From 15c06fd4f368a7be91e7d83118021a3e81a49225 Mon Sep 17 00:00:00 2001 From: frju365 Date: Sat, 18 Jul 2020 11:46:45 +0200 Subject: [PATCH] Testing (#44) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * version 3.2.0 * fix nodejs_version variable in upgrade script (#31) (#32) * correct a sile config * Repackage to upstream v.3.18.1 (#40) * version 3.2.0 * different corrections * Can't pass Package check with 3.8.1 as pc is build with 3.7. :) * update to 3.19.0 (#41) * update to 3.19.0 * new overview * update to 3.19.1 (#42) * update to 3.19.0 * new overview * update v.3.19.1 Co-authored-by: shine <4771718+shinenelson@users.noreply.github.com> Co-authored-by: Éric Gaspar <46165813+ericgaspar@users.noreply.github.com> --- README.md | 81 ++++++-- README_fr.md | 73 +++++++ check_process | 4 +- conf/app.src | 6 +- conf/config.js | 431 ++++++++++++++++----------------------- conf/nginx.conf | 39 ++-- conf/systemd.service | 5 +- issue_template.md | 46 +++++ manifest.json | 30 +-- pull_request_template.md | 18 ++ scripts/_common.sh | 84 +------- scripts/backup | 51 ++--- scripts/change_url | 123 +++++++++++ scripts/install | 149 +++++++------- scripts/remove | 54 ++--- scripts/restore | 98 +++++---- scripts/upgrade | 199 ++++++++++-------- 17 files changed, 856 insertions(+), 635 deletions(-) create mode 100644 README_fr.md create mode 100644 issue_template.md create mode 100644 pull_request_template.md create mode 100644 scripts/change_url diff --git a/README.md b/README.md index 25561cf..2911695 100644 --- a/README.md +++ b/README.md @@ -1,28 +1,73 @@ -Cryptad for Yunohost ------------------------- +# CryptPad for YunoHost -[![Integration level](https://dash.yunohost.org/integration/cryptpad.svg)](https://dash.yunohost.org/appci/app/cryptpad) -[![Install Cryptad with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=cryptpad) +[![Integration level](https://dash.yunohost.org/integration/cryptpad.svg)](https://dash.yunohost.org/appci/app/cryptpad) ![](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg) +[![Install CryptPad with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=cryptpad) -**Shipped version:** 3.2.0 +*[Lire ce readme en français.](./README_fr.md)* + +> *This package allows you to install CryptPad quickly and simply on a YunoHost server. +If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.* + +## Overview +CryptPad is a collaborative encrypted document editor in real time. It is a privacy-friendly alternative to popular office tools and cloud services. All content stored in CryptPad is encrypted before being sent, which means that no one can access your data unless you give them the keys. You can share access to a document simply by sharing the link. + +**Shipped version:** 3.19.1 + +## Screenshots + +![](https://github.com/xwiki-labs/cryptpad/raw/master/screenshot.png) ## Demo -https://cryptpad.fr/ -## Known limitations / Limitations connues -- Installation possible only on a domain root (Cryptpad limitation) -- Can't login via SSO (due to this [Cryptpad limitation](https://github.com/xwiki-labs/cryptpad/issues/116)) +* [Official demo](https://cryptpad.fr/) +## Configuration -## Links / Liens -- Package URL/URL du Paquet: https://github.com/YunoHost-Apps/cryptpad_ynh -- Official Website/Site Officiel: https://cryptpad.fr/ -- Github: https://github.com/xwiki-labs/cryptpad -- Package status: - - [Last weekly report](https://forum.yunohost.org/t/rapport-hebdomadaire-dintegration-continue/2297) - - [Last continuous integration test](https://ci-apps.yunohost.org/jenkins/job/cryptpad%20%28Community%29/lastBuild/consoleFull) +* How to configure this app: From an admin panel, a plain file with SSH. +## Documentation -## Tricks : +* Official documentation: https://cryptpad.fr/what-is-cryptpad.html +* YunoHost documentation: If specific documentation is needed, feel free to contribute. -- To increase space for user in cryptpad, you can set up it in the config.js file in the root folder (/var/www/cryptpad/config.js), and then restart the cryptpad service (`sudo service cryptpad restart`). +## YunoHost specific features + +#### Multi-user support + +* Are LDAP and HTTP auth supported? **No** +* Can the app be used by multiple users? **Yes** + +#### Supported architectures + +* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/cryptpad%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/cryptpad/) +* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/cryptpad%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/cryptpad/) + +## Limitations + +* Installation possible only on a root domain (CryptPad limitation) +* Can't login via SSO (due to this [CryptPad limitation](https://github.com/xwiki-labs/cryptpad/issues/116)) + +## Additional information + +* To increase space for CryptPad users, you can modify `/var/www/cryptpad/config.js`, and restart the CryptPad service with `sudo service cryptpad restart`. + +## Links + + * Report a bug: https://github.com/YunoHost-Apps/cryptpad_ynh/issues + * App website: https://cryptpad.fr/ + * Upstream app repository: https://github.com/xwiki-labs/cryptpad + * YunoHost website: https://yunohost.org/ + +--- + +Developer info +---------------- + +Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing). + +To try the testing branch, please proceed like that. +``` +sudo yunohost app install https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing --debug +or +sudo yunohost app upgrade cryptpad -u https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing --debug +``` diff --git a/README_fr.md b/README_fr.md new file mode 100644 index 0000000..6dd7efc --- /dev/null +++ b/README_fr.md @@ -0,0 +1,73 @@ +# CryptPad pour YunoHost + +[![Integration level](https://dash.yunohost.org/integration/cryptpad.svg)](https://dash.yunohost.org/appci/app/cryptpad) ![](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg) +[![Installer CryptPad avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=cryptpad) + +*[Read this readme in english.](./README.md)* + +> *Ce package vous permet d'installer CryptPad rapidement et simplement sur un serveur YunoHost. +Si vous n'avez pas YunoHost, consultez [le guide](https://yunohost.org/#/install) pour apprendre comment l'installer.* + +## Vue d'ensemble +CryptPad est un éditeur de documents chiffrés collaboratifs en temps réel. C'est une alternative respectant la vie privée aux outils office et aux services cloud populaires. Tout le contenu stocké dans CryptPad est chiffré avant d'être envoyé, ce qui signifie que personne ne peut accéder à vos données à moins que vous ne leur donniez les clés. Vous pouvez partager l'accès à un document simplement en partageant le lien. + +**Version incluse :** 3.19.1 + +## Captures d'écran + +![](https://github.com/xwiki-labs/cryptpad/raw/master/screenshot.png) + +## Démo + +* [Démo officielle](https://cryptpad.fr/) + +## Configuration + +Comment configurer cette application : via le panneau d'administration ainsi que le fichier de configuration `/var/www/cryptpad/config.js`. + +## Documentation + +* Official documentation : https://cryptpad.fr/what-is-cryptpad.html +* YunoHost documentation : If specific documentation is needed, feel free to contribute. + +## Caractéristiques spécifiques YunoHost + +#### Support multi-utilisateur + +* L'authentification LDAP et HTTP est-elle prise en charge ? **Non** +* L'application peut-elle être utilisée par plusieurs utilisateurs ? **Oui** + +#### Architectures supportées + +* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/cryptpad%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/cryptpad/) +* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/cryptpad%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/cryptpad/) + +## Limitations + +* Nécessite un sous-domaine / domaine dédié. (limitation de CryptPad) +* Impossible de se connecter via SSO (cf [limitation de CryptPad](https://github.com/xwiki-labs/cryptpad/issues/116)) + +## Informations additionnelles + +* Pour augmenter l'espace pour l'utilisateur dans le CryptPad, vous pouvez configurer le fichier `config.js` dans le dossier `/var/www/cryptpad/config.js`, puis redémarrez le service CryptPad `sudo service cryptpad restart`. + +## Liens + +* Signaler un bug : https://github.com/YunoHost-Apps/cryptpad_ynh/issues +* Site de l'application : https://cryptpad.fr/ +* Dépôt de l'application principale : https://github.com/xwiki-labs/cryptpad +* Site web YunoHost : https://yunohost.org/ + +--- + +Informations pour les développeurs +---------------- + +Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing). + +Pour essayer la branche testing, procédez comme suit. +``` +sudo yunohost app install https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing --debug +ou +sudo yunohost app upgrade cryptpad -u https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing --debug +``` diff --git a/check_process b/check_process index f152803..18fe99f 100644 --- a/check_process +++ b/check_process @@ -3,8 +3,8 @@ ; Manifest domain="domain.tld" (DOMAIN) path="/path" (PATH) + admin="john" (USER) is_public="1" (PUBLIC|public=1|private=0) - email="example@example.io" (EMAIL) ; Checks pkg_linter=1 setup_sub_dir=0 @@ -17,7 +17,7 @@ multi_instance=0 incorrect_path=0 port_already_use=1 - change_url=0 + change_url=1 ;;; Levels Level 1=auto Level 2=auto diff --git a/conf/app.src b/conf/app.src index 432649b..f9f30f8 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,6 +1,6 @@ -SOURCE_URL=https://github.com/xwiki-labs/cryptpad/archive/3.2.0.tar.gz -SOURCE_SUM=4f7576401e506aa24c032be675539b671ace27c5453b40edfe39f84daa0fcbfc +SOURCE_URL=https://github.com/xwiki-labs/cryptpad/archive/3.19.1.tar.gz +SOURCE_SUM=b706baf1ee7d948eb549b7ba4f9270188e7dde067f4e92b7c3162e5907c50af6 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= +SOURCE_FILENAME=cryptpad-3.19.1.tar.gz diff --git a/conf/config.js b/conf/config.js index b543919..9d47a88 100644 --- a/conf/config.js +++ b/conf/config.js @@ -1,189 +1,203 @@ -/*@flow*/ -/* - globals module +/* globals module */ + +/* DISCLAIMER: + + There are two recommended methods of running a CryptPad instance: + + 1. Using a standalone nodejs server without HTTPS (suitable for local development) + 2. Using NGINX to serve static assets and to handle HTTPS for API server's websocket traffic + + We do not officially recommend or support Apache, Docker, Kubernetes, Traefik, or any other configuration. + Support requests for such setups should be directed to their authors. + + If you're having difficulty difficulty configuring your instance + we suggest that you join the project's IRC/Matrix channel. + + If you don't have any difficulty configuring your instance and you'd like to + support us for the work that went into making it pain-free we are quite happy + to accept donations via our opencollective page: https://opencollective.com/cryptpad + */ -var _domain = 'http://localhost:__PORT__/'; - -// You can `kill -USR2` the node process and it will write out a heap dump. -// If your system doesn't support dumping, comment this out and install with -// `npm install --production` -// See: https://strongloop.github.io/strongloop.com/strongblog/how-to-heap-snapshots/ - -// to enable this feature, uncomment the line below: -// require('heapdump'); - -// we prepend a space because every usage expects it -// requiring admins to preserve it is unnecessarily confusing -var domain = ' ' + _domain; - -// Content-Security-Policy -var baseCSP = [ - "default-src 'none'", - "style-src 'unsafe-inline' 'self' " + domain, - "font-src 'self' data:" + domain, - - /* child-src is used to restrict iframes to a set of allowed domains. - * connect-src is used to restrict what domains can connect to the websocket. - * - * it is recommended that you configure these fields to match the - * domain which will serve your CryptPad instance. - */ - "child-src blob: *", - // IE/Edge - "frame-src blob: *", - - /* this allows connections over secure or insecure websockets - if you are deploying to production, you'll probably want to remove - the ws://* directive, and change '*' to your domain - */ - "connect-src 'self' ws: wss: blob:" + domain, - - // data: is used by codemirror - "img-src 'self' data: blob:" + domain, - "media-src * blob:", - - // for accounts.cryptpad.fr authentication and cross-domain iframe sandbox - "frame-ancestors *", - "" -]; - - module.exports = { +/* CryptPad is designed to serve its content over two domains. + * Account passwords and cryptographic content is handled on the 'main' domain, + * while the user interface is loaded on a 'sandbox' domain + * which can only access information which the main domain willingly shares. + * + * In the event of an XSS vulnerability in the UI (that's bad) + * this system prevents attackers from gaining access to your account (that's good). + * + * Most problems with new instances are related to this system blocking access + * because of incorrectly configured sandboxes. If you only see a white screen + * when you try to load CryptPad, this is probably the cause. + * + * PLEASE READ THE FOLLOWING COMMENTS CAREFULLY. + * + */ + +/* httpUnsafeOrigin is the URL that clients will enter to load your instance. + * Any other URL that somehow points to your instance is supposed to be blocked. + * The default provided below assumes you are loading CryptPad from a server + * which is running on the same machine, using port 3000. + * + * In a production instance this should be available ONLY over HTTPS + * using the default port for HTTPS (443) ie. https://cryptpad.fr + * In such a case this should be handled by NGINX, as documented in + * cryptpad/docs/example.nginx.conf (see the $main_domain variable) + * + */ + httpUnsafeOrigin: 'http://127.0.0.1:__PORT__', + +/* httpSafeOrigin is the URL that is used for the 'sandbox' described above. + * If you're testing or developing with CryptPad on your local machine then + * it is appropriate to leave this blank. The default behaviour is to serve + * the main domain over port 3000 and to serve the content over port 3001. + * + * This is not appropriate in a production environment where invasive networks + * may filter traffic going over abnormal ports. + * To correctly configure your production instance you must provide a URL + * with a different domain (a subdomain is sufficient). + * It will be used to load the UI in our 'sandbox' system. + * + * This value corresponds to the $sandbox_domain variable + * in the example nginx file. + * + * CUSTOMIZE AND UNCOMMENT THIS FOR PRODUCTION INSTALLATIONS. + */ + // httpSafeOrigin: "https://some-other-domain.xyz", + +/* httpAddress specifies the address on which the nodejs server + * should be accessible. By default it will listen on 127.0.0.1 + * (IPv4 localhost on most systems). If you want it to listen on + * all addresses, including IPv6, set this to '::'. + * + */ + httpAddress: '::', + +/* httpPort specifies on which port the nodejs server should listen. + * By default it will serve content over port 3000, which is suitable + * for both local development and for use with the provided nginx example, + * which will proxy websocket traffic to your node server. + * + */ + httpPort: __PORT__, + +/* httpSafePort allows you to specify an alternative port from which + * the node process should serve sandboxed assets. The default value is + * that of your httpPort + 1. You probably don't need to change this. + * + */ + httpSafePort: __PORTI__, + +/* CryptPad will launch a child process for every core available + * in order to perform CPU-intensive tasks in parallel. + * Some host environments may have a very large number of cores available + * or you may want to limit how much computing power CryptPad can take. + * If so, set 'maxWorkers' to a positive integer. + */ + // maxWorkers: 4, /* ===================== * Admin * ===================== */ /* - * CryptPad now contains an administration panel. Its access is restricted to specific + * CryptPad contains an administration panel. Its access is restricted to specific * users using the following list. * To give access to the admin panel to a user account, just add their user id, * which can be found on the settings page for registered users. * Entries should be strings separated by a comma. */ +/* adminKeys: [ //"https://my.awesome.website/user/#/1/cryptpad-user1/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=", ], +*/ - /* ===================== - * Infra setup - * ===================== */ - - // the address you want to bind to, :: means all ipv4 and ipv6 addresses - // this may not work on all operating systems - httpAddress: '::', - - // the port on which your httpd will listen - httpPort: __PORT__, - - // This is for allowing the cross-domain iframe to function when developing - httpSafePort: __PORTI__, - - // This is for deployment in production, CryptPad uses a separate origin (domain) to host the - // cross-domain iframe. It can simply host the same content as CryptPad. - // httpSafeOrigin: "https://some-other-domain.xyz", - - httpUnsafeOrigin: domain, - - /* your server's websocket url is configurable - * (default: '/cryptpad_websocket') + /* CryptPad's administration panel includes a "support" tab + * wherein administrators with a secret key can view messages + * sent from users via the encrypted forms on the /support/ page * - * websocketPath can be relative, of the form '/path/to/websocket' - * or absolute, specifying a particular URL + * To enable this functionality: + * run `node ./scripts/generate-admin-keys.js` + * save the public key in your config in the value below + * add the private key via the admin panel + * and back it up in a secure manner * - * 'wss://cryptpad.fr:3000/cryptpad_websocket' */ - websocketPath: '/cryptpad_websocket', + // supportMailboxPublicKey: "", - /* CryptPad can be configured to send customized HTTP Headers - * These settings may vary widely depending on your needs - * Examples are provided below - */ - httpHeaders: { - "X-XSS-Protection": "1; mode=block", - "X-Content-Type-Options": "nosniff", - "Access-Control-Allow-Origin": "*" - }, - - contentSecurity: baseCSP.join('; ') + - "script-src 'self'" + domain, - - // CKEditor and OnlyOffice require significantly more lax content security policy in order to function. - padContentSecurity: baseCSP.join('; ') + - "script-src 'self' 'unsafe-eval' 'unsafe-inline'" + domain, - - /* it is recommended that you serve CryptPad over https - * the filepaths below are used to configure your certificates - */ - //privKeyAndCertFiles: [ - // '/etc/apache2/ssl/my_secret.key', - // '/etc/apache2/ssl/my_public_cert.crt', - // '/etc/apache2/ssl/my_certificate_authorities_cert_chain.ca' - //], - - /* Main pages - * add exceptions to the router so that we can access /privacy.html - * and other odd pages - */ - mainPages: [ - 'index', - 'privacy', - 'terms', - 'about', - 'contact', - 'what-is-cryptpad', - 'features', - 'faq', - 'maintenance' - ], - - /* ===================== - * Subscriptions - * ===================== */ - - /* Limits, Donations, Subscriptions and Contact + /* We're very proud that CryptPad is available to the public as free software! + * We do, however, still need to pay our bills as we develop the platform. * - * By default, CryptPad limits every registered user to 50MB of storage. It also shows a - * subscribe button which allows them to upgrade to a paid account. We handle payment, - * and keep 50% of the proceeds to fund ongoing development. + * By default CryptPad will prompt users to consider donating to + * our OpenCollective campaign. We publish the state of our finances periodically + * so you can decide for yourself whether our expenses are reasonable. * - * You can: - * A: leave things as they are - * B: disable accounts but display a donate button - * C: hide any reference to paid accounts or donation - * - * If you chose A then there's nothing to do. - * If you chose B, set 'allowSubscriptions' to false. - * If you chose C, set 'removeDonateButton' to true + * You can disable any solicitations for donations by setting 'removeDonateButton' to true, + * but we'd appreciate it if you didn't! */ - allowSubscriptions: false, - removeDonateButton: false, + removeDonateButton: true, + + /* CryptPad will display a point of contact for your instance on its contact page + * (/contact.html) if you provide it below. + */ + adminEmail: "__ADMIN_MAIL__", /* - * By default, CryptPad also contacts our accounts server once a day to check for changes in - * the people who have accounts. This check-in will also send the version of your CryptPad - * instance and your email so we can reach you if we are aware of a serious problem. We will - * never sell it or send you marketing mail. If you want to block this check-in and remain - * completely invisible, set this and allowSubscriptions both to false. - */ - adminEmail: '__ADMIN_EMAIL__', - - /* Sales coming from your server will be identified by your domain + * By default, CryptPad contacts one of our servers once a day. + * This check-in will also send some very basic information about your instance including its + * version and the adminEmail so we can reach you if we are aware of a serious problem. + * We will never sell it or send you marketing mail. * - * If you are using CryptPad in a business context, please consider taking a support contract - * by contacting sales@cryptpad.fr + * If you want to block this check-in and remain set 'blockDailyCheck' to true. */ - myDomain: _domain, + blockDailyCheck: true, /* - * If you are using CryptPad internally and you want to increase the per-user storage limit, - * change the following value. + * By default users get 50MB of storage by registering on an instance. + * You can set this value to whatever you want. * - * Please note: This limit is what makes people subscribe and what pays for CryptPad - * development. Running a public instance that provides a "better deal" than cryptpad.fr - * is effectively using the project against itself. + * hint: 50MB is 50 * 1024 * 1024 */ - defaultStorageLimit: 50 * 1024 * 1024, + //defaultStorageLimit: 50 * 1024 * 1024, + + + /* ===================== + * STORAGE + * ===================== */ + + /* Pads that are not 'pinned' by any registered user can be set to expire + * after a configurable number of days of inactivity (default 90 days). + * The value can be changed or set to false to remove expiration. + * Expired pads can then be removed using a cron job calling the + * `evict-inactive.js` script with node + * + * defaults to 90 days if nothing is provided + */ + //inactiveTime: 90, // days + + /* CryptPad archives some data instead of deleting it outright. + * This archived data still takes up space and so you'll probably still want to + * remove these files after a brief period. + * + * cryptpad/scripts/evict-inactive.js is intended to be run daily + * from a crontab or similar scheduling service. + * + * The intent with this feature is to provide a safety net in case of accidental + * deletion. Set this value to the number of days you'd like to retain + * archived data before it's removed permanently. + * + * defaults to 15 days if nothing is provided + */ + //archiveRetentionTime: 15, + + /* Max Upload Size (bytes) + * this sets the maximum size of any one file uploaded to the server. + * anything larger than this size will be rejected + * defaults to 20MB if no value is provided + */ + //maxUploadSize: 20 * 1024 * 1024, /* * CryptPad allows administrators to give custom limits to their friends. @@ -193,8 +207,8 @@ module.exports = { * * hint: 1GB is 1024 * 1024 * 1024 bytes */ +/* customLimits: { - /* "https://my.awesome.website/user/#/1/cryptpad-user1/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=": { limit: 20 * 1024 * 1024 * 1024, plan: 'insider', @@ -205,70 +219,15 @@ module.exports = { plan: 'insider', note: 'storage space donated by my.awesome.website' } - */ }, +*/ - /* ===================== - * STORAGE - * ===================== */ - - /* By default the CryptPad server will run scheduled tasks every five minutes - * If you want to run scheduled tasks in a separate process (like a crontab) - * you can disable this behaviour by setting the following value to true - */ - disableIntegratedTasks: false, - - /* Pads that are not 'pinned' by any registered user can be set to expire - * after a configurable number of days of inactivity (default 90 days). - * The value can be changed or set to false to remove expiration. - * Expired pads can then be removed using a cron job calling the - * `delete-inactive.js` script with node - */ - inactiveTime: 90, // days - - /* CryptPad can be configured to remove inactive data which has not been pinned. - * Deletion of data is always risky and as an operator you have the choice to - * archive data instead of deleting it outright. Set this value to true if - * you want your server to archive files and false if you want to keep using - * the old behaviour of simply removing files. + /* Users with premium accounts (those with a plan included in their customLimit) + * can benefit from an increased upload size limit. By default they are restricted to the same + * upload size as any other registered user. * - * WARNING: this is not implemented universally, so at the moment this will - * only apply to the removal of 'channels' due to inactivity. */ - retainData: true, - - /* As described above, CryptPad offers the ability to archive some data - * instead of deleting it outright. This archived data still takes up space - * and so you'll probably still want to remove these files after a brief period. - * The intent with this feature is to provide a safety net in case of accidental - * deletion. Set this value to the number of days you'd like to retain - * archived data before it's removed permanently. - * - * If 'retainData' is set to false, there will never be any archived data - * to remove. - */ - archiveRetentionTime: 15, - - /* Max Upload Size (bytes) - * this sets the maximum size of any one file uploaded to the server. - * anything larger than this size will be rejected - */ - maxUploadSize: 20 * 1024 * 1024, - - /* ===================== - * HARDWARE RELATED - * ===================== */ - - /* CryptPad's file storage adaptor closes unused files after a configurable - * number of milliseconds (default 30000 (30 seconds)) - */ - channelExpirationMs: 30000, - - /* CryptPad's file storage adaptor is limited by the number of open files. - * When the adaptor reaches openFileLimit, it will clean up older files - */ - openFileLimit: 2048, - + //premiumUploadSize: 100 * 1024 * 1024, /* ===================== * DATABASE VOLUMES @@ -295,12 +254,12 @@ module.exports = { * Pin requests are stored in a pin-store. The location of this store is * defined here. */ - pinPath: './pins', + pinPath: './data/pins', /* if you would like the list of scheduled tasks to be stored in a custom location, change the path below: */ - taskPath: './tasks', + taskPath: './data/tasks', /* if you would like users' authenticated blocks to be stored in a custom location, change the path below: @@ -315,7 +274,7 @@ module.exports = { /* CryptPad stores incomplete blobs in a 'staging' area until they are * fully uploaded. Set its location here. */ - blobStagingPath: './blobstage', + blobStagingPath: './data/blobstage', /* CryptPad supports logging events directly to the disk in a 'logs' directory * Set its location here, or set it to false (or nothing) if you'd rather not log @@ -356,42 +315,6 @@ module.exports = { */ logFeedback: false, - /* You can get a repl for debugging the server if you want it. - * to enable this, specify the debugReplName and then you can - * connect to it with `nc -U /tmp/repl/.sock` - * If you run multiple cryptpad servers, you need to use different - * repl names. - */ - //debugReplName: "cryptpad" - - /* ===================== - * DEPRECATED - * ===================== */ - /* - You have the option of specifying an alternative storage adaptor. - These status of these alternatives are specified in their READMEs, - which are available at the following URLs: - - mongodb: a noSQL database - https://github.com/xwiki-labs/cryptpad-mongo-store - amnesiadb: in memory storage - https://github.com/xwiki-labs/cryptpad-amnesia-store - leveldb: a simple, fast, key-value store - https://github.com/xwiki-labs/cryptpad-level-store - sql: an adaptor for a variety of sql databases via knexjs - https://github.com/xwiki-labs/cryptpad-sql-store - - For the most up to date solution, use the default storage adaptor. - */ - storage: './storage/file', - - /* CryptPad's socket server can be extended to respond to RPC calls - * you can configure it to respond to custom RPC calls if you like. - * provide the path to your RPC module here, or `false` if you would - * like to disable the RPC interface completely - */ - rpc: './rpc.js', - /* CryptPad supports verbose logging * (false by default) */ diff --git a/conf/nginx.conf b/conf/nginx.conf index 8586786..6117882 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,24 +1,21 @@ -location __PATH__/ { +location ^~ / { + # Force usage of https + if ($scheme = http) { + rewrite ^ https://$server_name$request_uri? permanent; + } + proxy_pass http://127.0.0.1:__PORT__; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; - try_files $uri $uri/index.html; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; - } - - proxy_pass http://localhost:__PORT__/; - add_header X-Frame-Options SAMEORIGIN; - proxy_set_header Host $host; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection upgrade; - - # Include SSOWAT user panel. - include conf.d/yunohost_panel.conf.inc; + # Include SSOWAT user panel. + include conf.d/yunohost_panel.conf.inc; + more_clear_input_headers 'Accept-Encoding'; } - -## TODO fix in the code so that we don't need this -location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard)$ { - rewrite ^(.*)$ $1/ redirect; -} - diff --git a/conf/systemd.service b/conf/systemd.service index d45c4ec..7134501 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -1,5 +1,5 @@ [Unit] -Description=CryptPad service +Description=Zero Knowledge realtime collaborative editor. After=syslog.target network.target [Service] @@ -7,8 +7,9 @@ Type=simple User=__APP__ Group=__APP__ WorkingDirectory=__FINALPATH__ +Environment=PATH=__ENV_PATH__ Environment=NODE_ENV=production -ExecStart=__NODE__/node server.js | tee /var/log/__APP__/cryptpad.log +ExecStart=__YNH_NPM__ start Restart=always [Install] diff --git a/issue_template.md b/issue_template.md new file mode 100644 index 0000000..b044dbe --- /dev/null +++ b/issue_template.md @@ -0,0 +1,46 @@ +--- +name: Bug report +about: Create a report to help us debug, it would be nice to fill the template as much as you can to help us, help you and help us all. + +--- + +**How to post a meaningful bug report** +1. *Read this whole template first.* +2. *Determine if you are on the right place:* + - *If you were performing an action on the app from the webadmin or the CLI (install, update, backup, restore, change url...), you are on the right place!* + - *Otherwise, the issue may be due to CryptPad itself. Refer to its documentation or repository for help.* + - *If you have a doubt, post here, we will figure it out together.* +3. *Delete the italic comments as you write over them below, and remove this guide.* +--- + +**Describe the bug** +*A clear and concise description of what the bug is.* + +**Versions** +- Hardware: *VPS bought online / Old laptop or computer / Raspberry Pi at home / Internet Cube with VPN / Other ARM board / ...* +- YunoHost version: x.x.x +- I have access to my server: *Through SSH | through the webadmin | direct access via keyboard / screen | ...* +- Are you in a special context or did you perform some particular tweaking on your YunoHost instance ?: *no / yes* + - If yes, please explain: +- Using, or trying to install package version/branch: +- If upgrading, current package version: *can be found in the admin, or with `yunohost app info cryptpad`* + +**To Reproduce** +*Steps to reproduce the behavior.* +- *If you performed a command from the CLI, the command itself is enough. For example:* + ```sh + sudo yunohost app install cryptpad + ``` +- *If you used the webadmin, please perform the equivalent command from the CLI first.* +- *If the error occurs in your browser, explain what you did:* + 1. *Go to '...'* + 2. *Click on '....'* + 3. *Scroll down to '....'* + 4. *See error* + +**Expected behavior** +*A clear and concise description of what you expected to happen. You can remove this section if the command above is enough to understand your intent.* + +**Logs** +*After a failed command, YunoHost makes the log available to you, but also to others, thanks to `yunohost log display [log name] --share`. The actual command, with the correct log name, is displayed at the end of the failed attempt in the CLI. Execute it and copy here the share link it outputs.* +*If applicable and useful, add screenshots to help explain your problem.* diff --git a/manifest.json b/manifest.json index f8ff658..4367ba2 100644 --- a/manifest.json +++ b/manifest.json @@ -3,10 +3,10 @@ "id": "cryptpad", "packaging_format": 1, "description": { - "en": "Encrypted Pad", - "fr": "Créateur de pad chiffré." + "en": "Zero Knowledge realtime collaborative editor", + "fr": "Éditeur chiffré collaboratif en temps réel." }, - "version": "2.16.0", + "version": "3.19.1~ynh1", "url": "https://cryptpad.fr/", "license": "AGPL-3.0-or-later", "maintainer": { @@ -15,7 +15,7 @@ "url": "https://frju365.yunohost.support" }, "requirements": { - "yunohost": ">= 3.0.0" + "yunohost": ">= 3.5" }, "multi_instance": false, "services": [ @@ -30,33 +30,33 @@ "en": "Choose a domain name for CryptPad", "fr": "Choisissez un nom de domaine pour CryptPad" }, - "example": "example.com" + "example": "cryptpad.example.com" }, { "name": "path", "type": "path", "ask": { - "en": "Choose a path for CryptPad, only / is allowed.", - "fr": "Choisissez un chemin pour CryptPad, seul / est autorisé." + "en": "Choose a path for CryptPad, requires a dedicated sub-domain/domain.", + "fr": "Choisissez un chemin pour CryptPad, nécessite un sous-domaine/domaine dédié." }, "example": "/", "default": "/" }, - { - "name": "email", - "type": "email", + { + "name": "admin", + "type": "user", "ask": { - "en": "Choose an email for the admin user.", - "fr": "Choisissez une adresse mail pour l'administrateur" + "en": "Choose an admin user", + "fr": "Choisissez l’administrateur" }, - "example": "example@example.tld" + "example": "johndoe" }, { "name": "is_public", "type": "boolean", "ask": { - "en": "Is it a public site? ", - "fr": "Est-ce un site publique ? " + "en": "Is it a public site?", + "fr": "Est-ce un site publique ?" }, "default": true } diff --git a/pull_request_template.md b/pull_request_template.md new file mode 100644 index 0000000..9aa2a24 --- /dev/null +++ b/pull_request_template.md @@ -0,0 +1,18 @@ +## Problem +- *Description of why you made this PR* + +## Solution +- *And how do you fix that problem* + +## PR Status +- [ ] Code finished. +- [ ] Tested with Package_check. +- [ ] Fix or enhancement tested. +- [ ] Upgrade from last version tested. +- [ ] Can be reviewed and tested. + +## Package_check results +--- +*If you have access to [App Continuous Integration for packagers](https://yunohost.org/#/packaging_apps_ci) you can provide a link to the package_check results like below, replacing '-NUM-' in this link by the PR number and USERNAME by your username on the ci-apps-dev. Or you provide a screenshot or a pastebin of the results* + +[![Build Status](https://ci-apps-dev.yunohost.org/jenkins/job/cryptpad_ynh%20PR-NUM-%20(USERNAME)/badge/icon)](https://ci-apps-dev.yunohost.org/jenkins/job/cryptpad_ynh%20PR-NUM-%20(USERNAME)/) diff --git a/scripts/_common.sh b/scripts/_common.sh index b748093..6fa19b1 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -3,83 +3,17 @@ #================================================= # COMMON VARIABLES #================================================= -nodejs_version=6 + +nodejs_version=12 #================================================= - -# Start or restart a service and follow its booting -# -# usage: ynh_check_starting "Line to match" [Log file] [Timeout] [Service name] -# -# | arg: Line to match - The line to find in the log to attest the service have finished to boot. -# | arg: Log file - The log file to watch -# | arg: Service name -# /var/log/$app/$app.log will be used if no other log is defined. -# | arg: Timeout - The maximum time to wait before ending the watching. Defaut 300 seconds. -ynh_check_starting () { - local line_to_match="$1" - local service_name="${4:-$app}" - local app_log="${2:-/var/log/$service_name/$service_name.log}" - local timeout=${3:-300} - - ynh_clean_check_starting () { - # Stop the execution of tail. - kill -s 15 $pid_tail 2>&1 - ynh_secure_remove "$templog" 2>&1 - } - - echo "Starting of $service_name" >&2 - systemctl stop $service_name - local templog="$(mktemp)" - # Following the starting of the app in its log - tail -F -n0 "$app_log" > "$templog" & - # Get the PID of the tail command - local pid_tail=$! - systemctl start $service_name - - local i=0 - for i in `seq 1 $timeout` - do - # Read the log until the sentence is found, that means the app finished to start. Or run until the timeout - if grep --quiet "$line_to_match" "$templog" - then - echo "The service $service_name has correctly started." >&2 - break - fi - echo -n "." >&2 - sleep 1 - done - if [ $i -eq $timeout ] - then - echo "The service $service_name didn't fully started before the timeout." >&2 - fi - - echo "" - ynh_clean_check_starting -} - +# PERSONAL HELPERS #================================================= +#================================================= +# EXPERIMENTAL HELPERS +#================================================= -# EXEC_LOGIN_AS Helper - -# Execute a command as another user with login -# (hence in user home dir, with prior loading of .profile, etc.) -# usage: exec_login_as USER COMMAND [ARG ...] -exec_login_as() { - local user=$1 - shift 1 - exec_as $user --login "$@" -} -# Execute a command as another user -# usage: exec_as USER COMMAND [ARG ...] -exec_as() { - local user=$1 - shift 1 - - if [[ $user = $(whoami) ]]; then - eval "$@" - else - sudo -u "$user" "$@" - fi -} +#================================================= +# FUTURE OFFICIAL HELPERS +#================================================= \ No newline at end of file diff --git a/scripts/backup b/scripts/backup index a2c07cd..a44954a 100644 --- a/scripts/backup +++ b/scripts/backup @@ -6,18 +6,17 @@ # IMPORT GENERIC HELPERS #================================================= -if [ ! -e _common.sh ]; then - # Get the _common.sh file if it's not in the current directory - cp ../settings/scripts/_common.sh ./_common.sh - chmod a+rx _common.sh -fi -source _common.sh +#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers #================================================= # MANAGE SCRIPT FAILURE #================================================= +ynh_clean_setup () { + ynh_clean_check_starting +} # Exit if an error occurs during the execution of the script ynh_abort_if_errors @@ -26,31 +25,37 @@ ynh_abort_if_errors #================================================= app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get $app domain) -final_path=$(ynh_app_setting_get $app final_path) + +domain=$(ynh_app_setting_get --app=$app --key=domain) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= -# STANDARD BACKUP STEPS +# DECLARE DATA AND CONF FILES TO BACKUP #================================================= -# BACKUP APP MAIN DIR -#================================================= - -CHECK_SIZE "$final_path" -ynh_backup "$final_path" "sources" +ynh_print_info --message="Declaring files to be backed up..." #================================================= -# BACKUP NGINX CONFIGURATION +# BACKUP THE APP MAIN DIR #================================================= -ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" "nginx.conf" +ynh_backup --src_path="$final_path" #================================================= -# BACKUP LOGROTATE CONFIGURATION -#================================================= -ynh_backup "/etc/logrotate.d/$app" "logrotate" - -#================================================= -# BACKUP SYSTEMD CONFIGURATION +# BACKUP THE NGINX CONFIGURATION #================================================= -ynh_backup "/etc/systemd/system/$app.service" "systemd.service" +ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" + +#================================================= +# SPECIFIC BACKUP +#================================================= +# BACKUP SYSTEMD +#================================================= + +ynh_backup --src_path="/etc/systemd/system/$app.service" + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." diff --git a/scripts/change_url b/scripts/change_url new file mode 100644 index 0000000..90f9f1b --- /dev/null +++ b/scripts/change_url @@ -0,0 +1,123 @@ +#!/bin/bash + +#================================================= +# GENERIC STARTING +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# RETRIEVE ARGUMENTS +#================================================= + +old_domain=$YNH_APP_OLD_DOMAIN +old_path=$YNH_APP_OLD_PATH + +new_domain=$YNH_APP_NEW_DOMAIN +new_path=$YNH_APP_NEW_PATH + +app=$YNH_APP_INSTANCE_NAME + +#================================================= +# LOAD SETTINGS +#================================================= +ynh_script_progression --message="Loading installation settings..." --weight=1 + +# Needed for helper "ynh_add_nginx_config" +final_path=$(ynh_app_setting_get --app=$app --key=final_path) + +#================================================= +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +#================================================= +ynh_script_progression --message="Backing up the app before changing its url (may take a while)..." --weight=2 + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location. + ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" + + # restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# CHECK WHICH PARTS SHOULD BE CHANGED +#================================================= + +change_domain=0 +if [ "$old_domain" != "$new_domain" ] +then + change_domain=1 +fi + +change_path=0 +if [ "$old_path" != "$new_path" ] +then + change_path=1 +fi + +#================================================= +# STANDARD MODIFICATIONS +#================================================= +# STOP SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Stopping a systemd service..." --weight=1 + +ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" + +#================================================= +# MODIFY URL IN NGINX CONF +#================================================= +ynh_script_progression --message="Updating nginx web server configuration..." --time --weight=1 + +nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf + +# Change the path in the nginx config file +if [ $change_path -eq 1 ] +then + # Make a backup of the original nginx config file if modified + ynh_backup_if_checksum_is_different --file="$nginx_conf_path" + # Set global variables for nginx helper + domain="$old_domain" + path_url="$new_path" + # Create a dedicated nginx config + ynh_add_nginx_config +fi + +# Change the domain for nginx +if [ $change_domain -eq 1 ] +then + # Delete file checksum for the old conf file location + ynh_delete_file_checksum --file="$nginx_conf_path" + mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf + # Store file checksum for the new config file location + ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" +fi + +#================================================= +# GENERIC FINALISATION +#================================================= +# START SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Starting a systemd service..." --weight=1 + +ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="server available" + +#================================================= +# RELOAD NGINX +#================================================= +ynh_script_progression --message="Reloading nginx web server..." --weight=1 + +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Change of URL completed for $app" --last diff --git a/scripts/install b/scripts/install index 47ccb7d..15de734 100644 --- a/scripts/install +++ b/scripts/install @@ -13,7 +13,11 @@ source /usr/share/yunohost/helpers # MANAGE FAILURE OF THE SCRIPT #================================================= -ynh_abort_if_errors # Active trap pour arrêter le script si une erreur est détectée. +ynh_clean_setup () { + ynh_clean_check_starting +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST @@ -21,78 +25,80 @@ ynh_abort_if_errors # Active trap pour arrêter le script si une erreur est dét domain=$YNH_APP_ARG_DOMAIN is_public=$YNH_APP_ARG_IS_PUBLIC -path_url=$YNH_APP_ARG_PATH -admin_email=$YNH_APP_ARG_EMAIL +path_url="/" +admin=$YNH_APP_ARG_ADMIN app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THIS ARGS #================================================= +ynh_script_progression --message="Validating installation parameters..." --weight=1 final_path=/var/www/$app test ! -e "$final_path" || ynh_die "This path already contains a folder" -# Normalize the url path syntax -path_url=$(ynh_normalize_url_path $path_url) - -# Check web path availability -ynh_webpath_available $domain $path_url # Register (book) web path -ynh_webpath_register $app $domain $path_url +ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= -ynh_app_setting_set $app domain "$domain" -ynh_app_setting_set $app is_public "$is_public" -ynh_app_setting_set $app path_url "$path_url" +ynh_app_setting_set --app=$app --key=domain --value=$domain +ynh_app_setting_set --app=$app --key=is_public --value=$is_public +ynh_app_setting_set --app=$app --key=path_url --value=$path_url +ynh_app_setting_set --app=$app --key=admin --value=$admin + +admin_mail=$(ynh_user_get_info "$admin" 'mail') #================================================= # STANDARD MODIFICATIONS #================================================= # FIND AND OPEN A PORT #================================================= +ynh_script_progression --message="Configuring firewall..." --weight=1 -# Find a free port -port=$(ynh_find_port 4000) -# Open this port -yunohost firewall allow --no-upnp TCP $port 2>&1 -ynh_app_setting_set $app port $port - -porti=$(ynh_find_port 5000) -# Open this port -yunohost firewall allow --no-upnp TCP $porti 2>&1 -ynh_app_setting_set $app porti $porti +# Find an available port +port=$(ynh_find_port --port=3000) +ynh_app_setting_set --app=$app --key=port --value=$port +# Find an available port +porti=$(ynh_find_port --port=$(($port + 1))) +ynh_app_setting_set --app=$app --key=porti --value=$porti #================================================= -# INSTALL NODEJS +# INSTALL NODEJS & YARN #================================================= +ynh_script_progression --message="Installing dependencies..." --weight=20 -ynh_install_nodejs $nodejs_version +# Install Nodejs +ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version + +# Install Yarn +ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" #================================================= # CREATE DEDICATED USER #================================================= +ynh_script_progression --message="Configuring system user..." --weight=1 # Create a system user -ynh_system_user_create $app +ynh_system_user_create --username=$app -#================================================= -# SPECIFIC SETUP #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= +ynh_script_progression --message="Setting up source files..." --weight=10 -ynh_app_setting_set $app final_path $final_path +ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source "$final_path" +ynh_setup_source --dest_dir="$final_path" #================================================= # NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Configuring nginx web server..." --weight=1 # Create a dedicated nginx config ynh_add_nginx_config @@ -100,82 +106,87 @@ ynh_add_nginx_config #================================================= # SETUP SYSTEMD #================================================= +ynh_script_progression --message="Configuring a systemd service..." --weight=1 + +ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../conf/systemd.service" +ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="../conf/systemd.service" +ynh_replace_string --match_string="__ENV_PATH__" --replace_string="$PATH" --target_file="../conf/systemd.service" +ynh_replace_string --match_string="__YNH_NPM__" --replace_string="$ynh_npm" --target_file="../conf/systemd.service" -# Create a dedicated systemd config ynh_add_systemd_config -ynh_replace_string "__NODEJS__" "$nodejs_version" "/etc/systemd/system/$app.service" -ynh_replace_string "__ENV_PATH__" "$PATH" "/etc/systemd/system/$app.service" -ynh_replace_string "__NODE__" "$nodejs_path" "/etc/systemd/system/$app.service" -systemctl daemon-reload #================================================= -# Créer le dossier de log -#================================================= - -mkdir -p /var/log/$app -touch /var/log/$app/cryptpad.log -install_log=/var/log/$app/installation.log -touch $install_log -chown $app: -R /var/log/$app -chown admin: -R $install_log - -#================================================= -# CONFIGURE SERVER.JS +# CONFIGURE CONFIG.JS #================================================= # Copy default configuration file mv "../conf/config.js" "$final_path/config/config.js" -ynh_replace_string "_domain = 'http://localhost:3000/'" "_domain = 'https://$domain$path_url'" "$final_path/config/config.js" -# Set service port -ynh_replace_string "__PORT__" "$port" "$final_path/config/config.js" -ynh_replace_string "__PORTI__" "$porti" "$final_path/config/config.js" -# Tune CSP to allow for YunoHost tile -#ynh_replace_string "\"script-src 'self'\"" "\"script-src 'self' 'unsafe-eval'\"" "$final_path/config/config.js" -# Remove donate button -ynh_replace_string "removeDonateButton: false" "removeDonateButton: true" "$final_path/config/config.js" -# Disable analytics unsolicited communications -ynh_replace_string "__ADMIN_EMAIL_" "$admin_email" "$final_path/config/config.js" +ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$final_path/config/config.js" +ynh_replace_string --match_string="__PORTI__" --replace_string="$porti" --target_file="$final_path/config/config.js" +ynh_replace_string --match_string="__ADMIN_MAIL__" --replace_string="$admin_mail" --target_file="$final_path/config/config.js" + # Store file checksum to detected user modifications on upgrade ynh_store_file_checksum "$final_path/config/config.js" #================================================= # INSTALL CRYPTPAD #================================================= +ynh_script_progression --message="Building $app... (this will take some time and resources!)" --weight=60 -script_dir="$PWD" -pushd "$final_path" -npm install --allow-root -npm install -g bower --allow-root -bower install --allow-root -popd +pushd "$final_path" || ynh_die + + ynh_use_nodejs + ynh_exec_warn_less yarn install --allow-root + yarn global add bower + bower install --allow-root + +popd || ynh_die #================================================= # Set some permissions #================================================= +ynh_script_progression --message="Securing files and directories..." --weight=1 -chown $app:$app $final_path -R -chown $app:$app /var/log/$app/cryptpad.log +chown -R $app:$app $final_path #================================================= -# ENABLE SERVICE IN ADMIN PANEL +# INTEGRATE SERVICE IN ADMIN PANEL #================================================= +ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 # Ajoute le service au monitoring de Yunohost. yunohost service add $app --log "/var/log/$app/$app.log" +#================================================= +# START SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Starting a systemd service..." --weight=2 + +# Start a systemd service +ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="server available" + #================================================= # SETUP SSOWAT #================================================= +ynh_script_progression --message="Configuring SSOwat..." --weight=1 -if [ $is_public -eq 1 ]; +# Make app public if necessary +if [ $is_public -eq 1 ] then - ynh_app_setting_set "$app" unprotected_uris "/" + # unprotected_uris allows SSO credentials to be passed anyway. + ynh_permission_update --permission "main" --add visitors fi -ynh_check_starting "loading rpc module..." "/var/log/$app/cryptpad.log" "15" #================================================= # RELOAD NGINX #================================================= +ynh_script_progression --message="Reloading nginx web server..." --weight=1 -systemctl reload nginx +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Installation of $app completed" --last diff --git a/scripts/remove b/scripts/remove index 09347d1..3595298 100644 --- a/scripts/remove +++ b/scripts/remove @@ -12,64 +12,70 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= +ynh_script_progression --message="Loading installation settings..." --weight=1 app=$YNH_APP_INSTANCE_NAME -port=$(ynh_app_setting_get $app port) -# Retrieve app settings -domain=$(ynh_app_setting_get $app domain) -final_path=$(ynh_app_setting_get $app final_path) + +port=$(ynh_app_setting_get --app=$app --key=port) +domain=$(ynh_app_setting_get --app=$app --key=domain) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= # STANDARD REMOVE +#================================================= +# REMOVE SERVICE INTEGRATION IN YUNOHOST +#================================================= + +# Remove the service from the list of services known by Yunohost (added from `yunohost service add`) +if ynh_exec_warn_less yunohost service status $app >/dev/null +then + ynh_script_progression --message="Removing $app service..." --weight=3 + yunohost service remove $app +fi + #================================================= # STOP AND REMOVE SERVICE #================================================= +ynh_script_progression --message="Stopping and removing the systemd service..." --weight=2 # Remove the dedicated systemd config ynh_remove_systemd_config -#================================================= -# REMOVE SERVICE FROM ADMIN PANEL -#================================================= - -# Remove a service from the admin panel, added by `yunohost service add` -if yunohost service status | grep -q $app -then - echo "Remove $app service" - yunohost service remove $app -fi - #================================================= # REMOVE NODEJS #================================================= +ynh_script_progression --message="Removing dependencies..." --weight=3 ynh_remove_nodejs #================================================= # REMOVE APP MAIN DIR #================================================= +ynh_script_progression --message="Removing app main directory..." --weight=3 # Remove the app directory securely -ynh_secure_remove "$final_path" +ynh_secure_remove --file="$final_path" #================================================= # REMOVE NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Removing nginx web server configuration..." --weight=1 # Remove the dedicated nginx config ynh_remove_nginx_config -#================================================= -# REMOVE THE LOGROTATE CONFIG -#================================================= - -ynh_remove_logrotate # Remove the app-specific logrotate config -ynh_secure_remove "/var/log/$app/" - #================================================= # GENERIC FINALIZATION #================================================= # REMOVE DEDICATED USER #================================================= +ynh_script_progression --message="Removing the dedicated system user..." --weight=1 -ynh_system_user_delete $app +# Delete a system user +ynh_system_user_delete --username=$app + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Removal of $app completed" --last diff --git a/scripts/restore b/scripts/restore index e684b29..2cd223f 100644 --- a/scripts/restore +++ b/scripts/restore @@ -6,12 +6,8 @@ # IMPORT GENERIC HELPERS #================================================= -if [ ! -e _common.sh ]; then - # Get the _common.sh file if it's not in the current directory - cp ../settings/scripts/_common.sh ./_common.sh - chmod a+rx _common.sh -fi -source _common.sh +#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers #================================================= @@ -19,7 +15,6 @@ source /usr/share/yunohost/helpers #================================================= ynh_clean_setup () { -# Nettoyage des résidus d'installation non pris en charge par le script remove. ynh_clean_check_starting } # Exit if an error occurs during the execution of the script @@ -28,81 +23,98 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= +ynh_script_progression --message="Loading installation settings..." --weight=1 app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get $app domain) -path_url=$(ynh_app_setting_get $app path) -is_public=$(ynh_app_setting_get $app is_public) -final_path=$(ynh_app_setting_get $app final_path) +domain=$(ynh_app_setting_get --app=$app --key=domain) +path_url=$(ynh_app_setting_get --app=$app --key=path) +is_public=$(ynh_app_setting_get --app=$app --key=is_public) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= +ynh_script_progression --message="Validating restoration parameters..." --weight=1 -ynh_webpath_available $domain $path_url \ - || ynh_die "Path not available: ${domain}${path_url}" +ynh_webpath_available --domain=$domain --path_url=$path_url \ + || ynh_die --message="Path not available: ${domain}${path_url}" test ! -d $final_path \ -|| ynh_die "There is already a directory: $final_path " + || ynh_die --message="There is already a directory: $final_path " #================================================= -# STANDARD RESTORE STEPS +# STANDARD RESTORATION STEPS #================================================= -# RESTORE OF THE NGINX CONFIGURATION +# RESTORE THE NGINX CONFIGURATION #================================================= -ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= -# RESTORE OF THE MAIN DIR OF THE APP +# RESTORE THE APP MAIN DIR #================================================= +ynh_script_progression --message="Restoring the app main directory..." --weight=6 -ynh_restore_file "$final_path" +ynh_restore_file --origin_path="$final_path" #================================================= # RECREATE THE DEDICATED USER #================================================= +ynh_script_progression --message="Recreating the dedicated system user..." --weight=1 -ynh_system_user_create $app $final_path # Recreate the dedicated user, if it doesn't exist +# Create the dedicated user (if not existing) +ynh_system_user_create --username=$app #================================================= -# SPECIFIC RESTORE -#================================================= -# HANDLE LOG FILES AND LOGROTATE +# RESTORE USER RIGHTS #================================================= -mkdir -p /var/log/$app -touch /var/log/$app/etherpad.log -install_log=/var/log/$app/installation.log -touch $install_log -chown $app -R /var/log/$app -chown admin -R $install_log - -# Restore logrotate configuration -ynh_restore_file "/etc/logrotate.d/$app" +# Restore permissions on app files +chown -R $app:$app $final_path #================================================= -# INSTALL NODEJS +# REINSTALL DEPENDENCIES #================================================= +ynh_script_progression --message="Reinstalling dependencies..." --weight=7 -ynh_install_nodejs $nodejs_version +# Install Nodejs +ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version -#================================================= -# ENABLE SERVICE IN ADMIN PANEL -#================================================= - -yunohost service add $app --log "/var/log/$app/etherpad.log" +# Install Yarn +ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" #================================================= # RESTORE SYSTEMD #================================================= +ynh_script_progression --message="Restoring the systemd configuration..." --weight=1 -ynh_restore_file "/etc/systemd/system/$app.service" -## Démarrage auto du service +ynh_restore_file --origin_path="/etc/systemd/system/$app.service" systemctl enable $app.service #================================================= -# RELOAD NGINX +# INTEGRATE SERVICE IN YUNOHOST #================================================= -systemctl reload nginx +yunohost service add $app --description "Zero Knowledge realtime collaborative editor" --log "/var/log/$app/$app.log" + +#================================================= +# START SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Starting a systemd service..." --weight=1 + +ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="server available" + +#================================================= +# GENERIC FINALIZATION +#================================================= +# RELOAD NGINX +#================================================= +ynh_script_progression --message="Reloading nginx web server..." --weight=1 + +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Restoration completed for $app" --last diff --git a/scripts/upgrade b/scripts/upgrade index 6165a06..2257ea6 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,7 +1,5 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -set -eu #================================================= # GENERIC STARTING #================================================= @@ -23,147 +21,176 @@ DESTDIR="/var/www/$app" "The destination directory '$DESTDIR' does not exist.\ The app is not correctly installed, you should remove it first." -# Retrieve arguments -domain=$(ynh_app_setting_get "$app" domain) -path_url=$(ynh_normalize_url_path "$(ynh_app_setting_get "$app" path_url)") -final_path=$(ynh_app_setting_get "$app" final_path) -is_public=$(ynh_app_setting_get "$app" is_public) -port=$(ynh_app_setting_get "$app" port) +#================================================= +# LOAD SETTINGS +#================================================= +ynh_script_progression --message="Loading installation settings..." --weight=1 + +domain=$(ynh_app_setting_get --app=$app --key=domain) +path_url=$(ynh_app_setting_get --app=$app --key=path_url) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +is_public=$(ynh_app_setting_get --app=$app --key=is_public) +admin=$(ynh_app_setting_get --app=$app --key=admin) +admin_mail=$(ynh_user_get_info '$admin' 'mail') +port=$(ynh_app_setting_get --app=$app --key=port) +porti=$(ynh_app_setting_get --app=$app --key=porti) #================================================= -# MANAGE SCRIPT FAILURE +# CHECK VERSION #================================================= -# Use prior backup and restore on error only if backup feature -# exists on installed instance -if [ -f "/etc/yunohost/apps/$app/scripts/backup" ] ; then - ynh_backup_before_upgrade # Backup the current version of the app - ynh_clean_setup () { - ynh_restore_upgradebackup - } - ynh_abort_if_errors # Stop script if an error is detected +upgrade_type=$(ynh_check_app_version_changed) + +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= +ynh_script_progression --message="Ensuring downward compatibility..." --weight=2 + +# Fix is_public as a boolean value +if [ "$is_public" = "Yes" ]; then + ynh_app_setting_set --app=$app --key=is_public --value=1 + is_public=1 +elif [ "$is_public" = "No" ]; then + ynh_app_setting_set --app=$app --key=is_public --value=0 + is_public=0 +fi + +# If final_path doesn't exist, create it +if [ -z "$final_path" ]; then + final_path=/var/www/$app + ynh_app_setting_set --app=$app --key=final_path --value=$final_path fi #================================================= -# INSTALL NODEJS +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= -ynh_install_nodejs $nodejs_version +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1 + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors #================================================= -# CREATE DEDICATED USER +# STANDARD UPGRADE STEPS #================================================= +# STOP SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Stopping a systemd service..." --weight=1 -ynh_system_user_create $app - -#================================================= -# SPECIFIC SETUP -#================================================= -# HANDLE LOG FILES AND LOGROTATE -#================================================= - -# Setup logrotate -ynh_use_logrotate /var/log/${app}/*.log --non-append +ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -final_path=/var/www/$app -ynh_app_setting_set $app final_path $final_path -ynh_setup_source $final_path +if [ "$upgrade_type" == "UPGRADE_APP" ] +then + ynh_script_progression --message="Upgrading source files..." --weight=1 -# Set files ownership during installation -sudo chown $app: $final_path -R -sudo chmod 755 $final_path -R + # Download, check integrity, uncompress and patch the source from app.src + ynh_setup_source --dest_dir="$final_path" +fi #================================================= -# Modify Nginx configuration file and copy it to Nginx conf directory +# NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Upgrading nginx web server configuration..." --weight=1 +# Create a dedicated nginx config ynh_add_nginx_config #================================================= -# ADD SYSTEMD SERVICE +# INSTALL NODEJS #================================================= +ynh_script_progression --message="Upgrading dependencies..." --weight=6 -ynh_replace_string "__NODE__" "$nodejs_path" "../conf/systemd.service" -ynh_replace_string "__NODEJS__" "$nodejs_version" "../conf/systemd.service" -ynh_replace_string "__ENV_PATH__" "$PATH" "../conf/systemd.service" -ynh_add_systemd_config +# Install Nodejs +ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version + +# Install Yarn +ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" #================================================= -# CONFIGURE SERVER.JS +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 + +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app + +#================================================= +# CONFIGURE CONFIG.JS #================================================= -# Backup configuration file if changed -ynh_backup_if_checksum_is_different "$final_path/config.js" ynh_backup_if_checksum_is_different "$final_path/config/config.js" # Copy default configuration file mv "../conf/config.js" "$final_path/config/config.js" -# Set service port -ynh_replace_string "__PORT__" "$port" "$final_path/config/config.js" -ynh_replace_string "__PORTI__" "$porti" "$final_path/config/config.js" -# Tune CSP to allow for YunoHost tile -ynh_replace_string "\"script-src 'self'\"" "\"script-src 'self' 'unsafe-eval'\"" "$final_path/config/config.js" -# Remove donate button -ynh_replace_string "removeDonateButton: false" "removeDonateButton: true" "$final_path/config/config.js" -# Disable analytics unsolicited communications -ynh_replace_string "__ADMIN_EMAIL_" "$admin_email" "$final_path/config/config.js" +ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$final_path/config/config.js" +ynh_replace_string --match_string="__PORTI__" --replace_string="$porti" --target_file="$final_path/config/config.js" +ynh_replace_string --match_string="__ADMIN_MAIL__" --replace_string="$admin_mail" --target_file="$final_path/config/config.js" # Store file checksum to detected user modifications on upgrade ynh_store_file_checksum "$final_path/config/config.js" + #================================================= # INSTALL CRYPTPAD #================================================= +ynh_script_progression --message="Building $app... (this will take some time and resources!)" --weight=60 -script_dir="$PWD" -pushd "$final_path" -chown -R $app: $final_path -npm install -npm install -g bower -exec_login_as $app cd $final_path && env PATH=$PATH bower install -popd +pushd "$final_path" || ynh_die + + ynh_use_nodejs + ynh_exec_warn_less yarn install --allow-root + yarn global add bower + bower install --allow-root + +popd || ynh_die #================================================= -# SET FILES OWNERSHIP +# SETUP SYSTEMD #================================================= +ynh_script_progression --message="Upgrading systemd configuration..." --weight=1 -sudo chown -R root: $final_path -sudo chown -R $app: $final_path/datastore $final_path/pins $final_path/blob $final_path/blobstage +ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../conf/systemd.service" +ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="../conf/systemd.service" +ynh_replace_string --match_string="__ENV_PATH__" --replace_string="$PATH" --target_file="../conf/systemd.service" +ynh_replace_string --match_string="__YNH_NPM__" --replace_string="$ynh_npm" --target_file="../conf/systemd.service" + +# Create a dedicated systemd config +ynh_add_systemd_config #================================================= -# INSTALL MODULES FOR CRYPTPAD +# SECURE FILES AND DIRECTORIES #================================================= +ynh_script_progression --message="Upgrading systemd configuration..." --weight=1 -#npm install cryptpad-level-store; +# Set permissions on app files +chown -R $app:$app $final_path #================================================= -# ENABLE SERVICE IN ADMIN PANEL +# START SYSTEMD SERVICE #================================================= +ynh_script_progression --message="Starting a systemd service..." --weight=1 -# Ajoute le service au monitoring de Yunohost. -sudo yunohost service add $app --log "/var/log/$app/$app.log" - -#================================================= -# START CRYPTPAD IN BACKGROUND -#================================================= - -sudo systemctl start $app - -#================================================= -# SETUP SSOWAT -#================================================= - -if [ $is_public -eq 1 ]; -then - ynh_app_setting_set "$app" unprotected_uris "/" -fi +ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="server available" #================================================= # RELOAD NGINX #================================================= -sudo systemctl restart php5-fpm -sudo systemctl reload nginx +ynh_script_progression --message="Reloading nginx web server..." --weight=1 + +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Upgrade of $app completed" --last