diff --git a/data/hooks/conf_regen/01-yunohost b/data/hooks/conf_regen/01-yunohost index 6ac61d07a..9da2d91ca 100755 --- a/data/hooks/conf_regen/01-yunohost +++ b/data/hooks/conf_regen/01-yunohost @@ -27,6 +27,29 @@ do_init_regen() { # allow users to access /media directory [[ -d /etc/skel/media ]] \ || (mkdir -p /media && ln -s /media /etc/skel/media) + + # Cert folders + mkdir -p /etc/yunohost/certs + chown -R root:ssl-cert /etc/yunohost/certs + chmod 750 /etc/yunohost/certs + + # App folders + mkdir -p /etc/yunohost/apps + chmod 700 /etc/yunohost/apps + mkdir -p /home/yunohost.app + chmod 755 /home/yunohost.app + + # Backup folders + mkdir -p /home/yunohost.backup/archives + chmod 750 /home/yunohost.backup/archives + chown root:root /home/yunohost.backup/archives # This is later changed to admin:root once admin user exists + + # Empty ssowat json persistent conf + echo "{}" > '/etc/ssowat/conf.json.persistent' + chmod 644 /etc/ssowat/conf.json.persistent + chown root:root /etc/ssowat/conf.json.persistent + + mkdir -p /var/cache/yunohost/repo } do_pre_regen() { @@ -67,7 +90,7 @@ EOF # (this make sure that the hash is null / file is flagged as to-delete) mkdir -p $pending_dir/etc/etckeeper touch $pending_dir/etc/etckeeper/etckeeper.conf - + # Skip ntp if inside a container (inspired from the conf of systemd-timesyncd) mkdir -p ${pending_dir}/etc/systemd/system/ntp.service.d/ echo " @@ -75,7 +98,7 @@ EOF ConditionCapability=CAP_SYS_TIME ConditionVirtualization=!container " > ${pending_dir}/etc/systemd/system/ntp.service.d/ynh-override.conf - + # Make nftable conflict with yunohost-firewall mkdir -p ${pending_dir}/etc/systemd/system/nftables.service.d/ cat > ${pending_dir}/etc/systemd/system/nftables.service.d/ynh-override.conf << EOF @@ -94,6 +117,8 @@ do_post_regen() { # Enfore permissions # ###################### + chown admin:root /home/yunohost.backup/archives + # Certs # We do this with find because there could be a lot of them... chown -R root:ssl-cert /etc/yunohost/certs diff --git a/src/yunohost/tools.py b/src/yunohost/tools.py index d3fa5a7c5..a8ff34cc5 100644 --- a/src/yunohost/tools.py +++ b/src/yunohost/tools.py @@ -33,7 +33,7 @@ from importlib import import_module from moulinette import msignals, m18n from moulinette.utils.log import getActionLogger from moulinette.utils.process import check_output, call_async_output -from moulinette.utils.filesystem import write_to_json, read_yaml, write_to_yaml +from moulinette.utils.filesystem import read_yaml, write_to_yaml from yunohost.app import _update_apps_catalog, app_info, app_upgrade, _initialize_apps_catalog_system from yunohost.domain import domain_add @@ -306,27 +306,6 @@ def tools_postinstall(operation_logger, domain, password, ignore_dyndns=False, # TODO: Improve this part by integrate ldapinit into conf_regen hook tools_ldapinit() - # Create required folders - folders_to_create = [ - '/etc/yunohost/apps', - '/etc/yunohost/certs', - '/var/cache/yunohost/repo', - '/home/yunohost.backup', - '/home/yunohost.app' - ] - - for folder in [x for x in folders_to_create if not os.path.exists(x)]: - os.makedirs(folder) - - # Change folders permissions - os.system('chmod 755 /home/yunohost.app') - - # Init ssowat's conf.json.persistent - if not os.path.exists('/etc/ssowat/conf.json.persistent'): - write_to_json('/etc/ssowat/conf.json.persistent', {}) - - os.system('chmod 644 /etc/ssowat/conf.json.persistent') - # New domain config domain_add(domain, dyndns) domain_main_domain(domain) @@ -348,12 +327,6 @@ def tools_postinstall(operation_logger, domain, password, ignore_dyndns=False, except Exception as e: logger.warning(str(e)) - # Create the archive directory (makes it easier for people to upload backup - # archives, otherwise it's only created after running `yunohost backup - # create` once. - from yunohost.backup import _create_archive_dir - _create_archive_dir() - # Init migrations (skip them, no need to run them on a fresh system) _skip_all_migrations()