upgrade 4.85 KB
Newer Older
1
2
3
4
5
6
7
8
9
#!/bin/bash

#=================================================
# GENERIC START
#=================================================
# IMPORT GENERIC HELPERS
#=================================================

source _common.sh
10
source /usr/share/yunohost/helpers
11
12
13
14
15
16

#=================================================
# LOAD SETTINGS
#=================================================

app=$YNH_APP_INSTANCE_NAME
17

18
domain=$(ynh_app_setting_get $app domain)
19
path_url=$(ynh_app_setting_get $app path)
20
app_user=$(ynh_app_setting_get $app app_user)
21
final_path=$(ynh_app_setting_get $app final_path)
22
opt_path=$(ynh_app_setting_get $app opt_path)
23

24
25
26
27
28
29
30
# There are two ways to get the version:
# - before 0.3.0~ynh1: version is only stored in app settings
# - after 0.3.0~ynh1: version is only stored in the manifest
# We don't use ynh_app_upstream_version, because it would return "null"
# when the version isn't in the manifest
manifest=/etc/yunohost/apps/$app/manifest.json
version=$(jq '.version // empty' -r -e $manifest || ynh_app_setting_get $app version)
31

32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================

ynh_script_progression "Creating backup..."

ynh_backup_before_upgrade
ynh_clean_setup () {
	# restore it if the upgrade fails
	ynh_restore_upgradebackup
}

# Exit if an error occurs during the execution of the script
ynh_abort_if_errors

47
48
49
#=================================================
# ENSURE DOWNWARD COMPATIBILITY
#=================================================
50

51
if [[ -z $final_path ]]; then
Aleks's avatar
Aleks committed
52
  if [[ -n "$(ynh_app_setting_get $app www_path)" ]]; then
53
54
55
56
57
     final_path=$(ynh_app_setting_get $app www_path)
     ynh_app_setting_delete $app www_path
  else
     final_path=/var/www/$app
  fi
58
  ynh_app_setting_set $app final_path $final_path
59

60
  mkdir -p $final_path
61
fi
62

63
64
65
if [[ -z $opt_path ]]; then
  opt_path=/opt/$app
  ynh_app_setting_set $app opt_path $opt_path
66

67
  mkdir -p $opt_path
Thomasa Balthazar's avatar
Thomasa Balthazar committed
68
69
fi

70
71
72
73
if [[ -z $app_user ]]; then
  app_user=$app
  ynh_app_setting_set $app app_user $app_user
fi
Thomasa Balthazar's avatar
Thomasa Balthazar committed
74

75
76
77
78
79
80
#=================================================
# STANDARD UPGRADE STEPS
#=================================================
# INSTALL DEPENDENCIES
#=================================================

HgO's avatar
HgO committed
81
82
ynh_script_progression "Upgrading dependencies..."

83
84
if [[ $version < "0.3.0~ynh1" ]]; then
  ynh_app_setting_delete $app version
85
  ynh_system_user_create --username $app_user --home_dir $final_path
86
fi
87

88
89
90
if [[ $version < "0.3.0~ynh4" ]]; then
  ynh_print_info "Removing old dependencies..."
  ynh_remove_app_dependencies virtualenv python3-venv libssl-dev libffi-dev python3-dev
91

92
93
  ynh_print_info "Upgrading dependencies..."
  ynh_install_app_dependencies python3-openssl python3-requests
94
95
96
97
98
99
100
101
fi

#=================================================
# PULL CHANGES AND SPECIFIC SETUP
#=================================================
# REINSTALL STATIC FILES
#=================================================

HgO's avatar
HgO committed
102
ynh_script_progression "Installing static site..."
103

Aleks's avatar
Aleks committed
104
ynh_secure_remove $final_path
105
106
107
mkdir -p $final_path
cp -r ../sources/. $final_path
chown -R $app_user: $final_path
108

109
ynh_add_nginx_config
110
111
112
113
114

#=================================================
# REINSTALL RENEW CERT
#=================================================

HgO's avatar
HgO committed
115
ynh_script_progression "Installing automatic VPN certificate renewal..."
116

HgO's avatar
HgO committed
117
renew_cert_repo="https://gitlab.domainepublic.net/Neutrinet/renew_cert.git"
118
119
120
121
122
123
renew_cert_version=$(jq .version ../manifest.json -r -e | cut -d '~' -f 1)
renew_cert_path="$opt_path/renew_cert"
renew_cert_cron_script="renew_cert_cron.sh"

if [[ ! -e $renew_cert_path ]]; then
  git clone $renew_cert_repo $renew_cert_path
124
else
HgO's avatar
HgO committed
125
  git -C $renew_cert_path remote set-url origin $renew_cert_repo
126
  git -C $renew_cert_path fetch -t
127
fi
Thomasa Balthazar's avatar
Thomasa Balthazar committed
128

129
130
131
132
133
134
git -C $renew_cert_path checkout $renew_cert_version

# We wrap the python3 script that actually renew the VPN certificate
# This wrapper will be used as a daily cron task
cp $renew_cert_cron_script $renew_cert_path/$renew_cert_cron_script

HgO's avatar
HgO committed
135
ynh_script_progression "Setting up permissions"
136
137
chown -R $app_user: $opt_path

138
139
chmod 755 $renew_cert_path/$renew_cert_cron_script
chown root: $renew_cert_path/$renew_cert_cron_script
140
141
142
143
144

#=================================================
# SETTING UP CRONTAB
#=================================================

HgO's avatar
HgO committed
145
ynh_script_progression "Setting up cron job for renewal..."
146
147
148
149

cat <<EOF > /etc/cron.daily/$app-renew-cert
#!/bin/bash
cd $renew_cert_path
HgO's avatar
HgO committed
150
$renew_cert_path/$renew_cert_cron_script -q
151
152
153
154
155
156
157
158
159
EOF

chown root:root /etc/cron.daily/$app-renew-cert
chmod 0755 /etc/cron.daily/$app-renew-cert

#=================================================
# FINALIZATION
#=================================================

HgO's avatar
HgO committed
160
ynh_script_progression "Checking certificates..."
161
162

# (This is expected to fail during CI tests because no credential available)
163
164
165
166
if [[ ${PACKAGE_CHECK_EXEC:-0} -eq 0 ]]
then
    /etc/cron.daily/$app-renew-cert
fi