Merge branch 'improve_security_and_fix_api_access' into 'testing'

Improve security and fix api access

See merge request YunoHost-Apps/gitea_ynh!46
This commit is contained in:
Rafi59 2019-10-31 13:07:23 +01:00
commit 7d5de073b6
21 changed files with 353 additions and 215 deletions

View File

@ -1,27 +1,54 @@
# Gitea package for YunoHost Gitea package for YunoHost
==========================
[![Integration level](https://dash.yunohost.org/integration/gitea.svg)](https://ci-apps.yunohost.org/ci/apps/gitea%20%28Community%29/lastBuild/consoleFull)
[![Install gitea with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=gitea)
> *This package allow you to install gitea quickly and simply on a YunoHost server.
If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.*
Overview
--------
Gitea is a fork of Gogs a self-hosted Git service written in Go. Alternative to Github. Gitea is a fork of Gogs a self-hosted Git service written in Go. Alternative to Github.
- [Gitea website](http://gitea.io)
[![Integration level](https://dash.yunohost.org/integration/gitea.svg)](https://ci-apps.yunohost.org/jenkins/job/gitea%20%28Community%29/lastBuild/consoleFull) **Shipped version:** 1.9.4
[![Install Gitea with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=gitea) Screenshots
-----------
![](https://gitea.io/images/screenshot.png) ![](https://gitea.io/images/screenshot.png)
## Requirements
A functional instance of [YunoHost](https://yunohost.org)
## Installation Documentation
From the command-line: -------------
`sudo yunohost app install https://framagit.org/YunoHost-Apps/gitea_ynh` * Official documentation: https://docs.gitea.io/
* YunoHost documentation: There no other documentations, feel free to contribute.
## Upgrade YunoHost specific features
From the command-line: --------------------------
`sudo yunohost app upgrade gitea -u https://framagit.org/YunoHost-Apps/gitea_ynh` ### Multi-users support
LDAP and HTTP auth are supported.
### Supported architectures
* x86-64b - [![Build Status](https://ci-apps.yunohost.org/ci/logs/gitea%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/gitea/)
* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/gitea%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/gitea/)
<!--Limitations
------------
* Any known limitations.
-->
Additional informations
-----------------------
### Notes on SSH usage
## Notes on SSH usage
If you want to use Gitea with ssh and be able to pull/push with you ssh key, your ssh daemon must be properly configured to use private/public keys. Here is a sample configuration of `/etc/ssh/sshd_config` that works with Gitea: If you want to use Gitea with ssh and be able to pull/push with you ssh key, your ssh daemon must be properly configured to use private/public keys. Here is a sample configuration of `/etc/ssh/sshd_config` that works with Gitea:
```bash ```bash
@ -44,12 +71,40 @@ Host domain.tld
Architecture: this package is compatible with amd64, i386 and arm. The package will try to detect it with the command uname -m and fail if it can't detect the architecture. If that happens please open an issue describing your hardware and the result of the command `uname -m`. Architecture: this package is compatible with amd64, i386 and arm. The package will try to detect it with the command uname -m and fail if it can't detect the architecture. If that happens please open an issue describing your hardware and the result of the command `uname -m`.
## Issue ### Git command access with HTTPS
Any issue is welcome here : https://framagit.org/YunoHost-Apps/gitea_ynh/issues If you want to use the git command (like `git clone`, `git pull`, `git push`), you need to set this app as **public**.
Links
-----
* Report a bug: https://framagit.org/YunoHost-Apps/gitea_ynh/issues
* App website: http://gitea.io
* YunoHost website: https://yunohost.org/
---
Install
-------
From command line:
`sudo yunohost app install -l gitea https://github.com/YunoHost-Apps/gitea_ynh`
Upgrade
-------
From command line:
`sudo yunohost app upgrade gitea -u https://github.com/YunoHost-Apps/gitea_ynh`
License
-------
## License
Gitea is published under the MIT License: Gitea is published under the MIT License:
https://github.com/go-gitea/gitea/blob/master/LICENSE https://github.com/go-gitea/gitea/blob/master/LICENSE
This package is published under the MIT License. This package is published under the MIT License.
Todo
----

View File

@ -2,6 +2,7 @@
APP_NAME = Gitea APP_NAME = Gitea
RUN_USER = __APP__ RUN_USER = __APP__
RUN_MODE = prod RUN_MODE = prod
[database] [database]
DB_TYPE = mysql DB_TYPE = mysql
HOST = 127.0.0.1:3306 HOST = 127.0.0.1:3306
@ -10,23 +11,28 @@ USER = __DB_USER__
PASSWD = __DB_PASSWORD__ PASSWD = __DB_PASSWORD__
SSL_MODE = disable SSL_MODE = disable
PATH = data/gitea.db PATH = data/gitea.db
LOG_SQL = false
[repository] [repository]
ROOT = __REPOS_PATH__ ROOT = __REPOS_PATH__
FORCE_PRIVATE = false FORCE_PRIVATE = false
[server] [server]
DOMAIN = __DOMAIN__ DOMAIN = __DOMAIN__
HTTP_PORT = __PORT__ HTTP_PORT = __PORT__
ROOT_URL = https://__URL__/ ROOT_URL = https://__URL__/
DISABLE_SSH = false DISABLE_SSH = false
SSH_PORT = __SSH_PORT_ SSH_PORT = __SSH_PORT__
OFFLINE_MODE = false OFFLINE_MODE = false
APP_DATA_PATH = __DATA_PATH__ APP_DATA_PATH = __DATA_PATH__
LANDING_PAGE = explore LANDING_PAGE = explore
[mailer] [mailer]
ENABLED = true ENABLED = true
HOST = 127.0.0.1:25 HOST = 127.0.0.1:25
FROM = "Gitea" <gitea-noreply@__DOMAIN__> FROM = "Gitea" <gitea-noreply@__DOMAIN__>
SKIP_VERIFY = true SKIP_VERIFY = true
[service] [service]
REGISTER_EMAIL_CONFIRM = false REGISTER_EMAIL_CONFIRM = false
ENABLE_NOTIFY_MAIL = true ENABLE_NOTIFY_MAIL = true
@ -35,16 +41,33 @@ ENABLE_CAPTCHA = false
REQUIRE_SIGNIN_VIEW = false REQUIRE_SIGNIN_VIEW = false
ENABLE_REVERSE_PROXY_AUTHENTICATION = false ENABLE_REVERSE_PROXY_AUTHENTICATION = false
ENABLE_REVERSE_PROXY_AUTO_REGISTERATION = false ENABLE_REVERSE_PROXY_AUTO_REGISTERATION = false
[picture] [picture]
AVATAR_UPLOAD_PATH = __DATA_PATH__/avatars AVATAR_UPLOAD_PATH = __DATA_PATH__/avatars
[attachment] [attachment]
PATH = __DATA_PATH__/attachments PATH = __DATA_PATH__/attachments
[session] [session]
PROVIDER = memory PROVIDER = memory
[log] [log]
MODE = file MODE = file
LEVEL = Warn LEVEL = Info
ROOT_PATH = /var/log/__APP__ ROOT_PATH = /var/log/__APP__
REDIRECT_MACARON_LOG= true
MACARON = file
ROUTER_LOG_LEVEL = Warn
ROUTER = file
ENABLE_ACCESS_LOG = Warn
ACCESS = file
ENABLE_XORM_LOG = Warn
XORM = file
[security] [security]
INSTALL_LOCK = true INSTALL_LOCK = true
SECRET_KEY = __KEY__ SECRET_KEY = __KEY__

View File

@ -22,7 +22,7 @@ script_name="$0"
# DELETE OLD APP'S SETTINGS # DELETE OLD APP'S SETTINGS
#================================================= #=================================================
ynh_secure_remove "/etc/yunohost/apps/$old_app" ynh_secure_remove --file="/etc/yunohost/apps/$old_app"
yunohost app ssowatconf yunohost app ssowatconf
#================================================= #=================================================

View File

@ -5,6 +5,7 @@ location __PATH__/ {
proxy_buffering off; proxy_buffering off;
fastcgi_param REMOTE_USER $remote_user; fastcgi_param REMOTE_USER $remote_user;
client_max_body_size 200M; client_max_body_size 200M;
proxy_set_header X-Real-IP $remote_addr;
# Force https # Force https
if ($scheme = http) { if ($scheme = http) {

View File

@ -1,5 +1,5 @@
SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.8.2/gitea-1.8.2-linux-arm-6 SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.9.0/gitea-1.9.0-linux-arm-6
SOURCE_SUM=38ab6c0ac42e87370238c2482432420ff509b5a03d964712a984d4d603bb4c97 SOURCE_SUM=f2dff72ee94dd1c1bd2c067470469470ea079c47c07e862995cb85dc877ca389
SOURCE_SUM_PRG=sha256sum SOURCE_SUM_PRG=sha256sum
SOURCE_FILENAME=gitea SOURCE_FILENAME=gitea
SOURCE_EXTRACT=false SOURCE_EXTRACT=false

5
conf/source/arm_1.8.src Normal file
View File

@ -0,0 +1,5 @@
SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.8.3/gitea-1.8.3-linux-arm-6
SOURCE_SUM=920b74ec10be323e5dc684fe3b5c3b157bf6f1d6cca0ee1c4f9693f766d1574d
SOURCE_SUM_PRG=sha256sum
SOURCE_FILENAME=gitea
SOURCE_EXTRACT=false

View File

@ -1,8 +1,8 @@
# The armv7 build is brocken # The armv7 build is brocken
# See : https://github.com/go-gitea/gitea/issues/6700 # See : https://github.com/go-gitea/gitea/issues/6700
# Use temporary the armv6 binary # Use temporary the armv6 binary
SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.8.2/gitea-1.8.2-linux-arm-6 SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.9.0/gitea-1.9.0-linux-arm-6
SOURCE_SUM=38ab6c0ac42e87370238c2482432420ff509b5a03d964712a984d4d603bb4c97 SOURCE_SUM=f2dff72ee94dd1c1bd2c067470469470ea079c47c07e862995cb85dc877ca389
SOURCE_SUM_PRG=sha256sum SOURCE_SUM_PRG=sha256sum
SOURCE_FILENAME=gitea SOURCE_FILENAME=gitea
SOURCE_EXTRACT=false SOURCE_EXTRACT=false

View File

@ -0,0 +1,8 @@
# The armv7 build is brocken
# See : https://github.com/go-gitea/gitea/issues/6700
# Use temporary the armv6 binary
SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.8.3/gitea-1.8.3-linux-arm-6
SOURCE_SUM=920b74ec10be323e5dc684fe3b5c3b157bf6f1d6cca0ee1c4f9693f766d1574d
SOURCE_SUM_PRG=sha256sum
SOURCE_FILENAME=gitea
SOURCE_EXTRACT=false

View File

@ -1,5 +1,5 @@
SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.8.2/gitea-1.8.2-linux-386 SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.9.0/gitea-1.9.0-linux-386
SOURCE_SUM=762ab39855958f61165a1332a34d2a227f527acdc3bf60aa91c5a3e4e4e906ce SOURCE_SUM=861125e85b95a90bb84279641ad60ee3c9570dd8b0d134d8419812ba7571af71
SOURCE_SUM_PRG=sha256sum SOURCE_SUM_PRG=sha256sum
SOURCE_FILENAME=gitea SOURCE_FILENAME=gitea
SOURCE_EXTRACT=false SOURCE_EXTRACT=false

5
conf/source/i386_1.8.src Normal file
View File

@ -0,0 +1,5 @@
SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.8.3/gitea-1.8.3-linux-386
SOURCE_SUM=e58f4a88b01a4880f97ae32a92e869d978a434a9a876c6a3f4e4a5721e8c4bd6
SOURCE_SUM_PRG=sha256sum
SOURCE_FILENAME=gitea
SOURCE_EXTRACT=false

View File

@ -1,5 +1,5 @@
SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.8.2/gitea-1.8.2-linux-amd64 SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.9.0/gitea-1.9.0-linux-amd64
SOURCE_SUM=a843f2fe526b62ad1e698b80f6193d8c42a3920b35542de014af44d1eb998141 SOURCE_SUM=8a2e02cee40086effd99058054af8fb1eee9344fad865e0c7292107833da78cc
SOURCE_SUM_PRG=sha256sum SOURCE_SUM_PRG=sha256sum
SOURCE_FILENAME=gitea SOURCE_FILENAME=gitea
SOURCE_EXTRACT=false SOURCE_EXTRACT=false

View File

@ -0,0 +1,5 @@
SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.8.3/gitea-1.8.3-linux-amd64
SOURCE_SUM=7bb28b21cce4bdf0a24e6f6b21c064afa56d84904052dd55afdf59c419d49988
SOURCE_SUM_PRG=sha256sum
SOURCE_FILENAME=gitea
SOURCE_EXTRACT=false

View File

@ -9,7 +9,7 @@
}, },
"url": "http://gitea.io", "url": "http://gitea.io",
"license": "MIT", "license": "MIT",
"version": "1.8.0~ynh1", "version": "1.9.0~ynh1",
"maintainer": { "maintainer": {
"name": "rafi59", "name": "rafi59",
"email": "rafi59_dev@srvmaison.fr.nf" "email": "rafi59_dev@srvmaison.fr.nf"
@ -20,7 +20,7 @@
"mysql" "mysql"
], ],
"requirements": { "requirements": {
"yunohost": ">= 2.7.9" "yunohost": ">= 3.6.4"
}, },
"arguments": { "arguments": {
"install" : [ "install" : [
@ -56,9 +56,13 @@
"name": "is_public", "name": "is_public",
"type": "boolean", "type": "boolean",
"ask": { "ask": {
"en": "Is it a public site ?", "en": "Is it a public site ? ",
"fr": "Est-ce un site public ?" "fr": "Est-ce un site public ?"
}, },
"help": {
"en": "A public server means that everybody is able to access to the pain page of the forge, on the public profile of the user and on the public repository. But you still can limit the access to each repository if you set it as private. Note that to be able to use the remote git command (clone, pull, push) with http and to use the API by (by example with a smartphone), you need to set this application as public.",
"fr": "Un serveur publique signifie que n'importe qui peut accéder à la page principale de la forge, au profil publique des utilisateur et au dépots publiques Mais vous pouvez définir les dépot en tant que privé. Notez que pour pouvoir utiliser les commandes git distante (clone, pull, push) avec http et pour pouvoir utiliser l'API (par exemple avec un smartphone), vous devez mettre cette application en tant que publique."
},
"default": true "default": true
} }
] ]

View File

@ -22,7 +22,7 @@ elif [ -n "$(uname -m | grep armv7)" ]; then
elif [ -n "$(uname -m | grep arm)" ]; then elif [ -n "$(uname -m | grep arm)" ]; then
architecture="arm" architecture="arm"
else else
ynh_die "Unable to detect your achitecture, please open a bug describing \ ynh_die --message "Unable to detect your achitecture, please open a bug describing \
your hardware and the result of the command \"uname -m\"." 1 your hardware and the result of the command \"uname -m\"." 1
fi fi
@ -42,36 +42,36 @@ create_dir() {
config_nginx() { config_nginx() {
if [ "$path_url" != "/" ] if [ "$path_url" != "/" ]
then then
ynh_replace_string "^#sub_path_only" "" "../conf/nginx.conf" ynh_replace_string --match_string "^#sub_path_only" --replace_string "" --target_file "../conf/nginx.conf"
fi fi
ynh_add_nginx_config ynh_add_nginx_config
} }
config_gitea() { config_gitea() {
ssh_port=$(grep -P "Port\s+\d+" /etc/ssh/sshd_config | grep -P -o "\d+") ssh_port=$(grep -P "Port\s+\d+" /etc/ssh/sshd_config | grep -P -o "\d+")
ynh_backup_if_checksum_is_different "$final_path/custom/conf/app.ini" ynh_backup_if_checksum_is_different --file "$final_path/custom/conf/app.ini"
cp ../conf/app.ini "$final_path/custom/conf" cp ../conf/app.ini "$final_path/custom/conf"
usermod -s /bin/bash $app usermod -s /bin/bash $app
if [ "$path_url" = "/" ] if [ "$path_url" = "/" ]
then then
ynh_replace_string "__URL__" "$domain" "$final_path/custom/conf/app.ini" ynh_replace_string --match_string __URL__ --replace_string "$domain" --target_file "$final_path/custom/conf/app.ini"
else else
ynh_replace_string "__URL__" "$domain${path_url%/}" "$final_path/custom/conf/app.ini" ynh_replace_string --match_string __URL__ --replace_string "$domain${path_url%/}" --target_file "$final_path/custom/conf/app.ini"
fi fi
ynh_replace_string "__REPOS_PATH__" "$REPO_PATH" "$final_path/custom/conf/app.ini" ynh_replace_string --match_string __REPOS_PATH__ --replace_string "$REPO_PATH" --target_file "$final_path/custom/conf/app.ini"
ynh_replace_string "__DB_PASSWORD__" "$dbpass" "$final_path/custom/conf/app.ini" ynh_replace_string --match_string __DB_PASSWORD__ --replace_string "$dbpass" --target_file "$final_path/custom/conf/app.ini"
ynh_replace_string "__DB_USER__" "$dbuser" "$final_path/custom/conf/app.ini" ynh_replace_string --match_string __DB_USER__ --replace_string "$dbuser" --target_file "$final_path/custom/conf/app.ini"
ynh_replace_string "__DOMAIN__" "$domain" "$final_path/custom/conf/app.ini" ynh_replace_string --match_string __DOMAIN__ --replace_string "$domain" --target_file "$final_path/custom/conf/app.ini"
ynh_replace_string "__KEY__" "$key" "$final_path/custom/conf/app.ini" ynh_replace_string --match_string __KEY__ --replace_string "$key" --target_file "$final_path/custom/conf/app.ini"
ynh_replace_string "__DATA_PATH__" "$DATA_PATH" "$final_path/custom/conf/app.ini" ynh_replace_string --match_string __DATA_PATH__ --replace_string "$DATA_PATH" --target_file "$final_path/custom/conf/app.ini"
ynh_replace_string "__PORT__" $port "$final_path/custom/conf/app.ini" ynh_replace_string --match_string __PORT__ --replace_string $port --target_file "$final_path/custom/conf/app.ini"
ynh_replace_string "__APP__" $app "$final_path/custom/conf/app.ini" ynh_replace_string --match_string __APP__ --replace_string $app --target_file "$final_path/custom/conf/app.ini"
ynh_replace_string "__SSH_PORT_" $ssh_port "$final_path/custom/conf/app.ini" ynh_replace_string --match_string __SSH_PORT__ --replace_string $ssh_port --target_file "$final_path/custom/conf/app.ini"
ynh_store_file_checksum "$final_path/custom/conf/app.ini" ynh_store_file_checksum --file "$final_path/custom/conf/app.ini"
} }
set_permission() { set_permission() {
@ -89,17 +89,8 @@ set_permission() {
set_access_settings() { set_access_settings() {
if [ "$is_public" = '1' ] if [ "$is_public" = '1' ]
then then
ynh_app_setting_set $app unprotected_uris "/" ynh_app_setting_set --app $app --key unprotected_uris --value "/"
else else
# For an access to the git server by https in private mode we need to allow the access to theses URL : ynh_app_setting_delete --app $app --key skipped_regex
# - "DOMAIN/PATH/USER/REPOSITORY/info/refs"
# - "DOMAIN/PATH/USER/REPOSITORY/git-upload-pack"
# - "DOMAIN/PATH/USER/REPOSITORY/git-receive-pack"
excaped_domain=${domain//'.'/'%.'}
excaped_domain=${excaped_domain//'-'/'%-'}
excaped_path=${path_url//'.'/'%.'}
excaped_path=${excaped_path//'-'/'%-'}
ynh_app_setting_set $app skipped_regex "$excaped_domain$excaped_path/[%w-.]*/[%w-.]*/git%-receive%-pack,$excaped_domain$excaped_path/[%w-.]*/[%w-.]*/git%-upload%-pack,$excaped_domain$excaped_path/[%w-.]*/[%w-.]*/info/refs"
fi fi
} }

View File

@ -15,24 +15,31 @@ source ../settings/scripts/experimental_helper.sh
source ../settings/scripts/_common.sh source ../settings/scripts/_common.sh
# Retrieve app settings # Retrieve app settings
domain=$(ynh_app_setting_get "$app" domain) ynh_script_progression --message="Loading installation settings..."
domain=$(ynh_app_setting_get --app $app --key domain)
#================================================= #=================================================
# STANDARD BACKUP STEPS # STANDARD BACKUP STEPS
#================================================= #=================================================
# Copy the app source files # Copy the app source files
ynh_backup "$final_path" ynh_script_progression --message="Backing up code..." --weight=3
ynh_backup --src_path "$final_path"
# Copy the data files # Copy the data files
ynh_backup "$DATADIR" ynh_script_progression --message="Backing up user data..." --weight=10
ynh_backup --src_path "$DATADIR"
ynh_script_progression --message="Backing up configuration..."
# Copy the conf files # Copy the conf files
ynh_backup "/etc/nginx/conf.d/${domain}.d/${app}.conf" ynh_backup --src_path "/etc/nginx/conf.d/${domain}.d/${app}.conf"
ynh_backup "/etc/systemd/system/${app}.service" ynh_backup --src_path "/etc/systemd/system/${app}.service"
# Backup logs # Backup logs
ynh_backup "/var/log/$app" ynh_script_progression --message="Backing up logs..."
ynh_backup --src_path "/var/log/$app"
# Dump the database # Dump the database
ynh_script_progression --message="Backing up database"
ynh_mysql_dump_db "$dbname" > ./db.sql ynh_mysql_dump_db "$dbname" > ./db.sql

View File

@ -14,23 +14,26 @@ ynh_abort_if_errors
source ./experimental_helper.sh source ./experimental_helper.sh
source ./_common.sh source ./_common.sh
cp -r /etc/yunohost/apps/${app}/conf ../ # Quick hack for https://github.com/YunoHost/yunohost/pull/427 ynh_script_progression --message="Loading installation settings..."
# RETRIEVE ARGUMENTS # RETRIEVE ARGUMENTS
old_domain=$YNH_APP_OLD_DOMAIN old_domain=$YNH_APP_OLD_DOMAIN
domain=$YNH_APP_NEW_DOMAIN domain=$YNH_APP_NEW_DOMAIN
path_url=$(ynh_normalize_url_path ${YNH_APP_NEW_PATH:-'/'}) path_url=$(ynh_normalize_url_path --path_url ${YNH_APP_NEW_PATH:-'/'})
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
dbpass=$(ynh_app_setting_get "$app" mysqlpwd) dbpass=$(ynh_app_setting_get --app $app --key mysqlpwd)
admin=$(ynh_app_setting_get "$app" adminusername) admin=$(ynh_app_setting_get --app $app --key adminusername)
key=$(ynh_app_setting_get "$app" secret_key) key=$(ynh_app_setting_get --app $app --key secret_key)
port=$(ynh_app_setting_get "$app" web_port) port=$(ynh_app_setting_get --app $app --key web_port)
upstream_version=$(ynh_app_setting_get $app upstream_version)
#================================================= #=================================================
# STANDARD MODIFICATIONS # STANDARD MODIFICATIONS
#================================================= #=================================================
ynh_script_progression --message="Updating nginx configuration..."
# MODIFY URL IN NGINX CONF # MODIFY URL IN NGINX CONF
nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
@ -38,21 +41,23 @@ nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
# Change the domain for nginx # Change the domain for nginx
if [[ "$old_domain" != "$domain" ]]; then if [[ "$old_domain" != "$domain" ]]; then
# Delete file checksum for the old conf file location # Delete file checksum for the old conf file location
ynh_delete_file_checksum "$nginx_conf_path" ynh_delete_file_checksum --file "$nginx_conf_path"
mv $nginx_conf_path /etc/nginx/conf.d/$domain.d/$app.conf mv $nginx_conf_path /etc/nginx/conf.d/$domain.d/$app.conf
# Store file checksum for the new config file location # Store file checksum for the new config file location
ynh_store_file_checksum "/etc/nginx/conf.d/$domain.d/$app.conf" ynh_store_file_checksum --file "/etc/nginx/conf.d/$domain.d/$app.conf"
fi fi
config_nginx config_nginx
# Update gitea config # Update gitea config
ynh_script_progression --message="Updating gitea configuration..."
config_gitea config_gitea
# RELOAD services # RELOAD services
ynh_systemd_action -l "Serving \[::\]:$port with pid" -p "systemd" -a restart ynh_script_progression --message="Starting services..."
ynh_systemd_action -l "Serving \[::\]:$port with pid" -p "/var/log/$app/gitea.log" -a restart -t 10
sleep 1 sleep 1
# Store the checksum with the 'INTERNAL_TOKEN' value. # Store the checksum with the 'INTERNAL_TOKEN' value.
# Should be removed when the issue https://github.com/go-gitea/gitea/issues/3246 is fixed # Should be removed when the issue https://github.com/go-gitea/gitea/issues/3246 is fixed
ynh_store_file_checksum "$final_path/custom/conf/app.ini" ynh_store_file_checksum --file "$final_path/custom/conf/app.ini"

View File

@ -1,14 +1,3 @@
# Delete a file checksum from the app settings
#
# $app should be defined when calling this helper
#
# usage: ynh_remove_file_checksum file
# | arg: file - The file for which the checksum will be deleted
ynh_delete_file_checksum () {
local checksum_setting_name=checksum_${1//[\/ ]/_} # Replace all '/' and ' ' by '_'
ynh_app_setting_delete $app $checksum_setting_name
}
# Start (or other actions) a service, print a log in case of failure and optionnaly wait until the service is completely started # Start (or other actions) a service, print a log in case of failure and optionnaly wait until the service is completely started
# #
# usage: ynh_systemd_action [-n service_name] [-a action] [ [-l "line to match"] [-p log_path] [-t timeout] [-e length] ] # usage: ynh_systemd_action [-n service_name] [-a action] [ [-l "line to match"] [-p log_path] [-t timeout] [-e length] ]
@ -88,56 +77,6 @@ ynh_systemd_action() {
fi fi
} }
# Clean temporary process and file used by ynh_check_starting
# (usually used in ynh_clean_setup scripts)
#
# usage: ynh_clean_check_starting
ynh_clean_check_starting () {
# Stop the execution of tail.
kill -s 15 $pid_tail 2>&1
ynh_secure_remove "$templog" 2>&1
}
# Read the value of a key in a ynh manifest file
#
# usage: ynh_read_manifest manifest key
# | arg: -m, --manifest= - Path of the manifest to read
# | arg: -k, --key= - Name of the key to find
ynh_read_manifest () {
# Declare an array to define the options of this helper.
declare -Ar args_array=( [m]=manifest= [k]=manifest_key= )
local manifest
local manifest_key
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
if [ ! -e "$manifest" ]; then
# If the manifest isn't found, try the common place for backup and restore script.
manifest="../settings/manifest.json"
fi
jq ".$manifest_key" "$manifest" --raw-output
}
# Read the upstream version from the manifest
# The version number in the manifest is defined by <upstreamversion>~ynh<packageversion>
# For example : 4.3-2~ynh3
# This include the number before ~ynh
# In the last example it return 4.3-2
#
# usage: ynh_app_upstream_version [-m manifest]
# | arg: -m, --manifest= - Path of the manifest to read
ynh_app_upstream_version () {
declare -Ar args_array=( [m]=manifest= )
local manifest
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
manifest="${manifest:-../manifest.json}"
version_key=$(ynh_read_manifest --manifest="$manifest" --manifest_key="version")
echo "${version_key/~ynh*/}"
}
# Execute a command as another user # Execute a command as another user
# usage: exec_as USER COMMAND [ARG ...] # usage: exec_as USER COMMAND [ARG ...]
exec_as() { exec_as() {
@ -242,7 +181,7 @@ ynh_handle_app_migration () {
if [ "$old_app_id" != "$migration_id" ] if [ "$old_app_id" != "$migration_id" ]
then then
# If the new app is not the authorized id, fail. # If the new app is not the authorized id, fail.
ynh_die "Incompatible application for migration from $old_app_id to $new_app_id" ynh_die --message "Incompatible application for migration from $old_app_id to $new_app_id"
fi fi
echo "Migrate from $old_app_id to $new_app_id" >&2 echo "Migrate from $old_app_id to $new_app_id" >&2
@ -352,7 +291,7 @@ ynh_handle_app_migration () {
# Remove the old database # Remove the old database
ynh_mysql_remove_db $db_name $db_name ynh_mysql_remove_db $db_name $db_name
# And the dump # And the dump
ynh_secure_remove "$sql_dump" ynh_secure_remove --file="$sql_dump"
# Update the value of $db_name # Update the value of $db_name
db_name=$new_db_name db_name=$new_db_name
@ -393,3 +332,39 @@ ynh_handle_app_migration () {
migration_process=1 migration_process=1
fi fi
} }
# Verify the checksum and backup the file if it's different
# This helper is primarily meant to allow to easily backup personalised/manually
# modified config files.
#
# $app should be defined when calling this helper
#
# usage: ynh_backup_if_checksum_is_different --file=file
# | arg: -f, --file - The file on which the checksum test will be perfomed.
# | ret: the name of a backup file, or nothing
#
# Requires YunoHost version 2.6.4 or higher.
ynh_backup_if_checksum_is_different () {
# Declare an array to define the options of this helper.
local legacy_args=f
declare -Ar args_array=( [f]=file= )
local file
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
local checksum_setting_name=checksum_${file//[\/ ]/_} # Replace all '/' and ' ' by '_'
local checksum_value=$(ynh_app_setting_get --app=$app --key=$checksum_setting_name)
# backup_file_checksum isn't declare as local, so it can be reuse by ynh_store_file_checksum
backup_file_checksum=""
if [ -n "$checksum_value" ]
then # Proceed only if a value was stored into the app settings
if [ -e $file ] && ! echo "$checksum_value $file" | sudo md5sum -c --status
then # If the checksum is now different
backup_file_checksum="/home/yunohost.conf/backup/$file.backup.$(date '+%Y%m%d.%H%M%S')"
sudo mkdir -p "$(dirname "$backup_file_checksum")"
sudo cp -a "$file" "$backup_file_checksum" # Backup the current file
ynh_print_warn "File $file has been manually modified since the installation or last upgrade. So it has been duplicated in $backup_file_checksum"
echo "$backup_file_checksum" # Return the name of the backup file
fi
fi
}

View File

@ -14,77 +14,79 @@ ynh_abort_if_errors
source ./experimental_helper.sh source ./experimental_helper.sh
source ./_common.sh source ./_common.sh
ynh_script_progression --message="Validating installation parameters..."
# Retrieve arguments # Retrieve arguments
domain=$YNH_APP_ARG_DOMAIN domain=$YNH_APP_ARG_DOMAIN
path_url=$(ynh_normalize_url_path $YNH_APP_ARG_PATH) path_url=$(ynh_normalize_url_path --path_url $YNH_APP_ARG_PATH)
admin=$YNH_APP_ARG_ADMIN admin=$YNH_APP_ARG_ADMIN
is_public=$YNH_APP_ARG_IS_PUBLIC is_public=$YNH_APP_ARG_IS_PUBLIC
upstream_version=$(ynh_app_upstream_version)
# Check domain/path availability # Register (book) web path
ynh_webpath_available $domain $path_url || ynh_die "$domain is not available as domain, please use an other domain." ynh_webpath_register --app $app --domain $domain --path_url $path_url
ynh_webpath_register $app $domain $path_url
# Check user parameter # Check user parameter
ynh_user_exists "$admin" \ ynh_user_exists "$admin" \
|| ynh_die "The chosen admin user does not exist." || ynh_die --message "The chosen admin user does not exist."
# Check Final Path availability # Check Final Path availability
test ! -e "$final_path" || ynh_die "This path already contains a folder" test ! -e "$final_path" || ynh_die --message "This path already contains a folder"
# Generate random password and key # Generate random password and key
ynh_script_progression --message="Defining db password and key..."
dbpass=$(ynh_string_random) dbpass=$(ynh_string_random)
key=$(ynh_string_random) key=$(ynh_string_random)
# Find available ports # Find available ports
port=$(ynh_find_port 6000) port=$(ynh_find_port --port 6000)
# Store Settings # Store Settings
ynh_app_setting_set $app mysqlpwd $dbpass ynh_script_progression --message="Storing installation settings..."
ynh_app_setting_set $app adminusername $admin ynh_app_setting_set --app $app --key mysqlpwd --value $dbpass
ynh_app_setting_set $app is_public $is_public ynh_app_setting_set --app $app --key adminusername --value $admin
ynh_app_setting_set $app secret_key $key ynh_app_setting_set --app $app --key is_public --value $is_public
ynh_app_setting_set $app web_port $port ynh_app_setting_set --app $app --key secret_key --value $key
ynh_app_setting_set --app $app --key web_port --value $port
#================================================= #=================================================
# STANDARD MODIFICATIONS # STANDARD MODIFICATIONS
#================================================= #=================================================
# Configure init script
ynh_add_systemd_config
# Modify Nginx configuration file and copy it to Nginx conf directory
config_nginx
# Initialize database and store mysql password for upgrade # Initialize database and store mysql password for upgrade
ynh_script_progression --message="Configuring MySQL database..."
ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass" ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass"
# Add users # Add users
# We can't use the official helper (for now) because we need to set the shell for the login ynh_script_progression --message="Configuring system user..."
test getent passwd "$app" &>/dev/null || \ ynh_system_user_create --username= $app --home_dir=/opt/yunohost/$app --use_shell
useradd -d "$DATADIR" --system --user-group "$app" --shell /bin/bash || \
ynh_die "Unable to create $app system account"
# Should be replaced by this when getops is available in the helper ynh_system_user_create (probably in Yunohost 3.5)
# ynh_system_user_create --username= $app --home_dir=/opt/yunohost/$app --use_shell
# create needed directories # create needed directories
create_dir create_dir
# Configure init script # Configure init script
ynh_script_progression --message="Configuring a systemd service..." --weight=2
ynh_add_systemd_config ynh_add_systemd_config
# Modify Nginx configuration file and copy it to Nginx conf directory # Modify Nginx configuration file and copy it to Nginx conf directory
ynh_script_progression --message="Configuring nginx..." --weight=1
config_nginx config_nginx
# Configure gitea with app.ini file # Configure gitea with app.ini file
ynh_script_progression --message="Configuring application, step 1/2..."
config_gitea config_gitea
ynh_script_progression --message="Installing sources files..." --weight=10
# Install gitea # Install gitea
ynh_setup_source $final_path source/$architecture ynh_setup_source $final_path source/$architecture
# Set permissions # Set permissions
ynh_script_progression --message="Protecting directory"
set_permission set_permission
ynh_script_progression --message="Configuring application, step 2/2..."
# Start gitea for building mysql tables # Start gitea for building mysql tables
systemctl start "$app".service systemctl start "$app".service
@ -95,30 +97,38 @@ do
done done
# Add ldap config # Add ldap config
ynh_replace_string "__ADMIN__" "$admin" ../conf/login_source.sql ynh_replace_string --match_string "__ADMIN__" --replace_string "$admin" --target_file ../conf/login_source.sql
ynh_replace_string "__APP__" "$app" ../conf/login_source.sql ynh_replace_string --match_string "__APP__" --replace_string "$app" --target_file ../conf/login_source.sql
ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql
# SETUP FAIL2BAN
ynh_script_progression --message="Configuring fail2ban..."
ynh_add_fail2ban_config --logpath "/var/log/$app/gitea.log" --failregex ".*Failed authentication attempt for .* from <HOST>" --max_retry 5
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
#================================================= #=================================================
# Unprotect root from SSO if public # Unprotect root from SSO if public
ynh_script_progression --message="Protecting directory"
set_access_settings set_access_settings
# Add gitea to YunoHost's monitored services # Add gitea to YunoHost's monitored services
yunohost service add "$app" --log "/var/log/$app/$app.log" ynh_script_progression --message="Register gitea service..."
yunohost service add "$app" --log "/var/log/$app/gitea.log"
# Configure logrotate # Configure logrotate
ynh_use_logrotate "/var/log/$app" ynh_script_progression --message="Configuring log rotation..."
ynh_use_logrotate --logfile "/var/log/$app"
# Save Version # Save Version
ynh_app_setting_set $app upstream_version $(ynh_app_upstream_version) ynh_app_setting_set --app $app --key upstream_version --value $(ynh_app_upstream_version)
# Reload services # Reload services
ynh_systemd_action -l "Serving \[::\]:$port with pid" -p "systemd" ynh_script_progression --message="Starting gitea services..." --weight=3
ynh_systemd_action -l "Serving \[::\]:$port with pid" -p "/var/log/$app/gitea.log" -t 10
sleep 1 sleep 1
# Store the checksum with the 'INTERNAL_TOKEN' value. # Store the checksum with the 'INTERNAL_TOKEN' value.
# Should be removed when the issue https://github.com/go-gitea/gitea/issues/3246 is fixed # Should be removed when the issue https://github.com/go-gitea/gitea/issues/3246 is fixed
ynh_store_file_checksum "$final_path/custom/conf/app.ini" ynh_store_file_checksum --file "$final_path/custom/conf/app.ini"

View File

@ -11,38 +11,53 @@ source /usr/share/yunohost/helpers
source ./experimental_helper.sh source ./experimental_helper.sh
source ./_common.sh source ./_common.sh
ynh_script_progression --message="Loading installation settings..."
# Retrieve domain from app settings
domain=$(ynh_app_setting_get --app $app --key domain)
#================================================= #=================================================
# STANDARD REMOVE # STANDARD REMOVE
#================================================= #=================================================
# Stop gitea # Stop gitea
ynh_script_progression --message="Stoping services..."
systemctl stop "$app".service systemctl stop "$app".service
# Drop MySQL database and user # Drop MySQL database and user
ynh_script_progression --message="Removing databases..."
ynh_mysql_drop_db "$dbname" 2>/dev/null ynh_mysql_drop_db "$dbname" 2>/dev/null
ynh_mysql_drop_user "$dbuser" 2>/dev/null ynh_mysql_drop_user "$dbuser" 2>/dev/null
# Retrieve domain from app settings
domain=$(ynh_app_setting_get "$app" domain)
# Delete app directory and configurations # Delete app directory and configurations
ynh_secure_remove "$final_path" ynh_script_progression --message="Removing code..."
ynh_secure_remove "$DATADIR" ynh_secure_remove --file="$final_path"
ynh_secure_remove "/var/log/$app" ynh_script_progression --message="Removing user data..."
ynh_secure_remove --file="$DATADIR"
ynh_script_progression --message="Removing logs..."
ynh_secure_remove --file="/var/log/$app"
# Remove the app-specific logrotate config # Remove the app-specific logrotate config
ynh_remove_logrotate ynh_remove_logrotate
# Remove nginx config # Remove nginx config
ynh_script_progression --message="Removing nginx configuration..."
ynh_remove_nginx_config ynh_remove_nginx_config
# Remove gitea user and data # Remove gitea user and data
ynh_script_progression --message="Removing the dedicated system user..."
ynh_system_user_delete $app ynh_system_user_delete $app
# Remove init script # Remove init script
ynh_script_progression --message="Removing systemd units..."
ynh_remove_systemd_config ynh_remove_systemd_config
# Remove monitor # Remove monitor
ynh_script_progression --message="Removing gitea service..."
yunohost service remove "$app" yunohost service remove "$app"
# Remove fail2ban config
ynh_script_progression --message="Removing fail2ban configuration..."
ynh_remove_fail2ban_config
true # Do not fail if remove after install error true # Do not fail if remove after install error

View File

@ -14,39 +14,40 @@ ynh_abort_if_errors
source ../settings/scripts/experimental_helper.sh source ../settings/scripts/experimental_helper.sh
source ../settings/scripts/_common.sh source ../settings/scripts/_common.sh
ynh_script_progression --message="Loading settings..."
# Retrieve old app settings # Retrieve old app settings
domain=$(ynh_app_setting_get "$app" domain) domain=$(ynh_app_setting_get --app $app --key domain)
path_url=$(ynh_app_setting_get "$app" path) path_url=$(ynh_app_setting_get --app $app --key path)
dbpass=$(ynh_app_setting_get "$app" mysqlpwd) dbpass=$(ynh_app_setting_get --app $app --key mysqlpwd)
admin=$(ynh_app_setting_get "$app" adminusername) admin=$(ynh_app_setting_get --app $app --key adminusername)
port=$(ynh_app_setting_get "$app" web_port) port=$(ynh_app_setting_get --app $app --key web_port)
upstream_version=$(ynh_app_setting_get $app upstream_version)
# Check domain/path availability with app helper # Check domain/path availability with app helper
ynh_webpath_available $domain $path_url || ynh_die "$domain is not available as domain, please use an other domain." ynh_webpath_available --domain $domain --path_url $path_url || ynh_die --message "$domain is not available as domain, please use an other domain."
# Check user parameter # Check user parameter
ynh_user_exists "$admin" \ ynh_user_exists "$admin" \
|| ynh_die "The chosen admin user does not exist." || ynh_die --message "The chosen admin user does not exist."
# Check Final Path availability # Check Final Path availability
test ! -e "$final_path" || ynh_die "This path already contains a folder" test ! -e "$final_path" || ynh_die --message "This path already contains a folder"
#================================================= #=================================================
# STANDARD RESTORATION STEPS # STANDARD RESTORATION STEPS
#================================================= #=================================================
# Add users # Add users
# We can't use the official helper (for now) because we need to set the shell for the login ynh_script_progression --message="Configuring system user..."
test getent passwd "$app" &>/dev/null || \ ynh_system_user_create --username= $app --home_dir=/opt/yunohost/$app --use_shell
useradd -d "$DATADIR" --system --user-group "$app" --shell /bin/bash || \
ynh_die "Unable to create $app system account"
# Should be replaced by this when getops is available in the helper ynh_system_user_create (probably in Yunohost 3.5)
# ynh_system_user_create --username= $app --home_dir=/opt/yunohost/$app --use_shell
# Restore all files # Restore all files
ynh_script_progression --message="Restoring files..." --weight=10
ynh_restore ynh_restore
# Create and restore the database # Create and restore the database
ynh_script_progression --message="Restoring database..." --weight=3
ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass" ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass"
ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ./db.sql ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ./db.sql
@ -54,20 +55,28 @@ ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ./db.sql
systemctl daemon-reload systemctl daemon-reload
systemctl enable "$app".service systemctl enable "$app".service
# SETUP FAIL2BAN
ynh_script_progression --message="Configuring fail2ban..."
ynh_add_fail2ban_config --logpath "/var/log/$app/gitea.log" --failregex ".*Failed authentication attempt for .* from <HOST>" --max_retry 5
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
#================================================= #=================================================
# Set permissions # Set permissions
ynh_script_progression --message="Protecting directory..."
set_permission set_permission
# Configure logrotate # Configure logrotate
ynh_use_logrotate "/var/log/$app" ynh_script_progression --message="Configuring log rotation..."
ynh_use_logrotate --logfile "/var/log/$app"
# Add gitea to YunoHost's monitored services # Add gitea to YunoHost's monitored services
yunohost service add "$app" --log /var/log/"$app"/"$app".log ynh_script_progression --message="Register gitea service..."
yunohost service add "$app" --log /var/log/"$app"/gitea.log
# Reload services # Reload services
ynh_script_progression --message="Reloading services..."
systemctl reload nginx.service systemctl reload nginx.service
ynh_systemd_action -l "Serving \[::\]:$port with pid" -p "systemd" ynh_systemd_action -l "Serving \[::\]:$port with pid" -p "/var/log/$app/gitea.log" -t 10
sleep 1 sleep 1

View File

@ -15,22 +15,25 @@ source ./experimental_helper.sh
source ./_common.sh source ./_common.sh
# Retrieve app settings # Retrieve app settings
domain=$(ynh_app_setting_get "$app" domain) ynh_script_progression --message="Loading installation settings..."
path_url=$(ynh_normalize_url_path $(ynh_app_setting_get "$app" path)) domain=$(ynh_app_setting_get --app $app --key domain)
dbpass=$(ynh_app_setting_get "$app" mysqlpwd) path_url=$(ynh_normalize_url_path --path_url $(ynh_app_setting_get --app $app --key path))
admin=$(ynh_app_setting_get "$app" adminusername) dbpass=$(ynh_app_setting_get --app $app --key mysqlpwd)
key=$(ynh_app_setting_get "$app" secret_key) admin=$(ynh_app_setting_get --app $app --key adminusername)
is_public=$(ynh_app_setting_get "$app" is_public) key=$(ynh_app_setting_get --app $app --key secret_key)
port=$(ynh_app_setting_get "$app" web_port) is_public=$(ynh_app_setting_get --app $app --key is_public)
upstream_version=$(ynh_app_setting_get $app upstream_version) port=$(ynh_app_setting_get --app $app --key web_port)
upstream_version=$(ynh_app_setting_get --app $app --key upstream_version)
# Backup the current version of the app # Backup the current version of the app
ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=10
ynh_backup_before_upgrade ynh_backup_before_upgrade
ynh_clean_setup () { ynh_clean_setup () {
ynh_restore_upgradebackup ynh_restore_upgradebackup
} }
# Stop service # Stop service
ynh_script_progression --message="Stoping services..."
systemctl stop "$app".service systemctl stop "$app".service
#================================================= #=================================================
@ -39,7 +42,7 @@ systemctl stop "$app".service
[[ $YNH_APP_ID == "gogs" ]] \ [[ $YNH_APP_ID == "gogs" ]] \
&& [[ "$(cat "/opt/$app/templates/.VERSION")" != 0.11.79.1211 ]] \ && [[ "$(cat "/opt/$app/templates/.VERSION")" != 0.11.79.1211 ]] \
&& ynh_die "It look like that you have an old gogs install. You need first upgrade gogs instance (id : $gogs_migrate_id) and after migrate to gitea." && ynh_die --message "It look like that you have an old gogs install. You need first upgrade gogs instance (id : $gogs_migrate_id) and after migrate to gitea."
ynh_handle_app_migration gogs gogs_migrations ynh_handle_app_migration gogs gogs_migrations
if [[ $migration_process -eq 1 ]]; then if [[ $migration_process -eq 1 ]]; then
@ -55,24 +58,24 @@ if [[ $migration_process -eq 1 ]]; then
ynh_system_user_delete $old_app ynh_system_user_delete $old_app
test getent passwd "$app" &>/dev/null || \ test getent passwd "$app" &>/dev/null || \
useradd -d "$DATADIR" --system --user-group "$app" --shell /bin/bash || \ useradd -d "$DATADIR" --system --user-group "$app" --shell /bin/bash || \
ynh_die "Unable to create $app system account" ynh_die --message "Unable to create $app system account"
# Clean old binary # Clean old binary
ynh_secure_remove $final_path/gogs ynh_secure_remove --file=$final_path/gogs
ynh_secure_remove $final_path/custom/conf/auth.d ynh_secure_remove --file=$final_path/custom/conf/auth.d
# Restore authentication from SQL database # Restore authentication from SQL database
ynh_replace_string "__ADMIN__" "$admin" ../conf/login_source.sql ynh_replace_string --match_string __ADMIN__ --replace_string "$admin" --target_file ../conf/login_source.sql
ynh_replace_string "__APP__" "$app" ../conf/login_source.sql ynh_replace_string --match_string __APP__ --replace_string "$app" --target_file ../conf/login_source.sql
ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql
# Fix hooks # Fix hooks
if [[ -e $REPO_PATH ]];then if [[ -e $REPO_PATH ]];then
ls $REPO_PATH/*/*.git/hooks/pre-receive | while read p; do ls $REPO_PATH/*/*.git/hooks/pre-receive | while read p; do
ynh_secure_remove $p ynh_secure_remove --file=$p
done done
ls $REPO_PATH/*/*.git/hooks/post-receive | while read p; do ls $REPO_PATH/*/*.git/hooks/post-receive | while read p; do
ynh_secure_remove $p ynh_secure_remove --file=$p
done done
fi fi
@ -83,22 +86,28 @@ fi
# STANDARD UPGRADE STEPS # STANDARD UPGRADE STEPS
#================================================= #=================================================
ynh_script_progression --message="Configuring application..."
# Clean template to fix issue : https://github.com/gogits/gogs/issues/4585 # Clean template to fix issue : https://github.com/gogits/gogs/issues/4585
ynh_secure_remove "/opt/$app/templates" ynh_secure_remove --file="/opt/$app/templates"
# Configure gitea with app.ini file # Configure gitea with app.ini file
config_gitea config_gitea
# Configure init script # Configure init script
ynh_script_progression --message="Updating systemd units..."
ynh_add_systemd_config ynh_add_systemd_config
# Modify Nginx configuration file and copy it to Nginx conf directory # Modify Nginx configuration file and copy it to Nginx conf directory
ynh_script_progression --message="Configuring nginx..." --weight=1
config_nginx config_nginx
#================================================= #=================================================
# DB migration # DB migration
#================================================= #=================================================
ynh_script_progression --message="Upgrading database and sources..." --weight=6
# Before the version 1.7 the upstream version was not stored # Before the version 1.7 the upstream version was not stored
# The way to find the version for the install < 1.7 is to parse the binary file to find which version is installed # The way to find the version for the install < 1.7 is to parse the binary file to find which version is installed
if [ -z ${upstream_version:-} ]; then if [ -z ${upstream_version:-} ]; then
@ -155,31 +164,42 @@ case $upstream_version in
ynh_setup_source $final_path source/${architecture}_1.7 ynh_setup_source $final_path source/${architecture}_1.7
restart_gitea restart_gitea
;& ;&
"1.7."* )
ynh_setup_source $final_path source/${architecture}_1.8
restart_gitea
;&
esac esac
# Install gitea # Install gitea source
ynh_setup_source $final_path source/$architecture ynh_setup_source $final_path source/$architecture
# SETUP FAIL2BAN
ynh_script_progression --message="Configuring fail2ban..."
ynh_add_fail2ban_config --logpath "/var/log/$app/gitea.log" --failregex ".*Failed authentication attempt for .* from <HOST>" --max_retry 5
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
#================================================= #=================================================
# Set permissions # Set permissions
ynh_script_progression --message="Protecting directory"
set_permission set_permission
# Save Version # Save Version
ynh_app_setting_set $app upstream_version $(ynh_app_upstream_version) ynh_app_setting_set --app $app --key upstream_version --value $(ynh_app_upstream_version)
# Unprotect root from SSO if public # Unprotect root from SSO if public
ynh_script_progression --message="Configuring permissions..."
set_access_settings set_access_settings
# Reload services # Reload services
ynh_systemd_action -l "Serving \[::\]:$port with pid" -p "systemd" ynh_script_progression --message="Starting gitea services..." --weight=3
ynh_systemd_action -l "Serving \[::\]:$port with pid" -p "/var/log/$app/gitea.log" -t 10
sleep 1 sleep 1
# Store the checksum with the 'INTERNAL_TOKEN' value. # Store the checksum with the 'INTERNAL_TOKEN' value.
# Should be removed when the issue https://github.com/go-gitea/gitea/issues/3246 is fixed # Should be removed when the issue https://github.com/go-gitea/gitea/issues/3246 is fixed
ynh_store_file_checksum "$final_path/custom/conf/app.ini" ynh_store_file_checksum --file "$final_path/custom/conf/app.ini"
#================================================= #=================================================
# FINISH MIGRATION PROCESS # FINISH MIGRATION PROCESS
@ -194,8 +214,8 @@ you don't see Gogs as installed." >&2
# Execute a post migration script after the end of this upgrade. # Execute a post migration script after the end of this upgrade.
# Mainly for some cleaning # Mainly for some cleaning
script_post_migration=gogs_post_migration.sh script_post_migration=gogs_post_migration.sh
ynh_replace_string "__OLD_APP__" "$old_app" ../conf/$script_post_migration ynh_replace_string --match_string __OLD_APP__ --replace_string "$old_app" --target_file ../conf/$script_post_migration
ynh_replace_string "__NEW_APP__" "$app" ../conf/$script_post_migration ynh_replace_string --match_string __NEW_APP__ --replace_string "$app" --target_file ../conf/$script_post_migration
cp ../conf/$script_post_migration /tmp cp ../conf/$script_post_migration /tmp
chmod +x /tmp/$script_post_migration chmod +x /tmp/$script_post_migration
(cd /tmp; echo "/tmp/$script_post_migration > /tmp/$script_post_migration.log 2>&1" | at now + 2 minutes) (cd /tmp; echo "/tmp/$script_post_migration > /tmp/$script_post_migration.log 2>&1" | at now + 2 minutes)