diff --git a/check_process b/check_process index 374da40..c5771c9 100644 --- a/check_process +++ b/check_process @@ -1,24 +1,16 @@ -;; Complete Test -# Comment ignored +;; Test complet ; Manifest - domain="sub.domain.tld" (DOMAIN) -# path="/" (PATH) - password="seceret123" (USER) -# language="fr" -# is_public="Yes" (PUBLIC|public=Yes|private=No) -# is_public=0 (PUBLIC|public=1|private=0) -# port="666" (PORT) + domain="sub.domain.tld" + password="seceret123" ; Checks pkg_linter=1 setup_sub_dir=0 -# setup_sub_dir=0 test disabled because app is always installed on / - setup_root=1 + setup_root=1 setup_nourl=0 - setup_private=0 -# setup_private=0 test disabled because app is always installed as private + setup_private=0 setup_public=0 upgrade=1 - backup_restore=1 + backup_restore=1 multi_instance=1 ;;; Options Email= @@ -26,4 +18,4 @@ Notification=none ;;; Upgrade options ; commit=CommitHash name=Name and date of the commit. - manifest_arg=domain=DOMAIN&path=PATH&admin=USER&is_public=1&password=pass& \ No newline at end of file + manifest_arg=domain=DOMAIN&path=PATH&admin=USER&is_public=1&password=pass& diff --git a/conf/nginx.conf b/conf/nginx.conf index 13a4178..c71a07c 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,5 +1,5 @@ - -location / { +#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; +location __PATH__/ { proxy_pass http://127.0.0.1:__PORT__; proxy_http_version 1.1; diff --git a/scripts/backup b/scripts/backup index 7ee7cd8..e345ceb 100755 --- a/scripts/backup +++ b/scripts/backup @@ -6,7 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= -#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers @@ -15,7 +15,6 @@ source /usr/share/yunohost/helpers #================================================= ynh_clean_setup () { - ### Remove this function if there's nothing to clean before calling the remove script. true } # Exit if an error occurs during the execution of the script @@ -42,8 +41,6 @@ ynh_print_info --message="Declaring files to be backed up..." #================================================= ynh_backup --src_path="$final_path" -ynh_backup --src_path="$datadir" - #================================================= # BACKUP THE NGINX CONFIGURATION #================================================= @@ -56,6 +53,12 @@ ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_backup --src_path="/etc/systemd/system/$app.service" +#================================================= +# BACKUP VARIOUS FILES +#================================================= + +ynh_backup --src_path="$datadir" --is_big + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/install b/scripts/install index 5956b79..44071f8 100755 --- a/scripts/install +++ b/scripts/install @@ -14,7 +14,6 @@ source /usr/share/yunohost/helpers #================================================= ynh_clean_setup () { - ### Remove this function if there's nothing to clean before calling the remove script. true } # Exit if an error occurs during the execution of the script @@ -30,6 +29,7 @@ password=$YNH_APP_ARG_PASSWORD app=$YNH_APP_INSTANCE_NAME datadir="/home/yunohost.app/${app}" + #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= @@ -76,6 +76,14 @@ ynh_install_app_dependencies $pkg_dependencies pip3 install --upgrade pip pip3 install gevent-websocket msgpack-python gevent base58 merkletools rsa PySocks pyasn1 websocket_client gevent-ws coincurve maxminddb +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." + +# Create a system user +ynh_system_user_create --username=$app --home_dir=$final_path + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -85,6 +93,10 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:$app "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= @@ -94,12 +106,21 @@ ynh_script_progression --message="Configuring NGINX web server..." ynh_add_nginx_config #================================================= -# CREATE DEDICATED USER +# SPECIFIC SETUP #================================================= -ynh_script_progression --message="Configuring system user..." +# CREATE DATA DIR +#================================================= +ynh_script_progression --message="Creating data directory..." -# Create a system user -ynh_system_user_create --username=$app --home_dir=$datadir -s +mkdir -p $datadir/data +mkdir -p $datadir/log + +chmod 750 "$datadir" +chmod -R o-rwx "$datadir" +chown -R $app:$app "$datadir" + +# Enable password authentication for Zeronet +mv $final_path/plugins/disabled-UiPassword $final_path/plugins/UiPassword #================================================= # SETUP SYSTEMD @@ -109,27 +130,12 @@ ynh_script_progression --message="Configuring a systemd service..." # Create a dedicated systemd config ynh_add_systemd_config -#================================================= -# SETUP APPLICATION PERMISSIONS -#================================================= - -# Enable password authentication for Zeronet -mv $final_path/plugins/disabled-UiPassword $final_path/plugins/UiPassword - -# Set right permissions -mkdir -p $datadir/data -mkdir -p $datadir/log -chown -R $app: $final_path -chown -R $app: $datadir - #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= ynh_script_progression --message="Integrating service in YunoHost..." -ynh_add_systemd_config --service="$app" --template="systemd.service" --others_var="fs_port port domain datadir password" - -yunohost service add $app --description "$app service" --log "$datadir/log/debug-last.log" --needs_exposed_ports "$fs_port" +yunohost service add $app --description="$app service" --log="$datadir/log/debug-last.log" --needs_exposed_ports="$fs_port" #================================================= # START SYSTEMD SERVICE diff --git a/scripts/remove b/scripts/remove index 3e6e221..b0a8721 100755 --- a/scripts/remove +++ b/scripts/remove @@ -28,7 +28,7 @@ datadir=$(ynh_app_setting_get --app=$app --key=datadir) # REMOVE SERVICE INTEGRATION IN YUNOHOST #================================================= -# Remove the service from the list of services known by Yunohost (added from `yunohost service add`) +# Remove the service from the list of services known by YunoHost (added from `yunohost service add`) if ynh_exec_warn_less yunohost service status $app >/dev/null then ynh_script_progression --message="Removing $app service integration..." @@ -59,7 +59,6 @@ ynh_script_progression --message="Removing app main directory..." # Remove the app directory securely ynh_secure_remove --file="$final_path" -ynh_secure_remove --file="$datadir" #================================================= # REMOVE NGINX CONFIGURATION diff --git a/scripts/restore b/scripts/restore index b99b243..fcad05a 100755 --- a/scripts/restore +++ b/scripts/restore @@ -6,6 +6,7 @@ # IMPORT GENERIC HELPERS #================================================= +# Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers @@ -48,32 +49,27 @@ test ! -d $final_path \ #================================================= # RESTORE THE NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Restoring the NGINX configuration..." ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" -#================================================= -# RESTORE THE APP MAIN DIR -#================================================= -ynh_script_progression --message="Restoring the app main directory..." - -ynh_restore_file --origin_path="$final_path" -ynh_restore_file --origin_path="$datadir" - #================================================= # RECREATE THE DEDICATED USER #================================================= ynh_script_progression --message="Recreating the dedicated system user..." # Create the dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir=$datadir -s +ynh_system_user_create --username=$app --home_dir=$final_path #================================================= -# RESTORE USER RIGHTS +# RESTORE THE APP MAIN DIR #================================================= +ynh_script_progression --message="Restoring the app main directory..." -# Restore permissions on app files -chown -R $app: $final_path -chown -R $app: $datadir +ynh_restore_file --origin_path="$final_path" +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:$app "$final_path" #================================================= # SPECIFIC RESTORATION @@ -87,6 +83,19 @@ ynh_install_app_dependencies $pkg_dependencies pip3 install --upgrade pip pip3 install gevent-websocket msgpack-python gevent base58 merkletools rsa PySocks pyasn1 websocket_client gevent-ws coincurve maxminddb +#================================================= +# RESTORE VARIOUS FILES +#================================================= +ynh_script_progression --message="Restoring various files..." + +# Restore permissions on app files +ynh_restore_file --origin_path="$datadir" + +mkdir -p "$datadir" +chmod 750 "$datadir" +chmod -R o-rwx "$datadir" +chown -R $app:$app "$datadir" + #================================================= # RESTORE SYSTEMD #================================================= @@ -100,7 +109,7 @@ systemctl enable $app.service --quiet #================================================= ynh_script_progression --message="Integrating service in YunoHost..." -yunohost service add $app --description "$app service" --log "$datadir/log/debug-last.log" --needs_exposed_ports "$fs_port" +yunohost service add $app --description="$app service" --log="$datadir/log/debug-last.log" --needs_exposed_ports="$fs_port" #================================================= # START SYSTEMD SERVICE diff --git a/scripts/upgrade b/scripts/upgrade index b1ec08a..10ce28a 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -30,24 +30,6 @@ password=$(ynh_app_setting_get --app=$app --key=password) upgrade_type=$(ynh_check_app_version_changed) -#================================================= -# ENSURE DOWNWARD COMPATIBILITY -#================================================= -ynh_script_progression --message="Ensuring downward compatibility..." - -# If final_path doesn't exist, create it -if [ -z "$final_path" ]; then - final_path=/var/www/$app - ynh_app_setting_set --app=$app --key=final_path --value=$final_path -fi - -# Cleaning legacy permissions -if ynh_legacy_permissions_exists; then - ynh_legacy_permissions_delete_all - - ynh_app_setting_delete --app=$app --key=is_public -fi - #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= @@ -71,6 +53,32 @@ ynh_script_progression --message="Stopping a systemd service..." ynh_systemd_action --service_name=$app --action="stop" --log_path="$datadir/log/debug-last.log" +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= +ynh_script_progression --message="Ensuring downward compatibility..." + +# If final_path doesn't exist, create it +if [ -z "$final_path" ]; then + final_path=/var/www/$app + ynh_app_setting_set --app=$app --key=final_path --value=$final_path +fi + +# Cleaning legacy permissions +if ynh_legacy_permissions_exists; then + ynh_legacy_permissions_delete_all + + ynh_app_setting_delete --app=$app --key=is_public +fi + +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." + +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir=$final_path + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -80,10 +88,14 @@ then ynh_script_progression --message="Upgrading source files..." # Download, check integrity, uncompress and patch the source from app.src - ynh_secure_remove --file="$final_path" + ynh_secure_remove --file="$final_path" ynh_setup_source --dest_dir="$final_path" fi +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:$app "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= @@ -102,12 +114,21 @@ pip3 install --upgrade pip pip3 install gevent-websocket msgpack-python gevent base58 merkletools rsa PySocks pyasn1 websocket_client gevent-ws coincurve maxminddb #================================================= -# CREATE DEDICATED USER +# SPECIFIC UPGRADE #================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." +# CREATE DATA DIR +#================================================= +ynh_script_progression --message="Creating data directory..." -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir=$datadir -s +mkdir -p $datadir/data +mkdir -p $datadir/log + +chmod 750 "$datadir" +chmod -R o-rwx "$datadir" +chown -R $app:$app "$datadir" + +# Enable password authentication for Zeronet +mv $final_path/plugins/disabled-UiPassword $final_path/plugins/UiPassword #================================================= # SETUP SYSTEMD @@ -119,23 +140,11 @@ ynh_add_systemd_config #================================================= # GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= - -# Enable password authentication for Zeronet -mv $final_path/plugins/disabled-UiPassword $final_path/plugins/UiPassword - -# Set permissions on app files -chown -R $app: $final_path -chown -R $app: $datadir - #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= ynh_script_progression --message="Integrating service in YunoHost..." -ynh_add_systemd_config --service="$app" --template="systemd.service" --others_var="fs_port port domain datadir password" yunohost service add $app --description "$app service" --log "$datadir/log/debug-last.log" --needs_exposed_ports "$fs_port" #=================================================