From cfce1f3c1942bb52150137169ddf6be8a5dc1686 Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Fri, 6 Apr 2018 19:58:23 +0200 Subject: Rename .fonctions to _common.sh --- scripts/_common.sh | 263 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 263 insertions(+) create mode 100644 scripts/_common.sh (limited to 'scripts/_common.sh') diff --git a/scripts/_common.sh b/scripts/_common.sh new file mode 100644 index 0000000..20f9ea0 --- /dev/null +++ b/scripts/_common.sh @@ -0,0 +1,263 @@ +#!/bin/bash + +ynh_version="2.4" + +YNH_VERSION () { # Returns the version number of the Yunohost moulinette + ynh_version=$(sudo yunohost -v | grep "moulinette:" | cut -d' ' -f2 | cut -d'.' -f1,2) +} + +CHECK_VAR () { # Verifies that the variable is not empty. + # $1 = Variable to be checked + # $2 = Display text on error + test -n "$1" || (echo "$2" >&2 && false) +} + +EXIT_PROPERLY () { # Causes the script to stop in the event of an error. And clean the residue. + trap '' ERR + echo -e "\e[91m \e[1m" # Shell in light red bold + echo -e "!!\n $app install's script has encountered an error. Installation was cancelled.\n!!" >&2 + + if type -t CLEAN_SETUP > /dev/null; then # Checks the existence of the function before executing it. + CLEAN_SETUP # Call the specific cleanup function of the install script. + fi + + # Compensates the ssowat bug that does not remove the app's input in case of installation error. + sudo sed -i "\@\"$domain/\":@d" /etc/ssowat/conf.json + + if [ "$ynh_version" = "2.2" ]; then + /bin/bash $script_dir/remove + fi + + ynh_die +} + +TRAP_ON () { # Activate signal capture + trap EXIT_PROPERLY ERR # Capturing exit signals on error +} + +TRAP_OFF () { # Ignoring signal capture until TRAP_ON + trap '' ERR # Ignoring exit signals +} + +CHECK_USER () { # Check the validity of the user admin + # $1 = User admin variable + ynh_user_exists "$1" || (echo "Wrong admin" >&2 && false) +} + +CHECK_PATH () { # Checks / at the beginning of the path. And his absence at the end. + if [ "${path:0:1}" != "/" ]; then # If the first character is not / + path="/$path" # Add / at the beginning of path + fi + if [ "${path:${#path}-1}" == "/" ] && [ ${#path} -gt 1 ]; then # If the last character is a / and it is not the only character. + path="${path:0:${#path}-1}" # Delete last character + fi +} + +CHECK_DOMAINPATH () { # Checks the availability of the path and domain. + sudo yunohost app checkurl $domain -a $app +} + +CHECK_FINALPATH () { # Checks that the destination folder is not already in use. + final_path=/opt/$app + if [ -e "$final_path" ] + then + echo "This path already contains a folder" >&2 + false + fi +} + +STORE_MD5_CONFIG () { # Saves the checksum of the config file + # $1 = Name of the conf file for storage in settings.yml + # $2 = Full name and path of the conf file. + ynh_app_setting_set $app $1_file_md5 $(sudo md5sum "$2" | cut -d' ' -f1) +} + +CHECK_MD5_CONFIG () { # Created a backup of the config file if it was changed. + # $1 = Name of the conf file for storage in settings.yml + # $2 = Full name and path of the conf file.onf. + if [ "$(ynh_app_setting_get $app $1_file_md5)" != $(sudo md5sum "$2" | cut -d' ' -f1) ]; then + sudo cp -a "$2" "$2.backup.$(date '+%d.%m.%y_%Hh%M,%Ss')" # Si le fichier de config a été modifié, créer un backup. + fi +} + +FIND_PORT () { # Search free port + # $1 = Port number to start the search. + port=$1 + while ! sudo yunohost app checkport $port ; do + port=$((port+1)) + done + CHECK_VAR "$port" "port empty" +} + +SETUP_SOURCE () { # Download source, decompress and copu into $final_path + src=$(cat ../sources/source_md5 | awk -F' ' {'print $2'}) + sudo wget -nv -i ../sources/source_url -O $src + # Checks the checksum of the downloaded source. + # md5sum -c ../sources/source_md5 --status || ynh_die "Corrupt source" + # Decompress source + if [ "$(echo ${src##*.})" == "tgz" ]; then + tar -x -f $src + elif [ "$(echo ${src##*.})" == "zip" ]; then + unzip -q $src + else + false # Unsupported archive format. + fi + # Copy file source + sudo cp -a $(cat ../sources/source_dir)/. "$final_path/live" + # Copy additional file and modified + if test -e "../sources/ajouts"; then + sudo cp -a ../sources/ajouts/. "$final_path" + fi +} + +# Create user with special hack +CREATE_USER () { + sudo curl -kSs https://${domain}/auth/sign_up --cookie-jar cookie | grep csrf > token || true + token=$(sudo cat token | sed -n '/csrf-token/s/.*name="csrf-token"\s\+content="\([^"]\+\).*/\1/p') + sudo curl -kSs https://${domain}/auth --data "&user[account_attributes][username]=${admin_mastodon}&user[email]=${admin_mastodon}@${domain}&user[password]=${admin_pass}&user[password_confirmation]=${admin_pass}&authenticity_token=${token}" --cookie cookie +} + +### REMOVE SCRIPT + +REMOVE_NGINX_CONF () { # Delete nginx configuration + if [ -e "/etc/nginx/conf.d/$domain.d/$app.conf" ]; then # Delete nginx config + echo "Delete nginx config" + sudo rm "/etc/nginx/conf.d/$domain.d/$app.conf" + sudo systemctl reload nginx + fi +} + +REMOVE_LOGROTATE_CONF () { # Delete logrotate configuration + if [ -e "/etc/logrotate.d/$app" ]; then + echo "Delete logrotate config" + sudo rm "/etc/logrotate.d/$app" + fi +} + +SECURE_REMOVE () { # Deleting a folder with variable verification + chaine="$1" # The argument must be given between simple quotes '', to avoid interpreting the variables. + no_var=0 + while (echo "$chaine" | grep -q '\$') # Loop as long as there are $ in the string + do + no_var=1 + global_var=$(echo "$chaine" | cut -d '$' -f 2) # Isole the first variable found. + only_var=\$$(expr "$global_var" : '\([A-Za-z0-9_]*\)') # Isole completely the variable by adding the $ at the beginning and keeping only the name of the variable. Mostly gets rid of / and a possible path behind. + real_var=$(eval "echo ${only_var}") # `eval "echo ${var}` Allows to interpret a variable contained in a variable. + if test -z "$real_var" || [ "$real_var" = "/" ]; then + echo "Variable $only_var is empty, suppression of $chaine cancelled." >&2 + return 1 + fi + chaine=$(echo "$chaine" | sed "s@$only_var@$real_var@") # Replaces variable with its value in the string. + done + if [ "$no_var" -eq 1 ] + then + if [ -e "$chaine" ]; then + echo "Delete directory $chaine" + sudo rm -r "$chaine" + fi + return 0 + else + echo "No detected variable." >&2 + return 1 + fi +} + +# Create a db without password +# +# usage: ynh_mysql_create_user user +# | arg: user - the user name to create +ynh_psql_create_db_without_password() { + db=$1 + sudo su -c "psql" postgres <<< \ + "CREATE USER $db CREATEDB;" +} + +# Create a user +# +# usage: ynh_mysql_create_user user pwd [host] +# | arg: user - the user name to create +# | arg: pwd - the password to identify user by +ynh_psql_create_user() { + sudo su -c "psql" postgres <<< \ + "CREATE USER ${1} WITH PASSWORD '${2}';" +} + +# Create a user without password +# +# usage: ynh_mysql_create_user user pwd [host] +# | arg: user - the user name to create +ynh_psql_create_user_without_password() { + sudo su -c "psql" postgres <<< \ + "CREATE USER ${1};" +} + +# Create a database and grant optionnaly privilegies to a user +# +# usage: ynh_mysql_create_db db [user [pwd]] +# | arg: db - the database name to create +# | arg: user - the user to grant privilegies +# | arg: pwd - the password to identify user by +ynh_psql_create_db() { + db=$1 + # grant all privilegies to user + if [[ $# -gt 1 ]]; then + ynh_psql_create_user ${2} "${3}" + sudo su -c "createdb -O ${2} $db" postgres + else + sudo su -c "createdb $db" postgres + fi + +} + +# Drop a role +# +# usage: ynh_mysql_drop_role db +# | arg: db - the database name to drop +ynh_psql_drop_role() { + sudo su -c "psql" postgres <<< \ + "DROP ROLE ${1};" +} + +# Drop a database +# +# usage: ynh_mysql_drop_db db +# | arg: db - the database name to drop +ynh_psql_drop_db() { + sudo su -c "dropdb ${1}" postgres +} + +# Drop a user +# +# usage: ynh_mysql_drop_user user +# | arg: user - the user name to drop +ynh_psql_drop_user() { + sudo su -c "dropuser ${1}" postgres +} + +# Remove a file or a directory securely +# +# usage: ynh_secure_remove path_to_remove +# | arg: path_to_remove - File or directory to remove +ynh_secure_remove () { + path_to_remove=$1 + forbidden_path=" \ + /var/www \ + /home/yunohost.app" + + if [[ "$forbidden_path" =~ "$path_to_remove" \ + # Match all path or subpath in $forbidden_path + || "$path_to_remove" =~ ^/[[:alnum:]]+$ \ + # Match all first level path from / (Like /var, /root, etc...) + || "${path_to_remove:${#path_to_remove}-1}" = "/" ]] + # Match if the path finish by /. Because it's seems there is an empty variable + then + echo "Avoid deleting of $path_to_remove." >&2 + else + if [ -e "$path_to_remove" ] + then + sudo rm -R "$path_to_remove" + else + echo "$path_to_remove doesn't deleted because it's not exist." >&2 + fi + fi +} \ No newline at end of file -- cgit v1.2.3-70-g09d2 From 18b69b2fdfbd1178334b5ea5a3c9e75fb439a10f Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Holcroft Date: Fri, 6 Apr 2018 21:01:26 +0200 Subject: Remove old-time specific functions and add multiple TODO --- scripts/_common.sh | 190 --------------------------- scripts/install | 379 ++++++++++++++++++++++++++++++++--------------------- 2 files changed, 230 insertions(+), 339 deletions(-) (limited to 'scripts/_common.sh') diff --git a/scripts/_common.sh b/scripts/_common.sh index 20f9ea0..39b0631 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,167 +1,5 @@ #!/bin/bash -ynh_version="2.4" - -YNH_VERSION () { # Returns the version number of the Yunohost moulinette - ynh_version=$(sudo yunohost -v | grep "moulinette:" | cut -d' ' -f2 | cut -d'.' -f1,2) -} - -CHECK_VAR () { # Verifies that the variable is not empty. - # $1 = Variable to be checked - # $2 = Display text on error - test -n "$1" || (echo "$2" >&2 && false) -} - -EXIT_PROPERLY () { # Causes the script to stop in the event of an error. And clean the residue. - trap '' ERR - echo -e "\e[91m \e[1m" # Shell in light red bold - echo -e "!!\n $app install's script has encountered an error. Installation was cancelled.\n!!" >&2 - - if type -t CLEAN_SETUP > /dev/null; then # Checks the existence of the function before executing it. - CLEAN_SETUP # Call the specific cleanup function of the install script. - fi - - # Compensates the ssowat bug that does not remove the app's input in case of installation error. - sudo sed -i "\@\"$domain/\":@d" /etc/ssowat/conf.json - - if [ "$ynh_version" = "2.2" ]; then - /bin/bash $script_dir/remove - fi - - ynh_die -} - -TRAP_ON () { # Activate signal capture - trap EXIT_PROPERLY ERR # Capturing exit signals on error -} - -TRAP_OFF () { # Ignoring signal capture until TRAP_ON - trap '' ERR # Ignoring exit signals -} - -CHECK_USER () { # Check the validity of the user admin - # $1 = User admin variable - ynh_user_exists "$1" || (echo "Wrong admin" >&2 && false) -} - -CHECK_PATH () { # Checks / at the beginning of the path. And his absence at the end. - if [ "${path:0:1}" != "/" ]; then # If the first character is not / - path="/$path" # Add / at the beginning of path - fi - if [ "${path:${#path}-1}" == "/" ] && [ ${#path} -gt 1 ]; then # If the last character is a / and it is not the only character. - path="${path:0:${#path}-1}" # Delete last character - fi -} - -CHECK_DOMAINPATH () { # Checks the availability of the path and domain. - sudo yunohost app checkurl $domain -a $app -} - -CHECK_FINALPATH () { # Checks that the destination folder is not already in use. - final_path=/opt/$app - if [ -e "$final_path" ] - then - echo "This path already contains a folder" >&2 - false - fi -} - -STORE_MD5_CONFIG () { # Saves the checksum of the config file - # $1 = Name of the conf file for storage in settings.yml - # $2 = Full name and path of the conf file. - ynh_app_setting_set $app $1_file_md5 $(sudo md5sum "$2" | cut -d' ' -f1) -} - -CHECK_MD5_CONFIG () { # Created a backup of the config file if it was changed. - # $1 = Name of the conf file for storage in settings.yml - # $2 = Full name and path of the conf file.onf. - if [ "$(ynh_app_setting_get $app $1_file_md5)" != $(sudo md5sum "$2" | cut -d' ' -f1) ]; then - sudo cp -a "$2" "$2.backup.$(date '+%d.%m.%y_%Hh%M,%Ss')" # Si le fichier de config a été modifié, créer un backup. - fi -} - -FIND_PORT () { # Search free port - # $1 = Port number to start the search. - port=$1 - while ! sudo yunohost app checkport $port ; do - port=$((port+1)) - done - CHECK_VAR "$port" "port empty" -} - -SETUP_SOURCE () { # Download source, decompress and copu into $final_path - src=$(cat ../sources/source_md5 | awk -F' ' {'print $2'}) - sudo wget -nv -i ../sources/source_url -O $src - # Checks the checksum of the downloaded source. - # md5sum -c ../sources/source_md5 --status || ynh_die "Corrupt source" - # Decompress source - if [ "$(echo ${src##*.})" == "tgz" ]; then - tar -x -f $src - elif [ "$(echo ${src##*.})" == "zip" ]; then - unzip -q $src - else - false # Unsupported archive format. - fi - # Copy file source - sudo cp -a $(cat ../sources/source_dir)/. "$final_path/live" - # Copy additional file and modified - if test -e "../sources/ajouts"; then - sudo cp -a ../sources/ajouts/. "$final_path" - fi -} - -# Create user with special hack -CREATE_USER () { - sudo curl -kSs https://${domain}/auth/sign_up --cookie-jar cookie | grep csrf > token || true - token=$(sudo cat token | sed -n '/csrf-token/s/.*name="csrf-token"\s\+content="\([^"]\+\).*/\1/p') - sudo curl -kSs https://${domain}/auth --data "&user[account_attributes][username]=${admin_mastodon}&user[email]=${admin_mastodon}@${domain}&user[password]=${admin_pass}&user[password_confirmation]=${admin_pass}&authenticity_token=${token}" --cookie cookie -} - -### REMOVE SCRIPT - -REMOVE_NGINX_CONF () { # Delete nginx configuration - if [ -e "/etc/nginx/conf.d/$domain.d/$app.conf" ]; then # Delete nginx config - echo "Delete nginx config" - sudo rm "/etc/nginx/conf.d/$domain.d/$app.conf" - sudo systemctl reload nginx - fi -} - -REMOVE_LOGROTATE_CONF () { # Delete logrotate configuration - if [ -e "/etc/logrotate.d/$app" ]; then - echo "Delete logrotate config" - sudo rm "/etc/logrotate.d/$app" - fi -} - -SECURE_REMOVE () { # Deleting a folder with variable verification - chaine="$1" # The argument must be given between simple quotes '', to avoid interpreting the variables. - no_var=0 - while (echo "$chaine" | grep -q '\$') # Loop as long as there are $ in the string - do - no_var=1 - global_var=$(echo "$chaine" | cut -d '$' -f 2) # Isole the first variable found. - only_var=\$$(expr "$global_var" : '\([A-Za-z0-9_]*\)') # Isole completely the variable by adding the $ at the beginning and keeping only the name of the variable. Mostly gets rid of / and a possible path behind. - real_var=$(eval "echo ${only_var}") # `eval "echo ${var}` Allows to interpret a variable contained in a variable. - if test -z "$real_var" || [ "$real_var" = "/" ]; then - echo "Variable $only_var is empty, suppression of $chaine cancelled." >&2 - return 1 - fi - chaine=$(echo "$chaine" | sed "s@$only_var@$real_var@") # Replaces variable with its value in the string. - done - if [ "$no_var" -eq 1 ] - then - if [ -e "$chaine" ]; then - echo "Delete directory $chaine" - sudo rm -r "$chaine" - fi - return 0 - else - echo "No detected variable." >&2 - return 1 - fi -} - # Create a db without password # # usage: ynh_mysql_create_user user @@ -233,31 +71,3 @@ ynh_psql_drop_db() { ynh_psql_drop_user() { sudo su -c "dropuser ${1}" postgres } - -# Remove a file or a directory securely -# -# usage: ynh_secure_remove path_to_remove -# | arg: path_to_remove - File or directory to remove -ynh_secure_remove () { - path_to_remove=$1 - forbidden_path=" \ - /var/www \ - /home/yunohost.app" - - if [[ "$forbidden_path" =~ "$path_to_remove" \ - # Match all path or subpath in $forbidden_path - || "$path_to_remove" =~ ^/[[:alnum:]]+$ \ - # Match all first level path from / (Like /var, /root, etc...) - || "${path_to_remove:${#path_to_remove}-1}" = "/" ]] - # Match if the path finish by /. Because it's seems there is an empty variable - then - echo "Avoid deleting of $path_to_remove." >&2 - else - if [ -e "$path_to_remove" ] - then - sudo rm -R "$path_to_remove" - else - echo "$path_to_remove doesn't deleted because it's not exist." >&2 - fi - fi -} \ No newline at end of file diff --git a/scripts/install b/scripts/install index a8f832c..5b1acaa 100644 --- a/scripts/install +++ b/scripts/install @@ -1,17 +1,25 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -set -eu +#================================================= +# GENERIC START +#================================================= +# IMPORT GENERIC HELPERS +#================================================= -source _common.sh # Loads the generic functions usually used in the script -source /usr/share/yunohost/helpers # Source app helpers +source _common.sh +source /usr/share/yunohost/helpers -CLEAN_SETUP () { - # Clean installation residues that are not supported by the remove script. - # Clean hosts - echo "" -} -TRAP_ON # Active trap to stop the script if an error is detected. +#================================================= +# MANAGE SCRIPT FAILURE +#================================================= + +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + + +#================================================= +# RETRIEVE ARGUMENTS FROM THE MANIFEST +#================================================ domain=$YNH_APP_ARG_DOMAIN admin_mastodon=$YNH_APP_ARG_ADMIN @@ -19,217 +27,290 @@ admin_mastodon_mail=$(ynh_user_get_info $admin_mastodon 'mail') admin_pass=$YNH_APP_ARG_PASSWD language=$YNH_APP_ARG_LANGUAGE +path_url="/" + app=$YNH_APP_INSTANCE_NAME -CHECK_VAR "$app" "app name not set" +#================================================= +# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS +#================================================= -CHECK_USER "$admin_mastodon" +final_path=/var/www/$app +test ! -e "$final_path" || ynh_die "This path already contains a folder" -CHECK_DOMAINPATH +[[ ${#admin_pass} -gt 7 ]] || ynh_die "Password is too weak, must be longer than 7 characters" -CHECK_FINALPATH +# Normalize the url path syntax +path_url=$(ynh_normalize_url_path $path_url) + +# Check web path availability +ynh_webpath_available $domain $path_url +# Register (book) web path +ynh_webpath_register $app $domain $path_url + +#================================================= +# STORE SETTINGS FROM MANIFEST +#================================================= ynh_app_setting_set $app domain $domain ynh_app_setting_set $app admin $admin_mastodon ynh_app_setting_set $app pass $admin_pass ynh_app_setting_set $app language $language +ynh_app_setting_set $app path $path_url -[[ ${#admin_pass} -gt 7 ]] || ynh_die \ -"The password is too weak, it must be longer than 7 characters" - -# Create user unix -sudo adduser $app --home /opt/$app --gecos "First Last,RoomNumber,WorkPhone,HomePhone" --disabled-password --disabled-login -# Install debian package -ynh_package_install imagemagick libpq-dev libxml2-dev libxslt1-dev file curl apt-transport-https pkg-config libprotobuf-dev protobuf-compiler libicu-dev libidn11-dev +#================================================= +# STANDARD MODIFICATIONS +#================================================= -# Install redis package -ynh_package_install redis-server redis-tools -# Install postgresql -ynh_package_install postgresql postgresql-contrib postgresql-server-dev-9.4 +#================================================= +# INSTALL DEPENDENCIES +#================================================= -# Install Ruby -ynh_package_install autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm3 libgdbm-dev +# TODO: add in a clean way backports and yarn # Import debian archive pubkey, need on ARM arch arch=$(uname -m) if [[ $arch = arm* ]]; then - sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8B48AD6246925553 - sudo apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7638D0442B90D010 + apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 8B48AD6246925553 + apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 7638D0442B90D010 fi # Install source.list debian package backports & yarn -sudo cp ../conf/backports.list /etc/apt/sources.list.d/ -sudo curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | sudo apt-key add - -sudo cp ../conf/yarn.list /etc/apt/sources.list.d/ +cp ../conf/backports.list /etc/apt/sources.list.d/ +curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - +cp ../conf/yarn.list /etc/apt/sources.list.d/ ynh_package_update -# Install debian package backports -sudo apt-get -t jessie-backports -y install ffmpeg - # Creates the destination directory and stores its location. ynh_app_setting_set $app final_path $final_path # Install de Node.js -pushd /opt -curl -sL https://deb.nodesource.com/setup_6.x | sudo bash - -sudo apt-get -y install nodejs - -# Install Yarn -ynh_package_install yarn - +# TODO: use https://github.com/YunoHost-Apps/Experimental_helpers/blob/master/ynh_install_nodejs/ynh_install_nodejs +( + cd /opt + curl -sL https://deb.nodesource.com/setup_6.x | bash - + apt-get -y install nodejs +) + +# TODO: use the same mecanism with other files +ynh_install_app_dependencies \ + `# debian packages ` \ + imagemagick libpq-dev libxml2-dev libxslt1-dev file curl apt-transport-https pkg-config libprotobuf-dev protobuf-compiler libicu-dev libidn11-dev \ + `# redis ` \ + redis-server redis-tools \ + `# postgresql ` \ + postgresql postgresql-contrib postgresql-server-dev-9.4 \ + `# Ruby ` \ + autoconf bison build-essential libssl-dev libyaml-dev libreadline6-dev zlib1g-dev libncurses5-dev libffi-dev libgdbm3 libgdbm-dev \ + `# ffmpeg from backports ` \ + ffmpeg \ + `# Yarn ` \ + yarn + +#================================================= +# CREATE A DATABASE +#================================================= + +# TODO: use non-official https://github.com/YunoHost-Apps/Experimental_helpers/blob/master/postgres/postgres +# TODO: this commands doesn't looks like a requirement, you may fully remove it # Set UTF8 encoding by default -sudo su -c "psql" postgres <<< \ +su -c "psql" postgres <<< \ "update pg_database set datistemplate='false' where datname='template1';" -sudo su -c "psql" postgres <<< \ +su -c "psql" postgres <<< \ "drop database template1;" -sudo su -c "psql" postgres <<< \ +su -c "psql" postgres <<< \ "create database template1 encoding='UTF8' template template0;" -sudo su -c "psql" postgres <<< \ +su -c "psql" postgres <<< \ "update pg_database set datistemplate='true' where datname='template1';" # Create DB without password ynh_psql_create_db_without_password "$app" -sudo systemctl restart postgresql +systemctl restart postgresql + +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= +# TODO: dont su as $app, work root and set corrects rights at the end of install # Download all sources rbenv, ruby and mastodon -sudo su - $app <> ~/.profile -echo 'export PATH="/opt/mastodon/.rbenv/bin:/opt/mastodon/live/bin:$PATH"' >> ~/.bashrc -echo 'eval "\$(rbenv init -)"' >> ~/.profile -COMMANDS +( + su $app + cd ~/.rbenv + src/configure && make -C src + echo 'export PATH="/opt/mastodon/.rbenv/bin:/opt/mastodon/live/bin:$PATH"' >> ~/.profile + echo 'export PATH="/opt/mastodon/.rbenv/bin:/opt/mastodon/live/bin:$PATH"' >> ~/.bashrc + echo 'eval "\$(rbenv init -)"' >> ~/.profile +) # Install ruby-build -sudo su - $app <> .env.production -RAILS_ENV=production bin/bundle exec rails db:setup -RAILS_ENV=production bin/bundle exec rails --trace assets:precompile -CCOMMANDS +( + su $app + cd ~/live + echo "SAFETY_ASSURED=1">> .env.production + RAILS_ENV=production bin/bundle exec rails db:setup + RAILS_ENV=production bin/bundle exec rails --trace assets:precompile +) # init rbenv & create bundle -sudo su - $app < Date: Tue, 1 May 2018 11:29:25 +0200 Subject: Use latest PostgreSQL helpers --- scripts/_common.sh | 176 +++++++++++++++++++++++++++++++++++++++-------------- scripts/backup | 7 +-- scripts/install | 49 ++++++++------- scripts/remove | 5 +- scripts/restore | 17 +++--- 5 files changed, 170 insertions(+), 84 deletions(-) (limited to 'scripts/_common.sh') diff --git a/scripts/_common.sh b/scripts/_common.sh index 39b0631..dce035f 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,73 +1,161 @@ #!/bin/bash -# Create a db without password +#================================================= # -# usage: ynh_mysql_create_user user -# | arg: user - the user name to create -ynh_psql_create_db_without_password() { - db=$1 - sudo su -c "psql" postgres <<< \ - "CREATE USER $db CREATEDB;" +# POSTGRES HELPERS +# +# Point of contact : Jean-Baptiste Holcroft +#================================================= + +# Create a master password and set up global settings +# Please always call this script in install and restore scripts +# +# usage: ynh_psql_test_if_first_run + +ynh_psql_test_if_first_run() { + if [ -f /etc/yunohost/psql ]; + then + echo "PostgreSQL is already installed, no need to create master password" + else + pgsql=$(ynh_string_random) + pg_hba="" + echo "$pgsql" >> /etc/yunohost/psql + + if [ -e /etc/postgresql/9.4/ ] + then + pg_hba=/etc/postgresql/9.4/main/pg_hba.conf + elif [ -e /etc/postgresql/9.6/ ] + then + pg_hba=/etc/postgresql/9.6/main/pg_hba.conf + else + ynh_die "postgresql shoud be 9.4 or 9.6" + fi + + systemctl start postgresql + sudo --login --user=postgres psql -c"ALTER user postgres WITH PASSWORD '$pgsql'" postgres + + # force all user to connect to local database using passwords + # https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html#EXAMPLE-PG-HBA.CONF + # Note: we can't use peer since YunoHost create users with nologin + # See: https://github.com/YunoHost/yunohost/blob/unstable/data/helpers.d/user + sed -i '/local\s*all\s*all\s*peer/i \ + local all all password' "$pg_hba" + systemctl enable postgresql + systemctl reload postgresql + fi } -# Create a user +# Open a connection as a user # -# usage: ynh_mysql_create_user user pwd [host] -# | arg: user - the user name to create -# | arg: pwd - the password to identify user by -ynh_psql_create_user() { - sudo su -c "psql" postgres <<< \ - "CREATE USER ${1} WITH PASSWORD '${2}';" +# example: ynh_psql_connect_as 'user' 'pass' <<< "UPDATE ...;" +# example: ynh_psql_connect_as 'user' 'pass' < /path/to/file.sql +# +# usage: ynh_psql_connect_as user pwd [db] +# | arg: user - the user name to connect as +# | arg: pwd - the user password +# | arg: db - the database to connect to +ynh_psql_connect_as() { + user="$1" + pwd="$2" + db="$3" + sudo --login --user=postgres PGUSER="$user" PGPASSWORD="$pwd" psql "$db" } -# Create a user without password +# # Execute a command as root user # -# usage: ynh_mysql_create_user user pwd [host] -# | arg: user - the user name to create -ynh_psql_create_user_without_password() { - sudo su -c "psql" postgres <<< \ - "CREATE USER ${1};" +# usage: ynh_psql_execute_as_root sql [db] +# | arg: sql - the SQL command to execute +# | arg: db - the database to connect to +ynh_psql_execute_as_root () { + sql="$1" + sudo --login --user=postgres psql <<< "$sql" +} + +# Execute a command from a file as root user +# +# usage: ynh_psql_execute_file_as_root file [db] +# | arg: file - the file containing SQL commands +# | arg: db - the database to connect to +ynh_psql_execute_file_as_root() { + file="$1" + db="$2" + sudo --login --user=postgres psql "$db" < "$file" } -# Create a database and grant optionnaly privilegies to a user +# Create a database, an user and its password. Then store the password in the app's config # -# usage: ynh_mysql_create_db db [user [pwd]] +# After executing this helper, the password of the created database will be available in $db_pwd +# It will also be stored as "psqlpwd" into the app settings. +# +# usage: ynh_psql_setup_db user name [pwd] +# | arg: user - Owner of the database +# | arg: name - Name of the database +# | arg: pwd - Password of the database. If not given, a password will be generated +ynh_psql_setup_db () { + db_user="$1" + app="$1" + db_name="$2" + new_db_pwd=$(ynh_string_random) # Generate a random password + # If $3 is not given, use new_db_pwd instead for db_pwd. + db_pwd="${3:-$new_db_pwd}" + ynh_psql_create_db "$db_name" "$db_user" "$db_pwd" # Create the database + ynh_app_setting_set "$app" psqlpwd "$db_pwd" # Store the password in the app's config +} + +# Create a database and grant privilegies to a user +# +# usage: ynh_psql_create_db db [user [pwd]] # | arg: db - the database name to create # | arg: user - the user to grant privilegies -# | arg: pwd - the password to identify user by +# | arg: pwd - the user password ynh_psql_create_db() { - db=$1 - # grant all privilegies to user - if [[ $# -gt 1 ]]; then - ynh_psql_create_user ${2} "${3}" - sudo su -c "createdb -O ${2} $db" postgres - else - sudo su -c "createdb $db" postgres - fi - + db="$1" + user="$2" + pwd="$3" + ynh_psql_create_user "$user" "$pwd" + sudo --login --user=postgres createdb --owner="$user" "$db" } -# Drop a role +# Drop a database # -# usage: ynh_mysql_drop_role db +# usage: ynh_psql_drop_db db # | arg: db - the database name to drop -ynh_psql_drop_role() { - sudo su -c "psql" postgres <<< \ - "DROP ROLE ${1};" +# | arg: user - the user to drop +ynh_psql_remove_db() { + db="$1" + user="$2" + sudo --login --user=postgres dropdb "$db" + ynh_psql_drop_user "$user" } -# Drop a database +# Dump a database # -# usage: ynh_mysql_drop_db db -# | arg: db - the database name to drop -ynh_psql_drop_db() { - sudo su -c "dropdb ${1}" postgres +# example: ynh_psql_dump_db 'roundcube' > ./dump.sql +# +# usage: ynh_psql_dump_db db +# | arg: db - the database name to dump +# | ret: the psqldump output +ynh_psql_dump_db() { + db="$1" + sudo --login --user=postgres pg_dump "$db" +} + + +# Create a user +# +# usage: ynh_psql_create_user user pwd [host] +# | arg: user - the user name to create +ynh_psql_create_user() { + user="$1" + pwd="$2" + sudo --login --user=postgres psql -c"CREATE USER $user WITH PASSWORD '$pwd'" postgres } # Drop a user # -# usage: ynh_mysql_drop_user user +# usage: ynh_psql_drop_user user # | arg: user - the user name to drop ynh_psql_drop_user() { - sudo su -c "dropuser ${1}" postgres + user="$1" + sudo --login --user=postgres dropuser "$user" } diff --git a/scripts/backup b/scripts/backup index ffcac0e..d4014c7 100644 --- a/scripts/backup +++ b/scripts/backup @@ -39,9 +39,8 @@ ynh_backup "/etc/apt/sources.list.d/yarn.list" "apt_yarn.list" sudo sed -i "s@__FINALPATH__@$final_path@g" /etc/nginx/conf.d/${domain}.d/${app}.conf # Backup db -sudo su - postgres < mastodon_db.sql -COMMANDS -ynh_backup "/var/lib/postgresql/${app}_db.sql" "${app}_db.sql" +db_name=$(ynh_sanitize_dbid "$app") +ynh_psql_dump_db "$db_name" + # Fix backup fail on yunohost 2.6 #ynh_secure_remove /var/lib/postgresql/mastodon_db.sql diff --git a/scripts/install b/scripts/install index 5b1acaa..4a23715 100644 --- a/scripts/install +++ b/scripts/install @@ -116,31 +116,16 @@ ynh_install_app_dependencies \ # TODO: use non-official https://github.com/YunoHost-Apps/Experimental_helpers/blob/master/postgres/postgres # TODO: this commands doesn't looks like a requirement, you may fully remove it # Set UTF8 encoding by default -su -c "psql" postgres <<< \ - "update pg_database set datistemplate='false' where datname='template1';" -su -c "psql" postgres <<< \ - "drop database template1;" -su -c "psql" postgres <<< \ - "create database template1 encoding='UTF8' template template0;" -su -c "psql" postgres <<< \ - "update pg_database set datistemplate='true' where datname='template1';" - -# Create DB without password -ynh_psql_create_db_without_password "$app" -systemctl restart postgresql -#================================================= -# DOWNLOAD, CHECK AND UNPACK SOURCE -#================================================= +ynh_psql_test_if_first_run + +db_user=$(ynh_sanitize_dbid "$app") +db_name=$(ynh_sanitize_dbid "$app") +db_pwd=$(ynh_string_random) +ynh_app_setting_set $app db_pwd $db_pwd +ynh_psql_setup_db "$db_user" "$db_name" "$db_pwd" + -# TODO: dont su as $app, work root and set corrects rights at the end of install -# Download all sources rbenv, ruby and mastodon -( - su $app - git clone https://github.com/rbenv/rbenv.git $final_path/.rbenv - git clone https://github.com/rbenv/ruby-build.git $final_path/.rbenv/plugins/ruby-build - git clone https://github.com/tootsuite/mastodon.git $final_path/live -) #================================================= # NGINX CONFIGURATION @@ -161,6 +146,19 @@ cp ../conf/nginx.conf /etc/nginx/conf.d/$domain.d/$app.conf # Create user unix adduser $app --home /opt/$app --gecos "First Last,RoomNumber,WorkPhone,HomePhone" --disabled-password --disabled-login +#================================================= +# DOWNLOAD, CHECK AND UNPACK SOURCE +#================================================= + +# TODO: dont su as $app, work root and set corrects rights at the end of install +# Download all sources rbenv, ruby and mastodon +( + su $app + git clone https://github.com/rbenv/rbenv.git $final_path/.rbenv + git clone https://github.com/rbenv/ruby-build.git $final_path/.rbenv/plugins/ruby-build + git clone https://github.com/tootsuite/mastodon.git $final_path/live +) + # Switch branch to tagged release cd $final_path/live version=$(curl -s https://api.github.com/repos/tootsuite/mastodon/releases/latest | grep tag_name | cut -d\" -f4) @@ -208,8 +206,9 @@ ln -s /opt/mastodon/.rbenv/versions/2.5.0/bin/ruby /usr/bin/ruby || true cp -a $final_path/live/.env.production.sample $final_path/live/.env.production sed -i "s@REDIS_HOST=redis@REDIS_HOST=127.0.0.1@g" "${final_path}/live/.env.production" sed -i "s@DB_HOST=db@DB_HOST=/var/run/postgresql@g" "${final_path}/live/.env.production" -sed -i "s@DB_USER=postgres@DB_USER=${app}@g" "${final_path}/live/.env.production" -sed -i "s@DB_NAME=postgres@DB_NAME=${app}_production@g" "${final_path}/live/.env.production" +sed -i "s@DB_USER=postgres@DB_USER=${db_user}@g" "${final_path}/live/.env.production" +sed -i "s@DB_NAME=postgres@DB_NAME=${db_name}@g" "${final_path}/live/.env.production" +sed -i "s@DB_PASS=@DB_PASS=${db_name}@g" "${final_path}/live/.env.production" sed -i "s@LOCAL_DOMAIN=example.com@LOCAL_DOMAIN=${domain}@g" "${final_path}/live/.env.production" language="$(echo $language | head -c 2)" diff --git a/scripts/remove b/scripts/remove index 6683c07..e60ed37 100644 --- a/scripts/remove +++ b/scripts/remove @@ -65,8 +65,9 @@ then fi # delete postgresql database & user -ynh_psql_drop_db "${app}_production" -ynh_psql_drop_role "${app}" +db_user=$(ynh_sanitize_dbid "$app") +db_name=$(ynh_sanitize_dbid "$app") +ynh_psql_remove_db "$db_name" "$db_user" # Remove Debian package sudo apt-get remove --purge -y yarn diff --git a/scripts/restore b/scripts/restore index 8ca0b5a..8bad156 100644 --- a/scripts/restore +++ b/scripts/restore @@ -107,15 +107,14 @@ sudo chown -R $app: "$final_path" # Debug sudo ls -alh "$final_path" -# Set UTF8 encoding by default -sudo su -c "psql" postgres <<< \ - "update pg_database set datistemplate='false' where datname='template1';" -sudo su -c "psql" postgres <<< \ - "drop database template1;" -sudo su -c "psql" postgres <<< \ - "create database template1 encoding='UTF8' template template0;" -sudo su -c "psql" postgres <<< \ - "update pg_database set datistemplate='true' where datname='template1';" +# Restore PostgreSQL database +db_user=$(ynh_sanitize_dbid "$app") +db_name=$(ynh_sanitize_dbid "$app") +db_pwd=$(ynh_app_setting_get "$app" db_pwd) + +ynh_psql_test_if_first_run +ynh_psql_setup_db "$db_name" "$db_name" "$db_pwd" +ynh_psql_execute_file_as_root ./db.sql "$db_name" # Install rbenv sudo su - $app < Date: Tue, 1 May 2018 18:48:06 +0200 Subject: Add helpers (multi-file systemd and exec_as) --- scripts/_common.sh | 14 ++++++ scripts/_future.sh | 127 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 141 insertions(+) create mode 100644 scripts/_future.sh (limited to 'scripts/_common.sh') diff --git a/scripts/_common.sh b/scripts/_common.sh index dce035f..7d4f823 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,5 +1,19 @@ #!/bin/bash + +# Execute a command as another user +# usage: exec_as USER COMMAND [ARG ...] +exec_as() { + local user=$1 + shift 1 + + if [[ $user = $(whoami) ]]; then + eval "$@" + else + sudo --login --user="$user" "$@" + fi +} + #================================================= # # POSTGRES HELPERS diff --git a/scripts/_future.sh b/scripts/_future.sh new file mode 100644 index 0000000..82f255c --- /dev/null +++ b/scripts/_future.sh @@ -0,0 +1,127 @@ +#!/bin/bash + +# needed to have "service_name" as an option +# https://github.com/YunoHost/yunohost/commit/9c4ddcca39d9d6d92bd5f9a23978337e48d0a4e1 +ynh_add_systemd_config () { + local service_name="${1:-$app}" + + finalsystemdconf="/etc/systemd/system/$service_name.service" + ynh_backup_if_checksum_is_different "$finalsystemdconf" + sudo cp ../conf/${2:-systemd.service} "$finalsystemdconf" + + # To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable. + # Substitute in a nginx config file only if the variable is not empty + if test -n "${final_path:-}"; then + ynh_replace_string "__FINALPATH__" "$final_path" "$finalsystemdconf" + fi + if test -n "${app:-}"; then + ynh_replace_string "__APP__" "$app" "$finalsystemdconf" + fi + ynh_store_file_checksum "$finalsystemdconf" + + sudo chown root: "$finalsystemdconf" + sudo systemctl enable $service_name + sudo systemctl daemon-reload +} + +# needed to have "service_name" as an option +# https://github.com/YunoHost/yunohost/commit/9c4ddcca39d9d6d92bd5f9a23978337e48d0a4e1 +ynh_remove_systemd_config () { + local service_name="${1:-$app}" + + local finalsystemdconf="/etc/systemd/system/$service_name.service" + if [ -e "$finalsystemdconf" ]; then + sudo systemctl stop $service_name + sudo systemctl disable $service_name + ynh_secure_remove "$finalsystemdconf" + sudo systemctl daemon-reload + fi +} + + +# LOCAL ADDITION: +# save file locally if not in the cache +# +# Download, check integrity, uncompress and patch the source from app.src +ynh_setup_source () { + local dest_dir=$1 + local src_id=${2:-app} # If the argument is not given, source_id equals "app" + + # Load value from configuration file (see above for a small doc about this file + # format) + local src_url=$(grep 'SOURCE_URL=' "$YNH_CWD/../conf/${src_id}.src" | cut -d= -f2-) + local src_sum=$(grep 'SOURCE_SUM=' "$YNH_CWD/../conf/${src_id}.src" | cut -d= -f2-) + local src_sumprg=$(grep 'SOURCE_SUM_PRG=' "$YNH_CWD/../conf/${src_id}.src" | cut -d= -f2-) + local src_format=$(grep 'SOURCE_FORMAT=' "$YNH_CWD/../conf/${src_id}.src" | cut -d= -f2-) + local src_in_subdir=$(grep 'SOURCE_IN_SUBDIR=' "$YNH_CWD/../conf/${src_id}.src" | cut -d= -f2-) + local src_filename=$(grep 'SOURCE_FILENAME=' "$YNH_CWD/../conf/${src_id}.src" | cut -d= -f2-) + + # Default value + src_sumprg=${src_sumprg:-sha256sum} + src_in_subdir=${src_in_subdir:-true} + src_format=${src_format:-tar.gz} + src_format=$(echo "$src_format" | tr '[:upper:]' '[:lower:]') + if [ "$src_filename" = "" ] ; then + src_filename="${src_id}.${src_format}" + fi + local local_src="/var/cache/yunohost/ynh_setup_source/${YNH_APP_ID}/${src_filename}" + + # if cache file exists and the checksum isn't good, download it again + # if not, just download the file + + if test -e "$local_src" + then + echo "${src_sum} ${local_src}" | ${src_sumprg} -c --status \ + || wget -nv -O $local_src $src_url + else + mkdir -p "/var/cache/yunohost/ynh_setup_source/${YNH_APP_ID}" + wget -nv -O $local_src $src_url + fi + cp $local_src $src_filename + + # Check the control sum + echo "${src_sum} ${src_filename}" | ${src_sumprg} -c --status \ + || ynh_die "Corrupt source" + + # Extract source into the app dir + mkdir -p "$dest_dir" + if [ "$src_format" = "zip" ] + then + # Zip format + # Using of a temp directory, because unzip doesn't manage --strip-components + if $src_in_subdir ; then + local tmp_dir=$(mktemp -d) + unzip -quo $src_filename -d "$tmp_dir" + cp -a $tmp_dir/*/. "$dest_dir" + ynh_secure_remove "$tmp_dir" + else + unzip -quo $src_filename -d "$dest_dir" + fi + else + local strip="" + if $src_in_subdir ; then + strip="--strip-components 1" + fi + if [[ "$src_format" =~ ^tar.gz|tar.bz2|tar.xz$ ]] ; then + tar -xf $src_filename -C "$dest_dir" $strip + else + ynh_die "Archive format unrecognized." + fi + fi + + # Apply patches + if (( $(find $YNH_CWD/../sources/patches/ -type f -name "${src_id}-*.patch" 2> /dev/null | wc -l) > "0" )); then + local old_dir=$(pwd) + (cd "$dest_dir" \ + && for p in $YNH_CWD/../sources/patches/${src_id}-*.patch; do \ + patch -p1 < $p; done) \ + || ynh_die "Unable to apply patches" + cd $old_dir + fi + + # Add supplementary files + if test -e "$YNH_CWD/../sources/extra_files/${src_id}"; then + cp -a $YNH_CWD/../sources/extra_files/$src_id/. "$dest_dir" + fi +} + -- cgit v1.2.3-70-g09d2 From ae84054e6af9d9650a6d3a3cdd977665b33e29d3 Mon Sep 17 00:00:00 2001 From: nemsia Date: Wed, 13 Jun 2018 00:23:05 +0200 Subject: Fix db_user create --- scripts/_common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scripts/_common.sh') diff --git a/scripts/_common.sh b/scripts/_common.sh index 7d4f823..89ace8a 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -162,7 +162,7 @@ ynh_psql_dump_db() { ynh_psql_create_user() { user="$1" pwd="$2" - sudo --login --user=postgres psql -c"CREATE USER $user WITH PASSWORD '$pwd'" postgres + sudo --login --user=postgres psql -c"CREATE USER $user WITH PASSWORD '$pwd';" postgres } # Drop a user -- cgit v1.2.3-70-g09d2 From a961856c7ec1a131cad408fd8133251607af688e Mon Sep 17 00:00:00 2001 From: nemsia Date: Wed, 13 Jun 2018 12:19:22 +0200 Subject: Add createdb right to mastodon postgre role --- scripts/_common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'scripts/_common.sh') diff --git a/scripts/_common.sh b/scripts/_common.sh index 89ace8a..df631ad 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -162,7 +162,7 @@ ynh_psql_dump_db() { ynh_psql_create_user() { user="$1" pwd="$2" - sudo --login --user=postgres psql -c"CREATE USER $user WITH PASSWORD '$pwd';" postgres + sudo --login --user=postgres psql -c"CREATE USER $user WITH PASSWORD '$pwd' CREATEDB;" postgres } # Drop a user -- cgit v1.2.3-70-g09d2