From dde06fb82155e0eebd8dc2015abca5d5775b2ded Mon Sep 17 00:00:00 2001 From: frju365 Date: Sat, 28 Sep 2019 19:00:20 +0200 Subject: [PATCH 1/9] version 3.2.0 --- README.md | 2 +- conf/app.src | 4 +- conf/config.js | 410 +++++++++++++++++++++++++++--------------------- scripts/install | 44 +++--- 4 files changed, 260 insertions(+), 200 deletions(-) diff --git a/README.md b/README.md index 778fca9..25561cf 100644 --- a/README.md +++ b/README.md @@ -4,7 +4,7 @@ Cryptad for Yunohost [![Integration level](https://dash.yunohost.org/integration/cryptpad.svg)](https://dash.yunohost.org/appci/app/cryptpad) [![Install Cryptad with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=cryptpad) -**Shipped version:** 2.16.0 +**Shipped version:** 3.2.0 ## Demo https://cryptpad.fr/ diff --git a/conf/app.src b/conf/app.src index 7485953..432649b 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/xwiki-labs/cryptpad/archive/2.16.0.tar.gz -SOURCE_SUM=d869bddb2e1222bef289163ae1d1644e2adcaa417a0a388f329f645c7ebc64f3 +SOURCE_URL=https://github.com/xwiki-labs/cryptpad/archive/3.2.0.tar.gz +SOURCE_SUM=4f7576401e506aa24c032be675539b671ace27c5453b40edfe39f84daa0fcbfc SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/conf/config.js b/conf/config.js index 19a08e2..b543919 100644 --- a/conf/config.js +++ b/conf/config.js @@ -2,7 +2,7 @@ /* globals module */ -var _domain = 'http://localhost:3000/'; +var _domain = 'http://localhost:__PORT__/'; // You can `kill -USR2` the node process and it will write out a heap dump. // If your system doesn't support dumping, comment this out and install with @@ -12,86 +12,72 @@ var _domain = 'http://localhost:3000/'; // to enable this feature, uncomment the line below: // require('heapdump'); - // we prepend a space because every usage expects it // requiring admins to preserve it is unnecessarily confusing var domain = ' ' + _domain; + +// Content-Security-Policy +var baseCSP = [ + "default-src 'none'", + "style-src 'unsafe-inline' 'self' " + domain, + "font-src 'self' data:" + domain, + + /* child-src is used to restrict iframes to a set of allowed domains. + * connect-src is used to restrict what domains can connect to the websocket. + * + * it is recommended that you configure these fields to match the + * domain which will serve your CryptPad instance. + */ + "child-src blob: *", + // IE/Edge + "frame-src blob: *", + + /* this allows connections over secure or insecure websockets + if you are deploying to production, you'll probably want to remove + the ws://* directive, and change '*' to your domain + */ + "connect-src 'self' ws: wss: blob:" + domain, + + // data: is used by codemirror + "img-src 'self' data: blob:" + domain, + "media-src * blob:", + + // for accounts.cryptpad.fr authentication and cross-domain iframe sandbox + "frame-ancestors *", + "" +]; + + module.exports = { + /* ===================== + * Admin + * ===================== */ + + /* + * CryptPad now contains an administration panel. Its access is restricted to specific + * users using the following list. + * To give access to the admin panel to a user account, just add their user id, + * which can be found on the settings page for registered users. + * Entries should be strings separated by a comma. + */ + adminKeys: [ + //"https://my.awesome.website/user/#/1/cryptpad-user1/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=", + ], + + /* ===================== + * Infra setup + * ===================== */ + // the address you want to bind to, :: means all ipv4 and ipv6 addresses // this may not work on all operating systems httpAddress: '::', // the port on which your httpd will listen - - /* CryptPad can be configured to send customized HTTP Headers - * These settings may vary widely depending on your needs - * Examples are provided below - */ - - httpHeaders: { - "X-XSS-Protection": "1; mode=block", - "X-Content-Type-Options": "nosniff", - "Access-Control-Allow-Origin": "*" - }, - - contentSecurity: [ - "default-src 'none'", - "style-src 'unsafe-inline' 'self' " + domain, - "script-src 'self'" + domain, - "font-src 'self' data:" + domain, - - /* child-src is used to restrict iframes to a set of allowed domains. - * connect-src is used to restrict what domains can connect to the websocket. - * - * it is recommended that you configure these fields to match the - * domain which will serve your CryptPad instance. - */ - "child-src blob: *", - // IE/Edge - "frame-src blob: *", - - "media-src * blob:", - - /* this allows connections over secure or insecure websockets - if you are deploying to production, you'll probably want to remove - the ws://* directive, and change '*' to your domain - */ - "connect-src 'self' ws: wss: blob:" + domain, - - // data: is used by codemirror - "img-src 'self' data: blob:" + domain, - - // for accounts.cryptpad.fr authentication and pad2 cross-domain iframe sandbox - "frame-ancestors *", - ].join('; '), - - // CKEditor requires significantly more lax content security policy in order to function. - padContentSecurity: [ - "default-src 'none'", - "style-src 'unsafe-inline' 'self'" + domain, - // Unsafe inline, unsafe-eval are needed for ckeditor :( - "script-src 'self' 'unsafe-eval' 'unsafe-inline'" + domain, - "font-src 'self'" + domain, - - /* See above under 'contentSecurity' as to how these values should be - * configured for best effect. - */ - "child-src *", - // IE/Edge - "frame-src *", - - // see the comment above in the 'contentSecurity' section - "connect-src 'self' ws: wss:" + domain, - - // (insecure remote) images are included by users of the wysiwyg who embed photos in their pads - "img-src * blob:", - ].join('; '), - - httpPort: 3000, + httpPort: __PORT__, // This is for allowing the cross-domain iframe to function when developing - httpSafePort: 3001, + httpSafePort: __PORTI__, // This is for deployment in production, CryptPad uses a separate origin (domain) to host the // cross-domain iframe. It can simply host the same content as CryptPad. @@ -109,15 +95,31 @@ module.exports = { */ websocketPath: '/cryptpad_websocket', - /* CryptPad can log activity to stdout - * This may be useful for debugging + /* CryptPad can be configured to send customized HTTP Headers + * These settings may vary widely depending on your needs + * Examples are provided below */ - logToStdout: false, + httpHeaders: { + "X-XSS-Protection": "1; mode=block", + "X-Content-Type-Options": "nosniff", + "Access-Control-Allow-Origin": "*" + }, - /* CryptPad supports verbose logging - * (false by default) + contentSecurity: baseCSP.join('; ') + + "script-src 'self'" + domain, + + // CKEditor and OnlyOffice require significantly more lax content security policy in order to function. + padContentSecurity: baseCSP.join('; ') + + "script-src 'self' 'unsafe-eval' 'unsafe-inline'" + domain, + + /* it is recommended that you serve CryptPad over https + * the filepaths below are used to configure your certificates */ - verbose: false, + //privKeyAndCertFiles: [ + // '/etc/apache2/ssl/my_secret.key', + // '/etc/apache2/ssl/my_public_cert.crt', + // '/etc/apache2/ssl/my_certificate_authorities_cert_chain.ca' + //], /* Main pages * add exceptions to the router so that we can access /privacy.html @@ -131,9 +133,14 @@ module.exports = { 'contact', 'what-is-cryptpad', 'features', - 'faq' + 'faq', + 'maintenance' ], + /* ===================== + * Subscriptions + * ===================== */ + /* Limits, Donations, Subscriptions and Contact * * By default, CryptPad limits every registered user to 50MB of storage. It also shows a @@ -149,9 +156,18 @@ module.exports = { * If you chose B, set 'allowSubscriptions' to false. * If you chose C, set 'removeDonateButton' to true */ - allowSubscriptions: true, + allowSubscriptions: false, removeDonateButton: false, + /* + * By default, CryptPad also contacts our accounts server once a day to check for changes in + * the people who have accounts. This check-in will also send the version of your CryptPad + * instance and your email so we can reach you if we are aware of a serious problem. We will + * never sell it or send you marketing mail. If you want to block this check-in and remain + * completely invisible, set this and allowSubscriptions both to false. + */ + adminEmail: '__ADMIN_EMAIL__', + /* Sales coming from your server will be identified by your domain * * If you are using CryptPad in a business context, please consider taking a support contract @@ -192,62 +208,15 @@ module.exports = { */ }, - /* some features may require that the server be able to schedule tasks - far into the future, such as: - > "three months from now, this channel should expire" - To disable these features, set 'enableTaskScheduling' to false - */ - enableTaskScheduling: true, + /* ===================== + * STORAGE + * ===================== */ - /* if you would like the list of scheduled tasks to be stored in - a custom location, change the path below: - */ - taskPath: './tasks', - - /* if you would like users' authenticated blocks to be stored in - a custom location, change the path below: - */ - blockPath: './block', - - /* - * By default, CryptPad also contacts our accounts server once a day to check for changes in - * the people who have accounts. This check-in will also send the version of your CryptPad - * instance and your email so we can reach you if we are aware of a serious problem. We will - * never sell it or send you marketing mail. If you want to block this check-in and remain - * completely invisible, set this and allowSubscriptions both to false. + /* By default the CryptPad server will run scheduled tasks every five minutes + * If you want to run scheduled tasks in a separate process (like a crontab) + * you can disable this behaviour by setting the following value to true */ - adminEmail: 'i.did.not.read.my.config@cryptpad.fr', - - - /* - You have the option of specifying an alternative storage adaptor. - These status of these alternatives are specified in their READMEs, - which are available at the following URLs: - mongodb: a noSQL database - https://github.com/xwiki-labs/cryptpad-mongo-store - amnesiadb: in memory storage - https://github.com/xwiki-labs/cryptpad-amnesia-store - leveldb: a simple, fast, key-value store - https://github.com/xwiki-labs/cryptpad-level-store - sql: an adaptor for a variety of sql databases via knexjs - https://github.com/xwiki-labs/cryptpad-sql-store - For the most up to date solution, use the default storage adaptor. - */ - storage: './storage/file', - - /* - CryptPad stores each document in an individual file on your hard drive. - Specify a directory where files should be stored. - It will be created automatically if it does not already exist. - */ - filePath: './datastore/', - - /* CryptPad allows logged in users to request that particular documents be - * stored by the server indefinitely. This is called 'pinning'. - * Pin requests are stored in a pin-store. The location of this store is - * defined here. - */ - pinPath: './pins', + disableIntegratedTasks: false, /* Pads that are not 'pinned' by any registered user can be set to expire * after a configurable number of days of inactivity (default 90 days). @@ -257,15 +226,38 @@ module.exports = { */ inactiveTime: 90, // days - /* CryptPad allows logged in users to upload encrypted files. Files/blobs - * are stored in a 'blob-store'. Set its location here. + /* CryptPad can be configured to remove inactive data which has not been pinned. + * Deletion of data is always risky and as an operator you have the choice to + * archive data instead of deleting it outright. Set this value to true if + * you want your server to archive files and false if you want to keep using + * the old behaviour of simply removing files. + * + * WARNING: this is not implemented universally, so at the moment this will + * only apply to the removal of 'channels' due to inactivity. */ - blobPath: './blob', + retainData: true, - /* CryptPad stores incomplete blobs in a 'staging' area until they are - * fully uploaded. Set its location here. + /* As described above, CryptPad offers the ability to archive some data + * instead of deleting it outright. This archived data still takes up space + * and so you'll probably still want to remove these files after a brief period. + * The intent with this feature is to provide a safety net in case of accidental + * deletion. Set this value to the number of days you'd like to retain + * archived data before it's removed permanently. + * + * If 'retainData' is set to false, there will never be any archived data + * to remove. */ - blobStagingPath: './blobstage', + archiveRetentionTime: 15, + + /* Max Upload Size (bytes) + * this sets the maximum size of any one file uploaded to the server. + * anything larger than this size will be rejected + */ + maxUploadSize: 20 * 1024 * 1024, + + /* ===================== + * HARDWARE RELATED + * ===================== */ /* CryptPad's file storage adaptor closes unused files after a configurable * number of milliseconds (default 30000 (30 seconds)) @@ -277,40 +269,80 @@ module.exports = { */ openFileLimit: 2048, - /* CryptPad's socket server can be extended to respond to RPC calls - * you can configure it to respond to custom RPC calls if you like. - * provide the path to your RPC module here, or `false` if you would - * like to disable the RPC interface completely - */ - rpc: './rpc.js', - /* RPC errors are shown by default, but if you really don't care, - * you can suppress them - */ - suppressRPCErrors: false, + /* ===================== + * DATABASE VOLUMES + * ===================== */ - /* Setting this value to anything other than true will cause file upload - * attempts to be rejected outright. + /* + * CryptPad stores each document in an individual file on your hard drive. + * Specify a directory where files should be stored. + * It will be created automatically if it does not already exist. */ - enableUploads: true, + filePath: './datastore/', - /* If you have enabled file upload, you have the option of restricting it - * to a list of users identified by their public keys. If this value is set - * to true, your server will query a file (cryptpad/privileged.conf) when - * users connect via RPC. Only users whose public keys can be found within - * the file will be allowed to upload. + /* CryptPad offers the ability to archive data for a configurable period + * before deleting it, allowing a means of recovering data in the event + * that it was deleted accidentally. * - * privileged.conf uses '#' for line comments, and splits keys by newline. - * This is a temporary measure until a better quota system is in place. - * registered users' public keys can be found on the settings page. + * To set the location of this archive directory to a custom value, change + * the path below: */ - //restrictUploads: false, + archivePath: './data/archive', - /* Max Upload Size (bytes) - * this sets the maximum size of any one file uploaded to the server. - * anything larger than this size will be rejected + /* CryptPad allows logged in users to request that particular documents be + * stored by the server indefinitely. This is called 'pinning'. + * Pin requests are stored in a pin-store. The location of this store is + * defined here. */ - maxUploadSize: 20 * 1024 * 1024, + pinPath: './pins', + + /* if you would like the list of scheduled tasks to be stored in + a custom location, change the path below: + */ + taskPath: './tasks', + + /* if you would like users' authenticated blocks to be stored in + a custom location, change the path below: + */ + blockPath: './block', + + /* CryptPad allows logged in users to upload encrypted files. Files/blobs + * are stored in a 'blob-store'. Set its location here. + */ + blobPath: './blob', + + /* CryptPad stores incomplete blobs in a 'staging' area until they are + * fully uploaded. Set its location here. + */ + blobStagingPath: './blobstage', + + /* CryptPad supports logging events directly to the disk in a 'logs' directory + * Set its location here, or set it to false (or nothing) if you'd rather not log + */ + logPath: './data/logs', + + /* ===================== + * Debugging + * ===================== */ + + /* CryptPad can log activity to stdout + * This may be useful for debugging + */ + logToStdout: false, + + /* CryptPad can be configured to log more or less + * the various settings are listed below by order of importance + * + * silly, verbose, debug, feedback, info, warn, error + * + * Choose the least important level of logging you wish to see. + * For example, a 'silly' logLevel will display everything, + * while 'info' will display 'info', 'warn', and 'error' logs + * + * This will affect both logging to the console and the disk. + */ + logLevel: 'info', /* clients can use the /settings/ app to opt out of usage feedback * which informs the server of things like how much each app is being @@ -318,22 +350,11 @@ module.exports = { * the client's browser. The intent is to provide feedback to the admin * such that the service can be improved. Enable this with `true` * and ignore feedback with `false` or by commenting the attribute + * + * You will need to set your logLevel to include 'feedback'. Set this + * to false if you'd like to exclude feedback from your logs. */ - //logFeedback: true, - - /* If you wish to see which remote procedure calls clients request, - * set this to true - */ - //logRPC: true, - - /* it is recommended that you serve CryptPad over https - * the filepaths below are used to configure your certificates - */ - //privKeyAndCertFiles: [ - // '/etc/apache2/ssl/my_secret.key', - // '/etc/apache2/ssl/my_public_cert.crt', - // '/etc/apache2/ssl/my_certificate_authorities_cert_chain.ca' - //], + logFeedback: false, /* You can get a repl for debugging the server if you want it. * to enable this, specify the debugReplName and then you can @@ -342,4 +363,37 @@ module.exports = { * repl names. */ //debugReplName: "cryptpad" + + /* ===================== + * DEPRECATED + * ===================== */ + /* + You have the option of specifying an alternative storage adaptor. + These status of these alternatives are specified in their READMEs, + which are available at the following URLs: + + mongodb: a noSQL database + https://github.com/xwiki-labs/cryptpad-mongo-store + amnesiadb: in memory storage + https://github.com/xwiki-labs/cryptpad-amnesia-store + leveldb: a simple, fast, key-value store + https://github.com/xwiki-labs/cryptpad-level-store + sql: an adaptor for a variety of sql databases via knexjs + https://github.com/xwiki-labs/cryptpad-sql-store + + For the most up to date solution, use the default storage adaptor. + */ + storage: './storage/file', + + /* CryptPad's socket server can be extended to respond to RPC calls + * you can configure it to respond to custom RPC calls if you like. + * provide the path to your RPC module here, or `false` if you would + * like to disable the RPC interface completely + */ + rpc: './rpc.js', + + /* CryptPad supports verbose logging + * (false by default) + */ + verbose: false, }; diff --git a/scripts/install b/scripts/install index eb434e6..42efff9 100644 --- a/scripts/install +++ b/scripts/install @@ -61,6 +61,12 @@ port=$(ynh_find_port 4000) yunohost firewall allow --no-upnp TCP $port 2>&1 ynh_app_setting_set $app port $port +porti=$(ynh_find_port 5000) +# Open this port +yunohost firewall allow --no-upnp TCP $porti 2>&1 +ynh_app_setting_set $app porti $porti + + #================================================= # INSTALL NODEJS #================================================= @@ -113,6 +119,25 @@ touch $install_log chown $app: -R /var/log/$app chown admin: -R $install_log +#================================================= +# CONFIGURE SERVER.JS +#================================================= + +# Copy default configuration file +mv "$final_path/config.example.js" "$final_path/config.js" +ynh_replace_string "_domain = 'http://localhost:3000/'" "_domain = 'https://$domain$path_url'" "$final_path/config.js" +# Set service port +ynh_replace_string "__PORT__" "$port" "$final_path/config.js" +ynh_replace_string "__PORT__" "$porti" "$final_path/config.js" +# Tune CSP to allow for YunoHost tile +#ynh_replace_string "\"script-src 'self'\"" "\"script-src 'self' 'unsafe-eval'\"" "$final_path/config.js" +# Remove donate button +ynh_replace_string "removeDonateButton: false" "removeDonateButton: true" "$final_path/config.js" +# Disable analytics unsolicited communications +ynh_replace_string "__ADMIN_EMAIL_" "$admin_email" "$final_path/config.js" +cp $final_path/config.js $final_path/config.example +# Store file checksum to detected user modifications on upgrade +ynh_store_file_checksum "$final_path/config.js" #================================================= # INSTALL CRYPTPAD @@ -125,25 +150,6 @@ npm install -g bower --allow-root bower install --allow-root popd -#================================================= -# CONFIGURE SERVER.JS -#================================================= - -# Copy default configuration file -mv "$final_path/config.example.js" "$final_path/config.js" -ynh_replace_string "_domain = 'http://localhost:3000/'" "_domain = 'https://$domain$path_url'" "$final_path/config.js" -# Set service port -ynh_replace_string "httpPort: 3000" "httpPort: $port" "$final_path/config.js" -# Tune CSP to allow for YunoHost tile -#ynh_replace_string "\"script-src 'self'\"" "\"script-src 'self' 'unsafe-eval'\"" "$final_path/config.js" -# Remove donate button -ynh_replace_string "removeDonateButton: false" "removeDonateButton: true" "$final_path/config.js" -# Disable analytics unsolicited communications -ynh_replace_string "adminEmail: 'i.did.not.read.my.config@cryptpad.fr'" "adminEmail: '$admin_email'" "$final_path/config.js" -cp $final_path/config.js $final_path/config.example -# Store file checksum to detected user modifications on upgrade -ynh_store_file_checksum "$final_path/config.js" - #================================================= # Set some permissions #================================================= From f0a105e18ccd362be974147e626ad69875593b4a Mon Sep 17 00:00:00 2001 From: shine <4771718+shinenelson@users.noreply.github.com> Date: Tue, 1 Oct 2019 23:00:45 +0530 Subject: [PATCH 2/9] fix nodejs_version variable in upgrade script (#31) (#32) --- scripts/upgrade | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/upgrade b/scripts/upgrade index 320506d..7d79c80 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -47,7 +47,7 @@ fi #================================================= # INSTALL NODEJS #================================================= -ynh_install_nodejs $NODEJS_VERSION +ynh_install_nodejs $nodejs_version #================================================= # CREATE DEDICATED USER From e5797a20399cf4d868e5b9bd0ddf5bb2477794c7 Mon Sep 17 00:00:00 2001 From: frju365 Date: Tue, 1 Oct 2019 19:59:42 +0200 Subject: [PATCH 3/9] correct a sile config --- manifest.json | 14 +++++++------- scripts/install | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/manifest.json b/manifest.json index 67d7b35..f8ff658 100644 --- a/manifest.json +++ b/manifest.json @@ -4,7 +4,7 @@ "packaging_format": 1, "description": { "en": "Encrypted Pad", - "fr": "Créateur de pad chiffré." + "fr": "Créateur de pad chiffré." }, "version": "2.16.0", "url": "https://cryptpad.fr/", @@ -25,26 +25,26 @@ "install" : [ { "name": "domain", - "type": "domain", + "type": "domain", "ask": { "en": "Choose a domain name for CryptPad", "fr": "Choisissez un nom de domaine pour CryptPad" }, "example": "example.com" }, - { + { "name": "path", - "type": "path", + "type": "path", "ask": { "en": "Choose a path for CryptPad, only / is allowed.", "fr": "Choisissez un chemin pour CryptPad, seul / est autorisé." }, "example": "/", "default": "/" - }, - { + }, + { "name": "email", - "type": "email", + "type": "email", "ask": { "en": "Choose an email for the admin user.", "fr": "Choisissez une adresse mail pour l'administrateur" diff --git a/scripts/install b/scripts/install index 42efff9..341ec90 100644 --- a/scripts/install +++ b/scripts/install @@ -124,7 +124,7 @@ chown admin: -R $install_log #================================================= # Copy default configuration file -mv "$final_path/config.example.js" "$final_path/config.js" +mv "../conf/config.js" "$final_path/config.js" ynh_replace_string "_domain = 'http://localhost:3000/'" "_domain = 'https://$domain$path_url'" "$final_path/config.js" # Set service port ynh_replace_string "__PORT__" "$port" "$final_path/config.js" From c2d942a86f3def012b8d5e8dab1a8557347044a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Wed, 17 Jun 2020 21:51:03 +0200 Subject: [PATCH 4/9] Repackage to upstream v.3.18.1 (#40) * version 3.2.0 * different corrections --- README.md | 81 ++++++-- README_fr.md | 73 +++++++ check_process | 4 +- conf/app.src | 6 +- conf/config.js | 431 ++++++++++++++++----------------------- conf/nginx.conf | 39 ++-- conf/systemd.service | 5 +- issue_template.md | 46 +++++ manifest.json | 30 +-- pull_request_template.md | 18 ++ scripts/_common.sh | 84 +------- scripts/backup | 51 ++--- scripts/change_url | 123 +++++++++++ scripts/install | 156 +++++++------- scripts/remove | 54 ++--- scripts/restore | 98 +++++---- scripts/upgrade | 217 +++++++++++--------- 17 files changed, 863 insertions(+), 653 deletions(-) create mode 100644 README_fr.md create mode 100644 issue_template.md create mode 100644 pull_request_template.md create mode 100644 scripts/change_url diff --git a/README.md b/README.md index 25561cf..6524a0b 100644 --- a/README.md +++ b/README.md @@ -1,28 +1,73 @@ -Cryptad for Yunohost ------------------------- +# CryptPad for YunoHost -[![Integration level](https://dash.yunohost.org/integration/cryptpad.svg)](https://dash.yunohost.org/appci/app/cryptpad) -[![Install Cryptad with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=cryptpad) +[![Integration level](https://dash.yunohost.org/integration/cryptpad.svg)](https://dash.yunohost.org/appci/app/cryptpad) ![](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg) +[![Install CryptPad with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=cryptpad) -**Shipped version:** 3.2.0 +*[Lire ce readme en français.](./README_fr.md)* + +> *This package allows you to install CryptPad quickly and simply on a YunoHost server. +If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.* + +## Overview +CryptPad is a Zero Knowledge realtime collaborative editor. You can share access to a document simply by sharing the link. + +**Shipped version:** 3.18.1 + +## Screenshots + +![](https://github.com/xwiki-labs/cryptpad/raw/master/screenshot.png) ## Demo -https://cryptpad.fr/ -## Known limitations / Limitations connues -- Installation possible only on a domain root (Cryptpad limitation) -- Can't login via SSO (due to this [Cryptpad limitation](https://github.com/xwiki-labs/cryptpad/issues/116)) +* [Official demo](https://cryptpad.fr/) +## Configuration -## Links / Liens -- Package URL/URL du Paquet: https://github.com/YunoHost-Apps/cryptpad_ynh -- Official Website/Site Officiel: https://cryptpad.fr/ -- Github: https://github.com/xwiki-labs/cryptpad -- Package status: - - [Last weekly report](https://forum.yunohost.org/t/rapport-hebdomadaire-dintegration-continue/2297) - - [Last continuous integration test](https://ci-apps.yunohost.org/jenkins/job/cryptpad%20%28Community%29/lastBuild/consoleFull) +* How to configure this app: From an admin panel, a plain file with SSH. +## Documentation -## Tricks : +* Official documentation: https://cryptpad.fr/what-is-cryptpad.html +* YunoHost documentation: If specific documentation is needed, feel free to contribute. -- To increase space for user in cryptpad, you can set up it in the config.js file in the root folder (/var/www/cryptpad/config.js), and then restart the cryptpad service (`sudo service cryptpad restart`). +## YunoHost specific features + +#### Multi-user support + +* Are LDAP and HTTP auth supported? **No** +* Can the app be used by multiple users? **Yes** + +#### Supported architectures + +* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/cryptpad%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/cryptpad/) +* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/cryptpad%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/cryptpad/) + +## Limitations + +* Installation possible only on a root domain (CryptPad limitation) +* Can't login via SSO (due to this [Cryptpad limitation](https://github.com/xwiki-labs/cryptpad/issues/116)) + +## Additional information + +* To increase space for CryptPad users, you can modify `/var/www/cryptpad/config.js`, and restart the CryptPad service with `sudo service cryptpad restart`. + +## Links + + * Report a bug: https://github.com/YunoHost-Apps/cryptpad_ynh/issues + * App website: https://cryptpad.fr/ + * Upstream app repository: https://github.com/xwiki-labs/cryptpad + * YunoHost website: https://yunohost.org/ + +--- + +Developer info +---------------- + +Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing). + +To try the testing branch, please proceed like that. +``` +sudo yunohost app install https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing --debug +or +sudo yunohost app upgrade cryptpad -u https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing --debug +``` diff --git a/README_fr.md b/README_fr.md new file mode 100644 index 0000000..eaaa339 --- /dev/null +++ b/README_fr.md @@ -0,0 +1,73 @@ +# CryptPad pour YunoHost + +[![Integration level](https://dash.yunohost.org/integration/cryptpad.svg)](https://dash.yunohost.org/appci/app/cryptpad) ![](https://ci-apps.yunohost.org/ci/badges/cryptpad.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/cryptpad.maintain.svg) +[![Installer CryptPad avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=cryptpad) + +*[Read this readme in english.](./README.md)* + +> *Ce package vous permet d'installer CryptPad rapidement et simplement sur un serveur YunoHost. +Si vous n'avez pas YunoHost, consultez [le guide](https://yunohost.org/#/install) pour apprendre comment l'installer.* + +## Vue d'ensemble +CryptPad est un éditeur de documents chiffrés collaboratifs en temps réel. Vous pouvez partager l'accès à un document simplement en partageant le lien. + +**Version incluse :** 3.18.1 + +## Captures d'écran + +![](https://github.com/xwiki-labs/cryptpad/raw/master/screenshot.png) + +## Démo + +* [Démo officielle](https://cryptpad.fr/) + +## Configuration + +Comment configurer cette application : via le panneau d'administration ainsi que le fichier de configuration `/var/www/cryptpad/config.js`. + +## Documentation + +* Official documentation : https://cryptpad.fr/what-is-cryptpad.html +* YunoHost documentation : If specific documentation is needed, feel free to contribute. + +## YunoHost specific features + +#### Support multi-utilisateur + +* L'authentification LDAP et HTTP est-elle prise en charge ? **Non** +* L'application peut-elle être utilisée par plusieurs utilisateurs ? **Oui** + +#### Architectures supportées + +* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/cryptpad%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/cryptpad/) +* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/cryptpad%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/cryptpad/) + +## Limitations + +* Nécessite un sous-domaine / domaine dédié. (limitation de CryptPad) +* Impossible de se connecter via SSO (cf [limitation de CryptPad](https://github.com/xwiki-labs/cryptpad/issues/116)) + +## Informations additionnelles + +* Pour augmenter l'espace pour l'utilisateur dans le CryptPad, vous pouvez configurer le fichier `config.js` dans le dossier `/var/www/cryptpad/config.js`, puis redémarrez le service CryptPad `sudo service cryptpad restart`. + +## Liens + +* Signaler un bug : https://github.com/YunoHost-Apps/cryptpad_ynh/issues +* Site de l'application : https://cryptpad.fr/ +* Dépôt de l'application principale : https://github.com/xwiki-labs/cryptpad +* Site web YunoHost: https://yunohost.org/ + +--- + +Informations pour les développeurs +---------------- + +Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing). + +Pour essayer la branche testing, procédez comme suit. +``` +sudo yunohost app install https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing --debug +ou +sudo yunohost app upgrade cryptpad -u https://github.com/YunoHost-Apps/cryptpad_ynh/tree/testing --debug +``` diff --git a/check_process b/check_process index f152803..18fe99f 100644 --- a/check_process +++ b/check_process @@ -3,8 +3,8 @@ ; Manifest domain="domain.tld" (DOMAIN) path="/path" (PATH) + admin="john" (USER) is_public="1" (PUBLIC|public=1|private=0) - email="example@example.io" (EMAIL) ; Checks pkg_linter=1 setup_sub_dir=0 @@ -17,7 +17,7 @@ multi_instance=0 incorrect_path=0 port_already_use=1 - change_url=0 + change_url=1 ;;; Levels Level 1=auto Level 2=auto diff --git a/conf/app.src b/conf/app.src index 432649b..bbab401 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,6 +1,6 @@ -SOURCE_URL=https://github.com/xwiki-labs/cryptpad/archive/3.2.0.tar.gz -SOURCE_SUM=4f7576401e506aa24c032be675539b671ace27c5453b40edfe39f84daa0fcbfc +SOURCE_URL=https://github.com/xwiki-labs/cryptpad/archive/3.18.1.tar.gz +SOURCE_SUM=6aad512ffd04632b94dc47c17f59781c484508dd6bcf4675bda945d74e66ef6b SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= +SOURCE_FILENAME=cryptpad-3.18.1.tar.gz diff --git a/conf/config.js b/conf/config.js index b543919..9d47a88 100644 --- a/conf/config.js +++ b/conf/config.js @@ -1,189 +1,203 @@ -/*@flow*/ -/* - globals module +/* globals module */ + +/* DISCLAIMER: + + There are two recommended methods of running a CryptPad instance: + + 1. Using a standalone nodejs server without HTTPS (suitable for local development) + 2. Using NGINX to serve static assets and to handle HTTPS for API server's websocket traffic + + We do not officially recommend or support Apache, Docker, Kubernetes, Traefik, or any other configuration. + Support requests for such setups should be directed to their authors. + + If you're having difficulty difficulty configuring your instance + we suggest that you join the project's IRC/Matrix channel. + + If you don't have any difficulty configuring your instance and you'd like to + support us for the work that went into making it pain-free we are quite happy + to accept donations via our opencollective page: https://opencollective.com/cryptpad + */ -var _domain = 'http://localhost:__PORT__/'; - -// You can `kill -USR2` the node process and it will write out a heap dump. -// If your system doesn't support dumping, comment this out and install with -// `npm install --production` -// See: https://strongloop.github.io/strongloop.com/strongblog/how-to-heap-snapshots/ - -// to enable this feature, uncomment the line below: -// require('heapdump'); - -// we prepend a space because every usage expects it -// requiring admins to preserve it is unnecessarily confusing -var domain = ' ' + _domain; - -// Content-Security-Policy -var baseCSP = [ - "default-src 'none'", - "style-src 'unsafe-inline' 'self' " + domain, - "font-src 'self' data:" + domain, - - /* child-src is used to restrict iframes to a set of allowed domains. - * connect-src is used to restrict what domains can connect to the websocket. - * - * it is recommended that you configure these fields to match the - * domain which will serve your CryptPad instance. - */ - "child-src blob: *", - // IE/Edge - "frame-src blob: *", - - /* this allows connections over secure or insecure websockets - if you are deploying to production, you'll probably want to remove - the ws://* directive, and change '*' to your domain - */ - "connect-src 'self' ws: wss: blob:" + domain, - - // data: is used by codemirror - "img-src 'self' data: blob:" + domain, - "media-src * blob:", - - // for accounts.cryptpad.fr authentication and cross-domain iframe sandbox - "frame-ancestors *", - "" -]; - - module.exports = { +/* CryptPad is designed to serve its content over two domains. + * Account passwords and cryptographic content is handled on the 'main' domain, + * while the user interface is loaded on a 'sandbox' domain + * which can only access information which the main domain willingly shares. + * + * In the event of an XSS vulnerability in the UI (that's bad) + * this system prevents attackers from gaining access to your account (that's good). + * + * Most problems with new instances are related to this system blocking access + * because of incorrectly configured sandboxes. If you only see a white screen + * when you try to load CryptPad, this is probably the cause. + * + * PLEASE READ THE FOLLOWING COMMENTS CAREFULLY. + * + */ + +/* httpUnsafeOrigin is the URL that clients will enter to load your instance. + * Any other URL that somehow points to your instance is supposed to be blocked. + * The default provided below assumes you are loading CryptPad from a server + * which is running on the same machine, using port 3000. + * + * In a production instance this should be available ONLY over HTTPS + * using the default port for HTTPS (443) ie. https://cryptpad.fr + * In such a case this should be handled by NGINX, as documented in + * cryptpad/docs/example.nginx.conf (see the $main_domain variable) + * + */ + httpUnsafeOrigin: 'http://127.0.0.1:__PORT__', + +/* httpSafeOrigin is the URL that is used for the 'sandbox' described above. + * If you're testing or developing with CryptPad on your local machine then + * it is appropriate to leave this blank. The default behaviour is to serve + * the main domain over port 3000 and to serve the content over port 3001. + * + * This is not appropriate in a production environment where invasive networks + * may filter traffic going over abnormal ports. + * To correctly configure your production instance you must provide a URL + * with a different domain (a subdomain is sufficient). + * It will be used to load the UI in our 'sandbox' system. + * + * This value corresponds to the $sandbox_domain variable + * in the example nginx file. + * + * CUSTOMIZE AND UNCOMMENT THIS FOR PRODUCTION INSTALLATIONS. + */ + // httpSafeOrigin: "https://some-other-domain.xyz", + +/* httpAddress specifies the address on which the nodejs server + * should be accessible. By default it will listen on 127.0.0.1 + * (IPv4 localhost on most systems). If you want it to listen on + * all addresses, including IPv6, set this to '::'. + * + */ + httpAddress: '::', + +/* httpPort specifies on which port the nodejs server should listen. + * By default it will serve content over port 3000, which is suitable + * for both local development and for use with the provided nginx example, + * which will proxy websocket traffic to your node server. + * + */ + httpPort: __PORT__, + +/* httpSafePort allows you to specify an alternative port from which + * the node process should serve sandboxed assets. The default value is + * that of your httpPort + 1. You probably don't need to change this. + * + */ + httpSafePort: __PORTI__, + +/* CryptPad will launch a child process for every core available + * in order to perform CPU-intensive tasks in parallel. + * Some host environments may have a very large number of cores available + * or you may want to limit how much computing power CryptPad can take. + * If so, set 'maxWorkers' to a positive integer. + */ + // maxWorkers: 4, /* ===================== * Admin * ===================== */ /* - * CryptPad now contains an administration panel. Its access is restricted to specific + * CryptPad contains an administration panel. Its access is restricted to specific * users using the following list. * To give access to the admin panel to a user account, just add their user id, * which can be found on the settings page for registered users. * Entries should be strings separated by a comma. */ +/* adminKeys: [ //"https://my.awesome.website/user/#/1/cryptpad-user1/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=", ], +*/ - /* ===================== - * Infra setup - * ===================== */ - - // the address you want to bind to, :: means all ipv4 and ipv6 addresses - // this may not work on all operating systems - httpAddress: '::', - - // the port on which your httpd will listen - httpPort: __PORT__, - - // This is for allowing the cross-domain iframe to function when developing - httpSafePort: __PORTI__, - - // This is for deployment in production, CryptPad uses a separate origin (domain) to host the - // cross-domain iframe. It can simply host the same content as CryptPad. - // httpSafeOrigin: "https://some-other-domain.xyz", - - httpUnsafeOrigin: domain, - - /* your server's websocket url is configurable - * (default: '/cryptpad_websocket') + /* CryptPad's administration panel includes a "support" tab + * wherein administrators with a secret key can view messages + * sent from users via the encrypted forms on the /support/ page * - * websocketPath can be relative, of the form '/path/to/websocket' - * or absolute, specifying a particular URL + * To enable this functionality: + * run `node ./scripts/generate-admin-keys.js` + * save the public key in your config in the value below + * add the private key via the admin panel + * and back it up in a secure manner * - * 'wss://cryptpad.fr:3000/cryptpad_websocket' */ - websocketPath: '/cryptpad_websocket', + // supportMailboxPublicKey: "", - /* CryptPad can be configured to send customized HTTP Headers - * These settings may vary widely depending on your needs - * Examples are provided below - */ - httpHeaders: { - "X-XSS-Protection": "1; mode=block", - "X-Content-Type-Options": "nosniff", - "Access-Control-Allow-Origin": "*" - }, - - contentSecurity: baseCSP.join('; ') + - "script-src 'self'" + domain, - - // CKEditor and OnlyOffice require significantly more lax content security policy in order to function. - padContentSecurity: baseCSP.join('; ') + - "script-src 'self' 'unsafe-eval' 'unsafe-inline'" + domain, - - /* it is recommended that you serve CryptPad over https - * the filepaths below are used to configure your certificates - */ - //privKeyAndCertFiles: [ - // '/etc/apache2/ssl/my_secret.key', - // '/etc/apache2/ssl/my_public_cert.crt', - // '/etc/apache2/ssl/my_certificate_authorities_cert_chain.ca' - //], - - /* Main pages - * add exceptions to the router so that we can access /privacy.html - * and other odd pages - */ - mainPages: [ - 'index', - 'privacy', - 'terms', - 'about', - 'contact', - 'what-is-cryptpad', - 'features', - 'faq', - 'maintenance' - ], - - /* ===================== - * Subscriptions - * ===================== */ - - /* Limits, Donations, Subscriptions and Contact + /* We're very proud that CryptPad is available to the public as free software! + * We do, however, still need to pay our bills as we develop the platform. * - * By default, CryptPad limits every registered user to 50MB of storage. It also shows a - * subscribe button which allows them to upgrade to a paid account. We handle payment, - * and keep 50% of the proceeds to fund ongoing development. + * By default CryptPad will prompt users to consider donating to + * our OpenCollective campaign. We publish the state of our finances periodically + * so you can decide for yourself whether our expenses are reasonable. * - * You can: - * A: leave things as they are - * B: disable accounts but display a donate button - * C: hide any reference to paid accounts or donation - * - * If you chose A then there's nothing to do. - * If you chose B, set 'allowSubscriptions' to false. - * If you chose C, set 'removeDonateButton' to true + * You can disable any solicitations for donations by setting 'removeDonateButton' to true, + * but we'd appreciate it if you didn't! */ - allowSubscriptions: false, - removeDonateButton: false, + removeDonateButton: true, + + /* CryptPad will display a point of contact for your instance on its contact page + * (/contact.html) if you provide it below. + */ + adminEmail: "__ADMIN_MAIL__", /* - * By default, CryptPad also contacts our accounts server once a day to check for changes in - * the people who have accounts. This check-in will also send the version of your CryptPad - * instance and your email so we can reach you if we are aware of a serious problem. We will - * never sell it or send you marketing mail. If you want to block this check-in and remain - * completely invisible, set this and allowSubscriptions both to false. - */ - adminEmail: '__ADMIN_EMAIL__', - - /* Sales coming from your server will be identified by your domain + * By default, CryptPad contacts one of our servers once a day. + * This check-in will also send some very basic information about your instance including its + * version and the adminEmail so we can reach you if we are aware of a serious problem. + * We will never sell it or send you marketing mail. * - * If you are using CryptPad in a business context, please consider taking a support contract - * by contacting sales@cryptpad.fr + * If you want to block this check-in and remain set 'blockDailyCheck' to true. */ - myDomain: _domain, + blockDailyCheck: true, /* - * If you are using CryptPad internally and you want to increase the per-user storage limit, - * change the following value. + * By default users get 50MB of storage by registering on an instance. + * You can set this value to whatever you want. * - * Please note: This limit is what makes people subscribe and what pays for CryptPad - * development. Running a public instance that provides a "better deal" than cryptpad.fr - * is effectively using the project against itself. + * hint: 50MB is 50 * 1024 * 1024 */ - defaultStorageLimit: 50 * 1024 * 1024, + //defaultStorageLimit: 50 * 1024 * 1024, + + + /* ===================== + * STORAGE + * ===================== */ + + /* Pads that are not 'pinned' by any registered user can be set to expire + * after a configurable number of days of inactivity (default 90 days). + * The value can be changed or set to false to remove expiration. + * Expired pads can then be removed using a cron job calling the + * `evict-inactive.js` script with node + * + * defaults to 90 days if nothing is provided + */ + //inactiveTime: 90, // days + + /* CryptPad archives some data instead of deleting it outright. + * This archived data still takes up space and so you'll probably still want to + * remove these files after a brief period. + * + * cryptpad/scripts/evict-inactive.js is intended to be run daily + * from a crontab or similar scheduling service. + * + * The intent with this feature is to provide a safety net in case of accidental + * deletion. Set this value to the number of days you'd like to retain + * archived data before it's removed permanently. + * + * defaults to 15 days if nothing is provided + */ + //archiveRetentionTime: 15, + + /* Max Upload Size (bytes) + * this sets the maximum size of any one file uploaded to the server. + * anything larger than this size will be rejected + * defaults to 20MB if no value is provided + */ + //maxUploadSize: 20 * 1024 * 1024, /* * CryptPad allows administrators to give custom limits to their friends. @@ -193,8 +207,8 @@ module.exports = { * * hint: 1GB is 1024 * 1024 * 1024 bytes */ +/* customLimits: { - /* "https://my.awesome.website/user/#/1/cryptpad-user1/YZgXQxKR0Rcb6r6CmxHPdAGLVludrAF2lEnkbx1vVOo=": { limit: 20 * 1024 * 1024 * 1024, plan: 'insider', @@ -205,70 +219,15 @@ module.exports = { plan: 'insider', note: 'storage space donated by my.awesome.website' } - */ }, +*/ - /* ===================== - * STORAGE - * ===================== */ - - /* By default the CryptPad server will run scheduled tasks every five minutes - * If you want to run scheduled tasks in a separate process (like a crontab) - * you can disable this behaviour by setting the following value to true - */ - disableIntegratedTasks: false, - - /* Pads that are not 'pinned' by any registered user can be set to expire - * after a configurable number of days of inactivity (default 90 days). - * The value can be changed or set to false to remove expiration. - * Expired pads can then be removed using a cron job calling the - * `delete-inactive.js` script with node - */ - inactiveTime: 90, // days - - /* CryptPad can be configured to remove inactive data which has not been pinned. - * Deletion of data is always risky and as an operator you have the choice to - * archive data instead of deleting it outright. Set this value to true if - * you want your server to archive files and false if you want to keep using - * the old behaviour of simply removing files. + /* Users with premium accounts (those with a plan included in their customLimit) + * can benefit from an increased upload size limit. By default they are restricted to the same + * upload size as any other registered user. * - * WARNING: this is not implemented universally, so at the moment this will - * only apply to the removal of 'channels' due to inactivity. */ - retainData: true, - - /* As described above, CryptPad offers the ability to archive some data - * instead of deleting it outright. This archived data still takes up space - * and so you'll probably still want to remove these files after a brief period. - * The intent with this feature is to provide a safety net in case of accidental - * deletion. Set this value to the number of days you'd like to retain - * archived data before it's removed permanently. - * - * If 'retainData' is set to false, there will never be any archived data - * to remove. - */ - archiveRetentionTime: 15, - - /* Max Upload Size (bytes) - * this sets the maximum size of any one file uploaded to the server. - * anything larger than this size will be rejected - */ - maxUploadSize: 20 * 1024 * 1024, - - /* ===================== - * HARDWARE RELATED - * ===================== */ - - /* CryptPad's file storage adaptor closes unused files after a configurable - * number of milliseconds (default 30000 (30 seconds)) - */ - channelExpirationMs: 30000, - - /* CryptPad's file storage adaptor is limited by the number of open files. - * When the adaptor reaches openFileLimit, it will clean up older files - */ - openFileLimit: 2048, - + //premiumUploadSize: 100 * 1024 * 1024, /* ===================== * DATABASE VOLUMES @@ -295,12 +254,12 @@ module.exports = { * Pin requests are stored in a pin-store. The location of this store is * defined here. */ - pinPath: './pins', + pinPath: './data/pins', /* if you would like the list of scheduled tasks to be stored in a custom location, change the path below: */ - taskPath: './tasks', + taskPath: './data/tasks', /* if you would like users' authenticated blocks to be stored in a custom location, change the path below: @@ -315,7 +274,7 @@ module.exports = { /* CryptPad stores incomplete blobs in a 'staging' area until they are * fully uploaded. Set its location here. */ - blobStagingPath: './blobstage', + blobStagingPath: './data/blobstage', /* CryptPad supports logging events directly to the disk in a 'logs' directory * Set its location here, or set it to false (or nothing) if you'd rather not log @@ -356,42 +315,6 @@ module.exports = { */ logFeedback: false, - /* You can get a repl for debugging the server if you want it. - * to enable this, specify the debugReplName and then you can - * connect to it with `nc -U /tmp/repl/.sock` - * If you run multiple cryptpad servers, you need to use different - * repl names. - */ - //debugReplName: "cryptpad" - - /* ===================== - * DEPRECATED - * ===================== */ - /* - You have the option of specifying an alternative storage adaptor. - These status of these alternatives are specified in their READMEs, - which are available at the following URLs: - - mongodb: a noSQL database - https://github.com/xwiki-labs/cryptpad-mongo-store - amnesiadb: in memory storage - https://github.com/xwiki-labs/cryptpad-amnesia-store - leveldb: a simple, fast, key-value store - https://github.com/xwiki-labs/cryptpad-level-store - sql: an adaptor for a variety of sql databases via knexjs - https://github.com/xwiki-labs/cryptpad-sql-store - - For the most up to date solution, use the default storage adaptor. - */ - storage: './storage/file', - - /* CryptPad's socket server can be extended to respond to RPC calls - * you can configure it to respond to custom RPC calls if you like. - * provide the path to your RPC module here, or `false` if you would - * like to disable the RPC interface completely - */ - rpc: './rpc.js', - /* CryptPad supports verbose logging * (false by default) */ diff --git a/conf/nginx.conf b/conf/nginx.conf index 8586786..6117882 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,24 +1,21 @@ -location __PATH__/ { +location ^~ / { + # Force usage of https + if ($scheme = http) { + rewrite ^ https://$server_name$request_uri? permanent; + } + proxy_pass http://127.0.0.1:__PORT__; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Host $server_name; - try_files $uri $uri/index.html; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; - } - - proxy_pass http://localhost:__PORT__/; - add_header X-Frame-Options SAMEORIGIN; - proxy_set_header Host $host; - proxy_http_version 1.1; - proxy_set_header Upgrade $http_upgrade; - proxy_set_header Connection upgrade; - - # Include SSOWAT user panel. - include conf.d/yunohost_panel.conf.inc; + # Include SSOWAT user panel. + include conf.d/yunohost_panel.conf.inc; + more_clear_input_headers 'Accept-Encoding'; } - -## TODO fix in the code so that we don't need this -location ~ ^/(register|login|settings|user|pad|drive|poll|slide|code|whiteboard)$ { - rewrite ^(.*)$ $1/ redirect; -} - diff --git a/conf/systemd.service b/conf/systemd.service index 4596ffc..7134501 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -1,5 +1,5 @@ [Unit] -Description=CryptPad service +Description=Zero Knowledge realtime collaborative editor. After=syslog.target network.target [Service] @@ -7,8 +7,9 @@ Type=simple User=__APP__ Group=__APP__ WorkingDirectory=__FINALPATH__ +Environment=PATH=__ENV_PATH__ Environment=NODE_ENV=production -ExecStart=__NODE__/node server | tee /var/log/__APP__/cryptpad.log +ExecStart=__YNH_NPM__ start Restart=always [Install] diff --git a/issue_template.md b/issue_template.md new file mode 100644 index 0000000..b044dbe --- /dev/null +++ b/issue_template.md @@ -0,0 +1,46 @@ +--- +name: Bug report +about: Create a report to help us debug, it would be nice to fill the template as much as you can to help us, help you and help us all. + +--- + +**How to post a meaningful bug report** +1. *Read this whole template first.* +2. *Determine if you are on the right place:* + - *If you were performing an action on the app from the webadmin or the CLI (install, update, backup, restore, change url...), you are on the right place!* + - *Otherwise, the issue may be due to CryptPad itself. Refer to its documentation or repository for help.* + - *If you have a doubt, post here, we will figure it out together.* +3. *Delete the italic comments as you write over them below, and remove this guide.* +--- + +**Describe the bug** +*A clear and concise description of what the bug is.* + +**Versions** +- Hardware: *VPS bought online / Old laptop or computer / Raspberry Pi at home / Internet Cube with VPN / Other ARM board / ...* +- YunoHost version: x.x.x +- I have access to my server: *Through SSH | through the webadmin | direct access via keyboard / screen | ...* +- Are you in a special context or did you perform some particular tweaking on your YunoHost instance ?: *no / yes* + - If yes, please explain: +- Using, or trying to install package version/branch: +- If upgrading, current package version: *can be found in the admin, or with `yunohost app info cryptpad`* + +**To Reproduce** +*Steps to reproduce the behavior.* +- *If you performed a command from the CLI, the command itself is enough. For example:* + ```sh + sudo yunohost app install cryptpad + ``` +- *If you used the webadmin, please perform the equivalent command from the CLI first.* +- *If the error occurs in your browser, explain what you did:* + 1. *Go to '...'* + 2. *Click on '....'* + 3. *Scroll down to '....'* + 4. *See error* + +**Expected behavior** +*A clear and concise description of what you expected to happen. You can remove this section if the command above is enough to understand your intent.* + +**Logs** +*After a failed command, YunoHost makes the log available to you, but also to others, thanks to `yunohost log display [log name] --share`. The actual command, with the correct log name, is displayed at the end of the failed attempt in the CLI. Execute it and copy here the share link it outputs.* +*If applicable and useful, add screenshots to help explain your problem.* diff --git a/manifest.json b/manifest.json index f8ff658..1c10156 100644 --- a/manifest.json +++ b/manifest.json @@ -3,10 +3,10 @@ "id": "cryptpad", "packaging_format": 1, "description": { - "en": "Encrypted Pad", - "fr": "Créateur de pad chiffré." + "en": "Zero Knowledge realtime collaborative editor", + "fr": "Éditeur chiffré collaboratif en temps réel." }, - "version": "2.16.0", + "version": "3.18.1~ynh1", "url": "https://cryptpad.fr/", "license": "AGPL-3.0-or-later", "maintainer": { @@ -15,7 +15,7 @@ "url": "https://frju365.yunohost.support" }, "requirements": { - "yunohost": ">= 3.0.0" + "yunohost": ">= 3.8.1" }, "multi_instance": false, "services": [ @@ -30,33 +30,33 @@ "en": "Choose a domain name for CryptPad", "fr": "Choisissez un nom de domaine pour CryptPad" }, - "example": "example.com" + "example": "cryptpad.example.com" }, { "name": "path", "type": "path", "ask": { - "en": "Choose a path for CryptPad, only / is allowed.", - "fr": "Choisissez un chemin pour CryptPad, seul / est autorisé." + "en": "Choose a path for CryptPad, requires a dedicated sub-domain/domain.", + "fr": "Choisissez un chemin pour CryptPad, nécessite un sous-domaine/domaine dédié." }, "example": "/", "default": "/" }, - { - "name": "email", - "type": "email", + { + "name": "admin", + "type": "user", "ask": { - "en": "Choose an email for the admin user.", - "fr": "Choisissez une adresse mail pour l'administrateur" + "en": "Choose an admin user", + "fr": "Choisissez l’administrateur" }, - "example": "example@example.tld" + "example": "johndoe" }, { "name": "is_public", "type": "boolean", "ask": { - "en": "Is it a public site? ", - "fr": "Est-ce un site publique ? " + "en": "Is it a public site?", + "fr": "Est-ce un site publique ?" }, "default": true } diff --git a/pull_request_template.md b/pull_request_template.md new file mode 100644 index 0000000..9aa2a24 --- /dev/null +++ b/pull_request_template.md @@ -0,0 +1,18 @@ +## Problem +- *Description of why you made this PR* + +## Solution +- *And how do you fix that problem* + +## PR Status +- [ ] Code finished. +- [ ] Tested with Package_check. +- [ ] Fix or enhancement tested. +- [ ] Upgrade from last version tested. +- [ ] Can be reviewed and tested. + +## Package_check results +--- +*If you have access to [App Continuous Integration for packagers](https://yunohost.org/#/packaging_apps_ci) you can provide a link to the package_check results like below, replacing '-NUM-' in this link by the PR number and USERNAME by your username on the ci-apps-dev. Or you provide a screenshot or a pastebin of the results* + +[![Build Status](https://ci-apps-dev.yunohost.org/jenkins/job/cryptpad_ynh%20PR-NUM-%20(USERNAME)/badge/icon)](https://ci-apps-dev.yunohost.org/jenkins/job/cryptpad_ynh%20PR-NUM-%20(USERNAME)/) diff --git a/scripts/_common.sh b/scripts/_common.sh index b748093..6fa19b1 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -3,83 +3,17 @@ #================================================= # COMMON VARIABLES #================================================= -nodejs_version=6 + +nodejs_version=12 #================================================= - -# Start or restart a service and follow its booting -# -# usage: ynh_check_starting "Line to match" [Log file] [Timeout] [Service name] -# -# | arg: Line to match - The line to find in the log to attest the service have finished to boot. -# | arg: Log file - The log file to watch -# | arg: Service name -# /var/log/$app/$app.log will be used if no other log is defined. -# | arg: Timeout - The maximum time to wait before ending the watching. Defaut 300 seconds. -ynh_check_starting () { - local line_to_match="$1" - local service_name="${4:-$app}" - local app_log="${2:-/var/log/$service_name/$service_name.log}" - local timeout=${3:-300} - - ynh_clean_check_starting () { - # Stop the execution of tail. - kill -s 15 $pid_tail 2>&1 - ynh_secure_remove "$templog" 2>&1 - } - - echo "Starting of $service_name" >&2 - systemctl stop $service_name - local templog="$(mktemp)" - # Following the starting of the app in its log - tail -F -n0 "$app_log" > "$templog" & - # Get the PID of the tail command - local pid_tail=$! - systemctl start $service_name - - local i=0 - for i in `seq 1 $timeout` - do - # Read the log until the sentence is found, that means the app finished to start. Or run until the timeout - if grep --quiet "$line_to_match" "$templog" - then - echo "The service $service_name has correctly started." >&2 - break - fi - echo -n "." >&2 - sleep 1 - done - if [ $i -eq $timeout ] - then - echo "The service $service_name didn't fully started before the timeout." >&2 - fi - - echo "" - ynh_clean_check_starting -} - +# PERSONAL HELPERS #================================================= +#================================================= +# EXPERIMENTAL HELPERS +#================================================= -# EXEC_LOGIN_AS Helper - -# Execute a command as another user with login -# (hence in user home dir, with prior loading of .profile, etc.) -# usage: exec_login_as USER COMMAND [ARG ...] -exec_login_as() { - local user=$1 - shift 1 - exec_as $user --login "$@" -} -# Execute a command as another user -# usage: exec_as USER COMMAND [ARG ...] -exec_as() { - local user=$1 - shift 1 - - if [[ $user = $(whoami) ]]; then - eval "$@" - else - sudo -u "$user" "$@" - fi -} +#================================================= +# FUTURE OFFICIAL HELPERS +#================================================= \ No newline at end of file diff --git a/scripts/backup b/scripts/backup index a2c07cd..a44954a 100644 --- a/scripts/backup +++ b/scripts/backup @@ -6,18 +6,17 @@ # IMPORT GENERIC HELPERS #================================================= -if [ ! -e _common.sh ]; then - # Get the _common.sh file if it's not in the current directory - cp ../settings/scripts/_common.sh ./_common.sh - chmod a+rx _common.sh -fi -source _common.sh +#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers #================================================= # MANAGE SCRIPT FAILURE #================================================= +ynh_clean_setup () { + ynh_clean_check_starting +} # Exit if an error occurs during the execution of the script ynh_abort_if_errors @@ -26,31 +25,37 @@ ynh_abort_if_errors #================================================= app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get $app domain) -final_path=$(ynh_app_setting_get $app final_path) + +domain=$(ynh_app_setting_get --app=$app --key=domain) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= -# STANDARD BACKUP STEPS +# DECLARE DATA AND CONF FILES TO BACKUP #================================================= -# BACKUP APP MAIN DIR -#================================================= - -CHECK_SIZE "$final_path" -ynh_backup "$final_path" "sources" +ynh_print_info --message="Declaring files to be backed up..." #================================================= -# BACKUP NGINX CONFIGURATION +# BACKUP THE APP MAIN DIR #================================================= -ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" "nginx.conf" +ynh_backup --src_path="$final_path" #================================================= -# BACKUP LOGROTATE CONFIGURATION -#================================================= -ynh_backup "/etc/logrotate.d/$app" "logrotate" - -#================================================= -# BACKUP SYSTEMD CONFIGURATION +# BACKUP THE NGINX CONFIGURATION #================================================= -ynh_backup "/etc/systemd/system/$app.service" "systemd.service" +ynh_backup --src_path="/etc/nginx/conf.d/$domain.d/$app.conf" + +#================================================= +# SPECIFIC BACKUP +#================================================= +# BACKUP SYSTEMD +#================================================= + +ynh_backup --src_path="/etc/systemd/system/$app.service" + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." diff --git a/scripts/change_url b/scripts/change_url new file mode 100644 index 0000000..90f9f1b --- /dev/null +++ b/scripts/change_url @@ -0,0 +1,123 @@ +#!/bin/bash + +#================================================= +# GENERIC STARTING +#================================================= +# IMPORT GENERIC HELPERS +#================================================= + +source _common.sh +source /usr/share/yunohost/helpers + +#================================================= +# RETRIEVE ARGUMENTS +#================================================= + +old_domain=$YNH_APP_OLD_DOMAIN +old_path=$YNH_APP_OLD_PATH + +new_domain=$YNH_APP_NEW_DOMAIN +new_path=$YNH_APP_NEW_PATH + +app=$YNH_APP_INSTANCE_NAME + +#================================================= +# LOAD SETTINGS +#================================================= +ynh_script_progression --message="Loading installation settings..." --weight=1 + +# Needed for helper "ynh_add_nginx_config" +final_path=$(ynh_app_setting_get --app=$app --key=final_path) + +#================================================= +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +#================================================= +ynh_script_progression --message="Backing up the app before changing its url (may take a while)..." --weight=2 + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location. + ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" + + # restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# CHECK WHICH PARTS SHOULD BE CHANGED +#================================================= + +change_domain=0 +if [ "$old_domain" != "$new_domain" ] +then + change_domain=1 +fi + +change_path=0 +if [ "$old_path" != "$new_path" ] +then + change_path=1 +fi + +#================================================= +# STANDARD MODIFICATIONS +#================================================= +# STOP SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Stopping a systemd service..." --weight=1 + +ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" + +#================================================= +# MODIFY URL IN NGINX CONF +#================================================= +ynh_script_progression --message="Updating nginx web server configuration..." --time --weight=1 + +nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf + +# Change the path in the nginx config file +if [ $change_path -eq 1 ] +then + # Make a backup of the original nginx config file if modified + ynh_backup_if_checksum_is_different --file="$nginx_conf_path" + # Set global variables for nginx helper + domain="$old_domain" + path_url="$new_path" + # Create a dedicated nginx config + ynh_add_nginx_config +fi + +# Change the domain for nginx +if [ $change_domain -eq 1 ] +then + # Delete file checksum for the old conf file location + ynh_delete_file_checksum --file="$nginx_conf_path" + mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf + # Store file checksum for the new config file location + ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" +fi + +#================================================= +# GENERIC FINALISATION +#================================================= +# START SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Starting a systemd service..." --weight=1 + +ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="server available" + +#================================================= +# RELOAD NGINX +#================================================= +ynh_script_progression --message="Reloading nginx web server..." --weight=1 + +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Change of URL completed for $app" --last diff --git a/scripts/install b/scripts/install index 0b7a9e5..5b39163 100644 --- a/scripts/install +++ b/scripts/install @@ -13,7 +13,11 @@ source /usr/share/yunohost/helpers # MANAGE FAILURE OF THE SCRIPT #================================================= -ynh_abort_if_errors # Active trap pour arrêter le script si une erreur est détectée. +ynh_clean_setup () { + ynh_clean_check_starting +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST @@ -21,78 +25,80 @@ ynh_abort_if_errors # Active trap pour arrêter le script si une erreur est dét domain=$YNH_APP_ARG_DOMAIN is_public=$YNH_APP_ARG_IS_PUBLIC -path_url=$YNH_APP_ARG_PATH -admin_email=$YNH_APP_ARG_EMAIL +path_url="/" +admin=$YNH_APP_ARG_ADMIN app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THIS ARGS #================================================= +ynh_script_progression --message="Validating installation parameters..." --weight=1 final_path=/var/www/$app test ! -e "$final_path" || ynh_die "This path already contains a folder" -# Normalize the url path syntax -path_url=$(ynh_normalize_url_path $path_url) - -# Check web path availability -ynh_webpath_available $domain $path_url # Register (book) web path -ynh_webpath_register $app $domain $path_url +ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= -ynh_app_setting_set $app domain "$domain" -ynh_app_setting_set $app is_public "$is_public" -ynh_app_setting_set $app path_url "$path_url" +ynh_app_setting_set --app=$app --key=domain --value=$domain +ynh_app_setting_set --app=$app --key=is_public --value=$is_public +ynh_app_setting_set --app=$app --key=path_url --value=$path_url +ynh_app_setting_set --app=$app --key=admin --value=$admin + +admin_mail=$(ynh_user_get_info "$admin" 'mail') #================================================= # STANDARD MODIFICATIONS #================================================= # FIND AND OPEN A PORT #================================================= +ynh_script_progression --message="Configuring firewall..." --weight=1 -# Find a free port -port=$(ynh_find_port 4000) -# Open this port -yunohost firewall allow --no-upnp TCP $port 2>&1 -ynh_app_setting_set $app port $port - -porti=$(ynh_find_port 5000) -# Open this port -yunohost firewall allow --no-upnp TCP $porti 2>&1 -ynh_app_setting_set $app porti $porti +# Find an available port +port=$(ynh_find_port --port=3000) +ynh_app_setting_set --app=$app --key=port --value=$port +# Find an available port +porti=$(ynh_find_port --port=$(($port + 1))) +ynh_app_setting_set --app=$app --key=porti --value=$porti #================================================= -# INSTALL NODEJS +# INSTALL NODEJS & YARN #================================================= +ynh_script_progression --message="Installing dependencies..." --weight=20 -ynh_install_nodejs $nodejs_version +# Install Nodejs +ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version + +# Install Yarn +ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" #================================================= # CREATE DEDICATED USER #================================================= +ynh_script_progression --message="Configuring system user..." --weight=1 # Create a system user -ynh_system_user_create $app +ynh_system_user_create --username=$app -#================================================= -# SPECIFIC SETUP #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= +ynh_script_progression --message="Setting up source files..." --weight=10 -ynh_app_setting_set $app final_path $final_path +ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source "$final_path" +ynh_setup_source --dest_dir="$final_path" #================================================= # NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Configuring nginx web server..." --weight=1 # Create a dedicated nginx config ynh_add_nginx_config @@ -100,93 +106,87 @@ ynh_add_nginx_config #================================================= # SETUP SYSTEMD #================================================= +ynh_script_progression --message="Configuring a systemd service..." --weight=1 + +ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../conf/systemd.service" +ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="../conf/systemd.service" +ynh_replace_string --match_string="__ENV_PATH__" --replace_string="$PATH" --target_file="../conf/systemd.service" +ynh_replace_string --match_string="__YNH_NPM__" --replace_string="$ynh_npm" --target_file="../conf/systemd.service" -# Create a dedicated systemd config ynh_add_systemd_config -ynh_replace_string "__NODEJS__" "$nodejs_version" "/etc/systemd/system/$app.service" -ynh_replace_string "__ENV_PATH__" "$PATH" "/etc/systemd/system/$app.service" -ynh_replace_string "__NODE__" "$nodejs_path" "/etc/systemd/system/$app.service" -systemctl daemon-reload #================================================= -# Créer le dossier de log -#================================================= - -mkdir -p /var/log/$app -touch /var/log/$app/cryptpad.log -install_log=/var/log/$app/installation.log -touch $install_log -chown $app: -R /var/log/$app -chown admin: -R $install_log - -#================================================= -# CONFIGURE SERVER.JS +# CONFIGURE CONFIG.JS #================================================= # Copy default configuration file mv "../conf/config.js" "$final_path/config/config.js" -ynh_replace_string "_domain = 'http://localhost:3000/'" "_domain = 'https://$domain$path_url'" "$final_path/config/config.js" -# Set service port -ynh_replace_string "__PORT__" "$port" "$final_path/config/config.js" -ynh_replace_string "__PORTI__" "$porti" "$final_path/config/config.js" -# Tune CSP to allow for YunoHost tile -#ynh_replace_string "\"script-src 'self'\"" "\"script-src 'self' 'unsafe-eval'\"" "$final_path/config.js" -# Remove donate button -ynh_replace_string "removeDonateButton: false" "removeDonateButton: true" "$final_path/config/config.js" -# Disable analytics unsolicited communications -ynh_replace_string "__ADMIN_EMAIL_" "$admin_email" "$final_path/config/config.js" +ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$final_path/config/config.js" +ynh_replace_string --match_string="__PORTI__" --replace_string="$porti" --target_file="$final_path/config/config.js" +ynh_replace_string --match_string="__ADMIN_MAIL__" --replace_string="$admin_mail" --target_file="$final_path/config/config.js" + # Store file checksum to detected user modifications on upgrade ynh_store_file_checksum "$final_path/config/config.js" #================================================= # INSTALL CRYPTPAD #================================================= +ynh_script_progression --message="Building $app... (this will take some time and resources!)" --weight=60 -script_dir="$PWD" -pushd "$final_path" -npm install --allow-root -npm install -g bower --allow-root -bower install --allow-root -popd +pushd "$final_path" || ynh_die -#================================================= -# INSTALL CRYPTPAD -#================================================= + ynh_use_nodejs + ynh_exec_warn_less yarn install --allow-root + yarn global add bower + bower install --allow-root -script_dir="$PWD" -pushd "$final_path" -npm install --allow-root -npm install -g bower --allow-root -bower install --allow-root -popd +popd || ynh_die #================================================= # Set some permissions #================================================= +ynh_script_progression --message="Securing files and directories..." --weight=1 -chown $app:$app $final_path -R -chown $app:$app /var/log/$app/cryptpad.log +chown -R $app:$app $final_path #================================================= -# ENABLE SERVICE IN ADMIN PANEL +# INTEGRATE SERVICE IN ADMIN PANEL #================================================= +ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 # Ajoute le service au monitoring de Yunohost. yunohost service add $app --log "/var/log/$app/$app.log" +#================================================= +# START SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Starting a systemd service..." --weight=2 + +# Start a systemd service +ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="server available" + #================================================= # SETUP SSOWAT #================================================= +ynh_script_progression --message="Configuring SSOwat..." --weight=1 -if [ $is_public -eq 1 ]; +# Make app public if necessary +if [ $is_public -eq 1 ] then - ynh_app_setting_set "$app" unprotected_uris "/" + # unprotected_uris allows SSO credentials to be passed anyway. + ynh_permission_update --permission "main" --add visitors fi -ynh_check_starting "loading rpc module..." "/var/log/$app/cryptpad.log" "15" #================================================= # RELOAD NGINX #================================================= +ynh_script_progression --message="Reloading nginx web server..." --weight=1 -systemctl reload nginx +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Installation of $app completed" --last diff --git a/scripts/remove b/scripts/remove index 09347d1..3595298 100644 --- a/scripts/remove +++ b/scripts/remove @@ -12,64 +12,70 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= +ynh_script_progression --message="Loading installation settings..." --weight=1 app=$YNH_APP_INSTANCE_NAME -port=$(ynh_app_setting_get $app port) -# Retrieve app settings -domain=$(ynh_app_setting_get $app domain) -final_path=$(ynh_app_setting_get $app final_path) + +port=$(ynh_app_setting_get --app=$app --key=port) +domain=$(ynh_app_setting_get --app=$app --key=domain) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= # STANDARD REMOVE +#================================================= +# REMOVE SERVICE INTEGRATION IN YUNOHOST +#================================================= + +# Remove the service from the list of services known by Yunohost (added from `yunohost service add`) +if ynh_exec_warn_less yunohost service status $app >/dev/null +then + ynh_script_progression --message="Removing $app service..." --weight=3 + yunohost service remove $app +fi + #================================================= # STOP AND REMOVE SERVICE #================================================= +ynh_script_progression --message="Stopping and removing the systemd service..." --weight=2 # Remove the dedicated systemd config ynh_remove_systemd_config -#================================================= -# REMOVE SERVICE FROM ADMIN PANEL -#================================================= - -# Remove a service from the admin panel, added by `yunohost service add` -if yunohost service status | grep -q $app -then - echo "Remove $app service" - yunohost service remove $app -fi - #================================================= # REMOVE NODEJS #================================================= +ynh_script_progression --message="Removing dependencies..." --weight=3 ynh_remove_nodejs #================================================= # REMOVE APP MAIN DIR #================================================= +ynh_script_progression --message="Removing app main directory..." --weight=3 # Remove the app directory securely -ynh_secure_remove "$final_path" +ynh_secure_remove --file="$final_path" #================================================= # REMOVE NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Removing nginx web server configuration..." --weight=1 # Remove the dedicated nginx config ynh_remove_nginx_config -#================================================= -# REMOVE THE LOGROTATE CONFIG -#================================================= - -ynh_remove_logrotate # Remove the app-specific logrotate config -ynh_secure_remove "/var/log/$app/" - #================================================= # GENERIC FINALIZATION #================================================= # REMOVE DEDICATED USER #================================================= +ynh_script_progression --message="Removing the dedicated system user..." --weight=1 -ynh_system_user_delete $app +# Delete a system user +ynh_system_user_delete --username=$app + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Removal of $app completed" --last diff --git a/scripts/restore b/scripts/restore index e684b29..2cd223f 100644 --- a/scripts/restore +++ b/scripts/restore @@ -6,12 +6,8 @@ # IMPORT GENERIC HELPERS #================================================= -if [ ! -e _common.sh ]; then - # Get the _common.sh file if it's not in the current directory - cp ../settings/scripts/_common.sh ./_common.sh - chmod a+rx _common.sh -fi -source _common.sh +#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts +source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers #================================================= @@ -19,7 +15,6 @@ source /usr/share/yunohost/helpers #================================================= ynh_clean_setup () { -# Nettoyage des résidus d'installation non pris en charge par le script remove. ynh_clean_check_starting } # Exit if an error occurs during the execution of the script @@ -28,81 +23,98 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= +ynh_script_progression --message="Loading installation settings..." --weight=1 app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get $app domain) -path_url=$(ynh_app_setting_get $app path) -is_public=$(ynh_app_setting_get $app is_public) -final_path=$(ynh_app_setting_get $app final_path) +domain=$(ynh_app_setting_get --app=$app --key=domain) +path_url=$(ynh_app_setting_get --app=$app --key=path) +is_public=$(ynh_app_setting_get --app=$app --key=is_public) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= +ynh_script_progression --message="Validating restoration parameters..." --weight=1 -ynh_webpath_available $domain $path_url \ - || ynh_die "Path not available: ${domain}${path_url}" +ynh_webpath_available --domain=$domain --path_url=$path_url \ + || ynh_die --message="Path not available: ${domain}${path_url}" test ! -d $final_path \ -|| ynh_die "There is already a directory: $final_path " + || ynh_die --message="There is already a directory: $final_path " #================================================= -# STANDARD RESTORE STEPS +# STANDARD RESTORATION STEPS #================================================= -# RESTORE OF THE NGINX CONFIGURATION +# RESTORE THE NGINX CONFIGURATION #================================================= -ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= -# RESTORE OF THE MAIN DIR OF THE APP +# RESTORE THE APP MAIN DIR #================================================= +ynh_script_progression --message="Restoring the app main directory..." --weight=6 -ynh_restore_file "$final_path" +ynh_restore_file --origin_path="$final_path" #================================================= # RECREATE THE DEDICATED USER #================================================= +ynh_script_progression --message="Recreating the dedicated system user..." --weight=1 -ynh_system_user_create $app $final_path # Recreate the dedicated user, if it doesn't exist +# Create the dedicated user (if not existing) +ynh_system_user_create --username=$app #================================================= -# SPECIFIC RESTORE -#================================================= -# HANDLE LOG FILES AND LOGROTATE +# RESTORE USER RIGHTS #================================================= -mkdir -p /var/log/$app -touch /var/log/$app/etherpad.log -install_log=/var/log/$app/installation.log -touch $install_log -chown $app -R /var/log/$app -chown admin -R $install_log - -# Restore logrotate configuration -ynh_restore_file "/etc/logrotate.d/$app" +# Restore permissions on app files +chown -R $app:$app $final_path #================================================= -# INSTALL NODEJS +# REINSTALL DEPENDENCIES #================================================= +ynh_script_progression --message="Reinstalling dependencies..." --weight=7 -ynh_install_nodejs $nodejs_version +# Install Nodejs +ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version -#================================================= -# ENABLE SERVICE IN ADMIN PANEL -#================================================= - -yunohost service add $app --log "/var/log/$app/etherpad.log" +# Install Yarn +ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" #================================================= # RESTORE SYSTEMD #================================================= +ynh_script_progression --message="Restoring the systemd configuration..." --weight=1 -ynh_restore_file "/etc/systemd/system/$app.service" -## Démarrage auto du service +ynh_restore_file --origin_path="/etc/systemd/system/$app.service" systemctl enable $app.service #================================================= -# RELOAD NGINX +# INTEGRATE SERVICE IN YUNOHOST #================================================= -systemctl reload nginx +yunohost service add $app --description "Zero Knowledge realtime collaborative editor" --log "/var/log/$app/$app.log" + +#================================================= +# START SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Starting a systemd service..." --weight=1 + +ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="server available" + +#================================================= +# GENERIC FINALIZATION +#================================================= +# RELOAD NGINX +#================================================= +ynh_script_progression --message="Reloading nginx web server..." --weight=1 + +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Restoration completed for $app" --last diff --git a/scripts/upgrade b/scripts/upgrade index 20a1c90..6a33d3c 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -1,7 +1,5 @@ #!/bin/bash -# Exit on command errors and treat unset variables as an error -set -eu #================================================= # GENERIC STARTING #================================================= @@ -23,146 +21,175 @@ DESTDIR="/var/www/$app" "The destination directory '$DESTDIR' does not exist.\ The app is not correctly installed, you should remove it first." -# Retrieve arguments -domain=$(ynh_app_setting_get "$app" domain) -path_url=$(ynh_normalize_url_path "$(ynh_app_setting_get "$app" path_url)") -final_path=$(ynh_app_setting_get "$app" final_path) -is_public=$(ynh_app_setting_get "$app" is_public) -port=$(ynh_app_setting_get "$app" port) +#================================================= +# LOAD SETTINGS +#================================================= +ynh_script_progression --message="Loading installation settings..." --weight=1 + +domain=$(ynh_app_setting_get --app=$app --key=domain) +path_url=$(ynh_app_setting_get --app=$app --key=path_url) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) +is_public=$(ynh_app_setting_get --app=$app --key=is_public) +admin=$(ynh_app_setting_get --app=$app --key=admin) +admin_mail=$(ynh_user_get_info "$admin" 'mail') +port=$(ynh_app_setting_get --app=$app --key=port) +porti=$(ynh_app_setting_get --app=$app --key=porti) #================================================= -# MANAGE SCRIPT FAILURE +# CHECK VERSION #================================================= -# Use prior backup and restore on error only if backup feature -# exists on installed instance -if [ -f "/etc/yunohost/apps/$app/scripts/backup" ] ; then - ynh_backup_before_upgrade # Backup the current version of the app - ynh_clean_setup () { - ynh_restore_upgradebackup - } - ynh_abort_if_errors # Stop script if an error is detected +upgrade_type=$(ynh_check_app_version_changed) + +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= +ynh_script_progression --message="Ensuring downward compatibility..." --weight=2 + +# Fix is_public as a boolean value +if [ "$is_public" = "Yes" ]; then + ynh_app_setting_set --app=$app --key=is_public --value=1 + is_public=1 +elif [ "$is_public" = "No" ]; then + ynh_app_setting_set --app=$app --key=is_public --value=0 + is_public=0 +fi + +# If final_path doesn't exist, create it +if [ -z "$final_path" ]; then + final_path=/var/www/$app + ynh_app_setting_set --app=$app --key=final_path --value=$final_path fi #================================================= -# INSTALL NODEJS +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= -ynh_install_nodejs $nodejs_version +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1 + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors #================================================= -# CREATE DEDICATED USER +# STANDARD UPGRADE STEPS #================================================= +# STOP SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Stopping a systemd service..." --weight=1 -ynh_system_user_create $app - -#================================================= -# SPECIFIC SETUP -#================================================= -# HANDLE LOG FILES AND LOGROTATE -#================================================= - -# Setup logrotate -ynh_use_logrotate /var/log/${app}/*.log --non-append +ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= -final_path=/var/www/$app -ynh_app_setting_set $app final_path $final_path -ynh_setup_source $final_path +if [ "$upgrade_type" == "UPGRADE_APP" ] +then + ynh_script_progression --message="Upgrading source files..." --weight=1 -# Set files ownership during installation -sudo chown $app: $final_path -R -sudo chmod 755 $final_path -R + # Download, check integrity, uncompress and patch the source from app.src + ynh_setup_source --dest_dir="$final_path" +fi #================================================= -# Modify Nginx configuration file and copy it to Nginx conf directory +# NGINX CONFIGURATION #================================================= +ynh_script_progression --message="Upgrading nginx web server configuration..." --weight=1 +# Create a dedicated nginx config ynh_add_nginx_config #================================================= -# ADD SYSTEMD SERVICE +# INSTALL NODEJS +#================================================= +ynh_script_progression --message="Upgrading dependencies..." --weight=6 + +# Install Nodejs +ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version + +# Install Yarn +ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" + +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 + +# Create a dedicated user (if not existing) +ynh_system_user_create --username=$app + +#================================================= +# CONFIGURE CONFIG.JS #================================================= -ynh_replace_string "__NODE__" "$nodejs_path" "../conf/systemd.service" -ynh_replace_string "__NODEJS__" "$nodejs_version" "../conf/systemd.service" -ynh_replace_string "__ENV_PATH__" "$PATH" "../conf/systemd.service" -ynh_add_systemd_config +ynh_backup_if_checksum_is_different "$final_path/config/config.js" +# Copy default configuration file +mv "../conf/config.js" "$final_path/config/config.js" + +ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$final_path/config/config.js" +ynh_replace_string --match_string="__PORTI__" --replace_string="$porti" --target_file="$final_path/config/config.js" +ynh_replace_string --match_string="__ADMIN_MAIL__" --replace_string="$admin_mail" --target_file="$final_path/config/config.js" + +# Store file checksum to detected user modifications on upgrade +ynh_store_file_checksum "$final_path/config/config.js" #================================================= # INSTALL CRYPTPAD #================================================= +ynh_script_progression --message="Building $app... (this will take some time and resources!)" --weight=60 -script_dir="$PWD" -pushd "$final_path" -chown -R $app: $final_path -npm install -npm install -g bower -exec_login_as $app cd $final_path && env PATH=$PATH bower install -popd +pushd "$final_path" || ynh_die + + ynh_use_nodejs + ynh_exec_warn_less yarn install --allow-root + yarn global add bower + bower install --allow-root + +popd || ynh_die #================================================= -# CONFIGURE SERVER.JS +# SETUP SYSTEMD #================================================= +ynh_script_progression --message="Upgrading systemd configuration..." --weight=1 -# Backup configuration file if changed -ynh_backup_if_checksum_is_different "$final_path/config.js" +ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../conf/systemd.service" +ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="../conf/systemd.service" +ynh_replace_string --match_string="__ENV_PATH__" --replace_string="$PATH" --target_file="../conf/systemd.service" +ynh_replace_string --match_string="__YNH_NPM__" --replace_string="$ynh_npm" --target_file="../conf/systemd.service" -# Copy default configuration file -sudo mv "$final_path/config.example.js" "$final_path/config.js" - -# Set service port -ynh_replace_string "httpPort: 3000" "httpPort: $port" "$final_path/config.js" -# Tune CSP to allow for YunoHost tile -ynh_replace_string "\"script-src 'self'\"" "\"script-src 'self' 'unsafe-eval'\"" "$final_path/config.js" -# Remove donate button -ynh_replace_string "removeDonateButton: false" "removeDonateButton: true" "$final_path/config.js" -# Disable analytics unsolicited communications -ynh_replace_string "adminEmail: 'i.did.not.read.my.config@cryptpad.fr'" "adminEmail: false" "$final_path/config.js" - -# Store file checksum to detected user modifications on upgrade -ynh_store_file_checksum "$final_path/config.js" +# Create a dedicated systemd config +ynh_add_systemd_config #================================================= -# SET FILES OWNERSHIP +# SECURE FILES AND DIRECTORIES #================================================= +ynh_script_progression --message="Upgrading systemd configuration..." --weight=1 -sudo chown -R root: $final_path -sudo chown -R $app: $final_path/datastore $final_path/pins $final_path/blob $final_path/blobstage +# Set permissions on app files +chown -R $app:$app $final_path #================================================= -# INSTALL MODULES FOR CRYPTPAD +# START SYSTEMD SERVICE #================================================= +ynh_script_progression --message="Starting a systemd service..." --weight=1 -#npm install cryptpad-level-store; - -#================================================= -# ENABLE SERVICE IN ADMIN PANEL -#================================================= - -# Ajoute le service au monitoring de Yunohost. -sudo yunohost service add $app --log "/var/log/$app/$app.log" - -#================================================= -# START CRYPTPAD IN BACKGROUND -#================================================= - -sudo systemctl start $app - -#================================================= -# SETUP SSOWAT -#================================================= - -if [ $is_public -eq 1 ]; -then - ynh_app_setting_set "$app" unprotected_uris "/" -fi +ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --line_match="server available" #================================================= # RELOAD NGINX #================================================= -sudo systemctl restart php5-fpm -sudo systemctl reload nginx +ynh_script_progression --message="Reloading nginx web server..." --weight=1 + +ynh_systemd_action --service_name=nginx --action=reload + +#================================================= +# END OF SCRIPT +#================================================= + +ynh_script_progression --message="Upgrade of $app completed" --last From a046b3765a3fa058bf10995d484a2b4372f9947e Mon Sep 17 00:00:00 2001 From: frju365 Date: Wed, 17 Jun 2020 22:01:36 +0200 Subject: [PATCH 5/9] Can't pass Package check with 3.8.1 as pc is build with 3.7. :) --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index 1c10156..1b313f9 100644 --- a/manifest.json +++ b/manifest.json @@ -15,7 +15,7 @@ "url": "https://frju365.yunohost.support" }, "requirements": { - "yunohost": ">= 3.8.1" + "yunohost": ">= 3.5" }, "multi_instance": false, "services": [ From 3f9c3a6003243140e3e44671ef60a5461ed1a831 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 23 Jun 2020 07:39:44 +0200 Subject: [PATCH 6/9] update to 3.19.0 (#41) * update to 3.19.0 * new overview --- README.md | 6 +++--- README_fr.md | 8 ++++---- conf/app.src | 6 +++--- manifest.json | 2 +- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 6524a0b..9d0b3ad 100644 --- a/README.md +++ b/README.md @@ -9,9 +9,9 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.* ## Overview -CryptPad is a Zero Knowledge realtime collaborative editor. You can share access to a document simply by sharing the link. +CryptPad is a collaborative encrypted document editor in real time. It is a privacy-friendly alternative to popular office tools and cloud services. All content stored in CryptPad is encrypted before being sent, which means that no one can access your data unless you give them the keys. You can share access to a document simply by sharing the link. -**Shipped version:** 3.18.1 +**Shipped version:** 3.19.0 ## Screenshots @@ -45,7 +45,7 @@ CryptPad is a Zero Knowledge realtime collaborative editor. You can share access ## Limitations * Installation possible only on a root domain (CryptPad limitation) -* Can't login via SSO (due to this [Cryptpad limitation](https://github.com/xwiki-labs/cryptpad/issues/116)) +* Can't login via SSO (due to this [CryptPad limitation](https://github.com/xwiki-labs/cryptpad/issues/116)) ## Additional information diff --git a/README_fr.md b/README_fr.md index eaaa339..3333dea 100644 --- a/README_fr.md +++ b/README_fr.md @@ -9,9 +9,9 @@ Si vous n'avez pas YunoHost, consultez [le guide](https://yunohost.org/#/install) pour apprendre comment l'installer.* ## Vue d'ensemble -CryptPad est un éditeur de documents chiffrés collaboratifs en temps réel. Vous pouvez partager l'accès à un document simplement en partageant le lien. +CryptPad est un éditeur de documents chiffrés collaboratifs en temps réel. C'est une alternative respectant la vie privée aux outils office et aux services cloud populaires. Tout le contenu stocké dans CryptPad est chiffré avant d'être envoyé, ce qui signifie que personne ne peut accéder à vos données à moins que vous ne leur donniez les clés. Vous pouvez partager l'accès à un document simplement en partageant le lien. -**Version incluse :** 3.18.1 +**Version incluse :** 3.19.0 ## Captures d'écran @@ -30,7 +30,7 @@ Comment configurer cette application : via le panneau d'administration ainsi que * Official documentation : https://cryptpad.fr/what-is-cryptpad.html * YunoHost documentation : If specific documentation is needed, feel free to contribute. -## YunoHost specific features +## Caractéristiques spécifiques YunoHost #### Support multi-utilisateur @@ -56,7 +56,7 @@ Comment configurer cette application : via le panneau d'administration ainsi que * Signaler un bug : https://github.com/YunoHost-Apps/cryptpad_ynh/issues * Site de l'application : https://cryptpad.fr/ * Dépôt de l'application principale : https://github.com/xwiki-labs/cryptpad -* Site web YunoHost: https://yunohost.org/ +* Site web YunoHost : https://yunohost.org/ --- diff --git a/conf/app.src b/conf/app.src index bbab401..f195fab 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,6 +1,6 @@ -SOURCE_URL=https://github.com/xwiki-labs/cryptpad/archive/3.18.1.tar.gz -SOURCE_SUM=6aad512ffd04632b94dc47c17f59781c484508dd6bcf4675bda945d74e66ef6b +SOURCE_URL=https://github.com/xwiki-labs/cryptpad/archive/3.19.0.tar.gz +SOURCE_SUM=da5410aab4b3b63774ace5367a5c4337c819920717f28923db774f1dd8c13812 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true -SOURCE_FILENAME=cryptpad-3.18.1.tar.gz +SOURCE_FILENAME=cryptpad-3.19.0.tar.gz diff --git a/manifest.json b/manifest.json index 1b313f9..e282072 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Zero Knowledge realtime collaborative editor", "fr": "Éditeur chiffré collaboratif en temps réel." }, - "version": "3.18.1~ynh1", + "version": "3.19.0~ynh1", "url": "https://cryptpad.fr/", "license": "AGPL-3.0-or-later", "maintainer": { From 2a0bda7dc04f88be59bb4971c3fcac747d3283fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Sat, 18 Jul 2020 11:44:23 +0200 Subject: [PATCH 7/9] update to 3.19.1 (#42) * update to 3.19.0 * new overview * update v.3.19.1 --- README.md | 2 +- README_fr.md | 2 +- conf/app.src | 6 +++--- manifest.json | 2 +- scripts/install | 8 ++++---- scripts/upgrade | 10 +++++----- 6 files changed, 15 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 9d0b3ad..2911695 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in ## Overview CryptPad is a collaborative encrypted document editor in real time. It is a privacy-friendly alternative to popular office tools and cloud services. All content stored in CryptPad is encrypted before being sent, which means that no one can access your data unless you give them the keys. You can share access to a document simply by sharing the link. -**Shipped version:** 3.19.0 +**Shipped version:** 3.19.1 ## Screenshots diff --git a/README_fr.md b/README_fr.md index 3333dea..6dd7efc 100644 --- a/README_fr.md +++ b/README_fr.md @@ -11,7 +11,7 @@ Si vous n'avez pas YunoHost, consultez [le guide](https://yunohost.org/#/install ## Vue d'ensemble CryptPad est un éditeur de documents chiffrés collaboratifs en temps réel. C'est une alternative respectant la vie privée aux outils office et aux services cloud populaires. Tout le contenu stocké dans CryptPad est chiffré avant d'être envoyé, ce qui signifie que personne ne peut accéder à vos données à moins que vous ne leur donniez les clés. Vous pouvez partager l'accès à un document simplement en partageant le lien. -**Version incluse :** 3.19.0 +**Version incluse :** 3.19.1 ## Captures d'écran diff --git a/conf/app.src b/conf/app.src index f195fab..f9f30f8 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,6 +1,6 @@ -SOURCE_URL=https://github.com/xwiki-labs/cryptpad/archive/3.19.0.tar.gz -SOURCE_SUM=da5410aab4b3b63774ace5367a5c4337c819920717f28923db774f1dd8c13812 +SOURCE_URL=https://github.com/xwiki-labs/cryptpad/archive/3.19.1.tar.gz +SOURCE_SUM=b706baf1ee7d948eb549b7ba4f9270188e7dde067f4e92b7c3162e5907c50af6 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true -SOURCE_FILENAME=cryptpad-3.19.0.tar.gz +SOURCE_FILENAME=cryptpad-3.19.1.tar.gz diff --git a/manifest.json b/manifest.json index e282072..4367ba2 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Zero Knowledge realtime collaborative editor", "fr": "Éditeur chiffré collaboratif en temps réel." }, - "version": "3.19.0~ynh1", + "version": "3.19.1~ynh1", "url": "https://cryptpad.fr/", "license": "AGPL-3.0-or-later", "maintainer": { diff --git a/scripts/install b/scripts/install index 5b39163..15de734 100644 --- a/scripts/install +++ b/scripts/install @@ -108,10 +108,10 @@ ynh_add_nginx_config #================================================= ynh_script_progression --message="Configuring a systemd service..." --weight=1 -ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../conf/systemd.service" -ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="../conf/systemd.service" -ynh_replace_string --match_string="__ENV_PATH__" --replace_string="$PATH" --target_file="../conf/systemd.service" -ynh_replace_string --match_string="__YNH_NPM__" --replace_string="$ynh_npm" --target_file="../conf/systemd.service" +ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../conf/systemd.service" +ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="../conf/systemd.service" +ynh_replace_string --match_string="__ENV_PATH__" --replace_string="$PATH" --target_file="../conf/systemd.service" +ynh_replace_string --match_string="__YNH_NPM__" --replace_string="$ynh_npm" --target_file="../conf/systemd.service" ynh_add_systemd_config diff --git a/scripts/upgrade b/scripts/upgrade index 6a33d3c..ff8fc11 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -31,7 +31,7 @@ path_url=$(ynh_app_setting_get --app=$app --key=path_url) final_path=$(ynh_app_setting_get --app=$app --key=final_path) is_public=$(ynh_app_setting_get --app=$app --key=is_public) admin=$(ynh_app_setting_get --app=$app --key=admin) -admin_mail=$(ynh_user_get_info "$admin" 'mail') +admin_mail=$(ynh_user_get_info '$admin' 'mail') port=$(ynh_app_setting_get --app=$app --key=port) porti=$(ynh_app_setting_get --app=$app --key=porti) @@ -158,10 +158,10 @@ popd || ynh_die #================================================= ynh_script_progression --message="Upgrading systemd configuration..." --weight=1 -ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../conf/systemd.service" -ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="../conf/systemd.service" -ynh_replace_string --match_string="__ENV_PATH__" --replace_string="$PATH" --target_file="../conf/systemd.service" -ynh_replace_string --match_string="__YNH_NPM__" --replace_string="$ynh_npm" --target_file="../conf/systemd.service" +ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../conf/systemd.service" +ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="../conf/systemd.service" +ynh_replace_string --match_string="__ENV_PATH__" --replace_string="$PATH" --target_file="../conf/systemd.service" +ynh_replace_string --match_string="__YNH_NPM__" --replace_string="$ynh_npm" --target_file="../conf/systemd.service" # Create a dedicated systemd config ynh_add_systemd_config From 78e55115dea61cb01e5edcb9bc4f767d28555d24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Sat, 18 Jul 2020 11:49:52 +0200 Subject: [PATCH 8/9] Ugrade to 3.20.0 (#43) * update to 3.19.0 * new overview * update v.3.19.1 * Upgrade to 3.20.0 * Update manifest.json * Update app.src Co-authored-by: frju365 --- README.md | 2 +- README_fr.md | 3 ++- check_process | 10 ++++++++-- conf/app.src | 6 +++--- manifest.json | 4 ++-- scripts/_common.sh | 2 +- scripts/backup | 3 --- 7 files changed, 17 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index 2911695..500f7bc 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in ## Overview CryptPad is a collaborative encrypted document editor in real time. It is a privacy-friendly alternative to popular office tools and cloud services. All content stored in CryptPad is encrypted before being sent, which means that no one can access your data unless you give them the keys. You can share access to a document simply by sharing the link. -**Shipped version:** 3.19.1 +**Shipped version:** 3.20.0 ## Screenshots diff --git a/README_fr.md b/README_fr.md index 6dd7efc..bc02c93 100644 --- a/README_fr.md +++ b/README_fr.md @@ -11,7 +11,8 @@ Si vous n'avez pas YunoHost, consultez [le guide](https://yunohost.org/#/install ## Vue d'ensemble CryptPad est un éditeur de documents chiffrés collaboratifs en temps réel. C'est une alternative respectant la vie privée aux outils office et aux services cloud populaires. Tout le contenu stocké dans CryptPad est chiffré avant d'être envoyé, ce qui signifie que personne ne peut accéder à vos données à moins que vous ne leur donniez les clés. Vous pouvez partager l'accès à un document simplement en partageant le lien. -**Version incluse :** 3.19.1 +**Version incluse :** 3.20.0 + ## Captures d'écran diff --git a/check_process b/check_process index 18fe99f..bcfbca5 100644 --- a/check_process +++ b/check_process @@ -13,6 +13,7 @@ setup_private=1 setup_public=1 upgrade=1 + upgrade=1 from_commit=3f9c3a6003243140e3e44671ef60a5461ed1a831 backup_restore=1 multi_instance=0 incorrect_path=0 @@ -23,9 +24,9 @@ Level 2=auto Level 3=auto # https://github.com/YunoHost-Apps/cryptpad_ynh/issues/5 - Level 4=na + Level 4=auto # https://github.com/YunoHost-Apps/cryptpad_ynh/issues/6 - Level 5=1 + Level 5=auto Level 6=auto Level 7=auto Level 8=0 @@ -34,3 +35,8 @@ ;;; Options Email= Notification=none +;;; Upgrade options + ; commit=3f9c3a6003243140e3e44671ef60a5461ed1a831 + name=update to 3.19.0 + manifest_arg=domain=DOMAIN&path=PATH&admin=USER&language=fr&is_public=1&password=pass&port=666& + \ No newline at end of file diff --git a/conf/app.src b/conf/app.src index f9f30f8..ce528f7 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,6 +1,6 @@ -SOURCE_URL=https://github.com/xwiki-labs/cryptpad/archive/3.19.1.tar.gz -SOURCE_SUM=b706baf1ee7d948eb549b7ba4f9270188e7dde067f4e92b7c3162e5907c50af6 +SOURCE_URL=https://github.com/xwiki-labs/cryptpad/archive/3.20.0.tar.gz +SOURCE_SUM=132a774e7a2384f4ead18a54e8fb4ca12bef73ba478aa12f4d49f0dea825cceb SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true -SOURCE_FILENAME=cryptpad-3.19.1.tar.gz +SOURCE_FILENAME=cryptpad-3.20.0.tar.gz \ No newline at end of file diff --git a/manifest.json b/manifest.json index 4367ba2..2156aa3 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Zero Knowledge realtime collaborative editor", "fr": "Éditeur chiffré collaboratif en temps réel." }, - "version": "3.19.1~ynh1", + "version": "3.20.0~ynh1", "url": "https://cryptpad.fr/", "license": "AGPL-3.0-or-later", "maintainer": { @@ -15,7 +15,7 @@ "url": "https://frju365.yunohost.support" }, "requirements": { - "yunohost": ">= 3.5" + "yunohost": ">= 3.8.1" }, "multi_instance": false, "services": [ diff --git a/scripts/_common.sh b/scripts/_common.sh index 6fa19b1..179e4f2 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,7 +4,7 @@ # COMMON VARIABLES #================================================= -nodejs_version=12 +nodejs_version="12" #================================================= # PERSONAL HELPERS diff --git a/scripts/backup b/scripts/backup index a44954a..5f6e9f2 100644 --- a/scripts/backup +++ b/scripts/backup @@ -14,9 +14,6 @@ source /usr/share/yunohost/helpers # MANAGE SCRIPT FAILURE #================================================= -ynh_clean_setup () { - ynh_clean_check_starting -} # Exit if an error occurs during the execution of the script ynh_abort_if_errors From 815145d340fcb417cc03f45b5332caa13c1deff9 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Tue, 13 Oct 2020 13:52:56 +0200 Subject: [PATCH 9/9] Upgrade to v.3.23.0 --- README.md | 2 +- README_fr.md | 2 +- conf/app.src | 6 +++--- manifest.json | 2 +- scripts/backup | 3 +-- scripts/change_url | 8 ++++---- scripts/install | 10 +++++----- scripts/remove | 10 +++++----- scripts/restore | 6 +++--- scripts/upgrade | 12 ++++++------ 10 files changed, 30 insertions(+), 31 deletions(-) diff --git a/README.md b/README.md index 3de215f..48c8c01 100644 --- a/README.md +++ b/README.md @@ -11,7 +11,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in ## Overview CryptPad is a collaborative encrypted document editor in real time. It is a privacy-friendly alternative to popular office tools and cloud services. All content stored in CryptPad is encrypted before being sent, which means that no one can access your data unless you give them the keys. You can share access to a document simply by sharing the link. -**Shipped version:** 3.21.0 +**Shipped version:** 3.23.0 ## Screenshots diff --git a/README_fr.md b/README_fr.md index 65bdfa8..dc90e46 100644 --- a/README_fr.md +++ b/README_fr.md @@ -11,7 +11,7 @@ Si vous n'avez pas YunoHost, consultez [le guide](https://yunohost.org/#/install ## Vue d'ensemble CryptPad est un éditeur de documents chiffrés collaboratifs en temps réel. C'est une alternative respectant la vie privée aux outils office et aux services cloud populaires. Tout le contenu stocké dans CryptPad est chiffré avant d'être envoyé, ce qui signifie que personne ne peut accéder à vos données à moins que vous ne leur donniez les clés. Vous pouvez partager l'accès à un document simplement en partageant le lien. -**Version incluse :** 3.21.0 +**Version incluse :** 3.23.0 ## Captures d'écran diff --git a/conf/app.src b/conf/app.src index 427b464..9dc2ada 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,6 +1,6 @@ -SOURCE_URL=https://github.com/xwiki-labs/cryptpad/archive/3.21.0.tar.gz -SOURCE_SUM=b75bbd9697ba91bf8893877d6e22588ba5344926f29df5a6c660d07507b91e31 +SOURCE_URL=https://github.com/xwiki-labs/cryptpad/archive/3.23.0.tar.gz +SOURCE_SUM=fb52c7a956d9ac8ea2f9ebe49d021ab4f260582cc11d3df0cdfea804f8a3ec52 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true -SOURCE_FILENAME=cryptpad-3.21.0.tar.gz +SOURCE_FILENAME=cryptpad-3.23.0.tar.gz diff --git a/manifest.json b/manifest.json index e55944d..0a24566 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Zero Knowledge realtime collaborative editor", "fr": "Éditeur chiffré collaboratif en temps réel." }, - "version": "3.21.0~ynh1", + "version": "3.23.0~ynh1", "url": "https://cryptpad.fr/", "license": "AGPL-3.0-or-later", "maintainer": { diff --git a/scripts/backup b/scripts/backup index a44954a..240b707 100644 --- a/scripts/backup +++ b/scripts/backup @@ -6,7 +6,6 @@ # IMPORT GENERIC HELPERS #================================================= -#Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers @@ -58,4 +57,4 @@ ynh_backup --src_path="/etc/systemd/system/$app.service" # END OF SCRIPT #================================================= -ynh_print_info --message="Backup script completed for $app. (YunoHost will then actually copy those files to the archive)." +ynh_print_info --message="Backup script completed for CryptPad. (YunoHost will then actually copy those files to the archive)." diff --git a/scripts/change_url b/scripts/change_url index 90f9f1b..b0754ff 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -32,7 +32,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= -ynh_script_progression --message="Backing up the app before changing its url (may take a while)..." --weight=2 +ynh_script_progression --message="Backing up CryptPad before changing its URL (may take a while)..." --weight=2 # Backup the current version of the app ynh_backup_before_upgrade @@ -74,7 +74,7 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app #================================================= # MODIFY URL IN NGINX CONF #================================================= -ynh_script_progression --message="Updating nginx web server configuration..." --time --weight=1 +ynh_script_progression --message="Updating NGINX web server configuration..." --time --weight=1 nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf @@ -112,7 +112,7 @@ ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --l #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." --weight=1 +ynh_script_progression --message="Reloading NGINX web server..." --weight=1 ynh_systemd_action --service_name=nginx --action=reload @@ -120,4 +120,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Change of URL completed for $app" --last +ynh_script_progression --message="Change of URL completed for CryptPad" --last diff --git a/scripts/install b/scripts/install index 15de734..dfda1d5 100644 --- a/scripts/install +++ b/scripts/install @@ -98,9 +98,9 @@ ynh_setup_source --dest_dir="$final_path" #================================================= # NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Configuring nginx web server..." --weight=1 +ynh_script_progression --message="Configuring NGINX web server..." --weight=1 -# Create a dedicated nginx config +# Create a dedicated NGINX config ynh_add_nginx_config #================================================= @@ -132,7 +132,7 @@ ynh_store_file_checksum "$final_path/config/config.js" #================================================= # INSTALL CRYPTPAD #================================================= -ynh_script_progression --message="Building $app... (this will take some time and resources!)" --weight=60 +ynh_script_progression --message="Building CryptPad... (this will take some time and resources!)" --weight=60 pushd "$final_path" || ynh_die @@ -181,7 +181,7 @@ fi #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." --weight=1 +ynh_script_progression --message="Reloading NGINX web server..." --weight=1 ynh_systemd_action --service_name=nginx --action=reload @@ -189,4 +189,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Installation of $app completed" --last +ynh_script_progression --message="Installation of CryptPad completed" --last diff --git a/scripts/remove b/scripts/remove index 3595298..84d6a3f 100644 --- a/scripts/remove +++ b/scripts/remove @@ -29,7 +29,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path) # Remove the service from the list of services known by Yunohost (added from `yunohost service add`) if ynh_exec_warn_less yunohost service status $app >/dev/null then - ynh_script_progression --message="Removing $app service..." --weight=3 + ynh_script_progression --message="Removing CryptPad service..." --weight=3 yunohost service remove $app fi @@ -51,7 +51,7 @@ ynh_remove_nodejs #================================================= # REMOVE APP MAIN DIR #================================================= -ynh_script_progression --message="Removing app main directory..." --weight=3 +ynh_script_progression --message="Removing CryptPad main directory..." --weight=3 # Remove the app directory securely ynh_secure_remove --file="$final_path" @@ -59,9 +59,9 @@ ynh_secure_remove --file="$final_path" #================================================= # REMOVE NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Removing nginx web server configuration..." --weight=1 +ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1 -# Remove the dedicated nginx config +# Remove the dedicated NGINX config ynh_remove_nginx_config #================================================= @@ -78,4 +78,4 @@ ynh_system_user_delete --username=$app # END OF SCRIPT #================================================= -ynh_script_progression --message="Removal of $app completed" --last +ynh_script_progression --message="Removal of CryptPad completed" --last diff --git a/scripts/restore b/scripts/restore index 2cd223f..0a435f9 100644 --- a/scripts/restore +++ b/scripts/restore @@ -53,7 +53,7 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # RESTORE THE APP MAIN DIR #================================================= -ynh_script_progression --message="Restoring the app main directory..." --weight=6 +ynh_script_progression --message="Restoring CryptPad main directory..." --weight=6 ynh_restore_file --origin_path="$final_path" @@ -109,7 +109,7 @@ ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" -- #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." --weight=1 +ynh_script_progression --message="Reloading NGINX web server..." --weight=1 ynh_systemd_action --service_name=nginx --action=reload @@ -117,4 +117,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Restoration completed for $app" --last +ynh_script_progression --message="Restoration completed for CryptPad" --last diff --git a/scripts/upgrade b/scripts/upgrade index 2257ea6..7ebfc40 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -64,7 +64,7 @@ fi #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1 +ynh_script_progression --message="Backing up CryptPad before upgrading (may take a while)..." --weight=1 # Backup the current version of the app ynh_backup_before_upgrade @@ -99,9 +99,9 @@ fi #================================================= # NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Upgrading nginx web server configuration..." --weight=1 +ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=1 -# Create a dedicated nginx config +# Create a dedicated NGINX config ynh_add_nginx_config #================================================= @@ -143,7 +143,7 @@ ynh_store_file_checksum "$final_path/config/config.js" #================================================= # INSTALL CRYPTPAD #================================================= -ynh_script_progression --message="Building $app... (this will take some time and resources!)" --weight=60 +ynh_script_progression --message="Building CryptPad... (this will take some time and resources!)" --weight=60 pushd "$final_path" || ynh_die @@ -185,7 +185,7 @@ ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" --l #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." --weight=1 +ynh_script_progression --message="Reloading NGINX web server..." --weight=1 ynh_systemd_action --service_name=nginx --action=reload @@ -193,4 +193,4 @@ ynh_systemd_action --service_name=nginx --action=reload # END OF SCRIPT #================================================= -ynh_script_progression --message="Upgrade of $app completed" --last +ynh_script_progression --message="Upgrade of CryptPad completed" --last