From 68f9b51d74430265d7fc6bcd6902a24dea4089d9 Mon Sep 17 00:00:00 2001
From: ericgaspar <junk.eg@free.fr>
Date: Wed, 29 Sep 2021 08:43:01 +0200
Subject: [PATCH 1/9] Update systemd.service

---
 conf/systemd.service | 30 ++++++++++++++++++++++++++++++
 1 file changed, 30 insertions(+)

diff --git a/conf/systemd.service b/conf/systemd.service
index 8b27b8c..2e6be3b 100644
--- a/conf/systemd.service
+++ b/conf/systemd.service
@@ -14,5 +14,35 @@ StandardOutput=append:/var/log/__APP__/etherpad.log
 StandardError=inherit
 Restart=always
 
+# Sandboxing options to harden security
+# Depending on specificities of your service/app, you may need to tweak these 
+# .. but this should be a good baseline
+# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+DevicePolicy=closed
+ProtectSystem=full
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+LockPersonality=yes
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
+
+# Denying access to capabilities that should not be relevant for webapps
+# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
+CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
+CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
+CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
+CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
+CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
+CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
+CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
+CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG 
+
 [Install]
 WantedBy=multi-user.target

From ee73602959dd1dbee5719a24e7f04458417b7120 Mon Sep 17 00:00:00 2001
From: ericgaspar <junk.eg@free.fr>
Date: Thu, 30 Sep 2021 23:31:59 +0200
Subject: [PATCH 2/9] Update change_url

---
 scripts/change_url | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/scripts/change_url b/scripts/change_url
index 5db8dbf..7d26331 100644
--- a/scripts/change_url
+++ b/scripts/change_url
@@ -6,6 +6,10 @@
 # IMPORT GENERIC HELPERS
 #=================================================
 
+if [ ${PACKAGE_CHECK_EXEC:-0} -eq 1 ]; then
+	sleep 60
+fi
+
 source _common.sh
 source /usr/share/yunohost/helpers
 

From 0389dd8255bd87c145693f7e4e5f387aaf4688ab Mon Sep 17 00:00:00 2001
From: ericgaspar <junk.eg@free.fr>
Date: Fri, 1 Oct 2021 09:24:03 +0200
Subject: [PATCH 3/9] Fix

---
 .github/workflows/updater.sh  | 3 ---
 .github/workflows/updater.yml | 3 ++-
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh
index 137b156..478d4a6 100644
--- a/.github/workflows/updater.sh
+++ b/.github/workflows/updater.sh
@@ -117,9 +117,6 @@ done
 #=================================================
 
 # Install moreutils, needed for sponge
-sudo apt-get install moreutils
-
-# Replace new version in manifest
 echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json
 
 # No need to update the README, yunohost-bot takes care of it
diff --git a/.github/workflows/updater.yml b/.github/workflows/updater.yml
index ca77fed..4508553 100644
--- a/.github/workflows/updater.yml
+++ b/.github/workflows/updater.yml
@@ -41,8 +41,9 @@ jobs:
           author: 'yunohost-bot <yunohost-bot@users.noreply.github.com>'
           signoff: false
           branch: ci-auto-update-v${{ env.VERSION }}
+          base: testing
           delete-branch: true
           title: 'Upgrade to version ${{ env.VERSION }}'
           body: |
-            Upgrade to v${{ env.VERSION }}
+            Upgrade etherpad_mypads to v${{ env.VERSION }}
           draft: false

From 83cbe9511a95d385ed2b1d6ea64ad61ab9389834 Mon Sep 17 00:00:00 2001
From: ericgaspar <junk.eg@free.fr>
Date: Fri, 1 Oct 2021 12:57:06 +0200
Subject: [PATCH 4/9] Update CHANGELOG.md

---
 CHANGELOG.md | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 2211760..afbc54b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,6 +1,15 @@
 Changelog
 =========
 
+
+## [1.8.14~ynh2]() - 2021-10-01
+
+#### Changed
+* [Harden systemd]()
+* [Fix login to admin page]()
+* [Add autoupdate mecanism]()
+* [Code clean up]()
+
 ## [1.8.14~ynh1]() - 2021-06-04
 
 #### Changed

From 93d7e5f4efcd1b76be3b17484ecb5d91691db909 Mon Sep 17 00:00:00 2001
From: ericgaspar <junk.eg@free.fr>
Date: Sun, 3 Oct 2021 19:38:33 +0200
Subject: [PATCH 5/9] Update CHANGELOG.md

---
 CHANGELOG.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index afbc54b..d7ef744 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,10 +5,10 @@ Changelog
 ## [1.8.14~ynh2]() - 2021-10-01
 
 #### Changed
-* [Harden systemd]()
-* [Fix login to admin page]()
-* [Add autoupdate mecanism]()
-* [Code clean up]()
+* [Harden systemd](https://github.com/YunoHost-Apps/etherpad_mypads_ynh/pull/149/commits/5900064ea950d98c0bf28e336a5e2d85012e5e52)
+* [Fix login to admin page](https://github.com/YunoHost-Apps/etherpad_mypads_ynh/pull/149/commits/3659fb84bcd52d16937a25998395e7889a731412)
+* [Add autoupdate mecanism](https://github.com/YunoHost-Apps/etherpad_mypads_ynh/pull/149/commits/b53b5830e5c3521db00fe2f4c8b8c1d953e5664a)
+* [Code clean up](https://github.com/YunoHost-Apps/etherpad_mypads_ynh/pull/149/commits/e4168cde0a8611a09ff5bfea6059bdc98a36af38)
 
 ## [1.8.14~ynh1]() - 2021-06-04
 

From 8166672be2b80dec41f9e3620071b7e67ed0edbb Mon Sep 17 00:00:00 2001
From: ericgaspar <junk.eg@free.fr>
Date: Mon, 4 Oct 2021 19:55:20 +0200
Subject: [PATCH 6/9] Update manifest.json

---
 manifest.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manifest.json b/manifest.json
index 836091f..720f65d 100644
--- a/manifest.json
+++ b/manifest.json
@@ -6,7 +6,7 @@
 		"en": "Online editor providing collaborative editing in real-time",
 		"fr": "Éditeur en ligne fournissant l'édition collaborative en temps réel"
 	},
-	"version": "1.8.14~ynh1",
+	"version": "1.8.14~ynh2",
 	"url": "http://etherpad.org",
 	"upstream": {
         "license": "Apache-2.0",

From f9ee0af620a8d043b49aa3ecaf2e6928517d47e0 Mon Sep 17 00:00:00 2001
From: Yunohost-Bot <>
Date: Mon, 4 Oct 2021 17:55:27 +0000
Subject: [PATCH 7/9] Auto-update README

---
 README.md    | 2 +-
 README_fr.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index b2f67d9..78585e7 100644
--- a/README.md
+++ b/README.md
@@ -17,7 +17,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
 
 Online editor providing collaborative editing in real-time
 
-**Shipped version:** 1.8.14~ynh1
+**Shipped version:** 1.8.14~ynh2
 
 **Demo:** https://video.etherpad.com
 
diff --git a/README_fr.md b/README_fr.md
index 23d5543..bac5a16 100644
--- a/README_fr.md
+++ b/README_fr.md
@@ -13,7 +13,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour
 
 Éditeur en ligne fournissant l'édition collaborative en temps réel
 
-**Version incluse :** 1.8.14~ynh1
+**Version incluse :** 1.8.14~ynh2
 
 **Démo :** https://video.etherpad.com
 

From 6eb6b6961914c18d4d8ebc2f2d92ae929fe226c2 Mon Sep 17 00:00:00 2001
From: ericgaspar <junk.eg@free.fr>
Date: Tue, 5 Oct 2021 08:10:51 +0200
Subject: [PATCH 8/9] Add description

---
 doc/DESCRIPTION.md    | 1 +
 doc/DESCRIPTION_fr.md | 1 +
 2 files changed, 2 insertions(+)
 create mode 100644 doc/DESCRIPTION.md
 create mode 100644 doc/DESCRIPTION_fr.md

diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md
new file mode 100644
index 0000000..5ecb79a
--- /dev/null
+++ b/doc/DESCRIPTION.md
@@ -0,0 +1 @@
+Etherpad is a real-time collaborative editor scalable to thousands of simultaneous real time users. It provides full data export capabilities, and runs on your server, under your control.
diff --git a/doc/DESCRIPTION_fr.md b/doc/DESCRIPTION_fr.md
new file mode 100644
index 0000000..d64f16b
--- /dev/null
+++ b/doc/DESCRIPTION_fr.md
@@ -0,0 +1 @@
+Etherpad est un éditeur collaboratif en temps réel évolutif pour des milliers d'utilisateurs simultanés en temps réel. Il fournit des capacités complètes d'exportation de données et s'exécute sur votre serveur, sous votre contrôle.

From 30b934e81dd649e3001291ba86708441d00a6aa7 Mon Sep 17 00:00:00 2001
From: Yunohost-Bot <>
Date: Tue, 5 Oct 2021 06:10:58 +0000
Subject: [PATCH 9/9] Auto-update README

---
 README.md    | 3 ++-
 README_fr.md | 3 ++-
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 78585e7..923acb0 100644
--- a/README.md
+++ b/README.md
@@ -15,7 +15,8 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
 
 ## Overview
 
-Online editor providing collaborative editing in real-time
+Etherpad is a real-time collaborative editor scalable to thousands of simultaneous real time users. It provides full data export capabilities, and runs on your server, under your control.
+
 
 **Shipped version:** 1.8.14~ynh2
 
diff --git a/README_fr.md b/README_fr.md
index bac5a16..b8da0b5 100644
--- a/README_fr.md
+++ b/README_fr.md
@@ -11,7 +11,8 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour
 
 ## Vue d'ensemble
 
-Éditeur en ligne fournissant l'édition collaborative en temps réel
+Etherpad est un éditeur collaboratif en temps réel évolutif pour des milliers d'utilisateurs simultanés en temps réel. Il fournit des capacités complètes d'exportation de données et s'exécute sur votre serveur, sous votre contrôle.
+
 
 **Version incluse :** 1.8.14~ynh2