diff --git a/check_process b/check_process index bed285c..9402294 100644 --- a/check_process +++ b/check_process @@ -1,5 +1,4 @@ ;; Test complet - auto_remove=1 ; Manifest domain="domain.tld" (DOMAIN) ; Checks @@ -14,7 +13,7 @@ multi_instance=0 incorrect_path=1 port_already_use=0 - change_url=0 + change_url=1 ;;; Levels Level 1=auto Level 2=auto diff --git a/conf/nginx.conf b/conf/nginx.conf index 4052523..e93892c 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -22,18 +22,6 @@ location /Microsoft-Server-ActiveSync { fastcgi_param HTTPS on; fastcgi_param SCRIPT_FILENAME $request_filename; - - #try_files $uri $uri/ index.php; - #rewrite ^(.*)$ __PATH__/index.php last; - #location ~ [^/]\.php(/|$) { - # fastcgi_split_path_info ^(.+?\.php)(/.*)$; - # fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock; - # fastcgi_index index.php; - # include fastcgi_params; - # fastcgi_param HTTPS on; - # fastcgi_read_timeout 630; - # fastcgi_param SCRIPT_FILENAME $request_filename; - #} ### End of PHP configuration part # Include SSOWAT user panel. @@ -65,4 +53,4 @@ location /autodiscover/autodiscover.xml { include fastcgi_params; fastcgi_param HTTPS on; fastcgi_param SCRIPT_FILENAME $request_filename; -} \ No newline at end of file +} diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index fc00228..b0fbc17 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -1,10 +1,11 @@ ; Start a new pool named 'www'. -; the variable $pool can we used in any directive and will be replaced by the +; the variable $pool can be used in any directive and will be replaced by the ; pool name ('www' here) [__NAMETOCHANGE__] ; Per pool prefix ; It only applies on the following directives: +; - 'access.log' ; - 'slowlog' ; - 'listen' (unixsocket) ; - 'chroot' @@ -19,24 +20,24 @@ ; Unix user/group of processes ; Note: The user is mandatory. If the group is not set, the default user's group ; will be used. -;user = __USER__ -;group = __USER__ user = www-data group = www-data ; The address on which to accept FastCGI requests. ; Valid syntaxes are: -; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on ; a specific port; -; 'port' - to listen on a TCP socket to all addresses on a -; specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; ; '/path/to/unix/socket' - to listen on a unix socket. ; Note: This value is mandatory. -listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock +listen = /var/run/php/php7.0-fpm-__NAMETOCHANGE__.sock -; Set listen(2) backlog. A value of '-1' means unlimited. -; Default Value: 128 (-1 on FreeBSD and OpenBSD) -;listen.backlog = 128 +; Set listen(2) backlog. +; Default Value: 511 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 511 ; Set permissions for unix socket, if one is used. In Linux, read/write ; permissions must be set in order to allow connections from a web server. Many @@ -46,8 +47,13 @@ listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock listen.owner = www-data listen.group = www-data listen.mode = 0660 +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = -; List of ipv4 addresses of FastCGI clients which are allowed to connect. +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original ; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address ; must be separated by a comma. If this value is left blank, connections will be @@ -61,7 +67,13 @@ listen.mode = 0660 ; - The pool processes will inherit the master process priority ; unless it specified otherwise ; Default Value: no set -; priority = -19 +; process.priority = -19 + +; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user +; or group is differrent than the master process user. It allows to create process +; core dump and ptrace the process for the pool user. +; Default Value: no +; process.dumpable = yes ; Choose how the process manager will control the number of child processes. ; Possible Values: @@ -217,7 +229,7 @@ pm.max_requests = 0 ; last request memory: 0 ; ; Note: There is a real-time FPM status monitoring sample web page available -; It's available in: ${prefix}/share/fpm/status.html +; It's available in: /usr/share/php/7.0/fpm/status.html ; ; Note: The value must start with a leading slash (/). The value can be ; anything, but it may not be a good idea to use the .php extension or it @@ -277,7 +289,7 @@ ping.path = /ping ; - %{megabytes}M ; - %{mega}M ; %n: pool name -; %o: ouput header +; %o: output header ; it must be associated with embraces to specify the name of the header: ; - %{Content-Type}o ; - %{X-Powered-By}o @@ -293,9 +305,13 @@ ping.path = /ping ; %t: server time the request was received ; it can accept a strftime(3) format: ; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t ; %T: time the log has been written (the request has finished) ; it can accept a strftime(3) format: ; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t ; %u: remote user ; ; Default: "%R - %u %t \"%m %r\" %s" @@ -351,13 +367,22 @@ chdir = __FINALPATH__ ; Default Value: no catch_workers_output = yes +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no + ; Limits the extensions of the main script FPM will allow to parse. This can ; prevent configuration mistakes on the web server side. You should only limit ; FPM to .php extensions to prevent malicious users to use other extensions to -; exectute php code. +; execute php code. ; Note: set an empty value to allow all extensions. ; Default Value: .php -;security.limit_extensions = .php .php3 .php4 .php5 +;security.limit_extensions = .php .php3 .php4 .php5 .php7 ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from ; the current environment. @@ -402,4 +427,3 @@ php_admin_value[max_execution_time] = 600 php_admin_value[max_input_time] = 300 php_admin_value[memory_limit] = 256M php_admin_flag[short_open_tag] = On - diff --git a/manifest.json b/manifest.json index 0f51ff1..e32102a 100644 --- a/manifest.json +++ b/manifest.json @@ -13,7 +13,7 @@ "name": "beudbeud, polytan02" }, "requirements": { - "yunohost": ">=2.4.0" + "yunohost": ">= 3.4" }, "multi_instance": false, "services": [ diff --git a/scripts/_common.sh b/scripts/_common.sh index bb04a03..944a65e 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,13 +1,17 @@ #!/bin/bash -# ============= FUTURE YUNOHOST HELPER ============= -# Delete a file checksum from the app settings -# -# $app should be defined when calling this helper -# -# usage: ynh_remove_file_checksum file -# | arg: file - The file for which the checksum will be deleted -ynh_delete_file_checksum () { - local checksum_setting_name=checksum_${1//[\/ ]/_} # Replace all '/' and ' ' by '_' - ynh_app_setting_delete $app $checksum_setting_name -} \ No newline at end of file +#================================================= +# COMMON VARIABLES +#================================================= + +#================================================= +# PERSONAL HELPERS +#================================================= + +#================================================= +# EXPERIMENTAL HELPERS +#================================================= + +#================================================= +# FUTURE OFFICIAL HELPERS +#================================================= diff --git a/scripts/backup b/scripts/backup index 768e057..5c28bfb 100755 --- a/scripts/backup +++ b/scripts/backup @@ -23,12 +23,12 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= +ynh_print_info "Loading installation settings..." app=$YNH_APP_INSTANCE_NAME final_path=$(ynh_app_setting_get $app final_path) domain=$(ynh_app_setting_get $app domain) -#db_name=$(ynh_app_setting_get $app db_name) config_path=$(ynh_app_setting_get $app config_path) state_path=$(ynh_app_setting_get $app state_path) log_path=$(ynh_app_setting_get $app log_path) @@ -38,6 +38,7 @@ log_path=$(ynh_app_setting_get $app log_path) #================================================= # BACKUP THE APP MAIN DIR #================================================= +ynh_print_info "Backing up the main app directory..." ynh_backup "$final_path" @@ -50,37 +51,28 @@ ynh_backup "$state_path" #================================================= # BACKUP THE NGINX CONFIGURATION #================================================= +ynh_print_info "Backing up nginx web server configuration..." ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # BACKUP THE PHP-FPM CONFIGURATION #================================================= +ynh_print_info "Backing up php-fpm configuration..." ynh_backup "/etc/php5/fpm/pool.d/$app.conf" -#================================================= -# BACKUP THE MYSQL DATABASE -#================================================= - -#ynh_mysql_dump_db "$db_name" > db.sql - #================================================= # SPECIFIC BACKUP #================================================= # BACKUP LOGROTATE #================================================= +ynh_print_info "Backing up logrotate configuration..." ynh_backup "/etc/logrotate.d/$app" #================================================= -# BACKUP SYSTEMD +# END OF SCRIPT #================================================= -#ynh_backup "/etc/systemd/system/$app.service" - -#================================================= -# BACKUP A CRON FILE -#================================================= - -#ynh_backup "/etc/cron.d/$app" \ No newline at end of file +ynh_print_info "Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." diff --git a/scripts/change_url b/scripts/change_url index f71fc77..4fc9c72 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -24,6 +24,7 @@ app=$YNH_APP_INSTANCE_NAME #================================================= # LOAD SETTINGS #================================================= +ynh_print_info "Loading installation settings..." # Needed for helper "ynh_add_nginx_config" final_path=$(ynh_app_setting_get $app final_path) @@ -62,6 +63,7 @@ fi #================================================= # MODIFY URL IN NGINX CONF #================================================= +ynh_print_info "Updating nginx web server configuration..." nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf @@ -87,16 +89,17 @@ then ynh_store_file_checksum "/etc/nginx/conf.d/$new_domain.d/$app.conf" fi -#================================================= -# SPECIFIC MODIFICATIONS -#================================================= -# ... -#================================================= - #================================================= # GENERIC FINALISATION #================================================= # RELOAD NGINX #================================================= +ynh_print_info "Reloading nginx web server..." systemctl reload nginx + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Change of URL completed for $app" diff --git a/scripts/install b/scripts/install index 57c52b2..e604db1 100755 --- a/scripts/install +++ b/scripts/install @@ -26,10 +26,7 @@ ynh_abort_if_errors domain=$YNH_APP_ARG_DOMAIN path_url="/" -#admin=$YNH_APP_ARG_ADMIN is_public="1" -#language=$YNH_APP_ARG_LANGUAGE -#password=$YNH_APP_ARG_PASSWORD path_url_activesync="/Microsoft-Server-ActiveSync" path_url_autodiscover1="/AutoDiscover" @@ -37,29 +34,19 @@ path_url_autodiscover2="/Autodiscover" path_url_autodiscover3="/autodiscover" -### If it's a multi-instance app, meaning it can be installed several times independently -### The id of the app as stated in the manifest is available as $YNH_APP_ID -### The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2", ...) -### The app instance name is available as $YNH_APP_INSTANCE_NAME -### - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample -### - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2 -### - ynhexample__{N} for the subsequent installations, with N=3,4, ... -### The app instance name is probably what interests you most, since this is -### guaranteed to be unique. This is a good unique identifier to define installation path, -### db names, ... app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= +ynh_print_info "Validating installation parameters..." -### If the app uses nginx as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app". -### If the app provides an internal web server (or uses another application server such as uwsgi), the final path should be "/opt/yunohost/$app" final_path=/usr/share/z-push config_path=/etc/z-push state_path=/var/lib/z-push log_path=/var/log/z-push -#test ! -e "$final_path" || ynh_die "This path already contains a folder" + +test ! -e "$final_path" || ynh_die "This path already contains a folder" # Normalize the url path syntax path_url=$(ynh_normalize_url_path $path_url) @@ -70,40 +57,22 @@ ynh_webpath_register $app $domain $path_url_activesync #================================================= # STORE SETTINGS FROM MANIFEST #================================================= +ynh_print_info "Storing installation settings..." ynh_app_setting_set $app domain $domain ynh_app_setting_set $app path $path_url -#ynh_app_setting_set $app admin $admin ynh_app_setting_set $app is_public $is_public -#ynh_app_setting_set $app language $language +ynh_app_setting_set $app final_path $final_path +ynh_app_setting_set $app config_path $config_path +ynh_app_setting_set $app state_path $state_path +ynh_app_setting_set $app log_path $log_path #================================================= # STANDARD MODIFICATIONS -#================================================= -# FIND AND OPEN A PORT -#================================================= - -### Use these lines if you have to open a port for the application -### `ynh_find_port` will find the first available port starting from the given port. -### If you're not using these lines: -### - Remove the section "CLOSE A PORT" in the remove script - -# Find a free port -#port=$(ynh_find_port 8095) -# Open this port -#yunohost firewall allow --no-upnp TCP $port 2>&1 -#ynh_app_setting_set $app port $port - #================================================= # INSTALL DEPENDENCIES #================================================= - -### `ynh_install_app_dependencies` allows you to add any "apt" dependencies to the package. -### Those deb packages will be installed as dependencies of this package. -### If you're not using this helper: -### - Remove the section "REMOVE DEPENDENCIES" in the remove script -### - As well as the section "REINSTALL DEPENDENCIES" in the restore script -### - And the section "UPGRADE DEPENDENCIES" in the upgrade script +ynh_print_info "Installing dependencies..." echo "deb http://repo.z-hub.io/z-push:/final/Debian_9.0/ /" | tee /etc/apt/sources.list.d/z-push.list wget -qO - http://repo.z-hub.io/z-push:/final/Debian_9.0/Release.key | sudo apt-key add - @@ -111,134 +80,26 @@ yunohost tools update ynh_install_app_dependencies z-push-common z-push-backend-caldav z-push-backend-carddav z-push-backend-combined z-push-backend-imap z-push-backend-ldap z-push-backend-galsearch-ldap z-push-autodiscover ynh_install_app_dependencies php-memcached php-cli php-soap -#================================================= -# CREATE A MYSQL DATABASE -#================================================= - -### Use these lines if you need a database for the application. -### `ynh_mysql_setup_db` will create a database, an associated user and a ramdom password. -### The password will be stored as 'mysqlpwd' into the app settings, -### and will be available as $db_pwd -### If you're not using these lines: -### - Remove the section "BACKUP THE MYSQL DATABASE" in the backup script -### - Remove also the section "REMOVE THE MYSQL DATABASE" in the remove script -### - As well as the section "RESTORE THE MYSQL DATABASE" in the restore script - -#db_name=$(ynh_sanitize_dbid $app) -#ynh_app_setting_set $app db_name $db_name -#ynh_mysql_setup_db $db_name $db_name - -#================================================= -# DOWNLOAD, CHECK AND UNPACK SOURCE -#================================================= - -### `ynh_setup_source` is used to install an app from a zip or tar.gz file, -### downloaded from an upstream source, like a git repository. -### `ynh_setup_source` use the file conf/app.src - -ynh_app_setting_set $app final_path $final_path -ynh_app_setting_set $app config_path $config_path -ynh_app_setting_set $app state_path $state_path -ynh_app_setting_set $app log_path $log_path -# Download, check integrity, uncompress and patch the source from app.src -#ynh_setup_source "$final_path" - #================================================= # NGINX CONFIGURATION #================================================= - -### `ynh_add_nginx_config` will use the file conf/nginx.conf +ynh_print_info "Configuring nginx web server..." # Create a dedicated nginx config ynh_add_nginx_config -#================================================= -# CREATE DEDICATED USER -#================================================= - -# Create a system user -# ynh_system_user_create $app - #================================================= # PHP-FPM CONFIGURATION #================================================= - -### `ynh_add_fpm_config` is used to set up a PHP config. -### You can remove it if your app doesn't use PHP. -### `ynh_add_fpm_config` will use the files conf/php-fpm.conf and conf/php-fpm.ini -### If you're not using these lines: -### - You can remove these files in conf/. -### - Remove the section "BACKUP THE PHP-FPM CONFIGURATION" in the backup script -### - Remove also the section "REMOVE PHP-FPM CONFIGURATION" in the remove script -### - As well as the section "RESTORE THE PHP-FPM CONFIGURATION" in the restore script -### With the reload at the end of the script. -### - And the section "PHP-FPM CONFIGURATION" in the upgrade script +ynh_print_info "Configuring php-fpm..." # Create a dedicated php-fpm config ynh_add_fpm_config -#================================================= -# SPECIFIC SETUP -#================================================= -# ... -#================================================= - -#================================================= -# SETUP SYSTEMD -#================================================= - -### `ynh_systemd_config` is used to configure a systemd script for an app. -### It can be used for apps that use sysvinit (with adaptation) or systemd. -### Have a look at the app to be sure this app needs a systemd script. -### `ynh_systemd_config` will use the file conf/systemd.service -### If you're not using these lines: -### - You can remove those files in conf/. -### - Remove the section "BACKUP SYSTEMD" in the backup script -### - Remove also the section "STOP AND REMOVE SERVICE" in the remove script -### - As well as the section "RESTORE SYSTEMD" in the restore script -### - And the section "SETUP SYSTEMD" in the upgrade script - -# Create a dedicated systemd config -#ynh_add_systemd_config - -#================================================= -# SETUP APPLICATION WITH CURL -#================================================= - -### Use these lines only if the app installation needs to be finalized through -### web forms. We generally don't want to ask the final user, -### so we're going to use curl to automatically fill the fields and submit the -### forms. - -# Set right permissions for curl install -#chown -R $app: $final_path - -# Set the app as temporarily public for curl call -#ynh_app_setting_set $app skipped_uris "/" -# Reload SSOwat config -#yunohost app ssowatconf - -# Reload Nginx -#systemctl reload nginx - -# Installation with curl -#ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3" - -# Remove the public access -#if [ $is_public -eq 0 ] -#then -# ynh_app_setting_delete $app skipped_uris -#fi - #================================================= # MODIFY A CONFIG FILE #================================================= -### `ynh_replace_string` is used to replace a string in a file. -### (It's compatible with sed regular expressions syntax) - -#ynh_replace_string "match_string" "replace_string" "$final_path/conf/config.php" - sudo cp ../conf/policies.ini $config_path/policies.ini sudo cp ../conf/z-push.conf.php $config_path/z-push.conf.php sudo cp ../conf/galsearch-ldap.conf.php $config_path/galsearch-ldap.conf.php @@ -338,26 +199,15 @@ ynh_store_file_checksum "$config_path/autodiscover.conf.php" # SECURE FILES AND DIRECTORIES #================================================= -### For security reason, any app should set the permissions to root: before anything else. -### Then, if write authorization is needed, any access should be given only to directories -### that really need such authorization. - # Set permissions to app files -#chown -R www-data: $final_path +chown -R www-data:www-data $final_path chown -R www-data:www-data $log_path chown -R www-data:www-data $state_path #================================================= # SETUP LOGROTATE #================================================= - -### `ynh_use_logrotate` is used to configure a logrotate configuration for the logs of this app. -### Use this helper only if there is effectively a log file for this app. -### If you're not using this helper: -### - Remove the section "BACKUP LOGROTATE" in the backup script -### - Remove also the section "REMOVE LOGROTATE CONFIGURATION" in the remove script -### - As well as the section "RESTORE THE LOGROTATE CONFIGURATION" in the restore script -### - And the section "SETUP LOGROTATE" in the upgrade script +ynh_print_info "Configuring log rotation..." # Use logrotate to manage application logfile(s) ynh_use_logrotate @@ -366,14 +216,6 @@ ynh_use_logrotate # ADVERTISE SERVICE IN ADMIN PANEL #================================================= -### `yunohost service add` is a CLI yunohost command to add a service in the admin panel. -### You'll find the service in the 'services' section of YunoHost admin panel. -### This CLI command would be useless if the app does not have any services (systemd or sysvinit) -### If you're not using these lines: -### - You can remove these files in conf/. -### - Remove the section "REMOVE SERVICE FROM ADMIN PANEL" in the remove script -### - As well as the section ADVERTISE SERVICE IN ADMIN PANEL" in the restore script - #yunohost service add $app --log "/var/log/$app/APP.log" # if using yunohost version 3.2 or more in the 'manifest.json', a description can be added #yunohost service add $app --description "$app daemon for XXX" --log "/var/log/$app/$app.log" @@ -381,18 +223,24 @@ ynh_use_logrotate #================================================= # SETUP SSOWAT #================================================= +ynh_print_info "Configuring SSOwat..." # Make app public if necessary if [ $is_public -eq 1 ] then # unprotected_uris allows SSO credentials to be passed anyway. - #ynh_app_setting_set $app unprotected_uris "/" - ynh_app_setting_set $app skipped_uris "$path_url_activesync,$path_url_autodiscover1,$path_url_autodiscover2,$path_url_autodiscover1" + ynh_app_setting_set $app unprotected_uris "/" fi #================================================= # RELOAD NGINX #================================================= +ynh_print_info "Reloading nginx web server..." systemctl reload nginx +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Installation of $app completed" diff --git a/scripts/remove b/scripts/remove index dc5baa9..18215c9 100755 --- a/scripts/remove +++ b/scripts/remove @@ -12,55 +12,32 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= +ynh_print_info "Loading installation settings..." app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get $app domain) -#port=$(ynh_app_setting_get $app port) -#db_name=$(ynh_app_setting_get $app db_name) -#db_user=$db_name final_path=$(ynh_app_setting_get $app final_path) config_path=$(ynh_app_setting_get $app config_path) state_path=$(ynh_app_setting_get $app state_path) +log_path=$(ynh_app_setting_get $app log_path) #================================================= # STANDARD REMOVE -#================================================= -# REMOVE SERVICE FROM ADMIN PANEL -#================================================= - -# Remove a service from the admin panel, added by `yunohost service add` -#if yunohost service status | grep -q $app -#then -# echo "Remove $app service" -# yunohost service remove $app -#fi -#================================================= -# STOP AND REMOVE SERVICE -#================================================= - -# Remove the dedicated systemd config -#ynh_remove_systemd_config - #================================================= # REMOVE DEPENDENCIES #================================================= +ynh_print_info "Removing dependencies" # Remove metapackage and its dependencies ynh_remove_app_dependencies ynh_secure_remove "/etc/apt/sources.list.d/z-push.list" -#================================================= -# REMOVE THE MYSQL DATABASE -#================================================= - -# Remove a database if it exists, along with the associated user -#ynh_mysql_remove_db $db_user $db_name - #================================================= # REMOVE APP MAIN DIR #================================================= +ynh_print_info "Removing app main directory" # Remove the app directory securely ynh_secure_remove "$final_path" @@ -68,6 +45,7 @@ ynh_secure_remove "$final_path" #================================================= # REMOVE NGINX CONFIGURATION #================================================= +ynh_print_info "Removing nginx web server configuration" # Remove the dedicated nginx config ynh_remove_nginx_config @@ -75,6 +53,7 @@ ynh_remove_nginx_config #================================================= # REMOVE PHP-FPM CONFIGURATION #================================================= +ynh_print_info "Removing php-fpm configuration" # Remove the dedicated php-fpm config ynh_remove_fpm_config @@ -82,47 +61,30 @@ ynh_remove_fpm_config #================================================= # REMOVE LOGROTATE CONFIGURATION #================================================= +ynh_print_info "Removing logrotate configuration" # Remove the app-specific logrotate config ynh_remove_logrotate -#================================================= -# CLOSE A PORT -#================================================= - -#if yunohost firewall list | grep -q "\- $port$" -#then -# echo "Close port $port" >&2 -# yunohost firewall disallow TCP $port 2>&1 -#fi - #================================================= # SPECIFIC REMOVE #================================================= # REMOVE THE CRON FILE #================================================= -# Remove a cron file -#ynh_secure_remove "/etc/cron.d/$app" - # Remove a directory securely -ynh_secure_remove "/etc/$app/" +ynh_secure_remove "$config_path" # Remove the log files -ynh_secure_remove "/var/log/$app/" +ynh_secure_remove "$log_path" # Remove the statedir ynh_secure_remove "$state_path" -ynh_secure_remove "$config_path" -ynh_secure_remove /etc/apt/sources.list.d/z-push.list - -yunohost service start php7.0-fpm #================================================= # GENERIC FINALIZATION #================================================= -# REMOVE DEDICATED USER +# END OF SCRIPT #================================================= -# Delete a system user -#ynh_system_user_delete $app \ No newline at end of file +ynh_print_info "Removal of $app completed" diff --git a/scripts/restore b/scripts/restore index 9dc212b..1d7d726 100755 --- a/scripts/restore +++ b/scripts/restore @@ -23,6 +23,7 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= +ynh_print_info "Loading settings..." app=$YNH_APP_INSTANCE_NAME @@ -36,6 +37,7 @@ log_path=$(ynh_app_setting_get $app log_path) #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= +ynh_print_info "Validating restoration parameters..." ynh_webpath_available $domain $path_url \ || ynh_die "Path not available: ${domain}${path_url}" @@ -53,23 +55,15 @@ ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # RESTORE THE APP MAIN DIR #================================================= +ynh_print_info "Restoring the app main directory..." ynh_restore_file "$final_path" -#================================================= -# RESTORE THE MYSQL DATABASE -#================================================= +# Restore config +ynh_restore_file "$config_path" -#db_pwd=$(ynh_app_setting_get $app mysqlpwd) -#ynh_mysql_setup_db $db_name $db_name $db_pwd -#ynh_mysql_connect_as $db_name $db_pwd $db_name < ./db.sql - -#================================================= -# RECREATE THE DEDICATED USER -#================================================= - -# Create the dedicated user (if not existing) -#ynh_system_user_create $app +# Restore state +ynh_restore_file "$state_path" #================================================= # RESTORE USER RIGHTS @@ -77,12 +71,14 @@ ynh_restore_file "$final_path" # Restore permissions on app files chown -R www-data:www-data $final_path +chown -R www-data:www-data $log_path +chown -R www-data:www-data $state_path #================================================= # RESTORE THE PHP-FPM CONFIGURATION #================================================= -ynh_restore_file "/etc/php5/fpm/pool.d/$app.conf" +ynh_restore_file "/etc/php/7.0/fpm/pool.d/$app.conf" #================================================= # SPECIFIC RESTORATION @@ -97,32 +93,6 @@ yunohost tools update ynh_install_app_dependencies z-push-common z-push-backend-caldav z-push-backend-carddav z-push-backend-combined z-push-backend-imap z-push-backend-ldap z-push-backend-galsearch-ldap z-push-autodiscover ynh_install_app_dependencies php-memcached php-cli php-soap -# Restore statedir -ynh_restore_file "$config_path" - -# Restore logs, data & permissions -ynh_restore_file "$state_path" - - -#================================================= -# RESTORE SYSTEMD -#================================================= - -#ynh_restore_file "/etc/systemd/system/$app.service" -#systemctl enable $app.service - -#================================================= -# ADVERTISE SERVICE IN ADMIN PANEL -#================================================= - -#yunohost service add $app --log "/var/log/$app/APP.log" - -#================================================= -# RESTORE THE CRON FILE -#================================================= - -#ynh_restore_file "/etc/cron.d/$app" - #================================================= # RESTORE THE LOGROTATE CONFIGURATION #================================================= @@ -134,6 +104,13 @@ ynh_restore_file "/etc/logrotate.d/$app" #================================================= # RELOAD NGINX AND PHP-FPM #================================================= +ynh_print_info "Reloading nginx web server and php-fpm..." -systemctl reload php5-fpm +systemctl reload php7.0-fpm systemctl reload nginx + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Restoration completed for $app" diff --git a/scripts/upgrade b/scripts/upgrade index aee50eb..81a1708 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -12,6 +12,7 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= +ynh_print_info "Loading installation settings..." app=$YNH_APP_INSTANCE_NAME @@ -23,17 +24,10 @@ config_path=$(ynh_app_setting_get $app config_path) state_path=$(ynh_app_setting_get $app state_path) log_path=$(ynh_app_setting_get $app log_path) -config_path=/etc/z-push -state_path=/var/lib/z-push -log_path=/var/log/z-push - -ynh_app_setting_set $app config_path $config_path -ynh_app_setting_set $app state_path $state_path -ynh_app_setting_set $app log_path $log_path - #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= +ynh_print_info "Ensuring downward compatibility..." # Fix is_public as a boolean value if [ "$is_public" = "Yes" ]; then @@ -56,9 +50,20 @@ if [ -z $final_path ]; then ynh_app_setting_set $app final_path $final_path fi + +config_path=/etc/z-push +state_path=/var/lib/z-push +log_path=/var/log/z-push + +ynh_app_setting_set $app config_path $config_path +ynh_app_setting_set $app state_path $state_path +ynh_app_setting_set $app log_path $log_path + + #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= +ynh_print_info "Backing up the app before upgrading (may take a while)..." # Backup the current version of the app ynh_backup_before_upgrade @@ -78,16 +83,10 @@ path_url=$(ynh_normalize_url_path $path_url) #================================================= # STANDARD UPGRADE STEPS -#================================================= -# DOWNLOAD, CHECK AND UNPACK SOURCE -#================================================= - -# Download, check integrity, uncompress and patch the source from app.src -#ynh_setup_source "$final_path" - #================================================= # NGINX CONFIGURATION #================================================= +ynh_print_info "Upgrading nginx web server configuration..." # Create a dedicated nginx config ynh_add_nginx_config @@ -95,6 +94,7 @@ ynh_add_nginx_config #================================================= # UPGRADE DEPENDENCIES #================================================= +ynh_print_info "Upgrading dependencies..." echo "deb http://repo.z-hub.io/z-push:/final/Debian_9.0/ /" | tee /etc/apt/sources.list.d/z-push.list wget -qO - http://repo.z-hub.io/z-push:/final/Debian_9.0/Release.key | sudo apt-key add - @@ -103,16 +103,10 @@ ynh_install_app_dependencies z-push-common z-push-backend-caldav z-push-backend- ynh_install_app_dependencies php-memcached php-cli php-soap -#================================================= -# CREATE DEDICATED USER -#================================================= - -# Create a dedicated user (if not existing) -#ynh_system_user_create $app - #================================================= # PHP-FPM CONFIGURATION #================================================= +ynh_print_info "Upgrading php-fpm configuration..." # Create a dedicated php-fpm config ynh_add_fpm_config @@ -120,7 +114,7 @@ ynh_add_fpm_config #================================================= # SPECIFIC UPGRADE #================================================= -# ... +# MODIFY A CONFIG FILE #================================================= sudo cp ../conf/policies.ini $config_path/policies.ini @@ -205,12 +199,11 @@ fi # Fixstates to avoid full resync of devices after version upgrades sudo $final_path/z-push-admin.php -a fixstates -### Verify the checksum of a file, stored by `ynh_store_file_checksum` in the install script. -### And create a backup of this file if the checksum is different. So the file will be backed up if the admin had modified it. ynh_backup_if_checksum_is_different "$config_path/policies.ini" ynh_backup_if_checksum_is_different "$config_path/z-push.conf.php" ynh_backup_if_checksum_is_different "$config_path/galsearch-ldap.conf.php" ynh_backup_if_checksum_is_different "$config_path/autodiscover.conf.php" + # Recalculate and store the checksum of the file for the next upgrade. ynh_store_file_checksum "$config_path/policies.ini" ynh_store_file_checksum "$config_path/z-push.conf.php" @@ -220,17 +213,11 @@ ynh_store_file_checksum "$config_path/autodiscover.conf.php" #================================================= # SETUP LOGROTATE #================================================= +ynh_print_info "Upgrading logrotate configuration..." # Use logrotate to manage app-specific logfile(s) ynh_use_logrotate --non-append -#================================================= -# SETUP SYSTEMD -#================================================= - -# Create a dedicated systemd config -#ynh_add_systemd_config - #================================================= # GENERIC FINALIZATION #================================================= @@ -238,13 +225,14 @@ ynh_use_logrotate --non-append #================================================= # Set permissions on app files -#chown -R root: $final_path +chown -R www-data:www-data $final_path chown -R www-data:www-data $log_path chown -R www-data:www-data $state_path #================================================= # SETUP SSOWAT #================================================= +ynh_print_info "Upgrading SSOwat configuration..." # Make app public if necessary if [ $is_public -eq 1 ] @@ -256,9 +244,12 @@ fi #================================================= # RELOAD NGINX #================================================= +ynh_print_info "Reloading nginx web server..." -systemctl reload php5-fpm systemctl reload nginx +#================================================= +# END OF SCRIPT +#================================================= - +ynh_print_info "Upgrade of $app completed" diff --git a/scripts/ynh_add_secure_repos__2 b/scripts/ynh_add_secure_repos__2 new file mode 100644 index 0000000..51a9f1b --- /dev/null +++ b/scripts/ynh_add_secure_repos__2 @@ -0,0 +1,166 @@ +#!/bin/bash + +# Pin a repository. +# +# usage: ynh_pin_repo --package=packages --pin=pin_filter --priority=priority_value [--name=name] [--append] +# | arg: -p, --package - Packages concerned by the pin. Or all, *. +# | arg: -i, --pin - Filter for the pin. +# | arg: -p, --priority - Priority for the pin +# | arg: -n, --name - Name for the files for this repo, $app as default value. +# | arg: -a, --append - Do not overwrite existing files. +# +# See https://manpages.debian.org/stretch/apt/apt_preferences.5.en.html for information about pinning. +# +ynh_pin_repo () { + # Declare an array to define the options of this helper. + local legacy_args=pirna + declare -Ar args_array=( [p]=package= [i]=pin= [r]=priority= [n]=name= [a]=append ) + local package + local pin + local priority + local name + local append + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + package="${package:-*}" + priority=${priority:-50} + name="${name:-$app}" + append=${append:-0} + + if [ $append -eq 1 ] + then + append="tee -a" + else + append="tee" + fi + + mkdir -p "/etc/apt/preferences.d" + echo "Package: $package +Pin: $pin +Pin-Priority: $priority" \ + | $append "/etc/apt/preferences.d/$name" +} + +# Add a repository. +# +# usage: ynh_add_repo --uri=uri --suite=suite --component=component [--name=name] [--append] +# | arg: -u, --uri - Uri of the repository. +# | arg: -s, --suite - Suite of the repository. +# | arg: -c, --component - Component of the repository. +# | arg: -n, --name - Name for the files for this repo, $app as default value. +# | arg: -a, --append - Do not overwrite existing files. +# +# Example for a repo like deb http://forge.yunohost.org/debian/ stretch stable +# uri suite component +# ynh_add_repo --uri=http://forge.yunohost.org/debian/ --suite=stretch --component=stable +# +ynh_add_repo () { + # Declare an array to define the options of this helper. + local legacy_args=uscna + declare -Ar args_array=( [u]=uri= [s]=suite= [c]=component= [n]=name= [a]=append ) + local uri + local suite + local component + local name + local append + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + name="${name:-$app}" + append=${append:-0} + + if [ $append -eq 1 ] + then + append="tee -a" + else + append="tee" + fi + + mkdir -p "/etc/apt/sources.list.d" + # Add the new repo in sources.list.d + echo "deb $uri $suite $component" \ + | $append "/etc/apt/sources.list.d/$name.list" +} + +# Add an extra repository correctly, pin it and get the key. +# +# usage: ynh_install_extra_repo --repo="repo" [--key=key_url] [--name=name] [--append] +# | arg: -r, --repo - Complete url of the extra repository. +# | arg: -k, --key - url to get the public key. +# | arg: -n, --name - Name for the files for this repo, $app as default value. +# | arg: -a, --append - Do not overwrite existing files. +ynh_install_extra_repo () { + # Declare an array to define the options of this helper. + local legacy_args=rkna + declare -Ar args_array=( [r]=repo= [k]=key= [n]=name= [a]=append ) + local repo + local key + local name + local append + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + name="${name:-$app}" + append=${append:-0} + key=${key:-0} + + if [ $append -eq 1 ] + then + append="--append" + wget_append="tee -a" + else + append="" + wget_append="tee" + fi + + # Split the repository into uri, suite and components. + # Remove "deb " at the beginning of the repo. + repo="${repo#deb }" + + # Get the uri + local uri="$(echo "$repo" | awk '{ print $1 }')" + + # Get the suite + local suite="$(echo "$repo" | awk '{ print $2 }')" + + # Get the components + local component="${repo##$uri $suite }" + + # Add the repository into sources.list.d + ynh_add_repo --uri="$uri" --suite="$suite" --component="$component" --name="$name" $append + + # Pin the new repo with the default priority, so it won't be used for upgrades. + # Build $pin from the uri without http and any sub path + local pin="${uri#*://}" + pin="${pin%%/*}" + ynh_pin_repo --package="*" --pin="origin \"$pin\"" --name="$name" $append + + # Get the public key for the repo + if [ -n "$key" ] + then + mkdir -p "/etc/apt/trusted.gpg.d" + wget -q "$key" -O - | $wget_append /etc/apt/trusted.gpg.d/$name.gpg + fi + + # Update the list of package with the new repo + ynh_package_update +} + +# Remove an extra repository and the assiociated configuration. +# +# usage: ynh_remove_extra_repo [--name=name] +# | arg: -n, --name - Name for the files for this repo, $app as default value. +ynh_remove_extra_repo () { + # Declare an array to define the options of this helper. + local legacy_args=n + declare -Ar args_array=( [n]=name= ) + local name + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + name="${name:-$app}" + + ynh_secure_remove "/etc/apt/sources.list.d/$name.list" + ynh_secure_remove "/etc/apt/preferences.d/$name" + ynh_secure_remove "/etc/apt/trusted.gpg.d/$name.gpg" + + # Update the list of package to exclude the old repo + ynh_package_update +}