From 3d431dd20b0ab4fe73d15c3c5635609e1de198ae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Thu, 12 Nov 2020 15:31:49 +0100 Subject: [PATCH] Testing (#14) * rm -rf -> ynh_secure_remove * Upgrade to version 2.0.10 * Set new permissions Co-authored-by: Alexandre Aubin Co-authored-by: yalh76 --- README.md | 2 +- conf/app.src | 4 ++-- manifest.json | 4 ++-- scripts/backup | 2 +- scripts/install | 35 +++++++++++++++-------------------- scripts/remove | 2 +- scripts/restore | 12 ++++++------ scripts/upgrade | 19 +++---------------- 8 files changed, 31 insertions(+), 49 deletions(-) diff --git a/README.md b/README.md index 0b98d31..633757e 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ Webtrees allows you to view and edit your genealogy on your website. It has full **Note:** Its better to upgrade from the Webtrees admin panel when new version arrives. -**Shipped version:** 2.0.9 +**Shipped version:** 2.0.10 ## Screenshots diff --git a/conf/app.src b/conf/app.src index 290ae55..5214e01 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/fisharebest/webtrees/releases/download/2.0.9/webtrees-2.0.9.zip -SOURCE_SUM=65d8e51706f91ea9e376bad8a0d2bf48c9c15bf399bf2e4874392b12dba30cf8 +SOURCE_URL=https://github.com/fisharebest/webtrees/releases/download/2.0.10/webtrees-2.0.10.zip +SOURCE_SUM=e4d29b98a9cc30cae6421aa4a78ee5fc75f10a5c80d4220ebcd8d25185e3ce50 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=zip SOURCE_IN_SUBDIR=true diff --git a/manifest.json b/manifest.json index ba26239..c8fc075 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Web-based genealogy application", "fr": "Logiciel libre de généalogie en ligne" }, - "version":"2.0.9~ynh1", + "version":"2.0.10~ynh1", "url": "https://www.webtrees.net", "license": "GPL-3.0-or-later", "maintainer": { @@ -14,7 +14,7 @@ "email": "anmol@datamol.org" }, "requirements": { - "yunohost": ">= 4.0" + "yunohost": ">= 4.0.0" }, "multi_instance": true, "services": [ diff --git a/scripts/backup b/scripts/backup index a3ce283..98d4c61 100755 --- a/scripts/backup +++ b/scripts/backup @@ -61,4 +61,4 @@ ynh_mysql_dump_db "$db_name" > db.sql # END OF SCRIPT #================================================= -ynh_print_info "Backup script completed for Webtrees. (YunoHost will then actually copy those files to the archive)." +ynh_print_info "Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." diff --git a/scripts/install b/scripts/install index f0d4e47..17c5af4 100755 --- a/scripts/install +++ b/scripts/install @@ -37,8 +37,6 @@ app=$YNH_APP_INSTANCE_NAME #================================================= ynh_script_progression --message="Validating installation parameters..." -### If the app uses nginx as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app". -### If the app provides an internal web server (or uses another application server such as uwsgi), the final path should be "/opt/yunohost/$app" final_path=/var/www/$app test ! -e "$final_path" || ynh_die --message="This path already contains a folder" @@ -84,7 +82,7 @@ ynh_setup_source --dest_dir="$final_path" #================================================= ynh_script_progression --message="Configuring NGINX web server..." -# Create a dedicated nginx config +# Create a dedicated NGINX config ynh_add_nginx_config #================================================= @@ -100,8 +98,8 @@ ynh_system_user_create --username=$app #================================================= ynh_script_progression --message="Configuring PHP-FPM..." -# Create a dedicated php-fpm config -ynh_add_fpm_config --phpversion=$YNH_PHP_VERSION +# Create a dedicated PHP-FPM config +ynh_add_fpm_config phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= @@ -109,9 +107,9 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= # Adding the details of the database to the config file -ynh_replace_string "__dbuser__" "$db_name" "../conf/config.ini.php" -ynh_replace_string "__dbpass__" "$db_pwd" "../conf/config.ini.php" -ynh_replace_string "__dbname__" "$db_name" "../conf/config.ini.php" +ynh_replace_string --match_string="__dbuser__" --replace_string="$db_name" --target_file="../conf/config.ini.php" +ynh_replace_string --match_string="__dbpass__" --replace_string="$db_pwd" --target_file="../conf/config.ini.php" +ynh_replace_string --match_string="__dbname__" --replace_string="$db_name" --target_file="../conf/config.ini.php" # Copy the config file to the final path cp ../conf/config.ini.php $final_path/data/. @@ -120,10 +118,10 @@ cp ../conf/config.ini.php $final_path/data/. ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" < "../conf/sql/webtrees.sql" # Replace variables in sql scripts -ynh_replace_string "__USER_NAME__" "$admin_username" "../conf/sql/admin.sql" -ynh_replace_string "__NAME__" "$admin_name" "../conf/sql/admin.sql" -ynh_replace_string "__USER_EMAIL__" "$admin_email" "../conf/sql/admin.sql" -ynh_replace_string "__PASSWORD__" "$admin_password" "../conf/sql/admin.sql" +ynh_replace_string --match_string="__USER_NAME__" --replace_string="$admin_username" --target_file="../conf/sql/admin.sql" +ynh_replace_string --match_string="__NAME__" --replace_string="$admin_name" --target_file="../conf/sql/admin.sql" +ynh_replace_string --match_string="__USER_EMAIL__" --replace_string="$admin_email" --target_file="../conf/sql/admin.sql" +ynh_replace_string --match_string="__PASSWORD__" --replace_string="$admin_password" --target_file="../conf/sql/admin.sql" ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" < "../conf/sql/admin.sql" @@ -140,10 +138,6 @@ ynh_store_file_checksum --file="$final_path/data/config.ini.php" # SECURE FILES AND DIRECTORIES #================================================= -### For security reason, any app should set the permissions to root: before anything else. -### Then, if write authorization is needed, any access should be given only to directories -### that really need such authorization. - # Set permissions to app files chown -R $app: $final_path chmod -R 700 $final_path/data @@ -153,11 +147,12 @@ chmod -R 700 $final_path/data #================================================= ynh_script_progression --message="Configuring SSOwat..." -# Make app public if necessary +# Make app public if necessary or protect it if [ $is_public -eq 1 ] then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" + # Everyone can access the app. + # The "main" permission is automatically created before the install script. + ynh_permission_update --permission "main" --add "visitors" fi #================================================= @@ -187,4 +182,4 @@ ynh_send_readme_to_admin "$message" # END OF SCRIPT #================================================= -ynh_script_progression --message="Installation of Webtrees completed" +ynh_script_progression --message="Installation of $app completed" diff --git a/scripts/remove b/scripts/remove index 30d3685..a2906e1 100755 --- a/scripts/remove +++ b/scripts/remove @@ -41,7 +41,7 @@ ynh_remove_app_dependencies #================================================= # REMOVE APP MAIN DIR #================================================= -ynh_script_progression --message="Removing Webtrees main directory..." +ynh_script_progression --message="Removing $app main directory..." # Remove the app directory securely ynh_secure_remove --file="$final_path" diff --git a/scripts/restore b/scripts/restore index 50542e6..fc63a56 100644 --- a/scripts/restore +++ b/scripts/restore @@ -23,10 +23,10 @@ ynh_script_progression --message="Loading settings..." app=$YNH_APP_INSTANCE_NAME # Retrieve old app settings -domain=$(ynh_app_setting_get "$app" domain) -path_url=$(ynh_app_setting_get "$app" path) -final_path=$(ynh_app_setting_get $app final_path) -db_name=$(ynh_app_setting_get $app db_name) +domain=$(ynh_app_setting_get --app=$app --key=domain) +path_url=$(ynh_app_setting_get --app=$app --key=path) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= @@ -50,7 +50,7 @@ ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # RESTORE THE APP MAIN DIR #================================================= -ynh_script_progression --message="Restoring Webtrees main directory..." +ynh_script_progression --message="Restoring $app main directory..." ynh_restore_file "$final_path" @@ -109,4 +109,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Restoration completed for Webtrees" +ynh_script_progression --message="Restoration completed for $app" diff --git a/scripts/upgrade b/scripts/upgrade index 8db744e..7cfc140 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -51,7 +51,7 @@ fi #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= -ynh_script_progression --message="Backing up Webtrees before upgrading (may take a while)..." +ynh_script_progression --message="Backing up $app before upgrading (may take a while)..." # Backup the current version of the app ynh_backup_before_upgrade @@ -79,7 +79,7 @@ ynh_setup_source "$final_path" cp -a ${final_path}.old/data ${final_path} # delete temp directory -rm -Rf ${final_path}.old +ynh_secure_remove --file=${final_path}.old #================================================= # NGINX CONFIGURATION @@ -110,7 +110,7 @@ ynh_system_user_create --username=$app ynh_script_progression --message="Upgrading PHP-FPM configuration..." # Create a dedicated PHP-FPM config -ynh_add_fpm_config --phpversion=$YNH_PHP_VERSION +ynh_add_fpm_config #================================================= # SPECIFIC UPGRADE @@ -132,18 +132,6 @@ ynh_store_file_checksum "$final_path/data/config.ini.php" chown -R $app: $final_path chmod -R 700 $final_path/data -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Upgrading SSOwat configuration..." - -# Make app public if necessary -if [ $is_public -eq 1 ] -then - # unprotected_uris allows SSO credentials to be passed anyway - ynh_app_setting_set $app unprotected_uris "/" -fi - #================================================= # GENERIC FINALIZATION #================================================= @@ -158,4 +146,3 @@ ynh_systemd_action --service_name=nginx --action=reload #================================================= ynh_script_progression --message="Upgrade of $app completed" --last -