Merge pull request 'LibreQR 1.3.0 for YunoHost' (#5) from testing into master

Reviewed-on: #5
2 years ago · 3b225b6a98
13 changed files with 175 additions and 125 deletions
--- a/README.md
+++ b/README.md
@ -1,59 +1,51 @@
-# LibreQR pour YunoHost
+# LibreQR for YunoHost

-[![Integration level](https://dash.yunohost.org/integration/qr.svg)](https://dash.yunohost.org/appci/app/qr)
+[![Integration level](https://dash.yunohost.org/integration/qr.svg)](https://dash.yunohost.org/appci/app/qr) ![](https://ci-apps.yunohost.org/ci/badges/qr.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/qr.maintain.svg)

-> *Ce package vous permet d'installer LibreQR rapidement et simplement sur un serveur Yunohost.  
-Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.*
+[![Install LibreQR with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=qr)

-## Vue d'ensemble
+*[Lire ce readme en français.](./README_fr.md)*

-Un interface Web en PHP pour générer des codes QR.
-Fonctionne même sans JavaScript.
+> *This package allows you to install LibreQR quickly and simply on a YunoHost server.
+If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.*

-**Version incluse:** 1.2.0
+## Overview

-## Capture d'écran
+A Web interface for generating QR codes in PHP.
+
+**Shipped version:** 1.3.0
+
+## Screenshot

 ![](screenshot.png)

-## Démo
+## Demo

-* [Démo officielle](https://qr.antopie.org)
+* [Official demo](https://qr.antopie.org)

 ## Configuration

-Modifiez le fichier /var/www/qr/config.inc.php à votre guise
+You can configure this app by editing `/var/www/qr/config.inc.php`.

-## Caractéristiques spécifiques YunoHost
+## YunoHost specific features

-### Support multi-utilisateurs
+### Multi-user support

-Il n'y a aucune forme d'authentification dans l'application.
+* There is no authentication in the app
+* The app can be installed multiple time

 ### Supported architectures

-* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/qr%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/qr/)
+* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/qr%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/qr/)
 * ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/qr%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/qr/)

-## Limitations
-
-* Interface uniquement en français pour l'instant.
-
-## Liens
-
- * Signaler un bug dans le paquet YunoHost : https://code.antopie.org/miraty/qr_ynh/issues
- * Signaler un bug dans l'application principale : https://code.antopie.org/miraty/libreqr/issues
- * Dépôt de l'application principale : https://code.antopie.org/miraty/libreqr
- * Site web de YunoHost : https://yunohost.org
-
-## Informations pour le développement
+## Additional information

-Merci de faire vos pull request sur la [branche testing](https://code.antopie.org/miraty/qr_ynh/src/branch/testing).
+The application is called LibreQR, but its technical ID in YunoHost is `qr` for historical reasons.

-Pour essayer la branche testing, procédez comme suit.
+## Links

-```bash
-sudo yunohost app install https://code.antopie.org/miraty/qr_ynh/tree/testing --debug
-ou
-sudo yunohost app upgrade qr -u https://code.antopie.org/miraty/qr_ynh/tree/testing --debug
-```
+ * Report a bug in this package: <https://code.antopie.org/miraty/qr_ynh/issues>
+ * Report a bug in LibreQR: <https://code.antopie.org/miraty/libreqr/issues>
+ * LibreQR repository: <https://code.antopie.org/miraty/libreqr/>
+ * YunoHost website: <https://yunohost.org/>
--- a/README_fr.md
+++ b/README_fr.md
@ -0,0 +1,51 @@
+# LibreQR pour YunoHost
+
+[![Niveau d'intégration](https://dash.yunohost.org/integration/qr.svg)](https://dash.yunohost.org/appci/app/qr) ![](https://ci-apps.yunohost.org/ci/badges/qr.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/qr.maintain.svg)
+
+[![Installer LibreQR avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=qr)
+
+*[Read this readme in english.](./README.md)*
+
+> *Ce package vous permet d'installer LibreQR rapidement et simplement sur un serveur YunoHost.
+Si vous n'avez pas YunoHost, consultez [le guide](https://yunohost.org/#/install) pour apprendre comment l'installer.*
+
+## Vue d'ensemble
+
+Une interface Web pour générer des codes QR en PHP.
+
+**Version incluse :** 1.3.0
+
+## Capture d'écran
+
+![](screenshot.png)
+
+## Démo
+
+* [Démo officielle](https://qr.antopie.org)
+
+## Configuration
+
+Vous pouvez configurer cette application en modifiant `/var/www/qr/config.inc.php`.
+
+## Caractéristiques spécifiques YunoHost
+
+### Support multi-utilisateur
+
+* Il n'y a pas d'authentification dans l'application
+* L'application peut-être installée plusieurs fois
+
+### Architectures supportées
+
+* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/qr%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/qr/)
+* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/qr%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/qr/)
+
+## Informations additionnelles
+
+L'application s'appelle LibreQR, mais son identifiant technique dans YunoHost est `qr` pour des raisons historiques.
+
+## Liens
+
+ * Signaler un bug dans ce paquet : <https://code.antopie.org/miraty/qr_ynh/issues>
+ * Signaler un bug dans LibreQR : <https://code.antopie.org/miraty/libreqr/issues>
+ * Dépôt de LibreQR : <https://code.antopie.org/miraty/libreqr/>
+ * Site web de YunoHost : <https://yunohost.org/>
--- a/conf/app.src
+++ b/conf/app.src
@ -1,5 +1,5 @@
-SOURCE_URL=https://libreqr.antopie.org/1.2.0.tar.gz
-SOURCE_SUM=ae897291398fddc94c6e2593c3fb6a089d778d3850596bc0407d4f35ebe49d5ed43e522b08853641ae4e7e7851f2d50cf9a3d9f6a7d85c67741abccd7ff527e2
+SOURCE_URL=https://libreqr.antopie.org/releases/libreqr-1.3.0.tar.gz
+SOURCE_SUM=50334a26fcb478914a29cdc5b04a2a21f1428269197befca65c3d234aac0859df75609292ea69b855a8a9e43c8747a2fe38389ae4b7fb29c0613a040a65ab455
 SOURCE_SUM_PRG=sha512sum
 SOURCE_FORMAT=tar.gz
 SOURCE_IN_SUBDIR=true
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@ -18,7 +18,7 @@ location __PATH__/ {
  try_files $uri $uri/ index.php;
  location ~ [^/]\.php(/|$) {
    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
-    fastcgi_pass unix:/var/run/php/php7.0-fpm-__NAME__.sock;
+    fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock;

    fastcgi_index index.php;
    include fastcgi_params;
--- a/conf/php-fpm.conf
+++ b/conf/php-fpm.conf
@ -33,7 +33,7 @@ group = __USER__
 ;                            (IPv6 and IPv4-mapped) on a specific port;
 ;   '/path/to/unix/socket' - to listen on a unix socket.
 ; Note: This value is mandatory.
-listen = /var/run/php/php7.0-fpm-__NAMETOCHANGE__.sock
+listen = /var/run/php/php__PHPVERSION__-fpm-__NAMETOCHANGE__.sock

 ; Set listen(2) backlog.
 ; Default Value: 511 (-1 on FreeBSD and OpenBSD)
--- a/manifest.json
+++ b/manifest.json
@ -3,11 +3,11 @@
    "id": "qr",
    "packaging_format": 1,
    "description": {
-        "en": "A QR codes generator",
-        "fr": "Un générateur de codes QR"
+        "en": "Web interface for generating QR codes",
+        "fr": "Interface Web pour générer des codes QR"
    },
-    "version": "1.2.0~ynh2",
-    "url": "https://code.antopie.org/miraty/libreqr/",
+    "version": "1.3.0~ynh1",
+    "url": "https://code.antopie.org/miraty/libreqr",
    "license": "AGPL-3.0-or-later",
    "maintainer": {
        "name": "Miraty",
@ -15,12 +15,12 @@
        "url": "https://miraty.antopie.org"
    },
    "requirements": {
-        "yunohost": ">= 3.6"
+        "yunohost": ">= 4.0"
    },
    "multi_instance": true,
    "services": [
        "nginx",
-        "php7.0-fpm"
+        "php7.3-fpm"
    ],
    "arguments": {
        "install" : [
@ -28,10 +28,10 @@
                "name": "domain",
                "type": "domain",
                "ask": {
-                    "en": "Choose a domain for LibreQR",
-                    "fr": "Choisissez un domaine pour LibreQR"
+                    "en": "Choose a domain name for LibreQR",
+                    "fr": "Choisissez un nom de domaine pour LibreQR"
                },
-                "example": "michu.home"
+                "example": "qr.domain.tld"
            },
            {
                "name": "path",
@ -50,10 +50,6 @@
                    "en": "Is it a public application?",
                    "fr": "Est-ce une application publique ?"
                },
-                "help": {
-                   "en": "Can LibreQR be used by everyone?",
-                   "fr": "LibreQR peut-elle être utilisée par tout le monde ?"
-                },
                "default": true
            }
        ]
--- a/screenshot.png
+++ b/screenshot.png
--- a/scripts/backup
+++ b/scripts/backup
@ -24,7 +24,7 @@ ynh_abort_if_errors
 #=================================================
 # LOAD SETTINGS
 #=================================================
-ynh_script_progression --message="Loading installation settings..." --time --weight=1
+ynh_script_progression --message="Loading installation settings..."

 app=$YNH_APP_INSTANCE_NAME

@ -37,26 +37,26 @@ domain=$(ynh_app_setting_get --app=$app --key=domain)
 #=================================================
 # BACKUP THE APP MAIN DIR
 #=================================================
-ynh_script_progression --message="Backing up the main app directory..." --time --weight=1
+ynh_script_progression --message="Backing up the main app directory..."

 ynh_backup --src_path="$final_path"

 #=================================================
 # BACKUP THE NGINX CONFIGURATION
 #=================================================
-ynh_script_progression --message="Backing up nginx web server configuration..." --time --weight=1
+ynh_script_progression --message="Backing up nginx web server configuration..."

 ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"

 #=================================================
 # BACKUP THE PHP-FPM CONFIGURATION
 #=================================================
-ynh_script_progression --message="Backing up php-fpm configuration..." --time --weight=1
+ynh_script_progression --message="Backing up php-fpm configuration..."

-ynh_backup --src_path="/etc/php/7.0/fpm/pool.d/$app.conf"
+ynh_backup --src_path="/etc/php/7.3/fpm/pool.d/$app.conf"

 #=================================================
 # END OF SCRIPT
 #=================================================

-ynh_script_progression --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." --time --last
+ynh_script_progression --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." --last
--- a/scripts/change_url
+++ b/scripts/change_url
@ -24,7 +24,7 @@ app=$YNH_APP_INSTANCE_NAME
 #=================================================
 # LOAD SETTINGS
 #=================================================
-ynh_script_progression --message="Loading installation settings..." --time --weight=1
+ynh_script_progression --message="Loading installation settings..."

 # Needed for helper "ynh_add_nginx_config"
 final_path=$(ynh_app_setting_get --app=$app --key=final_path)
@ -56,7 +56,7 @@ fi
 #=================================================
 # MODIFY URL IN NGINX CONF
 #=================================================
-ynh_script_progression --message="Updating nginx web server configuration..." --time --weight=1
+ynh_script_progression --message="Updating nginx web server configuration..."

 nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf

@ -85,7 +85,7 @@ fi
 #=================================================
 # RELOAD NGINX
 #=================================================
-ynh_script_progression --message="Reloading nginx web server..." --time --weight=1
+ynh_script_progression --message="Reloading nginx web server..."

 ynh_systemd_action --service_name=nginx --action=reload

--- a/scripts/install
+++ b/scripts/install
@ -51,7 +51,7 @@ app=$YNH_APP_INSTANCE_NAME
 ### Use the execution time, given by --time, to estimate the weight of a step.
 ### A common way to do it is to set a weight equal to the execution time in second +1.
 ### The execution time is given for the duration since the previous call. So the weight should be applied to this previous call.
-ynh_script_progression --message="Validating installation parameters..." --time --weight=1
+ynh_script_progression --message="Validating installation parameters..."

 ### If the app uses nginx as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app".
 ### If the app provides an internal web server (or uses another application server such as uwsgi), the final path should be "/opt/yunohost/$app"
@ -64,7 +64,7 @@ ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
 #=================================================
 # STORE SETTINGS FROM MANIFEST
 #=================================================
-ynh_script_progression --message="Storing installation settings..." --time --weight=1
+ynh_script_progression --message="Storing installation settings..."

 ynh_app_setting_set --app=$app --key=domain --value=$domain
 ynh_app_setting_set --app=$app --key=path --value=$path_url
@ -77,7 +77,7 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path
 #=================================================
 # DOWNLOAD, CHECK AND UNPACK SOURCE
 #=================================================
-ynh_script_progression --message="Setting up source files..." --weight=1
+ynh_script_progression --message="Setting up source files..."

 ### `ynh_setup_source` is used to install an app from a zip or tar.gz file,
 ### downloaded from an upstream source, like a git repository.
@ -89,7 +89,7 @@ ynh_setup_source --dest_dir="$final_path"
 #=================================================
 # NGINX CONFIGURATION
 #=================================================
-ynh_script_progression --message="Configuring nginx web server..." --time --weight=1
+ynh_script_progression --message="Configuring nginx web server..."

 ### `ynh_add_nginx_config` will use the file conf/nginx.conf

@ -99,7 +99,7 @@ ynh_add_nginx_config
 #=================================================
 # CREATE DEDICATED USER
 #=================================================
-ynh_script_progression --message="Configuring system user..." --time --weight=1
+ynh_script_progression --message="Configuring system user..."

 # Create a system user
 ynh_system_user_create --username=$app
@ -107,7 +107,7 @@ ynh_system_user_create --username=$app
 #=================================================
 # PHP-FPM CONFIGURATION
 #=================================================
-ynh_print_info "Configuring php-fpm..." --time --weight=1
+ynh_script_progression "Configuring php-fpm..."

 ### `ynh_add_fpm_config` is used to set up a PHP config.
 ### You can remove it if your app doesn't use PHP.
@ -134,25 +134,30 @@ ynh_add_fpm_config
 ### that really need such authorization.

 # Set permissions to app files
-chown -R root:$app $final_path
-chmod -R g+w $final_path
+chown -R root: $final_path
+find $final_path -type f | xargs chmod 644
+find $final_path -type d | xargs chmod 755
+
+# For temp subdir, the user must have write permissions
+mkdir -p $final_path/temp
+chown -R $app:root $final_path/temp
+chmod 711 $final_path/temp

 #=================================================
 # SETUP SSOWAT
 #=================================================
-ynh_script_progression --message="Configuring SSOwat..." --time --weight=1
+ynh_script_progression --message="Configuring SSOwat..."

 # Make app public if necessary
 if [ $is_public -eq 1 ]
 then
-	# unprotected_uris allows SSO credentials to be passed anyway.
-	ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
+	ynh_permission_update --permission "main" --add visitors
 fi

 #=================================================
 # RELOAD NGINX
 #=================================================
-ynh_script_progression --message="Reloading nginx web server..." --time --weight=1
+ynh_script_progression --message="Reloading nginx web server..."

 ynh_systemd_action --service_name=nginx --action=reload

@ -160,4 +165,4 @@ ynh_systemd_action --service_name=nginx --action=reload
 # END OF SCRIPT
 #=================================================

-ynh_script_progression --message="Installation of $app completed" --time --last
+ynh_script_progression --message="Installation of $app completed" --last
--- a/scripts/remove
+++ b/scripts/remove
@ -12,7 +12,7 @@ source /usr/share/yunohost/helpers
 #=================================================
 # LOAD SETTINGS
 #=================================================
-ynh_script_progression --message="Loading installation settings..." --time --weight=1
+ynh_script_progression --message="Loading installation settings..."

 app=$YNH_APP_INSTANCE_NAME

@ -26,7 +26,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 #=================================================
 # REMOVE APP MAIN DIR
 #=================================================
-ynh_script_progression --message="Removing app main directory..." --time --weight=1
+ynh_script_progression --message="Removing app main directory..."

 # Remove the app directory securely
 ynh_secure_remove --file="$final_path"
@ -34,7 +34,7 @@ ynh_secure_remove --file="$final_path"
 #=================================================
 # REMOVE NGINX CONFIGURATION
 #=================================================
-ynh_script_progression --message="Removing nginx web server configuration..." --time --weight=1
+ynh_script_progression --message="Removing nginx web server configuration..."

 # Remove the dedicated nginx config
 ynh_remove_nginx_config
@ -42,17 +42,19 @@ ynh_remove_nginx_config
 #=================================================
 # REMOVE PHP-FPM CONFIGURATION
 #=================================================
-ynh_script_progression --message="Removing php-fpm configuration..." --time --weight=1
+ynh_script_progression --message="Removing php-fpm configuration..."

 # Remove the dedicated php-fpm config
 ynh_remove_fpm_config

+ynh_systemd_action --action=restart --service_name=php7.3-fpm
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
 # REMOVE DEDICATED USER
 #=================================================
-ynh_script_progression --message="Removing the dedicated system user..." --time --weight=1
+ynh_script_progression --message="Removing the dedicated system user..."

 # Delete a system user
 ynh_system_user_delete --username=$app
@ -61,4 +63,4 @@ ynh_system_user_delete --username=$app
 # END OF SCRIPT
 #=================================================

-ynh_script_progression --message="Removal of $app completed" --time --last
+ynh_script_progression --message="Removal of $app completed" --last
--- a/scripts/restore
+++ b/scripts/restore
@ -24,7 +24,7 @@ ynh_abort_if_errors
 #=================================================
 # LOAD SETTINGS
 #=================================================
-ynh_script_progression --message="Loading settings..." --time --weight=1
+ynh_script_progression --message="Loading settings..."

 app=$YNH_APP_INSTANCE_NAME

@ -35,7 +35,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
 #=================================================
 # CHECK IF THE APP CAN BE RESTORED
 #=================================================
-ynh_script_progression --message="Validating restoration parameters..." --time --weight=1
+ynh_script_progression --message="Validating restoration parameters..."

 ynh_webpath_available --domain=$domain --path_url=$path_url \
 	|| ynh_die --message="Path not available: ${domain}${path_url}"
@ -53,14 +53,14 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
 #=================================================
 # RESTORE THE APP MAIN DIR
 #=================================================
-ynh_script_progression --message="Restoring the app main directory..." --time --weight=1
+ynh_script_progression --message="Restoring the app main directory..."

 ynh_restore_file --origin_path="$final_path"

 #=================================================
 # RECREATE THE DEDICATED USER
 #=================================================
-ynh_script_progression --message="Recreating the dedicated system user..." --time --weight=1
+ynh_script_progression --message="Recreating the dedicated system user..."

 # Create the dedicated user (if not existing)
 ynh_system_user_create --username=$app
@ -69,28 +69,38 @@ ynh_system_user_create --username=$app
 # RESTORE USER RIGHTS
 #=================================================

+### For security reason, any app should set the permissions to root: before anything else.
+### Then, if write authorization is needed, any access should be given only to directories
+### that really need such authorization.
+
 # Set permissions to app files
-chown -R root:$app $final_path
-chmod -R g+w $final_path
+chown -R root: $final_path
+find $final_path -type f | xargs chmod 644
+find $final_path -type d | xargs chmod 755
+
+# For temp subdir, the user must have write permissions
+mkdir -p $final_path/temp
+chown -R $app:root $final_path/temp
+chmod 711 $final_path/temp

 #=================================================
 # RESTORE THE PHP-FPM CONFIGURATION
 #=================================================

-ynh_restore_file --origin_path="/etc/php/7.0/fpm/pool.d/$app.conf"
+ynh_restore_file --origin_path="/etc/php/7.3/fpm/pool.d/$app.conf"

 #=================================================
 # GENERIC FINALIZATION
 #=================================================
 # RELOAD NGINX AND PHP-FPM
 #=================================================
-ynh_script_progression --message="Reloading nginx web server and php-fpm..." --time --weight=1
+ynh_script_progression --message="Reloading nginx web server and php-fpm..."

-ynh_systemd_action --service_name=php7.0-fpm --action=reload
+ynh_systemd_action --service_name=php7.3-fpm --action=reload
 ynh_systemd_action --service_name=nginx --action=reload

 #=================================================
 # END OF SCRIPT
 #=================================================

-ynh_script_progression --message="Restoration completed for $app" --time --last
+ynh_script_progression --message="Restoration completed for $app" --last
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -12,7 +12,7 @@ source /usr/share/yunohost/helpers
 #=================================================
 # LOAD SETTINGS
 #=================================================
-ynh_script_progression --message="Loading installation settings..." --time --weight=1
+ynh_script_progression --message="Loading installation settings..."

 app=$YNH_APP_INSTANCE_NAME

@ -36,7 +36,7 @@ upgrade_type=$(ynh_check_app_version_changed)
 #=================================================
 # ENSURE DOWNWARD COMPATIBILITY
 #=================================================
-ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1
+ynh_script_progression --message="Ensuring downward compatibility..."

 # Fix is_public as a boolean value
 if [ "$is_public" = "Yes" ]; then
@ -56,7 +56,7 @@ fi
 #=================================================
 # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
 #=================================================
-ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --time --weight=1
+ynh_script_progression --message="Backing up the app before upgrading (may take a while)..."

 # Backup the current version of the app
 ynh_backup_before_upgrade
@ -67,18 +67,6 @@ ynh_clean_setup () {
 # Exit if an error occurs during the execution of the script
 ynh_abort_if_errors

-#=================================================
-# CHECK THE PATH
-#=================================================
-
-# Normalize the URL path syntax
-# N.B. : this is for app installations before YunoHost 2.7
-# where this value might be something like /foo/ or foo/
-# instead of /foo ....
-# If nobody installed your app before 2.7, then you may
-# safely remove this line
-path_url=$(ynh_normalize_url_path --path_url=$path_url)
-
 #=================================================
 # STANDARD UPGRADE STEPS
 #=================================================
@ -89,23 +77,20 @@ path_url=$(ynh_normalize_url_path --path_url=$path_url)

 if [ "$upgrade_type" == "UPGRADE_APP" ]
 then
-	ynh_script_progression --message="Upgrading source files..." --time --weight=1
+	ynh_script_progression --message="Upgrading source files..."
+
+	# Remove old version
+	ynh_secure_remove --file="$final_path"

 	# Download, check integrity, uncompress and patch the source from app.src
 	ynh_setup_source --dest_dir="$final_path"

-	# Remove unused directories or files from older release
-	ynh_secure_remove --file="$final_path/aide.svg"
-	ynh_secure_remove --file="$final_path/favicons"
-	ynh_secure_remove --file="$final_path/parinux.png"
-	ynh_secure_remove --file="$final_path/phpqrcode"
-	ynh_secure_remove --file="$final_path/ubuntu-dl.ttf"
 fi

 #=================================================
 # NGINX CONFIGURATION
 #=================================================
-ynh_script_progression --message="Upgrading nginx web server configuration..." --time --weight=1
+ynh_script_progression --message="Upgrading nginx web server configuration..."

 # Create a dedicated nginx config
 ynh_add_nginx_config
@ -113,14 +98,14 @@ ynh_add_nginx_config
 #=================================================
 # UPGRADE DEPENDENCIES
 #=================================================
-#ynh_script_progression --message="Upgrading dependencies..." --time --weight=1
+#ynh_script_progression --message="Upgrading dependencies..."

 #ynh_install_app_dependencies $pkg_dependencies

 #=================================================
 # CREATE DEDICATED USER
 #=================================================
-ynh_script_progression --message="Making sure dedicated system user exists..." --time --weight=1
+ynh_script_progression --message="Making sure dedicated system user exists..."

 # Create a dedicated user (if not existing)
 ynh_system_user_create --username=$app
@ -128,7 +113,7 @@ ynh_system_user_create --username=$app
 #=================================================
 # PHP-FPM CONFIGURATION
 #=================================================
-ynh_script_progression --message="Upgrading php-fpm configuration..." --time --weight=1
+ynh_script_progression --message="Upgrading php-fpm configuration..."

 # Create a dedicated php-fpm config
 ynh_add_fpm_config
@ -139,9 +124,9 @@ ynh_add_fpm_config

 ### Verify the checksum of a file, stored by `ynh_store_file_checksum` in the install script.
 ### And create a backup of this file if the checksum is different. So the file will be backed up if the admin had modified it.
-ynh_backup_if_checksum_is_different --file="$final_path/options.inc.php"
+ynh_backup_if_checksum_is_different --file="$final_path/config.inc.php"
 # Recalculate and store the checksum of the file for the next upgrade.
-ynh_store_file_checksum --file="$final_path/options.inc.php"
+ynh_store_file_checksum --file="$final_path/config.inc.php"

 #=================================================
 # GENERIC FINALIZATION
@ -149,26 +134,35 @@ ynh_store_file_checksum --file="$final_path/options.inc.php"
 # SECURE FILES AND DIRECTORIES
 #=================================================

+### For security reason, any app should set the permissions to root: before anything else.
+### Then, if write authorization is needed, any access should be given only to directories
+### that really need such authorization.
+
 # Set permissions to app files
-chown -R root:$app $final_path
-chmod -R g+w $final_path
+chown -R root: $final_path
+find $final_path -type f | xargs chmod 644
+find $final_path -type d | xargs chmod 755
+
+# For temp subdir, the user must have write permissions
+mkdir -p $final_path/temp
+chown -R $app:root $final_path/temp
+chmod 711 $final_path/temp

 #=================================================
 # SETUP SSOWAT
 #=================================================
-ynh_script_progression --message="Upgrading SSOwat configuration..." --time --weight=1
+ynh_script_progression --message="Upgrading SSOwat configuration..."

 # Make app public if necessary
 if [ $is_public -eq 1 ]
 then
-	# unprotected_uris allows SSO credentials to be passed anyway
-	ynh_app_setting_set --app=$app --key=unprotected_uris --value="/"
+	ynh_permission_update --permission "main" --add visitors
 fi

 #=================================================
 # RELOAD NGINX
 #=================================================
-ynh_script_progression --message="Reloading nginx web server..." --time --weight=1
+ynh_script_progression --message="Reloading nginx web server..."

 ynh_systemd_action --service_name=nginx --action=reload

@ -176,4 +170,4 @@ ynh_systemd_action --service_name=nginx --action=reload
 # END OF SCRIPT
 #=================================================

-ynh_script_progression --message="Upgrade of $app completed" --time --last
+ynh_script_progression --message="Upgrade of $app completed" --last