:
@ -30,7 +30,7 @@ group = {USER}
; specific port; ; specific port;
; '/path/to/unix/socket' - to listen on a unix socket. ; '/path/to/unix/socket' - to listen on a unix socket.
; Note: This value is mandatory. ; Note: This value is mandatory.
listen = /var/run/php5-fpm-{POOLNAME}.sock listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock
; Set listen(2) backlog. ; Set listen(2) backlog.
; Default Value: 128 (-1 on FreeBSD and OpenBSD) ; Default Value: 128 (-1 on FreeBSD and OpenBSD)
@ -340,7 +340,7 @@ request_terminate_timeout = 1d
; Chdir to this directory at the start. ; Chdir to this directory at the start.
; Note: relative path can be used. ; Note: relative path can be used.
; Default Value: current directory or / when chroot ; Default Value: current directory or / when chroot
chdir = {DESTDIR} chdir = __FINALPATH__
; Redirect worker stdout and stderr into main error log. If not set, stdout and ; Redirect worker stdout and stderr into main error log. If not set, stdout and
; stderr will be redirected to /dev/null according to FastCGI specs. ; stderr will be redirected to /dev/null according to FastCGI specs.

368
scripts/_common.sh
View file

@ -2,28 +2,9 @@
# Common variables # Common variables
# #
# Wallabag version
VERSION="2.2.2"
# Package dependencies # Package dependencies
PKG_DEPENDENCIES="php5-cli php5-mysql php5-json php5-gd php5-tidy php5-curl php-gettext redis-server" PKG_DEPENDENCIES="php5-cli php5-mysql php5-json php5-gd php5-tidy php5-curl php-gettext redis-server"
# Full Wallabag sources tarball URL
WALLABAG_SOURCE_URL="https://static.wallabag.org/releases/wallabag-release-${VERSION}.tar.gz"
# Full Wallabag sources tarball checksum
WALLABAG_SOURCE_SHA256="40d98bd556116dbc28f92339f0e5b93836ece87dcb01e7aaa628ea98855a1f51"
# App package root directory should be the parent folder
PKGDIR=$(cd ../; pwd)
#
# Common helpers
#
# Source app helpers
. /usr/share/yunohost/helpers
# Execute a command as another user # Execute a command as another user
# usage: exec_as USER COMMAND [ARG ...] # usage: exec_as USER COMMAND [ARG ...]
exec_as() { exec_as() {
@ -47,29 +28,6 @@ exec_console() {
exec_as "$AS_USER" php "$WORKDIR/bin/console" --no-interaction --env=prod "$@" exec_as "$AS_USER" php "$WORKDIR/bin/console" --no-interaction --env=prod "$@"
} }
# Download and extract Wallabag sources to the given directory
# usage: extract_wallabag DESTDIR [AS_USER]
extract_wallabag() {
local DESTDIR=$1
local AS_USER=${2:-$USER}
# retrieve and extract Roundcube tarball
wb_tarball="/tmp/wallabag.tar.gz"
rm -f "$wb_tarball"
wget -q -O "$wb_tarball" "$WALLABAG_SOURCE_URL" \
|| ynh_die "Unable to download Wallabag tarball"
echo "$WALLABAG_SOURCE_SHA256 $wb_tarball" | sha256sum -c >/dev/null \
|| ynh_die "Invalid checksum of downloaded tarball"
exec_as "$AS_USER" tar xf "$wb_tarball" -C "$DESTDIR" --strip-components 1 \
|| ynh_die "Unable to extract Wallabag tarball"
rm -f "$wb_tarball"
# apply patches
(cd "$DESTDIR" \
&& for p in ${PKGDIR}/patches/*.patch; do patch -p1 < $p; done) \
|| ynh_die "Unable to apply patches to Wallabag"
}
WARNING () { # Print on error output WARNING () { # Print on error output
$@ >&2 $@ >&2
} }
@ -96,11 +54,6 @@ CHECK_SIZE () { # Check if enough disk space available on backup storage
fi fi
} }
CHECK_USER () { # Check user validity
# $1 = User
ynh_user_exists "$1" || ynh_die "Wrong user"
}
CHECK_DOMAINPATH () { # Check domain/path availability CHECK_DOMAINPATH () { # Check domain/path availability
sudo yunohost app checkurl $domain$path_url -a $app sudo yunohost app checkurl $domain$path_url -a $app
} }
@ -110,36 +63,6 @@ CHECK_FINALPATH () { # Check if destination directory already exists
test ! -e "$final_path" || ynh_die "This path already contains a folder" test ! -e "$final_path" || ynh_die "This path already contains a folder"
} }
BACKUP_FAIL_UPGRADE () {
WARNING echo "Upgrade failed."
app_bck=${app//_/-} # Replace all '_' by '-'
if sudo yunohost backup list | grep -q $app_bck-pre-upgrade$backup_number; then # Check if existing archive before removing app and restoring
sudo yunohost app remove $app # Remove app before restoring it
sudo yunohost backup restore --ignore-hooks $app_bck-pre-upgrade$backup_number --apps $app --force # Restore the backup if upgrade failed
ynh_die "The app was restored to the way it was before the failed upgrade."
fi
}
BACKUP_BEFORE_UPGRADE () { # Backup the current version of the app, restore it if the upgrade fails
backup_number=1
old_backup_number=2
app_bck=${app//_/-} # Replace all '_' by '-'
if sudo yunohost backup list | grep -q $app_bck-pre-upgrade1; then # Check for existing archive numbered 1
backup_number=2 # And change archive number to 2
old_backup_number=1
fi
sudo yunohost backup create --ignore-hooks --apps $app --name $app_bck-pre-upgrade$backup_number # Create a backup different from the existing one
if [ "$?" -eq 0 ]; then # If backup succfessful, delete former archive
if sudo yunohost backup list | grep -q $app_bck-pre-upgrade$old_backup_number; then # Check for existing archive before removing it
QUIET sudo yunohost backup delete $app_bck-pre-upgrade$old_backup_number
fi
else # If backup failed
ynh_die "Backup failed, the upgrade process was aborted."
fi
}
#================================================= #=================================================
# FUTURE YUNOHOST HELPERS - TO BE REMOVED LATER # FUTURE YUNOHOST HELPERS - TO BE REMOVED LATER
#================================================= #=================================================
@ -341,4 +264,295 @@ ynh_system_user_delete () {
else else
echo "The user $1 was not found" >&2 echo "The user $1 was not found" >&2
fi fi
}
# Restore a previous backup if the upgrade process failed
#
# usage:
# ynh_backup_before_upgrade
# ynh_clean_setup () {
# ynh_backup_after_failed_upgrade
# }
# ynh_abort_if_errors
#
ynh_backup_after_failed_upgrade () {
echo "Upgrade failed." >&2
app_bck=${app//_/-} # Replace all '_' by '-'
# Check if a existing backup can be found before remove and restore the application.
if sudo yunohost backup list | grep -q $app_bck-pre-upgrade$backup_number
then
# Remove the application then restore it
sudo yunohost app remove $app
# Restore the backup if the upgrade failed
sudo yunohost backup restore --ignore-hooks $app_bck-pre-upgrade$backup_number --apps $app --force
ynh_die "The app was restored to the way it was before the failed upgrade."
fi
}
# Make a backup in case of failed upgrade
#
# usage:
# ynh_backup_before_upgrade
# ynh_clean_setup () {
# ynh_backup_after_failed_upgrade
# }
# ynh_abort_if_errors
#
ynh_backup_before_upgrade () {
backup_number=1
old_backup_number=2
app_bck=${app//_/-} # Replace all '_' by '-'
# Check if a backup already exist with the prefix 1.
if sudo yunohost backup list | grep -q $app_bck-pre-upgrade1
then
# Prefix become 2 to preserve the previous backup
backup_number=2
old_backup_number=1
fi
# Create another backup
sudo yunohost backup create --ignore-hooks --apps $app --name $app_bck-pre-upgrade$backup_number
if [ "$?" -eq 0 ]
then
# If the backup succedded, remove the previous backup
if sudo yunohost backup list | grep -q $app_bck-pre-upgrade$old_backup_number
then
# Remove the previous backup only if it exists
sudo yunohost backup delete $app_bck-pre-upgrade$old_backup_number > /dev/null
fi
else
ynh_die "Backup failed, the upgrade process was aborted."
fi
}
# Create a dedicated nginx config
#
# usage: ynh_add_nginx_config
ynh_add_nginx_config () {
finalnginxconf="/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_backup_if_checksum_is_different "$finalnginxconf" 1
sudo cp ../conf/nginx.conf "$finalnginxconf"
# To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable.
# Substitute in a nginx config file only if the variable is not empty
if test -n "${path_url:-}"; then
ynh_replace_string "__PATH__" "$path_url" "$finalnginxconf"
fi
if test -n "${domain:-}"; then
ynh_replace_string "__DOMAIN__" "$domain" "$finalnginxconf"
fi
if test -n "${port:-}"; then
ynh_replace_string "__PORT__" "$port" "$finalnginxconf"
fi
if test -n "${app:-}"; then
ynh_replace_string "__NAME__" "$app" "$finalnginxconf"
fi
if test -n "${final_path:-}"; then
ynh_replace_string "__FINALPATH__" "$final_path" "$finalnginxconf"
fi
ynh_store_file_checksum "$finalnginxconf"
sudo systemctl reload nginx
}
# Remove the dedicated nginx config
#
# usage: ynh_remove_nginx_config
ynh_remove_nginx_config () {
ynh_secure_remove "/etc/nginx/conf.d/$domain.d/$app.conf"
sudo systemctl reload nginx
}
# Create a dedicated php-fpm config
#
# usage: ynh_add_fpm_config
ynh_add_fpm_config () {
finalphpconf="/etc/php5/fpm/pool.d/$app.conf"
ynh_backup_if_checksum_is_different "$finalphpconf" 1
sudo cp ../conf/php-fpm.conf "$finalphpconf"
ynh_replace_string "__NAMETOCHANGE__" "$app" "$finalphpconf"
ynh_replace_string "__FINALPATH__" "$final_path" "$finalphpconf"
ynh_replace_string "__USER__" "$app" "$finalphpconf"
sudo chown root: "$finalphpconf"
ynh_store_file_checksum "$finalphpconf"
if [ -e "../conf/php-fpm.ini" ]
then
finalphpini="/etc/php5/fpm/conf.d/20-$app.ini"
ynh_backup_if_checksum_is_different "$finalphpini" 1
sudo cp ../conf/php-fpm.ini "$finalphpini"
sudo chown root: "$finalphpini"
ynh_store_file_checksum "$finalphpini"
fi
sudo systemctl reload php5-fpm
}
# Remove the dedicated php-fpm config
#
# usage: ynh_remove_fpm_config
ynh_remove_fpm_config () {
ynh_secure_remove "/etc/php5/fpm/pool.d/$app.conf"
ynh_secure_remove "/etc/php5/fpm/conf.d/20-$app.ini" 2>&1
sudo systemctl reload php5-fpm
}
# Calculate and store a file checksum into the app settings
#
# $app should be defined when calling this helper
#
# usage: ynh_store_file_checksum file
# | arg: file - The file on which the checksum will performed, then stored.
ynh_store_file_checksum () {
local checksum_setting_name=checksum_${1//[\/ ]/_} # Replace all '/' and ' ' by '_'
ynh_app_setting_set $app $checksum_setting_name $(sudo md5sum "$1" | cut -d' ' -f1)
}
# Verify the checksum and backup the file if it's different
# This helper is primarily meant to allow to easily backup personalised/manually
# modified config files.
#
# $app should be defined when calling this helper
#
# usage: ynh_backup_if_checksum_is_different file [compress]
# | arg: file - The file on which the checksum test will be perfomed.
# | arg: compress - 1 to compress the backup instead of a simple copy
# A compression is needed for a file which will be analyzed even if its name is different.
#
# | ret: Return the name a the backup file, or nothing
ynh_backup_if_checksum_is_different () {
local file=$1
local compress_backup=${2:-0} # If $2 is empty, compress_backup will set at 0
local checksum_setting_name=checksum_${file//[\/ ]/_} # Replace all '/' and ' ' by '_'
local checksum_value=$(ynh_app_setting_get $app $checksum_setting_name)
if [ -n "$checksum_value" ]
then # Proceed only if a value was stored into the app settings
if ! echo "$checksum_value $file" | sudo md5sum -c --status
then # If the checksum is now different
backup_file="$file.backup.$(date '+%d.%m.%y_%Hh%M,%Ss')"
if [ $compress_backup -eq 1 ]
then
sudo tar --create --gzip --file "$backup_file.tar.gz" "$file" # Backup the current file and compress
backup_file="$backup_file.tar.gz"
else
sudo cp -a "$file" "$backup_file" # Backup the current file
fi
echo "File $file has been manually modified since the installation or last upgrade. So it has been duplicated in $backup_file" >&2
echo "$backup_file" # Return the name of the backup file
fi
fi
}
YNH_EXECUTION_DIR=$(pwd)
# Download, check integrity, uncompress and patch the source from app.src
#
# The file conf/app.src need to contains:
#
# SOURCE_URL=Address to download the app archive
# SOURCE_SUM=Control sum
# # (Optional) Programm to check the integrity (sha256sum, md5sum$YNH_EXECUTION_DIR/...)
# # default: sha256
# SOURCE_SUM_PRG=sha256
# # (Optional) Archive format
# # default: tar.gz
# SOURCE_FORMAT=tar.gz
# # (Optional) Put false if source are directly in the archive root
# # default: true
# SOURCE_IN_SUBDIR=false
# # (Optionnal) Name of the local archive (offline setup support)
# # default: ${src_id}.${src_format}
# SOURCE_FILENAME=example.tar.gz
#
# Details:
# This helper download sources from SOURCE_URL if there is no local source
# archive in /opt/yunohost-apps-src/APP_ID/SOURCE_FILENAME
#
# Next, it check the integrity with "SOURCE_SUM_PRG -c --status" command.
#
# If it's ok, the source archive will be uncompress in $dest_dir. If the
# SOURCE_IN_SUBDIR is true, the first level directory of the archive will be
# removed.
#
# Finally, patches named sources/patches/${src_id}-*.patch and extra files in
# sources/extra_files/$src_id will be applyed to dest_dir
#
#
# usage: ynh_setup_source dest_dir [source_id]
# | arg: dest_dir - Directory where to setup sources
# | arg: source_id - Name of the app, if the package contains more than one app
ynh_setup_source () {
local dest_dir=$1
local src_id=${2:-app} # If the argument is not given, source_id equal "app"
# Load value from configuration file (see above for a small doc about this file
# format)
local src_url=$(grep 'SOURCE_URL=' "$YNH_EXECUTION_DIR/../conf/${src_id}.src" | cut -d= -f2-)
local src_sum=$(grep 'SOURCE_SUM=' "$YNH_EXECUTION_DIR/../conf/${src_id}.src" | cut -d= -f2-)
local src_sumprg=$(grep 'SOURCE_SUM_PRG=' "$YNH_EXECUTION_DIR/../conf/${src_id}.src" | cut -d= -f2-)
local src_format=$(grep 'SOURCE_FORMAT=' "$YNH_EXECUTION_DIR/../conf/${src_id}.src" | cut -d= -f2-)
local src_in_subdir=$(grep 'SOURCE_IN_SUBDIR=' "$YNH_EXECUTION_DIR/../conf/${src_id}.src" | cut -d= -f2-)
local src_filename=$(grep 'SOURCE_FILENAME=' "$YNH_EXECUTION_DIR/../conf/${src_id}.src" | cut -d= -f2-)
# Default value
src_sumprg=${src_sumprg:-sha256sum}
src_in_subdir=${src_in_subdir:-true}
src_format=${src_format:-tar.gz}
src_format=$(echo "$src_format" | tr '[:upper:]' '[:lower:]')
if [ "$src_filename" = "" ] ; then
src_filename="${src_id}.${src_format}"
fi
local local_src="/opt/yunohost-apps-src/${YNH_APP_ID}/${src_filename}"
if test -e "$local_src"
then # Use the local source file if it is present
cp $local_src $src_filename
else # If not, download the source
wget -nv -O $src_filename $src_url
fi
# Check the control sum
echo "${src_sum} ${src_filename}" | ${src_sumprg} -c --status \
|| ynh_die "Corrupt source"
# Extract source into the app dir
mkdir -p "$dest_dir"
if [ "$src_format" = "zip" ]
then
# Zip format
# Using of a temp directory, because unzip doesn't manage --strip-components
if $src_in_subdir ; then
local tmp_dir=$(mktemp -d)
unzip -quo $src_filename -d "$tmp_dir"
cp -a $tmp_dir/*/. "$dest_dir"
ynh_secure_remove "$tmp_dir"
else
unzip -quo $src_filename -d "$dest_dir"
fi
else
local strip=""
if $src_in_subdir ; then
strip="--strip-components 1"
fi
if [[ "$src_format" =~ ^tar.gz|tar.bz2|tar.xz$ ]] ; then
tar -xf $src_filename -C "$dest_dir" $strip
else
ynh_die "Archive format unrecognized."
fi
fi
# Apply patches
if (( $(find $YNH_EXECUTION_DIR/../sources/patches/ -type f -name "${src_id}-*.patch" 2> /dev/null | wc -l) > "0" )); then
local old_dir=$(pwd)
(cd "$dest_dir" \
&& for p in $YNH_EXECUTION_DIR/../sources/patches/${src_id}-*.patch; do \
patch -p1 < $p; done) \
|| ynh_die "Unable to apply patches"
cd $old_dir
fi
# Add supplementary files
if test -e "$YNH_EXECUTION_DIR/../sources/extra_files/${src_id}"; then
cp -a $YNH_EXECUTION_DIR/../sources/extra_files/$src_id/. "$dest_dir"
fi
} }

29
scripts/install
View file

@ -31,7 +31,6 @@ admin=$YNH_APP_ARG_ADMIN
# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
#================================================= #=================================================
CHECK_USER "$admin" # Check if admin user exists
path_url=$(ynh_normalize_url_path $path_url) # Check and normalize path path_url=$(ynh_normalize_url_path $path_url) # Check and normalize path
CHECK_DOMAINPATH # Check domain and path availability CHECK_DOMAINPATH # Check domain and path availability
CHECK_FINALPATH # Check if destination directory is not already in use CHECK_FINALPATH # Check if destination directory is not already in use
@ -76,7 +75,7 @@ ynh_mysql_create_db "$db_name" "$db_user" "$dbpass"
ynh_app_setting_set $app final_path "$final_path" ynh_app_setting_set $app final_path "$final_path"
# Create tmp directory and fetch app inside # Create tmp directory and fetch app inside
TMPDIR=$(mktemp -d) TMPDIR=$(mktemp -d)
extract_wallabag "$TMPDIR" ynh_setup_source "$TMPDIR"
#================================================= #=================================================
# CREATE DEDICATED USER # CREATE DEDICATED USER
@ -125,25 +124,21 @@ ynh_mysql_connect_as "$db_name" "$dbpass" "$db_user" <<< "UPDATE craue_config_s
# NGINX CONFIGURATION # NGINX CONFIGURATION
#================================================= #=================================================
# Copy and set nginx configuration ynh_add_nginx_config
if [[ "$path_url" == "/" ]] ; then if [ "$path_url" = "/" ]
nginx_conf=$PKGDIR/conf/nginx_root.conf then
# Remove prefix on #noroot lines
sudo sed --in-place '/#noroot*/d' /etc/nginx/conf.d/$domain.d/$app.conf
# Replace "//" location (due to nginx template)
ynh_replace_string " // " " / " /etc/nginx/conf.d/$domain.d/$app.conf
else else
nginx_conf=$PKGDIR/conf/nginx_sub_dir.conf # Remove #noroot lines
ynh_replace_string "#noroot" "" /etc/nginx/conf.d/$domain.d/$app.conf
fi fi
ynh_replace_string "{LOCATION}" "${path_url:-/}" "$nginx_conf" ynh_store_file_checksum "/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_replace_string "{PATH}" "$path_url" "$nginx_conf"
ynh_replace_string "{DESTDIR}" "$final_path" "$nginx_conf"
ynh_replace_string "{POOLNAME}" "$app" "$nginx_conf"
ynh_replace_string "{APP}" "$app" "$nginx_conf"
sudo cp "$nginx_conf" "/etc/nginx/conf.d/${domain}.d/${app}.conf"
# Copy and set php-fpm configuration # Copy and set php-fpm configuration
phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf" ynh_add_fpm_config
ynh_replace_string "{POOLNAME}" "${app}" "$PKGDIR/conf/php-fpm.conf"
ynh_replace_string "{DESTDIR}" "${final_path}" "$PKGDIR/conf/php-fpm.conf"
ynh_replace_string "{USER}" "${app}" "$PKGDIR/conf/php-fpm.conf"
sudo cp $PKGDIR/conf/php-fpm.conf "$phpfpm_conf"
# Set SSOwat rules # Set SSOwat rules
ynh_app_setting_set "$app" unprotected_uris "/" ynh_app_setting_set "$app" unprotected_uris "/"

7
scripts/remove
View file

@ -45,10 +45,9 @@ ynh_secure_remove "/var/www/$app"
#================================================= #=================================================
# REMOVE NGINX AND PHP-FPM CONFIGURATION # REMOVE NGINX AND PHP-FPM CONFIGURATION
#================================================= #=================================================
# Delete app directory and configurations
sudo rm -rf "/var/www/${app}" ynh_remove_fpm_config
sudo rm -f "/etc/php5/fpm/pool.d/${app}.conf" ynh_remove_nginx_config
[[ -n $domain ]] && sudo rm -f "/etc/nginx/conf.d/${domain}.d/${app}.conf"
# Reload services # Reload services
sudo systemctl restart php5-fpm sudo systemctl restart php5-fpm

38
scripts/upgrade
View file

@ -53,9 +53,9 @@ db_user="$db_name"
# MANAGE SCRIPT FAILURE # MANAGE SCRIPT FAILURE
#================================================= #=================================================
BACKUP_BEFORE_UPGRADE # Backup the current version of the app ynh_backup_before_upgrade # Backup the current version of the app
ynh_clean_setup () { ynh_clean_setup () {
BACKUP_FAIL_UPGRADE ynh_backup_after_failed_upgrade
} }
ynh_abort_if_errors # Stop script if an error is detected ynh_abort_if_errors # Stop script if an error is detected
@ -71,7 +71,7 @@ ynh_install_app_dependencies "$PKG_DEPENDENCIES"
# Create tmp directory and fetch app inside # Create tmp directory and fetch app inside
TMPDIR=$(ynh_mkdir_tmp) TMPDIR=$(ynh_mkdir_tmp)
extract_wallabag "$TMPDIR" ynh_setup_source "$TMPDIR"
#================================================= #=================================================
# CREATE DEDICATED USER # CREATE DEDICATED USER
@ -92,8 +92,9 @@ ynh_replace_string "{DBPASS}" "${dbpass}" "$wb_conf"
ynh_replace_string "{DESKEY}" "${deskey}" "$wb_conf" ynh_replace_string "{DESKEY}" "${deskey}" "$wb_conf"
# Replace files and set permissions # Replace files and set permissions
ynh_secure_remove "${final_path}" ynh_secure_remove "${final_path}/var/cache"
sudo mv "$TMPDIR" "${final_path}" sudo mkdir "${final_path}/var/cache"
sudo rsync -a $TMPDIR/* "${final_path}"
sudo chown -R $app: "${final_path}" sudo chown -R $app: "${final_path}"
sudo chmod 755 $final_path sudo chmod 755 $final_path
@ -108,26 +109,21 @@ ynh_mysql_connect_as "$db_name" "$dbpass" "$db_user" <<< "UPDATE craue_config_s
# NGINX CONFIGURATION # NGINX CONFIGURATION
#================================================= #=================================================
# Copy and set nginx configuration ynh_add_nginx_config
if [[ "$path_url" == "/" ]] ; then if [ "$path_url" = "/" ]
nginx_conf=$PKGDIR/conf/nginx_root.conf then
# Remove prefix on #noroot lines
sudo sed --in-place '/#noroot*/d' /etc/nginx/conf.d/$domain.d/$app.conf
# Replace "//" location (due to nginx template)
ynh_replace_string " // " " / " /etc/nginx/conf.d/$domain.d/$app.conf
else else
nginx_conf=$PKGDIR/conf/nginx_sub_dir.conf # Remove #noroot lines
ynh_replace_string "#noroot" "" /etc/nginx/conf.d/$domain.d/$app.conf
fi fi
ynh_replace_string "{LOCATION}" "${path_url:-/}" "$nginx_conf" ynh_store_file_checksum "/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_replace_string "{PATH}" "$path_url" "$nginx_conf"
ynh_replace_string "{DESTDIR}" "$final_path" "$nginx_conf"
ynh_replace_string "{POOLNAME}" "$app" "$nginx_conf"
ynh_replace_string "{APP}" "$app" "$nginx_conf"
sudo cp "$nginx_conf" "/etc/nginx/conf.d/${domain}.d/${app}.conf"
# Copy and set php-fpm configuration # Copy and set php-fpm configuration
phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf" ynh_add_fpm_config
ynh_replace_string "{POOLNAME}" "${app}" "$PKGDIR/conf/php-fpm.conf"
ynh_replace_string "{DESTDIR}" "${final_path}" "$PKGDIR/conf/php-fpm.conf"
ynh_replace_string "{USER}" "${app}" "$PKGDIR/conf/php-fpm.conf"
sudo cp $PKGDIR/conf/php-fpm.conf "$phpfpm_conf"
# Set SSOwat rules # Set SSOwat rules
ynh_app_setting_set "$app" unprotected_uris "/" ynh_app_setting_set "$app" unprotected_uris "/"

74
patches/00-ldap-auth.patch → sources/patches/app-00-ldap-auth.patch
View file

@ -1,37 +1,37 @@
--- a/app/config/services.yml 2016-05-25 18:09:56.374914445 +0200 --- a/app/config/services.yml 2016-05-25 18:09:56.374914445 +0200
+++ b/app/config/services.yml 2016-05-25 18:07:38.775042951 +0200 +++ b/app/config/services.yml 2016-05-25 18:07:38.775042951 +0200
@@ -36,3 +36,7 @@ @@ -36,3 +36,7 @@
arguments: ["@session"] arguments: ["@session"]
tags: tags:
- { name: kernel.event_listener, event: security.interactive_login, method: onInteractiveLogin } - { name: kernel.event_listener, event: security.interactive_login, method: onInteractiveLogin }
+ +
+ yunohost.ldap: + yunohost.ldap:
+ class: Symfony\Component\Ldap\LdapClient + class: Symfony\Component\Ldap\LdapClient
+ arguments: ["localhost"] + arguments: ["localhost"]
--- a/app/config/security.yml 2016-05-25 18:09:46.814645164 +0200 --- a/app/config/security.yml 2016-05-25 18:09:46.814645164 +0200
+++ b/app/config/security.yml 2016-05-25 18:07:38.775042951 +0200 +++ b/app/config/security.yml 2016-05-25 18:07:38.775042951 +0200
@@ -11,6 +11,14 @@ @@ -11,6 +11,14 @@
entity: { class: WallabagUserBundle:User, property: username } entity: { class: WallabagUserBundle:User, property: username }
fos_userbundle: fos_userbundle:
id: fos_user.user_provider.username id: fos_user.user_provider.username
+ yunohost_users: + yunohost_users:
+ ldap: + ldap:
+ service: yunohost.ldap + service: yunohost.ldap
+ base_dn: ou=users,dc=yunohost,dc=org + base_dn: ou=users,dc=yunohost,dc=org
+ search_dn: + search_dn:
+ search_password: + search_password:
+ filter: (&(uid={username})(objectClass=posixAccount)) + filter: (&(uid={username})(objectClass=posixAccount))
+ default_roles: ROLE_USER + default_roles: ROLE_USER
# the main part of the security, where you can set up firewalls # the main part of the security, where you can set up firewalls
# for specific sections of your app # for specific sections of your app
@@ -36,6 +44,9 @@ @@ -36,6 +44,9 @@
secured_area: secured_area:
pattern: ^/ pattern: ^/
+ http_basic_ldap: + http_basic_ldap:
+ service: yunohost.ldap + service: yunohost.ldap
+ dn_string: "uid={username},ou=users,dc=yunohost,dc=org" + dn_string: "uid={username},ou=users,dc=yunohost,dc=org"
form_login: form_login:
provider: fos_userbundle provider: fos_userbundle
csrf_token_generator: security.csrf.token_manager csrf_token_generator: security.csrf.token_manager

120
patches/01-logout-success-handler.patch → sources/patches/app-01-logout-success-handler.patch
View file

@ -1,60 +1,60 @@
diff --git a/app/config/security.yml b/app/config/security.yml diff --git a/app/config/security.yml b/app/config/security.yml
index b07b509..62f2550 100644 index b07b509..62f2550 100644
--- a/app/config/security.yml --- a/app/config/security.yml
+++ b/app/config/security.yml +++ b/app/config/security.yml
@@ -60,7 +60,7 @@ security: @@ -60,7 +60,7 @@ security:
logout: logout:
path: /logout path: /logout
- target: / - target: /
+ success_handler: yunohost.logout_success_handler + success_handler: yunohost.logout_success_handler
access_control: access_control:
- { path: ^/api/doc, roles: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/api/doc, roles: IS_AUTHENTICATED_ANONYMOUSLY }
diff --git a/app/config/services.yml b/app/config/services.yml diff --git a/app/config/services.yml b/app/config/services.yml
index 8a09fde..ee63e06 100644 index 8a09fde..ee63e06 100644
--- a/app/config/services.yml --- a/app/config/services.yml
+++ b/app/config/services.yml +++ b/app/config/services.yml
@@ -37,6 +37,9 @@ services: @@ -37,6 +37,9 @@ services:
tags: tags:
- { name: kernel.event_listener, event: security.interactive_login, method: onInteractiveLogin } - { name: kernel.event_listener, event: security.interactive_login, method: onInteractiveLogin }
+ yunohost.logout_success_handler: + yunohost.logout_success_handler:
+ class: Wallabag\YunoHostBundle\Security\LogoutSuccessHandler + class: Wallabag\YunoHostBundle\Security\LogoutSuccessHandler
+ +
yunohost.ldap: yunohost.ldap:
class: Symfony\Component\Ldap\LdapClient class: Symfony\Component\Ldap\LdapClient
arguments: ["localhost"] arguments: ["localhost"]
diff --git a/src/Wallabag/YunoHostBundle/Security/LogoutSuccessHandler.php b/src/Wallabag/YunoHostBundle/Security/LogoutSuccessHandler.php diff --git a/src/Wallabag/YunoHostBundle/Security/LogoutSuccessHandler.php b/src/Wallabag/YunoHostBundle/Security/LogoutSuccessHandler.php
new file mode 100644 new file mode 100644
index 0000000..b326824 index 0000000..b326824
--- /dev/null --- /dev/null
+++ b/src/Wallabag/YunoHostBundle/Security/LogoutSuccessHandler.php +++ b/src/Wallabag/YunoHostBundle/Security/LogoutSuccessHandler.php
@@ -0,0 +1,27 @@ @@ -0,0 +1,27 @@
+<?php +<?php
+ +
+namespace Wallabag\YunoHostBundle\Security; +namespace Wallabag\YunoHostBundle\Security;
+ +
+use Symfony\Component\HttpFoundation\Request; +use Symfony\Component\HttpFoundation\Request;
+use Symfony\Component\HttpFoundation\RedirectResponse; +use Symfony\Component\HttpFoundation\RedirectResponse;
+use Symfony\Component\Security\Http\Logout\LogoutSuccessHandlerInterface; +use Symfony\Component\Security\Http\Logout\LogoutSuccessHandlerInterface;
+ +
+/** +/**
+ * Redirects to the SSO logout URL in case of a successful logout. + * Redirects to the SSO logout URL in case of a successful logout.
+ * + *
+ * @see http://api.symfony.com/3.1/Symfony/Component/Security/Http/Logout/LogoutSuccessHandlerInterface.html + * @see http://api.symfony.com/3.1/Symfony/Component/Security/Http/Logout/LogoutSuccessHandlerInterface.html
+ */ + */
+class LogoutSuccessHandler implements LogoutSuccessHandlerInterface +class LogoutSuccessHandler implements LogoutSuccessHandlerInterface
+{ +{
+ /** + /**
+ * {@inheritdoc} + * {@inheritdoc}
+ */ + */
+ public function onLogoutSuccess(Request $request) + public function onLogoutSuccess(Request $request)
+ { + {
+ // Retrieve the current SSO logout URL + // Retrieve the current SSO logout URL
+ $main_domain = exec('cat /etc/yunohost/current_host'); + $main_domain = exec('cat /etc/yunohost/current_host');
+ $url = 'https://' . $main_domain . '/yunohost/sso/?action=logout'; + $url = 'https://' . $main_domain . '/yunohost/sso/?action=logout';
+ +
+ return new RedirectResponse($url); + return new RedirectResponse($url);
+ } + }
+} +}

0
patches/02-oauth-workaround.patch → sources/patches/app-02-oauth-workaround.patch
View file