[fix] Update package first install and call some conf_regen hooks with init

data/hooks/conf_regen/01-yunohost

@@ -2,8 +2,11 @@
 
 set -e
 
-do_pre_regen() {
-  pending_dir=$1
+do_init_regen() {
+  if [[ $EUID -ne 0 ]]; then
+    echo "You must be root to run this script" 1>&2
+    exit 1
+  fi
 
   cd /usr/share/yunohost/templates/yunohost
 
@@ -11,14 +14,14 @@ do_pre_regen() {
 
   # set default current_host
   [[ -f /etc/yunohost/current_host ]] \
-    || echo "yunohost.org" | sudo tee /etc/yunohost/current_host
+    || echo "yunohost.org" > /etc/yunohost/current_host
 
   # copy default firewall and services
   # TODO: update them as needed with upgrades
   [[ -f /etc/yunohost/firewall.yml ]] \
-    || sudo cp firewall.yml /etc/yunohost/firewall.yml
+    || cp firewall.yml /etc/yunohost/firewall.yml
   [[ -f /etc/yunohost/services.yml ]] \
-    || sudo cp services.yml /etc/yunohost/services.yml
+    || cp services.yml /etc/yunohost/services.yml
 
   # allow users to access /media directory
   [[ -d /etc/skel/media ]] \
@@ -28,10 +31,10 @@ do_pre_regen() {
 FORCE=$2
 
 case "$1" in
-  pre)
-    do_pre_regen $3
+  pre|post)
     ;;
-  post)
+  init)
+    do_init_regen
     ;;
   *)
     echo "hook called with unknown argument \`$1'" >&2

data/hooks/conf_regen/02-ssl

@@ -4,6 +4,59 @@ set -e
 
 ssl_dir="/usr/share/yunohost/yunohost-config/ssl/yunoCA"
 
+do_init_regen() {
+  if [[ $EUID -ne 0 ]]; then
+    echo "You must be root to run this script" 1>&2
+    exit 1
+  fi
+
+  # create certs and SSL directories
+  mkdir -p "/etc/yunohost/certs/yunohost.org"
+  mkdir -p "${ssl_dir}/"{ca,certs,crl,newcerts}
+
+  # initialize some files
+  [[ -f "${ssl_dir}/serial" ]] \
+    || echo "00" > "${ssl_dir}/serial"
+  [[ -f "${ssl_dir}/index.txt" ]] \
+    || touch "${ssl_dir}/index.txt"
+
+  openssl_conf="/usr/share/yunohost/templates/ssl/openssl.cnf"
+
+  # create default certificates
+  if [[ ! -f /etc/yunohost/certs/yunohost.org/ca.pem ]]; then
+      openssl req -x509 -new -config "$openssl_conf" \
+        -days 3650 -out "${ssl_dir}/ca/cacert.pem" \
+        -keyout "${ssl_dir}/ca/cakey.pem" -nodes -batch 2>&1
+      cp "${ssl_dir}/ca/cacert.pem" \
+        /etc/yunohost/certs/yunohost.org/ca.pem
+      ln -sf /etc/yunohost/certs/yunohost.org/ca.pem \
+        /etc/ssl/certs/ca-yunohost_crt.pem
+      update-ca-certificates
+  fi
+
+  if [[ ! -f /etc/yunohost/certs/yunohost.org/crt.pem ]]; then
+      openssl req -new -config "$openssl_conf" \
+        -days 730 -out "${ssl_dir}/certs/yunohost_csr.pem" \
+        -keyout "${ssl_dir}/certs/yunohost_key.pem" -nodes -batch 2>&1
+      openssl ca -config "$openssl_conf" \
+        -days 730 -in "${ssl_dir}/certs/yunohost_csr.pem" \
+        -out "${ssl_dir}/certs/yunohost_crt.pem" -batch 2>&1
+
+      last_cert=$(ls $ssl_dir/newcerts/*.pem | sort -V | tail -n 1)
+      chmod 640 "${ssl_dir}/certs/yunohost_key.pem"
+      chmod 640 "$last_cert"
+
+      cp "${ssl_dir}/certs/yunohost_key.pem" \
+        /etc/yunohost/certs/yunohost.org/key.pem
+      cp "$last_cert" \
+        /etc/yunohost/certs/yunohost.org/crt.pem
+      ln -sf /etc/yunohost/certs/yunohost.org/crt.pem \
+        /etc/ssl/certs/yunohost_crt.pem
+      ln -sf /etc/yunohost/certs/yunohost.org/key.pem \
+        /etc/ssl/private/yunohost_key.pem
+  fi
+}
+
 do_pre_regen() {
   pending_dir=$1
 
@@ -15,46 +68,7 @@ do_pre_regen() {
 do_post_regen() {
   regen_conf_files=$1
 
-  sudo mkdir -p "/etc/yunohost/certs/yunohost.org"
-  sudo mkdir -p "${ssl_dir}/"{ca,certs,crl,newcerts}
-
-  [[ -f "${ssl_dir}/serial" ]] \
-    || (echo "00" | sudo tee "${ssl_dir}/serial")
-  [[ -f "${ssl_dir}/index.txt" ]] \
-    || sudo touch "${ssl_dir}/index.txt"
-
-  if [[ ! -f /etc/yunohost/certs/yunohost.org/ca.pem ]]; then
-      sudo openssl req -x509 -new -config $ssl_dir/openssl.cnf \
-        -days 3650 -out $ssl_dir/ca/cacert.pem \
-        -keyout $ssl_dir/ca/cakey.pem -nodes -batch 2>&1
-      sudo cp $ssl_dir/ca/cacert.pem \
-        /etc/yunohost/certs/yunohost.org/ca.pem
-      sudo ln -sf /etc/yunohost/certs/yunohost.org/ca.pem \
-        /etc/ssl/certs/ca-yunohost_crt.pem
-      sudo update-ca-certificates
-  fi
-
-  if [[ ! -f /etc/yunohost/certs/yunohost.org/crt.pem ]]; then
-      sudo openssl req -new -config $ssl_dir/openssl.cnf \
-        -days 730 -out $ssl_dir/certs/yunohost_csr.pem \
-        -keyout $ssl_dir/certs/yunohost_key.pem -nodes -batch 2>&1
-      sudo openssl ca -config $ssl_dir/openssl.cnf \
-        -days 730 -in $ssl_dir/certs/yunohost_csr.pem \
-        -out $ssl_dir/certs/yunohost_crt.pem -batch 2>&1
-
-      last_cert=$(ls $ssl_dir/newcerts/*.pem | sort -V | tail -n 1)
-      sudo chmod 640 $ssl_dir/certs/yunohost_key.pem
-      sudo chmod 640 $last_cert
-
-      sudo cp $ssl_dir/certs/yunohost_key.pem \
-        /etc/yunohost/certs/yunohost.org/key.pem
-      sudo cp $last_cert \
-        /etc/yunohost/certs/yunohost.org/crt.pem
-      sudo ln -sf /etc/yunohost/certs/yunohost.org/crt.pem \
-        /etc/ssl/certs/yunohost_crt.pem
-      sudo ln -sf /etc/yunohost/certs/yunohost.org/key.pem \
-        /etc/ssl/private/yunohost_key.pem
-  fi
+  # TODO: regenerate certificates if conf changed?
 }
 
 FORCE=$2
@@ -66,6 +80,9 @@ case "$1" in
   post)
     do_post_regen $3
     ;;
+  init)
+    do_init_regen
+    ;;
   *)
     echo "hook called with unknown argument \`$1'" >&2
     exit 1

data/hooks/conf_regen/15-nginx

@@ -2,6 +2,15 @@
 
 set -e
 
+do_init_regen() {
+  if [[ $EUID -ne 0 ]]; then
+    echo "You must be root to run this script" 1>&2
+    exit 1
+  fi
+
+  do_pre_regen ""
+}
+
 do_pre_regen() {
   pending_dir=$1
 
@@ -14,6 +23,13 @@ do_pre_regen() {
   # install plain conf files
   cp plain/* "$nginx_conf_dir"
 
+  # probably run with init: just disable default site, restart NGINX and exit
+  if [[ -z "$pending_dir" ]]; then
+    rm -f "${nginx_dir}/sites-enabled/default"
+    service nginx restart
+    exit 0
+  fi
+
   # retrieve variables
   main_domain=$(cat /etc/yunohost/current_host)
   domain_list=$(sudo yunohost domain list --output-as plain --quiet)
@@ -72,6 +88,9 @@ case "$1" in
   post)
     do_post_regen $3
     ;;
+  init)
+    do_init_regen
+    ;;
   *)
     echo "hook called with unknown argument \`$1'" >&2
     exit 1

debian/postinst

@@ -6,10 +6,9 @@ do_configure() {
   rm -rf /var/cache/moulinette/*
 
   if [ ! -f /etc/yunohost/installed ]; then
-      bash /usr/share/yunohost/hooks/conf_regen/01-yunohost True
-      bash /usr/share/yunohost/hooks/conf_regen/02-ssl True
-      bash /usr/share/yunohost/hooks/conf_regen/06-slapd True
-      bash /usr/share/yunohost/hooks/conf_regen/15-nginx True
+      bash /usr/share/yunohost/hooks/conf_regen/01-yunohost init
+      bash /usr/share/yunohost/hooks/conf_regen/02-ssl init
+      bash /usr/share/yunohost/hooks/conf_regen/15-nginx init
   else
       echo "Regenerating configuration, this might take a while..."
       yunohost service regenconf

src/yunohost/tools.py

@@ -177,6 +177,9 @@ def tools_postinstall(domain, password, ignore_dyndns=False):
     else:
         raise MoulinetteError(errno.EPERM, m18n.n('yunohost_already_installed'))
 
+    # Regenerate some services at first
+    service_regen_conf(['slapd'], force=True)
+
     if len(domain.split('.')) >= 3 and not ignore_dyndns:
         try:
             r = requests.get('https://dyndns.yunohost.org/domains')
@@ -503,4 +506,4 @@ def tools_diagnosis(auth, private=False):
         # Domains
         diagnosis['private']['domains'] = domain_list(auth)['domains']
 
-    return diagnosis
+    return diagnosis