diff --git a/.kateproject b/.kateproject deleted file mode 100644 index d945148..0000000 --- a/.kateproject +++ /dev/null @@ -1,4 +0,0 @@ -{ -"name": "Element_ynh" -, "files": [ { "git": 1 } ] -} diff --git a/README.md b/README.md index 19f1a15..0dceab3 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,7 @@ It shall NOT be edited by hand. # Element for YunoHost [![Integration level](https://dash.yunohost.org/integration/element.svg)](https://dash.yunohost.org/appci/app/element) ![Working status](https://ci-apps.yunohost.org/ci/badges/element.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/element.maintain.svg) + [![Install Element with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=element) *[Lire ce readme en français.](./README_fr.md)* @@ -25,28 +26,6 @@ Element is a new type of messaging app. You choose where your messages are store ![Screenshot of Element](./doc/screenshots/homepage-all-platforms-1_1.png) -## Disclaimers / important information - -## YunoHost specific features - -### Multi-users support - -This application support the SSO. If you want to use the SSO, you need to define the path to the default homeserver as your homeserver witch is installed on your YunoHost instance. - -## Additional informations - -### Important Security Note - -We do not recommend running Element from the same domain name as your Matrix -homeserver (Synapse). The reason is the risk of XSS (cross-site-scripting) -vulnerabilities that could occur if someone caused Element to load and render -malicious user generated content from a Matrix API which then had trusted -access to Element (or other apps) due to sharing the same domain. - -We have put some coarse mitigations into place to try to protect against this -situation, but it's still not good practice to do it in the first place. See -https://github.com/vector-im/riot-web/issues/1977 for more details. - ## Documentation and resources * Official app website: diff --git a/README_fr.md b/README_fr.md index f3eb8a5..8353745 100644 --- a/README_fr.md +++ b/README_fr.md @@ -6,6 +6,7 @@ It shall NOT be edited by hand. # Element pour YunoHost [![Niveau d’intégration](https://dash.yunohost.org/integration/element.svg)](https://dash.yunohost.org/appci/app/element) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/element.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/element.maintain.svg) + [![Installer Element avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=element) *[Read this readme in english.](./README.md)* @@ -25,28 +26,6 @@ Element est un nouveau type d'application de messagerie. Vous choisissez où vos ![Capture d’écran de Element](./doc/screenshots/homepage-all-platforms-1_1.png) -## Avertissements / informations importantes - -## Fonctionnalités spécifiques à YunoHost - -### Prise en charge multi-utilisateurs - -Cette application prend en charge le SSO. Si vous souhaitez utiliser le SSO, vous devez définir le chemin d'accès au serveur domestique par défaut car votre serveur domestique est installé sur votre instance YunoHost. - -## Informations supplémentaires - -### Note de sécurité importante - -Nous vous déconseillons d'exécuter Element à partir du même nom de domaine que votre Matrix -serveur domestique (Synapse). La raison en est le risque de XSS (cross-site-scripting) -vulnérabilités qui pourraient survenir si quelqu'un provoquait le chargement et le rendu d'Element -un utilisateur malveillant a généré du contenu à partir d'une API Matrix qui avait alors fait confiance -accès à Element (ou à d'autres applications) en raison du partage du même domaine. - -Nous avons mis en place des mesures d'atténuation grossières pour essayer de nous protéger contre ce -situation, mais ce n'est toujours pas une bonne pratique de le faire en premier lieu. Voir -https://github.com/vector-im/riot-web/issues/1977 pour plus de détails. - ## Documentations et ressources * Site officiel de l’app : diff --git a/check_process b/check_process deleted file mode 100644 index ec0f0de..0000000 --- a/check_process +++ /dev/null @@ -1,24 +0,0 @@ -;; Test complet - ; Manifest - domain="domain.tld" - path="/path" - default_home_server="matrix.org" - is_public=1 - ; Checks - pkg_linter=1 - setup_sub_dir=1 - setup_root=1 - setup_nourl=0 - setup_private=1 - setup_public=1 - upgrade=1 - upgrade=1 from_commit=34d457d13e526997fddb8348650674a7db2247be - backup_restore=1 - multi_instance=1 - change_url=1 -;;; Upgrade options - ; commit=Sep 13, 2021 - name=34d457d13e526997fddb8348650674a7db2247be - manifest_arg=domain=DOMAIN&path=PATH&admin=USER&language=fr&is_public=1&password=pass&port=666& - - \ No newline at end of file diff --git a/conf/config.json b/conf/config.json index f76fdf8..0d2955f 100644 --- a/conf/config.json +++ b/conf/config.json @@ -1,7 +1,11 @@ { "default_server_config": { - "m.homeserver": { "base_url": "https://__DEFAULT_HOME_SERVER__" }, - "m.identity_server": {"base_url": "https://vector.im"} + "m.homeserver": { + "base_url": "https://__DEFAULT_HOME_SERVER__" + }, + "m.identity_server": { + "base_url": "https://vector.im" + } }, "brand": "Element", "integrations_ui_url": "https://scalar.vector.im/", @@ -17,6 +21,6 @@ "https://matrix-client.matrix.org": false }, "embedded_pages": { - "login_for_welcome": __LOGIN_FOR_WELCOME__ + "login_for_welcome": "__LOGIN_FOR_WELCOME__" } } diff --git a/conf/nginx.conf b/conf/nginx.conf index b5f38e3..58bbde2 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,7 +1,7 @@ #sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; location __PATH__/ { - alias __FINALPATH__/; + alias __INSTALL_DIR__/; index index.html; diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md deleted file mode 100644 index 22d6e95..0000000 --- a/doc/DISCLAIMER.md +++ /dev/null @@ -1,19 +0,0 @@ -## YunoHost specific features - -### Multi-users support - -This application support the SSO. If you want to use the SSO, you need to define the path to the default homeserver as your homeserver witch is installed on your YunoHost instance. - -## Additional informations - -### Important Security Note - -We do not recommend running Element from the same domain name as your Matrix -homeserver (Synapse). The reason is the risk of XSS (cross-site-scripting) -vulnerabilities that could occur if someone caused Element to load and render -malicious user generated content from a Matrix API which then had trusted -access to Element (or other apps) due to sharing the same domain. - -We have put some coarse mitigations into place to try to protect against this -situation, but it's still not good practice to do it in the first place. See -https://github.com/vector-im/riot-web/issues/1977 for more details. diff --git a/doc/DISCLAIMER_fr.md b/doc/DISCLAIMER_fr.md deleted file mode 100644 index 0ac8dd8..0000000 --- a/doc/DISCLAIMER_fr.md +++ /dev/null @@ -1,19 +0,0 @@ -## Fonctionnalités spécifiques à YunoHost - -### Prise en charge multi-utilisateurs - -Cette application prend en charge le SSO. Si vous souhaitez utiliser le SSO, vous devez définir le chemin d'accès au serveur domestique par défaut car votre serveur domestique est installé sur votre instance YunoHost. - -## Informations supplémentaires - -### Note de sécurité importante - -Nous vous déconseillons d'exécuter Element à partir du même nom de domaine que votre Matrix -serveur domestique (Synapse). La raison en est le risque de XSS (cross-site-scripting) -vulnérabilités qui pourraient survenir si quelqu'un provoquait le chargement et le rendu d'Element -un utilisateur malveillant a généré du contenu à partir d'une API Matrix qui avait alors fait confiance -accès à Element (ou à d'autres applications) en raison du partage du même domaine. - -Nous avons mis en place des mesures d'atténuation grossières pour essayer de nous protéger contre ce -situation, mais ce n'est toujours pas une bonne pratique de le faire en premier lieu. Voir -https://github.com/vector-im/riot-web/issues/1977 pour plus de détails. diff --git a/manifest.json b/manifest.json deleted file mode 100644 index a948edf..0000000 --- a/manifest.json +++ /dev/null @@ -1,63 +0,0 @@ -{ - "name": "Element", - "id": "element", - "packaging_format": 1, - "description": { - "en": "Web client for Matrix", - "fr": "Client web pour Matrix" - }, - "version": "1.11.22~ynh1", - "url": "https://element.io", - "upstream": { - "license": "Apache-2.0", - "website": "https://element.io", - "demo": "https://app.element.io/", - "admindoc": "https://element.io/help", - "code": "https://github.com/vector-im/element-web/" - }, - "license": "Apache-2.0", - "maintainer": { - "name": "Josué Tille", - "email": "josue@tille.ch" - }, - "requirements": { - "yunohost": ">= 11.0.9" - }, - "multi_instance": true, - "services": [ - "nginx" - ], - "arguments": { - "install" : [ - { - "name": "domain", - "type": "domain" - }, - { - "name": "path", - "type": "path", - "example": "/element", - "default": "/element" - }, - { - "name": "default_home_server", - "type": "string", - "ask": { - "en": "Choose a default home server", - "fr": "Choisissez un serveur par défault" - }, - "example": "my-own-homeserver.tld", - "default": "matrix.org" - }, - { - "name": "is_public", - "type": "boolean", - "help": { - "en": "A public application means that anyone can access it. Note that this application provides just files (html, javascript, images, etc.)", - "fr": "Une application publique signifie que n'importe qui peut y accéder. Notez que cette application ne fournit que des fichiers (html, javascript, images, etc.)" - }, - "default": false - } - ] - } -} diff --git a/manifest.toml b/manifest.toml new file mode 100644 index 0000000..b977ccc --- /dev/null +++ b/manifest.toml @@ -0,0 +1,57 @@ +packaging_format = 2 + +id = "element" +name = "Element" +description.en = "Web client for Matrix" +description.fr = "Client web pour Matrix" + +version = "1.11.22~ynh1" + +maintainers = ["Josué Tille"] + +[upstream] +license = "Apache-2.0" +website = "https://element.io" +demo = "https://app.element.io/" +admindoc = "https://element.io/help" +code = "https://github.com/vector-im/element-web/" +cpe = "cpe:2.3:a:matrix:element" + +[integration] +yunohost = ">= 11.1.6" +architectures = "all" +multi_instance = true +ldap = false +sso = true +disk = "50M" +ram.build = "50M" +ram.runtime = "50M" + +[install] + [install.domain] + type = "domain" + + [install.path] + type = "path" + default = "/element" + + [install.default_home_server] + ask.en = "Choose a default home server" + ask.fr = "Choisissez un serveur par défault" + type = "string" + example = "my-own-homeserver.tld" + default = "matrix.org" + + [install.init_main_permission] + help.en = "A public application means that anyone can access it. Note that this application provides just files (html, javascript, images, etc.)" + help.fr = "Une application publique signifie que n'importe qui peut y accéder. Notez que cette application ne fournit que des fichiers (html, javascript, images, etc.)" + type = "group" + default = "visitors" + +[resources] + [resources.system_user] + + [resources.install_dir] + + [resources.permissions] + main.url = "/" diff --git a/scripts/backup b/scripts/backup index 6201eec..52eea5b 100644 --- a/scripts/backup +++ b/scripts/backup @@ -10,23 +10,6 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_print_info --message="Loading installation settings..." - -app=$YNH_APP_INSTANCE_NAME - -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -domain=$(ynh_app_setting_get --app=$app --key=domain) - #================================================= # DECLARE DATA AND CONF FILES TO BACKUP #================================================= @@ -36,7 +19,7 @@ ynh_print_info --message="Declaring files to be backed up..." # BACKUP THE APP MAIN DIR #================================================= -ynh_backup --src_path="$final_path" +ynh_backup --src_path="$install_dir" #================================================= # BACKUP THE NGINX CONFIGURATION diff --git a/scripts/change_url b/scripts/change_url index 4d5a344..4ac066b 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -21,14 +21,6 @@ new_path=$YNH_APP_NEW_PATH app=$YNH_APP_INSTANCE_NAME -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -# Needed for helper "ynh_add_nginx_config" -final_path=$(ynh_app_setting_get --app=$app --key=final_path) - #================================================= # BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP #================================================= @@ -90,6 +82,7 @@ then # Store file checksum for the new config file location ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" fi + #================================================= # RELOAD NGINX #================================================= diff --git a/scripts/install b/scripts/install index f0f8dc9..3c653cc 100644 --- a/scripts/install +++ b/scripts/install @@ -9,64 +9,29 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= # Retrieve arguments -domain=$YNH_APP_ARG_DOMAIN -path_url=$YNH_APP_ARG_PATH -is_public=$YNH_APP_ARG_IS_PUBLIC default_home_server=$YNH_APP_ARG_DEFAULT_HOME_SERVER - -app=$YNH_APP_INSTANCE_NAME - login_for_welcome=true -#================================================= -# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS -#================================================= -ynh_script_progression --message="Validating installation parameters..." --weight=1 - -final_path=/var/www/$app -test ! -e "$final_path" || ynh_die --message="This path already contains a folder" - -# Register (book) web path -ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url - #================================================= # STORE SETTINGS FROM MANIFEST #================================================= ynh_script_progression --message="Storing installation settings..." --weight=1 -ynh_app_setting_set --app=$app --key=domain --value=$domain -ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=default_home_server --value=$default_home_server ynh_app_setting_set --app=$app --key=login_for_welcome --value=$login_for_welcome -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." --weight=1 - -# Create a system user -ynh_system_user_create --username=$app --home_dir="$final_path" - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." --weight=4 -ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source --dest_dir="$final_path" +ynh_setup_source --dest_dir="$install_dir" #================================================= # NGINX CONFIGURATION @@ -81,28 +46,15 @@ ynh_add_nginx_config #================================================= ynh_script_progression --message="Adding a configuration file..." --weight=1 -ynh_add_config --template="../conf/config.json" --destination="$final_path/config.json" - -chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" +ynh_add_config --template="../conf/config.json" --destination="$install_dir/config.json" #================================================= -# SETUP SSOWAT +# SECURE FILES AND DIRECTORIES #================================================= -ynh_script_progression --message="Configuring permissions..." --weight=1 -# Make app public if necessary -if [ $is_public -eq 1 ] -then - ynh_permission_update --permission="main" --add="visitors" -fi - -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - -ynh_systemd_action --service_name=nginx --action=reload +# Set permissions to app files +chmod -R o-rwx "$install_dir" +chown -R $app:www-data "$install_dir" #================================================= # END OF SCRIPT diff --git a/scripts/remove b/scripts/remove index e2bc3c1..e7f44d8 100755 --- a/scripts/remove +++ b/scripts/remove @@ -9,24 +9,6 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) - -#================================================= -# REMOVE APP MAIN DIR -#================================================= -ynh_script_progression --message="Removing app main directory..." --weight=1 - -# Remove the app directory securely -ynh_secure_remove --file="$final_path" - #================================================= # REMOVE NGINX CONFIGURATION #================================================= @@ -35,16 +17,6 @@ ynh_script_progression --message="Removing NGINX web server configuration..." -- # Remove the dedicated NGINX config ynh_remove_nginx_config -#================================================= -# GENERIC FINALIZATION -#================================================= -# REMOVE DEDICATED USER -#================================================= -ynh_script_progression --message="Removing the dedicated system user..." --weight=1 - -# Delete a system user -ynh_system_user_delete --username=$app - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index 0958a88..ed2f094 100644 --- a/scripts/restore +++ b/scripts/restore @@ -10,31 +10,6 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -# Stop script if errors -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) - -#================================================= -# CHECK IF THE APP CAN BE RESTORED -#================================================= -ynh_script_progression --message="Validating restoration parameters..." --weight=1 - -test ! -d $final_path || ynh_die --message="There is already a directory: $final_path " - #================================================= # STANDARD RESTORATION STEPS #================================================= @@ -44,23 +19,12 @@ ynh_script_progression --message="Restoring the NGINX configuration..." --weight ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" -#================================================= -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." --weight=1 - -# Create the dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" - #================================================= # RESTORE THE APP MAIN DIR #================================================= ynh_script_progression --message="Restoring the app main directory..." --weight=1 -ynh_restore_file --origin_path="$final_path" - -chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" +ynh_restore_file --origin_path="$install_dir" #================================================= # GENERIC FINALIZATION @@ -71,6 +35,14 @@ ynh_script_progression --message="Reloading NGINX web server..." --weight=1 ynh_systemd_action --service_name=nginx --action=reload +#================================================= +# SECURE FILES AND DIRECTORIES +#================================================= + +# Set permissions to app files +chmod -R o-rwx "$install_dir" +chown -R $app:www-data "$install_dir" + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index c259066..90bfe7f 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -12,16 +12,10 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 +#ynh_script_progression --message="Loading installation settings..." --weight=1 -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -default_home_server=$(ynh_app_setting_get --app=$app --key=default_home_server) - -login_for_welcome=$(ynh_app_setting_get --app=$app --key=login_for_welcome) +#default_home_server=$(ynh_app_setting_get --app=$app --key=default_home_server) +#login_for_welcome=$(ynh_app_setting_get --app=$app --key=login_for_welcome) #================================================= # CHECK VERSION @@ -29,51 +23,22 @@ login_for_welcome=$(ynh_app_setting_get --app=$app --key=login_for_welcome) upgrade_type=$(ynh_check_app_version_changed) -#================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP -#================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1 - -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - # Restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 # If default_home_server doesn't exist, create it -if [ -z "$default_home_server" ]; then +if [ -z "${default_home_server:-}" ]; then default_home_server="matrix.org" ynh_app_setting_set --app=$app --key=default_home_server --value=$default_home_server fi -if [ -z "$login_for_welcome" ]; then +if [ -z "${login_for_welcome:-}" ]; then login_for_welcome=true ynh_app_setting_set --app=$app --key=login_for_welcome --value=$login_for_welcome fi -# Cleaning legacy permissions -if ynh_legacy_permissions_exists; then - ynh_legacy_permissions_delete_all - - ynh_app_setting_delete --app=$app --key=is_public -fi - -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 - -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -83,7 +48,7 @@ then ynh_script_progression --message="Upgrading source files..." --weight=1 # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir="$final_path" + ynh_setup_source --dest_dir="$install_dir" #--keep="config.json" fi #================================================= @@ -91,10 +56,7 @@ fi #================================================= ynh_script_progression --message="Adding a configuration file..." --weight=1 -ynh_add_config --template="../conf/config.json" --destination="$final_path/config.json" - -chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" +ynh_add_config --template="../conf/config.json" --destination="$install_dir/config.json" #================================================= # NGINX CONFIGURATION @@ -105,11 +67,12 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." - ynh_add_nginx_config #================================================= -# RELOAD NGINX +# SECURE FILES AND DIRECTORIES #================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 -ynh_systemd_action --service_name=nginx --action=reload +# Set permissions to app files +chmod -R o-rwx "$install_dir" +chown -R $app:www-data "$install_dir" #================================================= # END OF SCRIPT diff --git a/tests.toml b/tests.toml new file mode 100644 index 0000000..b8493de --- /dev/null +++ b/tests.toml @@ -0,0 +1,21 @@ +test_format = 1.0 + +[default] + + # ------------ + # Tests to run + # ------------ + + exclude ="install.nourl" + + # ------------------------------- + # Default args to use for install + # ------------------------------- + + args.default_home_server="matrix.org" + + # ------------------------------- + # Commits to test upgrade from + # ------------------------------- + + test_upgrade_from.d653976.name = "Upgrade from 23.01"