diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md new file mode 100644 index 0000000..2729a6b --- /dev/null +++ b/.github/ISSUE_TEMPLATE.md @@ -0,0 +1,55 @@ +--- +name: Bug report +about: When creating a bug report, please use the following template to provide all the relevant information and help debugging efficiently. + +--- + +**How to post a meaningful bug report** +1. *Read this whole template first.* +2. *Determine if you are on the right place:* + - *If you were performing an action on the app from the webadmin or the CLI (install, update, backup, restore, change_url...), you are on the right place!* + - *Otherwise, the issue may be due to the app itself. Refer to its documentation or repository for help.* + - *When in doubt, post here and we will figure it out together.* +3. *Delete the italic comments as you write over them below, and remove this guide.* +--- + +### Describe the bug + +*A clear and concise description of what the bug is.* + +### Context + +- Hardware: *VPS bought online / Old laptop or computer / Raspberry Pi at home / Internet Cube with VPN / Other ARM board / ...* +- YunoHost version: x.x.x +- I have access to my server: *Through SSH | through the webadmin | direct access via keyboard / screen | ...* +- Are you in a special context or did you perform some particular tweaking on your YunoHost instance?: *no / yes* + - If yes, please explain: +- Using, or trying to install package version/branch: +- If upgrading, current package version: *can be found in the admin, or with `yunohost app info $app_id`* + +### Steps to reproduce + +- *If you performed a command from the CLI, the command itself is enough. For example:* + ```sh + sudo yunohost app install the_app + ``` +- *If you used the webadmin, please perform the equivalent command from the CLI first.* +- *If the error occurs in your browser, explain what you did:* + 1. *Go to '...'* + 2. *Click on '...'* + 3. *Scroll down to '...'* + 4. *See error* + +### Expected behavior + +*A clear and concise description of what you expected to happen. You can remove this section if the command above is enough to understand your intent.* + +### Logs + +*When an operation fails, YunoHost provides a simple way to share the logs.* +- *In the webadmin, the error message contains a link to the relevant log page. On that page, you will be able to 'Share with Yunopaste'. If you missed it, the logs of previous operations are also available under Tools > Logs.* +- *In command line, the command to share the logs is displayed at the end of the operation and looks like `yunohost log display [log name] --share`. If you missed it, you can find the log ID of a previous operation using `yunohost log list`.* + +*After sharing the log, please copypaste directly the link provided by YunoHost (to help readability, no need to copypaste the entire content of the log here, just the link is enough...)* + +*If applicable and useful, add screenshots to help explain your problem.* diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..ef70e18 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,16 @@ +## Problem + +- *Description of why you made this PR* + +## Solution + +- *And how do you fix that problem* + +## PR Status + +- [ ] Code finished and ready to be reviewed/tested +- [ ] The fix/enhancement were manually tested (if applicable) + +## Automatic tests + +Automatic tests can be triggered on https://ci-apps-dev.yunohost.org/ *after creating the PR*, by commenting "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!". (N.B. : for this to work you need to be a member of the Yunohost-Apps organization) diff --git a/README.md b/README.md index 1dabafe..f9820f0 100644 --- a/README.md +++ b/README.md @@ -32,6 +32,7 @@ This is a fork of ZeroBin, originally developed by Sébastien Sauvage. It was re ## Documentation * Official documentation: https://github.com/PrivateBin/PrivateBin/wiki + * YunoHost documentation: https://yunohost.org/#/app_zerobin ## YunoHost specific features @@ -39,9 +40,8 @@ This is a fork of ZeroBin, originally developed by Sébastien Sauvage. It was re #### Supported architectures -* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/zerobin%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/zerobin/) +* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/zerobin%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/zerobin/) * ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/zerobin%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/zerobin/) -* Jessie x86-64b - [![Build Status](https://ci-stretch.nohost.me/ci/logs/zerobin%20%28Apps%29.svg)](https://ci-stretch.nohost.me/ci/apps/zerobin/) ## Limitations @@ -62,10 +62,8 @@ This means that we have decided to delete the directory that allows us to save t --- -Developers info ----------------- +## Developers info -**Only if you want to use a testing branch for coding, instead of merging directly into master.** Please do your pull request to the [testing branch](https://github.com/YunoHost-Apps/zerobin_ynh/tree/testing). To try the testing branch, please proceed like that. diff --git a/README_fr.md b/README_fr.md index 4645d0b..9c499e8 100644 --- a/README_fr.md +++ b/README_fr.md @@ -5,12 +5,12 @@ *[Read this readme in english.](./README.md)* -> *Ce package vous permet d'installer Privatebin rapidement et simplement sur un serveur Yunohost. +> *Ce package vous permet d'installer PrivateBin rapidement et simplement sur un serveur YunoHost. Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.* ## Vue d'ensemble -PrivateBin est un logiciel libre, minimaliste, qui joue le rôle de Pastebin (coller-corbeille) où le serveur n'a aucune connaissance des données qu'il stocke. +PrivateBin est un logiciel libre, minimaliste, qui joue le rôle de pastebin (coller-corbeille) où le serveur n'a aucune connaissance des données qu'il stocke. Les données sont chiffrées et déchiffrées dans le navigateur en utilisant la technologie AES 256bits en mode Galois Counter (GCM). @@ -33,6 +33,7 @@ Il reste cependant compatible avec le schéma original de stockage des données ## Documentation * Documentation officielle : https://github.com/PrivateBin/PrivateBin/wiki + * Documentation YunoHost : https://yunohost.org/#/app_zerobin_fr ## Caractéristiques spécifiques YunoHost @@ -40,32 +41,28 @@ Il reste cependant compatible avec le schéma original de stockage des données #### Architectures supportées -* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/zerobin%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/zerobin/) +* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/zerobin%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/zerobin/) * ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/zerobin%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/zerobin/) -* Jessie x86-64b - [![Build Status](https://ci-stretch.nohost.me/ci/logs/zerobin%20%28Apps%29.svg)](https://ci-stretch.nohost.me/ci/apps/zerobin/) ## Limitations ## Informations additionnelles Dans la [documentation de mise à jour](https://github.com/PrivateBin/PrivateBin/wiki/Configuration#zerobincompatibility) de Privatebin, il est précisé que : - * Pour une compatibilité complète avec Zerobin et le déchiffrement de tous les vieux "paste", vous devriez activer cette option. Cependant, ce n'est pas recommandé pour les nouvelles installations car cela affaiblit la sécurité de votre instance PrivateBin. * Ceci signifie que nous avons décidé de supprimer ce répertoire pour permettre la sécurisation des données. Vous pouvez sauvegarder le répertoire 'data', si vous voulez conservez vos données. Mais vous devriez savoir que cela réduit la sécurité de votre application. ## Liens - * Signaler un bug: https://github.com/YunoHost-Apps/zerobin_ynh/issues + * Signaler un bug : https://github.com/YunoHost-Apps/zerobin_ynh/issues * Site de l'application PrivateBin : https://privatebin.info/ * Dépot de l'application principale : https://github.com/PrivateBin/PrivateBin * Site web YunoHost : https://yunohost.org/ --- -Informations pour les développeurs ----------------- +## Informations pour les développeurs -**Seulement si vous voulez utiliser une branche de test pour le codage, au lieu de fusionner directement dans la banche principale.** Merci de faire vos pull request dans la [branche testing](https://github.com/YunoHost-Apps/zerobin_ynh/tree/testing). Pour essayer la branche testing, procédez comme suit. diff --git a/check_process b/check_process index aa24d7a..7500154 100644 --- a/check_process +++ b/check_process @@ -14,11 +14,8 @@ upgrade=1 from_commit=42913fc917c98766b0cbba47a3b40148dffaac58 backup_restore=1 multi_instance=1 - incorrect_path=1 port_already_use=0 change_url=1 -;;; Levels - Level 5=auto ;;; Options Email= Notification=none diff --git a/conf/app.src b/conf/app.src index a8046ef..d7455bc 100644 --- a/conf/app.src +++ b/conf/app.src @@ -4,3 +4,4 @@ SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true SOURCE_FILENAME= +SOURCE_EXTRACT=true diff --git a/conf/nginx.conf b/conf/nginx.conf index 9d6af69..556b622 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -2,7 +2,7 @@ location __PATH__/ { # Path to source - alias __FINALPATH__/; + alias __FINALPATH__/ ; # Force usage of https if ($scheme = http) { @@ -11,15 +11,18 @@ location __PATH__/ { index index.php; + # Common parameter to increase upload size limit in conjunction with dedicated php-fpm file + #client_max_body_size 50M; + try_files $uri $uri/ index.php; location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; - fastcgi_pass unix:/var/run/php/php7.0-fpm-__NAME__.sock; + fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; fastcgi_index index.php; include fastcgi_params; - fastcgi_param REMOTE_USER $remote_user; - fastcgi_param PATH_INFO $fastcgi_path_info; + fastcgi_param REMOTE_USER $remote_user; + fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param SCRIPT_FILENAME $request_filename; } diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index 2b5d7b2..b4c2372 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -33,7 +33,7 @@ group = __USER__ ; (IPv6 and IPv4-mapped) on a specific port; ; '/path/to/unix/socket' - to listen on a unix socket. ; Note: This value is mandatory. -listen = /var/run/php/php7.0-fpm-__NAMETOCHANGE__.sock +listen = /var/run/php/php__PHPVERSION__-fpm-__NAMETOCHANGE__.sock ; Set listen(2) backlog. ; Default Value: 511 (-1 on FreeBSD and OpenBSD) @@ -419,8 +419,8 @@ chdir = __FINALPATH__ ;php_admin_value[memory_limit] = 32M ; Common values to change to increase file upload limit -; php_admin_value[upload_max_filesize] = 50M -; php_admin_value[post_max_size] = 50M +php_admin_value[upload_max_filesize] = 50M +php_admin_value[post_max_size] = 50M ; php_admin_flag[mail.add_x_header] = Off ; Other common parameters @@ -428,6 +428,3 @@ chdir = __FINALPATH__ ; php_admin_value[max_input_time] = 300 ; php_admin_value[memory_limit] = 256M ; php_admin_flag[short_open_tag] = On - -php_admin_value[upload_max_filesize] = 30M -php_admin_value[post_max_size] = 30M diff --git a/manifest.json b/manifest.json index e38519f..06a3b99 100644 --- a/manifest.json +++ b/manifest.json @@ -3,52 +3,40 @@ "id": "zerobin", "packaging_format": 1, "description": { - "en": "A minimalist, opensource online pastebin where the server has zero knowledge of pasted data", - "fr": "Un pastebin minimaliste, libre et où le serveur n'a aucune connaissance des données copiées" + "en": "Minimalist pastebin where the server has zero knowledge of pasted data", + "fr": "Pastebin minimaliste où le serveur n'a aucune connaissance des données copiées" }, - "version": "1.3.4~ynh1", - "url": "http://sebsauvage.net/wiki/doku.php?id=php:zerobin", + "version": "1.3.4~ynh2", + "url": "https://github.com/PrivateBin/PrivateBin", "license": "Zlib", "maintainer": { "name": "julien", "email": "julien.malik@paraiso.me" }, "requirements": { - "yunohost": ">= 3.5" + "yunohost": ">= 4.1.0" }, "multi_instance": true, "services": [ "nginx", - "php5-fpm" + "php7.3-fpm" ], "arguments": { "install" : [ { "name": "domain", "type": "domain", - "ask": { - "en": "Choose a domain for Zerobin", - "fr": "Choisissez un domaine pour Zerobin" - }, - "example": "domain.org" + "example": "example.com" }, { "name": "path", "type": "path", - "ask": { - "en": "Choose a path for Zerobin", - "fr": "Choisissez un chemin pour Zerobin" - }, "example": "/zerobin", "default": "/zerobin" }, { "name": "is_public", "type": "boolean", - "ask": { - "en": "Is it a public Zerobin site ?", - "fr": "Est-ce un site public ?" - }, "default": true } ] diff --git a/pull_request_template.md b/pull_request_template.md deleted file mode 100644 index c828dea..0000000 --- a/pull_request_template.md +++ /dev/null @@ -1,24 +0,0 @@ -## Problem -- *Description of why you made this PR* - -## Solution -- *And how you fix that* - -## PR Status -- [ ] Code finished. -- [ ] Tested with Package_check. -- [ ] Fix or enhancement tested. -- [ ] Upgrade from last version tested. -- [ ] Can be reviewed and tested. - -## Validation ---- -*Minor decision* -- **Upgrade previous version** : -- [ ] **Code review** : -- [ ] **Approval (LGTM)** : -- [ ] **Approval (LGTM)** : -- **CI succeeded** : -[![Build Status](https://ci-apps-hq.yunohost.org/jenkins/job/zerobin_ynh%20PR-NUM-/badge/icon)](https://ci-apps-hq.yunohost.org/jenkins/job/zerobin_ynh%20PR-NUM-/) -*Please replace '-NUM-' in this link by the PR number.* -When the PR is marked as ready to merge, you have to wait for 3 days before really merging it. diff --git a/scripts/_common b/scripts/_common deleted file mode 100644 index a9bf588..0000000 --- a/scripts/_common +++ /dev/null @@ -1 +0,0 @@ -#!/bin/bash diff --git a/scripts/_common.sh b/scripts/_common.sh new file mode 100644 index 0000000..d7614e9 --- /dev/null +++ b/scripts/_common.sh @@ -0,0 +1,19 @@ +#!/bin/bash + +#================================================= +# COMMON VARIABLES +#================================================= + +YNH_PHP_VERSION="7.3" + +#================================================= +# PERSONAL HELPERS +#================================================= + +#================================================= +# EXPERIMENTAL HELPERS +#================================================= + +#================================================= +# FUTURE OFFICIAL HELPERS +#================================================= diff --git a/scripts/backup b/scripts/backup index 892b966..75ce3e0 100644 --- a/scripts/backup +++ b/scripts/backup @@ -6,7 +6,8 @@ # IMPORT GENERIC HELPERS #================================================= -# source ../settings/scripts/_common.sh +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers #================================================= @@ -19,38 +20,39 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." +ynh_print_info --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME final_path=$(ynh_app_setting_get --app=$app --key=final_path) domain=$(ynh_app_setting_get --app=$app --key=domain) +phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= -# STANDARD BACKUP STEPS +# DECLARE DATA AND CONF FILES TO BACKUP +#================================================= +ynh_print_info --message="Declaring files to be backed up..." + #================================================= # BACKUP THE APP MAIN DIR #================================================= -ynh_script_progression --message="Backing up the main app directory..." ynh_backup --src_path="$final_path" #================================================= # BACKUP THE NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Backing up nginx web server configuration..." ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # BACKUP THE PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Backing up php-fpm configuration..." -ynh_backup --src_path="/etc/php/7.0/fpm/pool.d/$app.conf" +ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." --last +ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." diff --git a/scripts/change_url b/scripts/change_url index b15aa51..23f788d 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -6,6 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= +source _common.sh source /usr/share/yunohost/helpers #================================================= @@ -28,6 +29,23 @@ ynh_script_progression --message="Loading installation settings..." # Needed for helper "ynh_add_nginx_config" final_path=$(ynh_app_setting_get --app=$app --key=final_path) +#================================================= +# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP +#================================================= +ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location. + ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" + + # Restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + #================================================= # CHECK WHICH PARTS SHOULD BE CHANGED #================================================= @@ -49,23 +67,23 @@ fi #================================================= # MODIFY URL IN NGINX CONF #================================================= -ynh_script_progression --message="Updating nginx web server configuration..." --weight=2 +ynh_script_progression --message="Updating NGINX web server configuration..." --weight=2 nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf -# Change the path in the nginx config file +# Change the path in the NGINX config file if [ $change_path -eq 1 ] then - # Make a backup of the original nginx config file if modified + # Make a backup of the original NGINX config file if modified ynh_backup_if_checksum_is_different --file="$nginx_conf_path" - # Set global variables for nginx helper + # Set global variables for NGINX helper domain="$old_domain" path_url="$new_path" - # Create a dedicated nginx config + # Create a dedicated NGINX config ynh_add_nginx_config fi -# Change the domain for nginx +# Change the domain for NGINX if [ $change_domain -eq 1 ] then # Delete file checksum for the old conf file location @@ -80,7 +98,7 @@ fi #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." +ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/install b/scripts/install index c22e678..cf6da66 100644 --- a/scripts/install +++ b/scripts/install @@ -6,7 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= -# source _common.sh +source _common.sh source /usr/share/yunohost/helpers #================================================= @@ -44,10 +44,17 @@ ynh_script_progression --message="Storing installation settings..." ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url -ynh_app_setting_set --app=$app --key=is_public --value=$is_public #================================================= # STANDARD MODIFICATIONS +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." --weight=3 + +# Create a system user +ynh_system_user_create --username=$app --home_dir=$final_path + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -57,62 +64,49 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" +# Except for data and tmp subdir, where the user must have write permissions +mkdir -p $final_path/{data,tmp} + +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Configuring nginx web server..." +ynh_script_progression --message="Configuring NGINX web server..." -# Create a dedicated nginx config +# Create a dedicated NGINX config ynh_add_nginx_config -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." --weight=3 - -# Create a system user -ynh_system_user_create --username=$app - #================================================= # PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Configuring php-fpm..." --weight=2 +ynh_script_progression --message="Configuring PHP-FPM..." --weight=2 -# Create a dedicated php-fpm config -ynh_add_fpm_config +# Create a dedicated PHP-FPM config +ynh_add_fpm_config --phpversion=$YNH_PHP_VERSION +phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= # GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= - -# Set permissions to app files -chown -R root: $final_path -# Files owned by user specific can just read -find $final_path -type f | xargs chmod 644 -find $final_path -type d | xargs chmod 755 - -# Except for data and tmp subdir, where the user must have write permissions -mkdir -p $final_path/{data,tmp} -chown -R $app:root $final_path/{data,tmp} -chmod 700 $final_path/{data,tmp} - #================================================= # SETUP SSOWAT #================================================= -ynh_script_progression --message="Configuring SSOwat..." +ynh_script_progression --message="Configuring permissions..." -# If app is public, add url to SSOWat conf as skipped_uris -if [ $is_public -eq 1 ]; then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" +# Make app public if necessary +if [ $is_public -eq 1 ] +then + # Everyone can access the app. + # The "main" permission is automatically created before the install script. + ynh_permission_update --permission="main" --add="visitors" fi #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." +ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/remove b/scripts/remove index 89dfbfc..d68cbab 100644 --- a/scripts/remove +++ b/scripts/remove @@ -6,7 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= -# source _common.sh +source _common.sh source /usr/share/yunohost/helpers #================================================= @@ -24,7 +24,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= # REMOVE APP MAIN DIR #================================================= -ynh_script_progression --message="Removing app main directory" --weight=2 +ynh_script_progression --message="Removing app main directory..." --weight=2 # Remove the app directory securely ynh_secure_remove --file="$final_path" @@ -32,17 +32,17 @@ ynh_secure_remove --file="$final_path" #================================================= # REMOVE NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Removing nginx web server configuration" --weight=3 +ynh_script_progression --message="Removing NGINX web server configuration..." --weight=3 -# Remove the dedicated nginx config +# Remove the dedicated NGINX config ynh_remove_nginx_config #================================================= # REMOVE PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Removing php-fpm configuration" +ynh_script_progression --message="Removing PHP-FPM configuration..." -# Remove the dedicated php-fpm config +# Remove the dedicated PHP-FPM config ynh_remove_fpm_config #================================================= @@ -50,7 +50,7 @@ ynh_remove_fpm_config #================================================= # REMOVE DEDICATED USER #================================================= -ynh_script_progression --message="Removing the dedicated system user" +ynh_script_progression --message="Removing the dedicated system user..." # Delete a system user ynh_system_user_delete --username=$app diff --git a/scripts/restore b/scripts/restore index 19176b2..79f359b 100644 --- a/scripts/restore +++ b/scripts/restore @@ -6,7 +6,8 @@ # IMPORT GENERIC HELPERS #================================================= -# source ../settings/scripts/_common.sh +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers #================================================= @@ -19,13 +20,14 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading settings..." +ynh_script_progression --message="Loading installation settings..." --weight=1 app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) +phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= # CHECK IF THE APP CAN BE RESTORED @@ -42,44 +44,44 @@ test ! -d $final_path \ #================================================= # RESTORE THE NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Restoring the NGINX configuration..." ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" -#================================================= -# RESTORE THE APP MAIN DIR -#================================================= -ynh_script_progression --message="Restoring the app main directory..." - -ynh_restore_file --origin_path="$final_path" - #================================================= # RECREATE THE DEDICATED USER #================================================= ynh_script_progression --message="Recreating the dedicated system user..." --weight=4 # Create the dedicated user (if not existing) -ynh_system_user_create --username=$app +ynh_system_user_create --username=$app --home_dir=$final_path #================================================= -# RESTORE USER RIGHTS +# RESTORE THE APP MAIN DIR #================================================= +ynh_script_progression --message="Restoring the app main directory..." --weight=6 -chown -R $app:root $final_path/{data,tmp} +ynh_restore_file --origin_path="$final_path" + +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" #================================================= # RESTORE THE PHP-FPM CONFIGURATION #================================================= +ynh_script_progression --message="Restoring the PHP-FPM configuration..." -ynh_restore_file --origin_path="/etc/php/7.0/fpm/pool.d/$app.conf" +ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" #================================================= # GENERIC FINALIZATION #================================================= # RELOAD NGINX AND PHP-FPM #================================================= -ynh_script_progression --message="Reloading nginx web server and php-fpm..." +ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..." --weight=1 -ynh_systemd_action --service_name=php7.0-fpm --action=reload +ynh_systemd_action --service_name=php$phpversion-fpm --action=reload ynh_systemd_action --service_name=nginx --action=reload #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index bf94e62..1667ea2 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -6,57 +6,27 @@ # IMPORT GENERIC HELPERS #================================================= -# source _common.sh +source _common.sh source /usr/share/yunohost/helpers - #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." +ynh_script_progression --message="Loading installation settings..." --weight=1 app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) -is_public=$(ynh_app_setting_get --app=$app --key=is_public) final_path=$(ynh_app_setting_get --app=$app --key=final_path) +phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= # CHECK VERSION #================================================= +ynh_script_progression --message="Checking version..." upgrade_type=$(ynh_check_app_version_changed) -#================================================= -# ENSURE DOWNWARD COMPATIBILITY -#================================================= -ynh_script_progression --message="Ensuring downward compatibility..." - -# Fix is_public as a boolean value -if [ "$is_public" = "Yes" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=1 - is_public=1 -elif [ "$is_public" = "No" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=0 - is_public=0 -elif [ -z "$is_public" ] -then - if grep --quiet "unprotected_uris" "/etc/yunohost/apps/$app/settings.yml" - then - ynh_app_setting_set --app=$app --key=is_public --value=1 - is_public=1 - else - ynh_app_setting_set --app=$app --key=is_public --value=0 - is_public=0 - fi -fi - -# If final_path doesn't exist, create it -if [ -z "$final_path" ]; then - final_path=/var/www/$app - ynh_app_setting_set --app=$app --key=final_path --value=$final_path -fi - #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= @@ -65,21 +35,40 @@ ynh_script_progression --message="Backing up the app before upgrading (may take # Backup the current version of the app ynh_backup_before_upgrade ynh_clean_setup () { - # restore it if the upgrade fails + # Restore it if the upgrade fails ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script ynh_abort_if_errors -#================================================= -# CHECK THE PATH -#================================================= - -# Normalize the URL path syntax -path_url=$(ynh_normalize_url_path $path_url) - #================================================= # STANDARD UPGRADE STEPS +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= +ynh_script_progression --message="Ensuring downward compatibility..." --weight=3 + +# If final_path doesn't exist, create it +if [ -z "$final_path" ]; then + final_path=/var/www/$app + ynh_app_setting_set --app=$app --key=final_path --value=$final_path +fi + +# Cleaning legacy permissions +if ynh_legacy_permissions_exists; then + ynh_legacy_permissions_delete_all + + ynh_app_setting_delete --app=$app --key=is_public +fi + +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." --weight=2 + +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir=$final_path + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -92,62 +81,35 @@ then ynh_setup_source --dest_dir="$final_path" fi +# Except for data and tmp subdir, where the user must have write permissions +mkdir -p $final_path/{data,tmp} + +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Upgrading nginx web server configuration..." +ynh_script_progression --message="Upgrading NGINX web server configuration..." -# Create a dedicated nginx config +# Create a dedicated NGINX config ynh_add_nginx_config -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." --weight=2 - -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app - #================================================= # PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Upgrading php-fpm configuration..." --weight=3 +ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=3 -# Create a dedicated php-fpm config -ynh_add_fpm_config +# Create a dedicated PHP-FPM config +ynh_add_fpm_config --phpversion=$YNH_PHP_VERSION #================================================= # GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= - -# Set permissions to app files -chown -R root: $final_path -# Files owned by user specific can just read -find $final_path -type f | xargs chmod 644 -find $final_path -type d | xargs chmod 755 - -# except for data and tmp subdir, where the user must have write permissions -mkdir -p $final_path/{data,tmp} -chown -R $app:root $final_path/{data,tmp} -chmod 700 $final_path/{data,tmp} - -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Upgrading SSOwat configuration..." - -# If app is public, add url to SSOWat conf as skipped_uris -if [ $is_public -eq 1 ]; then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" -fi - #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." +ynh_script_progression --message="Reloading NGINX web server..." --weight=1 ynh_systemd_action --service_name=nginx --action=reload