Merge pull request #1 from YunoHost-Apps/testing

Testing
2024-09-03 18:16:17 +02:00 · 2023-10-17 15:05:05 +02:00 · 2023-10-17 15:05:05 +02:00 · 7aac972330
commit 7aac972330
parent 9d1443fcc3 305169b164
15 changed files with 106 additions and 89 deletions
--- a/README.md
+++ b/README.md
@ -16,7 +16,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in

 ## Overview

-This is a dummy description of this app features
+BorgWarhouse is a fast and modern WebUI for a BorgBackup's central repository server. 


 **Shipped version:** 2.0.0~ynh1
--- a/README_fr.md
+++ b/README_fr.md
@ -16,8 +16,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po

 ## Vue d’ensemble

-Ceci est une fausse description des fonctionalités de l'app
-
+BorgWarhouse est une interface Web rapide et moderne pour BorgBackup.

 **Version incluse :** 2.0.0~ynh1

--- a/conf/.env
+++ b/conf/.env
@ -1,7 +1,7 @@
 # Application's variables
 NEXTAUTH_URL=https://__DOMAIN__
-NEXTAUTH_SECRET=__SECRET__
-CRONJOB_KEY=__CRON_KEY__
+NEXTAUTH_SECRET='__SECRET__'
+CRONJOB_KEY='__CRON_KEY__'
 # Wizard's variables
 UNIX_USER=__APP__
 FQDN=__DOMAIN__
@ -10,8 +10,8 @@ SSH_SERVER_FINGERPRINT_RSA=__RSA_KEY__
 SSH_SERVER_FINGERPRINT_ED25519=__ED25519_KEY__
 SSH_SERVER_FINGERPRINT_ECDSA=__ECDSA_KEY__
 # SMTP's variables
-MAIL_SMTP_FROM=borgwarehouse@__DOMAIN__
-MAIL_SMTP_HOST=localhost
+MAIL_SMTP_FROM=borgwarehouse@__MAIN_DOMAIN__
+MAIL_SMTP_HOST=__MAIN_DOMAIN__
 MAIL_SMTP_PORT=25
 MAIL_SMTP_LOGIN=__APP__
 MAIL_SMTP_PWD=__MAIL_PWD__
--- a/conf/systemd.service
+++ b/conf/systemd.service
@ -7,10 +7,45 @@ After=network.target
 Type=simple
 User=__APP__
 Group=__APP__
-WorkingDirectory=__INSTALL_DIR__/
+Environment="PATH=__ENV_PATH__"
+WorkingDirectory=__INSTALL_DIR__/app
 Environment=PORT=__PORT__
 ExecStart=__YNH_NPM__ run start
 Restart=on-failure

+# Sandboxing options to harden security
+# Depending on specificities of your service/app, you may need to tweak these
+# .. but this should be a good baseline
+# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
+RestrictNamespaces=yes
+RestrictRealtime=yes
+DevicePolicy=closed
+ProtectClock=yes
+ProtectHostname=yes
+ProtectProc=invisible
+ProtectSystem=full
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+LockPersonality=yes
+SystemCallArchitectures=native
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
+
+# Denying access to capabilities that should not be relevant for webapps
+# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
+CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
+CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
+CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
+CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
+CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
+CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
+CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
+CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
+
 [Install]
 WantedBy=multi-user.target
--- a/doc/DESCRIPTION.md
+++ b/doc/DESCRIPTION.md
@ -1 +1 @@
-This is a dummy description of this app features
+BorgWarhouse is a fast and modern WebUI for a BorgBackup's central repository server. 
--- a/doc/DESCRIPTION_fr.md
+++ b/doc/DESCRIPTION_fr.md
@ -1 +1 @@
-Ceci est une fausse description des fonctionalités de l'app
+BorgWarhouse est une interface Web rapide et moderne pour BorgBackup.
--- a/manifest.toml
+++ b/manifest.toml
@ -27,7 +27,7 @@ ldap = false
 sso = false

 disk = "50M"
-ram.build = "50M"
+ram.build = "700M"
 ram.runtime = "50M"

 [install]
@ -45,7 +45,6 @@ ram.runtime = "50M"
        [resources.sources.main]
        url = "https://github.com/Ravinou/borgwarehouse/archive/refs/tags/v2.0.0.tar.gz"
        sha256 = "73e5bed688e58a29485d1c1fd5834c83eed1fba0bb52289f6d6f1ea4e2284180"
-
        autoupdate.strategy = "latest_github_tag"

    [resources.system_user]
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@ -6,6 +6,7 @@

 nodejs_version=18
 ssh_port=$(grep -P "Port\s+\d+" /etc/ssh/sshd_config | grep -P -o "\d+")
+main_domain=$(cat /etc/yunohost/current_host)

 rsa_key=$(ssh-keygen -lf /etc/ssh/ssh_host_rsa_key | awk '{print $2}')
 ed25519_key=$(ssh-keygen -lf /etc/ssh/ssh_host_ed25519_key | awk '{print $2}')
--- a/scripts/backup
+++ b/scripts/backup
@ -15,51 +15,18 @@ source /usr/share/yunohost/helpers
 #=================================================
 ynh_print_info --message="Declaring files to be backed up..."

-### N.B. : the following 'ynh_backup' calls are only a *declaration* of what needs
-### to be backuped and not an actual copy of any file. The actual backup that
-### creates and fills the archive with the files happens in the core after this
-### script is called. Hence ynh_backups calls take basically 0 seconds to run.
-
 #=================================================
 # BACKUP THE APP MAIN DIR
 #=================================================

 ynh_backup --src_path="$install_dir"

-#=================================================
-# BACKUP THE DATA DIR
-#=================================================
-
-# Only relevant if there is a "data_dir" resource for this app
-ynh_backup --src_path="$data_dir" --is_big
-
 #=================================================
 # BACKUP THE NGINX CONFIGURATION
 #=================================================

 ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"

-#=================================================
-# BACKUP THE PHP-FPM CONFIGURATION
-#=================================================
-
-ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf"
-
-#=================================================
-# BACKUP FAIL2BAN CONFIGURATION
-#=================================================
-
-ynh_backup --src_path="/etc/fail2ban/jail.d/$app.conf"
-ynh_backup --src_path="/etc/fail2ban/filter.d/$app.conf"
-
-#=================================================
-# SPECIFIC BACKUP
-#=================================================
-# BACKUP LOGROTATE
-#=================================================
-
-ynh_backup --src_path="/etc/logrotate.d/$app"
-
 #=================================================
 # BACKUP SYSTEMD
 #=================================================
@ -72,18 +39,6 @@ ynh_backup --src_path="/etc/systemd/system/$app.service"

 ynh_backup --src_path="/etc/cron.d/$app"

-ynh_backup --src_path="/etc/$app/"
-
-#=================================================
-# BACKUP THE MYSQL DATABASE
-#=================================================
-ynh_print_info --message="Backing up the MySQL database..."
-
-### (However, things like MySQL dumps *do* take some time to run, though the
-### copy of the generated dump to the archive still happens later)
-
-ynh_mysql_dump_db --database="$db_name" > db.sql
-
 #=================================================
 # END OF SCRIPT
 #=================================================
--- a/scripts/change_url
+++ b/scripts/change_url
@ -16,7 +16,7 @@ source /usr/share/yunohost/helpers
 #=================================================
 ynh_script_progression --message="Stopping a systemd service..." --weight=1

-ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd"

 #=================================================
 # MODIFY URL IN NGINX CONF
@ -26,10 +26,14 @@ ynh_script_progression --message="Updating NGINX web server configuration..." --
 ynh_change_url_nginx_config

 #=================================================
-# SPECIFIC MODIFICATIONS
-#=================================================
-# ...
+# ADD A CONFIGURATION
 #=================================================
+ynh_script_progression --message="Adding a configuration file..." --weight=1
+
+ynh_add_config --template=".env" --destination="$install_dir/app/.env.local"
+
+chmod 400 "$install_dir/app/.env.local"
+chown $app:$app "$install_dir/app/.env.local"

 #=================================================
 # GENERIC FINALISATION
@ -38,7 +42,7 @@ ynh_change_url_nginx_config
 #=================================================
 ynh_script_progression --message="Starting a systemd service..." --weight=1

-ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name=$app --action="start" --log_path="systemd"

 #=================================================
 # END OF SCRIPT
--- a/scripts/install
+++ b/scripts/install
@ -9,8 +9,16 @@
 source _common.sh
 source /usr/share/yunohost/helpers

-secret=$(ynh_string_random --length=32 | base64)
-cron_key=$(ynh_string_random --length=32 | base64)
+secret=$(ynh_string_random --length=32)
+cron_key=$(ynh_string_random --length=32)
+
+#=================================================
+# STORE SETTINGS FROM MANIFEST
+#=================================================
+ynh_script_progression --message="Storing installation settings..." --weight=1
+
+ynh_app_setting_set --app=$app --key=secret --value=$secret
+ynh_app_setting_set --app=$app --key=cron_key --value=$cron_key

 #=================================================
 # INSTALL DEPENDENCIES
@ -28,31 +36,30 @@ ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
 ynh_script_progression --message="Setting up source files..." --weight=1

 # Download, check integrity, uncompress and patch the source from manifest.toml
-ynh_setup_source --dest_dir="$install_dir"
+ynh_setup_source --dest_dir="$install_dir/app"

 mkdir $install_dir/.ssh && chmod 700 $install_dir/.ssh
 touch $install_dir/.ssh/authorized_keys && chmod 600 $install_dir/.ssh/authorized_keys
 mkdir $install_dir/repos && chmod 700 $install_dir/repos
-mkdir $install_dir/app

 chown -R $app:www-data "$install_dir"
+chmod 700 $install_dir/app/helpers/shells/*

 #=================================================
 # SYSTEM CONFIGURATION
 #=================================================
 ynh_script_progression --message="Adding system configurations related to $app..." --weight=1

-# Create a dedicated NGINX config using the conf/nginx.conf template
 ynh_add_nginx_config

-# Create a dedicated systemd config
+env_path="$PATH"
 ynh_add_systemd_config

 ynh_add_config --template="../conf/cron" --destination="/etc/cron.d/$app"
 chown root: "/etc/cron.d/$app"
 chmod 644 "/etc/cron.d/$app"

-yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log"
+yunohost service add $app --description="WebUI for BorgBackup" --log="/var/log/$app/$app.log"

 #=================================================
 # APP INITIAL CONFIGURATION
@ -61,10 +68,10 @@ yunohost service add $app --description="A short description of the app" --log="
 #=================================================
 ynh_script_progression --message="Adding a configuration file..." --weight=1

-ynh_add_config --template=".env" --destination="$install_dir/.env.local"
+ynh_add_config --template=".env" --destination="$install_dir/app/.env.local"

-chmod 400 "$install_dir/.env.local"
-chown $app:$app "$install_dir/.env.local"
+chmod 400 "$install_dir/app/.env.local"
+chown $app:$app "$install_dir/app/.env.local"

 #=================================================
 # INSTALL BORGWARHOUSE
@ -85,7 +92,7 @@ popd
 ynh_script_progression --message="Starting a systemd service..." --weight=1

 # Start a systemd service
-ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name=$app --action="start" --log_path="systemd"

 #=================================================
 # END OF SCRIPT
--- a/scripts/remove
+++ b/scripts/remove
@ -16,8 +16,6 @@ source /usr/share/yunohost/helpers
 #=================================================
 ynh_script_progression --message="Removing system configurations related to $app..." --weight=1

-# This should be a symetric version of what happens in the install script
-
 # Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
 if ynh_exec_warn_less yunohost service status $app >/dev/null
 then
@ -29,6 +27,8 @@ ynh_remove_systemd_config

 ynh_remove_nginx_config

+ynh_remove_nodejs
+
 ynh_secure_remove --file="/etc/cron.d/$app"

 #=================================================
--- a/scripts/restore
+++ b/scripts/restore
@ -17,11 +17,16 @@ ynh_script_progression --message="Restoring the app main directory..." --weight=

 ynh_restore_file --origin_path="$install_dir"

-# $install_dir will automatically be initialized with some decent 
-# permissions by default ... however, you may need to recursively reapply
-# ownership to all files such as after the ynh_setup_source step
 chown -R $app:www-data "$install_dir"

+#=================================================
+# REINSTALL DEPENDENCIES
+#=================================================
+ynh_script_progression --message="Reinstalling dependencies..." --weight=7
+
+# Install Nodejs
+ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
+
 #=================================================
 # RESTORE SYSTEM CONFIGURATIONS
 #=================================================
@ -34,7 +39,7 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
 ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
 systemctl enable $app.service --quiet

-yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log"
+yunohost service add $app --description="WebUI for BorgBackup" --log="/var/log/$app/$app.log"

 ynh_restore_file --origin_path="/etc/cron.d/$app"

@ -45,8 +50,7 @@ ynh_restore_file --origin_path="/etc/cron.d/$app"
 #=================================================
 ynh_script_progression --message="Reloading NGINX web server and $app's service..." --weight=1

-# Typically you only have either $app or php-fpm but not both at the same time...
-ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name=$app --action="start" --log_path="systemd"

 ynh_systemd_action --service_name=nginx --action=reload

--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -11,12 +11,20 @@ source /usr/share/yunohost/helpers

 upgrade_type=$(ynh_check_app_version_changed)

+#=================================================
+# UPGRADE DEPENDENCIES
+#=================================================
+ynh_script_progression --message="Upgrading dependencies..." --weight=5
+
+# Install Nodejs
+ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
+
 #=================================================
 # STOP SYSTEMD SERVICE
 #=================================================
 ynh_script_progression --message="Stopping a systemd service..." --weight=1

-ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd"

 #=================================================
 # "REBUILD" THE APP (DEPLOY NEW SOURCES, RERUN NPM BUILD...)
@ -29,7 +37,7 @@ then
 	ynh_script_progression --message="Upgrading source files..." --weight=1

 	# Download, check integrity, uncompress and patch the source from manifest.toml
-	ynh_setup_source --dest_dir="$install_dir" --keep=".env.local config/users.json config/repo.json"
+	ynh_setup_source --dest_dir="$install_dir" --keep="app/.env.local app/config/users.json app/config/repo.json"
 fi

 chown -R $app:www-data "$install_dir"
@ -41,9 +49,10 @@ ynh_script_progression --message="Upgrading system configurations related to $ap

 ynh_add_nginx_config

+env_path="$PATH"
 ynh_add_systemd_config

-yunohost service add $app --description="A short description of the app" --log="/var/log/$app/$app.log"
+yunohost service add $app --description="WebUI for BorgBackup" --log="/var/log/$app/$app.log"

 #=================================================
 # RECONFIGURE THE APP (UPDATE CONF, APPLY MIGRATIONS...)
@ -52,17 +61,17 @@ yunohost service add $app --description="A short description of the app" --log="
 #=================================================
 ynh_script_progression --message="Updating a configuration file..." --weight=1

-ynh_add_config --template=".env" --destination="$install_dir/.env.local"
+ynh_add_config --template=".env" --destination="$install_dir/app/.env.local"

-chmod 400 "$install_dir/.env.local"
-chown $app:$app "$install_dir/.env.local"
+chmod 400 "$install_dir/app/.env.local"
+chown $app:$app "$install_dir/app/.env.local"

 #=================================================
 # START SYSTEMD SERVICE
 #=================================================
 ynh_script_progression --message="Starting a systemd service..." --weight=1

-ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log"
+ynh_systemd_action --service_name=$app --action="start" --log_path="systemd"

 #=================================================
 # END OF SCRIPT
--- a/tests.toml
+++ b/tests.toml
@ -4,4 +4,8 @@ test_format = 1.0

 [default]

-   
+     # ------------
+    # Tests to run
+    # ------------
+
+    exclude = ["install.subdir"]