From e6aa5afadaa88e068482a462562e5a005bc3f530 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Sun, 14 Aug 2022 09:13:21 +0000 Subject: [PATCH 1/5] Auto-update README --- README.md | 20 +++++++++++--------- README_fr.md | 28 +++++++++++++++++----------- 2 files changed, 28 insertions(+), 20 deletions(-) diff --git a/README.md b/README.md index 5f6a8f7..ee89a61 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ It shall NOT be edited by hand. # Commento for YunoHost -[![Integration level](https://dash.yunohost.org/integration/commento.svg)](https://dash.yunohost.org/appci/app/commento) ![](https://ci-apps.yunohost.org/ci/badges/commento.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/commento.maintain.svg) +[![Integration level](https://dash.yunohost.org/integration/commento.svg)](https://dash.yunohost.org/appci/app/commento) ![Working status](https://ci-apps.yunohost.org/ci/badges/commento.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/commento.maintain.svg) [![Install Commento with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=commento) *[Lire ce readme en français.](./README_fr.md)* @@ -33,29 +33,31 @@ Commento++ allows you to foster discussion on your website – if you have a blo **Shipped version:** 1.8.7~ynh1 + **Demo:** https://demo.souradip.com/chat.html ## Screenshots -![](./doc/screenshots/Screenshot.png) +![Screenshot of Commento](./doc/screenshots/Screenshot.png) ## Documentation and resources -* Official app website: https://commento.io/ -* Official admin documentation: https://docs.commento.io/ -* Upstream app code repository: https://github.com/souramoo/commentoplusplus -* YunoHost documentation for this app: https://yunohost.org/app_commento -* Report a bug: https://github.com/YunoHost-Apps/commento_ynh/issues +* Official app website: +* Official admin documentation: +* Upstream app code repository: +* YunoHost documentation for this app: +* Report a bug: ## Developer info Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/commento_ynh/tree/testing). To try the testing branch, please proceed like that. -``` + +``` bash sudo yunohost app install https://github.com/YunoHost-Apps/commento_ynh/tree/testing --debug or sudo yunohost app upgrade commento -u https://github.com/YunoHost-Apps/commento_ynh/tree/testing --debug ``` -**More info regarding app packaging:** https://yunohost.org/packaging_apps \ No newline at end of file +**More info regarding app packaging:** diff --git a/README_fr.md b/README_fr.md index 19372ed..4776197 100644 --- a/README_fr.md +++ b/README_fr.md @@ -1,10 +1,14 @@ + + # Commento pour YunoHost -[![Niveau d'intégration](https://dash.yunohost.org/integration/commento.svg)](https://dash.yunohost.org/appci/app/commento) ![](https://ci-apps.yunohost.org/ci/badges/commento.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/commento.maintain.svg) +[![Niveau d'intégration](https://dash.yunohost.org/integration/commento.svg)](https://dash.yunohost.org/appci/app/commento) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/commento.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/commento.maintain.svg) [![Installer Commento avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=commento) *[Read this readme in english.](./README.md)* -*[Lire ce readme en français.](./README_fr.md)* > *Ce package vous permet d'installer Commento rapidement et simplement sur un serveur YunoHost. Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.* @@ -27,31 +31,33 @@ Commento++ allows you to foster discussion on your website – if you have a blo - Email notifications. -**Version incluse :** 1.8.7~ynh1 +**Version incluse :** 1.8.7~ynh1 + **Démo :** https://demo.souradip.com/chat.html ## Captures d'écran -![](./doc/screenshots/Screenshot.png) +![Capture d'écran de Commento](./doc/screenshots/Screenshot.png) ## Documentations et ressources -* Site officiel de l'app : https://commento.io/ -* Documentation officielle de l'admin : https://docs.commento.io/ -* Dépôt de code officiel de l'app : https://github.com/souramoo/commentoplusplus -* Documentation YunoHost pour cette app : https://yunohost.org/app_commento -* Signaler un bug : https://github.com/YunoHost-Apps/commento_ynh/issues +* Site officiel de l'app : +* Documentation officielle de l'admin : +* Dépôt de code officiel de l'app : +* Documentation YunoHost pour cette app : +* Signaler un bug : ## Informations pour les développeurs Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/commento_ynh/tree/testing). Pour essayer la branche testing, procédez comme suit. -``` + +``` bash sudo yunohost app install https://github.com/YunoHost-Apps/commento_ynh/tree/testing --debug ou sudo yunohost app upgrade commento -u https://github.com/YunoHost-Apps/commento_ynh/tree/testing --debug ``` -**Plus d'infos sur le packaging d'applications :** https://yunohost.org/packaging_apps \ No newline at end of file +**Plus d'infos sur le packaging d'applications :** From 8025ecceb96186f261910ffcc18a39d507bf7b30 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Sun, 14 Aug 2022 11:13:42 +0200 Subject: [PATCH 2/5] Update manifest.json --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index 33c2442..4395811 100644 --- a/manifest.json +++ b/manifest.json @@ -21,7 +21,7 @@ "email": "" }, "requirements": { - "yunohost": ">= 4.3.0" + "yunohost": ">= 11.0.9" }, "multi_instance": true, "services": [ From afdc6f67bc1857d491e90d40fb8c64ad888e2f8e Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Mon, 15 Aug 2022 19:04:01 +0200 Subject: [PATCH 3/5] set relative path for --keep opt --- scripts/upgrade | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/upgrade b/scripts/upgrade index f52e171..aed38d9 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -90,7 +90,7 @@ then ynh_script_progression --message="Upgrading source files..." --weight=1 # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir="$final_path" #--keep="$final_path/commento.env" + ynh_setup_source --dest_dir="$final_path" #--keep="commento.env" fi chmod 750 "$final_path" From 5947aa0d106a95807a19dd9affb02899037d3a52 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Sat, 17 Dec 2022 22:03:29 +0100 Subject: [PATCH 4/5] Update systemd.service --- conf/systemd.service | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/conf/systemd.service b/conf/systemd.service index 247766d..c7480a8 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -9,5 +9,39 @@ Group=__APP__ Environment=COMMENTO_CONFIG_FILE=__FINALPATH__/commento.env ExecStart=__FINALPATH__/commento +# Sandboxing options to harden security +# Depending on specificities of your service/app, you may need to tweak these +# .. but this should be a good baseline +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectClock=yes +ProtectHostname=yes +ProtectProc=invisible +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallArchitectures=native +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG + [Install] WantedBy=multi-user.target From e1111dc7e02754a635e54670710b270b2871021b Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Sat, 17 Dec 2022 21:03:33 +0000 Subject: [PATCH 5/5] Auto-update README --- README.md | 1 - README_fr.md | 3 +-- 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/README.md b/README.md index ee89a61..8362ed5 100644 --- a/README.md +++ b/README.md @@ -33,7 +33,6 @@ Commento++ allows you to foster discussion on your website – if you have a blo **Shipped version:** 1.8.7~ynh1 - **Demo:** https://demo.souradip.com/chat.html ## Screenshots diff --git a/README_fr.md b/README_fr.md index 4776197..2b149f0 100644 --- a/README_fr.md +++ b/README_fr.md @@ -31,8 +31,7 @@ Commento++ allows you to foster discussion on your website – if you have a blo - Email notifications. -**Version incluse :** 1.8.7~ynh1 - +**Version incluse :** 1.8.7~ynh1 **Démo :** https://demo.souradip.com/chat.html