Improve uwsgi, fix root install, upgrade postgresql

conf/uwsgi-app@.service

@@ -6,6 +6,7 @@ After=syslog.target
 ExecStart=/usr/bin/uwsgi \
         --ini /etc/uwsgi/apps-available/%i.ini \
         --socket /var/run/uwsgi/%i.socket \
+        --chmod-socket=775 \
         --logto /var/log/uwsgi/app/%i
 User=%i
 Group=www-data
@@ -14,3 +15,6 @@ KillSignal=SIGQUIT
 Type=notify
 StandardError=syslog
 NotifyAccess=all
+
+[Install]
+WantedBy=multi-user.target

conf/uwsgi-app@.socket

@@ -1,11 +0,0 @@
-[Unit]
-Description=Socket for uWSGI app %i
-
-[Socket]
-ListenStream=/var/run/uwsgi/%i.socket
-SocketUser=%i
-SocketGroup=www-data
-SocketMode=0775
-
-[Install]
-WantedBy=sockets.target

scripts/_common.sh

@@ -5,13 +5,7 @@ current_version="2.20"
 ynh_check_global_uwsgi_config () {
 	uwsgi --version || ynh_die "You need to add uwsgi (and appropriate plugin) as a dependency"
 
-	if [ -f /etc/systemd/system/uwsgi-app@.service ];
+	cp ../conf/uwsgi-app@.service /etc/systemd/system/uwsgi-app@.service
-	then
-		echo "Uwsgi generic file is already installed"
-	else
-		cp ../conf/uwsgi-app@.socket /etc/systemd/system/uwsgi-app@.socket
-		cp ../conf/uwsgi-app@.service /etc/systemd/system/uwsgi-app@.service
-	fi
 
 	# make sure the folder for sockets exists and set authorizations
 	mkdir -p /var/run/uwsgi/
@@ -63,12 +57,12 @@ ynh_add_uwsgi_service () {
 	ynh_store_file_checksum "$finaluwsgiini"
 
 	chown root: "$finaluwsgiini"
-	systemctl enable "uwsgi-app@$app.socket"
+
-	systemctl start "uwsgi-app@$app.socket"
 	systemctl daemon-reload
+	systemctl enable "uwsgi-app@$app.service"
 
 	# Add as a service
-	yunohost service add "uwsgi-app@$app.socket" --log "/var/log/uwsgi/app/$app"
+	yunohost service add "uwsgi-app@$app.service" --log "/var/log/uwsgi/app/$app"
 }
 
 # Remove the dedicated uwsgi ini file
@@ -77,12 +71,11 @@ ynh_add_uwsgi_service () {
 ynh_remove_uwsgi_service () {
 	finaluwsgiini="/etc/uwsgi/apps-available/$app.ini"
 	if [ -e "$finaluwsgiini" ]; then
-		systemctl stop "uwsgi-app@$app.socket"
+		systemctl stop "uwsgi-app@$app.service"
-		systemctl disable "uwsgi-app@$app.socket"
+		systemctl disable "uwsgi-app@$app.service"
-		yunohost service remove "uwsgi-app@$app.socket"
+		yunohost service remove "uwsgi-app@$app.service"
 
 		ynh_secure_remove "$finaluwsgiini"
-		ynh_secure_remove "/var/run/uwsgi/$app.socket"
 		ynh_secure_remove "/var/log/uwsgi/app/$app"
 	fi
 }
@@ -124,6 +117,18 @@ ynh_check_if_checksum_is_different() {
 	echo "$check"
 }
 
+#=================================================
+#
+# POSTGRES HELPERS
+#
+# Point of contact : Jean-Baptiste Holcroft <jean-baptiste@holcroft.fr>
+#=================================================
+
+# Create a master password and set up global settings
+# Please always call this script in install and restore scripts
+#
+# usage: ynh_psql_test_if_first_run
+
 ynh_psql_test_if_first_run() {
 	if [ -f /etc/yunohost/psql ];
 	then
@@ -144,8 +149,12 @@ ynh_psql_test_if_first_run() {
 		fi
 
 		systemctl start postgresql
-                su --command="psql -c\"ALTER user postgres WITH PASSWORD '${pgsql}'\"" postgres
+		sudo --login --user=postgres psql -c"ALTER user postgres WITH PASSWORD '$pgsql'" postgres
-		# we can't use peer since YunoHost create users with nologin
+
+		# force all user to connect to local database using passwords
+		# https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html#EXAMPLE-PG-HBA.CONF
+		# Note: we can't use peer since YunoHost create users with nologin
+		#  See: https://github.com/YunoHost/yunohost/blob/unstable/data/helpers.d/user
 		sed -i '/local\s*all\s*all\s*peer/i \
 		local all all password' "$pg_hba"
 		systemctl enable postgresql
@@ -167,7 +176,6 @@ ynh_psql_connect_as() {
 	pwd="$2"
 	db="$3"
 	sudo --login --user=postgres PGUSER="$user" PGPASSWORD="$pwd" psql "$db"
-	echo "ynh_psql_connect_as" && pwd && ls -lah $(pwd)
 }
 
 # # Execute a command as root user
@@ -178,7 +186,6 @@ ynh_psql_connect_as() {
 ynh_psql_execute_as_root () {
 	sql="$1"
 	sudo --login --user=postgres psql <<< "$sql"
-	echo "ynh_psql_execute_as_root" && pwd && ls -lah $(pwd)
 }
 
 # Execute a command from a file as root user
@@ -190,7 +197,6 @@ ynh_psql_execute_file_as_root() {
 	file="$1"
 	db="$2"
 	sudo --login --user=postgres psql "$db" < "$file"
-	echo "ynh_psql_execute_file_as_root" && pwd && ls -lah $(pwd)
 }
 
 # Create a database, an user and its password. Then store the password in the app's config
@@ -204,7 +210,6 @@ ynh_psql_execute_file_as_root() {
 # | arg: pwd - Password of the database. If not given, a password will be generated
 ynh_psql_setup_db () {
 	db_user="$1"
-	app="$1"
 	db_name="$2"
 	new_db_pwd=$(ynh_string_random)	# Generate a random password
 	# If $3 is not given, use new_db_pwd instead for db_pwd.

scripts/backup

@@ -61,7 +61,6 @@ ynh_backup "/etc/cron.d/$app"
 #=================================================
 
 ynh_backup "/etc/uwsgi/apps-available/$app.ini"
-ynh_backup "/etc/systemd/system/uwsgi-app@.socket"
 ynh_backup "/etc/systemd/system/uwsgi-app@.service"
 
 #=================================================

scripts/install

@@ -85,14 +85,13 @@ ynh_install_app_dependencies libxml2-dev libxslt-dev libfreetype6-dev \
 # CREATE A PostgreSQL DATABASE
 #=================================================
 
+db_name=$(ynh_sanitize_dbid "$app")
+ynh_app_setting_set "$app" db_name "$db_name"
+
 ynh_psql_test_if_first_run
 
-db_name=$(ynh_sanitize_dbid "$app")
-db_user_pwd=$(ynh_string_random)
 # Initialize database and store postgres password for upgrade
-ynh_psql_create_db "$db_name" "$app" "$db_user_pwd"
+ynh_psql_setup_db "$db_name" "$app"
-ynh_app_setting_set "$app" db_name "$db_name"
-ynh_app_setting_set "$app" psqlpwd "$db_user_pwd"
 
 systemctl reload postgresql
 
@@ -176,6 +175,13 @@ EOF
 
 ynh_add_uwsgi_service
 
+# root install doesn't require uwsgi to handle script names
+if [ "$path_url" == "/" ]
+then
+	ynh_replace_string "manage-script-name = true" "manage-script-name = false" "$finaluwsgiini"
+	ynh_store_file_checksum "$finaluwsgiini"
+fi
+
 #=================================================
 # PIP INSTALLATION
 #=================================================
@@ -274,6 +280,12 @@ then
 	ynh_store_file_checksum "$finalnginxconf"
 fi
 
+#=================================================
+# Start weblate
+#=================================================
+
+systemctl start "uwsgi-app@$app.service"
+
 #=================================================
 # RELOAD NGINX
 #=================================================
@@ -289,4 +301,4 @@ Weblate settings file          : $settings
 If you facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/weblate_ynh
 "
 
-ynh_send_readme_to_admin "$message" "$admin"
+ynh_send_readme_to_admin "$message" "$admin"

scripts/remove

@@ -14,7 +14,7 @@ source /usr/share/yunohost/helpers
 #=================================================
 
 app=$YNH_APP_INSTANCE_NAME
-
+domain=$(ynh_app_setting_get "$app" domain)
 db_name=$(ynh_app_setting_get "$app" db_name)
 
 #=================================================

scripts/restore

@@ -84,14 +84,13 @@ ynh_install_app_dependencies libxml2-dev libxslt-dev libfreetype6-dev \
 #=================================================
 
 ynh_psql_test_if_first_run
-ynh_psql_setup_db "$db_name" "$db_name" "$db_pwd"
+ynh_psql_create_db "$db_name" "$db_name" "$db_pwd"
 ynh_psql_execute_file_as_root ./db.sql "$db_name"
 
 #=================================================
 # RESTORE THE UWSGI MECANICS
 #=================================================
 
-ynh_restore_file "/etc/systemd/system/uwsgi-app@.socket"
 ynh_restore_file "/etc/systemd/system/uwsgi-app@.service"
 
 # make sure the folder for sockets exists and set authorizations
@@ -112,12 +111,11 @@ usermod --append --groups www-data "$app"
 
 ynh_restore_file "/etc/uwsgi/apps-available/$app.ini"
 
-systemctl enable "uwsgi-app@$app.socket"
-systemctl start "uwsgi-app@$app.socket"
 systemctl daemon-reload
+systemctl enable "uwsgi-app@$app.service"
 
 # Add as a service
-yunohost service add "uwsgi-app@$app.socket" --log "/var/log/uwsgi/app/$app"
+yunohost service add "uwsgi-app@$app.service" --log "/var/log/uwsgi/app/$app"
 
 #=================================================
 # RESTORE THE CRON FILE
@@ -133,6 +131,12 @@ ynh_restore_file "/usr/bin/hub"
 
 #=================================================
 # GENERIC FINALIZATION
+#=================================================
+# Start weblate
+#=================================================
+
+systemctl start "uwsgi-app@$app.service"
+
 #=================================================
 # RELOAD NGINX & uwsgi
 #=================================================

scripts/upgrade

@@ -83,6 +83,15 @@ then
 	ynh_secure_remove "/etc/systemd/system/$app.service"
 fi
 
+# (<2.20) remove your old sockets!
+if [ -e "/etc/systemd/system/uwsgi-app@.socket" ]
+then
+	systemctl stop "uwsgi-app@$app.socket"
+	yunohost service remove "uwsgi-app@$app.socket"
+	ynh_secure_remove "/etc/systemd/system/uwsgi-app@.socket"
+	systemctl daemon-reload
+fi
+
 # (<2.18) move hub to the correct folder
 if [ -e "$final_path/bin/hub" ]
 then
@@ -145,6 +154,13 @@ ynh_install_app_dependencies libxml2-dev libxslt-dev libfreetype6-dev \
 
 ynh_add_uwsgi_service
 
+# root install doesn't require uwsgi to handle script names
+if [ "$path_url" == "/" ]
+then
+	ynh_replace_string "manage-script-name = true" "manage-script-name = false" "$finaluwsgiini"
+	ynh_store_file_checksum "$finaluwsgiini"
+fi
+
 #=================================================
 # PIP INSTALLATION
 #=================================================
@@ -274,6 +290,12 @@ then
 	ynh_store_file_checksum "$finalnginxconf"
 fi
 
+#=================================================
+# Restart weblate
+#=================================================
+
+systemctl start "uwsgi-app@$app.service"
+
 #=================================================
 # RELOAD NGINX
 #=================================================