From 8ac5d9abfeb58b751293f72ba2c4f0b5b138699b Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Fri, 19 Feb 2021 23:52:43 +0100 Subject: [PATCH 1/5] Small fixes --- README.md | 2 +- README_fr.md | 2 +- check_process | 3 --- conf/nginx.conf | 2 -- pull_request_template.md | 4 +--- scripts/change_url | 5 ----- scripts/install | 28 ++++++++-------------------- scripts/restore | 4 ++-- scripts/upgrade | 20 ++++++++------------ 9 files changed, 21 insertions(+), 49 deletions(-) diff --git a/README.md b/README.md index 6c92802..b1bfff2 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # YesWiki for YunoHost [![Integration level](https://dash.yunohost.org/integration/yeswiki.svg)](https://dash.yunohost.org/appci/app/yeswiki) ![](https://ci-apps.yunohost.org/ci/badges/yeswiki.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/yeswiki.maintain.svg) -[![Install YesWiki with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=yeswiki) +[![Install YesWiki with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=yeswiki) *[Lire ce readme en français.](./README_fr.md)* diff --git a/README_fr.md b/README_fr.md index 058b3b6..e2b7184 100644 --- a/README_fr.md +++ b/README_fr.md @@ -1,7 +1,7 @@ # YesWiki pour YunoHost [![Niveau d'intégration](https://dash.yunohost.org/integration/yeswiki.svg)](https://dash.yunohost.org/appci/app/yeswiki) ![](https://ci-apps.yunohost.org/ci/badges/yeswiki.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/yeswiki.maintain.svg) -[![Installer YesWiki avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=yeswiki) +[![Installer YesWiki avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=yeswiki) *[Read this readme in english.](./README.md)* diff --git a/check_process b/check_process index 46791c2..ac8c5b6 100644 --- a/check_process +++ b/check_process @@ -31,9 +31,6 @@ change_url=1 actions=0 config_panel=0 -;;; Levels - # If the level 5 (Package linter) is forced to 1. Please add justifications here. - Level 5=auto ;;; Options Email= Notification=change diff --git a/conf/nginx.conf b/conf/nginx.conf index 37de41d..556b622 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -9,7 +9,6 @@ location __PATH__/ { rewrite ^ https://$server_name$request_uri? permanent; } -### Example PHP configuration (remove it if not used) index index.php; # Common parameter to increase upload size limit in conjunction with dedicated php-fpm file @@ -26,7 +25,6 @@ location __PATH__/ { fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $request_filename; } -### End of PHP configuration part # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; diff --git a/pull_request_template.md b/pull_request_template.md index 7f07956..6c28fc5 100644 --- a/pull_request_template.md +++ b/pull_request_template.md @@ -13,6 +13,4 @@ ## Package_check results --- -*If you have access to [App Continuous Integration for packagers](https://yunohost.org/#/packaging_apps_ci) you can provide a link to the package_check results like below, replacing '-NUM-' in this link by the PR number and USERNAME by your username on the ci-apps-dev. Or you provide a screenshot or a pastebin of the results* - -[![Build Status](https://ci-apps-dev.yunohost.org/jenkins/job/yeswiki_ynh%20PR-NUM-%20(USERNAME)/badge/icon)](https://ci-apps-dev.yunohost.org/jenkins/job/yeswiki_ynh%20PR-NUM-%20(USERNAME)/) +* An automatic package_check will be launch at https://ci-apps-dev.yunohost.org/, when you add a specific comment to your Pull Request: "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!"* diff --git a/scripts/change_url b/scripts/change_url index c1c2431..a30b761 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -29,11 +29,6 @@ ynh_script_progression --message="Loading installation settings..." --weight=1 # Needed for helper "ynh_add_nginx_config" final_path=$(ynh_app_setting_get --app=$app --key=final_path) -# Add settings here as needed by your application -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$db_name -db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd) - #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= diff --git a/scripts/install b/scripts/install index 65b37f7..1503bdb 100755 --- a/scripts/install +++ b/scripts/install @@ -54,7 +54,6 @@ ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=admin --value=$admin ynh_app_setting_set --app=$app --key=is_public --value=$is_public #ynh_app_setting_set --app=$app --key=wiki_name --value=$wiki_name - ynh_app_setting_set --app=$app --key=language --value=$language #================================================= @@ -100,7 +99,7 @@ ynh_system_user_create --username=$app ynh_script_progression --message="Configuring PHP-FPM..." --weight=8 # Create a dedicated PHP-FPM config -ynh_add_fpm_config --phpversion=$YNH_PHP_VERSION --package="$extra_php_dependencies" +ynh_add_fpm_config --package="$extra_php_dependencies" phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= @@ -112,15 +111,10 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) # Set right permissions for cURL install chown -R $app: $final_path -# Set the app as temporarily public for curl call -ynh_script_progression --message="Configuring SSOwat..." --weight=2 +# Set the app as temporarily public for cURL call +ynh_permission_update --permission="main" --add="visitors" -ynh_permission_update --permission main --remove all_users --add visitors - -# Reload SSOwat config -yunohost app ssowatconf - -# Reload Nginx +# Reload NGINX ynh_systemd_action --service_name=nginx --action=reload # Installation with curl @@ -139,12 +133,6 @@ ynh_local_curl "/?PagePrincipale&installAction=install" "config[default_language # authorization of html ynh_replace_string --match_string="'allow_raw_html' => false," --replace_string="'allow_raw_html' => true," --target_file="$final_path/wakka.config.php" -# Remove the public access -if [ $is_public -eq 0 ] -then - ynh_permission_update --permission main --remove visitors --add all_users -fi - #================================================= # DOWNLOAD AND CONFIGURE LDAP PLUGIN #================================================= @@ -185,12 +173,12 @@ chown -R $app $final_path/{cache,files,themes,tools,wakka.config.php} #================================================= # SETUP SSOWAT #================================================= -ynh_script_progression --message="Configuring SSOwat..." --weight=1 +ynh_script_progression --message="Configuring permissions..." --weight=1 -# Make app public if necessary -if [ $is_public -eq 1 ] +# Make app public if necessary or protect it +if [ $is_public -eq 0 ] then - ynh_permission_update --permission main --add visitors + ynh_permission_update --permission="main" --remove="visitors" fi #================================================= diff --git a/scripts/restore b/scripts/restore index 5116ebe..f30f4b4 100755 --- a/scripts/restore +++ b/scripts/restore @@ -82,7 +82,7 @@ ynh_script_progression --message="Reconfiguring PHP-FPM..." --weight=11 ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" -ynh_add_fpm_config --phpversion=$YNH_PHP_VERSION --package="$extra_php_dependencies" +ynh_add_fpm_config --package="$extra_php_dependencies" #================================================= # SPECIFIC RESTORATION @@ -109,4 +109,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Restoration completed for YesWiki" --last \ No newline at end of file +ynh_script_progression --message="Restoration completed for YesWiki" --last diff --git a/scripts/upgrade b/scripts/upgrade index c83fea1..d5d0035 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -57,6 +57,13 @@ if [ -z "$final_path" ]; then ynh_app_setting_set --app=$app --key=final_path --value=$final_path fi +# Cleaning legacy permissions +if ynh_legacy_permissions_exists; then + ynh_legacy_permissions_delete_all + + ynh_app_setting_delete --app=$app --key=is_public +fi + #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= @@ -141,7 +148,7 @@ ynh_system_user_create --username=$app ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=5 # Create a dedicated PHP-FPM config -ynh_add_fpm_config --phpversion=$YNH_PHP_VERSION --package="$extra_php_dependencies" +ynh_add_fpm_config --package="$extra_php_dependencies" #================================================= # GENERIC FINALIZATION @@ -153,17 +160,6 @@ ynh_add_fpm_config --phpversion=$YNH_PHP_VERSION --package="$extra_php_dependenc chown -R root: $final_path chown -R $app $final_path/{cache,files,themes,tools,wakka.config.php} -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Upgrading SSOwat configuration..." --weight=1 -# Make app public if necessary -#if [ $is_public -eq 1 ] -#then - # unprotected_uris allows SSO credentials to be passed anyway - #ynh_permission_update --permission main --remove all_users --add visitors -#fi - #================================================= # RELOAD NGINX #================================================= From 2ef27041e369aed504d21e2a49a7872097e872e4 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Sat, 20 Feb 2021 16:19:31 +0100 Subject: [PATCH 2/5] Update check_process --- check_process | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/check_process b/check_process index ac8c5b6..5e7f084 100644 --- a/check_process +++ b/check_process @@ -36,5 +36,5 @@ Email= Notification=change ;;; Upgrade options ; commit=e530bfcf7508e42be1b73ff0dcac8ed72428381b - name=Name of this previous version + name=Merge pull request #19 from YunoHost-Apps/testing manifest_arg=domain=DOMAIN&path=PATH&admin=USER&password=password&is_public=1& From cf0d687078738cc061bad7ff62f2e4a2570382f2 Mon Sep 17 00:00:00 2001 From: Nils VAN ZUIJLEN Date: Fri, 16 Apr 2021 14:00:42 +0200 Subject: [PATCH 3/5] Remove is_public from stored settings --- scripts/install | 2 -- scripts/upgrade | 10 ---------- 2 files changed, 12 deletions(-) diff --git a/scripts/install b/scripts/install index 1503bdb..d989201 100755 --- a/scripts/install +++ b/scripts/install @@ -52,8 +52,6 @@ ynh_script_progression --message="Storing installation settings..." --weight=1 ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=admin --value=$admin -ynh_app_setting_set --app=$app --key=is_public --value=$is_public -#ynh_app_setting_set --app=$app --key=wiki_name --value=$wiki_name ynh_app_setting_set --app=$app --key=language --value=$language #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index d5d0035..49ee2b8 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -19,7 +19,6 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) admin=$(ynh_app_setting_get --app=$app --key=admin) -is_public=$(ynh_app_setting_get --app=$app --key=is_public) final_path=$(ynh_app_setting_get --app=$app --key=final_path) language=$(ynh_app_setting_get --app=$app --key=language) db_name=$(ynh_app_setting_get --app=$app --key=db_name) @@ -36,15 +35,6 @@ upgrade_type=$(ynh_check_app_version_changed) #================================================= ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 -# Fix is_public as a boolean value -if [ "$is_public" = "Yes" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=1 - is_public=1 -elif [ "$is_public" = "No" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=0 - is_public=0 -fi - # If db_name doesn't exist, create it if [ -z "$db_name" ]; then db_name=$(ynh_sanitize_dbid --db_name=$app) From edad028325b4d84d65c05e1696a5f6cfa2259b2c Mon Sep 17 00:00:00 2001 From: Nils VAN ZUIJLEN Date: Fri, 16 Apr 2021 14:01:03 +0200 Subject: [PATCH 4/5] Update yunohost minimum version --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index 8228627..7345d5d 100644 --- a/manifest.json +++ b/manifest.json @@ -15,7 +15,7 @@ "url": "https://www.plumf.eu" }, "requirements": { - "yunohost": ">= 3.8.1" + "yunohost": ">= 4.1.2" }, "multi_instance": true, "services": [ From adbbcee6992d860b815c753288ecbaf7b8ece03b Mon Sep 17 00:00:00 2001 From: Nils VAN ZUIJLEN Date: Fri, 16 Apr 2021 14:03:40 +0200 Subject: [PATCH 5/5] Block other users from accessing the $final_path --- scripts/install | 3 +++ scripts/restore | 3 +++ scripts/upgrade | 3 +++ 3 files changed, 9 insertions(+) diff --git a/scripts/install b/scripts/install index d989201..6b7513d 100755 --- a/scripts/install +++ b/scripts/install @@ -168,6 +168,9 @@ ynh_replace_string --match_string=");"\ chown -R root: $final_path chown -R $app $final_path/{cache,files,themes,tools,wakka.config.php} +chown $app:www-data $final_path +chmod o-rwx $final_path + #================================================= # SETUP SSOWAT #================================================= diff --git a/scripts/restore b/scripts/restore index f30f4b4..63cdb87 100755 --- a/scripts/restore +++ b/scripts/restore @@ -75,6 +75,9 @@ ynh_system_user_create --username=$app chown -R root: $final_path chown -R $app $final_path/{cache,files,themes,tools,wakka.config.php} +chown $app:www-data $final_path +chmod o-rwx $final_path + #================================================= # RESTORE THE PHP-FPM CONFIGURATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 49ee2b8..9ceaf98 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -150,6 +150,9 @@ ynh_add_fpm_config --package="$extra_php_dependencies" chown -R root: $final_path chown -R $app $final_path/{cache,files,themes,tools,wakka.config.php} +chown $app:www-data $final_path +chmod o-rwx $final_path + #================================================= # RELOAD NGINX #=================================================