From d93fd925692f5fb6bdd58ebba4c46bb1d3739ad3 Mon Sep 17 00:00:00 2001 From: Krakinou Date: Sun, 13 Nov 2022 14:37:53 +0100 Subject: [PATCH] init install & remove script --- scripts/install | 171 +++++------------------------------------------- scripts/remove | 56 ++-------------- 2 files changed, 20 insertions(+), 207 deletions(-) diff --git a/scripts/install b/scripts/install index 1fc28de..74e0735 100755 --- a/scripts/install +++ b/scripts/install @@ -27,37 +27,16 @@ ynh_abort_if_errors domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH is_public=$YNH_APP_ARG_IS_PUBLIC -language=$YNH_APP_ARG_LANGUAGE -admin=$YNH_APP_ARG_ADMIN -password=$YNH_APP_ARG_PASSWORD - -### If it's a multi-instance app, meaning it can be installed several times independently -### The id of the app as stated in the manifest is available as $YNH_APP_ID -### The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2"...) -### The app instance name is available as $YNH_APP_INSTANCE_NAME -### - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample -### - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2 -### - ynhexample__{N} for the subsequent installations, with N=3,4... -### The app instance name is probably what interests you most, since this is -### guaranteed to be unique. This is a good unique identifier to define installation path, -### db names... app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= -### About --weight and --time -### ynh_script_progression will show to your final users the progression of each scripts. -### In order to do that, --weight will represent the relative time of execution compared to the other steps in the script. -### --time is a packager option, it will show you the execution time since the previous call. -### This option is implied when running in CI_package_check, you can manually add it if you are manually testing the app. -### Use the execution time displayed in the CI report or by adding --time to the command, to estimate the weight of a step. -### A common way to do it is to set a weight equal to the execution time in second +1. -### The execution time is given for the duration since the previous call. So the weight should be applied to this previous call. ynh_script_progression --message="Validating installation parameters..." --weight=1 ### If the app uses NGINX as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app". ### If the app provides an internal web server (or uses another application server such as uWSGI), the final path should be "/opt/yunohost/$app" +##TO BE CHECKED?? final_path=/var/www/$app test ! -e "$final_path" || ynh_die --message="This path already contains a folder" @@ -71,8 +50,6 @@ ynh_script_progression --message="Storing installation settings..." --weight=1 ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url -ynh_app_setting_set --app=$app --key=language --value=$language -ynh_app_setting_set --app=$app --key=admin --value=$admin #================================================= # STANDARD MODIFICATIONS @@ -81,38 +58,10 @@ ynh_app_setting_set --app=$app --key=admin --value=$admin #================================================= ynh_script_progression --message="Finding an available port..." --weight=1 -### Use these lines if you have to open a port for the application -### `ynh_find_port` will find the first available port starting from the given port. -### If you're not using these lines: -### - Remove the section "CLOSE A PORT" in the remove script - # Find an available port -port=$(ynh_find_port --port=8095) +port=$(ynh_find_port --port=8091) ynh_app_setting_set --app=$app --key=port --value=$port -# Optional: Expose this port publicly -# (N.B.: you only need to do this if the app actually needs to expose the port publicly. -# If you do this and the app doesn't actually need you are CREATING SECURITY HOLES IN THE SERVER !) - -# Open the port -# ynh_script_progression --message="Configuring firewall..." --weight=1 -# ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port - -#================================================= -# INSTALL DEPENDENCIES -#================================================= -ynh_script_progression --message="Installing dependencies..." --weight=1 - -### `ynh_install_app_dependencies` allows you to add any "apt" dependencies to the package. -### Those deb packages will be installed as dependencies of this package. -### If you're not using this helper: -### - Remove the section "REMOVE DEPENDENCIES" in the remove script -### - Remove the variable "pkg_dependencies" in _common.sh -### - As well as the section "REINSTALL DEPENDENCIES" in the restore script -### - And the section "UPGRADE DEPENDENCIES" in the upgrade script - -ynh_install_app_dependencies $pkg_dependencies - #================================================= # CREATE DEDICATED USER #================================================= @@ -121,74 +70,24 @@ ynh_script_progression --message="Configuring system user..." --weight=1 # Create a system user ynh_system_user_create --username=$app --home_dir="$final_path" -#================================================= -# CREATE A MYSQL DATABASE -#================================================= -ynh_script_progression --message="Creating a MySQL database..." --weight=1 - -### Use these lines if you need a database for the application. -### `ynh_mysql_setup_db` will create a database, an associated user and a ramdom password. -### The password will be stored as 'mysqlpwd' into the app settings, -### and will be available as $db_pwd -### If you're not using these lines: -### - Remove the section "BACKUP THE MYSQL DATABASE" in the backup script -### - Remove also the section "REMOVE THE MYSQL DATABASE" in the remove script -### - As well as the section "RESTORE THE MYSQL DATABASE" in the restore script - -db_name=$(ynh_sanitize_dbid --db_name=$app) -db_user=$db_name -ynh_app_setting_set --app=$app --key=db_name --value=$db_name -ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." --weight=1 -### `ynh_setup_source` is used to install an app from a zip or tar.gz file, -### downloaded from an upstream source, like a git repository. -### `ynh_setup_source` use the file conf/app.src - ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" -# FIXME: this should be managed by the core in the future -# Here, as a packager, you may have to tweak the ownerhsip/permissions -# such that the appropriate users (e.g. maybe www-data) can access -# files in some cases. -# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder - -# this will be treated as a security issue. chmod 750 "$final_path" chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" - -#================================================= -# PHP-FPM CONFIGURATION -#================================================= -ynh_script_progression --message="Configuring PHP-FPM..." --weight=1 - -### `ynh_add_fpm_config` is used to set up a PHP config. -### You can remove it if your app doesn't use PHP. -### `ynh_add_fpm_config` will use the files conf/php-fpm.conf -### If you're not using these lines: -### - You can remove these files in conf/. -### - Remove the section "BACKUP THE PHP-FPM CONFIGURATION" in the backup script -### - Remove also the section "REMOVE PHP-FPM CONFIGURATION" in the remove script -### - As well as the section "RESTORE THE PHP-FPM CONFIGURATION" in the restore script -### with the reload at the end of the script. -### - And the section "PHP-FPM CONFIGURATION" in the upgrade script - -# Create a dedicated PHP-FPM config -ynh_add_fpm_config +chown -R $app: "$final_path" #================================================= # NGINX CONFIGURATION #================================================= ynh_script_progression --message="Configuring NGINX web server..." --weight=1 -### `ynh_add_nginx_config` will use the file conf/nginx.conf - # Create a dedicated NGINX config ynh_add_nginx_config @@ -198,33 +97,6 @@ ynh_add_nginx_config # ... #================================================= -#================================================= -# CREATE DATA DIRECTORY -#================================================= -ynh_script_progression --message="Creating a data directory..." --weight=1 - -### Use these lines if you need to create a directory to store "persistent files" for the application. -### Usually this directory is used to store uploaded files or any file that won't be updated during -### an upgrade and that won't be deleted during app removal unless "--purge" option is used. -### If you're not using these lines: -### - Remove the section "BACKUP THE DATA DIR" in the backup script -### - Remove the section "RESTORE THE DATA DIRECTORY" in the restore script -### - As well as the section "REMOVE DATA DIR" in the remove script - -datadir=/home/yunohost.app/$app -ynh_app_setting_set --app=$app --key=datadir --value=$datadir - -mkdir -p $datadir - -# FIXME: this should be managed by the core in the future -# Here, as a packager, you may have to tweak the ownerhsip/permissions -# such that the appropriate users (e.g. maybe www-data) can access -# files in some cases. -# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder - -# this will be treated as a security issue. -chmod 750 "$datadir" -chmod -R o-rwx "$datadir" -chown -R $app:www-data "$datadir" #================================================= # ADD A CONFIGURATION @@ -243,13 +115,13 @@ ynh_script_progression --message="Adding a configuration file..." --weight=1 ### ### Check the documentation of `ynh_add_config` for more info. -ynh_add_config --template="some_config_file" --destination="$final_path/some_config_file" +######ynh_add_config --template="some_config_file" --destination="$final_path/some_config_file" # FIXME: this should be handled by the core in the future # You may need to use chmod 600 instead of 400, # for example if the app is expected to be able to modify its own config -chmod 400 "$final_path/some_config_file" -chown $app:$app "$final_path/some_config_file" +#######chmod 400 "$final_path/some_config_file" +#######chown $app:$app "$final_path/some_config_file" ### For more complex cases where you want to replace stuff using regexes, ### you shoud rely on ynh_replace_string (which is basically a wrapper for sed) @@ -263,17 +135,6 @@ chown $app:$app "$final_path/some_config_file" #================================================= ynh_script_progression --message="Configuring a systemd service..." --weight=1 -### `ynh_systemd_config` is used to configure a systemd script for an app. -### It can be used for apps that use sysvinit (with adaptation) or systemd. -### Have a look at the app to be sure this app needs a systemd script. -### `ynh_systemd_config` will use the file conf/systemd.service -### If you're not using these lines: -### - You can remove those files in conf/. -### - Remove the section "BACKUP SYSTEMD" in the backup script -### - Remove also the section "STOP AND REMOVE SERVICE" in the remove script -### - As well as the section "RESTORE SYSTEMD" in the restore script -### - And the section "SETUP SYSTEMD" in the upgrade script - # Create a dedicated systemd config ynh_add_systemd_config @@ -287,16 +148,16 @@ ynh_add_systemd_config ### forms. # Set the app as temporarily public for curl call -ynh_script_progression --message="Configuring SSOwat..." --weight=1 +#####ynh_script_progression --message="Configuring SSOwat..." --weight=1 # Making the app public for curl -ynh_permission_update --permission="main" --add="visitors" +#####ynh_permission_update --permission="main" --add="visitors" # Installation with curl -ynh_script_progression --message="Finalizing installation..." --weight=1 -ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3" +#####ynh_script_progression --message="Finalizing installation..." --weight=1 +#####ynh_local_curl "/INSTALL_PATH" "key1=value1" "key2=value2" "key3=value3" # Remove the public access -ynh_permission_update --permission="main" --remove="visitors" +####ynh_permission_update --permission="main" --remove="visitors" #================================================= # GENERIC FINALIZATION @@ -330,7 +191,7 @@ ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 ### - As well as the section "INTEGRATE SERVICE IN YUNOHOST" in the restore script ### - And the section "INTEGRATE SERVICE IN YUNOHOST" in the upgrade script -yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log" +yunohost service add $app --description="Zwave integration in domoticz" --log="/var/log/$app/$app.log" ### Additional options starting with 3.8: ### @@ -367,10 +228,10 @@ ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$ap #================================================= # SETUP FAIL2BAN #================================================= -ynh_script_progression --message="Configuring Fail2Ban..." --weight=1 +#ynh_script_progression --message="Configuring Fail2Ban..." --weight=1 # Create a dedicated Fail2Ban config -ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" +#ynh_add_fail2ban_config --logpath="/var/log/nginx/${domain}-error.log" --failregex="Regex to match into the log for a failed login" #================================================= # SETUP SSOWAT @@ -389,12 +250,12 @@ fi ### does have for example an admin interface or an API. # Only the admin can access the admin panel of the app (if the app has an admin panel) -ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin +#ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin # Everyone can access the API part # We don't want to display the tile in the SSO so we put --show_tile="false" # And we don't want the YunoHost admin to be able to remove visitors group to this permission, so we put --protected="true" -ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true" +#ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true" #================================================= # RELOAD NGINX diff --git a/scripts/remove b/scripts/remove index ca31e5a..4ddc118 100755 --- a/scripts/remove +++ b/scripts/remove @@ -18,10 +18,7 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) port=$(ynh_app_setting_get --app=$app --key=port) -db_name=$(ynh_app_setting_get --app=$app --key=db_name) -db_user=$db_name final_path=$(ynh_app_setting_get --app=$app --key=final_path) -datadir=$(ynh_app_setting_get --app=$app --key=datadir) #================================================= # STANDARD REMOVE @@ -52,14 +49,6 @@ ynh_script_progression --message="Removing logrotate configuration..." --weight= # Remove the app-specific logrotate config ynh_remove_logrotate -#================================================= -# REMOVE THE MYSQL DATABASE -#================================================= -ynh_script_progression --message="Removing the MySQL database..." --weight=1 - -# Remove a database if it exists, along with the associated user -ynh_mysql_remove_db --db_user=$db_user --db_name=$db_name - #================================================= # REMOVE APP MAIN DIR #================================================= @@ -68,17 +57,6 @@ ynh_script_progression --message="Removing app main directory..." --weight=1 # Remove the app directory securely ynh_secure_remove --file="$final_path" -#================================================= -# REMOVE DATA DIR -#================================================= - -# Remove the data directory if --purge option is used -if [ "${YNH_APP_PURGE:-0}" -eq 1 ] -then - ynh_script_progression --message="Removing app data directory..." --weight=1 - ynh_secure_remove --file="$datadir" -fi - #================================================= # REMOVE NGINX CONFIGURATION #================================================= @@ -87,39 +65,13 @@ ynh_script_progression --message="Removing NGINX web server configuration..." -- # Remove the dedicated NGINX config ynh_remove_nginx_config -#================================================= -# REMOVE PHP-FPM CONFIGURATION -#================================================= -ynh_script_progression --message="Removing PHP-FPM configuration..." --weight=1 - -# Remove the dedicated PHP-FPM config -ynh_remove_fpm_config - -#================================================= -# REMOVE DEPENDENCIES -#================================================= -ynh_script_progression --message="Removing dependencies..." --weight=1 - -# Remove metapackage and its dependencies -ynh_remove_app_dependencies - -#================================================= -# CLOSE A PORT -#================================================= - -if yunohost firewall list | grep -q "\- $port$" -then - ynh_script_progression --message="Closing port $port..." --weight=1 - ynh_exec_warn_less yunohost firewall disallow TCP $port -fi - #================================================= # REMOVE FAIL2BAN CONFIGURATION #================================================= -ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=1 +#ynh_script_progression --message="Removing Fail2Ban configuration..." --weight=1 # Remove the dedicated Fail2Ban config -ynh_remove_fail2ban_config +#ynh_remove_fail2ban_config #================================================= # SPECIFIC REMOVE @@ -129,10 +81,10 @@ ynh_remove_fail2ban_config ynh_script_progression --message="Removing various files..." --weight=1 # Remove a cron file -ynh_secure_remove --file="/etc/cron.d/$app" +#ynh_secure_remove --file="/etc/cron.d/$app" # Remove a directory securely -ynh_secure_remove --file="/etc/$app" +#ynh_secure_remove --file="/etc/$app" # Remove the log files ynh_secure_remove --file="/var/log/$app"