1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/cryptpad_ynh.git synced 2024-09-03 18:26:14 +02:00

Merge pull request #107 from YunoHost-Apps/testing

Testing
This commit is contained in:
Éric Gaspar 2021-09-22 14:08:10 +02:00 committed by GitHub
commit 698a9f1936
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
17 changed files with 226 additions and 50 deletions

130
.github/workflows/updater.sh vendored Normal file
View file

@ -0,0 +1,130 @@
#!/bin/bash
#=================================================
# PACKAGE UPDATING HELPER
#=================================================
# This script is meant to be run by GitHub Actions
# The YunoHost-Apps organisation offers a template Action to run this script periodically
# Since each app is different, maintainers can adapt its contents so as to perform
# automatic actions when a new upstream release is detected.
# Remove this exit command when you are ready to run this Action
#exit 1
#=================================================
# FETCHING LATEST RELEASE AND ITS ASSETS
#=================================================
# Fetching information
current_version=$(cat manifest.json | jq -j '.version|split("~")[0]')
repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]')
# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions)
version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1)
assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'"))
if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then
version=${version:1}
fi
# Setting up the environment variables
echo "Current version: $current_version"
echo "Latest release from upstream: $version"
echo "VERSION=$version" >> $GITHUB_ENV
# For the time being, let's assume the script will fail
echo "PROCEED=false" >> $GITHUB_ENV
# Proceed only if the retrieved version is greater than the current one
if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then
echo "::warning ::No new version available"
exit 0
# Proceed only if a PR for this new version does not already exist
elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then
echo "::warning ::A branch already exists for this update"
exit 0
fi
# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.)
echo "${#assets[@]} available asset(s)"
#=================================================
# UPDATE SOURCE FILES
#=================================================
# Here we use the $assets variable to get the resources published in the upstream release.
# Here is an example for Grav, it has to be adapted in accordance with how the upstream releases look like.
# Let's loop over the array of assets URLs
for asset_url in ${assets[@]}; do
echo "Handling asset at $asset_url"
# Assign the asset to a source file in conf/ directory
# Here we base the source file name upon a unique keyword in the assets url (admin vs. update)
# Leave $src empty to ignore the asset
case $asset_url in
*".tar.gz"*)
src="app"
;;
esac
# If $src is not empty, let's process the asset
if [ ! -z "$src" ]; then
# Create the temporary directory
tempdir="$(mktemp -d)"
# Download sources and calculate checksum
filename=${asset_url##*/}
curl --silent -4 -L $asset_url -o "$tempdir/$filename"
checksum=$(sha256sum "$tempdir/$filename" | head -c 64)
# Delete temporary directory
rm -rf $tempdir
# Get extension
if [[ $filename == *.tar.gz ]]; then
extension=tar.gz
else
extension=${filename##*.}
fi
# Rewrite source file
cat <<EOT > conf/$src.src
SOURCE_URL=$asset_url
SOURCE_SUM=$checksum
SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=$extension
SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=cryptpad.tar.gz
EOT
echo "... conf/$src.src updated"
else
echo "... asset ignored"
fi
done
#=================================================
# SPECIFIC UPDATE STEPS
#=================================================
# Any action on the app's source code can be done.
# The GitHub Action workflow takes care of committing all changes after this script ends.
#=================================================
# GENERIC FINALIZATION
#=================================================
# Install moreutils, needed for sponge
sudo apt-get install moreutils
# Replace new version in manifest
echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json
# No need to update the README, yunohost-bot takes care of it
# The Action will proceed only if the PROCEED environment variable is set to true
echo "PROCEED=true" >> $GITHUB_ENV
exit 0

View file

@ -15,9 +15,9 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
## Overview ## Overview
Zero Knowledge realtime collaborative editor CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. It is built to enable collaboration, synchronizing changes to documents in real time. Because all data is encrypted, the service and its administrators have no way of seeing the content being edited and stored.
**Shipped version:** 4.10.0~ynh1 **Shipped version:** 4.11.0~ynh1
**Demo:** https://cryptpad.fr/ **Demo:** https://cryptpad.fr/
@ -29,12 +29,19 @@ Zero Knowledge realtime collaborative editor
## Configuration ## Configuration
* How to configure this app: From the admin panel and the plain file `/var/www/cryptpad/config/config.js.` Once CryptPad is installed, create an account via the Register button on the home page. To make this account an instance administrator:
1. Copy the public key found in User Menu (avatar at the top right) > Settings > Account > Public Signing Key
2. Paste this key in `/var/www/cryptpad/config/config.js` in the following array (uncomment and replace the placeholder):
```
adminKeys: [
"[cryptpad-user1@my.awesome.website/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=]",
],
```
## Documentation and resources ## Documentation and resources
* Official app website: https://cryptpad.fr/ * Official app website: https://cryptpad.fr/
* Official user documentation: https://yunohost.org/apps
* Official admin documentation: https://docs.cryptpad.fr/en/ * Official admin documentation: https://docs.cryptpad.fr/en/
* Upstream app code repository: https://github.com/xwiki-labs/cryptpad * Upstream app code repository: https://github.com/xwiki-labs/cryptpad
* YunoHost documentation for this app: https://yunohost.org/app_cryptpad * YunoHost documentation for this app: https://yunohost.org/app_cryptpad

View file

@ -11,9 +11,9 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour
## Vue d'ensemble ## Vue d'ensemble
Éditeur chiffré collaboratif en temps réel. CryptPad est une suite de collaboration chiffrée de bout en bout et open source. Il est conçu pour permettre la collaboration, en synchronisant les modifications apportées aux documents en temps réel. Étant donné que toutes les données sont chiffrées, le service et ses administrateurs n'ont aucun moyen de voir le contenu modifié et stocké.
**Version incluse :** 4.10.0~ynh1 **Version incluse :** 4.11.0~ynh1
**Démo :** https://cryptpad.fr/ **Démo :** https://cryptpad.fr/
@ -25,12 +25,19 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour
## Configuration ## Configuration
Comment configurer cette application : via le panneau d'administration ainsi que le fichier de configuration `/var/www/cryptpad/config/config.js`. Une fois CryptPad installé, créez un compte via le bouton S'inscrire sur la page d'accueil. Pour faire de ce compte un administrateur d'instance :
1. Copiez la clé publique trouvée dans le menu utilisateur (avatar en haut à droite) > Paramètres > Compte > Clé de signature publique
2. Collez cette clé dans `/var/www/cryptpad/config/config.js` dans le tableau suivant (décommentez et remplacez l'espace réservé) :
```
adminKeys: [
"[cryptpad-user1@my.awesome.website/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=]",
],
```
## Documentations et ressources ## Documentations et ressources
* Site officiel de l'app : https://cryptpad.fr/ * Site officiel de l'app : https://cryptpad.fr/
* Documentation officielle utilisateur : https://yunohost.org/apps
* Documentation officielle de l'admin : https://docs.cryptpad.fr/en/ * Documentation officielle de l'admin : https://docs.cryptpad.fr/en/
* Dépôt de code officiel de l'app : https://github.com/xwiki-labs/cryptpad * Dépôt de code officiel de l'app : https://github.com/xwiki-labs/cryptpad
* Documentation YunoHost pour cette app : https://yunohost.org/app_cryptpad * Documentation YunoHost pour cette app : https://yunohost.org/app_cryptpad

View file

@ -12,10 +12,8 @@
setup_private=1 setup_private=1
setup_public=1 setup_public=1
upgrade=1 upgrade=1
#4.6.0 #4.10.0
upgrade=1 from_commit=198d9d2bbdb131354f4d8ba3179021de9e58a75a upgrade=1 from_commit=2a54cd03f90c93b07150a64644ffc7f208110a18
#4.9.0
upgrade=1 from_commit=c61a2ee40b5ef747219793a6cc5a409f366c8a94
backup_restore=1 backup_restore=1
multi_instance=0 multi_instance=0
change_url=1 change_url=1
@ -23,9 +21,5 @@
Email= Email=
Notification=none Notification=none
;;; Upgrade options ;;; Upgrade options
; commit=198d9d2bbdb131354f4d8ba3179021de9e58a75a ; commit=2a54cd03f90c93b07150a64644ffc7f208110a18
name=update to 4.6.0 name=update to 4.10.0
; commit=c61a2ee40b5ef747219793a6cc5a409f366c8a94
name=update to 4.9.0

View file

@ -1,6 +1,6 @@
SOURCE_URL=https://github.com/xwiki-labs/cryptpad/archive/4.10.0.tar.gz SOURCE_URL=https://github.com/xwiki-labs/cryptpad/archive/4.11.0.tar.gz
SOURCE_SUM=0e55e5c2deff97e002bc570023e59e530df0fa5249836e75a8a3120e924c873e SOURCE_SUM=e529b484c297f73227f991971189c51f64da1ab53fc78334d1fb08e320d4385e
SOURCE_SUM_PRG=sha256sum SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true SOURCE_IN_SUBDIR=true
SOURCE_FILENAME=cryptpad-4.10.0.tar.gz SOURCE_FILENAME=cryptpad.tar.gz

View file

@ -12,11 +12,36 @@ Environment=NODE_ENV=production
ExecStart=__YNH_NPM__ start ExecStart=__YNH_NPM__ start
Restart=always Restart=always
PrivateDevices=true # Sandboxing options to harden security
ProtectControlGroups=true # Depending on specificities of your service/app, you may need to tweak these
ProtectHome=true # .. but this should be a good baseline
ProtectKernelTunables=true # Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
NoNewPrivileges=yes
PrivateTmp=yes
PrivateDevices=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
RestrictNamespaces=yes
RestrictRealtime=yes
DevicePolicy=closed
ProtectSystem=full ProtectSystem=full
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
LockPersonality=yes
SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
# Denying access to capabilities that should not be relevant for webapps
# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
[Install] [Install]
WantedBy=multi-user.target WantedBy=multi-user.target

1
doc/DESCRIPTION.md Normal file
View file

@ -0,0 +1 @@
CryptPad is a collaboration suite that is end-to-end-encrypted and open-source. It is built to enable collaboration, synchronizing changes to documents in real time. Because all data is encrypted, the service and its administrators have no way of seeing the content being edited and stored.

1
doc/DESCRIPTION_fr.md Normal file
View file

@ -0,0 +1 @@
CryptPad est une suite de collaboration chiffrée de bout en bout et open source. Il est conçu pour permettre la collaboration, en synchronisant les modifications apportées aux documents en temps réel. Étant donné que toutes les données sont chiffrées, le service et ses administrateurs n'ont aucun moyen de voir le contenu modifié et stocké.

View file

@ -1,3 +1,11 @@
## Configuration ## Configuration
* How to configure this app: From the admin panel and the plain file `/var/www/cryptpad/config/config.js.` Once CryptPad is installed, create an account via the Register button on the home page. To make this account an instance administrator:
1. Copy the public key found in User Menu (avatar at the top right) > Settings > Account > Public Signing Key
2. Paste this key in `/var/www/cryptpad/config/config.js` in the following array (uncomment and replace the placeholder):
```
adminKeys: [
"[cryptpad-user1@my.awesome.website/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=]",
],
```

View file

@ -1,3 +1,11 @@
## Configuration ## Configuration
Comment configurer cette application : via le panneau d'administration ainsi que le fichier de configuration `/var/www/cryptpad/config/config.js`. Une fois CryptPad installé, créez un compte via le bouton S'inscrire sur la page d'accueil. Pour faire de ce compte un administrateur d'instance :
1. Copiez la clé publique trouvée dans le menu utilisateur (avatar en haut à droite) > Paramètres > Compte > Clé de signature publique
2. Collez cette clé dans `/var/www/cryptpad/config/config.js` dans le tableau suivant (décommentez et remplacez l'espace réservé) :
```
adminKeys: [
"[cryptpad-user1@my.awesome.website/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=]",
],
```

View file

@ -4,16 +4,15 @@
"packaging_format": 1, "packaging_format": 1,
"description": { "description": {
"en": "Zero Knowledge realtime collaborative editor", "en": "Zero Knowledge realtime collaborative editor",
"fr": "Éditeur chiffré collaboratif en temps réel." "fr": "Éditeur chiffré collaboratif en temps réel"
}, },
"version": "4.10.0~ynh1", "version": "4.11.0~ynh1",
"url": "https://cryptpad.fr/", "url": "https://cryptpad.fr/",
"upstream": { "upstream": {
"license": "AGPL-3.0-only", "license": "AGPL-3.0-only",
"website": "https://cryptpad.fr/", "website": "https://cryptpad.fr/",
"demo": "https://cryptpad.fr/", "demo": "https://cryptpad.fr/",
"admindoc": "https://docs.cryptpad.fr/en/", "admindoc": "https://docs.cryptpad.fr/en/",
"userdoc": "https://yunohost.org/apps",
"code": "https://github.com/xwiki-labs/cryptpad" "code": "https://github.com/xwiki-labs/cryptpad"
}, },
"license": "AGPL-3.0-only", "license": "AGPL-3.0-only",
@ -37,13 +36,11 @@
"help": { "help": {
"en": "CryptPad needs to be installed in a dedicated domain or sub-domain.", "en": "CryptPad needs to be installed in a dedicated domain or sub-domain.",
"fr": "CryptPad doit être installé dans un domaine ou sous-domaine dédié." "fr": "CryptPad doit être installé dans un domaine ou sous-domaine dédié."
}, }
"example": "cryptpad.example.com"
}, },
{ {
"name": "admin", "name": "admin",
"type": "user", "type": "user"
"example": "johndoe"
}, },
{ {
"name": "is_public", "name": "is_public",

View file

@ -57,4 +57,4 @@ ynh_backup --src_path="/etc/systemd/system/$app.service"
# END OF SCRIPT # END OF SCRIPT
#================================================= #=================================================
ynh_print_info --message="Backup script completed for CryptPad. (YunoHost will then actually copy those files to the archive)." ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)."

View file

@ -32,7 +32,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#================================================= #=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#================================================= #=================================================
ynh_script_progression --message="Backing up CryptPad before changing its URL (may take a while)..." --weight=2 ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --weight=2
# Backup the current version of the app # Backup the current version of the app
ynh_backup_before_upgrade ynh_backup_before_upgrade
@ -120,4 +120,4 @@ ynh_systemd_action --service_name=nginx --action=reload
# END OF SCRIPT # END OF SCRIPT
#================================================= #=================================================
ynh_script_progression --message="Change of URL completed for CryptPad" --last ynh_script_progression --message="Change of URL completed for $app" --last

View file

@ -122,14 +122,14 @@ chown $app "$final_path/config/config.js"
#================================================= #=================================================
# INSTALL CRYPTPAD # INSTALL CRYPTPAD
#================================================= #=================================================
ynh_script_progression --message="Building CryptPad... (this will take some time and resources!)" --weight=60 ynh_script_progression --message="Building $app... (this will take some time and resources!)" --weight=60
pushd "$final_path" || ynh_die pushd "$final_path"
ynh_use_nodejs ynh_use_nodejs
ynh_exec_warn_less npm install --allow-root ynh_exec_warn_less npm install --allow-root
ynh_exec_warn_less npm install -g bower ynh_exec_warn_less npm install -g bower
ynh_exec_warn_less bower install --allow-root ynh_exec_warn_less bower install --allow-root
popd || ynh_die popd
#================================================= #=================================================
# INTEGRATE SERVICE IN YUNOHOST # INTEGRATE SERVICE IN YUNOHOST
@ -191,4 +191,4 @@ ynh_send_readme_to_admin "$message"
# END OF SCRIPT # END OF SCRIPT
#================================================= #=================================================
ynh_script_progression --message="Installation of CryptPad completed" --last ynh_script_progression --message="Installation of $app completed" --last

View file

@ -29,7 +29,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path)
# Remove the service from the list of services known by YunoHost (added from `yunohost service add`) # Remove the service from the list of services known by YunoHost (added from `yunohost service add`)
if ynh_exec_warn_less yunohost service status $app >/dev/null if ynh_exec_warn_less yunohost service status $app >/dev/null
then then
ynh_script_progression --message="Removing CryptPad service..." --weight=3 ynh_script_progression --message="Removing $app service..." --weight=3
yunohost service remove $app yunohost service remove $app
fi fi
@ -51,7 +51,7 @@ ynh_remove_nodejs
#================================================= #=================================================
# REMOVE APP MAIN DIR # REMOVE APP MAIN DIR
#================================================= #=================================================
ynh_script_progression --message="Removing CryptPad main directory..." --weight=3 ynh_script_progression --message="Removing $app main directory..." --weight=3
# Remove the app directory securely # Remove the app directory securely
ynh_secure_remove --file="$final_path" ynh_secure_remove --file="$final_path"
@ -78,4 +78,4 @@ ynh_system_user_delete --username=$app
# END OF SCRIPT # END OF SCRIPT
#================================================= #=================================================
ynh_script_progression --message="Removal of CryptPad completed" --last ynh_script_progression --message="Removal of $app completed" --last

View file

@ -111,4 +111,4 @@ ynh_systemd_action --service_name=nginx --action=reload
# END OF SCRIPT # END OF SCRIPT
#================================================= #=================================================
ynh_script_progression --message="Restoration completed for CryptPad" --last ynh_script_progression --message="Restoration completed for $app" --last

View file

@ -51,7 +51,7 @@ fi
#================================================= #=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#================================================= #=================================================
ynh_script_progression --message="Backing up CryptPad before upgrading (may take a while)..." --weight=1 ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1
# Backup the current version of the app # Backup the current version of the app
ynh_backup_before_upgrade ynh_backup_before_upgrade
@ -93,7 +93,6 @@ then
chmod 750 "$final_path" chmod 750 "$final_path"
chmod -R o-rwx "$final_path" chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path" chown -R $app:$app "$final_path"
chmod 600 "$final_path/config/config.js"
fi fi
#================================================= #=================================================
@ -121,7 +120,7 @@ ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
#================================================= #=================================================
# INSTALL CRYPTPAD # INSTALL CRYPTPAD
#================================================= #=================================================
ynh_script_progression --message="Building CryptPad... (this will take some time and resources!)" --weight=60 ynh_script_progression --message="Building $app... (this will take some time and resources!)" --weight=60
pushd "$final_path" pushd "$final_path"
ynh_exec_warn_less npm install --allow-root ynh_exec_warn_less npm install --allow-root
@ -136,7 +135,6 @@ popd
ynh_script_progression --message="Upgrading systemd configuration..." --weight=1 ynh_script_progression --message="Upgrading systemd configuration..." --weight=1
ynh_replace_string --match_string="__ENV_PATH__" --replace_string="$PATH" --target_file="../conf/systemd.service" ynh_replace_string --match_string="__ENV_PATH__" --replace_string="$PATH" --target_file="../conf/systemd.service"
ynh_replace_string --match_string="__YNH_NPM__" --replace_string="$ynh_npm" --target_file="../conf/systemd.service"
# Create a dedicated systemd config # Create a dedicated systemd config
ynh_add_systemd_config ynh_add_systemd_config
@ -166,4 +164,4 @@ ynh_systemd_action --service_name=nginx --action=reload
# END OF SCRIPT # END OF SCRIPT
#================================================= #=================================================
ynh_script_progression --message="Upgrade of CryptPad completed" --last ynh_script_progression --message="Upgrade of $app completed" --last