diff --git a/README.md b/README.md index 1784c8d..8819834 100644 --- a/README.md +++ b/README.md @@ -1,16 +1,14 @@ - Wallabag v2 for Yunohost - [English Version] ------------------------- +# Wallabag for YunoHost -This is a Wallabag v2 package for YunoHost. +[![Integration level](https://dash.yunohost.org/integration/wallabag2.svg)](https://dash.yunohost.org/appci/app/wallabag2) +[![Install Wallabag with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=wallabag2) -![wallabag start screen](https://www.linuxbabe.com/wp-content/uploads/2016/10/wallabag-quick-start-page.png) +*[Lire ce readme en français.](./README_fr.md)* +> *This package allow you to install Wallabag quickly and simply on a YunoHost server. +If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.* ---- - -**NB: Since @jeromelebleu is no longer maintaining this package, I (@lapineige) take over this repository. But I have limited time and experience, so feel free to help !** - -**Shipped version:** 2.3.7 +## Overview [Wallabag](https://www.wallabag.org/) is a self hostable Read-It-Later application allowing you to not miss any content anymore. Click, save, read it when you can. @@ -18,10 +16,25 @@ It extracts content so that you can read it when you have time. It provides a web interface, browser (Firefox / Chrome / Opera) add-ons, mobile apps (Android / iOS / Windows Phone) and even on e-reader (PocketBook / Kobo). -[![Install Wallabag v2 with -YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=wallabag2) +**Shipped version:** 2.3.2 -## Features +## Screenshots + +![](https://www.linuxbabe.com/wp-content/uploads/2016/10/wallabag-quick-start-page.png) + +## Demo + +* [YunoHost demo](https://demo.yunohost.org/wallabag/) +* [Video demo](https://player.vimeo.com/video/167435064) + +## Configuration + +## Documentation + + * Official documentation: https://doc.wallabag.org/en/ + * YunoHost documentation: https://yunohost.org/#/app_wallabag2 + +## YunoHost specific features In addition to Wallabag core features, the following are made available with this package: @@ -29,12 +42,24 @@ this package: * Integrate with YunoHost users and SSO - i.e. logout button * Allow one user to be the administrator (set at the installation) * Asynchronous import using Redis (need to be enabled in the *Internal Settings*). RabbitMQ import not supported (yet ?) - * Supports fail2ban - protects you from password brute force attacks. -## Known issue(s) -- Removing a Yunohost's user won't delete the related wallabag user, but only desactivate it. You need to manualy remove it from wallabag before. See: https://github.com/YunoHost-Apps/wallabag2_ynh/issues/39 +#### Multi-users support -## Upgrade from v1 +#### Supported architectures + +* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/wallabag2%20%28Official%29.svg)](https://ci-apps.yunohost.org/ci/apps/wallabag2/) +* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/wallabag2%20%28Official%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/wallabag2/) +* Jessie x86-64b - [![Build Status](https://ci-stretch.nohost.me/ci/logs/wallabag2%20%28Official%29.svg)](https://ci-stretch.nohost.me/ci/apps/wallabag2/) + +## Limitations + +* Removing a Yunohost's user won't delete the related wallabag user, but only desactivate it. You need to manualy remove it from wallabag before. See: https://github.com/YunoHost-Apps/wallabag2_ynh/issues/39 + +## Additional information + +**NB: Since @jeromelebleu is no longer maintaining this package, I (@lapineige) take over this repository. But I have limited time and experience, so feel free to help !** + +#### Upgrade from v1 The upgrade from the YunoHost [Wallabag v1](https://github.com/YunoHost-Apps/wallabag_ynh) app requires a manual operation, that's why it's provided as a new package. @@ -44,53 +69,22 @@ For the migration process, please refer to the ## Links * Report a bug: https://github.com/YunoHost-Apps/wallabag2_ynh/issues - * Wallabag website: https://www.wallabag.org/ - * Wallabag documentation: https://doc.wallabag.org/ (fr/en/it/de) + * App website: https://www.wallabag.org/ * YunoHost website: https://yunohost.org/ - * [Video demo](https://player.vimeo.com/video/167435064) - ---- ---- -Wallabag pour Yunohost - [Version Française] ---- - -Paquet Wallabag v2 pour Yunohost. --- -**NB: Depuis que @jeromelebleu ne maintiens plus ce paquet, je (@lapineige) reprends la charge de ce dépôt. Mais j'ai un temps et une expérience limitées, donc n'hésitez pas à donner un coup de main :) !** +Developers and testers info +---------------- -**Version actuelle:** 2.3.7 - -[Wallabag](https://www.wallabag.org/) est une application de lecture différée : elle permet simplement d’archiver une page web en ne conservant que le contenu. Les éléments superflus (menus, publicités, etc.) sont supprimés. - -Sont disponibles: une interface web, des add-ons pour navigateurs (Firefox / Chrome / Opera), des applications pour mobile (Android / iOS / Windows Phone) et même sur liseuse (PocketBook / Kobo). - -[![Install Wallabag v2 with -YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=wallabag2) - -## Fonctionnalités - -En plus des fonctionnalités principales de Wallabag, ce paquet propose également: - - * Une intégration avec le système de gestion des utilisateurs et le SSO de Yunohost - e.g. un bouton de déconnexion - * De permettre à un utilisateur d'être administrateur (réglage lors de l'installation) - * Un import asynchrone utilisant Redis (à activer dans les *Paramètres Internes*). L'import via RabbitMQ n'est pas (encore ?) supporté. - - -## Problème(s) connu(s) -- Supprimer un utilisateur Yunohost ne supprimera pas l'utilisateur Wallabag lié, il sera seulement désactivé. Vous devez le supprimer manuellement avant. Voir: https://github.com/YunoHost-Apps/wallabag2_ynh/issues/39 - -## Mettre à niveau depuis la v1 - -La mise à niveau depuis le paquet Yunohost de [Wallabag v1](https://github.com/YunoHost-Apps/wallabag_ynh) demande une opération manuelle, c'est pourquoi un nouveau paquet est fournit. -Pour le processus de migration, merci de vous référer à [la documentation officiel de Wallabag](https://doc.wallabag.org/fr/user/import/wallabagv1.html). - -## Liens - - * Rapport de bug: https://github.com/YunoHost-Apps/wallabag2_ynh/issues - * Site web de Wallabag: https://www.wallabag.org/ - * Documentation de Wallabag: https://doc.wallabag.org/ (fr/en/it/de) - * Site web de YunoHost: https://yunohost.org/ - * [Demo vidéo](https://player.vimeo.com/video/167435064) +**Only if you want to use a testing branch for coding, instead of merging directly into master.** +Please do your pull request to the [testing branch](https://github.com/YunoHost-Apps/wallabag2_ynh/tree/testing). +To try the testing branch, please proceed like that: +``` +sudo yunohost app install https://github.com/YunoHost-Apps/wallabag2_ynh/tree/testing --debug +or +sudo yunohost app upgrade wallabag2 -u https://github.com/YunoHost-Apps/wallabag2_ynh/tree/testing --debug +``` +Please be aware that the testing branch *might* contains some bugs and is not recommended if you need a stable app. +Doing a normal upgrade of the package avec `sudo yunohost app upgrade wallabag2` (without any URL specified) will revert you app to the master branch. diff --git a/README_fr.md b/README_fr.md new file mode 100644 index 0000000..a4ea21c --- /dev/null +++ b/README_fr.md @@ -0,0 +1,86 @@ +# Wallabag pour YunoHost + +[![Integration level](https://dash.yunohost.org/integration/wallabag2.svg)](https://dash.yunohost.org/appci/app/wallabag2) +[![Install Wallabag with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=wallabag2) + +*[Read this readme in english.](./README.md)* + +> *Ce package vous permet d'installer Wallabag rapidement et simplement sur un serveur Yunohost. +Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.* + +## Vue d'ensemble + +[Wallabag](https://www.wallabag.org/) est une application de lecture différée : elle permet simplement d’archiver une page web en ne conservant que le contenu. Les éléments superflus (menus, publicités, etc.) sont supprimés. + +Sont disponibles: une interface web, des add-ons pour navigateurs (Firefox / Chrome / Opera), des applications pour mobile (Android / iOS / Windows Phone) et même sur liseuse (PocketBook / Kobo). + +**Version incluse:** 2.3.2 + +## Captures d'écran + +![](https://www.linuxbabe.com/wp-content/uploads/2016/10/wallabag-quick-start-page.png) + +## Démo + +* [Démo YunoHost](https://demo.yunohost.org/wallabag/) +* [Démo video](https://player.vimeo.com/video/167435064) + +## Configuration + +## Documentation + + * Documentation officielle: https://doc.wallabag.org/fr/ + * Documentation YunoHost: https://yunohost.org/#/app_wallabag2 + +## Caractéristiques spécifiques YunoHost + +En plus des fonctionnalités principales de Wallabag, ce paquet propose également: + + * Une intégration avec le système de gestion des utilisateurs et le SSO de Yunohost - e.g. un bouton de déconnexion + * De permettre à un utilisateur d'être administrateur (réglage lors de l'installation) + * Un import asynchrone utilisant Redis (à activer dans les *Paramètres Internes*). L'import via RabbitMQ n'est pas (encore ?) supporté. + +#### Support multi-utilisateurs + +#### Supported architectures + +* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/wallabag2%20%28Official%29.svg)](https://ci-apps.yunohost.org/ci/apps/wallabag2/) +* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/wallabag2%20%28Official%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/wallabag2/) +* Jessie x86-64b - [![Build Status](https://ci-stretch.nohost.me/ci/logs/wallabag2%20%28Official%29.svg)](https://ci-stretch.nohost.me/ci/apps/wallabag2/) + +## Limitations + +* Supprimer un utilisateur Yunohost ne supprimera pas l'utilisateur Wallabag lié, il sera seulement désactivé. Vous devez le supprimer manuellement avant. Voir: https://github.com/YunoHost-Apps/wallabag2_ynh/issues/39 + +## Informations additionnelles + +**NB: Depuis que @jeromelebleu ne maintient plus ce paquet, je (@lapineige) reprends la charge de ce dépôt. Mais j'ai un temps et une expérience limitées, donc n'hésitez pas à donner un coup de main :) !** + + +#### Mettre à niveau depuis la v1 + +La mise à niveau depuis le paquet Yunohost de [Wallabag v1](https://github.com/YunoHost-Apps/wallabag_ynh) demande une opération manuelle, c'est pourquoi un nouveau paquet est fournit. +Pour le processus de migration, merci de vous référer à [la documentation officiel de Wallabag](https://doc.wallabag.org/fr/user/import/wallabagv1.html). + +## Links + + * Signaler un bug: https://github.com/YunoHost-Apps/wallabag2_ynh/issues + * Site de l'application: https://www.wallabag.org/ + * Site web YunoHost: https://yunohost.org/ + +--- + +Informations pour les développeurs +---------------- + +**Seulement si vous voulez utiliser une branche de test pour le codage, au lieu de fusionner directement dans la banche principale.** +Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/wallabag2_ynh/tree/testing). + +Pour essayer la branche testing, procédez comme ceci: +``` +sudo yunohost app install https://github.com/YunoHost-Apps/wallabag2_ynh/tree/testing --debug +ou +sudo yunohost app upgrade wallabag2 -u https://github.com/YunoHost-Apps/wallabag2_ynh/tree/testing --debug +``` +Soyez concient que la branche testing *pourrait* contenir des bugs et n'est pas recommandée si vous recherchez la stabilité de votre application. +Une mise à jour classique avec `sudo yunohost app upgrade wallabag2` (sans préciser l'URL) fera retourner votre application au niveau de la branche master. diff --git a/check_process b/check_process index 9e25221..692db47 100644 --- a/check_process +++ b/check_process @@ -18,22 +18,11 @@ port_already_use=0 change_url=1 ;;; Levels - Level 1=auto - Level 2=auto - Level 3=auto -# https://github.com/YunoHost-Apps/wallabag2_ynh/issues/26 - Level 4=1 -# https://github.com/YunoHost-Apps/wallabag2_ynh/issues/27 - Level 5=1 - Level 6=auto - Level 7=auto - Level 8=0 - Level 9=0 - Level 10=0 + Level 5=auto ;;; Options Email= Notification=none ;;; Upgrade options ; commit=f75d58cb32c51a0981333ea88974dc3199324e65 name= Previous package version -manifest_arg=domain=DOMAIN&path=PATH&admin=USER& + manifest_arg=domain=DOMAIN&path=PATH&admin=USER& diff --git a/conf/app.src b/conf/app.src index 75a4f17..919fb64 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,3 +1,6 @@ SOURCE_URL=https://static.wallabag.org/releases/wallabag-release-2.3.7.tar.gz SOURCE_SUM=e223de12d8ea9f889e8660df4555c37c965f5ae1ca77af3d3532ab76889762cf +SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= diff --git a/conf/nginx.conf b/conf/nginx.conf index 5eed09a..dabfbf9 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,6 +1,10 @@ +#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; location __PATH__/ { + + # Path to source alias __FINALPATH__/web/; + # Force usage of https if ($scheme = http) { rewrite ^ https://$server_name$request_uri? permanent; } @@ -35,8 +39,3 @@ location __PATH__/ { location @__NAME__ { rewrite ^ __PATH__/app.php/$is_args$args; } - -#for-subdir location __PATH__ { -#for-subdir return 301 __PATH__/; -#for-subdir } - diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index 2670862..b33b6f0 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -1,10 +1,11 @@ ; Start a new pool named 'www'. -; the variable $pool can we used in any directive and will be replaced by the +; the variable $pool can be used in any directive and will be replaced by the ; pool name ('www' here) [__NAMETOCHANGE__] ; Per pool prefix ; It only applies on the following directives: +; - 'access.log' ; - 'slowlog' ; - 'listen' (unixsocket) ; - 'chroot' @@ -24,28 +25,35 @@ group = __USER__ ; The address on which to accept FastCGI requests. ; Valid syntaxes are: -; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on ; a specific port; -; 'port' - to listen on a TCP socket to all addresses on a -; specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; ; '/path/to/unix/socket' - to listen on a unix socket. ; Note: This value is mandatory. -listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock +listen = /var/run/php/php7.0-fpm-__NAMETOCHANGE__.sock ; Set listen(2) backlog. -; Default Value: 128 (-1 on FreeBSD and OpenBSD) -;listen.backlog = 128 +; Default Value: 511 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 511 ; Set permissions for unix socket, if one is used. In Linux, read/write ; permissions must be set in order to allow connections from a web server. Many -; BSD-derived systems allow connections regardless of permissions. +; BSD-derived systems allow connections regardless of permissions. ; Default Values: user and group are set as the running user ; mode is set to 0660 listen.owner = www-data listen.group = www-data ;listen.mode = 0660 - -; List of ipv4 addresses of FastCGI clients which are allowed to connect. +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = + +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original ; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address ; must be separated by a comma. If this value is left blank, connections will be @@ -59,7 +67,13 @@ listen.group = www-data ; - The pool processes will inherit the master process priority ; unless it specified otherwise ; Default Value: no set -; priority = -19 +; process.priority = -19 + +; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user +; or group is differrent than the master process user. It allows to create process +; core dump and ptrace the process for the pool user. +; Default Value: no +; process.dumpable = yes ; Choose how the process manager will control the number of child processes. ; Possible Values: @@ -96,7 +110,7 @@ pm = dynamic ; forget to tweak pm.* to fit your needs. ; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' ; Note: This value is mandatory. -pm.max_children = 10 +pm.max_children = 5 ; The number of child processes created on startup. ; Note: Used only when pm is set to 'dynamic' @@ -117,12 +131,12 @@ pm.max_spare_servers = 3 ; Note: Used only when pm is set to 'ondemand' ; Default Value: 10s ;pm.process_idle_timeout = 10s; - + ; The number of requests each child process should execute before respawning. ; This can be useful to work around memory leaks in 3rd party libraries. For ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. ; Default Value: 0 -pm.max_requests = 500 +;pm.max_requests = 500 ; The URI to view the FPM status page. If this value is not set, no URI will be ; recognized as a status page. It shows the following informations: @@ -170,7 +184,7 @@ pm.max_requests = 500 ; ; By default the status page only outputs short status. Passing 'full' in the ; query string will also return status for each pool process. -; Example: +; Example: ; http://www.foo.bar/status?full ; http://www.foo.bar/status?json&full ; http://www.foo.bar/status?html&full @@ -215,14 +229,14 @@ pm.max_requests = 500 ; last request memory: 0 ; ; Note: There is a real-time FPM status monitoring sample web page available -; It's available in: ${prefix}/share/fpm/status.html +; It's available in: /usr/share/php/7.0/fpm/status.html ; ; Note: The value must start with a leading slash (/). The value can be ; anything, but it may not be a good idea to use the .php extension or it ; may conflict with a real PHP file. -; Default Value: not set +; Default Value: not set ;pm.status_path = /status - + ; The ping URI to call the monitoring page of FPM. If this value is not set, no ; URI will be recognized as a ping page. This could be used to test from outside ; that FPM is alive and responding, or to @@ -275,7 +289,7 @@ pm.max_requests = 500 ; - %{megabytes}M ; - %{mega}M ; %n: pool name -; %o: ouput header +; %o: output header ; it must be associated with embraces to specify the name of the header: ; - %{Content-Type}o ; - %{X-Powered-By}o @@ -283,7 +297,7 @@ pm.max_requests = 500 ; - .... ; %p: PID of the child that serviced the request ; %P: PID of the parent of the child that serviced the request -; %q: the query string +; %q: the query string ; %Q: the '?' character if query string exists ; %r: the request URI (without the query string, see %q and %Q) ; %R: remote IP address @@ -291,72 +305,85 @@ pm.max_requests = 500 ; %t: server time the request was received ; it can accept a strftime(3) format: ; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t ; %T: time the log has been written (the request has finished) ; it can accept a strftime(3) format: ; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t ; %u: remote user ; ; Default: "%R - %u %t \"%m %r\" %s" ;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" - + ; The log file for slow requests ; Default Value: not set ; Note: slowlog is mandatory if request_slowlog_timeout is set -slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log - +;slowlog = log/$pool.log.slow + ; The timeout for serving a single request after which a PHP backtrace will be ; dumped to the 'slowlog' file. A value of '0s' means 'off'. ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Default Value: 0 -request_slowlog_timeout = 5s - +;request_slowlog_timeout = 0 + ; The timeout for serving a single request after which the worker process will ; be killed. This option should be used when the 'max_execution_time' ini option ; does not stop script execution for some reason. A value of '0' means 'off'. ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Default Value: 0 request_terminate_timeout = 1d - + ; Set open file descriptor rlimit. ; Default Value: system defined value ;rlimit_files = 1024 - + ; Set max core size rlimit. ; Possible Values: 'unlimited' or an integer greater or equal to 0 ; Default Value: system defined value ;rlimit_core = 0 - + ; Chroot to this directory at the start. This value must be defined as an ; absolute path. When this value is not set, chroot is not used. ; Note: you can prefix with '$prefix' to chroot to the pool prefix or one ; of its subdirectories. If the pool prefix is not set, the global prefix ; will be used instead. -; Note: chrooting is a great security feature and should be used whenever +; Note: chrooting is a great security feature and should be used whenever ; possible. However, all PHP paths will be relative to the chroot ; (error_log, sessions.save_path, ...). ; Default Value: not set -;chroot = - +;chroot = + ; Chdir to this directory at the start. ; Note: relative path can be used. ; Default Value: current directory or / when chroot chdir = __FINALPATH__ - + ; Redirect worker stdout and stderr into main error log. If not set, stdout and ; stderr will be redirected to /dev/null according to FastCGI specs. ; Note: on highloaded environement, this can cause some delay in the page ; process time (several ms). ; Default Value: no -catch_workers_output = yes +;catch_workers_output = yes + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no ; Limits the extensions of the main script FPM will allow to parse. This can ; prevent configuration mistakes on the web server side. You should only limit ; FPM to .php extensions to prevent malicious users to use other extensions to -; exectute php code. +; execute php code. ; Note: set an empty value to allow all extensions. ; Default Value: .php -;security.limit_extensions = .php .php3 .php4 .php5 - +;security.limit_extensions = .php .php3 .php4 .php5 .php7 + ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from ; the current environment. ; Default Value: clean env @@ -370,7 +397,7 @@ catch_workers_output = yes ; overwrite the values previously defined in the php.ini. The directives are the ; same as the PHP SAPI: ; php_value/php_flag - you can set classic ini defines which can -; be overwritten from PHP call 'ini_set'. +; be overwritten from PHP call 'ini_set'. ; php_admin_value/php_admin_flag - these directives won't be overwritten by ; PHP call 'ini_set' ; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. @@ -391,6 +418,17 @@ catch_workers_output = yes ;php_admin_flag[log_errors] = on ;php_admin_value[memory_limit] = 32M +; Common values to change to increase file upload limit +; php_admin_value[upload_max_filesize] = 50M +; php_admin_value[post_max_size] = 50M +; php_admin_flag[mail.add_x_header] = Off + +; Other common parameters +; php_admin_value[max_execution_time] = 600 +; php_admin_value[max_input_time] = 300 +; php_admin_value[memory_limit] = 256M +; php_admin_flag[short_open_tag] = On + php_admin_value[max_execution_time] = 3600 php_admin_value[upload_max_filesize] = 50M php_admin_value[post_max_size] = 50M diff --git a/manifest.json b/manifest.json index ba309d0..ce6657f 100644 --- a/manifest.json +++ b/manifest.json @@ -1,22 +1,22 @@ { - "packaging_format": 1, - "id": "wallabag2", "name": "Wallabag", + "id": "wallabag2", + "packaging_format": 1, "description": { "en": "A self hostable read-it-later app", "fr": "Une application de lecture-plus-tard auto-hébergeable" }, + "version": "2.3.7-1~ynh2", "url": "https://www.wallabag.org", "license": "MIT", - "version": "2.3.7", "maintainer": { "name": "lapineige", "email": "" }, - "multi_instance": true, "requirements": { - "yunohost": ">= 3.5.0" + "yunohost": ">= 3.5" }, + "multi_instance": true, "services": [ "nginx", "php5-fpm", diff --git a/scripts/_common.sh b/scripts/_common.sh index ffe8244..ab8759c 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,63 +1,25 @@ -# -# Common variables -# +#!/bin/bash -# Package dependencies -PKG_DEPENDENCIES="php5-cli php5-mysql php5-json php5-gd php5-tidy php5-curl php-gettext php5-redis" +#================================================= +# COMMON VARIABLES +#================================================= + +# dependencies used by the app +pkg_dependencies="php-cli php-mysql php-json php-gd php-tidy php-curl php-gettext php-redis" + +#================================================= +# EXPERIMENTAL HELPERS +#================================================= # Execute a command as another user # usage: exec_as USER COMMAND [ARG ...] -exec_as() { +ynh_exec_as() { local USER=$1 shift 1 if [[ $USER = $(whoami) ]]; then - eval $@ + eval "$@" else - # use twice to be root and be allowed to use another user sudo -u "$USER" "$@" fi } - -# Execute a command through the wallabag console -# usage: exec_console AS_USER WORKDIR COMMAND [ARG ...] -exec_console() { - local AS_USER=$1 - local WORKDIR=$2 - shift 2 - exec_as "$AS_USER" php "$WORKDIR/bin/console" --no-interaction --env=prod "$@" -} - -WARNING () { # Print on error output - $@ >&2 -} - -QUIET () { # redirect standard output to /dev/null - $@ > /dev/null -} - -CHECK_SIZE () { # Check if enough disk space available on backup storage - file_to_analyse=$1 - backup_size=$(du --summarize "$file_to_analyse" | cut -f1) - free_space=$(df --output=avail "/home/yunohost.backup" | sed 1d) - - if [ $free_space -le $backup_size ] - then - WARNING echo "Not enough backup disk space for: $file_to_analyse." - WARNING echo "Space available: $(HUMAN_SIZE $free_space)" - ynh_die "Space needed: $(HUMAN_SIZE $backup_size)" - fi -} - - -# ============= FUTURE YUNOHOST HELPER ============= -# Delete a file checksum from the app settings -# -# $app should be defined when calling this helper -# -# usage: ynh_remove_file_checksum file -# | arg: file - The file for which the checksum will be deleted -ynh_delete_file_checksum () { - local checksum_setting_name=checksum_${1//[\/ ]/_} # Replace all '/' and ' ' by '_' - ynh_app_setting_delete $app $checksum_setting_name -} diff --git a/scripts/backup b/scripts/backup index a607aa6..37fb45c 100644 --- a/scripts/backup +++ b/scripts/backup @@ -1,61 +1,69 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -set -eu - +#================================================= +# GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= -if [ ! -e _common.sh ]; then - # Fetch helpers file if not in current directory - cp ../settings/scripts/_common.sh ./_common.sh - chmod a+rx _common.sh -fi -source _common.sh +source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + #================================================= # LOAD SETTINGS #================================================= +ynh_script_progression --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get $app domain) -final_path=$(ynh_app_setting_get $app final_path) -db_name=$(ynh_app_setting_get $app db_name) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +domain=$(ynh_app_setting_get --app=$app --key=domain) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) #================================================= # STANDARD BACKUP STEPS #================================================= # BACKUP APP MAIN DIR #================================================= +ynh_script_progression --message="Backing up the main app directory..." -CHECK_SIZE "$final_path" -ynh_backup "$final_path" +ynh_backup --src_path="$final_path" #================================================= # BACKUP NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Backing up nginx web server configuration..." -ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # BACKUP PHP-FPM CONFIGURATION #================================================= +ynh_script_progression --message="Backing up php-fpm configuration..." -ynh_backup "/etc/php5/fpm/pool.d/$app.conf" +ynh_backup --src_path="/etc/php/7.0/fpm/pool.d/$app.conf" #================================================= # BACKUP MYSQL DB #================================================= +ynh_script_progression --message="Backing up the MySQL database..." -ynh_mysql_dump_db "$db_name" > db.sql -CHECK_SIZE "db.sql" +ynh_mysql_dump_db --database="$db_name" > db.sql #================================================= # BACKUP FAIL2BAN CONFIGURATION #================================================= - ynh_backup "/etc/fail2ban/jail.d/$app.conf" ynh_backup "/etc/fail2ban/filter.d/$app.conf" + +#================================================= +# END OF SCRIPT +#================================================= +ynh_script_progression --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." --last \ No newline at end of file diff --git a/scripts/change_url b/scripts/change_url index b6eeec8..d26bf9f 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -24,20 +24,12 @@ app=$YNH_APP_INSTANCE_NAME #================================================= # LOAD SETTINGS #================================================= +ynh_script_progression --message="Loading installation settings..." --weight=2 -db_name=$(ynh_app_setting_get "$app" db_name) -db_pwd=$(ynh_app_setting_get "$app" mysqlpwd) -db_user="$db_name" -final_path=$(ynh_app_setting_get "$app" final_path) - -#================================================= -# CHECK PATHS SYNTAX -#================================================= - -test -n "$old_path" || old_path="/" -test -n "$new_path" || new_path="/" -new_path=$(ynh_normalize_url_path $new_path) -old_path=$(ynh_normalize_url_path $old_path) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) +db_user=$db_name +db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= # CHECK WHICH PARTS SHOULD BE CHANGED @@ -60,6 +52,7 @@ fi #================================================= # MODIFY URL IN NGINX CONF FILE #================================================= +ynh_script_progression --message="Updating nginx web server configuration..." --weight=2 nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf @@ -67,61 +60,58 @@ nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf if [ $change_path -eq 1 ] then # Make a backup of the original nginx config file if modified - ynh_backup_if_checksum_is_different "$nginx_conf_path" + ynh_backup_if_checksum_is_different --file="$nginx_conf_path" # Set global variables for nginx helper domain="$old_domain" path_url="$new_path" - # Store path_url setting - ynh_app_setting_set $app path_url "$path_url" # Create a dedicated nginx config ynh_add_nginx_config - if [ "$path_url" = "/" ] - then - # Replace "//" location (due to nginx template) - # Prevent from replacing in "http://" expressions by excluding ":" as preceding character - sed --in-place "s@\([^:]\)//@\1/@g" "$nginx_conf_path" - else - # Move prefix comment #for-subdir at end of lines - sed --in-place "s/#for-subdir\(.*\)/\1 #for-subdir/g" "$nginx_conf_path" - fi - ynh_store_file_checksum "$nginx_conf_path" fi # Change the domain for nginx if [ $change_domain -eq 1 ] then - # Delete file checksum for the old conf file location - ynh_delete_file_checksum "$nginx_conf_path" - mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf - # Store file checksum for the new config file location - ynh_store_file_checksum "/etc/nginx/conf.d/$new_domain.d/$app.conf" + # Delete file checksum for the old conf file location + ynh_delete_file_checksum --file="$nginx_conf_path" + mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf + # Store file checksum for the new config file location + ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" fi #================================================= # SPECIFIC MODIFICATIONS #================================================= +ynh_script_progression --message="Updating wallabag configuration..." # Configure Wallabag instance URL -ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_user" <<< "UPDATE craue_config_setting SET value = 'https://$new_domain$new_path' WHERE name = 'wallabag_url'" +ynh_mysql_connect_as --user=$db_user --password="$db_pwd" --database=$db_name <<< "UPDATE craue_config_setting SET value = 'https://$new_domain$new_path' WHERE name = 'wallabag_url'" # Change domain name in parameters.yml -ynh_replace_string "domain_name: .*" "domain_name: https://$new_domain$new_path" $final_path/app/config/parameters.yml +ynh_replace_string --match_string="domain_name: .*" --replace_string="domain_name: https://$new_domain$new_path" --target_file=$final_path/app/config/parameters.yml # If "Download images locally" option has been enabled in Internal Settings -download_images_enabled=$(ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_user" <<< "SELECT value from craue_config_setting WHERE name='download_images_enabled '" | tail -n 1) -if [ "$download_images_enabled" = "1" ] ; then - echo "Updating images URL; this operation may take a while..." +download_images_enabled=$(ynh_mysql_connect_as --user=$db_user --password="$db_pwd" --database=$db_name <<< "SELECT value from craue_config_setting WHERE name='download_images_enabled '" | tail -n 1) +if [ "$download_images_enabled" = "1" ] +then + ynh_print_info --message="Updating images URL; this operation may take a while..." # Query/replace the domain/path in every entry.content in mysql database - ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_user" <<< "UPDATE entry SET content = REPLACE(content, '$old_domain$old_path', '$new_domain$new_path');" + ynh_mysql_connect_as --user=$db_user --password="$db_pwd" --database=$db_name <<< "UPDATE entry SET content = REPLACE(content, '$old_domain$old_path', '$new_domain$new_path');" fi # Clear assets cache -ynh_secure_remove $final_path/var/cache +ynh_secure_remove --file=$final_path/var/cache #================================================= -# GENERIC FINALIZATION +# GENERIC FINALISATION #================================================= # RELOAD NGINX #================================================= +ynh_script_progression --message="Reloading nginx web server..." -systemctl reload nginx +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Change of URL completed for $app" --last diff --git a/scripts/install b/scripts/install index af7c450..2b5a364 100644 --- a/scripts/install +++ b/scripts/install @@ -13,7 +13,8 @@ source /usr/share/yunohost/helpers # MANAGE SCRIPT FAILURE #================================================= -ynh_abort_if_errors # Stop script if an error is detected +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST @@ -30,110 +31,126 @@ admin=$YNH_APP_ARG_ADMIN #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= +ynh_script_progression --message="Validating installation parameters..." --weight=2 final_path=/var/www/$app test ! -e "$final_path" || ynh_die "This path already contains a folder" -path_url=$(ynh_normalize_url_path $path_url) # Check and normalize path - -# Check web path availability -ynh_webpath_available $domain $path_url # Register (book) web path -ynh_webpath_register $app $domain $path_url +ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= -ynh_app_setting_set $app domain "$domain" -ynh_app_setting_set $app path_url "$path_url" -ynh_app_setting_set $app admin "$admin" +ynh_app_setting_set --app=$app --key=domain --value=$domain +ynh_app_setting_set --app=$app --key=path --value=$path_url +ynh_app_setting_set --app=$app --key=admin --value=$admin #================================================= # STANDARD MODIFICATIONS #================================================= # INSTALL DEPENDENCIES #================================================= +ynh_script_progression --message="Installing dependencies..." --weight=12 -ynh_install_app_dependencies "$PKG_DEPENDENCIES" +ynh_install_app_dependencies $pkg_dependencies #================================================= -# CREATE A MYSQL DB +# CREATE A MYSQL DATABASE #================================================= +ynh_script_progression --message="Creating a MySQL database..." db_name=$(ynh_sanitize_dbid $app) -db_user="$db_name" +db_user=$db_name +ynh_app_setting_set --app=$app --key=db_name --value=$db_name +ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name -# Generate random DES key & password -deskey=$(ynh_string_random 24) -ynh_app_setting_set "$app" deskey "$deskey" -ynh_app_setting_set "$app" db_name "$db_name" - -# Initialize database -ynh_mysql_setup_db "$db_user" "$db_name" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= +ynh_script_progression --message="Setting up source files..." --weight=6 -ynh_app_setting_set $app final_path "$final_path" -# Create tmp directory and fetch app inside -TMPDIR=$(mktemp -d) -ynh_setup_source "$TMPDIR" +### `ynh_setup_source` is used to install an app from a zip or tar.gz file, +### downloaded from an upstream source, like a git repository. +### `ynh_setup_source` use the file conf/app.src + +ynh_app_setting_set --app=$app --key=final_path --value=$final_path +# Download, check integrity, uncompress and patch the source from app.src +ynh_setup_source --dest_dir="$final_path" + +#================================================= +# NGINX CONFIGURATION +#================================================= +ynh_script_progression --message="Configuring nginx web server..." --weight=2 + +# Create a dedicated nginx config +ynh_add_nginx_config #================================================= # CREATE DEDICATED USER #================================================= +ynh_script_progression --message="Configuring system user..." --weight=2 -ynh_system_user_create $app # Create a dedicated system user +# Create a system user +ynh_system_user_create --username=$app + +#================================================= +# PHP-FPM CONFIGURATION +#================================================= +ynh_script_progression --message="Configuring php-fpm..." --weight=2 + +# Create a dedicated php-fpm config +ynh_add_fpm_config #================================================= # SPECIFIC SETUP #================================================= +# CONFIGURE WALLABAG +#================================================= +ynh_script_progression --message="Configuring wallabag..." --weight=35 # Copy and set Wallabag dist configuration -wb_conf="${TMPDIR}/app/config/parameters.yml" -cp ${TMPDIR}/app/config/parameters.yml.dist $wb_conf +wb_conf=$final_path/app/config/parameters.yml +cp $final_path/app/config/parameters.yml.dist $wb_conf -ynh_replace_string "fosuser_registration: true" "fosuser_registration: false" "$wb_conf" -ynh_replace_string "database_name: wallabag" "database_name: ${db_name}" "$wb_conf" -ynh_replace_string "database_user: root" "database_user: ${db_user}" "$wb_conf" -ynh_replace_string "database_password: ~" "database_password: ${db_pwd}" "$wb_conf" -ynh_replace_string "database_table_prefix: wallabag_" "database_table_prefix: null" "$wb_conf" -ynh_replace_string "secret: ovmpmAWXRCabNlMgzlzFXDYmCFfzGv" "secret: ${deskey}" "$wb_conf" -ynh_replace_string "domain_name: https://your-wallabag-url-instance.com" "domain_name: https://$domain$path_url" "$wb_conf" +ynh_replace_string --match_string="fosuser_registration: true" --replace_string="fosuser_registration: false" --target_file=$wb_conf +ynh_replace_string --match_string="database_name: wallabag" --replace_string="database_name: $db_name" --target_file=$wb_conf +ynh_replace_string --match_string="database_user: root" --replace_string="database_user: $db_user" --target_file=$wb_conf +ynh_replace_string --match_string="database_password: ~" --replace_string="database_password: $db_pwd" --target_file=$wb_conf +ynh_replace_string --match_string="database_table_prefix: wallabag_" --replace_string="database_table_prefix: null" --target_file=$wb_conf +# Generate random DES key & password +deskey=$(ynh_string_random --length=24) +ynh_app_setting_set --app=$app --key=deskey --value=$deskey +ynh_replace_string --match_string="secret: ovmpmAWXRCabNlMgzlzFXDYmCFfzGv" --replace_string="secret: $deskey" --target_file=$wb_conf +ynh_replace_string --match_string="domain_name: https://your-wallabag-url-instance.com" --replace_string="domain_name: https://$domain$path_url" --target_file=$wb_conf -# Restrict rights to Wallabag user only -chmod 600 "$wb_conf" +# Alias for php-cli execution command +php_exec="ynh_exec_as $app php "$final_path/bin/console" --no-interaction --env=prod" -# Install files and set permissions -mv "$TMPDIR" "$final_path" - -# Set rights on directory +# Set permissions to app files chown -R $app: $final_path -chmod 755 $final_path # Install dependencies and Wallabag -exec_console $app "$final_path" wallabag:install +$php_exec wallabag:install # Add users to Wallabag -for username in $(ynh_user_list); do - user_email=$(yunohost user info "$username" --output-as plain \ - | ynh_get_plain_key mail) - user_pass=$(ynh_string_random) - exec_console $app "$final_path" fos:user:create \ - "$username" "$user_email" "$user_pass" +for username in $(ynh_user_list) +do + user_email=$(ynh_user_get_info --username="$username" --key=mail) + user_pass=$(ynh_string_random) + $php_exec fos:user:create "$username" "$user_email" "$user_pass" done # Set admin user -exec_console $app "$final_path" fos:user:promote --super "$admin" +$php_exec fos:user:promote --super "$admin" # Configure Wallabag instance URL -ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_user" <<< "UPDATE craue_config_setting SET value = 'https://$domain$path_url' WHERE name = 'wallabag_url'" +ynh_mysql_connect_as --user=$db_user --password="$db_pwd" --database=$db_name <<< "UPDATE craue_config_setting SET value = 'https://$domain$path_url' WHERE name = 'wallabag_url'" #================================================= # CONFIGURE FAIL2BAN #================================================= - # Create the log file is not already existing during install mkdir -p "/var/www/$app/var/logs/" touch "/var/www/$app/var/logs/prod.log" @@ -141,31 +158,36 @@ chown $app: "/var/www/$app/var/logs/prod.log" # Add fail2ban config ynh_add_fail2ban_config --logpath="/var/www/$app/var/logs/prod.log" --failregex='app.ERROR: Authentication failure for user "([\w]+)?", from IP ""' --max_retry=5 - #================================================= -# NGINX CONFIGURATION +# GENERIC FINALIZATION +#================================================= +# SECURE FILES AND DIRECTORIES #================================================= -ynh_add_nginx_config -if [ "$path_url" = "/" ] -then - # Replace "//" location (due to nginx template) - # Prevent from replacing in "http://" expressions by excluding ":" as preceding character - sed --in-place "s@\([^:]\)//@\1/@g" /etc/nginx/conf.d/$domain.d/$app.conf -else - # Move prefix comment #for-subdir at end of lines - sed --in-place "s/#for-subdir\(.*\)/\1 #for-subdir/g" /etc/nginx/conf.d/$domain.d/$app.conf -fi -ynh_store_file_checksum "/etc/nginx/conf.d/$domain.d/$app.conf" +# Restrict rights to Wallabag user only +chmod 600 $wb_conf -# Copy and set php-fpm configuration -ynh_add_fpm_config +# Set permissions to app files +chown -R $app: $final_path +chmod 755 $final_path + +#================================================= +# SETUP SSOWAT +#================================================= +ynh_script_progression --message="Configuring SSOwat..." # Set SSOwat rules -ynh_app_setting_set "$app" unprotected_uris "/" +ynh_app_setting_set $app unprotected_uris "/" #================================================= # RELOAD NGINX #================================================= -systemctl restart php5-fpm -systemctl reload nginx +ynh_script_progression --message="Reloading nginx web server..." + +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Installation of $app completed" --last diff --git a/scripts/remove b/scripts/remove index 174210a..70f90cf 100644 --- a/scripts/remove +++ b/scripts/remove @@ -1,7 +1,5 @@ #!/bin/bash -# Treat unset variables as an error -set -u #================================================= # GENERIC STARTING #================================================= @@ -14,55 +12,74 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= +ynh_script_progression --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get $app domain) -db_name=$(ynh_app_setting_get $app db_name) -domain=$(ynh_app_setting_get "$app" domain) +domain=$(ynh_app_setting_get --app=$app --key=domain) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) +db_user=$db_name +final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= # STANDARD REMOVE +#================================================= +# REMOVE THE MYSQL DATABASE +#================================================= +ynh_script_progression --message="Removing the MySQL database" --weight=2 + +# Remove a database if it exists, along with the associated user +ynh_mysql_remove_db --db_user=$db_user --db_name=$db_name + #================================================= # REMOVE DEPENDENCIES #================================================= +ynh_script_progression --message="Removing dependencies" --weight=9 +# Remove metapackage and its dependencies ynh_remove_app_dependencies -# The following command is kept as a matter of transition with the previous way -# of managing dependencies -ynh_package_autoremove "wallabag-deps" || true - -#================================================= -# REMOVE THE MYSQL DB -#================================================= - -ynh_mysql_remove_db "$app" "$db_name" #================================================= # REMOVE APP MAIN DIR #================================================= +ynh_script_progression --message="Removing app main directory" --weight=2 -ynh_secure_remove "/var/www/$app" +# Remove the app directory securely +ynh_secure_remove --file="$final_path" #================================================= -# REMOVE NGINX AND PHP-FPM CONFIGURATION +# REMOVE NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Removing nginx web server configuration" -ynh_remove_fpm_config +# Remove the dedicated nginx config ynh_remove_nginx_config -# Reload services -systemctl restart php5-fpm -systemctl reload nginx +#================================================= +# REMOVE PHP-FPM CONFIGURATION +#================================================= +ynh_script_progression --message="Removing php-fpm configuration" + +# Remove the dedicated php-fpm config +ynh_remove_fpm_config #================================================= # REMOVE FAIL2BAN CONFIGURATION #================================================= - ynh_remove_fail2ban_config +#================================================= +# GENERIC FINALIZATION #================================================= # REMOVE DEDICATED USER #================================================= +ynh_script_progression --message="Removing the dedicated system user" -ynh_system_user_delete $app +# Delete a system user +ynh_system_user_delete --username=$app + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Removal of $app completed" --last diff --git a/scripts/restore b/scripts/restore index 44bc1c8..ec62624 100644 --- a/scripts/restore +++ b/scripts/restore @@ -1,81 +1,90 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -set -eu - +#================================================= +# GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= -if [ ! -e _common.sh ]; then - # Fetch helpers file if not in current directory - cp ../settings/scripts/_common.sh ./_common.sh - chmod a+rx _common.sh -fi -source _common.sh +source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + #================================================= # LOAD SETTINGS #================================================= +ynh_script_progression --message="Loading settings..." --weight=2 app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get $app domain) -path_url=$(ynh_app_setting_get $app path) -is_public=$(ynh_app_setting_get $app is_public) -final_path=$(ynh_app_setting_get $app final_path) -db_name=$(ynh_app_setting_get $app db_name) +domain=$(ynh_app_setting_get --app=$app --key=domain) +path_url=$(ynh_app_setting_get --app=$app --key=path) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) +db_user=$db_name #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= +ynh_script_progression --message="Validating restoration parameters..." -ynh_webpath_available $domain $path_url \ - || ynh_die "Path not available: ${domain}${path_url}" +ynh_webpath_available --domain=$domain --path_url=$path_url \ + || ynh_die --message="Path not available: ${domain}${path_url}" test ! -d $final_path \ - || ynh_die "There is already a directory: $final_path " + || ynh_die --message="There is already a directory: $final_path " #================================================= -# INSTALL DEPENDENCIES +# STANDARD RESTORATION STEPS +#================================================= +# RESTORE THE NGINX CONFIGURATION #================================================= -ynh_install_app_dependencies "$PKG_DEPENDENCIES" +ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= -# STANDARD RESTORE STEPS -#================================================= -# RESTORE NGINX CONFIGURATION +# RESTORE THE APP MAIN DIR #================================================= +ynh_script_progression --message="Restoring the app main directory..." -ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_restore_file --origin_path="$final_path" #================================================= -# RESTORE APP MAIN DIR +# RECREATE THE DEDICATED USER #================================================= +ynh_script_progression --message="Recreating the dedicated system user..." --weight=2 -ynh_restore_file "$final_path" - -#================================================= -# RESTORE MYSQL DB -#================================================= - -db_pwd=$(ynh_app_setting_get $app mysqlpwd) -ynh_mysql_create_db $db_name $db_name $db_pwd -ynh_mysql_connect_as $db_name $db_pwd $db_name < ./db.sql - -#================================================= -# RECREATE OF THE DEDICATED USER -#================================================= - -ynh_system_user_create $app # Recreate the dedicated user, if not existing +# Create the dedicated user (if not existing) +ynh_system_user_create --username=$app #================================================= # RESTORE USER RIGHTS #================================================= +# Restore permissions on app files chown -R $app: $final_path +#================================================= +# RESTORE THE PHP-FPM CONFIGURATION +#================================================= + +ynh_restore_file --origin_path="/etc/php/7.0/fpm/pool.d/$app.conf" + +#================================================= +# SPECIFIC RESTORATION +#================================================= +# REINSTALL DEPENDENCIES +#================================================= +ynh_script_progression --message="Reinstalling dependencies..." --weight=15 + +# Define and install dependencies +ynh_install_app_dependencies $pkg_dependencies + #================================================= # RESTORE FAIL2BAN CONFIGURATION #================================================= @@ -85,16 +94,26 @@ ynh_restore_file "/etc/fail2ban/filter.d/$app.conf" ynh_systemd_action --action=reload --service_name=fail2ban # Reload instead of restart for better performance #================================================= -# RESTORE PHP-FPM CONFIGURATION +# RESTORE THE MYSQL DATABASE #================================================= +ynh_script_progression --message="Restoring the MySQL database..." --weight=3 -ynh_restore_file "/etc/php5/fpm/pool.d/$app.conf" +db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) +ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd +ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql #================================================= # GENERIC FINALIZATION #================================================= # RELOAD NGINX AND PHP-FPM #================================================= +ynh_script_progression --message="Reloading nginx web server and php-fpm..." -systemctl reload php5-fpm -systemctl reload nginx +ynh_systemd_action --service_name=php7.0-fpm --action=reload +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Restoration completed for $app" --last diff --git a/scripts/upgrade b/scripts/upgrade index e66cb6e..13fcb68 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,9 +1,7 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -set -eu #================================================= -# GENERIC STARTING +# GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= @@ -14,104 +12,116 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= -# Set app specific variables +ynh_script_progression --message="Loading installation settings..." --weight=2 + app=$YNH_APP_INSTANCE_NAME -# Check destination directory -DESTDIR="/var/www/$app" -[[ ! -d $DESTDIR ]] && ynh_die \ -"The destination directory '$DESTDIR' does not exist.\ - The app is not correctly installed, you should remove it first." - -# Retrieve arguments -domain=$(ynh_app_setting_get "$app" domain) -path_url=$(ynh_app_setting_get "$app" path_url) -# Compatibility with previous version -if [ -z "$path_url" ] ; then - path_url=$(ynh_app_setting_get "$app" path) - ynh_app_setting_set $app path_url "$path_url" -fi -path_url=$(ynh_normalize_url_path $path_url) -db_pwd=$(ynh_app_setting_get "$app" mysqlpwd) -deskey=$(ynh_app_setting_get "$app" deskey) -final_path=$(ynh_app_setting_get "$app" final_path) -# Compatibility with previous version -if [ -z "$final_path" ] ; then - final_path="/var/www/$app" - ynh_app_setting_set $app final_path "$final_path" -fi - -db_name=$(ynh_app_setting_get "$app" db_name) -# Compatibility with previous version -if [ -z "$db_name" ] ; then - db_name=$app - ynh_app_setting_set "$app" db_name "$db_name" -fi -db_user="$db_name" +domain=$(ynh_app_setting_get --app=$app --key=domain) +path_url=$(ynh_app_setting_get --app=$app --key=path) +admin=$(ynh_app_setting_get --app=$app --key=admin) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) +db_user=$db_name +db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) +deskey=$(ynh_app_setting_get --app=$app --key=deskey) #================================================= -# MANAGE SCRIPT FAILURE +# CHECK VERSION #================================================= -# Use prior backup and restore on error only if backup feature -# exists on installed instance -if [ -f "/etc/yunohost/apps/$app/scripts/backup" ] ; then - ynh_backup_before_upgrade # Backup the current version of the app - ynh_clean_setup () { - ynh_backup_after_failed_upgrade - } - ynh_abort_if_errors # Stop script if an error is detected +upgrade_type=$(ynh_check_app_version_changed) + +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= +ynh_script_progression --message="Ensuring downward compatibility..." + +# If db_name doesn't exist, create it +if [ -z "$db_name" ]; then + db_name=$(ynh_sanitize_dbid --db_name=$app) + ynh_app_setting_set --app=$app --key=db_name --value=$db_name +fi + +# If final_path doesn't exist, create it +if [ -z "$final_path" ]; then + final_path=/var/www/$app + ynh_app_setting_set --app=$app --key=final_path --value=$final_path +fi + +# If path_url doesn't exist, create it +if [ -z "$path_url" ]; then + path_url=$(ynh_app_setting_get --app=$app --key=path_url) + ynh_app_setting_set --app=$app --key=path --value=$path_url fi #================================================= -# INSTALL DEPENDENCIES +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +#================================================= +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=30 + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# CHECK THE PATH #================================================= -ynh_install_app_dependencies "$PKG_DEPENDENCIES" +path_url=$(ynh_normalize_url_path --path_url=$path_url) +#================================================= +# STANDARD UPGRADE STEPS #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -# Create tmp directory and fetch app inside -TMPDIR=$(ynh_mkdir_tmp) -ynh_setup_source "$TMPDIR" +if [ "$upgrade_type" == "UPGRADE_APP" ] +then + ynh_script_progression --message="Upgrading source files..." --weight=6 + + # Download, check integrity, uncompress and patch the source from app.src + ynh_setup_source --dest_dir="$final_path" + + # Clear cache + ynh_secure_remove --file="$final_path/var/cache" + mkdir "$final_path/var/cache" +fi + +#================================================= +# NGINX CONFIGURATION +#================================================= +ynh_script_progression --message="Upgrading nginx web server configuration..." + +# Create a dedicated nginx config +ynh_add_nginx_config + +#================================================= +# UPGRADE DEPENDENCIES +#================================================= +ynh_script_progression --message="Upgrading dependencies..." --weight=7 + +ynh_install_app_dependencies $pkg_dependencies #================================================= # CREATE DEDICATED USER #================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." -ynh_system_user_create $app # Create dedicated user if not existing +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app #================================================= -# SPECIFIC SETUP +# PHP-FPM CONFIGURATION #================================================= +ynh_script_progression --message="Upgrading php-fpm configuration..." -# Copy and set Wallabag dist configuration -wb_conf="${TMPDIR}/app/config/parameters.yml" -cp ${TMPDIR}/app/config/parameters.yml.dist $wb_conf - -ynh_replace_string "fosuser_registration: true" "fosuser_registration: false" "$wb_conf" -ynh_replace_string "database_name: wallabag" "database_name: ${db_name}" "$wb_conf" -ynh_replace_string "database_user: root" "database_user: ${db_user}" "$wb_conf" -ynh_replace_string "database_password: ~" "database_password: ${db_pwd}" "$wb_conf" -ynh_replace_string "database_table_prefix: wallabag_" "database_table_prefix: null" "$wb_conf" -ynh_replace_string "secret: ovmpmAWXRCabNlMgzlzFXDYmCFfzGv" "secret: ${deskey}" "$wb_conf" -ynh_replace_string "domain_name: https://your-wallabag-url-instance.com" "domain_name: https://$domain$path_url" "$wb_conf" - -# Replace files and set permissions -ynh_secure_remove "${final_path}/var/cache" -mkdir "${final_path}/var/cache" -cp -a $TMPDIR/. "${final_path}" -chown -R $app: "${final_path}" -chmod 755 $final_path - -# Upgrade database and clear the cache -exec_console $app "${final_path}" doctrine:migrations:migrate -exec_console $app "${final_path}" cache:clear - -# Configure Wallabag instance URL -ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_user" <<< "UPDATE craue_config_setting SET value = 'https://$domain$path_url' WHERE name = 'wallabag_url'" +# Create a dedicated php-fpm config +ynh_add_fpm_config # Set-up fail2ban # Create the log file is not already existing @@ -125,29 +135,74 @@ fi ynh_add_fail2ban_config --logpath="$final_path/var/logs/prod.log" --failregex='app.ERROR: Authentication failure for user "([\w]+)?", from IP ""' --max_retry=5 # same as install config #================================================= -# NGINX CONFIGURATION +# SPECIFIC UPGRADE +#================================================= +# CONFIGURE WALLABAG #================================================= -ynh_add_nginx_config -if [ "$path_url" = "/" ] +if [ "$upgrade_type" == "UPGRADE_APP" ] then - # Replace "//" location (due to nginx template) - # Prevent from replacing in "http://" expressions by excluding ":" as preceding character - sed --in-place "s@\([^:]\)//@\1/@g" /etc/nginx/conf.d/$domain.d/$app.conf -else - # Move prefix comment #for-subdir at end of lines - sed --in-place "s/#for-subdir\(.*\)/\1 #for-subdir/g" /etc/nginx/conf.d/$domain.d/$app.conf + ynh_script_progression --message="Reconfiguring wallabag..." --weight=11 + + # Copy and set Wallabag dist configuration + wb_conf=$final_path/app/config/parameters.yml + cp $final_path/app/config/parameters.yml.dist $wb_conf + + ynh_replace_string --match_string="fosuser_registration: true" --replace_string="fosuser_registration: false" --target_file=$wb_conf + ynh_replace_string --match_string="database_name: wallabag" --replace_string="database_name: $db_name" --target_file=$wb_conf + ynh_replace_string --match_string="database_user: root" --replace_string="database_user: $db_user" --target_file=$wb_conf + ynh_replace_string --match_string="database_password: ~" --replace_string="database_password: $db_pwd" --target_file=$wb_conf + ynh_replace_string --match_string="database_table_prefix: wallabag_" --replace_string="database_table_prefix: null" --target_file=$wb_conf + ynh_replace_string --match_string="secret: ovmpmAWXRCabNlMgzlzFXDYmCFfzGv" --replace_string="secret: $deskey" --target_file=$wb_conf + ynh_replace_string --match_string="domain_name: https://your-wallabag-url-instance.com" --replace_string="domain_name: https://$domain$path_url" --target_file=$wb_conf + + #================================================= + # UPGRADE WALLABAG + #================================================= + + # Alias for php-cli execution command + php_exec="ynh_exec_as $app php "$final_path/bin/console" --no-interaction --env=prod" + + # Set permissions to app files + chown -R $app: $final_path + + # Upgrade database and clear the cache + $php_exec doctrine:migrations:migrate + $php_exec cache:clear + + # Configure Wallabag instance URL + ynh_mysql_connect_as --user=$db_user --password="$db_pwd" --database=$db_name <<< "UPDATE craue_config_setting SET value = 'https://$domain$path_url' WHERE name = 'wallabag_url'" fi -ynh_store_file_checksum "/etc/nginx/conf.d/$domain.d/$app.conf" -# Copy and set php-fpm configuration -ynh_add_fpm_config +#================================================= +# GENERIC FINALIZATION +#================================================= +# SECURE FILES AND DIRECTORIES +#================================================= + +# Restrict rights to Wallabag user only +chmod 600 $wb_conf + +# Set permissions to app files +chown -R $app: $final_path +chmod 755 $final_path + +#================================================= +# SETUP SSOWAT +#================================================= +ynh_script_progression --message="Upgrading SSOwat configuration..." -# Set SSOwat rules ynh_app_setting_set "$app" unprotected_uris "/" #================================================= # RELOAD NGINX #================================================= -systemctl restart php5-fpm -systemctl reload nginx +ynh_script_progression --message="Reloading nginx web server..." + +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Upgrade of $app completed" --last