From 7f9cc6a9a85e93c79a29af4178b855412e2b0ced Mon Sep 17 00:00:00 2001 From: Rafi594 Date: Sun, 3 Feb 2019 15:05:38 +0100 Subject: [PATCH 01/15] Add fail2ban --- conf/nginx.conf | 1 + scripts/experimental_helper.sh | 268 +++++++++++++++++++++++++++++++++ scripts/install | 5 + scripts/restore | 5 + scripts/upgrade | 5 + 5 files changed, 284 insertions(+) diff --git a/conf/nginx.conf b/conf/nginx.conf index 36617de..64873d7 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -5,6 +5,7 @@ location __PATH__/ { proxy_buffering off; fastcgi_param REMOTE_USER $remote_user; client_max_body_size 50M; + proxy_set_header X-Real-IP $remote_addr; # Force https if ($scheme = http) { diff --git a/scripts/experimental_helper.sh b/scripts/experimental_helper.sh index 600a653..7564ede 100644 --- a/scripts/experimental_helper.sh +++ b/scripts/experimental_helper.sh @@ -58,4 +58,272 @@ ynh_check_starting () { echo "" ynh_clean_check_starting +} + +# Fail2ban + +# Need also the helper https://github.com/YunoHost-Apps/Experimental_helpers/blob/master/ynh_handle_getopts_args/ynh_handle_getopts_args + +# Create a dedicated fail2ban config (jail and filter conf files) +# +# usage: ynh_add_fail2ban_config log_file filter [max_retry [ports]] +# | arg: -l, --logpath= - Log file to be checked by fail2ban +# | arg: -r, --failregex= - Failregex to be looked for by fail2ban +# | arg: -m, --max_retry= - Maximum number of retries allowed before banning IP address - default: 3 +# | arg: -p, --ports= - Ports blocked for a banned IP address - default: http,https +ynh_add_fail2ban_config () { + # Declare an array to define the options of this helper. + declare -Ar args_array=( [l]=logpath= [r]=failregex= [m]=max_retry= [p]=ports= ) + local logpath + local failregex + local max_retry + local ports + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + max_retry=${max_retry:-3} + ports=${ports:-http,https} + + test -n "$logpath" || ynh_die "ynh_add_fail2ban_config expects a logfile path as first argument and received nothing." + test -n "$failregex" || ynh_die "ynh_add_fail2ban_config expects a failure regex as second argument and received nothing." + + finalfail2banjailconf="/etc/fail2ban/jail.d/$app.conf" + finalfail2banfilterconf="/etc/fail2ban/filter.d/$app.conf" + ynh_backup_if_checksum_is_different "$finalfail2banjailconf" 1 + ynh_backup_if_checksum_is_different "$finalfail2banfilterconf" 1 + + sudo tee $finalfail2banjailconf <&2 + echo "WARNING${fail2ban_error#*WARNING}" >&2 + fi +} + +# Remove the dedicated fail2ban config (jail and filter conf files) +# +# usage: ynh_remove_fail2ban_config +ynh_remove_fail2ban_config () { + ynh_secure_remove "/etc/fail2ban/jail.d/$app.conf" + ynh_secure_remove "/etc/fail2ban/filter.d/$app.conf" + if [ "$(lsb_release --codename --short)" != "jessie" ]; then + systemctl reload fail2ban + else + systemctl restart fail2ban + fi +} + +# Internal helper design to allow helpers to use getopts to manage their arguments +# +# example: function my_helper() +# { +# declare -Ar args_array=( [a]=arg1= [b]=arg2= [c]=arg3 ) +# local arg1 +# local arg2 +# local arg3 +# ynh_handle_getopts_args "$@" +# +# [...] +# } +# my_helper --arg1 "val1" -b val2 -c +# +# usage: ynh_handle_getopts_args "$@" +# | arg: $@ - Simply "$@" to tranfert all the positionnal arguments to the function +# +# This helper need an array, named "args_array" with all the arguments used by the helper +# that want to use ynh_handle_getopts_args +# Be carreful, this array has to be an associative array, as the following example: +# declare -Ar args_array=( [a]=arg1 [b]=arg2= [c]=arg3 ) +# Let's explain this array: +# a, b and c are short options, -a, -b and -c +# arg1, arg2 and arg3 are the long options associated to the previous short ones. --arg1, --arg2 and --arg3 +# For each option, a short and long version has to be defined. +# Let's see something more significant +# declare -Ar args_array=( [u]=user [f]=finalpath= [d]=database ) +# +# NB: Because we're using 'declare' without -g, the array will be declared as a local variable. +# +# Please keep in mind that the long option will be used as a variable to store the values for this option. +# For the previous example, that means that $finalpath will be fill with the value given as argument for this option. +# +# Also, in the previous example, finalpath has a '=' at the end. That means this option need a value. +# So, the helper has to be call with --finalpath /final/path, --finalpath=/final/path or -f /final/path, the variable $finalpath will get the value /final/path +# If there's many values for an option, -f /final /path, the value will be separated by a ';' $finalpath=/final;/path +# For an option without value, like --user in the example, the helper can be called only with --user or -u. $user will then get the value 1. +# +# To keep a retrocompatibility, a package can still call a helper, using getopts, with positional arguments. +# The "legacy mode" will manage the positional arguments and fill the variable in the same order than they are given in $args_array. +# e.g. for `my_helper "val1" val2`, arg1 will be filled with val1, and arg2 with val2. +ynh_handle_getopts_args () { + # Manage arguments only if there's some provided + set +x + if [ $# -ne 0 ] + then + # Store arguments in an array to keep each argument separated + local arguments=("$@") + + # For each option in the array, reduce to short options for getopts (e.g. for [u]=user, --user will be -u) + # And built parameters string for getopts + # ${!args_array[@]} is the list of all keys in the array (A key is 'u' in [u]=user, user is a value) + local getopts_parameters="" + local key="" + for key in "${!args_array[@]}" + do + # Concatenate each keys of the array to build the string of arguments for getopts + # Will looks like 'abcd' for -a -b -c -d + # If the value of a key finish by =, it's an option with additionnal values. (e.g. --user bob or -u bob) + # Check the last character of the value associate to the key + if [ "${args_array[$key]: -1}" = "=" ] + then + # For an option with additionnal values, add a ':' after the letter for getopts. + getopts_parameters="${getopts_parameters}${key}:" + else + getopts_parameters="${getopts_parameters}${key}" + fi + # Check each argument given to the function + local arg="" + # ${#arguments[@]} is the size of the array + for arg in `seq 0 $(( ${#arguments[@]} - 1 ))` + do + # And replace long option (value of the key) by the short option, the key itself + # (e.g. for [u]=user, --user will be -u) + # Replace long option with = + arguments[arg]="${arguments[arg]//--${args_array[$key]}/-${key} }" + # And long option without = + arguments[arg]="${arguments[arg]//--${args_array[$key]%=}/-${key}}" + done + done + + # Read and parse all the arguments + # Use a function here, to use standart arguments $@ and be able to use shift. + parse_arg () { + # Read all arguments, until no arguments are left + while [ $# -ne 0 ] + do + # Initialize the index of getopts + OPTIND=1 + # Parse with getopts only if the argument begin by -, that means the argument is an option + # getopts will fill $parameter with the letter of the option it has read. + local parameter="" + getopts ":$getopts_parameters" parameter || true + + if [ "$parameter" = "?" ] + then + ynh_die "Invalid argument: -${OPTARG:-}" + elif [ "$parameter" = ":" ] + then + ynh_die "-$OPTARG parameter requires an argument." + else + local shift_value=1 + # Use the long option, corresponding to the short option read by getopts, as a variable + # (e.g. for [u]=user, 'user' will be used as a variable) + # Also, remove '=' at the end of the long option + # The variable name will be stored in 'option_var' + local option_var="${args_array[$parameter]%=}" + # If this option doesn't take values + # if there's a '=' at the end of the long option name, this option takes values + if [ "${args_array[$parameter]: -1}" != "=" ] + then + # 'eval ${option_var}' will use the content of 'option_var' + eval ${option_var}=1 + else + # Read all other arguments to find multiple value for this option. + # Load args in a array + local all_args=("$@") + + # If the first argument is longer than 2 characters, + # There's a value attached to the option, in the same array cell + if [ ${#all_args[0]} -gt 2 ]; then + # Remove the option and the space, so keep only the value itself. + all_args[0]="${all_args[0]#-${parameter} }" + # Reduce the value of shift, because the option has been removed manually + shift_value=$(( shift_value - 1 )) + fi + + # Then read the array value per value + for i in `seq 0 $(( ${#all_args[@]} - 1 ))` + do + # If this argument is an option, end here. + if [ "${all_args[$i]:0:1}" == "-" ] || [ -z "${all_args[$i]}" ] + then + # Ignore the first value of the array, which is the option itself + if [ "$i" -ne 0 ]; then + break + fi + else + # Declare the content of option_var as a variable. + eval ${option_var}="" + # Else, add this value to this option + # Each value will be separated by ';' + if [ -n "${!option_var}" ] + then + # If there's already another value for this option, add a ; before adding the new value + eval ${option_var}+="\;" + fi + eval ${option_var}+=\"${all_args[$i]}\" + shift_value=$(( shift_value + 1 )) + fi + done + fi + fi + + # Shift the parameter and its argument(s) + shift $shift_value + done + } + + # LEGACY MODE + # Check if there's getopts arguments + if [ "${arguments[0]:0:1}" != "-" ] + then + # If not, enter in legacy mode and manage the arguments as positionnal ones. + echo "! Helper used in legacy mode !" + for i in `seq 0 $(( ${#arguments[@]} -1 ))` + do + # Use getopts_parameters as a list of key of the array args_array + # Remove all ':' in getopts_parameters + getopts_parameters=${getopts_parameters//:} + # Get the key from getopts_parameters, by using the key according to the position of the argument. + key=${getopts_parameters:$i:1} + # Use the long option, corresponding to the key, as a variable + # (e.g. for [u]=user, 'user' will be used as a variable) + # Also, remove '=' at the end of the long option + # The variable name will be stored in 'option_var' + local option_var="${args_array[$key]%=}" + + # Store each value given as argument in the corresponding variable + # The values will be stored in the same order than $args_array + eval ${option_var}+=\"${arguments[$i]}\" + done + else + # END LEGACY MODE + # Call parse_arg and pass the modified list of args as an array of arguments. + parse_arg "${arguments[@]}" + fi + fi + set -x } \ No newline at end of file diff --git a/scripts/install b/scripts/install index 9fee527..7e86e05 100644 --- a/scripts/install +++ b/scripts/install @@ -94,6 +94,11 @@ ynh_replace_string "__ADMIN__" "$admin" ../conf/login_source.sql ynh_replace_string "__APP__" "$app" ../conf/login_source.sql ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql +#================================================= +# SETUP FAIL2BAN +#================================================= +ynh_add_fail2ban_config "/var/log/$app/$app.log" ".*Failed authentication attempt for .* from " 5 + #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/restore b/scripts/restore index c3c06f5..b578fd5 100644 --- a/scripts/restore +++ b/scripts/restore @@ -48,6 +48,11 @@ ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ./db.sql systemctl daemon-reload systemctl enable "$app".service +#================================================= +# SETUP FAIL2BAN +#================================================= +ynh_add_fail2ban_config "/var/log/$app/$app.log" ".*Failed authentication attempt for .* from " 5 + #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 54b53b6..575c94e 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -99,6 +99,11 @@ ynh_add_systemd_config # Modify Nginx configuration file and copy it to Nginx conf directory config_nginx +#================================================= +# SETUP FAIL2BAN +#================================================= +ynh_add_fail2ban_config "/var/log/$app/$app.log" ".*Failed authentication attempt for .* from " 5 + #================================================= # GENERIC FINALIZATION #================================================= From df021cc5603dcdba97ad67facd665c40723fca79 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Sun, 9 Jun 2019 21:05:14 +0200 Subject: [PATCH 02/15] Add arguments for all helper call --- conf/app.ini | 2 +- conf/gogs_post_migration.sh | 2 +- scripts/_common.sh | 28 ++++++++++++++-------------- scripts/backup | 4 ++-- scripts/change_url | 10 +++++----- scripts/experimental_helper.sh | 4 ++-- scripts/install | 14 +++++++------- scripts/remove | 8 ++++---- scripts/restore | 10 +++++----- scripts/upgrade | 30 +++++++++++++++--------------- 10 files changed, 56 insertions(+), 56 deletions(-) diff --git a/conf/app.ini b/conf/app.ini index e06c763..34d357c 100644 --- a/conf/app.ini +++ b/conf/app.ini @@ -18,7 +18,7 @@ DOMAIN = __DOMAIN__ HTTP_PORT = __PORT__ ROOT_URL = https://__URL__/ DISABLE_SSH = false -SSH_PORT = __SSH_PORT_ +SSH_PORT = __SSH_PORT__ OFFLINE_MODE = false APP_DATA_PATH = __DATA_PATH__ LANDING_PAGE = explore diff --git a/conf/gogs_post_migration.sh b/conf/gogs_post_migration.sh index 5d71529..e4065ff 100644 --- a/conf/gogs_post_migration.sh +++ b/conf/gogs_post_migration.sh @@ -22,7 +22,7 @@ script_name="$0" # DELETE OLD APP'S SETTINGS #================================================= -ynh_secure_remove "/etc/yunohost/apps/$old_app" +ynh_secure_remove --file="/etc/yunohost/apps/$old_app" yunohost app ssowatconf #================================================= diff --git a/scripts/_common.sh b/scripts/_common.sh index b57a1de..f165264 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -49,29 +49,29 @@ config_nginx() { config_gitea() { ssh_port=$(grep -P "Port\s+\d+" /etc/ssh/sshd_config | grep -P -o "\d+") - ynh_backup_if_checksum_is_different "$final_path/custom/conf/app.ini" + ynh_backup_if_checksum_is_different --file "$final_path/custom/conf/app.ini" cp ../conf/app.ini "$final_path/custom/conf" usermod -s /bin/bash $app if [ "$path_url" = "/" ] then - ynh_replace_string "__URL__" "$domain" "$final_path/custom/conf/app.ini" + ynh_replace_string --match_string __URL__ --replace_string "$domain" --target_file "$final_path/custom/conf/app.ini" else ynh_replace_string "__URL__" "$domain${path_url%/}" "$final_path/custom/conf/app.ini" fi - ynh_replace_string "__REPOS_PATH__" "$REPO_PATH" "$final_path/custom/conf/app.ini" - ynh_replace_string "__DB_PASSWORD__" "$dbpass" "$final_path/custom/conf/app.ini" - ynh_replace_string "__DB_USER__" "$dbuser" "$final_path/custom/conf/app.ini" - ynh_replace_string "__DOMAIN__" "$domain" "$final_path/custom/conf/app.ini" - ynh_replace_string "__KEY__" "$key" "$final_path/custom/conf/app.ini" - ynh_replace_string "__DATA_PATH__" "$DATA_PATH" "$final_path/custom/conf/app.ini" - ynh_replace_string "__PORT__" $port "$final_path/custom/conf/app.ini" - ynh_replace_string "__APP__" $app "$final_path/custom/conf/app.ini" - ynh_replace_string "__SSH_PORT_" $ssh_port "$final_path/custom/conf/app.ini" + ynh_replace_string --match_string __REPOS_PATH__ --replace_string "$REPO_PATH" --target_file "$final_path/custom/conf/app.ini" + ynh_replace_string --match_string __DB_PASSWORD__ --replace_string "$dbpass" --target_file "$final_path/custom/conf/app.ini" + ynh_replace_string --match_string __DB_USER__ --replace_string "$dbuser" --target_file "$final_path/custom/conf/app.ini" + ynh_replace_string --match_string __DOMAIN__ --replace_string "$domain" --target_file "$final_path/custom/conf/app.ini" + ynh_replace_string --match_string __KEY__ --replace_string "$key" --target_file "$final_path/custom/conf/app.ini" + ynh_replace_string --match_string __DATA_PATH__ --replace_string "$DATA_PATH" --target_file "$final_path/custom/conf/app.ini" + ynh_replace_string --match_string __PORT__ --replace_string $port --target_file "$final_path/custom/conf/app.ini" + ynh_replace_string --match_string __APP__ --replace_string $app --target_file "$final_path/custom/conf/app.ini" + ynh_replace_string --match_string __SSH_PORT__ --replace_string $ssh_port --target_file "$final_path/custom/conf/app.ini" - ynh_store_file_checksum "$final_path/custom/conf/app.ini" + ynh_store_file_checksum --file "$final_path/custom/conf/app.ini" } set_permission() { @@ -89,7 +89,7 @@ set_permission() { set_access_settings() { if [ "$is_public" = '1' ] then - ynh_app_setting_set $app unprotected_uris "/" + ynh_app_setting_set --app $app --key unprotected_uris --value "/" else # For an access to the git server by https in private mode we need to allow the access to theses URL : # - "DOMAIN/PATH/USER/REPOSITORY/info/refs" @@ -100,6 +100,6 @@ set_access_settings() { excaped_domain=${excaped_domain//'-'/'%-'} excaped_path=${path_url//'.'/'%.'} excaped_path=${excaped_path//'-'/'%-'} - ynh_app_setting_set $app skipped_regex "$excaped_domain$excaped_path/[%w-.]*/[%w-.]*/git%-receive%-pack,$excaped_domain$excaped_path/[%w-.]*/[%w-.]*/git%-upload%-pack,$excaped_domain$excaped_path/[%w-.]*/[%w-.]*/info/refs" + ynh_app_setting_set --app $app --key skipped_regex --value "$excaped_domain$excaped_path/[%w-.]*/[%w-.]*/git%-receive%-pack,$excaped_domain$excaped_path/[%w-.]*/[%w-.]*/git%-upload%-pack,$excaped_domain$excaped_path/[%w-.]*/[%w-.]*/info/refs" fi } diff --git a/scripts/backup b/scripts/backup index 772fae0..6987560 100644 --- a/scripts/backup +++ b/scripts/backup @@ -15,7 +15,7 @@ source ../settings/scripts/experimental_helper.sh source ../settings/scripts/_common.sh # Retrieve app settings -domain=$(ynh_app_setting_get "$app" domain) +domain=$(ynh_app_setting_get --app $app --key domain) #================================================= # STANDARD BACKUP STEPS @@ -35,4 +35,4 @@ ynh_backup "/etc/systemd/system/${app}.service" ynh_backup "/var/log/$app" # Dump the database -ynh_mysql_dump_db "$dbname" > ./db.sql \ No newline at end of file +ynh_mysql_dump_db "$dbname" > ./db.sql diff --git a/scripts/change_url b/scripts/change_url index 87eea15..804a0c5 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -22,10 +22,10 @@ domain=$YNH_APP_NEW_DOMAIN path_url=$(ynh_normalize_url_path ${YNH_APP_NEW_PATH:-'/'}) app=$YNH_APP_INSTANCE_NAME -dbpass=$(ynh_app_setting_get "$app" mysqlpwd) -admin=$(ynh_app_setting_get "$app" adminusername) -key=$(ynh_app_setting_get "$app" secret_key) -port=$(ynh_app_setting_get "$app" web_port) +dbpass=$(ynh_app_setting_get --app $app --key mysqlpwd) +admin=$(ynh_app_setting_get --app $app --key adminusername) +key=$(ynh_app_setting_get --app $app --key secret_key) +port=$(ynh_app_setting_get --app $app --key web_port) #================================================= # STANDARD MODIFICATIONS @@ -55,4 +55,4 @@ sleep 1 # Store the checksum with the 'INTERNAL_TOKEN' value. # Should be removed when the issue https://github.com/go-gitea/gitea/issues/3246 is fixed -ynh_store_file_checksum "$final_path/custom/conf/app.ini" +ynh_store_file_checksum --file "$final_path/custom/conf/app.ini" diff --git a/scripts/experimental_helper.sh b/scripts/experimental_helper.sh index 6ce0371..e7c9bec 100644 --- a/scripts/experimental_helper.sh +++ b/scripts/experimental_helper.sh @@ -95,7 +95,7 @@ ynh_systemd_action() { ynh_clean_check_starting () { # Stop the execution of tail. kill -s 15 $pid_tail 2>&1 - ynh_secure_remove "$templog" 2>&1 + ynh_secure_remove --file="$templog" 2>&1 } # Read the value of a key in a ynh manifest file @@ -352,7 +352,7 @@ ynh_handle_app_migration () { # Remove the old database ynh_mysql_remove_db $db_name $db_name # And the dump - ynh_secure_remove "$sql_dump" + ynh_secure_remove --file="$sql_dump" # Update the value of $db_name db_name=$new_db_name diff --git a/scripts/install b/scripts/install index 40deb45..2d294af 100644 --- a/scripts/install +++ b/scripts/install @@ -39,11 +39,11 @@ key=$(ynh_string_random) port=$(ynh_find_port 6000) # Store Settings -ynh_app_setting_set $app mysqlpwd $dbpass -ynh_app_setting_set $app adminusername $admin -ynh_app_setting_set $app is_public $is_public -ynh_app_setting_set $app secret_key $key -ynh_app_setting_set $app web_port $port +ynh_app_setting_set --app $app --key mysqlpwd --value $dbpass +ynh_app_setting_set --app $app --key adminusername --value $admin +ynh_app_setting_set --app $app --key is_public --value $is_public +ynh_app_setting_set --app $app --key secret_key --value $key +ynh_app_setting_set --app $app --key web_port --value $port #================================================= # STANDARD MODIFICATIONS @@ -113,7 +113,7 @@ yunohost service add "$app" --log "/var/log/$app/$app.log" ynh_use_logrotate "/var/log/$app" # Save Version -ynh_app_setting_set $app upstream_version $(ynh_app_upstream_version) +ynh_app_setting_set --app $app --key upstream_version --value $(ynh_app_upstream_version) # Reload services ynh_systemd_action -l "Serving \[::\]:$port with pid" -p "systemd" @@ -121,4 +121,4 @@ sleep 1 # Store the checksum with the 'INTERNAL_TOKEN' value. # Should be removed when the issue https://github.com/go-gitea/gitea/issues/3246 is fixed -ynh_store_file_checksum "$final_path/custom/conf/app.ini" +ynh_store_file_checksum --file "$final_path/custom/conf/app.ini" diff --git a/scripts/remove b/scripts/remove index 8207695..67b0ef0 100644 --- a/scripts/remove +++ b/scripts/remove @@ -23,12 +23,12 @@ ynh_mysql_drop_db "$dbname" 2>/dev/null ynh_mysql_drop_user "$dbuser" 2>/dev/null # Retrieve domain from app settings -domain=$(ynh_app_setting_get "$app" domain) +domain=$(ynh_app_setting_get --app $app --key domain) # Delete app directory and configurations -ynh_secure_remove "$final_path" -ynh_secure_remove "$DATADIR" -ynh_secure_remove "/var/log/$app" +ynh_secure_remove --file="$final_path" +ynh_secure_remove --file="$DATADIR" +ynh_secure_remove --file="/var/log/$app" # Remove the app-specific logrotate config ynh_remove_logrotate diff --git a/scripts/restore b/scripts/restore index c13cf0d..f83803f 100644 --- a/scripts/restore +++ b/scripts/restore @@ -15,11 +15,11 @@ source ../settings/scripts/experimental_helper.sh source ../settings/scripts/_common.sh # Retrieve old app settings -domain=$(ynh_app_setting_get "$app" domain) -path_url=$(ynh_app_setting_get "$app" path) -dbpass=$(ynh_app_setting_get "$app" mysqlpwd) -admin=$(ynh_app_setting_get "$app" adminusername) -port=$(ynh_app_setting_get "$app" web_port) +domain=$(ynh_app_setting_get --app $app --key domain) +path_url=$(ynh_app_setting_get --app $app --key path) +dbpass=$(ynh_app_setting_get --app $app --key mysqlpwd) +admin=$(ynh_app_setting_get --app $app --key adminusername) +port=$(ynh_app_setting_get --app $app --key web_port) # Check domain/path availability with app helper ynh_webpath_available $domain $path_url || ynh_die "$domain is not available as domain, please use an other domain." diff --git a/scripts/upgrade b/scripts/upgrade index 127e9bd..112a8c4 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -15,14 +15,14 @@ source ./experimental_helper.sh source ./_common.sh # Retrieve app settings -domain=$(ynh_app_setting_get "$app" domain) -path_url=$(ynh_normalize_url_path $(ynh_app_setting_get "$app" path)) -dbpass=$(ynh_app_setting_get "$app" mysqlpwd) -admin=$(ynh_app_setting_get "$app" adminusername) -key=$(ynh_app_setting_get "$app" secret_key) -is_public=$(ynh_app_setting_get "$app" is_public) -port=$(ynh_app_setting_get "$app" web_port) -upstream_version=$(ynh_app_setting_get $app upstream_version) +domain=$(ynh_app_setting_get --app $app --key domain) +path_url=$(ynh_normalize_url_path $(ynh_app_setting_get --app $app --key path)) +dbpass=$(ynh_app_setting_get --app $app --key mysqlpwd) +admin=$(ynh_app_setting_get --app $app --key adminusername) +key=$(ynh_app_setting_get --app $app --key secret_key) +is_public=$(ynh_app_setting_get --app $app --key is_public) +port=$(ynh_app_setting_get --app $app --key web_port) +upstream_version=$(ynh_app_setting_get --app $app --key upstream_version) # Backup the current version of the app ynh_backup_before_upgrade @@ -58,8 +58,8 @@ if [[ $migration_process -eq 1 ]]; then ynh_die "Unable to create $app system account" # Clean old binary - ynh_secure_remove $final_path/gogs - ynh_secure_remove $final_path/custom/conf/auth.d + ynh_secure_remove --file=$final_path/gogs + ynh_secure_remove --file=$final_path/custom/conf/auth.d # Restore authentication from SQL database ynh_replace_string "__ADMIN__" "$admin" ../conf/login_source.sql @@ -69,10 +69,10 @@ if [[ $migration_process -eq 1 ]]; then # Fix hooks if [[ -e $REPO_PATH ]];then ls $REPO_PATH/*/*.git/hooks/pre-receive | while read p; do - ynh_secure_remove $p + ynh_secure_remove --file=$p done ls $REPO_PATH/*/*.git/hooks/post-receive | while read p; do - ynh_secure_remove $p + ynh_secure_remove --file=$p done fi @@ -84,7 +84,7 @@ fi #================================================= # Clean template to fix issue : https://github.com/gogits/gogs/issues/4585 -ynh_secure_remove "/opt/$app/templates" +ynh_secure_remove --file="/opt/$app/templates" # Configure gitea with app.ini file config_gitea @@ -168,7 +168,7 @@ ynh_setup_source $final_path source/$architecture set_permission # Save Version -ynh_app_setting_set $app upstream_version $(ynh_app_upstream_version) +ynh_app_setting_set --app $app --key upstream_version --value $(ynh_app_upstream_version) # Unprotect root from SSO if public set_access_settings @@ -179,7 +179,7 @@ sleep 1 # Store the checksum with the 'INTERNAL_TOKEN' value. # Should be removed when the issue https://github.com/go-gitea/gitea/issues/3246 is fixed -ynh_store_file_checksum "$final_path/custom/conf/app.ini" +ynh_store_file_checksum --file "$final_path/custom/conf/app.ini" #================================================= # FINISH MIGRATION PROCESS From 7f57b921706d7b906829c139959dd94d87f3f099 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Thu, 1 Aug 2019 14:01:41 +0200 Subject: [PATCH 03/15] Clean experimental helper --- manifest.json | 2 +- scripts/experimental_helper.sh | 63 +--------------------------------- 2 files changed, 2 insertions(+), 63 deletions(-) diff --git a/manifest.json b/manifest.json index 37df4e4..94a0d04 100644 --- a/manifest.json +++ b/manifest.json @@ -20,7 +20,7 @@ "mysql" ], "requirements": { - "yunohost": ">= 2.7.9" + "yunohost": ">= 3.5.2.2" }, "arguments": { "install" : [ diff --git a/scripts/experimental_helper.sh b/scripts/experimental_helper.sh index e7c9bec..a612477 100644 --- a/scripts/experimental_helper.sh +++ b/scripts/experimental_helper.sh @@ -1,14 +1,3 @@ -# Delete a file checksum from the app settings -# -# $app should be defined when calling this helper -# -# usage: ynh_remove_file_checksum file -# | arg: file - The file for which the checksum will be deleted -ynh_delete_file_checksum () { - local checksum_setting_name=checksum_${1//[\/ ]/_} # Replace all '/' and ' ' by '_' - ynh_app_setting_delete $app $checksum_setting_name -} - # Start (or other actions) a service, print a log in case of failure and optionnaly wait until the service is completely started # # usage: ynh_systemd_action [-n service_name] [-a action] [ [-l "line to match"] [-p log_path] [-t timeout] [-e length] ] @@ -88,56 +77,6 @@ ynh_systemd_action() { fi } -# Clean temporary process and file used by ynh_check_starting -# (usually used in ynh_clean_setup scripts) -# -# usage: ynh_clean_check_starting -ynh_clean_check_starting () { - # Stop the execution of tail. - kill -s 15 $pid_tail 2>&1 - ynh_secure_remove --file="$templog" 2>&1 -} - -# Read the value of a key in a ynh manifest file -# -# usage: ynh_read_manifest manifest key -# | arg: -m, --manifest= - Path of the manifest to read -# | arg: -k, --key= - Name of the key to find -ynh_read_manifest () { - # Declare an array to define the options of this helper. - declare -Ar args_array=( [m]=manifest= [k]=manifest_key= ) - local manifest - local manifest_key - # Manage arguments with getopts - ynh_handle_getopts_args "$@" - - if [ ! -e "$manifest" ]; then - # If the manifest isn't found, try the common place for backup and restore script. - manifest="../settings/manifest.json" - fi - - jq ".$manifest_key" "$manifest" --raw-output -} - -# Read the upstream version from the manifest -# The version number in the manifest is defined by ~ynh -# For example : 4.3-2~ynh3 -# This include the number before ~ynh -# In the last example it return 4.3-2 -# -# usage: ynh_app_upstream_version [-m manifest] -# | arg: -m, --manifest= - Path of the manifest to read -ynh_app_upstream_version () { - declare -Ar args_array=( [m]=manifest= ) - local manifest - # Manage arguments with getopts - ynh_handle_getopts_args "$@" - - manifest="${manifest:-../manifest.json}" - version_key=$(ynh_read_manifest --manifest="$manifest" --manifest_key="version") - echo "${version_key/~ynh*/}" -} - # Execute a command as another user # usage: exec_as USER COMMAND [ARG ...] exec_as() { @@ -242,7 +181,7 @@ ynh_handle_app_migration () { if [ "$old_app_id" != "$migration_id" ] then # If the new app is not the authorized id, fail. - ynh_die "Incompatible application for migration from $old_app_id to $new_app_id" + ynh_die --message "Incompatible application for migration from $old_app_id to $new_app_id" fi echo "Migrate from $old_app_id to $new_app_id" >&2 From c09462555a51fcde11a2e62ee32010a0cef59529 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Thu, 1 Aug 2019 14:01:59 +0200 Subject: [PATCH 04/15] Use getop for helpers --- scripts/_common.sh | 2 +- scripts/backup | 10 +++++----- scripts/change_url | 4 ++-- scripts/install | 11 +++++------ scripts/restore | 8 ++++---- scripts/upgrade | 4 ++-- 6 files changed, 19 insertions(+), 20 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index f165264..6da9ba3 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -22,7 +22,7 @@ elif [ -n "$(uname -m | grep armv7)" ]; then elif [ -n "$(uname -m | grep arm)" ]; then architecture="arm" else - ynh_die "Unable to detect your achitecture, please open a bug describing \ + ynh_die --message "Unable to detect your achitecture, please open a bug describing \ your hardware and the result of the command \"uname -m\"." 1 fi diff --git a/scripts/backup b/scripts/backup index 6987560..8c43f5a 100644 --- a/scripts/backup +++ b/scripts/backup @@ -22,17 +22,17 @@ domain=$(ynh_app_setting_get --app $app --key domain) #================================================= # Copy the app source files -ynh_backup "$final_path" +ynh_backup --src_path "$final_path" # Copy the data files -ynh_backup "$DATADIR" +ynh_backup --src_path "$DATADIR" # Copy the conf files -ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" -ynh_backup "/etc/systemd/system/${app}.service" +ynh_backup --src_path "/etc/nginx/conf.d/${domain}.d/${app}.conf" +ynh_backup --src_path "/etc/systemd/system/${app}.service" # Backup logs -ynh_backup "/var/log/$app" +ynh_backup --src_path "/var/log/$app" # Dump the database ynh_mysql_dump_db "$dbname" > ./db.sql diff --git a/scripts/change_url b/scripts/change_url index 804a0c5..72b0d48 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -38,10 +38,10 @@ nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf # Change the domain for nginx if [[ "$old_domain" != "$domain" ]]; then # Delete file checksum for the old conf file location - ynh_delete_file_checksum "$nginx_conf_path" + ynh_delete_file_checksum --file "$nginx_conf_path" mv $nginx_conf_path /etc/nginx/conf.d/$domain.d/$app.conf # Store file checksum for the new config file location - ynh_store_file_checksum "/etc/nginx/conf.d/$domain.d/$app.conf" + ynh_store_file_checksum --file "/etc/nginx/conf.d/$domain.d/$app.conf" fi config_nginx diff --git a/scripts/install b/scripts/install index 2d294af..e49ddf0 100644 --- a/scripts/install +++ b/scripts/install @@ -20,16 +20,15 @@ path_url=$(ynh_normalize_url_path $YNH_APP_ARG_PATH) admin=$YNH_APP_ARG_ADMIN is_public=$YNH_APP_ARG_IS_PUBLIC -# Check domain/path availability -ynh_webpath_available $domain $path_url || ynh_die "$domain is not available as domain, please use an other domain." -ynh_webpath_register $app $domain $path_url +# Register (book) web path +ynh_webpath_register --app $app --domain $domain --path_url $path_url # Check user parameter ynh_user_exists "$admin" \ - || ynh_die "The chosen admin user does not exist." + || ynh_die --message "The chosen admin user does not exist." # Check Final Path availability -test ! -e "$final_path" || ynh_die "This path already contains a folder" +test ! -e "$final_path" || ynh_die --message "This path already contains a folder" # Generate random password and key dbpass=$(ynh_string_random) @@ -63,7 +62,7 @@ ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass" # We can't use the official helper (for now) because we need to set the shell for the login test getent passwd "$app" &>/dev/null || \ useradd -d "$DATADIR" --system --user-group "$app" --shell /bin/bash || \ - ynh_die "Unable to create $app system account" + ynh_die --message "Unable to create $app system account" # Should be replaced by this when getops is available in the helper ynh_system_user_create (probably in Yunohost 3.5) # ynh_system_user_create --username= $app --home_dir=/opt/yunohost/$app --use_shell diff --git a/scripts/restore b/scripts/restore index f83803f..15bf903 100644 --- a/scripts/restore +++ b/scripts/restore @@ -22,14 +22,14 @@ admin=$(ynh_app_setting_get --app $app --key adminusername) port=$(ynh_app_setting_get --app $app --key web_port) # Check domain/path availability with app helper -ynh_webpath_available $domain $path_url || ynh_die "$domain is not available as domain, please use an other domain." +ynh_webpath_available $domain $path_url || ynh_die --message "$domain is not available as domain, please use an other domain." # Check user parameter ynh_user_exists "$admin" \ - || ynh_die "The chosen admin user does not exist." + || ynh_die --message "The chosen admin user does not exist." # Check Final Path availability -test ! -e "$final_path" || ynh_die "This path already contains a folder" +test ! -e "$final_path" || ynh_die --message "This path already contains a folder" #================================================= # STANDARD RESTORATION STEPS @@ -39,7 +39,7 @@ test ! -e "$final_path" || ynh_die "This path already contains a folder" # We can't use the official helper (for now) because we need to set the shell for the login test getent passwd "$app" &>/dev/null || \ useradd -d "$DATADIR" --system --user-group "$app" --shell /bin/bash || \ - ynh_die "Unable to create $app system account" + ynh_die --message "Unable to create $app system account" # Should be replaced by this when getops is available in the helper ynh_system_user_create (probably in Yunohost 3.5) # ynh_system_user_create --username= $app --home_dir=/opt/yunohost/$app --use_shell diff --git a/scripts/upgrade b/scripts/upgrade index 112a8c4..988ff52 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -39,7 +39,7 @@ systemctl stop "$app".service [[ $YNH_APP_ID == "gogs" ]] \ && [[ "$(cat "/opt/$app/templates/.VERSION")" != 0.11.79.1211 ]] \ - && ynh_die "It look like that you have an old gogs install. You need first upgrade gogs instance (id : $gogs_migrate_id) and after migrate to gitea." + && ynh_die --message "It look like that you have an old gogs install. You need first upgrade gogs instance (id : $gogs_migrate_id) and after migrate to gitea." ynh_handle_app_migration gogs gogs_migrations if [[ $migration_process -eq 1 ]]; then @@ -55,7 +55,7 @@ if [[ $migration_process -eq 1 ]]; then ynh_system_user_delete $old_app test getent passwd "$app" &>/dev/null || \ useradd -d "$DATADIR" --system --user-group "$app" --shell /bin/bash || \ - ynh_die "Unable to create $app system account" + ynh_die --message "Unable to create $app system account" # Clean old binary ynh_secure_remove --file=$final_path/gogs From e84cd55ccb04cd316e78ca5fe628c66ffd0e105a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Thu, 1 Aug 2019 15:03:05 +0200 Subject: [PATCH 05/15] Update requirement --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index 37df4e4..8731e41 100644 --- a/manifest.json +++ b/manifest.json @@ -20,7 +20,7 @@ "mysql" ], "requirements": { - "yunohost": ">= 2.7.9" + "yunohost": ">= 3.6.4" }, "arguments": { "install" : [ From 4f8a085d1ca4ec0bb4e71e2b4f4113a3262b729a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Thu, 1 Aug 2019 15:06:04 +0200 Subject: [PATCH 06/15] Remove config in remove script --- scripts/remove | 3 +++ 1 file changed, 3 insertions(+) diff --git a/scripts/remove b/scripts/remove index 8207695..6ca92c1 100644 --- a/scripts/remove +++ b/scripts/remove @@ -45,4 +45,7 @@ ynh_remove_systemd_config # Remove monitor yunohost service remove "$app" +# Remove fail2ban config +ynh_remove_fail2ban_config + true # Do not fail if remove after install error From b91900cf6e7d78995d0e6e973c30cd3fbd9cbba8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Thu, 1 Aug 2019 15:06:08 +0200 Subject: [PATCH 07/15] Clean code --- scripts/install | 2 -- scripts/restore | 2 -- scripts/upgrade | 4 +--- 3 files changed, 1 insertion(+), 7 deletions(-) diff --git a/scripts/install b/scripts/install index 016bd26..2d4f975 100644 --- a/scripts/install +++ b/scripts/install @@ -99,9 +99,7 @@ ynh_replace_string "__ADMIN__" "$admin" ../conf/login_source.sql ynh_replace_string "__APP__" "$app" ../conf/login_source.sql ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql -#================================================= # SETUP FAIL2BAN -#================================================= ynh_add_fail2ban_config "/var/log/$app/$app.log" ".*Failed authentication attempt for .* from " 5 #================================================= diff --git a/scripts/restore b/scripts/restore index 60f8e96..3618823 100644 --- a/scripts/restore +++ b/scripts/restore @@ -54,9 +54,7 @@ ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ./db.sql systemctl daemon-reload systemctl enable "$app".service -#================================================= # SETUP FAIL2BAN -#================================================= ynh_add_fail2ban_config "/var/log/$app/$app.log" ".*Failed authentication attempt for .* from " 5 #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 24b32a6..9526ab1 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -157,12 +157,10 @@ case $upstream_version in ;& esac -# Install gitea +# Install gitea source ynh_setup_source $final_path source/$architecture -#================================================= # SETUP FAIL2BAN -#================================================= ynh_add_fail2ban_config "/var/log/$app/$app.log" ".*Failed authentication attempt for .* from " 5 #================================================= From 288aed693adcd1c753dd9ff6d0b692ccf7567def Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Thu, 1 Aug 2019 15:08:31 +0200 Subject: [PATCH 08/15] Use getop for fail2ban --- scripts/install | 2 +- scripts/restore | 2 +- scripts/upgrade | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/install b/scripts/install index 2d4f975..f635a2e 100644 --- a/scripts/install +++ b/scripts/install @@ -100,7 +100,7 @@ ynh_replace_string "__APP__" "$app" ../conf/login_source.sql ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql # SETUP FAIL2BAN -ynh_add_fail2ban_config "/var/log/$app/$app.log" ".*Failed authentication attempt for .* from " 5 +ynh_add_fail2ban_config --logpath "/var/log/$app/$app.log" --failregex ".*Failed authentication attempt for .* from " --max_retry 5 #================================================= # GENERIC FINALIZATION diff --git a/scripts/restore b/scripts/restore index 3618823..d2fedda 100644 --- a/scripts/restore +++ b/scripts/restore @@ -55,7 +55,7 @@ systemctl daemon-reload systemctl enable "$app".service # SETUP FAIL2BAN -ynh_add_fail2ban_config "/var/log/$app/$app.log" ".*Failed authentication attempt for .* from " 5 +ynh_add_fail2ban_config --logpath "/var/log/$app/$app.log" --failregex ".*Failed authentication attempt for .* from " --max_retry 5 #================================================= # GENERIC FINALIZATION diff --git a/scripts/upgrade b/scripts/upgrade index 9526ab1..04b45f5 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -161,7 +161,7 @@ esac ynh_setup_source $final_path source/$architecture # SETUP FAIL2BAN -ynh_add_fail2ban_config "/var/log/$app/$app.log" ".*Failed authentication attempt for .* from " 5 +ynh_add_fail2ban_config --logpath "/var/log/$app/$app.log" --failregex ".*Failed authentication attempt for .* from " --max_retry 5 #================================================= # GENERIC FINALIZATION From 6f65be494c5efa7fc19239b8e0d92b99e696b0a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Sat, 7 Sep 2019 11:05:06 +0200 Subject: [PATCH 09/15] Fix log path for fail2ban --- scripts/install | 2 +- scripts/restore | 2 +- scripts/upgrade | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/install b/scripts/install index f635a2e..73d1b0c 100644 --- a/scripts/install +++ b/scripts/install @@ -100,7 +100,7 @@ ynh_replace_string "__APP__" "$app" ../conf/login_source.sql ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql # SETUP FAIL2BAN -ynh_add_fail2ban_config --logpath "/var/log/$app/$app.log" --failregex ".*Failed authentication attempt for .* from " --max_retry 5 +ynh_add_fail2ban_config --logpath "/var/log/$app/gitea.log" --failregex ".*Failed authentication attempt for .* from " --max_retry 5 #================================================= # GENERIC FINALIZATION diff --git a/scripts/restore b/scripts/restore index d2fedda..b2a1bb0 100644 --- a/scripts/restore +++ b/scripts/restore @@ -55,7 +55,7 @@ systemctl daemon-reload systemctl enable "$app".service # SETUP FAIL2BAN -ynh_add_fail2ban_config --logpath "/var/log/$app/$app.log" --failregex ".*Failed authentication attempt for .* from " --max_retry 5 +ynh_add_fail2ban_config --logpath "/var/log/$app/gitea.log" --failregex ".*Failed authentication attempt for .* from " --max_retry 5 #================================================= # GENERIC FINALIZATION diff --git a/scripts/upgrade b/scripts/upgrade index 04b45f5..bbe0730 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -161,7 +161,7 @@ esac ynh_setup_source $final_path source/$architecture # SETUP FAIL2BAN -ynh_add_fail2ban_config --logpath "/var/log/$app/$app.log" --failregex ".*Failed authentication attempt for .* from " --max_retry 5 +ynh_add_fail2ban_config --logpath "/var/log/$app/gitea.log" --failregex ".*Failed authentication attempt for .* from " --max_retry 5 #================================================= # GENERIC FINALIZATION From a975fa6c539c41a690b332c4ed0f86f32ee1759f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Sat, 7 Sep 2019 12:58:51 +0200 Subject: [PATCH 10/15] Fix helper ynh_backup_if_checksum_is_different --- scripts/experimental_helper.sh | 36 ++++++++++++++++++++++++++++++++++ 1 file changed, 36 insertions(+) diff --git a/scripts/experimental_helper.sh b/scripts/experimental_helper.sh index 6ce0371..060f3ab 100644 --- a/scripts/experimental_helper.sh +++ b/scripts/experimental_helper.sh @@ -393,3 +393,39 @@ ynh_handle_app_migration () { migration_process=1 fi } + +# Verify the checksum and backup the file if it's different +# This helper is primarily meant to allow to easily backup personalised/manually +# modified config files. +# +# $app should be defined when calling this helper +# +# usage: ynh_backup_if_checksum_is_different --file=file +# | arg: -f, --file - The file on which the checksum test will be perfomed. +# | ret: the name of a backup file, or nothing +# +# Requires YunoHost version 2.6.4 or higher. +ynh_backup_if_checksum_is_different () { + # Declare an array to define the options of this helper. + local legacy_args=f + declare -Ar args_array=( [f]=file= ) + local file + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + local checksum_setting_name=checksum_${file//[\/ ]/_} # Replace all '/' and ' ' by '_' + local checksum_value=$(ynh_app_setting_get --app=$app --key=$checksum_setting_name) + # backup_file_checksum isn't declare as local, so it can be reuse by ynh_store_file_checksum + backup_file_checksum="" + if [ -n "$checksum_value" ] + then # Proceed only if a value was stored into the app settings + if [ -e $file ] && ! echo "$checksum_value $file" | sudo md5sum -c --status + then # If the checksum is now different + backup_file_checksum="/home/yunohost.conf/backup/$file.backup.$(date '+%Y%m%d.%H%M%S')" + sudo mkdir -p "$(dirname "$backup_file_checksum")" + sudo cp -a "$file" "$backup_file_checksum" # Backup the current file + ynh_print_warn "File $file has been manually modified since the installation or last upgrade. So it has been duplicated in $backup_file_checksum" + echo "$backup_file_checksum" # Return the name of the backup file + fi + fi +} From 3a6e4b46d7026ad76df4232c9c1480ca3fcdc072 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Tue, 10 Sep 2019 21:26:06 +0200 Subject: [PATCH 11/15] Use getop for ynh_replace_string --- scripts/_common.sh | 4 ++-- scripts/install | 4 ++-- scripts/upgrade | 8 ++++---- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index 6da9ba3..7f70aa1 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -42,7 +42,7 @@ create_dir() { config_nginx() { if [ "$path_url" != "/" ] then - ynh_replace_string "^#sub_path_only" "" "../conf/nginx.conf" + ynh_replace_string --match_string "^#sub_path_only" --replace_string "" --target_file "../conf/nginx.conf" fi ynh_add_nginx_config } @@ -58,7 +58,7 @@ config_gitea() { then ynh_replace_string --match_string __URL__ --replace_string "$domain" --target_file "$final_path/custom/conf/app.ini" else - ynh_replace_string "__URL__" "$domain${path_url%/}" "$final_path/custom/conf/app.ini" + ynh_replace_string --match_string __URL__ --replace_string "$domain${path_url%/}" --target_file "$final_path/custom/conf/app.ini" fi ynh_replace_string --match_string __REPOS_PATH__ --replace_string "$REPO_PATH" --target_file "$final_path/custom/conf/app.ini" diff --git a/scripts/install b/scripts/install index 48c2a1d..dec728c 100644 --- a/scripts/install +++ b/scripts/install @@ -95,8 +95,8 @@ do done # Add ldap config -ynh_replace_string "__ADMIN__" "$admin" ../conf/login_source.sql -ynh_replace_string "__APP__" "$app" ../conf/login_source.sql +ynh_replace_string --match_string "__ADMIN__" --replace_string "$admin" --target_file ../conf/login_source.sql +ynh_replace_string --match_string "__APP__" --replace_string "$app" --target_file ../conf/login_source.sql ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql # SETUP FAIL2BAN diff --git a/scripts/upgrade b/scripts/upgrade index 7e6d7ab..d097740 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -62,8 +62,8 @@ if [[ $migration_process -eq 1 ]]; then ynh_secure_remove --file=$final_path/custom/conf/auth.d # Restore authentication from SQL database - ynh_replace_string "__ADMIN__" "$admin" ../conf/login_source.sql - ynh_replace_string "__APP__" "$app" ../conf/login_source.sql + ynh_replace_string --match_string __ADMIN__ --replace_string "$admin" --target_file ../conf/login_source.sql + ynh_replace_string --match_string __APP__ --replace_string "$app" --target_file ../conf/login_source.sql ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql # Fix hooks @@ -201,8 +201,8 @@ you don't see Gogs as installed." >&2 # Execute a post migration script after the end of this upgrade. # Mainly for some cleaning script_post_migration=gogs_post_migration.sh - ynh_replace_string "__OLD_APP__" "$old_app" ../conf/$script_post_migration - ynh_replace_string "__NEW_APP__" "$app" ../conf/$script_post_migration + ynh_replace_string --match_string __OLD_APP__ --replace_string "$old_app" --target_file ../conf/$script_post_migration + ynh_replace_string --match_string __NEW_APP__ --replace_string "$app" --target_file ../conf/$script_post_migration cp ../conf/$script_post_migration /tmp chmod +x /tmp/$script_post_migration (cd /tmp; echo "/tmp/$script_post_migration > /tmp/$script_post_migration.log 2>&1" | at now + 2 minutes) From 3a66c7b87bd1d54babc635e35590558af6851c8c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Tue, 10 Sep 2019 22:43:45 +0200 Subject: [PATCH 12/15] Add ynh_script_progression somewhere --- scripts/backup | 7 +++++++ scripts/change_url | 6 +++++- scripts/install | 33 ++++++++++++++++++++------------- scripts/remove | 18 +++++++++++++++--- scripts/restore | 17 +++++++++++------ scripts/upgrade | 13 +++++++++++++ 6 files changed, 71 insertions(+), 23 deletions(-) diff --git a/scripts/backup b/scripts/backup index 8c43f5a..ffce7d0 100644 --- a/scripts/backup +++ b/scripts/backup @@ -15,6 +15,7 @@ source ../settings/scripts/experimental_helper.sh source ../settings/scripts/_common.sh # Retrieve app settings +ynh_script_progression --message="Loading installation settings..." domain=$(ynh_app_setting_get --app $app --key domain) #================================================= @@ -22,17 +23,23 @@ domain=$(ynh_app_setting_get --app $app --key domain) #================================================= # Copy the app source files +ynh_script_progression --message="Backing up code..." --weight=3 ynh_backup --src_path "$final_path" # Copy the data files +ynh_script_progression --message="Backing up user data..." --weight=10 ynh_backup --src_path "$DATADIR" +ynh_script_progression --message="Backing up configuration..." + # Copy the conf files ynh_backup --src_path "/etc/nginx/conf.d/${domain}.d/${app}.conf" ynh_backup --src_path "/etc/systemd/system/${app}.service" # Backup logs +ynh_script_progression --message="Backing up logs..." ynh_backup --src_path "/var/log/$app" # Dump the database +ynh_script_progression --message="Backing up database" ynh_mysql_dump_db "$dbname" > ./db.sql diff --git a/scripts/change_url b/scripts/change_url index a9962a3..713ffeb 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -14,7 +14,7 @@ ynh_abort_if_errors source ./experimental_helper.sh source ./_common.sh -cp -r /etc/yunohost/apps/${app}/conf ../ # Quick hack for https://github.com/YunoHost/yunohost/pull/427 +ynh_script_progression --message="Loading installation settings..." # RETRIEVE ARGUMENTS old_domain=$YNH_APP_OLD_DOMAIN @@ -32,6 +32,8 @@ upstream_version=$(ynh_app_setting_get $app upstream_version) # STANDARD MODIFICATIONS #================================================= +ynh_script_progression --message="Updating nginx configuration..." + # MODIFY URL IN NGINX CONF nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf @@ -48,9 +50,11 @@ fi config_nginx # Update gitea config +ynh_script_progression --message="Updating gitea configuration..." config_gitea # RELOAD services +ynh_script_progression --message="Starting services..." ynh_systemd_action -l "Serving \[::\]:$port with pid" -p "/var/log/$app/gitea.log" -a restart -t 10 sleep 1 diff --git a/scripts/install b/scripts/install index dec728c..e4d3df2 100644 --- a/scripts/install +++ b/scripts/install @@ -14,6 +14,8 @@ ynh_abort_if_errors source ./experimental_helper.sh source ./_common.sh +ynh_script_progression --message="Validating installation parameters..." + # Retrieve arguments domain=$YNH_APP_ARG_DOMAIN path_url=$(ynh_normalize_url_path $YNH_APP_ARG_PATH) @@ -32,6 +34,7 @@ ynh_user_exists "$admin" \ test ! -e "$final_path" || ynh_die --message "This path already contains a folder" # Generate random password and key +ynh_script_progression --message="Defining db password and key..." dbpass=$(ynh_string_random) key=$(ynh_string_random) @@ -39,6 +42,7 @@ key=$(ynh_string_random) port=$(ynh_find_port 6000) # Store Settings +ynh_script_progression --message="Storing installation settings..." ynh_app_setting_set --app $app --key mysqlpwd --value $dbpass ynh_app_setting_set --app $app --key adminusername --value $admin ynh_app_setting_set --app $app --key is_public --value $is_public @@ -49,42 +53,40 @@ ynh_app_setting_set --app $app --key web_port --value $port # STANDARD MODIFICATIONS #================================================= - -# Configure init script -ynh_add_systemd_config - -# Modify Nginx configuration file and copy it to Nginx conf directory -config_nginx - # Initialize database and store mysql password for upgrade +ynh_script_progression --message="Configuring MySQL database..." ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass" # Add users -# We can't use the official helper (for now) because we need to set the shell for the login -test getent passwd "$app" &>/dev/null || \ - useradd -d "$DATADIR" --system --user-group "$app" --shell /bin/bash || \ - ynh_die --message "Unable to create $app system account" -# Should be replaced by this when getops is available in the helper ynh_system_user_create (probably in Yunohost 3.5) -# ynh_system_user_create --username= $app --home_dir=/opt/yunohost/$app --use_shell +ynh_script_progression --message="Configuring system user..." +ynh_system_user_create --username= $app --home_dir=/opt/yunohost/$app --use_shell # create needed directories create_dir # Configure init script +ynh_script_progression --message="Configuring a systemd service..." --weight=2 ynh_add_systemd_config # Modify Nginx configuration file and copy it to Nginx conf directory +ynh_script_progression --message="Configuring nginx..." --weight=1 config_nginx # Configure gitea with app.ini file +ynh_script_progression --message="Configuring application, step 1/2..." config_gitea +ynh_script_progression --message="Installing sources files..." --weight=10 + # Install gitea ynh_setup_source $final_path source/$architecture # Set permissions +ynh_script_progression --message="Protecting directory" set_permission +ynh_script_progression --message="Configuring application, step 2/2..." + # Start gitea for building mysql tables systemctl start "$app".service @@ -100,6 +102,7 @@ ynh_replace_string --match_string "__APP__" --replace_string "$app" --target_fil ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql # SETUP FAIL2BAN +ynh_script_progression --message="Configuring fail2ban..." ynh_add_fail2ban_config --logpath "/var/log/$app/gitea.log" --failregex ".*Failed authentication attempt for .* from " --max_retry 5 #================================================= @@ -107,18 +110,22 @@ ynh_add_fail2ban_config --logpath "/var/log/$app/gitea.log" --failregex ".*Faile #================================================= # Unprotect root from SSO if public +ynh_script_progression --message="Protecting directory" set_access_settings # Add gitea to YunoHost's monitored services +ynh_script_progression --message="Register gitea service..." yunohost service add "$app" --log "/var/log/$app/gitea.log" # Configure logrotate +ynh_script_progression --message="Configuring log rotation..." ynh_use_logrotate "/var/log/$app" # Save Version ynh_app_setting_set --app $app --key upstream_version --value $(ynh_app_upstream_version) # Reload services +ynh_script_progression --message="Starting gitea services..." --weight=3 ynh_systemd_action -l "Serving \[::\]:$port with pid" -p "/var/log/$app/gitea.log" -t 10 sleep 1 diff --git a/scripts/remove b/scripts/remove index bcc5268..d6e18e3 100644 --- a/scripts/remove +++ b/scripts/remove @@ -11,41 +11,53 @@ source /usr/share/yunohost/helpers source ./experimental_helper.sh source ./_common.sh +ynh_script_progression --message="Loading installation settings..." + +# Retrieve domain from app settings +domain=$(ynh_app_setting_get --app $app --key domain) + #================================================= # STANDARD REMOVE #================================================= # Stop gitea +ynh_script_progression --message="Stoping services..." systemctl stop "$app".service # Drop MySQL database and user +ynh_script_progression --message="Removing databases..." ynh_mysql_drop_db "$dbname" 2>/dev/null ynh_mysql_drop_user "$dbuser" 2>/dev/null -# Retrieve domain from app settings -domain=$(ynh_app_setting_get --app $app --key domain) - # Delete app directory and configurations +ynh_script_progression --message="Removing code..." ynh_secure_remove --file="$final_path" +ynh_script_progression --message="Removing user data..." ynh_secure_remove --file="$DATADIR" +ynh_script_progression --message="Removing logs..." ynh_secure_remove --file="/var/log/$app" # Remove the app-specific logrotate config ynh_remove_logrotate # Remove nginx config +ynh_script_progression --message="Removing nginx configuration..." ynh_remove_nginx_config # Remove gitea user and data +ynh_script_progression --message="Removing the dedicated system user..." ynh_system_user_delete $app # Remove init script +ynh_script_progression --message="Removing systemd units..." ynh_remove_systemd_config # Remove monitor +ynh_script_progression --message="Removing gitea service..." yunohost service remove "$app" # Remove fail2ban config +ynh_script_progression --message="Removing fail2ban configuration..." ynh_remove_fail2ban_config true # Do not fail if remove after install error diff --git a/scripts/restore b/scripts/restore index fc7ddc5..3c1768e 100644 --- a/scripts/restore +++ b/scripts/restore @@ -14,6 +14,8 @@ ynh_abort_if_errors source ../settings/scripts/experimental_helper.sh source ../settings/scripts/_common.sh +ynh_script_progression --message="Loading settings..." + # Retrieve old app settings domain=$(ynh_app_setting_get --app $app --key domain) path_url=$(ynh_app_setting_get --app $app --key path) @@ -37,17 +39,15 @@ test ! -e "$final_path" || ynh_die --message "This path already contains a folde #================================================= # Add users -# We can't use the official helper (for now) because we need to set the shell for the login -test getent passwd "$app" &>/dev/null || \ - useradd -d "$DATADIR" --system --user-group "$app" --shell /bin/bash || \ - ynh_die --message "Unable to create $app system account" -# Should be replaced by this when getops is available in the helper ynh_system_user_create (probably in Yunohost 3.5) -# ynh_system_user_create --username= $app --home_dir=/opt/yunohost/$app --use_shell +ynh_script_progression --message="Configuring system user..." +ynh_system_user_create --username= $app --home_dir=/opt/yunohost/$app --use_shell # Restore all files +ynh_script_progression --message="Restoring files..." --weight=10 ynh_restore # Create and restore the database +ynh_script_progression --message="Restoring database..." --weight=3 ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass" ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ./db.sql @@ -56,6 +56,7 @@ systemctl daemon-reload systemctl enable "$app".service # SETUP FAIL2BAN +ynh_script_progression --message="Configuring fail2ban..." ynh_add_fail2ban_config --logpath "/var/log/$app/gitea.log" --failregex ".*Failed authentication attempt for .* from " --max_retry 5 #================================================= @@ -63,15 +64,19 @@ ynh_add_fail2ban_config --logpath "/var/log/$app/gitea.log" --failregex ".*Faile #================================================= # Set permissions +ynh_script_progression --message="Protecting directory..." set_permission # Configure logrotate +ynh_script_progression --message="Configuring log rotation..." ynh_use_logrotate "/var/log/$app" # Add gitea to YunoHost's monitored services +ynh_script_progression --message="Register gitea service..." yunohost service add "$app" --log /var/log/"$app"/gitea.log # Reload services +ynh_script_progression --message="Reloading services..." systemctl reload nginx.service ynh_systemd_action -l "Serving \[::\]:$port with pid" -p "/var/log/$app/gitea.log" -t 10 sleep 1 diff --git a/scripts/upgrade b/scripts/upgrade index d097740..fca861e 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -15,6 +15,7 @@ source ./experimental_helper.sh source ./_common.sh # Retrieve app settings +ynh_script_progression --message="Loading installation settings..." domain=$(ynh_app_setting_get --app $app --key domain) path_url=$(ynh_normalize_url_path $(ynh_app_setting_get --app $app --key path)) dbpass=$(ynh_app_setting_get --app $app --key mysqlpwd) @@ -25,12 +26,14 @@ port=$(ynh_app_setting_get --app $app --key web_port) upstream_version=$(ynh_app_setting_get --app $app --key upstream_version) # Backup the current version of the app +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=10 ynh_backup_before_upgrade ynh_clean_setup () { ynh_restore_upgradebackup } # Stop service +ynh_script_progression --message="Stoping services..." systemctl stop "$app".service #================================================= @@ -83,6 +86,8 @@ fi # STANDARD UPGRADE STEPS #================================================= +ynh_script_progression --message="Configuring application..." + # Clean template to fix issue : https://github.com/gogits/gogs/issues/4585 ynh_secure_remove --file="/opt/$app/templates" @@ -90,15 +95,19 @@ ynh_secure_remove --file="/opt/$app/templates" config_gitea # Configure init script +ynh_script_progression --message="Updating systemd units..." ynh_add_systemd_config # Modify Nginx configuration file and copy it to Nginx conf directory +ynh_script_progression --message="Configuring nginx..." --weight=1 config_nginx #================================================= # DB migration #================================================= +ynh_script_progression --message="Upgrading database and sources..." --weight=6 + # Before the version 1.7 the upstream version was not stored # The way to find the version for the install < 1.7 is to parse the binary file to find which version is installed if [ -z ${upstream_version:-} ]; then @@ -165,6 +174,7 @@ esac ynh_setup_source $final_path source/$architecture # SETUP FAIL2BAN +ynh_script_progression --message="Configuring fail2ban..." ynh_add_fail2ban_config --logpath "/var/log/$app/gitea.log" --failregex ".*Failed authentication attempt for .* from " --max_retry 5 #================================================= @@ -172,15 +182,18 @@ ynh_add_fail2ban_config --logpath "/var/log/$app/gitea.log" --failregex ".*Faile #================================================= # Set permissions +ynh_script_progression --message="Protecting directory" set_permission # Save Version ynh_app_setting_set --app $app --key upstream_version --value $(ynh_app_upstream_version) # Unprotect root from SSO if public +ynh_script_progression --message="Configuring permissions..." set_access_settings # Reload services +ynh_script_progression --message="Starting gitea services..." --weight=3 ynh_systemd_action -l "Serving \[::\]:$port with pid" -p "/var/log/$app/gitea.log" -t 10 sleep 1 From 10e8930fab915b31a276fdf69fc685e5211c7434 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Tue, 1 Oct 2019 21:34:41 +0200 Subject: [PATCH 13/15] Fix args for some helpers --- scripts/change_url | 2 +- scripts/install | 6 +++--- scripts/restore | 4 ++-- scripts/upgrade | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/scripts/change_url b/scripts/change_url index 713ffeb..7aca383 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -19,7 +19,7 @@ ynh_script_progression --message="Loading installation settings..." # RETRIEVE ARGUMENTS old_domain=$YNH_APP_OLD_DOMAIN domain=$YNH_APP_NEW_DOMAIN -path_url=$(ynh_normalize_url_path ${YNH_APP_NEW_PATH:-'/'}) +path_url=$(ynh_normalize_url_path --path_url ${YNH_APP_NEW_PATH:-'/'}) app=$YNH_APP_INSTANCE_NAME dbpass=$(ynh_app_setting_get --app $app --key mysqlpwd) diff --git a/scripts/install b/scripts/install index e4d3df2..4e45cd0 100644 --- a/scripts/install +++ b/scripts/install @@ -18,7 +18,7 @@ ynh_script_progression --message="Validating installation parameters..." # Retrieve arguments domain=$YNH_APP_ARG_DOMAIN -path_url=$(ynh_normalize_url_path $YNH_APP_ARG_PATH) +path_url=$(ynh_normalize_url_path --path_url $YNH_APP_ARG_PATH) admin=$YNH_APP_ARG_ADMIN is_public=$YNH_APP_ARG_IS_PUBLIC upstream_version=$(ynh_app_upstream_version) @@ -39,7 +39,7 @@ dbpass=$(ynh_string_random) key=$(ynh_string_random) # Find available ports -port=$(ynh_find_port 6000) +port=$(ynh_find_port --port 6000) # Store Settings ynh_script_progression --message="Storing installation settings..." @@ -119,7 +119,7 @@ yunohost service add "$app" --log "/var/log/$app/gitea.log" # Configure logrotate ynh_script_progression --message="Configuring log rotation..." -ynh_use_logrotate "/var/log/$app" +ynh_use_logrotate --logfile "/var/log/$app" # Save Version ynh_app_setting_set --app $app --key upstream_version --value $(ynh_app_upstream_version) diff --git a/scripts/restore b/scripts/restore index 3c1768e..f98ab3e 100644 --- a/scripts/restore +++ b/scripts/restore @@ -25,7 +25,7 @@ port=$(ynh_app_setting_get --app $app --key web_port) upstream_version=$(ynh_app_setting_get $app upstream_version) # Check domain/path availability with app helper -ynh_webpath_available $domain $path_url || ynh_die --message "$domain is not available as domain, please use an other domain." +ynh_webpath_available --domain $domain --path_url $path_url || ynh_die --message "$domain is not available as domain, please use an other domain." # Check user parameter ynh_user_exists "$admin" \ @@ -69,7 +69,7 @@ set_permission # Configure logrotate ynh_script_progression --message="Configuring log rotation..." -ynh_use_logrotate "/var/log/$app" +ynh_use_logrotate --logfile "/var/log/$app" # Add gitea to YunoHost's monitored services ynh_script_progression --message="Register gitea service..." diff --git a/scripts/upgrade b/scripts/upgrade index fca861e..6a2e577 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -17,7 +17,7 @@ source ./_common.sh # Retrieve app settings ynh_script_progression --message="Loading installation settings..." domain=$(ynh_app_setting_get --app $app --key domain) -path_url=$(ynh_normalize_url_path $(ynh_app_setting_get --app $app --key path)) +path_url=$(ynh_normalize_url_path --path_url $(ynh_app_setting_get --app $app --key path)) dbpass=$(ynh_app_setting_get --app $app --key mysqlpwd) admin=$(ynh_app_setting_get --app $app --key adminusername) key=$(ynh_app_setting_get --app $app --key secret_key) From 3e148db28147bda310f89246bdd2382ab0020ca0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Sat, 26 Oct 2019 22:53:02 +0200 Subject: [PATCH 14/15] Add allow an access to git command if the app is not public --- manifest.json | 6 +++++- scripts/_common.sh | 11 +---------- 2 files changed, 6 insertions(+), 11 deletions(-) diff --git a/manifest.json b/manifest.json index bb59c10..c9de272 100644 --- a/manifest.json +++ b/manifest.json @@ -56,9 +56,13 @@ "name": "is_public", "type": "boolean", "ask": { - "en": "Is it a public site ?", + "en": "Is it a public site ? ", "fr": "Est-ce un site public ?" }, + "help": { + "en": "A public server means that everybody is able to access to the pain page of the forge, on the public profile of the user and on the public repository. But you still can limit the access to each repository if you set it as private. Note that to be able to use the remote git command (clone, pull, push) with http and to use the API by (by example with a smartphone), you need to set this application as public.", + "fr": "Un serveur publique signifie que n'importe qui peut accéder à la page principale de la forge, au profil publique des utilisateur et au dépots publiques Mais vous pouvez définir les dépot en tant que privé. Notez que pour pouvoir utiliser les commandes git distante (clone, pull, push) avec http et pour pouvoir utiliser l'API (par exemple avec un smartphone), vous devez mettre cette application en tant que publique." + }, "default": true } ] diff --git a/scripts/_common.sh b/scripts/_common.sh index 7f70aa1..d6e5689 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -91,15 +91,6 @@ set_access_settings() { then ynh_app_setting_set --app $app --key unprotected_uris --value "/" else - # For an access to the git server by https in private mode we need to allow the access to theses URL : - # - "DOMAIN/PATH/USER/REPOSITORY/info/refs" - # - "DOMAIN/PATH/USER/REPOSITORY/git-upload-pack" - # - "DOMAIN/PATH/USER/REPOSITORY/git-receive-pack" - - excaped_domain=${domain//'.'/'%.'} - excaped_domain=${excaped_domain//'-'/'%-'} - excaped_path=${path_url//'.'/'%.'} - excaped_path=${excaped_path//'-'/'%-'} - ynh_app_setting_set --app $app --key skipped_regex --value "$excaped_domain$excaped_path/[%w-.]*/[%w-.]*/git%-receive%-pack,$excaped_domain$excaped_path/[%w-.]*/[%w-.]*/git%-upload%-pack,$excaped_domain$excaped_path/[%w-.]*/[%w-.]*/info/refs" + ynh_app_setting_delete --app $app --key skipped_regex fi } From 179f5d93b174908be51897d8fbcad5f82d4540db Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Sat, 26 Oct 2019 22:53:12 +0200 Subject: [PATCH 15/15] Update and clean README --- README.md | 89 ++++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 72 insertions(+), 17 deletions(-) diff --git a/README.md b/README.md index 3fd26ba..a202897 100644 --- a/README.md +++ b/README.md @@ -1,27 +1,54 @@ -# Gitea package for YunoHost +Gitea package for YunoHost +========================== + +[![Integration level](https://dash.yunohost.org/integration/gitea.svg)](https://ci-apps.yunohost.org/ci/apps/gitea%20%28Community%29/lastBuild/consoleFull) +[![Install gitea with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=gitea) + +> *This package allow you to install gitea quickly and simply on a YunoHost server. +If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.* + +Overview +-------- Gitea is a fork of Gogs a self-hosted Git service written in Go. Alternative to Github. -- [Gitea website](http://gitea.io) -[![Integration level](https://dash.yunohost.org/integration/gitea.svg)](https://ci-apps.yunohost.org/jenkins/job/gitea%20%28Community%29/lastBuild/consoleFull) +**Shipped version:** 1.9.4 -[![Install Gitea with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=gitea) +Screenshots +----------- ![](https://gitea.io/images/screenshot.png) -## Requirements -A functional instance of [YunoHost](https://yunohost.org) -## Installation -From the command-line: +Documentation +------------- -`sudo yunohost app install https://framagit.org/YunoHost-Apps/gitea_ynh` + * Official documentation: https://docs.gitea.io/ + * YunoHost documentation: There no other documentations, feel free to contribute. -## Upgrade -From the command-line: +YunoHost specific features +-------------------------- -`sudo yunohost app upgrade gitea -u https://framagit.org/YunoHost-Apps/gitea_ynh` +### Multi-users support + +LDAP and HTTP auth are supported. + +### Supported architectures + +* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/gitea%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/gitea/) + +* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/gitea%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/gitea/) + + + +Additional informations +----------------------- + +### Notes on SSH usage -## Notes on SSH usage If you want to use Gitea with ssh and be able to pull/push with you ssh key, your ssh daemon must be properly configured to use private/public keys. Here is a sample configuration of `/etc/ssh/sshd_config` that works with Gitea: ```bash @@ -44,12 +71,40 @@ Host domain.tld Architecture: this package is compatible with amd64, i386 and arm. The package will try to detect it with the command uname -m and fail if it can't detect the architecture. If that happens please open an issue describing your hardware and the result of the command `uname -m`. -## Issue +### Git command access with HTTPS -Any issue is welcome here : https://framagit.org/YunoHost-Apps/gitea_ynh/issues +If you want to use the git command (like `git clone`, `git pull`, `git push`), you need to set this app as **public**. + +Links +----- + + * Report a bug: https://framagit.org/YunoHost-Apps/gitea_ynh/issues + * App website: http://gitea.io + * YunoHost website: https://yunohost.org/ + +--- + +Install +------- + +From command line: + +`sudo yunohost app install -l gitea https://github.com/YunoHost-Apps/gitea_ynh` + +Upgrade +------- + +From command line: + +`sudo yunohost app upgrade gitea -u https://github.com/YunoHost-Apps/gitea_ynh` + +License +------- -## License Gitea is published under the MIT License: https://github.com/go-gitea/gitea/blob/master/LICENSE -This package is published under the MIT License. \ No newline at end of file +This package is published under the MIT License. + +Todo +----