From 51dc246f2a10856cad2f325a4c72da95b031d5e2 Mon Sep 17 00:00:00 2001 From: frju365 Date: Mon, 8 Oct 2018 19:17:16 +0200 Subject: [PATCH 01/31] Revert "[enh] move specific php.ini defines to the pool configuration" --- conf/php-fpm.conf | 8 -------- conf/php-fpm.ini | 7 +++++++ scripts/backup | 1 + scripts/restore | 1 + 4 files changed, 9 insertions(+), 8 deletions(-) create mode 100644 conf/php-fpm.ini diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index 2571613..485c87b 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -397,11 +397,3 @@ php_value[upload_max_filesize] = 10G php_value[post_max_size] = 10G php_value[default_charset] = UTF-8 php_value[always_populate_raw_post_data] = -1 -php_value[opcache.enable]=1 -php_value[opcache.enable_cli]=1 -php_value[opcache.interned_strings_buffer]=8 -php_value[opcache.max_accelerated_files]=10000 -php_value[opcache.memory_consumption]=128 -php_value[opcache.save_comments]=1 -php_value[opcache.revalidate_freq]=1 - diff --git a/conf/php-fpm.ini b/conf/php-fpm.ini new file mode 100644 index 0000000..104f242 --- /dev/null +++ b/conf/php-fpm.ini @@ -0,0 +1,7 @@ +opcache.enable=1 +opcache.enable_cli=1 +opcache.interned_strings_buffer=8 +opcache.max_accelerated_files=10000 +opcache.memory_consumption=128 +opcache.save_comments=1 +opcache.revalidate_freq=1 diff --git a/scripts/backup b/scripts/backup index 0a1f69c..aecf0c0 100755 --- a/scripts/backup +++ b/scripts/backup @@ -52,6 +52,7 @@ ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= ynh_backup "/etc/php5/fpm/pool.d/$app.conf" +ynh_backup "/etc/php5/fpm/conf.d/20-$app.ini" #================================================= # BACKUP THE MYSQL DATABASE diff --git a/scripts/restore b/scripts/restore index 7f601db..44a7f58 100755 --- a/scripts/restore +++ b/scripts/restore @@ -77,6 +77,7 @@ ynh_system_user_create $app #================================================= ynh_restore_file "/etc/php5/fpm/pool.d/$app.conf" +ynh_restore_file "/etc/php5/fpm/conf.d/20-$app.ini" #================================================= # SPECIFIC RESTORATION From 1a993ae9b99e2d9520b7bb9c82834966b7169e05 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Sat, 16 Feb 2019 17:18:56 +0100 Subject: [PATCH 02/31] Normalization from example_ynh --- README.md | 56 ++++++++++++++++++++--- conf/config_install.json | 4 +- conf/nextcloud.cron | 2 +- conf/nginx.conf | 7 ++- hooks/post_user_create | 2 +- scripts/_common.sh | 38 ---------------- scripts/backup | 21 +++------ scripts/install | 85 +++++++++++++++++++++-------------- scripts/remove | 3 +- scripts/restore | 19 +++----- scripts/upgrade | 96 ++++++++++++++++++++++++---------------- 11 files changed, 179 insertions(+), 154 deletions(-) diff --git a/README.md b/README.md index 146d35d..83e2e54 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,12 @@ -Nextcloud for YunoHost ---------------------- +# Nextcloud for YunoHost + +[![Integration level](https://dash.yunohost.org/integration/nextcloud.svg)](https://dash.yunohost.org/appci/app/nextcloud) +[![Install Nextcloud with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=nextcloud) + +> *This package allow you to install Nextcloud quickly and simply on a YunoHost server. +If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.* + +## Overview [Nextcloud](https://nextcloud.com) gives you freedom and control over your own data. A personal cloud which run on your own server. With Nextcloud @@ -7,10 +14,23 @@ you can synchronize your files over your devices. **Shipped version:** 15.0.2 -[![Install Nextcloud with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=nextcloud) +## Screenshots + ![](https://raw.githubusercontent.com/nextcloud/screenshots/master/files/Files%20Overview.png) -## Features +## Demo + +* [YunoHost demo](https://demo.yunohost.org/nextcloud/) +* [Official demo](https://demo.nextcloud.com/) + +## Configuration + +## Documentation + + * Official documentation: https://docs.nextcloud.com/server/15/user_manual/ + * YunoHost documentation: https://github.com/YunoHost/doc/blob/master/app_nextcloud_fr.md + +## YunoHost specific features In addition to Nextcloud core features, the following are made available with this package: @@ -23,6 +43,14 @@ this package: * Serve `/.well-known` paths for CalDAV and CardDAV on the domain only if it's not already served - i.e. by Baïkal +#### Multi-users support + +#### Supported architectures + +* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/nextcloud%20%28Official%29.svg)](https://ci-apps.yunohost.org/ci/apps/nextcloud/) +* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/nextcloud%20%28Official%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/nextcloud/) +* Jessie x86-64b - [![Build Status](https://ci-stretch.nohost.me/ci/logs/nextcloud%20%28Official%29.svg)](https://ci-stretch.nohost.me/ci/apps/nextcloud/) + ## Limitations To integrate the logout button to the SSO, we have to patch Nextcloud sources. @@ -38,7 +66,9 @@ Finally, the following error message in Nextcloud logs can be safely ignored: Following symlinks is not allowed ('/home/yunohost.multimedia/user/Share' -> '/home/yunohost.multimedia/share/' not inside '/home/yunohost.multimedia/user/') ``` -## Migrate from ownCloud +## Additionnal informations + +#### Migrate from ownCloud **This is not considered as stable yet, please do it with care and only for testing!** @@ -72,6 +102,20 @@ sudo yunohost app ssowatconf ## Links - * Report a bug: https://dev.yunohost.org/projects/apps/issues + * Report a bug: https://github.com/YunoHost-Apps/nextcloud_ynh/issues * Nextcloud website: https://nextcloud.com/ * YunoHost website: https://yunohost.org/ + +--- + +Developers infos +---------------- + +Please do your pull request to the [testing branch](https://github.com/YunoHost-Apps/nextcloud_ynh/tree/testing). + +To try the testing branch, please proceed like that. +``` +sudo yunohost app install https://github.com/YunoHost-Apps/nextcloud_ynh/tree/testing --debug +or +sudo yunohost app upgrade nextcloud -u https://github.com/YunoHost-Apps/nextcloud_ynh/tree/testing --debug +``` diff --git a/conf/config_install.json b/conf/config_install.json index 52bff54..10db7cf 100644 --- a/conf/config_install.json +++ b/conf/config_install.json @@ -1,9 +1,9 @@ { "system": { - "datadirectory": "#DATADIR#", + "datadirectory": "__DATADIR__", "trusted_domains": [ "localhost", - "#DOMAIN#" + "__DOMAIN__" ] } } diff --git a/conf/nextcloud.cron b/conf/nextcloud.cron index 294325b..93fde63 100644 --- a/conf/nextcloud.cron +++ b/conf/nextcloud.cron @@ -1 +1 @@ -*/15 * * * * #USER# /usr/bin/php -f #DESTDIR#/cron.php +*/15 * * * * __USER__ /usr/bin/php -f __DESTDIR__/cron.php diff --git a/conf/nginx.conf b/conf/nginx.conf index 1691095..6d217e1 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -6,8 +6,11 @@ location = /.well-known/caldav { } location ^~ __PATH__ { + + # Path to source alias __FINALPATH__/; + # Force usage of https if ($scheme = http) { rewrite ^ https://$server_name$request_uri? permanent; } @@ -24,12 +27,12 @@ location ^~ __PATH__ { # Set max upload size client_max_body_size 10G; fastcgi_buffers 64 4K; - + # Extend timeouts client_body_timeout 60m; proxy_read_timeout 60m; fastcgi_read_timeout 60m; - + # Disable gzip to avoid the removal of the ETag header gzip off; diff --git a/hooks/post_user_create b/hooks/post_user_create index f215f00..da6bb53 100644 --- a/hooks/post_user_create +++ b/hooks/post_user_create @@ -2,4 +2,4 @@ user=$1 -sudo setfacl -m g:#GROUP#:rwx /home/$user +sudo setfacl --modify g:__GROUP__:rwx /home/$user diff --git a/scripts/_common.sh b/scripts/_common.sh index 566494d..540c024 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -9,44 +9,6 @@ if [ "$(lsb_release --codename --short)" != "jessie" ]; then pkg_dependencies="$pkg_dependencies php-zip php-apcu php-mbstring php-xml" fi -#================================================= -# COMMON HELPERS -#================================================= - -# Execute a command with occ -exec_occ() { - (cd "$final_path" && exec_as "$app" \ - php occ --no-interaction --no-ansi "$@") -} - -# Create the external storage for the given folders and enable sharing -create_external_storage() { - local datadir="$1" - local mount_name="$2" - local mount_id=`exec_occ files_external:create --output=json \ - "$2" 'local' 'null::null' -c "datadir=$datadir" || true` - ! [[ $mount_id =~ ^[0-9]+$ ]] \ - && echo "Unable to create external storage" >&2 \ - || exec_occ files_external:option "$mount_id" enable_sharing true -} - -# Rename a MySQL database and user -# Usage: rename_mysql_db DBNAME DBUSER DBPASS NEW_DBNAME_AND_USER -rename_mysql_db() { - local db_name=$1 db_user=$2 db_pwd=$3 new_db_name=$4 - local sqlpath="/tmp/${db_name}-$(date '+%s').sql" - - # Dump the old database - mysqldump -u "$db_user" -p"$db_pwd" --no-create-db "$db_name" > "$sqlpath" - - # Create the new database and user - ynh_mysql_create_db "$new_db_name" "$new_db_name" "$db_pwd" - ynh_mysql_connect_as "$new_db_name" "$db_pwd" "$new_db_name" < "$sqlpath" - - # Remove the old database - ynh_mysql_remove_db $db_name $db_name - ynh_secure_remove "$sqlpath" -} #================================================= # COMMON HELPERS -- SHOULD BE ADDED TO YUNOHOST diff --git a/scripts/backup b/scripts/backup index 0a1f69c..a41fb88 100755 --- a/scripts/backup +++ b/scripts/backup @@ -2,18 +2,11 @@ #================================================= # GENERIC START -#================================================= - #================================================= # IMPORT GENERIC HELPERS #================================================= -if [ ! -e _common.sh ]; then - # Get the _common.sh file if it's not in the current directory - cp ../settings/scripts/_common.sh ./_common.sh - chmod a+rx _common.sh -fi -source _common.sh +source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers #================================================= @@ -77,11 +70,7 @@ ynh_backup "/etc/cron.d/$app" # BACKUP THE DATA DIRECTORY #================================================= -backup_core_only=$(ynh_app_setting_get "$app" backup_core_only) -# If backup_core_only have any value in the settings.yml file, do not backup the data directory -if [ -z $backup_core_only ] -then - ynh_backup "/home/yunohost.app/${app}/data" -else - echo "Data dir will not be saved, because backup_core_only is set." >&2 -fi +# The 1 parameter indicates the directory is "big", +# so that it won't be backed up before upgrade +# This argument has to be the third one. +ynh_backup "/home/yunohost.app/${app}/data" "/home/yunohost.app/${app}/data" 1 diff --git a/scripts/install b/scripts/install index 5bc37bf..2c301c0 100755 --- a/scripts/install +++ b/scripts/install @@ -37,8 +37,6 @@ test ! -e "$final_path" || ynh_die "This path already contains a folder" # Normalize the url path syntax path_url=$(ynh_normalize_url_path $path_url) -# Check web path availability -ynh_webpath_available $domain $path_url # Register (book) web path ynh_webpath_register $app $domain $path_url @@ -89,16 +87,11 @@ ynh_setup_source "$final_path" #================================================= # Do not serve .well-known if it's already served on the domain -if is_url_handled "https://${domain}/.well-known/caldav" ; then +if is_url_handled "https://$domain/.well-known/caldav" ; then sed -ri '/^location = \/\.well\-known\/(caldav|carddav) \{/,/\}/d' \ - "../conf/nginx.conf" + "../conf/nginx.conf" fi -# Handle root path, avoid double slash. -# Temporary fix, in waiting for an upgrade of the helper. (#361) -path_url_slash_less=${path_url%/} -ynh_replace_string "__PATH__/" "$path_url_slash_less/" "../conf/nginx.conf" - # Create a dedicated nginx config ynh_add_nginx_config @@ -123,7 +116,7 @@ ynh_add_fpm_config #================================================= # Define app's data directory -datadir="/home/yunohost.app/${app}/data" +datadir="/home/yunohost.app/$app/data" # Create app folders mkdir -p "$datadir" @@ -131,16 +124,22 @@ mkdir -p "$datadir" # INSTALL NEXTCLOUD #================================================= +# Define a function to execute commands with `occ` +exec_occ() { + (cd "$final_path" && exec_as "$app" \ + php occ --no-interaction --no-ansi "$@") +} + # Set write access for the following commands chown -R $app: "$final_path" "$datadir" # Install Nextcloud using a temporary admin user exec_occ maintenance:install \ - --database "mysql" --database-name "$db_name" \ - --database-user "$db_name" --database-pass "$db_pwd" \ + --database "mysql" --database-name $db_name \ + --database-user $db_name --database-pass "$db_pwd" \ --admin-user "admin" --admin-pass "$(ynh_string_random 6)" \ --data-dir "$datadir" \ - || ynh_die "Unable to install Nextcloud" + || ynh_die "Unable to install Nextcloud" #================================================= # CONFIGURE NEXTCLOUD @@ -149,24 +148,28 @@ exec_occ maintenance:install \ # Ensure that UpdateNotification app is disabled exec_occ app:disable updatenotification -# Enable plugins +# Enable ldap plugins exec_occ app:enable user_ldap exec_occ ldap:create-empty-config # Load the installation config file in nextcloud -nc_conf="${final_path}/config_install.json" +nc_conf="$final_path/config_install.json" cp ../conf/config_install.json "$nc_conf" -ynh_replace_string "#DOMAIN#" "$domain" "$nc_conf" -ynh_replace_string "#DATADIR#" "$datadir" "$nc_conf" + +ynh_replace_string "__DOMAIN__" "$domain" "$nc_conf" +ynh_replace_string "__DATADIR__" "$datadir" "$nc_conf" exec_occ config:import "$nc_conf" -# Then remove it + +# Then remove the config file rm -f "$nc_conf" # Load the additional config file (used also for upgrade) -nc_conf="${final_path}/config_install.json" +nc_conf="$final_path/config.json" cp ../conf/config.json "$nc_conf" + exec_occ config:import "$nc_conf" -# Then remove it + +# Then remove the config file rm -f "$nc_conf" #================================================= @@ -181,13 +184,26 @@ exec_occ ldap:test-config \'\' \ # MOUNT HOME FOLDERS AS EXTERNAL STORAGE #================================================= +# Define a function to add an external storage +# Create the external storage for the given folders and enable sharing +create_external_storage() { + local datadir="$1" + local mount_name="$2" + local mount_id=`exec_occ files_external:create --output=json \ + "$mount_name" 'local' 'null::null' -c "datadir=$datadir" || true` + ! [[ $mount_id =~ ^[0-9]+$ ]] \ + && echo "Unable to create external storage" >&2 \ + || exec_occ files_external:option "$mount_id" enable_sharing true +} + # Enable External Storage and create local mount to home folder -if [ $user_home -eq 1 ]; then +if [ $user_home -eq 1 ] +then exec_occ app:enable files_external create_external_storage "/home/\$user" "Home" # Iterate over users to extend their home folder permissions for u in $(ynh_user_list); do - setfacl -m g:$app:rwx "/home/$u" || true + setfacl --modify g:$app:rwx "/home/$u" || true done fi @@ -203,7 +219,7 @@ exec_occ config:system:get logout_url >/dev/null 2>&1 \ \$main_domain = exec('cat /etc/yunohost/current_host'); \$CONFIG['logout_url'] = 'https://'.\$main_domain.'/yunohost/sso/?action=logout'; //-YunoHost- -" >> "${final_path}/config/config.php" +" >> "$final_path/config/config.php" #================================================= # REMOVE THE TEMPORARY ADMIN AND SET THE TRUE ONE @@ -220,7 +236,7 @@ exec_occ user:delete admin #================================================= # Calculate and store the config file checksum into the app settings -ynh_store_file_checksum "${final_path}/config/config.php" +ynh_store_file_checksum "$final_path/config/config.php" #================================================= # ADD A CRON JOB @@ -231,14 +247,15 @@ cp -a ../conf/nextcloud.cron "$cron_path" chown root: "$cron_path" chmod 644 "$cron_path" -ynh_replace_string "#USER#" "$app" "$cron_path" -ynh_replace_string "#DESTDIR#" "$final_path" "$cron_path" +ynh_replace_string "__USER__" "$app" "$cron_path" +ynh_replace_string "__DESTDIR__" "$final_path" "$cron_path" exec_occ background:cron #================================================= # POST-INSTALL MAINTENANCE #================================================= + (cd /tmp ; at now + 10 minutes <<< "(cd $final_path ; sudo -u $app php occ db:add-missing-indices ; sudo -u $app php occ db:convert-filecache-bigint -n) > /tmp/${app}_maintenance.log") #================================================= @@ -246,7 +263,7 @@ exec_occ background:cron #================================================= # Set system group in hooks -ynh_replace_string "#GROUP#" "$app" ../hooks/post_user_create +ynh_replace_string "__GROUP__" "$app" ../hooks/post_user_create #================================================= # YUNOHOST MULTIMEDIA INTEGRATION @@ -269,19 +286,19 @@ ynh_multimedia_addaccess $app # Fix app ownerships & permissions chown -R $app: "$final_path" "$datadir" -find ${final_path}/ -type f -print0 | xargs -0 chmod 0644 -find ${final_path}/ -type d -print0 | xargs -0 chmod 0755 -find ${datadir}/ -type f -print0 | xargs -0 chmod 0640 -find ${datadir}/ -type d -print0 | xargs -0 chmod 0750 -chmod 640 "${final_path}/config/config.php" +find $final_path/ -type f -print0 | xargs -0 chmod 0644 +find $final_path/ -type d -print0 | xargs -0 chmod 0755 +find $datadir/ -type f -print0 | xargs -0 chmod 0640 +find $datadir/ -type d -print0 | xargs -0 chmod 0750 +chmod 640 "$final_path/config/config.php" chmod 755 /home/yunohost.app #================================================= # SETUP LOGROTATE #================================================= -# Use logrotate to manage application logfile -ynh_use_logrotate "${datadir}/nextcloud.log" +# Use logrotate to manage application logfile(s) +ynh_use_logrotate "$datadir/nextcloud.log" #================================================= # SETUP SSOWAT diff --git a/scripts/remove b/scripts/remove index b21d030..907a7e7 100755 --- a/scripts/remove +++ b/scripts/remove @@ -78,8 +78,9 @@ ynh_secure_remove "/etc/cron.d/$app" #================================================= for i in $(ls /home); do + # Clean ACL in every directories in /home, except those which start with 'yunohost.' [[ ! $i == yunohost.* ]] \ - && setfacl -x g:$app:rwx 2>&1 + && setfacl --remove g:$app:rwx 2>&1 done #================================================= diff --git a/scripts/restore b/scripts/restore index 7f601db..157128a 100755 --- a/scripts/restore +++ b/scripts/restore @@ -2,18 +2,11 @@ #================================================= # GENERIC START -#================================================= - #================================================= # IMPORT GENERIC HELPERS #================================================= -if [ ! -e _common.sh ]; then - # Get the _common.sh file if it's not in the current directory - cp ../settings/scripts/_common.sh ./_common.sh - chmod a+rx _common.sh -fi -source _common.sh +source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers #================================================= @@ -103,7 +96,7 @@ ynh_restore_file "/etc/logrotate.d/$app" # RESTORE THE DATA DIRECTORY #================================================= -datadir="/home/yunohost.app/${app}/data" +datadir="/home/yunohost.app/$app/data" # The data directory will be restored only if it exists in the backup archive # So only if it was backup previously. @@ -114,8 +107,6 @@ else # Create app folders mkdir -p "$datadir" fi -# Remove the option backup_core_only if it's in the settings.yml file -ynh_app_setting_delete $app backup_core_only #================================================= # RESTORE USER RIGHTS @@ -123,14 +114,14 @@ ynh_app_setting_delete $app backup_core_only # Fix app ownerships & permissions chown -R $app: "$final_path" "$datadir" -chmod 640 "${final_path}/config/config.php" +chmod 640 "$final_path/config/config.php" chmod 755 /home/yunohost.app # Iterate over users to extend their home folder permissions - for the external # storage plugin usage - and create relevant Nextcloud directories for u in $(ynh_user_list); do - mkdir -p "${datadir}/${u}" - setfacl -m g:$app:rwx "/home/$u" || true + mkdir -p "$datadir/$u" + setfacl --modify g:$app:rwx "/home/$u" || true done #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index d0c6329..78bdce9 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -38,34 +38,33 @@ if [ -z $final_path ]; then ynh_app_setting_set $app final_path $final_path fi +# Remove the option backup_core_only if it's in the settings.yml file +ynh_app_setting_delete $app backup_core_only + #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= # Made a backup only after the version 11.0.0 # Before, the datas will be always saved. - # Get the current version number of nextcloud/owncloud current_version=$(grep OC_VersionString "$final_path/version.php" | cut -d\' -f2) current_major_version=${current_version%%.*} if [ $current_major_version -gt 11 ] then - # Inform the backup/restore process that it should not save the data directory - ynh_app_setting_set $app backup_core_only 1 - # Backup the current version of the app ynh_backup_before_upgrade ynh_clean_setup () { - # Remove the post migration script before its execution ! - ynh_secure_remove "/tmp/owncloud_post_migration.sh" 2>&1 + # Remove the post migration script before its execution ! + ynh_secure_remove "/tmp/owncloud_post_migration.sh" 2>&1 - # restore it if the upgrade fails - ynh_restore_upgradebackup + # restore it if the upgrade fails + ynh_restore_upgradebackup } fi -# Exit if an error occurs during the script execution +# Exit if an error occurs during the execution of the script ynh_abort_if_errors #================================================= @@ -75,7 +74,7 @@ ynh_abort_if_errors ynh_handle_app_migration "owncloud" "owncloud_migration" if [ $migration_process -eq 1 ] then - # If a migration has been perform + # If a migration has been performed # Reload some values changed by the migration process final_path=$(ynh_app_setting_get $app final_path) db_name=$(ynh_app_setting_get $app db_name) @@ -106,20 +105,18 @@ path_url=$(ynh_normalize_url_path $path_url) # NGINX CONFIGURATION #================================================= +ynh_backup_if_checksum_is_different "/etc/nginx/conf.d/$domain.d/$app.conf" + # Delete current nginx configuration to be able to check if .well-known is already served. ynh_remove_nginx_config ynh_app_setting_delete $app "checksum__etc_nginx_conf.d_$domain.d_$app.conf" || true + # Do not serve .well-known if it's already served on the domain -if is_url_handled "https://${domain}/.well-known/caldav" ; then +if is_url_handled "https://$domain/.well-known/caldav" ; then sed -ri '/^location = \/\.well\-known\/(caldav|carddav) \{/,/\}/d' \ - "../conf/nginx.conf" + "../conf/nginx.conf" fi -# Handle root path, avoid double slash. -# Temporary fix, in waiting for an upgrade of the helper. (#361) -path_url_slash_less=${path_url%/} -ynh_replace_string "__PATH__/" "$path_url_slash_less/" "../conf/nginx.conf" - # Create a dedicated nginx config ynh_add_nginx_config @@ -127,7 +124,7 @@ ynh_add_nginx_config # CREATE DEDICATED USER #================================================= -# Create a system user +# Create a dedicated user (if not existing) ynh_system_user_create $app #================================================= @@ -149,13 +146,20 @@ ynh_install_app_dependencies $pkg_dependencies # MAKE SEQUENTIAL UPGRADES FROM EACH MAJOR # VERSION TO THE NEXT ONE #================================================= +ynh_print_info "Upgrading nextcloud..." + +# Define a function to execute commands with `occ` +exec_occ() { + (cd "$final_path" && exec_as "$app" \ + php occ --no-interaction --no-ansi "$@") +} # Load the last available version source upgrade.d/upgrade.last.sh last_version=$next_version # Define app's data directory -datadir="/home/yunohost.app/${app}/data" +datadir="/home/yunohost.app/$app/data" # Set write access for the following commands chown -R $app: "$final_path" "$datadir" @@ -183,7 +187,7 @@ do # Load the value for this version source upgrade.d/upgrade.$current_major_version.sh - echo -e "\nUpgrade to nextcloud $next_version" >&2 + ynh_print_info "Upgrade to nextcloud $next_version" # Create an app.src for this version of nextcloud cp ../conf/app.src.default ../conf/app.src @@ -217,7 +221,7 @@ do # Upgrade Nextcloud (SUCCESS = 0, UP_TO_DATE = 3) exec_occ maintenance:mode --off exec_occ upgrade \ - || ([[ $? -eq 3 ]] || ynh_die "Unable to upgrade Nextcloud") + || ([ $? -eq 3 ] || ynh_die "Unable to upgrade Nextcloud") # Get the new current version number current_version=$(grep OC_VersionString "$final_path/version.php" | cut -d\' -f2) @@ -232,12 +236,13 @@ done #================================================= # Verify the checksum and backup the file if it's different -ynh_backup_if_checksum_is_different "${final_path}/config/config.php" +ynh_backup_if_checksum_is_different "$final_path/config/config.php" nc_conf="${final_path}/config.json" cp ../conf/config.json "$nc_conf" -ynh_replace_string "#DOMAIN#" "$domain" "$nc_conf" -ynh_replace_string "#DATADIR#" "$datadir" "$nc_conf" + +ynh_replace_string "__DOMAIN__" "$domain" "$nc_conf" +ynh_replace_string "__DATADIR__" "$datadir" "$nc_conf" # Ensure that UpdateNotification app is disabled exec_occ app:disable updatenotification @@ -247,7 +252,8 @@ exec_occ app:enable user_ldap # Load the config file in nextcloud exec_occ config:import "$nc_conf" -# Then remove it + +# Then remove the config file rm -f "$nc_conf" #================================================= @@ -262,12 +268,24 @@ exec_occ config:system:get logout_url >/dev/null 2>&1 \ \$main_domain = exec('cat /etc/yunohost/current_host'); \$CONFIG['logout_url'] = 'https://'.\$main_domain.'/yunohost/sso/?action=logout'; //-YunoHost- -" >> "${final_path}/config/config.php" +" >> "$final_path/config/config.php" #================================================= # MOUNT HOME FOLDERS AS EXTERNAL STORAGE #================================================= +# Define a function to add an external storage +# Create the external storage for the given folders and enable sharing +create_external_storage() { + local datadir="$1" + local mount_name="$2" + local mount_id=`exec_occ files_external:create --output=json \ + "$mount_name" 'local' 'null::null' -c "datadir=$datadir" || true` + ! [[ $mount_id =~ ^[0-9]+$ ]] \ + && echo "Unable to create external storage" >&2 \ + || exec_occ files_external:option "$mount_id" enable_sharing true +} + # Enable External Storage and create local mount to home folder as needed if [ $user_home -eq 1 ]; then exec_occ app:enable files_external @@ -276,7 +294,7 @@ if [ $user_home -eq 1 ]; then || create_external_storage "/home/\$user" "Home" # Iterate over users to extend their home folder permissions for u in $(ynh_user_list); do - setfacl -m g:$app:rwx "/home/$u" || true + setfacl --modify g:$app:rwx "/home/$u" || true done fi @@ -296,8 +314,8 @@ cp -a ../conf/nextcloud.cron "$cron_path" chown root: "$cron_path" chmod 644 "$cron_path" -ynh_replace_string "#USER#" "$app" "$cron_path" -ynh_replace_string "#DESTDIR#" "$final_path" "$cron_path" +ynh_replace_string "__USER__" "$app" "$cron_path" +ynh_replace_string "__DESTDIR__" "$final_path" "$cron_path" exec_occ background:cron @@ -306,7 +324,7 @@ exec_occ background:cron #================================================= # Set system group in hooks -ynh_replace_string "#GROUP#" "$app" ../hooks/post_user_create +ynh_replace_string "__GROUP__" "$app" ../hooks/post_user_create #================================================= # YUNOHOST MULTIMEDIA INTEGRATION @@ -329,11 +347,11 @@ ynh_multimedia_addaccess $app # Fix app ownerships & permissions chown -R $app: "$final_path" "$datadir" -find ${final_path}/ -type f -print0 | xargs -0 chmod 0644 -find ${final_path}/ -type d -print0 | xargs -0 chmod 0755 -find ${datadir}/ -type f -print0 | xargs -0 chmod 0640 -find ${datadir}/ -type d -print0 | xargs -0 chmod 0750 -chmod 640 "${final_path}/config/config.php" +find $final_path/ -type f -print0 | xargs -0 chmod 0644 +find $final_path/ -type d -print0 | xargs -0 chmod 0755 +find $datadir/ -type f -print0 | xargs -0 chmod 0640 +find $datadir/ -type d -print0 | xargs -0 chmod 0750 +chmod 640 "$final_path/config/config.php" chmod 755 /home/yunohost.app #================================================= @@ -341,8 +359,8 @@ chmod 755 /home/yunohost.app #================================================= # Warn about possible disabled apps -echo "Note that if you've installed some third-parties Nextcloud applications, \ -they are probably disabled and you'll have to manually enable them again." >&2 +ynh_print_warn "Note that if you've installed some third-parties Nextcloud applications, \ +they are probably disabled and you'll have to manually enable them again." #================================================= # SETUP LOGROTATE @@ -373,10 +391,10 @@ systemctl reload nginx if [ $migration_process -eq 1 ] then - echo "ownCloud has been successfully migrated to Nextcloud! \ + ynh_print_info "ownCloud has been successfully migrated to Nextcloud! \ A last scheduled operation will run in a couple of minutes to finish the \ migration in YunoHost side. Do not proceed any application operation while \ -you don't see Nextcloud as installed." >&2 +you don't see Nextcloud as installed." # Execute a post migration script after the end of this upgrade. # Mainly for some cleaning From 00761efadebacace0db1c3cbe232a658c4226e9a Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Sat, 16 Feb 2019 17:21:15 +0100 Subject: [PATCH 03/31] Use php7 --- conf/nginx.conf | 2 +- conf/php-fpm.conf | 104 ++++++++++++++++++++++++++++++--------------- manifest.json | 4 +- scripts/_common.sh | 7 +-- scripts/backup | 2 +- scripts/restore | 4 +- 6 files changed, 77 insertions(+), 46 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 6d217e1..ba6c554 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -70,7 +70,7 @@ location ^~ __PATH__ { fastcgi_param HTTPS on; fastcgi_param modHeadersAvailable true; fastcgi_param REMOTE_USER $remote_user; - fastcgi_pass unix:/var/run/php5-fpm-__NAME__.sock; + fastcgi_pass unix:/var/run/php/php7.0-fpm-__NAME__.sock; fastcgi_intercept_errors on; } diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index 2571613..74825fa 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -1,10 +1,11 @@ ; Start a new pool named 'www'. -; the variable $pool can we used in any directive and will be replaced by the +; the variable $pool can be used in any directive and will be replaced by the ; pool name ('www' here) [__NAMETOCHANGE__] ; Per pool prefix ; It only applies on the following directives: +; - 'access.log' ; - 'slowlog' ; - 'listen' (unixsocket) ; - 'chroot' @@ -24,28 +25,35 @@ group = __USER__ ; The address on which to accept FastCGI requests. ; Valid syntaxes are: -; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific address on +; 'ip.add.re.ss:port' - to listen on a TCP socket to a specific IPv4 address on ; a specific port; -; 'port' - to listen on a TCP socket to all addresses on a -; specific port; +; '[ip:6:addr:ess]:port' - to listen on a TCP socket to a specific IPv6 address on +; a specific port; +; 'port' - to listen on a TCP socket to all addresses +; (IPv6 and IPv4-mapped) on a specific port; ; '/path/to/unix/socket' - to listen on a unix socket. ; Note: This value is mandatory. -listen = /var/run/php5-fpm-__NAMETOCHANGE__.sock +listen = /var/run/php/php7.0-fpm-__NAMETOCHANGE__.sock -; Set listen(2) backlog. A value of '-1' means unlimited. -; Default Value: 128 (-1 on FreeBSD and OpenBSD) -;listen.backlog = 128 +; Set listen(2) backlog. +; Default Value: 511 (-1 on FreeBSD and OpenBSD) +;listen.backlog = 511 ; Set permissions for unix socket, if one is used. In Linux, read/write ; permissions must be set in order to allow connections from a web server. Many -; BSD-derived systems allow connections regardless of permissions. +; BSD-derived systems allow connections regardless of permissions. ; Default Values: user and group are set as the running user ; mode is set to 0660 listen.owner = www-data listen.group = www-data ;listen.mode = 0660 - -; List of ipv4 addresses of FastCGI clients which are allowed to connect. +; When POSIX Access Control Lists are supported you can set them using +; these options, value is a comma separated list of user/group names. +; When set, listen.owner and listen.group are ignored +;listen.acl_users = +;listen.acl_groups = + +; List of addresses (IPv4/IPv6) of FastCGI clients which are allowed to connect. ; Equivalent to the FCGI_WEB_SERVER_ADDRS environment variable in the original ; PHP FCGI (5.2.2+). Makes sense only with a tcp listening socket. Each address ; must be separated by a comma. If this value is left blank, connections will be @@ -59,7 +67,13 @@ listen.group = www-data ; - The pool processes will inherit the master process priority ; unless it specified otherwise ; Default Value: no set -; priority = -19 +; process.priority = -19 + +; Set the process dumpable flag (PR_SET_DUMPABLE prctl) even if the process user +; or group is differrent than the master process user. It allows to create process +; core dump and ptrace the process for the pool user. +; Default Value: no +; process.dumpable = yes ; Choose how the process manager will control the number of child processes. ; Possible Values: @@ -117,12 +131,12 @@ pm.max_spare_servers = 3 ; Note: Used only when pm is set to 'ondemand' ; Default Value: 10s ;pm.process_idle_timeout = 10s; - + ; The number of requests each child process should execute before respawning. ; This can be useful to work around memory leaks in 3rd party libraries. For ; endless request processing specify '0'. Equivalent to PHP_FCGI_MAX_REQUESTS. ; Default Value: 0 -pm.max_requests = 500 +;pm.max_requests = 500 ; The URI to view the FPM status page. If this value is not set, no URI will be ; recognized as a status page. It shows the following informations: @@ -170,7 +184,7 @@ pm.max_requests = 500 ; ; By default the status page only outputs short status. Passing 'full' in the ; query string will also return status for each pool process. -; Example: +; Example: ; http://www.foo.bar/status?full ; http://www.foo.bar/status?json&full ; http://www.foo.bar/status?html&full @@ -215,7 +229,7 @@ pm.max_requests = 500 ; last request memory: 0 ; ; Note: There is a real-time FPM status monitoring sample web page available -; It's available in: ${prefix}/share/fpm/status.html +; It's available in: /usr/share/php/7.0/fpm/status.html ; ; Note: The value must start with a leading slash (/). The value can be ; anything, but it may not be a good idea to use the .php extension or it @@ -275,7 +289,7 @@ pm.max_requests = 500 ; - %{megabytes}M ; - %{mega}M ; %n: pool name -; %o: ouput header +; %o: output header ; it must be associated with embraces to specify the name of the header: ; - %{Content-Type}o ; - %{X-Powered-By}o @@ -283,7 +297,7 @@ pm.max_requests = 500 ; - .... ; %p: PID of the child that serviced the request ; %P: PID of the parent of the child that serviced the request -; %q: the query string +; %q: the query string ; %Q: the '?' character if query string exists ; %r: the request URI (without the query string, see %q and %Q) ; %R: remote IP address @@ -291,47 +305,51 @@ pm.max_requests = 500 ; %t: server time the request was received ; it can accept a strftime(3) format: ; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t ; %T: time the log has been written (the request has finished) ; it can accept a strftime(3) format: ; %d/%b/%Y:%H:%M:%S %z (default) +; The strftime(3) format must be encapsuled in a %{}t tag +; e.g. for a ISO8601 formatted timestring, use: %{%Y-%m-%dT%H:%M:%S%z}t ; %u: remote user ; ; Default: "%R - %u %t \"%m %r\" %s" ;access.format = "%R - %u %t \"%m %r%Q%q\" %s %f %{mili}d %{kilo}M %C%%" - + ; The log file for slow requests ; Default Value: not set ; Note: slowlog is mandatory if request_slowlog_timeout is set -slowlog = /var/log/nginx/__NAMETOCHANGE__.slow.log - +;slowlog = log/$pool.log.slow + ; The timeout for serving a single request after which a PHP backtrace will be ; dumped to the 'slowlog' file. A value of '0s' means 'off'. ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Default Value: 0 -request_slowlog_timeout = 5s - +;request_slowlog_timeout = 0 + ; The timeout for serving a single request after which the worker process will ; be killed. This option should be used when the 'max_execution_time' ini option ; does not stop script execution for some reason. A value of '0' means 'off'. ; Available units: s(econds)(default), m(inutes), h(ours), or d(ays) ; Default Value: 0 request_terminate_timeout = 1d - + ; Set open file descriptor rlimit. ; Default Value: system defined value ;rlimit_files = 1024 - + ; Set max core size rlimit. ; Possible Values: 'unlimited' or an integer greater or equal to 0 ; Default Value: system defined value ;rlimit_core = 0 - + ; Chroot to this directory at the start. This value must be defined as an ; absolute path. When this value is not set, chroot is not used. ; Note: you can prefix with '$prefix' to chroot to the pool prefix or one ; of its subdirectories. If the pool prefix is not set, the global prefix ; will be used instead. -; Note: chrooting is a great security feature and should be used whenever +; Note: chrooting is a great security feature and should be used whenever ; possible. However, all PHP paths will be relative to the chroot ; (error_log, sessions.save_path, ...). ; Default Value: not set @@ -347,16 +365,25 @@ chdir = __FINALPATH__ ; Note: on highloaded environement, this can cause some delay in the page ; process time (several ms). ; Default Value: no -catch_workers_output = yes +;catch_workers_output = yes + +; Clear environment in FPM workers +; Prevents arbitrary environment variables from reaching FPM worker processes +; by clearing the environment in workers before env vars specified in this +; pool configuration are added. +; Setting to "no" will make all environment variables available to PHP code +; via getenv(), $_ENV and $_SERVER. +; Default Value: yes +;clear_env = no ; Limits the extensions of the main script FPM will allow to parse. This can ; prevent configuration mistakes on the web server side. You should only limit ; FPM to .php extensions to prevent malicious users to use other extensions to -; exectute php code. +; execute php code. ; Note: set an empty value to allow all extensions. ; Default Value: .php -;security.limit_extensions = .php .php3 .php4 .php5 - +;security.limit_extensions = .php .php3 .php4 .php5 .php7 + ; Pass environment variables like LD_LIBRARY_PATH. All $VARIABLEs are taken from ; the current environment. ; Default Value: clean env @@ -365,13 +392,12 @@ catch_workers_output = yes ;env[TMP] = /tmp ;env[TMPDIR] = /tmp ;env[TEMP] = /tmp -env[PATH] = $PATH ; Additional php.ini defines, specific to this pool of workers. These settings ; overwrite the values previously defined in the php.ini. The directives are the ; same as the PHP SAPI: ; php_value/php_flag - you can set classic ini defines which can -; be overwritten from PHP call 'ini_set'. +; be overwritten from PHP call 'ini_set'. ; php_admin_value/php_admin_flag - these directives won't be overwritten by ; PHP call 'ini_set' ; For php_*flag, valid values are on, off, 1, 0, true, false, yes or no. @@ -392,6 +418,17 @@ env[PATH] = $PATH ;php_admin_flag[log_errors] = on ;php_admin_value[memory_limit] = 32M +; Common values to change to increase file upload limit +; php_admin_value[upload_max_filesize] = 50M +; php_admin_value[post_max_size] = 50M +; php_admin_flag[mail.add_x_header] = Off + +; Other common parameters +; php_admin_value[max_execution_time] = 600 +; php_admin_value[max_input_time] = 300 +; php_admin_value[memory_limit] = 256M +; php_admin_flag[short_open_tag] = On + ; Additional php.ini defines, specific to this pool of workers. php_value[upload_max_filesize] = 10G php_value[post_max_size] = 10G @@ -404,4 +441,3 @@ php_value[opcache.max_accelerated_files]=10000 php_value[opcache.memory_consumption]=128 php_value[opcache.save_comments]=1 php_value[opcache.revalidate_freq]=1 - diff --git a/manifest.json b/manifest.json index 568d011..f0197d9 100644 --- a/manifest.json +++ b/manifest.json @@ -14,12 +14,12 @@ "email": "apps@yunohost.org" }, "requirements": { - "yunohost": ">= 2.7.2" + "yunohost": ">= 3.0" }, "multi_instance": true, "services": [ "nginx", - "php5-fpm", + "php7.0-fpm", "mysql" ], "arguments": { diff --git a/scripts/_common.sh b/scripts/_common.sh index 540c024..cb2677e 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -3,12 +3,7 @@ # COMMON VARIABLES #================================================= -pkg_dependencies="php5-gd php5-json php5-intl php5-mcrypt php5-curl php5-apcu php5-redis php5-ldap php5-imagick imagemagick acl tar smbclient at" - -if [ "$(lsb_release --codename --short)" != "jessie" ]; then - pkg_dependencies="$pkg_dependencies php-zip php-apcu php-mbstring php-xml" -fi - +pkg_dependencies="php-gd php-json php-intl php-mcrypt php-curl php-apcu php-redis php-ldap php-imagick php-zip php-mbstring php-xml imagemagick acl tar smbclient at" #================================================= # COMMON HELPERS -- SHOULD BE ADDED TO YUNOHOST diff --git a/scripts/backup b/scripts/backup index a41fb88..67f05ce 100755 --- a/scripts/backup +++ b/scripts/backup @@ -44,7 +44,7 @@ ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" # BACKUP THE PHP-FPM CONFIGURATION #================================================= -ynh_backup "/etc/php5/fpm/pool.d/$app.conf" +ynh_backup "/etc/php/7.0/fpm/pool.d/$app.conf" #================================================= # BACKUP THE MYSQL DATABASE diff --git a/scripts/restore b/scripts/restore index 157128a..1a2209c 100755 --- a/scripts/restore +++ b/scripts/restore @@ -69,7 +69,7 @@ ynh_system_user_create $app # RESTORE THE PHP-FPM CONFIGURATION #================================================= -ynh_restore_file "/etc/php5/fpm/pool.d/$app.conf" +ynh_restore_file "/etc/php/7.0/fpm/pool.d/$app.conf" #================================================= # SPECIFIC RESTORATION @@ -139,5 +139,5 @@ ynh_multimedia_addaccess $app # RELOAD NGINX AND PHP-FPM #================================================= -systemctl reload php5-fpm +systemctl reload php7.0-fpm systemctl reload nginx From b399b690513a3159a4f9be47e89d548f8027e890 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Sat, 16 Feb 2019 17:21:42 +0100 Subject: [PATCH 04/31] Update helpers --- scripts/_common.sh | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index cb2677e..9301891 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -6,7 +6,7 @@ pkg_dependencies="php-gd php-json php-intl php-mcrypt php-curl php-apcu php-redis php-ldap php-imagick php-zip php-mbstring php-xml imagemagick acl tar smbclient at" #================================================= -# COMMON HELPERS -- SHOULD BE ADDED TO YUNOHOST +# EXPERIMENTAL HELPERS #================================================= # Execute a command as another user @@ -277,8 +277,9 @@ ynh_handle_app_migration () { #================================================= -# EXPERIMENTAL HELPERS +# FUTURE OFFICIAL HELPERS #================================================= + #================================================= # YUNOHOST MULTIMEDIA INTEGRATION #================================================= @@ -287,16 +288,20 @@ ynh_handle_app_migration () { # # usage: ynh_multimedia_build_main_dir ynh_multimedia_build_main_dir () { - local ynh_media_release="v1.0" - local checksum="4852c8607db820ad51f348da0dcf0c88" + local ynh_media_release="v1.2" + local checksum="806a827ba1902d6911095602a9221181" # Download yunohost.multimedia scripts wget -nv https://github.com/YunoHost-Apps/yunohost.multimedia/archive/${ynh_media_release}.tar.gz - # Verify checksum + # Check the control sum echo "${checksum} ${ynh_media_release}.tar.gz" | md5sum -c --status \ || ynh_die "Corrupt source" + # Check if the package acl is installed. Or install it. + ynh_package_is_installed 'acl' \ + || ynh_package_install acl + # Extract mkdir yunohost.multimedia-master tar -xf ${ynh_media_release}.tar.gz -C yunohost.multimedia-master --strip-components 1 From 764209306b31f858c03316d6749bc9c1743af7c3 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Sun, 17 Feb 2019 20:57:31 +0100 Subject: [PATCH 05/31] Add progression with ynh_print_info --- README.md | 2 +- conf/nginx.conf | 30 +++++++++++++++--------------- manifest.json | 2 +- scripts/_common.sh | 25 +++++++++++++++++++++++++ scripts/backup | 13 +++++++++++++ scripts/install | 20 ++++++++++++++++++++ scripts/remove | 14 ++++++++++++++ scripts/restore | 15 +++++++++++++++ scripts/upgrade | 21 ++++++++++++++++++++- scripts/upgrade.d/upgrade.last.sh | 4 ++-- 10 files changed, 126 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index 83e2e54..2a25708 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to own data. A personal cloud which run on your own server. With Nextcloud you can synchronize your files over your devices. -**Shipped version:** 15.0.2 +**Shipped version:** 15.0.4 ## Screenshots diff --git a/conf/nginx.conf b/conf/nginx.conf index ba6c554..1170d66 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -16,13 +16,13 @@ location ^~ __PATH__ { } # Add headers to serve security related headers - add_header Strict-Transport-Security "max-age=15768000;"; - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; - add_header Referrer-Policy no-referrer; + more_set_headers "Strict-Transport-Security: max-age=15768000"; + more_set_headers "X-Content-Type-Options: nosniff"; + more_set_headers "X-XSS-Protection: 1; mode=block"; + more_set_headers "X-Robots-Tag: none"; + more_set_headers "X-Download-Options: noopen"; + more_set_headers "X-Permitted-Cross-Domain-Policies: none"; + more_set_headers "Referrer-Policy: no-referrer"; # Set max upload size client_max_body_size 10G; @@ -81,15 +81,15 @@ location ^~ __PATH__ { # Adding the cache control header for js and css files location ~* \.(?:css|js)$ { - add_header Cache-Control "public, max-age=7200"; + more_set_headers "Cache-Control: public, max-age=7200"; # Add headers to serve security related headers - add_header Strict-Transport-Security "max-age=15768000;"; - add_header X-Content-Type-Options nosniff; - add_header X-XSS-Protection "1; mode=block"; - add_header X-Robots-Tag none; - add_header X-Download-Options noopen; - add_header X-Permitted-Cross-Domain-Policies none; - add_header Referrer-Policy no-referrer; + more_set_headers "Strict-Transport-Security: max-age=15768000"; + more_set_headers "X-Content-Type-Options: nosniff"; + more_set_headers "X-XSS-Protection: 1; mode=block"; + more_set_headers "X-Robots-Tag: none"; + more_set_headers "X-Download-Options: noopen"; + more_set_headers "X-Permitted-Cross-Domain-Policies: none"; + more_set_headers "Referrer-Policy: no-referrer"; # Optional: Don't log access to assets access_log off; diff --git a/manifest.json b/manifest.json index f0197d9..a146c94 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Access & share your files, calendars, contacts, mail & more from any device, on your terms", "fr": "Consultez et partagez vos fichiers, agendas, carnets d'adresses, emails et bien plus depuis les appareils de votre choix, sous vos conditions" }, - "version": "15.0.2~ynh1", + "version": "15.0.4~ynh2", "url": "https://nextcloud.com", "license": "AGPL-3.0", "maintainer": { diff --git a/scripts/_common.sh b/scripts/_common.sh index 9301891..2529d02 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -275,6 +275,31 @@ ynh_handle_app_migration () { fi } +ynh_smart_mktemp () { + local min_size="${1:-300}" + # Transform the minimum size from megabytes to kilobytes + min_size=$(( $min_size * 1024 )) + + # Check if there's enough free space in a directory + is_there_enough_space () { + local free_space=$(df --output=avail "$1" | sed 1d) + test $free_space -ge $min_size + } + + if is_there_enough_space /tmp; then + local tmpdir=/tmp + elif is_there_enough_space /var; then + local tmpdir=/var + elif is_there_enough_space /; then + local tmpdir=/ + elif is_there_enough_space /home; then + local tmpdir=/home + else + ynh_die "Insufficient free space to continue..." + fi + + echo "$(sudo mktemp --directory --tmpdir="$tmpdir")" +} #================================================= # FUTURE OFFICIAL HELPERS diff --git a/scripts/backup b/scripts/backup index 67f05ce..f548f90 100755 --- a/scripts/backup +++ b/scripts/backup @@ -19,6 +19,7 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= +ynh_print_info "Loading installation settings..." app=$YNH_APP_INSTANCE_NAME @@ -31,24 +32,28 @@ db_name=$(ynh_app_setting_get $app db_name) #================================================= # BACKUP THE APP MAIN DIR #================================================= +ynh_print_info "Backing up the main app directory..." ynh_backup "$final_path" #================================================= # BACKUP THE NGINX CONFIGURATION #================================================= +ynh_print_info "Backing up nginx web server configuration..." ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # BACKUP THE PHP-FPM CONFIGURATION #================================================= +ynh_print_info "Backing up php-fpm configuration..." ynh_backup "/etc/php/7.0/fpm/pool.d/$app.conf" #================================================= # BACKUP THE MYSQL DATABASE #================================================= +ynh_print_info "Backing up the MySQL database..." ynh_mysql_dump_db "$db_name" > db.sql @@ -57,6 +62,7 @@ ynh_mysql_dump_db "$db_name" > db.sql #================================================= # BACKUP LOGROTATE #================================================= +ynh_print_info "Backing up logrotate configuration..." ynh_backup "/etc/logrotate.d/$app" @@ -69,8 +75,15 @@ ynh_backup "/etc/cron.d/$app" #================================================= # BACKUP THE DATA DIRECTORY #================================================= +ynh_print_info "Backing up data directory..." # The 1 parameter indicates the directory is "big", # so that it won't be backed up before upgrade # This argument has to be the third one. ynh_backup "/home/yunohost.app/${app}/data" "/home/yunohost.app/${app}/data" 1 + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." diff --git a/scripts/install b/scripts/install index 2c301c0..0f66303 100755 --- a/scripts/install +++ b/scripts/install @@ -30,6 +30,7 @@ app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= +ynh_print_info "Validating installation parameters..." final_path=/var/www/$app test ! -e "$final_path" || ynh_die "This path already contains a folder" @@ -43,6 +44,7 @@ ynh_webpath_register $app $domain $path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= +ynh_print_info "Storing installation settings..." ynh_app_setting_set $app domain $domain ynh_app_setting_set $app path $path_url @@ -54,12 +56,14 @@ ynh_app_setting_set $app user_home $user_home #================================================= # INSTALL DEPENDENCIES #================================================= +ynh_print_info "Installing dependencies..." ynh_install_app_dependencies $pkg_dependencies #================================================= # CREATE A MYSQL DATABASE #================================================= +ynh_print_info "Creating a MySQL database..." db_name=$(ynh_sanitize_dbid $app) ynh_app_setting_set $app db_name $db_name @@ -68,6 +72,7 @@ ynh_mysql_setup_db $db_name $db_name #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= +ynh_print_info "Setting up source files..." # Load the last available version source upgrade.d/upgrade.last.sh @@ -85,6 +90,7 @@ ynh_setup_source "$final_path" #================================================= # NGINX CONFIGURATION #================================================= +ynh_print_info "Configuring nginx web server..." # Do not serve .well-known if it's already served on the domain if is_url_handled "https://$domain/.well-known/caldav" ; then @@ -98,6 +104,7 @@ ynh_add_nginx_config #================================================= # CREATE DEDICATED USER #================================================= +ynh_print_info "Configuring system user..." # Create a system user ynh_system_user_create $app @@ -105,6 +112,7 @@ ynh_system_user_create $app #================================================= # PHP-FPM CONFIGURATION #================================================= +ynh_print_info "Configuring php-fpm..." # Create a dedicated php-fpm config ynh_add_fpm_config @@ -123,6 +131,7 @@ mkdir -p "$datadir" #================================================= # INSTALL NEXTCLOUD #================================================= +ynh_print_info "Installing nextcloud..." # Define a function to execute commands with `occ` exec_occ() { @@ -144,6 +153,7 @@ exec_occ maintenance:install \ #================================================= # CONFIGURE NEXTCLOUD #================================================= +ynh_print_info "Configuring nextcloud..." # Ensure that UpdateNotification app is disabled exec_occ app:disable updatenotification @@ -268,6 +278,7 @@ ynh_replace_string "__GROUP__" "$app" ../hooks/post_user_create #================================================= # YUNOHOST MULTIMEDIA INTEGRATION #================================================= +ynh_print_info "Adding multimedia directories..." # Build YunoHost multimedia directories ynh_multimedia_build_main_dir @@ -296,6 +307,7 @@ chmod 755 /home/yunohost.app #================================================= # SETUP LOGROTATE #================================================= +ynh_print_info "Configuring log rotation..." # Use logrotate to manage application logfile(s) ynh_use_logrotate "$datadir/nextcloud.log" @@ -303,6 +315,7 @@ ynh_use_logrotate "$datadir/nextcloud.log" #================================================= # SETUP SSOWAT #================================================= +ynh_print_info "Configuring SSOwat..." ynh_app_setting_set $app unprotected_uris "/" ynh_app_setting_set $app skipped_regex \ @@ -311,5 +324,12 @@ ynh_app_setting_set $app skipped_regex \ #================================================= # RELOAD NGINX #================================================= +ynh_print_info "Reloading nginx web server..." systemctl reload nginx + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Installation of $app completed" diff --git a/scripts/remove b/scripts/remove index 907a7e7..de10894 100755 --- a/scripts/remove +++ b/scripts/remove @@ -12,6 +12,7 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= +ynh_print_info "Loading installation settings..." app=$YNH_APP_INSTANCE_NAME @@ -24,6 +25,7 @@ final_path=$(ynh_app_setting_get $app final_path) #================================================= # REMOVE DEPENDENCIES #================================================= +ynh_print_info "Removing dependencies" # Remove metapackage and its dependencies ynh_remove_app_dependencies @@ -31,6 +33,7 @@ ynh_remove_app_dependencies #================================================= # REMOVE THE MYSQL DATABASE #================================================= +ynh_print_info "Removing the MySQL database" # Remove a database if it exists, along with the associated user ynh_mysql_remove_db $db_name $db_name @@ -38,6 +41,7 @@ ynh_mysql_remove_db $db_name $db_name #================================================= # REMOVE APP MAIN DIR #================================================= +ynh_print_info "Removing app main directory" # Remove the app directory securely ynh_secure_remove "$final_path" @@ -45,6 +49,7 @@ ynh_secure_remove "$final_path" #================================================= # REMOVE NGINX CONFIGURATION #================================================= +ynh_print_info "Removing nginx web server configuration" # Remove the dedicated nginx config ynh_remove_nginx_config @@ -52,6 +57,7 @@ ynh_remove_nginx_config #================================================= # REMOVE PHP-FPM CONFIGURATION #================================================= +ynh_print_info "Removing php-fpm configuration" # Remove the dedicated php-fpm config ynh_remove_fpm_config @@ -59,6 +65,7 @@ ynh_remove_fpm_config #================================================= # REMOVE LOGROTATE CONFIGURATION #================================================= +ynh_print_info "Removing logrotate configuration" # Remove the app-specific logrotate config ynh_remove_logrotate @@ -88,6 +95,13 @@ done #================================================= # REMOVE DEDICATED USER #================================================= +ynh_print_info "Removing the dedicated system user" # Delete a system user ynh_system_user_delete $app + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Removal of $app completed" diff --git a/scripts/restore b/scripts/restore index 1a2209c..b077fea 100755 --- a/scripts/restore +++ b/scripts/restore @@ -19,6 +19,7 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= +ynh_print_info "Loading settings..." app=$YNH_APP_INSTANCE_NAME @@ -30,6 +31,7 @@ db_name=$(ynh_app_setting_get $app db_name) #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= +ynh_print_info "Validating restoration parameters..." ynh_webpath_available $domain $path_url \ || ynh_die "Path not available: ${domain}${path_url}" @@ -47,12 +49,14 @@ ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # RESTORE THE APP MAIN DIR #================================================= +ynh_print_info "Restoring the app main directory..." ynh_restore_file "$final_path" #================================================= # RESTORE THE MYSQL DATABASE #================================================= +ynh_print_info "Restoring the MySQL database..." db_pwd=$(ynh_app_setting_get $app mysqlpwd) ynh_mysql_setup_db $db_name $db_name $db_pwd @@ -61,6 +65,7 @@ ynh_mysql_connect_as $db_name $db_pwd $db_name < ./db.sql #================================================= # RECREATE THE DEDICATED USER #================================================= +ynh_print_info "Recreating the dedicated system user..." # Create the dedicated user (if not existing) ynh_system_user_create $app @@ -76,6 +81,7 @@ ynh_restore_file "/etc/php/7.0/fpm/pool.d/$app.conf" #================================================= # REINSTALL DEPENDENCIES #================================================= +ynh_print_info "Reinstalling dependencies..." # Define and install dependencies ynh_install_app_dependencies $pkg_dependencies @@ -95,6 +101,7 @@ ynh_restore_file "/etc/logrotate.d/$app" #================================================= # RESTORE THE DATA DIRECTORY #================================================= +ynh_print_info "Restoring data directory..." datadir="/home/yunohost.app/$app/data" @@ -127,6 +134,7 @@ done #================================================= # YUNOHOST MULTIMEDIA INTEGRATION #================================================= +ynh_print_info "Adding multimedia directories..." # Build YunoHost multimedia directories ynh_multimedia_build_main_dir @@ -138,6 +146,13 @@ ynh_multimedia_addaccess $app #================================================= # RELOAD NGINX AND PHP-FPM #================================================= +ynh_print_info "Reloading nginx web server and php-fpm..." systemctl reload php7.0-fpm systemctl reload nginx + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Restoration completed for $app" diff --git a/scripts/upgrade b/scripts/upgrade index 78bdce9..064d446 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -12,6 +12,7 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= +ynh_print_info "Loading installation settings..." app=$YNH_APP_INSTANCE_NAME @@ -25,6 +26,7 @@ user_home=$(ynh_app_setting_get $app user_home) #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= +ynh_print_info "Ensuring downward compatibility..." # If db_name doesn't exist, create it if [ -z $db_name ]; then @@ -44,6 +46,7 @@ ynh_app_setting_delete $app backup_core_only #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= +ynh_print_info "Backing up the app before upgrading (may take a while)..." # Made a backup only after the version 11.0.0 # Before, the datas will be always saved. @@ -104,6 +107,7 @@ path_url=$(ynh_normalize_url_path $path_url) #================================================= # NGINX CONFIGURATION #================================================= +ynh_print_info "Upgrading nginx web server configuration..." ynh_backup_if_checksum_is_different "/etc/nginx/conf.d/$domain.d/$app.conf" @@ -123,6 +127,7 @@ ynh_add_nginx_config #================================================= # CREATE DEDICATED USER #================================================= +ynh_print_info "Making sure dedicated system user exists..." # Create a dedicated user (if not existing) ynh_system_user_create $app @@ -130,6 +135,7 @@ ynh_system_user_create $app #================================================= # PHP-FPM CONFIGURATION #================================================= +ynh_print_info "Upgrading php-fpm configuration..." # Create a dedicated php-fpm config ynh_add_fpm_config @@ -137,6 +143,7 @@ ynh_add_fpm_config #================================================= # UPGRADE DEPENDENCIES #================================================= +ynh_print_info "Upgrading dependencies..." ynh_install_app_dependencies $pkg_dependencies @@ -195,7 +202,7 @@ do ynh_replace_string "__SHA256_SUM__" "$nextcloud_source_sha256" "../conf/app.src" # Create a temporary directory - tmpdir=$(mktemp -d) + tmpdir="$(ynh_smart_mktemp 300)" # Install the next nextcloud version in $tmpdir ynh_setup_source "$tmpdir" @@ -214,6 +221,7 @@ do # Replace the old nextcloud by the new one ynh_secure_remove "$final_path" mv "$tmpdir" "$final_path" + ynh_secure_remove "$tmpdir" # Set write access for the following commands chown -R $app: "$final_path" "$datadir" @@ -234,6 +242,7 @@ done #================================================= # CONFIGURE NEXTCLOUD #================================================= +ynh_print_info "Reconfiguring nextcloud..." # Verify the checksum and backup the file if it's different ynh_backup_if_checksum_is_different "$final_path/config/config.php" @@ -329,6 +338,7 @@ ynh_replace_string "__GROUP__" "$app" ../hooks/post_user_create #================================================= # YUNOHOST MULTIMEDIA INTEGRATION #================================================= +ynh_print_info "Updating multimedia directories..." # Build YunoHost multimedia directories ynh_multimedia_build_main_dir @@ -365,6 +375,7 @@ they are probably disabled and you'll have to manually enable them again." #================================================= # SETUP LOGROTATE #================================================= +ynh_print_info "Upgrading logrotate configuration..." # Use logrotate to manage app-specific logfile(s) ynh_use_logrotate --non-append @@ -374,6 +385,7 @@ ynh_use_logrotate --non-append #================================================= # SETUP SSOWAT #================================================= +ynh_print_info "Upgrading SSOwat configuration..." ynh_app_setting_set $app unprotected_uris "/" ynh_app_setting_set $app skipped_regex \ @@ -382,6 +394,7 @@ ynh_app_setting_set $app skipped_regex \ #================================================= # RELOAD NGINX #================================================= +ynh_print_info "Reloading nginx web server..." systemctl reload nginx @@ -405,3 +418,9 @@ you don't see Nextcloud as installed." chmod +x /tmp/$script_post_migration (cd /tmp; echo "/tmp/$script_post_migration > /tmp/$script_post_migration.log 2>&1" | at now + 2 minutes) fi + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Upgrade of $app completed" diff --git a/scripts/upgrade.d/upgrade.last.sh b/scripts/upgrade.d/upgrade.last.sh index 1a77d52..80d65dd 100755 --- a/scripts/upgrade.d/upgrade.last.sh +++ b/scripts/upgrade.d/upgrade.last.sh @@ -1,10 +1,10 @@ #!/bin/bash # Last available nextcloud version -next_version="15.0.2" +next_version="15.0.4" # Nextcloud tarball checksum sha256 -nextcloud_source_sha256="c1f4cc33e39994ddbe6777370b62c30b7ae52136a0530c0b9922770803ca0fea" +nextcloud_source_sha256="f87db047c174f563e391a22c959d9ace767ca14ef0f97fc394f3061fc63d8f77" # This function will only be executed upon applying the last upgrade referenced above last_upgrade_operations () { From 445e8d2a69ec78946a8e20704bfa1be1db07619b Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Sat, 2 Mar 2019 12:17:15 +0100 Subject: [PATCH 06/31] Upgrade to upstream version 15.0.5 --- README.md | 2 +- manifest.json | 2 +- scripts/upgrade.d/upgrade.last.sh | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 865fc0c..728a8a9 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ Nextcloud for YunoHost own data. A personal cloud which run on your own server. With Nextcloud you can synchronize your files over your devices. -**Shipped version:** 15.0.4 +**Shipped version:** 15.0.5 [![Install Nextcloud with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=nextcloud) ![](https://raw.githubusercontent.com/nextcloud/screenshots/master/files/Files%20Overview.png) diff --git a/manifest.json b/manifest.json index 43bf976..77642da 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Access & share your files, calendars, contacts, mail & more from any device, on your terms", "fr": "Consultez et partagez vos fichiers, agendas, carnets d'adresses, emails et bien plus depuis les appareils de votre choix, sous vos conditions" }, - "version": "15.0.4~ynh1", + "version": "15.0.5~ynh1", "url": "https://nextcloud.com", "license": "AGPL-3.0", "maintainer": { diff --git a/scripts/upgrade.d/upgrade.last.sh b/scripts/upgrade.d/upgrade.last.sh index 80d65dd..e66bb23 100755 --- a/scripts/upgrade.d/upgrade.last.sh +++ b/scripts/upgrade.d/upgrade.last.sh @@ -1,10 +1,10 @@ #!/bin/bash # Last available nextcloud version -next_version="15.0.4" +next_version="15.0.5" # Nextcloud tarball checksum sha256 -nextcloud_source_sha256="f87db047c174f563e391a22c959d9ace767ca14ef0f97fc394f3061fc63d8f77" +nextcloud_source_sha256="4661869b797a340cd967abb3dbe6931b375434e0a44480346a27ccd73250b988" # This function will only be executed upon applying the last upgrade referenced above last_upgrade_operations () { From 3dd34327ca32b7c962dd8c5869d900b0fca8aa29 Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Sat, 2 Mar 2019 12:18:33 +0100 Subject: [PATCH 07/31] Update nginx configuration to latest Nextcloud recommendations --- conf/nginx.conf | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 2e085c9..7cdfd8f 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -13,7 +13,7 @@ location ^~ __PATH__ { } # Add headers to serve security related headers - more_set_headers "Strict-Transport-Security: max-age=15768000"; + more_set_headers "Strict-Transport-Security: max-age=15768000; includeSubDomains; preload;"; more_set_headers "X-Content-Type-Options: nosniff"; more_set_headers "X-XSS-Protection: 1; mode=block"; more_set_headers "X-Robots-Tag: none"; @@ -59,9 +59,9 @@ location ^~ __PATH__ { deny all; } - location ~ ^__PATH__/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|core/templates/40[34])\.php(?:$|/) { + location ~ ^__PATH__/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|ocm-provider/.+)\.php(/.*|)$ { include fastcgi_params; - fastcgi_split_path_info ^(.+\.php)(/.+)$; + fastcgi_split_path_info ^(.+\.php)(/.*|)$; fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param HTTPS on; @@ -71,14 +71,15 @@ location ^~ __PATH__ { fastcgi_intercept_errors on; } - location ~ ^__PATH__/(?:updater|ocs-provider)(?:$|/) { + location ~ ^__PATH__/(?:updater|ocs-provider|ocm-provider)(?:$|/) { try_files $uri/ =404; index index.php; } # Adding the cache control header for js and css files - location ~* \.(?:css|js)$ { - more_set_headers "Cache-Control: public, max-age=7200"; + location ~ ^__PATH__/.+[^/]\.(?:css|js|woff2?|svg|gif)$ { + try_files $uri __PATH__/index.php$request_uri; + more_set_headers "Cache-Control: public, max-age=15778463"; # Add headers to serve security related headers more_set_headers "Strict-Transport-Security: max-age=15768000"; more_set_headers "X-Content-Type-Options: nosniff"; @@ -92,7 +93,7 @@ location ^~ __PATH__ { access_log off; } - location ~* \.(?:svg|gif|png|html|ttf|woff|ico|jpg|jpeg)$ { + location ~* \.(?:png|html|ttf|ico|jpg|jpeg)$ { # Optional: Don't log access to other assets access_log off; } From 0719c177b821312275e25395a3250fd768cf655c Mon Sep 17 00:00:00 2001 From: JimboJoe Date: Tue, 5 Mar 2019 15:37:07 +0100 Subject: [PATCH 08/31] Update scripts/install Co-Authored-By: maniackcrudelis --- scripts/install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install b/scripts/install index 0f66303..19863c4 100755 --- a/scripts/install +++ b/scripts/install @@ -158,7 +158,7 @@ ynh_print_info "Configuring nextcloud..." # Ensure that UpdateNotification app is disabled exec_occ app:disable updatenotification -# Enable ldap plugins +# Enable ldap plugin exec_occ app:enable user_ldap exec_occ ldap:create-empty-config From b7e16f813971dfcba932ab2c8608d2b00976e99d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Micka=C3=ABl=20Martin?= Date: Thu, 7 Mar 2019 10:16:56 +0100 Subject: [PATCH 09/31] change server name in notify --- scripts/install | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/scripts/install b/scripts/install index 5bc37bf..cc61767 100755 --- a/scripts/install +++ b/scripts/install @@ -205,6 +205,11 @@ exec_occ config:system:get logout_url >/dev/null 2>&1 \ //-YunoHost- " >> "${final_path}/config/config.php" +#================================================= +# CHANGE HOSTNAME FOR ACTIVITY NOTIFICATIONS +#================================================= +ynh_replace_string "'overwrite.cli.url' => 'http://localhost'," "'overwrite.cli.url' => 'https://${domain}'," "${final_path}/config/config.php" + #================================================= # REMOVE THE TEMPORARY ADMIN AND SET THE TRUE ONE #================================================= From 46c496c6de9a13cc5f1cefbb9bad0197d71db13e Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Thu, 7 Mar 2019 11:51:14 +0100 Subject: [PATCH 10/31] Update install --- scripts/install | 1 + 1 file changed, 1 insertion(+) diff --git a/scripts/install b/scripts/install index cc61767..a2fc1d9 100755 --- a/scripts/install +++ b/scripts/install @@ -208,6 +208,7 @@ exec_occ config:system:get logout_url >/dev/null 2>&1 \ #================================================= # CHANGE HOSTNAME FOR ACTIVITY NOTIFICATIONS #================================================= + ynh_replace_string "'overwrite.cli.url' => 'http://localhost'," "'overwrite.cli.url' => 'https://${domain}'," "${final_path}/config/config.php" #================================================= From ee0d5457a19d37b15f0640ba27123b4ebb54e9c3 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Thu, 7 Mar 2019 11:55:02 +0100 Subject: [PATCH 11/31] Modify upgrade script as well --- scripts/upgrade | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/scripts/upgrade b/scripts/upgrade index d58f4b0..c56fc18 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -265,6 +265,12 @@ exec_occ config:system:get logout_url >/dev/null 2>&1 \ //-YunoHost- " >> "${final_path}/config/config.php" +#================================================= +# CHANGE HOSTNAME FOR ACTIVITY NOTIFICATIONS +#================================================= + +ynh_replace_string "'overwrite.cli.url' => 'http://localhost'," "'overwrite.cli.url' => 'https://${domain}'," "${final_path}/config/config.php" + #================================================= # MOUNT HOME FOLDERS AS EXTERNAL STORAGE #================================================= From c064770589db237a8a493dcdb89dc3b9289e89f5 Mon Sep 17 00:00:00 2001 From: JimboJoe Date: Sun, 10 Mar 2019 13:10:08 +0100 Subject: [PATCH 12/31] Update manifest.json Co-Authored-By: maniackcrudelis --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index a146c94..76e3273 100644 --- a/manifest.json +++ b/manifest.json @@ -14,7 +14,7 @@ "email": "apps@yunohost.org" }, "requirements": { - "yunohost": ">= 3.0" + "yunohost": ">= 3.2.0" }, "multi_instance": true, "services": [ From bb0c7fe1e6479cc41dee48b61e6de6a9ebef1b16 Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Sat, 16 Mar 2019 19:27:23 +0100 Subject: [PATCH 13/31] Add change_url feature --- check_process | 2 +- scripts/change_url | 118 +++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 119 insertions(+), 1 deletion(-) create mode 100644 scripts/change_url diff --git a/check_process b/check_process index 1741c5c..486960d 100644 --- a/check_process +++ b/check_process @@ -17,7 +17,7 @@ multi_instance=1 incorrect_path=1 port_already_use=0 - change_url=0 + change_url=1 ;;; Levels Level 1=auto Level 2=auto diff --git a/scripts/change_url b/scripts/change_url new file mode 100644 index 0000000..f645daf --- /dev/null +++ b/scripts/change_url @@ -0,0 +1,118 @@ +#!/bin/bash + +#================================================= +# GENERIC STARTING +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# RETRIEVE ARGUMENTS +#================================================= + +old_domain=$YNH_APP_OLD_DOMAIN +old_path=$YNH_APP_OLD_PATH + +new_domain=$YNH_APP_NEW_DOMAIN +new_path=$YNH_APP_NEW_PATH + +app=$YNH_APP_INSTANCE_NAME + +#================================================= +# LOAD SETTINGS +#================================================= +ynh_print_info "Loading installation settings..." + +# Needed for helper "ynh_add_nginx_config" +final_path=$(ynh_app_setting_get $app final_path) + +# Add settings here as needed by your application +#db_name=$(ynh_app_setting_get "$app" db_name) +#db_pwd=$(ynh_app_setting_get $app db_pwd) + +#================================================= +# CHECK WHICH PARTS SHOULD BE CHANGED +#================================================= + +change_domain=0 +if [ "$old_domain" != "$new_domain" ] +then + change_domain=1 +fi + +change_path=0 +if [ "$old_path" != "$new_path" ] +then + change_path=1 +fi + +#================================================= +# STANDARD MODIFICATIONS +#================================================= +# MODIFY URL IN NGINX CONF +#================================================= +ynh_print_info "Updating nginx web server configuration..." + +nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf + +# Change the path in the nginx config file +if [ $change_path -eq 1 ] +then + # Make a backup of the original nginx config file if modified + ynh_backup_if_checksum_is_different "$nginx_conf_path" + # Set global variables for nginx helper + domain="$old_domain" + path_url="$new_path" + # Create a dedicated nginx config + ynh_add_nginx_config +fi + +# Change the domain for nginx +if [ $change_domain -eq 1 ] +then + # Delete file checksum for the old conf file location + ynh_delete_file_checksum "$nginx_conf_path" + mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf + # Store file checksum for the new config file location + ynh_store_file_checksum "/etc/nginx/conf.d/$new_domain.d/$app.conf" +fi + +#================================================= +# SPECIFIC MODIFICATIONS +#================================================= +ynh_print_info "Applying Nextcloud specific modifications..." + +# Define a function to execute commands with `occ` +exec_occ() { + (cd "$final_path" && exec_as "$app" \ + php occ --no-interaction --no-ansi "$@") +} + +if [ $change_domain -eq 1 ] +then + # Change the trusted domain + exec_occ config:system:set trusted_domains 1 --value=${new_domain} + + # Change hostname for activity notifications + ynh_replace_string "'overwrite.cli.url' => 'http://${old_domain}'," "'overwrite.cli.url' => 'https://${new_domain}'," "${final_path}/config/config.php" +fi + +#================================================= + +#================================================= +# GENERIC FINALISATION +#================================================= +# RELOAD NGINX +#================================================= +ynh_print_info "Reloading nginx web server..." + +systemctl reload nginx + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info "Change of URL completed for $app" From cc08c702240e0ff8ff35abcf0590e928a47323bf Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Wed, 20 Mar 2019 20:22:37 +0100 Subject: [PATCH 14/31] Quickfix for path traversal issue --- conf/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 2e085c9..a416de2 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -6,7 +6,7 @@ location = /.well-known/caldav { } location ^~ __PATH__ { - alias __FINALPATH__/; + alias __FINALPATH__; if ($scheme = http) { rewrite ^ https://$server_name$request_uri? permanent; From 0be7e16d743ce501dd53ff9fdca203c06595a502 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Wed, 20 Mar 2019 20:56:17 +0100 Subject: [PATCH 15/31] Add `/` at the end of the location + add rewrite rule --- conf/nginx.conf | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index a416de2..6b18d36 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -5,8 +5,9 @@ location = /.well-known/caldav { return 301 https://$server_name__PATH__/remote.php/dav; } -location ^~ __PATH__ { - alias __FINALPATH__; +#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; +location ^~ __PATH__/ { + alias __FINALPATH__/; if ($scheme = http) { rewrite ^ https://$server_name$request_uri? permanent; @@ -42,7 +43,7 @@ location ^~ __PATH__ { #rewrite ^/.well-known/host-meta __PATH__/public.php?service=host-meta last; #rewrite ^/.well-known/host-meta.json __PATH__/public.php?service=host-meta-json last; - location __PATH__ { + location __PATH__/ { rewrite ^ __PATH__/index.php$request_uri; } From 5ff310068fff6a8b91394e4874c7ec77b6e3f1b1 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Sun, 24 Mar 2019 16:46:26 +0100 Subject: [PATCH 16/31] Update pull_request_template.md --- pull_request_template.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/pull_request_template.md b/pull_request_template.md index 2342905..1301157 100644 --- a/pull_request_template.md +++ b/pull_request_template.md @@ -19,7 +19,6 @@ - [ ] **Approval (LGTM)** : - [ ] **Approval (LGTM)** : - **CI succeeded** : -[![Build Status](https://ci-apps-dev.yunohost.org/jenkins/job/nextcloud_ynh%20-BRANCH-%20(Official)/badge/icon)](https://ci-apps-dev.yunohost.org/jenkins/job/nextcloud_ynh%20-BRANCH-%20(Official)/) *Please replace '-BRANCH-' in this link for a PR from a local branch.* -or -[![Build Status](https://ci-apps-dev.yunohost.org/jenkins/job/nextcloud_ynh%20PR-NUM-%20(Official_fork)/badge/icon)](https://ci-apps-dev.yunohost.org/jenkins/job/nextcloud_ynh%20PR-NUM-%20(Official_fork)/) *Replace '-NUM-' by the PR number in this link for a PR from a forked repository.* +[![Build Status](https://ci-apps-dev.yunohost.org/jenkins/job/nextcloud_ynh%20PR-NUM-/badge/icon)](https://ci-apps-dev.yunohost.org/jenkins/job/nextcloud_ynh%20PR-NUM-/) +*Please replace '-NUM-' in this link by the PR number.* When the PR is marked as ready to merge, you have to wait for 3 days before really merging it. From 493172ea4dfc812518df575e6b18c982e31a3e7e Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Sun, 24 Mar 2019 22:57:40 +0100 Subject: [PATCH 17/31] Add fail2ban configuration --- manifest.json | 2 +- scripts/_common.sh | 160 ++++++++++++++++++++++++++++++++++++++++++++- scripts/backup | 8 +++ scripts/install | 8 +++ scripts/remove | 8 +++ scripts/restore | 17 +++++ scripts/upgrade | 8 +++ 7 files changed, 207 insertions(+), 4 deletions(-) diff --git a/manifest.json b/manifest.json index cd64223..b4b54e3 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Access & share your files, calendars, contacts, mail & more from any device, on your terms", "fr": "Consultez et partagez vos fichiers, agendas, carnets d'adresses, emails et bien plus depuis les appareils de votre choix, sous vos conditions" }, - "version": "15.0.5~ynh1", + "version": "15.0.5~ynh2", "url": "https://nextcloud.com", "license": "AGPL-3.0", "maintainer": { diff --git a/scripts/_common.sh b/scripts/_common.sh index 4a5a280..64f2467 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -5,6 +5,160 @@ pkg_dependencies="php-gd php-json php-intl php-mcrypt php-curl php-apcu php-redis php-ldap php-imagick php-zip php-mbstring php-xml imagemagick acl tar smbclient at" +#================================================= +# UNSTABLE HELPERS +#================================================= + +# Create a dedicated fail2ban config (jail and filter conf files) +# +# usage 1: ynh_add_fail2ban_config --logpath=log_file --failregex=filter [--max_retry=max_retry] [--ports=ports] +# | arg: -l, --logpath= - Log file to be checked by fail2ban +# | arg: -r, --failregex= - Failregex to be looked for by fail2ban +# | arg: -m, --max_retry= - Maximum number of retries allowed before banning IP address - default: 3 +# | arg: -p, --ports= - Ports blocked for a banned IP address - default: http,https +# +# ----------------------------------------------------------------------------- +# +# usage 2: ynh_add_fail2ban_config --use_template [--others_var="list of others variables to replace"] +# | arg: -t, --use_template - Use this helper in template mode +# | arg: -v, --others_var= - List of others variables to replace separeted by a space +# | for example : 'var_1 var_2 ...' +# +# This will use a template in ../conf/f2b_jail.conf and ../conf/f2b_filter.conf +# __APP__ by $app +# +# You can dynamically replace others variables by example : +# __VAR_1__ by $var_1 +# __VAR_2__ by $var_2 +# +# Generally your template will look like that by example (for synapse): +# +# f2b_jail.conf: +# [__APP__] +# enabled = true +# port = http,https +# filter = __APP__ +# logpath = /var/log/__APP__/logfile.log +# maxretry = 3 +# +# f2b_filter.conf: +# [INCLUDES] +# before = common.conf +# [Definition] +# +# # Part of regex definition (just used to make more easy to make the global regex) +# __synapse_start_line = .? \- synapse\..+ \- +# +# # Regex definition. +# failregex = ^%(__synapse_start_line)s INFO \- POST\-(\d+)\- \- \d+ \- Received request\: POST /_matrix/client/r0/login\??%(__synapse_start_line)s INFO \- POST\-\1\- Got login request with identifier: \{u'type': u'm.id.user', u'user'\: u'(.+?)'\}, medium\: None, address: None, user\: u'\5'%(__synapse_start_line)s WARNING \- \- (Attempted to login as @\5\:.+ but they do not exist|Failed password login for user @\5\:.+)$ +# +# ignoreregex = +# +# ----------------------------------------------------------------------------- +# +# Note about the "failregex" option: +# regex to match the password failure messages in the logfile. The +# host must be matched by a group named "host". The tag "" can +# be used for standard IP/hostname matching and is only an alias for +# (?:::f{4,6}:)?(?P[\w\-.^_]+) +# +# You can find some more explainations about how to make a regex here : +# https://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Filters +# +# Note that the logfile need to exist before to call this helper !! +# +# To validate your regex you can test with this command: +# fail2ban-regex /var/log/YOUR_LOG_FILE_PATH /etc/fail2ban/filter.d/YOUR_APP.conf +# +# Requires YunoHost version 3.?.? or higher. +ynh_add_fail2ban_config () { + # Declare an array to define the options of this helper. + local legacy_args=lrmptv + declare -Ar args_array=( [l]=logpath= [r]=failregex= [m]=max_retry= [p]=ports= [t]=use_template [v]=others_var=) + local logpath + local failregex + local max_retry + local ports + local others_var + local use_template + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + use_template="${use_template:-0}" + max_retry=${max_retry:-3} + ports=${ports:-http,https} + + finalfail2banjailconf="/etc/fail2ban/jail.d/$app.conf" + finalfail2banfilterconf="/etc/fail2ban/filter.d/$app.conf" + ynh_backup_if_checksum_is_different "$finalfail2banjailconf" + ynh_backup_if_checksum_is_different "$finalfail2banfilterconf" + + if [ $use_template -eq 1 ] + then + # Usage 2, templates + cp ../conf/f2b_jail.conf $finalfail2banjailconf + cp ../conf/f2b_filter.conf $finalfail2banfilterconf + + if [ -n "${app:-}" ] + then + ynh_replace_string "__APP__" "$app" "$finalfail2banjailconf" + ynh_replace_string "__APP__" "$app" "$finalfail2banfilterconf" + fi + + # Replace all other variable given as arguments + for var_to_replace in ${others_var:-}; do + # ${var_to_replace^^} make the content of the variable on upper-cases + # ${!var_to_replace} get the content of the variable named $var_to_replace + ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finalfail2banjailconf" + ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finalfail2banfilterconf" + done + + else + # Usage 1, no template. Build a config file from scratch. + test -n "$logpath" || ynh_die "ynh_add_fail2ban_config expects a logfile path as first argument and received nothing." + test -n "$failregex" || ynh_die "ynh_add_fail2ban_config expects a failure regex as second argument and received nothing." + + tee $finalfail2banjailconf < Date: Mon, 25 Mar 2019 19:52:08 +0100 Subject: [PATCH 18/31] Add ynh_systemd_action unstable helper --- scripts/_common.sh | 96 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 96 insertions(+) diff --git a/scripts/_common.sh b/scripts/_common.sh index 64f2467..1b4d782 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -9,6 +9,102 @@ pkg_dependencies="php-gd php-json php-intl php-mcrypt php-curl php-apcu php-redi # UNSTABLE HELPERS #================================================= +# Start (or other actions) a service, print a log in case of failure and optionnaly wait until the service is completely started +# +# usage: ynh_systemd_action [-n service_name] [-a action] [ [-l "line to match"] [-p log_path] [-t timeout] [-e length] ] +# | arg: -n, --service_name= - Name of the service to start. Default : $app +# | arg: -a, --action= - Action to perform with systemctl. Default: start +# | arg: -l, --line_match= - Line to match - The line to find in the log to attest the service have finished to boot. +# If not defined it don't wait until the service is completely started. +# WARNING: When using --line_match, you should always add `ynh_clean_check_starting` into your +# `ynh_clean_setup` at the beginning of the script. Otherwise, tail will not stop in case of failure +# of the script. The script will then hang forever. +# | arg: -p, --log_path= - Log file - Path to the log file. Default : /var/log/$app/$app.log +# | arg: -t, --timeout= - Timeout - The maximum time to wait before ending the watching. Default : 300 seconds. +# | arg: -e, --length= - Length of the error log : Default : 20 +ynh_systemd_action() { + # Declare an array to define the options of this helper. + declare -Ar args_array=( [n]=service_name= [a]=action= [l]=line_match= [p]=log_path= [t]=timeout= [e]=length= ) + local service_name + local action + local line_match + local length + local log_path + local timeout + + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + local service_name="${service_name:-$app}" + local action=${action:-start} + local log_path="${log_path:-/var/log/$service_name/$service_name.log}" + local length=${length:-20} + local timeout=${timeout:-300} + + # Start to read the log + if [[ -n "${line_match:-}" ]] + then + local templog="$(mktemp)" + # Following the starting of the app in its log + if [ "$log_path" == "systemd" ] ; then + # Read the systemd journal + journalctl --unit=$service_name --follow --since=-0 --quiet > "$templog" & + # Get the PID of the journalctl command + local pid_tail=$! + else + # Read the specified log file + tail -F -n0 "$log_path" > "$templog" 2>&1 & + # Get the PID of the tail command + local pid_tail=$! + fi + fi + + ynh_print_info --message="${action^} the service $service_name" + + # Use reload-or-restart instead of reload. So it wouldn't fail if the service isn't running. + if [ "$action" == "reload" ]; then + action="reload-or-restart" + fi + + systemctl $action $service_name \ + || ( journalctl --no-pager --lines=$length -u $service_name >&2 \ + ; test -e "$log_path" && echo "--" >&2 && tail --lines=$length "$log_path" >&2 \ + ; false ) + + # Start the timeout and try to find line_match + if [[ -n "${line_match:-}" ]] + then + local i=0 + for i in $(seq 1 $timeout) + do + # Read the log until the sentence is found, that means the app finished to start. Or run until the timeout + if grep --quiet "$line_match" "$templog" + then + ynh_print_info --message="The service $service_name has correctly started." + break + fi + if [ $i -eq 3 ]; then + echo -n "Please wait, the service $service_name is ${action}ing" >&2 + fi + if [ $i -ge 3 ]; then + echo -n "." >&2 + fi + sleep 1 + done + if [ $i -ge 3 ]; then + echo "" >&2 + fi + if [ $i -eq $timeout ] + then + ynh_print_warn --message="The service $service_name didn't fully started before the timeout." + ynh_print_warn --message="Please find here an extract of the end of the log of the service $service_name:" + journalctl --no-pager --lines=$length -u $service_name >&2 + test -e "$log_path" && echo "--" >&2 && tail --lines=$length "$log_path" >&2 + fi + ynh_clean_check_starting + fi +} + # Create a dedicated fail2ban config (jail and filter conf files) # # usage 1: ynh_add_fail2ban_config --logpath=log_file --failregex=filter [--max_retry=max_retry] [--ports=ports] From 3dc9ba202029a899e5aaeda13bded89ff7479eed Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Thu, 4 Apr 2019 16:22:36 +0200 Subject: [PATCH 19/31] [fix] Quick fix for backup_core_only feature with the old backup. --- scripts/upgrade | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/scripts/upgrade b/scripts/upgrade index e6de161..6095a5a 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -56,8 +56,16 @@ current_major_version=${current_version%%.*} if [ $current_major_version -gt 11 ] then + # Inform the backup/restore process that it should not save the data directory + # Use only for the previous backup script that doesn't set 'is_big' + ynh_app_setting_set $app backup_core_only 1 + # Backup the current version of the app ynh_backup_before_upgrade + + # Remove the option backup_core_only after the backup. + ynh_app_setting_delete $app backup_core_only + ynh_clean_setup () { # Remove the post migration script before its execution ! ynh_secure_remove "/tmp/owncloud_post_migration.sh" 2>&1 From 4726c546f5d62fd0f2dd7f456c0435ba853a840f Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Thu, 4 Apr 2019 22:18:12 +0200 Subject: [PATCH 20/31] Update manifest.json --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index cd64223..b4b54e3 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Access & share your files, calendars, contacts, mail & more from any device, on your terms", "fr": "Consultez et partagez vos fichiers, agendas, carnets d'adresses, emails et bien plus depuis les appareils de votre choix, sous vos conditions" }, - "version": "15.0.5~ynh1", + "version": "15.0.5~ynh2", "url": "https://nextcloud.com", "license": "AGPL-3.0", "maintainer": { From acffd4cf383cf31c238fdec3244e8434655b6138 Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Thu, 4 Apr 2019 22:28:24 +0200 Subject: [PATCH 21/31] Fix OPcache warnings --- conf/php-fpm.ini | 7 ------- scripts/upgrade | 4 ++++ 2 files changed, 4 insertions(+), 7 deletions(-) delete mode 100644 conf/php-fpm.ini diff --git a/conf/php-fpm.ini b/conf/php-fpm.ini deleted file mode 100644 index 104f242..0000000 --- a/conf/php-fpm.ini +++ /dev/null @@ -1,7 +0,0 @@ -opcache.enable=1 -opcache.enable_cli=1 -opcache.interned_strings_buffer=8 -opcache.max_accelerated_files=10000 -opcache.memory_consumption=128 -opcache.save_comments=1 -opcache.revalidate_freq=1 diff --git a/scripts/upgrade b/scripts/upgrade index d905f64..c600414 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -140,6 +140,10 @@ ynh_print_info "Upgrading php-fpm configuration..." # Create a dedicated php-fpm config ynh_add_fpm_config +# Delete existing ini configuration file (backward compatibility) +if [ -f /etc/php/7.0/fpm/conf.d/20-$app.ini ]; then + ynh_secure_remove /etc/php/7.0/fpm/conf.d/20-$app.ini +fi #================================================= # UPGRADE DEPENDENCIES #================================================= From 779173d6c4fb229d7cb0590be6a5f08c2f55c560 Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Thu, 4 Apr 2019 22:28:53 +0200 Subject: [PATCH 22/31] Fix PATH warning --- conf/php-fpm.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index 74825fa..60ddc95 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -392,7 +392,7 @@ chdir = __FINALPATH__ ;env[TMP] = /tmp ;env[TMPDIR] = /tmp ;env[TEMP] = /tmp - +env[PATH] = $PATH ; Additional php.ini defines, specific to this pool of workers. These settings ; overwrite the values previously defined in the php.ini. The directives are the ; same as the PHP SAPI: From 477391a2031bb6827910c1bc6a6a1feabbdfbdaf Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Thu, 4 Apr 2019 22:29:06 +0200 Subject: [PATCH 23/31] Fix always_populate_raw_post_data warning --- conf/php-fpm.conf | 1 - 1 file changed, 1 deletion(-) diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index 60ddc95..f13ed6d 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -433,7 +433,6 @@ env[PATH] = $PATH php_value[upload_max_filesize] = 10G php_value[post_max_size] = 10G php_value[default_charset] = UTF-8 -php_value[always_populate_raw_post_data] = -1 php_value[opcache.enable]=1 php_value[opcache.enable_cli]=1 php_value[opcache.interned_strings_buffer]=8 From 2549f0ed40fe217907fc91386d4b4fb97d0aff5b Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Thu, 4 Apr 2019 22:29:43 +0200 Subject: [PATCH 24/31] Fix impossible upload via web interface --- conf/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 3159d95..6c5d7ec 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -65,7 +65,7 @@ location ^~ __PATH__/ { location ~ ^__PATH__/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|ocm-provider/.+)\.php(/.*|)$ { include fastcgi_params; - fastcgi_split_path_info ^(.+\.php)(/.*|)$; + fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param HTTPS on; From 64088059de103e2b41bcce9d35e567d57be3fd39 Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Thu, 4 Apr 2019 22:29:43 +0200 Subject: [PATCH 25/31] Fix impossible upload via web interface --- conf/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index b6e4498..52208c0 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -64,7 +64,7 @@ location ^~ __PATH__ { location ~ ^__PATH__/(?:index|remote|public|cron|core/ajax/update|status|ocs/v[12]|updater/.+|ocs-provider/.+|ocm-provider/.+)\.php(/.*|)$ { include fastcgi_params; - fastcgi_split_path_info ^(.+\.php)(/.*|)$; + fastcgi_split_path_info ^(.+\.php)(/.+)$; fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param HTTPS on; From a35a2457ce46ddc788e44062adf1ac8ada558b91 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sat, 6 Apr 2019 00:41:46 +0200 Subject: [PATCH 26/31] Update version number for hotfix about upload (also agreed with Maniack ... sorry folks for the yolocommit to master outside standard procedure :/) --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index b4b54e3..e132a8c 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Access & share your files, calendars, contacts, mail & more from any device, on your terms", "fr": "Consultez et partagez vos fichiers, agendas, carnets d'adresses, emails et bien plus depuis les appareils de votre choix, sous vos conditions" }, - "version": "15.0.5~ynh2", + "version": "15.0.5~ynh3", "url": "https://nextcloud.com", "license": "AGPL-3.0", "maintainer": { From 53929af2e27f2b9990873b104a646d43726a8623 Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Wed, 10 Apr 2019 19:38:26 +0200 Subject: [PATCH 27/31] Upgrade to upstream version 15.0.7 --- README.md | 6 +++--- manifest.json | 2 +- scripts/upgrade.d/upgrade.last.sh | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 04b7f45..644bb7e 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to own data. A personal cloud which run on your own server. With Nextcloud you can synchronize your files over your devices. -**Shipped version:** 15.0.5 +**Shipped version:** 15.0.7 ## Screenshots @@ -81,10 +81,10 @@ This can only be done from the command-line interface - e.g. through SSH. Once you're connected, you simply have to execute the following: ```bash -sudo yunohost app upgrade -u https://github.com/YunoHost-Apps/nextcloud_ynh owncloud --verbose +sudo yunohost app upgrade -u https://github.com/YunoHost-Apps/nextcloud_ynh owncloud --debug ``` -The `--verbose` option will let you see the full output. If you encounter any +The `--debug` option will let you see the full output. If you encounter any issue, please paste it. Note that a cron job will be executed at some time after the end of this diff --git a/manifest.json b/manifest.json index b4b54e3..6919f99 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Access & share your files, calendars, contacts, mail & more from any device, on your terms", "fr": "Consultez et partagez vos fichiers, agendas, carnets d'adresses, emails et bien plus depuis les appareils de votre choix, sous vos conditions" }, - "version": "15.0.5~ynh2", + "version": "15.0.7~ynh1", "url": "https://nextcloud.com", "license": "AGPL-3.0", "maintainer": { diff --git a/scripts/upgrade.d/upgrade.last.sh b/scripts/upgrade.d/upgrade.last.sh index e66bb23..b576bdc 100755 --- a/scripts/upgrade.d/upgrade.last.sh +++ b/scripts/upgrade.d/upgrade.last.sh @@ -1,10 +1,10 @@ #!/bin/bash # Last available nextcloud version -next_version="15.0.5" +next_version="15.0.7" # Nextcloud tarball checksum sha256 -nextcloud_source_sha256="4661869b797a340cd967abb3dbe6931b375434e0a44480346a27ccd73250b988" +nextcloud_source_sha256="3e6158951fa72010ccd50dbeac05d8df162183f7bbc62a1c6c89ed7081fa9d49" # This function will only be executed upon applying the last upgrade referenced above last_upgrade_operations () { From a6ac80820dbc315cda93d5360ee48ea15181a038 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Mon, 15 Apr 2019 20:55:42 +0200 Subject: [PATCH 28/31] Move from ci-apps-dev to ci-apps-hq --- pull_request_template.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pull_request_template.md b/pull_request_template.md index 1301157..da30b7b 100644 --- a/pull_request_template.md +++ b/pull_request_template.md @@ -19,6 +19,6 @@ - [ ] **Approval (LGTM)** : - [ ] **Approval (LGTM)** : - **CI succeeded** : -[![Build Status](https://ci-apps-dev.yunohost.org/jenkins/job/nextcloud_ynh%20PR-NUM-/badge/icon)](https://ci-apps-dev.yunohost.org/jenkins/job/nextcloud_ynh%20PR-NUM-/) +[![Build Status](https://ci-apps-hq.yunohost.org/jenkins/job/nextcloud_ynh%20PR-NUM-/badge/icon)](https://ci-apps-hq.yunohost.org/jenkins/job/nextcloud_ynh%20PR-NUM-/) *Please replace '-NUM-' in this link by the PR number.* When the PR is marked as ready to merge, you have to wait for 3 days before really merging it. From 377037ce45d4e98d15a7bab1623415e592cca1eb Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Mon, 6 May 2019 01:11:18 +0200 Subject: [PATCH 29/31] Handle well-known conflict --- scripts/_common.sh | 33 +++++++++++++++++++++++++++++---- scripts/change_url | 13 +++++++++++++ scripts/install | 11 +++++++---- scripts/restore | 9 +++++++++ scripts/upgrade | 11 +++++++---- 5 files changed, 65 insertions(+), 12 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index 1b4d782..d2e19d5 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -272,15 +272,40 @@ exec_as() { fi } +#================================================= + # Check if an URL is already handled # usage: is_url_handled URL is_url_handled() { - local output=($(curl -k -s -o /dev/null \ - -w 'x%{redirect_url} %{http_code}' "$1")) - # It's handled if it does not redirect to the SSO nor return 404 - [[ ! ${output[0]} =~ \/yunohost\/sso\/ && ${output[1]} != 404 ]] + # Declare an array to define the options of this helper. + declare -Ar args_array=( [u]=url= ) + local url + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + # Try to get the url with curl, and keep the http code and an eventual redirection url. + local curl_output="$(curl --insecure --silent --output /dev/null \ + --write-out '%{http_code};%{redirect_url}' "$url")" + + # Cut the output and keep only the first part to keep the http code + local http_code="${curl_output%%;*}" + # Do the same thing but keep the second part, the redirection url + local redirection="${curl_output#*;}" + + # Return 1 if the url isn't handled. + # Which means either curl got a 404 (or the admin) or the sso. + # A handled url should redirect to a publicly accessible url. + # Return 1 if the url has returned 404 + if [ "$http_code" = "404" ] || [[ $redirection =~ "/yunohost/admin" ]]; then + return 1 + # Return 1 if the url is redirected to the SSO + elif [[ $redirection =~ "/yunohost/sso" ]]; then + return 1 + fi } +#================================================= + # Make the main steps to migrate an app to its fork. # # This helper has to be used for an app which needs to migrate to a new name or a new fork diff --git a/scripts/change_url b/scripts/change_url index f645daf..5900652 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -100,6 +100,19 @@ then ynh_replace_string "'overwrite.cli.url' => 'http://${old_domain}'," "'overwrite.cli.url' => 'https://${new_domain}'," "${final_path}/config/config.php" fi +if [ $change_domain -eq 1 ] +then + # Check if .well-known is available for this domain + if is_url_handled "https://$domain/.well-known/caldav" || is_url_handled "https://$domain/.well-known/carddav" + then + ynh_print_warn --message="Another app already uses the domain $domain to serve a caldav/carddav feature. You may encounter issues when dealing with your calendar or address book." + + # Remove lines about .well-known/carddav and caldav with sed. + sed --in-place --regexp-extended '/^location = \/\.well\-known\/(caldav|carddav) \{/,/\}/d' "/etc/nginx/conf.d/$new_domain.d/$app.conf" + ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" + fi +fi + #================================================= #================================================= diff --git a/scripts/install b/scripts/install index f1c431a..b7ad783 100755 --- a/scripts/install +++ b/scripts/install @@ -92,10 +92,13 @@ ynh_setup_source "$final_path" #================================================= ynh_print_info "Configuring nginx web server..." -# Do not serve .well-known if it's already served on the domain -if is_url_handled "https://$domain/.well-known/caldav" ; then - sed -ri '/^location = \/\.well\-known\/(caldav|carddav) \{/,/\}/d' \ - "../conf/nginx.conf" +# Check if .well-known is available for this domain +if is_url_handled "https://$domain/.well-known/caldav" || is_url_handled "https://$domain/.well-known/carddav" +then + ynh_print_warn --message="Another app already uses the domain $domain to serve a caldav/carddav feature. You may encounter issues when dealing with your calendar or address book." + + # Remove lines about .well-known/carddav and caldav with sed. + sed --in-place --regexp-extended '/^location = \/\.well\-known\/(caldav|carddav) \{/,/\}/d' "../conf/nginx.conf" fi # Create a dedicated nginx config diff --git a/scripts/restore b/scripts/restore index c3d55b1..0a28807 100755 --- a/scripts/restore +++ b/scripts/restore @@ -46,6 +46,15 @@ test ! -d $final_path \ ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" +# Check if .well-known is available for this domain +if is_url_handled "https://$domain/.well-known/caldav" || is_url_handled "https://$domain/.well-known/carddav" +then + ynh_print_warn --message="Another app already uses the domain $domain to serve a caldav/carddav feature. You may encounter issues when dealing with your calendar or address book." + + # Remove lines about .well-known/carddav and caldav with sed. + sed --in-place --regexp-extended '/^location = \/\.well\-known\/(caldav|carddav) \{/,/\}/d' "/etc/nginx/conf.d/$domain.d/$app.conf" +fi + #================================================= # RESTORE THE APP MAIN DIR #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 167bbe0..79dac00 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -123,10 +123,13 @@ ynh_backup_if_checksum_is_different "/etc/nginx/conf.d/$domain.d/$app.conf" ynh_remove_nginx_config ynh_app_setting_delete $app "checksum__etc_nginx_conf.d_$domain.d_$app.conf" || true -# Do not serve .well-known if it's already served on the domain -if is_url_handled "https://$domain/.well-known/caldav" ; then - sed -ri '/^location = \/\.well\-known\/(caldav|carddav) \{/,/\}/d' \ - "../conf/nginx.conf" +# Check if .well-known is available for this domain +if is_url_handled "https://$domain/.well-known/caldav" || is_url_handled "https://$domain/.well-known/carddav" +then + ynh_print_warn --message="Another app already uses the domain $domain to serve a caldav/carddav feature. You may encounter issues when dealing with your calendar or address book." + + # Remove lines about .well-known/carddav and caldav with sed. + sed --in-place --regexp-extended '/^location = \/\.well\-known\/(caldav|carddav) \{/,/\}/d' "../conf/nginx.conf" fi # Create a dedicated nginx config From 57225b8c6af27504d7fc346e29fd34bb6e0348be Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Sun, 12 May 2019 21:40:00 +0200 Subject: [PATCH 30/31] Normalization from example_ynh --- README.md | 7 +- check_process | 13 +- manifest.json | 2 +- scripts/_common.sh | 295 ++-------------------------------- scripts/backup | 43 +++-- scripts/change_url | 32 ++-- scripts/install | 103 ++++++------ scripts/remove | 34 ++-- scripts/restore | 77 +++++---- scripts/upgrade | 386 +++++++++++++++++++++++---------------------- 10 files changed, 358 insertions(+), 634 deletions(-) diff --git a/README.md b/README.md index 644bb7e..16a8a7c 100644 --- a/README.md +++ b/README.md @@ -47,9 +47,9 @@ this package: #### Supported architectures -* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/nextcloud%20%28Official%29.svg)](https://ci-apps.yunohost.org/ci/apps/nextcloud/) -* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/nextcloud%20%28Official%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/nextcloud/) -* Jessie x86-64b - [![Build Status](https://ci-stretch.nohost.me/ci/logs/nextcloud%20%28Official%29.svg)](https://ci-stretch.nohost.me/ci/apps/nextcloud/) +* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/nextcloud%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/nextcloud/) +* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/nextcloud%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/nextcloud/) +* Jessie x86-64b - [![Build Status](https://ci-stretch.nohost.me/ci/logs/nextcloud%20%28Apps%29.svg)](https://ci-stretch.nohost.me/ci/apps/nextcloud/) ## Limitations @@ -104,6 +104,7 @@ sudo yunohost app ssowatconf * Report a bug: https://github.com/YunoHost-Apps/nextcloud_ynh/issues * Nextcloud website: https://nextcloud.com/ + * Nextcloud repository: https://github.com/nextcloud/server * YunoHost website: https://yunohost.org/ --- diff --git a/check_process b/check_process index 486960d..8b4cff8 100644 --- a/check_process +++ b/check_process @@ -19,18 +19,7 @@ port_already_use=0 change_url=1 ;;; Levels - Level 1=auto - Level 2=auto - Level 3=auto -# Level 4: LDAP and http auth - Level 4=1 -# Level 5: https://github.com/YunoHost-Apps/nextcloud_ynh/issues/58 - Level 5=1 - Level 6=auto - Level 7=auto - Level 8=0 - Level 9=0 - Level 10=0 + Level 5=auto ;;; Options Email= Notification=none diff --git a/manifest.json b/manifest.json index 6919f99..da51998 100644 --- a/manifest.json +++ b/manifest.json @@ -14,7 +14,7 @@ "email": "apps@yunohost.org" }, "requirements": { - "yunohost": ">= 3.2.0" + "yunohost": ">= 3.5.0" }, "multi_instance": true, "services": [ diff --git a/scripts/_common.sh b/scripts/_common.sh index d2e19d5..413f729 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -5,256 +5,6 @@ pkg_dependencies="php-gd php-json php-intl php-mcrypt php-curl php-apcu php-redis php-ldap php-imagick php-zip php-mbstring php-xml imagemagick acl tar smbclient at" -#================================================= -# UNSTABLE HELPERS -#================================================= - -# Start (or other actions) a service, print a log in case of failure and optionnaly wait until the service is completely started -# -# usage: ynh_systemd_action [-n service_name] [-a action] [ [-l "line to match"] [-p log_path] [-t timeout] [-e length] ] -# | arg: -n, --service_name= - Name of the service to start. Default : $app -# | arg: -a, --action= - Action to perform with systemctl. Default: start -# | arg: -l, --line_match= - Line to match - The line to find in the log to attest the service have finished to boot. -# If not defined it don't wait until the service is completely started. -# WARNING: When using --line_match, you should always add `ynh_clean_check_starting` into your -# `ynh_clean_setup` at the beginning of the script. Otherwise, tail will not stop in case of failure -# of the script. The script will then hang forever. -# | arg: -p, --log_path= - Log file - Path to the log file. Default : /var/log/$app/$app.log -# | arg: -t, --timeout= - Timeout - The maximum time to wait before ending the watching. Default : 300 seconds. -# | arg: -e, --length= - Length of the error log : Default : 20 -ynh_systemd_action() { - # Declare an array to define the options of this helper. - declare -Ar args_array=( [n]=service_name= [a]=action= [l]=line_match= [p]=log_path= [t]=timeout= [e]=length= ) - local service_name - local action - local line_match - local length - local log_path - local timeout - - # Manage arguments with getopts - ynh_handle_getopts_args "$@" - - local service_name="${service_name:-$app}" - local action=${action:-start} - local log_path="${log_path:-/var/log/$service_name/$service_name.log}" - local length=${length:-20} - local timeout=${timeout:-300} - - # Start to read the log - if [[ -n "${line_match:-}" ]] - then - local templog="$(mktemp)" - # Following the starting of the app in its log - if [ "$log_path" == "systemd" ] ; then - # Read the systemd journal - journalctl --unit=$service_name --follow --since=-0 --quiet > "$templog" & - # Get the PID of the journalctl command - local pid_tail=$! - else - # Read the specified log file - tail -F -n0 "$log_path" > "$templog" 2>&1 & - # Get the PID of the tail command - local pid_tail=$! - fi - fi - - ynh_print_info --message="${action^} the service $service_name" - - # Use reload-or-restart instead of reload. So it wouldn't fail if the service isn't running. - if [ "$action" == "reload" ]; then - action="reload-or-restart" - fi - - systemctl $action $service_name \ - || ( journalctl --no-pager --lines=$length -u $service_name >&2 \ - ; test -e "$log_path" && echo "--" >&2 && tail --lines=$length "$log_path" >&2 \ - ; false ) - - # Start the timeout and try to find line_match - if [[ -n "${line_match:-}" ]] - then - local i=0 - for i in $(seq 1 $timeout) - do - # Read the log until the sentence is found, that means the app finished to start. Or run until the timeout - if grep --quiet "$line_match" "$templog" - then - ynh_print_info --message="The service $service_name has correctly started." - break - fi - if [ $i -eq 3 ]; then - echo -n "Please wait, the service $service_name is ${action}ing" >&2 - fi - if [ $i -ge 3 ]; then - echo -n "." >&2 - fi - sleep 1 - done - if [ $i -ge 3 ]; then - echo "" >&2 - fi - if [ $i -eq $timeout ] - then - ynh_print_warn --message="The service $service_name didn't fully started before the timeout." - ynh_print_warn --message="Please find here an extract of the end of the log of the service $service_name:" - journalctl --no-pager --lines=$length -u $service_name >&2 - test -e "$log_path" && echo "--" >&2 && tail --lines=$length "$log_path" >&2 - fi - ynh_clean_check_starting - fi -} - -# Create a dedicated fail2ban config (jail and filter conf files) -# -# usage 1: ynh_add_fail2ban_config --logpath=log_file --failregex=filter [--max_retry=max_retry] [--ports=ports] -# | arg: -l, --logpath= - Log file to be checked by fail2ban -# | arg: -r, --failregex= - Failregex to be looked for by fail2ban -# | arg: -m, --max_retry= - Maximum number of retries allowed before banning IP address - default: 3 -# | arg: -p, --ports= - Ports blocked for a banned IP address - default: http,https -# -# ----------------------------------------------------------------------------- -# -# usage 2: ynh_add_fail2ban_config --use_template [--others_var="list of others variables to replace"] -# | arg: -t, --use_template - Use this helper in template mode -# | arg: -v, --others_var= - List of others variables to replace separeted by a space -# | for example : 'var_1 var_2 ...' -# -# This will use a template in ../conf/f2b_jail.conf and ../conf/f2b_filter.conf -# __APP__ by $app -# -# You can dynamically replace others variables by example : -# __VAR_1__ by $var_1 -# __VAR_2__ by $var_2 -# -# Generally your template will look like that by example (for synapse): -# -# f2b_jail.conf: -# [__APP__] -# enabled = true -# port = http,https -# filter = __APP__ -# logpath = /var/log/__APP__/logfile.log -# maxretry = 3 -# -# f2b_filter.conf: -# [INCLUDES] -# before = common.conf -# [Definition] -# -# # Part of regex definition (just used to make more easy to make the global regex) -# __synapse_start_line = .? \- synapse\..+ \- -# -# # Regex definition. -# failregex = ^%(__synapse_start_line)s INFO \- POST\-(\d+)\- \- \d+ \- Received request\: POST /_matrix/client/r0/login\??%(__synapse_start_line)s INFO \- POST\-\1\- Got login request with identifier: \{u'type': u'm.id.user', u'user'\: u'(.+?)'\}, medium\: None, address: None, user\: u'\5'%(__synapse_start_line)s WARNING \- \- (Attempted to login as @\5\:.+ but they do not exist|Failed password login for user @\5\:.+)$ -# -# ignoreregex = -# -# ----------------------------------------------------------------------------- -# -# Note about the "failregex" option: -# regex to match the password failure messages in the logfile. The -# host must be matched by a group named "host". The tag "" can -# be used for standard IP/hostname matching and is only an alias for -# (?:::f{4,6}:)?(?P[\w\-.^_]+) -# -# You can find some more explainations about how to make a regex here : -# https://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Filters -# -# Note that the logfile need to exist before to call this helper !! -# -# To validate your regex you can test with this command: -# fail2ban-regex /var/log/YOUR_LOG_FILE_PATH /etc/fail2ban/filter.d/YOUR_APP.conf -# -# Requires YunoHost version 3.?.? or higher. -ynh_add_fail2ban_config () { - # Declare an array to define the options of this helper. - local legacy_args=lrmptv - declare -Ar args_array=( [l]=logpath= [r]=failregex= [m]=max_retry= [p]=ports= [t]=use_template [v]=others_var=) - local logpath - local failregex - local max_retry - local ports - local others_var - local use_template - # Manage arguments with getopts - ynh_handle_getopts_args "$@" - use_template="${use_template:-0}" - max_retry=${max_retry:-3} - ports=${ports:-http,https} - - finalfail2banjailconf="/etc/fail2ban/jail.d/$app.conf" - finalfail2banfilterconf="/etc/fail2ban/filter.d/$app.conf" - ynh_backup_if_checksum_is_different "$finalfail2banjailconf" - ynh_backup_if_checksum_is_different "$finalfail2banfilterconf" - - if [ $use_template -eq 1 ] - then - # Usage 2, templates - cp ../conf/f2b_jail.conf $finalfail2banjailconf - cp ../conf/f2b_filter.conf $finalfail2banfilterconf - - if [ -n "${app:-}" ] - then - ynh_replace_string "__APP__" "$app" "$finalfail2banjailconf" - ynh_replace_string "__APP__" "$app" "$finalfail2banfilterconf" - fi - - # Replace all other variable given as arguments - for var_to_replace in ${others_var:-}; do - # ${var_to_replace^^} make the content of the variable on upper-cases - # ${!var_to_replace} get the content of the variable named $var_to_replace - ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finalfail2banjailconf" - ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finalfail2banfilterconf" - done - - else - # Usage 1, no template. Build a config file from scratch. - test -n "$logpath" || ynh_die "ynh_add_fail2ban_config expects a logfile path as first argument and received nothing." - test -n "$failregex" || ynh_die "ynh_add_fail2ban_config expects a failure regex as second argument and received nothing." - - tee $finalfail2banjailconf < db.sql +ynh_mysql_dump_db --database="$db_name" > db.sql #================================================= # SPECIFIC BACKUP #================================================= # BACKUP LOGROTATE #================================================= -ynh_print_info "Backing up logrotate configuration..." +ynh_script_progression --message="Backing up logrotate configuration..." ynh_backup "/etc/logrotate.d/$app" #================================================= # BACKUP FAIL2BAN CONFIGURATION #================================================= -ynh_print_info "Backing up fail2ban configuration..." +ynh_script_progression --message="Backing up fail2ban configuration..." -ynh_backup "/etc/fail2ban/jail.d/$app.conf" -ynh_backup "/etc/fail2ban/filter.d/$app.conf" +ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf" +ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf" #================================================= # BACKUP THE CRON FILE #================================================= -ynh_backup "/etc/cron.d/$app" +ynh_backup --src_path="/etc/cron.d/$app" #================================================= # BACKUP THE DATA DIRECTORY #================================================= -ynh_print_info "Backing up data directory..." +ynh_script_progression --message="Backing up data directory..." -# The 1 parameter indicates the directory is "big", -# so that it won't be backed up before upgrade -# This argument has to be the third one. -ynh_backup "/home/yunohost.app/${app}/data" "/home/yunohost.app/${app}/data" 1 +ynh_backup --src_path="/home/yunohost.app/${app}/data" --is_big #================================================= # END OF SCRIPT #================================================= -ynh_print_info "Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." +ynh_script_progression --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." --last diff --git a/scripts/change_url b/scripts/change_url index 5900652..83bcb4e 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -24,14 +24,10 @@ app=$YNH_APP_INSTANCE_NAME #================================================= # LOAD SETTINGS #================================================= -ynh_print_info "Loading installation settings..." +ynh_script_progression --message="Loading installation settings..." # Needed for helper "ynh_add_nginx_config" -final_path=$(ynh_app_setting_get $app final_path) - -# Add settings here as needed by your application -#db_name=$(ynh_app_setting_get "$app" db_name) -#db_pwd=$(ynh_app_setting_get $app db_pwd) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= # CHECK WHICH PARTS SHOULD BE CHANGED @@ -54,7 +50,7 @@ fi #================================================= # MODIFY URL IN NGINX CONF #================================================= -ynh_print_info "Updating nginx web server configuration..." +ynh_script_progression --message="Updating nginx web server configuration..." --weight=2 nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf @@ -62,7 +58,7 @@ nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf if [ $change_path -eq 1 ] then # Make a backup of the original nginx config file if modified - ynh_backup_if_checksum_is_different "$nginx_conf_path" + ynh_backup_if_checksum_is_different --file="$nginx_conf_path" # Set global variables for nginx helper domain="$old_domain" path_url="$new_path" @@ -74,16 +70,16 @@ fi if [ $change_domain -eq 1 ] then # Delete file checksum for the old conf file location - ynh_delete_file_checksum "$nginx_conf_path" + ynh_delete_file_checksum --file="$nginx_conf_path" mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf # Store file checksum for the new config file location - ynh_store_file_checksum "/etc/nginx/conf.d/$new_domain.d/$app.conf" + ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" fi #================================================= # SPECIFIC MODIFICATIONS #================================================= -ynh_print_info "Applying Nextcloud specific modifications..." +ynh_script_progression --message="Applying Nextcloud specific modifications..." --weight=2 # Define a function to execute commands with `occ` exec_occ() { @@ -94,16 +90,16 @@ exec_occ() { if [ $change_domain -eq 1 ] then # Change the trusted domain - exec_occ config:system:set trusted_domains 1 --value=${new_domain} + exec_occ config:system:set trusted_domains 1 --value=$new_domain # Change hostname for activity notifications - ynh_replace_string "'overwrite.cli.url' => 'http://${old_domain}'," "'overwrite.cli.url' => 'https://${new_domain}'," "${final_path}/config/config.php" + ynh_replace_string --match_string="'overwrite.cli.url' => 'http://${old_domain}'," --replace_string="'overwrite.cli.url' => 'https://${new_domain}'," --target_file="${final_path}/config/config.php" fi if [ $change_domain -eq 1 ] then # Check if .well-known is available for this domain - if is_url_handled "https://$domain/.well-known/caldav" || is_url_handled "https://$domain/.well-known/carddav" + if is_url_handled --url="https://$domain/.well-known/caldav" || is_url_handled --url="https://$domain/.well-known/carddav" then ynh_print_warn --message="Another app already uses the domain $domain to serve a caldav/carddav feature. You may encounter issues when dealing with your calendar or address book." @@ -113,19 +109,17 @@ then fi fi -#================================================= - #================================================= # GENERIC FINALISATION #================================================= # RELOAD NGINX #================================================= -ynh_print_info "Reloading nginx web server..." +ynh_script_progression --message="Reloading nginx web server..." -systemctl reload nginx +ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT #================================================= -ynh_print_info "Change of URL completed for $app" +ynh_script_progression --message="Change of URL completed for $app" --last diff --git a/scripts/install b/scripts/install index b7ad783..7556b9d 100755 --- a/scripts/install +++ b/scripts/install @@ -30,70 +30,67 @@ app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= -ynh_print_info "Validating installation parameters..." +ynh_script_progression --message="Validating installation parameters..." final_path=/var/www/$app -test ! -e "$final_path" || ynh_die "This path already contains a folder" - -# Normalize the url path syntax -path_url=$(ynh_normalize_url_path $path_url) +test ! -e "$final_path" || ynh_die --message="This path already contains a folder" # Register (book) web path -ynh_webpath_register $app $domain $path_url +ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= -ynh_print_info "Storing installation settings..." +ynh_script_progression --message="Storing installation settings..." -ynh_app_setting_set $app domain $domain -ynh_app_setting_set $app path $path_url -ynh_app_setting_set $app admin $admin -ynh_app_setting_set $app user_home $user_home +ynh_app_setting_set --app=$app --key=domain --value=$domain +ynh_app_setting_set --app=$app --key=path --value=$path_url +ynh_app_setting_set --app=$app --key=admin --value=$admin +ynh_app_setting_set --app=$app --key=user_home --value=$user_home #================================================= # STANDARD MODIFICATIONS #================================================= # INSTALL DEPENDENCIES #================================================= -ynh_print_info "Installing dependencies..." +ynh_script_progression --message="Installing dependencies..." --weight=60 ynh_install_app_dependencies $pkg_dependencies #================================================= # CREATE A MYSQL DATABASE #================================================= -ynh_print_info "Creating a MySQL database..." +ynh_script_progression --message="Creating a MySQL database..." --weight=2 -db_name=$(ynh_sanitize_dbid $app) -ynh_app_setting_set $app db_name $db_name -ynh_mysql_setup_db $db_name $db_name +db_name=$(ynh_sanitize_dbid --db_name=$app) +ynh_app_setting_set --app=$app --key=db_name --value=$db_name +ynh_mysql_setup_db --db_user=$db_name --db_name=$db_name #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_print_info "Setting up source files..." +ynh_script_progression --message="Setting up source files..."5 # Load the last available version source upgrade.d/upgrade.last.sh # Create an app.src for the last version of nextcloud cp ../conf/app.src.default ../conf/app.src -ynh_replace_string "__VERSION__" "$next_version" "../conf/app.src" -ynh_replace_string "__SHA256_SUM__" "$nextcloud_source_sha256" "../conf/app.src" +ynh_replace_string --match_string="__VERSION__" --replace_string="$next_version" --target_file="../conf/app.src" +ynh_replace_string --match_string="__SHA256_SUM__" --replace_string="$nextcloud_source_sha256" --target_file="../conf/app.src" -ynh_app_setting_set $app final_path $final_path +ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Enable YunoHost patches on Nextcloud sources cp -a ../sources/patches_last_version/* ../sources/patches # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source "$final_path" +ynh_setup_source --dest_dir="$final_path" #================================================= # NGINX CONFIGURATION #================================================= -ynh_print_info "Configuring nginx web server..." +ynh_script_progression --message="Configuring nginx web server..." --weight=2 # Check if .well-known is available for this domain -if is_url_handled "https://$domain/.well-known/caldav" || is_url_handled "https://$domain/.well-known/carddav" +if is_url_handled --url="https://$domain/.well-known/caldav" || is_url_handled --url="https://$domain/.well-known/carddav" then ynh_print_warn --message="Another app already uses the domain $domain to serve a caldav/carddav feature. You may encounter issues when dealing with your calendar or address book." @@ -107,15 +104,15 @@ ynh_add_nginx_config #================================================= # CREATE DEDICATED USER #================================================= -ynh_print_info "Configuring system user..." +ynh_script_progression --message="Configuring system user..." --weight=3 # Create a system user -ynh_system_user_create $app +ynh_system_user_create --username=$app #================================================= # PHP-FPM CONFIGURATION #================================================= -ynh_print_info "Configuring php-fpm..." +ynh_script_progression --message="Configuring php-fpm..." --weight=2 # Create a dedicated php-fpm config ynh_add_fpm_config @@ -134,7 +131,7 @@ mkdir -p "$datadir" #================================================= # INSTALL NEXTCLOUD #================================================= -ynh_print_info "Installing nextcloud..." +ynh_script_progression --message="Installing nextcloud..." --weight=30 # Define a function to execute commands with `occ` exec_occ() { @@ -149,14 +146,14 @@ chown -R $app: "$final_path" "$datadir" exec_occ maintenance:install \ --database "mysql" --database-name $db_name \ --database-user $db_name --database-pass "$db_pwd" \ - --admin-user "admin" --admin-pass "$(ynh_string_random 6)" \ + --admin-user "admin" --admin-pass "$(ynh_string_random --length=6)" \ --data-dir "$datadir" \ - || ynh_die "Unable to install Nextcloud" + || ynh_die --message="Unable to install Nextcloud" #================================================= # CONFIGURE NEXTCLOUD #================================================= -ynh_print_info "Configuring nextcloud..." +ynh_script_progression --message="Configuring nextcloud..." --weight=8 # Ensure that UpdateNotification app is disabled exec_occ app:disable updatenotification @@ -169,12 +166,12 @@ exec_occ ldap:create-empty-config nc_conf="$final_path/config_install.json" cp ../conf/config_install.json "$nc_conf" -ynh_replace_string "__DOMAIN__" "$domain" "$nc_conf" -ynh_replace_string "__DATADIR__" "$datadir" "$nc_conf" +ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$nc_conf" +ynh_replace_string --match_string="__DATADIR__" --replace_string="$datadir" --target_file="$nc_conf" exec_occ config:import "$nc_conf" # Then remove the config file -rm -f "$nc_conf" +ynh_secure_remove --file="$nc_conf" # Load the additional config file (used also for upgrade) nc_conf="$final_path/config.json" @@ -183,7 +180,7 @@ cp ../conf/config.json "$nc_conf" exec_occ config:import "$nc_conf" # Then remove the config file -rm -f "$nc_conf" +ynh_secure_remove --file="$nc_conf" #================================================= # CHECK THE LDAP CONFIG @@ -191,7 +188,7 @@ rm -f "$nc_conf" # Check LDAP configuration to see if everything worked well exec_occ ldap:test-config \'\' \ - || ynh_die "An error occured during LDAP configuration" + || ynh_die --message="An error occured during LDAP configuration" #================================================= # MOUNT HOME FOLDERS AS EXTERNAL STORAGE @@ -205,7 +202,7 @@ create_external_storage() { local mount_id=`exec_occ files_external:create --output=json \ "$mount_name" 'local' 'null::null' -c "datadir=$datadir" || true` ! [[ $mount_id =~ ^[0-9]+$ ]] \ - && echo "Unable to create external storage" >&2 \ + && ynh_print_warn --message="Unable to create external storage" \ || exec_occ files_external:option "$mount_id" enable_sharing true } @@ -238,14 +235,14 @@ exec_occ config:system:get logout_url >/dev/null 2>&1 \ # CHANGE HOSTNAME FOR ACTIVITY NOTIFICATIONS #================================================= -ynh_replace_string "'overwrite.cli.url' => 'http://localhost'," "'overwrite.cli.url' => 'https://${domain}'," "${final_path}/config/config.php" +ynh_replace_string --match_string="'overwrite.cli.url' => 'http://localhost'," --replace_string="'overwrite.cli.url' => 'https://${domain}'," --target_file="${final_path}/config/config.php" #================================================= # REMOVE THE TEMPORARY ADMIN AND SET THE TRUE ONE #================================================= # Set the user as admin -ynh_mysql_connect_as "$db_name" "$db_pwd" "$db_name" \ +ynh_mysql_connect_as --user=$db_name --password="$db_pwd" --database=$db_name \ <<< "INSERT INTO oc_group_user VALUES ('admin','$admin');" # And delete admin user exec_occ user:delete admin @@ -255,7 +252,7 @@ exec_occ user:delete admin #================================================= # Calculate and store the config file checksum into the app settings -ynh_store_file_checksum "$final_path/config/config.php" +ynh_store_file_checksum --file="$final_path/config/config.php" #================================================= # ADD A CRON JOB @@ -266,8 +263,8 @@ cp -a ../conf/nextcloud.cron "$cron_path" chown root: "$cron_path" chmod 644 "$cron_path" -ynh_replace_string "__USER__" "$app" "$cron_path" -ynh_replace_string "__DESTDIR__" "$final_path" "$cron_path" +ynh_replace_string --match_string="__USER__" --replace_string="$app" --target_file="$cron_path" +ynh_replace_string --match_string="__DESTDIR__" --replace_string="$final_path" --target_file="$cron_path" exec_occ background:cron @@ -282,12 +279,12 @@ exec_occ background:cron #================================================= # Set system group in hooks -ynh_replace_string "__GROUP__" "$app" ../hooks/post_user_create +ynh_replace_string --match_string="__GROUP__" --replace_string="$app" --target_file=../hooks/post_user_create #================================================= # YUNOHOST MULTIMEDIA INTEGRATION #================================================= -ynh_print_info "Adding multimedia directories..." +ynh_script_progression --message="Adding multimedia directories..." --weight=6 # Build YunoHost multimedia directories ynh_multimedia_build_main_dir @@ -316,15 +313,15 @@ chmod 755 /home/yunohost.app #================================================= # SETUP LOGROTATE #================================================= -ynh_print_info "Configuring log rotation..." +ynh_script_progression --message="Configuring log rotation..." # Use logrotate to manage application logfile(s) -ynh_use_logrotate "$datadir/nextcloud.log" +ynh_use_logrotate --logfile="$datadir/nextcloud.log" #================================================= # SETUP FAIL2BAN #================================================= -ynh_print_info "Configuring fail2ban..." +ynh_script_progression --message="Configuring fail2ban..." --weight=8 # Create a dedicated fail2ban config ynh_add_fail2ban_config --logpath="/home/yunohost.app/$app/data/nextcloud.log" --failregex="^.*Login failed: '.*' \(Remote IP: ''.*$" --max_retry=5 @@ -332,21 +329,21 @@ ynh_add_fail2ban_config --logpath="/home/yunohost.app/$app/data/nextcloud.log" - #================================================= # SETUP SSOWAT #================================================= -ynh_print_info "Configuring SSOwat..." +ynh_script_progression --message="Configuring SSOwat..." -ynh_app_setting_set $app unprotected_uris "/" -ynh_app_setting_set $app skipped_regex \ - "$(sed 's/[\.\-]/\%&/g' <<< $domain)/%.well%-known/.*" +ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" +ynh_app_setting_set --app=$app --key=skipped_regex \ + --value="$(sed 's/[\.\-]/\%&/g' <<< $domain)/%.well%-known/.*" #================================================= # RELOAD NGINX #================================================= -ynh_print_info "Reloading nginx web server..." +ynh_script_progression --message="Reloading nginx web server..." -systemctl reload nginx +ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT #================================================= -ynh_print_info "Installation of $app completed" +ynh_script_progression --message="Installation of $app completed" --last diff --git a/scripts/remove b/scripts/remove index 934c8a7..9ea5c15 100755 --- a/scripts/remove +++ b/scripts/remove @@ -12,20 +12,20 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= -ynh_print_info "Loading installation settings..." +ynh_script_progression --message="Loading installation settings..." --weight=2 app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get $app domain) -db_name=$(ynh_app_setting_get $app db_name) -final_path=$(ynh_app_setting_get $app final_path) +domain=$(ynh_app_setting_get --app=$app --key=domain) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= # STANDARD REMOVE #================================================= # REMOVE DEPENDENCIES #================================================= -ynh_print_info "Removing dependencies" +ynh_script_progression --message="Removing dependencies..." --weight=20 # Remove metapackage and its dependencies ynh_remove_app_dependencies @@ -33,23 +33,23 @@ ynh_remove_app_dependencies #================================================= # REMOVE THE MYSQL DATABASE #================================================= -ynh_print_info "Removing the MySQL database" +ynh_script_progression --message="Removing the MySQL database..." --weight=5 # Remove a database if it exists, along with the associated user -ynh_mysql_remove_db $db_name $db_name +ynh_mysql_remove_db --db_user=$db_name --db_name=$db_name #================================================= # REMOVE APP MAIN DIR #================================================= -ynh_print_info "Removing app main directory" +ynh_script_progression --message="Removing app main directory..." --weight=3 # Remove the app directory securely -ynh_secure_remove "$final_path" +ynh_secure_remove --file="$final_path" #================================================= # REMOVE NGINX CONFIGURATION #================================================= -ynh_print_info "Removing nginx web server configuration" +ynh_script_progression --message="Removing nginx web server configuration..." # Remove the dedicated nginx config ynh_remove_nginx_config @@ -57,7 +57,7 @@ ynh_remove_nginx_config #================================================= # REMOVE PHP-FPM CONFIGURATION #================================================= -ynh_print_info "Removing php-fpm configuration" +ynh_script_progression --message="Removing php-fpm configuration..." --weight=2 # Remove the dedicated php-fpm config ynh_remove_fpm_config @@ -65,7 +65,7 @@ ynh_remove_fpm_config #================================================= # REMOVE LOGROTATE CONFIGURATION #================================================= -ynh_print_info "Removing logrotate configuration" +ynh_script_progression --message="Removing logrotate configuration..." # Remove the app-specific logrotate config ynh_remove_logrotate @@ -73,7 +73,7 @@ ynh_remove_logrotate #================================================= # REMOVE FAIL2BAN CONFIGURATION #================================================= -ynh_print_info "Remove fail2ban configuration" +ynh_script_progression --message="Removing fail2ban configuration..." --weight=8 # Remove the dedicated fail2ban config ynh_remove_fail2ban_config @@ -86,7 +86,7 @@ ynh_remove_fail2ban_config # Remove a cron file # TODO: Ensure that cron job is not running (How !?) -ynh_secure_remove "/etc/cron.d/$app" +ynh_secure_remove --file="/etc/cron.d/$app" #================================================= # CLEAN ACL IN HOME DIRECTORIES @@ -103,13 +103,13 @@ done #================================================= # REMOVE DEDICATED USER #================================================= -ynh_print_info "Removing the dedicated system user" +ynh_script_progression --message="Removing the dedicated system user..." # Delete a system user -ynh_system_user_delete $app +ynh_system_user_delete --username=$app #================================================= # END OF SCRIPT #================================================= -ynh_print_info "Removal of $app completed" +ynh_script_progression --message="Removal of $app completed" --last diff --git a/scripts/restore b/scripts/restore index 0a28807..c6c8e7e 100755 --- a/scripts/restore +++ b/scripts/restore @@ -19,24 +19,24 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= -ynh_print_info "Loading settings..." +ynh_script_progression --message="Loading settings..." app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get $app domain) -path_url=$(ynh_app_setting_get $app path) -final_path=$(ynh_app_setting_get $app final_path) -db_name=$(ynh_app_setting_get $app db_name) +domain=$(ynh_app_setting_get --app=$app --key=domain) +path_url=$(ynh_app_setting_get --app=$app --key=path) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= -ynh_print_info "Validating restoration parameters..." +ynh_script_progression --message="Validating restoration parameters..." --weight=4 -ynh_webpath_available $domain $path_url \ - || ynh_die "Path not available: ${domain}${path_url}" +ynh_webpath_available --domain=$domain --path_url=$path_url \ + || ynh_die --message="Path not available: ${domain}${path_url}" test ! -d $final_path \ - || ynh_die "There is already a directory: $final_path " + || ynh_die --message="There is already a directory: $final_path " #================================================= # STANDARD RESTORATION STEPS @@ -44,10 +44,10 @@ test ! -d $final_path \ # RESTORE THE NGINX CONFIGURATION #================================================= -ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" # Check if .well-known is available for this domain -if is_url_handled "https://$domain/.well-known/caldav" || is_url_handled "https://$domain/.well-known/carddav" +if is_url_handled --url="https://$domain/.well-known/caldav" || is_url_handled --url="https://$domain/.well-known/carddav" then ynh_print_warn --message="Another app already uses the domain $domain to serve a caldav/carddav feature. You may encounter issues when dealing with your calendar or address book." @@ -58,39 +58,39 @@ fi #================================================= # RESTORE THE APP MAIN DIR #================================================= -ynh_print_info "Restoring the app main directory..." +ynh_script_progression --message="Restoring the app main directory..." -ynh_restore_file "$final_path" +ynh_restore_file --origin_path="$final_path" #================================================= # RESTORE THE MYSQL DATABASE #================================================= -ynh_print_info "Restoring the MySQL database..." +ynh_script_progression --message="Restoring the MySQL database..." --weight=9 -db_pwd=$(ynh_app_setting_get $app mysqlpwd) -ynh_mysql_setup_db $db_name $db_name $db_pwd -ynh_mysql_connect_as $db_name $db_pwd $db_name < ./db.sql +db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) +ynh_mysql_setup_db --db_user=$db_name --db_name=$db_name --db_pwd=$db_pwd +ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name < ./db.sql #================================================= # RECREATE THE DEDICATED USER #================================================= -ynh_print_info "Recreating the dedicated system user..." +ynh_script_progression --message="Recreating the dedicated system user..." --weight=3 # Create the dedicated user (if not existing) -ynh_system_user_create $app +ynh_system_user_create --username=$app #================================================= # RESTORE THE PHP-FPM CONFIGURATION #================================================= -ynh_restore_file "/etc/php/7.0/fpm/pool.d/$app.conf" +ynh_restore_file --origin_path="/etc/php/7.0/fpm/pool.d/$app.conf" #================================================= # SPECIFIC RESTORATION #================================================= # REINSTALL DEPENDENCIES #================================================= -ynh_print_info "Reinstalling dependencies..." +ynh_script_progression --message="Reinstalling dependencies..." --weight=60 # Define and install dependencies ynh_install_app_dependencies $pkg_dependencies @@ -99,30 +99,25 @@ ynh_install_app_dependencies $pkg_dependencies # RESTORE THE CRON FILE #================================================= -ynh_restore_file "/etc/cron.d/$app" +ynh_restore_file --origin_path="/etc/cron.d/$app" #================================================= # BACKUP THE LOGROTATE CONFIGURATION #================================================= -ynh_restore_file "/etc/logrotate.d/$app" +ynh_restore_file --origin_path="/etc/logrotate.d/$app" #================================================= # RESTORE THE DATA DIRECTORY #================================================= -ynh_print_info "Restoring data directory..." +ynh_script_progression --message="Restoring data directory..." --weight=2 datadir="/home/yunohost.app/$app/data" -# The data directory will be restored only if it exists in the backup archive -# So only if it was backup previously. -if [ -d "$YNH_BACKUP_DIR/apps/$app/backup/home/yunohost.app/$app" ] -then - ynh_restore_file "$datadir" -else - # Create app folders - mkdir -p "$datadir" -fi +# Use --not_mandatory for the data directory, because if the backup has been made with BACKUP_CORE_ONLY, there's no data into the backup. +ynh_restore_file --origin_path="$datadir" --not_mandatory + +mkdir -p "$datadir" #================================================= # RESTORE USER RIGHTS @@ -143,7 +138,7 @@ done #================================================= # YUNOHOST MULTIMEDIA INTEGRATION #================================================= -ynh_print_info "Adding multimedia directories..." +ynh_script_progression --message="Adding multimedia directories..." --weight=4 # Build YunoHost multimedia directories ynh_multimedia_build_main_dir @@ -153,10 +148,10 @@ ynh_multimedia_addaccess $app #================================================= # RESTORE THE FAIL2BAN CONFIGURATION #================================================= -ynh_print_info "Restoring the fail2ban configuration..." +ynh_script_progression --message="Restoring the fail2ban configuration..." --weight=7 -ynh_restore_file "/etc/fail2ban/jail.d/$app.conf" -ynh_restore_file "/etc/fail2ban/filter.d/$app.conf" +ynh_restore_file --origin_path="/etc/fail2ban/jail.d/$app.conf" +ynh_restore_file --origin_path="/etc/fail2ban/filter.d/$app.conf" # Make sure a log file exists (mostly for CI tests) logfile="/home/yunohost.app/$app/data/nextcloud.log" @@ -172,13 +167,13 @@ ynh_systemd_action --action=restart --service_name=fail2ban #================================================= # RELOAD NGINX AND PHP-FPM #================================================= -ynh_print_info "Reloading nginx web server and php-fpm..." +ynh_script_progression --message="Reloading nginx web server and php-fpm..." -systemctl reload php7.0-fpm -systemctl reload nginx +ynh_systemd_action --service_name=php7.0-fpm --action=reload +ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT #================================================= -ynh_print_info "Restoration completed for $app" +ynh_script_progression --message="Restoration completed for $app" --last diff --git a/scripts/upgrade b/scripts/upgrade index 79dac00..423d909 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -12,41 +12,47 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= -ynh_print_info "Loading installation settings..." +ynh_script_progression --message="Loading installation settings..." --weight=3 app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get $app domain) -path_url=$(ynh_app_setting_get $app path) -admin=$(ynh_app_setting_get $app admin) -final_path=$(ynh_app_setting_get $app final_path) -db_name=$(ynh_app_setting_get $app db_name) -user_home=$(ynh_app_setting_get $app user_home) +domain=$(ynh_app_setting_get --app=$app --key=domain) +path_url=$(ynh_app_setting_get --app=$app --key=path) +admin=$(ynh_app_setting_get --app=$app --key=admin) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +db_name=$(ynh_app_setting_get --app=$app --key=db_name) +user_home=$(ynh_app_setting_get --app=$app --key=user_home) + +#================================================= +# CHECK VERSION +#================================================= + +upgrade_type=$(ynh_check_app_version_changed) #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= -ynh_print_info "Ensuring downward compatibility..." +ynh_script_progression --message="Ensuring downward compatibility..." # If db_name doesn't exist, create it -if [ -z $db_name ]; then - db_name=$(ynh_sanitize_dbid $app) - ynh_app_setting_set $app db_name $db_name +if [ -z "$db_name" ]; then + db_name=$(ynh_sanitize_dbid --db_name=$app) + ynh_app_setting_set --app=$app --key=db_name --value=$db_name fi # If final_path doesn't exist, create it -if [ -z $final_path ]; then +if [ -z "$final_path" ]; then final_path=/var/www/$app - ynh_app_setting_set $app final_path $final_path + ynh_app_setting_set --app=$app --key=final_path --value=$final_path fi # Remove the option backup_core_only if it's in the settings.yml file -ynh_app_setting_delete $app backup_core_only +ynh_app_setting_delete --app=$app --key=backup_core_only #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= -ynh_print_info "Backing up the app before upgrading (may take a while)..." +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=30 # Made a backup only after the version 11.0.0 # Before, the datas will be always saved. @@ -58,7 +64,7 @@ if [ $current_major_version -gt 11 ] then # Inform the backup/restore process that it should not save the data directory # Use only for the previous backup script that doesn't set 'is_big' - ynh_app_setting_set $app backup_core_only 1 + ynh_app_setting_set --app=$app --key=backup_core_only --value=1 # Backup the current version of the app ynh_backup_before_upgrade @@ -68,7 +74,7 @@ then ynh_clean_setup () { # Remove the post migration script before its execution ! - ynh_secure_remove "/tmp/owncloud_post_migration.sh" 2>&1 + ynh_exec_warn_less ynh_secure_remove --file="/tmp/owncloud_post_migration.sh" # restore it if the upgrade fails ynh_restore_upgradebackup @@ -87,8 +93,8 @@ if [ $migration_process -eq 1 ] then # If a migration has been performed # Reload some values changed by the migration process - final_path=$(ynh_app_setting_get $app final_path) - db_name=$(ynh_app_setting_get $app db_name) + final_path=$(ynh_app_setting_get --app=$app --key=final_path) + db_name=$(ynh_app_setting_get --app=$app --key=db_name) # Remove the old fake package for owncloud. # Its name is specific, so the migration process can't remove it @@ -108,23 +114,23 @@ fi #================================================= # Normalize the URL path syntax -path_url=$(ynh_normalize_url_path $path_url) +path_url=$(ynh_normalize_url_path --path_url=$path_url) #================================================= # STANDARD UPGRADE STEPS #================================================= # NGINX CONFIGURATION #================================================= -ynh_print_info "Upgrading nginx web server configuration..." +ynh_script_progression --message="Upgrading nginx web server configuration..." --weight=2 -ynh_backup_if_checksum_is_different "/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_backup_if_checksum_is_different --file="/etc/nginx/conf.d/$domain.d/$app.conf" # Delete current nginx configuration to be able to check if .well-known is already served. ynh_remove_nginx_config -ynh_app_setting_delete $app "checksum__etc_nginx_conf.d_$domain.d_$app.conf" || true +ynh_app_setting_delete --app=$app --key="checksum__etc_nginx_conf.d_$domain.d_$app.conf" # Check if .well-known is available for this domain -if is_url_handled "https://$domain/.well-known/caldav" || is_url_handled "https://$domain/.well-known/carddav" +if is_url_handled --url="https://$domain/.well-known/caldav" || is_url_handled --url="https://$domain/.well-known/carddav" then ynh_print_warn --message="Another app already uses the domain $domain to serve a caldav/carddav feature. You may encounter issues when dealing with your calendar or address book." @@ -138,27 +144,28 @@ ynh_add_nginx_config #================================================= # CREATE DEDICATED USER #================================================= -ynh_print_info "Making sure dedicated system user exists..." +ynh_script_progression --message="Making sure dedicated system user exists..." # Create a dedicated user (if not existing) -ynh_system_user_create $app +ynh_system_user_create --username=$app #================================================= # PHP-FPM CONFIGURATION #================================================= -ynh_print_info "Upgrading php-fpm configuration..." +ynh_script_progression --message="Upgrading php-fpm configuration..." --weight=2 # Create a dedicated php-fpm config ynh_add_fpm_config # Delete existing ini configuration file (backward compatibility) if [ -f /etc/php/7.0/fpm/conf.d/20-$app.ini ]; then - ynh_secure_remove /etc/php/7.0/fpm/conf.d/20-$app.ini + ynh_secure_remove --file=/etc/php/7.0/fpm/conf.d/20-$app.ini fi + #================================================= # UPGRADE DEPENDENCIES #================================================= -ynh_print_info "Upgrading dependencies..." +ynh_script_progression --message="Upgrading dependencies..." --weight=7 ynh_install_app_dependencies $pkg_dependencies @@ -168,172 +175,176 @@ ynh_install_app_dependencies $pkg_dependencies # MAKE SEQUENTIAL UPGRADES FROM EACH MAJOR # VERSION TO THE NEXT ONE #================================================= -ynh_print_info "Upgrading nextcloud..." - -# Define a function to execute commands with `occ` -exec_occ() { - (cd "$final_path" && exec_as "$app" \ - php occ --no-interaction --no-ansi "$@") -} - -# Load the last available version -source upgrade.d/upgrade.last.sh -last_version=$next_version - -# Define app's data directory -datadir="/home/yunohost.app/$app/data" - -# Set write access for the following commands -chown -R $app: "$final_path" "$datadir" - -# Print the current version number of nextcloud -exec_occ -V -# While the current version is not the last version, do an upgrade -while [ "$last_version" != "$current_version" ] -do - - # The major version is the first part of the version number - # major_version=${next_version%%.*} - major_version=${last_version%%.*} - current_major_version=${current_version%%.*} - - # If the current version has the same major version than the next one, - # then it's the last upgrade to do - if [ "$major_version" -eq "$current_major_version" ]; then - current_major_version=last - # Execute the commands dedicated to the last upgrade - last_upgrade_operations - fi - - # Load the value for this version - source upgrade.d/upgrade.$current_major_version.sh - - ynh_print_info "Upgrade to nextcloud $next_version" - - # Create an app.src for this version of nextcloud - cp ../conf/app.src.default ../conf/app.src - ynh_replace_string "__VERSION__" "$next_version" "../conf/app.src" - ynh_replace_string "__SHA256_SUM__" "$nextcloud_source_sha256" "../conf/app.src" - - # Create a temporary directory - tmpdir="$(ynh_smart_mktemp 300)" - - # Install the next nextcloud version in $tmpdir - ynh_setup_source "$tmpdir" - - # Enable maintenance mode - exec_occ maintenance:mode --on +if [ "$upgrade_type" == "UPGRADE_APP" ] +then + ynh_script_progression --message="Upgrading nextcloud..." --weight=3 - # Backup the config file in the temp dir - cp -a "$final_path/config/config.php" "$tmpdir/config/config.php" + # Define a function to execute commands with `occ` + exec_occ() { + (cd "$final_path" && exec_as "$app" \ + php occ --no-interaction --no-ansi "$@") + } - # Backup 3rd party applications from the current nextcloud - # But do not overwrite if there is any upgrade - # (apps directory already exists in Nextcloud archive) - cp -a --update "$final_path/apps" "$tmpdir" + # Load the last available version + source upgrade.d/upgrade.last.sh + last_version=$next_version - # Replace the old nextcloud by the new one - ynh_secure_remove "$final_path" - mv "$tmpdir" "$final_path" - ynh_secure_remove "$tmpdir" + # Define app's data directory + datadir="/home/yunohost.app/$app/data" # Set write access for the following commands chown -R $app: "$final_path" "$datadir" - # Upgrade Nextcloud (SUCCESS = 0, UP_TO_DATE = 3) - exec_occ maintenance:mode --off - exec_occ upgrade \ - || ([ $? -eq 3 ] || ynh_die "Unable to upgrade Nextcloud") - - # Get the new current version number - current_version=$(grep OC_VersionString "$final_path/version.php" | cut -d\' -f2) - current_major_version=${current_version%%.*} - # Print the current version number of nextcloud exec_occ -V -done -#================================================= -# CONFIGURE NEXTCLOUD -#================================================= -ynh_print_info "Reconfiguring nextcloud..." + # While the current version is not the last version, do an upgrade + while [ "$last_version" != "$current_version" ] + do -# Verify the checksum and backup the file if it's different -ynh_backup_if_checksum_is_different "$final_path/config/config.php" + # The major version is the first part of the version number + # major_version=${next_version%%.*} + major_version=${last_version%%.*} + current_major_version=${current_version%%.*} -nc_conf="${final_path}/config.json" -cp ../conf/config.json "$nc_conf" + # If the current version has the same major version than the next one, + # then it's the last upgrade to do + if [ "$major_version" -eq "$current_major_version" ]; then + current_major_version=last + # Execute the commands dedicated to the last upgrade + last_upgrade_operations + fi -ynh_replace_string "__DOMAIN__" "$domain" "$nc_conf" -ynh_replace_string "__DATADIR__" "$datadir" "$nc_conf" + # Load the value for this version + source upgrade.d/upgrade.$current_major_version.sh -# Ensure that UpdateNotification app is disabled -exec_occ app:disable updatenotification + ynh_print_info --message="Upgrade to nextcloud $next_version" -# Enable plugins -exec_occ app:enable user_ldap + # Create an app.src for this version of nextcloud + cp ../conf/app.src.default ../conf/app.src + ynh_replace_string --match_string="__VERSION__" --replace_string="$next_version" --target_file="../conf/app.src" + ynh_replace_string --match_string="__SHA256_SUM__" --replace_string="$nextcloud_source_sha256" --target_file="../conf/app.src" -# Load the config file in nextcloud -exec_occ config:import "$nc_conf" + # Create a temporary directory + tmpdir="$(ynh_smart_mktemp min_size=300)" -# Then remove the config file -rm -f "$nc_conf" + # Install the next nextcloud version in $tmpdir + ynh_setup_source --dest_dir="$tmpdir" -#================================================= -# ALLOW USERS TO DISCONNECT FROM NEXTCLOUD -#================================================= + # Enable maintenance mode + exec_occ maintenance:mode --on -# Add dynamic logout URL to the config -exec_occ config:system:get logout_url >/dev/null 2>&1 \ - || echo " -//-YunoHost- -// set logout_url according to main domain -\$main_domain = exec('cat /etc/yunohost/current_host'); -\$CONFIG['logout_url'] = 'https://'.\$main_domain.'/yunohost/sso/?action=logout'; -//-YunoHost- -" >> "$final_path/config/config.php" + # Backup the config file in the temp dir + cp -a "$final_path/config/config.php" "$tmpdir/config/config.php" -#================================================= -# CHANGE HOSTNAME FOR ACTIVITY NOTIFICATIONS -#================================================= + # Backup 3rd party applications from the current nextcloud + # But do not overwrite if there is any upgrade + # (apps directory already exists in Nextcloud archive) + cp -a --update "$final_path/apps" "$tmpdir" -ynh_replace_string "'overwrite.cli.url' => 'http://localhost'," "'overwrite.cli.url' => 'https://${domain}'," "${final_path}/config/config.php" + # Replace the old nextcloud by the new one + ynh_secure_remove --file="$final_path" + mv "$tmpdir" "$final_path" + ynh_secure_remove --file="$tmpdir" -#================================================= -# MOUNT HOME FOLDERS AS EXTERNAL STORAGE -#================================================= + # Set write access for the following commands + chown -R $app: "$final_path" "$datadir" + + # Upgrade Nextcloud (SUCCESS = 0, UP_TO_DATE = 3) + exec_occ maintenance:mode --off + exec_occ upgrade \ + || ([ $? -eq 3 ] || ynh_die --message="Unable to upgrade Nextcloud") -# Define a function to add an external storage -# Create the external storage for the given folders and enable sharing -create_external_storage() { - local datadir="$1" - local mount_name="$2" - local mount_id=`exec_occ files_external:create --output=json \ - "$mount_name" 'local' 'null::null' -c "datadir=$datadir" || true` - ! [[ $mount_id =~ ^[0-9]+$ ]] \ - && echo "Unable to create external storage" >&2 \ - || exec_occ files_external:option "$mount_id" enable_sharing true -} + # Get the new current version number + current_version=$(grep OC_VersionString "$final_path/version.php" | cut -d\' -f2) + current_major_version=${current_version%%.*} -# Enable External Storage and create local mount to home folder as needed -if [ $user_home -eq 1 ]; then - exec_occ app:enable files_external - exec_occ files_external:list --output=json \ - | grep -q '"storage":"\\\\OC\\\\Files\\\\Storage\\\\Local"' \ - || create_external_storage "/home/\$user" "Home" - # Iterate over users to extend their home folder permissions - for u in $(ynh_user_list); do - setfacl --modify g:$app:rwx "/home/$u" || true + # Print the current version number of nextcloud + exec_occ -V done -fi -#================================================= -# STORE THE CHECKSUM OF THE CONFIG FILE -#================================================= + #================================================= + # CONFIGURE NEXTCLOUD + #================================================= + ynh_script_progression --message="Reconfiguring nextcloud..." --weight=9 + + # Verify the checksum and backup the file if it's different + ynh_backup_if_checksum_is_different --file="$final_path/config/config.php" + + nc_conf="${final_path}/config.json" + cp ../conf/config.json "$nc_conf" + + ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$nc_conf" + ynh_replace_string --match_string="__DATADIR__" --replace_string="$datadir" --target_file="$nc_conf" + + # Ensure that UpdateNotification app is disabled + exec_occ app:disable updatenotification + + # Enable plugins + exec_occ app:enable user_ldap + + # Load the config file in nextcloud + exec_occ config:import "$nc_conf" + + # Then remove the config file + ynh_secure_remove --file="$nc_conf" + + #================================================= + # ALLOW USERS TO DISCONNECT FROM NEXTCLOUD + #================================================= + + # Add dynamic logout URL to the config + exec_occ config:system:get logout_url >/dev/null 2>&1 \ + || echo " + //-YunoHost- + // set logout_url according to main domain + \$main_domain = exec('cat /etc/yunohost/current_host'); + \$CONFIG['logout_url'] = 'https://'.\$main_domain.'/yunohost/sso/?action=logout'; + //-YunoHost- + " >> "$final_path/config/config.php" + + #================================================= + # CHANGE HOSTNAME FOR ACTIVITY NOTIFICATIONS + #================================================= + + ynh_replace_string --match_string="'overwrite.cli.url' => 'http://localhost'," --replace_string="'overwrite.cli.url' => 'https://${domain}'," --target_file="${final_path}/config/config.php" + + #================================================= + # MOUNT HOME FOLDERS AS EXTERNAL STORAGE + #================================================= + + # Define a function to add an external storage + # Create the external storage for the given folders and enable sharing + create_external_storage() { + local datadir="$1" + local mount_name="$2" + local mount_id=`exec_occ files_external:create --output=json \ + "$mount_name" 'local' 'null::null' -c "datadir=$datadir" || true` + ! [[ $mount_id =~ ^[0-9]+$ ]] \ + && ynh_print_warn --message="Unable to create external storage" \ + || exec_occ files_external:option "$mount_id" enable_sharing true + } + + # Enable External Storage and create local mount to home folder as needed + if [ $user_home -eq 1 ]; then + exec_occ app:enable files_external + exec_occ files_external:list --output=json \ + | grep -q '"storage":"\\\\OC\\\\Files\\\\Storage\\\\Local"' \ + || create_external_storage "/home/\$user" "Home" + # Iterate over users to extend their home folder permissions + for u in $(ynh_user_list); do + setfacl --modify g:$app:rwx "/home/$u" || true + done + fi + + #================================================= + # STORE THE CHECKSUM OF THE CONFIG FILE + #================================================= -# Calculate and store the config file checksum into the app settings -ynh_store_file_checksum "${final_path}/config/config.php" + # Calculate and store the config file checksum into the app settings + ynh_store_file_checksum --file="${final_path}/config/config.php" +fi #================================================= # UPDATE THE CRON JOB @@ -344,8 +355,8 @@ cp -a ../conf/nextcloud.cron "$cron_path" chown root: "$cron_path" chmod 644 "$cron_path" -ynh_replace_string "__USER__" "$app" "$cron_path" -ynh_replace_string "__DESTDIR__" "$final_path" "$cron_path" +ynh_replace_string --match_string="__USER__" --replace_string="$app" --target_file="$cron_path" +ynh_replace_string --match_string="__DESTDIR__" --replace_string="$final_path" --target_file="$cron_path" exec_occ background:cron @@ -354,12 +365,12 @@ exec_occ background:cron #================================================= # Set system group in hooks -ynh_replace_string "__GROUP__" "$app" ../hooks/post_user_create +ynh_replace_string --match_string="__GROUP__" --replace_string="$app" --target_file=../hooks/post_user_create #================================================= # YUNOHOST MULTIMEDIA INTEGRATION #================================================= -ynh_print_info "Updating multimedia directories..." +ynh_script_progression --message="Updating multimedia directories..." --weight=6 # Build YunoHost multimedia directories ynh_multimedia_build_main_dir @@ -389,14 +400,17 @@ chmod 755 /home/yunohost.app # WARNING ABOUT THIRD-PARTY APPS #================================================= -# Warn about possible disabled apps -ynh_print_warn "Note that if you've installed some third-parties Nextcloud applications, \ -they are probably disabled and you'll have to manually enable them again." +if [ "$upgrade_type" == "UPGRADE_APP" ] +then + # Warn about possible disabled apps + ynh_print_warn --message="Note that if you've installed some third-parties Nextcloud applications, \ + they are probably disabled and you'll have to manually enable them again." +fi #================================================= # SETUP LOGROTATE #================================================= -ynh_print_info "Upgrading logrotate configuration..." +ynh_script_progression --message="Upgrading logrotate configuration..." # Use logrotate to manage app-specific logfile(s) ynh_use_logrotate --non-append @@ -404,7 +418,7 @@ ynh_use_logrotate --non-append #================================================= # SETUP FAIL2BAN #================================================= -ynh_print_info "Reconfiguring fail2ban..." +ynh_script_progression --message="Reconfiguring fail2ban..." --weight=7 # Create a dedicated fail2ban config ynh_add_fail2ban_config --logpath="/home/yunohost.app/$app/data/nextcloud.log" --failregex="^.*Login failed: '.*' \(Remote IP: ''.*$" --max_retry=5 @@ -414,18 +428,18 @@ ynh_add_fail2ban_config --logpath="/home/yunohost.app/$app/data/nextcloud.log" - #================================================= # SETUP SSOWAT #================================================= -ynh_print_info "Upgrading SSOwat configuration..." +ynh_script_progression --message="Upgrading SSOwat configuration..." --weight=2 -ynh_app_setting_set $app unprotected_uris "/" -ynh_app_setting_set $app skipped_regex \ - "$(sed 's/[\.\-]/\%&/g' <<< $domain)/%.well%-known/.*" +ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" +ynh_app_setting_set --app=$app --key=skipped_regex \ + --value="$(sed 's/[\.\-]/\%&/g' <<< $domain)/%.well%-known/.*" #================================================= # RELOAD NGINX #================================================= -ynh_print_info "Reloading nginx web server..." +ynh_script_progression --message="Reloading nginx web server..." -systemctl reload nginx +ynh_systemd_action --service_name=nginx --action=reload #================================================= # FINISH MIGRATION PROCESS @@ -433,7 +447,7 @@ systemctl reload nginx if [ $migration_process -eq 1 ] then - ynh_print_info "ownCloud has been successfully migrated to Nextcloud! \ + ynh_print_info --message="ownCloud has been successfully migrated to Nextcloud! \ A last scheduled operation will run in a couple of minutes to finish the \ migration in YunoHost side. Do not proceed any application operation while \ you don't see Nextcloud as installed." @@ -441,8 +455,8 @@ you don't see Nextcloud as installed." # Execute a post migration script after the end of this upgrade. # Mainly for some cleaning script_post_migration=owncloud_post_migration.sh - ynh_replace_string "__OLD_APP__" "$old_app" ../conf/$script_post_migration - ynh_replace_string "__NEW_APP__" "$app" ../conf/$script_post_migration + ynh_replace_string --match_string="__OLD_APP__" --replace_string="$old_app" --target_file=../conf/$script_post_migration + ynh_replace_string --match_string="__NEW_APP__" --replace_string="$app" --target_file=../conf/$script_post_migration cp ../conf/$script_post_migration /tmp chmod +x /tmp/$script_post_migration (cd /tmp; echo "/tmp/$script_post_migration > /tmp/$script_post_migration.log 2>&1" | at now + 2 minutes) @@ -452,4 +466,4 @@ fi # END OF SCRIPT #================================================= -ynh_print_info "Upgrade of $app completed" +ynh_script_progression --message="Upgrade of $app completed" --last From 33c2c7f8740307b6fbb79c1252c158cd84fb7461 Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Sat, 6 Jul 2019 22:41:03 +0200 Subject: [PATCH 31/31] Upgrade to upstream version 15.0.9 --- README.md | 2 +- manifest.json | 2 +- scripts/upgrade.d/upgrade.last.sh | 4 +- .../app-00-add-logout_url-conf.patch | 58 ++----------------- 4 files changed, 10 insertions(+), 56 deletions(-) diff --git a/README.md b/README.md index 16a8a7c..2ee59a9 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to own data. A personal cloud which run on your own server. With Nextcloud you can synchronize your files over your devices. -**Shipped version:** 15.0.7 +**Shipped version:** 15.0.9 ## Screenshots diff --git a/manifest.json b/manifest.json index da51998..07e7cac 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Access & share your files, calendars, contacts, mail & more from any device, on your terms", "fr": "Consultez et partagez vos fichiers, agendas, carnets d'adresses, emails et bien plus depuis les appareils de votre choix, sous vos conditions" }, - "version": "15.0.7~ynh1", + "version": "15.0.9~ynh1", "url": "https://nextcloud.com", "license": "AGPL-3.0", "maintainer": { diff --git a/scripts/upgrade.d/upgrade.last.sh b/scripts/upgrade.d/upgrade.last.sh index b576bdc..f0da93d 100755 --- a/scripts/upgrade.d/upgrade.last.sh +++ b/scripts/upgrade.d/upgrade.last.sh @@ -1,10 +1,10 @@ #!/bin/bash # Last available nextcloud version -next_version="15.0.7" +next_version="15.0.9" # Nextcloud tarball checksum sha256 -nextcloud_source_sha256="3e6158951fa72010ccd50dbeac05d8df162183f7bbc62a1c6c89ed7081fa9d49" +nextcloud_source_sha256="7b33e210f64fb94c9a92aa31f087136db73bdacd1aaa7df2905bc7c0887edd5c" # This function will only be executed upon applying the last upgrade referenced above last_upgrade_operations () { diff --git a/sources/patches_last_version/app-00-add-logout_url-conf.patch b/sources/patches_last_version/app-00-add-logout_url-conf.patch index 2e70ba7..07a9531 100644 --- a/sources/patches_last_version/app-00-add-logout_url-conf.patch +++ b/sources/patches_last_version/app-00-add-logout_url-conf.patch @@ -1,62 +1,16 @@ - core/Controller/LoginController.php | 25 ++++++++++++++----------- - 1 file changed, 14 insertions(+), 11 deletions(-) - diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php -index 182d2bc106..82523e306e 100644 +index f83b03bc90..568e20dcd7 100644 --- a/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php -@@ -95,13 +95,13 @@ class LoginController extends Controller { - * @param Throttler $throttler - */ - public function __construct($appName, -- IRequest $request, -- IUserManager $userManager, -- IConfig $config, -- ISession $session, -- IUserSession $userSession, -- IURLGenerator $urlGenerator, -- ILogger $logger, -+ IRequest $request, -+ IUserManager $userManager, -+ IConfig $config, -+ ISession $session, -+ IUserSession $userSession, -+ IURLGenerator $urlGenerator, -+ ILogger $logger, - Manager $twoFactorManager, - Defaults $defaults, - Throttler $throttler) { @@ -130,7 +130,10 @@ class LoginController extends Controller { } $this->userSession->logout(); - + - $response = new RedirectResponse($this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm')); + $redirectUrl = $this->config->getSystemValue('logout_url', -+ $this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm') -+ ); ++ $this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm')); ++ + $response = new RedirectResponse($redirectUrl); + $this->session->set('clearingExecutionContexts', '1'); + $this->session->close(); $response->addHeader('Clear-Site-Data', '"cache", "storage", "executionContexts"'); - return $response; - } -@@ -303,10 +306,10 @@ class LoginController extends Controller { - $previousUser = $user; - $user = $users[0]->getUID(); - if($user !== $previousUser) { -- $loginResult = $this->userManager->checkPassword($user, $password); -- } -+ $loginResult = $this->userManager->checkPassword($user, $password); - } - } -+ } - - if ($loginResult === false) { - $this->logger->warning('Login failed: \''. $user . -@@ -314,7 +317,7 @@ class LoginController extends Controller { - ['app' => 'core']); - return $this->createLoginFailedResponse($user, $originalUser, - $redirect_url, self::LOGIN_MSG_INVALIDPASSWORD); -- } -+ } - - // TODO: remove password checks from above and let the user session handle failures - // requires https://github.com/owncloud/core/pull/24616