Merge pull request #27 from YunoHost-Apps/update_and_fixes

2024-09-03 18:26:13 +02:00 · 2022-02-28 18:18:31 +01:00 · 2022-02-28 18:18:31 +01:00 · 15ace20197
commit 15ace20197
parent 5f21970b90 0f4e8639bc
12 changed files with 201 additions and 91 deletions
--- a/README.md
+++ b/README.md
@ -1,33 +1,40 @@
-# Diaspora* for YunoHost
+<!--
+N.B.: This README was automatically generated by https://github.com/YunoHost/apps/tree/master/tools/README-generator
+It shall NOT be edited by hand.
+-->

-[![Integration level](https://dash.yunohost.org/integration/diaspora.svg)](https://dash.yunohost.org/appci/app/diaspora) ![](https://ci-apps.yunohost.org/ci/badges/diaspora.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/diaspora.maintain.svg)[![Shipped version](https://img.shields.io/github/v/release/yunohost-apps/diaspora_ynh)](https://github.com/yunohost-apps/diaspora_ynh/releases)  
+# Diaspora for YunoHost
+
+[![Integration level](https://dash.yunohost.org/integration/diaspora.svg)](https://dash.yunohost.org/appci/app/diaspora) ![](https://ci-apps.yunohost.org/ci/badges/diaspora.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/diaspora.maintain.svg)  
 [![Install Diaspora with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=diaspora)

+*[Lire ce readme en français.](./README_fr.md)*
+
+> *This package allows you to install Diaspora quickly and simply on a YunoHost server.
+If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.*
+
 ## Overview

-> *This package allow you to install Diaspora\* quickly and simply on a YunoHost server.  
-If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.*
+Distributed social networking service

-**Shipped version:** 0.7.13.0
+**Shipped version:** 0.7.16.0~ynh1

-## Notes

-Before installing, you have to:

- get a dedicated domain (must install under web root like **https://diaspora.example.com/** not **https://example.com/diaspora/**)
- get a valid SSL certificate
+## Disclaimers / important information

-Installation effects:
+- There is currently no LDAP integration
+- the installation is very long, especially the frontend building step
+- As upstream doesn't support it, there is no possibility to change the endpoint/url of diaspora\*. Please choose it carefully!

- Thank you for being patient as deployment time can take up to about 1 hour (raspberry pi).
- The installation directory can take up to 900MB and app start time can be take 5 minutes
+## Documentation and resources

-## Links
-
- * Report a bug: https://github.com/YunoHost-Apps/diaspora_ynh/issues
- * YunoHost website: https://yunohost.org/
-
---
+* Official app website: https://diasporafoundation.org/
+* Official user documentation: https://wiki.diasporafoundation.org/FAQ_for_users
+* Official admin documentation: https://wiki.diasporafoundation.org/FAQ_for_pod_maintainers
+* Upstream app code repository: https://github.com/diaspora/diaspora
+* YunoHost documentation for this app: https://yunohost.org/app_diaspora
+* Report a bug: https://github.com/YunoHost-Apps/diaspora_ynh/issues

 ## Developer info

@ -39,3 +46,5 @@ sudo yunohost app install https://github.com/YunoHost-Apps/diaspora_ynh/tree/tes
 or
 sudo yunohost app upgrade diaspora -u https://github.com/YunoHost-Apps/diaspora_ynh/tree/testing --debug
 ```
+
+**More info regarding app packaging:** https://yunohost.org/packaging_apps
--- a/README_fr.md
+++ b/README_fr.md
@ -0,0 +1,46 @@
+# Diaspora pour YunoHost
+
+[![Niveau d'intégration](https://dash.yunohost.org/integration/diaspora.svg)](https://dash.yunohost.org/appci/app/diaspora) ![](https://ci-apps.yunohost.org/ci/badges/diaspora.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/diaspora.maintain.svg)  
+[![Installer Diaspora avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=diaspora)
+
+*[Read this readme in english.](./README.md)*
+*[Lire ce readme en français.](./README_fr.md)*
+
+> *Ce package vous permet d'installer Diaspora rapidement et simplement sur un serveur YunoHost.
+Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.*
+
+## Vue d'ensemble
+
+Service de réseau social distribué
+
+**Version incluse :** 0.7.16.0~ynh1
+
+
+
+## Avertissements / informations importantes
+
+- Il n'y a pas d'intégration LDAP pour le moment.
+- L'installation est très longue, en particulier l'étape de build du frontend.
+- le projet amont ne supporte pas les changements d'url, ainsi l'application yunohost ne supporte pas non plus cette action.
+
+## Documentations et ressources
+
+* Site officiel de l'app : https://diasporafoundation.org/
+* Documentation officielle utilisateur : https://wiki.diasporafoundation.org/FAQ_for_users
+* Documentation officielle de l'admin : https://wiki.diasporafoundation.org/FAQ_for_pod_maintainers
+* Dépôt de code officiel de l'app : https://github.com/diaspora/diaspora
+* Documentation YunoHost pour cette app : https://yunohost.org/app_diaspora
+* Signaler un bug : https://github.com/YunoHost-Apps/diaspora_ynh/issues
+
+## Informations pour les développeurs
+
+Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/diaspora_ynh/tree/testing).
+
+Pour essayer la branche testing, procédez comme suit.
+```
+sudo yunohost app install https://github.com/YunoHost-Apps/diaspora_ynh/tree/testing --debug
+ou
+sudo yunohost app upgrade diaspora -u https://github.com/YunoHost-Apps/diaspora_ynh/tree/testing --debug
+```
+
+**Plus d'infos sur le packaging d'applications :** https://yunohost.org/packaging_apps
--- a/2
+++ b/2
@ -10,8 +10,6 @@
 		setup_root=1
 		setup_nourl=0
 		upgrade=1
-		upgrade=1	from_commit=0.7.13.0-ynh1
-		upgrade=1	from_commit=0.7.13.0-ynh2
 		backup_restore=1
 		multi_instance=1
 		port_already_use=0
--- a/conf/diaspora_sidekiq.service
+++ b/conf/diaspora_sidekiq.service
@ -9,5 +9,35 @@ WorkingDirectory=__FINALPATH__/diaspora
 ExecStart=/bin/bash -lc "bin/bundle exec sidekiq"
 Restart=always

+# Sandboxing options to harden security
+# Depending on specificities of your service/app, you may need to tweak these 
+# .. but this should be a good baseline
+# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+DevicePolicy=closed
+ProtectSystem=full
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+LockPersonality=yes
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
+
+# Denying access to capabilities that should not be relevant for webapps
+# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
+CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
+CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
+CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
+CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
+CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
+CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
+CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
+CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG 
+
 [Install]
 WantedBy=__APP__.target
--- a/conf/diaspora_web.service
+++ b/conf/diaspora_web.service
@ -11,5 +11,36 @@ ExecStart=/bin/bash -lc "bin/bundle exec unicorn -c config/unicorn.rb -E product
 ExecReload=/bin/kill -USR2 $MAINPID
 Restart=always

+# Sandboxing options to harden security
+# Depending on specificities of your service/app, you may need to tweak these 
+# .. but this should be a good baseline
+# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+DevicePolicy=closed
+ProtectSystem=full
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+LockPersonality=yes
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
+
+# Denying access to capabilities that should not be relevant for webapps
+# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
+CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
+CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
+CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
+CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
+CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
+CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
+CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
+CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG 
+
+
 [Install]
 WantedBy=__APP__.target
--- a/doc/DISCLAIMER.md
+++ b/doc/DISCLAIMER.md
@ -0,0 +1,3 @@
+- There is currently no LDAP integration
+- the installation is very long, especially the frontend building step
+- As upstream doesn't support it, there is no possibility to change the endpoint/url of diaspora\*. Please choose it carefully!
--- a/doc/DISCLAIMER_fr.md
+++ b/doc/DISCLAIMER_fr.md
@ -0,0 +1,3 @@
+- Il n'y a pas d'intégration LDAP pour le moment.
+- L'installation est très longue, en particulier l'étape de build du frontend.
+- le projet amont ne supporte pas les changements d'url, ainsi l'application yunohost ne supporte pas non plus cette action.
--- a/manifest.json
+++ b/manifest.json
@ -1,55 +1,52 @@
 {
-  "name": "Diaspora",
-  "id": "diaspora",
-  "url": "https://diasporafoundation.org",
-  "packaging_format": 1,
-  "description": {
-    "en": "Distributed social networking service",
-    "fr": "Service de réseau social distribué"
-  },
-  "license": "AGPL-3.0",
-  "version": "0.7.14.0~ynh2",
-  "maintainer": {
-    "name": "rafi59",
-    "email": ""
-  },
-  "requirements": {
-    "yunohost": ">= 3.8.1"
-  },
-  "multi_instance": true,
-  "services": [
-    "nginx",
-    "postgresql"
-     ],
-     "arguments": {
-       "install" : [
-         {
-           "name": "domain",
-           "type": "domain",
-           "ask": {
-             "en": "Choose a domain for diaspora* (it needs its own domain)",
-             "fr": "Choisissez un domaine pour diaspora* (diaspora* a besoin de son propre domaine)"
-           },
-           "example": "domain.org"
-         },
-         {
-           "name": "admin",
-           "type": "user",
-           "ask": {
-             "en": "Choose the diaspora* administrator (must be an existing YunoHost user)",
-             "fr": "Choisissez l'administrateur de diaspora* (doit être un utilisateur YunoHost)"
-           },
-           "example": "johndoe"
-         },
-         {
-           "name": "admin_password",
-           "type": "password",
-           "ask": {
-             "en": "Admin password. Must contain at least 10 characters, one lowercase letter, one uppercase letter, one number, and one symbol (e.g. '~!@#$%^&*()').",
-             "fr": "Mot de passe pour l’administrateur. Doit contenir au moins 10 caractères, une majuscule, une minuscule, un chiffre, et une ponctuation (ex. '~!@#$%^&*()')."
-           },
-           "optional": false
-         }
-       ]
-     }
+    "name": "Diaspora",
+    "id": "diaspora",
+    "packaging_format": 1,
+    "description": {
+        "en": "Distributed social networking service",
+        "fr": "Service de réseau social distribué"
+    },
+    "version": "0.7.16.0~ynh1",
+    "url": "https://diasporafoundation.org",
+    "upstream": {
+        "license": "AGPL-3.0",
+        "website": "https://diasporafoundation.org/",
+        "admindoc": "https://wiki.diasporafoundation.org/FAQ_for_pod_maintainers",
+        "userdoc": "https://wiki.diasporafoundation.org/FAQ_for_users",
+        "code": "https://github.com/diaspora/diaspora"
+    },
+    "license": "AGPL-3.0",
+    "maintainer": {
+        "name": "rafi59",
+        "email": ""
+    },
+    "requirements": {
+        "yunohost": ">= 4.3.0"
+    },
+    "multi_instance": true,
+    "services": [
+        "nginx",
+        "postgresql"
+    ],
+    "arguments": {
+        "install" : [
+            {
+                "name": "domain",
+                "type": "domain"
+            },
+            {
+                "name": "admin",
+                "type": "user"
+            },
+            {
+                "name": "admin_password",
+                "type": "password",
+                "ask": {
+                    "en": "Admin password. Must contain at least 10 characters, one lowercase letter, one uppercase letter, one number, and one symbol (e.g. '~!@#$%^&*()').",
+                    "fr": "Mot de passe pour l’administrateur. Doit contenir au moins 10 caractères, une majuscule, une minuscule, un chiffre, et une ponctuation (ex. '~!@#$%^&*()')."
+                },
+                "optional": false
+            }
+        ]
+    }
 }
--- a/scripts/_common.sh
+++ b/scripts/_common.sh
@ -2,4 +2,4 @@
 pkg_dependencies="build-essential cmake libssl-dev libcurl4-dev libxml2-dev libxslt-dev imagemagick ghostscript curl libmagickwand-dev git libpq-dev redis-server nodejs postgresql bison "
 ruby_build_dependencies="bison libffi-dev libgdbm-dev libncurses5-dev libsqlite3-dev libyaml-dev pkg-config sqlite3 zlib1g-dev libgmp-dev libreadline-dev libssl-dev libjemalloc-dev"

-current_tag="v0.7.14.0"
+current_tag="v0.7.16.0"
--- a/scripts/bundle_app
+++ b/scripts/bundle_app
@ -7,17 +7,20 @@ cd diaspora
 script/configure_bundler
 bin/bundle install --full-index --with=postgresql
 EOF
+# for some reason rake logs a lot in stderr (tried --quiet, didn't change anything)
+# redirecting it to stdout to have a saner log on yunohost side
 sudo -u $app --login << EOF
 cd diaspora
-RAILS_ENV=production bundle exec rake db:migrate
+RAILS_ENV=production bundle exec rake db:migrate 2>&1
 EOF

 #=================================================
 # ASSETS PRECOMPILATION
 #=================================================
+
 sudo -u $app --login << EOF
 cd diaspora
-RAILS_ENV=production bin/rake assets:precompile
+RAILS_ENV=production bin/rake assets:precompile 2>&1
 EOF
 popd

--- a/scripts/install
+++ b/scripts/install
@ -45,8 +45,6 @@ final_path=/var/www/$app
 # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS
 #=================================================
 ynh_script_progression --message="Validating installation parameters..." --weight=1
-# Check web path availability
-ynh_webpath_available --domain=$domain --path_url=/
 # check path availability
 test ! -e "$final_path" || ynh_die "This path already contains a folder"
 can_remove_home=1
@ -68,7 +66,7 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path
 #=================================================
 # INSTALL DEPENDENCIES
 #=================================================
-ynh_script_progression --message="Installing dependencies..." --weight=27
+ynh_script_progression --message="Installing dependencies..." --weight=5
 ynh_install_app_dependencies $pkg_dependencies $ruby_build_dependencies

 #=================================================
@ -94,7 +92,7 @@ chown $app:www-data $final_path
 #=================================================
 # INSTALL RVM AND RUBY FOR CURRENT USER
 #=================================================
-ynh_script_progression --message="Installing rvm and ruby..." --weight=240
+ynh_script_progression --message="Installing rvm and ruby... (will take a long time)" --weight=20
 source ./install_ruby

 #=================================================
@ -102,7 +100,7 @@ source ./install_ruby
 #=================================================
 # Download, check integrity, unucompress and patch the source from app.src
 pushd $final_path
-ynh_script_progression --message="Download the sources..." --weight=16
+ynh_script_progression --message="Download the sources..." --weight=10
 sudo -u $app git clone https://github.com/diaspora/diaspora.git -b $current_tag
 popd

@ -142,7 +140,7 @@ ynh_store_file_checksum --file="$final_path/diaspora/config/database.yml"
 #=================================================
 # Bundle the ruby app
 #=================================================
-ynh_script_progression --message="Precompile assets..." --weight=400
+ynh_script_progression --message="Precompile assets (will take a long time)..." --weight=40
 source ./bundle_app

 #=================================================
--- a/scripts/restore
+++ b/scripts/restore
@ -41,8 +41,6 @@ db_user=$db_name
 #=================================================
 ynh_script_progression --message="Validating restoration parameters..."

-ynh_webpath_available --domain=$domain --path_url=/ \
-	|| ynh_die --message="Domain not available: ${domain}"
 test ! -d $final_path \
 	|| ynh_die --message="There is already a directory: $final_path "
 can_remove_home=1
@ -136,17 +134,11 @@ source ./create_services
 # ADVERTISE SERVICE IN ADMIN PANEL
 #=================================================

-yunohost service add $app.target\
+yunohost service add $app.target \
  --log $final_path/diaspora/log/production.log \
        $final_path/diaspora/log/unicorn-stderr.log\
        $final_path/diaspora/log/unicorn-stdout.log\
        $final_path/diaspora/log/sidekiq.log\
  --description "Diaspora service (unicorn web and sidekiq)"

-#=================================================
-# SETUP SSOWAT
-#=================================================
-# unprotected_uris allows SSO credentials to be passed anyway.
-ynh_app_setting_set $app unprotected_uris "/"
-
 popd