#!/bin/bash
YNH_APP_BASEDIR=${YNH_APP_BASEDIR:-$(realpath ..)}
# Handle script crashes / failures
#
# [internal]
#
ynh_exit_properly() {
local exit_code=$?
if [[ "${YNH_APP_ACTION:-}" =~ ^install$|^upgrade$|^restore$ ]]
then
rm -rf "/var/cache/yunohost/download/"
fi
if [ "$exit_code" -eq 0 ]; then
exit 0 # Exit without error if the script ended correctly
fi
trap '' EXIT # Ignore new exit signals
# Do not exit anymore if a command fail or if a variable is empty
set +o errexit # set +e
set +o nounset # set +u
# Small tempo to avoid the next message being mixed up with other DEBUG messages
sleep 0.5
# Exit with error status
# We don't call ynh_die basically to avoid unecessary 10-ish
# debug lines about parsing args and stuff just to exit 1..
exit 1
}
# Exits if an error occurs during the execution of the script.
#
# [packagingv1]
#
# usage: ynh_abort_if_errors
#
# This configure the rest of the script execution such that, if an error occurs
# or if an empty variable is used, the execution of the script stops immediately
ynh_abort_if_errors() {
set -o errexit # set -e; Exit if a command fail
set -o nounset # set -u; And if a variable is used unset
trap ynh_exit_properly EXIT # Capturing exit signals on shell script
}
# When running an app script, auto-enable ynh_abort_if_errors except for remove script
if [[ "${YNH_CONTEXT:-}" != "regenconf" ]] && [[ "${YNH_APP_ACTION}" != "remove" ]]
then
ynh_abort_if_errors
fi
# Execute a command after sudoing as $app
#
# Note that the $PATH variable is preserved (using --preserve-env=PATH)
#
# usage: ynh_exec_as_app COMMAND [ARG ...]
ynh_exec_as_app() {
sudo --preserve-env=PATH -u "$app" "$@"
}
# Curl abstraction to help with POST requests to local pages (such as installation forms)
#
# usage: ynh_local_curl "page_uri" "key1=value1" "key2=value2" ...
# | arg: page_uri - Path (relative to `$path`) of the page where POST data will be sent
# | arg: key1=value1 - (Optionnal) POST key and corresponding value
# | arg: key2=value2 - (Optionnal) Another POST key and corresponding value
# | arg: ... - (Optionnal) More POST keys and values
#
# example: ynh_local_curl "/install.php?installButton" "foo=$var1" "bar=$var2"
#
# For multiple calls, cookies are persisted between each call for the same app
#
# `$domain` and `$path` should be defined externally (and correspond to the domain.tld and the /path (of the app?))
ynh_local_curl() {
# Define url of page to curl
local local_page=$(ynh_normalize_url_path $1)
local full_path=$path$local_page
if [ "${path}" == "/" ]; then
full_path=$local_page
fi
local full_page_url=https://localhost$full_path
# Concatenate all other arguments with '&' to prepare POST data
local POST_data=""
local arg=""
for arg in "${@:2}"; do
POST_data="${POST_data}${arg}&"
done
if [ -n "$POST_data" ]; then
# Add --data arg and remove the last character, which is an unecessary '&'
POST_data="--data ${POST_data::-1}"
fi
# Wait untils nginx has fully reloaded (avoid curl fail with http2)
sleep 2
local cookiefile=/tmp/ynh-$app-cookie.txt
touch $cookiefile
chown root $cookiefile
chmod 700 $cookiefile
# Temporarily enable visitors if needed...
local visitors_enabled=$(ynh_permission_has_user --permission="main" --user="visitors" && echo yes || echo no)
if [[ $visitors_enabled == "no" ]]; then
ynh_permission_update --permission="main" --add="visitors"
fi
# Curl the URL
curl --silent --show-error --insecure --location --header "Host: $domain" --resolve $domain:443:127.0.0.1 $POST_data "$full_page_url" --cookie-jar $cookiefile --cookie $cookiefile
if [[ $visitors_enabled == "no" ]]; then
ynh_permission_update --permission="main" --remove="visitors"
fi
}
_acceptable_path_to_delete() {
local file=$1
local forbidden_paths=$(ls -d / /* /{var,home,usr}/* /etc/{default,sudoers.d,yunohost,cron*} /etc/yunohost/{apps,domains,hooks.d} /opt/yunohost 2> /dev/null)
# Legacy : A couple apps still have data in /home/$app ...
if [[ -n "${app:-}" ]]
then
forbidden_paths=$(echo "$forbidden_paths" | grep -v "/home/$app")
fi
# Use realpath to normalize the path ..
# i.e convert ///foo//bar//..///baz//// to /foo/baz
file=$(realpath --no-symlinks "$file")
if [ -z "$file" ] || grep -q -x -F "$file" <<< "$forbidden_paths"; then
return 1
else
return 0
fi
}
# Remove a file or a directory, checking beforehand that it's not a disastrous location to rm such as entire /var or /home
#
# usage: ynh_safe_rm path_to_remove
ynh_safe_rm() {
local target="$1"
set +o xtrace # set +x
if [ $# -ge 2 ]; then
ynh_print_warn "/!\ Packager ! You provided more than one argument to ynh_safe_rm but it will be ignored... Use this helper with one argument at time."
fi
if [[ -z "$target" ]]; then
ynh_print_warn "ynh_safe_rm called with empty argument, ignoring."
elif [[ ! -e "$target" ]] && [[ ! -L "$target" ]]; then
ynh_print_info "'$target' wasn't deleted because it doesn't exist."
elif ! _acceptable_path_to_delete "$target"; then
ynh_print_warn "Not deleting '$target' because it is not an acceptable path to delete."
else
rm --recursive "$target"
fi
set -o xtrace # set -x
}
# Read the value of a key in the app's manifest
#
# usage: ynh_read_manifest "key"
# | arg: key - Name of the key to find
# | ret: the value associate to that key
ynh_read_manifest() {
cat $YNH_APP_BASEDIR/manifest.toml | toml_to_json | jq ".$1" --raw-output
}
# Return the app upstream version, deduced from `$YNH_APP_MANIFEST_VERSION` and strippig the `~ynhX` part
#
# usage: ynh_app_upstream_version
# | ret: the version number of the upstream app
#
# For example, if the manifest contains `4.3-2~ynh3` the function will return `4.3-2`
ynh_app_upstream_version() {
echo "${YNH_APP_MANIFEST_VERSION/~ynh*/}"
}
# Return 0 if the "upstream" part of the version changed, or 1 otherwise (ie only the ~ynh suffix changed)
#
# usage: if ynh_app_upstream_version_changed; then ...
ynh_app_upstream_version_changed() {
# "UPGRADE_PACKAGE" means only the ~ynh prefix changed
[[ "$YNH_APP_UPGRADE_TYPE" == "UPGRADE_PACKAGE" ]] && return 1 || return 0
}
# Compare the current package version is strictly lower than another version given as an argument
#
# example: if ynh_app_upgrading_from_version_before 2.3.2~ynh1; then ...
ynh_app_upgrading_from_version_before() {
local version=$1
[[ $version =~ '~ynh' ]] || ynh_die "Invalid argument for version, should include the ~ynhX prefix"
dpkg --compare-versions $YNH_APP_CURRENT_VERSION lt $version
}
# Compare the current package version is lower or equal to another version given as an argument
#
# example: if ynh_app_upgrading_from_version_before_or_equal_to 2.3.2~ynh1; then ...
ynh_app_upgrading_from_version_before_or_equal_to() {
local version=$1
[[ $version =~ '~ynh' ]] || ynh_die "Invalid argument for version, should include the ~ynhX prefix"
dpkg --compare-versions $YNH_APP_CURRENT_VERSION le $version
}
# Apply sane permissions for files installed by ynh_setup_source and ynh_config_add.
#
# [internal]
#
# * Anything below $install_dir is chown $app:$app and chmod o-rwx,g-w
# * The rest is considered as system configuration and chown root, chmod 400
#
_ynh_apply_default_permissions() {
local target=$1
is_in_dir() {
# Returns false if parent is empty
[ -n "$2" ] || return 1
local child=$(realpath "$1" 2>/dev/null)
local parent=$(realpath "$2" 2>/dev/null)
[[ "${child}" =~ ^$parent ]]
}
# App files can have files of their own
if ynh_system_user_exists --username="$app"; then
# If this is a file in $install_dir or $data_dir : it should be owned and read+writable by $app only
if [ -f "$target" ] && (is_in_dir "$target" "${install_dir:-}" || is_in_dir "$target" "${data_dir:-}" || is_in_dir "$target" "/etc/$app")
then
chmod 600 "$target"
chown "$app:$app" "$target"
return
fi
# If this is the install dir (so far this is the only way this helper is called with a directory)
if [ "$target" == "${install_dir:-}" ]
then
# Read the group from the install_dir manifest resource
local group="$(ynh_read_manifest 'resources.install_dir.group' | sed 's/null//g' | sed "s/__APP__/$app/g" | cut -f1 -d:)"
if [[ -z "$group" ]]
then
# We set the group to www-data for webapps that do serve static assets, which therefore need to be readable by nginx ...
# The fact that the app needs this is infered by the existence of an nginx.conf and the presence of "alias" or "root" directive
if grep -q '^\s*alias\s\|^\s*root\s' "$YNH_APP_BASEDIR/conf/nginx.conf" 2>/dev/null;
then
group="www-data"
# Or default to "$app"
else
group="$app"
fi
fi
# Files inside should be owned by $app with rw-r----- (+x for folders or files that already have +x)
# The group needs read/dirtraversal (in particular if it's www-data)
chmod -R u=rwX,g=rX,o=--- "$target"
chown -R "$app:$group" "$target"
return
fi
fi
# Other files are considered system
chmod 400 "$target"
chown root:root "$target"
}
int_to_bool() {
sed -e 's/^1$/True/g' -e 's/^0$/False/g' -e 's/^true$/True/g' -e 's/^false$/False/g'
}
toml_to_json() {
python3 -c 'import toml, json, sys; print(json.dumps(toml.load(sys.stdin)))'
}
# Validate an IP address
#
# usage: ynh_validate_ip --family=family --ip_address=ip_address
# | ret: 0 for valid ip addresses, 1 otherwise
#
# example: ynh_validate_ip 4 111.222.333.444
ynh_validate_ip() {
# ============ Argument parsing =============
local -A args_array=([f]=family= [i]=ip_address=)
local family
local ip_address
ynh_handle_getopts_args "$@"
# ===========================================
[ "$family" == "4" ] || [ "$family" == "6" ] || return 1
# http://stackoverflow.com/questions/319279/how-to-validate-ip-address-in-python#319298
python3 /dev/stdin <<EOF
import socket
import sys
family = { "4" : socket.AF_INET, "6" : socket.AF_INET6 }
try:
socket.inet_pton(family["$family"], "$ip_address")
except socket.error:
sys.exit(1)
sys.exit(0)
EOF
}
# Get the total or free amount of RAM+swap on the system
#
# [packagingv1]
#
# usage: ynh_get_ram [--free|--total]
# | arg: --free - Count free RAM+swap
# | arg: --total - Count total RAM+swap
# | ret: the amount of free ram, in MB (MegaBytes)
ynh_get_ram() {
# ============ Argument parsing =============
local -A args_array=([f]=free [t]=total)
local free
local total
ynh_handle_getopts_args "$@"
free=${free:-0}
total=${total:-0}
# ===========================================
if [ $free -eq $total ]; then
ynh_print_warn "You have to choose --free or --total when using ynh_get_ram"
ram=0
elif [ $free -eq 1 ]; then
local free_ram=$(LC_ALL=C vmstat --stats --unit M | grep "free memory" | awk '{print $1}')
local free_swap=$(LC_ALL=C vmstat --stats --unit M | grep "free swap" | awk '{print $1}')
local free_ram_swap=$((free_ram + free_swap))
local ram=$free_ram_swap
elif [ $total -eq 1 ]; then
local total_ram=$(LC_ALL=C vmstat --stats --unit M | grep "total memory" | awk '{print $1}')
local total_swap=$(LC_ALL=C vmstat --stats --unit M | grep "total swap" | awk '{print $1}')
local total_ram_swap=$((total_ram + total_swap))
local ram=$total_ram_swap
fi
echo $ram
}
# Check if the scripts are being run by the package_check in CI
#
# usage: ynh_in_ci_tests
#
# Return 0 if in CI, 1 otherwise
ynh_in_ci_tests() {
[ "${PACKAGE_CHECK_EXEC:-0}" -eq 1 ]
}
# Retrieve a YunoHost user information
#
# usage: ynh_user_get_info --username=username --key=key
# | arg: --username= - the username to retrieve info from
# | arg: --key= - the key to retrieve
# | ret: the value associate to that key
#
# example: mail=$(ynh_user_get_info --username="toto" --key=mail)
ynh_user_get_info() {
# ============ Argument parsing =============
local -A args_array=([u]=username= [k]=key=)
local username
local key
ynh_handle_getopts_args "$@"
# ===========================================
yunohost user info "$username" --output-as json --quiet | jq -r ".$key"
}
# Get the list of YunoHost users
#
# usage: ynh_user_list
# | ret: one username per line as strings
#
# example: for u in $(ynh_user_list); do ... ; done
ynh_user_list() {
yunohost user list --output-as json --quiet | jq -r ".users | keys[]"
}
# Spawn a Bash shell with the app environment loaded
#
# usage: ynh_spawn_app_shell "appname"
#
# examples:
# ynh_spawn_app_shell "foobar" <<< 'echo "$USER"'
# ynh_spawn_app_shell "foobar" < /tmp/some_script.bash
#
# The spawned shell will have environment variables loaded and environment files sourced
# from the app's service configuration file (defaults to $app.service, overridable by the packager with `service` setting).
# If the app relies on a specific PHP version, then `php` will be aliased that version. The PHP command will also be appended with the `phpflags` settings.
ynh_spawn_app_shell() {
local app=$1
# Force Bash to be used to run this helper
[[ $0 =~ \/?bash$ ]] || ynh_die "Please use Bash as shell"
# Make sure the app is installed
test -d /etc/yunohost/apps/$app || ynh_die "$app is not an installed app ?!"
# Make sure the app has its own user
id -u "$app" &>/dev/null || ynh_die "There is no \"$app\" system user"
# Make sure the app has an install_dir setting
local install_dir=$(ynh_app_setting_get --app=$app --key=install_dir)
[ -n "$install_dir" ] || ynh_die "$app has no install_dir setting (does it use packaging format >=2?)"
# Load the app's service name, or default to $app
local service=$(ynh_app_setting_get --app=$app --key=service)
[ -z "$service" ] && service=$app;
# Export HOME variable
export HOME=$install_dir;
# Load the Environment variables from the app's service
local env_var=$(systemctl show $service.service -p "Environment" --value)
[ -n "$env_var" ] && export $env_var;
# Force `php` to its intended version
# We use `eval`+`export` since `alias` is not propagated to subshells, even with `export`
local phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
local phpflags=$(ynh_app_setting_get --app=$app --key=phpflags)
if [ -n "$phpversion" ]
then
eval "php() { php${phpversion} ${phpflags} \"\$@\"; }"
export -f php
fi
# Source the EnvironmentFiles from the app's service
local env_files=($(systemctl show $service.service -p "EnvironmentFiles" --value))
if [ ${#env_files[*]} -gt 0 ]
then
# set -/+a enables and disables new variables being automatically exported. Needed when using `source`.
set -a
for file in ${env_files[*]}
do
[[ $file = /* ]] && source $file
done
set +a
fi
# Activate the Python environment, if it exists
if [ -f $install_dir/venv/bin/activate ]
then
# set -/+a enables and disables new variables being automatically exported. Needed when using `source`.
set -a
source $install_dir/venv/bin/activate
set +a
fi
# cd into the WorkingDirectory set in the service, or default to the install_dir
local env_dir=$(systemctl show $service.service -p "WorkingDirectory" --value)
[ -z $env_dir ] && env_dir=$install_dir;
cd $env_dir
# Spawn the app shell
su -s /bin/bash $app
}