YunoHost-Apps/zerobin_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/zerobin_ynh.git synced 2024-09-03 18:06:01 +02:00
Code Issues Activity Actions

[fix] Create user for this app + add helpers into common

Browse source
This commit is contained in:
magikcypress 2017-04-17 18:20:58 +02:00
parent 92717d19fa
commit 3f81447f36
5 changed files with 163 additions and 53 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
conf/php-fpm.conf
View file

@ -19,8 +19,8 @@
; Unix user/group of processes ; Unix user/group of processes
; Note: The user is mandatory. If the group is not set, the default user's group ; Note: The user is mandatory. If the group is not set, the default user's group
; will be used. ; will be used.
user = www-data user = __USER__
group = www-data group = __USER__
; The address on which to accept FastCGI requests. ; The address on which to accept FastCGI requests.
; Valid syntaxes are: ; Valid syntaxes are:

143
scripts/_common
View file

@ -2,6 +2,26 @@ PRIVATEBIN_VERSION="1.1"
PRIVATEBIN_SOURCE_URL="https://github.com/PrivateBin/PrivateBin/archive/${PRIVATEBIN_VERSION}.tar.gz" PRIVATEBIN_SOURCE_URL="https://github.com/PrivateBin/PrivateBin/archive/${PRIVATEBIN_VERSION}.tar.gz"
PRIVATEBIN_SOURCE_SHA256="61d18753c792d83f54ad9e414d1d32198ab873054907081e732effd5ccbe96ef" PRIVATEBIN_SOURCE_SHA256="61d18753c792d83f54ad9e414d1d32198ab873054907081e732effd5ccbe96ef"
# Substitute a string by another in a file
#
# usage: ynh_substitute_char string_to_find replace_string file_to_analyse
# | arg: string_to_find - String to replace in the file
# | arg: replace_string - New string that will replace
# | arg: file_to_analyse - File where the string will be replaced.
ynh_substitute_char () {
delimit=@
match_char=${1//${delimit}/"\\${delimit}"} # Escape the delimiter if it's in the string.
replace_char=${2//${delimit}/"\\${delimit}"}
workfile=$3
sudo sed --in-place "s${delimit}${match_char}${delimit}${replace_char}${delimit}g" "$workfile"
}
ynh_store_checksum_config () {
config_file_checksum=checksum_${1//[\/ ]/_} # Replace all '/' and ' ' by '_'
ynh_app_setting_set $app $config_file_checksum $(sudo md5sum "$1" | cut -d' ' -f1)
}
extract_source() { extract_source() {
local DESTDIR=$1 local DESTDIR=$1
@ -16,31 +36,112 @@ extract_source() {
sudo rm "$rc_tarball" sudo rm "$rc_tarball"
} }
ynh_pool_fpm () { # Create the php-fpm pool configuration file and configure it. ynh_fpm_config () {
sed -i "s@__NAMETOCHANGE__@$app@g" ../conf/php-fpm.conf finalphpconf="/etc/php5/fpm/pool.d/$app.conf"
sed -i "s@__FINALPATH__@$final_path@g" ../conf/php-fpm.conf ynh_compare_checksum_config "$finalphpconf" 1
finalphpconf=/etc/php5/fpm/pool.d/$app.conf sudo cp ../conf/php-fpm.conf "$finalphpconf"
sudo cp ../conf/php-fpm.conf $finalphpconf ynh_substitute_char "__NAMETOCHANGE__" "$app" "$finalphpconf"
sudo chown root: $finalphpconf ynh_substitute_char "__FINALPATH__" "$final_path" "$finalphpconf"
finalphpini=/etc/php5/fpm/conf.d/20-$app.ini ynh_substitute_char "__USER__" "$app" "$finalphpconf"
sudo cp ../conf/php-fpm.ini $finalphpini sudo chown root: "$finalphpconf"
sudo chown root: $finalphpini ynh_store_checksum_config "$finalphpconf"
if [ -e "../conf/php-fpm.ini" ]
then
finalphpini="/etc/php5/fpm/conf.d/20-$app.ini"
ynh_compare_checksum_config "$finalphpini" 1
sudo cp ../conf/php-fpm.ini "$finalphpini"
sudo chown root: "$finalphpini"
ynh_store_checksum_config "$finalphpini"
fi
sudo systemctl reload php5-fpm sudo systemctl reload php5-fpm
} }
ynh_remove_fpm () { # Delete pool php-fpm configuration ynh_remove_fpm_config () {
if [ -e "/etc/php5/fpm/pool.d/$app.conf" ]; then # Delete fpm config ynh_secure_remove "/etc/php5/fpm/pool.d/$app.conf"
echo "Delete fpm config" ynh_secure_remove "/etc/php5/fpm/conf.d/20-$app.ini"
sudo rm "/etc/php5/fpm/pool.d/$app.conf"
fi
if [ -e "/etc/php5/fpm/conf.d/20-$app.ini" ]; then # Delete php config
echo "Delete php config"
sudo rm "/etc/php5/fpm/conf.d/20-$app.ini"
fi
sudo systemctl reload php5-fpm sudo systemctl reload php5-fpm
} }
ynh_secure_rm () { # Remove a file or a directory securely
[[ "/var/www /opt /home/yunohost.app" =~ $1 ]] \ #
|| (test -n "$1" && sudo rm -Rf $1 ) # usage: ynh_secure_remove path_to_remove
# | arg: path_to_remove - File or directory to remove
ynh_secure_remove () {
path_to_remove=$1
forbidden_path=" \
/var/www \
/home/yunohost.app"
if [[ "$forbidden_path" =~ "$path_to_remove" \
# Match all path or subpath in $forbidden_path
|| "$path_to_remove" =~ ^/[[:alnum:]]+$ \
# Match all first level path from / (Like /var, /root, etc...)
|| "${path_to_remove:${#path_to_remove}-1}" = "/" ]]
# Match if the path finish by /. Because it's seems there is an empty variable
then
echo "Avoid deleting of $path_to_remove." >&2
else
if [ -e "$path_to_remove" ]
then
sudo rm -R "$path_to_remove"
else
echo "$path_to_remove doesn't deleted because it's not exist." >&2
fi
fi
}
# Create a system user
#
# usage: ynh_system_user_create user_name [home_dir]
# | arg: user_name - Name of the system user that will be create
# | arg: home_dir - Path of the home dir for the user. Usually the final path of the app. If this argument is omitted, the user will be created without home
ynh_system_user_create () {
if ! ynh_system_user_exists "$1" # Check if the user exists on the system
then # If the user doesn't exist
if [ $# -ge 2 ]; then # If a home dir is mentioned
user_home_dir="-d $2"
else
user_home_dir="--no-create-home"
fi
sudo useradd $user_home_dir --system --user-group $1 --shell /usr/sbin/nologin || ynh_die "Unable to create $1 system account"
fi
}
# Delete a system user
#
# usage: ynh_system_user_delete user_name
# | arg: user_name - Name of the system user that will be create
ynh_system_user_delete () {
if ynh_system_user_exists "$1" # Check if the user exists on the system
then
echo "Remove the user $1" >&2
sudo userdel $1
else
echo "The user $1 was not found" >&2
fi
}
ynh_compare_checksum_config () {
current_config_file=$1
compress_backup=${2:-0} # If $2 is empty, compress_backup will set at 0
config_file_checksum=checksum_${current_config_file//[\/ ]/_} # Replace all '/' and ' ' by '_'
checksum_value=$(ynh_app_setting_get $app $config_file_checksum)
if [ -n "$checksum_value" ]
then # Proceed only if a value was stocked into the app config
if ! echo "$checksum_value $current_config_file" | md5sum -c --status
then # If the checksum is now different
backup_config_file="$current_config_file.backup.$(date '+%d.%m.%y_%Hh%M,%Ss')"
if [ compress_backup -eq 1 ]
then
sudo tar --create --gzip --file "$backup_config_file.tar.gz" "$current_config_file" # Backup the current config file and compress
backup_config_file="$backup_config_file.tar.gz"
else
sudo cp -a "$current_config_file" "$backup_config_file" # Backup the current config file
fi
echo "Config file $current_config_file has been manually modified since the installation or last upgrade. So it has been duplicated in $backup_config_file" >&2
echo "$backup_config_file" # Return the name of the backup file
fi
fi
} }

14
scripts/install
View file

@ -3,8 +3,9 @@
# Exit on command errors and treat unset variables as an error # Exit on command errors and treat unset variables as an error
set -eu set -eu
source /usr/share/yunohost/helpers # Source app helpers
source ./_common source ./_common
source /usr/share/yunohost/helpers
# Retrieve arguments # Retrieve arguments
domain=$YNH_APP_ARG_DOMAIN domain=$YNH_APP_ARG_DOMAIN
@ -27,14 +28,17 @@ final_path=/var/www/$app
sudo mkdir -p $final_path sudo mkdir -p $final_path
extract_source $final_path extract_source $final_path
# Files owned by root, www-data can just read # Create system user dedicace for this app
ynh_system_user_create $app
# Files owned by user specific can just read
sudo find $final_path -type f | xargs sudo chmod 644 sudo find $final_path -type f | xargs sudo chmod 644
sudo find $final_path -type d | xargs sudo chmod 755 sudo find $final_path -type d | xargs sudo chmod 755
sudo chown -R root: $final_path sudo chown -R $app: $final_path
# except for data and tmp subdir, where www-data must have write permissions # except for data and tmp subdir, where www-data must have write permissions
sudo mkdir -p $final_path/{data,tmp} sudo mkdir -p $final_path/{data,tmp}
sudo chown -R www-data:root $final_path/{data,tmp} sudo chown -R $app:root $final_path/{data,tmp}
sudo chmod 700 $final_path/{data,tmp} sudo chmod 700 $final_path/{data,tmp}
# Modify Nginx configuration file and copy it to Nginx conf directory # Modify Nginx configuration file and copy it to Nginx conf directory
@ -46,7 +50,7 @@ sudo chown root: $nginxconf
sudo chmod 600 $nginxconf sudo chmod 600 $nginxconf
# Create the php-fpm pool config # Create the php-fpm pool config
ynh_pool_fpm ynh_fpm_config
# Set ssowat config # Set ssowat config
if [ "$is_public" = "No" ]; if [ "$is_public" = "No" ];

10
scripts/remove
View file

@ -4,8 +4,8 @@
set -u set -u
# Source app helpers # Source app helpers
source /usr/share/yunohost/helpers
source ./_common source ./_common
source /usr/share/yunohost/helpers
# Get multi-instances specific variables # Get multi-instances specific variables
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
@ -13,8 +13,10 @@ app=$YNH_APP_INSTANCE_NAME
# Retrieve arguments # Retrieve arguments
domain=$(ynh_app_setting_get "$app" domain) domain=$(ynh_app_setting_get "$app" domain)
ynh_secure_rm /var/www/$app ynh_secure_remove /var/www/$app
ynh_secure_rm /etc/nginx/conf.d/$domain.d/$app.conf ynh_secure_remove /etc/nginx/conf.d/$domain.d/$app.conf
ynh_remove_fpm ynh_remove_fpm_config
ynh_system_user_delete $app
sudo systemctl reload nginx sudo systemctl reload nginx

45
scripts/upgrade
View file

@ -2,9 +2,9 @@
# Exit on command errors and treat unset variables as an error # Exit on command errors and treat unset variables as an error
set -eu set -eu
# Source app helpers
source /usr/share/yunohost/helpers
source ./_common source ./_common
source /usr/share/yunohost/helpers
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
@ -18,27 +18,30 @@ if [[ ! "$path" == "/" ]]; then
path=${path%/} path=${path%/}
fi fi
# Create system user dedicace for this app
ynh_system_user_create $app
# Init final_path, if ever it got deleted somehow # Init final_path, if ever it got deleted somehow
final_path=/var/www/$app final_path=/var/www/$app
sudo mkdir -p $final_path sudo mkdir -p $final_path
# Clean all files and directory except the data directory # Clean all files and directory except the data directory
ynh_secure_rm $final_path/cfg ynh_secure_remove $final_path/cfg
ynh_secure_rm $final_path/CREDITS.md ynh_secure_remove $final_path/CREDITS.md
ynh_secure_rm $final_path/i18n ynh_secure_remove $final_path/i18n
ynh_secure_rm $final_path/index.php ynh_secure_remove $final_path/index.php
ynh_secure_rm $final_path/js ynh_secure_remove $final_path/js
ynh_secure_rm $final_path/README.md ynh_secure_remove $final_path/README.md
ynh_secure_rm $final_path/tmp ynh_secure_remove $final_path/tmp
ynh_secure_rm $final_path/CHANGELOG.md ynh_secure_remove $final_path/CHANGELOG.md
ynh_secure_rm $final_path/css ynh_secure_remove $final_path/css
ynh_secure_rm $final_path/favicon.ico ynh_secure_remove $final_path/favicon.ico
ynh_secure_rm $final_path/img ynh_secure_remove $final_path/img
ynh_secure_rm $final_path/INSTALL.md ynh_secure_remove $final_path/INSTALL.md
ynh_secure_rm $final_path/lib ynh_secure_remove $final_path/lib
ynh_secure_rm $final_path/robots.txt ynh_secure_remove $final_path/robots.txt
ynh_secure_rm $final_path/tpl ynh_secure_remove $final_path/tpl
ynh_secure_rm $final_path/data ynh_secure_remove $final_path/data
# Copy files to the right place # Copy files to the right place
extract_source $final_path extract_source $final_path
@ -46,11 +49,11 @@ extract_source $final_path
# Files owned by root, www-data can just read # Files owned by root, www-data can just read
sudo find $final_path -type f | xargs sudo chmod 644 sudo find $final_path -type f | xargs sudo chmod 644
sudo find $final_path -type d | xargs sudo chmod 755 sudo find $final_path -type d | xargs sudo chmod 755
sudo chown -R root: $final_path sudo chown -R $app: $final_path
# except for data and tmp subdir, where www-data must have write permissions # except for data and tmp subdir, where www-data must have write permissions
sudo mkdir -p $final_path/{data,tmp} sudo mkdir -p $final_path/{data,tmp}
sudo chown -R www-data:root $final_path/{data,tmp} sudo chown -R $app:root $final_path/{data,tmp}
sudo chmod 700 $final_path/{data,tmp} sudo chmod 700 $final_path/{data,tmp}
# Modify Nginx configuration file and copy it to Nginx conf directory # Modify Nginx configuration file and copy it to Nginx conf directory
@ -62,7 +65,7 @@ sudo chown root: $nginxconf
sudo chmod 600 $nginxconf sudo chmod 600 $nginxconf
# Create the php-fpm pool config # Create the php-fpm pool config
ynh_pool_fpm ynh_fpm_config
# Set ssowat config # Set ssowat config
ynh_app_setting_set "$app" is_public "$is_public" ynh_app_setting_set "$app" is_public "$is_public"