YunoHost-Apps/cryptpad_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/cryptpad_ynh.git synced 2024-09-03 18:26:14 +02:00
Code Issues Activity Actions

Repackage to upstream v.3.18.1 (#40)

Browse source 
* version 3.2.0
* different corrections
This commit is contained in:
Éric Gaspar 2020-06-17 21:51:03 +02:00 committed by GitHub
parent 36b96b6428
commit c2d942a86f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
17 changed files with 863 additions and 653 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

81
README.md
View file

@ -1,28 +1,73 @@
Cryptad for Yunohost # CryptPad for YunoHost
------------------------
[![Integration level](https://dash.yunohost.org/integration/cryptpad.svg)](https://dash.yunohost.org/appci/app/cryptpad) [![Integration level](https://dash.yunohost.org/integration/cryptpad.svg)](https://dash.yunohost.org/appci/app/cryptpad) ![](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg)
[![Install Cryptad with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=cryptpad) [![Install CryptPad with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=cryptpad)
**Shipped version:** 3.2.0 *[Lire ce readme en français.](./README_fr.md)*
> *This package allows you to install CryptPad quickly and simply on a YunoHost server.
If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.*
## Overview
CryptPad is a Zero Knowledge realtime collaborative editor. You can share access to a document simply by sharing the link.
**Shipped version:** 3.18.1
## Screenshots
![](https://github.com/xwiki-labs/cryptpad/raw/master/screenshot.png)
## Demo ## Demo
https://cryptpad.fr/
## Known limitations / Limitations connues * [Official demo](https://cryptpad.fr/)
- Installation possible only on a domain root (Cryptpad limitation)
- Can't login via SSO (due to this [Cryptpad limitation](https://github.com/xwiki-labs/cryptpad/issues/116))
## Configuration
## Links / Liens * How to configure this app: From an admin panel, a plain file with SSH.
- Package URL/URL du Paquet: https://github.com/YunoHost-Apps/cryptpad_ynh
- Official Website/Site Officiel: https://cryptpad.fr/
- Github: https://github.com/xwiki-labs/cryptpad
- Package status:
- [Last weekly report](https://forum.yunohost.org/t/rapport-hebdomadaire-dintegration-continue/2297)
- [Last continuous integration test](https://ci-apps.yunohost.org/jenkins/job/cryptpad%20%28Community%29/lastBuild/consoleFull)
## Documentation
## Tricks : * Official documentation: https://cryptpad.fr/what-is-cryptpad.html
* YunoHost documentation: If specific documentation is needed, feel free to contribute.
- To increase space for user in cryptpad, you can set up it in the config.js file in the root folder (/var/www/cryptpad/config.js), and then restart the cryptpad service (`sudo service cryptpad restart`). ## YunoHost specific features
#### Multi-user support
* Are LDAP and HTTP auth supported? **No**
* Can the app be used by multiple users? **Yes**
#### Supported architectures
* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/cryptpad%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/cryptpad/)
* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/cryptpad%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/cryptpad/)
## Limitations
* Installation possible only on a root domain (CryptPad limitation)
* Can't login via SSO (due to this [Cryptpad limitation](https://github.com/xwiki-labs/cryptpad/issues/116))
## Additional information
* To increase space for CryptPad users, you can modify `/var/www/cryptpad/config.js`, and restart the CryptPad service with `sudo service cryptpad restart`.
## Links
* Report a bug: https://github.com/YunoHost-Apps/cryptpad_ynh/issues
* App website: https://cryptpad.fr/
* Upstream app repository: https://github.com/xwiki-labs/cryptpad
* YunoHost website: https://yunohost.org/
---
Developer info
----------------
Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing).
To try the testing branch, please proceed like that.
```
sudo yunohost app install https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing --debug
or
sudo yunohost app upgrade cryptpad -u https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing --debug
```

73
README_fr.md Normal file
View file

@ -0,0 +1,73 @@
# CryptPad pour YunoHost
[![Integration level](https://dash.yunohost.org/integration/cryptpad.svg)](https://dash.yunohost.org/appci/app/cryptpad) ![](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg)
[![Installer CryptPad avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=cryptpad)
*[Read this readme in english.](./README.md)*
> *Ce package vous permet d'installer CryptPad rapidement et simplement sur un serveur YunoHost.
Si vous n'avez pas YunoHost, consultez [le guide](https://yunohost.org/#/install) pour apprendre comment l'installer.*
## Vue d'ensemble
CryptPad est un éditeur de documents chiffrés collaboratifs en temps réel. Vous pouvez partager l'accès à un document simplement en partageant le lien.
**Version incluse :** 3.18.1
## Captures d'écran
![](https://github.com/xwiki-labs/cryptpad/raw/master/screenshot.png)
## Démo
* [Démo officielle](https://cryptpad.fr/)
## Configuration
Comment configurer cette application : via le panneau d'administration ainsi que le fichier de configuration `/var/www/cryptpad/config.js`.
## Documentation
* Official documentation : https://cryptpad.fr/what-is-cryptpad.html
* YunoHost documentation : If specific documentation is needed, feel free to contribute.
## YunoHost specific features
#### Support multi-utilisateur
* L'authentification LDAP et HTTP est-elle prise en charge ? **Non**
* L'application peut-elle être utilisée par plusieurs utilisateurs ? **Oui**
#### Architectures supportées
* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/cryptpad%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/cryptpad/)
* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/cryptpad%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/cryptpad/)
## Limitations
* Nécessite un sous-domaine / domaine dédié. (limitation de CryptPad)
* Impossible de se connecter via SSO (cf [limitation de CryptPad](https://github.com/xwiki-labs/cryptpad/issues/116))
## Informations additionnelles
* Pour augmenter l'espace pour l'utilisateur dans le CryptPad, vous pouvez configurer le fichier `config.js` dans le dossier `/var/www/cryptpad/config.js`, puis redémarrez le service CryptPad `sudo service cryptpad restart`.
## Liens
* Signaler un bug : https://github.com/YunoHost-Apps/cryptpad_ynh/issues
* Site de l'application : https://cryptpad.fr/
* Dépôt de l'application principale : https://github.com/xwiki-labs/cryptpad
* Site web YunoHost: https://yunohost.org/
---
Informations pour les développeurs
----------------
Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing).
Pour essayer la branche testing, procédez comme suit.
```
sudo yunohost app install https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing --debug
ou
sudo yunohost app upgrade cryptpad -u https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing --debug
```

4
check_process
View file

@ -3,8 +3,8 @@
; Manifest ; Manifest
domain="domain.tld" (DOMAIN) domain="domain.tld" (DOMAIN)
path="/path" (PATH) path="/path" (PATH)
admin="john" (USER)
is_public="1" (PUBLIC|public=1|private=0) is_public="1" (PUBLIC|public=1|private=0)
email="example@example.io" (EMAIL)
; Checks ; Checks
pkg_linter=1 pkg_linter=1
setup_sub_dir=0 setup_sub_dir=0
@ -17,7 +17,7 @@
multi_instance=0 multi_instance=0
incorrect_path=0 incorrect_path=0
port_already_use=1 port_already_use=1
change_url=0 change_url=1
;;; Levels ;;; Levels
Level 1=auto Level 1=auto
Level 2=auto Level 2=auto

6
conf/app.src
View file

@ -1,6 +1,6 @@
SOURCE_URL=https://github.com/xwiki-labs/cryptpad/archive/3.2.0.tar.gz SOURCE_URL=https://github.com/xwiki-labs/cryptpad/archive/3.18.1.tar.gz
SOURCE_SUM=4f7576401e506aa24c032be675539b671ace27c5453b40edfe39f84daa0fcbfc SOURCE_SUM=6aad512ffd04632b94dc47c17f59781c484508dd6bcf4675bda945d74e66ef6b
SOURCE_SUM_PRG=sha256sum SOURCE_SUM_PRG=sha256sum
SOURCE_FORMAT=tar.gz SOURCE_FORMAT=tar.gz
SOURCE_IN_SUBDIR=true SOURCE_IN_SUBDIR=true
SOURCE_FILENAME= SOURCE_FILENAME=cryptpad-3.18.1.tar.gz

435
conf/config.js
View file

@ -1,189 +1,203 @@
/*@flow*/ /* globals module */
/*
globals module /* DISCLAIMER:
There are two recommended methods of running a CryptPad instance:
1. Using a standalone nodejs server without HTTPS (suitable for local development)
2. Using NGINX to serve static assets and to handle HTTPS for API server's websocket traffic
We do not officially recommend or support Apache, Docker, Kubernetes, Traefik, or any other configuration.
Support requests for such setups should be directed to their authors.
If you're having difficulty difficulty configuring your instance
we suggest that you join the project's IRC/Matrix channel.
If you don't have any difficulty configuring your instance and you'd like to
support us for the work that went into making it pain-free we are quite happy
to accept donations via our opencollective page: https://opencollective.com/cryptpad
*/ */
var _domain = 'http://localhost:__PORT__/';
// You can `kill -USR2` the node process and it will write out a heap dump.
// If your system doesn't support dumping, comment this out and install with
// `npm install --production`
// See: https://strongloop.github.io/strongloop.com/strongblog/how-to-heap-snapshots/
// to enable this feature, uncomment the line below:
// require('heapdump');
// we prepend a space because every usage expects it
// requiring admins to preserve it is unnecessarily confusing
var domain = ' ' + _domain;
// Content-Security-Policy
var baseCSP = [
"default-src 'none'",
"style-src 'unsafe-inline' 'self' " + domain,
"font-src 'self' data:" + domain,
/* child-src is used to restrict iframes to a set of allowed domains.
* connect-src is used to restrict what domains can connect to the websocket.
*
* it is recommended that you configure these fields to match the
* domain which will serve your CryptPad instance.
*/
"child-src blob: *",
// IE/Edge
"frame-src blob: *",
/* this allows connections over secure or insecure websockets
if you are deploying to production, you'll probably want to remove
the ws://* directive, and change '*' to your domain
*/
"connect-src 'self' ws: wss: blob:" + domain,
// data: is used by codemirror
"img-src 'self' data: blob:" + domain,
"media-src * blob:",
// for accounts.cryptpad.fr authentication and cross-domain iframe sandbox
"frame-ancestors *",
""
];
module.exports = { module.exports = {
/* CryptPad is designed to serve its content over two domains.
* Account passwords and cryptographic content is handled on the 'main' domain,
* while the user interface is loaded on a 'sandbox' domain
* which can only access information which the main domain willingly shares.
*
* In the event of an XSS vulnerability in the UI (that's bad)
* this system prevents attackers from gaining access to your account (that's good).
*
* Most problems with new instances are related to this system blocking access
* because of incorrectly configured sandboxes. If you only see a white screen
* when you try to load CryptPad, this is probably the cause.
*
* PLEASE READ THE FOLLOWING COMMENTS CAREFULLY.
*
*/
/* httpUnsafeOrigin is the URL that clients will enter to load your instance.
* Any other URL that somehow points to your instance is supposed to be blocked.
* The default provided below assumes you are loading CryptPad from a server
* which is running on the same machine, using port 3000.
*
* In a production instance this should be available ONLY over HTTPS
* using the default port for HTTPS (443) ie. https://cryptpad.fr
* In such a case this should be handled by NGINX, as documented in
* cryptpad/docs/example.nginx.conf (see the $main_domain variable)
*
*/
httpUnsafeOrigin: 'http://127.0.0.1:__PORT__',
/* httpSafeOrigin is the URL that is used for the 'sandbox' described above.
* If you're testing or developing with CryptPad on your local machine then
* it is appropriate to leave this blank. The default behaviour is to serve
* the main domain over port 3000 and to serve the content over port 3001.
*
* This is not appropriate in a production environment where invasive networks
* may filter traffic going over abnormal ports.
* To correctly configure your production instance you must provide a URL
* with a different domain (a subdomain is sufficient).
* It will be used to load the UI in our 'sandbox' system.
*
* This value corresponds to the $sandbox_domain variable
* in the example nginx file.
*
* CUSTOMIZE AND UNCOMMENT THIS FOR PRODUCTION INSTALLATIONS.
*/
// httpSafeOrigin: "https://some-other-domain.xyz",
/* httpAddress specifies the address on which the nodejs server
* should be accessible. By default it will listen on 127.0.0.1
* (IPv4 localhost on most systems). If you want it to listen on
* all addresses, including IPv6, set this to '::'.
*
*/
httpAddress: '::',
/* httpPort specifies on which port the nodejs server should listen.
* By default it will serve content over port 3000, which is suitable
* for both local development and for use with the provided nginx example,
* which will proxy websocket traffic to your node server.
*
*/
httpPort: __PORT__,
/* httpSafePort allows you to specify an alternative port from which
* the node process should serve sandboxed assets. The default value is
* that of your httpPort + 1. You probably don't need to change this.
*
*/
httpSafePort: __PORTI__,
/* CryptPad will launch a child process for every core available
* in order to perform CPU-intensive tasks in parallel.
* Some host environments may have a very large number of cores available
* or you may want to limit how much computing power CryptPad can take.
* If so, set 'maxWorkers' to a positive integer.
*/
// maxWorkers: 4,
/* ===================== /* =====================
* Admin * Admin
* ===================== */ * ===================== */
/* /*
* CryptPad now contains an administration panel. Its access is restricted to specific * CryptPad contains an administration panel. Its access is restricted to specific
* users using the following list. * users using the following list.
* To give access to the admin panel to a user account, just add their user id, * To give access to the admin panel to a user account, just add their user id,
* which can be found on the settings page for registered users. * which can be found on the settings page for registered users.
* Entries should be strings separated by a comma. * Entries should be strings separated by a comma.
*/ */
/*
adminKeys: [ adminKeys: [
//"https://my.awesome.website/user/#/1/cryptpad-user1/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=", //"https://my.awesome.website/user/#/1/cryptpad-user1/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=",
], ],
/* =====================
* Infra setup
* ===================== */
// the address you want to bind to, :: means all ipv4 and ipv6 addresses
// this may not work on all operating systems
httpAddress: '::',
// the port on which your httpd will listen
httpPort: __PORT__,
// This is for allowing the cross-domain iframe to function when developing
httpSafePort: __PORTI__,
// This is for deployment in production, CryptPad uses a separate origin (domain) to host the
// cross-domain iframe. It can simply host the same content as CryptPad.
// httpSafeOrigin: "https://some-other-domain.xyz",
httpUnsafeOrigin: domain,
/* your server's websocket url is configurable
* (default: '/cryptpad_websocket')
*
* websocketPath can be relative, of the form '/path/to/websocket'
* or absolute, specifying a particular URL
*
* 'wss://cryptpad.fr:3000/cryptpad_websocket'
*/ */
websocketPath: '/cryptpad_websocket',
/* CryptPad can be configured to send customized HTTP Headers /* CryptPad's administration panel includes a "support" tab
* These settings may vary widely depending on your needs * wherein administrators with a secret key can view messages
* Examples are provided below * sent from users via the encrypted forms on the /support/ page
*/
httpHeaders: {
"X-XSS-Protection": "1; mode=block",
"X-Content-Type-Options": "nosniff",
"Access-Control-Allow-Origin": "*"
},
contentSecurity: baseCSP.join('; ') +
"script-src 'self'" + domain,
// CKEditor and OnlyOffice require significantly more lax content security policy in order to function.
padContentSecurity: baseCSP.join('; ') +
"script-src 'self' 'unsafe-eval' 'unsafe-inline'" + domain,
/* it is recommended that you serve CryptPad over https
* the filepaths below are used to configure your certificates
*/
//privKeyAndCertFiles: [
// '/etc/apache2/ssl/my_secret.key',
// '/etc/apache2/ssl/my_public_cert.crt',
// '/etc/apache2/ssl/my_certificate_authorities_cert_chain.ca'
//],
/* Main pages
* add exceptions to the router so that we can access /privacy.html
* and other odd pages
*/
mainPages: [
'index',
'privacy',
'terms',
'about',
'contact',
'what-is-cryptpad',
'features',
'faq',
'maintenance'
],
/* =====================
* Subscriptions
* ===================== */
/* Limits, Donations, Subscriptions and Contact
* *
* By default, CryptPad limits every registered user to 50MB of storage. It also shows a * To enable this functionality:
* subscribe button which allows them to upgrade to a paid account. We handle payment, * run `node ./scripts/generate-admin-keys.js`
* and keep 50% of the proceeds to fund ongoing development. * save the public key in your config in the value below
* add the private key via the admin panel
* and back it up in a secure manner
* *
* You can:
* A: leave things as they are
* B: disable accounts but display a donate button
* C: hide any reference to paid accounts or donation
*
* If you chose A then there's nothing to do.
* If you chose B, set 'allowSubscriptions' to false.
* If you chose C, set 'removeDonateButton' to true
*/ */
allowSubscriptions: false, // supportMailboxPublicKey: "",
removeDonateButton: false,
/* We're very proud that CryptPad is available to the public as free software!
* We do, however, still need to pay our bills as we develop the platform.
*
* By default CryptPad will prompt users to consider donating to
* our OpenCollective campaign. We publish the state of our finances periodically
* so you can decide for yourself whether our expenses are reasonable.
*
* You can disable any solicitations for donations by setting 'removeDonateButton' to true,
* but we'd appreciate it if you didn't!
*/
removeDonateButton: true,
/* CryptPad will display a point of contact for your instance on its contact page
* (/contact.html) if you provide it below.
*/
adminEmail: "__ADMIN_MAIL__",
/* /*
* By default, CryptPad also contacts our accounts server once a day to check for changes in * By default, CryptPad contacts one of our servers once a day.
* the people who have accounts. This check-in will also send the version of your CryptPad * This check-in will also send some very basic information about your instance including its
* instance and your email so we can reach you if we are aware of a serious problem. We will * version and the adminEmail so we can reach you if we are aware of a serious problem.
* never sell it or send you marketing mail. If you want to block this check-in and remain * We will never sell it or send you marketing mail.
* completely invisible, set this and allowSubscriptions both to false.
*/
adminEmail: '__ADMIN_EMAIL__',
/* Sales coming from your server will be identified by your domain
* *
* If you are using CryptPad in a business context, please consider taking a support contract * If you want to block this check-in and remain set 'blockDailyCheck' to true.
* by contacting sales@cryptpad.fr
*/ */
myDomain: _domain, blockDailyCheck: true,
/* /*
* If you are using CryptPad internally and you want to increase the per-user storage limit, * By default users get 50MB of storage by registering on an instance.
* change the following value. * You can set this value to whatever you want.
* *
* Please note: This limit is what makes people subscribe and what pays for CryptPad * hint: 50MB is 50 * 1024 * 1024
* development. Running a public instance that provides a "better deal" than cryptpad.fr
* is effectively using the project against itself.
*/ */
defaultStorageLimit: 50 * 1024 * 1024, //defaultStorageLimit: 50 * 1024 * 1024,
/* =====================
* STORAGE
* ===================== */
/* Pads that are not 'pinned' by any registered user can be set to expire
* after a configurable number of days of inactivity (default 90 days).
* The value can be changed or set to false to remove expiration.
* Expired pads can then be removed using a cron job calling the
* `evict-inactive.js` script with node
*
* defaults to 90 days if nothing is provided
*/
//inactiveTime: 90, // days
/* CryptPad archives some data instead of deleting it outright.
* This archived data still takes up space and so you'll probably still want to
* remove these files after a brief period.
*
* cryptpad/scripts/evict-inactive.js is intended to be run daily
* from a crontab or similar scheduling service.
*
* The intent with this feature is to provide a safety net in case of accidental
* deletion. Set this value to the number of days you'd like to retain
* archived data before it's removed permanently.
*
* defaults to 15 days if nothing is provided
*/
//archiveRetentionTime: 15,
/* Max Upload Size (bytes)
* this sets the maximum size of any one file uploaded to the server.
* anything larger than this size will be rejected
* defaults to 20MB if no value is provided
*/
//maxUploadSize: 20 * 1024 * 1024,
/* /*
* CryptPad allows administrators to give custom limits to their friends. * CryptPad allows administrators to give custom limits to their friends.
@ -193,8 +207,8 @@ module.exports = {
* *
* hint: 1GB is 1024 * 1024 * 1024 bytes * hint: 1GB is 1024 * 1024 * 1024 bytes
*/ */
customLimits: {
/* /*
customLimits: {
"https://my.awesome.website/user/#/1/cryptpad-user1/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=": { "https://my.awesome.website/user/#/1/cryptpad-user1/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=": {
limit: 20 * 1024 * 1024 * 1024, limit: 20 * 1024 * 1024 * 1024,
plan: 'insider', plan: 'insider',
@ -205,70 +219,15 @@ module.exports = {
plan: 'insider', plan: 'insider',
note: 'storage space donated by my.awesome.website' note: 'storage space donated by my.awesome.website'
} }
*/
}, },
/* =====================
* STORAGE
* ===================== */
/* By default the CryptPad server will run scheduled tasks every five minutes
* If you want to run scheduled tasks in a separate process (like a crontab)
* you can disable this behaviour by setting the following value to true
*/ */
disableIntegratedTasks: false,
/* Pads that are not 'pinned' by any registered user can be set to expire /* Users with premium accounts (those with a plan included in their customLimit)
* after a configurable number of days of inactivity (default 90 days). * can benefit from an increased upload size limit. By default they are restricted to the same
* The value can be changed or set to false to remove expiration. * upload size as any other registered user.
* Expired pads can then be removed using a cron job calling the
* `delete-inactive.js` script with node
*/
inactiveTime: 90, // days
/* CryptPad can be configured to remove inactive data which has not been pinned.
* Deletion of data is always risky and as an operator you have the choice to
* archive data instead of deleting it outright. Set this value to true if
* you want your server to archive files and false if you want to keep using
* the old behaviour of simply removing files.
* *
* WARNING: this is not implemented universally, so at the moment this will
* only apply to the removal of 'channels' due to inactivity.
*/ */
retainData: true, //premiumUploadSize: 100 * 1024 * 1024,
/* As described above, CryptPad offers the ability to archive some data
* instead of deleting it outright. This archived data still takes up space
* and so you'll probably still want to remove these files after a brief period.
* The intent with this feature is to provide a safety net in case of accidental
* deletion. Set this value to the number of days you'd like to retain
* archived data before it's removed permanently.
*
* If 'retainData' is set to false, there will never be any archived data
* to remove.
*/
archiveRetentionTime: 15,
/* Max Upload Size (bytes)
* this sets the maximum size of any one file uploaded to the server.
* anything larger than this size will be rejected
*/
maxUploadSize: 20 * 1024 * 1024,
/* =====================
* HARDWARE RELATED
* ===================== */
/* CryptPad's file storage adaptor closes unused files after a configurable
* number of milliseconds (default 30000 (30 seconds))
*/
channelExpirationMs: 30000,
/* CryptPad's file storage adaptor is limited by the number of open files.
* When the adaptor reaches openFileLimit, it will clean up older files
*/
openFileLimit: 2048,
/* ===================== /* =====================
* DATABASE VOLUMES * DATABASE VOLUMES
@ -295,12 +254,12 @@ module.exports = {
* Pin requests are stored in a pin-store. The location of this store is * Pin requests are stored in a pin-store. The location of this store is
* defined here. * defined here.
*/ */
pinPath: './pins', pinPath: './data/pins',
/* if you would like the list of scheduled tasks to be stored in /* if you would like the list of scheduled tasks to be stored in
a custom location, change the path below: a custom location, change the path below:
*/ */
taskPath: './tasks', taskPath: './data/tasks',
/* if you would like users' authenticated blocks to be stored in /* if you would like users' authenticated blocks to be stored in
a custom location, change the path below: a custom location, change the path below:
@ -315,7 +274,7 @@ module.exports = {
/* CryptPad stores incomplete blobs in a 'staging' area until they are /* CryptPad stores incomplete blobs in a 'staging' area until they are
* fully uploaded. Set its location here. * fully uploaded. Set its location here.
*/ */
blobStagingPath: './blobstage', blobStagingPath: './data/blobstage',
/* CryptPad supports logging events directly to the disk in a 'logs' directory /* CryptPad supports logging events directly to the disk in a 'logs' directory
* Set its location here, or set it to false (or nothing) if you'd rather not log * Set its location here, or set it to false (or nothing) if you'd rather not log
@ -356,42 +315,6 @@ module.exports = {
*/ */
logFeedback: false, logFeedback: false,
/* You can get a repl for debugging the server if you want it.
* to enable this, specify the debugReplName and then you can
* connect to it with `nc -U /tmp/repl/<your name>.sock`
* If you run multiple cryptpad servers, you need to use different
* repl names.
*/
//debugReplName: "cryptpad"
/* =====================
* DEPRECATED
* ===================== */
/*
You have the option of specifying an alternative storage adaptor.
These status of these alternatives are specified in their READMEs,
which are available at the following URLs:
mongodb: a noSQL database
https://github.com/xwiki-labs/cryptpad-mongo-store
amnesiadb: in memory storage
https://github.com/xwiki-labs/cryptpad-amnesia-store
leveldb: a simple, fast, key-value store
https://github.com/xwiki-labs/cryptpad-level-store
sql: an adaptor for a variety of sql databases via knexjs
https://github.com/xwiki-labs/cryptpad-sql-store
For the most up to date solution, use the default storage adaptor.
*/
storage: './storage/file',
/* CryptPad's socket server can be extended to respond to RPC calls
* you can configure it to respond to custom RPC calls if you like.
* provide the path to your RPC module here, or `false` if you would
* like to disable the RPC interface completely
*/
rpc: './rpc.js',
/* CryptPad supports verbose logging /* CryptPad supports verbose logging
* (false by default) * (false by default)
*/ */

25
conf/nginx.conf
View file

@ -1,24 +1,21 @@
location __PATH__/ { location ^~ / {
# Force usage of https
try_files $uri $uri/index.html;
if ($scheme = http) { if ($scheme = http) {
rewrite ^ https://$server_name$request_uri? permanent; rewrite ^ https://$server_name$request_uri? permanent;
} }
proxy_pass http://127.0.0.1:__PORT__;
proxy_pass http://localhost:__PORT__/; proxy_redirect off;
add_header X-Frame-Options SAMEORIGIN;
proxy_set_header Host $host; proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_http_version 1.1; proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade; proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade; proxy_set_header Connection "upgrade";
# Include SSOWAT user panel. # Include SSOWAT user panel.
include conf.d/yunohost_panel.conf.inc; include conf.d/yunohost_panel.conf.inc;
more_clear_input_headers 'Accept-Encoding';
} }
## TODO fix in the code so that we don't need this
location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard)$ {
rewrite ^(.*)$ $1/ redirect;
}

5
conf/systemd.service
View file

@ -1,5 +1,5 @@
[Unit] [Unit]
Description=CryptPad service Description=Zero Knowledge realtime collaborative editor.
After=syslog.target network.target After=syslog.target network.target
[Service] [Service]
@ -7,8 +7,9 @@ Type=simple
User=__APP__ User=__APP__
Group=__APP__ Group=__APP__
WorkingDirectory=__FINALPATH__ WorkingDirectory=__FINALPATH__
Environment=PATH=__ENV_PATH__
Environment=NODE_ENV=production Environment=NODE_ENV=production
ExecStart=__NODE__/node server | tee /var/log/__APP__/cryptpad.log ExecStart=__YNH_NPM__ start
Restart=always Restart=always
[Install] [Install]

46
issue_template.md Normal file
View file

@ -0,0 +1,46 @@
---
name: Bug report
about: Create a report to help us debug, it would be nice to fill the template as much as you can to help us, help you and help us all.
---
**How to post a meaningful bug report**
1. *Read this whole template first.*
2. *Determine if you are on the right place:*
- *If you were performing an action on the app from the webadmin or the CLI (install, update, backup, restore, change url...), you are on the right place!*
- *Otherwise, the issue may be due to CryptPad itself. Refer to its documentation or repository for help.*
- *If you have a doubt, post here, we will figure it out together.*
3. *Delete the italic comments as you write over them below, and remove this guide.*
---
**Describe the bug**
*A clear and concise description of what the bug is.*
**Versions**
- Hardware: *VPS bought online / Old laptop or computer / Raspberry Pi at home / Internet Cube with VPN / Other ARM board / ...*
- YunoHost version: x.x.x
- I have access to my server: *Through SSH | through the webadmin | direct access via keyboard / screen | ...*
- Are you in a special context or did you perform some particular tweaking on your YunoHost instance ?: *no / yes*
- If yes, please explain:
- Using, or trying to install package version/branch:
- If upgrading, current package version: *can be found in the admin, or with `yunohost app info cryptpad`*
**To Reproduce**
*Steps to reproduce the behavior.*
- *If you performed a command from the CLI, the command itself is enough. For example:*
```sh
sudo yunohost app install cryptpad
```
- *If you used the webadmin, please perform the equivalent command from the CLI first.*
- *If the error occurs in your browser, explain what you did:*
1. *Go to '...'*
2. *Click on '....'*
3. *Scroll down to '....'*
4. *See error*
**Expected behavior**
*A clear and concise description of what you expected to happen. You can remove this section if the command above is enough to understand your intent.*
**Logs**
*After a failed command, YunoHost makes the log available to you, but also to others, thanks to `yunohost log display [log name] --share`. The actual command, with the correct log name, is displayed at the end of the failed attempt in the CLI. Execute it and copy here the share link it outputs.*
*If applicable and useful, add screenshots to help explain your problem.*

24
manifest.json
View file

@ -3,10 +3,10 @@
"id": "cryptpad", "id": "cryptpad",
"packaging_format": 1, "packaging_format": 1,
"description": { "description": {
"en": "Encrypted Pad", "en": "Zero Knowledge realtime collaborative editor",
"fr": "Créateur de pad chiffré." "fr": "Éditeur chiffré collaboratif en temps réel."
}, },
"version": "2.16.0", "version": "3.18.1~ynh1",
"url": "https://cryptpad.fr/", "url": "https://cryptpad.fr/",
"license": "AGPL-3.0-or-later", "license": "AGPL-3.0-or-later",
"maintainer": { "maintainer": {
@ -15,7 +15,7 @@
"url": "https://frju365.yunohost.support" "url": "https://frju365.yunohost.support"
}, },
"requirements": { "requirements": {
"yunohost": ">= 3.0.0" "yunohost": ">= 3.8.1"
}, },
"multi_instance": false, "multi_instance": false,
"services": [ "services": [
@ -30,26 +30,26 @@
"en": "Choose a domain name for CryptPad", "en": "Choose a domain name for CryptPad",
"fr": "Choisissez un nom de domaine pour CryptPad" "fr": "Choisissez un nom de domaine pour CryptPad"
}, },
"example": "example.com" "example": "cryptpad.example.com"
}, },
{ {
"name": "path", "name": "path",
"type": "path", "type": "path",
"ask": { "ask": {
"en": "Choose a path for CryptPad, only / is allowed.", "en": "Choose a path for CryptPad, requires a dedicated sub-domain/domain.",
"fr": "Choisissez un chemin pour CryptPad, seul / est autorisé." "fr": "Choisissez un chemin pour CryptPad, nécessite un sous-domaine/domaine dédié."
}, },
"example": "/", "example": "/",
"default": "/" "default": "/"
}, },
{ {
"name": "email", "name": "admin",
"type": "email", "type": "user",
"ask": { "ask": {
"en": "Choose an email for the admin user.", "en": "Choose an admin user",
"fr": "Choisissez une adresse mail pour l'administrateur" "fr": "Choisissez ladministrateur"
}, },
"example": "example@example.tld" "example": "johndoe"
}, },
{ {
"name": "is_public", "name": "is_public",

18
pull_request_template.md Normal file
View file

@ -0,0 +1,18 @@
## Problem
- *Description of why you made this PR*
## Solution
- *And how do you fix that problem*
## PR Status
- [ ] Code finished.
- [ ] Tested with Package_check.
- [ ] Fix or enhancement tested.
- [ ] Upgrade from last version tested.
- [ ] Can be reviewed and tested.
## Package_check results
---
*If you have access to [App Continuous Integration for packagers](https://yunohost.org/#/packaging_apps_ci) you can provide a link to the package_check results like below, replacing '-NUM-' in this link by the PR number and USERNAME by your username on the ci-apps-dev. Or you provide a screenshot or a pastebin of the results*
[![Build Status](https://ci-apps-dev.yunohost.org/jenkins/job/cryptpad_ynh%20PR-NUM-%20(USERNAME)/badge/icon)](https://ci-apps-dev.yunohost.org/jenkins/job/cryptpad_ynh%20PR-NUM-%20(USERNAME)/)

84
scripts/_common.sh
View file

@ -3,83 +3,17 @@
#================================================= #=================================================
# COMMON VARIABLES # COMMON VARIABLES
#================================================= #=================================================
nodejs_version=6
nodejs_version=12
#================================================= #=================================================
# PERSONAL HELPERS
# Start or restart a service and follow its booting
#
# usage: ynh_check_starting "Line to match" [Log file] [Timeout] [Service name]
#
# | arg: Line to match - The line to find in the log to attest the service have finished to boot.
# | arg: Log file - The log file to watch
# | arg: Service name
# /var/log/$app/$app.log will be used if no other log is defined.
# | arg: Timeout - The maximum time to wait before ending the watching. Defaut 300 seconds.
ynh_check_starting () {
local line_to_match="$1"
local service_name="${4:-$app}"
local app_log="${2:-/var/log/$service_name/$service_name.log}"
local timeout=${3:-300}
ynh_clean_check_starting () {
# Stop the execution of tail.
kill -s 15 $pid_tail 2>&1
ynh_secure_remove "$templog" 2>&1
}
echo "Starting of $service_name" >&2
systemctl stop $service_name
local templog="$(mktemp)"
# Following the starting of the app in its log
tail -F -n0 "$app_log" > "$templog" &
# Get the PID of the tail command
local pid_tail=$!
systemctl start $service_name
local i=0
for i in `seq 1 $timeout`
do
# Read the log until the sentence is found, that means the app finished to start. Or run until the timeout
if grep --quiet "$line_to_match" "$templog"
then
echo "The service $service_name has correctly started." >&2
break
fi
echo -n "." >&2
sleep 1
done
if [ $i -eq $timeout ]
then
echo "The service $service_name didn't fully started before the timeout." >&2
fi
echo ""
ynh_clean_check_starting
}
#================================================= #=================================================
#=================================================
# EXPERIMENTAL HELPERS
#=================================================
# EXEC_LOGIN_AS Helper #=================================================
# FUTURE OFFICIAL HELPERS
# Execute a command as another user with login #=================================================
# (hence in user home dir, with prior loading of .profile, etc.)
# usage: exec_login_as USER COMMAND [ARG ...]
exec_login_as() {
local user=$1
shift 1
exec_as $user --login "$@"
}
# Execute a command as another user
# usage: exec_as USER COMMAND [ARG ...]
exec_as() {
local user=$1
shift 1
if [[ $user = $(whoami) ]]; then
eval "$@"
else
sudo -u "$user" "$@"
fi
}

51
scripts/backup
View file

@ -6,18 +6,17 @@
# IMPORT GENERIC HELPERS # IMPORT GENERIC HELPERS
#================================================= #=================================================
if [ ! -e _common.sh ]; then #Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
# Get the _common.sh file if it's not in the current directory source ../settings/scripts/_common.sh
cp ../settings/scripts/_common.sh ./_common.sh
chmod a+rx _common.sh
fi
source _common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
#================================================= #=================================================
# MANAGE SCRIPT FAILURE # MANAGE SCRIPT FAILURE
#================================================= #=================================================
ynh_clean_setup () {
ynh_clean_check_starting
}
# Exit if an error occurs during the execution of the script # Exit if an error occurs during the execution of the script
ynh_abort_if_errors ynh_abort_if_errors
@ -26,31 +25,37 @@ ynh_abort_if_errors
#================================================= #=================================================
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get $app domain)
final_path=$(ynh_app_setting_get $app final_path) domain=$(ynh_app_setting_get --app=$app --key=domain)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#================================================= #=================================================
# STANDARD BACKUP STEPS # DECLARE DATA AND CONF FILES TO BACKUP
#================================================= #=================================================
# BACKUP APP MAIN DIR ynh_print_info --message="Declaring files to be backed up..."
#=================================================
CHECK_SIZE "$final_path"
ynh_backup "$final_path" "sources"
#================================================= #=================================================
# BACKUP NGINX CONFIGURATION # BACKUP THE APP MAIN DIR
#================================================= #=================================================
ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" "nginx.conf" ynh_backup --src_path="$final_path"
#================================================= #=================================================
# BACKUP LOGROTATE CONFIGURATION # BACKUP THE NGINX CONFIGURATION
#=================================================
ynh_backup "/etc/logrotate.d/$app" "logrotate"
#=================================================
# BACKUP SYSTEMD CONFIGURATION
#================================================= #=================================================
ynh_backup "/etc/systemd/system/$app.service" "systemd.service" ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#=================================================
# SPECIFIC BACKUP
#=================================================
# BACKUP SYSTEMD
#=================================================
ynh_backup --src_path="/etc/systemd/system/$app.service"
#=================================================
# END OF SCRIPT
#=================================================
ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)."

123
scripts/change_url Normal file
View file

@ -0,0 +1,123 @@
#!/bin/bash
#=================================================
# GENERIC STARTING
#=================================================
# IMPORT GENERIC HELPERS
#=================================================
source _common.sh
source /usr/share/yunohost/helpers
#=================================================
# RETRIEVE ARGUMENTS
#=================================================
old_domain=$YNH_APP_OLD_DOMAIN
old_path=$YNH_APP_OLD_PATH
new_domain=$YNH_APP_NEW_DOMAIN
new_path=$YNH_APP_NEW_PATH
app=$YNH_APP_INSTANCE_NAME
#=================================================
# LOAD SETTINGS
#=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
# Needed for helper "ynh_add_nginx_config"
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#=================================================
# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#=================================================
ynh_script_progression --message="Backing up the app before changing its url (may take a while)..." --weight=2
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
# Remove the new domain config file, the remove script won't do it as it doesn't know yet its location.
ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
# restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#=================================================
# CHECK WHICH PARTS SHOULD BE CHANGED
#=================================================
change_domain=0
if [ "$old_domain" != "$new_domain" ]
then
change_domain=1
fi
change_path=0
if [ "$old_path" != "$new_path" ]
then
change_path=1
fi
#=================================================
# STANDARD MODIFICATIONS
#=================================================
# STOP SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Stopping a systemd service..." --weight=1
ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log"
#=================================================
# MODIFY URL IN NGINX CONF
#=================================================
ynh_script_progression --message="Updating nginx web server configuration..." --time --weight=1
nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf
# Change the path in the nginx config file
if [ $change_path -eq 1 ]
then
# Make a backup of the original nginx config file if modified
ynh_backup_if_checksum_is_different --file="$nginx_conf_path"
# Set global variables for nginx helper
domain="$old_domain"
path_url="$new_path"
# Create a dedicated nginx config
ynh_add_nginx_config
fi
# Change the domain for nginx
if [ $change_domain -eq 1 ]
then
# Delete file checksum for the old conf file location
ynh_delete_file_checksum --file="$nginx_conf_path"
mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf
# Store file checksum for the new config file location
ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf"
fi
#=================================================
# GENERIC FINALISATION
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=1
ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="server available"
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading nginx web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Change of URL completed for $app" --last

156
scripts/install
View file

@ -13,7 +13,11 @@ source /usr/share/yunohost/helpers
# MANAGE FAILURE OF THE SCRIPT # MANAGE FAILURE OF THE SCRIPT
#================================================= #=================================================
ynh_abort_if_errors # Active trap pour arrêter le script si une erreur est détectée. ynh_clean_setup () {
ynh_clean_check_starting
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#================================================= #=================================================
# RETRIEVE ARGUMENTS FROM THE MANIFEST # RETRIEVE ARGUMENTS FROM THE MANIFEST
@ -21,78 +25,80 @@ ynh_abort_if_errors # Active trap pour arrêter le script si une erreur est dét
domain=$YNH_APP_ARG_DOMAIN domain=$YNH_APP_ARG_DOMAIN
is_public=$YNH_APP_ARG_IS_PUBLIC is_public=$YNH_APP_ARG_IS_PUBLIC
path_url=$YNH_APP_ARG_PATH path_url="/"
admin_email=$YNH_APP_ARG_EMAIL admin=$YNH_APP_ARG_ADMIN
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
#================================================= #=================================================
# CHECK IF THE APP CAN BE INSTALLED WITH THIS ARGS # CHECK IF THE APP CAN BE INSTALLED WITH THIS ARGS
#================================================= #=================================================
ynh_script_progression --message="Validating installation parameters..." --weight=1
final_path=/var/www/$app final_path=/var/www/$app
test ! -e "$final_path" || ynh_die "This path already contains a folder" test ! -e "$final_path" || ynh_die "This path already contains a folder"
# Normalize the url path syntax
path_url=$(ynh_normalize_url_path $path_url)
# Check web path availability
ynh_webpath_available $domain $path_url
# Register (book) web path # Register (book) web path
ynh_webpath_register $app $domain $path_url ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url
#================================================= #=================================================
# STORE SETTINGS FROM MANIFEST # STORE SETTINGS FROM MANIFEST
#================================================= #=================================================
ynh_app_setting_set $app domain "$domain" ynh_app_setting_set --app=$app --key=domain --value=$domain
ynh_app_setting_set $app is_public "$is_public" ynh_app_setting_set --app=$app --key=is_public --value=$is_public
ynh_app_setting_set $app path_url "$path_url" ynh_app_setting_set --app=$app --key=path_url --value=$path_url
ynh_app_setting_set --app=$app --key=admin --value=$admin
admin_mail=$(ynh_user_get_info "$admin" 'mail')
#================================================= #=================================================
# STANDARD MODIFICATIONS # STANDARD MODIFICATIONS
#================================================= #=================================================
# FIND AND OPEN A PORT # FIND AND OPEN A PORT
#================================================= #=================================================
ynh_script_progression --message="Configuring firewall..." --weight=1
# Find a free port # Find an available port
port=$(ynh_find_port 4000) port=$(ynh_find_port --port=3000)
# Open this port ynh_app_setting_set --app=$app --key=port --value=$port
yunohost firewall allow --no-upnp TCP $port 2>&1
ynh_app_setting_set $app port $port
porti=$(ynh_find_port 5000)
# Open this port
yunohost firewall allow --no-upnp TCP $porti 2>&1
ynh_app_setting_set $app porti $porti
# Find an available port
porti=$(ynh_find_port --port=$(($port + 1)))
ynh_app_setting_set --app=$app --key=porti --value=$porti
#================================================= #=================================================
# INSTALL NODEJS # INSTALL NODEJS & YARN
#================================================= #=================================================
ynh_script_progression --message="Installing dependencies..." --weight=20
ynh_install_nodejs $nodejs_version # Install Nodejs
ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
# Install Yarn
ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg"
#================================================= #=================================================
# CREATE DEDICATED USER # CREATE DEDICATED USER
#================================================= #=================================================
ynh_script_progression --message="Configuring system user..." --weight=1
# Create a system user # Create a system user
ynh_system_user_create $app ynh_system_user_create --username=$app
#=================================================
# SPECIFIC SETUP
#================================================= #=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE # DOWNLOAD, CHECK AND UNPACK SOURCE
#================================================= #=================================================
ynh_script_progression --message="Setting up source files..." --weight=10
ynh_app_setting_set $app final_path $final_path ynh_app_setting_set --app=$app --key=final_path --value=$final_path
# Download, check integrity, uncompress and patch the source from app.src # Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source "$final_path" ynh_setup_source --dest_dir="$final_path"
#================================================= #=================================================
# NGINX CONFIGURATION # NGINX CONFIGURATION
#================================================= #=================================================
ynh_script_progression --message="Configuring nginx web server..." --weight=1
# Create a dedicated nginx config # Create a dedicated nginx config
ynh_add_nginx_config ynh_add_nginx_config
@ -100,93 +106,87 @@ ynh_add_nginx_config
#================================================= #=================================================
# SETUP SYSTEMD # SETUP SYSTEMD
#================================================= #=================================================
ynh_script_progression --message="Configuring a systemd service..." --weight=1
ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../conf/systemd.service"
ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="../conf/systemd.service"
ynh_replace_string --match_string="__ENV_PATH__" --replace_string="$PATH" --target_file="../conf/systemd.service"
ynh_replace_string --match_string="__YNH_NPM__" --replace_string="$ynh_npm" --target_file="../conf/systemd.service"
# Create a dedicated systemd config
ynh_add_systemd_config ynh_add_systemd_config
ynh_replace_string "__NODEJS__" "$nodejs_version" "/etc/systemd/system/$app.service"
ynh_replace_string "__ENV_PATH__" "$PATH" "/etc/systemd/system/$app.service"
ynh_replace_string "__NODE__" "$nodejs_path" "/etc/systemd/system/$app.service"
systemctl daemon-reload
#================================================= #=================================================
# Créer le dossier de log # CONFIGURE CONFIG.JS
#=================================================
mkdir -p /var/log/$app
touch /var/log/$app/cryptpad.log
install_log=/var/log/$app/installation.log
touch $install_log
chown $app: -R /var/log/$app
chown admin: -R $install_log
#=================================================
# CONFIGURE SERVER.JS
#================================================= #=================================================
# Copy default configuration file # Copy default configuration file
mv "../conf/config.js" "$final_path/config/config.js" mv "../conf/config.js" "$final_path/config/config.js"
ynh_replace_string "_domain = 'http://localhost:3000/'" "_domain = 'https://$domain$path_url'" "$final_path/config/config.js"
# Set service port
ynh_replace_string "__PORT__" "$port" "$final_path/config/config.js"
ynh_replace_string "__PORTI__" "$porti" "$final_path/config/config.js"
# Tune CSP to allow for YunoHost tile ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$final_path/config/config.js"
#ynh_replace_string "\"script-src 'self'\"" "\"script-src 'self' 'unsafe-eval'\"" "$final_path/config.js" ynh_replace_string --match_string="__PORTI__" --replace_string="$porti" --target_file="$final_path/config/config.js"
# Remove donate button ynh_replace_string --match_string="__ADMIN_MAIL__" --replace_string="$admin_mail" --target_file="$final_path/config/config.js"
ynh_replace_string "removeDonateButton: false" "removeDonateButton: true" "$final_path/config/config.js"
# Disable analytics unsolicited communications
ynh_replace_string "__ADMIN_EMAIL_" "$admin_email" "$final_path/config/config.js"
# Store file checksum to detected user modifications on upgrade # Store file checksum to detected user modifications on upgrade
ynh_store_file_checksum "$final_path/config/config.js" ynh_store_file_checksum "$final_path/config/config.js"
#================================================= #=================================================
# INSTALL CRYPTPAD # INSTALL CRYPTPAD
#================================================= #=================================================
ynh_script_progression --message="Building $app... (this will take some time and resources!)" --weight=60
script_dir="$PWD" pushd "$final_path" || ynh_die
pushd "$final_path"
npm install --allow-root ynh_use_nodejs
npm install -g bower --allow-root ynh_exec_warn_less yarn install --allow-root
yarn global add bower
bower install --allow-root bower install --allow-root
popd
#================================================= popd || ynh_die
# INSTALL CRYPTPAD
#=================================================
script_dir="$PWD"
pushd "$final_path"
npm install --allow-root
npm install -g bower --allow-root
bower install --allow-root
popd
#================================================= #=================================================
# Set some permissions # Set some permissions
#================================================= #=================================================
ynh_script_progression --message="Securing files and directories..." --weight=1
chown $app:$app $final_path -R chown -R $app:$app $final_path
chown $app:$app /var/log/$app/cryptpad.log
#================================================= #=================================================
# ENABLE SERVICE IN ADMIN PANEL # INTEGRATE SERVICE IN ADMIN PANEL
#================================================= #=================================================
ynh_script_progression --message="Integrating service in YunoHost..." --weight=1
# Ajoute le service au monitoring de Yunohost. # Ajoute le service au monitoring de Yunohost.
yunohost service add $app --log "/var/log/$app/$app.log" yunohost service add $app --log "/var/log/$app/$app.log"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=2
# Start a systemd service
ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="server available"
#================================================= #=================================================
# SETUP SSOWAT # SETUP SSOWAT
#================================================= #=================================================
ynh_script_progression --message="Configuring SSOwat..." --weight=1
if [ $is_public -eq 1 ]; # Make app public if necessary
if [ $is_public -eq 1 ]
then then
ynh_app_setting_set "$app" unprotected_uris "/" # unprotected_uris allows SSO credentials to be passed anyway.
ynh_permission_update --permission "main" --add visitors
fi fi
ynh_check_starting "loading rpc module..." "/var/log/$app/cryptpad.log" "15"
#================================================= #=================================================
# RELOAD NGINX # RELOAD NGINX
#================================================= #=================================================
ynh_script_progression --message="Reloading nginx web server..." --weight=1
systemctl reload nginx ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Installation of $app completed" --last

54
scripts/remove
View file

@ -12,64 +12,70 @@ source /usr/share/yunohost/helpers
#================================================= #=================================================
# LOAD SETTINGS # LOAD SETTINGS
#================================================= #=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
port=$(ynh_app_setting_get $app port)
# Retrieve app settings port=$(ynh_app_setting_get --app=$app --key=port)
domain=$(ynh_app_setting_get $app domain) domain=$(ynh_app_setting_get --app=$app --key=domain)
final_path=$(ynh_app_setting_get $app final_path) final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#================================================= #=================================================
# STANDARD REMOVE # STANDARD REMOVE
#=================================================
# REMOVE SERVICE INTEGRATION IN YUNOHOST
#=================================================
# Remove the service from the list of services known by Yunohost (added from `yunohost service add`)
if ynh_exec_warn_less yunohost service status $app >/dev/null
then
ynh_script_progression --message="Removing $app service..." --weight=3
yunohost service remove $app
fi
#================================================= #=================================================
# STOP AND REMOVE SERVICE # STOP AND REMOVE SERVICE
#================================================= #=================================================
ynh_script_progression --message="Stopping and removing the systemd service..." --weight=2
# Remove the dedicated systemd config # Remove the dedicated systemd config
ynh_remove_systemd_config ynh_remove_systemd_config
#=================================================
# REMOVE SERVICE FROM ADMIN PANEL
#=================================================
# Remove a service from the admin panel, added by `yunohost service add`
if yunohost service status | grep -q $app
then
echo "Remove $app service"
yunohost service remove $app
fi
#================================================= #=================================================
# REMOVE NODEJS # REMOVE NODEJS
#================================================= #=================================================
ynh_script_progression --message="Removing dependencies..." --weight=3
ynh_remove_nodejs ynh_remove_nodejs
#================================================= #=================================================
# REMOVE APP MAIN DIR # REMOVE APP MAIN DIR
#================================================= #=================================================
ynh_script_progression --message="Removing app main directory..." --weight=3
# Remove the app directory securely # Remove the app directory securely
ynh_secure_remove "$final_path" ynh_secure_remove --file="$final_path"
#================================================= #=================================================
# REMOVE NGINX CONFIGURATION # REMOVE NGINX CONFIGURATION
#================================================= #=================================================
ynh_script_progression --message="Removing nginx web server configuration..." --weight=1
# Remove the dedicated nginx config # Remove the dedicated nginx config
ynh_remove_nginx_config ynh_remove_nginx_config
#=================================================
# REMOVE THE LOGROTATE CONFIG
#=================================================
ynh_remove_logrotate # Remove the app-specific logrotate config
ynh_secure_remove "/var/log/$app/"
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION
#================================================= #=================================================
# REMOVE DEDICATED USER # REMOVE DEDICATED USER
#================================================= #=================================================
ynh_script_progression --message="Removing the dedicated system user..." --weight=1
ynh_system_user_delete $app # Delete a system user
ynh_system_user_delete --username=$app
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Removal of $app completed" --last

98
scripts/restore
View file

@ -6,12 +6,8 @@
# IMPORT GENERIC HELPERS # IMPORT GENERIC HELPERS
#================================================= #=================================================
if [ ! -e _common.sh ]; then #Keep this path for calling _common.sh inside the execution's context of backup and restore scripts
# Get the _common.sh file if it's not in the current directory source ../settings/scripts/_common.sh
cp ../settings/scripts/_common.sh ./_common.sh
chmod a+rx _common.sh
fi
source _common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
#================================================= #=================================================
@ -19,7 +15,6 @@ source /usr/share/yunohost/helpers
#================================================= #=================================================
ynh_clean_setup () { ynh_clean_setup () {
# Nettoyage des résidus d'installation non pris en charge par le script remove.
ynh_clean_check_starting ynh_clean_check_starting
} }
# Exit if an error occurs during the execution of the script # Exit if an error occurs during the execution of the script
@ -28,81 +23,98 @@ ynh_abort_if_errors
#================================================= #=================================================
# LOAD SETTINGS # LOAD SETTINGS
#================================================= #=================================================
ynh_script_progression --message="Loading installation settings..." --weight=1
app=$YNH_APP_INSTANCE_NAME app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get $app domain) domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get $app path) path_url=$(ynh_app_setting_get --app=$app --key=path)
is_public=$(ynh_app_setting_get $app is_public) is_public=$(ynh_app_setting_get --app=$app --key=is_public)
final_path=$(ynh_app_setting_get $app final_path) final_path=$(ynh_app_setting_get --app=$app --key=final_path)
#================================================= #=================================================
# CHECK IF THE APP CAN BE RESTORED # CHECK IF THE APP CAN BE RESTORED
#================================================= #=================================================
ynh_script_progression --message="Validating restoration parameters..." --weight=1
ynh_webpath_available $domain $path_url \ ynh_webpath_available --domain=$domain --path_url=$path_url \
|| ynh_die "Path not available: ${domain}${path_url}" || ynh_die --message="Path not available: ${domain}${path_url}"
test ! -d $final_path \ test ! -d $final_path \
|| ynh_die "There is already a directory: $final_path " || ynh_die --message="There is already a directory: $final_path "
#================================================= #=================================================
# STANDARD RESTORE STEPS # STANDARD RESTORATION STEPS
#================================================= #=================================================
# RESTORE OF THE NGINX CONFIGURATION # RESTORE THE NGINX CONFIGURATION
#================================================= #=================================================
ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
#================================================= #=================================================
# RESTORE OF THE MAIN DIR OF THE APP # RESTORE THE APP MAIN DIR
#================================================= #=================================================
ynh_script_progression --message="Restoring the app main directory..." --weight=6
ynh_restore_file "$final_path" ynh_restore_file --origin_path="$final_path"
#================================================= #=================================================
# RECREATE THE DEDICATED USER # RECREATE THE DEDICATED USER
#================================================= #=================================================
ynh_script_progression --message="Recreating the dedicated system user..." --weight=1
ynh_system_user_create $app $final_path # Recreate the dedicated user, if it doesn't exist # Create the dedicated user (if not existing)
ynh_system_user_create --username=$app
#================================================= #=================================================
# SPECIFIC RESTORE # RESTORE USER RIGHTS
#=================================================
# HANDLE LOG FILES AND LOGROTATE
#================================================= #=================================================
mkdir -p /var/log/$app # Restore permissions on app files
touch /var/log/$app/etherpad.log chown -R $app:$app $final_path
install_log=/var/log/$app/installation.log
touch $install_log
chown $app -R /var/log/$app
chown admin -R $install_log
# Restore logrotate configuration
ynh_restore_file "/etc/logrotate.d/$app"
#================================================= #=================================================
# INSTALL NODEJS # REINSTALL DEPENDENCIES
#================================================= #=================================================
ynh_script_progression --message="Reinstalling dependencies..." --weight=7
ynh_install_nodejs $nodejs_version # Install Nodejs
ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
#================================================= # Install Yarn
# ENABLE SERVICE IN ADMIN PANEL ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg"
#=================================================
yunohost service add $app --log "/var/log/$app/etherpad.log"
#================================================= #=================================================
# RESTORE SYSTEMD # RESTORE SYSTEMD
#================================================= #=================================================
ynh_script_progression --message="Restoring the systemd configuration..." --weight=1
ynh_restore_file "/etc/systemd/system/$app.service" ynh_restore_file --origin_path="/etc/systemd/system/$app.service"
## Démarrage auto du service
systemctl enable $app.service systemctl enable $app.service
#================================================= #=================================================
# RELOAD NGINX # INTEGRATE SERVICE IN YUNOHOST
#================================================= #=================================================
systemctl reload nginx yunohost service add $app --description "Zero Knowledge realtime collaborative editor" --log "/var/log/$app/$app.log"
#=================================================
# START SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=1
ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="server available"
#=================================================
# GENERIC FINALIZATION
#=================================================
# RELOAD NGINX
#=================================================
ynh_script_progression --message="Reloading nginx web server..." --weight=1
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Restoration completed for $app" --last

217
scripts/upgrade
View file

@ -1,7 +1,5 @@
#!/bin/bash #!/bin/bash
# Exit on command errors and treat unset variables as an error
set -eu
#================================================= #=================================================
# GENERIC STARTING # GENERIC STARTING
#================================================= #=================================================
@ -23,146 +21,175 @@ DESTDIR="/var/www/$app"
"The destination directory '$DESTDIR' does not exist.\ "The destination directory '$DESTDIR' does not exist.\
The app is not correctly installed, you should remove it first." The app is not correctly installed, you should remove it first."
# Retrieve arguments #=================================================
domain=$(ynh_app_setting_get "$app" domain) # LOAD SETTINGS
path_url=$(ynh_normalize_url_path "$(ynh_app_setting_get "$app" path_url)") #=================================================
final_path=$(ynh_app_setting_get "$app" final_path) ynh_script_progression --message="Loading installation settings..." --weight=1
is_public=$(ynh_app_setting_get "$app" is_public)
port=$(ynh_app_setting_get "$app" port) domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path_url)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
is_public=$(ynh_app_setting_get --app=$app --key=is_public)
admin=$(ynh_app_setting_get --app=$app --key=admin)
admin_mail=$(ynh_user_get_info "$admin" 'mail')
port=$(ynh_app_setting_get --app=$app --key=port)
porti=$(ynh_app_setting_get --app=$app --key=porti)
#================================================= #=================================================
# MANAGE SCRIPT FAILURE # CHECK VERSION
#================================================= #=================================================
# Use prior backup and restore on error only if backup feature upgrade_type=$(ynh_check_app_version_changed)
# exists on installed instance
if [ -f "/etc/yunohost/apps/$app/scripts/backup" ] ; then #=================================================
ynh_backup_before_upgrade # Backup the current version of the app # ENSURE DOWNWARD COMPATIBILITY
ynh_clean_setup () { #=================================================
ynh_restore_upgradebackup ynh_script_progression --message="Ensuring downward compatibility..." --weight=2
}
ynh_abort_if_errors # Stop script if an error is detected # Fix is_public as a boolean value
if [ "$is_public" = "Yes" ]; then
ynh_app_setting_set --app=$app --key=is_public --value=1
is_public=1
elif [ "$is_public" = "No" ]; then
ynh_app_setting_set --app=$app --key=is_public --value=0
is_public=0
fi
# If final_path doesn't exist, create it
if [ -z "$final_path" ]; then
final_path=/var/www/$app
ynh_app_setting_set --app=$app --key=final_path --value=$final_path
fi fi
#================================================= #=================================================
# INSTALL NODEJS # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP
#================================================= #=================================================
ynh_install_nodejs $nodejs_version ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1
# Backup the current version of the app
ynh_backup_before_upgrade
ynh_clean_setup () {
# restore it if the upgrade fails
ynh_restore_upgradebackup
}
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#================================================= #=================================================
# CREATE DEDICATED USER # STANDARD UPGRADE STEPS
#================================================= #=================================================
# STOP SYSTEMD SERVICE
#=================================================
ynh_script_progression --message="Stopping a systemd service..." --weight=1
ynh_system_user_create $app ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log"
#=================================================
# SPECIFIC SETUP
#=================================================
# HANDLE LOG FILES AND LOGROTATE
#=================================================
# Setup logrotate
ynh_use_logrotate /var/log/${app}/*.log --non-append
#================================================= #=================================================
# DOWNLOAD, CHECK AND UNPACK SOURCE # DOWNLOAD, CHECK AND UNPACK SOURCE
#================================================= #=================================================
final_path=/var/www/$app if [ "$upgrade_type" == "UPGRADE_APP" ]
ynh_app_setting_set $app final_path $final_path then
ynh_setup_source $final_path ynh_script_progression --message="Upgrading source files..." --weight=1
# Set files ownership during installation # Download, check integrity, uncompress and patch the source from app.src
sudo chown $app: $final_path -R ynh_setup_source --dest_dir="$final_path"
sudo chmod 755 $final_path -R fi
#================================================= #=================================================
# Modify Nginx configuration file and copy it to Nginx conf directory # NGINX CONFIGURATION
#================================================= #=================================================
ynh_script_progression --message="Upgrading nginx web server configuration..." --weight=1
# Create a dedicated nginx config
ynh_add_nginx_config ynh_add_nginx_config
#================================================= #=================================================
# ADD SYSTEMD SERVICE # INSTALL NODEJS
#=================================================
ynh_script_progression --message="Upgrading dependencies..." --weight=6
# Install Nodejs
ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version
# Install Yarn
ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg"
#=================================================
# CREATE DEDICATED USER
#=================================================
ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1
# Create a dedicated user (if not existing)
ynh_system_user_create --username=$app
#=================================================
# CONFIGURE CONFIG.JS
#================================================= #=================================================
ynh_replace_string "__NODE__" "$nodejs_path" "../conf/systemd.service" ynh_backup_if_checksum_is_different "$final_path/config/config.js"
ynh_replace_string "__NODEJS__" "$nodejs_version" "../conf/systemd.service"
ynh_replace_string "__ENV_PATH__" "$PATH" "../conf/systemd.service"
ynh_add_systemd_config
# Copy default configuration file
mv "../conf/config.js" "$final_path/config/config.js"
ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$final_path/config/config.js"
ynh_replace_string --match_string="__PORTI__" --replace_string="$porti" --target_file="$final_path/config/config.js"
ynh_replace_string --match_string="__ADMIN_MAIL__" --replace_string="$admin_mail" --target_file="$final_path/config/config.js"
# Store file checksum to detected user modifications on upgrade
ynh_store_file_checksum "$final_path/config/config.js"
#================================================= #=================================================
# INSTALL CRYPTPAD # INSTALL CRYPTPAD
#================================================= #=================================================
ynh_script_progression --message="Building $app... (this will take some time and resources!)" --weight=60
script_dir="$PWD" pushd "$final_path" || ynh_die
pushd "$final_path"
chown -R $app: $final_path ynh_use_nodejs
npm install ynh_exec_warn_less yarn install --allow-root
npm install -g bower yarn global add bower
exec_login_as $app cd $final_path && env PATH=$PATH bower install bower install --allow-root
popd
popd || ynh_die
#================================================= #=================================================
# CONFIGURE SERVER.JS # SETUP SYSTEMD
#================================================= #=================================================
ynh_script_progression --message="Upgrading systemd configuration..." --weight=1
# Backup configuration file if changed ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../conf/systemd.service"
ynh_backup_if_checksum_is_different "$final_path/config.js" ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="../conf/systemd.service"
ynh_replace_string --match_string="__ENV_PATH__" --replace_string="$PATH" --target_file="../conf/systemd.service"
ynh_replace_string --match_string="__YNH_NPM__" --replace_string="$ynh_npm" --target_file="../conf/systemd.service"
# Copy default configuration file # Create a dedicated systemd config
sudo mv "$final_path/config.example.js" "$final_path/config.js" ynh_add_systemd_config
# Set service port
ynh_replace_string "httpPort: 3000" "httpPort: $port" "$final_path/config.js"
# Tune CSP to allow for YunoHost tile
ynh_replace_string "\"script-src 'self'\"" "\"script-src 'self' 'unsafe-eval'\"" "$final_path/config.js"
# Remove donate button
ynh_replace_string "removeDonateButton: false" "removeDonateButton: true" "$final_path/config.js"
# Disable analytics unsolicited communications
ynh_replace_string "adminEmail: 'i.did.not.read.my.config@cryptpad.fr'" "adminEmail: false" "$final_path/config.js"
# Store file checksum to detected user modifications on upgrade
ynh_store_file_checksum "$final_path/config.js"
#================================================= #=================================================
# SET FILES OWNERSHIP # SECURE FILES AND DIRECTORIES
#================================================= #=================================================
ynh_script_progression --message="Upgrading systemd configuration..." --weight=1
sudo chown -R root: $final_path # Set permissions on app files
sudo chown -R $app: $final_path/datastore $final_path/pins $final_path/blob $final_path/blobstage chown -R $app:$app $final_path
#================================================= #=================================================
# INSTALL MODULES FOR CRYPTPAD # START SYSTEMD SERVICE
#================================================= #=================================================
ynh_script_progression --message="Starting a systemd service..." --weight=1
#npm install cryptpad-level-store; ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="server available"
#=================================================
# ENABLE SERVICE IN ADMIN PANEL
#=================================================
# Ajoute le service au monitoring de Yunohost.
sudo yunohost service add $app --log "/var/log/$app/$app.log"
#=================================================
# START CRYPTPAD IN BACKGROUND
#=================================================
sudo systemctl start $app
#=================================================
# SETUP SSOWAT
#=================================================
if [ $is_public -eq 1 ];
then
ynh_app_setting_set "$app" unprotected_uris "/"
fi
#================================================= #=================================================
# RELOAD NGINX # RELOAD NGINX
#================================================= #=================================================
sudo systemctl restart php5-fpm ynh_script_progression --message="Reloading nginx web server..." --weight=1
sudo systemctl reload nginx
ynh_systemd_action --service_name=nginx --action=reload
#=================================================
# END OF SCRIPT
#=================================================
ynh_script_progression --message="Upgrade of $app completed" --last