diff --git a/README.md b/README.md index 6262d00..1f9569e 100755 --- a/README.md +++ b/README.md @@ -1,8 +1,12 @@ + + # LibreQR for YunoHost -[![Integration level](https://dash.yunohost.org/integration/qr.svg)](https://dash.yunohost.org/appci/app/qr) ![](https://ci-apps.yunohost.org/ci/badges/qr.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/qr.maintain.svg) - -[![Install LibreQR with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=qr) +[![Integration level](https://dash.yunohost.org/integration/qr.svg)](https://dash.yunohost.org/appci/app/qr) ![Working status](https://ci-apps.yunohost.org/ci/badges/qr.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/qr.maintain.svg) +[![Install LibreQR with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=qr) *[Lire ce readme en français.](./README_fr.md)* @@ -11,41 +15,32 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in ## Overview -A Web interface for generating QR codes in PHP. +Web interface for generating QR codes -**Shipped version:** 1.3.0 +**Shipped version:** 2.0.0-beta1~ynh1 -## Screenshot +**Demo:** https://qr.antopie.org -![](screenshot.png) +## Screenshots -## Demo +![Screenshot of LibreQR](./doc/screenshots/screenshot.png) -* [Official demo](https://qr.antopie.org) +## Documentation and resources -## Configuration +* Upstream app code repository: +* YunoHost documentation for this app: +* Report a bug: -You can configure this app by editing `/var/www/qr/config.inc.php`. +## Developer info -## YunoHost specific features +Please send your pull request to the [testing branch](https://code.antopie.org/miraty/qr_ynh/src/branch/testing). -### Multi-user support +To try the testing branch, please proceed like that. -* There is no authentication in the app -* The app can be installed multiple time +``` bash +sudo yunohost app install https://code.antopie.org/miraty/qr_ynh/src/branch/testing --debug +or +sudo yunohost app upgrade qr -u https://code.antopie.org/miraty/qr_ynh/src/branch/testing --debug +``` -### Supported architectures - -* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/qr%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/qr/) -* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/qr%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/qr/) - -## Additional information - -The application is called LibreQR, but its technical ID in YunoHost is `qr` for historical reasons. - -## Links - - * Report a bug in this package: - * Report a bug in LibreQR: - * LibreQR repository: - * YunoHost website: +**More info regarding app packaging:** diff --git a/README_fr.md b/README_fr.md index 35377a7..5091d78 100755 --- a/README_fr.md +++ b/README_fr.md @@ -1,51 +1,46 @@ + + # LibreQR pour YunoHost -[![Niveau d'intégration](https://dash.yunohost.org/integration/qr.svg)](https://dash.yunohost.org/appci/app/qr) ![](https://ci-apps.yunohost.org/ci/badges/qr.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/qr.maintain.svg) - -[![Installer LibreQR avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=qr) +[![Niveau d'intégration](https://dash.yunohost.org/integration/qr.svg)](https://dash.yunohost.org/appci/app/qr) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/qr.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/qr.maintain.svg) +[![Installer LibreQR avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=qr) *[Read this readme in english.](./README.md)* > *Ce package vous permet d'installer LibreQR rapidement et simplement sur un serveur YunoHost. -Si vous n'avez pas YunoHost, consultez [le guide](https://yunohost.org/#/install) pour apprendre comment l'installer.* +Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.* ## Vue d'ensemble -Une interface Web pour générer des codes QR en PHP. +Interface Web pour générer des codes QR -**Version incluse :** 1.3.0 +**Version incluse :** 2.0.0-beta1~ynh1 -## Capture d'écran +**Démo :** https://qr.antopie.org -![](screenshot.png) +## Captures d'écran -## Démo +![Capture d'écran de LibreQR](./doc/screenshots/screenshot.png) -* [Démo officielle](https://qr.antopie.org) +## Documentations et ressources -## Configuration +* Dépôt de code officiel de l'app : +* Documentation YunoHost pour cette app : +* Signaler un bug : -Vous pouvez configurer cette application en modifiant `/var/www/qr/config.inc.php`. +## Informations pour les développeurs -## Caractéristiques spécifiques YunoHost +Merci de faire vos pull request sur la [branche testing](https://code.antopie.org/miraty/qr_ynh/src/branch/testing). -### Support multi-utilisateur +Pour essayer la branche testing, procédez comme suit. -* Il n'y a pas d'authentification dans l'application -* L'application peut-être installée plusieurs fois +``` bash +sudo yunohost app install https://code.antopie.org/miraty/qr_ynh/src/branch/testing --debug +ou +sudo yunohost app upgrade qr -u https://code.antopie.org/miraty/qr_ynh/src/branch/testing --debug +``` -### Architectures supportées - -* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/qr%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/qr/) -* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/qr%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/qr/) - -## Informations additionnelles - -L'application s'appelle LibreQR, mais son identifiant technique dans YunoHost est `qr` pour des raisons historiques. - -## Liens - - * Signaler un bug dans ce paquet : - * Signaler un bug dans LibreQR : - * Dépôt de LibreQR : - * Site web de YunoHost : +**Plus d'infos sur le packaging d'applications :** diff --git a/check_process b/check_process new file mode 100644 index 0000000..3dd879e --- /dev/null +++ b/check_process @@ -0,0 +1,15 @@ +;; Default test serie + ; Checks + pkg_linter=1 + setup_sub_dir=1 + setup_root=1 + setup_private=1 + setup_public=1 + upgrade=1 + upgrade=1 from_commit=3b225b6a98f91493bdf3ae593a59cbdd3616106f + backup_restore=1 + multi_instance=1 + change_url=1 +;;; Upgrade options + ; commit=3b225b6a98f91493bdf3ae593a59cbdd3616106f + name=LibreQR 1.3.0 diff --git a/conf/app.src b/conf/app.src index 0920305..4a9a880 100755 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://libreqr.antopie.org/releases/libreqr-1.3.0.tar.gz -SOURCE_SUM=50334a26fcb478914a29cdc5b04a2a21f1428269197befca65c3d234aac0859df75609292ea69b855a8a9e43c8747a2fe38389ae4b7fb29c0613a040a65ab455 +SOURCE_URL=https://code.antopie.org/miraty/libreqr/archive/2.0.0-beta1.tar.gz +SOURCE_SUM=c4f14723dad06c7e5deff794a41fc12ddfd57b3403e5a9ed2696157d57ed12737487bbb1d8c729579611a327642780b35c2886c7a217bb7fcf0e2e47137f9a8c SOURCE_SUM_PRG=sha512sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/conf/nginx.conf b/conf/nginx.conf index 37de41d..1cda048 100755 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -2,31 +2,25 @@ location __PATH__/ { # Path to source - alias __FINALPATH__/ ; + alias __FINALPATH__/; - # Force usage of https - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; - } - -### Example PHP configuration (remove it if not used) index index.php; - # Common parameter to increase upload size limit in conjunction with dedicated php-fpm file - #client_max_body_size 50M; - - try_files $uri $uri/ index.php; - location ~ [^/]\.php(/|$) { - fastcgi_split_path_info ^(.+?\.php)(/.*)$; + # Chrooted PHP-FPM +#sub_path_only location ~ ^__PATH__(?/.*\.php)$ { +#root_path_only location ~ ^(?/.*\.php)$ { + alias /; fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; - fastcgi_index index.php; - include fastcgi_params; - fastcgi_param REMOTE_USER $remote_user; + fastcgi_split_path_info ^(.+?\.php)(/.*)$; fastcgi_param PATH_INFO $fastcgi_path_info; - fastcgi_param SCRIPT_FILENAME $request_filename; + fastcgi_param SCRIPT_FILENAME $chroot_path; + include fastcgi_params; } -### End of PHP configuration part + + # Security related headers + more_set_headers "Referrer-Policy: no-referrer"; + more_set_headers "Content-Security-Policy: default-src 'none'; style-src 'self'; img-src 'self' data:; frame-ancestors 'none'; form-action 'self';"; # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index ab1a471..600477d 100755 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -1,430 +1,23 @@ -; Start a new pool named 'www'. -; the variable $pool can be used in any directive and will be replaced by the -; pool name ('www' here) [__NAMETOCHANGE__] -; Per pool prefix -; It only applies on the following directives: -; - 'access.log' -; - 'slowlog' -; - 'listen' (unixsocket) -; - 'chroot' -; - 'chdir' -; - 'php_values' -; - 'php_admin_values' -; When not set, the global prefix (or /usr) applies instead. -; Note: This directive can also be relative to the global prefix. -; Default Value: none -;prefix = /path/to/pools/$pool - -; Unix user/group of processes -; Note: The user is mandatory. If the group is not set, the default user's group -; will be used. user = __USER__ group = __USER__ -; The address on which to accept FastCGI requests. -; Valid syntaxes are: -; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on -; a specific port; -; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on -; a specific port; -; 'port' - to listen on a TCP socket to all addresses -; (IPv6 and IPv4-mapped) on a specific port; -; '/path/to/unix/socket' - to listen on a unix socket. -; Note: This value is mandatory. listen = /var/run/php/php__PHPVERSION__-fpm-__NAMETOCHANGE__.sock -; Set listen(2) backlog. -; Default Value: 511 (-1 on FreeBSD and OpenBSD) -;listen.backlog = 511 - -; Set permissions for unix socket, if one is used. In Linux, read/write -; permissions must be set in order to allow connections from a web server. Many -; BSD-derived systems allow connections regardless of permissions. -; Default Values: user and group are set as the running user -; mode is set to 0660 listen.owner = www-data listen.group = www-data -;listen.mode = 0660 -; When POSIX Access Control Lists are supported you can set them using -; these options, value is a comma separated list of user/group names. -; When set, listen.owner and listen.group are ignored -;listen.acl_users = -;listen.acl_groups = -; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. -; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original -; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address -; must be separated by a comma. If this value is left blank, connections will be -; accepted from any ip address. -; Default Value: any -;listen.allowed_clients = 127.0.0.1 - -; Specify the nice(2) priority to apply to the pool processes (only if set) -; The value can vary from -19 (highest priority) to 20 (lower priority) -; Note: - It will only work if the FPM master process is launched as root -; - The pool processes will inherit the master process priority -; unless it specified otherwise -; Default Value: no set -; process.priority = -19 - -; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user -; or group is differrent than the master process user. It allows to create process -; core dump and ptrace the process for the pool user. -; Default Value: no -; process.dumpable = yes - -; Choose how the process manager will control the number of child processes. -; Possible Values: -; static - a fixed number (pm.max_children) of child processes; -; dynamic - the number of child processes are set dynamically based on the -; following directives. With this process management, there will be -; always at least 1 children. -; pm.max_children - the maximum number of children that can -; be alive at the same time. -; pm.start_servers - the number of children created on startup. -; pm.min_spare_servers - the minimum number of children in 'idle' -; state (waiting to process). If the number -; of 'idle' processes is less than this -; number then some children will be created. -; pm.max_spare_servers - the maximum number of children in 'idle' -; state (waiting to process). If the number -; of 'idle' processes is greater than this -; number then some children will be killed. -; ondemand - no children are created at startup. Children will be forked when -; new requests will connect. The following parameter are used: -; pm.max_children - the maximum number of children that -; can be alive at the same time. -; pm.process_idle_timeout - The number of seconds after which -; an idle process will be killed. -; Note: This value is mandatory. pm = dynamic - -; The number of child processes to be created when pm is set to 'static' and the -; maximum number of child processes when pm is set to 'dynamic' or 'ondemand'. -; This value sets the limit on the number of simultaneous requests that will be -; served. Equivalent to the ApacheMaxClients directive with mpm_prefork. -; Equivalent to the PHP_FCGI_CHILDREN environment variable in the original PHP -; CGI. The below defaults are based on a server without much resources. Don't -; forget to tweak pm.* to fit your needs. -; Note: Used when pm is set to 'static', 'dynamic' or 'ondemand' -; Note: This value is mandatory. pm.max_children = 5 - -; The number of child processes created on startup. -; Note: Used only when pm is set to 'dynamic' -; Default Value: min_spare_servers + (max_spare_servers - min_spare_servers) / 2 pm.start_servers = 2 - -; The desired minimum number of idle server processes. -; Note: Used only when pm is set to 'dynamic' -; Note: Mandatory when pm is set to 'dynamic' pm.min_spare_servers = 1 - -; The desired maximum number of idle server processes. -; Note: Used only when pm is set to 'dynamic' -; Note: Mandatory when pm is set to 'dynamic' pm.max_spare_servers = 3 -; The number of seconds after which an idle process will be killed. -; Note: Used only when pm is set to 'ondemand' -; Default Value: 10s -;pm.process_idle_timeout = 10s; - -; The number of requests each child process should execute before respawning. -; This can be useful to work around memory leaks in 3rd party libraries. For -; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. -; Default Value: 0 -;pm.max_requests = 500 - -; The URI to view the FPM status page. If this value is not set, no URI will be -; recognized as a status page. It shows the following informations: -; pool - the name of the pool; -; process manager - static, dynamic or ondemand; -; start time - the date and time FPM has started; -; start since - number of seconds since FPM has started; -; accepted conn - the number of request accepted by the pool; -; listen queue - the number of request in the queue of pending -; connections (see backlog in listen(2)); -; max listen queue - the maximum number of requests in the queue -; of pending connections since FPM has started; -; listen queue len - the size of the socket queue of pending connections; -; idle processes - the number of idle processes; -; active processes - the number of active processes; -; total processes - the number of idle + active processes; -; max active processes - the maximum number of active processes since FPM -; has started; -; max children reached - number of times, the process limit has been reached, -; when pm tries to start more children (works only for -; pm 'dynamic' and 'ondemand'); -; Value are updated in real time. -; Example output: -; pool: www -; process manager: static -; start time: 01/Jul/2011:17:53:49 +0200 -; start since: 62636 -; accepted conn: 190460 -; listen queue: 0 -; max listen queue: 1 -; listen queue len: 42 -; idle processes: 4 -; active processes: 11 -; total processes: 15 -; max active processes: 12 -; max children reached: 0 -; -; By default the status page output is formatted as text/plain. Passing either -; 'html', 'xml' or 'json' in the query string will return the corresponding -; output syntax. Example: -; http://www.foo.bar/status -; http://www.foo.bar/status?json -; http://www.foo.bar/status?html -; http://www.foo.bar/status?xml -; -; By default the status page only outputs short status. Passing 'full' in the -; query string will also return status for each pool process. -; Example: -; http://www.foo.bar/status?full -; http://www.foo.bar/status?json&full -; http://www.foo.bar/status?html&full -; http://www.foo.bar/status?xml&full -; The Full status returns for each process: -; pid - the PID of the process; -; state - the state of the process (Idle, Running, ...); -; start time - the date and time the process has started; -; start since - the number of seconds since the process has started; -; requests - the number of requests the process has served; -; request duration - the duration in µs of the requests; -; request method - the request method (GET, POST, ...); -; request URI - the request URI with the query string; -; content length - the content length of the request (only with POST); -; user - the user (PHP_AUTH_USER) (or '-' if not set); -; script - the main script called (or '-' if not set); -; last request cpu - the %cpu the last request consumed -; it's always 0 if the process is not in Idle state -; because CPU calculation is done when the request -; processing has terminated; -; last request memory - the max amount of memory the last request consumed -; it's always 0 if the process is not in Idle state -; because memory calculation is done when the request -; processing has terminated; -; If the process is in Idle state, then informations are related to the -; last request the process has served. Otherwise informations are related to -; the current request being served. -; Example output: -; ************************ -; pid: 31330 -; state: Running -; start time: 01/Jul/2011:17:53:49 +0200 -; start since: 63087 -; requests: 12808 -; request duration: 1250261 -; request method: GET -; request URI: /test_mem.php?N=10000 -; content length: 0 -; user: - -; script: /home/fat/web/docs/php/test_mem.php -; last request cpu: 0.00 -; last request memory: 0 -; -; Note: There is a real-time FPM status monitoring sample web page available -; It's available in: /usr/share/php/7.0/fpm/status.html -; -; Note: The value must start with a leading slash (/). The value can be -; anything, but it may not be a good idea to use the .php extension or it -; may conflict with a real PHP file. -; Default Value: not set -;pm.status_path = /status - -; The ping URI to call the monitoring page of FPM. If this value is not set, no -; URI will be recognized as a ping page. This could be used to test from outside -; that FPM is alive and responding, or to -; - create a graph of FPM availability (rrd or such); -; - remove a server from a group if it is not responding (load balancing); -; - trigger alerts for the operating team (24/7). -; Note: The value must start with a leading slash (/). The value can be -; anything, but it may not be a good idea to use the .php extension or it -; may conflict with a real PHP file. -; Default Value: not set -;ping.path = /ping - -; This directive may be used to customize the response of a ping request. The -; response is formatted as text/plain with a 200 response code. -; Default Value: pong -;ping.response = pong - -; The access log file -; Default: not set -;access.log = log/$pool.access.log - -; The access log format. -; The following syntax is allowed -; %%: the '%' character -; %C: %CPU used by the request -; it can accept the following format: -; - %{user}C for user CPU only -; - %{system}C for system CPU only -; - %{total}C for user + system CPU (default) -; %d: time taken to serve the request -; it can accept the following format: -; - %{seconds}d (default) -; - %{miliseconds}d -; - %{mili}d -; - %{microseconds}d -; - %{micro}d -; %e: an environment variable (same as $_ENV or $_SERVER) -; it must be associated with embraces to specify the name of the env -; variable. Some exemples: -; - server specifics like: %{REQUEST_METHOD}e or %{SERVER_PROTOCOL}e -; - HTTP headers like: %{HTTP_HOST}e or %{HTTP_USER_AGENT}e -; %f: script filename -; %l: content-length of the request (for POST request only) -; %m: request method -; %M: peak of memory allocated by PHP -; it can accept the following format: -; - %{bytes}M (default) -; - %{kilobytes}M -; - %{kilo}M -; - %{megabytes}M -; - %{mega}M -; %n: pool name -; %o: output header -; it must be associated with embraces to specify the name of the header: -; - %{Content-Type}o -; - %{X-Powered-By}o -; - %{Transfert-Encoding}o -; - .... -; %p: PID of the child that serviced the request -; %P: PID of the parent of the child that serviced the request -; %q: the query string -; %Q: the '?' character if query string exists -; %r: the request URI (without the query string, see %q and %Q) -; %R: remote IP address -; %s: status (response code) -; %t: server time the request was received -; it can accept a strftime(3) format: -; %d/%b/%Y:%H:%M:%S %z (default) -; The strftime(3) format must be encapsuled in a %{}t tag -; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t -; %T: time the log has been written (the request has finished) -; it can accept a strftime(3) format: -; %d/%b/%Y:%H:%M:%S %z (default) -; The strftime(3) format must be encapsuled in a %{}t tag -; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t -; %u: remote user -; -; Default: "%R - %u %t \"%m %r\" %s" -;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" - -; The log file for slow requests -; Default Value: not set -; Note: slowlog is mandatory if request_slowlog_timeout is set -;slowlog = log/$pool.log.slow - -; The timeout for serving a single request after which a PHP backtrace will be -; dumped to the 'slowlog' file. A value of '0s' means 'off'. -; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) -; Default Value: 0 -;request_slowlog_timeout = 0 - -; The timeout for serving a single request after which the worker process will -; be killed. This option should be used when the 'max_execution_time' ini option -; does not stop script execution for some reason. A value of '0' means 'off'. -; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) -; Default Value: 0 request_terminate_timeout = 1d -; Set open file descriptor rlimit. -; Default Value: system defined value -;rlimit_files = 1024 +chroot = __FINALPATH__ +chdir = / -; Set max core size rlimit. -; Possible Values: 'unlimited' or an integer greater or equal to 0 -; Default Value: system defined value -;rlimit_core = 0 - -; Chroot to this directory at the start. This value must be defined as an -; absolute path. When this value is not set, chroot is not used. -; Note: you can prefix with '$prefix' to chroot to the pool prefix or one -; of its subdirectories. If the pool prefix is not set, the global prefix -; will be used instead. -; Note: chrooting is a great security feature and should be used whenever -; possible. However, all PHP paths will be relative to the chroot -; (error_log, sessions.save_path, ...). -; Default Value: not set -;chroot = - -; Chdir to this directory at the start. -; Note: relative path can be used. -; Default Value: current directory or / when chroot -chdir = __FINALPATH__ - -; Redirect worker stdout and stderr into main error log. If not set, stdout and -; stderr will be redirected to /dev/null according to FastCGI specs. -; Note: on highloaded environement, this can cause some delay in the page -; process time (several ms). -; Default Value: no -;catch_workers_output = yes - -; Clear environment in FPM workers -; Prevents arbitrary environment variables from reaching FPM worker processes -; by clearing the environment in workers before env vars specified in this -; pool configuration are added. -; Setting to "no" will make all environment variables available to PHP code -; via getenv(), $_ENV and $_SERVER. -; Default Value: yes -;clear_env = no - -; Limits the extensions of the main script FPM will allow to parse. This can -; prevent configuration mistakes on the web server side. You should only limit -; FPM to .php extensions to prevent malicious users to use other extensions to -; execute php code. -; Note: set an empty value to allow all extensions. -; Default Value: .php -;security.limit_extensions = .php .php3 .php4 .php5 .php7 - -; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from -; the current environment. -; Default Value: clean env -;env[HOSTNAME] = $HOSTNAME -;env[PATH] = /usr/local/bin:/usr/bin:/bin -;env[TMP] = /tmp -;env[TMPDIR] = /tmp -;env[TEMP] = /tmp - -; Additional php.ini defines, specific to this pool of workers. These settings -; overwrite the values previously defined in the php.ini. The directives are the -; same as the PHP SAPI: -; php_value/php_flag - you can set classic ini defines which can -; be overwritten from PHP call 'ini_set'. -; php_admin_value/php_admin_flag - these directives won't be overwritten by -; PHP call 'ini_set' -; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. - -; Defining 'extension' will load the corresponding shared extension from -; extension_dir. Defining 'disable_functions' or 'disable_classes' will not -; overwrite previously defined php.ini values, but will append the new value -; instead. - -; Note: path INI options can be relative and will be expanded with the prefix -; (pool, global or /usr) - -; Default Value: nothing is defined by default except the values in php.ini and -; specified at startup with the -d argument -;php_admin_value[sendmail_path] = /usr/sbin/sendmail -t -i -f www@my.domain.com -;php_flag[display_errors] = off -;php_admin_value[error_log] = /var/log/fpm-php.www.log -;php_admin_flag[log_errors] = on -;php_admin_value[memory_limit] = 32M - -; Common values to change to increase file upload limit -; php_admin_value[upload_max_filesize] = 50M -; php_admin_value[post_max_size] = 50M -; php_admin_flag[mail.add_x_header] = Off - -; Other common parameters -; php_admin_value[max_execution_time] = 600 -; php_admin_value[max_input_time] = 300 -; php_admin_value[memory_limit] = 256M -; php_admin_flag[short_open_tag] = On +clear_env = yes +security.limit_extensions = .php diff --git a/screenshot.png b/doc/screenshots/screenshot.png similarity index 100% rename from screenshot.png rename to doc/screenshots/screenshot.png diff --git a/manifest.json b/manifest.json index 21178f9..9f669c4 100755 --- a/manifest.json +++ b/manifest.json @@ -6,8 +6,13 @@ "en": "Web interface for generating QR codes", "fr": "Interface Web pour générer des codes QR" }, - "version": "1.3.0~ynh1", + "version": "2.0.0-beta1~ynh1", "url": "https://code.antopie.org/miraty/libreqr", + "upstream": { + "license": "AGPL-3.0-or-later", + "demo": "https://qr.antopie.org", + "code": "https://code.antopie.org/miraty/libreqr" + }, "license": "AGPL-3.0-or-later", "maintainer": { "name": "Miraty", @@ -15,7 +20,7 @@ "url": "https://miraty.antopie.org" }, "requirements": { - "yunohost": ">= 4.0" + "yunohost": ">= 4.3" }, "multi_instance": true, "services": [ @@ -26,29 +31,20 @@ "install" : [ { "name": "domain", - "type": "domain", - "ask": { - "en": "Choose a domain name for LibreQR", - "fr": "Choisissez un nom de domaine pour LibreQR" - }, - "example": "qr.domain.tld" + "type": "domain" }, { "name": "path", "type": "path", - "ask": { - "en": "Choose a path for LibreQR", - "fr": "Choisissez un chemin pour LibreQR" - }, "example": "/qr", - "default": "/qr" + "default": "/" }, { "name": "is_public", "type": "boolean", - "ask": { - "en": "Is it a public application?", - "fr": "Est-ce une application publique ?" + "help": { + "en": "If enabled, the application can be used without authentifying with a YunoHost account.", + "fr": "Si activé, l'application pourra être utilisée sans s'authentifier avec un compte YunoHost." }, "default": true } diff --git a/scripts/_common.sh b/scripts/_common.sh old mode 100755 new mode 100644 index eea5970..42f9bb1 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,20 +1,12 @@ -#!/bin/bash - -#================================================= -# COMMON VARIABLES -#================================================= - -# dependencies used by the app -#pkg_dependencies="deb1 deb2" - -#================================================= -# PERSONAL HELPERS -#================================================= - -#================================================= -# EXPERIMENTAL HELPERS -#================================================= - -#================================================= -# FUTURE OFFICIAL HELPERS -#================================================= +libreqr_apply_filesystem_permissions() { + find "$final_path" -type f -exec chmod 400 "{}" + + find "$final_path" -type f -exec chown www-data:www-data "{}" + + find "$final_path" -type d -exec chmod 110 "{}" + + find "$final_path" -type d -exec chown $app:www-data "{}" + + find "$final_path" -type f -name "*.php" -exec chmod 400 "{}" + + find "$final_path" -type f -name "*.php" -exec chown $app:$app "{}" + + find "$final_path" -type f -name "*.less" -or -name "*.css" -exec chmod 440 "{}" + + find "$final_path" -type f -name "*.less" -or -name "*.css" -exec chown $app:www-data "{}" + + chmod 350 "$final_path"/css + chown $app:www-data "$final_path"/css +} diff --git a/scripts/backup b/scripts/backup index 6bcde3e..e30872a 100755 --- a/scripts/backup +++ b/scripts/backup @@ -1,62 +1,17 @@ #!/bin/bash - -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - -#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts -source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - ### Remove this function if there's nothing to clean before calling the remove script. - true -} -# Exit if an error occurs during the execution of the script ynh_abort_if_errors -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." - +ynh_print_info --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME - final_path=$(ynh_app_setting_get --app=$app --key=final_path) domain=$(ynh_app_setting_get --app=$app --key=domain) -#db_name=$(ynh_app_setting_get --app=$app --key=db_name) - -#================================================= -# STANDARD BACKUP STEPS -#================================================= -# BACKUP THE APP MAIN DIR -#================================================= -ynh_script_progression --message="Backing up the main app directory..." +phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) +ynh_print_info --message="Declaring files to be backed up..." ynh_backup --src_path="$final_path" - -#================================================= -# BACKUP THE NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Backing up nginx web server configuration..." - ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" -#================================================= -# BACKUP THE PHP-FPM CONFIGURATION -#================================================= -ynh_script_progression --message="Backing up php-fpm configuration..." - -ynh_backup --src_path="/etc/php/7.3/fpm/pool.d/$app.conf" - -#================================================= -# END OF SCRIPT -#================================================= - -ynh_script_progression --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." --last +ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." diff --git a/scripts/change_url b/scripts/change_url index eeee689..01a284d 100755 --- a/scripts/change_url +++ b/scripts/change_url @@ -1,96 +1,52 @@ #!/bin/bash - -#================================================= -# GENERIC STARTING -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - -source _common.sh source /usr/share/yunohost/helpers -#================================================= -# RETRIEVE ARGUMENTS -#================================================= - old_domain=$YNH_APP_OLD_DOMAIN old_path=$YNH_APP_OLD_PATH - new_domain=$YNH_APP_NEW_DOMAIN new_path=$YNH_APP_NEW_PATH - app=$YNH_APP_INSTANCE_NAME +nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf -#================================================= -# LOAD SETTINGS -#================================================= ynh_script_progression --message="Loading installation settings..." - -# Needed for helper "ynh_add_nginx_config" final_path=$(ynh_app_setting_get --app=$app --key=final_path) -# Add settings here as needed by your application -#db_name=$(ynh_app_setting_get --app=$app --key=db_name) -#db_user=$db_name -#db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd) - -#================================================= -# CHECK WHICH PARTS SHOULD BE CHANGED -#================================================= - -change_domain=0 -if [ "$old_domain" != "$new_domain" ] -then - change_domain=1 -fi +ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." +ynh_backup_before_upgrade +ynh_clean_setup () { + ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" + ynh_restore_upgradebackup +} +ynh_abort_if_errors +ynh_script_progression --message="Updating NGINX web server configuration..." +# Change the path if needed change_path=0 if [ "$old_path" != "$new_path" ] then change_path=1 fi - -#================================================= -# STANDARD MODIFICATIONS -#================================================= -#================================================= -# MODIFY URL IN NGINX CONF -#================================================= -ynh_script_progression --message="Updating nginx web server configuration..." - -nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf - -# Change the path in the nginx config file if [ $change_path -eq 1 ] then - # Make a backup of the original nginx config file if modified ynh_backup_if_checksum_is_different --file="$nginx_conf_path" - # Set global variables for nginx helper domain="$old_domain" path_url="$new_path" - # Create a dedicated nginx config ynh_add_nginx_config fi - -# Change the domain for nginx +# Change the domain if needed +change_domain=0 +if [ "$old_domain" != "$new_domain" ] +then + change_domain=1 +fi if [ $change_domain -eq 1 ] then - # Delete file checksum for the old conf file location ynh_delete_file_checksum --file="$nginx_conf_path" mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf - # Store file checksum for the new config file location ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" fi -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading nginx web server..." - +ynh_script_progression --message="Reloading NGINX web server..." ynh_systemd_action --service_name=nginx --action=reload -#================================================= -# END OF SCRIPT -#================================================= - -ynh_script_progression --message="Change of URL completed for $app" --time --last +ynh_script_progression --message="Change of URL completed for $app" --last diff --git a/scripts/install b/scripts/install index b5800e5..e56f14e 100755 --- a/scripts/install +++ b/scripts/install @@ -1,168 +1,41 @@ #!/bin/bash - -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - source _common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - ### Remove this function if there's nothing to clean before calling the remove script. - true -} -# Exit if an error occurs during the execution of the script ynh_abort_if_errors -#================================================= -# RETRIEVE ARGUMENTS FROM THE MANIFEST -#================================================= - domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH is_public=$YNH_APP_ARG_IS_PUBLIC - -### If it's a multi-instance app, meaning it can be installed several times independently -### The id of the app as stated in the manifest is available as $YNH_APP_ID -### The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2", ...) -### The app instance name is available as $YNH_APP_INSTANCE_NAME -### - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample -### - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2 -### - ynhexample__{N} for the subsequent installations, with N=3,4, ... -### The app instance name is probably what interests you most, since this is -### guaranteed to be unique. This is a good unique identifier to define installation path, -### db names, ... app=$YNH_APP_INSTANCE_NAME -#================================================= -# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS -#================================================= -### About --weight and --time -### ynh_script_progression will show to your final users the progression of each scripts. -### In order to do that, --weight will represent the relative time of execution compared to the other steps in the script. -### --time is a packager option, it will show you the execution time since the previous call. -### This option should be removed before releasing your app. -### Use the execution time, given by --time, to estimate the weight of a step. -### A common way to do it is to set a weight equal to the execution time in second +1. -### The execution time is given for the duration since the previous call. So the weight should be applied to this previous call. ynh_script_progression --message="Validating installation parameters..." - -### If the app uses nginx as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app". -### If the app provides an internal web server (or uses another application server such as uwsgi), the final path should be "/opt/yunohost/$app" final_path=/var/www/$app test ! -e "$final_path" || ynh_die --message="This path already contains a folder" - -# Register (book) web path ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url -#================================================= -# STORE SETTINGS FROM MANIFEST -#================================================= ynh_script_progression --message="Storing installation settings..." - ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url -ynh_app_setting_set --app=$app --key=is_public --value=$is_public ynh_app_setting_set --app=$app --key=final_path --value=$final_path -#================================================= -# STANDARD MODIFICATIONS -#================================================= -#================================================= -# DOWNLOAD, CHECK AND UNPACK SOURCE -#================================================= +ynh_script_progression --message="Configuring system user..." +ynh_system_user_create --username=$app --home_dir="$final_path" + ynh_script_progression --message="Setting up source files..." - -### `ynh_setup_source` is used to install an app from a zip or tar.gz file, -### downloaded from an upstream source, like a git repository. -### `ynh_setup_source` use the file conf/app.src - -# Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" +libreqr_apply_filesystem_permissions -#================================================= -# NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Configuring nginx web server..." - -### `ynh_add_nginx_config` will use the file conf/nginx.conf - -# Create a dedicated nginx config +ynh_script_progression --message="Configuring NGINX web server..." ynh_add_nginx_config -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." - -# Create a system user -ynh_system_user_create --username=$app - -#================================================= -# PHP-FPM CONFIGURATION -#================================================= -ynh_script_progression "Configuring php-fpm..." - -### `ynh_add_fpm_config` is used to set up a PHP config. -### You can remove it if your app doesn't use PHP. -### `ynh_add_fpm_config` will use the files conf/php-fpm.conf and conf/php-fpm.ini -### If you're not using these lines: -### - You can remove these files in conf/. -### - Remove the section "BACKUP THE PHP-FPM CONFIGURATION" in the backup script -### - Remove also the section "REMOVE PHP-FPM CONFIGURATION" in the remove script -### - As well as the section "RESTORE THE PHP-FPM CONFIGURATION" in the restore script -### With the reload at the end of the script. -### - And the section "PHP-FPM CONFIGURATION" in the upgrade script - -# Create a dedicated php-fpm config +ynh_script_progression --message="Configuring PHP-FPM..." ynh_add_fpm_config -#================================================= -# GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= - -### For security reason, any app should set the permissions to root: before anything else. -### Then, if write authorization is needed, any access should be given only to directories -### that really need such authorization. - -# Set permissions to app files -chown -R root: $final_path -find $final_path -type f | xargs chmod 644 -find $final_path -type d | xargs chmod 755 - -# For temp subdir, the user must have write permissions -mkdir -p $final_path/temp -chown -R $app:root $final_path/temp -chmod 711 $final_path/temp - -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Configuring SSOwat..." - -# Make app public if necessary +ynh_script_progression --message="Configuring permissions..." if [ $is_public -eq 1 ] then - ynh_permission_update --permission "main" --add visitors + ynh_permission_update --permission="main" --add="visitors" fi -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading nginx web server..." - -ynh_systemd_action --service_name=nginx --action=reload - -#================================================= -# END OF SCRIPT -#================================================= - ynh_script_progression --message="Installation of $app completed" --last diff --git a/scripts/remove b/scripts/remove index ee40376..0322438 100755 --- a/scripts/remove +++ b/scripts/remove @@ -1,66 +1,22 @@ #!/bin/bash - -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - -source _common.sh source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= ynh_script_progression --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME - domain=$(ynh_app_setting_get --app=$app --key=domain) -#port=$(ynh_app_setting_get --app=$app --key=port) final_path=$(ynh_app_setting_get --app=$app --key=final_path) -#================================================= -# STANDARD REMOVE -#================================================= -#================================================= -# REMOVE APP MAIN DIR -#================================================= ynh_script_progression --message="Removing app main directory..." - -# Remove the app directory securely ynh_secure_remove --file="$final_path" -#================================================= -# REMOVE NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Removing nginx web server configuration..." - -# Remove the dedicated nginx config +ynh_script_progression --message="Removing NGINX web server configuration..." ynh_remove_nginx_config -#================================================= -# REMOVE PHP-FPM CONFIGURATION -#================================================= -ynh_script_progression --message="Removing php-fpm configuration..." - -# Remove the dedicated php-fpm config +ynh_script_progression --message="Removing PHP-FPM configuration..." ynh_remove_fpm_config -ynh_systemd_action --action=restart --service_name=php7.3-fpm - -#================================================= -# GENERIC FINALIZATION -#================================================= -# REMOVE DEDICATED USER -#================================================= ynh_script_progression --message="Removing the dedicated system user..." - -# Delete a system user ynh_system_user_delete --username=$app -#================================================= -# END OF SCRIPT -#================================================= - ynh_script_progression --message="Removal of $app completed" --last diff --git a/scripts/restore b/scripts/restore index c440d16..2f94f48 100755 --- a/scripts/restore +++ b/scripts/restore @@ -1,106 +1,29 @@ #!/bin/bash - -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - -#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - #### Remove this function if there's nothing to clean before calling the remove script. - true -} -# Exit if an error occurs during the execution of the script ynh_abort_if_errors -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading settings..." - +ynh_script_progression --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME - domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) +phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) -#================================================= -# CHECK IF THE APP CAN BE RESTORED -#================================================= -ynh_script_progression --message="Validating restoration parameters..." - -ynh_webpath_available --domain=$domain --path_url=$path_url \ - || ynh_die --message="Path not available: ${domain}${path_url}" -test ! -d $final_path \ - || ynh_die --message="There is already a directory: $final_path " - -#================================================= -# STANDARD RESTORATION STEPS -#================================================= -# RESTORE THE NGINX CONFIGURATION -#================================================= - -ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" - -#================================================= -# RESTORE THE APP MAIN DIR -#================================================= -ynh_script_progression --message="Restoring the app main directory..." - -ynh_restore_file --origin_path="$final_path" - -#================================================= -# RECREATE THE DEDICATED USER -#================================================= ynh_script_progression --message="Recreating the dedicated system user..." +ynh_system_user_create --username=$app --home_dir="$final_path" -# Create the dedicated user (if not existing) -ynh_system_user_create --username=$app +ynh_script_progression --message="Restoring the app main directory..." +ynh_restore_file --origin_path="$final_path" +libreqr_apply_filesystem_permissions -#================================================= -# RESTORE USER RIGHTS -#================================================= +ynh_script_progression --message="Restoring the PHP-FPM configuration..." +ynh_restore_file --origin_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" +ynh_systemd_action --service_name=php$phpversion-fpm --action=reload -### For security reason, any app should set the permissions to root: before anything else. -### Then, if write authorization is needed, any access should be given only to directories -### that really need such authorization. - -# Set permissions to app files -chown -R root: $final_path -find $final_path -type f | xargs chmod 644 -find $final_path -type d | xargs chmod 755 - -# For temp subdir, the user must have write permissions -mkdir -p $final_path/temp -chown -R $app:root $final_path/temp -chmod 711 $final_path/temp - -#================================================= -# RESTORE THE PHP-FPM CONFIGURATION -#================================================= - -ynh_restore_file --origin_path="/etc/php/7.3/fpm/pool.d/$app.conf" - -#================================================= -# GENERIC FINALIZATION -#================================================= -# RELOAD NGINX AND PHP-FPM -#================================================= -ynh_script_progression --message="Reloading nginx web server and php-fpm..." - -ynh_systemd_action --service_name=php7.3-fpm --action=reload +ynh_script_progression --message="Restoring the NGINX configuration..." +ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_systemd_action --service_name=nginx --action=reload -#================================================= -# END OF SCRIPT -#================================================= - ynh_script_progression --message="Restoration completed for $app" --last diff --git a/scripts/upgrade b/scripts/upgrade index 4862fcc..2306faa 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,173 +1,43 @@ #!/bin/bash - -#================================================= -# GENERIC START -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - source _common.sh source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= ynh_script_progression --message="Loading installation settings..." - app=$YNH_APP_INSTANCE_NAME - domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) -is_public=$(ynh_app_setting_get --app=$app --key=is_public) final_path=$(ynh_app_setting_get --app=$app --key=final_path) -#================================================= -# CHECK VERSION -#================================================= - -### This helper will compare the version of the currently installed app and the version of the upstream package. -### $upgrade_type can have 2 different values -### - UPGRADE_APP if the upstream app version has changed -### - UPGRADE_PACKAGE if only the YunoHost package has changed -### ynh_check_app_version_changed will stop the upgrade if the app is up to date. -### UPGRADE_APP should be used to upgrade the core app only if there's an upgrade to do. upgrade_type=$(ynh_check_app_version_changed) -#================================================= -# ENSURE DOWNWARD COMPATIBILITY -#================================================= -ynh_script_progression --message="Ensuring downward compatibility..." - -# Fix is_public as a boolean value -if [ "$is_public" = "Yes" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=1 - is_public=1 -elif [ "$is_public" = "No" ]; then - ynh_app_setting_set --app=$app --key=is_public --value=0 - is_public=0 -fi - -# If final_path doesn't exist, create it -if [ -z "$final_path" ]; then - final_path=/var/www/$app - ynh_app_setting_set --app=$app --key=final_path --value=$final_path -fi - -#================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP -#================================================= ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." - -# Backup the current version of the app ynh_backup_before_upgrade ynh_clean_setup () { - # restore it if the upgrade fails ynh_restore_upgradebackup } -# Exit if an error occurs during the execution of the script ynh_abort_if_errors -#================================================= -# STANDARD UPGRADE STEPS -#================================================= +ynh_script_progression --message="Ensuring downward compatibility..." +if ynh_legacy_permissions_exists; then + ynh_legacy_permissions_delete_all + ynh_app_setting_delete --app=$app --key=is_public +fi -#================================================= -# DOWNLOAD, CHECK AND UNPACK SOURCE -#================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." +ynh_system_user_create --username=$app --home_dir="$final_path" if [ "$upgrade_type" == "UPGRADE_APP" ] then ynh_script_progression --message="Upgrading source files..." - - # Remove old version ynh_secure_remove --file="$final_path" - - # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" - fi +libreqr_apply_filesystem_permissions -#================================================= -# NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Upgrading nginx web server configuration..." - -# Create a dedicated nginx config +ynh_script_progression --message="Upgrading NGINX web server configuration..." ynh_add_nginx_config -#================================================= -# UPGRADE DEPENDENCIES -#================================================= -#ynh_script_progression --message="Upgrading dependencies..." - -#ynh_install_app_dependencies $pkg_dependencies - -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." - -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app - -#================================================= -# PHP-FPM CONFIGURATION -#================================================= -ynh_script_progression --message="Upgrading php-fpm configuration..." - -# Create a dedicated php-fpm config +ynh_script_progression --message="Upgrading PHP-FPM configuration..." ynh_add_fpm_config -#================================================= -# STORE THE CONFIG FILE CHECKSUM -#================================================= - -### Verify the checksum of a file, stored by `ynh_store_file_checksum` in the install script. -### And create a backup of this file if the checksum is different. So the file will be backed up if the admin had modified it. -ynh_backup_if_checksum_is_different --file="$final_path/config.inc.php" -# Recalculate and store the checksum of the file for the next upgrade. -ynh_store_file_checksum --file="$final_path/config.inc.php" - -#================================================= -# GENERIC FINALIZATION -#================================================= -# SECURE FILES AND DIRECTORIES -#================================================= - -### For security reason, any app should set the permissions to root: before anything else. -### Then, if write authorization is needed, any access should be given only to directories -### that really need such authorization. - -# Set permissions to app files -chown -R root: $final_path -find $final_path -type f | xargs chmod 644 -find $final_path -type d | xargs chmod 755 - -# For temp subdir, the user must have write permissions -mkdir -p $final_path/temp -chown -R $app:root $final_path/temp -chmod 711 $final_path/temp - -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Upgrading SSOwat configuration..." - -# Make app public if necessary -if [ $is_public -eq 1 ] -then - ynh_permission_update --permission "main" --add visitors -fi - -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading nginx web server..." - -ynh_systemd_action --service_name=nginx --action=reload - -#================================================= -# END OF SCRIPT -#================================================= - ynh_script_progression --message="Upgrade of $app completed" --last