diff --git a/README.md b/README.md index 89e7cb9..6262d00 100755 --- a/README.md +++ b/README.md @@ -1,59 +1,51 @@ -# LibreQR pour YunoHost +# LibreQR for YunoHost -[![Integration level](https://dash.yunohost.org/integration/qr.svg)](https://dash.yunohost.org/appci/app/qr) +[![Integration level](https://dash.yunohost.org/integration/qr.svg)](https://dash.yunohost.org/appci/app/qr) ![](https://ci-apps.yunohost.org/ci/badges/qr.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/qr.maintain.svg) -> *Ce package vous permet d'installer LibreQR rapidement et simplement sur un serveur Yunohost. -Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.* +[![Install LibreQR with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=qr) -## Vue d'ensemble +*[Lire ce readme en français.](./README_fr.md)* -Un interface Web en PHP pour générer des codes QR. -Fonctionne même sans JavaScript. +> *This package allows you to install LibreQR quickly and simply on a YunoHost server. +If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.* -**Version incluse:** 1.2.0 +## Overview -## Capture d'écran +A Web interface for generating QR codes in PHP. + +**Shipped version:** 1.3.0 + +## Screenshot ![](screenshot.png) -## Démo +## Demo -* [Démo officielle](https://qr.antopie.org) +* [Official demo](https://qr.antopie.org) ## Configuration -Modifiez le fichier /var/www/qr/config.inc.php à votre guise +You can configure this app by editing `/var/www/qr/config.inc.php`. -## Caractéristiques spécifiques YunoHost +## YunoHost specific features -### Support multi-utilisateurs +### Multi-user support -Il n'y a aucune forme d'authentification dans l'application. +* There is no authentication in the app +* The app can be installed multiple time ### Supported architectures -* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/qr%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/qr/) +* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/qr%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/qr/) * ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/qr%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/qr/) -## Limitations +## Additional information -* Interface uniquement en français pour l'instant. +The application is called LibreQR, but its technical ID in YunoHost is `qr` for historical reasons. -## Liens +## Links - * Signaler un bug dans le paquet YunoHost : https://code.antopie.org/miraty/qr_ynh/issues - * Signaler un bug dans l'application principale : https://code.antopie.org/miraty/libreqr/issues - * Dépôt de l'application principale : https://code.antopie.org/miraty/libreqr - * Site web de YunoHost : https://yunohost.org - -## Informations pour le développement - -Merci de faire vos pull request sur la [branche testing](https://code.antopie.org/miraty/qr_ynh/src/branch/testing). - -Pour essayer la branche testing, procédez comme suit. - -```bash -sudo yunohost app install https://code.antopie.org/miraty/qr_ynh/tree/testing --debug -ou -sudo yunohost app upgrade qr -u https://code.antopie.org/miraty/qr_ynh/tree/testing --debug -``` + * Report a bug in this package: + * Report a bug in LibreQR: + * LibreQR repository: + * YunoHost website: diff --git a/README_fr.md b/README_fr.md new file mode 100755 index 0000000..35377a7 --- /dev/null +++ b/README_fr.md @@ -0,0 +1,51 @@ +# LibreQR pour YunoHost + +[![Niveau d'intégration](https://dash.yunohost.org/integration/qr.svg)](https://dash.yunohost.org/appci/app/qr) ![](https://ci-apps.yunohost.org/ci/badges/qr.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/qr.maintain.svg) + +[![Installer LibreQR avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=qr) + +*[Read this readme in english.](./README.md)* + +> *Ce package vous permet d'installer LibreQR rapidement et simplement sur un serveur YunoHost. +Si vous n'avez pas YunoHost, consultez [le guide](https://yunohost.org/#/install) pour apprendre comment l'installer.* + +## Vue d'ensemble + +Une interface Web pour générer des codes QR en PHP. + +**Version incluse :** 1.3.0 + +## Capture d'écran + +![](screenshot.png) + +## Démo + +* [Démo officielle](https://qr.antopie.org) + +## Configuration + +Vous pouvez configurer cette application en modifiant `/var/www/qr/config.inc.php`. + +## Caractéristiques spécifiques YunoHost + +### Support multi-utilisateur + +* Il n'y a pas d'authentification dans l'application +* L'application peut-être installée plusieurs fois + +### Architectures supportées + +* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/qr%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/qr/) +* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/qr%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/qr/) + +## Informations additionnelles + +L'application s'appelle LibreQR, mais son identifiant technique dans YunoHost est `qr` pour des raisons historiques. + +## Liens + + * Signaler un bug dans ce paquet : + * Signaler un bug dans LibreQR : + * Dépôt de LibreQR : + * Site web de YunoHost : diff --git a/conf/app.src b/conf/app.src index 7e25a33..0920305 100755 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://libreqr.antopie.org/1.2.0.tar.gz -SOURCE_SUM=ae897291398fddc94c6e2593c3fb6a089d778d3850596bc0407d4f35ebe49d5ed43e522b08853641ae4e7e7851f2d50cf9a3d9f6a7d85c67741abccd7ff527e2 +SOURCE_URL=https://libreqr.antopie.org/releases/libreqr-1.3.0.tar.gz +SOURCE_SUM=50334a26fcb478914a29cdc5b04a2a21f1428269197befca65c3d234aac0859df75609292ea69b855a8a9e43c8747a2fe38389ae4b7fb29c0613a040a65ab455 SOURCE_SUM_PRG=sha512sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/conf/nginx.conf b/conf/nginx.conf index f2277ea..37de41d 100755 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -18,7 +18,7 @@ location __PATH__/ { try_files $uri $uri/ index.php; location ~ [^/]\.php(/|$) { fastcgi_split_path_info ^(.+?\.php)(/.*)$; - fastcgi_pass unix:/var/run/php/php7.0-fpm-__NAME__.sock; + fastcgi_pass unix:/var/run/php/php__PHPVERSION__-fpm-__NAME__.sock; fastcgi_index index.php; include fastcgi_params; diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index ab5dca9..ab1a471 100755 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -33,7 +33,7 @@ group = __USER__ ; (IPv6 and IPv4-mapped) on a specific port; ; '/path/to/unix/socket' - to listen on a unix socket. ; Note: This value is mandatory. -listen = /var/run/php/php7.0-fpm-__NAMETOCHANGE__.sock +listen = /var/run/php/php__PHPVERSION__-fpm-__NAMETOCHANGE__.sock ; Set listen(2) backlog. ; Default Value: 511 (-1 on FreeBSD and OpenBSD) diff --git a/manifest.json b/manifest.json index 34b6316..21178f9 100755 --- a/manifest.json +++ b/manifest.json @@ -3,11 +3,11 @@ "id": "qr", "packaging_format": 1, "description": { - "en": "A QR codes generator", - "fr": "Un générateur de codes QR" + "en": "Web interface for generating QR codes", + "fr": "Interface Web pour générer des codes QR" }, - "version": "1.2.0~ynh2", - "url": "https://code.antopie.org/miraty/libreqr/", + "version": "1.3.0~ynh1", + "url": "https://code.antopie.org/miraty/libreqr", "license": "AGPL-3.0-or-later", "maintainer": { "name": "Miraty", @@ -15,12 +15,12 @@ "url": "https://miraty.antopie.org" }, "requirements": { - "yunohost": ">= 3.6" + "yunohost": ">= 4.0" }, "multi_instance": true, "services": [ "nginx", - "php7.0-fpm" + "php7.3-fpm" ], "arguments": { "install" : [ @@ -28,10 +28,10 @@ "name": "domain", "type": "domain", "ask": { - "en": "Choose a domain for LibreQR", - "fr": "Choisissez un domaine pour LibreQR" + "en": "Choose a domain name for LibreQR", + "fr": "Choisissez un nom de domaine pour LibreQR" }, - "example": "michu.home" + "example": "qr.domain.tld" }, { "name": "path", @@ -50,10 +50,6 @@ "en": "Is it a public application?", "fr": "Est-ce une application publique ?" }, - "help": { - "en": "Can LibreQR be used by everyone?", - "fr": "LibreQR peut-elle être utilisée par tout le monde ?" - }, "default": true } ] diff --git a/screenshot.png b/screenshot.png index 30d1450..c24d417 100644 Binary files a/screenshot.png and b/screenshot.png differ diff --git a/scripts/backup b/scripts/backup index e9f5b01..6bcde3e 100755 --- a/scripts/backup +++ b/scripts/backup @@ -24,7 +24,7 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --time --weight=1 +ynh_script_progression --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME @@ -37,26 +37,26 @@ domain=$(ynh_app_setting_get --app=$app --key=domain) #================================================= # BACKUP THE APP MAIN DIR #================================================= -ynh_script_progression --message="Backing up the main app directory..." --time --weight=1 +ynh_script_progression --message="Backing up the main app directory..." ynh_backup --src_path="$final_path" #================================================= # BACKUP THE NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Backing up nginx web server configuration..." --time --weight=1 +ynh_script_progression --message="Backing up nginx web server configuration..." ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # BACKUP THE PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Backing up php-fpm configuration..." --time --weight=1 +ynh_script_progression --message="Backing up php-fpm configuration..." -ynh_backup --src_path="/etc/php/7.0/fpm/pool.d/$app.conf" +ynh_backup --src_path="/etc/php/7.3/fpm/pool.d/$app.conf" #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." --time --last +ynh_script_progression --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." --last diff --git a/scripts/change_url b/scripts/change_url index 997a61b..eeee689 100755 --- a/scripts/change_url +++ b/scripts/change_url @@ -24,7 +24,7 @@ app=$YNH_APP_INSTANCE_NAME #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --time --weight=1 +ynh_script_progression --message="Loading installation settings..." # Needed for helper "ynh_add_nginx_config" final_path=$(ynh_app_setting_get --app=$app --key=final_path) @@ -56,7 +56,7 @@ fi #================================================= # MODIFY URL IN NGINX CONF #================================================= -ynh_script_progression --message="Updating nginx web server configuration..." --time --weight=1 +ynh_script_progression --message="Updating nginx web server configuration..." nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf @@ -85,7 +85,7 @@ fi #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." --time --weight=1 +ynh_script_progression --message="Reloading nginx web server..." ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/install b/scripts/install index 97fca39..b5800e5 100755 --- a/scripts/install +++ b/scripts/install @@ -51,7 +51,7 @@ app=$YNH_APP_INSTANCE_NAME ### Use the execution time, given by --time, to estimate the weight of a step. ### A common way to do it is to set a weight equal to the execution time in second +1. ### The execution time is given for the duration since the previous call. So the weight should be applied to this previous call. -ynh_script_progression --message="Validating installation parameters..." --time --weight=1 +ynh_script_progression --message="Validating installation parameters..." ### If the app uses nginx as web server (written in HTML/PHP in most cases), the final path should be "/var/www/$app". ### If the app provides an internal web server (or uses another application server such as uwsgi), the final path should be "/opt/yunohost/$app" @@ -64,7 +64,7 @@ ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= -ynh_script_progression --message="Storing installation settings..." --time --weight=1 +ynh_script_progression --message="Storing installation settings..." ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url @@ -77,7 +77,7 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_script_progression --message="Setting up source files..." --weight=1 +ynh_script_progression --message="Setting up source files..." ### `ynh_setup_source` is used to install an app from a zip or tar.gz file, ### downloaded from an upstream source, like a git repository. @@ -89,7 +89,7 @@ ynh_setup_source --dest_dir="$final_path" #================================================= # NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Configuring nginx web server..." --time --weight=1 +ynh_script_progression --message="Configuring nginx web server..." ### `ynh_add_nginx_config` will use the file conf/nginx.conf @@ -99,7 +99,7 @@ ynh_add_nginx_config #================================================= # CREATE DEDICATED USER #================================================= -ynh_script_progression --message="Configuring system user..." --time --weight=1 +ynh_script_progression --message="Configuring system user..." # Create a system user ynh_system_user_create --username=$app @@ -107,7 +107,7 @@ ynh_system_user_create --username=$app #================================================= # PHP-FPM CONFIGURATION #================================================= -ynh_print_info "Configuring php-fpm..." --time --weight=1 +ynh_script_progression "Configuring php-fpm..." ### `ynh_add_fpm_config` is used to set up a PHP config. ### You can remove it if your app doesn't use PHP. @@ -134,25 +134,30 @@ ynh_add_fpm_config ### that really need such authorization. # Set permissions to app files -chown -R root:$app $final_path -chmod -R g+w $final_path +chown -R root: $final_path +find $final_path -type f | xargs chmod 644 +find $final_path -type d | xargs chmod 755 + +# For temp subdir, the user must have write permissions +mkdir -p $final_path/temp +chown -R $app:root $final_path/temp +chmod 711 $final_path/temp #================================================= # SETUP SSOWAT #================================================= -ynh_script_progression --message="Configuring SSOwat..." --time --weight=1 +ynh_script_progression --message="Configuring SSOwat..." # Make app public if necessary if [ $is_public -eq 1 ] then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" + ynh_permission_update --permission "main" --add visitors fi #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." --time --weight=1 +ynh_script_progression --message="Reloading nginx web server..." ynh_systemd_action --service_name=nginx --action=reload @@ -160,4 +165,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Installation of $app completed" --time --last +ynh_script_progression --message="Installation of $app completed" --last diff --git a/scripts/remove b/scripts/remove index 9390010..ee40376 100755 --- a/scripts/remove +++ b/scripts/remove @@ -12,7 +12,7 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --time --weight=1 +ynh_script_progression --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME @@ -26,7 +26,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= # REMOVE APP MAIN DIR #================================================= -ynh_script_progression --message="Removing app main directory..." --time --weight=1 +ynh_script_progression --message="Removing app main directory..." # Remove the app directory securely ynh_secure_remove --file="$final_path" @@ -34,7 +34,7 @@ ynh_secure_remove --file="$final_path" #================================================= # REMOVE NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Removing nginx web server configuration..." --time --weight=1 +ynh_script_progression --message="Removing nginx web server configuration..." # Remove the dedicated nginx config ynh_remove_nginx_config @@ -42,17 +42,19 @@ ynh_remove_nginx_config #================================================= # REMOVE PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Removing php-fpm configuration..." --time --weight=1 +ynh_script_progression --message="Removing php-fpm configuration..." # Remove the dedicated php-fpm config ynh_remove_fpm_config +ynh_systemd_action --action=restart --service_name=php7.3-fpm + #================================================= # GENERIC FINALIZATION #================================================= # REMOVE DEDICATED USER #================================================= -ynh_script_progression --message="Removing the dedicated system user..." --time --weight=1 +ynh_script_progression --message="Removing the dedicated system user..." # Delete a system user ynh_system_user_delete --username=$app @@ -61,4 +63,4 @@ ynh_system_user_delete --username=$app # END OF SCRIPT #================================================= -ynh_script_progression --message="Removal of $app completed" --time --last +ynh_script_progression --message="Removal of $app completed" --last diff --git a/scripts/restore b/scripts/restore index 18f6c21..c440d16 100755 --- a/scripts/restore +++ b/scripts/restore @@ -24,7 +24,7 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading settings..." --time --weight=1 +ynh_script_progression --message="Loading settings..." app=$YNH_APP_INSTANCE_NAME @@ -35,7 +35,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= -ynh_script_progression --message="Validating restoration parameters..." --time --weight=1 +ynh_script_progression --message="Validating restoration parameters..." ynh_webpath_available --domain=$domain --path_url=$path_url \ || ynh_die --message="Path not available: ${domain}${path_url}" @@ -53,14 +53,14 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # RESTORE THE APP MAIN DIR #================================================= -ynh_script_progression --message="Restoring the app main directory..." --time --weight=1 +ynh_script_progression --message="Restoring the app main directory..." ynh_restore_file --origin_path="$final_path" #================================================= # RECREATE THE DEDICATED USER #================================================= -ynh_script_progression --message="Recreating the dedicated system user..." --time --weight=1 +ynh_script_progression --message="Recreating the dedicated system user..." # Create the dedicated user (if not existing) ynh_system_user_create --username=$app @@ -69,28 +69,38 @@ ynh_system_user_create --username=$app # RESTORE USER RIGHTS #================================================= +### For security reason, any app should set the permissions to root: before anything else. +### Then, if write authorization is needed, any access should be given only to directories +### that really need such authorization. + # Set permissions to app files -chown -R root:$app $final_path -chmod -R g+w $final_path +chown -R root: $final_path +find $final_path -type f | xargs chmod 644 +find $final_path -type d | xargs chmod 755 + +# For temp subdir, the user must have write permissions +mkdir -p $final_path/temp +chown -R $app:root $final_path/temp +chmod 711 $final_path/temp #================================================= # RESTORE THE PHP-FPM CONFIGURATION #================================================= -ynh_restore_file --origin_path="/etc/php/7.0/fpm/pool.d/$app.conf" +ynh_restore_file --origin_path="/etc/php/7.3/fpm/pool.d/$app.conf" #================================================= # GENERIC FINALIZATION #================================================= # RELOAD NGINX AND PHP-FPM #================================================= -ynh_script_progression --message="Reloading nginx web server and php-fpm..." --time --weight=1 +ynh_script_progression --message="Reloading nginx web server and php-fpm..." -ynh_systemd_action --service_name=php7.0-fpm --action=reload +ynh_systemd_action --service_name=php7.3-fpm --action=reload ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT #================================================= -ynh_script_progression --message="Restoration completed for $app" --time --last +ynh_script_progression --message="Restoration completed for $app" --last diff --git a/scripts/upgrade b/scripts/upgrade index adf36be..4862fcc 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -12,7 +12,7 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --time --weight=1 +ynh_script_progression --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME @@ -36,7 +36,7 @@ upgrade_type=$(ynh_check_app_version_changed) #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= -ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1 +ynh_script_progression --message="Ensuring downward compatibility..." # Fix is_public as a boolean value if [ "$is_public" = "Yes" ]; then @@ -56,7 +56,7 @@ fi #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --time --weight=1 +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." # Backup the current version of the app ynh_backup_before_upgrade @@ -67,18 +67,6 @@ ynh_clean_setup () { # Exit if an error occurs during the execution of the script ynh_abort_if_errors -#================================================= -# CHECK THE PATH -#================================================= - -# Normalize the URL path syntax -# N.B. : this is for app installations before YunoHost 2.7 -# where this value might be something like /foo/ or foo/ -# instead of /foo .... -# If nobody installed your app before 2.7, then you may -# safely remove this line -path_url=$(ynh_normalize_url_path --path_url=$path_url) - #================================================= # STANDARD UPGRADE STEPS #================================================= @@ -89,23 +77,20 @@ path_url=$(ynh_normalize_url_path --path_url=$path_url) if [ "$upgrade_type" == "UPGRADE_APP" ] then - ynh_script_progression --message="Upgrading source files..." --time --weight=1 + ynh_script_progression --message="Upgrading source files..." + + # Remove old version + ynh_secure_remove --file="$final_path" # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" - # Remove unused directories or files from older release - ynh_secure_remove --file="$final_path/aide.svg" - ynh_secure_remove --file="$final_path/favicons" - ynh_secure_remove --file="$final_path/parinux.png" - ynh_secure_remove --file="$final_path/phpqrcode" - ynh_secure_remove --file="$final_path/ubuntu-dl.ttf" fi #================================================= # NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Upgrading nginx web server configuration..." --time --weight=1 +ynh_script_progression --message="Upgrading nginx web server configuration..." # Create a dedicated nginx config ynh_add_nginx_config @@ -113,14 +98,14 @@ ynh_add_nginx_config #================================================= # UPGRADE DEPENDENCIES #================================================= -#ynh_script_progression --message="Upgrading dependencies..." --time --weight=1 +#ynh_script_progression --message="Upgrading dependencies..." #ynh_install_app_dependencies $pkg_dependencies #================================================= # CREATE DEDICATED USER #================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." --time --weight=1 +ynh_script_progression --message="Making sure dedicated system user exists..." # Create a dedicated user (if not existing) ynh_system_user_create --username=$app @@ -128,7 +113,7 @@ ynh_system_user_create --username=$app #================================================= # PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Upgrading php-fpm configuration..." --time --weight=1 +ynh_script_progression --message="Upgrading php-fpm configuration..." # Create a dedicated php-fpm config ynh_add_fpm_config @@ -139,9 +124,9 @@ ynh_add_fpm_config ### Verify the checksum of a file, stored by `ynh_store_file_checksum` in the install script. ### And create a backup of this file if the checksum is different. So the file will be backed up if the admin had modified it. -ynh_backup_if_checksum_is_different --file="$final_path/options.inc.php" +ynh_backup_if_checksum_is_different --file="$final_path/config.inc.php" # Recalculate and store the checksum of the file for the next upgrade. -ynh_store_file_checksum --file="$final_path/options.inc.php" +ynh_store_file_checksum --file="$final_path/config.inc.php" #================================================= # GENERIC FINALIZATION @@ -149,26 +134,35 @@ ynh_store_file_checksum --file="$final_path/options.inc.php" # SECURE FILES AND DIRECTORIES #================================================= +### For security reason, any app should set the permissions to root: before anything else. +### Then, if write authorization is needed, any access should be given only to directories +### that really need such authorization. + # Set permissions to app files -chown -R root:$app $final_path -chmod -R g+w $final_path +chown -R root: $final_path +find $final_path -type f | xargs chmod 644 +find $final_path -type d | xargs chmod 755 + +# For temp subdir, the user must have write permissions +mkdir -p $final_path/temp +chown -R $app:root $final_path/temp +chmod 711 $final_path/temp #================================================= # SETUP SSOWAT #================================================= -ynh_script_progression --message="Upgrading SSOwat configuration..." --time --weight=1 +ynh_script_progression --message="Upgrading SSOwat configuration..." # Make app public if necessary if [ $is_public -eq 1 ] then - # unprotected_uris allows SSO credentials to be passed anyway - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" + ynh_permission_update --permission "main" --add visitors fi #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." --time --weight=1 +ynh_script_progression --message="Reloading nginx web server..." ynh_systemd_action --service_name=nginx --action=reload @@ -176,4 +170,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Upgrade of $app completed" --time --last +ynh_script_progression --message="Upgrade of $app completed" --last