diff --git a/README.md b/README.md index f2079dc..6531856 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ With Cookie Aware Cors Proxy, you can call a website not supporting CORS from yo - Two engines: a lightweight and one based on chrome to support websites running javascript -**Shipped version:** 1.0~ynh2 +**Shipped version:** 1.1.11~ynh1 ## Screenshots diff --git a/README_fr.md b/README_fr.md index 29aa749..ce8c6b3 100644 --- a/README_fr.md +++ b/README_fr.md @@ -27,7 +27,7 @@ With Cookie Aware Cors Proxy, you can call a website not supporting CORS from yo - Two engines: a lightweight and one based on chrome to support websites running javascript -**Version incluse :** 1.0~ynh2 +**Version incluse :** 1.1.11~ynh1 ## Captures d’écran diff --git a/conf/.env b/conf/.env index 85c138e..2d91850 100644 --- a/conf/.env +++ b/conf/.env @@ -3,3 +3,4 @@ CACP_REDIRECT_HOST=https://__DOMAIN__ CACP_REDIRECT_PATH=__PATH_URL__ CACP_DEBUG=FALSE CACP_LOG=FALSE +CACP_BYPASS_SANDBOX=__BYPASS_SANDBOX__ diff --git a/conf/amd64.src b/conf/amd64.src index f9c125c..e7c8f4b 100644 --- a/conf/amd64.src +++ b/conf/amd64.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/gcollin/cookie-aware-cors-proxy/releases/download/v1.1.4/cookie-aware-cors-proxy.tgz -SOURCE_SUM=c56ca989233d4d2f3a2304ec96d979445f97232c8be63d5910d819af66f83ab9 +SOURCE_URL=https://github.com/gcollin/cookie-aware-cors-proxy/releases/download/v1.1.11/cookie-aware-cors-proxy.tgz +SOURCE_SUM=93a2564a9d244c0087a8103f68be31ef48d592180f37dd3e496feb438cc7e1c8 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/conf/systemd.service b/conf/systemd.service index b26c0df..f2c1d98 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -32,7 +32,8 @@ ProtectKernelModules=yes ProtectKernelTunables=yes LockPersonality=yes SystemCallArchitectures=native -SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged +# We need to allow priviledged to enable chromium access to gpu +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation # Denying access to capabilities that should not be relevant for webapps # Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html diff --git a/manifest.json b/manifest.json index 02f8680..cb23a3f 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "An advanced https proxy allowing you to call other websites from your own web application.", "fr": "Un proxy https avancé vous permettant d'appeler d'autres sites depuis votre propre application web." }, - "version": "1.0~ynh2", + "version": "1.1.11~ynh1", "url": "https://github.com/gcollin/cookie-aware-cors-proxy", "upstream": { "license": "MIT", diff --git a/scripts/change_url b/scripts/change_url index cddf3e8..e40f6a7 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -29,6 +29,7 @@ ynh_script_progression --message="Loading installation settings..." --weight=1 # Needed for helper "ynh_add_nginx_config" final_path=$(ynh_app_setting_get --app=$app --key=final_path) port=$(ynh_app_setting_get --app=$app --key=port) +install_chromium=$(ynh_app_setting_get --app=$app --key=install_chromium) #================================================= # BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP @@ -109,6 +110,20 @@ ynh_script_progression --message="Updating .env configuration..." ynh_backup_if_checksum_is_different --file="$final_path/.env" domain=$new_domain path_url=$new_path + +# We must use chrome sandbox for kernels 5.x, 6.x doesn't need it anymore +kernel_release=$(uname -r) +if [[ $kernel_release == 5.* ]] +then + bypass_sandbox="TRUE" + if [ $install_chromium -eq 1 ] + then + ynh_print_warn --message="Using non sandboxed chromium as kernel release is less than 6.x" + fi +else + bypass_sandbox="FALSE" +fi + ynh_add_config --template=".env" --destination="$final_path/.env" # FIXME: this should be handled by the core in the future diff --git a/scripts/install b/scripts/install index d64af45..861bc00 100755 --- a/scripts/install +++ b/scripts/install @@ -208,6 +208,19 @@ ynh_add_nginx_config #================================================= ynh_script_progression --message="Adding a configuration file..." --weight=1 +# We must use chrome sandbox for kernels 5.x, 6.x doesn't need it anymore +kernel_release=$(uname -r) +if [[ $kernel_release == 5.* ]] +then + bypass_sandbox="TRUE" + if [ $install_chromium -eq 1 ] + then + ynh_print_warn --message="Using non sandboxed chromium as kernel release is less than 6.x" + fi +else + bypass_sandbox="FALSE" +fi + ynh_add_config --template=".env" --destination="$final_path/.env" # FIXME: this should be handled by the core in the future diff --git a/scripts/upgrade b/scripts/upgrade index 14e7d60..66d1d60 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -104,7 +104,11 @@ complete_install=false # Check if we need to clean up old bad installs if [ -f "$final_path/package.json" ]; then complete_install=true - ynh_secure_remove --file="$final_path/*" + ynh_secure_remove --file="$final_path" + mkdir "$final_path" + chmod 750 "$final_path" + chmod -R o-rwx "$final_path" + chown -R $app:$app "$final_path" fi #================================================= @@ -188,10 +192,18 @@ ynh_add_nginx_config #================================================= ynh_script_progression --message="Updating a configuration file..." --weight=1 -### Same as during install -### -### The file will automatically be backed-up if it's found to be manually modified (because -### ynh_add_config keeps track of the file's checksum) +# We must use chrome sandbox for kernels 5.x, 6.x doesn't need it anymore +kernel_release=$(uname -r) +if [[ $kernel_release == 5.* ]] +then + bypass_sandbox="TRUE" + if [ $install_chromium -eq 1 ] + then + ynh_print_warn --message="Using non sandboxed chromium as kernel release is less than 6.x" + fi +else + bypass_sandbox="FALSE" +fi ynh_add_config --template=".env" --destination="$final_path/.env"