diff --git a/scripts/_common.sh b/scripts/_common.sh index 74b131b..fa6e370 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,31 +1,29 @@ -#!/bin/bash +#================================================= +# SET ALL CONSTANTS +#================================================= + +systemd_match_start_line='Starting new Web server: tcp:127.0.0.1:' +ssh_port=$(grep -P "Port\s+\d+" /etc/ssh/sshd_config | grep -P -o "\d+") #================================================= # DEFINE ALL COMMON FONCTIONS #================================================= -_gitea_mkdirs() { - mkdir -p "$install_dir/data" - mkdir -p "$install_dir/custom/conf" - _gitea_permissions_install_dir - - mkdir -p "$data_dir/.ssh" - mkdir -p "$data_dir/repositories" - mkdir -p "$data_dir/data/avatars" - mkdir -p "$data_dir/data/attachments" - chown -R "$app:$app" "$data_dir" - chmod -R u=rwX,g=rX,o= "$data_dir" - chmod -R u=rwx,g=,o= "$data_dir/.ssh" - - mkdir -p "/var/log/$app" - touch "/var/log/$app/gitea.log" - chown -R "$app:$app" "/var/log/$app" - chmod -R u=rwX,g=rX,o= "/var/log/$app" -} - -_gitea_permissions_install_dir() { +_set_permissions() { chown -R "$app:$app" "$install_dir" chmod -R u=rwX,g=rX,o= "$install_dir" + chmod +x "$install_dir/gitea" + + chown -R "$app:$app" "$data_dir" + find $data_dir \( \! -perm u=rwX,g=rX,-o= \ + -o \! -user $YNH_APP_ID \ + -o \! -group $YNH_APP_ID \) \ + -exec chown $YNH_APP_ID:$YNH_APP_ID {} \; \ + -exec chmod u=rwX,g=rX,o= {} \; + chmod -R u=rwX,g=,o= "$data_dir/.ssh" + + chown -R "$app:$app" "/var/log/$app" + chmod -R u=rwX,g=rX,o= "/var/log/$app" } _gitea_set_secrets() { @@ -39,13 +37,7 @@ _gitea_set_secrets() { ynh_app_setting_set --app "$app" --key secret_key --value="$secret_key" fi - if [[ -z "${jwt_secret:-}" ]]; then - jwt_secret=$(ynh_exec_as "$app" "$install_dir/gitea" generate secret JWT_SECRET) - ynh_app_setting_set --app "$app" --key jwt_secret --value="$jwt_secret" - fi - if [[ -n "${lfs_key:-}" ]]; then - # Migration lfs_jwt_secret="$lfs_key" ynh_app_setting_delete --app "$app" --key lfs_key ynh_app_setting_set --app "$app" --key lfs_jwt_secret --value="$lfs_jwt_secret" @@ -56,8 +48,3 @@ _gitea_set_secrets() { ynh_app_setting_set --app "$app" --key lfs_jwt_secret --value="$lfs_jwt_secret" fi } - -_gitea_add_config() { - ssh_port=$(grep -P "Port\s+\d+" /etc/ssh/sshd_config | grep -P -o "\d+") - ynh_add_config --template="app.ini" --destination="$install_dir/custom/conf/app.ini" -} diff --git a/scripts/backup b/scripts/backup index 8fff18d..fe6b8ca 100644 --- a/scripts/backup +++ b/scripts/backup @@ -9,14 +9,14 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -if [[ ! "$(systemctl status $app.service)" =~ "Active: inactive (dead)" ]]; then +if [[ ! "$(systemctl status $app.service)" =~ 'Active: inactive (dead)' ]]; then ynh_print_warn --message="It's hightly recommended to make your backup when the service is stopped. Please stop $app service and with this command before to run the backup 'systemctl stop $app.service'" fi #================================================= # DECLARE DATA AND CONF FILES TO BACKUP #================================================= -ynh_print_info --message="Declaring files to be backed up..." +ynh_print_info --message='Declaring files to be backed up...' # Copy the app source files ynh_backup --src_path "$install_dir" diff --git a/scripts/change_url b/scripts/change_url index 1543ea5..ba0d493 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -16,7 +16,7 @@ source /usr/share/yunohost/helpers #================================================= ynh_script_progression --message="Stopping a systemd service..." --weight=1 -ynh_systemd_action --service_name="$app" --action="stop" +ynh_systemd_action --service_name="$app" --action=stop #================================================= # MODIFY URL IN NGINX CONF @@ -32,8 +32,8 @@ ynh_change_url_nginx_config #================================================= ynh_script_progression --message="Updating gitea configuration..." -_gitea_add_config -_gitea_permissions_install_dir +ynh_add_config --template="app.ini" --destination="$install_dir/custom/conf/app.ini" +_set_permissions #================================================= # GENERIC FINALISATION @@ -42,7 +42,7 @@ _gitea_permissions_install_dir #================================================= ynh_script_progression --message="Starting gitea services..." --weight=3 -ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/gitea.log" --line_match="Starting new Web server: tcp:127.0.0.1:" +ynh_systemd_action --service_name="$app" --action=start --log_path="/var/log/$app/gitea.log" --line_match="$systemd_match_start_line" #================================================= # END OF SCRIPT diff --git a/scripts/install b/scripts/install index 05244a5..f48b969 100644 --- a/scripts/install +++ b/scripts/install @@ -14,20 +14,43 @@ source /usr/share/yunohost/helpers #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_script_progression --message="Installing sources files and data directories..." --weight=10 +ynh_script_progression --message='Creating base directory...' +if [ -n "$(ls -A $data_dir)" ]; then + old_data_dir_path="${data_dir}_$(date '+%Y%m%d.%H%M%S')" + ynh_print_warn "Data directory was not empty. Data was moved to $old_data_dir_path" + mkdir -p $old_data_dir_path + mv -t "$old_data_dir_path" "$data_dir"/* +fi + +# base directories +mkdir -p "$install_dir/data" +mkdir -p "$install_dir/custom/conf" +mkdir -p "/var/log/$app" + +mkdir -p "$data_dir/.ssh" +mkdir -p "$data_dir/repositories" +mkdir -p "$data_dir/data/avatars" +mkdir -p "$data_dir/data/attachments" + +ynh_script_progression --message='Installing sources files and data directories...' --weight=10 + +# Setup source ynh_setup_source --dest_dir="$install_dir" -chmod +x "$install_dir/gitea" - -# create needed directories -_gitea_mkdirs +_set_permissions ynh_script_progression --message="Configuring application, step 1/2..." -_gitea_set_secrets -_gitea_add_config -_gitea_permissions_install_dir +internal_token=$(ynh_exec_as "$app" "$install_dir/gitea" generate secret INTERNAL_TOKEN) +secret_key=$(ynh_exec_as "$app" "$install_dir/gitea" generate secret SECRET_KEY) +lfs_jwt_secret=$(ynh_exec_as "$app" "$install_dir/gitea" generate secret JWT_SECRET) + +ynh_app_setting_set --app="$app" --key=internal_token --value="$internal_token" +ynh_app_setting_set --app="$app" --key=secret_key --value="$secret_key" +ynh_app_setting_set --app="$app" --key=lfs_jwt_secret --value="$lfs_jwt_secret" + +ynh_add_config --template='app.ini' --destination="$install_dir/custom/conf/app.ini" #================================================= # SYSTEM CONFIGURATION @@ -47,7 +70,7 @@ yunohost service add "$app" --log="/var/log/$app/gitea.log" ynh_use_logrotate --logfile "/var/log/$app" # Create a dedicated Fail2Ban config -ynh_add_fail2ban_config --logpath "/var/log/$app/gitea.log" --failregex ".*Failed authentication attempt for .* from " --max_retry 5 +ynh_add_fail2ban_config --logpath="/var/log/$app/gitea.log" --failregex='.*Failed authentication attempt for .* from ' --max_retry=5 #================================================= # APP INITIAL CONFIGURATION @@ -55,26 +78,27 @@ ynh_add_fail2ban_config --logpath "/var/log/$app/gitea.log" --failregex ".*Faile # ADD A CONFIGURATION #================================================= -ynh_script_progression --message="Configuring application, step 2/2..." +ynh_script_progression --message='Configuring application, step 2/2...' +_set_permissions # Start gitea for building mysql tables -ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/gitea.log" --line_match="Starting new Web server: tcp:127.0.0.1:" +ynh_systemd_action --service_name="$app" --action=start --log_path="/var/log/$app/gitea.log" --line_match="$systemd_match_start_line" # Add ldap config -ynh_replace_string --match_string "__APP__" --replace_string "$app" --target_file ../conf/login_source.sql +ynh_replace_string --match_string=__APP__ --replace_string="$app" --target_file=../conf/login_source.sql ynh_mysql_connect_as "$db_user" "$db_pwd" "$db_name" < ../conf/login_source.sql # Stop the service to restart it just afterwards -ynh_systemd_action --service_name="$app" --action="stop" --log_path="/var/log/$app/gitea.log" +ynh_systemd_action --service_name="$app" --action='stop' --log_path="/var/log/$app/gitea.log" #================================================= # GENERIC FINALIZATION #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting gitea services..." --weight=3 +ynh_script_progression --message='Starting gitea services...' --weight=3 -ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/gitea.log" --line_match="Starting new Web server: tcp:127.0.0.1:" +ynh_systemd_action --service_name="$app" --action=start --log_path="/var/log/$app/gitea.log" --line_match="$systemd_match_start_line" #================================================= # END OF SCRIPT diff --git a/scripts/remove b/scripts/remove index dc78a80..1d0608e 100644 --- a/scripts/remove +++ b/scripts/remove @@ -26,7 +26,7 @@ ynh_remove_logrotate ynh_remove_fail2ban_config -ynh_script_progression --message="Removing logs..." +ynh_script_progression --message='Removing logs...' ynh_secure_remove --file="/var/log/$app" #================================================= diff --git a/scripts/restore b/scripts/restore index c5fc584..1fd0b31 100644 --- a/scripts/restore +++ b/scripts/restore @@ -13,9 +13,7 @@ source /usr/share/yunohost/helpers #================================================= ynh_script_progression --message="Restoring the app files..." --weight=1 ynh_restore - -# Also sets the permissions -_gitea_mkdirs +_set_permissions #================================================= # RESTORE THE MYSQL DATABASE @@ -46,7 +44,7 @@ ynh_add_fail2ban_config --logpath "/var/log/$app/gitea.log" --failregex ".*Faile ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1 # Typically you only have either $app or php-fpm but not both at the same time... -ynh_systemd_action -l "Starting new Web server: tcp:127.0.0.1:" -t 10 +ynh_systemd_action --service_name="$app" --action=start --log_path="/var/log/$app/gitea.log" --line_match="$systemd_match_start_line" ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/upgrade b/scripts/upgrade index fd00201..f6bb022 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -16,25 +16,35 @@ upgrade_type=$(ynh_check_app_version_changed) #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= -ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 +ynh_script_progression --message='Ensuring downward compatibility...' --weight=1 -# If lfs_key doesn't exist, create it -if [ -z "${lfs_key:-}" ]; then - lfs_key=$(ynh_string_random) - ynh_app_setting_set --app="$app" --key=lfs_key --value="$lfs_key" +if ynh_compare_current_package_version --comparison lt --version "1.6.4~ynh1"; then + message="Upgrade from $YNH_APP_CURRENT_VERSION was dropped. You need to run this, then upgrade to the latest version: +sudo yunohost app upgrade $app -u https://github.com/YunoHost-Apps/gitea_ynh/commit/a9ceb157032ae2290e944c1d0a255451ff2d133d" + ynh_print_info "$message" + ynh_die --message="$message" --ret_code 1 fi +#================================================= +# STOP SYSTEMD SERVICE +#================================================= +ynh_script_progression --message='Stopping a systemd service...' --weight=1 + +ynh_systemd_action --service_name="$app" --action=stop + +#================================================= +# MIGRATION STEP 1 (migrate path from packagin v1) +#================================================= + # This is not handled by the core because the previous package did not define final_path... if [ -d "/opt/$app" ]; then # This is the package version of the manifestv2 - rsync -a "/opt/$app/" "$install_dir" - ynh_secure_remove "/opt/$app" + mv "/opt/$app/" "$install_dir" fi # Move data directory if [ -d "/home/$app" ]; then - rsync -a "/home/$app/" "$data_dir" - ynh_secure_remove "/home/$app" + mv "/home/$app/" "$data_dir" fi # Ensure the user has the correct home dir @@ -43,23 +53,45 @@ if [ ~"$app" != "$data_dir" ]; then fi # Ensure secrets are defined -# Some workaround around `gitea secret generate` not available in old versions -mv "$install_dir/gitea" "$install_dir/gitea_orig" ynh_setup_source --dest_dir="$install_dir" --source_id=main -chmod +x "$install_dir/gitea" -_gitea_set_secrets -ynh_secure_remove "$install_dir/gitea" -mv "$install_dir/gitea_orig" "$install_dir/gitea" - -# Ensure directories are created -_gitea_mkdirs +_set_permissions #================================================= -# STOP SYSTEMD SERVICE +# MIGRATION STEP 2 (Set undefined Vars) #================================================= -ynh_script_progression --message="Stopping a systemd service..." --weight=1 -ynh_systemd_action --service_name="$app" --action="stop" +if [[ -z "${internal_token:-}" ]]; then + internal_token=$(ynh_exec_as "$app" "$install_dir/gitea" generate secret INTERNAL_TOKEN) + ynh_app_setting_set --app "$app" --key internal_token --value="$internal_token" +fi + +if [[ -z "${secret_key:-}" ]]; then + secret_key=$(ynh_exec_as "$app" "$install_dir/gitea" generate secret SECRET_KEY) + ynh_app_setting_set --app "$app" --key secret_key --value="$secret_key" +fi + +if [[ -n "${lfs_key:-}" ]]; then + lfs_jwt_secret="$lfs_key" + ynh_app_setting_delete --app "$app" --key lfs_key + ynh_app_setting_set --app "$app" --key lfs_jwt_secret --value="$lfs_jwt_secret" +fi + +if [[ -z "${lfs_jwt_secret:-}" ]]; then + lfs_jwt_secret=$(ynh_exec_as "$app" "$install_dir/gitea" generate secret JWT_SECRET) + ynh_app_setting_set --app "$app" --key lfs_jwt_secret --value="$lfs_jwt_secret" +fi + +#================================================= +# UPDATE A CONFIG FILE +#================================================= +ynh_script_progression --message='Updating configuration files...' --weight=1 + +# Clean template to fix issue : https://github.com/gogits/gogs/issues/4585 +ynh_secure_remove --file="$install_dir/templates" + +# Configure gitea with app.ini file +ynh_add_config --template=app.ini --destination="$install_dir/custom/conf/app.ini" +_set_permissions #================================================= # REAPPLY SYSTEM CONFIGURATIONS @@ -76,61 +108,12 @@ ynh_use_logrotate --non-append ynh_add_fail2ban_config --logpath="/var/log/$app/gitea.log" --failregex=".*Failed authentication attempt for .* from " --max_retry 5 -#================================================= -# RECONFIGURE THE APP (UPDATE CONF, APPLY MIGRATIONS...) -#================================================= -# UPDATE A CONFIG FILE -#================================================= -ynh_script_progression --message="Updating configuration files..." --weight=1 - -# Clean template to fix issue : https://github.com/gogits/gogs/issues/4585 -ynh_secure_remove --file="$install_dir/templates" - -# Configure gitea with app.ini file -_gitea_add_config -_gitea_permissions_install_dir - -#================================================= -# DB migration -#================================================= -ynh_script_progression --message="Upgrading database and sources..." --weight=6 - -if ynh_compare_current_package_version --comparison lt --version "1.6.4~ynh1"; then - message="Upgrade from $YNH_APP_CURRENT_VERSION was dropped. You need to run this, then upgrade to the latest version: -sudo yunohost app upgrade $app -u https://github.com/YunoHost-Apps/gitea_ynh/commit/a9ceb157032ae2290e944c1d0a255451ff2d133d" - ynh_print_info "$message" - ynh_die --message="$message" --ret_code 1 -fi - -ynh_setup_source --dest_dir="$install_dir" -chmod +x "$install_dir/gitea" -_gitea_permissions_install_dir -ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/gitea.log" --line_match="Starting new Web server: tcp:127.0.0.1:" -# FIXME: Leave the time to update the database schema -sleep 5 -systemctl stop "$app" - - -#================================================= -# RECONFIGURE THE APP (UPDATE CONF, APPLY MIGRATIONS...) -#================================================= -# UPDATE A CONFIG FILE -#================================================= -ynh_script_progression --message="Updating LDAP configuration..." --weight=1 -# Should be done after DB migration I guess -if ! ynh_permission_exists --permission admin; then - # Update ldap config - ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../conf/login_source.sql" - ynh_mysql_connect_as "$db_user" "$db_pwd" "$db_name" < ../conf/login_source.sql -fi - - #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --weight=1 +ynh_script_progression --message='Starting a systemd service...' --weight=1 -ynh_systemd_action --service_name="$app" --action="start" --log_path="/var/log/$app/gitea.log" --line_match="Starting new Web server: tcp:127.0.0.1:" +ynh_systemd_action --service_name="$app" --action=start --log_path="/var/log/$app/gitea.log" --line_match="$systemd_match_start_line" #================================================= # END OF SCRIPT