From 42913fc917c98766b0cbba47a3b40148dffaac58 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Sat, 2 Sep 2017 22:57:43 +0200 Subject: [PATCH] Refactoring --- check_process | 4 +- conf/app.src | 6 ++ manifest.json | 9 ++- scripts/_common | 207 +----------------------------------------------- scripts/backup | 63 +++++++++------ scripts/install | 115 +++++++++++++++++++++------ scripts/remove | 46 +++++++++-- scripts/restore | 130 ++++++++++++++---------------- scripts/upgrade | 151 ++++++++++++++++++++++++++--------- 9 files changed, 352 insertions(+), 379 deletions(-) create mode 100644 conf/app.src diff --git a/check_process b/check_process index 419b455..121d126 100644 --- a/check_process +++ b/check_process @@ -1,5 +1,4 @@ -;; Nom du test - auto_remove=1 +;; Test complet ; Manifest domain="domain.tld" (DOMAIN) path="/path" (PATH) @@ -16,6 +15,7 @@ multi_instance=1 incorrect_path=1 port_already_use=0 + change_url=0 ;;; Levels Level 1=auto Level 2=auto diff --git a/conf/app.src b/conf/app.src new file mode 100644 index 0000000..bb5311d --- /dev/null +++ b/conf/app.src @@ -0,0 +1,6 @@ +SOURCE_URL=https://github.com/PrivateBin/PrivateBin/archive/1.1.tar.gz +SOURCE_SUM=61d18753c792d83f54ad9e414d1d32198ab873054907081e732effd5ccbe96ef +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=tar.gz +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= diff --git a/manifest.json b/manifest.json index 4236550..a4f99f8 100644 --- a/manifest.json +++ b/manifest.json @@ -2,19 +2,20 @@ "name": "Zerobin", "id": "zerobin", "packaging_format": 1, - "requirements": { - "yunohost": ">> 2.3.15" - }, "description": { "en": "A minimalist, opensource online pastebin where the server has zero knowledge of pasted data", "fr": "Un pastebin minimaliste, libre et où le serveur n'a aucune connaissance des données copiées" }, + "version": "1.1", "url": "http://sebsauvage.net/wiki/doku.php?id=php:zerobin", + "license": "Zlib", "maintainer": { "name": "julien", "email": "julien.malik@paraiso.me" }, - "license": "free", + "requirements": { + "yunohost": ">= 2.7.2" + }, "multi_instance": true, "services": [ "nginx", diff --git a/scripts/_common b/scripts/_common index 03e6cc2..a9bf588 100644 --- a/scripts/_common +++ b/scripts/_common @@ -1,206 +1 @@ -PRIVATEBIN_VERSION="1.1" -PRIVATEBIN_SOURCE_URL="https://github.com/PrivateBin/PrivateBin/archive/${PRIVATEBIN_VERSION}.tar.gz" -PRIVATEBIN_SOURCE_SHA256="61d18753c792d83f54ad9e414d1d32198ab873054907081e732effd5ccbe96ef" - -# Substitute a string by another in a file -# -# usage: ynh_substitute_char string_to_find replace_string file_to_analyse -# | arg: string_to_find - String to replace in the file -# | arg: replace_string - New string that will replace -# | arg: file_to_analyse - File where the string will be replaced. -ynh_substitute_char () { - delimit=@ - match_char=${1//${delimit}/"\\${delimit}"} # Escape the delimiter if it's in the string. - replace_char=${2//${delimit}/"\\${delimit}"} - workfile=$3 - - sudo sed --in-place "s${delimit}${match_char}${delimit}${replace_char}${delimit}g" "$workfile" -} - -ynh_store_checksum_config () { - config_file_checksum=checksum_${1//[\/ ]/_} # Replace all '/' and ' ' by '_' - ynh_app_setting_set $app $config_file_checksum $(sudo md5sum "$1" | cut -d' ' -f1) -} - -extract_source () { - local DESTDIR=$1 - - # retrieve and extract Roundcube tarball - rc_tarball="${DESTDIR}/privatebin.tar.gz" - sudo wget -q -O "$rc_tarball" "$PRIVATEBIN_SOURCE_URL" \ - || ynh_die "Unable to download source tarball" - echo "$PRIVATEBIN_SOURCE_SHA256 $rc_tarball" | sha256sum -c >/dev/null \ - || ynh_die "Invalid checksum of downloaded tarball" - sudo tar xf "$rc_tarball" -C "$DESTDIR" --strip-components 1 \ - || ynh_die "Unable to extract source tarball" - sudo rm "$rc_tarball" -} - - -# Add config nginx -ynh_nginx_config () { - finalnginxconf="/etc/nginx/conf.d/$domain.d/$app.conf" - ynh_compare_checksum_config "$finalnginxconf" 1 - sudo cp ../conf/nginx.conf "$finalnginxconf" - - # To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable. - # Substitute in a nginx config file only if the variable is not empty - if test -n "${path:-}"; then - ynh_substitute_char "__PATH__" "$path" "$finalnginxconf" - fi - if test -n "${domain:-}"; then - ynh_substitute_char "__DOMAIN__" "$domain" "$finalnginxconf" - fi - if test -n "${port:-}"; then - ynh_substitute_char "__PORT__" "$port" "$finalnginxconf" - fi - if test -n "${app:-}"; then - ynh_substitute_char "__NAME__" "$app" "$finalnginxconf" - fi - if test -n "${final_path:-}"; then - ynh_substitute_char "__FINALPATH__" "$final_path" "$finalnginxconf" - fi - ynh_store_checksum_config "$finalnginxconf" - - sudo systemctl reload nginx -} - -# Remove config nginx -ynh_remove_nginx_config () { - ynh_secure_remove "/etc/nginx/conf.d/$domain.d/$app.conf" - sudo systemctl reload nginx -} - -ynh_fpm_config () { - finalphpconf="/etc/php5/fpm/pool.d/$app.conf" - ynh_compare_checksum_config "$finalphpconf" 1 - sudo cp ../conf/php-fpm.conf "$finalphpconf" - ynh_substitute_char "__NAMETOCHANGE__" "$app" "$finalphpconf" - ynh_substitute_char "__FINALPATH__" "$final_path" "$finalphpconf" - ynh_substitute_char "__USER__" "$app" "$finalphpconf" - sudo chown root: "$finalphpconf" - ynh_store_checksum_config "$finalphpconf" - - if [ -e "../conf/php-fpm.ini" ] - then - finalphpini="/etc/php5/fpm/conf.d/20-$app.ini" - ynh_compare_checksum_config "$finalphpini" 1 - sudo cp ../conf/php-fpm.ini "$finalphpini" - sudo chown root: "$finalphpini" - ynh_store_checksum_config "$finalphpini" - fi - - sudo systemctl reload php5-fpm -} - -ynh_remove_fpm_config () { - ynh_secure_remove "/etc/php5/fpm/pool.d/$app.conf" - ynh_secure_remove "/etc/php5/fpm/conf.d/20-$app.ini" - sudo systemctl reload php5-fpm -} - -# Remove a file or a directory securely -# -# usage: ynh_secure_remove path_to_remove -# | arg: path_to_remove - File or directory to remove -ynh_secure_remove () { - path_to_remove=$1 - forbidden_path=" \ - /var/www \ - /home/yunohost.app" - - if [[ "$forbidden_path" =~ "$path_to_remove" \ - # Match all path or subpath in $forbidden_path - || "$path_to_remove" =~ ^/[[:alnum:]]+$ \ - # Match all first level path from / (Like /var, /root, etc...) - || "${path_to_remove:${#path_to_remove}-1}" = "/" ]] - # Match if the path finish by /. Because it's seems there is an empty variable - then - echo "Avoid deleting of $path_to_remove." >&2 - else - if [ -e "$path_to_remove" ] - then - sudo rm -R "$path_to_remove" - else - echo "$path_to_remove doesn't deleted because it's not exist." >&2 - fi - fi -} - -# Create a system user -# -# usage: ynh_system_user_create user_name [home_dir] -# | arg: user_name - Name of the system user that will be create -# | arg: home_dir - Path of the home dir for the user. Usually the final path of the app. If this argument is omitted, the user will be created without home -ynh_system_user_create () { - if ! ynh_system_user_exists "$1" # Check if the user exists on the system - then # If the user doesn't exist - if [ $# -ge 2 ]; then # If a home dir is mentioned - user_home_dir="-d $2" - else - user_home_dir="--no-create-home" - fi - sudo useradd $user_home_dir --system --user-group $1 --shell /usr/sbin/nologin || ynh_die "Unable to create $1 system account" - fi -} - -# Delete a system user -# -# usage: ynh_system_user_delete user_name -# | arg: user_name - Name of the system user that will be create -ynh_system_user_delete () { - if ynh_system_user_exists "$1" # Check if the user exists on the system - then - echo "Remove the user $1" >&2 - sudo userdel $1 - else - echo "The user $1 was not found" >&2 - fi -} - -ynh_compare_checksum_config () { - current_config_file=$1 - compress_backup=${2:-0} # If $2 is empty, compress_backup will set at 0 - config_file_checksum=checksum_${current_config_file//[\/ ]/_} # Replace all '/' and ' ' by '_' - checksum_value=$(ynh_app_setting_get $app $config_file_checksum) - if [ -n "$checksum_value" ] - then # Proceed only if a value was stocked into the app config - if ! echo "$checksum_value $current_config_file" | md5sum -c --status - then # If the checksum is now different - backup_config_file="$current_config_file.backup.$(date '+%d.%m.%y_%Hh%M,%Ss')" - if [ compress_backup -eq 1 ] - then - sudo tar --create --gzip --file "$backup_config_file.tar.gz" "$current_config_file" # Backup the current config file and compress - backup_config_file="$backup_config_file.tar.gz" - else - sudo cp -a "$current_config_file" "$backup_config_file" # Backup the current config file - fi - echo "Config file $current_config_file has been manually modified since the installation or last upgrade. So it has been duplicated in $backup_config_file" >&2 - echo "$backup_config_file" # Return the name of the backup file - fi - fi -} - -# Normalize the url path syntax -# Handle the slash at the beginning of path and its absence at ending -# Return a normalized url path -# -# example: url_path=$(ynh_normalize_url_path $url_path) -# ynh_normalize_url_path example -> /example -# ynh_normalize_url_path /example -> /example -# ynh_normalize_url_path /example/ -> /example -# ynh_normalize_url_path / -> / -# -# usage: ynh_normalize_url_path path_to_normalize -# | arg: url_path_to_normalize - URL path to normalize before using it -ynh_normalize_url_path () { - path_url=$1 - test -n "$path_url" || ynh_die "ynh_normalize_url_path expect a URL path as first argument and received nothing." - if [ "${path_url:0:1}" != "/" ]; then # If the first character is not a / - path_url="/$path_url" # Add / at begin of path variable - fi - if [ "${path_url:${#path_url}-1}" == "/" ] && [ ${#path_url} -gt 1 ]; then # If the last character is a / and that not the only character. - path_url="${path_url:0:${#path_url}-1}" # Delete the last character - fi - echo $path_url -} +#!/bin/bash diff --git a/scripts/backup b/scripts/backup index 44e5f23..6433b6e 100644 --- a/scripts/backup +++ b/scripts/backup @@ -1,36 +1,47 @@ #!/bin/bash -# causes the shell to exit if any subcommand or pipeline returns a non-zero status -set -eu +#================================================= +# GENERIC START + +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -# Source YNH helpers source /usr/share/yunohost/helpers -# This is a multi-instance app, meaning it can be installed several times independently -# The id of the app as stated in the manifest is available as $YNH_APP_ID -# The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2", ...) -# The app instance name is available as $YNH_APP_INSTANCE_NAME -# - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample -# - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2 -# - ynhexample__{N} for the subsequent installations, with N=3,4, ... -# The app instance name is probably what you are interested the most, since this is -# guaranteed to be unique. This is a good unique identifier to define installation path, -# db names, ... +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# LOAD SETTINGS +#================================================= + app=$YNH_APP_INSTANCE_NAME -# Retrieve arguments -domain=$(ynh_app_setting_get "$app" domain) +final_path=$(ynh_app_setting_get $app final_path) +domain=$(ynh_app_setting_get $app domain) -# Backup directory location for the app from where the script is executed and -# which will be compressed afterward -backup_dir=$YNH_APP_BACKUP_DIR +#================================================= +# STANDARD BACKUP STEPS +#================================================= +# BACKUP THE APP MAIN DIR +#================================================= -# Backup sources & data -ynh_backup "/var/www/${app}" "sources" +ynh_backup "$final_path" -# Copy Nginx conf -sudo mkdir -p ./conf -ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" "conf/nginx.conf" -# Copy the php-fpm conf files -ynh_backup "/etc/php5/fpm/pool.d/${app}.conf" "php-fpm.conf" -ynh_backup "/etc/php5/fpm/conf.d/20-${app}.ini" "php-fpm.ini" \ No newline at end of file +#================================================= +# BACKUP THE NGINX CONFIGURATION +#================================================= + +ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" + +#================================================= +# BACKUP THE PHP-FPM CONFIGURATION +#================================================= + +ynh_backup "/etc/php5/fpm/pool.d/$app.conf" +ynh_backup "/etc/php5/fpm/conf.d/20-$app.ini" diff --git a/scripts/install b/scripts/install index c3036ab..8631e71 100644 --- a/scripts/install +++ b/scripts/install @@ -1,51 +1,114 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -set -eu +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -# Source app helpers -source ./_common source /usr/share/yunohost/helpers +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# RETRIEVE ARGUMENTS FROM THE MANIFEST +#================================================= + # Retrieve arguments domain=$YNH_APP_ARG_DOMAIN -path=$(ynh_normalize_url_path $YNH_APP_ARG_PATH) +path_url=$YNH_APP_ARG_PATH is_public=$YNH_APP_ARG_IS_PUBLIC app=$YNH_APP_INSTANCE_NAME -# Check domain/path availability -sudo yunohost app checkurl "${domain}${path}" -a "$app" +#================================================= +# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS +#================================================= -# Copy files to the right place final_path=/var/www/$app -sudo mkdir -p $final_path -extract_source $final_path +test ! -e "$final_path" || ynh_die "This path already contains a folder" -# Create system user dedicace for this app +# Normalize the url path syntax +path_url=$(ynh_normalize_url_path $path_url) + +# Check web path availability +ynh_webpath_available $domain $path_url +# Register (book) web path +ynh_webpath_register $app $domain $path_url + +#================================================= +# STORE SETTINGS FROM MANIFEST +#================================================= + +ynh_app_setting_set $app domain $domain +ynh_app_setting_set $app path $path_url +ynh_app_setting_set $app is_public $is_public + +#================================================= +# STANDARD MODIFICATIONS +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= + +ynh_app_setting_set $app final_path $final_path +# Download, check integrity, uncompress and patch the source from app.src +ynh_setup_source "$final_path" + +#================================================= +# NGINX CONFIGURATION +#================================================= + +# Create a dedicated nginx config +ynh_add_nginx_config + +#================================================= +# CREATE DEDICATED USER +#================================================= + +# Create a system user ynh_system_user_create $app +#================================================= +# PHP-FPM CONFIGURATION +#================================================= + +# Create a dedicated php-fpm config +ynh_add_fpm_config + +#================================================= +# GENERIC FINALIZATION +#================================================= +# SECURE FILES AND DIRECTORIES +#================================================= + +# Set permissions to app files +chown -R root: $final_path # Files owned by user specific can just read -sudo find $final_path -type f | xargs sudo chmod 644 -sudo find $final_path -type d | xargs sudo chmod 755 -sudo chown -R root: $final_path +find $final_path -type f | xargs chmod 644 +find $final_path -type d | xargs chmod 755 -# except for data and tmp subdir, where www-data must have write permissions -sudo mkdir -p $final_path/{data,tmp} -sudo chown -R $app:root $final_path/{data,tmp} -sudo chmod 700 $final_path/{data,tmp} +# except for data and tmp subdir, where the user must have write permissions +mkdir -p $final_path/{data,tmp} +chown -R $app:root $final_path/{data,tmp} +chmod 700 $final_path/{data,tmp} -# Modify Nginx configuration file and copy it to Nginx conf directory -ynh_nginx_config - -# Create the php-fpm pool config -ynh_fpm_config +#================================================= +# SETUP SSOWAT +#================================================= # If app is public, add url to SSOWat conf as skipped_uris -if [[ $is_public -eq 1 ]]; then +if [ $is_public -eq 1 ]; then # unprotected_uris allows SSO credentials to be passed anyway. ynh_app_setting_set "$app" unprotected_uris "/" fi -sudo systemctl reload nginx -sudo yunohost app ssowatconf +#================================================= +# RELOAD NGINX +#================================================= + +systemctl reload nginx diff --git a/scripts/remove b/scripts/remove index e4fcab5..19e3821 100644 --- a/scripts/remove +++ b/scripts/remove @@ -1,22 +1,52 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -set -u +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -# Source app helpers -source ./_common source /usr/share/yunohost/helpers +#================================================= +# LOAD SETTINGS +#================================================= + # Get multi-instances specific variables app=$YNH_APP_INSTANCE_NAME # Retrieve arguments domain=$(ynh_app_setting_get "$app" domain) +final_path=$(ynh_app_setting_get $app final_path) -ynh_secure_remove /var/www/$app -ynh_secure_remove /etc/nginx/conf.d/$domain.d/$app.conf +#================================================= +# STANDARD REMOVE +#================================================= +# REMOVE APP MAIN DIR +#================================================= + +# Remove the app directory securely +ynh_secure_remove "$final_path" + +#================================================= +# REMOVE NGINX CONFIGURATION +#================================================= + +# Remove the dedicated nginx config +ynh_remove_nginx_config + +#================================================= +# REMOVE PHP-FPM CONFIGURATION +#================================================= + +# Remove the dedicated php-fpm config ynh_remove_fpm_config -ynh_system_user_delete $app +#================================================= +# GENERIC FINALIZATION +#================================================= +# REMOVE DEDICATED USER +#================================================= -sudo systemctl reload nginx \ No newline at end of file +# Delete a system user +ynh_system_user_delete $app diff --git a/scripts/restore b/scripts/restore index 1b382c8..2840545 100644 --- a/scripts/restore +++ b/scripts/restore @@ -1,86 +1,78 @@ #!/bin/bash -# causes the shell to exit if any subcommand or pipeline returns a non-zero status -set -eu +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -if [ ! -e _common ]; then - # Fetch helpers file if not in current directory - sudo cp ../settings/scripts/_common ./_common - sudo chmod a+rx _common -fi -source _common -# Source app helpers source /usr/share/yunohost/helpers -# This is a multi-instance app, meaning it can be installed several times independently -# The id of the app as stated in the manifest is available as $YNH_APP_ID -# The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2", ...) -# The app instance name is available as $YNH_APP_INSTANCE_NAME -# - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample -# - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2 -# - ynhexample__{N} for the subsequent installations, with N=3,4, ... -# The app instance name is probably what you are interested the most, since this is -# guaranteed to be unique. This is a good unique identifier to define installation path, -# db names, ... +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# LOAD SETTINGS +#================================================= + app=$YNH_APP_INSTANCE_NAME -# Retrieve arguments -domain=$(ynh_app_setting_get "$app" domain) -path=$(ynh_app_setting_get "$app" path) -user=$(ynh_app_setting_get $app allowed_users) -is_public=$(ynh_app_setting_get $app is_public) +domain=$(ynh_app_setting_get $app domain) +path_url=$(ynh_app_setting_get $app path) +final_path=$(ynh_app_setting_get $app final_path) -# Check domain/path availability -sudo yunohost app checkurl "${domain}${path}" -a "$app" +#================================================= +# CHECK IF THE APP CAN BE RESTORED +#================================================= -# Check $final_path -final_path="/var/www/${app}" -if [ -d $final_path ]; then - ynh_die "There is already a directory: $final_path" -fi +ynh_webpath_available $domain $path_url \ + || ynh_die "Path not available: ${domain}${path_url}" +test ! -d $final_path \ + || ynh_die "There is already a directory: $final_path " -# Check configuration files -nginx_conf="/etc/nginx/conf.d/${domain}.d/${app}.conf" -if [ -f $nginx_conf ]; then - ynh_die "The NGINX configuration already exists at '${nginx_conf}'. - You should safely delete it before restoring this app." -fi -# Check configuration files php-fpm -phpfpm_conf="/etc/php5/fpm/pool.d/php-fpm-${app}.conf" -if [ -f $phpfpm_conf ]; then - ynh_die "The PHP FPM configuration already exists at '${phpfpm_conf}'. - You should safely delete it before restoring this app." -fi +#================================================= +# STANDARD RESTORATION STEPS +#================================================= +# RESTORE THE NGINX CONFIGURATION +#================================================= -phpfpm_ini="/etc/php5/fpm/conf.d/20-${app}.ini" -if [ -f $phpfpm_ini ]; then - ynh_die "The PHP FPM INI configuration already exists at '${phpfpm_ini}'. - You should safely delete it before restoring this app." -fi -# Create dedicated system user for this app +ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" + +#================================================= +# RESTORE THE APP MAIN DIR +#================================================= + +ynh_restore_file "$final_path" + +#================================================= +# RECREATE THE DEDICATED USER +#================================================= + +# Create the dedicated user (if not existing) ynh_system_user_create $app -# Restore sources & data -sudo cp -a "./sources" $final_path +#================================================= +# RESTORE USER RIGHTS +#================================================= -# Set permissions -sudo chown -R root:root $final_path -sudo chown -R $app:root $final_path/{data,tmp} -sudo chmod -R 700 $final_path/{data,tmp} +chown -R $app:root $final_path/{data,tmp} -# Restore nginx configuration files -sudo cp -a ./conf/nginx.conf "${nginx_conf}" -# Restore php-fpm configuration files -sudo cp -a ./php-fpm.conf "${phpfpm_conf}" -sudo cp -a ./php-fpm.ini "${phpfpm_ini}" +#================================================= +# RESTORE THE PHP-FPM CONFIGURATION +#================================================= -# Set ssowat config -if [ "$is_public" = "Yes" ]; -then - ynh_app_setting_set $app unprotected_uris "/" -fi +ynh_restore_file "/etc/php5/fpm/pool.d/$app.conf" +ynh_restore_file "/etc/php5/fpm/conf.d/20-$app.ini" -# Reload service -sudo systemctl reload nginx -sudo systemctl reload php5-fpm -sudo yunohost app ssowatconf +#================================================= +# GENERIC FINALIZATION +#================================================= +# RELOAD NGINX AND PHP-FPM +#================================================= + +systemctl reload php5-fpm +systemctl reload nginx diff --git a/scripts/upgrade b/scripts/upgrade index 755853e..1339e41 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,30 +1,93 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -set -eu -# Source app helpers -source ./_common +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + source /usr/share/yunohost/helpers +#================================================= +# LOAD SETTINGS +#================================================= + app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get "$app" domain) -path=$(ynh_app_setting_get "$app" path) -user=$(ynh_app_setting_get "$app" user) +domain=$(ynh_app_setting_get $app domain) +path_url=$(ynh_app_setting_get $app path) is_public=$(ynh_app_setting_get $app is_public) +final_path=$(ynh_app_setting_get $app final_path) -# Remove trailing "/" for next commands -if [[ ! "$path" == "/" ]]; then - path=${path%/} +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= + +# Fix is_public as a boolean value +if [ "$is_public" = "Yes" ]; then + ynh_app_setting_set $app is_public 1 + is_public=1 +elif [ "$is_public" = "No" ]; then + ynh_app_setting_set $app is_public 0 + is_public=0 fi -# Create system user dedicace for this app +# If final_path doesn't exist, create it +if [ -z $final_path ]; then + final_path=/var/www/$app + ynh_app_setting_set $app final_path $final_path +fi + +#================================================= +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +#================================================= + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# CHECK THE PATH +#================================================= + +# Normalize the URL path syntax +path_url=$(ynh_normalize_url_path $path_url) + +#================================================= +# STANDARD UPGRADE STEPS +#================================================= +# NGINX CONFIGURATION +#================================================= + +# Create a dedicated nginx config +ynh_add_nginx_config + +#================================================= +# CREATE DEDICATED USER +#================================================= + +# Create a system user ynh_system_user_create $app -# Init final_path, if ever it got deleted somehow -final_path=/var/www/$app -sudo mkdir -p $final_path +#================================================= +# PHP-FPM CONFIGURATION +#================================================= +# Create a dedicated php-fpm config +ynh_add_fpm_config + +#================================================= +# SPECIFIC UPGRADE +#================================================= +# REMOVE OLD FILES +#================================================= + +# ??? Maybe julienmalik can explain us why he would remove all this files. # Clean all files and directory except the data directory ynh_secure_remove $final_path/cfg ynh_secure_remove $final_path/CREDITS.md @@ -43,34 +106,46 @@ ynh_secure_remove $final_path/robots.txt ynh_secure_remove $final_path/tpl ynh_secure_remove $final_path/data -# Copy files to the right place -extract_source $final_path +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= -# Files owned by root, www-data can just read -sudo find $final_path -type f | xargs sudo chmod 644 -sudo find $final_path -type d | xargs sudo chmod 755 -sudo chown -R root: $final_path +# Download, check integrity, uncompress and patch the source from app.src +ynh_setup_source "$final_path" -# except for data and tmp subdir, where www-data must have write permissions -sudo mkdir -p $final_path/{data,tmp} -sudo chown -R $app:root $final_path/{data,tmp} -sudo chmod 700 $final_path/{data,tmp} +#================================================= +# GENERIC FINALIZATION +#================================================= +# SECURE FILES AND DIRECTORIES +#================================================= -# Modify Nginx configuration file and copy it to Nginx conf directory -ynh_nginx_config +# Set permissions to app files +chown -R root: $final_path +# Files owned by user specific can just read +find $final_path -type f | xargs chmod 644 +find $final_path -type d | xargs chmod 755 -# Create the php-fpm pool config -ynh_fpm_config +# except for data and tmp subdir, where the user must have write permissions +mkdir -p $final_path/{data,tmp} +chown -R $app:root $final_path/{data,tmp} +chmod 700 $final_path/{data,tmp} -# Set ssowat config -if [ "$is_public" = "Yes" ]; then - ynh_app_setting_set $app is_public 1 # Fixe is_public en booléen - is_public=1 -else - ynh_app_setting_set $app is_public 0 - is_public=0 +#================================================= +# SETUP SSOWAT +#================================================= + +#================================================= +# SETUP SSOWAT +#================================================= + +# If app is public, add url to SSOWat conf as skipped_uris +if [ $is_public -eq 1 ]; then + # unprotected_uris allows SSO credentials to be passed anyway. + ynh_app_setting_set "$app" unprotected_uris "/" fi -# Reload Nginx -sudo systemctl reload nginx -sudo yunohost app ssowatconf +#================================================= +# RELOAD NGINX +#================================================= + +systemctl reload nginx