From f78d2bc897a0e367fd6068b0abcc64e2234341e0 Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Thu, 20 Apr 2017 21:00:45 +0200 Subject: [PATCH] Use dedicated system user, backup before upgrade --- conf/php-fpm.conf | 4 ++-- scripts/_common.sh | 60 ++++++++++++++++++++++++++++++++++++++++++++++ scripts/install | 18 +++++++++----- scripts/remove | 6 +++++ scripts/restore | 7 +++++- scripts/upgrade | 23 +++++++++++++++--- 6 files changed, 106 insertions(+), 12 deletions(-) diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index e249310..fa1937a 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -8,8 +8,8 @@ listen.group = www-data listen.mode = 0600 ; Unix user/group of processes. -user = www-data -group = www-data +user = {USER} +group = {USER} ; Choose how the process manager will control the number of child processes. pm = dynamic diff --git a/scripts/_common.sh b/scripts/_common.sh index d1d036b..ab6cdcc 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -104,6 +104,35 @@ CHECK_FINALPATH () { # Check if destination directory already exists } +BACKUP_FAIL_UPGRADE () { + WARNING echo "Upgrade failed." + app_bck=${app//_/-} # Replace all '_' by '-' + if sudo yunohost backup list | grep -q $app_bck-pre-upgrade$backup_number; then # Check if existing archive before removing app and restoring + sudo yunohost app remove $app # Remove app before restoring it + sudo yunohost backup restore --ignore-hooks $app_bck-pre-upgrade$backup_number --apps $app --force # Restore the backup if upgrade failed + ynh_die "The app was restored to the way it was before the failed upgrade." + fi +} + +BACKUP_BEFORE_UPGRADE () { # Backup the current version of the app, restore it if the upgrade fails + backup_number=1 + old_backup_number=2 + app_bck=${app//_/-} # Replace all '_' by '-' + if sudo yunohost backup list | grep -q $app_bck-pre-upgrade1; then # Check for existing archive numbered 1 + backup_number=2 # And change archive number to 2 + old_backup_number=1 + fi + + sudo yunohost backup create --ignore-hooks --apps $app --name $app_bck-pre-upgrade$backup_number # Create a backup different from the existing one + if [ "$?" -eq 0 ]; then # If backup succfessful, delete former archive + if sudo yunohost backup list | grep -q $app_bck-pre-upgrade$old_backup_number; then # Check for existing archive before removing it + QUIET sudo yunohost backup delete $app_bck-pre-upgrade$old_backup_number + fi + else # If backup failed + ynh_die "Backup failed, the upgrade process was aborted." + fi +} + #================================================= # FUTURE YUNOHOST HELPERS - TO BE REMOVED LATER #================================================= @@ -274,4 +303,35 @@ ynh_secure_remove () { echo "$path_to_remove wasn't deleted because it doesn't exist." >&2 fi fi +} + +# Create a system user +# +# usage: ynh_system_user_create user_name [home_dir] +# | arg: user_name - Name of the system user that will be create +# | arg: home_dir - Path of the home dir for the user. Usually the final path of the app. If this argument is omitted, the user will be created without home +ynh_system_user_create () { + if ! ynh_system_user_exists "$1" # Check if the user exists on the system + then # If the user doesn't exist + if [ $# -ge 2 ]; then # If a home dir is mentioned + user_home_dir="-d $2" + else + user_home_dir="--no-create-home" + fi + sudo useradd $user_home_dir --system --user-group $1 --shell /usr/sbin/nologin || ynh_die "Unable to create $1 system account" + fi +} + +# Delete a system user +# +# usage: ynh_system_user_delete user_name +# | arg: user_name - Name of the system user that will be create +ynh_system_user_delete () { + if ynh_system_user_exists "$1" # Check if the user exists on the system + then + echo "Remove the user $1" >&2 + sudo userdel $1 + else + echo "The user $1 was not found" >&2 + fi } \ No newline at end of file diff --git a/scripts/install b/scripts/install index 02e394b..2f35604 100644 --- a/scripts/install +++ b/scripts/install @@ -75,10 +75,15 @@ ynh_mysql_create_db "$db_name" "$db_user" "$dbpass" ynh_app_setting_set $app final_path "$final_path" # Create tmp directory and fetch app inside -TMPDIR=$(ynh_mkdir_tmp) +TMPDIR=$(mktemp -d) extract_wallabag "$TMPDIR" - +#================================================= +# CREATE DEDICATED USER +#================================================= + +ynh_system_user_create $app # Create a dedicated system user + #================================================= # SPECIFIC SETUP #================================================= @@ -95,22 +100,22 @@ ynh_replace_string "{DESKEY}" "${deskey}" "$wb_conf" sudo mv "$TMPDIR" "$final_path" # Set rights for www-data -sudo chown -R www-data: $final_path +sudo chown -R $app: $final_path # Install dependencies and Wallabag -exec_console www-data "$final_path" wallabag:install +exec_console $app "$final_path" wallabag:install # Add users to Wallabag for username in $(ynh_user_list); do user_email=$(sudo yunohost user info "$username" --output-as plain \ | ynh_get_plain_key mail) user_pass=$(ynh_string_random) - exec_console www-data "$final_path" fos:user:create \ + exec_console $app "$final_path" fos:user:create \ "$username" "$user_email" "$user_pass" done # Set admin user -exec_console www-data "$final_path" fos:user:promote --super "$admin" +exec_console $app "$final_path" fos:user:promote --super "$admin" #================================================= # NGINX CONFIGURATION @@ -133,6 +138,7 @@ sudo cp "$nginx_conf" "/etc/nginx/conf.d/${domain}.d/${app}.conf" phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf" ynh_replace_string "{POOLNAME}" "${app}" "$PKGDIR/conf/php-fpm.conf" ynh_replace_string "{DESTDIR}" "${final_path}" "$PKGDIR/conf/php-fpm.conf" +ynh_replace_string "{USER}" "${app}" "$PKGDIR/conf/php-fpm.conf" sudo cp $PKGDIR/conf/php-fpm.conf "$phpfpm_conf" # Set SSOwat rules diff --git a/scripts/remove b/scripts/remove index 1ceb7cf..56038a4 100644 --- a/scripts/remove +++ b/scripts/remove @@ -61,3 +61,9 @@ ynh_remove_app_dependencies # The following command is keeped as a matter of transition with the previous way # of managing dependencies ynh_package_autoremove "wallabag-deps" || true + +#================================================= +# REMOVE DEDICATED USER +#================================================= + +ynh_system_user_delete $app \ No newline at end of file diff --git a/scripts/restore b/scripts/restore index 8c6b9c6..d2cf224 100644 --- a/scripts/restore +++ b/scripts/restore @@ -60,12 +60,17 @@ db_pwd=$(ynh_app_setting_get $app mysqlpwd) ynh_mysql_create_db $db_name $db_name $db_pwd ynh_mysql_connect_as $db_name $db_pwd $db_name < ./db.sql +#================================================= +# RECREATE OF THE DEDICATED USER +#================================================= + +ynh_system_user_create $app # Recreate the dedicated user, if not existing #================================================= # RESTORE USER RIGHTS #================================================= -sudo chown -R www-data: $final_path +sudo chown -R $app: $final_path #================================================= # RESTORE PHP-FPM CONFIGURATION diff --git a/scripts/upgrade b/scripts/upgrade index 00cd4bd..fe4c4b8 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -48,6 +48,16 @@ if [ -z "$db_name" ] ; then ynh_app_setting_set "$app" db_name "$db_name" fi +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +BACKUP_BEFORE_UPGRADE # Backup the current version of the app +ynh_clean_setup () { + BACKUP_FAIL_UPGRADE +} +ynh_abort_if_errors # Stop script if an error is detected + #================================================= # INSTALL DEPENDENCIES #================================================= @@ -62,6 +72,12 @@ ynh_install_app_dependencies "$PKG_DEPENDENCIES" TMPDIR=$(ynh_mkdir_tmp) extract_wallabag "$TMPDIR" +#================================================= +# CREATE DEDICATED USER +#================================================= + +ynh_system_user_create $app # Create dedicated user if not existing + #================================================= # SPECIFIC SETUP #================================================= @@ -77,11 +93,11 @@ ynh_replace_string "{DESKEY}" "${deskey}" "$wb_conf" # Replace files and set permissions ynh_secure_remove "${final_path}" sudo mv "$TMPDIR" "${final_path}" -sudo chown -R www-data: "${final_path}" +sudo chown -R $app: "${final_path}" # Upgrade database and clear the cache -exec_console www-data "${final_path}" doctrine:migrations:migrate -exec_console www-data "${final_path}" cache:clear +exec_console $app "${final_path}" doctrine:migrations:migrate +exec_console $app "${final_path}" cache:clear #================================================= # NGINX CONFIGURATION @@ -104,6 +120,7 @@ sudo cp "$nginx_conf" "/etc/nginx/conf.d/${domain}.d/${app}.conf" phpfpm_conf="/etc/php5/fpm/pool.d/${app}.conf" ynh_replace_string "{POOLNAME}" "${app}" "$PKGDIR/conf/php-fpm.conf" ynh_replace_string "{DESTDIR}" "${final_path}" "$PKGDIR/conf/php-fpm.conf" +ynh_replace_string "{USER}" "${app}" "$PKGDIR/conf/php-fpm.conf" sudo cp $PKGDIR/conf/php-fpm.conf "$phpfpm_conf"