diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh deleted file mode 100644 index 9488298..0000000 --- a/.github/workflows/updater.sh +++ /dev/null @@ -1,137 +0,0 @@ -#!/bin/bash - -#================================================= -# PACKAGE UPDATING HELPER -#================================================= - -# This script is meant to be run by GitHub Actions -# The YunoHost-Apps organisation offers a template Action to run this script periodically -# Since each app is different, maintainers can adapt its contents so as to perform -# automatic actions when a new upstream release is detected. - -#================================================= -# FETCHING LATEST RELEASE AND ITS ASSETS -#================================================= - -# Fetching information -current_version=$(cat manifest.json | jq -j '.version|split("~")[0]') -repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]') -# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions) -version=$(curl --location --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1) -assets=($(curl --location --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'")) - -# Later down the script, we assume the version has only digits and dots -# Sometimes the release name starts with a "v", so let's filter it out. -# You may need more tweaks here if the upstream repository has different naming conventions. -if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then - version=${version:1} -fi - -# Setting up the environment variables -echo "Current version: $current_version" -echo "Latest release from upstream: $version" -echo "VERSION=$version" >> $GITHUB_ENV -echo "REPO=$repo" >> $GITHUB_ENV -# For the time being, let's assume the script will fail -echo "PROCEED=false" >> $GITHUB_ENV - -# Proceed only if the retrieved version is greater than the current one -if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then - echo "::warning ::No new version available" - exit 0 -# Proceed only if a PR for this new version does not already exist -elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then - echo "::warning ::A branch already exists for this update" - exit 0 -fi - -# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.) -echo "${#assets[@]} available asset(s)" - -#================================================= -# UPDATE SOURCE FILES -#================================================= - -# Here we use the $assets variable to get the resources published in the upstream release. -# Here is an example for Grav, it has to be adapted in accordance with how the upstream releases look like. - -# Let's loop over the array of assets URLs -for asset_url in ${assets[@]}; do - -echo "Handling asset at $asset_url" - -# Assign the asset to a source file in conf/ directory -# Here we base the source file name upon a unique keyword in the assets url (admin vs. update) -# Leave $src empty to ignore the asset -case $asset_url in - *"linux_amd64"*) - src="amd64" - ;; - *"linux_arm64"*) - src="arm64" - ;; - *"linux_arm7"*) - src="amhf" - ;; - *) - src="" - ;; -esac - -# If $src is not empty, let's process the asset -if [ ! -z "$src" ]; then - -# Create the temporary directory -tempdir="$(mktemp -d)" - -# Download sources and calculate checksum -filename=${asset_url##*/} -curl --silent -4 -L $asset_url -o "$tempdir/$filename" -checksum=$(sha256sum "$tempdir/$filename" | head -c 64) - -# Delete temporary directory -rm -rf $tempdir - -# Get extension -if [[ $filename == *.tar.gz ]]; then - extension=tar.gz -else - extension=${filename##*.} -fi - -# Rewrite source file -cat < conf/$src.src -SOURCE_URL=$asset_url -SOURCE_SUM=$checksum -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=$extension -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= -EOT -echo "... conf/$src.src updated" - -else -echo "... asset ignored" -fi - -done - -#================================================= -# SPECIFIC UPDATE STEPS -#================================================= - -# Any action on the app's source code can be done. -# The GitHub Action workflow takes care of committing all changes after this script ends. - -#================================================= -# GENERIC FINALIZATION -#================================================= - -# Replace new version in manifest -echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json - -# No need to update the README, yunohost-bot takes care of it - -# The Action will proceed only if the PROCEED environment variable is set to true -echo "PROCEED=true" >> $GITHUB_ENV -exit 0 diff --git a/.github/workflows/updater.yml b/.github/workflows/updater.yml deleted file mode 100644 index a56d7cb..0000000 --- a/.github/workflows/updater.yml +++ /dev/null @@ -1,49 +0,0 @@ -# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected. -# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization. -# This file should be enough by itself, but feel free to tune it to your needs. -# It calls updater.sh, which is where you should put the app-specific update steps. -name: Check for new upstream releases -on: - # Allow to manually trigger the workflow - workflow_dispatch: - # Run it every day at 6:00 UTC - schedule: - - cron: '0 6 * * *' -jobs: - updater: - runs-on: ubuntu-latest - steps: - - name: Fetch the source code - uses: actions/checkout@v3 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - name: Run the updater script - id: run_updater - run: | - # Setting up Git user - git config --global user.name 'yunohost-bot' - git config --global user.email 'yunohost-bot@users.noreply.github.com' - # Run the updater script - /bin/bash .github/workflows/updater.sh - - name: Commit changes - id: commit - if: ${{ env.PROCEED == 'true' }} - run: | - git commit -am "Upgrade to v$VERSION" - - name: Create Pull Request - id: cpr - if: ${{ env.PROCEED == 'true' }} - uses: peter-evans/create-pull-request@v4 - with: - token: ${{ secrets.GITHUB_TOKEN }} - commit-message: Update to version ${{ env.VERSION }} - committer: 'yunohost-bot ' - author: 'yunohost-bot ' - signoff: false - base: testing - branch: ci-auto-update-v${{ env.VERSION }} - delete-branch: true - title: 'Upgrade to version ${{ env.VERSION }}' - body: | - Upgrade to v${{ env.VERSION }} - draft: false diff --git a/README.md b/README.md index d18aee5..695c847 100644 --- a/README.md +++ b/README.md @@ -22,23 +22,13 @@ Can be run as Single User Blog or Multi User Instance. Each User can be limited from 1 to unlimited blogs. -**Shipped version:** 0.14.0~ynh1 +**Shipped version:** 0.14.0~ynh2 **Demo:** https://write.as/new ## Screenshots ![Screenshot of WriteFreely](./doc/screenshots/screenshots2.png) -![Screenshot of WriteFreely](./doc/screenshots/screenshots1.png) - -## Disclaimers / important information - -* **WriteFreely** require a dedicated **root domain**, eg. writefreely.domain.tld -* i386 architectures not supported -* No LDAP and no HTTP auth supported - -* If User Mode is configured Multiple users, the app be used by multiple users -* Additionals parameters can be configured in Settings / Admin settings. ## Documentation and resources diff --git a/README_fr.md b/README_fr.md index cdd74c0..0395a73 100644 --- a/README_fr.md +++ b/README_fr.md @@ -22,23 +22,13 @@ Can be run as Single User Blog or Multi User Instance. Each User can be limited from 1 to unlimited blogs. -**Version incluse :** 0.14.0~ynh1 +**Version incluse :** 0.14.0~ynh2 **Démo :** https://write.as/new ## Captures d’écran ![Capture d’écran de WriteFreely](./doc/screenshots/screenshots2.png) -![Capture d’écran de WriteFreely](./doc/screenshots/screenshots1.png) - -## Avertissements / informations importantes - -* **WriteFreely** require a dedicated **root domain**, eg. writefreely.domain.tld -* i386 architectures not supported -* No LDAP and no HTTP auth supported - -* If User Mode is configured Multiple users, the app be used by multiple users -* Additionals parameters can be configured in Settings / Admin settings. ## Documentations et ressources diff --git a/check_process b/check_process deleted file mode 100644 index 65e22ba..0000000 --- a/check_process +++ /dev/null @@ -1,38 +0,0 @@ -;; Test complet - ; Manifest - domain="domain.tld" - is_public=1 - admin="john" - password="1Strong-Password" - single_user=1 - ; Checks - pkg_linter=1 - setup_sub_dir=0 - setup_root=1 - setup_nourl=0 - setup_private=1 - setup_public=1 - upgrade=1 - # 0.8.1~ynh4 - #upgrade=1 from_commit=093ec18f9f5282e1a137c0ac5444a414ee2b83bc - # 0.11.2~ynh1 - upgrade=1 from_commit=45584b220e911c573643cb1e213e75fc42547818 - # 0.12.0~ynh1 - upgrade=1 from_commit=4b7c851074c4e785c414944905a8cfb2a0d19ff1 - # 0.12.0~ynh3 - upgrade=1 from_commit=5ac207e14985bda77dc797353902548696622b41 - # 0.12.0~ynh4 - upgrade=1 from_commit=d75ccbc460b04ef95f3d8b1a72ee77fc7815c6a2 - # 0.12.0~ynh6 - upgrade=1 from_commit=b387e4186a02c387d734cf25f4fed9283c01d55f - # 0.13.0~ynh1 - upgrade=1 from_commit=06afb5c5a1896185eec6e63ffcb929f0216db2ec - # 0.13.1~ynh1 - upgrade=1 from_commit=e30ec378dc703227fcfe542d19f35e2838192094 - backup_restore=1 - multi_instance=1 - port_already_use=0 - change_url=1 -;;; Options -Email= -Notification=none diff --git a/conf/amd64.src b/conf/amd64.src deleted file mode 100644 index 16b4a4e..0000000 --- a/conf/amd64.src +++ /dev/null @@ -1,6 +0,0 @@ -SOURCE_URL=https://github.com/writefreely/writefreely/releases/download/v0.14.0/writefreely_0.14.0_linux_amd64.tar.gz -SOURCE_SUM=1138d6aed26d8bb859265f9dcea8a9d76c3baed481413a1aae55434e3acd3bc2 -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= diff --git a/conf/amhf.src b/conf/amhf.src deleted file mode 100644 index 4f5c9bf..0000000 --- a/conf/amhf.src +++ /dev/null @@ -1,6 +0,0 @@ -SOURCE_URL=https://github.com/writefreely/writefreely/releases/download/v0.14.0/writefreely_0.14.0_linux_arm7.tar.gz -SOURCE_SUM=669ca8d388d9ead2530474c2498e3e0ab87d122644be9d525e5d1a3c308c1c9b -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= diff --git a/conf/arm64.src b/conf/arm64.src deleted file mode 100644 index 635f98c..0000000 --- a/conf/arm64.src +++ /dev/null @@ -1,6 +0,0 @@ -SOURCE_URL=https://github.com/writefreely/writefreely/releases/download/v0.14.0/writefreely_0.14.0_linux_arm64.tar.gz -SOURCE_SUM=4003591021efd5810e4f5637c967cf166be341e7998a8d6208842a8f659a4f8f -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= diff --git a/conf/armhf.src b/conf/armhf.src deleted file mode 100644 index b3960b0..0000000 --- a/conf/armhf.src +++ /dev/null @@ -1,6 +0,0 @@ -SOURCE_URL=https://github.com/writeas/writefreely/releases/download/v0.13.1/writefreely_0.13.1_linux_arm7.tar.gz -SOURCE_SUM=598be91fefbe34b5988c2447a008d410385e12c173e66a26c20fcbad0aaebad0 -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= diff --git a/conf/nginx.conf b/conf/nginx.conf index 805f93e..08d61cd 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -7,7 +7,7 @@ location ~ ^/.well-known/(webfinger|nodeinfo|host-meta) { } location ~ ^/(css|img|js|fonts)/ { - root __FINALPATH__/static; + root __INSTALL_DIR__/static; # Optionally cache these files in the browser: # expires 12M; } diff --git a/conf/systemd.service b/conf/systemd.service index 9a62fe9..35c4d59 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -1,16 +1,50 @@ [Unit] -Description=Write Freely __APP__ Service +Description=WriteFreely: minimalist federated blog After=network.target [Service] Type=simple User=__APP__ Group=__APP__ -WorkingDirectory=__FINALPATH__/ -ExecStart=__FINALPATH__/writefreely +WorkingDirectory=__INSTALL_DIR__/ +ExecStart=__INSTALL_DIR__/writefreely Restart=always StandardOutput=syslog StandardError=syslog +# Sandboxing options to harden security +# Depending on specificities of your service/app, you may need to tweak these +# .. but this should be a good baseline +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectClock=yes +ProtectHostname=yes +ProtectProc=invisible +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallArchitectures=native +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG + [Install] WantedBy=multi-user.target diff --git a/doc/ADMIN.md b/doc/ADMIN.md new file mode 100644 index 0000000..9e819f6 --- /dev/null +++ b/doc/ADMIN.md @@ -0,0 +1,2 @@ +* If User Mode is configured Multiple users, the app be used by multiple users +* Additionals parameters can be configured in Settings / Admin settings. diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md deleted file mode 100644 index 3084b40..0000000 --- a/doc/DISCLAIMER.md +++ /dev/null @@ -1,6 +0,0 @@ -* **WriteFreely** require a dedicated **root domain**, eg. writefreely.domain.tld -* i386 architectures not supported -* No LDAP and no HTTP auth supported - -* If User Mode is configured Multiple users, the app be used by multiple users -* Additionals parameters can be configured in Settings / Admin settings. diff --git a/doc/screenshots/screenshots1.png b/doc/screenshots/screenshots1.png deleted file mode 100644 index daf82b9..0000000 Binary files a/doc/screenshots/screenshots1.png and /dev/null differ diff --git a/manifest.json b/manifest.json deleted file mode 100644 index 0bde799..0000000 --- a/manifest.json +++ /dev/null @@ -1,60 +0,0 @@ -{ - "name": "WriteFreely", - "id": "writefreely", - "packaging_format": 1, - "description": { - "en": "For starting a minimalist, federated blog or an entire community.", - "fr": "Permet de créer un blog fédéré minimaliste ou une communauté entière." - }, - "version": "0.14.0~ynh1", - "url": "https://writefreely.org", - "upstream": { - "license": "AGPL-3.0-or-later", - "website": "https://writefreely.org", - "demo": "https://write.as/new", - "userdoc": "https://writefreely.org/start", - "code": "https://github.com/writeas/writefreely" - }, - "license": "AGPL-3.0-or-later", - "maintainer": { - "name": "yalh76" - }, - "requirements": { - "yunohost": ">= 4.3.0" - }, - "multi_instance": true, - "services": [ - "nginx", - "mysql" - ], - "arguments": { - "install": [ - { - "name": "domain", - "type": "domain" - }, - { - "name": "is_public", - "type": "boolean", - "default": true - }, - { - "name": "admin", - "type": "user" - }, - { - "name": "password", - "type": "password" - }, - { - "name": "single_user", - "type": "boolean", - "ask": { - "en": "Choose if you want a Single User Blog?", - "fr": "Souhaitez vous un blog pour un seul utilisateur ?" - }, - "default": true - } - ] - } -} diff --git a/manifest.toml b/manifest.toml new file mode 100644 index 0000000..fca0b44 --- /dev/null +++ b/manifest.toml @@ -0,0 +1,77 @@ +packaging_format = 2 + +id = "writefreely" +name = "WriteFreely" +description.en = "For starting a minimalist, federated blog or an entire community" +description.fr = "Permet de créer un blog fédéré minimaliste ou une communauté entière" + +version = "0.14.0~ynh2" + +maintainers = ["yalh76"] + +[upstream] +license = "AGPL-3.0-or-later" +website = "https://writefreely.org" +demo = "https://write.as/new" +userdoc = "https://writefreely.org/start" +code = "https://github.com/writeas/writefreely" + +[integration] +yunohost = ">= 11.2" +architectures = ["arm64", "amd64", "armhf"] +multi_instance = true +ldap = false +sso = false +disk = "50M" +ram.build = "50M" +ram.runtime = "50M" + +[install] + [install.domain] + type = "domain" + + [install.init_main_permission] + type = "group" + default = "visitors" + + [install.admin] + type = "user" + + [install.password] + type = "password" + + [install.single_user] + ask.en = "Choose if you want a Single User Blog?" + ask.fr = "Souhaitez vous un blog pour un seul utilisateur ?" + type = "boolean" + default = true + +[resources] + [resources.sources] + [resources.sources.main] + arm64.url = "https://github.com/writefreely/writefreely/releases/download/v0.14.0/writefreely_0.14.0_linux_arm64.tar.gz" + arm64.sha256 = "4003591021efd5810e4f5637c967cf166be341e7998a8d6208842a8f659a4f8f" + amd64.url = "https://github.com/writefreely/writefreely/releases/download/v0.14.0/writefreely_0.14.0_linux_amd64.tar.gz" + amd64.sha256 = "1138d6aed26d8bb859265f9dcea8a9d76c3baed481413a1aae55434e3acd3bc2" + armhf.url = "https://github.com/writefreely/writefreely/releases/download/v0.14.0/writefreely_0.14.0_linux_arm7.tar.gz" + armhf.sha256 = "669ca8d388d9ead2530474c2498e3e0ab87d122644be9d525e5d1a3c308c1c9b" + + [resources.system_user] + + [resources.install_dir] + + [resources.ports] + + [resources.permissions] + main.url = "/" + api.url = "/api" + api.allowed= "visitors" + api.auth_header= false + api.show_tile= false + api.protected= true + + [resources.apt] + packages = "mariadb-server" + + [resources.database] + type = "mysql" diff --git a/scripts/_common.sh b/scripts/_common.sh index 0414a4f..944a65e 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,9 +4,6 @@ # COMMON VARIABLES #================================================= -# dependencies used by the app -#pkg_dependencies="" - #================================================= # PERSONAL HELPERS #================================================= diff --git a/scripts/backup b/scripts/backup index 98d9a89..bd64834 100755 --- a/scripts/backup +++ b/scripts/backup @@ -10,27 +10,6 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - true -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_print_info --message="Loading installation settings..." - -app=$YNH_APP_INSTANCE_NAME - -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -domain=$(ynh_app_setting_get --app=$app --key=domain) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) - #================================================= # DECLARE DATA AND CONF FILES TO BACKUP #================================================= @@ -40,7 +19,7 @@ ynh_print_info --message="Declaring files to be backed up..." # BACKUP THE APP MAIN DIR #================================================= -ynh_backup --src_path="$final_path" +ynh_backup --src_path="$install_dir" #================================================= # BACKUP THE NGINX CONFIGURATION @@ -48,8 +27,6 @@ ynh_backup --src_path="$final_path" ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" -#================================================= -# SPECIFIC BACKUP #================================================= # BACKUP SYSTEMD #================================================= diff --git a/scripts/change_url b/scripts/change_url index 49b583c..0e1fa00 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -9,65 +9,6 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# RETRIEVE ARGUMENTS -#================================================= - -old_domain=$YNH_APP_OLD_DOMAIN -old_path=$YNH_APP_OLD_PATH - -new_domain=$YNH_APP_NEW_DOMAIN -new_path="/" - -app=$YNH_APP_INSTANCE_NAME - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." - -# Needed for helper "ynh_add_nginx_config" -final_path=$(ynh_app_setting_get --app=$app --key=final_path) - -# Add settings here as needed by your application -#db_name=$(ynh_app_setting_get --app=$app --key=db_name) -#db_user=$db_name -#db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd) - -#================================================= -# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP -#================================================= -ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." - -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - ynh_clean_check_starting - # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location. - ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" - - # Restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# CHECK WHICH PARTS SHOULD BE CHANGED -#================================================= - -change_domain=0 -if [ "$old_domain" != "$new_domain" ] -then - change_domain=1 -fi - -change_path=0 -if [ "$old_path" != "$new_path" ] -then - change_path=1 -fi - #================================================= # STANDARD MODIFICATIONS #================================================= @@ -82,29 +23,7 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" --li #================================================= ynh_script_progression --message="Updating NGINX web server configuration..." -nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf - -# Change the path in the NGINX config file -if [ $change_path -eq 1 ] -then - # Make a backup of the original NGINX config file if modified - ynh_backup_if_checksum_is_different --file="$nginx_conf_path" - # Set global variables for NGINX helper - domain="$old_domain" - path_url="$new_path" - # Create a dedicated NGINX config - ynh_add_nginx_config -fi - -# Change the domain for NGINX -if [ $change_domain -eq 1 ] -then - # Delete file checksum for the old conf file location - ynh_delete_file_checksum --file="$nginx_conf_path" - mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf - # Store file checksum for the new config file location - ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" -fi +ynh_change_url_nginx_config #================================================= # SPECIFIC MODIFICATIONS @@ -113,11 +32,11 @@ fi #================================================= ynh_script_progression --message="Modifying a config file..." -ynh_backup_if_checksum_is_different --file="$final_path/config.ini" -ynh_replace_string --match_string="host =.*" --replace_string="host = https://$new_domain" --target_file="$final_path/config.ini" +ynh_backup_if_checksum_is_different --file="$install_dir/config.ini" +ynh_replace_string --match_string="host =.*" --replace_string="host = https://$new_domain" --target_file="$install_dir/config.ini" # Recalculate and store the checksum of the file for the next upgrade. -ynh_store_file_checksum --file="$final_path/config.ini" +ynh_store_file_checksum --file="$install_dir/config.ini" #================================================= # GENERIC FINALISATION @@ -129,13 +48,6 @@ ynh_script_progression --message="Starting a systemd service..." # Start a systemd service ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Serving on" -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." - -ynh_systemd_action --service_name=nginx --action=reload - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/install b/scripts/install index 15a892e..d22e1eb 100755 --- a/scripts/install +++ b/scripts/install @@ -9,103 +9,25 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - ynh_clean_check_starting -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= -domain=$YNH_APP_ARG_DOMAIN -path_url="/" -is_public=$YNH_APP_ARG_IS_PUBLIC -admin=$YNH_APP_ARG_ADMIN -password=$YNH_APP_ARG_PASSWORD -single_user=$YNH_APP_ARG_SINGLE_USER - # Bypass package_checker name not compatible with writefreely if [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then admin="test" fi -app=$YNH_APP_INSTANCE_NAME - -#================================================= -# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS -#================================================= -ynh_script_progression --message="Validating installation parameters..." - -architecture=$YNH_ARCH -# Check machine architecture, we don't support 32bit machines -if [ $architecture = "i386" ] -then - ynh_die --message="Sorry, but this app cannot be installed on a i386 32 bits machine :(" -fi - -final_path=/var/www/$app -test ! -e "$final_path" || ynh_die --message="This path already contains a folder" - -# Register (book) web path -ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url - -#================================================= -# STORE SETTINGS FROM MANIFEST -#================================================= -ynh_script_progression --message="Storing installation settings..." - -ynh_app_setting_set --app=$app --key=domain --value=$domain -ynh_app_setting_set --app=$app --key=path --value=$path_url -ynh_app_setting_set --app=$app --key=admin --value=$admin -ynh_app_setting_set --app=$app --key=single_user --value=$single_user - -#================================================= -# STANDARD MODIFICATIONS -#================================================= -# FIND AND OPEN A PORT -#================================================= -ynh_script_progression --message="Finding an available port..." - -# Find an available port -port=$(ynh_find_port --port=8095) -ynh_app_setting_set --app=$app --key=port --value=$port - -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." - -# Create a system user -ynh_system_user_create --username=$app --home_dir="$final_path" - -#================================================= -# CREATE A MYSQL DATABASE -#================================================= -ynh_script_progression --message="Creating a MySQL database..." - -db_name=$(ynh_sanitize_dbid --db_name=$app) -db_user=$db_name -ynh_app_setting_set --app=$app --key=db_name --value=$db_name -ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." -ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source --dest_dir="$final_path" --source_id=$architecture +ynh_setup_source --dest_dir="$install_dir" -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" +chmod -R o-rwx "$install_dir" +chown -R $app:www-data "$install_dir" #================================================= # NGINX CONFIGURATION @@ -115,46 +37,32 @@ ynh_script_progression --message="Configuring NGINX web server..." # Create a dedicated NGINX config ynh_add_nginx_config -#================================================= -# SPECIFIC SETUP +# Create a dedicated systemd config +ynh_add_systemd_config + +yunohost service add $app --description="WriteFreely daemon" --log="/var/log/$app/$app.log" + #================================================= # ADD A CONFIGURATION #================================================= ynh_script_progression --message="Adding a configuration file..." -ynh_add_config --template="../conf/config.ini" --destination="$final_path/config.ini" +ynh_add_config --template="../conf/config.ini" --destination="$install_dir/config.ini" -chmod 600 "$final_path/config.ini" -chown $app:$app "$final_path/config.ini" - -#================================================= -# SETUP SYSTEMD -#================================================= -ynh_script_progression --message="Configuring a systemd service..." - -# Create a dedicated systemd config -ynh_add_systemd_config +chmod 600 "$install_dir/config.ini" +chown $app:$app "$install_dir/config.ini" #================================================= # MAKE SETUP #================================================= ynh_script_progression --message="Making setup..." -pushd $final_path +pushd $install_dir ynh_exec_as $app ./writefreely --init-db ynh_exec_as $app ./writefreely --gen-keys ynh_exec_as $app ./writefreely --create-admin "$admin":"$password" popd -#================================================= -# GENERIC FINALIZATION -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." - -yunohost service add $app --description="WriteFreely daemon" --log="/var/log/$app/$app.log" - #================================================= # START SYSTEMD SERVICE #================================================= @@ -163,28 +71,6 @@ ynh_script_progression --message="Starting a systemd service..." # Start a systemd service ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Serving on" -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Configuring permissions..." - -# Make app public if necessary -if [ $is_public -eq 1 ] -then - # Everyone can access the app. - # The "main" permission is automatically created before the install script. - ynh_permission_update --permission="main" --add="visitors" -fi - -ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true" - -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." - -ynh_systemd_action --service_name=nginx --action=reload - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/remove b/scripts/remove index 112ccaa..c4a3e29 100755 --- a/scripts/remove +++ b/scripts/remove @@ -9,19 +9,6 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -port=$(ynh_app_setting_get --app=$app --key=port) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$db_name -final_path=$(ynh_app_setting_get --app=$app --key=final_path) - #================================================= # STANDARD REMOVE #================================================= @@ -35,58 +22,12 @@ then yunohost service remove $app fi -#================================================= -# STOP AND REMOVE SERVICE -#================================================= -ynh_script_progression --message="Stopping and removing the systemd service..." - # Remove the dedicated systemd config ynh_remove_systemd_config -#================================================= -# REMOVE THE MYSQL DATABASE -#================================================= -ynh_script_progression --message="Removing the MySQL database..." - -# Remove a database if it exists, along with the associated user -ynh_mysql_remove_db --db_user=$db_user --db_name=$db_name - -#================================================= -# REMOVE APP MAIN DIR -#================================================= -ynh_script_progression --message="Removing app main directory..." - -# Remove the app directory securely -ynh_secure_remove --file="$final_path" - -#================================================= -# REMOVE NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Removing NGINX web server configuration..." - # Remove the dedicated NGINX config ynh_remove_nginx_config -#================================================= -# CLOSE A PORT -#================================================= - -if yunohost firewall list | grep -q "\- $port$" -then - ynh_script_progression --message="Closing port $port..." - ynh_exec_warn_less yunohost firewall disallow TCP $port -fi - -#================================================= -# GENERIC FINALIZATION -#================================================= -# REMOVE DEDICATED USER -#================================================= -ynh_script_progression --message="Removing the dedicated system user..." - -# Delete a system user -ynh_system_user_delete --username=$app - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index 7d80661..2cb704b 100755 --- a/scripts/restore +++ b/scripts/restore @@ -10,74 +10,21 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - ynh_clean_check_starting -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$db_name - -#================================================= -# CHECK IF THE APP CAN BE RESTORED -#================================================= -ynh_script_progression --message="Validating restoration parameters..." - -test ! -d $final_path \ - || ynh_die --message="There is already a directory: $final_path " - -#================================================= -# STANDARD RESTORATION STEPS -#================================================= -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." - -# Create the dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" - #================================================= # RESTORE THE APP MAIN DIR #================================================= ynh_script_progression --message="Restoring the app main directory..." -ynh_restore_file --origin_path="$final_path" +ynh_restore_file --origin_path="$install_dir" -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" - -#================================================= -# SPECIFIC RESTORATION -#================================================= -# RESTORE THE NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Restoring the NGINX web server configuration..." - -ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +chmod -R o-rwx "$install_dir" +chown -R $app:www-data "$install_dir" #================================================= # RESTORE THE MYSQL DATABASE #================================================= ynh_script_progression --message="Restoring the MySQL database..." -db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) -ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql #================================================= @@ -85,14 +32,11 @@ ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./ #================================================= ynh_script_progression --message="Restoring the systemd configuration..." +ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" + ynh_restore_file --origin_path="/etc/systemd/system/$app.service" systemctl enable $app.service --quiet -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." - yunohost service add $app --description="WriteFreely daemon" --log="/var/log/$app/$app.log" #================================================= @@ -102,13 +46,6 @@ ynh_script_progression --message="Starting a systemd service..." ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Serving on" -#================================================= -# GENERIC FINALIZATION -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." - ynh_systemd_action --service_name=nginx --action=reload #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index c017549..59c7767 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -9,47 +9,12 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -admin=$(ynh_app_setting_get --app=$app --key=admin) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$db_name -db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) -port=$(ynh_app_setting_get --app=$app --key=port) -single_user=$(ynh_app_setting_get --app=$app --key=single_user) - -architecture=$YNH_ARCH - #================================================= # CHECK VERSION #================================================= -ynh_script_progression --message="Checking version..." upgrade_type=$(ynh_check_app_version_changed) -#================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP -#================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." - -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - ynh_clean_check_starting - # Restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - #================================================= # STANDARD UPGRADE STEPS #================================================= @@ -59,49 +24,6 @@ ynh_script_progression --message="Stopping a systemd service..." ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" --line_match="Stopped Write Freely" -#================================================= -# ENSURE DOWNWARD COMPATIBILITY -#================================================= -ynh_script_progression --message="Ensuring downward compatibility..." - -# Remove old variables -ynh_app_setting_delete --app=$app --key=site_name -ynh_app_setting_delete --app=$app --key=site_description -ynh_app_setting_delete --app=$app --key=open_registration -ynh_app_setting_delete --app=$app --key=max_blogs -ynh_app_setting_delete --app=$app --key=federation -ynh_app_setting_delete --app=$app --key=public_stats -ynh_app_setting_delete --app=$app --key=private -ynh_app_setting_delete --app=$app --key=local_timeline - -# Close a port - -if yunohost firewall list | grep -q "\- $port$" -then - echo "Close port $port" >&2 - yunohost firewall disallow TCP $port 2>&1 -fi - -# Cleaning legacy permissions -if ynh_legacy_permissions_exists; then - ynh_legacy_permissions_delete_all - - ynh_app_setting_delete --app=$app --key=is_public -fi - -# Create a permission if needed -if ! ynh_permission_exists --permission="api"; then - ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --auth_header="false" --show_tile="false" --protected="true" -fi - -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." - -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -111,12 +33,11 @@ then ynh_script_progression --message="Upgrading source files..." # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir="$final_path" --source_id=$architecture + ynh_setup_source --dest_dir="$install_dir" fi -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" +chmod -R o-rwx "$install_dir" +chown -R $app:www-data "$install_dir" #================================================= # NGINX CONFIGURATION @@ -126,6 +47,11 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." # Create a dedicated NGINX config ynh_add_nginx_config +# Create a dedicated systemd config +ynh_add_systemd_config + +yunohost service add $app --description="WriteFreely daemon" --log="/var/log/$app/$app.log" + #================================================= # SPECIFIC UPGRADE #================================================= @@ -133,7 +59,7 @@ ynh_add_nginx_config #================================================= ynh_script_progression --message="Making the upgrade..." -pushd $final_path +pushd $install_dir ynh_mysql_execute_as_root --sql="ALTER DATABASE $db_name CHARACTER SET latin1 COLLATE latin1_swedish_ci;" --database=$db_name ynh_exec_as $app ./writefreely db migrate ynh_exec_as $app ./writefreely --migrate @@ -145,27 +71,10 @@ popd #================================================= ynh_script_progression --message="Updating a configuration file..." -ynh_add_config --template="../conf/config.ini" --destination="$final_path/config.ini" +ynh_add_config --template="../conf/config.ini" --destination="$install_dir/config.ini" -chmod 600 "$final_path/config.ini" -chown $app:$app "$final_path/config.ini" - -#================================================= -# SETUP SYSTEMD -#================================================= -ynh_script_progression --message="Upgrading systemd configuration..." - -# Create a dedicated systemd config -ynh_add_systemd_config - -#================================================= -# GENERIC FINALIZATION -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." - -yunohost service add $app --description="WriteFreely daemon" --log="/var/log/$app/$app.log" +chmod 600 "$install_dir/config.ini" +chown $app:$app "$install_dir/config.ini" #================================================= # START SYSTEMD SERVICE @@ -174,13 +83,6 @@ ynh_script_progression --message="Starting a systemd service..." ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="Serving on" -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." - -ynh_systemd_action --service_name=nginx --action=reload - #================================================= # END OF SCRIPT #================================================= diff --git a/tests.toml b/tests.toml new file mode 100644 index 0000000..6202296 --- /dev/null +++ b/tests.toml @@ -0,0 +1,15 @@ +test_format = 1.0 + +[default] + + # ------------------------------- + # Default args to use for install + # ------------------------------- + + args.single_user = true + + # ------------------------------- + # Commits to test upgrade from + # ------------------------------- + + test_upgrade_from.e30ec378dc703227fcfe542d19f35e2838192094.name = "Upgrade from 0.13.1"