diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh deleted file mode 100644 index defbac9..0000000 --- a/.github/workflows/updater.sh +++ /dev/null @@ -1,133 +0,0 @@ -#!/bin/bash - -#================================================= -# PACKAGE UPDATING HELPER -#================================================= - -# This script is meant to be run by GitHub Actions -# The YunoHost-Apps organisation offers a template Action to run this script periodically -# Since each app is different, maintainers can adapt its contents so as to perform -# automatic actions when a new upstream release is detected. - -#================================================= -# FETCHING LATEST RELEASE AND ITS ASSETS -#================================================= - -# Fetching information -current_version=$(cat manifest.json | jq -j '.version|split("~")[0]') -repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]') -# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions) -version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1) -assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'")) - -# Later down the script, we assume the version has only digits and dots -# Sometimes the release name starts with a "v", so let's filter it out. -# You may need more tweaks here if the upstream repository has different naming conventions. -if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then - version=${version:1} -fi - -# Setting up the environment variables -echo "Current version: $current_version" -echo "Latest release from upstream: $version" -echo "VERSION=$version" >> $GITHUB_ENV -echo "REPO=$repo" >> $GITHUB_ENV -# For the time being, let's assume the script will fail -echo "PROCEED=false" >> $GITHUB_ENV - -# Proceed only if the retrieved version is greater than the current one -if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then - echo "::warning ::No new version available" - exit 0 -# Proceed only if a PR for this new version does not already exist -elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then - echo "::warning ::A branch already exists for this update" - exit 0 -fi - -# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.) -echo "${#assets[@]} available asset(s)" - -#================================================= -# UPDATE SOURCE FILES -#================================================= - -# Here we use the $assets variable to get the resources published in the upstream release. -# Here is an example for Grav, it has to be adapted in accordance with how the upstream releases look like. - -# Let's loop over the array of assets URLs -for asset_url in ${assets[@]}; do - - echo "Handling asset at $asset_url" - - # Assign the asset to a source file in conf/ directory - # Here we base the source file name upon a unique keyword in the assets url (admin vs. update) - # Leave $src empty to ignore the asset - case $asset_url in - *"amd64"*) - src="amd64" - ;; - *"arm64"*) - src="arm64" - ;; - *) - src="" - ;; - esac - - # If $src is not empty, let's process the asset - if [ ! -z "$src" ]; then - # Create the temporary directory - tempdir="$(mktemp -d)" - - # Download sources and calculate checksum - filename=${asset_url##*/} - curl --silent -4 -L $asset_url -o "$tempdir/$filename" - checksum=$(sha256sum "$tempdir/$filename" | head -c 64) - - # Delete temporary directory - rm -rf $tempdir - - # Get extension - if [[ $filename == *.tar.gz ]]; then - extension=tar.gz - else - extension=${filename##*.} - fi - - # Rewrite source file - cat < conf/$src.src -SOURCE_URL=$asset_url -SOURCE_SUM=$checksum -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=$extension -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= -EOT - echo "... conf/$src.src updated" - - else - echo "... asset ignored" - fi - -done - -#================================================= -# SPECIFIC UPDATE STEPS -#================================================= - -# Any action on the app's source code can be done. -# The GitHub Action workflow takes care of committing all changes after this script ends. - -#================================================= -# GENERIC FINALIZATION -#================================================= - -# Replace new version in manifest -echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json - -# No need to update the README, yunohost-bot takes care of it - -# The Action will proceed only if the PROCEED environment variable is set to true -echo "PROCEED=true" >> $GITHUB_ENV -exit 0 diff --git a/.github/workflows/updater.yml b/.github/workflows/updater.yml deleted file mode 100644 index 08ec1b3..0000000 --- a/.github/workflows/updater.yml +++ /dev/null @@ -1,50 +0,0 @@ -# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected. -# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization. -# This file should be enough by itself, but feel free to tune it to your needs. -# It calls updater.sh, which is where you should put the app-specific update steps. -name: Check for new upstream releases -on: - # Allow to manually trigger the workflow - workflow_dispatch: - # Run it every day at 6:00 UTC - schedule: - - cron: '0 6 * * *' -jobs: - updater: - runs-on: ubuntu-latest - steps: - - name: Fetch the source code - uses: actions/checkout@v3 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - name: Run the updater script - id: run_updater - run: | - # Setting up Git user - git config --global user.name 'yunohost-bot' - git config --global user.email 'yunohost-bot@users.noreply.github.com' - # Run the updater script - /bin/bash .github/workflows/updater.sh - - name: Commit changes - id: commit - if: ${{ env.PROCEED == 'true' }} - run: | - git commit -am "Upgrade to v$VERSION" - - name: Create Pull Request - id: cpr - if: ${{ env.PROCEED == 'true' }} - uses: peter-evans/create-pull-request@v4 - with: - token: ${{ secrets.GITHUB_TOKEN }} - commit-message: Update to version ${{ env.VERSION }} - committer: 'yunohost-bot ' - author: 'yunohost-bot ' - signoff: false - base: testing - branch: ci-auto-update-v${{ env.VERSION }} - delete-branch: true - title: 'Upgrade to version ${{ env.VERSION }}' - body: | - Upgrade to v${{ env.VERSION }} - draft: false - diff --git a/README.md b/README.md index 0d9901a..478530b 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in ## Overview -WeKan is an completely Open Source and Free software collaborative kanban board. +WeKan is an completely Open Source and Free software collaborative kanban board application. **Shipped version:** 7.18~ynh1 @@ -27,25 +27,6 @@ WeKan is an completely Open Source and Free software collaborative kanban board. ![Screenshot of Wekan](./doc/screenshots/screenshot.jpg) -## Disclaimers / important information - -* There is currently **no SSO integration** though it might be integrated at some point in the app, now that it's supported in Meteor/Wekan. In the meantime, users can create accounts (in fact, they can create infinite number of accounts) manually, and need to login manually specifically in Wekan. -* This app **only works on x86, 64bits architecture**! In particular, it won't work on 32 bit machines or ARM. See the discussion [here](https://github.com/YunoHost-Apps/wekan_ynh/issues/1#issuecomment-401612500). -* YunoHost users with more than one email address can't login to wekan using ldap. For example first YunoHost user has severals email addresses: root@domain; admin@domain; webmaster@domain; postmaster@domain, etc... Workaround: remove all mail aliases of the user you want to connect, connect one time on wekan, recreate the aliases of the YunoHost user. - -## Configuration: -As LDAP authentification is enabled by default, Wekan admins correspond to the permission `Wekan Admin`. The user you choose during installation is member of this group. -To add an admin account, you can: - -- [with the webadmin] go to Users > Groups and permissions > Add the user to the permission `Wekan Admin` -- [or with the command line] `yunohost user permission update wekan.admin -a the_user_to_add` - -All others YunhoHost user can access with LDAP authentication. - -If you have disable ldap authentication, first registered user will be admin, and next ones normal users. If you want other admins too, you can change their permission to admin at Wekan Admin Panel. - -**Private/Public mode:** In private mode, only authorized YunoHost members can access to the Wekan. - ## Documentation and resources * Official app website: diff --git a/README_fr.md b/README_fr.md index 60cf772..1b32698 100644 --- a/README_fr.md +++ b/README_fr.md @@ -16,7 +16,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po ## Vue d’ensemble -WeKan est une application de tableau kanban collaborative. +WeKan est une application de tableau kanban collaborative entièrement libre et open source. **Version incluse :** 7.18~ynh1 @@ -27,25 +27,6 @@ WeKan est une application de tableau kanban collaborative. ![Capture d’écran de Wekan](./doc/screenshots/screenshot.jpg) -## Avertissements / informations importantes - -* Il n'y a actuellement **pas d'intégration SSO**, bien qu'elle puisse être intégrée à un moment donné dans l'application, maintenant qu'elle est supportée par Meteor/Wekan. En attendant, les utilisateurs peuvent créer des comptes (en fait, ils peuvent créer un nombre infini de comptes) manuellement, et doivent se connecter manuellement spécifiquement dans Wekan. -* Cette application **ne fonctionne que sur une architecture x86, 64bits** ! En particulier, elle ne fonctionnera pas sur les machines 32 bits ou ARM. Voir la discussion [ici] (https://github.com/YunoHost-Apps/wekan_ynh/issues/1#issuecomment-401612500). -* Les utilisateurs de YunoHost ayant plus d'une adresse e-mail ne peuvent pas se connecter à wekan en utilisant ldap. Par exemple, le premier utilisateur de YunoHost a plusieurs adresses e-mail : root@domain ; admin@domain ; webmaster@domain ; postmaster@domain, etc.... Solution : supprimez tous les alias de messagerie de l'utilisateur que vous voulez connecter, connectez-vous une fois sur wekan, recréez les alias de l'utilisateur YunoHost. - -## Configuration : -L'authentification LDAP étant activée par défaut, les admins de Wekan correspondent à la permission `Wekan Admin`. L'utilisateur que vous choisissez lors de l'installation est membre de ce groupe. -Pour ajouter un compte admin, vous pouvez : - -- [avec le webadmin] allez dans Utilisateurs > Groupes et permissions > Ajouter l'utilisateur à la permission `Wekan Admin`. -- [ou avec la ligne de commande] `yunohost user permission update wekan.admin -a the_user_to_add`. - -Tous les autres utilisateurs de YunhoHost peuvent accéder avec l'authentification LDAP. - -Si vous avez désactivé l'authentification LDAP, le premier utilisateur enregistré sera l'administrateur, et les suivants seront des utilisateurs normaux. Si vous voulez d'autres administrateurs, vous pouvez changer leur permission à admin dans le panneau d'administration de Wekan. - -**Mode privé/public:** En mode privé, seuls les membres autorisés de YunoHost peuvent accéder au Wekan. - ## Documentations et ressources * Site officiel de l’app : diff --git a/check_process b/check_process deleted file mode 100644 index f2cf3a0..0000000 --- a/check_process +++ /dev/null @@ -1,23 +0,0 @@ -;; Test complet - ; Manifest - domain="domain.tld" - path="/path" - is_public=1 - admin="john" - ; Checks - pkg_linter=1 - setup_sub_dir=1 - setup_root=1 - setup_nourl=0 - setup_private=1 - setup_public=1 - upgrade=1 - # 6.30~ynh1 / Mongo 4.4 ; 5.0 - upgrade=1 from_commit=19d250f0c09d4f8dad4343a86a5d20672853221a - backup_restore=1 - multi_instance=1 - port_already_use=0 - change_url=1 -;;; Options -Email=ljf+ynh-wekan@reflexlibre.net -Notification=down diff --git a/conf/.env b/conf/.env index 4ae86f7..7198df0 100644 --- a/conf/.env +++ b/conf/.env @@ -5,7 +5,7 @@ NODE_ENV=production # Writable path for temporary saving attachments during migration to Meteor-Files # Create directory wekan-uploads -WRITABLE_PATH=__FINALPATH__ +WRITABLE_PATH=__INSTALL_DIR__ # The path to NODEJS __YNH_NODE_LOAD_PATH__ @@ -26,12 +26,12 @@ ROOT_URL='https://__DOMAIN____PATH__' # https://github.com/wekan/wekan/wiki/Adding-users # https://github.com/wekan/wekan/wiki/Troubleshooting-Mail # https://github.com/wekan/wekan-mongodb/blob/master/docker-compose.yml -MAIL_URL='smtp://__MAIN_DOMAIN__:25/' -MAIL_FROM='Wekan Support ' +MAIL_URL='smtp://__APP__:__MAIL_PWD__@__MAIN_DOMAIN__:25/' +MAIL_FROM='Wekan Support <__APP__@__DOMAIN__>' # Currently MAIL_SERVICE is not in use. #MAIL_SERVICE=Outlook365 -#MAIL_SERVICE_USER=firstname.lastname@hotmail.com -#MAIL_SERVICE_PASSWORD=SecretPassword +#MAIL_SERVICE_USER=__APP__ +#MAIL_SERVICE_PASSWORD=__MAIL_PWD__ #--------------------------------------------- #KADIRA_OPTIONS_ENDPOINT=http://127.0.0.1:11011 #--------------------------------------------- diff --git a/conf/amd64.src b/conf/amd64.src deleted file mode 100644 index b84e974..0000000 --- a/conf/amd64.src +++ /dev/null @@ -1,6 +0,0 @@ -SOURCE_URL=https://github.com/wekan/wekan/releases/download/v7.18/wekan-7.18-amd64.zip -SOURCE_SUM=da865310d70de763fc0d410344e28a493691e461b5195fe97d16e89f3d0d7246 -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=zip -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= diff --git a/conf/arm64.src b/conf/arm64.src deleted file mode 100644 index d643bc4..0000000 --- a/conf/arm64.src +++ /dev/null @@ -1,6 +0,0 @@ -SOURCE_URL=https://github.com/wekan/wekan/releases/download/v7.18/wekan-7.18-arm64.zip -SOURCE_SUM=6e384614e436147cbe4977ea8dd51f4e45487f455b23efe5e44d74ef6b69ceaf -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=zip -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= diff --git a/conf/systemd.service b/conf/systemd.service index ed287ab..148183a 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -7,18 +7,47 @@ After=network.target __MONGODB_SERVICENAME__.service Type=simple User=__APP__ Group=__APP__ -EnvironmentFile=__FINALPATH__/.env -WorkingDirectory=__FINALPATH__/ -ExecStart=__YNH_NODE__ __FINALPATH__/main.js +EnvironmentFile=__INSTALL_DIR__/.env +WorkingDirectory=__INSTALL_DIR__/ +ExecStart=__YNH_NODE__ __INSTALL_DIR__/main.js Restart=on-failure -#StartLimitInterval=86400 -#StartLimitBurst=5 -RestartSec=10 -ExecReload=/bin/kill -USR1 $MAINPID -RestartSec=10 -StandardOutput=syslog -StandardError=syslog -SyslogIdentifier=__APP__ +SuccessExitStatus=143 +#RestartSec=10 +#ExecReload=/bin/kill -USR1 $MAINPID + +# Sandboxing options to harden security +# Depending on specificities of your service/app, you may need to tweak these +# .. but this should be a good baseline +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectClock=yes +ProtectHostname=yes +ProtectProc=invisible +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallArchitectures=native +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG [Install] WantedBy=multi-user.target diff --git a/doc/DISCLAIMER.md b/doc/ADMIN.md similarity index 93% rename from doc/DISCLAIMER.md rename to doc/ADMIN.md index 3d56c28..dc0a1c3 100644 --- a/doc/DISCLAIMER.md +++ b/doc/ADMIN.md @@ -12,5 +12,3 @@ To add an admin account, you can: All others YunhoHost user can access with LDAP authentication. If you have disable ldap authentication, first registered user will be admin, and next ones normal users. If you want other admins too, you can change their permission to admin at Wekan Admin Panel. - -**Private/Public mode:** In private mode, only authorized YunoHost members can access to the Wekan. diff --git a/doc/DISCLAIMER_fr.md b/doc/ADMIN_fr.md similarity index 94% rename from doc/DISCLAIMER_fr.md rename to doc/ADMIN_fr.md index d7c6527..453eefa 100644 --- a/doc/DISCLAIMER_fr.md +++ b/doc/ADMIN_fr.md @@ -12,5 +12,3 @@ Pour ajouter un compte admin, vous pouvez : Tous les autres utilisateurs de YunhoHost peuvent accéder avec l'authentification LDAP. Si vous avez désactivé l'authentification LDAP, le premier utilisateur enregistré sera l'administrateur, et les suivants seront des utilisateurs normaux. Si vous voulez d'autres administrateurs, vous pouvez changer leur permission à admin dans le panneau d'administration de Wekan. - -**Mode privé/public:** En mode privé, seuls les membres autorisés de YunoHost peuvent accéder au Wekan. diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md index abb2c29..87a16d3 100644 --- a/doc/DESCRIPTION.md +++ b/doc/DESCRIPTION.md @@ -1 +1 @@ -WeKan is an completely Open Source and Free software collaborative kanban board. +WeKan is an completely Open Source and Free software collaborative kanban board application. diff --git a/doc/DESCRIPTION_fr.md b/doc/DESCRIPTION_fr.md index 084d4d4..e80d155 100644 --- a/doc/DESCRIPTION_fr.md +++ b/doc/DESCRIPTION_fr.md @@ -1 +1 @@ -WeKan est une application de tableau kanban collaborative. +WeKan est une application de tableau kanban collaborative entièrement libre et open source. diff --git a/manifest.json b/manifest.json deleted file mode 100644 index c78cd9d..0000000 --- a/manifest.json +++ /dev/null @@ -1,62 +0,0 @@ -{ - "name": "Wekan", - "id": "wekan", - "packaging_format": 1, - "description": { - "en": "Trello-like kanban", - "fr": "Kanban similaire à Trello" - }, - "version": "7.18~ynh1", - "url": "https://wekan.github.io", - "upstream": { - "license": "MIT", - "website": "https://wekan.github.io", - "demo": "https://demo.sandstorm.io/appdemo/m86q05rdvj14yvn78ghaxynqz7u2svw6rnttptxx49g1785cdv1h", - "admindoc": "https://github.com/wekan/wekan/wiki", - "code": "https://github.com/wekan/wekan" - }, - "license": "MIT", - "maintainer": [ - { - "name": "alexAubin", - "email": "alex.aubin@mailoo.org", - "url": "https://github.com/alexAubin/" - }, - { - "name": "ljf" - }, - { - "name": "yalh76" - } - ], - "requirements": { - "yunohost": ">= 11.2" - }, - "multi_instance": true, - "services": [ - "nginx" - ], - "arguments": { - "install": [ - { - "name": "domain", - "type": "domain" - }, - { - "name": "path", - "type": "path", - "example": "/wekan", - "default": "/wekan" - }, - { - "name": "is_public", - "type": "boolean", - "default": false - }, - { - "name": "admin", - "type": "user" - } - ] - } -} diff --git a/manifest.toml b/manifest.toml new file mode 100644 index 0000000..40f9d31 --- /dev/null +++ b/manifest.toml @@ -0,0 +1,66 @@ +packaging_format = 2 + +id = "wekan" +name = "Wekan" +description.en = "Trello-like kanban" +description.fr = "Kanban similaire à Trello" + +version = "7.18~ynh1" + +maintainers = ["alexAubin", "ljf", "yalh76"] + +[upstream] +license = "MIT" +website = "https://wekan.github.io" +demo = "https://demo.sandstorm.io/appdemo/m86q05rdvj14yvn78ghaxynqz7u2svw6rnttptxx49g1785cdv1h" +admindoc = "https://github.com/wekan/wekan/wiki" +code = "https://github.com/wekan/wekan" + +[integration] +yunohost = ">= 11.2" +architectures = ["arm64", "amd64"] +multi_instance = true + +ldap = true + +sso = false + +disk = "50M" +ram.build = "50M" +ram.runtime = "50M" + +[install] + [install.domain] + type = "domain" + + [install.path] + type = "path" + default = "/wekan" + + [install.init_main_permission] + type = "group" + default = "visitors" + + [install.admin] + type = "user" + +[resources] + [resources.sources.main] + arm64.url = "https://github.com/wekan/wekan/releases/download/v7.18/wekan-7.18-arm64.zip" + arm64.sha256 = "6e384614e436147cbe4977ea8dd51f4e45487f455b23efe5e44d74ef6b69ceaf" + amd64.url = "https://github.com/wekan/wekan/releases/download/v7.18/wekan-7.18-amd64.zip" + amd64.sha256 = "da865310d70de763fc0d410344e28a493691e461b5195fe97d16e89f3d0d7246" + autoupdate.strategy = "latest_github_release" + autoupdate.asset.amd64 = "*-amd64.zip" + autoupdate.asset.arm64 = "*-arm64.zip" + + [resources.ports] + + [resources.system_user] + allow_email = true + + [resources.install_dir] + + [resources.permissions] + main.url = "/" + #admin.allowed = "admins" diff --git a/scripts/_common.sh b/scripts/_common.sh index fbf21c5..25213d5 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,9 +4,6 @@ # COMMON VARIABLES #================================================= -# dependencies used by the app -pkg_dependencies="" - nodejs_version="14.21.3" #================================================= @@ -17,6 +14,355 @@ nodejs_version="14.21.3" # EXPERIMENTAL HELPERS #================================================= +readonly YNH_DEFAULT_MONGO_VERSION=4.4 +# Declare the actual MongoDB version to use: 4.4; 5.0; 6.0 +# A packager willing to use another version of MongoDB can override the variable into its _common.sh. +YNH_MONGO_VERSION=${YNH_MONGO_VERSION:-$YNH_DEFAULT_MONGO_VERSION} + +# Execute a mongo command +# +# example: ynh_mongo_exec --command='db.getMongo().getDBNames().indexOf("wekan")' +# example: ynh_mongo_exec --command="db.getMongo().getDBNames().indexOf(\"wekan\")" +# +# usage: ynh_mongo_exec [--user=user] [--password=password] [--authenticationdatabase=authenticationdatabase] [--database=database] [--host=host] [--port=port] --command="command" [--eval] +# | arg: -u, --user= - The user name to connect as +# | arg: -p, --password= - The user password +# | arg: -d, --authenticationdatabase= - The authenticationdatabase to connect to +# | arg: -d, --database= - The database to connect to +# | arg: -h, --host= - The host to connect to +# | arg: -P, --port= - The port to connect to +# | arg: -c, --command= - The command to evaluate +# | arg: -e, --eval - Evaluate instead of execute the command. +# +# +ynh_mongo_exec() { + # Declare an array to define the options of this helper. + local legacy_args=upadhPce + local -A args_array=( [u]=user= [p]=password= [a]=authenticationdatabase= [d]=database= [h]=host= [P]=port= [c]=command= [e]=eval ) + local user + local password + local authenticationdatabase + local database + local host + local port + local command + local eval + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + user="${user:-}" + password="${password:-}" + authenticationdatabase="${authenticationdatabase:-}" + database="${database:-}" + host="${host:-}" + port="${port:-}" + eval=${eval:-0} + + # If user is provided + if [ -n "$user" ] + then + user="--username=$user" + + # If password is provided + if [ -n "$password" ] + then + password="--password=$password" + fi + + # If authenticationdatabase is provided + if [ -n "$authenticationdatabase" ] + then + authenticationdatabase="--authenticationDatabase=$authenticationdatabase" + else + authenticationdatabase="--authenticationDatabase=admin" + fi + else + password="" + authenticationdatabase="" + fi + + # If host is provided + if [ -n "$host" ] + then + host="--host=$host" + fi + + # If port is provided + if [ -n "$port" ] + then + port="--port=$port" + fi + + # If eval is not provided + if [ $eval -eq 0 ] + then + # If database is provided + if [ -n "$database" ] + then + database="use $database" + else + database="" + fi + + mongosh --quiet --username $user --password $password --authenticationDatabase $authenticationdatabase --host $host --port $port < ./dump.bson +# +# usage: ynh_mongo_dump_db --database=database +# | arg: -d, --database= - The database name to dump +# | ret: the mongodump output +# +# +ynh_mongo_dump_db() { + # Declare an array to define the options of this helper. + local legacy_args=d + local -A args_array=( [d]=database= ) + local database + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + mongodump --quiet --db="$database" --archive +} + +# Create a user +# +# [internal] +# +# usage: ynh_mongo_create_user --db_user=user --db_pwd=pwd --db_name=name +# | arg: -u, --db_user= - The user name to create +# | arg: -p, --db_pwd= - The password to identify user by +# | arg: -n, --db_name= - Name of the database to grant privilegies +# +# +ynh_mongo_create_user() { + # Declare an array to define the options of this helper. + local legacy_args=unp + local -A args_array=( [u]=db_user= [n]=db_name= [p]=db_pwd= ) + local db_user + local db_name + local db_pwd + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + # Create the user and set the user as admin of the db + ynh_mongo_exec --database="$db_name" --command='db.createUser( { user: "'${db_user}'", pwd: "'${db_pwd}'", roles: [ { role: "readWrite", db: "'${db_name}'" } ] } );' + + # Add clustermonitoring rights + ynh_mongo_exec --database="$db_name" --command='db.grantRolesToUser("'${db_user}'",[{ role: "clusterMonitor", db: "admin" }]);' +} + +# Check if a mongo database exists +# +# usage: ynh_mongo_database_exists --database=database +# | arg: -d, --database= - The database for which to check existence +# | exit: Return 1 if the database doesn't exist, 0 otherwise +# +# +ynh_mongo_database_exists() { + # Declare an array to define the options of this helper. + local legacy_args=d + local -A args_array=([d]=database=) + local database + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + if [ $(ynh_mongo_exec --command='db.getMongo().getDBNames().indexOf("'${database}'")' --eval) -lt 0 ] + then + return 1 + else + return 0 + fi +} + +# Restore a database +# +# example: ynh_mongo_restore_db --database=wekan < ./dump.bson +# +# usage: ynh_mongo_restore_db --database=database +# | arg: -d, --database= - The database name to restore +# +# +ynh_mongo_restore_db() { + # Declare an array to define the options of this helper. + local legacy_args=d + local -A args_array=( [d]=database= ) + local database + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + mongorestore --quiet --db="$database" --archive +} + +# Drop a user +# +# [internal] +# +# usage: ynh_mongo_drop_user --db_user=user --db_name=name +# | arg: -u, --db_user= - The user to drop +# | arg: -n, --db_name= - Name of the database +# +# +ynh_mongo_drop_user() { + # Declare an array to define the options of this helper. + local legacy_args=un + local -A args_array=( [u]=db_user= [n]=db_name= ) + local db_user + local db_name + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + ynh_mongo_exec --database="$db_name" --command='db.dropUser("'$db_user'", {w: "majority", wtimeout: 5000})' +} + +# Create a database, an user and its password. Then store the password in the app's config +# +# usage: ynh_mongo_setup_db --db_user=user --db_name=name [--db_pwd=pwd] +# | arg: -u, --db_user= - Owner of the database +# | arg: -n, --db_name= - Name of the database +# | arg: -p, --db_pwd= - Password of the database. If not provided, a password will be generated +# +# After executing this helper, the password of the created database will be available in $db_pwd +# It will also be stored as "mongopwd" into the app settings. +# +# +ynh_mongo_setup_db() { + # Declare an array to define the options of this helper. + local legacy_args=unp + local -A args_array=( [u]=db_user= [n]=db_name= [p]=db_pwd= ) + local db_user + local db_name + db_pwd="" + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + local new_db_pwd=$(ynh_string_random) # Generate a random password + # If $db_pwd is not provided, use new_db_pwd instead for db_pwd + db_pwd="${db_pwd:-$new_db_pwd}" + + # Create the user and grant access to the database + ynh_mongo_create_user --db_user="$db_user" --db_pwd="$db_pwd" --db_name="$db_name" + + # Store the password in the app's config + ynh_app_setting_set --app=$app --key=db_pwd --value=$db_pwd +} + +# Remove a database if it exists, and the associated user +# +# usage: ynh_mongo_remove_db --db_user=user --db_name=name +# | arg: -u, --db_user= - Owner of the database +# | arg: -n, --db_name= - Name of the database +# +# +ynh_mongo_remove_db() { + # Declare an array to define the options of this helper. + local legacy_args=un + local -A args_array=( [u]=db_user= [n]=db_name= ) + local db_user + local db_name + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + if ynh_mongo_database_exists --database=$db_name; then # Check if the database exists + ynh_mongo_drop_db --database=$db_name # Remove the database + else + ynh_print_warn --message="Database $db_name not found" + fi + + # Remove mongo user if it exists + ynh_mongo_drop_user --db_user=$db_user --db_name=$db_name +} + +# Install MongoDB and integrate MongoDB service in YunoHost +# +# usage: ynh_install_mongo [--mongo_version=mongo_version] +# | arg: -m, --mongo_version= - Version of MongoDB to install +# +# +ynh_install_mongo() { + # Declare an array to define the options of this helper. + local legacy_args=m + local -A args_array=([m]=mongo_version=) + local mongo_version + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + mongo_version="${mongo_version:-$YNH_MONGO_VERSION}" + + ynh_print_info --message="Installing MongoDB Community Edition..." + ynh_install_extra_app_dependencies --repo="deb http://repo.mongodb.org/apt/debian buster/mongodb-org/$mongo_version main" --package="mongodb-org mongodb-org-server mongodb-org-tools mongodb-mongosh" --key="https://www.mongodb.org/static/pgp/server-$mongo_version.asc" + mongodb_servicename=mongod + + # Make sure MongoDB is started and enabled + systemctl enable $mongodb_servicename --quiet + systemctl daemon-reload --quiet + ynh_systemd_action --service_name=$mongodb_servicename --action=restart --line_match="aiting for connections" --log_path="/var/log/mongodb/$mongodb_servicename.log" + + # Integrate MongoDB service in YunoHost + yunohost service add $mongodb_servicename --description="MongoDB daemon" --log="/var/log/mongodb/$mongodb_servicename.log" + + # Store mongo_version into the config of this app + ynh_app_setting_set --app=$app --key=mongo_version --value=$mongo_version +} + +# Remove MongoDB +# Only remove the MongoDB service integration in YunoHost for now +# if MongoDB package as been removed +# +# usage: ynh_remove_mongo +# +# +ynh_remove_mongo() { + # Only remove the mongodb service if it is not installed. + if ! ynh_package_is_installed --package="mongodb*" + then + ynh_print_info --message="Removing MongoDB service..." + mongodb_servicename=mongod + # Remove the mongodb service + yunohost service remove $mongodb_servicename + ynh_secure_remove --file="/var/lib/mongodb" + ynh_secure_remove --file="/var/log/mongodb" + fi +} + + #================================================= # FUTURE OFFICIAL HELPERS #================================================= diff --git a/scripts/backup b/scripts/backup index 821ad88..00254c7 100644 --- a/scripts/backup +++ b/scripts/backup @@ -8,30 +8,8 @@ # Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh -source ../settings/scripts/ynh_mongo_db__2 source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - true -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_print_info --message="Loading installation settings..." - -app=$YNH_APP_INSTANCE_NAME - -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -domain=$(ynh_app_setting_get --app=$app --key=domain) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) - #================================================= # DECLARE DATA AND CONF FILES TO BACKUP #================================================= @@ -41,7 +19,7 @@ ynh_print_info --message="Declaring files to be backed up..." # BACKUP THE APP MAIN DIR #================================================= -ynh_backup --src_path="$final_path" +ynh_backup --src_path="$install_dir" #================================================= # BACKUP THE NGINX CONFIGURATION diff --git a/scripts/change_url b/scripts/change_url index 7fdb43c..7614f0b 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -9,66 +9,6 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# RETRIEVE ARGUMENTS -#================================================= - -old_domain=$YNH_APP_OLD_DOMAIN -old_path=$YNH_APP_OLD_PATH - -new_domain=$YNH_APP_NEW_DOMAIN -new_path=$YNH_APP_NEW_PATH - -app=$YNH_APP_INSTANCE_NAME - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." - -# Needed for helper "ynh_add_nginx_config" -final_path=$(ynh_app_setting_get --app=$app --key=final_path) - -# Add settings here as needed by your application -#db_name=$(ynh_app_setting_get --app=$app --key=db_name) -#db_user=$db_name -#db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd) -port=$(ynh_app_setting_get --app=$app --key=port) - -#================================================= -# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP -#================================================= -ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." - -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - ynh_clean_check_starting - # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location. - ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" - - # Restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# CHECK WHICH PARTS SHOULD BE CHANGED -#================================================= - -change_domain=0 -if [ "$old_domain" != "$new_domain" ] -then - change_domain=1 -fi - -change_path=0 -if [ "$old_path" != "$new_path" ] -then - change_path=1 -fi - #================================================= # STANDARD MODIFICATIONS #================================================= @@ -83,29 +23,7 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path=systemd #================================================= ynh_script_progression --message="Updating NGINX web server configuration..." -nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf - -# Change the path in the NGINX config file -if [ $change_path -eq 1 ] -then - # Make a backup of the original NGINX config file if modified - ynh_backup_if_checksum_is_different --file="$nginx_conf_path" - # Set global variables for NGINX helper - domain="$old_domain" - path_url="$new_path" - # Create a dedicated NGINX config - ynh_add_nginx_config -fi - -# Change the domain for NGINX -if [ $change_domain -eq 1 ] -then - # Delete file checksum for the old conf file location - ynh_delete_file_checksum --file="$nginx_conf_path" - mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf - # Store file checksum for the new config file location - ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" -fi +ynh_change_url_nginx_config #================================================= # SPECIFIC MODIFICATIONS @@ -114,9 +32,9 @@ fi #================================================= ynh_script_progression --message="Updating .env configuration..." -ynh_backup_if_checksum_is_different --file="$final_path/.env" -ynh_replace_string --match_string="$old_domain$old_path" --replace_string="$new_domain$new_path" --target_file="$final_path/.env" -ynh_store_file_checksum --file="$final_path/.env" +ynh_backup_if_checksum_is_different --file="$install_dir/.env" +ynh_replace_string --match_string="$old_domain$old_path" --replace_string="$new_domain$new_path" --target_file="$install_dir/.env" +ynh_store_file_checksum --file="$install_dir/.env" #================================================= # GENERIC FINALISATION @@ -126,18 +44,11 @@ ynh_store_file_checksum --file="$final_path/.env" ynh_script_progression --message="Starting a systemd service..." # Start a systemd service -ynh_systemd_action --service_name=$app --action="start" --log_path=systemd --line_match="Started Wekan, task board" +ynh_systemd_action --service_name=$app --action="start" --log_path=systemd --line_match="Enabling LDAP Background Sync" -if [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then - sleep 60 -fi - -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." - -ynh_systemd_action --service_name=nginx --action=reload +#if [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then +# sleep 60 +#fi #================================================= # END OF SCRIPT diff --git a/scripts/install b/scripts/install index be377fc..561050a 100644 --- a/scripts/install +++ b/scripts/install @@ -7,83 +7,29 @@ #================================================= source _common.sh -source ynh_mongo_db__2 source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= -ynh_clean_setup () { - ynh_clean_check_starting -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# RETRIEVE ARGUMENTS FROM THE MANIFEST -#================================================= - -domain=$YNH_APP_ARG_DOMAIN -path_url=$YNH_APP_ARG_PATH -is_public=$YNH_APP_ARG_IS_PUBLIC -admin=$YNH_APP_ARG_ADMIN - -app=$YNH_APP_INSTANCE_NAME - -#================================================= -# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS -#================================================= -ynh_script_progression --message="Validating installation parameters..." - -# Check machine architecture (in particular, we don't support ARM and 32bit machines) -if [ $YNH_ARCH == "i386" ] || [ $YNH_ARCH == "armel" ] || [ $YNH_ARCH == "armhf" ] || [ $YNH_ARCH == "aarch64" ] || [ $YNH_ARCH == "arm64" ] -then - ynh_die --message="Sorry, but this app can only be installed on a x86, 64 bits machine :(" -fi - -final_path=/var/www/$app -test ! -e "$final_path" || ynh_die --message="This path already contains a folder" - -# Register (book) web path -ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url - -#================================================= -# STORE SETTINGS FROM MANIFEST -#================================================= -ynh_script_progression --message="Storing installation settings..." - -ynh_app_setting_set --app=$app --key=domain --value=$domain -ynh_app_setting_set --app=$app --key=path --value=$path_url - -#================================================= -# STANDARD MODIFICATIONS -#================================================= -# FIND AND OPEN A PORT -#================================================= -ynh_script_progression --message="Finding an available port..." - -# Find an available port -port=$(ynh_find_port --port=8095) -ynh_app_setting_set --app=$app --key=port --value=$port +main_domain=$(cat /etc/yunohost/current_host) #================================================= # INSTALL DEPENDENCIES #================================================= ynh_script_progression --message="Installing dependencies..." -ynh_install_app_dependencies $pkg_dependencies ynh_install_nodejs --nodejs_version=$nodejs_version ynh_use_nodejs -ynh_install_mongo #================================================= -# CREATE DEDICATED USER +# DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_script_progression --message="Configuring system user..." +ynh_script_progression --message="Setting up source files..." -# Create a system user -ynh_system_user_create --username=$app --home_dir="$final_path" +# Download, check integrity, uncompress and patch the source from app.src +ynh_setup_source --dest_dir="$install_dir" + +chmod -R o-rwx "$install_dir" +chown -R $app:$app "$install_dir" #================================================= # CREATE A MONGODB DATABASE @@ -93,21 +39,10 @@ ynh_script_progression --message="Creating a MongoDB database..." db_name=$(ynh_sanitize_dbid --db_name=$app) db_user=$db_name ynh_app_setting_set --app=$app --key=db_name --value=$db_name + +ynh_install_mongo ynh_mongo_setup_db --db_user=$db_user --db_name=$db_name -#================================================= -# DOWNLOAD, CHECK AND UNPACK SOURCE -#================================================= -ynh_script_progression --message="Setting up source files..." - -ynh_app_setting_set --app=$app --key=final_path --value=$final_path -# Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source --dest_dir="$final_path" --source_id="$YNH_ARCH" - -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:$app "$final_path" - #================================================= # NGINX CONFIGURATION #================================================= @@ -116,6 +51,11 @@ ynh_script_progression --message="Configuring NGINX web server..." # Create a dedicated NGINX config ynh_add_nginx_config +# Create a dedicated systemd config +ynh_add_systemd_config + +yunohost service add $app --description="Wekan daemon" --log="/var/log/$app/$app.log" + #================================================= # SPECIFIC SETUP #================================================= @@ -123,29 +63,10 @@ ynh_add_nginx_config #================================================= ynh_script_progression --message="Adding a config file..." -main_domain=$(cat /etc/yunohost/current_host) +ynh_add_config --template=".env" --destination="$install_dir/.env" -ynh_add_config --template=".env" --destination="$final_path/.env" - -chmod 400 "$final_path/.env" -chown $app:$app "$final_path/.env" - -#================================================= -# SETUP SYSTEMD -#================================================= -ynh_script_progression --message="Configuring a systemd service..." - -# Create a dedicated systemd config -ynh_add_systemd_config - -#================================================= -# GENERIC FINALIZATION -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." - -yunohost service add $app --description="Wekan daemon" +chmod 400 "$install_dir/.env" +chown $app:$app "$install_dir/.env" #================================================= # START SYSTEMD SERVICE @@ -155,31 +76,9 @@ ynh_script_progression --message="Starting a systemd service..." # Start a systemd service ynh_systemd_action --service_name=$app --action="start" --log_path=systemd --line_match="Enabling LDAP Background Sync" -if [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then - sleep 60 -fi - -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Configuring permissions..." - -# Make app public if necessary -if [ $is_public -eq 1 ] -then - # Everyone can access the app. - # The "main" permission is automatically created before the install script. - ynh_permission_update --permission="main" --add="visitors" -fi - -ynh_permission_create --permission="admin" --allowed=$admin - -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." - -ynh_systemd_action --service_name=nginx --action=reload +#if [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then +# sleep 60 +#fi #================================================= # END OF SCRIPT diff --git a/scripts/remove b/scripts/remove index 7c94aff..26100a7 100755 --- a/scripts/remove +++ b/scripts/remove @@ -7,22 +7,8 @@ #================================================= source _common.sh -source ynh_mongo_db__2 source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -port=$(ynh_app_setting_get --app=$app --key=port) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$db_name -final_path=$(ynh_app_setting_get --app=$app --key=final_path) - #================================================= # STANDARD REMOVE #================================================= @@ -36,57 +22,18 @@ then yunohost service remove $app fi -#================================================= -# STOP AND REMOVE SERVICE -#================================================= -ynh_script_progression --message="Stopping and removing the systemd service..." - # Remove the dedicated systemd config ynh_remove_systemd_config -#================================================= -# REMOVE THE MONGODB DATABASE -#================================================= -ynh_script_progression --message="Removing the MongoDB database..." - # Remove a database if it exists, along with the associated user ynh_mongo_remove_db --db_user=$db_user --db_name=$db_name - -#================================================= -# REMOVE APP MAIN DIR -#================================================= -ynh_script_progression --message="Removing app main directory..." - -# Remove the app directory securely -ynh_secure_remove --file="$final_path" - -#================================================= -# REMOVE NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Removing NGINX web server configuration..." +ynh_remove_mongo # Remove the dedicated NGINX config ynh_remove_nginx_config -#================================================= -# REMOVE DEPENDENCIES -#================================================= -ynh_script_progression --message="Removing dependencies..." - # Remove metapackage and its dependencies -ynh_remove_app_dependencies ynh_remove_nodejs -ynh_remove_mongo - -#================================================= -# GENERIC FINALIZATION -#================================================= -# REMOVE DEDICATED USER -#================================================= -ynh_script_progression --message="Removing the dedicated system user..." - -# Delete a system user -ynh_system_user_delete --username=$app #================================================= # END OF SCRIPT diff --git a/scripts/restore b/scripts/restore index a8fc593..a7b49a2 100644 --- a/scripts/restore +++ b/scripts/restore @@ -6,63 +6,18 @@ # IMPORT GENERIC HELPERS #================================================= -# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh -source ../settings/scripts/ynh_mongo_db__2 source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - ynh_clean_check_starting -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$db_name -mongo_version=$(ynh_app_setting_get --app=$app --key=mongo_version) - -#================================================= -# CHECK IF THE APP CAN BE RESTORED -#================================================= -ynh_script_progression --message="Validating restoration parameters..." - -test ! -d $final_path \ - || ynh_die --message="There is already a directory: $final_path " - -#================================================= -# STANDARD RESTORATION STEPS -#================================================= -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." - -# Create the dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" - #================================================= # RESTORE THE APP MAIN DIR #================================================= ynh_script_progression --message="Restoring the app main directory..." -ynh_restore_file --origin_path="$final_path" +ynh_restore_file --origin_path="$install_dir" -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:$app "$final_path" +chmod -R o-rwx "$install_dir" +chown -R $app:$app "$install_dir" #================================================= # SPECIFIC RESTORATION @@ -72,10 +27,16 @@ chown -R $app:$app "$final_path" ynh_script_progression --message="Reinstalling dependencies..." # Define and install dependencies -ynh_install_app_dependencies $pkg_dependencies ynh_install_nodejs --nodejs_version=$nodejs_version ynh_use_nodejs -ynh_install_mongo --mongo_version=$mongo_version + +#================================================= +# RESTORE THE MONGODB DATABASE +#================================================= +ynh_script_progression --message="Restoring the MongoDB database..." + +ynh_install_mongo +ynh_mongo_restore_db --database="$db_name" < ./dump.bson #================================================= # RESTORE THE NGINX CONFIGURATION @@ -84,29 +45,10 @@ ynh_script_progression --message="Restoring the NGINX web server configuration.. ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" -#================================================= -# RESTORE THE MONGODB DATABASE -#================================================= -ynh_script_progression --message="Restoring the MongoDB database..." - -db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd) -ynh_mongo_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd -ynh_mongo_restore_db --database="$db_name" < ./dump.bson - -#================================================= -# RESTORE SYSTEMD -#================================================= -ynh_script_progression --message="Restoring the systemd configuration..." - ynh_restore_file --origin_path="/etc/systemd/system/$app.service" systemctl enable $app.service --quiet -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." - -yunohost service add $app --description="Wekan daemon" +yunohost service add $app --description="Wekan daemon" --log="/var/log/$app/$app.log" #================================================= # START SYSTEMD SERVICE @@ -115,16 +57,9 @@ ynh_script_progression --message="Starting a systemd service..." ynh_systemd_action --service_name=$app --action="start" --log_path=systemd --line_match="Enabling LDAP Background Sync" -if [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then - sleep 60 -fi - -#================================================= -# GENERIC FINALIZATION -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." +#if [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then +# sleep 60 +#fi ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/upgrade b/scripts/upgrade index 8849759..c694b91 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -7,45 +7,16 @@ #================================================= source _common.sh -source ynh_mongo_db__2 source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -port=$(ynh_app_setting_get --app=$app --key=port) -mongo_version=$(ynh_app_setting_get --app=$app --key=mongo_version) +main_domain=$(cat /etc/yunohost/current_host) #================================================= # CHECK VERSION #================================================= -ynh_script_progression --message="Checking version..." upgrade_type=$(ynh_check_app_version_changed) -#================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP -#================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." - -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - ynh_clean_check_starting - # Restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - #================================================= # STANDARD UPGRADE STEPS #================================================= @@ -60,18 +31,6 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path=systemd #================================================= ynh_script_progression --message="Ensuring downward compatibility..." -# Cleaning legacy permissions -if ynh_legacy_permissions_exists; then - ynh_legacy_permissions_delete_all - - ynh_app_setting_delete --app=$app --key=is_public -fi - -if ! ynh_permission_exists --permission="admin"; then - # Create the required permissions - ynh_permission_create --permission="admin" --allowed=$admin -fi - # If mongo_version doesn't exist, create it if [ -z "$mongo_version" ]; then mongo_version="$(mongod --version | grep -oP 'db version v\K.{0,3}')" @@ -81,14 +40,6 @@ fi ynh_secure_remove --file="/etc/apt/sources.list.d/mongodb-org-3.2.list" ynh_secure_remove --file="/etc/apt/sources.list.d/mongodb-org-4.4.list" -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." - -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -98,19 +49,17 @@ then ynh_script_progression --message="Upgrading source files..." # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir="$final_path" --source_id="$YNH_ARCH" --keep=".env" + ynh_setup_source --dest_dir="$install_dir" --keep=".env" fi -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:$app "$final_path" +chmod -R o-rwx "$install_dir" +chown -R $app:$app "$install_dir" #================================================= # UPGRADE DEPENDENCIES #================================================= ynh_script_progression --message="Upgrading dependencies..." -ynh_install_app_dependencies $pkg_dependencies ynh_install_nodejs --nodejs_version=$nodejs_version ynh_use_nodejs ynh_install_mongo --mongo_version=$mongo_version @@ -123,6 +72,11 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." # Create a dedicated NGINX config ynh_add_nginx_config +# Create a dedicated systemd config +ynh_add_systemd_config + +yunohost service add $app --description="Wekan daemon" --log="/var/log/$app/$app.log" + #================================================= # SPECIFIC UPGRADE #================================================= @@ -130,29 +84,10 @@ ynh_add_nginx_config #================================================= ynh_script_progression --message="Updating a configuration file..." -main_domain=$(cat /etc/yunohost/current_host) +ynh_add_config --template=".env" --destination="$install_dir/.env" -ynh_add_config --template=".env" --destination="$final_path/.env" - -chmod 400 "$final_path/.env" -chown $app:$app "$final_path/.env" - -#================================================= -# SETUP SYSTEMD -#================================================= -ynh_script_progression --message="Upgrading systemd configuration..." - -# Create a dedicated systemd config -ynh_add_systemd_config - -#================================================= -# GENERIC FINALIZATION -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." - -yunohost service add $app --description="Wekan daemon" +chmod 400 "$install_dir/.env" +chown $app:$app "$install_dir/.env" #================================================= # START SYSTEMD SERVICE @@ -161,16 +96,9 @@ ynh_script_progression --message="Starting a systemd service..." ynh_systemd_action --service_name=$app --action="start" --log_path=systemd --line_match="Enabling LDAP Background Sync" -if [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then - sleep 60 -fi - -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." - -ynh_systemd_action --service_name=nginx --action=reload +#if [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then +# sleep 60 +#fi #================================================= # END OF SCRIPT diff --git a/scripts/ynh_mongo_db__2 b/scripts/ynh_mongo_db__2 deleted file mode 100644 index f359004..0000000 --- a/scripts/ynh_mongo_db__2 +++ /dev/null @@ -1,349 +0,0 @@ -#!/bin/bash - -readonly YNH_DEFAULT_MONGO_VERSION=4.4 -# Declare the actual MongoDB version to use: 4.4 ; 5.0 -# A packager willing to use another version of MongoDB can override the variable into its _common.sh. -YNH_MONGO_VERSION=${YNH_MONGO_VERSION:-$YNH_DEFAULT_MONGO_VERSION} - -# Execute a mongo command -# -# example: ynh_mongo_exec --command='db.getMongo().getDBNames().indexOf("wekan")' -# example: ynh_mongo_exec --command="db.getMongo().getDBNames().indexOf(\"wekan\")" -# -# usage: ynh_mongo_exec [--username=username] [--password=password] [--authenticationdatabase=authenticationdatabase] [--database=database] [--host=host] [--port=port] --command="command" [--eval] -# | arg: -u, --username= - The user name to connect as -# | arg: -p, --password= - The user password -# | arg: -d, --authenticationdatabase= - The authenticationdatabase to connect to -# | arg: -d, --database= - The database to connect to -# | arg: -h, --host= - The host to connect to -# | arg: -P, --port= - The port to connect to -# | arg: -c, --command= - The command to evaluate -# | arg: -e, --eval - Evaluate instead of execute the command. -# -# -ynh_mongo_exec() { - # Declare an array to define the options of this helper. - local legacy_args=upadhPce - local -A args_array=( [u]=username= [p]=password= [a]=authenticationdatabase= [d]=database= [h]=host= [P]=port= [c]=command= [e]=eval ) - local username - local password - local authenticationdatabase - local database - local host - local port - local command - local eval - # Manage arguments with getopts - ynh_handle_getopts_args "$@" - username="${username:-}" - password="${password:-}" - authenticationdatabase="${authenticationdatabase:-}" - database="${database:-}" - host="${host:-}" - port="${port:-}" - eval=${eval:-0} - - # If username is provided - if [ -n "$username" ] - then - username="--username=$username" - - # If password is provided - if [ -n "$password" ] - then - password="--password=$password" - fi - - # If authenticationdatabase is provided - if [ -n "$authenticationdatabase" ] - then - authenticationdatabase="--authenticationDatabase=$authenticationdatabase" - else - authenticationdatabase="--authenticationDatabase=admin" - fi - else - password="" - authenticationdatabase="" - fi - - # If host is provided - if [ -n "$host" ] - then - host="--host=$host" - fi - - # If port is provided - if [ -n "$port" ] - then - port="--port=$port" - fi - - # If eval is not provided - if [ $eval -eq 0 ] - then - # If database is provided - if [ -n "$database" ] - then - database="use $database" - else - database="" - fi - - mongosh --quiet $username $password $authenticationdatabase $host $port < ./dump.bson -# -# usage: ynh_mongo_dump_db --database=database -# | arg: -d, --database= - The database name to dump -# | ret: the mongodump output -# -# -ynh_mongo_dump_db() { - # Declare an array to define the options of this helper. - local legacy_args=d - local -A args_array=( [d]=database= ) - local database - # Manage arguments with getopts - ynh_handle_getopts_args "$@" - - mongodump --quiet --db="$database" --archive -} - -# Create a user -# -# [internal] -# -# usage: ynh_mongo_create_user --db_user=user --db_pwd=pwd --db_name=name -# | arg: -u, --db_user= - The user name to create -# | arg: -p, --db_pwd= - The password to identify user by -# | arg: -n, --db_name= - Name of the database to grant privilegies -# -# -ynh_mongo_create_user() { - # Declare an array to define the options of this helper. - local legacy_args=unp - local -A args_array=( [u]=db_user= [n]=db_name= [p]=db_pwd= ) - local db_user - local db_name - local db_pwd - # Manage arguments with getopts - ynh_handle_getopts_args "$@" - - # Create the user and set the user as admin of the db - ynh_mongo_exec --database="$db_name" --command='db.createUser( { user: "'${db_user}'", pwd: "'${db_pwd}'", roles: [ { role: "readWrite", db: "'${db_name}'" } ] } );' - - # Add clustermonitoring rights - ynh_mongo_exec --database="$db_name" --command='db.grantRolesToUser("'${db_user}'",[{ role: "clusterMonitor", db: "admin" }]);' -} - -# Check if a mongo database exists -# -# usage: ynh_mongo_database_exists --database=database -# | arg: -d, --database= - The database for which to check existence -# | exit: Return 1 if the database doesn't exist, 0 otherwise -# -# -ynh_mongo_database_exists() { - # Declare an array to define the options of this helper. - local legacy_args=d - local -A args_array=([d]=database=) - local database - # Manage arguments with getopts - ynh_handle_getopts_args "$@" - - if [ $(ynh_mongo_exec --command='db.getMongo().getDBNames().indexOf("'${database}'")' --eval) -lt 0 ] - then - return 1 - else - return 0 - fi -} - -# Restore a database -# -# example: ynh_mongo_restore_db --database=wekan < ./dump.bson -# -# usage: ynh_mongo_restore_db --database=database -# | arg: -d, --database= - The database name to restore -# -# -ynh_mongo_restore_db() { - # Declare an array to define the options of this helper. - local legacy_args=d - local -A args_array=( [d]=database= ) - local database - # Manage arguments with getopts - ynh_handle_getopts_args "$@" - - mongorestore --quiet --db="$database" --archive -} - -# Drop a user -# -# [internal] -# -# usage: ynh_mongo_drop_user --db_user=user --db_name=name -# | arg: -u, --db_user= - The user to drop -# | arg: -n, --db_name= - Name of the database -# -# -ynh_mongo_drop_user() { - # Declare an array to define the options of this helper. - local legacy_args=un - local -A args_array=( [u]=db_user= [n]=db_name= ) - local db_user - local db_name - # Manage arguments with getopts - ynh_handle_getopts_args "$@" - - ynh_mongo_exec --database="$db_name" --command='db.dropUser("'$db_user'", {w: "majority", wtimeout: 5000})' -} - -# Create a database, an user and its password. Then store the password in the app's config -# -# usage: ynh_mongo_setup_db --db_user=user --db_name=name [--db_pwd=pwd] -# | arg: -u, --db_user= - Owner of the database -# | arg: -n, --db_name= - Name of the database -# | arg: -p, --db_pwd= - Password of the database. If not provided, a password will be generated -# -# After executing this helper, the password of the created database will be available in $db_pwd -# It will also be stored as "mongopwd" into the app settings. -# -# -ynh_mongo_setup_db() { - # Declare an array to define the options of this helper. - local legacy_args=unp - local -A args_array=( [u]=db_user= [n]=db_name= [p]=db_pwd= ) - local db_user - local db_name - db_pwd="" - # Manage arguments with getopts - ynh_handle_getopts_args "$@" - - local new_db_pwd=$(ynh_string_random) # Generate a random password - # If $db_pwd is not provided, use new_db_pwd instead for db_pwd - db_pwd="${db_pwd:-$new_db_pwd}" - - # Create the user and grant access to the database - ynh_mongo_create_user --db_user="$db_user" --db_pwd="$db_pwd" --db_name="$db_name" - - # Store the password in the app's config - ynh_app_setting_set --app=$app --key=db_pwd --value=$db_pwd -} - -# Remove a database if it exists, and the associated user -# -# usage: ynh_mongo_remove_db --db_user=user --db_name=name -# | arg: -u, --db_user= - Owner of the database -# | arg: -n, --db_name= - Name of the database -# -# -ynh_mongo_remove_db() { - # Declare an array to define the options of this helper. - local legacy_args=un - local -A args_array=( [u]=db_user= [n]=db_name= ) - local db_user - local db_name - # Manage arguments with getopts - ynh_handle_getopts_args "$@" - - if ynh_mongo_database_exists --database=$db_name; then # Check if the database exists - ynh_mongo_drop_db --database=$db_name # Remove the database - else - ynh_print_warn --message="Database $db_name not found" - fi - - # Remove mongo user if it exists - ynh_mongo_drop_user --db_user=$db_user --db_name=$db_name -} - -# Install MongoDB and integrate MongoDB service in YunoHost -# -# usage: ynh_install_mongo [--mongo_version=mongo_version] -# | arg: -m, --mongo_version= - Version of MongoDB to install -# -# -ynh_install_mongo() { - # Declare an array to define the options of this helper. - local legacy_args=m - local -A args_array=([m]=mongo_version=) - local mongo_version - # Manage arguments with getopts - ynh_handle_getopts_args "$@" - mongo_version="${mongo_version:-$YNH_MONGO_VERSION}" - - ynh_print_info --message="Installing MongoDB Community Edition..." - ynh_install_extra_app_dependencies --repo="deb http://repo.mongodb.org/apt/debian buster/mongodb-org/$mongo_version main" --package="mongodb-org mongodb-org-server mongodb-org-tools mongodb-mongosh" --key="https://www.mongodb.org/static/pgp/server-$mongo_version.asc" - mongodb_servicename=mongod - - # Make sure MongoDB is started and enabled - systemctl enable $mongodb_servicename --quiet - systemctl daemon-reload --quiet - ynh_systemd_action --service_name=$mongodb_servicename --action=restart --line_match="aiting for connections" --log_path="/var/log/mongodb/$mongodb_servicename.log" - - # Integrate MongoDB service in YunoHost - yunohost service add $mongodb_servicename --description="MongoDB daemon" --log="/var/log/mongodb/$mongodb_servicename.log" - - # Store mongo_version into the config of this app - ynh_app_setting_set --app=$app --key=mongo_version --value=$mongo_version -} - -# Remove MongoDB -# Only remove the MongoDB service integration in YunoHost for now -# if MongoDB package as been removed -# -# usage: ynh_remove_mongo -# -# -ynh_remove_mongo() { - # Only remove the mongodb service if it is not installed. - if ! ynh_package_is_installed --package="mongodb*" - then - ynh_print_info --message="Removing MongoDB service..." - mongodb_servicename=mongod - # Remove the mongodb service - yunohost service remove $mongodb_servicename - ynh_secure_remove --file="/var/lib/mongodb" - ynh_secure_remove --file="/var/log/mongodb" - fi -} diff --git a/tests.toml b/tests.toml new file mode 100644 index 0000000..d65a24d --- /dev/null +++ b/tests.toml @@ -0,0 +1,5 @@ +test_format = 1.0 + +[default] + + test_upgrade_from.413b6e0e52fdf162a40313a4f7960f203a0bc64f.name = "Upgrade from 7.09~ynh1"