diff --git a/README.md b/README.md index 25561cf..6524a0b 100644 --- a/README.md +++ b/README.md @@ -1,28 +1,73 @@ -Cryptad for Yunohost ------------------------- +# CryptPad for YunoHost -[![Integration level](https://dash.yunohost.org/integration/cryptpad.svg)](https://dash.yunohost.org/appci/app/cryptpad) -[![Install Cryptad with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=cryptpad) +[![Integration level](https://dash.yunohost.org/integration/cryptpad.svg)](https://dash.yunohost.org/appci/app/cryptpad) ![](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg) +[![Install CryptPad with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=cryptpad) -**Shipped version:** 3.2.0 +*[Lire ce readme en français.](./README_fr.md)* + +> *This package allows you to install CryptPad quickly and simply on a YunoHost server. +If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.* + +## Overview +CryptPad is a Zero Knowledge realtime collaborative editor. You can share access to a document simply by sharing the link. + +**Shipped version:** 3.18.1 + +## Screenshots + +![](https://github.com/xwiki-labs/cryptpad/raw/master/screenshot.png) ## Demo -https://cryptpad.fr/ -## Known limitations / Limitations connues -- Installation possible only on a domain root (Cryptpad limitation) -- Can't login via SSO (due to this [Cryptpad limitation](https://github.com/xwiki-labs/cryptpad/issues/116)) +* [Official demo](https://cryptpad.fr/) +## Configuration -## Links / Liens -- Package URL/URL du Paquet: https://github.com/YunoHost-Apps/cryptpad_ynh -- Official Website/Site Officiel: https://cryptpad.fr/ -- Github: https://github.com/xwiki-labs/cryptpad -- Package status: - - [Last weekly report](https://forum.yunohost.org/t/rapport-hebdomadaire-dintegration-continue/2297) - - [Last continuous integration test](https://ci-apps.yunohost.org/jenkins/job/cryptpad%20%28Community%29/lastBuild/consoleFull) +* How to configure this app: From an admin panel, a plain file with SSH. +## Documentation -## Tricks : +* Official documentation: https://cryptpad.fr/what-is-cryptpad.html +* YunoHost documentation: If specific documentation is needed, feel free to contribute. -- To increase space for user in cryptpad, you can set up it in the config.js file in the root folder (/var/www/cryptpad/config.js), and then restart the cryptpad service (`sudo service cryptpad restart`). +## YunoHost specific features + +#### Multi-user support + +* Are LDAP and HTTP auth supported? **No** +* Can the app be used by multiple users? **Yes** + +#### Supported architectures + +* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/cryptpad%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/cryptpad/) +* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/cryptpad%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/cryptpad/) + +## Limitations + +* Installation possible only on a root domain (CryptPad limitation) +* Can't login via SSO (due to this [Cryptpad limitation](https://github.com/xwiki-labs/cryptpad/issues/116)) + +## Additional information + +* To increase space for CryptPad users, you can modify `/var/www/cryptpad/config.js`, and restart the CryptPad service with `sudo service cryptpad restart`. + +## Links + + * Report a bug: https://github.com/YunoHost-Apps/cryptpad_ynh/issues + * App website: https://cryptpad.fr/ + * Upstream app repository: https://github.com/xwiki-labs/cryptpad + * YunoHost website: https://yunohost.org/ + +--- + +Developer info +---------------- + +Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing). + +To try the testing branch, please proceed like that. +``` +sudo yunohost app install https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing --debug +or +sudo yunohost app upgrade cryptpad -u https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing --debug +``` diff --git a/README_fr.md b/README_fr.md new file mode 100644 index 0000000..eaaa339 --- /dev/null +++ b/README_fr.md @@ -0,0 +1,73 @@ +# CryptPad pour YunoHost + +[![Integration level](https://dash.yunohost.org/integration/cryptpad.svg)](https://dash.yunohost.org/appci/app/cryptpad) ![](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg) +[![Installer CryptPad avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=cryptpad) + +*[Read this readme in english.](./README.md)* + +> *Ce package vous permet d'installer CryptPad rapidement et simplement sur un serveur YunoHost. +Si vous n'avez pas YunoHost, consultez [le guide](https://yunohost.org/#/install) pour apprendre comment l'installer.* + +## Vue d'ensemble +CryptPad est un éditeur de documents chiffrés collaboratifs en temps réel. Vous pouvez partager l'accès à un document simplement en partageant le lien. + +**Version incluse :** 3.18.1 + +## Captures d'écran + +![](https://github.com/xwiki-labs/cryptpad/raw/master/screenshot.png) + +## Démo + +* [Démo officielle](https://cryptpad.fr/) + +## Configuration + +Comment configurer cette application : via le panneau d'administration ainsi que le fichier de configuration `/var/www/cryptpad/config.js`. + +## Documentation + +* Official documentation : https://cryptpad.fr/what-is-cryptpad.html +* YunoHost documentation : If specific documentation is needed, feel free to contribute. + +## YunoHost specific features + +#### Support multi-utilisateur + +* L'authentification LDAP et HTTP est-elle prise en charge ? **Non** +* L'application peut-elle être utilisée par plusieurs utilisateurs ? **Oui** + +#### Architectures supportées + +* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/cryptpad%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/cryptpad/) +* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/cryptpad%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/cryptpad/) + +## Limitations + +* Nécessite un sous-domaine / domaine dédié. (limitation de CryptPad) +* Impossible de se connecter via SSO (cf [limitation de CryptPad](https://github.com/xwiki-labs/cryptpad/issues/116)) + +## Informations additionnelles + +* Pour augmenter l'espace pour l'utilisateur dans le CryptPad, vous pouvez configurer le fichier `config.js` dans le dossier `/var/www/cryptpad/config.js`, puis redémarrez le service CryptPad `sudo service cryptpad restart`. + +## Liens + +* Signaler un bug : https://github.com/YunoHost-Apps/cryptpad_ynh/issues +* Site de l'application : https://cryptpad.fr/ +* Dépôt de l'application principale : https://github.com/xwiki-labs/cryptpad +* Site web YunoHost: https://yunohost.org/ + +--- + +Informations pour les développeurs +---------------- + +Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing). + +Pour essayer la branche testing, procédez comme suit. +``` +sudo yunohost app install https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing --debug +ou +sudo yunohost app upgrade cryptpad -u https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing --debug +``` diff --git a/check_process b/check_process index f152803..18fe99f 100644 --- a/check_process +++ b/check_process @@ -3,8 +3,8 @@ ; Manifest domain="domain.tld" (DOMAIN) path="/path" (PATH) + admin="john" (USER) is_public="1" (PUBLIC|public=1|private=0) - email="example@example.io" (EMAIL) ; Checks pkg_linter=1 setup_sub_dir=0 @@ -17,7 +17,7 @@ multi_instance=0 incorrect_path=0 port_already_use=1 - change_url=0 + change_url=1 ;;; Levels Level 1=auto Level 2=auto diff --git a/conf/app.src b/conf/app.src index 432649b..bbab401 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,6 +1,6 @@ -SOURCE_URL=https://github.com/xwiki-labs/cryptpad/archive/3.2.0.tar.gz -SOURCE_SUM=4f7576401e506aa24c032be675539b671ace27c5453b40edfe39f84daa0fcbfc +SOURCE_URL=https://github.com/xwiki-labs/cryptpad/archive/3.18.1.tar.gz +SOURCE_SUM=6aad512ffd04632b94dc47c17f59781c484508dd6bcf4675bda945d74e66ef6b SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= +SOURCE_FILENAME=cryptpad-3.18.1.tar.gz diff --git a/conf/config.js b/conf/config.js index b543919..9d47a88 100644 --- a/conf/config.js +++ b/conf/config.js @@ -1,189 +1,203 @@ -/*@flow*/ -/* - globals module +/* globals module */ + +/* DISCLAIMER: + + There are two recommended methods of running a CryptPad instance: + + 1. Using a standalone nodejs server without HTTPS (suitable for local development) + 2. Using NGINX to serve static assets and to handle HTTPS for API server's websocket traffic + + We do not officially recommend or support Apache, Docker, Kubernetes, Traefik, or any other configuration. + Support requests for such setups should be directed to their authors. + + If you're having difficulty difficulty configuring your instance + we suggest that you join the project's IRC/Matrix channel. + + If you don't have any difficulty configuring your instance and you'd like to + support us for the work that went into making it pain-free we are quite happy + to accept donations via our opencollective page: https://opencollective.com/cryptpad + */ -var _domain = 'http://localhost:__PORT__/'; - -// You can `kill -USR2` the node process and it will write out a heap dump. -// If your system doesn't support dumping, comment this out and install with -// `npm install --production` -// See: https://strongloop.github.io/strongloop.com/strongblog/how-to-heap-snapshots/ - -// to enable this feature, uncomment the line below: -// require('heapdump'); - -// we prepend a space because every usage expects it -// requiring admins to preserve it is unnecessarily confusing -var domain = ' ' + _domain; - -// Content-Security-Policy -var baseCSP = [ - "default-src 'none'", - "style-src 'unsafe-inline' 'self' " + domain, - "font-src 'self' data:" + domain, - - /* child-src is used to restrict iframes to a set of allowed domains. - * connect-src is used to restrict what domains can connect to the websocket. - * - * it is recommended that you configure these fields to match the - * domain which will serve your CryptPad instance. - */ - "child-src blob: *", - // IE/Edge - "frame-src blob: *", - - /* this allows connections over secure or insecure websockets - if you are deploying to production, you'll probably want to remove - the ws://* directive, and change '*' to your domain - */ - "connect-src 'self' ws: wss: blob:" + domain, - - // data: is used by codemirror - "img-src 'self' data: blob:" + domain, - "media-src * blob:", - - // for accounts.cryptpad.fr authentication and cross-domain iframe sandbox - "frame-ancestors *", - "" -]; - - module.exports = { +/* CryptPad is designed to serve its content over two domains. + * Account passwords and cryptographic content is handled on the 'main' domain, + * while the user interface is loaded on a 'sandbox' domain + * which can only access information which the main domain willingly shares. + * + * In the event of an XSS vulnerability in the UI (that's bad) + * this system prevents attackers from gaining access to your account (that's good). + * + * Most problems with new instances are related to this system blocking access + * because of incorrectly configured sandboxes. If you only see a white screen + * when you try to load CryptPad, this is probably the cause. + * + * PLEASE READ THE FOLLOWING COMMENTS CAREFULLY. + * + */ + +/* httpUnsafeOrigin is the URL that clients will enter to load your instance. + * Any other URL that somehow points to your instance is supposed to be blocked. + * The default provided below assumes you are loading CryptPad from a server + * which is running on the same machine, using port 3000. + * + * In a production instance this should be available ONLY over HTTPS + * using the default port for HTTPS (443) ie. https://cryptpad.fr + * In such a case this should be handled by NGINX, as documented in + * cryptpad/docs/example.nginx.conf (see the $main_domain variable) + * + */ + httpUnsafeOrigin: 'http://127.0.0.1:__PORT__', + +/* httpSafeOrigin is the URL that is used for the 'sandbox' described above. + * If you're testing or developing with CryptPad on your local machine then + * it is appropriate to leave this blank. The default behaviour is to serve + * the main domain over port 3000 and to serve the content over port 3001. + * + * This is not appropriate in a production environment where invasive networks + * may filter traffic going over abnormal ports. + * To correctly configure your production instance you must provide a URL + * with a different domain (a subdomain is sufficient). + * It will be used to load the UI in our 'sandbox' system. + * + * This value corresponds to the $sandbox_domain variable + * in the example nginx file. + * + * CUSTOMIZE AND UNCOMMENT THIS FOR PRODUCTION INSTALLATIONS. + */ + // httpSafeOrigin: "https://some-other-domain.xyz", + +/* httpAddress specifies the address on which the nodejs server + * should be accessible. By default it will listen on 127.0.0.1 + * (IPv4 localhost on most systems). If you want it to listen on + * all addresses, including IPv6, set this to '::'. + * + */ + httpAddress: '::', + +/* httpPort specifies on which port the nodejs server should listen. + * By default it will serve content over port 3000, which is suitable + * for both local development and for use with the provided nginx example, + * which will proxy websocket traffic to your node server. + * + */ + httpPort: __PORT__, + +/* httpSafePort allows you to specify an alternative port from which + * the node process should serve sandboxed assets. The default value is + * that of your httpPort + 1. You probably don't need to change this. + * + */ + httpSafePort: __PORTI__, + +/* CryptPad will launch a child process for every core available + * in order to perform CPU-intensive tasks in parallel. + * Some host environments may have a very large number of cores available + * or you may want to limit how much computing power CryptPad can take. + * If so, set 'maxWorkers' to a positive integer. + */ + // maxWorkers: 4, /* ===================== * Admin * ===================== */ /* - * CryptPad now contains an administration panel. Its access is restricted to specific + * CryptPad contains an administration panel. Its access is restricted to specific * users using the following list. * To give access to the admin panel to a user account, just add their user id, * which can be found on the settings page for registered users. * Entries should be strings separated by a comma. */ +/* adminKeys: [ //"https://my.awesome.website/user/#/1/cryptpad-user1/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=", ], +*/ - /* ===================== - * Infra setup - * ===================== */ - - // the address you want to bind to, :: means all ipv4 and ipv6 addresses - // this may not work on all operating systems - httpAddress: '::', - - // the port on which your httpd will listen - httpPort: __PORT__, - - // This is for allowing the cross-domain iframe to function when developing - httpSafePort: __PORTI__, - - // This is for deployment in production, CryptPad uses a separate origin (domain) to host the - // cross-domain iframe. It can simply host the same content as CryptPad. - // httpSafeOrigin: "https://some-other-domain.xyz", - - httpUnsafeOrigin: domain, - - /* your server's websocket url is configurable - * (default: '/cryptpad_websocket') + /* CryptPad's administration panel includes a "support" tab + * wherein administrators with a secret key can view messages + * sent from users via the encrypted forms on the /support/ page * - * websocketPath can be relative, of the form '/path/to/websocket' - * or absolute, specifying a particular URL + * To enable this functionality: + * run `node ./scripts/generate-admin-keys.js` + * save the public key in your config in the value below + * add the private key via the admin panel + * and back it up in a secure manner * - * 'wss://cryptpad.fr:3000/cryptpad_websocket' */ - websocketPath: '/cryptpad_websocket', + // supportMailboxPublicKey: "", - /* CryptPad can be configured to send customized HTTP Headers - * These settings may vary widely depending on your needs - * Examples are provided below - */ - httpHeaders: { - "X-XSS-Protection": "1; mode=block", - "X-Content-Type-Options": "nosniff", - "Access-Control-Allow-Origin": "*" - }, - - contentSecurity: baseCSP.join('; ') + - "script-src 'self'" + domain, - - // CKEditor and OnlyOffice require significantly more lax content security policy in order to function. - padContentSecurity: baseCSP.join('; ') + - "script-src 'self' 'unsafe-eval' 'unsafe-inline'" + domain, - - /* it is recommended that you serve CryptPad over https - * the filepaths below are used to configure your certificates - */ - //privKeyAndCertFiles: [ - // '/etc/apache2/ssl/my_secret.key', - // '/etc/apache2/ssl/my_public_cert.crt', - // '/etc/apache2/ssl/my_certificate_authorities_cert_chain.ca' - //], - - /* Main pages - * add exceptions to the router so that we can access /privacy.html - * and other odd pages - */ - mainPages: [ - 'index', - 'privacy', - 'terms', - 'about', - 'contact', - 'what-is-cryptpad', - 'features', - 'faq', - 'maintenance' - ], - - /* ===================== - * Subscriptions - * ===================== */ - - /* Limits, Donations, Subscriptions and Contact + /* We're very proud that CryptPad is available to the public as free software! + * We do, however, still need to pay our bills as we develop the platform. * - * By default, CryptPad limits every registered user to 50MB of storage. It also shows a - * subscribe button which allows them to upgrade to a paid account. We handle payment, - * and keep 50% of the proceeds to fund ongoing development. + * By default CryptPad will prompt users to consider donating to + * our OpenCollective campaign. We publish the state of our finances periodically + * so you can decide for yourself whether our expenses are reasonable. * - * You can: - * A: leave things as they are - * B: disable accounts but display a donate button - * C: hide any reference to paid accounts or donation - * - * If you chose A then there's nothing to do. - * If you chose B, set 'allowSubscriptions' to false. - * If you chose C, set 'removeDonateButton' to true + * You can disable any solicitations for donations by setting 'removeDonateButton' to true, + * but we'd appreciate it if you didn't! */ - allowSubscriptions: false, - removeDonateButton: false, + removeDonateButton: true, + + /* CryptPad will display a point of contact for your instance on its contact page + * (/contact.html) if you provide it below. + */ + adminEmail: "__ADMIN_MAIL__", /* - * By default, CryptPad also contacts our accounts server once a day to check for changes in - * the people who have accounts. This check-in will also send the version of your CryptPad - * instance and your email so we can reach you if we are aware of a serious problem. We will - * never sell it or send you marketing mail. If you want to block this check-in and remain - * completely invisible, set this and allowSubscriptions both to false. - */ - adminEmail: '__ADMIN_EMAIL__', - - /* Sales coming from your server will be identified by your domain + * By default, CryptPad contacts one of our servers once a day. + * This check-in will also send some very basic information about your instance including its + * version and the adminEmail so we can reach you if we are aware of a serious problem. + * We will never sell it or send you marketing mail. * - * If you are using CryptPad in a business context, please consider taking a support contract - * by contacting sales@cryptpad.fr + * If you want to block this check-in and remain set 'blockDailyCheck' to true. */ - myDomain: _domain, + blockDailyCheck: true, /* - * If you are using CryptPad internally and you want to increase the per-user storage limit, - * change the following value. + * By default users get 50MB of storage by registering on an instance. + * You can set this value to whatever you want. * - * Please note: This limit is what makes people subscribe and what pays for CryptPad - * development. Running a public instance that provides a "better deal" than cryptpad.fr - * is effectively using the project against itself. + * hint: 50MB is 50 * 1024 * 1024 */ - defaultStorageLimit: 50 * 1024 * 1024, + //defaultStorageLimit: 50 * 1024 * 1024, + + + /* ===================== + * STORAGE + * ===================== */ + + /* Pads that are not 'pinned' by any registered user can be set to expire + * after a configurable number of days of inactivity (default 90 days). + * The value can be changed or set to false to remove expiration. + * Expired pads can then be removed using a cron job calling the + * `evict-inactive.js` script with node + * + * defaults to 90 days if nothing is provided + */ + //inactiveTime: 90, // days + + /* CryptPad archives some data instead of deleting it outright. + * This archived data still takes up space and so you'll probably still want to + * remove these files after a brief period. + * + * cryptpad/scripts/evict-inactive.js is intended to be run daily + * from a crontab or similar scheduling service. + * + * The intent with this feature is to provide a safety net in case of accidental + * deletion. Set this value to the number of days you'd like to retain + * archived data before it's removed permanently. + * + * defaults to 15 days if nothing is provided + */ + //archiveRetentionTime: 15, + + /* Max Upload Size (bytes) + * this sets the maximum size of any one file uploaded to the server. + * anything larger than this size will be rejected + * defaults to 20MB if no value is provided + */ + //maxUploadSize: 20 * 1024 * 1024, /* * CryptPad allows administrators to give custom limits to their friends. @@ -193,8 +207,8 @@ module.exports = { * * hint: 1GB is 1024 * 1024 * 1024 bytes */ +/* customLimits: { - /* "https://my.awesome.website/user/#/1/cryptpad-user1/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=": { limit: 20 * 1024 * 1024 * 1024, plan: 'insider', @@ -205,70 +219,15 @@ module.exports = { plan: 'insider', note: 'storage space donated by my.awesome.website' } - */ }, +*/ - /* ===================== - * STORAGE - * ===================== */ - - /* By default the CryptPad server will run scheduled tasks every five minutes - * If you want to run scheduled tasks in a separate process (like a crontab) - * you can disable this behaviour by setting the following value to true - */ - disableIntegratedTasks: false, - - /* Pads that are not 'pinned' by any registered user can be set to expire - * after a configurable number of days of inactivity (default 90 days). - * The value can be changed or set to false to remove expiration. - * Expired pads can then be removed using a cron job calling the - * `delete-inactive.js` script with node - */ - inactiveTime: 90, // days - - /* CryptPad can be configured to remove inactive data which has not been pinned. - * Deletion of data is always risky and as an operator you have the choice to - * archive data instead of deleting it outright. Set this value to true if - * you want your server to archive files and false if you want to keep using - * the old behaviour of simply removing files. + /* Users with premium accounts (those with a plan included in their customLimit) + * can benefit from an increased upload size limit. By default they are restricted to the same + * upload size as any other registered user. * - * WARNING: this is not implemented universally, so at the moment this will - * only apply to the removal of 'channels' due to inactivity. */ - retainData: true, - - /* As described above, CryptPad offers the ability to archive some data - * instead of deleting it outright. This archived data still takes up space - * and so you'll probably still want to remove these files after a brief period. - * The intent with this feature is to provide a safety net in case of accidental - * deletion. Set this value to the number of days you'd like to retain - * archived data before it's removed permanently. - * - * If 'retainData' is set to false, there will never be any archived data - * to remove. - */ - archiveRetentionTime: 15, - - /* Max Upload Size (bytes) - * this sets the maximum size of any one file uploaded to the server. - * anything larger than this size will be rejected - */ - maxUploadSize: 20 * 1024 * 1024, - - /* ===================== - * HARDWARE RELATED - * ===================== */ - - /* CryptPad's file storage adaptor closes unused files after a configurable - * number of milliseconds (default 30000 (30 seconds)) - */ - channelExpirationMs: 30000, - - /* CryptPad's file storage adaptor is limited by the number of open files. - * When the adaptor reaches openFileLimit, it will clean up older files - */ - openFileLimit: 2048, - + //premiumUploadSize: 100 * 1024 * 1024, /* ===================== * DATABASE VOLUMES @@ -295,12 +254,12 @@ module.exports = { * Pin requests are stored in a pin-store. The location of this store is * defined here. */ - pinPath: './pins', + pinPath: './data/pins', /* if you would like the list of scheduled tasks to be stored in a custom location, change the path below: */ - taskPath: './tasks', + taskPath: './data/tasks', /* if you would like users' authenticated blocks to be stored in a custom location, change the path below: @@ -315,7 +274,7 @@ module.exports = { /* CryptPad stores incomplete blobs in a 'staging' area until they are * fully uploaded. Set its location here. */ - blobStagingPath: './blobstage', + blobStagingPath: './data/blobstage', /* CryptPad supports logging events directly to the disk in a 'logs' directory * Set its location here, or set it to false (or nothing) if you'd rather not log @@ -356,42 +315,6 @@ module.exports = { */ logFeedback: false, - /* You can get a repl for debugging the server if you want it. - * to enable this, specify the debugReplName and then you can - * connect to it with `nc -U /tmp/repl/.sock` - * If you run multiple cryptpad servers, you need to use different - * repl names. - */ - //debugReplName: "cryptpad" - - /* ===================== - * DEPRECATED - * ===================== */ - /* - You have the option of specifying an alternative storage adaptor. - These status of these alternatives are specified in their READMEs, - which are available at the following URLs: - - mongodb: a noSQL database - https://github.com/xwiki-labs/cryptpad-mongo-store - amnesiadb: in memory storage - https://github.com/xwiki-labs/cryptpad-amnesia-store - leveldb: a simple, fast, key-value store - https://github.com/xwiki-labs/cryptpad-level-store - sql: an adaptor for a variety of sql databases via knexjs - https://github.com/xwiki-labs/cryptpad-sql-store - - For the most up to date solution, use the default storage adaptor. - */ - storage: './storage/file', - - /* CryptPad's socket server can be extended to respond to RPC calls - * you can configure it to respond to custom RPC calls if you like. - * provide the path to your RPC module here, or `false` if you would - * like to disable the RPC interface completely - */ - rpc: './rpc.js', - /* CryptPad supports verbose logging * (false by default) */ diff --git a/conf/nginx.conf b/conf/nginx.conf index 8586786..6117882 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,24 +1,21 @@ -location __PATH__/ { +location ^~ / { + # Force usage of https + if ($scheme = http) { + rewrite ^ https://$server_name$request_uri? permanent; + } + proxy_pass http://127.0.0.1:__PORT__; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; - try_files $uri $uri/index.html; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; - } - - proxy_pass http://localhost:__PORT__/; - add_header X-Frame-Options SAMEORIGIN; - proxy_set_header Host $host; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection upgrade; - - # Include SSOWAT user panel. - include conf.d/yunohost_panel.conf.inc; + # Include SSOWAT user panel. + include conf.d/yunohost_panel.conf.inc; + more_clear_input_headers 'Accept-Encoding'; } - -## TODO fix in the code so that we don't need this -location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard)$ { - rewrite ^(.*)$ $1/ redirect; -} - diff --git a/conf/systemd.service b/conf/systemd.service index 4596ffc..7134501 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -1,5 +1,5 @@ [Unit] -Description=CryptPad service +Description=Zero Knowledge realtime collaborative editor. After=syslog.target network.target [Service] @@ -7,8 +7,9 @@ Type=simple User=__APP__ Group=__APP__ WorkingDirectory=__FINALPATH__ +Environment=PATH=__ENV_PATH__ Environment=NODE_ENV=production -ExecStart=__NODE__/node server | tee /var/log/__APP__/cryptpad.log +ExecStart=__YNH_NPM__ start Restart=always [Install] diff --git a/issue_template.md b/issue_template.md new file mode 100644 index 0000000..b044dbe --- /dev/null +++ b/issue_template.md @@ -0,0 +1,46 @@ +--- +name: Bug report +about: Create a report to help us debug, it would be nice to fill the template as much as you can to help us, help you and help us all. + +--- + +**How to post a meaningful bug report** +1. *Read this whole template first.* +2. *Determine if you are on the right place:* + - *If you were performing an action on the app from the webadmin or the CLI (install, update, backup, restore, change url...), you are on the right place!* + - *Otherwise, the issue may be due to CryptPad itself. Refer to its documentation or repository for help.* + - *If you have a doubt, post here, we will figure it out together.* +3. *Delete the italic comments as you write over them below, and remove this guide.* +--- + +**Describe the bug** +*A clear and concise description of what the bug is.* + +**Versions** +- Hardware: *VPS bought online / Old laptop or computer / Raspberry Pi at home / Internet Cube with VPN / Other ARM board / ...* +- YunoHost version: x.x.x +- I have access to my server: *Through SSH | through the webadmin | direct access via keyboard / screen | ...* +- Are you in a special context or did you perform some particular tweaking on your YunoHost instance ?: *no / yes* + - If yes, please explain: +- Using, or trying to install package version/branch: +- If upgrading, current package version: *can be found in the admin, or with `yunohost app info cryptpad`* + +**To Reproduce** +*Steps to reproduce the behavior.* +- *If you performed a command from the CLI, the command itself is enough. For example:* + ```sh + sudo yunohost app install cryptpad + ``` +- *If you used the webadmin, please perform the equivalent command from the CLI first.* +- *If the error occurs in your browser, explain what you did:* + 1. *Go to '...'* + 2. *Click on '....'* + 3. *Scroll down to '....'* + 4. *See error* + +**Expected behavior** +*A clear and concise description of what you expected to happen. You can remove this section if the command above is enough to understand your intent.* + +**Logs** +*After a failed command, YunoHost makes the log available to you, but also to others, thanks to `yunohost log display [log name] --share`. The actual command, with the correct log name, is displayed at the end of the failed attempt in the CLI. Execute it and copy here the share link it outputs.* +*If applicable and useful, add screenshots to help explain your problem.* diff --git a/manifest.json b/manifest.json index f8ff658..1c10156 100644 --- a/manifest.json +++ b/manifest.json @@ -3,10 +3,10 @@ "id": "cryptpad", "packaging_format": 1, "description": { - "en": "Encrypted Pad", - "fr": "Créateur de pad chiffré." + "en": "Zero Knowledge realtime collaborative editor", + "fr": "Éditeur chiffré collaboratif en temps réel." }, - "version": "2.16.0", + "version": "3.18.1~ynh1", "url": "https://cryptpad.fr/", "license": "AGPL-3.0-or-later", "maintainer": { @@ -15,7 +15,7 @@ "url": "https://frju365.yunohost.support" }, "requirements": { - "yunohost": ">= 3.0.0" + "yunohost": ">= 3.8.1" }, "multi_instance": false, "services": [ @@ -30,33 +30,33 @@ "en": "Choose a domain name for CryptPad", "fr": "Choisissez un nom de domaine pour CryptPad" }, - "example": "example.com" + "example": "cryptpad.example.com" }, { "name": "path", "type": "path", "ask": { - "en": "Choose a path for CryptPad, only / is allowed.", - "fr": "Choisissez un chemin pour CryptPad, seul / est autorisé." + "en": "Choose a path for CryptPad, requires a dedicated sub-domain/domain.", + "fr": "Choisissez un chemin pour CryptPad, nécessite un sous-domaine/domaine dédié." }, "example": "/", "default": "/" }, - { - "name": "email", - "type": "email", + { + "name": "admin", + "type": "user", "ask": { - "en": "Choose an email for the admin user.", - "fr": "Choisissez une adresse mail pour l'administrateur" + "en": "Choose an admin user", + "fr": "Choisissez l’administrateur" }, - "example": "example@example.tld" + "example": "johndoe" }, { "name": "is_public", "type": "boolean", "ask": { - "en": "Is it a public site? ", - "fr": "Est-ce un site publique ? " + "en": "Is it a public site?", + "fr": "Est-ce un site publique ?" }, "default": true } diff --git a/pull_request_template.md b/pull_request_template.md new file mode 100644 index 0000000..9aa2a24 --- /dev/null +++ b/pull_request_template.md @@ -0,0 +1,18 @@ +## Problem +- *Description of why you made this PR* + +## Solution +- *And how do you fix that problem* + +## PR Status +- [ ] Code finished. +- [ ] Tested with Package_check. +- [ ] Fix or enhancement tested. +- [ ] Upgrade from last version tested. +- [ ] Can be reviewed and tested. + +## Package_check results +--- +*If you have access to [App Continuous Integration for packagers](https://yunohost.org/#/packaging_apps_ci) you can provide a link to the package_check results like below, replacing '-NUM-' in this link by the PR number and USERNAME by your username on the ci-apps-dev. Or you provide a screenshot or a pastebin of the results* + +[![Build Status](https://ci-apps-dev.yunohost.org/jenkins/job/cryptpad_ynh%20PR-NUM-%20(USERNAME)/badge/icon)](https://ci-apps-dev.yunohost.org/jenkins/job/cryptpad_ynh%20PR-NUM-%20(USERNAME)/) diff --git a/scripts/_common.sh b/scripts/_common.sh index b748093..6fa19b1 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -3,83 +3,17 @@ #================================================= # COMMON VARIABLES #================================================= -nodejs_version=6 + +nodejs_version=12 #================================================= - -# Start or restart a service and follow its booting -# -# usage: ynh_check_starting "Line to match" [Log file] [Timeout] [Service name] -# -# | arg: Line to match - The line to find in the log to attest the service have finished to boot. -# | arg: Log file - The log file to watch -# | arg: Service name -# /var/log/$app/$app.log will be used if no other log is defined. -# | arg: Timeout - The maximum time to wait before ending the watching. Defaut 300 seconds. -ynh_check_starting () { - local line_to_match="$1" - local service_name="${4:-$app}" - local app_log="${2:-/var/log/$service_name/$service_name.log}" - local timeout=${3:-300} - - ynh_clean_check_starting () { - # Stop the execution of tail. - kill -s 15 $pid_tail 2>&1 - ynh_secure_remove "$templog" 2>&1 - } - - echo "Starting of $service_name" >&2 - systemctl stop $service_name - local templog="$(mktemp)" - # Following the starting of the app in its log - tail -F -n0 "$app_log" > "$templog" & - # Get the PID of the tail command - local pid_tail=$! - systemctl start $service_name - - local i=0 - for i in `seq 1 $timeout` - do - # Read the log until the sentence is found, that means the app finished to start. Or run until the timeout - if grep --quiet "$line_to_match" "$templog" - then - echo "The service $service_name has correctly started." >&2 - break - fi - echo -n "." >&2 - sleep 1 - done - if [ $i -eq $timeout ] - then - echo "The service $service_name didn't fully started before the timeout." >&2 - fi - - echo "" - ynh_clean_check_starting -} - +# PERSONAL HELPERS #================================================= +#================================================= +# EXPERIMENTAL HELPERS +#================================================= -# EXEC_LOGIN_AS Helper - -# Execute a command as another user with login -# (hence in user home dir, with prior loading of .profile, etc.) -# usage: exec_login_as USER COMMAND [ARG ...] -exec_login_as() { - local user=$1 - shift 1 - exec_as $user --login "$@" -} -# Execute a command as another user -# usage: exec_as USER COMMAND [ARG ...] -exec_as() { - local user=$1 - shift 1 - - if [[ $user = $(whoami) ]]; then - eval "$@" - else - sudo -u "$user" "$@" - fi -} +#================================================= +# FUTURE OFFICIAL HELPERS +#================================================= \ No newline at end of file diff --git a/scripts/backup b/scripts/backup index a2c07cd..a44954a 100644 --- a/scripts/backup +++ b/scripts/backup @@ -6,18 +6,17 @@ # IMPORT GENERIC HELPERS #================================================= -if [ ! -e _common.sh ]; then - # Get the _common.sh file if it's not in the current directory - cp ../settings/scripts/_common.sh ./_common.sh - chmod a+rx _common.sh -fi -source _common.sh +#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers #================================================= # MANAGE SCRIPT FAILURE #================================================= +ynh_clean_setup () { + ynh_clean_check_starting +} # Exit if an error occurs during the execution of the script ynh_abort_if_errors @@ -26,31 +25,37 @@ ynh_abort_if_errors #================================================= app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get $app domain) -final_path=$(ynh_app_setting_get $app final_path) + +domain=$(ynh_app_setting_get --app=$app --key=domain) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= -# STANDARD BACKUP STEPS +# DECLARE DATA AND CONF FILES TO BACKUP #================================================= -# BACKUP APP MAIN DIR -#================================================= - -CHECK_SIZE "$final_path" -ynh_backup "$final_path" "sources" +ynh_print_info --message="Declaring files to be backed up..." #================================================= -# BACKUP NGINX CONFIGURATION +# BACKUP THE APP MAIN DIR #================================================= -ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" "nginx.conf" +ynh_backup --src_path="$final_path" #================================================= -# BACKUP LOGROTATE CONFIGURATION -#================================================= -ynh_backup "/etc/logrotate.d/$app" "logrotate" - -#================================================= -# BACKUP SYSTEMD CONFIGURATION +# BACKUP THE NGINX CONFIGURATION #================================================= -ynh_backup "/etc/systemd/system/$app.service" "systemd.service" +ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" + +#================================================= +# SPECIFIC BACKUP +#================================================= +# BACKUP SYSTEMD +#================================================= + +ynh_backup --src_path="/etc/systemd/system/$app.service" + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." diff --git a/scripts/change_url b/scripts/change_url new file mode 100644 index 0000000..90f9f1b --- /dev/null +++ b/scripts/change_url @@ -0,0 +1,123 @@ +#!/bin/bash + +#================================================= +# GENERIC STARTING +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# RETRIEVE ARGUMENTS +#================================================= + +old_domain=$YNH_APP_OLD_DOMAIN +old_path=$YNH_APP_OLD_PATH + +new_domain=$YNH_APP_NEW_DOMAIN +new_path=$YNH_APP_NEW_PATH + +app=$YNH_APP_INSTANCE_NAME + +#================================================= +# LOAD SETTINGS +#================================================= +ynh_script_progression --message="Loading installation settings..." --weight=1 + +# Needed for helper "ynh_add_nginx_config" +final_path=$(ynh_app_setting_get --app=$app --key=final_path) + +#================================================= +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +#================================================= +ynh_script_progression --message="Backing up the app before changing its url (may take a while)..." --weight=2 + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location. + ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" + + # restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# CHECK WHICH PARTS SHOULD BE CHANGED +#================================================= + +change_domain=0 +if [ "$old_domain" != "$new_domain" ] +then + change_domain=1 +fi + +change_path=0 +if [ "$old_path" != "$new_path" ] +then + change_path=1 +fi + +#================================================= +# STANDARD MODIFICATIONS +#================================================= +# STOP SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Stopping a systemd service..." --weight=1 + +ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" + +#================================================= +# MODIFY URL IN NGINX CONF +#================================================= +ynh_script_progression --message="Updating nginx web server configuration..." --time --weight=1 + +nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf + +# Change the path in the nginx config file +if [ $change_path -eq 1 ] +then + # Make a backup of the original nginx config file if modified + ynh_backup_if_checksum_is_different --file="$nginx_conf_path" + # Set global variables for nginx helper + domain="$old_domain" + path_url="$new_path" + # Create a dedicated nginx config + ynh_add_nginx_config +fi + +# Change the domain for nginx +if [ $change_domain -eq 1 ] +then + # Delete file checksum for the old conf file location + ynh_delete_file_checksum --file="$nginx_conf_path" + mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf + # Store file checksum for the new config file location + ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" +fi + +#================================================= +# GENERIC FINALISATION +#================================================= +# START SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Starting a systemd service..." --weight=1 + +ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="server available" + +#================================================= +# RELOAD NGINX +#================================================= +ynh_script_progression --message="Reloading nginx web server..." --weight=1 + +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Change of URL completed for $app" --last diff --git a/scripts/install b/scripts/install index 0b7a9e5..5b39163 100644 --- a/scripts/install +++ b/scripts/install @@ -13,7 +13,11 @@ source /usr/share/yunohost/helpers # MANAGE FAILURE OF THE SCRIPT #================================================= -ynh_abort_if_errors # Active trap pour arrêter le script si une erreur est détectée. +ynh_clean_setup () { + ynh_clean_check_starting +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST @@ -21,78 +25,80 @@ ynh_abort_if_errors # Active trap pour arrêter le script si une erreur est dét domain=$YNH_APP_ARG_DOMAIN is_public=$YNH_APP_ARG_IS_PUBLIC -path_url=$YNH_APP_ARG_PATH -admin_email=$YNH_APP_ARG_EMAIL +path_url="/" +admin=$YNH_APP_ARG_ADMIN app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THIS ARGS #================================================= +ynh_script_progression --message="Validating installation parameters..." --weight=1 final_path=/var/www/$app test ! -e "$final_path" || ynh_die "This path already contains a folder" -# Normalize the url path syntax -path_url=$(ynh_normalize_url_path $path_url) - -# Check web path availability -ynh_webpath_available $domain $path_url # Register (book) web path -ynh_webpath_register $app $domain $path_url +ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= -ynh_app_setting_set $app domain "$domain" -ynh_app_setting_set $app is_public "$is_public" -ynh_app_setting_set $app path_url "$path_url" +ynh_app_setting_set --app=$app --key=domain --value=$domain +ynh_app_setting_set --app=$app --key=is_public --value=$is_public +ynh_app_setting_set --app=$app --key=path_url --value=$path_url +ynh_app_setting_set --app=$app --key=admin --value=$admin + +admin_mail=$(ynh_user_get_info "$admin" 'mail') #================================================= # STANDARD MODIFICATIONS #================================================= # FIND AND OPEN A PORT #================================================= +ynh_script_progression --message="Configuring firewall..." --weight=1 -# Find a free port -port=$(ynh_find_port 4000) -# Open this port -yunohost firewall allow --no-upnp TCP $port 2>&1 -ynh_app_setting_set $app port $port - -porti=$(ynh_find_port 5000) -# Open this port -yunohost firewall allow --no-upnp TCP $porti 2>&1 -ynh_app_setting_set $app porti $porti +# Find an available port +port=$(ynh_find_port --port=3000) +ynh_app_setting_set --app=$app --key=port --value=$port +# Find an available port +porti=$(ynh_find_port --port=$(($port + 1))) +ynh_app_setting_set --app=$app --key=porti --value=$porti #================================================= -# INSTALL NODEJS +# INSTALL NODEJS & YARN #================================================= +ynh_script_progression --message="Installing dependencies..." --weight=20 -ynh_install_nodejs $nodejs_version +# Install Nodejs +ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version + +# Install Yarn +ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" #================================================= # CREATE DEDICATED USER #================================================= +ynh_script_progression --message="Configuring system user..." --weight=1 # Create a system user -ynh_system_user_create $app +ynh_system_user_create --username=$app -#================================================= -# SPECIFIC SETUP #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= +ynh_script_progression --message="Setting up source files..." --weight=10 -ynh_app_setting_set $app final_path $final_path +ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source "$final_path" +ynh_setup_source --dest_dir="$final_path" #================================================= # NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Configuring nginx web server..." --weight=1 # Create a dedicated nginx config ynh_add_nginx_config @@ -100,93 +106,87 @@ ynh_add_nginx_config #================================================= # SETUP SYSTEMD #================================================= +ynh_script_progression --message="Configuring a systemd service..." --weight=1 + +ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../conf/systemd.service" +ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="../conf/systemd.service" +ynh_replace_string --match_string="__ENV_PATH__" --replace_string="$PATH" --target_file="../conf/systemd.service" +ynh_replace_string --match_string="__YNH_NPM__" --replace_string="$ynh_npm" --target_file="../conf/systemd.service" -# Create a dedicated systemd config ynh_add_systemd_config -ynh_replace_string "__NODEJS__" "$nodejs_version" "/etc/systemd/system/$app.service" -ynh_replace_string "__ENV_PATH__" "$PATH" "/etc/systemd/system/$app.service" -ynh_replace_string "__NODE__" "$nodejs_path" "/etc/systemd/system/$app.service" -systemctl daemon-reload #================================================= -# Créer le dossier de log -#================================================= - -mkdir -p /var/log/$app -touch /var/log/$app/cryptpad.log -install_log=/var/log/$app/installation.log -touch $install_log -chown $app: -R /var/log/$app -chown admin: -R $install_log - -#================================================= -# CONFIGURE SERVER.JS +# CONFIGURE CONFIG.JS #================================================= # Copy default configuration file mv "../conf/config.js" "$final_path/config/config.js" -ynh_replace_string "_domain = 'http://localhost:3000/'" "_domain = 'https://$domain$path_url'" "$final_path/config/config.js" -# Set service port -ynh_replace_string "__PORT__" "$port" "$final_path/config/config.js" -ynh_replace_string "__PORTI__" "$porti" "$final_path/config/config.js" -# Tune CSP to allow for YunoHost tile -#ynh_replace_string "\"script-src 'self'\"" "\"script-src 'self' 'unsafe-eval'\"" "$final_path/config.js" -# Remove donate button -ynh_replace_string "removeDonateButton: false" "removeDonateButton: true" "$final_path/config/config.js" -# Disable analytics unsolicited communications -ynh_replace_string "__ADMIN_EMAIL_" "$admin_email" "$final_path/config/config.js" +ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$final_path/config/config.js" +ynh_replace_string --match_string="__PORTI__" --replace_string="$porti" --target_file="$final_path/config/config.js" +ynh_replace_string --match_string="__ADMIN_MAIL__" --replace_string="$admin_mail" --target_file="$final_path/config/config.js" + # Store file checksum to detected user modifications on upgrade ynh_store_file_checksum "$final_path/config/config.js" #================================================= # INSTALL CRYPTPAD #================================================= +ynh_script_progression --message="Building $app... (this will take some time and resources!)" --weight=60 -script_dir="$PWD" -pushd "$final_path" -npm install --allow-root -npm install -g bower --allow-root -bower install --allow-root -popd +pushd "$final_path" || ynh_die -#================================================= -# INSTALL CRYPTPAD -#================================================= + ynh_use_nodejs + ynh_exec_warn_less yarn install --allow-root + yarn global add bower + bower install --allow-root -script_dir="$PWD" -pushd "$final_path" -npm install --allow-root -npm install -g bower --allow-root -bower install --allow-root -popd +popd || ynh_die #================================================= # Set some permissions #================================================= +ynh_script_progression --message="Securing files and directories..." --weight=1 -chown $app:$app $final_path -R -chown $app:$app /var/log/$app/cryptpad.log +chown -R $app:$app $final_path #================================================= -# ENABLE SERVICE IN ADMIN PANEL +# INTEGRATE SERVICE IN ADMIN PANEL #================================================= +ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 # Ajoute le service au monitoring de Yunohost. yunohost service add $app --log "/var/log/$app/$app.log" +#================================================= +# START SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Starting a systemd service..." --weight=2 + +# Start a systemd service +ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="server available" + #================================================= # SETUP SSOWAT #================================================= +ynh_script_progression --message="Configuring SSOwat..." --weight=1 -if [ $is_public -eq 1 ]; +# Make app public if necessary +if [ $is_public -eq 1 ] then - ynh_app_setting_set "$app" unprotected_uris "/" + # unprotected_uris allows SSO credentials to be passed anyway. + ynh_permission_update --permission "main" --add visitors fi -ynh_check_starting "loading rpc module..." "/var/log/$app/cryptpad.log" "15" #================================================= # RELOAD NGINX #================================================= +ynh_script_progression --message="Reloading nginx web server..." --weight=1 -systemctl reload nginx +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Installation of $app completed" --last diff --git a/scripts/remove b/scripts/remove index 09347d1..3595298 100644 --- a/scripts/remove +++ b/scripts/remove @@ -12,64 +12,70 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= +ynh_script_progression --message="Loading installation settings..." --weight=1 app=$YNH_APP_INSTANCE_NAME -port=$(ynh_app_setting_get $app port) -# Retrieve app settings -domain=$(ynh_app_setting_get $app domain) -final_path=$(ynh_app_setting_get $app final_path) + +port=$(ynh_app_setting_get --app=$app --key=port) +domain=$(ynh_app_setting_get --app=$app --key=domain) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= # STANDARD REMOVE +#================================================= +# REMOVE SERVICE INTEGRATION IN YUNOHOST +#================================================= + +# Remove the service from the list of services known by Yunohost (added from `yunohost service add`) +if ynh_exec_warn_less yunohost service status $app >/dev/null +then + ynh_script_progression --message="Removing $app service..." --weight=3 + yunohost service remove $app +fi + #================================================= # STOP AND REMOVE SERVICE #================================================= +ynh_script_progression --message="Stopping and removing the systemd service..." --weight=2 # Remove the dedicated systemd config ynh_remove_systemd_config -#================================================= -# REMOVE SERVICE FROM ADMIN PANEL -#================================================= - -# Remove a service from the admin panel, added by `yunohost service add` -if yunohost service status | grep -q $app -then - echo "Remove $app service" - yunohost service remove $app -fi - #================================================= # REMOVE NODEJS #================================================= +ynh_script_progression --message="Removing dependencies..." --weight=3 ynh_remove_nodejs #================================================= # REMOVE APP MAIN DIR #================================================= +ynh_script_progression --message="Removing app main directory..." --weight=3 # Remove the app directory securely -ynh_secure_remove "$final_path" +ynh_secure_remove --file="$final_path" #================================================= # REMOVE NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Removing nginx web server configuration..." --weight=1 # Remove the dedicated nginx config ynh_remove_nginx_config -#================================================= -# REMOVE THE LOGROTATE CONFIG -#================================================= - -ynh_remove_logrotate # Remove the app-specific logrotate config -ynh_secure_remove "/var/log/$app/" - #================================================= # GENERIC FINALIZATION #================================================= # REMOVE DEDICATED USER #================================================= +ynh_script_progression --message="Removing the dedicated system user..." --weight=1 -ynh_system_user_delete $app +# Delete a system user +ynh_system_user_delete --username=$app + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Removal of $app completed" --last diff --git a/scripts/restore b/scripts/restore index e684b29..2cd223f 100644 --- a/scripts/restore +++ b/scripts/restore @@ -6,12 +6,8 @@ # IMPORT GENERIC HELPERS #================================================= -if [ ! -e _common.sh ]; then - # Get the _common.sh file if it's not in the current directory - cp ../settings/scripts/_common.sh ./_common.sh - chmod a+rx _common.sh -fi -source _common.sh +#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers #================================================= @@ -19,7 +15,6 @@ source /usr/share/yunohost/helpers #================================================= ynh_clean_setup () { -# Nettoyage des résidus d'installation non pris en charge par le script remove. ynh_clean_check_starting } # Exit if an error occurs during the execution of the script @@ -28,81 +23,98 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= +ynh_script_progression --message="Loading installation settings..." --weight=1 app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get $app domain) -path_url=$(ynh_app_setting_get $app path) -is_public=$(ynh_app_setting_get $app is_public) -final_path=$(ynh_app_setting_get $app final_path) +domain=$(ynh_app_setting_get --app=$app --key=domain) +path_url=$(ynh_app_setting_get --app=$app --key=path) +is_public=$(ynh_app_setting_get --app=$app --key=is_public) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= +ynh_script_progression --message="Validating restoration parameters..." --weight=1 -ynh_webpath_available $domain $path_url \ - || ynh_die "Path not available: ${domain}${path_url}" +ynh_webpath_available --domain=$domain --path_url=$path_url \ + || ynh_die --message="Path not available: ${domain}${path_url}" test ! -d $final_path \ -|| ynh_die "There is already a directory: $final_path " + || ynh_die --message="There is already a directory: $final_path " #================================================= -# STANDARD RESTORE STEPS +# STANDARD RESTORATION STEPS #================================================= -# RESTORE OF THE NGINX CONFIGURATION +# RESTORE THE NGINX CONFIGURATION #================================================= -ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= -# RESTORE OF THE MAIN DIR OF THE APP +# RESTORE THE APP MAIN DIR #================================================= +ynh_script_progression --message="Restoring the app main directory..." --weight=6 -ynh_restore_file "$final_path" +ynh_restore_file --origin_path="$final_path" #================================================= # RECREATE THE DEDICATED USER #================================================= +ynh_script_progression --message="Recreating the dedicated system user..." --weight=1 -ynh_system_user_create $app $final_path # Recreate the dedicated user, if it doesn't exist +# Create the dedicated user (if not existing) +ynh_system_user_create --username=$app #================================================= -# SPECIFIC RESTORE -#================================================= -# HANDLE LOG FILES AND LOGROTATE +# RESTORE USER RIGHTS #================================================= -mkdir -p /var/log/$app -touch /var/log/$app/etherpad.log -install_log=/var/log/$app/installation.log -touch $install_log -chown $app -R /var/log/$app -chown admin -R $install_log - -# Restore logrotate configuration -ynh_restore_file "/etc/logrotate.d/$app" +# Restore permissions on app files +chown -R $app:$app $final_path #================================================= -# INSTALL NODEJS +# REINSTALL DEPENDENCIES #================================================= +ynh_script_progression --message="Reinstalling dependencies..." --weight=7 -ynh_install_nodejs $nodejs_version +# Install Nodejs +ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version -#================================================= -# ENABLE SERVICE IN ADMIN PANEL -#================================================= - -yunohost service add $app --log "/var/log/$app/etherpad.log" +# Install Yarn +ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" #================================================= # RESTORE SYSTEMD #================================================= +ynh_script_progression --message="Restoring the systemd configuration..." --weight=1 -ynh_restore_file "/etc/systemd/system/$app.service" -## Démarrage auto du service +ynh_restore_file --origin_path="/etc/systemd/system/$app.service" systemctl enable $app.service #================================================= -# RELOAD NGINX +# INTEGRATE SERVICE IN YUNOHOST #================================================= -systemctl reload nginx +yunohost service add $app --description "Zero Knowledge realtime collaborative editor" --log "/var/log/$app/$app.log" + +#================================================= +# START SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Starting a systemd service..." --weight=1 + +ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="server available" + +#================================================= +# GENERIC FINALIZATION +#================================================= +# RELOAD NGINX +#================================================= +ynh_script_progression --message="Reloading nginx web server..." --weight=1 + +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Restoration completed for $app" --last diff --git a/scripts/upgrade b/scripts/upgrade index 20a1c90..6a33d3c 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,7 +1,5 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -set -eu #================================================= # GENERIC STARTING #================================================= @@ -23,146 +21,175 @@ DESTDIR="/var/www/$app" "The destination directory '$DESTDIR' does not exist.\ The app is not correctly installed, you should remove it first." -# Retrieve arguments -domain=$(ynh_app_setting_get "$app" domain) -path_url=$(ynh_normalize_url_path "$(ynh_app_setting_get "$app" path_url)") -final_path=$(ynh_app_setting_get "$app" final_path) -is_public=$(ynh_app_setting_get "$app" is_public) -port=$(ynh_app_setting_get "$app" port) +#================================================= +# LOAD SETTINGS +#================================================= +ynh_script_progression --message="Loading installation settings..." --weight=1 + +domain=$(ynh_app_setting_get --app=$app --key=domain) +path_url=$(ynh_app_setting_get --app=$app --key=path_url) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +is_public=$(ynh_app_setting_get --app=$app --key=is_public) +admin=$(ynh_app_setting_get --app=$app --key=admin) +admin_mail=$(ynh_user_get_info "$admin" 'mail') +port=$(ynh_app_setting_get --app=$app --key=port) +porti=$(ynh_app_setting_get --app=$app --key=porti) #================================================= -# MANAGE SCRIPT FAILURE +# CHECK VERSION #================================================= -# Use prior backup and restore on error only if backup feature -# exists on installed instance -if [ -f "/etc/yunohost/apps/$app/scripts/backup" ] ; then - ynh_backup_before_upgrade # Backup the current version of the app - ynh_clean_setup () { - ynh_restore_upgradebackup - } - ynh_abort_if_errors # Stop script if an error is detected +upgrade_type=$(ynh_check_app_version_changed) + +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= +ynh_script_progression --message="Ensuring downward compatibility..." --weight=2 + +# Fix is_public as a boolean value +if [ "$is_public" = "Yes" ]; then + ynh_app_setting_set --app=$app --key=is_public --value=1 + is_public=1 +elif [ "$is_public" = "No" ]; then + ynh_app_setting_set --app=$app --key=is_public --value=0 + is_public=0 +fi + +# If final_path doesn't exist, create it +if [ -z "$final_path" ]; then + final_path=/var/www/$app + ynh_app_setting_set --app=$app --key=final_path --value=$final_path fi #================================================= -# INSTALL NODEJS +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= -ynh_install_nodejs $nodejs_version +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1 + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors #================================================= -# CREATE DEDICATED USER +# STANDARD UPGRADE STEPS #================================================= +# STOP SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Stopping a systemd service..." --weight=1 -ynh_system_user_create $app - -#================================================= -# SPECIFIC SETUP -#================================================= -# HANDLE LOG FILES AND LOGROTATE -#================================================= - -# Setup logrotate -ynh_use_logrotate /var/log/${app}/*.log --non-append +ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -final_path=/var/www/$app -ynh_app_setting_set $app final_path $final_path -ynh_setup_source $final_path +if [ "$upgrade_type" == "UPGRADE_APP" ] +then + ynh_script_progression --message="Upgrading source files..." --weight=1 -# Set files ownership during installation -sudo chown $app: $final_path -R -sudo chmod 755 $final_path -R + # Download, check integrity, uncompress and patch the source from app.src + ynh_setup_source --dest_dir="$final_path" +fi #================================================= -# Modify Nginx configuration file and copy it to Nginx conf directory +# NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Upgrading nginx web server configuration..." --weight=1 +# Create a dedicated nginx config ynh_add_nginx_config #================================================= -# ADD SYSTEMD SERVICE +# INSTALL NODEJS +#================================================= +ynh_script_progression --message="Upgrading dependencies..." --weight=6 + +# Install Nodejs +ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version + +# Install Yarn +ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" + +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 + +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app + +#================================================= +# CONFIGURE CONFIG.JS #================================================= -ynh_replace_string "__NODE__" "$nodejs_path" "../conf/systemd.service" -ynh_replace_string "__NODEJS__" "$nodejs_version" "../conf/systemd.service" -ynh_replace_string "__ENV_PATH__" "$PATH" "../conf/systemd.service" -ynh_add_systemd_config +ynh_backup_if_checksum_is_different "$final_path/config/config.js" +# Copy default configuration file +mv "../conf/config.js" "$final_path/config/config.js" + +ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$final_path/config/config.js" +ynh_replace_string --match_string="__PORTI__" --replace_string="$porti" --target_file="$final_path/config/config.js" +ynh_replace_string --match_string="__ADMIN_MAIL__" --replace_string="$admin_mail" --target_file="$final_path/config/config.js" + +# Store file checksum to detected user modifications on upgrade +ynh_store_file_checksum "$final_path/config/config.js" #================================================= # INSTALL CRYPTPAD #================================================= +ynh_script_progression --message="Building $app... (this will take some time and resources!)" --weight=60 -script_dir="$PWD" -pushd "$final_path" -chown -R $app: $final_path -npm install -npm install -g bower -exec_login_as $app cd $final_path && env PATH=$PATH bower install -popd +pushd "$final_path" || ynh_die + + ynh_use_nodejs + ynh_exec_warn_less yarn install --allow-root + yarn global add bower + bower install --allow-root + +popd || ynh_die #================================================= -# CONFIGURE SERVER.JS +# SETUP SYSTEMD #================================================= +ynh_script_progression --message="Upgrading systemd configuration..." --weight=1 -# Backup configuration file if changed -ynh_backup_if_checksum_is_different "$final_path/config.js" +ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../conf/systemd.service" +ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="../conf/systemd.service" +ynh_replace_string --match_string="__ENV_PATH__" --replace_string="$PATH" --target_file="../conf/systemd.service" +ynh_replace_string --match_string="__YNH_NPM__" --replace_string="$ynh_npm" --target_file="../conf/systemd.service" -# Copy default configuration file -sudo mv "$final_path/config.example.js" "$final_path/config.js" - -# Set service port -ynh_replace_string "httpPort: 3000" "httpPort: $port" "$final_path/config.js" -# Tune CSP to allow for YunoHost tile -ynh_replace_string "\"script-src 'self'\"" "\"script-src 'self' 'unsafe-eval'\"" "$final_path/config.js" -# Remove donate button -ynh_replace_string "removeDonateButton: false" "removeDonateButton: true" "$final_path/config.js" -# Disable analytics unsolicited communications -ynh_replace_string "adminEmail: 'i.did.not.read.my.config@cryptpad.fr'" "adminEmail: false" "$final_path/config.js" - -# Store file checksum to detected user modifications on upgrade -ynh_store_file_checksum "$final_path/config.js" +# Create a dedicated systemd config +ynh_add_systemd_config #================================================= -# SET FILES OWNERSHIP +# SECURE FILES AND DIRECTORIES #================================================= +ynh_script_progression --message="Upgrading systemd configuration..." --weight=1 -sudo chown -R root: $final_path -sudo chown -R $app: $final_path/datastore $final_path/pins $final_path/blob $final_path/blobstage +# Set permissions on app files +chown -R $app:$app $final_path #================================================= -# INSTALL MODULES FOR CRYPTPAD +# START SYSTEMD SERVICE #================================================= +ynh_script_progression --message="Starting a systemd service..." --weight=1 -#npm install cryptpad-level-store; - -#================================================= -# ENABLE SERVICE IN ADMIN PANEL -#================================================= - -# Ajoute le service au monitoring de Yunohost. -sudo yunohost service add $app --log "/var/log/$app/$app.log" - -#================================================= -# START CRYPTPAD IN BACKGROUND -#================================================= - -sudo systemctl start $app - -#================================================= -# SETUP SSOWAT -#================================================= - -if [ $is_public -eq 1 ]; -then - ynh_app_setting_set "$app" unprotected_uris "/" -fi +ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="server available" #================================================= # RELOAD NGINX #================================================= -sudo systemctl restart php5-fpm -sudo systemctl reload nginx +ynh_script_progression --message="Reloading nginx web server..." --weight=1 + +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Upgrade of $app completed" --last