From 3b0275ba5b773feca70ed92db8c8f240e93107ce Mon Sep 17 00:00:00 2001 From: yalh76 Date: Sat, 28 Dec 2024 01:29:20 +0100 Subject: Implement yarn 4.5, new active_record_encryption and mastodon default services --- scripts/_common.sh | 2 +- scripts/install | 53 ++++++++++++++++++++++++++++++++--------------------- scripts/upgrade | 26 +++++++++++++++++++++----- 3 files changed, 54 insertions(+), 27 deletions(-) (limited to 'scripts') diff --git a/scripts/_common.sh b/scripts/_common.sh index a2ba0b8..d354663 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -5,7 +5,7 @@ #================================================= memory_needed="2560" -ruby_version=3.2.3 +ruby_version=3.3.5 nodejs_version=20 # Workaround for Mastodon on Bullseye diff --git a/scripts/install b/scripts/install index 1385a30..dfcbb27 100644 --- a/scripts/install +++ b/scripts/install @@ -69,22 +69,19 @@ ynh_app_setting_set --app="$app" --key=secret_key_base --value="$secret_key_base otp_secret=$(ynh_string_random --length=128) ynh_app_setting_set --app="$app" --key=otp_secret --value="$otp_secret" -# We need rake to build vapid keys, we generate them later once the app is installed +# We need bundle exec rails to build vapid keys, we generate them later once the app is installed vapid_private_key="" vapid_public_key="" +# We need `bin/rails db:encryption:init` to generate fresh secrets, we generate them later once the app is installed +active_record_encryption_deterministic_key="" +active_record_encryption_key_derivation_salt="" +active_record_encryption_primary_key="" + ynh_add_config --template=".env.production.sample" --destination="$config" chmod 400 "$config" chown $app:$app "$config" -ynh_replace_string --match_string="registrations_mode: 'open'" --replace_string="registrations_mode: 'none'" --target_file="$install_dir/live/config/settings.yml" -ynh_replace_string --match_string="min_invite_role: 'admin'" --replace_string="min_invite_role: 'none'" --target_file="$install_dir/live/config/settings.yml" - -ynh_store_file_checksum --file="$install_dir/live/config/settings.yml" - -chmod 400 "$install_dir/live/config/settings.yml" -chown $app:$app "$install_dir/live/config/settings.yml" - #================================================= # BUILD APP #================================================= @@ -97,31 +94,45 @@ pushd "$install_dir/live" ynh_gem install bundler --no-document ynh_exec_as $app $ynh_ruby_load_path $ld_preload bin/bundle config deployment 'true' ynh_exec_as $app $ynh_ruby_load_path $ld_preload bin/bundle config without 'development test' - ynh_exec_as $app $ynh_ruby_load_path $ld_preload bin/bundle config set force_ruby_platform true + ynh_exec_as $app $ynh_ruby_load_path $ld_preload bin/bundle config set force_ruby_platform true --quiet ynh_exec_as $app $ynh_ruby_load_path $ld_preload bin/bundle install -j$(getconf _NPROCESSORS_ONLN) - # Building assets ynh_use_nodejs - ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH yarn install --pure-lockfile --production --network-timeout 600000 + env $ynh_node_load_PATH corepack enable + echo Y | ynh_exec_warn_less ynh_exec_as $app env $ynh_node_load_PATH yarn workspaces focus --production + ynh_exec_warn_less ynh_exec_as $app env $ynh_node_load_PATH yarn install --immutable echo "SAFETY_ASSURED=1">> $config - ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails db:migrate --quiet - ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails assets:precompile --quiet # Generate vapid keys - ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rake mastodon:webpush:generate_vapid_key > key.txt - # Create the first admin user - ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/tootctl accounts create "$admin" --email="$admin_mail" --confirmed --role=Owner > /dev/null + ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails mastodon:webpush:generate_vapid_key > vapid_key.txt + # Generate active record encryption + ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails db:encryption:init > active_record_encryption.txt popd -# Re-generate config with vapid keys -vapid_private_key=$(grep -oP "VAPID_PRIVATE_KEY=\K.+" "$install_dir/live/key.txt") +# Re-generate config with vapid keys and active record encryption +vapid_private_key=$(grep -oP "VAPID_PRIVATE_KEY=\K.+" "$install_dir/live/vapid_key.txt") ynh_app_setting_set --app="$app" --key=vapid_private_key --value="$vapid_private_key" -vapid_public_key=$(grep -oP "VAPID_PUBLIC_KEY=\K.+" "$install_dir/live/key.txt") +vapid_public_key=$(grep -oP "VAPID_PUBLIC_KEY=\K.+" "$install_dir/live/vapid_key.txt") ynh_app_setting_set --app="$app" --key=vapid_public_key --value="$vapid_public_key" -ynh_secure_remove --file="$install_dir/live/key.txt" +ynh_secure_remove --file="$install_dir/live/vapid_key.txt" +active_record_encryption_deterministic_key=$(grep -oP "ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=\K.+" "$install_dir/live/active_record_encryption.txt") +ynh_app_setting_set --app="$app" --key=active_record_encryption_deterministic_key --value="$active_record_encryption_deterministic_key" +active_record_encryption_key_derivation_salt=$(grep -oP "ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=\K.+" "$install_dir/live/active_record_encryption.txt") +ynh_app_setting_set --app="$app" --key=active_record_encryption_key_derivation_salt --value="$active_record_encryption_key_derivation_salt" +active_record_encryption_primary_key=$(grep -oP "ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=\K.+" "$install_dir/live/active_record_encryption.txt") +ynh_app_setting_set --app="$app" --key=active_record_encryption_primary_key --value="$active_record_encryption_primary_key" +ynh_secure_remove --file="$install_dir/live/active_record_encryption.txt" ynh_delete_file_checksum --file="$config" ynh_add_config --template=".env.production.sample" --destination="$config" chmod 400 "$config" chown $app:$app "$config" +pushd "$install_dir/live" + ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails db:migrate --quiet + ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails assets:precompile --quiet + # Create the first admin user + ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/tootctl accounts create "$admin" --email="$admin_mail" --confirmed --role=Owner > /dev/null + ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/tootctl accounts approve "$admin" > /dev/null +popd + #================================================= # SYSTEM CONFIGURATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index c889e65..10e37c9 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -124,9 +124,9 @@ pushd "$install_dir/live" ynh_exec_as $app $ynh_ruby_load_path $ld_preload bin/bundle config set force_ruby_platform true --quiet ynh_exec_as $app $ynh_ruby_load_path $ld_preload bin/bundle install -j$(getconf _NPROCESSORS_ONLN) ynh_use_nodejs - ynh_exec_as $app $ynh_node_load_PATH yarn install --pure-lockfile --production --network-timeout 600000 - ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails assets:clean - ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails assets:precompile + env $ynh_node_load_PATH corepack enable + echo Y | ynh_exec_warn_less ynh_exec_as $app env $ynh_node_load_PATH yarn workspaces focus --production + ynh_exec_warn_less ynh_exec_as $app env $ynh_node_load_PATH yarn install --immutable popd chown "$app:www-data" "$install_dir" @@ -163,6 +163,21 @@ ynh_use_logrotate --non-append #================================================= ynh_script_progression --message="Updating a config file..." --weight=1 +if ynh_compare_current_package_version --comparison lt --version "4.3.2~ynh1"; then + pushd "$install_dir/live" + ynh_use_ruby + # Generate active record encryption + ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails db:encryption:init > active_record_encryption.txt + active_record_encryption_deterministic_key=$(grep -oP "ACTIVE_RECORD_ENCRYPTION_DETERMINISTIC_KEY=\K.+" "$install_dir/live/active_record_encryption.txt") + ynh_app_setting_set --app="$app" --key=active_record_encryption_deterministic_key --value="$active_record_encryption_deterministic_key" + active_record_encryption_key_derivation_salt=$(grep -oP "ACTIVE_RECORD_ENCRYPTION_KEY_DERIVATION_SALT=\K.+" "$install_dir/live/active_record_encryption.txt") + ynh_app_setting_set --app="$app" --key=active_record_encryption_key_derivation_salt --value="$active_record_encryption_key_derivation_salt" + active_record_encryption_primary_key=$(grep -oP "ACTIVE_RECORD_ENCRYPTION_PRIMARY_KEY=\K.+" "$install_dir/live/active_record_encryption.txt") + ynh_app_setting_set --app="$app" --key=active_record_encryption_primary_key --value="$active_record_encryption_primary_key" + ynh_secure_remove --file="$install_dir/live/active_record_encryption.txt" + popd +fi + language="$(echo $language | head -c 2)" ynh_add_config --template=".env.production.sample" --destination="$config" @@ -177,8 +192,9 @@ ynh_script_progression --message="Applying migrations..." --weight=1 pushd "$install_dir/live" ynh_use_ruby - ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails db:migrate - ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/tootctl cache clear + ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails db:migrate --quiet + ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails assets:clean --quiet + ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails assets:precompile --quiet popd #================================================= -- cgit v1.2.3-70-g09d2 From d3cb68ee5ca50f2d4edb7183a36dcaf47b731df1 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Sun, 29 Dec 2024 18:29:59 +0100 Subject: fix missing ld_preload --- scripts/_common.sh | 41 +++++++++++++++++------------------------ 1 file changed, 17 insertions(+), 24 deletions(-) (limited to 'scripts') diff --git a/scripts/_common.sh b/scripts/_common.sh index d354663..0dbcc15 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -8,30 +8,23 @@ memory_needed="2560" ruby_version=3.3.5 nodejs_version=20 -# Workaround for Mastodon on Bullseye -# See https://github.com/mastodon/mastodon/issues/15751#issuecomment-873594463 -if [ "$(lsb_release --codename --short)" = "bullseye" ]; -then - case $YNH_ARCH in - amd64) - ld_preload="LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so" - ;; - arm64) - ld_preload="LD_PRELOAD=/usr/lib/aarch64-linux-gnu/libjemalloc.so" - ;; - armhf) - ld_preload="LD_PRELOAD=/usr/lib/arm-linux-gnueabihf/libjemalloc.so" - ;; - armel) - ld_preload="LD_PRELOAD=/usr/lib/arm-linux-gnueabi/libjemalloc.so" - ;; - i386) - ld_preload="LD_PRELOAD=/usr/lib/i386-linux-gnu/libjemalloc.so" - ;; - esac -else - ld_preload="" -fi +case $YNH_ARCH in + amd64) + ld_preload="LD_PRELOAD=/usr/lib/x86_64-linux-gnu/libjemalloc.so" + ;; + arm64) + ld_preload="LD_PRELOAD=/usr/lib/aarch64-linux-gnu/libjemalloc.so" + ;; + armhf) + ld_preload="LD_PRELOAD=/usr/lib/arm-linux-gnueabihf/libjemalloc.so" + ;; + armel) + ld_preload="LD_PRELOAD=/usr/lib/arm-linux-gnueabi/libjemalloc.so" + ;; + i386) + ld_preload="LD_PRELOAD=/usr/lib/i386-linux-gnu/libjemalloc.so" + ;; +esac #================================================= # PERSONAL HELPERS -- cgit v1.2.3-70-g09d2 From e071d0c0df548925a54385c809d52f916bbe74e2 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Sun, 29 Dec 2024 22:51:19 +0100 Subject: Fix upgrade --- scripts/upgrade | 15 ++++----------- 1 file changed, 4 insertions(+), 11 deletions(-) (limited to 'scripts') diff --git a/scripts/upgrade b/scripts/upgrade index 10e37c9..531c766 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -97,18 +97,12 @@ ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= +ynh_script_progression "Upgrading source files..." -if [ "$upgrade_type" == "UPGRADE_APP" ] -then - ynh_script_progression --message="Upgrading source files..." --weight=1 +# Download, check integrity, uncompress and patch the source from manifest.toml +ynh_setup_source --dest_dir="$install_dir/live" --full_replace=1 --keep="public/system .env.production" - # Download Mastodon - ynh_setup_source --dest_dir="$install_dir/live" --keep="public/system/" - - chmod 750 "$install_dir" - chmod -R o-rwx "$install_dir" - chown -R $app:www-data "$install_dir" -fi +chown -R $app:www-data "$install_dir" #================================================= # BUILD ASSETS @@ -193,7 +187,6 @@ ynh_script_progression --message="Applying migrations..." --weight=1 pushd "$install_dir/live" ynh_use_ruby ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails db:migrate --quiet - ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails assets:clean --quiet ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails assets:precompile --quiet popd -- cgit v1.2.3-70-g09d2 From 66959014e9b5981410ac638926c214e866bfb2ef Mon Sep 17 00:00:00 2001 From: yalh76 Date: Mon, 30 Dec 2024 21:23:19 +0100 Subject: Revert "Fix upgrade" This reverts commit e071d0c0df548925a54385c809d52f916bbe74e2. --- scripts/upgrade | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) (limited to 'scripts') diff --git a/scripts/upgrade b/scripts/upgrade index 531c766..10e37c9 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -97,12 +97,18 @@ ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -ynh_script_progression "Upgrading source files..." -# Download, check integrity, uncompress and patch the source from manifest.toml -ynh_setup_source --dest_dir="$install_dir/live" --full_replace=1 --keep="public/system .env.production" +if [ "$upgrade_type" == "UPGRADE_APP" ] +then + ynh_script_progression --message="Upgrading source files..." --weight=1 -chown -R $app:www-data "$install_dir" + # Download Mastodon + ynh_setup_source --dest_dir="$install_dir/live" --keep="public/system/" + + chmod 750 "$install_dir" + chmod -R o-rwx "$install_dir" + chown -R $app:www-data "$install_dir" +fi #================================================= # BUILD ASSETS @@ -187,6 +193,7 @@ ynh_script_progression --message="Applying migrations..." --weight=1 pushd "$install_dir/live" ynh_use_ruby ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails db:migrate --quiet + ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails assets:clean --quiet ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails assets:precompile --quiet popd -- cgit v1.2.3-70-g09d2 From 0595ab38e0e46f6e2b68a1404f3bb5ce8528a5d0 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Mon, 30 Dec 2024 21:24:21 +0100 Subject: Update upgrade --- scripts/upgrade | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) (limited to 'scripts') diff --git a/scripts/upgrade b/scripts/upgrade index 10e37c9..f7a3573 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -102,8 +102,8 @@ if [ "$upgrade_type" == "UPGRADE_APP" ] then ynh_script_progression --message="Upgrading source files..." --weight=1 - # Download Mastodon - ynh_setup_source --dest_dir="$install_dir/live" --keep="public/system/" + # Download, check integrity, uncompress and patch the source from manifest.toml + ynh_setup_source --dest_dir="$install_dir/live" --full_replace=1 --keep="public/system .env.production" chmod 750 "$install_dir" chmod -R o-rwx "$install_dir" @@ -193,7 +193,6 @@ ynh_script_progression --message="Applying migrations..." --weight=1 pushd "$install_dir/live" ynh_use_ruby ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails db:migrate --quiet - ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails assets:clean --quiet ynh_exec_warn_less ynh_exec_as $app RAILS_ENV=production $ynh_ruby_load_path $ld_preload bin/bundle exec rails assets:precompile --quiet popd -- cgit v1.2.3-70-g09d2