From cd708168331cbf0365b43cf57be61c1ee0bba352 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89ric=20Gaspar?=
 <46165813+ericgaspar@users.noreply.github.com>
Date: Mon, 21 Jun 2021 15:15:03 +0200
Subject: [PATCH 1/2] Testing (#61)

* Update config.json.example

* Cleaning up
---
 conf/config.json.example | 1 -
 scripts/install          | 2 +-
 scripts/restore          | 3 ---
 scripts/upgrade          | 4 ++--
 4 files changed, 3 insertions(+), 7 deletions(-)

diff --git a/conf/config.json.example b/conf/config.json.example
index d361583..1b80da5 100644
--- a/conf/config.json.example
+++ b/conf/config.json.example
@@ -3,7 +3,6 @@
         "protocolUseSSL": true,
         "domain": "__DOMAIN__",
         "port": "__PORT__",
-        "urlPath": "__PATH__",
         "loglevel": "info",
         "useCDN": false,
         "allowGravatar": false,
diff --git a/scripts/install b/scripts/install
index 655d5ac..b1a3e19 100644
--- a/scripts/install
+++ b/scripts/install
@@ -129,8 +129,8 @@ ynh_script_progression --message="Modifying a config file..."
 
 path=${path_url:1}
 ynh_add_config --template="../conf/config.json.example" --destination="$final_path/config.json"
-ynh_add_config --template="../conf/.sequelizerc.example" --destination="$final_path/.sequelizerc"
 chmod 600 $final_path/config.json
+ynh_add_config --template="../conf/.sequelizerc.example" --destination="$final_path/.sequelizerc"
 chmod 600 $final_path/.sequelizerc
 
 chmod +x $final_path/app.js
diff --git a/scripts/restore b/scripts/restore
index 9cd1a86..6f18d0d 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -84,9 +84,6 @@ ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies
 # Install Nodejs
 ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
 
-# Install Yarn
-ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg"
-
 #=================================================
 # RESTORE THE POSTGRESQL DATABASE
 #=================================================
diff --git a/scripts/upgrade b/scripts/upgrade
index 5dc0268..62f8620 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -133,11 +133,11 @@ if [ "$upgrade_type" == "UPGRADE_APP" ]
 then
 	ynh_script_progression --message="Building CodiMD... (this will take some time and resources!)" --weight=16
 
-	pushd "$final_path" || ynh_die
+	pushd "$final_path"
 		ynh_use_nodejs
 		ynh_exec_warn_less bin/setup
 		ynh_exec_warn_less ynh_npm run build
-	popd || ynh_die
+	popd
 fi
 
 #=================================================

From 0a6ede2c74fc1470615974f72c3645618d7f678b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=C3=89ric=20Gaspar?=
 <46165813+ericgaspar@users.noreply.github.com>
Date: Fri, 10 Sep 2021 15:46:14 +0200
Subject: [PATCH 2/2] Testing (#64)

* Cleaning up
---
 README.md             |  6 ++++--
 README_fr.md          |  6 ++++--
 check_process         |  8 +++++++-
 conf/systemd.service  | 32 ++++++++++++++++++++++++++++++--
 doc/DESCRIPTION.md    |  3 +++
 doc/DESCRIPTION_fr.md |  3 +++
 manifest.json         |  4 ++--
 scripts/restore       |  2 --
 8 files changed, 53 insertions(+), 11 deletions(-)
 create mode 100644 doc/DESCRIPTION.md
 create mode 100644 doc/DESCRIPTION_fr.md

diff --git a/README.md b/README.md
index c24ab5b..645ec00 100644
--- a/README.md
+++ b/README.md
@@ -15,9 +15,11 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
 
 ## Overview
 
-Collaborative editor to work on notes written in Markdown
+CodiMD is the free software version of HackMD, developed and opened source by the HackMD team with reduced features (without book mode), you can use CodiMD for your community and own all your data. [(See the origin of the name CodiMD.)](https://github.com/hackmdio/codimd/issues/720)
 
-**Shipped version:** 2.4.1~ynh1
+CodiMD is perfect for open communities, while HackMD emphasizes on permission and access controls for commercial use cases.
+
+**Shipped version:** 2.4.1~ynh2
 
 
 
diff --git a/README_fr.md b/README_fr.md
index f0a4ea7..26bbd98 100644
--- a/README_fr.md
+++ b/README_fr.md
@@ -11,9 +11,11 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour
 
 ## Vue d'ensemble
 
-Éditeur collaboratif pour travailler sur des notes en Markdown
+CodiMD est la version logicielle libre de HackMD, développée et ouverte par l'équipe HackMD avec des fonctionnalités réduites (sans mode livre), vous pouvez utiliser CodiMD pour votre communauté et posséder toutes vos données. [(Voir l'origine du nom CodiMD.)](https://github.com/hackmdio/codimd/issues/720)
 
-**Version incluse :** 2.4.1~ynh1
+CodiMD est parfait pour les communautés ouvertes, tandis que HackMD met l'accent sur les autorisations et les contrôles d'accès pour les cas d'utilisation commerciale.
+
+**Version incluse :** 2.4.1~ynh2
 
 
 
diff --git a/check_process b/check_process
index 03b75a3..0110e79 100644
--- a/check_process
+++ b/check_process
@@ -12,9 +12,15 @@
 		setup_private=1
 		setup_public=1
 		upgrade=1
+		upgrade=1	from_commit=0d58e34697338049d951c8373da3d363a121d439
 		backup_restore=1
 		multi_instance=0
 		change_url=1
 ;;; Options
 Email=
-Notification=none
\ No newline at end of file
+Notification=none
+;;; Upgrade options
+	; commit=0d58e34697338049d951c8373da3d363a121d439
+		name=Upgrade to version 2.4.1
+		manifest_arg=domain=DOMAIN&path=PATH&admin=USER&language=fr&is_public=1&password=pass&port=666&
+
diff --git a/conf/systemd.service b/conf/systemd.service
index b5a8d73..f9f591f 100644
--- a/conf/systemd.service
+++ b/conf/systemd.service
@@ -15,7 +15,35 @@ Restart=always
 PrivateTmp=true
 PrivateDevices=true
 
+# Sandboxing options to harden security
+# Depending on specificities of your service/app, you may need to tweak these 
+# .. but this should be a good baseline
+# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+DevicePolicy=closed
+ProtectSystem=full
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+LockPersonality=yes
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
+
+# Denying access to capabilities that should not be relevant for webapps
+# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
+CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
+CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
+CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
+CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
+CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
+CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
+CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
+CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG 
+
 [Install]
 WantedBy=multi-user.target
-
-
diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md
new file mode 100644
index 0000000..e07466b
--- /dev/null
+++ b/doc/DESCRIPTION.md
@@ -0,0 +1,3 @@
+CodiMD is the free software version of HackMD, developed and opened source by the HackMD team with reduced features (without book mode), you can use CodiMD for your community and own all your data. [(See the origin of the name CodiMD.)](https://github.com/hackmdio/codimd/issues/720)
+
+CodiMD is perfect for open communities, while HackMD emphasizes on permission and access controls for commercial use cases.
\ No newline at end of file
diff --git a/doc/DESCRIPTION_fr.md b/doc/DESCRIPTION_fr.md
new file mode 100644
index 0000000..0e66857
--- /dev/null
+++ b/doc/DESCRIPTION_fr.md
@@ -0,0 +1,3 @@
+CodiMD est la version logicielle libre de HackMD, développée et ouverte par l'équipe HackMD avec des fonctionnalités réduites (sans mode livre), vous pouvez utiliser CodiMD pour votre communauté et posséder toutes vos données. [(Voir l'origine du nom CodiMD.)](https://github.com/hackmdio/codimd/issues/720)
+
+CodiMD est parfait pour les communautés ouvertes, tandis que HackMD met l'accent sur les autorisations et les contrôles d'accès pour les cas d'utilisation commerciale.
\ No newline at end of file
diff --git a/manifest.json b/manifest.json
index 72debb0..2a5d734 100644
--- a/manifest.json
+++ b/manifest.json
@@ -6,7 +6,7 @@
         "en": "Collaborative editor to work on notes written in Markdown",
         "fr": "Éditeur collaboratif pour travailler sur des notes en Markdown"
     },
-    "version": "2.4.1~ynh1",
+    "version": "2.4.1~ynh2",
     "url": "https://github.com/hackmdio/codimd",
     "upstream": {
         "license": "AGPL-3.0-only",
@@ -17,7 +17,7 @@
     },
     "license": "AGPL-3.0-only",
     "maintainer": {
-        "name": ""
+        "name": "eric_G"
     },
     "requirements": {
         "yunohost": ">= 4.2.4"
diff --git a/scripts/restore b/scripts/restore
index 6f18d0d..7051136 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -38,8 +38,6 @@ db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd)
 #=================================================
 ynh_script_progression --message="Validating restoration parameters..." --weight=2
 
-ynh_webpath_available --domain=$domain --path_url=$path_url \
-	|| ynh_die --message="Path not available: ${domain}${path_url}"
 test ! -d $final_path \
 	|| ynh_die --message="There is already a directory: $final_path "