diff --git a/README.md b/README.md index 74451ba..f36b71d 100644 --- a/README.md +++ b/README.md @@ -13,6 +13,10 @@ An admin user is created at installation, the login is what you provided at inst You'll need to give weblate a github user and a token. Please read [github's documentation about token](https://help.github.com/articles/creating-a-personal-access-token-for-the-command-line/). This user will only be used to open the pull-request, each translation keep his author. +**Careful**, I still have to understand why, but you'll have to **manually** move your hub binary frile from /var/www/$app/bin/ to /usr/bin to enable pull request on github. I'm close to fix this. + +**SSH keys**, you'll have to go in administration, and generate a public key for weblate and add github.com so weblate knows the fingerprint. Please note if your account already have a public key (ssh-rsa), you'll have to manually add the weblate's one to your github account. + ## Settings and upgrades Almost everything related to Weblate's configuration is handled in a `settings.py` file. diff --git a/check_process b/check_process index cdf0869..f996816 100644 --- a/check_process +++ b/check_process @@ -11,7 +11,6 @@ is_public=1 (PUBLIC|public=1|private=0) github_account="myaccount" github_token="myoauthtoken" - password="pass" ; Checks pkg_linter=1 setup_sub_dir=1 @@ -20,6 +19,8 @@ setup_private=1 setup_public=1 upgrade=1 + # latest published in community.json + upgrade=1 from_commit=dc037965b0fbc1bd59d352c4d2b71a97b1e4768f backup_restore=1 multi_instance=1 incorrect_path=1 @@ -41,3 +42,7 @@ ;;; Options Email=jean-baptiste@holcroft.fr Notification=all +;;; Upgrade options + ; commit=dc037965b0fbc1bd59d352c4d2b71a97b1e4768f + name=Upgrade from 2.17.1 +manifest_arg=domain=DOMAIN&path=PATH&admin=USER&is_public=1&github_account=fake&github_token=fake diff --git a/conf/nginx.conf b/conf/nginx.conf index ac13a2b..25c4237 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -6,33 +6,31 @@ location __PATH__ { include uwsgi_params; # Needed for long running operations in admin interface uwsgi_read_timeout 3600; - uwsgi_param SCRIPT_NAME __PATH__; - uwsgi_modifier1 30; - uwsgi_pass unix://__FINALPATH__/socket; + uwsgi_pass unix:///var/run/uwsgi/__NAME__.socket; # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; } -location __PATH__/favicon.ico { +location ^__PATH__/favicon.ico$ { # DATA_DIR/static/favicon.ico alias __FINALPATH__/data/static/favicon.ico; expires 30d; } -location __PATH__/robots.txt { +location ^__PATH__/robots.txt$ { # DATA_DIR/static/robots.txt alias __FINALPATH__/data/static/robots.txt; expires 30d; } -location __PATH__/static { +location __PATH__/static/ { # DATA_DIR/static/ alias __FINALPATH__/data/static/; expires 30d; } -location __PATH__/media { +location __PATH__/media/ { # DATA_DIR/media/ alias __FINALPATH__/data/media/; expires 30d; diff --git a/conf/settings.py b/conf/settings_history/settings.2.18.py similarity index 98% rename from conf/settings.py rename to conf/settings_history/settings.2.18.py index aabf755..80f7de6 100644 --- a/conf/settings.py +++ b/conf/settings_history/settings.2.18.py @@ -165,6 +165,9 @@ SECRET_KEY = '__KEY__' # noqa TEMPLATES = [ { 'BACKEND': 'django.template.backends.django.DjangoTemplates', + 'DIRS': [ + os.path.join(BASE_DIR, 'templates'), + ], 'OPTIONS': { 'context_processors': [ 'django.contrib.auth.context_processors.auth', @@ -310,7 +313,8 @@ AUTH_PASSWORD_VALIDATORS = [ ] # Middleware -MIDDLEWARE_CLASSES = ( +MIDDLEWARE = [ + 'django.middleware.security.SecurityMiddleware', 'django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.locale.LocaleMiddleware', @@ -321,7 +325,7 @@ MIDDLEWARE_CLASSES = ( 'social_django.middleware.SocialAuthExceptionMiddleware', 'weblate.accounts.middleware.RequireLoginMiddleware', 'weblate.middleware.SecurityMiddleware', -) +] ROOT_URLCONF = 'weblate.urls' @@ -371,7 +375,10 @@ DEFAULT_EXCEPTION_REPORTER_FILTER = \ HAVE_SYSLOG = False if platform.system() != 'Windows': try: - SysLogHandler(address='/dev/log', facility=SysLogHandler.LOG_LOCAL2) + handler = SysLogHandler( + address='/dev/log', facility=SysLogHandler.LOG_LOCAL2 + ) + handler.close() HAVE_SYSLOG = True except IOError: HAVE_SYSLOG = False @@ -560,8 +567,6 @@ EMAIL_SEND_HTML = True # Subject of emails includes site title EMAIL_SUBJECT_PREFIX = '[{0}] '.format(SITE_TITLE) -EMAIL_BACKEND = 'django_sendmail_backend.backends.EmailBackend' - # Enable remote hooks ENABLE_HOOKS = True @@ -577,11 +582,6 @@ LAZY_COMMITS = True # Offload indexing OFFLOAD_INDEXING = True -# Translation locking -AUTO_LOCK = True -AUTO_LOCK_TIME = 60 -LOCK_TIME = 15 * 60 - # Use simple language codes for default language/country combinations SIMPLIFY_LANGUAGES = True diff --git a/conf/settings_history/settings.2.20.py b/conf/settings_history/settings.2.20.py new file mode 100644 index 0000000..fd84cfc --- /dev/null +++ b/conf/settings_history/settings.2.20.py @@ -0,0 +1,754 @@ +# -*- coding: utf-8 -*- +# +# Copyright © 2012 - 2018 Michal Čihař +# +# This file is part of Weblate +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see . +# + +from __future__ import unicode_literals +import platform +import os +from logging.handlers import SysLogHandler + +# +# Django settings for Weblate project. +# + +DEBUG = False + +ADMINS = ( + ('__ADMIN__', '__ADMINMAIL__'), +) + +MANAGERS = ADMINS + +DATABASES = { + 'default': { + # Database engine + 'ENGINE': 'django.db.backends.postgresql_psycopg2', + # Database name + 'NAME': '__NAME__', + # Database user + 'USER': '__NAME__', + # Database password + 'PASSWORD': '__DB_PWD__', + # Set to empty string for localhost + 'HOST': 'localhost', + # Set to empty string for default + 'PORT': '5432', + } +} + +BASE_DIR = '__FINALPATH__' + +# Data directory +DATA_DIR = os.path.join(BASE_DIR, 'data') + +# Local time zone for this installation. Choices can be found here: +# http://en.wikipedia.org/wiki/List_of_tz_zones_by_name +# although not all choices may be available on all operating systems. +# In a Windows environment this must be set to your system time zone. +TIME_ZONE = 'UTC' + +# Language code for this installation. All choices can be found here: +# http://www.i18nguy.com/unicode/language-identifiers.html +LANGUAGE_CODE = 'en-us' + +LANGUAGES = ( + ('ar', 'العربية'), + ('az', 'Azərbaycan'), + ('be', 'Беларуская'), + ('be@latin', 'Biełaruskaja'), + ('bg', 'Български'), + ('br', 'Brezhoneg'), + ('ca', 'Català'), + ('cs', 'Čeština'), + ('da', 'Dansk'), + ('de', 'Deutsch'), + ('en', 'English'), + ('en-gb', 'English (United Kingdom)'), + ('el', 'Ελληνικά'), + ('es', 'Español'), + ('fi', 'Suomi'), + ('fr', 'Français'), + ('fy', 'Frysk'), + ('gl', 'Galego'), + ('he', 'עברית'), + ('hu', 'Magyar'), + ('id', 'Indonesia'), + ('it', 'Italiano'), + ('ja', '日本語'), + ('ko', '한국어'), + ('ksh', 'Kölsch'), + ('nb', 'Norsk bokmål'), + ('nl', 'Nederlands'), + ('pl', 'Polski'), + ('pt', 'Português'), + ('pt-br', 'Português brasileiro'), + ('ru', 'Русский'), + ('sk', 'Slovenčina'), + ('sl', 'Slovenščina'), + ('sr', 'Српски'), + ('sv', 'Svenska'), + ('tr', 'Türkçe'), + ('uk', 'Українська'), + ('zh-hans', '简体字'), + ('zh-hant', '正體字'), +) + +SITE_ID = 1 + +# If you set this to False, Django will make some optimizations so as not +# to load the internationalization machinery. +USE_I18N = True + +# If you set this to False, Django will not format dates, numbers and +# calendars according to the current locale. +USE_L10N = True + +# If you set this to False, Django will not use timezone-aware datetimes. +USE_TZ = True + +# URL prefix to use, please see documentation for more details +URL_PREFIX = '__PATHURL__' + +# Absolute filesystem path to the directory that will hold user-uploaded files. +# Example: "/home/media/media.lawrence.com/media/" +MEDIA_ROOT = os.path.join(DATA_DIR, 'media') + +# URL that handles the media served from MEDIA_ROOT. Make sure to use a +# trailing slash. +# Examples: "http://media.lawrence.com/media/", "http://example.com/media/" +MEDIA_URL = '{0}/media/'.format(URL_PREFIX) + +# Absolute path to the directory static files should be collected to. +# Don't put anything in this directory yourself; store your static files +# in apps' "static/" subdirectories and in STATICFILES_DIRS. +# Example: "/home/media/media.lawrence.com/static/" +STATIC_ROOT = os.path.join(DATA_DIR, 'static') + +# URL prefix for static files. +# Example: "http://media.lawrence.com/static/" +STATIC_URL = '{0}/static/'.format(URL_PREFIX) + +# Additional locations of static files +STATICFILES_DIRS = ( + # Put strings here, like "/home/html/static" or "C:/www/django/static". + # Always use forward slashes, even on Windows. + # Don't forget to use absolute paths, not relative paths. +) + +# List of finder classes that know how to find static files in +# various locations. +STATICFILES_FINDERS = ( + 'django.contrib.staticfiles.finders.FileSystemFinder', + 'django.contrib.staticfiles.finders.AppDirectoriesFinder', + 'compressor.finders.CompressorFinder', +) + +# Make this unique, and don't share it with anybody. +# You can generate it using examples/generate-secret-key +SECRET_KEY = '__KEY__' # noqa + +TEMPLATES = [ + { + 'BACKEND': 'django.template.backends.django.DjangoTemplates', + 'DIRS': [ + os.path.join(BASE_DIR, 'weblate', 'templates'), + ], + 'OPTIONS': { + 'context_processors': [ + 'django.contrib.auth.context_processors.auth', + 'django.template.context_processors.debug', + 'django.template.context_processors.i18n', + 'django.template.context_processors.request', + 'django.template.context_processors.csrf', + 'django.contrib.messages.context_processors.messages', + 'weblate.trans.context_processors.weblate_context', + ], + 'loaders': [ + ('django.template.loaders.cached.Loader', [ + 'django.template.loaders.filesystem.Loader', + 'django.template.loaders.app_directories.Loader', + ]), + ], + }, + }, +] + + +# GitHub username for sending pull requests. +# Please see the documentation for more details. +GITHUB_USERNAME = "__GITHUBUSER__" + +# Authentication configuration +AUTHENTICATION_BACKENDS = ( + 'social_core.backends.email.EmailAuth', + # 'social_core.backends.google.GoogleOAuth2', + # 'social_core.backends.github.GithubOAuth2', + # 'social_core.backends.bitbucket.BitbucketOAuth', + 'social_core.backends.suse.OpenSUSEOpenId', + 'social_core.backends.ubuntu.UbuntuOpenId', + 'social_core.backends.fedora.FedoraOpenId', + # 'social_core.backends.facebook.FacebookOAuth2', + 'weblate.accounts.auth.WeblateUserBackend', +) + +# Social auth backends setup +SOCIAL_AUTH_GITHUB_KEY = '' +SOCIAL_AUTH_GITHUB_SECRET = '' +SOCIAL_AUTH_GITHUB_SCOPE = ['user:email'] + +SOCIAL_AUTH_BITBUCKET_KEY = '' +SOCIAL_AUTH_BITBUCKET_SECRET = '' +SOCIAL_AUTH_BITBUCKET_VERIFIED_EMAILS_ONLY = True + +SOCIAL_AUTH_FACEBOOK_KEY = '' +SOCIAL_AUTH_FACEBOOK_SECRET = '' +SOCIAL_AUTH_FACEBOOK_SCOPE = ['email', 'public_profile'] + +SOCIAL_AUTH_GOOGLE_OAUTH2_KEY = '' +SOCIAL_AUTH_GOOGLE_OAUTH2_SECRET = '' + +# Social auth settings +SOCIAL_AUTH_PIPELINE = ( + 'social_core.pipeline.social_auth.social_details', + 'social_core.pipeline.social_auth.social_uid', + 'social_core.pipeline.social_auth.auth_allowed', + 'social_core.pipeline.social_auth.social_user', + 'weblate.accounts.pipeline.store_params', + 'weblate.accounts.pipeline.verify_open', + 'social_core.pipeline.user.get_username', + 'weblate.accounts.pipeline.require_email', + 'social_core.pipeline.mail.mail_validation', + 'weblate.accounts.pipeline.revoke_mail_code', + 'weblate.accounts.pipeline.ensure_valid', + 'weblate.accounts.pipeline.remove_account', + 'social_core.pipeline.social_auth.associate_by_email', + 'weblate.accounts.pipeline.reauthenticate', + 'weblate.accounts.pipeline.verify_username', + 'social_core.pipeline.user.create_user', + 'social_core.pipeline.social_auth.associate_user', + 'social_core.pipeline.social_auth.load_extra_data', + 'weblate.accounts.pipeline.cleanup_next', + 'weblate.accounts.pipeline.user_full_name', + 'weblate.accounts.pipeline.store_email', + 'weblate.accounts.pipeline.notify_connect', + 'weblate.accounts.pipeline.password_reset', +) +SOCIAL_AUTH_DISCONNECT_PIPELINE = ( + 'social_core.pipeline.disconnect.allowed_to_disconnect', + 'social_core.pipeline.disconnect.get_entries', + 'social_core.pipeline.disconnect.revoke_tokens', + 'weblate.accounts.pipeline.cycle_session', + 'weblate.accounts.pipeline.adjust_primary_mail', + 'weblate.accounts.pipeline.notify_disconnect', + 'social_core.pipeline.disconnect.disconnect', + 'weblate.accounts.pipeline.cleanup_next', +) + +# Custom authentication strategy +SOCIAL_AUTH_STRATEGY = 'weblate.accounts.strategy.WeblateStrategy' + +# Raise exceptions so that we can handle them later +SOCIAL_AUTH_RAISE_EXCEPTIONS = True + +SOCIAL_AUTH_EMAIL_VALIDATION_FUNCTION = \ + 'weblate.accounts.pipeline.send_validation' +SOCIAL_AUTH_EMAIL_VALIDATION_URL = \ + '{0}/accounts/email-sent/'.format(URL_PREFIX) +SOCIAL_AUTH_LOGIN_ERROR_URL = \ + '{0}/accounts/login/'.format(URL_PREFIX) +SOCIAL_AUTH_EMAIL_FORM_URL = \ + '{0}/accounts/email/'.format(URL_PREFIX) +SOCIAL_AUTH_NEW_ASSOCIATION_REDIRECT_URL = \ + '{0}/accounts/profile/#auth'.format(URL_PREFIX) +SOCIAL_AUTH_PROTECTED_USER_FIELDS = ('email',) +SOCIAL_AUTH_SLUGIFY_USERNAMES = True +SOCIAL_AUTH_SLUGIFY_FUNCTION = 'weblate.accounts.pipeline.slugify_username' + +# Password validation configuration +AUTH_PASSWORD_VALIDATORS = [ + { + 'NAME': 'django.contrib.auth.password_validation.UserAttributeSimilarityValidator', + }, + { + 'NAME': 'django.contrib.auth.password_validation.MinimumLengthValidator', + 'OPTIONS': { + 'min_length': 6, + } + }, + { + 'NAME': 'django.contrib.auth.password_validation.CommonPasswordValidator', + }, + { + 'NAME': 'django.contrib.auth.password_validation.NumericPasswordValidator', + }, + { + 'NAME': 'weblate.accounts.password_validation.CharsPasswordValidator', + }, + { + 'NAME': 'weblate.accounts.password_validation.PastPasswordsValidator', + }, + # Optional password strength validation by django-zxcvbn-password + # { + # 'NAME': 'zxcvbn_password.ZXCVBNValidator', + # 'OPTIONS': { + # 'min_score': 3, + # 'user_attributes': ('username', 'email', 'first_name') + # } + # }, +] + +# Middleware +MIDDLEWARE = [ + 'django.middleware.security.SecurityMiddleware', + 'django.contrib.sessions.middleware.SessionMiddleware', + 'django.middleware.common.CommonMiddleware', + 'django.middleware.locale.LocaleMiddleware', + 'django.middleware.csrf.CsrfViewMiddleware', + 'weblate.accounts.middleware.AuthenticationMiddleware', + 'django.contrib.messages.middleware.MessageMiddleware', + 'django.middleware.clickjacking.XFrameOptionsMiddleware', + 'social_django.middleware.SocialAuthExceptionMiddleware', + 'weblate.accounts.middleware.RequireLoginMiddleware', + 'weblate.middleware.SecurityMiddleware', + 'weblate.wladmin.middleware.ConfigurationErrorsMiddleware', +] + +ROOT_URLCONF = 'weblate.urls' + +# Django and Weblate apps +INSTALLED_APPS = ( + 'django.contrib.auth', + 'django.contrib.contenttypes', + 'django.contrib.sessions', + 'django.contrib.sites', + 'django.contrib.messages', + 'django.contrib.staticfiles', + 'django.contrib.admin.apps.SimpleAdminConfig', + 'django.contrib.admindocs', + 'django.contrib.sitemaps', + 'social_django', + 'crispy_forms', + 'compressor', + 'rest_framework', + 'rest_framework.authtoken', + 'weblate.addons', + 'weblate.trans', + 'weblate.lang', + 'weblate.langdata', + 'weblate.memory', + 'weblate.permissions', + 'weblate.screenshots', + 'weblate.accounts', + 'weblate.utils', + 'weblate.wladmin', + 'weblate', + + # Optional: Git exporter + # 'weblate.gitexport', +) + +# Path to locales +LOCALE_PATHS = (os.path.join(BASE_DIR, 'weblate', 'locale'), ) + +# Custom exception reporter to include some details +DEFAULT_EXCEPTION_REPORTER_FILTER = \ + 'weblate.trans.debug.WeblateExceptionReporterFilter' + +# Default logging of Weblate messages +# - to syslog in production (if available) +# - otherwise to console +# - you can also choose 'logfile' to log into separate file +# after configuring it below + +# Detect if we can connect to syslog +HAVE_SYSLOG = False +if platform.system() != 'Windows': + try: + handler = SysLogHandler( + address='/dev/log', facility=SysLogHandler.LOG_LOCAL2 + ) + handler.close() + HAVE_SYSLOG = True + except IOError: + HAVE_SYSLOG = False + +if DEBUG or not HAVE_SYSLOG: + DEFAULT_LOG = 'console' +else: + DEFAULT_LOG = 'syslog' + +# A sample logging configuration. The only tangible logging +# performed by this configuration is to send an email to +# the site admins on every HTTP 500 error when DEBUG=False. +# See http://docs.djangoproject.com/en/stable/topics/logging for +# more details on how to customize your logging configuration. +LOGGING = { + 'version': 1, + 'disable_existing_loggers': True, + 'filters': { + 'require_debug_false': { + '()': 'django.utils.log.RequireDebugFalse' + } + }, + 'formatters': { + 'syslog': { + 'format': 'weblate[%(process)d]: %(levelname)s %(message)s' + }, + 'simple': { + 'format': '%(levelname)s %(message)s' + }, + 'logfile': { + 'format': '%(asctime)s %(levelname)s %(message)s' + }, + 'django.server': { + '()': 'django.utils.log.ServerFormatter', + 'format': '[%(server_time)s] %(message)s', + } + }, + 'handlers': { + 'mail_admins': { + 'level': 'ERROR', + 'filters': ['require_debug_false'], + 'class': 'django.utils.log.AdminEmailHandler', + 'include_html': True, + }, + 'console': { + 'level': 'DEBUG', + 'class': 'logging.StreamHandler', + 'formatter': 'simple' + }, + 'django.server': { + 'level': 'INFO', + 'class': 'logging.StreamHandler', + 'formatter': 'django.server', + }, + 'syslog': { + 'level': 'DEBUG', + 'class': 'logging.handlers.SysLogHandler', + 'formatter': 'syslog', + 'address': '/dev/log', + 'facility': SysLogHandler.LOG_LOCAL2, + }, + # Logging to a file + # 'logfile': { + # 'level':'DEBUG', + # 'class':'logging.handlers.RotatingFileHandler', + # 'filename': "/var/log/weblate/weblate.log", + # 'maxBytes': 100000, + # 'backupCount': 3, + # 'formatter': 'logfile', + # }, + }, + 'loggers': { + 'django.request': { + 'handlers': ['mail_admins', DEFAULT_LOG], + 'level': 'ERROR', + 'propagate': True, + }, + 'django.server': { + 'handlers': ['django.server'], + 'level': 'INFO', + 'propagate': False, + }, + # Logging database queries + # 'django.db.backends': { + # 'handlers': [DEFAULT_LOG], + # 'level': 'DEBUG', + # }, + 'weblate': { + 'handlers': [DEFAULT_LOG], + 'level': 'DEBUG', + }, + # Logging VCS operations + # 'weblate-vcs': { + # 'handlers': [DEFAULT_LOG], + # 'level': 'DEBUG', + # }, + # Python Social Auth logging + # 'social': { + # 'handlers': [DEFAULT_LOG], + # 'level': 'DEBUG', + # }, + } +} + +# Logging of management commands to console +if (os.environ.get('DJANGO_IS_MANAGEMENT_COMMAND', False) and + 'console' not in LOGGING['loggers']['weblate']['handlers']): + LOGGING['loggers']['weblate']['handlers'].append('console') + +# Remove syslog setup if it's not present +if not HAVE_SYSLOG: + del LOGGING['handlers']['syslog'] + +# List of machine translations +# MACHINE_TRANSLATION_SERVICES = ( +# 'weblate.trans.machine.apertium.ApertiumAPYTranslation', +# 'weblate.trans.machine.deepl.DeepLTranslation', +# 'weblate.trans.machine.glosbe.GlosbeTranslation', +# 'weblate.trans.machine.google.GoogleTranslation', +# 'weblate.trans.machine.microsoft.MicrosoftCognitiveTranslation', +# 'weblate.trans.machine.mymemory.MyMemoryTranslation', +# 'weblate.trans.machine.tmserver.AmagamaTranslation', +# 'weblate.trans.machine.tmserver.TMServerTranslation', +# 'weblate.trans.machine.yandex.YandexTranslation', +# 'weblate.trans.machine.weblatetm.WeblateTranslation', +# 'weblate.trans.machine.saptranslationhub.SAPTranslationHub', +# 'weblate.memory.machine.WeblateMemory', +# ) + +# Machine translation API keys + +# URL of the Apertium APy server +MT_APERTIUM_APY = None + +# DeepL API key +MT_DEEPL_KEY = None + +# Microsoft Cognitive Services Translator API, register at +# https://portal.azure.com/ +MT_MICROSOFT_COGNITIVE_KEY = None + +# MyMemory identification email, see +# https://mymemory.translated.net/doc/spec.php +MT_MYMEMORY_EMAIL = None + +# Optional MyMemory credentials to access private translation memory +MT_MYMEMORY_USER = None +MT_MYMEMORY_KEY = None + +# Google API key for Google Translate API +MT_GOOGLE_KEY = None + +# API key for Yandex Translate API +MT_YANDEX_KEY = None + +# tmserver URL +MT_TMSERVER = None + +# SAP Translation Hub +MT_SAP_BASE_URL = None +MT_SAP_SANDBOX_APIKEY = None +MT_SAP_USERNAME = None +MT_SAP_PASSWORD = None +MT_SAP_USE_MT = True + +# Title of site to use +SITE_TITLE = 'Weblate' + +# Whether site uses https +ENABLE_HTTPS = True + +# Use HTTPS when creating redirect URLs for social authentication, see +# documentation for more details: +# http://python-social-auth-docs.readthedocs.io/en/latest/configuration/settings.html#processing-redirects-and-urlopen +SOCIAL_AUTH_REDIRECT_IS_HTTPS = ENABLE_HTTPS + +# Make CSRF cookie HttpOnly, see documentation for more details: +# https://docs.djangoproject.com/en/1.11/ref/settings/#csrf-cookie-httponly +CSRF_COOKIE_HTTPONLY = True +CSRF_COOKIE_SECURE = ENABLE_HTTPS +# Store CSRF token in session (since Django 1.11) +CSRF_USE_SESSIONS = True +SESSION_COOKIE_SECURE = ENABLE_HTTPS +# Session cookie age (in seconds) +SESSION_COOKIE_AGE = 1209600 + +# URL of login +LOGIN_URL = '{0}/accounts/login/'.format(URL_PREFIX) + +# URL of logout +LOGOUT_URL = '{0}/accounts/logout/'.format(URL_PREFIX) + +# Default location for login +LOGIN_REDIRECT_URL = '{0}/'.format(URL_PREFIX) + +# Anonymous user name +ANONYMOUS_USER_NAME = 'anonymous' + +# Reverse proxy settings +IP_BEHIND_REVERSE_PROXY = False +IP_PROXY_HEADER = 'HTTP_X_FORWARDED_FOR' +IP_PROXY_OFFSET = 0 + +# Sending HTML in mails +EMAIL_SEND_HTML = True + +# Subject of emails includes site title +EMAIL_SUBJECT_PREFIX = '[{0}] '.format(SITE_TITLE) + +EMAIL_BACKEND = 'django_sendmail_backend.backends.EmailBackend' + +# Enable remote hooks +ENABLE_HOOKS = True + +# Whether to run hooks in background +BACKGROUND_HOOKS = True + +# Number of nearby messages to show in each direction +NEARBY_MESSAGES = 5 + +# Offload indexing +OFFLOAD_INDEXING = True + +# Use simple language codes for default language/country combinations +SIMPLIFY_LANGUAGES = True + +# Render forms using bootstrap +CRISPY_TEMPLATE_PACK = 'bootstrap3' + +# List of quality checks +# CHECK_LIST = ( +# 'weblate.trans.checks.same.SameCheck', +# 'weblate.trans.checks.chars.BeginNewlineCheck', +# 'weblate.trans.checks.chars.EndNewlineCheck', +# 'weblate.trans.checks.chars.BeginSpaceCheck', +# 'weblate.trans.checks.chars.EndSpaceCheck', +# 'weblate.trans.checks.chars.EndStopCheck', +# 'weblate.trans.checks.chars.EndColonCheck', +# 'weblate.trans.checks.chars.EndQuestionCheck', +# 'weblate.trans.checks.chars.EndExclamationCheck', +# 'weblate.trans.checks.chars.EndEllipsisCheck', +# 'weblate.trans.checks.chars.EndSemicolonCheck', +# 'weblate.trans.checks.chars.MaxLengthCheck', +# 'weblate.trans.checks.format.PythonFormatCheck', +# 'weblate.trans.checks.format.PythonBraceFormatCheck', +# 'weblate.trans.checks.format.PHPFormatCheck', +# 'weblate.trans.checks.format.CFormatCheck', +# 'weblate.trans.checks.format.PerlFormatCheck', +# 'weblate.trans.checks.format.JavascriptFormatCheck', +# 'weblate.trans.checks.consistency.PluralsCheck', +# 'weblate.trans.checks.consistency.SamePluralsCheck', +# 'weblate.trans.checks.consistency.ConsistencyCheck', +# 'weblate.trans.checks.consistency.TranslatedCheck', +# 'weblate.trans.checks.chars.NewlineCountingCheck', +# 'weblate.trans.checks.markup.BBCodeCheck', +# 'weblate.trans.checks.chars.ZeroWidthSpaceCheck', +# 'weblate.trans.checks.markup.XMLValidityCheck', +# 'weblate.trans.checks.markup.XMLTagsCheck', +# 'weblate.trans.checks.source.OptionalPluralCheck', +# 'weblate.trans.checks.source.EllipsisCheck', +# 'weblate.trans.checks.source.MultipleFailingCheck', +# ) + +# List of automatic fixups +# AUTOFIX_LIST = ( +# 'weblate.trans.autofixes.whitespace.SameBookendingWhitespace', +# 'weblate.trans.autofixes.chars.ReplaceTrailingDotsWithEllipsis', +# 'weblate.trans.autofixes.chars.RemoveZeroSpace', +# 'weblate.trans.autofixes.chars.RemoveControlChars', +# ) + +# List of enabled addons +# WEBLATE_ADDONS = ( +# 'weblate.addons.gettext.GenerateMoAddon', +# 'weblate.addons.gettext.UpdateLinguasAddon', +# 'weblate.addons.gettext.UpdateConfigureAddon', +# 'weblate.addons.gettext.MsgmergeAddon', +# 'weblate.addons.gettext.GettextCustomizeAddon', +# 'weblate.addons.cleanup.CleanupAddon', +# 'weblate.addons.flags.SourceEditAddon', +# 'weblate.addons.flags.TargetEditAddon', +# 'weblate.addons.json.JSONCustomizeAddon', +# 'weblate.addons.generate.GenerateFileAddon', +# 'weblate.addons.properties.PropertiesSortAddon', +# ) + + +# List of scripts to use in custom processing +# POST_UPDATE_SCRIPTS = ( +# ) +# PRE_COMMIT_SCRIPTS = ( +# ) + +# E-mail address that error messages come from. +SERVER_EMAIL = 'noreply@__DOMAIN__' + +# Default email address to use for various automated correspondence from +# the site managers. Used for registration emails. +DEFAULT_FROM_EMAIL = '__ADMINMAIL__' + +# List of URLs your site is supposed to serve +ALLOWED_HOSTS = ['__DOMAIN__'] + +# Example configuration to use memcached for caching +CACHES = { + 'default': { + 'BACKEND': 'django.core.cache.backends.memcached.MemcachedCache', + 'LOCATION': '127.0.0.1:__MEMCPORT__', + }, + 'avatar': { + 'BACKEND': 'django.core.cache.backends.filebased.FileBasedCache', + 'LOCATION': os.path.join(BASE_DIR, 'avatar-cache'), + 'TIMEOUT': 3600, + 'OPTIONS': { + 'MAX_ENTRIES': 1000, + }, + } +} + +# REST framework settings for API +REST_FRAMEWORK = { + # Use Django's standard `django.contrib.auth` permissions, + # or allow read-only access for unauthenticated users. + 'DEFAULT_PERMISSION_CLASSES': [ + 'rest_framework.permissions.IsAuthenticatedOrReadOnly' + ], + 'DEFAULT_AUTHENTICATION_CLASSES': ( + 'rest_framework.authentication.TokenAuthentication', + 'weblate.api.authentication.BearerAuthentication', + 'rest_framework.authentication.SessionAuthentication', + ), + 'DEFAULT_THROTTLE_CLASSES': ( + 'rest_framework.throttling.AnonRateThrottle', + 'rest_framework.throttling.UserRateThrottle' + ), + 'DEFAULT_THROTTLE_RATES': { + 'anon': '100/day', + 'user': '1000/day' + }, + 'DEFAULT_PAGINATION_CLASS': ( + 'rest_framework.pagination.PageNumberPagination' + ), + 'PAGE_SIZE': 20, + 'VIEW_DESCRIPTION_FUNCTION': 'weblate.api.views.get_view_description', + 'UNAUTHENTICATED_USER': 'weblate.accounts.models.get_anonymous', +} + +# Example for restricting access to logged in users +# LOGIN_REQUIRED_URLS = ( +# r'/(.*)$', +# ) + +# In such case you will want to include some of the exceptions +# LOGIN_REQUIRED_URLS_EXCEPTIONS = ( +# r'/accounts/(.*)$', # Required for login +# r'/static/(.*)$', # Required for development mode +# r'/widgets/(.*)$', # Allowing public access to widgets +# r'/data/(.*)$', # Allowing public access to data exports +# r'/hooks/(.*)$', # Allowing public access to notification hooks +# r'/api/(.*)$', # Allowing access to API +# r'/js/i18n/$', # Javascript localization +# r'/contact/$', # Optional for contact form +# r'/legal/(.*)$', # Optional for legal app +# ) + +# Force sane test runner +TEST_RUNNER = 'django.test.runner.DiscoverRunner' + diff --git a/conf/uwsgi-app@.service b/conf/uwsgi-app@.service new file mode 100644 index 0000000..c4603d4 --- /dev/null +++ b/conf/uwsgi-app@.service @@ -0,0 +1,16 @@ +[Unit] +Description=%i uWSGI app +After=syslog.target + +[Service] +ExecStart=/usr/bin/uwsgi \ + --ini /etc/uwsgi/apps-available/%i.ini \ + --socket /var/run/uwsgi/%i.socket \ + --logto /var/log/uwsgi/app/%i +User=%i +Group=www-data +Restart=on-failure +KillSignal=SIGQUIT +Type=notify +StandardError=syslog +NotifyAccess=all diff --git a/conf/uwsgi-app@.socket b/conf/uwsgi-app@.socket new file mode 100644 index 0000000..0975e29 --- /dev/null +++ b/conf/uwsgi-app@.socket @@ -0,0 +1,11 @@ +[Unit] +Description=Socket for uWSGI app %i + +[Socket] +ListenStream=/var/run/uwsgi/%i.socket +SocketUser=%i +SocketGroup=www-data +SocketMode=0775 + +[Install] +WantedBy=sockets.target diff --git a/conf/uwsgi.ini b/conf/uwsgi.ini index 0cf4778..2c3929e 100644 --- a/conf/uwsgi.ini +++ b/conf/uwsgi.ini @@ -2,18 +2,17 @@ plugins = python master = true protocol = uwsgi -socket = __FINALPATH__/socket +socket = /var/run/uwsgi/__APP__.socket virtualenv = __FINALPATH__/venv -wsgi-file = __FINALPATH__/venv/lib/python2.7/site-packages/weblate/wsgi.py -python-path = __FINALPATH__/venv + +# http://uwsgi-docs.readthedocs.io/en/latest/Nginx.html#hosting-multiple-apps-in-the-same-process-aka-managing-script-name-and-path-info +mount = __PATH__=__FINALPATH__/venv/lib/python2.7/site-packages/weblate/wsgi.py +manage-script-name = true + # Needed for OAuth/OpenID buffer-size = 8192 -chmod-socket = 666 # Increase number of workers for heavily loaded sites -#workers = 6 # Needed for background processing enable-threads = true # Child processes do not need file descriptors close-on-exec = true -# Avoid default 0000 umask -umask = 0022 diff --git a/conf/uwsgi_service b/conf/uwsgi_service deleted file mode 100644 index d5fabe9..0000000 --- a/conf/uwsgi_service +++ /dev/null @@ -1,18 +0,0 @@ -[Unit] -Description=uWSGI instance for __NAME__ -Requires=network.target -After=network.target - -[Service] -User=__NAME__ -Group=__NAME__ -RemainAfterExit=yes -WorkingDirectory=__FINALPATH__ -ExecStart=/usr/bin/uwsgi \ - --ini __FINALPATH__/uwsgi.ini \ - --socket __FINALPATH__/socket -Restart=always -StandardError=syslog - -[Install] -WantedBy=multi-user.target diff --git a/manifest.json b/manifest.json index 61f299e..47fcfbb 100644 --- a/manifest.json +++ b/manifest.json @@ -3,12 +3,12 @@ "id": "weblate", "packaging_format": 1, "requirements": { - "yunohost": ">= 2.7.0" + "yunohost": ">= 2.7.10" }, "description": { "en": "A translation platform using Git and Python" }, - "version": "2.17.1", + "version": "2.20-1", "url": "https://weblate.org", "license": "AGPL-3.0", "maintainer": { diff --git a/scripts/_common.sh b/scripts/_common.sh index 16bd5ee..6d43622 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,6 +1,92 @@ #!/bin/bash -current_version="2.17.1" +current_version="2.20" + +ynh_check_global_uwsgi_config () { + uwsgi --version || ynh_die "You need to add uwsgi (and appropriate plugin) as a dependency" + + if [ -f /etc/systemd/system/uwsgi-app@.service ]; + then + echo "Uwsgi generic file is already installed" + else + cp ../conf/uwsgi-app@.socket /etc/systemd/system/uwsgi-app@.socket + cp ../conf/uwsgi-app@.service /etc/systemd/system/uwsgi-app@.service + fi + + # make sure the folder for sockets exists and set authorizations + mkdir -p /var/run/uwsgi/ + chown root:www-data /var/run/uwsgi/ + chmod -R 775 /var/run/uwsgi/ + + # make sure the folder for logs exists and set authorizations + mkdir -p /var/log/uwsgi/app/ + chown root:www-data /var/log/uwsgi/app/ + chmod -R 775 /var/log/uwsgi/app/ +} + +# Create a dedicated uwsgi ini file to use with generic uwsgi service +# It will install generic uwsgi.socket and +# +# This will use a template in ../conf/uwsgi.ini +# and will replace the following keywords with +# global variables that should be defined before calling +# this helper : +# +# __APP__ by $app +# __PATH__ by $path_url +# __FINALPATH__ by $final_path +# +# usage: ynh_add_systemd_config +# +# to interact with your service: `systemctl uwsgi-app@app` +ynh_add_uwsgi_service () { + ynh_check_global_uwsgi_config + + # www-data group is needed since it is this nginx who will start the service + usermod --append --groups www-data "$app" || ynh_die "It wasn't possible to add user $app to group www-data" + + finaluwsgiini="/etc/uwsgi/apps-available/$app.ini" + ynh_backup_if_checksum_is_different "$finaluwsgiini" + cp ../conf/uwsgi.ini "$finaluwsgiini" + + # To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable. + # Substitute in a nginx config file only if the variable is not empty + if test -n "${final_path:-}"; then + ynh_replace_string "__FINALPATH__" "$final_path" "$finaluwsgiini" + fi + if test -n "${path_url:-}"; then + ynh_replace_string "__PATH__" "$path_url" "$finaluwsgiini" + fi + if test -n "${app:-}"; then + ynh_replace_string "__APP__" "$app" "$finaluwsgiini" + fi + ynh_store_file_checksum "$finaluwsgiini" + + chown root: "$finaluwsgiini" + systemctl enable "uwsgi-app@$app.socket" + systemctl start "uwsgi-app@$app.socket" + systemctl daemon-reload + + # Add as a service + yunohost service add "uwsgi-app@$app.socket" --log "/var/log/uwsgi/app/$app" +} + +# Remove the dedicated uwsgi ini file +# +# usage: ynh_remove_systemd_config +ynh_remove_uwsgi_service () { + finaluwsgiini="/etc/uwsgi/apps-available/$app.ini" + if [ -e "$finaluwsgiini" ]; then + systemctl stop "uwsgi-app@$app.socket" + systemctl disable "uwsgi-app@$app.socket" + yunohost service remove "uwsgi-app@$app.socket" + + ynh_secure_remove "$finaluwsgiini" + ynh_secure_remove "/var/run/uwsgi/$app.socket" + ynh_secure_remove "/var/log/uwsgi/app/$app" + fi +} + weblate_fill_settings() { settings="$1" @@ -30,7 +116,7 @@ ynh_check_if_checksum_is_different() { local checksum_value=$(ynh_app_setting_get $app $checksum_setting_name) local check=0 - if ! echo "$checksum_value $file" | sudo md5sum -c --status + if ! echo "$checksum_value $file" | md5sum -c --status then # If the checksum is now different check=1 fi @@ -44,12 +130,24 @@ ynh_psql_test_if_first_run() { echo "PostgreSQL is already installed, no need to create master password" else pgsql=$(ynh_string_random) + pg_hba="" echo "$pgsql" >> /etc/yunohost/psql + + if [ -e /etc/postgresql/9.4/ ] + then + pg_hba=/etc/postgresql/9.4/main/pg_hba.conf + elif [ -e /etc/postgresql/9.6/ ] + then + pg_hba=/etc/postgresql/9.6/main/pg_hba.conf + else + ynh_die "postgresql shoud be 9.4 or 9.6" + fi + systemctl start postgresql su --command="psql -c\"ALTER user postgres WITH PASSWORD '${pgsql}'\"" postgres # we can't use peer since YunoHost create users with nologin sed -i '/local\s*all\s*all\s*peer/i \ - local all all password' /etc/postgresql/9.4/main/pg_hba.conf + local all all password' "$pg_hba" systemctl enable postgresql systemctl reload postgresql fi @@ -68,7 +166,8 @@ ynh_psql_connect_as() { user="$1" pwd="$2" db="$3" - su --command="PGUSER=\"${user}\" PGPASSWORD=\"${pwd}\" psql \"${db}\"" postgres + sudo --login --user=postgres PGUSER="$user" PGPASSWORD="$pwd" psql "$db" + echo "ynh_psql_connect_as" && pwd && ls -lah $(pwd) } # # Execute a command as root user @@ -78,7 +177,8 @@ ynh_psql_connect_as() { # | arg: db - the database to connect to ynh_psql_execute_as_root () { sql="$1" - su --command="psql" postgres <<< "$sql" + sudo --login --user=postgres psql <<< "$sql" + echo "ynh_psql_execute_as_root" && pwd && ls -lah $(pwd) } # Execute a command from a file as root user @@ -89,7 +189,8 @@ ynh_psql_execute_as_root () { ynh_psql_execute_file_as_root() { file="$1" db="$2" - su -c "psql $db" postgres < "$file" + sudo --login --user=postgres psql "$db" < "$file" + echo "ynh_psql_execute_file_as_root" && pwd && ls -lah $(pwd) } # Create a database, an user and its password. Then store the password in the app's config @@ -112,7 +213,7 @@ ynh_psql_setup_db () { ynh_app_setting_set "$app" psqlpwd "$db_pwd" # Store the password in the app's config } -# Create a database and grant optionnaly privilegies to a user +# Create a database and grant privilegies to a user # # usage: ynh_psql_create_db db [user [pwd]] # | arg: db - the database name to create @@ -123,7 +224,7 @@ ynh_psql_create_db() { user="$2" pwd="$3" ynh_psql_create_user "$user" "$pwd" - su --command="createdb --owner=\"${user}\" \"${db}\"" postgres + sudo --login --user=postgres createdb --owner="$user" "$db" } # Drop a database @@ -134,8 +235,8 @@ ynh_psql_create_db() { ynh_psql_remove_db() { db="$1" user="$2" - su --command="dropdb \"${db}\"" postgres - ynh_psql_drop_user "${user}" + sudo --login --user=postgres dropdb "$db" + ynh_psql_drop_user "$user" } # Dump a database @@ -147,7 +248,7 @@ ynh_psql_remove_db() { # | ret: the psqldump output ynh_psql_dump_db() { db="$1" - su --command="pg_dump \"${db}\"" postgres + sudo --login --user=postgres pg_dump "$db" } @@ -158,7 +259,7 @@ ynh_psql_dump_db() { ynh_psql_create_user() { user="$1" pwd="$2" - su --command="psql -c\"CREATE USER ${user} WITH PASSWORD '${pwd}'\"" postgres + sudo --login --user=postgres psql -c"CREATE USER $user WITH PASSWORD '$pwd'" postgres } # Drop a user @@ -167,5 +268,54 @@ ynh_psql_create_user() { # | arg: user - the user name to drop ynh_psql_drop_user() { user="$1" - su --command="dropuser \"${user}\"" postgres + sudo --login --user=postgres dropuser "$user" +} + +# Send an email to inform the administrator +# +# usage: ynh_send_readme_to_admin app_message [recipients] +# | arg: app_message - The message to send to the administrator. +# | arg: recipients - The recipients of this email. Use spaces to separate multiples recipients. - default: root +# example: "root admin@domain" +# If you give the name of a YunoHost user, ynh_send_readme_to_admin will find its email adress for you +# example: "root admin@domain user1 user2" +ynh_send_readme_to_admin() { + local app_message="${1:-...No specific informations...}" + local recipients="${2:-root}" + + # Retrieve the email of users + find_mails () { + local list_mails="$1" + local mail + local recipients=" " + # Read each mail in argument + for mail in $list_mails + do + # Keep root or a real email address as it is + if [ "$mail" = "root" ] || echo "$mail" | grep --quiet "@" + then + recipients="$recipients $mail" + else + # But replace an user name without a domain after by its email + if mail=$(ynh_user_get_info "$mail" "mail" 2> /dev/null) + then + recipients="$recipients $mail" + fi + fi + done + echo "$recipients" + } + recipients=$(find_mails "$recipients") + + local mail_subject="☁️🆈🅽🅷☁️: \`$app\` was just installed!" + + local mail_message="This is an automated message from your beloved YunoHost server. +Specific informations for the application $app. +$app_message +--- +Automatic diagnosis data from YunoHost +$(yunohost tools diagnosis | grep -B 100 "services:" | sed '/services:/d')" + + # Send the email to the recipients + echo "$mail_message" | mail -a "Content-Type: text/plain; charset=UTF-8" -s "$mail_subject" "$recipients" } diff --git a/scripts/backup b/scripts/backup index 8eef115..1acc508 100755 --- a/scripts/backup +++ b/scripts/backup @@ -50,12 +50,6 @@ ynh_backup "db.sql" #================================================= # SPECIFIC BACKUP -#================================================= -# BACKUP LOGROTATE -#================================================= - -ynh_backup "/etc/logrotate.d/$app" - #================================================= # BACKUP THE CRON FILE #================================================= @@ -63,7 +57,15 @@ ynh_backup "/etc/logrotate.d/$app" ynh_backup "/etc/cron.d/$app" #================================================= -# BACKUP THE SERVICE +# BACKUP THE uwsgi files #================================================= -ynh_backup "/etc/systemd/system/$app.service" +ynh_backup "/etc/uwsgi/apps-available/$app.ini" +ynh_backup "/etc/systemd/system/uwsgi-app@.socket" +ynh_backup "/etc/systemd/system/uwsgi-app@.service" + +#================================================= +# BACKUP THE hub binary file +#================================================= + +ynh_backup /usr/bin/hub diff --git a/scripts/change_url b/scripts/change_url index fa5be8b..9ba67e8 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -93,10 +93,6 @@ settings="$final_path/venv/lib/python2.7/site-packages/weblate/settings.py" if [ "$old_path" == "/" ] && [ "$new_path" != "/" ] then - # uwsgi_param is only needed for non-root installation - ynh_replace_string "#uwsgi_param " "uwsgi_param " "$finalnginxconf" - ynh_replace_string "#uwsgi_modifier1 " "uwsgi_modifier1 " "$finalnginxconf" - if [ "$is_public" -eq 0 ] then # ynh panel is only comptable with non-root installation @@ -111,9 +107,6 @@ fi if [ "$old_path" != "/" ] && [ "$new_path" == "/" ] then - # uwsgi_param is only needed for non-root installation - ynh_replace_string "uwsgi_param " "#uwsgi_param " "$finalnginxconf" - ynh_replace_string "uwsgi_modifier1 " "#uwsgi_modifier1 " "$finalnginxconf" # ynh panel is only comptable with non-root installation ynh_replace_string " include conf.d/" " #include conf.d/" "$finalnginxconf" @@ -160,6 +153,7 @@ fi #================================================= # RELOAD NGINX and Weblate #================================================= + + + systemctl reload nginx -systemctl stop "$app.service" -systemctl start "$app.service" diff --git a/scripts/install b/scripts/install index 59795ce..9bda175 100755 --- a/scripts/install +++ b/scripts/install @@ -78,7 +78,8 @@ ynh_app_setting_set "$app" github_token "$github_token" ynh_install_app_dependencies libxml2-dev libxslt-dev libfreetype6-dev \ libjpeg-dev libz-dev libyaml-dev python-dev python-pip python-virtualenv \ - postgresql libpq-dev uwsgi uwsgi-plugin-python memcached + postgresql libpq-dev uwsgi uwsgi-plugin-python memcached \ + mailutils #================================================= # CREATE A PostgreSQL DATABASE @@ -105,9 +106,6 @@ ynh_add_nginx_config if [ "$path_url" == "/" ] then # $finalnginxconf comes from ynh_add_nginx_config - # uwsgi_param is only needed for non-root installation - ynh_replace_string "uwsgi_param " "#uwsgi_param " "$finalnginxconf" - ynh_replace_string "uwsgi_modifier1 " "#uwsgi_modifier1 " "$finalnginxconf" ynh_replace_string "location //" "location /" "$finalnginxconf" # ynh panel is only comptable with non-root installation @@ -159,8 +157,7 @@ esac [[ $(sha256sum "$file_bin" | cut -d' ' -f1) = "$sha256sum" ]] || ynh_die "Hub's sha256sum failed (arch: ${arch})" tar --extract --file "$file_bin" "$version/bin/hub" -mkdir "$final_path/bin/" -mv "$version/bin/hub" "$final_path/bin/" +mv "$version/bin/hub" /usr/bin/ mkdir "$final_path/.config/" cp ../conf/hub_config "$final_path/.config/hub" @@ -169,7 +166,6 @@ ynh_replace_string "__GITHUBTOKEN__" "$github_token" "$final_path/.config/hub" cat < "$final_path/.bashrc" alias git=hub -PATH="$PATH:~/bin" EOF #================================================= @@ -178,20 +174,7 @@ EOF # SPECIFIC SETUP uwsgi #================================================= -# Copy Files -cp ../conf/uwsgi.ini "$final_path/uwsgi.ini" -ynh_replace_string "__NAME__" "$app" "$final_path/uwsgi.ini" -ynh_replace_string "__FINALPATH__" "$final_path" "$final_path/uwsgi.ini" - -cp ../conf/uwsgi_service "/etc/systemd/system/$app.service" -ynh_replace_string "__NAME__" "$app" "/etc/systemd/system/$app.service" -ynh_replace_string "__FINALPATH__" "$final_path" "/etc/systemd/system/$app.service" - -# Start service -systemctl enable "$app.service" - -# Add weblate as a service -yunohost service add "$app.service" --log "/var/log/$app/APP.log" +ynh_add_uwsgi_service #================================================= # PIP INSTALLATION @@ -199,12 +182,16 @@ yunohost service add "$app.service" --log "/var/log/$app/APP.log" virtualenv "${final_path}/venv" #run source in a 'sub shell' ( - set +eu + set +o nounset source "${final_path}/venv/bin/activate" - "${final_path}/venv/bin/pip" install Weblate=="$current_version" django==1.11.8 - "${final_path}/venv/bin/pip" install pytz python-bidi PyYaML Babel pyuca pylibravatar pydns psycopg2 python-memcached phply + set -o nounset + pip install --upgrade pip + # prevent error: "command: 'install_requires' must be a string or list of strings containing valid project/version requirement specifiers" + pip install --upgrade setuptools + pip install Weblate=="$current_version" + pip install pytz python-bidi PyYaML Babel pyuca pylibravatar pydns psycopg2-binary python-memcached phply # specific to YunoHost package: - "${final_path}/venv/bin/pip" install django_sendmail_backend + pip install django_sendmail_backend ) #================================================= @@ -217,7 +204,7 @@ admin_mail=$(ynh_user_get_info "$admin" mail) key=$(ynh_string_random) memc_port=$(ynh_find_port 8080) settings="$final_path/venv/lib/python2.7/site-packages/weblate/settings.py" -cp ../conf/settings.py "$settings" +cp "../conf/settings_history/settings.$current_version.py" "$settings" weblate_fill_settings "$settings" ynh_app_setting_set "$app" memc_port "$memc_port" @@ -227,8 +214,9 @@ ynh_app_setting_set "$app" memc_port "$memc_port" # https://docs.weblate.org/en/latest/admin/install.html#filling-up-the-database #========================================== ( - set +eu + set +o nounset source "${final_path}/venv/bin/activate" + set -o nounset export DJANGO_SETTINGS_MODULE="weblate.settings" # the user needs to be weblate for postgresql weblate migrate --noinput @@ -261,14 +249,10 @@ ynh_store_file_checksum "$final_path/venv/lib/python2.7/site-packages/weblate/se #================================================= # Set permissions to app files -chown -R "$app": "$final_path" +chown -R "$app": "$final_path/data" -#================================================= -# SETUP LOGROTATE -#================================================= - -# Use logrotate to manage application logfile(s) -ynh_use_logrotate +mkdir -p "$final_path/avatar-cache" +chown -R "$app": "$final_path/avatar-cache" #================================================= # SETUP SSOWAT @@ -294,5 +278,15 @@ fi # RELOAD NGINX #================================================= -systemctl start "$app.service" systemctl reload nginx + +#================================================= +# SEND A README FOR THE ADMIN +#================================================= + +message=" +Weblate settings file : $settings +If you facing an issue or want to improve this app, please open a new issue in this project: https://github.com/YunoHost-Apps/weblate_ynh +" + +ynh_send_readme_to_admin "$message" "$admin" diff --git a/scripts/remove b/scripts/remove index acad42b..a8452b3 100755 --- a/scripts/remove +++ b/scripts/remove @@ -17,17 +17,6 @@ app=$YNH_APP_INSTANCE_NAME db_name=$(ynh_app_setting_get "$app" db_name) -#================================================= -# REMOVE SERVICE FROM ADMIN PANEL -#================================================= - -if yunohost service status | grep -q "$app" -then - echo "Remove $app service" - systemctl stop "$app.service" - yunohost service remove "$app.service" -fi - #================================================= # REMOVE THE PostgreSQL DATABASE #================================================= @@ -56,13 +45,6 @@ ynh_secure_remove "/var/www/$app" # Remove the dedicated nginx config ynh_remove_nginx_config -#================================================= -# REMOVE LOGROTATE CONFIGURATION -#================================================= - -# Remove the app-specific logrotate config -ynh_remove_logrotate - #================================================= # SPECIFIC REMOVE #================================================= @@ -76,7 +58,7 @@ ynh_secure_remove "/etc/cron.d/$app" # REMOVE uwsgi and systemd files #================================================= -ynh_secure_remove "/etc/systemd/system/$app.service" +ynh_remove_uwsgi_service #================================================= # GENERIC FINALIZATION diff --git a/scripts/restore b/scripts/restore index e4df708..4159545 100755 --- a/scripts/restore +++ b/scripts/restore @@ -76,7 +76,8 @@ chown -R "$app": "$final_path" ynh_install_app_dependencies libxml2-dev libxslt-dev libfreetype6-dev \ libjpeg-dev libz-dev libyaml-dev python-dev python-pip python-virtualenv \ - postgresql libpq-dev uwsgi uwsgi-plugin-python memcached + postgresql libpq-dev uwsgi uwsgi-plugin-python memcached \ + mailutils #================================================= # RESTORE THE PostgreSQL DATABASE @@ -87,17 +88,36 @@ ynh_psql_setup_db "$db_name" "$db_name" "$db_pwd" ynh_psql_execute_file_as_root ./db.sql "$db_name" #================================================= -# RESTORE THE SERVICE +# RESTORE THE UWSGI MECANICS #================================================= -ynh_restore_file "/etc/systemd/system/$app.service" -systemctl enable "$app.service" +ynh_restore_file "/etc/systemd/system/uwsgi-app@.socket" +ynh_restore_file "/etc/systemd/system/uwsgi-app@.service" + +# make sure the folder for sockets exists and set authorizations +mkdir -p /var/run/uwsgi/ +chown root:www-data /var/run/uwsgi/ +chmod -R 775 /var/run/uwsgi/ + +# make sure the folder for logs exists and set authorizations +mkdir -p /var/log/uwsgi/app/ +chown root:www-data /var/log/uwsgi/app/ +chmod -R 775 /var/log/uwsgi/app/ #================================================= -# ADVERTISE SERVICE IN ADMIN PANEL +# RESTORE Weblate service #================================================= -yunohost service add "$app.service" --log "/var/log/$app/APP.log" +usermod --append --groups www-data "$app" + +ynh_restore_file "/etc/uwsgi/apps-available/$app.ini" + +systemctl enable "uwsgi-app@$app.socket" +systemctl start "uwsgi-app@$app.socket" +systemctl daemon-reload + +# Add as a service +yunohost service add "uwsgi-app@$app.socket" --log "/var/log/uwsgi/app/$app" #================================================= # RESTORE THE CRON FILE @@ -106,10 +126,10 @@ yunohost service add "$app.service" --log "/var/log/$app/APP.log" ynh_restore_file "/etc/cron.d/$app" #================================================= -# RESTORE THE LOGROTATE CONFIGURATION +# RESTORE THE HUB BINARY FILE #================================================= -ynh_restore_file "/etc/logrotate.d/$app" +ynh_restore_file "/usr/bin/hub" #================================================= # GENERIC FINALIZATION @@ -118,5 +138,3 @@ ynh_restore_file "/etc/logrotate.d/$app" #================================================= systemctl reload nginx -systemctl stop "$app.service" -systemctl start "$app.service" diff --git a/scripts/upgrade b/scripts/upgrade index a370c1a..08d1adf 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -28,26 +28,16 @@ memc_port=$(ynh_app_setting_get "$app" memc_port) github_account=$(ynh_app_setting_get "$app" github_account) key=$(ynh_string_random) -settings="$final_path/venv/lib/python2.7/site-packages/weblate/settings.py" - -#save memc_port if it doesn't exist -if [[ -z "$memc_port" ]] -then - memc_port=$(cat "$settings" \ - | grep "'LOCATION': '127.0.0.1:" \ - | sed "s|.*:\\(.*\\)'.*|\\1|") - ynh_app_setting_set "$app" memc_port "$memc_port" -fi - #================================================= # Get previous version number #================================================= ( - set +eu + set +o nounset source "${final_path}/venv/bin/activate" - "${final_path}/venv/bin/pip" install --upgrade pip - "${final_path}/venv/bin/pip" freeze --local > freeze.pip + set -o nounset + pip install --upgrade pip + pip freeze --local > freeze.pip ) previous_version=$(cat freeze.pip | grep "Weblate==" | sed "s|Weblate==||") @@ -66,11 +56,45 @@ elif [ "$is_public" = "No" ]; then is_public=0 fi +# (<2.17) if [ -z "$db_name" ]; then # If db_name doesn't exist, create it db_name=$(ynh_sanitize_dbid "$app") ynh_app_setting_set "$app" db_name "$db_name" fi +settings="$final_path/venv/lib/python2.7/site-packages/weblate/settings.py" + +# (<2.17) save memc_port if it doesn't exist +if [[ -z "$memc_port" ]] +then + memc_port=$(cat "$settings" \ + | grep "'LOCATION': '127.0.0.1:" \ + | sed "s|.*:\\(.*\\)'.*|\\1|") + ynh_app_setting_set "$app" memc_port "$memc_port" +fi + +# (<2.18) migrade old uwsgi files if existing +if [ -e "/etc/systemd/system/$app.service" ] +then + systemctl stop "$app.service" + systemctl disable "$app.service" + yunohost service remove "$app.service" + ynh_secure_remove "$final_path/uwsgi.ini" + ynh_secure_remove "/etc/systemd/system/$app.service" +fi + +# (<2.18) move hub to the correct folder +if [ -e "$final_path/bin/hub" ] +then + mv "$final_path/bin/hub" /usr/bin/ + chown root:root /usr/bin/hub +fi + +if [[ -d "$final_path/bin/" ]] +then + ynh_secure_remove "$final_path/bin/" +fi + #================================================= # CHECK THE PATH #================================================= @@ -82,19 +106,12 @@ path_url=$(ynh_normalize_url_path "$path_url") # STANDARD UPGRADE STEPS #================================================= -#================================================= -# NGINX CONFIGURATION -#================================================= - # Create a dedicated nginx config ynh_add_nginx_config if [ "$path_url" == "/" ] then # $finalnginxconf comes from ynh_add_nginx_config - # uwsgi_param is only needed for non-root installation - ynh_replace_string "uwsgi_param " "#uwsgi_param " "$finalnginxconf" - ynh_replace_string "uwsgi_modifier1 " "#uwsgi_modifier1 " "$finalnginxconf" ynh_replace_string "location //" "location /" "$finalnginxconf" # ynh panel is only comptable with non-root installation @@ -114,21 +131,41 @@ chsh --shell /bin/bash "$app" #================================================= # SPECIFIC UPGRADE #================================================= +# Update dependencies +#================================================= + +ynh_install_app_dependencies libxml2-dev libxslt-dev libfreetype6-dev \ + libjpeg-dev libz-dev libyaml-dev python-dev python-pip python-virtualenv \ + postgresql libpq-dev uwsgi uwsgi-plugin-python memcached \ + mailutils + +#================================================= +# SPECIFIC SETUP uwsgi +#================================================= + +ynh_add_uwsgi_service #================================================= # PIP INSTALLATION #================================================= +# save old settings file +cp "$settings" "$final_path/settings.$previous_version.old.py" + old_settings="./settings.$previous_version.old.py" settings_diff="$final_path/settings.${previous_version}_${current_version}.diff" ( - set +eu + set +o nounset source "${final_path}/venv/bin/activate" - "${final_path}/venv/bin/pip" install Weblate=="$current_version" django==1.11.8 - "${final_path}/venv/bin/pip" install pytz python-bidi PyYaML Babel pyuca pylibravatar pydns psycopg2 python-memcached phply + set -o nounset + pip install --upgrade pip + # prevent error: "command: 'install_requires' must be a string or list of strings containing valid project/version requirement specifiers" + pip install --upgrade setuptools + pip install Weblate=="$current_version" + pip install pytz python-bidi PyYaML Babel pyuca pylibravatar pydns psycopg2-binary python-memcached phply # specific to YunoHost package: - "${final_path}/venv/bin/pip" install django_sendmail_backend + pip install django_sendmail_backend ) check=$(ynh_check_if_checksum_is_different "$settings") @@ -144,11 +181,10 @@ then diff --unified "$old_settings" "$settings" > "$settings_diff" # generate new defaults settings - cp ../conf/settings.py "$settings" + cp "../conf/settings_history/settings.$current_version.py" "$settings" weblate_fill_settings "$settings" # send diff to the server administrator - mail_subject="'$app' settings diff from $previous_version to $current_version" mail_message=" Weblate was updated from version $previous_version to $current_version @@ -166,24 +202,11 @@ then For any issue, please file a bug in: https://github.com/YunoHost-Apps/weblate_ynh " - # Email server admin - for ACTION - echo "$mail_message" | mail -s "$mail_subject" root -u root - - # inform weblate's admin - mail_subject="'$app' was updated from $previous_version to $current_version" - mail_message=" - Weblate was updated from version $previous_version to $current_version - - A new settings.py has been created and a diff has been sent to root user. - Your administrator may have to update your settings.py to have a fully working installation. - " - - # Email weblate's admin - for INFO - echo "$mail_subject" | mail -s "$mail_subject" "$admin_mail" + ynh_send_readme_to_admin "$mail_message" root "$admin_mail" else echo "Settings.py was not modified, using the new default file for $current_version." # generate new defaults settings - cp ../conf/settings.py "$settings" + cp "../conf/settings_history/settings.$current_version.py" "$settings" weblate_fill_settings "$settings" fi @@ -192,29 +215,44 @@ fi #================================================= ( - set +eu - source ${final_path}/venv/bin/activate + set +o nounset + source "${final_path}/venv/bin/activate" + set -o nounset export DJANGO_SETTINGS_MODULE="weblate.settings" cd "${final_path}" weblate migrate --noinput weblate collectstatic --noinput weblate setuplang weblate setupgroups + + if [[ $previous_version = "2.16" ]] || \ + [[ $previous_version = "2.17.1" ]] || \ + [[ $previous_version = "2.18" ]] + then + weblate loadpo --all --lang dsb + weblate loadpo --all --lang he + weblate loadpo --all --lang hsb + weblate loadpo --all --lang kw + weblate loadpo --all --lang lt + weblate loadpo --all --lang lv + fi ) # Recalculate and store the config file checksum into the app settings ynh_store_file_checksum "$final_path/venv/lib/python2.7/site-packages/weblate/settings.py" -#================================================= -# SETUP LOGROTATE -#================================================= - -# Use logrotate to manage app-specific logfile(s) -ynh_use_logrotate - #================================================= # GENERIC FINALIZATION #================================================= +# SECURE FILES AND DIRECTORIES +#================================================= + +# Set right permissions for curl installation +chown -R root:root "$final_path" +chown -R "$app": "$final_path/data" + +mkdir -p "$final_path/avatar-cache" +chown -R "$app": "$final_path/avatar-cache" #================================================= # SETUP SSOWAT @@ -240,6 +278,4 @@ fi # RELOAD NGINX #================================================= -systemctl stop "$app.service" -systemctl start "$app.service" systemctl reload nginx diff --git a/sources/extra_files/app/.gitignore b/sources/extra_files/app/.gitignore deleted file mode 100644 index 783a4ae..0000000 --- a/sources/extra_files/app/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -*~ -*.sw[op] diff --git a/sources/patches/.gitignore b/sources/patches/.gitignore deleted file mode 100644 index 783a4ae..0000000 --- a/sources/patches/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -*~ -*.sw[op]