Merge pull request #6 from YunoHost-Apps/dev

Fix upgrade of old stuff and security of chrome
2024-09-03 18:16:07 +02:00 · 2023-03-01 19:33:06 +01:00 · 2023-03-01 19:33:06 +01:00 · 44108b5cfe
commit 44108b5cfe
parent 7005fd8aeb f480289cdf
6 changed files with 12 additions and 7 deletions
--- a/README.md
+++ b/README.md
@ -27,7 +27,7 @@ With Cookie Aware Cors Proxy, you can call a website not supporting CORS from yo
 - Two engines: a lightweight and one based on chrome to support websites running javascript


-**Shipped version:** 1.0~ynh2
+**Shipped version:** 1.1.6~ynh3

 ## Screenshots

--- a/README_fr.md
+++ b/README_fr.md
@ -27,7 +27,7 @@ With Cookie Aware Cors Proxy, you can call a website not supporting CORS from yo
 - Two engines: a lightweight and one based on chrome to support websites running javascript


-**Version incluse :** 1.0~ynh2
+**Version incluse :** 1.1.6~ynh3

 ## Captures d’écran

--- a/conf/amd64.src
+++ b/conf/amd64.src
@ -1,5 +1,5 @@
-SOURCE_URL=https://github.com/gcollin/cookie-aware-cors-proxy/releases/download/v1.1.4/cookie-aware-cors-proxy.tgz
-SOURCE_SUM=c56ca989233d4d2f3a2304ec96d979445f97232c8be63d5910d819af66f83ab9
+SOURCE_URL=https://github.com/gcollin/cookie-aware-cors-proxy/releases/download/v1.1.6/cookie-aware-cors-proxy.tgz
+SOURCE_SUM=110dd1dc2014dcc6c9d05ff947aa365f4ee960bf93ec7b9abf965ad892e2b2d5
 SOURCE_SUM_PRG=sha256sum
 SOURCE_FORMAT=tar.gz
 SOURCE_IN_SUBDIR=true
--- a/conf/systemd.service
+++ b/conf/systemd.service
@ -32,7 +32,8 @@ ProtectKernelModules=yes
 ProtectKernelTunables=yes
 LockPersonality=yes
 SystemCallArchitectures=native
-SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged
+# We need to allow priviledged to enable chromium access to gpu
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation

 # Denying access to capabilities that should not be relevant for webapps
 # Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
--- a/manifest.json
+++ b/manifest.json
@ -6,7 +6,7 @@
        "en": "An advanced https proxy allowing you to call other websites from your own web application.",
        "fr": "Un proxy https avancé vous permettant d'appeler d'autres sites depuis votre propre application web."
    },
-    "version": "1.0~ynh2",
+    "version": "1.1.6~ynh3",
    "url": "https://github.com/gcollin/cookie-aware-cors-proxy",
    "upstream": {
        "license": "MIT",
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -104,7 +104,11 @@ complete_install=false
 # Check if we need to clean up old bad installs
 if [ -f "$final_path/package.json" ]; then
  complete_install=true
-  ynh_secure_remove --file="$final_path/*"
+  ynh_secure_remove --file="$final_path"
+  mkdir "$final_path"
+  chmod 750 "$final_path"
+  chmod -R o-rwx "$final_path"
+  chown -R $app:$app "$final_path"
 fi

 #=================================================