diff --git a/.gitignore b/.gitignore deleted file mode 100644 index 9320a7e..0000000 --- a/.gitignore +++ /dev/null @@ -1,4 +0,0 @@ -*~ -*.sw[op] -*.test -.gitignore \ No newline at end of file diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 6133a24..0000000 --- a/.travis.yml +++ /dev/null @@ -1,7 +0,0 @@ -language: python - -before_install: - - git clone https://github.com/YunoHost/package_linter /tmp/package_linter - -script: -- /tmp/package_linter/package_linter.py ./ \ No newline at end of file diff --git a/check_process b/check_process index 0fefea2..025d6eb 100644 --- a/check_process +++ b/check_process @@ -1,13 +1,8 @@ -# See here for more information -# https://github.com/YunoHost/package_check#syntax-check_process-file - -# Move this file from check_process.default to check_process when you have filled it. - ;; Test complet ; Manifest - domain="domain.tld" (DOMAIN) - path="/path" (PATH) - is_public=1 (PUBLIC|public=1|private=0) + domain="domain.tld" + path="/path" + is_public=1 ; Checks pkg_linter=1 setup_sub_dir=1 @@ -26,6 +21,8 @@ upgrade=1 from_commit=cdec64125b179f6b19470ceb8379225ed03c10a8 # 1.3.0~ynh7 upgrade=1 from_commit=481c0c5ce62caa9c79a6bd536f390f3814128b3a + # 1.3.0~ynh8 + upgrade=1 from_commit=e53a85de775501b13d8ef9c546d6b523c0a99e4f backup_restore=1 multi_instance=1 port_already_use=0 @@ -44,3 +41,5 @@ Notification=all name=1.3.0~ynh6 ; commit=481c0c5ce62caa9c79a6bd536f390f3814128b3a name=1.3.0~ynh7 + ; commit=e53a85de775501b13d8ef9c546d6b523c0a99e4f + name=1.3.0~ynh8 diff --git a/conf/.env b/conf/.env index 8b369ef..b3f13b4 100644 --- a/conf/.env +++ b/conf/.env @@ -5,7 +5,7 @@ PATH=__YNH_NODE_LOAD_PATH__ PORT=__PORT__ # The directory where is store the database -DB_DIR=__FINALPATH__/distbin-db +DB_DIR=__DATADIR__/distbin-db # The external URL EXTERNAL_URL=https://__DOMAIN____PATH__/ diff --git a/conf/nginx.conf b/conf/nginx.conf index 677303b..cf97361 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,11 +1,6 @@ #sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; location __PATH__/ { - # Force usage of https - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; - } - proxy_pass http://127.0.0.1:__PORT__/; proxy_pass_request_headers on; proxy_redirect ~^/(.*) $scheme://$http_host__PATH__/$1; diff --git a/conf/systemd.service b/conf/systemd.service index 58d15f0..077ba40 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -6,9 +6,42 @@ After=network.target Type=simple User=__APP__ Group=__APP__ -EnvironmentFile=__FINALPATH__/.env WorkingDirectory=__FINALPATH__/ -ExecStart=/bin/sh -c 'node ./dist/bin/server >> /var/log/__APP__/__APP__.log 2>&1' +ExecStart=__YNH_NODE__ __FINALPATH__/dist/bin/server >> +StandardOutput=append:/var/log/__APP__/__APP__.log +StandardError=inherit +Restart=always +EnvironmentFile=__FINALPATH__/.env + +# Sandboxing options to harden security +# Depending on specificities of your service/app, you may need to tweak these +# .. but this should be a good baseline +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG [Install] WantedBy=multi-user.target diff --git a/doc/.gitkeep b/doc/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md new file mode 100644 index 0000000..a675b91 --- /dev/null +++ b/doc/DESCRIPTION.md @@ -0,0 +1,11 @@ +A distributed pastebin. i.e. it is a service where anyone can post things on the web, and others can react by posting anywhere else on the web (including here). + +A networked place to store posted web documents. This is meant to allow for distributed social commentary and reaction around these documents using best practices recommended or noted by the W3C Social Web Working Group. + +### Features + +- Ut enim ad minim veniam, quis nostrud exercitation ullamco ; +- Laboris nisi ut aliquip ex ea commodo consequat ; +- Duis aute irure dolor in reprehenderit in voluptate ; +- Velit esse cillum dolore eu fugiat nulla pariatur ; +- Excepteur sint occaecat cupidatat non proident, sunt in culpa." diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md new file mode 100644 index 0000000..8060069 --- /dev/null +++ b/doc/DISCLAIMER.md @@ -0,0 +1 @@ +* No configuration parameters available for now. diff --git a/doc/screenshots/.gitkeep b/doc/screenshots/.gitkeep new file mode 100644 index 0000000..e69de29 diff --git a/doc/screenshots/screenshot.PNG b/doc/screenshots/screenshot.PNG new file mode 100644 index 0000000..b331614 Binary files /dev/null and b/doc/screenshots/screenshot.PNG differ diff --git a/manifest.json b/manifest.json index cbe0799..32641d2 100644 --- a/manifest.json +++ b/manifest.json @@ -6,8 +6,14 @@ "en": "Distributed pastebin with ActivityPub.", "fr": "Pastebin distribué utilisant le protocole ActivityPub." }, - "version": "1.3.0~ynh8", - "url": "https://distbin.com/", + "version": "1.3.0~ynh9", + "url": "https://distbin.com", + "upstream": { + "license": "Apache-2.0", + "website": "https://distbin.com/about", + "demo": "https://distbin.com/", + "code": "https://github.com/gobengo/distbin" + }, "license": "Apache-2.0", "maintainer": { "name": "yalh76" @@ -23,8 +29,7 @@ "install" : [ { "name": "domain", - "type": "domain", - "example": "example.com" + "type": "domain" }, { "name": "path", diff --git a/scripts/backup b/scripts/backup index 5146c2b..26abcf6 100644 --- a/scripts/backup +++ b/scripts/backup @@ -29,6 +29,7 @@ app=$YNH_APP_INSTANCE_NAME final_path=$(ynh_app_setting_get --app=$app --key=final_path) domain=$(ynh_app_setting_get --app=$app --key=domain) +datadir=$(ynh_app_setting_get --app=$app --key=datadir) #================================================= # DECLARE DATA AND CONF FILES TO BACKUP @@ -41,6 +42,12 @@ ynh_print_info --message="Declaring files to be backed up..." ynh_backup --src_path="$final_path" +#================================================= +# BACKUP THE DATA DIR +#================================================= + +ynh_backup --src_path="$datadir" --is_big + #================================================= # BACKUP THE NGINX CONFIGURATION #================================================= diff --git a/scripts/change_url b/scripts/change_url index ad048fb..979258e 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -140,6 +140,7 @@ ynh_script_progression --message="Starting a systemd service..." # Start a systemd service ynh_systemd_action --service_name=$app --action="start" --log_path=systemd --line_match="Started Distbin Service" + if [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then sleep 60 fi diff --git a/scripts/install b/scripts/install index 937f27a..6670c30 100644 --- a/scripts/install +++ b/scripts/install @@ -73,7 +73,7 @@ ynh_install_nodejs --nodejs_version=$NODEJS_VERSION ynh_script_progression --message="Configuring system user..." # Create a system user -ynh_system_user_create --username=$app --home_dir="$final_path" +ynh_system_user_create --username=$app --home_dir=$final_path #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE @@ -98,27 +98,6 @@ ynh_add_nginx_config #================================================= # SPECIFIC SETUP -#================================================= -# CREATE LOG FOLDER -#================================================= -ynh_script_progression --message="Creating log folder..." - -mkdir -p "/var/log/$app" -chown -R "$app":"$app" "/var/log/$app" - -#================================================= -# CREATE DB FOLDER -#================================================= -ynh_script_progression --message="Creating DB folder..." - -mkdir -p "$final_path/distbin-db" -mkdir -p "$final_path/distbin-db/activities" -mkdir -p "$final_path/distbin-db/inbox" - -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:$app "$final_path" - #================================================= # INSTALLING DISTBIN #================================================= @@ -126,19 +105,46 @@ ynh_script_progression --message="Installing Distbin..." pushd $final_path ynh_use_nodejs - ynh_exec_warn_less sudo -u $app $ynh_node_load_PATH $ynh_npm install --ignore-scripts - ynh_exec_warn_less sudo -u $app $ynh_node_load_PATH $ynh_npm run build - sudo -u $app cp -af package* dist/ + ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH $ynh_npm install --ignore-scripts + ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH $ynh_npm run build + ynh_exec_warn_less ynh_exec_as $app cp -af package* dist/ popd pushd $final_path/dist - ynh_exec_warn_less sudo -u $app $ynh_node_load_PATH $ynh_npm install --ignore-scripts --production + ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH $ynh_npm install --ignore-scripts --production popd +#================================================= +# CREATE LOG DIRECTORY +#================================================= +ynh_script_progression --message="Creating log folder..." + +mkdir -p "/var/log/$app" + +chmod 750 "/var/log/$app" +chmod -R o-rwx "/var/log/$app" +chown -R $app:$app "/var/log/$app" + +#================================================= +# CREATE DATA DIRECTORY +#================================================= +ynh_script_progression --message="Creating a data directory..." + +datadir=/home/yunohost.app/$app +ynh_app_setting_set --app=$app --key=datadir --value=$datadir + +mkdir -p "$datadir/distbin-db" +mkdir -p "$datadir/distbin-db/activities" +mkdir -p "$datadir/distbin-db/inbox" + +chmod 750 "$datadir" +chmod -R o-rwx "$datadir" +chown -R $app:$app "$datadir" + #================================================= # ADD A CONFIGURATION #================================================= -ynh_script_progression --message="Adding a config file..." +ynh_script_progression --message="Adding a configuration file..." ynh_add_config --template="../conf/.env" --destination="$final_path/.env" @@ -177,6 +183,7 @@ ynh_script_progression --message="Starting a systemd service..." # Start a systemd service ynh_systemd_action --service_name=$app --action="start" --log_path=systemd --line_match="Started Distbin Service" + if [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then sleep 60 fi diff --git a/scripts/remove b/scripts/remove index cd37d47..ddab2d5 100644 --- a/scripts/remove +++ b/scripts/remove @@ -19,6 +19,7 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) port=$(ynh_app_setting_get --app=$app --key=port) final_path=$(ynh_app_setting_get --app=$app --key=final_path) +datadir=$(ynh_app_setting_get --app=$app --key=datadir) #================================================= # STANDARD REMOVE @@ -42,13 +43,12 @@ ynh_script_progression --message="Stopping and removing the systemd service..." ynh_remove_systemd_config #================================================= -# REMOVE DEPENDENCIES +# REMOVE LOGROTATE CONFIGURATION #================================================= -ynh_script_progression --message="Removing dependencies..." +ynh_script_progression --message="Removing logrotate configuration..." -# Remove metapackage and its dependencies -ynh_remove_nodejs -ynh_remove_app_dependencies +# Remove the app-specific logrotate config +ynh_remove_logrotate #================================================= # REMOVE APP MAIN DIR @@ -58,6 +58,17 @@ ynh_script_progression --message="Removing app main directory..." # Remove the app directory securely ynh_secure_remove --file="$final_path" +#================================================= +# REMOVE DATA DIR +#================================================= + +# Remove the data directory if --purge option is used +if [ "${YNH_APP_PURGE:-0}" -eq 1 ] +then + ynh_script_progression --message="Removing app data directory..." + ynh_secure_remove --file="$datadir" +fi + #================================================= # REMOVE NGINX CONFIGURATION #================================================= @@ -67,17 +78,18 @@ ynh_script_progression --message="Removing NGINX web server configuration..." ynh_remove_nginx_config #================================================= -# REMOVE LOGROTATE CONFIGURATION +# REMOVE DEPENDENCIES #================================================= -ynh_script_progression --message="Removing logrotate configuration..." +ynh_script_progression --message="Removing dependencies..." -# Remove the app-specific logrotate config -ynh_remove_logrotate +# Remove metapackage and its dependencies +ynh_remove_nodejs +ynh_remove_app_dependencies #================================================= # SPECIFIC REMOVE #================================================= -# REMOVE THE LOG FILES +# REMOVE VARIOUS FILES #================================================= # Remove the log files diff --git a/scripts/restore b/scripts/restore index df37250..4680052 100644 --- a/scripts/restore +++ b/scripts/restore @@ -30,14 +30,13 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) +datadir=$(ynh_app_setting_get --app=$app --key=datadir) #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= ynh_script_progression --message="Validating restoration parameters..." -ynh_webpath_available --domain=$domain --path_url=$path_url \ - || ynh_die --message="Path not available: ${domain}${path_url}" test ! -d $final_path \ || ynh_die --message="There is already a directory: $final_path " @@ -56,7 +55,7 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_script_progression --message="Recreating the dedicated system user..." # Create the dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" +ynh_system_user_create --username=$app --home_dir=$final_path #================================================= # RESTORE THE APP MAIN DIR @@ -69,12 +68,28 @@ chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:$app "$final_path" +#================================================= +# RESTORE THE DATA DIRECTORY +#================================================= +ynh_script_progression --message="Restoring the data directory..." + +ynh_restore_file --origin_path="$datadir" --not_mandatory + +mkdir -p $datadir + +chmod 750 "$datadir" +chmod -R o-rwx "$datadir" +chown -R $app:www-data "$datadir" + #================================================= # CREATE LOG FOLDER #================================================= ynh_script_progression --message="Creating log folder..." mkdir -p "/var/log/$app" + +chmod 750 "/var/log/$app" +chmod -R o-rwx "/var/log/$app" chown -R $app:$app "/var/log/$app" #================================================= @@ -96,6 +111,13 @@ ynh_script_progression --message="Restoring the systemd configuration..." ynh_restore_file --origin_path="/etc/systemd/system/$app.service" systemctl enable $app.service --quiet +#================================================= +# RESTORE THE LOGROTATE CONFIGURATION +#================================================= +ynh_script_progression --message="Restoring the logrotate configuration..." + +ynh_restore_file --origin_path="/etc/logrotate.d/$app" + #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= @@ -109,17 +131,11 @@ yunohost service add $app --description="Distributed pastebin" --log="/var/log/$ ynh_script_progression --message="Starting a systemd service..." ynh_systemd_action --service_name=$app --action="start" --log_path=systemd --line_match="Started Distbin Service" + if [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then sleep 60 fi -#================================================= -# RESTORE THE LOGROTATE CONFIGURATION -#================================================= -ynh_script_progression --message="Restoring the logrotate configuration..." - -ynh_restore_file --origin_path="/etc/logrotate.d/$app" - #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index dbb4f0e..03b2bab 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -20,6 +20,7 @@ domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) port=$(ynh_app_setting_get --app=$app --key=port) +datadir=$(ynh_app_setting_get --app=$app --key=datadir) #================================================= # CHECK VERSION @@ -28,18 +29,6 @@ ynh_script_progression --message="Checking version..." upgrade_type=$(ynh_check_app_version_changed) -#================================================= -# ENSURE DOWNWARD COMPATIBILITY -#================================================= -ynh_script_progression --message="Ensuring downward compatibility..." - -# Cleaning legacy permissions -if ynh_legacy_permissions_exists; then - ynh_legacy_permissions_delete_all - - ynh_app_setting_delete --app=$app --key=is_public -fi - #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= @@ -64,13 +53,54 @@ ynh_script_progression --message="Stopping a systemd service..." ynh_systemd_action --service_name=$app --action="stop" --log_path=systemd --line_match="Stopped Distbin Service" +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= +ynh_script_progression --message="Ensuring downward compatibility..." + +# Cleaning legacy permissions +if ynh_legacy_permissions_exists; then + ynh_legacy_permissions_delete_all + + ynh_app_setting_delete --app=$app --key=is_public +fi + +ynh_script_progression --message="Creating storage folder..." + +if [ -z "$datadir" ]; then + datadir=/home/yunohost.app/$app + ynh_app_setting_set --app=$app --key=datadir --value=$datadir +fi + +mkdir -p "$datadir/distbin-db/" + +# Move old db +if [ -d "$final_path/db/" ]; then + rsync -arz "$final_path/db/" "$datadir/distbin-db/" --delete-after --remove-source-files + ynh_secure_remove --file="$final_path/db" +fi + +# Move old db +if [ -d "$final_path/distbin-db/" ]; then + if [ -d "$final_path/distbin-db/db/" ]; then + rsync -arz "$final_path/distbin-db/db/" "$datadir/distbin-db/" --delete-after --remove-source-files + ynh_secure_remove --file="$final_path/distbin-db/db" + fi + rsync -arz "$final_path/distbin-db/" "$datadir/distbin-db/" --delete-after --remove-source-files + ynh_secure_remove --file="$final_path/distbin-db" +fi + +chmod 750 "$datadir" +chmod -R o-rwx "$datadir" +chown -R $app:$app "$datadir" + #================================================= # CREATE DEDICATED USER #================================================= ynh_script_progression --message="Making sure dedicated system user exists..." # Create a dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" +ynh_system_user_create --username=$app --home_dir=$final_path #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE @@ -112,23 +142,11 @@ ynh_install_nodejs --nodejs_version=$NODEJS_VERSION ynh_script_progression --message="Creating log folder..." mkdir -p "/var/log/$app" + +chmod 750 "/var/log/$app" +chmod -R o-rwx "/var/log/$app" chown -R $app:$app "/var/log/$app" -#================================================= -# CREATE STORAGE FOLDER -#================================================= -ynh_script_progression --message="Creating storage folder..." - -DIRECTORY="$final_path/db" -#Move old db -if [ -d "$DIRECTORY" ]; then - mv "$final_path/db" "$final_path/distbin-db" -fi - -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:$app "$final_path" - #================================================= # MAKE UPGRADE #================================================= @@ -136,13 +154,13 @@ ynh_script_progression --message="Making upgrade..." pushd $final_path ynh_use_nodejs - ynh_exec_warn_less sudo -u $app $ynh_node_load_PATH $ynh_npm install --ignore-scripts - ynh_exec_warn_less sudo -u $app $ynh_node_load_PATH $ynh_npm run build - sudo -u $app cp -af package* dist/ + ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH $ynh_npm install --ignore-scripts + ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH $ynh_npm run build + ynh_exec_warn_less ynh_exec_as $app cp -af package* dist/ popd pushd $final_path/dist - ynh_exec_warn_less sudo -u $app $ynh_node_load_PATH $ynh_npm install --ignore-scripts --production + ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH $ynh_npm install --ignore-scripts --production popd #================================================= @@ -186,6 +204,7 @@ yunohost service add $app --description="Distributed pastebin" --log="/var/log/$ ynh_script_progression --message="Starting a systemd service..." ynh_systemd_action --service_name=$app --action="start" --log_path=systemd --line_match="Started Distbin Service" + if [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then sleep 60 fi