Cleaning up

check_process

@@ -1,8 +1,8 @@
 ;; Complete test
 	; Manifest
-		domain="domain.tld"	(DOMAIN)
-		path="/path"	(PATH)
-		admin="john"	(USER)
+		domain="domain.tld"
+		path="/path"
+		admin="john"
 	; Checks
 		pkg_linter=1
 		setup_sub_dir=1
@@ -14,8 +14,6 @@
 		upgrade=1 from_commit=f75d58cb32c51a0981333ea88974dc3199324e65
 		backup_restore=1
 		multi_instance=1
-		incorrect_path=1
-		port_already_use=0
 		change_url=1
 ;;; Levels
 	Level 5=auto

conf/nginx.conf

@@ -22,7 +22,7 @@ location __PATH__/ {
     fastcgi_param SCRIPT_FILENAME $request_filename;
     fastcgi_param PATH_INFO       $fastcgi_path_info;
     fastcgi_param REMOTE_USER     $remote_user;
-    fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock;
+    fastcgi_pass unix:/var/run/php__PHPVERSION__-fpm-__NAME__.sock;
     fastcgi_intercept_errors on;
   }
 

conf/parameters.yml.dist

@@ -0,0 +1,74 @@
+# This file is a "template" of what your parameters.yml file should look like
+parameters:
+    # Uncomment these settings or manually update your parameters.yml
+    # to use docker-compose
+    #
+    # database_driver: %env.database_driver%
+    # database_host: %env.database_host%
+    # database_port: %env.database_port%
+    # database_name: %env.database_name%
+    # database_user: %env.database_user%
+    # database_password: %env.database_password%
+
+    database_driver: pdo_mysql
+    database_host: 127.0.0.1
+    database_port: ~
+    database_name: __DB_NAME__
+    database_user: __DB_NAME__
+    database_password: __DB_PWD__
+    # For SQLite, database_path should be "%kernel.project_dir%/data/db/wallabag.sqlite"
+    database_path: null
+    database_table_prefix: null
+    database_socket: null
+    # with PostgreSQL and SQLite, you must set "utf8"
+    database_charset: utf8mb4
+
+    domain_name: https://__DOMAIN____PATH__
+    server_name: "Your wallabag instance"
+
+    mailer_transport:  smtp
+    mailer_user:       ~
+    mailer_password:   ~
+    mailer_host:       127.0.0.1
+    mailer_port:       false
+    mailer_encryption: ~
+    mailer_auth_mode:  ~
+
+    locale: en
+
+    # A secret key that's used to generate certain security-related tokens
+    secret: __DESKEY__
+
+    # two factor stuff
+    twofactor_auth: true
+    twofactor_sender: no-reply@wallabag.org
+
+    # fosuser stuff
+    fosuser_registration: false
+    fosuser_confirmation: true
+
+    # how long the access token should live in seconds for the API
+    fos_oauth_server_access_token_lifetime: 3600
+    # how long the refresh token should life in seconds for the API
+    fos_oauth_server_refresh_token_lifetime: 1209600
+
+    from_email: no-reply@wallabag.org
+
+    rss_limit: 50
+
+    # RabbitMQ processing
+    rabbitmq_host: localhost
+    rabbitmq_port: 5672
+    rabbitmq_user: guest
+    rabbitmq_password: guest
+    rabbitmq_prefetch_count: 10
+
+    # Redis processing
+    redis_scheme: tcp
+    redis_host: localhost
+    redis_port: 6379
+    redis_path: null
+    redis_password: null
+
+    # sentry logging
+    sentry_dsn: ~

conf/php-fpm.conf

@@ -33,7 +33,7 @@ group = __USER__
 ;                            (IPv6 and IPv4-mapped) on a specific port;
 ;   '/path/to/unix/socket' - to listen on a unix socket.
 ; Note: This value is mandatory.
-listen = /var/run/php/php7.0-fpm-__NAMETOCHANGE__.sock
+listen = /var/run/php/php__PHPVERSION__-fpm-__NAMETOCHANGE__.sock
 
 ; Set listen(2) backlog.
 ; Default Value: 511 (-1 on FreeBSD and OpenBSD)
@@ -419,16 +419,12 @@ chdir = __FINALPATH__
 ;php_admin_value[memory_limit] = 32M
 
 ; Common values to change to increase file upload limit
-; php_admin_value[upload_max_filesize] = 50M
-; php_admin_value[post_max_size] = 50M
+php_admin_value[upload_max_filesize] = 50M
+php_admin_value[post_max_size] = 50M
 ; php_admin_flag[mail.add_x_header] = Off
 
 ; Other common parameters
-; php_admin_value[max_execution_time] = 600
+php_admin_value[max_execution_time] = 3600
 ; php_admin_value[max_input_time] = 300
 ; php_admin_value[memory_limit] = 256M
 ; php_admin_flag[short_open_tag] = On
-
-php_admin_value[max_execution_time] = 3600
-php_admin_value[upload_max_filesize] = 50M
-php_admin_value[post_max_size] = 50M

manifest.json

@@ -14,12 +14,12 @@
         "email": ""
     },
     "requirements": {
-        "yunohost": ">= 4.1.0"
+        "yunohost": ">= 4.2.4"
     },
     "multi_instance": true,
     "services": [
         "nginx",
-        "php5-fpm",
+        "php7.3-fpm",
         "mysql"
     ],
     "arguments": {
@@ -27,29 +27,17 @@
             {
                 "name": "domain",
                 "type": "domain",
-                "ask": {
-                    "en": "Choose a domain for Wallabag",
-                    "fr": "Choisissez un domaine pour Wallabag"
-                },
                 "example": "domain.org"
             },
             {
                 "name": "path",
                 "type": "path",
-                "ask": {
-                    "en": "Choose a path for Wallabag",
-                    "fr": "Choisissez un chemin pour Wallabag"
-                },
                 "example": "/wallabag",
                 "default": "/wallabag"
             },
             {
                 "name": "admin",
                 "type": "user",
-                "ask": {
-                    "en": "Choose the Wallabag administrator",
-                    "fr": "Choisissez l'administrateur de Wallabag"
-                },
                 "example": "homer"
             }
         ]

scripts/_common.sh

@@ -4,6 +4,8 @@
 # COMMON VARIABLES
 #=================================================
 
+YNH_PHP_VERSION="7.3"
+
 # dependencies used by the app
 pkg_dependencies="php$YNH_DEFAULT_PHP_VERSION-cli php$YNH_DEFAULT_PHP_VERSION-mysql php$YNH_DEFAULT_PHP_VERSION-json php$YNH_DEFAULT_PHP_VERSION-gd php$YNH_DEFAULT_PHP_VERSION-tidy php$YNH_DEFAULT_PHP_VERSION-curl php$YNH_DEFAULT_PHP_VERSION-gettext php$YNH_DEFAULT_PHP_VERSION-redis"
 
@@ -26,16 +28,3 @@ function set_permissions {
 #=================================================
 # EXPERIMENTAL HELPERS
 #=================================================
-
-# Execute a command as another user
-# usage: exec_as USER COMMAND [ARG ...]
-ynh_exec_as() {
-  local USER=$1
-  shift 1
-
-  if [[ $USER = $(whoami) ]]; then
-    eval "$@"
-  else
-    sudo -u "$USER" "$@"
-  fi
-}

scripts/backup

@@ -19,7 +19,7 @@ ynh_abort_if_errors
 #=================================================
 # LOAD SETTINGS
 #=================================================
-ynh_script_progression --message="Loading installation settings..."
+ynh_print_info --message="Loading installation settings..."
 
 app=$YNH_APP_INSTANCE_NAME
 
@@ -36,37 +36,35 @@ db_name=$(ynh_app_setting_get --app=$app --key=db_name)
 # Clean cache files before backup (saved some disk space)
 ynh_secure_remove --file=$final_path/var/cache/prod
 
-ynh_script_progression --message="Backing up the main app directory..."
 ynh_backup --src_path="$final_path"
 
 #=================================================
 # BACKUP NGINX CONFIGURATION
 #=================================================
-ynh_script_progression --message="Backing up nginx web server configuration..."
 
 ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
 
 #=================================================
 # BACKUP PHP-FPM CONFIGURATION
 #=================================================
-ynh_script_progression --message="Backing up php-fpm configuration..."
 
-ynh_backup --src_path="/etc/php/7.0/fpm/pool.d/$app.conf"
+ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
 
 #=================================================
 # BACKUP MYSQL DB
 #=================================================
-ynh_script_progression --message="Backing up the MySQL database..."
 
 ynh_mysql_dump_db --database="$db_name" > db.sql
 
 #=================================================
 # BACKUP FAIL2BAN CONFIGURATION
 #=================================================
+
 ynh_backup "/etc/fail2ban/jail.d/$app.conf"
 ynh_backup "/etc/fail2ban/filter.d/$app.conf"
 
 #=================================================
 # END OF SCRIPT
 #=================================================
-ynh_script_progression --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." --last
+
+ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)."

scripts/change_url

@@ -53,7 +53,7 @@ fi
 #=================================================
 # MODIFY URL IN NGINX CONF FILE
 #=================================================
-ynh_script_progression --message="Updating nginx web server configuration..." --weight=2
+ynh_script_progression --message="Updating NGINX web server configuration..." --weight=2
 
 nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
 
@@ -104,7 +104,7 @@ ynh_secure_remove --file=$final_path/var/cache
 #=================================================
 # RELOAD NGINX
 #=================================================
-ynh_script_progression --message="Reloading nginx web server..."
+ynh_script_progression --message="Reloading NGINX web server..."
 
 ynh_systemd_action --service_name=nginx --action=reload
 

scripts/install

@@ -66,6 +66,14 @@ db_user=$db_name
 ynh_app_setting_set --app=$app --key=db_name --value=$db_name
 ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name
 
+#=================================================
+# CREATE DEDICATED USER
+#=================================================
+ynh_script_progression --message="Configuring system user..." --weight=2
+
+# Create a system user
+ynh_system_user_create --username=$app --home_dir="$final_path"
+
 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE
 #=================================================
@@ -78,23 +86,15 @@ ynh_setup_source --dest_dir="$final_path"
 #=================================================
 # NGINX CONFIGURATION
 #=================================================
-ynh_script_progression --message="Configuring nginx web server..." --weight=2
+ynh_script_progression --message="Configuring NGINX web server..." --weight=2
 
 # Create a dedicated nginx config
 ynh_add_nginx_config
 
-#=================================================
-# CREATE DEDICATED USER
-#=================================================
-ynh_script_progression --message="Configuring system user..." --weight=2
-
-# Create a system user
-ynh_system_user_create --username=$app
-
 #=================================================
 # PHP-FPM CONFIGURATION
 #=================================================
-ynh_script_progression --message="Configuring php-fpm..." --weight=2
+ynh_script_progression --message="Configuring PHP-FPM..." --weight=2
 
 # Create a dedicated php-fpm config
 ynh_add_fpm_config
@@ -106,20 +106,11 @@ ynh_add_fpm_config
 #=================================================
 ynh_script_progression --message="Configuring wallabag..." --weight=35
 
-# Copy and set Wallabag dist configuration
-wb_conf=$final_path/app/config/parameters.yml
-cp $final_path/app/config/parameters.yml.dist $wb_conf
-
-ynh_replace_string --match_string="fosuser_registration: true" --replace_string="fosuser_registration: false" --target_file=$wb_conf
-ynh_replace_string --match_string="database_name: wallabag" --replace_string="database_name:  $db_name" --target_file=$wb_conf
-ynh_replace_string --match_string="database_user: root" --replace_string="database_user: $db_user" --target_file=$wb_conf
-ynh_replace_string --match_string="database_password: ~" --replace_string="database_password: $db_pwd" --target_file=$wb_conf
-ynh_replace_string --match_string="database_table_prefix: wallabag_" --replace_string="database_table_prefix: null" --target_file=$wb_conf
 # Generate random DES key & password
 deskey=$(ynh_string_random --length=24)
 ynh_app_setting_set --app=$app --key=deskey --value=$deskey
-ynh_replace_string --match_string="secret: ovmpmAWXRCabNlMgzlzFXDYmCFfzGv" --replace_string="secret: $deskey" --target_file=$wb_conf
-ynh_replace_string --match_string="domain_name: https://your-wallabag-url-instance.com" --replace_string="domain_name: https://$domain$path_url" --target_file=$wb_conf
+
+ynh_add_config --template="../conf/parameters.yml.dist" --destination="$final_path/app/config/parameters.yml"
 
 # Alias for php-cli execution command
 php_exec="ynh_exec_as $app php "$final_path/bin/console" --no-interaction --env=prod"
@@ -144,10 +135,12 @@ $php_exec fos:user:promote --super "$admin"
 #=================================================
 # CONFIGURE FAIL2BAN
 #=================================================
+
 # Create the log file is not already existing during install
 mkdir -p "/var/www/$app/var/logs/"
 touch "/var/www/$app/var/logs/prod.log"
 chown $app: "/var/www/$app/var/logs/prod.log"
+
 # Add fail2ban config
 ynh_add_fail2ban_config --logpath="/var/www/$app/var/logs/prod.log" --failregex='app.ERROR: Authentication failure for user "([\w]+)?", from IP "<HOST>"' --max_retry=5
 
@@ -157,7 +150,15 @@ ynh_add_fail2ban_config --logpath="/var/www/$app/var/logs/prod.log" --failregex=
 # SECURE FILES AND DIRECTORIES
 #=================================================
 
-set_permissions
+# Set permissions to app files
+chown -R $app:www-data $final_path
+chmod -R g=u,g-w,o-rwx $final_path
+
+# Restrict rights to Wallabag user only
+chmod 600 $final_path/app/config/parameters.yml
+if [ -e $final_path/var/cache/prod/appProdProjectContainer.php ]; then
+	chmod 700 $final_path/var/cache/prod/appProdProjectContainer.php
+fi
 
 #=================================================
 # SETUP HOOKS
@@ -169,13 +170,14 @@ ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_fil
 #=================================================
 # SETUP SSOWAT
 #=================================================
-ynh_script_progression --message="Configuring SSOwat..."
+ynh_script_progression --message="Configuring permissions..."
+
 ynh_permission_update --permission="main" --add="visitors"
 
 #=================================================
 # RELOAD NGINX
 #=================================================
-ynh_script_progression --message="Reloading nginx web server..."
+ynh_script_progression --message="Reloading NGINX web server..."
 
 ynh_systemd_action --service_name=nginx --action=reload
 

scripts/remove

@@ -66,6 +66,7 @@ ynh_remove_fpm_config
 #=================================================
 # REMOVE FAIL2BAN CONFIGURATION
 #=================================================
+
 ynh_remove_fail2ban_config
 
 #=================================================

scripts/restore

@@ -47,6 +47,14 @@ test ! -d $final_path \
 
 ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
 
+#=================================================
+# RECREATE THE DEDICATED USER
+#=================================================
+ynh_script_progression --message="Recreating the dedicated system user..." --weight=2
+
+# Create the dedicated user (if not existing)
+ynh_system_user_create --username=$app --home_dir="$final_path"
+
 #=================================================
 # RESTORE THE APP MAIN DIR
 #=================================================
@@ -54,27 +62,26 @@ ynh_script_progression --message="Restoring the app main directory..."
 
 ynh_restore_file --origin_path="$final_path"
 
-#=================================================
-# RECREATE THE DEDICATED USER
-#=================================================
-ynh_script_progression --message="Recreating the dedicated system user..." --weight=2
-
-# Create the dedicated user (if not existing)
-ynh_system_user_create --username=$app
-
 #=================================================
 # RESTORE USER RIGHTS
 #=================================================
 
-wb_conf=$final_path/app/config/parameters.yml
+# Set permissions to app files
+chown -R $app:www-data $final_path
+chmod -R g=u,g-w,o-rwx $final_path
 
-set_permissions
+# Restrict rights to Wallabag user only
+chmod 600 $final_path/app/config/parameters.yml
+if [ -e $final_path/var/cache/prod/appProdProjectContainer.php ]; then
+    chmod 700 $final_path/var/cache/prod/appProdProjectContainer.php
+fi
 
 #=================================================
 # RESTORE THE PHP-FPM CONFIGURATION
 #=================================================
+ynh_script_progression --message="Restoring the PHP-FPM configuration..." --weight=1
 
-ynh_restore_file --origin_path="/etc/php/7.0/fpm/pool.d/$app.conf"
+ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
 
 #=================================================
 # SPECIFIC RESTORATION
@@ -108,9 +115,9 @@ ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./
 #=================================================
 # RELOAD NGINX AND PHP-FPM
 #=================================================
-ynh_script_progression --message="Reloading nginx web server and php-fpm..."
+ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..."
 
-ynh_systemd_action --service_name=php7.0-fpm --action=reload
+ynh_systemd_action --service_name=php$phpversion-fpm --action=reload
 ynh_systemd_action --service_name=nginx --action=reload
 
 #=================================================

scripts/upgrade

@@ -54,6 +54,13 @@ if [ -z "$path_url" ]; then
 	ynh_app_setting_set --app=$app --key=path --value=$path_url
 fi
 
+# Cleaning legacy permissions
+if ynh_legacy_permissions_exists; then
+	ynh_legacy_permissions_delete_all
+
+	ynh_app_setting_delete --app=$app --key=is_public
+fi
+
 #=================================================
 # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
 #=================================================
@@ -69,20 +76,12 @@ ynh_clean_setup () {
 ynh_abort_if_errors
 
 #=================================================
-# Migrate legacy permissions to new system
+# CREATE DEDICATED USER
 #=================================================
-if ynh_legacy_permissions_exists
-then
-	ynh_legacy_permissions_delete_all
+ynh_script_progression --message="Making sure dedicated system user exists..."
 
-	ynh_app_setting_delete --app=$app --key=is_public
-fi
-
-#=================================================
-# CHECK THE PATH
-#=================================================
-
-path_url=$(ynh_normalize_url_path --path_url=$path_url)
+# Create a dedicated user (if not existing)
+ynh_system_user_create --username=$app --home_dir="$final_path"
 
 #=================================================
 # STANDARD UPGRADE STEPS
@@ -117,14 +116,6 @@ ynh_script_progression --message="Upgrading dependencies..." --weight=7
 
 ynh_install_app_dependencies $pkg_dependencies
 
-#=================================================
-# CREATE DEDICATED USER
-#=================================================
-ynh_script_progression --message="Making sure dedicated system user exists..."
-
-# Create a dedicated user (if not existing)
-ynh_system_user_create --username=$app
-
 #=================================================
 # PHP-FPM CONFIGURATION
 #=================================================
@@ -150,22 +141,11 @@ ynh_add_fail2ban_config --logpath="$final_path/var/logs/prod.log" --failregex='a
 # CONFIGURE WALLABAG
 #=================================================
 
-wb_conf=$final_path/app/config/parameters.yml
-
 if [ "$upgrade_type" == "UPGRADE_APP" ]
 then
 	ynh_script_progression --message="Reconfiguring wallabag..." --weight=11
 
-	# Copy and set Wallabag dist configuration
-	cp $final_path/app/config/parameters.yml.dist $wb_conf
-
-	ynh_replace_string --match_string="fosuser_registration: true" --replace_string="fosuser_registration: false" --target_file=$wb_conf
-	ynh_replace_string --match_string="database_name: wallabag" --replace_string="database_name:  $db_name" --target_file=$wb_conf
-	ynh_replace_string --match_string="database_user: root" --replace_string="database_user: $db_user" --target_file=$wb_conf
-	ynh_replace_string --match_string="database_password: ~" --replace_string="database_password: $db_pwd" --target_file=$wb_conf
-	ynh_replace_string --match_string="database_table_prefix: wallabag_" --replace_string="database_table_prefix: null" --target_file=$wb_conf
-	ynh_replace_string --match_string="secret: ovmpmAWXRCabNlMgzlzFXDYmCFfzGv" --replace_string="secret: $deskey" --target_file=$wb_conf
-	ynh_replace_string --match_string="domain_name: https://your-wallabag-url-instance.com" --replace_string="domain_name: https://$domain$path_url" --target_file=$wb_conf
+	ynh_add_config --template="../conf/parameters.yml.dist" --destination="$final_path/app/config/parameters.yml"
 
 	#=================================================
 	# UPGRADE WALLABAG
@@ -197,7 +177,15 @@ fi
 # SECURE FILES AND DIRECTORIES
 #=================================================
 
-set_permissions
+# Set permissions to app files
+chown -R $app:www-data $final_path
+chmod -R g=u,g-w,o-rwx $final_path
+
+# Restrict rights to Wallabag user only
+chmod 600 $final_path/app/config/parameters.yml
+if [ -e $final_path/var/cache/prod/appProdProjectContainer.php ]; then
+    chmod 700 $final_path/var/cache/prod/appProdProjectContainer.php
+fi
 
 #=================================================
 # SETUP HOOKS
@@ -206,13 +194,6 @@ set_permissions
 ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../hooks/post_user_create"
 ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../hooks/post_user_delete"
 
-#=================================================
-# SETUP SSOWAT
-#=================================================
-ynh_script_progression --message="Upgrading SSOwat configuration..."
-
-ynh_app_setting_set "$app" unprotected_uris "/"
-
 #=================================================
 # RELOAD NGINX
 #=================================================