From 7c870560ac536c4033c4bbd678b488d6c63ba82e Mon Sep 17 00:00:00 2001 From: yalh76 Date: Thu, 17 Feb 2022 01:23:35 +0100 Subject: [PATCH] Several fixes --- conf/server.conf | 2 +- manifest.json | 4 ++ scripts/_common.sh | 164 +++++++++++++++++++++++++++------------------ scripts/install | 47 +++++++------ scripts/remove | 23 ++++++- scripts/restore | 27 ++++++-- scripts/upgrade | 16 ++++- 7 files changed, 187 insertions(+), 96 deletions(-) diff --git a/conf/server.conf b/conf/server.conf index 4947406..29e201e 100644 --- a/conf/server.conf +++ b/conf/server.conf @@ -5,7 +5,7 @@ admin_passwd = __ADMIN_PASSWORD__ db_host = localhost db_port = 5432 db_user = __DB_NAME__ -db_password = __DB_PASS__ +db_password = __DB_PWD__ __CONTENT__ __CONTENT2__ __CONTENT3__ diff --git a/manifest.json b/manifest.json index 52c2559..38d53c0 100644 --- a/manifest.json +++ b/manifest.json @@ -37,6 +37,10 @@ "name": "domain", "type": "domain" }, + { + "name": "admin", + "type": "user" + }, { "name": "version", "type": "string", diff --git a/scripts/_common.sh b/scripts/_common.sh index 907f4dc..3497fe9 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -7,6 +7,8 @@ export appname="libreerp" export FORKNAME="odoo" +swap_needed=1024 + # dependencies used by the app pkg_dependencies="curl postgresql xfonts-75dpi xfonts-base wkhtmltopdf node-less python3-dev gcc libldap2-dev libssl-dev libsasl2-dev python3-pip python3-dev python3-venv python3-wheel libxslt-dev libzip-dev python3-setuptools libjpeg-dev zlib1g-dev libfreetype6-dev libffi-dev libpq-dev" @@ -42,13 +44,16 @@ function setup_files() { fi debranding mkdir -p $final_path/custom-addons - chown -R $app:$app $final_path + chmod 750 "$final_path" + chmod -R o-rwx "$final_path" + chown -R $app:$app "$final_path" touch /var/log/$app.log chown $app:$app /var/log/$app.log if [ ! -f $conf_file ]; then ynh_configure server.conf $conf_file - chown $app:$app $conf_file + chmod 400 "$conf_file" + chown $app:$app "$conf_file" # Autoinstall the LDAP auth module if ls $final_path/$appname/$FORKNAME-bin > /dev/null ; then @@ -65,7 +70,7 @@ function setup_database() { ynh_configure server.conf $conf_file chown $app:$app $conf_file # Load translation - #param=" --without-demo True --addons-path $final_path/$appname/addons --db_user $app --db_password $db_pass --db_host 127.0.0.1 --db_port 5432 --db-filter '^$app\$' -d $app " + #param=" --without-demo True --addons-path $final_path/$appname/addons --db_user $app --db_password $db_pwd --db_host 127.0.0.1 --db_port 5432 --db-filter '^$app\$' -d $app " param=" -c $conf_file -d $app " ynh_exec_as $app $bin_file -c $conf_file --stop-after-init -i base -d $app ynh_exec_as $app $bin_file -c $conf_file --stop-after-init -i auth_ldap -d $app @@ -134,71 +139,102 @@ ynh_configure () { fi } -# Argument $1 is the size of the swap in MiB -ynh_add_swap () { - # Declare an array to define the options of this helper. - declare -Ar args_array=( [s]=size= ) - local size - # Manage arguments with getopts - ynh_handle_getopts_args "$@" - - local swap_max_size=$(( $size * 1024 )) - - local free_space=$(df --output=avail / | sed 1d) - # Because we don't want to fill the disk with a swap file, divide by 2 the available space. - local usable_space=$(( $free_space / 2 )) - - # Compare the available space with the size of the swap. - # And set a acceptable size from the request - if [ $usable_space -ge $swap_max_size ] - then - local swap_size=$swap_max_size - elif [ $usable_space -ge $(( $swap_max_size / 2 )) ] - then - local swap_size=$(( $swap_max_size / 2 )) - elif [ $usable_space -ge $(( $swap_max_size / 3 )) ] - then - local swap_size=$(( $swap_max_size / 3 )) - elif [ $usable_space -ge $(( $swap_max_size / 4 )) ] - then - local swap_size=$(( $swap_max_size / 4 )) - else - echo "Not enough space left for a swap file" >&2 - local swap_size=0 - fi - - # If there's enough space for a swap, and no existing swap here - if [ $swap_size -ne 0 ] && [ ! -e /swap ] - then - # Preallocate space for the swap file - fallocate -l ${swap_size}K /swap - chmod 0600 /swap - # Create the swap - mkswap /swap - # And activate it - swapon /swap - # Then add an entry in fstab to load this swap at each boot. - echo -e "/swap swap swap defaults 0 0 #Swap added by $app" >> /etc/fstab - fi -} - -ynh_del_swap () { - # If there a swap at this place - if [ -e /swap ] - then - # Clean the fstab - sed -i "/#Swap added by $app/d" /etc/fstab - # Desactive the swap file - swapoff /swap - # And remove it - rm /swap - fi -} - #================================================= # EXPERIMENTAL HELPERS #================================================= +# Add swap +# +# usage: ynh_add_swap --size=SWAP in Mb +# | arg: -s, --size= - Amount of SWAP to add in Mb. +ynh_add_swap () { + # Declare an array to define the options of this helper. + declare -Ar args_array=( [s]=size= ) + local size + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + local swap_max_size=$(( $size * 1024 )) + + local free_space=$(df --output=avail / | sed 1d) + # Because we don't want to fill the disk with a swap file, divide by 2 the available space. + local usable_space=$(( $free_space / 2 )) + + SD_CARD_CAN_SWAP=${SD_CARD_CAN_SWAP:-0} + + # Swap on SD card only if it's is specified + if ynh_is_main_device_a_sd_card && [ "$SD_CARD_CAN_SWAP" == "0" ] + then + ynh_print_warn --message="The main mountpoint of your system '/' is on an SD card, swap will not be added to prevent some damage of this one, but that can cause troubles for the app $app. If you still want activate the swap, you can relaunch the command preceded by 'SD_CARD_CAN_SWAP=1'" + return + fi + + # Compare the available space with the size of the swap. + # And set a acceptable size from the request + if [ $usable_space -ge $swap_max_size ] + then + local swap_size=$swap_max_size + elif [ $usable_space -ge $(( $swap_max_size / 2 )) ] + then + local swap_size=$(( $swap_max_size / 2 )) + elif [ $usable_space -ge $(( $swap_max_size / 3 )) ] + then + local swap_size=$(( $swap_max_size / 3 )) + elif [ $usable_space -ge $(( $swap_max_size / 4 )) ] + then + local swap_size=$(( $swap_max_size / 4 )) + else + echo "Not enough space left for a swap file" >&2 + local swap_size=0 + fi + + # If there's enough space for a swap, and no existing swap here + if [ $swap_size -ne 0 ] && [ ! -e /swap_$app ] + then + # Preallocate space for the swap file, fallocate may sometime not be used, use dd instead in this case + if ! fallocate -l ${swap_size}K /swap_$app + then + dd if=/dev/zero of=/swap_$app bs=1024 count=${swap_size} + fi + chmod 0600 /swap_$app + # Create the swap + mkswap /swap_$app + # And activate it + swapon /swap_$app + # Then add an entry in fstab to load this swap at each boot. + echo -e "/swap_$app swap swap defaults 0 0 #Swap added by $app" >> /etc/fstab + fi +} + +ynh_del_swap () { + # If there a swap at this place + if [ -e /swap_$app ] + then + # Clean the fstab + sed -i "/#Swap added by $app/d" /etc/fstab + # Desactive the swap file + swapoff /swap_$app + # And remove it + rm /swap_$app + fi +} + +# Check if the device of the main mountpoint "/" is an SD card +# +# [internal] +# +# return 0 if it's an SD card, else 1 +ynh_is_main_device_a_sd_card () { + local main_device=$(lsblk --output PKNAME --noheadings $(findmnt / --nofsroot --uniq --output source --noheadings --first-only)) + + if echo $main_device | grep --quiet "mmc" && [ $(tail -n1 /sys/block/$main_device/queue/rotational) == "0" ] + then + return 0 + else + return 1 + fi +} + #================================================= # FUTURE OFFICIAL HELPERS #================================================= diff --git a/scripts/install b/scripts/install index c4da338..5ea13b3 100644 --- a/scripts/install +++ b/scripts/install @@ -14,7 +14,7 @@ source /usr/share/yunohost/helpers #================================================= ynh_clean_setup () { - true + ynh_clean_check_starting } # Exit if an error occurs during the execution of the script ynh_abort_if_errors @@ -25,7 +25,7 @@ ynh_abort_if_errors domain=$YNH_APP_ARG_DOMAIN path_url="/" -export is_public=0 +admin=$YNH_APP_ARG_ADMIN export app_version=$YNH_APP_ARG_VERSION oca=$YNH_APP_ARG_OCA admin_password=$YNH_APP_ARG_ADMIN_PASSWORD @@ -35,14 +35,6 @@ tz=$YNH_APP_ARG_TZ export app=$YNH_APP_INSTANCE_NAME export conf_file=/etc/$app/main.conf -export final_path=/var/www/$app -export bin_file="$final_path/venv/bin/python3 $final_path/$appname/$FORKNAME-bin" -if [ "$app_version" = "9" ]; then - bin_file="$final_path/venv/bin/python3 $final_path/$appname/$FORKNAME.py" -fi -if [ "$app_version" = "8" ]; then - bin_file="$final_path/venv/bin/python3 $final_path/$appname/$FORKNAME.py" -fi export preinstall=0 #================================================= @@ -50,8 +42,17 @@ export preinstall=0 #================================================= ynh_script_progression --message="Validating installation parameters..." +export final_path=/var/www/$app test ! -e "$final_path" || ynh_die --message="This path already contains a folder" +export bin_file="$final_path/venv/bin/python3 $final_path/$appname/$FORKNAME-bin" +if [ "$app_version" = "9" ]; then + bin_file="$final_path/venv/bin/python3 $final_path/$appname/$FORKNAME.py" +fi +if [ "$app_version" = "8" ]; then + bin_file="$final_path/venv/bin/python3 $final_path/$appname/$FORKNAME.py" +fi + # Register (book) web path ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url @@ -87,7 +88,7 @@ ynh_app_setting_set --app=$app --key=port_chat --value=$port_chat #================================================= ynh_script_progression --message="Installing dependencies..." -ynh_install_app_dependencies $pkg_dependencies +ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies #================================================= # CREATE DEDICATED USER @@ -104,15 +105,17 @@ ynh_script_progression --message="Creating a PostgreSQL database..." export db_name=$(ynh_sanitize_dbid --db_name=$app) db_user=$db_name -export db_pass=$(ynh_string_random) ynh_app_setting_set --app=$app --key=db_name --value=$db_name # Make sure that postgresql is installed and running ynh_psql_test_if_first_run # Create the database -ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pass -export db_pass=$(ynh_app_setting_get --app=$app --key=psqlpwd) +ynh_psql_setup_db --db_user=$db_user --db_name=$db_name +export db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) + +# Make sure that its encoding is UTF-8 +ynh_psql_execute_as_root --sql="update pg_database set encoding = pg_char_to_encoding('UTF8') where datname = '$db_name'" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE @@ -133,12 +136,18 @@ ynh_add_nginx_config #================================================= # SPECIFIC SETUP +#================================================= +# ADD SWAP +#================================================= +ynh_script_progression --message="Adding swap..." + +ynh_add_swap --size=$swap_needed + #================================================= # BUILD APP #================================================= ynh_script_progression --message="Building $app..." -ynh_add_swap 1024 if ! wkhtmltopdf --version | grep "wkhtmltopdf 0.12.4 (with patched qt)"; then # The debian package has a bug so we deploy a more recent version if [ -f '../manifest.json' ] ; then @@ -199,12 +208,10 @@ ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$ap #================================================= ynh_script_progression --message="Configuring permissions..." -ynh_app_setting_set $app unprotected_uris "/" +ynh_permission_update --permission="main" --add="visitors" -if [[ $is_public -eq 0 ]]; then - ynh_app_setting_set $app protected_uris "/web/database/manager" -fi -sudo yunohost app ssowatconf +# Only the admin can access the admin panel of the app (if the app has an admin panel) +ynh_permission_create --permission="admin" --url="/web/database/manager" --allowed="all_users" #================================================= # RELOAD NGINX diff --git a/scripts/remove b/scripts/remove index c3c7a44..5cbf8c7 100644 --- a/scripts/remove +++ b/scripts/remove @@ -36,9 +36,17 @@ then fi #================================================= -# REMOVE THE MYSQL DATABASE +# STOP AND REMOVE SERVICE #================================================= -ynh_script_progression --message="Removing the MySQL database..." +ynh_script_progression --message="Stopping and removing the systemd service..." + +# Remove the dedicated systemd config +ynh_remove_systemd_config + +#================================================= +# REMOVE THE POSTGRESQL DATABASE +#================================================= +ynh_script_progression --message="Removing the PostgreSQL database..." # Remove a database if it exists, along with the associated user ynh_psql_remove_db --db_user=$db_user --db_name=$db_name @@ -74,7 +82,16 @@ ynh_remove_app_dependencies #================================================= ynh_script_progression --message="Removing various files..." -ynh_secure_remove --file="$conf_file" +# Remove a directory securely +ynh_secure_remove --file="/etc/$app" + +# Remove the log files +ynh_secure_remove --file="/var/log/$app.log" + +#================================================= +# REMOVE SWAP +#================================================= +ynh_script_progression --message="Removing swap..." ynh_del_swap diff --git a/scripts/restore b/scripts/restore index 0c38b08..aa44a01 100644 --- a/scripts/restore +++ b/scripts/restore @@ -15,7 +15,7 @@ source /usr/share/yunohost/helpers #================================================= ynh_clean_setup () { - true + ynh_clean_check_starting } # Exit if an error occurs during the execution of the script ynh_abort_if_errors @@ -35,7 +35,7 @@ export port=$(ynh_app_setting_get --app=$app --key=port) export port_chat=$(ynh_app_setting_get --app=$app --key=port_chat) export db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_user=$db_name -export db_pass=$(ynh_app_setting_get --app=$app --key=psqlpwd) +export db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) export final_path=$(ynh_app_setting_get --app=$app --key=final_path) export conf_file=$(ynh_app_setting_get --app=$app --key=conf_file) export bin_file="$final_path/venv/bin/python $final_path/$appname/$FORKNAME-bin" @@ -81,6 +81,8 @@ ynh_restore_file --origin_path="$final_path/$appname" ynh_restore_file --origin_path="$final_path/custom-addons" ynh_restore_file --origin_path="$final_path/.local" +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" chown -R $app:$app "$final_path" #================================================= @@ -91,14 +93,20 @@ chown -R $app:$app "$final_path" ynh_script_progression --message="Reinstalling dependencies..." # Define and install dependencies -ynh_install_app_dependencies $pkg_dependencies +ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies + +#================================================= +# ADD SWAP +#================================================= +ynh_script_progression --message="Adding swap..." + +ynh_add_swap --size=$swap_needed #================================================= # BUILD APP #================================================= ynh_script_progression --message="Building $app..." -ynh_add_swap 1024 if ! wkhtmltopdf --version | grep "wkhtmltopdf 0.12.4 (with patched qt)"; then # The debian package has a bug so we deploy a more recent version if [ -f '../manifest.json' ] ; then @@ -130,7 +138,13 @@ ynh_script_progression --message="Restoring the PostgreSQL database..." # Make sure that postgresql is installed and running ynh_psql_test_if_first_run -ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pass +# Create the database +ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd + +# Make sure that its encoding is UTF-8 +ynh_psql_execute_as_root --sql="update pg_database set encoding = pg_char_to_encoding('UTF8') where datname = '$db_name'" + +# Restore the database contents ynh_psql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql #================================================= @@ -139,7 +153,8 @@ ynh_psql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./d ynh_script_progression --message="Restoring various files..." ynh_restore_file --origin_path="$conf_file" -chown $app:$app $conf_file +chmod 400 "$conf_file" +chown $app:$app "$conf_file" touch /var/log/$app.log chown $app:$app /var/log/$app.log diff --git a/scripts/upgrade b/scripts/upgrade index ddd78f4..63a586d 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -40,6 +40,7 @@ ynh_script_progression --message="Backing up the app before upgrading (may take # Backup the current version of the app ynh_backup_before_upgrade ynh_clean_setup () { + ynh_clean_check_starting # Restore it if the upgrade fails ynh_restore_upgradebackup } @@ -67,6 +68,11 @@ if ynh_legacy_permissions_exists; then ynh_app_setting_delete --app=$app --key=is_public fi +if ! ynh_permission_exists --permission="admin"; then + # Create the required permissions + ynh_permission_create --permission="admin" --url="/web/database/manager" --allowed="all_users" +fi + #================================================= # CREATE DEDICATED USER #================================================= @@ -92,16 +98,22 @@ fi #================================================= ynh_script_progression --message="Upgrading dependencies..." -ynh_install_app_dependencies $pkg_dependencies +ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies #================================================= # SPECIFIC UPGRADE +#================================================= +# ADD SWAP +#================================================= +ynh_script_progression --message="Adding swap..." + +ynh_add_swap --size=$swap_needed + #================================================= # BUILD APP #================================================= ynh_script_progression --message="Building $app..." -ynh_add_swap 1024 if ! wkhtmltopdf --version | grep "wkhtmltopdf 0.12.4 (with patched qt)"; then # The debian package has a bug so we deploy a more recent version if [ -f '../manifest.json' ] ; then