diff --git a/conf/systemd.service b/conf/systemd.service index 31b859d..145be59 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -8,7 +8,7 @@ Type=simple User=__APP__ Group=__APP__ EnvironmentFile=__FINALPATH__/.env -WorkingDirectory=__FINALPATH__ +WorkingDirectory=__FINALPATH__/ ExecStart=__YNH_NODE__ __FINALPATH__/main.js Restart=on-failure #StartLimitInterval=86400 diff --git a/scripts/change_url b/scripts/change_url index f0ef135..eb3d563 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -38,7 +38,7 @@ port=$(ynh_app_setting_get --app=$app --key=port) #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= -ynh_script_progression --message="Backing up the app before changing its url (may take a while)..." +ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." # Backup the current version of the app ynh_backup_before_upgrade @@ -46,7 +46,7 @@ ynh_clean_setup () { # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location. ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" - # restore it if the upgrade fails + # Restore it if the upgrade fails ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script @@ -80,23 +80,23 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path=systemd #================================================= # MODIFY URL IN NGINX CONF #================================================= -ynh_script_progression --message="Updating nginx web server configuration..." +ynh_script_progression --message="Updating NGINX web server configuration..." nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf -# Change the path in the nginx config file +# Change the path in the NGINX config file if [ $change_path -eq 1 ] then - # Make a backup of the original nginx config file if modified + # Make a backup of the original NGINX config file if modified ynh_backup_if_checksum_is_different --file="$nginx_conf_path" - # Set global variables for nginx helper + # Set global variables for NGINX helper domain="$old_domain" path_url="$new_path" - # Create a dedicated nginx config + # Create a dedicated NGINX config ynh_add_nginx_config fi -# Change the domain for nginx +# Change the domain for NGINX if [ $change_domain -eq 1 ] then # Delete file checksum for the old conf file location @@ -134,7 +134,7 @@ fi #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." +ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/install b/scripts/install index e9e1a32..fb18194 100644 --- a/scripts/install +++ b/scripts/install @@ -79,12 +79,19 @@ ynh_install_nodejs --nodejs_version=$NODEJS_VERSION ynh_use_nodejs ynh_install_mongo +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." + +# Create a system user +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # CREATE A MONGODB DATABASE #================================================= ynh_script_progression --message="Creating a MongoDB database..." -# Registering db name db_name=$(ynh_sanitize_dbid --db_name=$app) db_user=$db_name ynh_app_setting_set --app=$app --key=db_name --value=$db_name @@ -99,22 +106,19 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" --source_id="$architecture" +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R root: "$final_path" +chown root:$app "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Configuring nginx web server..." +ynh_script_progression --message="Configuring NGINX web server..." -# Create a dedicated nginx config +# Create a dedicated NGINX config ynh_add_nginx_config -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." - -# Create a system user -ynh_system_user_create --username=$app --home_dir="$final_path" - #================================================= # SPECIFIC SETUP #================================================= @@ -126,25 +130,17 @@ ynh_script_progression --message="Configuring a systemd service..." ynh_add_systemd_config --others_var="mongodb_servicename ynh_node" #================================================= -# MODIFY A CONFIG FILE +# ADD A CONFIGURATION #================================================= -ynh_script_progression --message="Modifying a config file..." +ynh_script_progression --message="Adding a config file..." -# Create a dedicated .env config ynh_add_config --template=".env" --destination="$final_path/.env" +chmod 400 "$final_path/.env" +chown $app:$app "$final_path/.env" + #================================================= # GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= -ynh_script_progression --message="Securing files and directories..." - -# Set strong right permissions to app files -chown -R $app: "$final_path" -chmod -R 640 "$final_path" -find "$final_path" -type d -print0 | xargs -0 chmod 750 - #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= @@ -169,8 +165,6 @@ fi #================================================= ynh_script_progression --message="Configuring permissions..." -ynh_permission_create --permission="admin" --allowed "$admin" - # Make app public if necessary if [ $is_public -eq 1 ] then @@ -179,10 +173,12 @@ then ynh_permission_update --permission="main" --add="visitors" fi +ynh_permission_create --permission="admin" --allowed=$admin + #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." +ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/remove b/scripts/remove index 120e182..ec3ccf0 100755 --- a/scripts/remove +++ b/scripts/remove @@ -29,7 +29,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path) # REMOVE SERVICE INTEGRATION IN YUNOHOST #================================================= -# Remove the service from the list of services known by Yunohost (added from `yunohost service add`) +# Remove the service from the list of services known by YunoHost (added from `yunohost service add`) if ynh_exec_warn_less yunohost service status $app >/dev/null then ynh_script_progression --message="Removing $app service integration..." @@ -73,9 +73,9 @@ ynh_secure_remove --file="$final_path" #================================================= # REMOVE NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Removing nginx web server configuration..." +ynh_script_progression --message="Removing NGINX web server configuration..." -# Remove the dedicated nginx config +# Remove the dedicated NGINX config ynh_remove_nginx_config #================================================= diff --git a/scripts/restore b/scripts/restore index 80e6388..5e973d2 100644 --- a/scripts/restore +++ b/scripts/restore @@ -6,7 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= -#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source ../settings/scripts/ynh_mongo_db source /usr/share/yunohost/helpers @@ -24,7 +24,7 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading settings..." +ynh_script_progression --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME @@ -49,17 +49,10 @@ test ! -d $final_path \ #================================================= # RESTORE THE NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Restoring the nginx configuration..." +ynh_script_progression --message="Restoring the NGINX web server configuration..." ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" -#================================================= -# RESTORE THE APP MAIN DIR -#================================================= -ynh_script_progression --message="Restoring the app main directory..." - -ynh_restore_file --origin_path="$final_path" - #================================================= # RECREATE THE DEDICATED USER #================================================= @@ -69,14 +62,16 @@ ynh_script_progression --message="Recreating the dedicated system user..." ynh_system_user_create --username=$app --home_dir="$final_path" #================================================= -# RESTORE USER RIGHTS +# RESTORE THE APP MAIN DIR #================================================= -ynh_script_progression --message="Restoring user rights..." +ynh_script_progression --message="Restoring the app main directory..." -# Restore permissions on app files -chown -R $app: "$final_path" -chmod -R 640 "$final_path" -find "$final_path" -type d -print0 | xargs -0 chmod 750 +ynh_restore_file --origin_path="$final_path" + +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R root: "$final_path" +chown root:$app "$final_path" #================================================= # SPECIFIC RESTORATION @@ -131,7 +126,7 @@ fi #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." +ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/upgrade b/scripts/upgrade index 3a30be3..5dccff0 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -46,7 +46,7 @@ fi if ! ynh_permission_exists --permission="admin"; then # Create the required permissions - ynh_permission_create --permission="admin" --allowed "$admin" + ynh_permission_create --permission="admin" --allowed=$admin fi #================================================= @@ -68,7 +68,7 @@ ynh_script_progression --message="Backing up the app before upgrading (may take # Backup the current version of the app ynh_backup_before_upgrade ynh_clean_setup () { - # restore it if the upgrade fails + # Restore it if the upgrade fails ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script @@ -114,23 +114,13 @@ if ynh_version_gt "2.56~ynh1" "${previous_version}" ; then touch $config_file fi -# Create the permission "admin" only if it doesn't exist. -if ! ynh_permission_exists --permission="admin" -then - ynh_script_progression --message="Upgrading Permission configuration..." +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." - ynh_app_setting_delete --app=$app --key=unprotected_uris - - is_public=$(ynh_app_setting_get --app=$app --key=is_public) - - if [ $is_public -eq 1 ]; then - ynh_permission_update --permission "main" --add "visitors" - fi - - ynh_app_setting_delete --app=$app --key=is_public - - ynh_permission_create --permission="admin" -fi +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE @@ -160,12 +150,17 @@ then ynh_secure_remove --file="$tmpdir" fi +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R root: "$final_path" +chown root:$app "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Upgrading nginx web server configuration..." +ynh_script_progression --message="Upgrading NGINX web server configuration..." -# Create a dedicated nginx config +# Create a dedicated NGINX config ynh_add_nginx_config #================================================= @@ -180,21 +175,7 @@ ynh_use_nodejs ynh_install_mongo #================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." - -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" - -#================================================= -# MODIFY A CONFIG FILE -#================================================= -ynh_script_progression --message="Modifying a config file..." - -# Create a dedicated .env config -ynh_add_config --template=".env" --destination="$final_path/.env" - +# SPECIFIC UPGRADE #================================================= # SETUP SYSTEMD #================================================= @@ -203,18 +184,18 @@ ynh_script_progression --message="Upgrading systemd configuration..." # Create a dedicated systemd config ynh_add_systemd_config --others_var="mongodb_servicename ynh_node" +#================================================= +# UPDATE A CONFIG FILE +#================================================= +ynh_script_progression --message="Updating a config file..." + +ynh_add_config --template=".env" --destination="$final_path/.env" + +chmod 400 "$final_path/.env" +chown $app:$app "$final_path/.env" + #================================================= # GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= -ynh_script_progression --message="Securing files and directories..." - -# Set permissions on app files -chown -R $app: "$final_path" -chmod -R 640 "$final_path" -find "$final_path" -type d -print0 | xargs -0 chmod 750 - #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= @@ -236,7 +217,7 @@ fi #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." +ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload