miraty/qr_ynh
1
1
Fork 0
Code Issues Pull requests Activity

Update to latest packaging format

Browse source
This commit is contained in:
Miraty 2022-03-03 17:58:37 +01:00
parent 3b225b6a98
commit be91c1c2ab
12 changed files with 191 additions and 319 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

54
README.md
View file

@ -1,8 +1,12 @@
<!--
N.B.: This README was automatically generated by https://github.com/YunoHost/apps/tree/master/tools/README-generator
It shall NOT be edited by hand.
-->
# LibreQR for YunoHost
[![Integration level](https://dash.yunohost.org/integration/qr.svg)](https://dash.yunohost.org/appci/app/qr) ![](https://ci-apps.yunohost.org/ci/badges/qr.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/qr.maintain.svg)
[![Install LibreQR with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=qr)
[![Install LibreQR with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=qr)
*[Lire ce readme en français.](./README_fr.md)*
@ -11,41 +15,31 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
## Overview
A Web interface for generating QR codes in PHP.
Web interface for generating QR codes
**Shipped version:** 1.3.0
**Shipped version:** 1.3.0~ynh1
## Screenshot
**Demo:** https://qr.antopie.org
![](screenshot.png)
## Screenshots
## Demo
![](./doc/screenshots/screenshot.png)
* [Official demo](https://qr.antopie.org)
## Documentation and resources
## Configuration
* Upstream app code repository: https://code.antopie.org/miraty/libreqr
* YunoHost documentation for this app: https://yunohost.org/app_qr
* Report a bug: https://code.antopie.org/miraty/qr_ynh/issues
You can configure this app by editing `/var/www/qr/config.inc.php`.
## Developer info
## YunoHost specific features
Please send your pull request to the [testing branch](https://code.antopie.org/miraty/qr_ynh/src/branch/testing).
### Multi-user support
To try the testing branch, please proceed like that.
```
sudo yunohost app install https://code.antopie.org/miraty/qr_ynh/src/branch/testing --debug
or
sudo yunohost app upgrade qr -u https://code.antopie.org/miraty/qr_ynh/src/branch/testing --debug
```
* There is no authentication in the app
* The app can be installed multiple time
### Supported architectures
* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/qr%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/qr/)
* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/qr%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/qr/)
## Additional information
The application is called LibreQR, but its technical ID in YunoHost is `qr` for historical reasons.
## Links
* Report a bug in this package: <https://code.antopie.org/miraty/qr_ynh/issues>
* Report a bug in LibreQR: <https://code.antopie.org/miraty/libreqr/issues>
* LibreQR repository: <https://code.antopie.org/miraty/libreqr/>
* YunoHost website: <https://yunohost.org/>
**More info regarding app packaging:** https://yunohost.org/packaging_apps

52
README_fr.md
View file

@ -1,51 +1,41 @@
# LibreQR pour YunoHost
[![Niveau d'intégration](https://dash.yunohost.org/integration/qr.svg)](https://dash.yunohost.org/appci/app/qr) ![](https://ci-apps.yunohost.org/ci/badges/qr.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/qr.maintain.svg)
[![Installer LibreQR avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=qr)
[![Installer LibreQR avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=qr)
*[Read this readme in english.](./README.md)*
*[Lire ce readme en français.](./README_fr.md)*
> *Ce package vous permet d'installer LibreQR rapidement et simplement sur un serveur YunoHost.
Si vous n'avez pas YunoHost, consultez [le guide](https://yunohost.org/#/install) pour apprendre comment l'installer.*
Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.*
## Vue d'ensemble
Une interface Web pour générer des codes QR en PHP.
Interface Web pour générer des codes QR
**Version incluse :** 1.3.0
**Version incluse :** 1.3.0~ynh1
## Capture d'écran
**Démo :** https://qr.antopie.org
![](screenshot.png)
## Captures d'écran
## Démo
![](./doc/screenshots/screenshot.png)
* [Démo officielle](https://qr.antopie.org)
## Documentations et ressources
## Configuration
* Dépôt de code officiel de l'app : https://code.antopie.org/miraty/libreqr
* Documentation YunoHost pour cette app : https://yunohost.org/app_qr
* Signaler un bug : https://code.antopie.org/miraty/qr_ynh/issues
Vous pouvez configurer cette application en modifiant `/var/www/qr/config.inc.php`.
## Informations pour les développeurs
## Caractéristiques spécifiques YunoHost
Merci de faire vos pull request sur la [branche testing](https://code.antopie.org/miraty/qr_ynh/src/branch/testing).
### Support multi-utilisateur
Pour essayer la branche testing, procédez comme suit.
```
sudo yunohost app install https://code.antopie.org/miraty/qr_ynh/src/branch/testing --debug
ou
sudo yunohost app upgrade qr -u https://code.antopie.org/miraty/qr_ynh/src/branch/testing --debug
```
* Il n'y a pas d'authentification dans l'application
* L'application peut-être installée plusieurs fois
### Architectures supportées
* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/qr%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/qr/)
* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/qr%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/qr/)
## Informations additionnelles
L'application s'appelle LibreQR, mais son identifiant technique dans YunoHost est `qr` pour des raisons historiques.
## Liens
* Signaler un bug dans ce paquet : <https://code.antopie.org/miraty/qr_ynh/issues>
* Signaler un bug dans LibreQR : <https://code.antopie.org/miraty/libreqr/issues>
* Dépôt de LibreQR : <https://code.antopie.org/miraty/libreqr/>
* Site web de YunoHost : <https://yunohost.org/>
**Plus d'infos sur le packaging d'applications :** https://yunohost.org/packaging_apps

16
conf/nginx.conf
View file

@ -2,19 +2,10 @@
location __PATH__/ {
# Path to source
alias __FINALPATH__/ ;
alias __FINALPATH__/;
# Force usage of https
if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent;
}
### Example PHP configuration (remove it if not used)
index index.php;
# Common parameter to increase upload size limit in conjunction with dedicated php-fpm file
#client_max_body_size 50M;
try_files $uri $uri/ index.php;
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
@ -26,7 +17,10 @@ location __PATH__/ {
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param SCRIPT_FILENAME $request_filename;
}
### End of PHP configuration part
# Security related headers
more_set_headers "Referrer-Policy: no-referrer";
more_set_headers "Content-Security-Policy: default-src 'none'; style-src 'self'; img-src 'self'; manifest-src 'self'; frame-ancestors 'none';";
# Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc;

2
conf/php-fpm.conf
View file

@ -353,7 +353,7 @@ request_terminate_timeout = 1d
; possible. However, all PHP paths will be relative to the chroot
; (error_log, sessions.save_path, ...).
; Default Value: not set
;chroot =
;chroot = __FINALPATH__
; Chdir to this directory at the start.
; Note: relative path can be used.

0
screenshot.png → doc/screenshots/screenshot.png
View file

Side by side Swipe Overlay

Before

Width:  |  Height:  |  Size: 36 KiB

After

Width:  |  Height:  |  Size: 36 KiB

29
manifest.json
View file

@ -8,6 +8,11 @@
},
"version": "1.3.0~ynh1",
"url": "https://code.antopie.org/miraty/libreqr",
"upstream": {
"license": "AGPL-3.0-or-later",
"demo": "https://qr.antopie.org",
"code": "https://code.antopie.org/miraty/libreqr"
},
"license": "AGPL-3.0-or-later",
"maintainer": {
"name": "Miraty",
@ -15,7 +20,7 @@
"url": "https://miraty.antopie.org"
},
"requirements": {
"yunohost": ">= 4.0"
"yunohost": ">= 4.1.2"
},
"multi_instance": true,
"services": [
@ -26,31 +31,13 @@
"install" : [
{
"name": "domain",
"type": "domain",
"ask": {
"en": "Choose a domain name for LibreQR",
"fr": "Choisissez un nom de domaine pour LibreQR"
},
"example": "qr.domain.tld"
"type": "domain"
},
{
"name": "path",
"type": "path",
"ask": {
"en": "Choose a path for LibreQR",
"fr": "Choisissez un chemin pour LibreQR"
},
"example": "/qr",
"default": "/qr"
},
{
"name": "is_public",
"type": "boolean",
"ask": {
"en": "Is it a public application?",
"fr": "Est-ce une application publique ?"
},
"default": true
"default": "/"
}
]
}

25
scripts/backup
View file

@ -6,8 +6,6 @@
# IMPORT GENERIC HELPERS
#=================================================
#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
@ -24,39 +22,46 @@ ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..."
ynh_print_info --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
domain=$(ynh_app_setting_get --app=$app --key=domain)
#db_name=$(ynh_app_setting_get --app=$app --key=db_name)
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
#=================================================
# STANDARD BACKUP STEPS
# DECLARE DATA AND CONF FILES TO BACKUP
#=================================================
ynh_print_info --message="Declaring files to be backed up..."
### N.B. : the following 'ynh_backup' calls are only a *declaration* of what needs
### to be backuped and not an actual copy of any file. The actual backup that
### creates and fill the archive with the files happens in the core after this
### script is called. Hence ynh_backups calls takes basically 0 seconds to run.
#=================================================
# BACKUP THE APP MAIN DIR
#=================================================
ynh_script_progression --message="Backing up the main app directory..."
ynh_backup --src_path="$final_path"
#=================================================
# BACKUP THE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Backing up nginx web server configuration..."
ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# BACKUP THE PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Backing up php-fpm configuration..."
ynh_backup --src_path="/etc/php/7.3/fpm/pool.d/$app.conf"
ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." --last
ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)."

41
scripts/change_url
View file

@ -6,7 +6,6 @@
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
@ -24,15 +23,29 @@ app=$YNH_APP_INSTANCE_NAME
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..."
# Needed for helper "ynh_add_nginx_config"
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
# Add settings here as needed by your application
#db_name=$(ynh_app_setting_get --app=$app --key=db_name)
#db_user=$db_name
#db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd)
#=================================================
# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --time --weight=1
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
# Remove the new domain config file, the remove script won't do it as it doesn't know yet its location.
ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
# Restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# CHECK WHICH PARTS SHOULD BE CHANGED
@ -56,23 +69,24 @@ fi
#=================================================
# MODIFY URL IN NGINX CONF
#=================================================
ynh_script_progression --message="Updating nginx web server configuration..."
ynh_script_progression --message="Updating NGINX web server configuration..."
nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
# Change the path in the nginx config file
# Change the path in the NGINX config file
if [ $change_path -eq 1 ]
then
# Make a backup of the original nginx config file if modified
# Make a backup of the original NGINX config file if modified
ynh_backup_if_checksum_is_different --file="$nginx_conf_path"
# Set global variables for nginx helper
# Set global variables for NGINX helper
domain="$old_domain"
path_url="$new_path"
# Create a dedicated nginx config
# Create a dedicated NGINX config
ynh_add_nginx_config
fi
# Change the domain for nginx
# Change the domain for NGINX
if [ $change_domain -eq 1 ]
then
# Delete file checksum for the old conf file location
@ -85,7 +99,8 @@ fi
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading nginx web server..."
ynh_script_progression --message="Reloading NGINX web server..."
ynh_systemd_action --service_name=nginx --action=reload
@ -93,4 +108,4 @@ ynh_systemd_action --service_name=nginx --action=reload
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Change of URL completed for $app" --time --last
ynh_script_progression --message="Change of URL completed for $app" --last

102
scripts/install
View file

@ -6,17 +6,12 @@
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
ynh_clean_setup () {
### Remove this function if there's nothing to clean before calling the remove script.
true
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
@ -26,18 +21,17 @@ ynh_abort_if_errors
domain=$YNH_APP_ARG_DOMAIN
path_url=$YNH_APP_ARG_PATH
is_public=$YNH_APP_ARG_IS_PUBLIC
### If it's a multi-instance app, meaning it can be installed several times independently
### The id of the app as stated in the manifest is available as $YNH_APP_ID
### The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2", ...)
### The instance number is available as $YNH_APP_INSTANCE_NUMBER (equals "1", "2"...)
### The app instance name is available as $YNH_APP_INSTANCE_NAME
### - the first time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample
### - the second time the app is installed, YNH_APP_INSTANCE_NAME = ynhexample__2
### - ynhexample__{N} for the subsequent installations, with N=3,4, ...
### - ynhexample__{N} for the subsequent installations, with N=3,4...
### The app instance name is probably what interests you most, since this is
### guaranteed to be unique. This is a good unique identifier to define installation path,
### db names, ...
### db names...
app=$YNH_APP_INSTANCE_NAME
#=================================================
@ -53,8 +47,8 @@ app=$YNH_APP_INSTANCE_NAME
### The execution time is given for the duration since the previous call. So the weight should be applied to this previous call.
ynh_script_progression --message="Validating installation parameters..."
### If the app uses nginx as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app".
### If the app provides an internal web server (or uses another application server such as uwsgi), the final path should be "/opt/yunohost/$app"
### If the app uses NGINX as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app".
### If the app provides an internal web server (or uses another application server such as uWSGI), the final path should be "/opt/yunohost/$app"
final_path=/var/www/$app
test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
@ -64,100 +58,76 @@ ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
#=================================================
# STORE SETTINGS FROM MANIFEST
#=================================================
ynh_script_progression --message="Storing installation settings..."
ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set --app=$app --key=path --value=$path_url
ynh_app_setting_set --app=$app --key=is_public --value=$is_public
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
#=================================================
# STANDARD MODIFICATIONS
#=================================================
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Configuring system user..."
# Create a system user
ynh_system_user_create --username=$app --home_dir="$final_path"
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
#=================================================
ynh_script_progression --message="Setting up source files..."
### `ynh_setup_source` is used to install an app from a zip or tar.gz file,
### downloaded from an upstream source, like a git repository.
### `ynh_setup_source` use the file conf/app.src
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path"
# FIXME: this should be managed by the core in the future
# Here, as a packager, you may have to tweak the ownerhsip/permissions
# such that the appropriate users (e.g. maybe www-data) can access
# files in some cases.
# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder -
# this will be treated as a security issue.
chmod -R 440 "$final_path"
find "$final_path" -type d | xargs chmod 110
chmod 750 "$final_path"/temp
chown -R $app:www-data "$final_path"
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Configuring nginx web server..."
ynh_script_progression --message="Configuring NGINX web server..."
### `ynh_add_nginx_config` will use the file conf/nginx.conf
# Create a dedicated nginx config
# Create a dedicated NGINX config
ynh_add_nginx_config
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Configuring system user..."
# Create a system user
ynh_system_user_create --username=$app
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression "Configuring php-fpm..."
### `ynh_add_fpm_config` is used to set up a PHP config.
### You can remove it if your app doesn't use PHP.
### `ynh_add_fpm_config` will use the files conf/php-fpm.conf and conf/php-fpm.ini
### If you're not using these lines:
### - You can remove these files in conf/.
### - Remove the section "BACKUP THE PHP-FPM CONFIGURATION" in the backup script
### - Remove also the section "REMOVE PHP-FPM CONFIGURATION" in the remove script
### - As well as the section "RESTORE THE PHP-FPM CONFIGURATION" in the restore script
### With the reload at the end of the script.
### - And the section "PHP-FPM CONFIGURATION" in the upgrade script
ynh_script_progression --message="Configuring PHP-FPM..."
# Create a dedicated php-fpm config
# Create a dedicated PHP-FPM config
ynh_add_fpm_config
#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
### For security reason, any app should set the permissions to root: before anything else.
### Then, if write authorization is needed, any access should be given only to directories
### that really need such authorization.
# Set permissions to app files
chown -R root: $final_path
find $final_path -type f | xargs chmod 644
find $final_path -type d | xargs chmod 755
# For temp subdir, the user must have write permissions
mkdir -p $final_path/temp
chown -R $app:root $final_path/temp
chmod 711 $final_path/temp
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Configuring SSOwat..."
# Make app public if necessary
if [ $is_public -eq 1 ]
then
ynh_permission_update --permission "main" --add visitors
fi
# GENERIC FINALIZATIONs
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading nginx web server..."
ynh_script_progression --message="Reloading NGINX web server..."
ynh_systemd_action --service_name=nginx --action=reload

12
scripts/remove
View file

@ -6,7 +6,6 @@
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
@ -17,7 +16,6 @@ ynh_script_progression --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
#port=$(ynh_app_setting_get --app=$app --key=port)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#=================================================
@ -34,21 +32,19 @@ ynh_secure_remove --file="$final_path"
#=================================================
# REMOVE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Removing nginx web server configuration..."
ynh_script_progression --message="Removing NGINX web server configuration..."
# Remove the dedicated nginx config
# Remove the dedicated NGINX config
ynh_remove_nginx_config
#=================================================
# REMOVE PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Removing php-fpm configuration..."
ynh_script_progression --message="Removing PHP-FPM configuration..."
# Remove the dedicated php-fpm config
# Remove the dedicated PHP-FPM config
ynh_remove_fpm_config
ynh_systemd_action --action=restart --service_name=php7.3-fpm
#=================================================
# GENERIC FINALIZATION
#=================================================

61
scripts/restore
View file

@ -6,8 +6,6 @@
# IMPORT GENERIC HELPERS
#=================================================
#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
source ../settings/scripts/_common.sh
source /usr/share/yunohost/helpers
#=================================================
@ -24,32 +22,34 @@ ynh_abort_if_errors
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading settings..."
ynh_script_progression --message="Loading installation settings..." --weight=1
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
#=================================================
# CHECK IF THE APP CAN BE RESTORED
#=================================================
ynh_script_progression --message="Validating restoration parameters..."
ynh_webpath_available --domain=$domain --path_url=$path_url \
|| ynh_die --message="Path not available: ${domain}${path_url}"
test ! -d $final_path \
|| ynh_die --message="There is already a directory: $final_path "
#=================================================
# STANDARD RESTORATION STEPS
#=================================================
# RESTORE THE NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Restoring the NGINX configuration..." --weight=1
ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
ynh_script_progression --message="Recreating the dedicated system user..."
# Create the dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir="$final_path"
#=================================================
# RESTORE THE APP MAIN DIR
#=================================================
@ -57,31 +57,16 @@ ynh_script_progression --message="Restoring the app main directory..."
ynh_restore_file --origin_path="$final_path"
#=================================================
# RECREATE THE DEDICATED USER
#=================================================
ynh_script_progression --message="Recreating the dedicated system user..."
# Create the dedicated user (if not existing)
ynh_system_user_create --username=$app
#=================================================
# RESTORE USER RIGHTS
#=================================================
### For security reason, any app should set the permissions to root: before anything else.
### Then, if write authorization is needed, any access should be given only to directories
### that really need such authorization.
# Set permissions to app files
chown -R root: $final_path
find $final_path -type f | xargs chmod 644
find $final_path -type d | xargs chmod 755
# For temp subdir, the user must have write permissions
mkdir -p $final_path/temp
chown -R $app:root $final_path/temp
chmod 711 $final_path/temp
# FIXME: this should be managed by the core in the future
# Here, as a packager, you may have to tweak the ownerhsip/permissions
# such that the appropriate users (e.g. maybe www-data) can access
# files in some cases.
# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder -
# this will be treated as a security issue.
chmod -R 440 "$final_path"
find "$final_path" -type d | xargs chmod 110
chmod 750 "$final_path"/temp
chown -R $app:www-data "$final_path"
#=================================================
# RESTORE THE PHP-FPM CONFIGURATION
@ -94,9 +79,9 @@ ynh_restore_file --origin_path="/etc/php/7.3/fpm/pool.d/$app.conf"
#=================================================
# RELOAD NGINX AND PHP-FPM
#=================================================
ynh_script_progression --message="Reloading nginx web server and php-fpm..."
ynh_script_progression --message="Reloading NGINX web server and PHP-FPM..."
ynh_systemd_action --service_name=php7.3-fpm --action=reload
ynh_systemd_action --service_name=php$phpversion-fpm --action=reload
ynh_systemd_action --service_name=nginx --action=reload
#=================================================

116
scripts/upgrade
View file

@ -6,19 +6,18 @@
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
is_public=$(ynh_app_setting_get --app=$app --key=is_public)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#=================================================
@ -33,29 +32,10 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
### UPGRADE_APP should be used to upgrade the core app only if there's an upgrade to do.
upgrade_type=$(ynh_check_app_version_changed)
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
ynh_script_progression --message="Ensuring downward compatibility..."
# Fix is_public as a boolean value
if [ "$is_public" = "Yes" ]; then
ynh_app_setting_set --app=$app --key=is_public --value=1
is_public=1
elif [ "$is_public" = "No" ]; then
ynh_app_setting_set --app=$app --key=is_public --value=0
is_public=0
fi
# If final_path doesn't exist, create it
if [ -z "$final_path" ]; then
final_path=/var/www/$app
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
fi
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..."
# Backup the current version of the app
@ -70,6 +50,13 @@ ynh_abort_if_errors
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..."
# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app --home_dir="$final_path"
#=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE
@ -84,88 +71,37 @@ then
# Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source --dest_dir="$final_path"
fi
# FIXME: this should be managed by the core in the future
# Here, as a packager, you may have to tweak the ownerhsip/permissions
# such that the appropriate users (e.g. maybe www-data) can access
# files in some cases.
# But FOR THE LOVE OF GOD, do not allow r/x for "others" on the entire folder -
# this will be treated as a security issue.
chmod -R 440 "$final_path"
find "$final_path" -type d | xargs chmod 110
chmod 750 "$final_path"/temp
chown -R $app:www-data "$final_path"
#=================================================
# NGINX CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading nginx web server configuration..."
# Create a dedicated nginx config
ynh_script_progression --message="Upgrading NGINX web server configuration..."
# Create a dedicated NGINX config
ynh_add_nginx_config
#=================================================
# UPGRADE DEPENDENCIES
#=================================================
#ynh_script_progression --message="Upgrading dependencies..."
#ynh_install_app_dependencies $pkg_dependencies
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..."
# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app
#=================================================
# PHP-FPM CONFIGURATION
#=================================================
ynh_script_progression --message="Upgrading php-fpm configuration..."
# Create a dedicated php-fpm config
ynh_script_progression --message="Upgrading PHP-FPM configuration..."
# Create a dedicated PHP-FPM config
ynh_add_fpm_config
#=================================================
# STORE THE CONFIG FILE CHECKSUM
#=================================================
### Verify the checksum of a file, stored by `ynh_store_file_checksum` in the install script.
### And create a backup of this file if the checksum is different. So the file will be backed up if the admin had modified it.
ynh_backup_if_checksum_is_different --file="$final_path/config.inc.php"
# Recalculate and store the checksum of the file for the next upgrade.
ynh_store_file_checksum --file="$final_path/config.inc.php"
#=================================================
# GENERIC FINALIZATION
#=================================================
# SECURE FILES AND DIRECTORIES
#=================================================
### For security reason, any app should set the permissions to root: before anything else.
### Then, if write authorization is needed, any access should be given only to directories
### that really need such authorization.
# Set permissions to app files
chown -R root: $final_path
find $final_path -type f | xargs chmod 644
find $final_path -type d | xargs chmod 755
# For temp subdir, the user must have write permissions
mkdir -p $final_path/temp
chown -R $app:root $final_path/temp
chmod 711 $final_path/temp
#=================================================
# SETUP SSOWAT
#=================================================
ynh_script_progression --message="Upgrading SSOwat configuration..."
# Make app public if necessary
if [ $is_public -eq 1 ]
then
ynh_permission_update --permission "main" --add visitors
fi
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading nginx web server..."
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================