[fix] Fix issue #25 #26 #27

YunoHost-Apps / dokuwiki_ynh

Dokuwiki package for YunoHost

https://www.dokuwiki.org/dokuwiki

GNU General Public License v3.0

11 stars 16 forks source link

[fix] Fix issue #25 #26 #27 #28

Closed magikcypress closed 7 years ago

magikcypress commented 7 years ago

This PR needs to be tested

JimboJoe commented 7 years ago

... and you need to change de check_process file accordingly (is_public as a boolean).

JimboJoe commented 7 years ago

Weirdly, package_check still fails here (Error: yunohost cli - Invalid choice for argument 'is_public', it must be one of true, false)....

magikcypress commented 7 years ago

@JimboJoe Thanks ;) the choice should not be made in the manifest.json

fix 46a68e2

maniackcrudelis commented 7 years ago

I've tested this PR, still some errors.

userdel: user dokuwiki is currently used by process xxx I think you should reload php-fpm, which use this user, before removing it
I've made a test for the upgrade from the current version. And, the script work fine. But, I have a wonderful 502 :D

Except that, package check is clean.

magikcypress commented 7 years ago

Thank Maniack. i fixed error 502, the socket for php5-fpm was not correct in the nginx configuration.

maniackcrudelis commented 7 years ago

All clean on package check. And the upgrade works fine now.

JimboJoe commented 7 years ago

I upgraded my production instance and there are still problems: images from plugins (move, indexmenu for example) aren't served (403 forbidden). I had to chmod -R go+rx lib/plugins/ in order to make it work. I'm sure it's not the right solution, though... I'm still a bit puzzled by this separate php-fpm user; still, files served by nginx must be reachable by the nginx process, so by www-data...?

maniackcrudelis commented 7 years ago

The matter about the user must be only a matter of write access. The good manner is to keep all your files under root, and give write access only on the files who really need it. Mostly plugin I think, for example.

For that, I'm wondering why you use that kind of access. https://github.com/magikcypress/dokuwiki_ynh/blob/master/scripts/install#L67-L71 It's better, and more simple to keep all your files under 755, eventually 700 for a file who contains some sensitive data. And set all of that to root:, and $app:root for files who need write access or restricted access.

Nginx need only a read access. Never any write access. It's why you can use a dedicated user with php-fpm

JimboJoe commented 7 years ago

I guess my problem with access rights to plugins images will persist because of this: https://github.com/YunoHost-Apps/dokuwiki_ynh/pull/28/commits/ff48bfda3525211a3ccf5e876690b331a0b3aceb#diff-44cb16c778719320333118c04d509a7cL101 nginx runs as www-data, so it still lacks read right on lib/plugins.

maniackcrudelis commented 7 years ago

Did you try it? Maybe it lacks a -R but with 755, even if nginx run under www-data, it can reads it.

JimboJoe commented 7 years ago

No I didn't test it, but I was referring to line 101 and this: sudo chmod -R 700 $final_path/lib/plugins so for me it still lacks some read rights :-)

magikcypress commented 7 years ago

I added 755 for the plugin directory.

alexAubin commented 7 years ago

(Bump ? Sounds like this is needed for https://github.com/YunoHost/apps/pull/209)

magikcypress commented 7 years ago

Yep! YunoHost/apps#209 need to approved