|
|
@ -79,16 +79,12 @@ if [ "$upgrade_type" == "UPGRADE_APP" ] |
|
|
|
then |
|
|
|
ynh_script_progression --message="Upgrading source files..." |
|
|
|
|
|
|
|
# Remove old version |
|
|
|
ynh_secure_remove --file="$final_path" |
|
|
|
|
|
|
|
# Download, check integrity, uncompress and patch the source from app.src |
|
|
|
ynh_setup_source --dest_dir="$final_path" |
|
|
|
|
|
|
|
# Remove unused directories or files from older release |
|
|
|
ynh_secure_remove --file="$final_path/aide.svg" |
|
|
|
ynh_secure_remove --file="$final_path/favicons" |
|
|
|
ynh_secure_remove --file="$final_path/parinux.png" |
|
|
|
ynh_secure_remove --file="$final_path/phpqrcode" |
|
|
|
ynh_secure_remove --file="$final_path/ubuntu-dl.ttf" |
|
|
|
ynh_secure_remove --file="$final_path/style.min.css" |
|
|
|
fi |
|
|
|
|
|
|
|
#================================================= |
|
|
@ -138,9 +134,19 @@ ynh_store_file_checksum --file="$final_path/config.inc.php" |
|
|
|
# SECURE FILES AND DIRECTORIES |
|
|
|
#================================================= |
|
|
|
|
|
|
|
### For security reason, any app should set the permissions to root: before anything else. |
|
|
|
### Then, if write authorization is needed, any access should be given only to directories |
|
|
|
### that really need such authorization. |
|
|
|
|
|
|
|
# Set permissions to app files |
|
|
|
chown -R root:$app $final_path |
|
|
|
chmod -R g+w $final_path |
|
|
|
chown -R root: $final_path |
|
|
|
find $final_path -type f | xargs chmod 644 |
|
|
|
find $final_path -type d | xargs chmod 755 |
|
|
|
|
|
|
|
# For temp subdir, the user must have write permissions |
|
|
|
mkdir -p $final_path/temp |
|
|
|
chown -R $app:root $final_path/temp |
|
|
|
chmod 711 $final_path/temp |
|
|
|
|
|
|
|
#================================================= |
|
|
|
# SETUP SSOWAT |
|
|
@ -150,8 +156,7 @@ ynh_script_progression --message="Upgrading SSOwat configuration..." |
|
|
|
# Make app public if necessary |
|
|
|
if [ $is_public -eq 1 ] |
|
|
|
then |
|
|
|
# unprotected_uris allows SSO credentials to be passed anyway |
|
|
|
ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" |
|
|
|
ynh_permission_update --permission "main" --add visitors |
|
|
|
fi |
|
|
|
|
|
|
|
#================================================= |
|
|
@ -165,4 +170,4 @@ ynh_systemd_action --service_name=nginx --action=reload |
|
|
|
# END OF SCRIPT |
|
|
|
#================================================= |
|
|
|
|
|
|
|
ynh_script_progression --message="Upgrade of $app completed" --time --last |
|
|
|
ynh_script_progression --message="Upgrade of $app completed" --last |
|
|
|