diff --git a/.DS_Store b/.DS_Store deleted file mode 100644 index 055dc25..0000000 Binary files a/.DS_Store and /dev/null differ diff --git a/.gitignore b/.gitignore deleted file mode 100644 index f0ff6f7..0000000 --- a/.gitignore +++ /dev/null @@ -1,3 +0,0 @@ -*.swp -*~ -Notes diff --git a/check_process b/check_process index 8f4b0cf..20d77ef 100644 --- a/check_process +++ b/check_process @@ -1,11 +1,11 @@ ;; Test complet sans multisite ; Manifest - domain="domain.tld" (DOMAIN) - path="/path" (PATH) - admin="john" (USER) + domain="domain.tld" + path="/path" + is_public=1 language="fr_FR" + admin="john" multisite=0 - is_public=1 (PUBLIC|public=1|private=0) ; Actions is_public=0|1 ; Config_panel @@ -25,7 +25,10 @@ setup_private=1 setup_public=1 upgrade=1 + # 5.4~ynh1 upgrade=1 from_commit=00a1a6e7dd5c814f5084c11c2810f886a32bdf61 + # 5.8~ynh1 + upgrade=1 from_commit=773073679873fbed3562c2d315f58eb4c1c0d4fc backup_restore=1 multi_instance=1 port_already_use=0 @@ -34,12 +37,12 @@ config_panel=1 ;; Test avec multisite ; Manifest - domain="domain.tld" (DOMAIN) - path="/path" (PATH) - admin="john" (USER) + domain="domain.tld" + path="/path" + is_public=1 language="fr_FR" + admin="john" multisite=1 - is_public=1 (PUBLIC|public=1|private=0) ; Checks setup_sub_dir=1 setup_root=0 diff --git a/conf/app.src b/conf/app.src index c695ce3..70afe84 100644 --- a/conf/app.src +++ b/conf/app.src @@ -4,3 +4,4 @@ SOURCE_SUM_PRG=sha256sum ARCH_FORMAT=tar.gz SOURCE_IN_SUBDIR=true SOURCE_FILENAME= +SOURCE_EXTRACT=true diff --git a/conf/nginx.conf b/conf/nginx.conf index 2b5cf35..53daa91 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -16,15 +16,11 @@ location __PATH__/ { rewrite ^(.+)$ __PATH__/index.php?q=$1 last; } - # Force usage of https - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; - } - client_max_body_size 30m; location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; + fastcgi_index index.php; include fastcgi_params; fastcgi_param REMOTE_USER $remote_user; diff --git a/doc/.DS_Store b/doc/.DS_Store deleted file mode 100644 index c90376b..0000000 Binary files a/doc/.DS_Store and /dev/null differ diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md new file mode 100644 index 0000000..3545dc1 --- /dev/null +++ b/doc/DESCRIPTION.md @@ -0,0 +1,2 @@ +WordPress is open source software you can use to create a beautiful website, blog, or app. +With this package, you can even activate the [multisite](https://wordpress.org/support/article/glossary/#multisite) option. diff --git a/doc/DESCRIPTION_fr.md b/doc/DESCRIPTION_fr.md new file mode 100644 index 0000000..8c6aa18 --- /dev/null +++ b/doc/DESCRIPTION_fr.md @@ -0,0 +1,2 @@ +WordPress est un logiciel libre que vous pouvez utiliser pour créer un site ou un blog. +Avec ce package, vous pouvez même activer l'option [multisite](https://codex.wordpress.org/Glossary#Multisite). diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md index 7390f70..5e65adb 100644 --- a/doc/DISCLAIMER.md +++ b/doc/DISCLAIMER.md @@ -1,7 +1,3 @@ -## Overview -WordPress is open source software you can use to create a beautiful website, blog, or app. -With this package, you can even activate the [multisite](https://wordpress.org/support/article/glossary/#multisite) option. - ## Configuration Use the admin panel of your WordPress to configure this app. diff --git a/doc/DISCLAIMER_fr.md b/doc/DISCLAIMER_fr.md index 79605ad..eb9bfed 100644 --- a/doc/DISCLAIMER_fr.md +++ b/doc/DISCLAIMER_fr.md @@ -1,7 +1,3 @@ -## Vue d'ensemble -WordPress est un logiciel libre que vous pouvez utiliser pour créer un site ou un blog. -Avec ce package, vous pouvez même activer l'option [multisite](https://codex.wordpress.org/Glossary#Multisite). - ## Configuration Utilisez le panneau d'administration de votre WordPress pour le configurer. diff --git a/manifest.json b/manifest.json index 5dbaa42..f8ea6aa 100644 --- a/manifest.json +++ b/manifest.json @@ -24,7 +24,7 @@ "email": "maniackc_dev@crudelis.fr" }], "requirements": { - "yunohost": ">= 4.1.2" + "yunohost": ">= 4.3.0" }, "multi_instance": true, "services": [ @@ -36,41 +36,40 @@ "install" : [ { "name": "domain", - "type": "domain", - "ask": { - "en": "Choose a domain for WordPress", - "fr": "Choisissez un domaine pour WordPress" - }, - "example": "domain.org" + "type": "domain" }, { "name": "path", "type": "path", - "ask": { - "en": "Choose a path for WordPress", - "fr": "Choisissez un chemin pour WordPress" - }, "example": "/blog", "default": "/blog" }, + { + "name": "is_public", + "type": "boolean", + "default": true, + "help": { + "en": "A public WordPress will be publicly visible for everyone. If you're looking for a public blog, you should choose to install a public WordPress.", + "fr": "Un WordPress public sera visible publiquement pour tous. Si vous recherchez un blog public, vous devriez choisir d'installer un WordPress public." + } + }, + { + "name": "language", + "type": "string", + "ask": { + "en": "Choose the application language", + "fr": "Choisissez la langue de l'application" + }, + "choices": ["en_US", "fr_FR"], + "default": "en_US" + }, { "name": "admin", "type": "user", "ask": { "en": "Choose the WordPress administrator (must be an existing YunoHost user)", "fr": "Administrateur du site (doit être un utilisateur YunoHost existant)" - }, - "example": "john" - }, - { - "name": "language", - "type": "string", - "ask": { - "en": "Choose the language of the WordPress site", - "fr": "Choissisez la langue du WordPress" - }, - "choices": ["en_US", "fr_FR"], - "default": "en_US" + } }, { "name": "multisite", @@ -80,19 +79,6 @@ "fr": "Activer l'option multisite ?" }, "default": false - }, - { - "name": "is_public", - "type": "boolean", - "ask": { - "en": "Is it a public WordPress site?", - "fr": "Est-ce un site public ?" - }, - "default": true, - "help": { - "en": "A public WordPress will be publicly visible for everyone. If you're looking for a public blog, you should choose to install a public WordPress.", - "fr": "Un WordPress public sera visible publiquement pour tous. Si vous recherchez un blog public, vous devriez choisir d'installer un WordPress public." - } } ] } diff --git a/scripts/backup b/scripts/backup index 25bf9d5..5df3afe 100644 --- a/scripts/backup +++ b/scripts/backup @@ -1,11 +1,12 @@ #!/bin/bash #================================================= -# GENERIC STARTING +# GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers @@ -23,8 +24,8 @@ ynh_print_info --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get --app=$app --key=domain) final_path=$(ynh_app_setting_get --app=$app --key=final_path) +domain=$(ynh_app_setting_get --app=$app --key=domain) db_name=$(ynh_app_setting_get --app=$app --key=db_name) phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) @@ -40,24 +41,17 @@ ynh_print_info --message="Declaring files to be backed up..." ynh_backup --src_path="$final_path" #================================================= -# BACKUP NGINX CONFIGURATION +# BACKUP THE NGINX CONFIGURATION #================================================= ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= -# BACKUP PHP-FPM CONFIGURATION +# BACKUP THE PHP-FPM CONFIGURATION #================================================= ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" -#================================================= -# BACKUP THE MYSQL DATABASE -#================================================= -ynh_print_info --message="Backing up the MySQL database..." - -ynh_mysql_dump_db --database="$db_name" > db.sql - #================================================= # BACKUP FAIL2BAN CONFIGURATION #================================================= @@ -66,11 +60,18 @@ ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" #================================================= -# BACKUP CRON +# BACKUP VARIOUS FILES #================================================= ynh_backup --src_path="/etc/cron.d/$app" +#================================================= +# BACKUP THE MYSQL DATABASE +#================================================= +ynh_print_info --message="Backing up the MySQL database..." + +ynh_mysql_dump_db --database="$db_name" > db.sql + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/change_url b/scripts/change_url index 44af2d5..85f5144 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -26,6 +26,7 @@ app=$YNH_APP_INSTANCE_NAME #================================================= ynh_script_progression --message="Loading installation settings..." --weight=2 +# Needed for helper "ynh_add_nginx_config" final_path=$(ynh_app_setting_get --app=$app --key=final_path) multisite=$(ynh_app_setting_get --app=$app --key=multisite) @@ -36,7 +37,7 @@ then fi #================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP #================================================= ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --weight=5 @@ -46,7 +47,7 @@ ynh_clean_setup () { # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location. ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" - # restore it if the upgrade fails + # Restore it if the upgrade fails ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script @@ -91,11 +92,9 @@ if [ $change_path -eq 1 ] then # Make a backup of the original NGINX config file if modified ynh_backup_if_checksum_is_different --file="$nginx_conf_path" - # Set global variables for NGINX helper domain="$old_domain" path_url="$new_path" - # Create a dedicated NGINX config ynh_add_nginx_config fi @@ -106,7 +105,6 @@ then # Delete file checksum for the old conf file location ynh_delete_file_checksum --file="$nginx_conf_path" mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf - # Store file checksum for the new config file location ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" fi diff --git a/scripts/install b/scripts/install index 7e8dd21..1cc15ba 100644 --- a/scripts/install +++ b/scripts/install @@ -1,7 +1,7 @@ #!/bin/bash #================================================= -# GENERIC STARTING +# GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= @@ -10,7 +10,7 @@ source _common.sh source /usr/share/yunohost/helpers #================================================= -# MANAGE FAILURE OF THE SCRIPT +# MANAGE SCRIPT FAILURE #================================================= # Exit if an error occurs during the execution of the script @@ -22,15 +22,15 @@ ynh_abort_if_errors domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH -admin_wordpress=$YNH_APP_ARG_ADMIN -language=$YNH_APP_ARG_LANGUAGE -multisite=$YNH_APP_ARG_MULTISITE is_public=$YNH_APP_ARG_IS_PUBLIC +language=$YNH_APP_ARG_LANGUAGE +admin_wordpress=$YNH_APP_ARG_ADMIN +multisite=$YNH_APP_ARG_MULTISITE app=$YNH_APP_INSTANCE_NAME #================================================= -# CHECK IF THE APP CAN BE INSTALLED WITH THIS ARGS +# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= ynh_script_progression --message="Validating installation parameters..." --weight=2 @@ -51,8 +51,8 @@ ynh_script_progression --message="Storing installation settings..." --weight=2 ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url -ynh_app_setting_set --app=$app --key=admin --value=$admin_wordpress ynh_app_setting_set --app=$app --key=language --value=$language +ynh_app_setting_set --app=$app --key=admin --value=$admin_wordpress ynh_app_setting_set --app=$app --key=multisite --value=$multisite ynh_app_setting_set --app=$app --key=overwrite_nginx --value=1 @@ -61,14 +61,23 @@ ynh_app_setting_set --app=$app --key=admin_mail_html --value=1 #================================================= # STANDARD MODIFICATIONS +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." --weight=3 + +# Create a system user +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # CREATE A MYSQL DATABASE #================================================= ynh_script_progression --message="Creating a MySQL database..." db_name=$(ynh_sanitize_dbid --db_name=$app) +db_user=$db_name ynh_app_setting_set --app=$app --key=db_name --value=$db_name -ynh_mysql_setup_db --db_user=$db_name --db_name=$db_name +ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE @@ -87,14 +96,6 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=3 # Create a dedicated NGINX config ynh_add_nginx_config -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." --weight=3 - -# Create a dedicated system user -ynh_system_user_create --username=$app - #================================================= # PHP-FPM CONFIGURATION #================================================= @@ -229,6 +230,10 @@ $wpcli_alias plugin activate authldap $plugin_network $wpcli_alias plugin activate companion-auto-update $plugin_network $wpcli_alias plugin activate wp-fail2ban-redux $plugin_network +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # STORE THE CONFIG FILE CHECKSUM #================================================= @@ -236,6 +241,9 @@ $wpcli_alias plugin activate wp-fail2ban-redux $plugin_network # Calculate and store the config file checksum into the app settings ynh_store_file_checksum --file="$final_path/wp-config.php" +chmod 400 "$final_path/wp-config.php" +chown $app:$app "$final_path/wp-config.php" + #================================================= # CREATE A CRON TASK FOR AUTOMATIC UPDATE #================================================= @@ -245,17 +253,6 @@ echo "# Reach everyday wp-cron.php to trig the internal WordPress cron. #================================================= # GENERIC FINALISATION -#================================================= -# SECURING FILES AND DIRECTORIES -#================================================= - -# Set permissions to app files -# Files have to be own by the user of wordpress. To allow upgrade from the app. -chown -R $app: $final_path -# Except the file config wp-config.php -chown root:$app $final_path/wp-config.php -chmod 640 $final_path/wp-config.php - #================================================= # SETUP FAIL2BAN #================================================= diff --git a/scripts/remove b/scripts/remove index d48c28a..7b77c2c 100755 --- a/scripts/remove +++ b/scripts/remove @@ -1,7 +1,7 @@ #!/bin/bash #================================================= -# GENERIC STARTING +# GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= @@ -18,6 +18,7 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) db_name=$(ynh_app_setting_get --app=$app --key=db_name) +db_user=$db_name final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= @@ -28,7 +29,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path) ynh_script_progression --message="Removing the MySQL database..." --weight=2 # Remove a database if it exists, along with the associated user -ynh_mysql_remove_db --db_user=$db_name --db_name=$db_name +ynh_mysql_remove_db --db_user=$db_user --db_name=$db_name #================================================= # REMOVE APP MAIN DIR @@ -63,19 +64,23 @@ ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=8 ynh_remove_fail2ban_config #================================================= -# REMOVE THE CRON +# SPECIFIC REMOVE #================================================= +# REMOVE VARIOUS FILES +#================================================= +ynh_script_progression --message="Removing various files..." -ynh_secure_remove /etc/cron.d/$app +# Remove a cron file +ynh_secure_remove --file="/etc/cron.d/$app" #================================================= -# GENERIC FINALISATION +# GENERIC FINALIZATION #================================================= # REMOVE DEDICATED USER #================================================= ynh_script_progression --message="Removing the dedicated system user..." --weight=3 -# Delete dedicated system user +# Delete a system user ynh_system_user_delete --username=$app #================================================= diff --git a/scripts/restore b/scripts/restore index 7672833..41556c1 100644 --- a/scripts/restore +++ b/scripts/restore @@ -1,11 +1,12 @@ #!/bin/bash #================================================= -# GENERIC STARTING +# GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers @@ -27,8 +28,9 @@ domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) db_name=$(ynh_app_setting_get --app=$app --key=db_name) -admin_wordpress=$(ynh_app_setting_get --app=$app --key=admin) +db_user=$db_name phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) +admin_wordpress=$(ynh_app_setting_get --app=$app --key=admin) fpm_footprint=$(ynh_app_setting_get --app=$app --key=fpm_footprint) fpm_usage=$(ynh_app_setting_get --app=$app --key=fpm_usage) @@ -38,8 +40,6 @@ fpm_usage=$(ynh_app_setting_get --app=$app --key=fpm_usage) #================================================= ynh_script_progression --message="Validating restoration parameters..." -ynh_webpath_available --domain=$domain --path_url=$path_url \ - || ynh_die --message="Path not available: ${domain}${path_url}" test ! -d $final_path \ || ynh_die --message="There is already a directory: $final_path " @@ -55,9 +55,18 @@ ynh_maintenance_mode_ON #================================================= # RESTORE THE NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Restoring the NGINX web server configuration..." ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +#================================================= +# RECREATE THE DEDICATED USER +#================================================= +ynh_script_progression --message="Recreating the dedicated system user..." --weight=3 + +# Create the dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # RESTORE THE APP MAIN DIR #================================================= @@ -65,37 +74,17 @@ ynh_script_progression --message="Restoring the app main directory..." ynh_restore_file --origin_path="$final_path" -#================================================= -# RESTORE THE MYSQL DATABASE -#================================================= -ynh_script_progression --message="Restoring the MySQL database..." --weight=3 +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" -db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) -ynh_mysql_setup_db --db_user=$db_name --db_name=$db_name --db_pwd=$db_pwd -ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name < ./db.sql - -#================================================= -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." --weight=3 - -# Create the dedicated user (if not existing) -ynh_system_user_create --username=$app - -#================================================= -# RESTORE USER RIGHTS -#================================================= - -# Set permissions to app files -# Files have to be own by the user of wordpress. To allow upgrade from the app. -chown -R $app: $final_path -# Except the file config wp-config.php -chown root:$app $final_path/wp-config.php -chmod 640 $final_path/wp-config.php +chmod 400 "$final_path/wp-config.php" +chown $app:$app "$final_path/wp-config.php" #================================================= # RESTORE THE PHP-FPM CONFIGURATION #================================================= +ynh_script_progression --message="Restoring the PHP-FPM configuration..." # Restore the file first, so it can have a backup if different ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" @@ -104,7 +93,7 @@ ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" ynh_add_fpm_config --usage=$fpm_usage --footprint=$fpm_footprint --package="$extra_php_dependencies" #================================================= -# RESTORE THE FAIL2BAN CONFIGURATION +# RESTORE FAIL2BAN CONFIGURATION #================================================= ynh_script_progression --message="Restoring the Fail2Ban configuration..." --weight=6 @@ -113,13 +102,23 @@ ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf" ynh_systemd_action --action=restart --service_name=fail2ban #================================================= -# RESTORE THE CRON +# RESTORE THE MYSQL DATABASE #================================================= +ynh_script_progression --message="Restoring the MySQL database..." --weight=3 -ynh_restore_file "/etc/cron.d/$app" +db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) +ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd +ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql #================================================= -# GENERIC FINALISATION +# RESTORE VARIOUS FILES +#================================================= +ynh_script_progression --message="Restoring various files..." + +ynh_restore_file --origin_path="/etc/cron.d/$app" + +#================================================= +# GENERIC FINALIZATION #================================================= # RELOAD NGINX AND PHP-FPM #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index b911bb7..0481559 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,7 +1,7 @@ #!/bin/bash #================================================= -# GENERIC STARTING +# GENERIC START #================================================= # IMPORT GENERIC HELPERS #================================================= @@ -18,8 +18,8 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) -admin_wordpress=$(ynh_app_setting_get --app=$app --key=admin) language=$(ynh_app_setting_get --app=$app --key=language) +admin_wordpress=$(ynh_app_setting_get --app=$app --key=admin) multisite=$(ynh_app_setting_get --app=$app --key=multisite) final_path=$(ynh_app_setting_get --app=$app --key=final_path) db_name=$(ynh_app_setting_get --app=$app --key=db_name) @@ -36,9 +36,35 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= # CHECK VERSION #================================================= +ynh_script_progression --message="Checking version..." upgrade_type=$(ynh_check_app_version_changed) +#================================================= +# STANDARD UPGRADE STEPS +#================================================= +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +#================================================= +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=15 + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # Restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# ACTIVATE MAINTENANCE MODE +#================================================= +ynh_script_progression --message="Activating maintenance mode..." --weight=2 + +ynh_maintenance_mode_ON + +#================================================= +# STANDARD UPGRADE STEPS #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= @@ -128,6 +154,7 @@ fi # Replace wp-fail2ban by wp-fail2ban-redux ynh_exec_warn_less wget --no-verbose https://raw.githubusercontent.com/wp-cli/builds/gh-pages/phar/wp-cli.phar --output-document=$final_path/wp-cli.phar wpcli_alias="php$phpversion $final_path/wp-cli.phar --allow-root --path=$final_path" +plugin_network="" if [ $multisite -eq 1 ]; then plugin_network="--network" fi @@ -150,27 +177,12 @@ if ! ynh_permission_exists --permission="admin"; then fi #================================================= -# STANDARD UPGRADE STEPS +# CREATE DEDICATED USER #================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP -#================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=15 +ynh_script_progression --message="Making sure dedicated system user exists..." -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - # restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# ACTIVATE MAINTENANCE MODE -#================================================= -ynh_script_progression --message="Activating maintenance mode..." --weight=2 - -ynh_maintenance_mode_ON +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" #================================================= # NGINX CONFIGURATION @@ -183,14 +195,6 @@ then ynh_add_nginx_config fi -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." - -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app - #================================================= # PHP-FPM CONFIGURATION #================================================= @@ -273,6 +277,10 @@ $wpcli_alias plugin activate wp-fail2ban-redux $plugin_network # Disable broken plugin http-authentication $wpcli_alias plugin is-installed http-authentication && $wpcli_alias plugin deactivate http-authentication $plugin_network +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # STORE THE CHECKSUM OF THE CONFIG FILE #================================================= @@ -280,6 +288,9 @@ $wpcli_alias plugin is-installed http-authentication && $wpcli_alias plugin deac # Recalculate and store the checksum of the file for the next upgrade. ynh_store_file_checksum --file="$final_path/wp-config.php" +chmod 400 "$final_path/wp-config.php" +chown $app:$app "$final_path/wp-config.php" + #================================================= # CREATE A CRON TASK FOR AUTOMATIC UPDATE #================================================= @@ -289,17 +300,6 @@ echo "# Reach everyday wp-cron.php to trig the internal WordPress cron. #================================================= # GENERIC FINALISATION -#================================================= -# SECURING FILES AND DIRECTORIES -#================================================= - -# Set permissions to app files -# Files have to be own by the user of wordpress. To allow upgrade from the app. -chown -R $app: $final_path -# Except the file config wp-config.php -chown root:$app $final_path/wp-config.php -chmod 640 $final_path/wp-config.php - #================================================= # UPGRADE FAIL2BAN #=================================================