From 37e644c16f26767b30066cae0d3c15d94a1d02eb Mon Sep 17 00:00:00 2001 From: Yunohost-Bot <> Date: Fri, 4 Jun 2021 07:55:27 +0000 Subject: [PATCH 1/6] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f57de9f..f883c92 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Online web spreadsheet editor providing collaborative editing in really real-time -**Shipped version:** 20201228~ynh1 +**Shipped version:** 20201228~ynh2 **Demo:** https://ethercalc.net/ diff --git a/README_fr.md b/README_fr.md index be3c032..eaa656b 100644 --- a/README_fr.md +++ b/README_fr.md @@ -13,7 +13,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour Feuille de calcul collaborative en ligne -**Version incluse :** 20201228~ynh1 +**Version incluse :** 20201228~ynh2 **Démo :** https://ethercalc.net/ From ef2191dae381932b2ccd26075063373b019b4e80 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 21 Jul 2021 15:40:31 +0200 Subject: [PATCH 2/6] Fix --- check_process | 1 - conf/app.src | 1 - scripts/_common.sh | 2 +- scripts/remove | 6 +++--- scripts/upgrade | 28 ++++++++++++++-------------- 5 files changed, 18 insertions(+), 20 deletions(-) diff --git a/check_process b/check_process index 6de33a6..d8b0d45 100644 --- a/check_process +++ b/check_process @@ -1,5 +1,4 @@ ;; Test complet - auto_remove=1 ; Manifest domain="domain.tld" path="/" diff --git a/conf/app.src b/conf/app.src index cad7801..7be8559 100644 --- a/conf/app.src +++ b/conf/app.src @@ -4,4 +4,3 @@ SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true SOURCE_FILENAME= - diff --git a/scripts/_common.sh b/scripts/_common.sh index ab3b7fc..d493113 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,7 +4,7 @@ # COMMON VARIABLES #================================================= -pkg_dependencies="redis-server redis-tools g++ make" +pkg_dependencies="redis-server redis-tools" nodejs_version=14 diff --git a/scripts/remove b/scripts/remove index 2684af4..0cee21d 100644 --- a/scripts/remove +++ b/scripts/remove @@ -15,9 +15,9 @@ source /usr/share/yunohost/helpers app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get $app domain) -port=$(ynh_app_setting_get $app port) -final_path=$(ynh_app_setting_get $app final_path) +domain=$(ynh_app_setting_get --app=$app --key=domain) +port=$(ynh_app_setting_get --app=$app --key=port) +final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= # STANDARD REMOVE diff --git a/scripts/upgrade b/scripts/upgrade index 680d9e8..fc4e75e 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -27,6 +27,20 @@ port=$(ynh_app_setting_get --app=$app --key=port) upgrade_type=$(ynh_check_app_version_changed) +#================================================= +# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +#================================================= +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=2 + +# Backup the current version of the app +ynh_backup_before_upgrade +ynh_clean_setup () { + # restore it if the upgrade fails + ynh_restore_upgradebackup +} +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= @@ -45,20 +59,6 @@ if ynh_legacy_permissions_exists; then ynh_app_setting_delete --app=$app --key=is_public fi -#================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP -#================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=2 - -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - # restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - #================================================= # STANDARD UPGRADE STEPS #================================================= From 0e55576b49cfa80b8b543a5be5205a6dcd5ae31f Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 8 Sep 2021 10:28:31 +0200 Subject: [PATCH 3/6] Fix --- conf/systemd.service | 30 ++++++++++++++++++++++++++++++ doc/DESCRIPTION.md | 1 + doc/DESCRIPTION_fr.md | 1 + doc/DISCLAIMER.md | 0 scripts/remove | 1 + scripts/restore | 2 -- 6 files changed, 33 insertions(+), 2 deletions(-) create mode 100644 doc/DESCRIPTION.md create mode 100644 doc/DESCRIPTION_fr.md delete mode 100644 doc/DISCLAIMER.md diff --git a/conf/systemd.service b/conf/systemd.service index fb65a1a..4361b48 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -14,5 +14,35 @@ ExecStart=__FINALPATH__/bin/ethercalc --host 127.0.0.1 --port __PORT__ --expire RuntimeMaxSec=86400 Restart=always +# Sandboxing options to harden security +# Depending on specificities of your service/app, you may need to tweak these +# .. but this should be a good baseline +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG + [Install] WantedBy=multi-user.target diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md new file mode 100644 index 0000000..6b925ce --- /dev/null +++ b/doc/DESCRIPTION.md @@ -0,0 +1 @@ +EtherCalc is a collaborative spreadsheet that can be edited in real time. Each spreadsheet has its own URL. It has the basic functionalities: formatting, mathematical functions, graphics, adding comments, version history, export in HTML or in CSV. EtherCalc is a decentralized software: different instances allow the use of the service, they are made available by several organizations (for example the eponymous site or the FramaCalc service). This makes it possible to avoid concentrating all the data in the hands of the same actor. Instances can be personalized (limitation of the duration of hosting of the spreadsheet, modification of the design, etc.). \ No newline at end of file diff --git a/doc/DESCRIPTION_fr.md b/doc/DESCRIPTION_fr.md new file mode 100644 index 0000000..39e1834 --- /dev/null +++ b/doc/DESCRIPTION_fr.md @@ -0,0 +1 @@ +EtherCalc est un tableur collaboratif éditable en temps réel. Chaque tableur possède sa propre URL. Il dispose des fonctionnalités de base : mise en forme, fonctions mathématiques, graphiques, ajout de commentaires, historique des versions, export en HTML ou en CSV. EtherCalc est un logiciel décentralisé : différentes instances permettent d'utiliser le service, elles sont mises à disposition par plusieurs organisations (par exemple le site éponyme ou le service FramaCalc). Cela permet d'éviter de concentrer toutes les données entre les mains d'un même acteur. Les instances peuvent être personnalisées (limitation de la durée d'hébergement du tableur, modification du design, etc.). diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md deleted file mode 100644 index e69de29..0000000 diff --git a/scripts/remove b/scripts/remove index 0cee21d..f5b41ab 100644 --- a/scripts/remove +++ b/scripts/remove @@ -47,6 +47,7 @@ ynh_script_progression --message="Removing dependencies..." --weight=2 # Remove metapackage and its dependencies ynh_remove_app_dependencies +ynh_remove_nodejs #================================================= # REMOVE NGINX CONFIGURATION diff --git a/scripts/restore b/scripts/restore index b36d31a..97853e5 100644 --- a/scripts/restore +++ b/scripts/restore @@ -38,8 +38,6 @@ phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= ynh_script_progression --message="Validating restoration parameters..." --weight=1 -ynh_webpath_available --domain=$domain --path_url=$path_url \ - || ynh_die --message="Path not available: ${domain}${path_url}" test ! -d $final_path \ || ynh_die --message="There is already a directory: $final_path " From ebc20665e50f813cce56298fa7db59a2318863b8 Mon Sep 17 00:00:00 2001 From: Yunohost-Bot <> Date: Wed, 8 Sep 2021 20:22:59 +0000 Subject: [PATCH 4/6] Auto-update README --- README.md | 2 +- README_fr.md | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index f883c92..12a4fe6 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in ## Overview -Online web spreadsheet editor providing collaborative editing in really real-time +EtherCalc is a collaborative spreadsheet that can be edited in real time. Each spreadsheet has its own URL. It has the basic functionalities: formatting, mathematical functions, graphics, adding comments, version history, export in HTML or in CSV. EtherCalc is a decentralized software: different instances allow the use of the service, they are made available by several organizations (for example the eponymous site or the FramaCalc service). This makes it possible to avoid concentrating all the data in the hands of the same actor. Instances can be personalized (limitation of the duration of hosting of the spreadsheet, modification of the design, etc.). **Shipped version:** 20201228~ynh2 diff --git a/README_fr.md b/README_fr.md index eaa656b..118cc27 100644 --- a/README_fr.md +++ b/README_fr.md @@ -11,7 +11,8 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour ## Vue d'ensemble -Feuille de calcul collaborative en ligne +EtherCalc est un tableur collaboratif éditable en temps réel. Chaque tableur possède sa propre URL. Il dispose des fonctionnalités de base : mise en forme, fonctions mathématiques, graphiques, ajout de commentaires, historique des versions, export en HTML ou en CSV. EtherCalc est un logiciel décentralisé : différentes instances permettent d'utiliser le service, elles sont mises à disposition par plusieurs organisations (par exemple le site éponyme ou le service FramaCalc). Cela permet d'éviter de concentrer toutes les données entre les mains d'un même acteur. Les instances peuvent être personnalisées (limitation de la durée d'hébergement du tableur, modification du design, etc.). + **Version incluse :** 20201228~ynh2 From 0777e678d217505c7e5b5dafb513d9fe2885adf4 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 8 Sep 2021 22:23:40 +0200 Subject: [PATCH 5/6] Update manifest.json --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index 00f884c..faade0b 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Online web spreadsheet editor providing collaborative editing in really real-time", "fr": "Feuille de calcul collaborative en ligne" }, - "version": "20201228~ynh2", + "version": "20201228~ynh3", "url": "https://ethercalc.net/", "upstream": { "license": "CPAL-1.0", From 3a59166f8f9f879795fb50c3d61fd716c7a3dae4 Mon Sep 17 00:00:00 2001 From: Yunohost-Bot <> Date: Wed, 8 Sep 2021 20:23:46 +0000 Subject: [PATCH 6/6] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 12a4fe6..63e1920 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in EtherCalc is a collaborative spreadsheet that can be edited in real time. Each spreadsheet has its own URL. It has the basic functionalities: formatting, mathematical functions, graphics, adding comments, version history, export in HTML or in CSV. EtherCalc is a decentralized software: different instances allow the use of the service, they are made available by several organizations (for example the eponymous site or the FramaCalc service). This makes it possible to avoid concentrating all the data in the hands of the same actor. Instances can be personalized (limitation of the duration of hosting of the spreadsheet, modification of the design, etc.). -**Shipped version:** 20201228~ynh2 +**Shipped version:** 20201228~ynh3 **Demo:** https://ethercalc.net/ diff --git a/README_fr.md b/README_fr.md index 118cc27..9807594 100644 --- a/README_fr.md +++ b/README_fr.md @@ -14,7 +14,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour EtherCalc est un tableur collaboratif éditable en temps réel. Chaque tableur possède sa propre URL. Il dispose des fonctionnalités de base : mise en forme, fonctions mathématiques, graphiques, ajout de commentaires, historique des versions, export en HTML ou en CSV. EtherCalc est un logiciel décentralisé : différentes instances permettent d'utiliser le service, elles sont mises à disposition par plusieurs organisations (par exemple le site éponyme ou le service FramaCalc). Cela permet d'éviter de concentrer toutes les données entre les mains d'un même acteur. Les instances peuvent être personnalisées (limitation de la durée d'hébergement du tableur, modification du design, etc.). -**Version incluse :** 20201228~ynh2 +**Version incluse :** 20201228~ynh3 **Démo :** https://ethercalc.net/