diff --git a/conf/app.ini b/conf/app.ini index 96503e7..e06c763 100644 --- a/conf/app.ini +++ b/conf/app.ini @@ -18,7 +18,7 @@ DOMAIN = __DOMAIN__ HTTP_PORT = __PORT__ ROOT_URL = https://__URL__/ DISABLE_SSH = false -SSH_PORT = 22 +SSH_PORT = __SSH_PORT_ OFFLINE_MODE = false APP_DATA_PATH = __DATA_PATH__ LANDING_PAGE = explore diff --git a/conf/armv7.src b/conf/armv7.src new file mode 100644 index 0000000..d07338e --- /dev/null +++ b/conf/armv7.src @@ -0,0 +1,5 @@ +SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.7.0/gitea-1.7.0-linux-arm-7 +SOURCE_SUM=2d8c095de0f0d83da5681aa84b14fb8ee278a5e020787227d88583c8b544da69 +SOURCE_SUM_PRG=sha256sum +SOURCE_FILENAME=gitea +SOURCE_EXTRACT=false diff --git a/conf/nginx.conf b/conf/nginx.conf index 36617de..aaa990e 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -4,8 +4,8 @@ location __PATH__/ { proxy_set_header Host $host; proxy_buffering off; fastcgi_param REMOTE_USER $remote_user; - client_max_body_size 50M; - + client_max_body_size 200M; + # Force https if ($scheme = http) { rewrite ^ https://$server_name$request_uri? permanent; diff --git a/scripts/_common.sh b/scripts/_common.sh index 62fac07..b57a1de 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -17,6 +17,8 @@ if [ -n "$(uname -m | grep 64)" ]; then architecture="x86-64" elif [ -n "$(uname -m | grep 86)" ]; then architecture="i386" +elif [ -n "$(uname -m | grep armv7)" ]; then + architecture="armv7" elif [ -n "$(uname -m | grep arm)" ]; then architecture="arm" else @@ -46,6 +48,7 @@ config_nginx() { } config_gitea() { + ssh_port=$(grep -P "Port\s+\d+" /etc/ssh/sshd_config | grep -P -o "\d+") ynh_backup_if_checksum_is_different "$final_path/custom/conf/app.ini" cp ../conf/app.ini "$final_path/custom/conf" @@ -66,6 +69,7 @@ config_gitea() { ynh_replace_string "__DATA_PATH__" "$DATA_PATH" "$final_path/custom/conf/app.ini" ynh_replace_string "__PORT__" $port "$final_path/custom/conf/app.ini" ynh_replace_string "__APP__" $app "$final_path/custom/conf/app.ini" + ynh_replace_string "__SSH_PORT_" $ssh_port "$final_path/custom/conf/app.ini" ynh_store_file_checksum "$final_path/custom/conf/app.ini" } @@ -81,3 +85,21 @@ set_permission() { chmod u=rwX,g=rX,o= "/home/$app" chmod u=rwX,g=rX,o= "/var/log/$app" } + +set_access_settings() { + if [ "$is_public" = '1' ] + then + ynh_app_setting_set $app unprotected_uris "/" + else + # For an access to the git server by https in private mode we need to allow the access to theses URL : + # - "DOMAIN/PATH/USER/REPOSITORY/info/refs" + # - "DOMAIN/PATH/USER/REPOSITORY/git-upload-pack" + # - "DOMAIN/PATH/USER/REPOSITORY/git-receive-pack" + + excaped_domain=${domain//'.'/'%.'} + excaped_domain=${excaped_domain//'-'/'%-'} + excaped_path=${path_url//'.'/'%.'} + excaped_path=${excaped_path//'-'/'%-'} + ynh_app_setting_set $app skipped_regex "$excaped_domain$excaped_path/[%w-.]*/[%w-.]*/git%-receive%-pack,$excaped_domain$excaped_path/[%w-.]*/[%w-.]*/git%-upload%-pack,$excaped_domain$excaped_path/[%w-.]*/[%w-.]*/info/refs" + fi +} diff --git a/scripts/change_url b/scripts/change_url index 8cda492..87eea15 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -18,9 +18,8 @@ cp -r /etc/yunohost/apps/${app}/conf ../ # Quick hack for https://github.com/Yu # RETRIEVE ARGUMENTS old_domain=$YNH_APP_OLD_DOMAIN -old_path=$YNH_APP_OLD_PATH -new_domain=$YNH_APP_NEW_DOMAIN -new_path=$YNH_APP_NEW_PATH +domain=$YNH_APP_NEW_DOMAIN +path_url=$(ynh_normalize_url_path ${YNH_APP_NEW_PATH:-'/'}) app=$YNH_APP_INSTANCE_NAME dbpass=$(ynh_app_setting_get "$app" mysqlpwd) @@ -28,28 +27,6 @@ admin=$(ynh_app_setting_get "$app" adminusername) key=$(ynh_app_setting_get "$app" secret_key) port=$(ynh_app_setting_get "$app" web_port) -# CHECK THE SYNTAX OF THE PATHS -test -n "$old_path" || old_path="/" -test -n "$new_path" || new_path="/" -new_path=$(ynh_normalize_url_path $new_path) -old_path=$(ynh_normalize_url_path $old_path) - -domain="$new_domain" -path_url="$new_path" - -# CHECK WHICH PARTS SHOULD BE CHANGED -change_domain=0 -if [ "$old_domain" != "$new_domain" ] -then - change_domain=1 -fi - -change_path=0 -if [ "$old_path" != "$new_path" ] -then - change_path=1 -fi - #================================================= # STANDARD MODIFICATIONS #================================================= @@ -58,13 +35,13 @@ fi nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf # Change the domain for nginx -if [ $change_domain -eq 1 ] -then +# Change the domain for nginx +if [[ "$old_domain" != "$domain" ]]; then # Delete file checksum for the old conf file location ynh_delete_file_checksum "$nginx_conf_path" - mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf + mv $nginx_conf_path /etc/nginx/conf.d/$domain.d/$app.conf # Store file checksum for the new config file location - ynh_store_file_checksum "/etc/nginx/conf.d/$new_domain.d/$app.conf" + ynh_store_file_checksum "/etc/nginx/conf.d/$domain.d/$app.conf" fi config_nginx @@ -73,5 +50,9 @@ config_nginx config_gitea # RELOAD services -ynh_check_starting "INFO] Listen: http://0.0.0.0:" "/var/log/$app/gitea.log" -sleep 1 \ No newline at end of file +ynh_systemd_action -l "Serving \[::\]:$port with pid" -p "systemd" -a restart +sleep 1 + +# Store the checksum with the 'INTERNAL_TOKEN' value. +# Should be removed when the issue https://github.com/go-gitea/gitea/issues/3246 is fixed +ynh_store_file_checksum "$final_path/custom/conf/app.ini" diff --git a/scripts/experimental_helper.sh b/scripts/experimental_helper.sh index 600a653..9e3869c 100644 --- a/scripts/experimental_helper.sh +++ b/scripts/experimental_helper.sh @@ -9,53 +9,91 @@ ynh_delete_file_checksum () { ynh_app_setting_delete $app $checksum_setting_name } -# Start or restart a service and follow its booting +# Start (or other actions) a service, print a log in case of failure and optionnaly wait until the service is completely started # -# usage: ynh_check_starting "Line to match" [Log file] [Timeout] [Service name] +# usage: ynh_systemd_action [-n service_name] [-a action] [ [-l "line to match"] [-p log_path] [-t timeout] [-e length] ] +# | arg: -n, --service_name= - Name of the service to reload. Default : $app +# | arg: -a, --action= - Action to perform with systemctl. Default: start +# | arg: -l, --line_match= - Line to match - The line to find in the log to attest the service have finished to boot. +# If not defined it don't wait until the service is completely started. +# | arg: -p, --log_path= - Log file - Path to the log file. Default : /var/log/$app/$app.log +# | arg: -t, --timeout= - Timeout - The maximum time to wait before ending the watching. Default : 300 seconds. +# | arg: -e, --length= - Length of the error log : Default : 20 +ynh_systemd_action() { + # Declare an array to define the options of this helper. + declare -Ar args_array=( [n]=service_name= [a]=action= [l]=line_match= [p]=log_path= [t]=timeout= [e]=length= ) + local service_name + local action + local line_match + local length + local log_path + local timeout + + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + local service_name="${service_name:-$app}" + local action=${action:-start} + local log_path="${log_path:-/var/log/$service_name/$service_name.log}" + local length=${length:-20} + local timeout=${timeout:-300} + + # Start to read the log + if [[ -n "${line_match:-}" ]] + then + local templog="$(mktemp)" + # Following the starting of the app in its log + if [ "$log_path" == "systemd" ] ; then + # Read the systemd journal + journalctl --unit=$service_name --follow --since=-0 --quiet > "$templog" & + else + # Read the specified log file + tail -F -n0 "$log_path" > "$templog" & + fi + # Get the PID of the tail command + local pid_tail=$! + fi + + echo "${action^} the service $service_name" >&2 + systemctl $action $service_name \ + || ( journalctl --lines=$length -u $service_name >&2 \ + ; test -e "$log_path" && echo "--" && tail --lines=$length "$log_path" >&2 \ + ; false ) + + # Start the timeout and try to find line_match + if [[ -n "${line_match:-}" ]] + then + local i=0 + for i in $(seq 1 $timeout) + do + # Read the log until the sentence is found, that means the app finished to start. Or run until the timeout + if grep --quiet "$line_match" "$templog" + then + echo "The service $service_name has correctly started." >&2 + break + fi + echo -n "." >&2 + sleep 1 + done + if [ $i -eq $timeout ] + then + echo "The service $service_name didn't fully started before the timeout." >&2 + echo "Please find here an extract of the end of the log of the service $service_name:" + journalctl --lines=$length -u $service_name >&2 + test -e "$log_path" && echo "--" && tail --lines=$length "$log_path" >&2 + fi + + echo "" + ynh_clean_check_starting + fi +} + +# Clean temporary process and file used by ynh_check_starting +# (usually used in ynh_clean_setup scripts) # -# | arg: Line to match - The line to find in the log to attest the service have finished to boot. -# | arg: Log file - The log file to watch -# | arg: Service name -# /var/log/$app/$app.log will be used if no other log is defined. -# | arg: Timeout - The maximum time to wait before ending the watching. Defaut 300 seconds. -ynh_check_starting () { - local line_to_match="$1" - local service_name="${4:-$app}" - local app_log="${2:-/var/log/$service_name/$service_name.log}" - local timeout=${3:-300} - - ynh_clean_check_starting () { - # Stop the execution of tail. - kill -s 15 $pid_tail 2>&1 - ynh_secure_remove "$templog" 2>&1 - } - - echo "Starting of $service_name" >&2 - systemctl stop $service_name - local templog="$(mktemp)" - # Following the starting of the app in its log - tail -F -n0 "$app_log" > "$templog" & - # Get the PID of the tail command - local pid_tail=$! - systemctl start $service_name - - local i=0 - for i in `seq 1 $timeout` - do - # Read the log until the sentence is found, that means the app finished to start. Or run until the timeout - if grep --quiet "$line_to_match" "$templog" - then - echo "The service $service_name has correctly started." >&2 - break - fi - echo -n "." >&2 - sleep 1 - done - if [ $i -eq $timeout ] - then - echo "The service $service_name didn't fully started before the timeout." >&2 - fi - - echo "" - ynh_clean_check_starting -} \ No newline at end of file +# usage: ynh_clean_check_starting +ynh_clean_check_starting () { + # Stop the execution of tail. + kill -s 15 $pid_tail 2>&1 + ynh_secure_remove "$templog" 2>&1 +} diff --git a/scripts/install b/scripts/install index 9fee527..a31fd41 100644 --- a/scripts/install +++ b/scripts/install @@ -16,7 +16,7 @@ source ./_common.sh # Retrieve arguments domain=$YNH_APP_ARG_DOMAIN -path_url=$YNH_APP_ARG_PATH +path_url=$(ynh_normalize_url_path $YNH_APP_ARG_PATH) admin=$YNH_APP_ARG_ADMIN is_public=$YNH_APP_ARG_IS_PUBLIC @@ -60,7 +60,12 @@ config_nginx ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass" # Add users -ynh_system_user_create $app +# We can't use the official helper (for now) because we need to set the shell for the login +test getent passwd "$app" &>/dev/null || \ + useradd -d "$DATADIR" --system --user-group "$app" --shell /bin/bash || \ + ynh_die "Unable to create $app system account" +# Should be replaced by this when getops is available in the helper ynh_system_user_create (probably in Yunohost 3.5) +# ynh_system_user_create --username= $app --home_dir=/opt/yunohost/$app --use_shell # create needed directories create_dir @@ -99,10 +104,7 @@ ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql #================================================= # Unprotect root from SSO if public -if [ "$is_public" = '1' ] -then - ynh_app_setting_set $app unprotected_uris "/" -fi +set_access_settings # Add gitea to YunoHost's monitored services yunohost service add "$app" --log "/var/log/$app/$app.log" @@ -111,6 +113,9 @@ yunohost service add "$app" --log "/var/log/$app/$app.log" ynh_use_logrotate "/var/log/$app" # Reload services -# ynh_check_starting "Serving [::]:$port with pid" "/var/log/$app/gitea.log" -sleep 20 -systemctl start gitea +ynh_systemd_action -l "Serving \[::\]:$port with pid" -p "systemd" +sleep 1 + +# Store the checksum with the 'INTERNAL_TOKEN' value. +# Should be removed when the issue https://github.com/go-gitea/gitea/issues/3246 is fixed +ynh_store_file_checksum "$final_path/custom/conf/app.ini" diff --git a/scripts/remove b/scripts/remove index c9a5682..8207695 100644 --- a/scripts/remove +++ b/scripts/remove @@ -15,7 +15,7 @@ source ./_common.sh # STANDARD REMOVE #================================================= -# Stop gogs +# Stop gitea systemctl stop "$app".service # Drop MySQL database and user @@ -36,7 +36,7 @@ ynh_remove_logrotate # Remove nginx config ynh_remove_nginx_config -# Remove gogs user and data +# Remove gitea user and data ynh_system_user_delete $app # Remove init script diff --git a/scripts/restore b/scripts/restore index c3c06f5..c13cf0d 100644 --- a/scripts/restore +++ b/scripts/restore @@ -19,6 +19,7 @@ domain=$(ynh_app_setting_get "$app" domain) path_url=$(ynh_app_setting_get "$app" path) dbpass=$(ynh_app_setting_get "$app" mysqlpwd) admin=$(ynh_app_setting_get "$app" adminusername) +port=$(ynh_app_setting_get "$app" web_port) # Check domain/path availability with app helper ynh_webpath_available $domain $path_url || ynh_die "$domain is not available as domain, please use an other domain." @@ -35,7 +36,12 @@ test ! -e "$final_path" || ynh_die "This path already contains a folder" #================================================= # Add users -ynh_system_user_create $app +# We can't use the official helper (for now) because we need to set the shell for the login +test getent passwd "$app" &>/dev/null || \ + useradd -d "$DATADIR" --system --user-group "$app" --shell /bin/bash || \ + ynh_die "Unable to create $app system account" +# Should be replaced by this when getops is available in the helper ynh_system_user_create (probably in Yunohost 3.5) +# ynh_system_user_create --username= $app --home_dir=/opt/yunohost/$app --use_shell # Restore all files ynh_restore @@ -63,5 +69,5 @@ yunohost service add "$app" --log /var/log/"$app"/"$app".log # Reload services systemctl reload nginx.service -sleep 20 -systemctl start gitea \ No newline at end of file +ynh_systemd_action -l "Serving \[::\]:$port with pid" -p "systemd" +sleep 1 diff --git a/scripts/upgrade b/scripts/upgrade index 54b53b6..ed849fc 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -85,7 +85,7 @@ fi #================================================= # Clean template to fix issue : https://github.com/gogits/gogs/issues/4585 -ynh_secure_remove "/opt/gitea/templates" +ynh_secure_remove "/opt/$app/templates" # Install gitea ynh_setup_source $final_path $architecture @@ -106,7 +106,13 @@ config_nginx # Set permissions set_permission +# Unprotect root from SSO if public +set_access_settings + # Reload services -# ynh_check_starting "INFO] Listen: http://0.0.0.0:" "/var/log/$app/gitea.log" -sleep 20 -systemctl restart gitea +ynh_systemd_action -l "Serving \[::\]:$port with pid" -p "systemd" +sleep 1 + +# Store the checksum with the 'INTERNAL_TOKEN' value. +# Should be removed when the issue https://github.com/go-gitea/gitea/issues/3246 is fixed +ynh_store_file_checksum "$final_path/custom/conf/app.ini"