diff --git a/check_process b/check_process index aa24d7a..7500154 100644 --- a/check_process +++ b/check_process @@ -14,11 +14,8 @@ upgrade=1 from_commit=42913fc917c98766b0cbba47a3b40148dffaac58 backup_restore=1 multi_instance=1 - incorrect_path=1 port_already_use=0 change_url=1 -;;; Levels - Level 5=auto ;;; Options Email= Notification=none diff --git a/conf/app.src b/conf/app.src index a8046ef..d7455bc 100644 --- a/conf/app.src +++ b/conf/app.src @@ -4,3 +4,4 @@ SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true SOURCE_FILENAME= +SOURCE_EXTRACT=true diff --git a/conf/nginx.conf b/conf/nginx.conf index a1ccb61..556b622 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -2,7 +2,7 @@ location __PATH__/ { # Path to source - alias __FINALPATH__/; + alias __FINALPATH__/ ; # Force usage of https if ($scheme = http) { @@ -11,6 +11,9 @@ location __PATH__/ { index index.php; + # Common parameter to increase upload size limit in conjunction with dedicated php-fpm file + #client_max_body_size 50M; + try_files $uri $uri/ index.php; location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; @@ -18,8 +21,8 @@ location __PATH__/ { fastcgi_index index.php; include fastcgi_params; - fastcgi_param REMOTE_USER $remote_user; - fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param REMOTE_USER $remote_user; + fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $request_filename; } diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index 61b251f..b4c2372 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -419,8 +419,8 @@ chdir = __FINALPATH__ ;php_admin_value[memory_limit] = 32M ; Common values to change to increase file upload limit -; php_admin_value[upload_max_filesize] = 50M -; php_admin_value[post_max_size] = 50M +php_admin_value[upload_max_filesize] = 50M +php_admin_value[post_max_size] = 50M ; php_admin_flag[mail.add_x_header] = Off ; Other common parameters @@ -428,6 +428,3 @@ chdir = __FINALPATH__ ; php_admin_value[max_input_time] = 300 ; php_admin_value[memory_limit] = 256M ; php_admin_flag[short_open_tag] = On - -php_admin_value[upload_max_filesize] = 30M -php_admin_value[post_max_size] = 30M diff --git a/manifest.json b/manifest.json index ce81fd2..9961e29 100644 --- a/manifest.json +++ b/manifest.json @@ -19,36 +19,24 @@ "multi_instance": true, "services": [ "nginx", - "php7.0-fpm" + "php7.3-fpm" ], "arguments": { "install" : [ { "name": "domain", "type": "domain", - "ask": { - "en": "Choose a domain for Zerobin", - "fr": "Choisissez un domaine pour Zerobin" - }, - "example": "domain.org" + "example": "example.com" }, { "name": "path", "type": "path", - "ask": { - "en": "Choose a path for Zerobin", - "fr": "Choisissez un chemin pour Zerobin" - }, "example": "/zerobin", "default": "/zerobin" }, { "name": "is_public", "type": "boolean", - "ask": { - "en": "Is it a public site?", - "fr": "Est-ce un site public ?" - }, "default": true } ] diff --git a/scripts/_common b/scripts/_common.sh similarity index 90% rename from scripts/_common rename to scripts/_common.sh index a248e8a..d7614e9 100644 --- a/scripts/_common +++ b/scripts/_common.sh @@ -16,4 +16,4 @@ YNH_PHP_VERSION="7.3" #================================================= # FUTURE OFFICIAL HELPERS -#================================================= \ No newline at end of file +#================================================= diff --git a/scripts/backup b/scripts/backup index 5bd529b..75ce3e0 100644 --- a/scripts/backup +++ b/scripts/backup @@ -6,7 +6,8 @@ # IMPORT GENERIC HELPERS #================================================= -# source ../settings/scripts/_common.sh +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers #================================================= @@ -19,7 +20,7 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." +ynh_print_info --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME diff --git a/scripts/change_url b/scripts/change_url index 1b18ca3..23f788d 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -6,8 +6,8 @@ # IMPORT GENERIC HELPERS #================================================= +source _common.sh source /usr/share/yunohost/helpers -ynh_abort_if_errors #================================================= # RETRIEVE ARGUMENTS @@ -29,6 +29,23 @@ ynh_script_progression --message="Loading installation settings..." # Needed for helper "ynh_add_nginx_config" final_path=$(ynh_app_setting_get --app=$app --key=final_path) +#================================================= +# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP +#================================================= +ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location. + ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" + + # Restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + #================================================= # CHECK WHICH PARTS SHOULD BE CHANGED #================================================= diff --git a/scripts/install b/scripts/install index a7a052a..cf6da66 100644 --- a/scripts/install +++ b/scripts/install @@ -6,7 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= -# source _common.sh +source _common.sh source /usr/share/yunohost/helpers #================================================= @@ -47,6 +47,14 @@ ynh_app_setting_set --app=$app --key=path --value=$path_url #================================================= # STANDARD MODIFICATIONS +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." --weight=3 + +# Create a system user +ynh_system_user_create --username=$app --home_dir=$final_path + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -56,6 +64,13 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" +# Except for data and tmp subdir, where the user must have write permissions +mkdir -p $final_path/{data,tmp} + +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= @@ -64,14 +79,6 @@ ynh_script_progression --message="Configuring NGINX web server..." # Create a dedicated NGINX config ynh_add_nginx_config -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." --weight=3 - -# Create a system user -ynh_system_user_create --username=$app - #================================================= # PHP-FPM CONFIGURATION #================================================= @@ -83,31 +90,16 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= # GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= - -# Set permissions to app files -chown -R root: $final_path -# Files owned by user specific can just read -find $final_path -type f | xargs chmod 644 -find $final_path -type d | xargs chmod 755 - -# Except for data and tmp subdir, where the user must have write permissions -mkdir -p $final_path/{data,tmp} -chown -R $app:root $final_path/{data,tmp} -chmod 700 $final_path/{data,tmp} - #================================================= # SETUP SSOWAT #================================================= -ynh_script_progression --message="Configuring SSOwat..." - - +ynh_script_progression --message="Configuring permissions..." # Make app public if necessary -if [ "$is_public" -eq 1 ] +if [ $is_public -eq 1 ] then + # Everyone can access the app. + # The "main" permission is automatically created before the install script. ynh_permission_update --permission="main" --add="visitors" fi diff --git a/scripts/remove b/scripts/remove index 97c1548..d68cbab 100644 --- a/scripts/remove +++ b/scripts/remove @@ -6,7 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= -# source _common.sh +source _common.sh source /usr/share/yunohost/helpers #================================================= @@ -24,7 +24,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= # REMOVE APP MAIN DIR #================================================= -ynh_script_progression --message="Removing app main directory" --weight=2 +ynh_script_progression --message="Removing app main directory..." --weight=2 # Remove the app directory securely ynh_secure_remove --file="$final_path" @@ -32,7 +32,7 @@ ynh_secure_remove --file="$final_path" #================================================= # REMOVE NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Removing NGINX web server configuration" --weight=3 +ynh_script_progression --message="Removing NGINX web server configuration..." --weight=3 # Remove the dedicated NGINX config ynh_remove_nginx_config @@ -40,7 +40,7 @@ ynh_remove_nginx_config #================================================= # REMOVE PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Removing PHP-FPM configuration" +ynh_script_progression --message="Removing PHP-FPM configuration..." # Remove the dedicated PHP-FPM config ynh_remove_fpm_config @@ -50,7 +50,7 @@ ynh_remove_fpm_config #================================================= # REMOVE DEDICATED USER #================================================= -ynh_script_progression --message="Removing the dedicated system user" +ynh_script_progression --message="Removing the dedicated system user..." # Delete a system user ynh_system_user_delete --username=$app diff --git a/scripts/restore b/scripts/restore index 8594cc9..79f359b 100644 --- a/scripts/restore +++ b/scripts/restore @@ -6,7 +6,8 @@ # IMPORT GENERIC HELPERS #================================================= -# source ../settings/scripts/_common.sh +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers #================================================= @@ -19,7 +20,7 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading settings..." --weight=1 +ynh_script_progression --message="Loading installation settings..." --weight=1 app=$YNH_APP_INSTANCE_NAME @@ -43,9 +44,18 @@ test ! -d $final_path \ #================================================= # RESTORE THE NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Restoring the NGINX configuration..." ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +#================================================= +# RECREATE THE DEDICATED USER +#================================================= +ynh_script_progression --message="Recreating the dedicated system user..." --weight=4 + +# Create the dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir=$final_path + #================================================= # RESTORE THE APP MAIN DIR #================================================= @@ -53,23 +63,14 @@ ynh_script_progression --message="Restoring the app main directory..." --weight= ynh_restore_file --origin_path="$final_path" -#================================================= -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." --weight=4 - -# Create the dedicated user (if not existing) -ynh_system_user_create --username=$app - -#================================================= -# RESTORE USER RIGHTS -#================================================= - -chown -R $app:root $final_path/{data,tmp} +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" #================================================= # RESTORE THE PHP-FPM CONFIGURATION #================================================= +ynh_script_progression --message="Restoring the PHP-FPM configuration..." ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" diff --git a/scripts/upgrade b/scripts/upgrade index e6da478..1667ea2 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -6,9 +6,8 @@ # IMPORT GENERIC HELPERS #================================================= -# source _common.sh +source _common.sh source /usr/share/yunohost/helpers - #================================================= # LOAD SETTINGS #================================================= @@ -18,46 +17,16 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) -is_public=$(ynh_app_setting_get --app=$app --key=is_public) final_path=$(ynh_app_setting_get --app=$app --key=final_path) phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= # CHECK VERSION #================================================= +ynh_script_progression --message="Checking version..." upgrade_type=$(ynh_check_app_version_changed) -#================================================= -# ENSURE DOWNWARD COMPATIBILITY -#================================================= -ynh_script_progression --message="Ensuring downward compatibility..." --weight=3 - -# Fix is_public as a boolean value -if [ "$is_public" = "Yes" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=1 - is_public=1 -elif [ "$is_public" = "No" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=0 - is_public=0 -elif [ -z "$is_public" ] -then - if grep --quiet "unprotected_uris" "/etc/yunohost/apps/$app/settings.yml" - then - ynh_app_setting_set --app=$app --key=is_public --value=1 - is_public=1 - else - ynh_app_setting_set --app=$app --key=is_public --value=0 - is_public=0 - fi -fi - -# If final_path doesn't exist, create it -if [ -z "$final_path" ]; then - final_path=/var/www/$app - ynh_app_setting_set --app=$app --key=final_path --value=$final_path -fi - #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= @@ -66,31 +35,40 @@ ynh_script_progression --message="Backing up the app before upgrading (may take # Backup the current version of the app ynh_backup_before_upgrade ynh_clean_setup () { - # restore it if the upgrade fails + # Restore it if the upgrade fails ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= -# Migrate legacy permissions to new system +# STANDARD UPGRADE STEPS #================================================= -if ynh_legacy_permissions_exists -then +# ENSURE DOWNWARD COMPATIBILITY +#================================================= +ynh_script_progression --message="Ensuring downward compatibility..." --weight=3 + +# If final_path doesn't exist, create it +if [ -z "$final_path" ]; then + final_path=/var/www/$app + ynh_app_setting_set --app=$app --key=final_path --value=$final_path +fi + +# Cleaning legacy permissions +if ynh_legacy_permissions_exists; then ynh_legacy_permissions_delete_all ynh_app_setting_delete --app=$app --key=is_public fi #================================================= -# CHECK THE PATH +# CREATE DEDICATED USER #================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." --weight=2 -# Normalize the URL path syntax -path_url=$(ynh_normalize_url_path $path_url) +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir=$final_path -#================================================= -# STANDARD UPGRADE STEPS #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -103,22 +81,21 @@ then ynh_setup_source --dest_dir="$final_path" fi +# Except for data and tmp subdir, where the user must have write permissions +mkdir -p $final_path/{data,tmp} + +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= ynh_script_progression --message="Upgrading NGINX web server configuration..." -# Create a dedicated nginx config +# Create a dedicated NGINX config ynh_add_nginx_config -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." --weight=2 - -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app - #================================================= # PHP-FPM CONFIGURATION #================================================= @@ -129,32 +106,6 @@ ynh_add_fpm_config --phpversion=$YNH_PHP_VERSION #================================================= # GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= - -# Set permissions to app files -chown -R root: $final_path -# Files owned by user specific can just read -find $final_path -type f | xargs chmod 644 -find $final_path -type d | xargs chmod 755 - -# except for data and tmp subdir, where the user must have write permissions -mkdir -p $final_path/{data,tmp} -chown -R $app:root $final_path/{data,tmp} -chmod 700 $final_path/{data,tmp} - -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Upgrading SSOwat configuration..." --weight=1 - -# If app is public, add url to SSOWat conf as skipped_uris -if [ $is_public -eq 1 ]; then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" -fi - #================================================= # RELOAD NGINX #=================================================