diff --git a/.github/workflows/updater.py b/.github/workflows/updater.py deleted file mode 100755 index 019ce2a..0000000 --- a/.github/workflows/updater.py +++ /dev/null @@ -1,126 +0,0 @@ -#!/usr/bin/env python3 -""" -This script is meant to be run by GitHub Actions. -It comes with a Github Action updater.yml to run this script periodically. - -Since each app is different, maintainers can adapt its contents to perform -automatic actions when a new upstream release is detected. - -You need to enable the action by removing `if ${{ false }}` in updater.yml! -""" - -import hashlib -import json -import logging -import os -import re -from subprocess import run, PIPE -import textwrap -from typing import List, Tuple, Any -import requests -from packaging import version - -logging.getLogger().setLevel(logging.INFO) - -# ========================================================================== # -# Functions customizable by app maintainer - -def get_latest_version(repo: str) -> Tuple[version.Version, Any]: - """May be customized by maintainers for other forges than Github""" - api_url = repo.replace("github.com", "api.github.com/repos") - # May use {api_url}/tags and release["name"] for tag-based upstream - releases = requests.get(f"{api_url}/tags").json() - release_info = next(release for release in releases) - return version.Version(release_info["name"]), release_info - -def get_asset_urls_of_release(repo: str, release: Any) -> List[str]: - """May be customized by maintainers for custom urls""" - return [ - # *[asset["browser_download_url"] for asset in release["assets"]], - f"{repo}/archive/refs/tags/{release['name']}.tar.gz" - ] - -def handle_asset(asset_url: str): - """This should be customized by the maintainer according to upstream""" - logging.info("Handling asset at %s", asset_url) - if re.match(r".*/v[0-9\.]+.(tar.gz)$", asset_url): - write_src_file("app.src", asset_url, "tar.gz") - else: - logging.info("Asset ignored") - -# ========================================================================== # -# Core generic code of the script - -def sha256sum_of_url(url: str) -> str: - """Compute checksum without saving the file""" - checksum = hashlib.sha256() - for chunk in requests.get(url, stream=True).iter_content(): - checksum.update(chunk) - return checksum.hexdigest() - -def write_src_file(name: str, asset_url: str, extension: str, - extract: bool = True, subdir: bool = True) -> None: - """Rewrite conf/app.src""" - logging.info("Writing %s...", name) - - with open(f"conf/{name}", "w", encoding="utf-8") as conf_file: - conf_file.write(textwrap.dedent(f"""\ - SOURCE_URL={asset_url} - SOURCE_SUM={sha256sum_of_url(asset_url)} - SOURCE_SUM_PRG=sha256sum - SOURCE_FORMAT={extension} - SOURCE_IN_SUBDIR={str(subdir).lower()} - SOURCE_EXTRACT={str(extract).lower()} - """)) - -def write_github_env(proceed: bool, new_version: str, branch: str): - """Those values will be used later in the workflow""" - if "GITHUB_ENV" not in os.environ: - logging.warning("GITHUB_ENV is not in the envvars, assuming not in CI") - return - with open(os.environ["GITHUB_ENV"], "w", encoding="utf-8") as github_env: - github_env.write(textwrap.dedent(f"""\ - VERSION={new_version} - BRANCH={branch} - PROCEED={str(proceed).lower()} - """)) - -def main(): - with open("manifest.json", "r", encoding="utf-8") as manifest_file: - manifest = json.load(manifest_file) - repo = manifest["upstream"]["code"] - - current_version = version.Version(manifest["version"].split("~")[0]) - latest_version, release_info = get_latest_version(repo) - logging.info("Current version: %s", current_version) - logging.info("Latest upstream version: %s", latest_version) - - # Proceed only if the retrieved version is greater than the current one - if latest_version <= current_version: - logging.warning("No new version available") - write_github_env(False, "", "") - return - - # Proceed only if a PR for this new version does not already exist - branch = f"ci-auto-update-v{latest_version}" - command = ["git", "ls-remote", "--exit-code", "-h", repo, branch] - if run(command, stderr=PIPE, stdout=PIPE, check=False).returncode == 0: - logging.warning("A branch already exists for this update") - write_github_env(False, "", "") - return - - assets = get_asset_urls_of_release(repo, release_info) - logging.info("%d available asset(s)", len(assets)) - for asset in assets: - handle_asset(asset) - - manifest["version"] = f"{latest_version}~ynh1" - with open("manifest.json", "w", encoding="utf-8") as manifest_file: - json.dump(manifest, manifest_file, indent=4, ensure_ascii=False) - manifest_file.write("\n") - - write_github_env(True, latest_version, branch) - - -if __name__ == "__main__": - main() diff --git a/.github/workflows/updater.yml b/.github/workflows/updater.yml deleted file mode 100644 index e71f2cf..0000000 --- a/.github/workflows/updater.yml +++ /dev/null @@ -1,40 +0,0 @@ -# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected. -# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization. -# This file should be enough by itself, but feel free to tune it to your needs. -# It calls updater.sh, which is where you should put the app-specific update steps. -name: Check for new upstream releases -on: - # Allow to manually trigger the workflow - workflow_dispatch: - # Run it every day at 6:00 UTC - schedule: - - cron: '0 6 * * *' - -jobs: - updater: - # Maintainer should customize the updater script then comment this line. - # if: ${{ false }} - - runs-on: ubuntu-latest - steps: - - name: Fetch the source code - uses: actions/checkout@v2 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - - name: Run the updater script - run: .github/workflows/updater.py - - - name: Create Pull Request - if: ${{ env.PROCEED == 'true' }} - uses: peter-evans/create-pull-request@v3 - with: - token: ${{ secrets.GITHUB_TOKEN }} - title: Upgrade ${{ env.APP_NAME }} to version ${{ env.VERSION }} - body: Upgrade ${{ env.APP_NAME }} to version ${{ env.VERSION }} - commit-message: Upgrade ${{ env.APP_NAME }} to version ${{ env.VERSION }} - committer: 'yunohost-bot ' - author: 'yunohost-bot ' - base: testing - branch: ${{ env.BRANCH }} - delete-branch: true diff --git a/README.md b/README.md index e7945fc..f8d428e 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,7 @@ It shall NOT be edited by hand. # Wetty for YunoHost [![Integration level](https://dash.yunohost.org/integration/wetty.svg)](https://dash.yunohost.org/appci/app/wetty) ![Working status](https://ci-apps.yunohost.org/ci/badges/wetty.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/wetty.maintain.svg) + [![Install Wetty with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=wetty) *[Lire ce readme en français.](./README_fr.md)* @@ -18,32 +19,14 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Terminal over HTTP and HTTPS. WeTTy is an alternative to ajaxterm and anyterm but much better than them because WeTTy uses xterm.js which is a full fledged implementation of terminal emulation written entirely in JavaScript. WeTTy uses websockets rather then Ajax and hence better response time. -**Shipped version:** 2.5.0~ynh2 +**Shipped version:** 2.5.0~ynh3 ## Screenshots ![Screenshot of Wetty](./doc/screenshots/terminal.png) -## Disclaimers / important information - -### Configuration - -There is few configuration in Wetty: -* Startup config (listen port, URL path, SSH host) is contained in the systemd service file -* User interface configuration is done through the web GUI itself. - - -* Is LDAP and HTTP authentication supported? **No** - * You need to manually log in. - * You can log in as a specific user using `https:///wetty/ssh/` - -* You can specify at install if Wetty should be visible by users not logged into YunoHost. - -* You can't use ssh key authentication. - ## Documentation and resources -* Official admin documentation: * Upstream app code repository: * YunoHost documentation for this app: * Report a bug: diff --git a/README_fr.md b/README_fr.md index 560192b..321fd8c 100644 --- a/README_fr.md +++ b/README_fr.md @@ -6,6 +6,7 @@ It shall NOT be edited by hand. # Wetty pour YunoHost [![Niveau d’intégration](https://dash.yunohost.org/integration/wetty.svg)](https://dash.yunohost.org/appci/app/wetty) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/wetty.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/wetty.maintain.svg) + [![Installer Wetty avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=wetty) *[Read this readme in english.](./README.md)* @@ -18,31 +19,14 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po Terminal sur HTTP et HTTPS. WeTTy est une alternative à ajaxterm et anyterm mais bien meilleure qu'eux car WeTTy utilise xterm.js qui est une implémentation complète de l'émulation de terminal écrite entièrement en JavaScript. WeTTy utilise des websockets plutôt que Ajax et donc un meilleur temps de réponse. -**Version incluse :** 2.5.0~ynh2 +**Version incluse :** 2.5.0~ynh3 ## Captures d’écran ![Capture d’écran de Wetty](./doc/screenshots/terminal.png) -## Avertissements / informations importantes - -### Configuration - -Il y a peu de configuration dans Wetty : -* La configuration de démarrage (port d'écoute, chemin d'URL, hôte SSH) est contenue dans le fichier de service systemd -* La configuration de l'interface utilisateur se fait via l'interface graphique Web elle-même. - -* L'authentification LDAP et HTTP est-elle prise en charge ? **Non** - * Vous devez vous connecter manuellement. - * Vous pouvez spécifier l'utilisateur en accédent directement `https:///wetty/ssh/` - -* Vous pouvez spécifier à l'installation si Wetty devrait être accessible par des visiteurs non connectés sur YunoHost. - -* Vous ne pouvez pas vous authentifier par une clé SSH. - ## Documentations et ressources -* Documentation officielle de l’admin : * Dépôt de code officiel de l’app : * Documentation YunoHost pour cette app : * Signaler un bug : diff --git a/conf/app.src b/conf/app.src deleted file mode 100644 index 5b622ab..0000000 --- a/conf/app.src +++ /dev/null @@ -1,6 +0,0 @@ -SOURCE_URL=https://github.com/butlerx/wetty/archive/refs/tags/v2.5.0.tar.gz -SOURCE_SUM=a6f7e3687619c29b2b8cc04b502fd8207c53a895527849557d3d3ed7f362cbac -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_IN_SUBDIR=true -SOURCE_EXTRACT=true diff --git a/conf/config.json5 b/conf/config.json5 index 0ad4358..a56041f 100644 --- a/conf/config.json5 +++ b/conf/config.json5 @@ -12,7 +12,7 @@ // config: '/home/user/.wetty_ssh_config', // alternative ssh configuration file, see "-F" option in ssh(1) }, server: { - base: '__PATH_URL__', // URL base to serve resources from + base: '__PATH__', // URL base to serve resources from port: __PORT__, // Port to listen on host: '127.0.0.1', // address to listen on title: 'WeTTy - The Web Terminal Emulator', // Page title diff --git a/conf/nginx.conf b/conf/nginx.conf index 057beb4..a858275 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -13,7 +13,7 @@ location __PATH__/ { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $http_host; + proxy_set_header Host $host; proxy_set_header X-NginX-Proxy true; # Include SSOWAT user panel. diff --git a/conf/systemd.service b/conf/systemd.service index aaac467..89ec7f5 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -1,5 +1,5 @@ [Unit] -Description=Wetty Web Terminal +Description=Wetty: Web Terminal After=network.target [Service] @@ -7,7 +7,7 @@ Type=simple Environment=NODE_ENV=production User=__APP__ Group=__APP__ -WorkingDirectory=__FINALPATH__/ +WorkingDirectory=__INSTALL_DIR__/ ExecStart=__YNH_NODE__ . --conf ./config.json5 TimeoutStopSec=20 KillMode=mixed @@ -17,5 +17,40 @@ RestartSec=2 StandardOutput=append:/var/log/__APP__/__APP__.log StandardError=inherit + +# Sandboxing options to harden security +# Depending on specificities of your service/app, you may need to tweak these +# .. but this should be a good baseline +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectClock=yes +ProtectHostname=yes +ProtectProc=invisible +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallArchitectures=native +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG + [Install] WantedBy=multi-user.target diff --git a/doc/DISCLAIMER.md b/doc/ADMIN.md similarity index 59% rename from doc/DISCLAIMER.md rename to doc/ADMIN.md index 797a14b..af8f778 100644 --- a/doc/DISCLAIMER.md +++ b/doc/ADMIN.md @@ -4,11 +4,9 @@ There is few configuration in Wetty: * Startup config (listen port, URL path, SSH host) is contained in the systemd service file * User interface configuration is done through the web GUI itself. - -* Is LDAP and HTTP authentication supported? **No** - * You need to manually log in. - * You can log in as a specific user using `https:///wetty/ssh/` +* You need to manually log in. +* You can log in as a specific user using `https://__DOMAIN__/wetty/ssh/` * You can specify at install if Wetty should be visible by users not logged into YunoHost. -* You can't use ssh key authentication. +* You can't use SSH key authentication. diff --git a/doc/DISCLAIMER_fr.md b/doc/ADMIN_fr.md similarity index 68% rename from doc/DISCLAIMER_fr.md rename to doc/ADMIN_fr.md index c865f06..e3234eb 100644 --- a/doc/DISCLAIMER_fr.md +++ b/doc/ADMIN_fr.md @@ -4,9 +4,8 @@ Il y a peu de configuration dans Wetty : * La configuration de démarrage (port d'écoute, chemin d'URL, hôte SSH) est contenue dans le fichier de service systemd * La configuration de l'interface utilisateur se fait via l'interface graphique Web elle-même. -* L'authentification LDAP et HTTP est-elle prise en charge ? **Non** - * Vous devez vous connecter manuellement. - * Vous pouvez spécifier l'utilisateur en accédent directement `https:///wetty/ssh/` +* Vous devez vous connecter manuellement. +* Vous pouvez spécifier l'utilisateur en accédent directement `https://__DOMAIN__/wetty/ssh/` * Vous pouvez spécifier à l'installation si Wetty devrait être accessible par des visiteurs non connectés sur YunoHost. diff --git a/manifest.json b/manifest.json deleted file mode 100644 index d6daf5d..0000000 --- a/manifest.json +++ /dev/null @@ -1,54 +0,0 @@ -{ - "name": "Wetty", - "id": "wetty", - "packaging_format": 1, - "description": { - "en": "Terminal in browser over HTTP/HTTPS", - "fr": "Un terminal dans le navigateur sur HTTP/HTTPS" - }, - "version": "2.5.0~ynh2", - "url": "https://github.com/butlerx/wetty/", - "license": "MIT", - "upstream": { - "license": "MIT", - "admindoc": "https://github.com/butlerx/wetty/tree/main/docs", - "code": "https://github.com/butlerx/wetty", - "screenshots": [ - "https://raw.githubusercontent.com/butlerx/wetty/main/docs/terminal.png" - ] - }, - "maintainer": { - "name": "Salamandar", - "email": "salamandar@salamandar.fr" - }, - "requirements": { - "yunohost": ">= 11.0.9" - }, - "multi_instance": true, - "services": [ - "nginx" - ], - "arguments": { - "install": [ - { - "name": "domain", - "type": "domain" - }, - { - "name": "path", - "type": "path", - "example": "/wetty", - "default": "/wetty" - }, - { - "name": "is_public", - "type": "boolean", - "help": { - "en": "Even if public, it still requires authentication.", - "fr": "Même publique, vous devrez vous authentifier" - }, - "default": false - } - ] - } -} diff --git a/manifest.toml b/manifest.toml new file mode 100644 index 0000000..8a156a5 --- /dev/null +++ b/manifest.toml @@ -0,0 +1,60 @@ +packaging_format = 2 + +id = "wetty" +name = "Wetty" +description.en = "Terminal in browser over http/https. (Ajaxterm/Anyterm alternative, but much better)" +description.fr = "Un terminal dans le navigateur sur http/https. (Alternative à Ajaxterm/Anyterm, mais bien meilleur)" + +version = "2.5.0~ynh3" + +maintainers = ["Salamandar"] + +[upstream] +license = "MIT" +code = "https://github.com/butlerx/wetty" + +[integration] +yunohost = ">=11.1.20" +architectures = "all" +multi_instance = true +ldap = "not_relevant" +sso = false +disk = "50M" +ram.build = "700M" +ram.runtime = "50M" + +[install] + [install.domain] + type = "domain" + + [install.path] + type = "path" + default = "/wetty" + + [install.init_main_permission] + help.en = "Even if public, it still requires authentication." + help.fr = "Même publique, vous devrez vous authentifier" + type = "group" + default = false + +[resources] + [resources.sources.main] + url = "https://github.com/butlerx/wetty/archive/refs/tags/v2.5.0.tar.gz" + sha256 = "a6f7e3687619c29b2b8cc04b502fd8207c53a895527849557d3d3ed7f362cbac" + autoupdate.strategy = "latest_github_release" + + [resources.system_user] + + [resources.install_dir] + + [resources.permissions] + main.url = "/" + + [resources.ports] + main.default = 8095 + + [resources.apt] + packages = "" + extras.yarn.repo = "deb https://dl.yarnpkg.com/debian/ stable main" + extras.yarn.key = "https://dl.yarnpkg.com/debian/pubkey.gpg" + extras.yarn.packages = "yarn" diff --git a/scripts/backup b/scripts/backup index f78c623..737146f 100755 --- a/scripts/backup +++ b/scripts/backup @@ -10,26 +10,6 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - true -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_print_info --message="Loading installation settings..." - -app=$YNH_APP_INSTANCE_NAME - -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -domain=$(ynh_app_setting_get --app=$app --key=domain) - #================================================= # DECLARE DATA AND CONF FILES TO BACKUP #================================================= @@ -39,7 +19,7 @@ ynh_print_info --message="Declaring files to be backed up..." # BACKUP THE APP MAIN DIR #================================================= -ynh_backup --src_path="$final_path" +ynh_backup --src_path="$install_dir" #================================================= # BACKUP THE NGINX CONFIGURATION diff --git a/scripts/change_url b/scripts/change_url index 5262c55..25c2008 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -9,60 +9,6 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# RETRIEVE ARGUMENTS -#================================================= - -old_domain=$YNH_APP_OLD_DOMAIN -old_path=$YNH_APP_OLD_PATH - -new_domain=$YNH_APP_NEW_DOMAIN -new_path=$YNH_APP_NEW_PATH - -app=$YNH_APP_INSTANCE_NAME - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -# Needed for helper "ynh_add_nginx_config" -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -port=$(ynh_app_setting_get --app=$app --key=port) - -#================================================= -# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP -#================================================= -ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --weight=1 - -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location. - ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" - - # Restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# CHECK WHICH PARTS SHOULD BE CHANGED -#================================================= - -change_domain=0 -if [ "$old_domain" != "$new_domain" ] -then - change_domain=1 -fi - -change_path=0 -if [ "$old_path" != "$new_path" ] -then - change_path=1 -fi - #================================================= # STANDARD MODIFICATIONS #================================================= @@ -77,29 +23,7 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app #================================================= ynh_script_progression --message="Updating NGINX web server configuration..." --weight=1 -nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf - -# Change the path in the NGINX config file -if [ $change_path -eq 1 ] -then - # Make a backup of the original NGINX config file if modified - ynh_backup_if_checksum_is_different --file="$nginx_conf_path" - # Set global variables for NGINX helper - domain="$old_domain" - path_url="$new_path" - # Create a dedicated NGINX config - ynh_add_nginx_config -fi - -# Change the domain for NGINX -if [ $change_domain -eq 1 ] -then - # Delete file checksum for the old conf file location - ynh_delete_file_checksum --file="$nginx_conf_path" - mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf - # Store file checksum for the new config file location - ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" -fi +ynh_change_url_nginx_config #================================================= # SPECIFIC MODIFICATIONS @@ -112,10 +36,10 @@ domain="$new_domain" path_url="$new_path" # port is already defined in this file -ynh_add_config --template="config.json5" --destination="$final_path/config.json5" +ynh_add_config --template="config.json5" --destination="$install_dir/config.json5" -chmod 400 "$final_path/config.json5" -chown $app:$app "$final_path/config.json5" +chmod 400 "$install_dir/config.json5" +chown $app:$app "$install_dir/config.json5" #================================================= # GENERIC FINALISATION @@ -126,13 +50,6 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1 ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="Server started" -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - -ynh_systemd_action --service_name=nginx --action=reload - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/install b/scripts/install index 83ec516..b478ae5 100755 --- a/scripts/install +++ b/scripts/install @@ -9,57 +9,6 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - true -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# RETRIEVE ARGUMENTS FROM THE MANIFEST -#================================================= - -domain=$YNH_APP_ARG_DOMAIN -path_url=$YNH_APP_ARG_PATH -is_public=$YNH_APP_ARG_IS_PUBLIC -app=$YNH_APP_INSTANCE_NAME - -#================================================= -# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS -#================================================= -ynh_script_progression --message="Validating installation parameters..." --weight=1 - -final_path=/var/www/$app -test ! -e "$final_path" || ynh_die --message="This path already contains a folder" - -# Register (book) web path -ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url - -#================================================= -# STORE SETTINGS FROM MANIFEST -#================================================= -ynh_script_progression --message="Storing installation settings..." --weight=1 - -ynh_app_setting_set --app=$app --key=domain --value=$domain -ynh_app_setting_set --app=$app --key=path --value=$path_url - -#================================================= -# STANDARD MODIFICATIONS -#================================================= -# FIND AND OPEN A PORT -#================================================= -ynh_script_progression --message="Finding an available port..." --weight=1 - -# Find an available port -port=$(ynh_find_port --port=8095) -ynh_app_setting_set --app=$app --key=port --value=$port - -# DO NOT OPEN THIS PORT - #================================================= # INSTALL DEPENDENCIES #================================================= @@ -68,37 +17,20 @@ ynh_script_progression --message="Installing dependencies..." --weight=6 # Install nodejs ynh_install_nodejs --nodejs_version=$NODEJS_VERSION -# Install Yarn -ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" \ - --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" - -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." --weight=1 - -# Create a system user -ynh_system_user_create --username=$app --home_dir="$final_path" - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." --weight=1 -ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source --dest_dir="$final_path" - -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:$app "$final_path" +ynh_setup_source --dest_dir="$install_dir" #================================================= # NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Configuring NGINX web server..." --weight=1 +ynh_script_progression --message="Configuring nginx web server..." --weight=1 -# Create a dedicated NGINX config +# Create a dedicated nginx config ynh_add_nginx_config #================================================= @@ -108,22 +40,22 @@ ynh_add_nginx_config #================================================= ynh_script_progression --message="Adding a configuration file..." --weight=1 -ynh_add_config --template="config.json5" --destination="$final_path/config.json5" +ynh_add_config --template="config.json5" --destination="$install_dir/config.json5" -chmod 400 "$final_path/config.json5" -chown $app:$app "$final_path/config.json5" +chmod 400 "$install_dir/config.json5" +chown $app:$app "$install_dir/config.json5" #================================================= # BUILD YARN DEPENDENCIES #================================================= ynh_script_progression --message="Building Yarn dependencies... This may take several minutes for a first install." --weight=6 -pushd "$final_path" || return 1 +pushd "$install_dir" || return 1 ynh_use_nodejs ; set "${ynh_node_load_PATH:?}" sudo -u $app env "$ynh_node_load_PATH" yarn sudo -u $app env "$ynh_node_load_PATH" yarn build sudo -u $app env "$ynh_node_load_PATH" yarn install --production --ignore-scripts --prefer-offline - ynh_secure_remove --file="$final_path/.cache" + ynh_secure_remove --file="$install_dir/.cache" popd || return 1 #================================================= @@ -159,28 +91,6 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1 # Start a systemd service ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="Server started" -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Configuring permissions..." --weight=1 - -# Make app public if necessary -if [ $is_public -eq 1 ] -then - # Everyone can access the app. - # The "main" permission is automatically created before the install script. - ynh_permission_update --permission="main" --add="visitors" -fi - -ynh_permission_url --permission="main" --auth_header=false - -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - -ynh_systemd_action --service_name=nginx --action=reload - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/remove b/scripts/remove index ad2017e..352eaa2 100755 --- a/scripts/remove +++ b/scripts/remove @@ -9,16 +9,6 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) - #================================================= # STANDARD REMOVE #================================================= @@ -40,22 +30,6 @@ ynh_script_progression --message="Stopping and removing the systemd service..." # Remove the dedicated systemd config ynh_remove_systemd_config -#================================================= -# REMOVE DEPENDENCIES -#================================================= -ynh_script_progression --message="Removing dependencies..." --weight=3 - -# Remove metapackage and its dependencies -ynh_remove_app_dependencies - -#================================================= -# REMOVE APP MAIN DIR -#================================================= -ynh_script_progression --message="Removing app main directory..." --weight=1 - -# Remove the app directory securely -ynh_secure_remove --file="$final_path" - #================================================= # REMOVE NGINX CONFIGURATION #================================================= @@ -72,16 +46,6 @@ ynh_script_progression --message="Removing logrotate configuration..." --weight= # Remove the app-specific logrotate config ynh_remove_logrotate -#================================================= -# GENERIC FINALIZATION -#================================================= -# REMOVE DEDICATED USER -#================================================= -ynh_script_progression --message="Removing the dedicated system user..." --weight=1 - -# Delete a system user -ynh_system_user_delete --username=$app - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index dcf8b81..5257f08 100755 --- a/scripts/restore +++ b/scripts/restore @@ -10,35 +10,6 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - true -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) - -#================================================= -# CHECK IF THE APP CAN BE RESTORED -#================================================= -ynh_script_progression --message="Validating restoration parameters..." --weight=1 - -test ! -d $final_path \ - || ynh_die --message="There is already a directory: $final_path " - #================================================= # STANDARD RESTORATION STEPS #================================================= @@ -48,24 +19,15 @@ ynh_script_progression --message="Restoring the NGINX configuration..." --weight ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" -#================================================= -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." --weight=1 - -# Create the dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" - #================================================= # RESTORE THE APP MAIN DIR #================================================= ynh_script_progression --message="Restoring the app main directory..." --weight=1 -ynh_restore_file --origin_path="$final_path" +ynh_restore_file --origin_path="$install_dir" -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:$app "$final_path" +chmod -R o-rwx "$install_dir" +chown -R $app:www-data "$install_dir" #================================================= # SPECIFIC RESTORATION @@ -77,9 +39,6 @@ ynh_script_progression --message="Reinstalling dependencies..." --weight=3 # Install nodejs ynh_install_nodejs --nodejs_version=$NODEJS_VERSION -# Install Yarn -ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" - #================================================= # RESTORE SYSTEMD #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index da386ea..9496212 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -9,38 +9,12 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -port=$(ynh_app_setting_get --app=$app --key=port) - #================================================= # CHECK VERSION #================================================= upgrade_type=$(ynh_check_app_version_changed) -#================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP -#================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=3 - -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - # Restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - #================================================= # STANDARD UPGRADE STEPS #================================================= @@ -55,30 +29,9 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app #================================================= ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 -# If final_path doesn't exist, create it -if [ -z "$final_path" ]; then - final_path="/var/www/$app" - ynh_app_setting_set --app=$app --key=final_path --value="$final_path" -fi - -# Cleaning legacy permissions -if ynh_legacy_permissions_exists; then - ynh_legacy_permissions_delete_all - - ynh_app_setting_delete --app=$app --key=is_public -fi - # Disable auth_header ynh_permission_url --permission="main" --auth_header=false -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 - -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -88,11 +41,11 @@ then ynh_script_progression --message="Upgrading source files..." # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir="$final_path" + ynh_setup_source --dest_dir="$install_dir" fi -chmod -R u=rwX,g=rX,o= "$final_path" -chown -R $app:$app "$final_path" +chmod -R u=rwX,g=rX,o= "$install_dir" +chown -R $app:$app "$install_dir" #================================================= # NGINX CONFIGURATION @@ -110,10 +63,6 @@ ynh_script_progression --message="Upgrading dependencies..." --weight=3 # Install nodejs ynh_install_nodejs --nodejs_version=$NODEJS_VERSION -# Install Yarn -ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" \ - --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" - #================================================= # SPECIFIC UPGRADE #================================================= @@ -121,24 +70,24 @@ ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ st #================================================= ynh_script_progression --message="Updating a configuration file..." -ynh_add_config --template="config.json5" --destination="$final_path/config.json5" +ynh_add_config --template="config.json5" --destination="$install_dir/config.json5" -chmod 400 "$final_path/config.json5" -chown $app:$app "$final_path/config.json5" +chmod 400 "$install_dir/config.json5" +chown $app:$app "$install_dir/config.json5" #================================================= # BUILD YARN DEPENDENCIES #================================================= ynh_script_progression --message="Rebuilding Yarn dependencies..." --weight=2 -chown -R $app:$app "$final_path" +chown -R $app:$app "$install_dir" -pushd "$final_path" || return 1 +pushd "$install_dir" || return 1 ynh_use_nodejs ; set "${ynh_node_load_PATH:?}" sudo -u $app env "$ynh_node_load_PATH" yarn sudo -u $app env "$ynh_node_load_PATH" yarn build sudo -u $app env "$ynh_node_load_PATH" yarn install --production --ignore-scripts --prefer-offline - ynh_secure_remove --file="$final_path/.cache" + ynh_secure_remove --file="$install_dir/.cache" popd || return 1 #================================================= @@ -173,13 +122,6 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1 ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="Server started" -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - -ynh_systemd_action --service_name=nginx --action=reload - #================================================= # END OF SCRIPT #================================================= diff --git a/tests.toml b/tests.toml new file mode 100644 index 0000000..d7d98af --- /dev/null +++ b/tests.toml @@ -0,0 +1,5 @@ +test_format = 1.0 + +[default] + + test_upgrade_from.e7ffa9512f59c8c2097512a4b6613524c5284e77.name = "Upgrade from 2.0.3~ynh4"