diff --git a/README.md b/README.md index 8421a61..bc1fb30 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to ## Overview Etherpad allows you to edit documents collaboratively in real-time, much like a live multi-player editor that runs in your browser. Write articles, press releases, to-do lists, etc. together with your friends, fellow students or colleagues, all working on the same document at the same time. -**Shipped version:** 1.8.7 +**Shipped version:** 1.8.8 ## Screenshots @@ -32,7 +32,7 @@ You can access Etherpad's admin panel at `domain.tld/admin`. The configuration f ## Documentation - * Official documentation: http://etherpad.org/doc/v1.8.7 + * Official documentation: http://etherpad.org/doc/v1.8.8 * YunoHost documentation: https://yunohost.org/#/app_etherpad ## YunoHost specific features diff --git a/README_fr.md b/README_fr.md index 4780b48..250abbe 100644 --- a/README_fr.md +++ b/README_fr.md @@ -14,7 +14,7 @@ Si vous n'avez pas YunoHost, merci de regarder [ici](https://yunohost.org/#/inst ## Résumé Etherpad vous permet d'éditer des documents de manière collaborative en temps réel, un peu comme un éditeur multi-joueurs en direct qui s'exécute dans votre navigateur. Rédigez des articles, des communiqués de presse, des listes de choses à faire, etc. avec vos amis, camarades ou collègues, tous travaillant sur le même document en même temps. -**Version embarquée :** 1.8.7 +**Version embarquée :** 1.8.8 ## Captures d'écran @@ -32,7 +32,7 @@ Vous pouvez accéder au panneau d'administration d'Etherpad à l'adresse `domain ## Documentation - * Documentation officielle : http://etherpad.org/doc/v1.8.7 + * Documentation officielle : http://etherpad.org/doc/v1.8.8 * Documentation YunoHost : https://yunohost.org/#/app_etherpad ## Fonctionnalités spécifiques à YunoHost diff --git a/check_process b/check_process index 12788aa..121054c 100644 --- a/check_process +++ b/check_process @@ -28,6 +28,6 @@ Email= Notification=none ;;; Upgrade options - ; commit=CommitHash - name=Name and date of the commit. + ; commit= + name= manifest_arg=domain=DOMAIN&path=PATH&admin=USER&language=fr&is_public=1&password=pass&port=9001& diff --git a/conf/app.src b/conf/app.src index 43caaf7..8bbfa8d 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/ether/etherpad-lite/archive/1.8.7.tar.gz -SOURCE_SUM=39212e8b2ab025643367664238279ba189104ddadf8f18db8feb02ceda538867 +SOURCE_URL=https://github.com/ether/etherpad-lite/archive/1.8.8.tar.gz +SOURCE_SUM=20c9c63504e9a53ed5f5eb7c3fb80df1ac916cce22ce272135c6f15fe7ea4da1 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/conf/settings.json b/conf/settings.json index 6dd132a..906af3c 100644 --- a/conf/settings.json +++ b/conf/settings.json @@ -232,12 +232,6 @@ */ "editOnly": false, - /* - * If set to true, those users who have a valid session will automatically be - * granted access to password protected pads. - */ - "sessionNoPassword": false, - /* * If true, all css & js will be minified before sending to the client. * @@ -308,6 +302,24 @@ */ "trustProxy": false, + /* + * Settings controlling the session cookie issued by Etherpad. + */ + "cookie": { + /* + * Value of the SameSite cookie property. "Lax" is recommended unless + * Etherpad will be embedded in an iframe from another site, in which case + * this must be set to "None". Note: "None" will not work (the browser will + * not send the cookie to Etherpad) unless https is used to access Etherpad + * (either directly or via a reverse proxy with "trustProxy" set to true). + * + * "Strict" is not recommended because it has few security benefits but + * significant usability drawbacks vs. "Lax". See + * https://stackoverflow.com/q/41841880 for discussion. + */ + "sameSite": "Lax" + }, + /* * Privacy: disable IP logging */ @@ -362,11 +374,62 @@ "percentageToScrollWhenUserPressesArrowUp": 0 }, + /* + * User accounts. These accounts are used by: + * - default HTTP basic authentication if no plugin handles authentication + * - some but not all authentication plugins + * - some but not all authorization plugins + * + * User properties: + * - password: The user's password. Some authentication plugins will ignore + * this. + * - is_admin: true gives access to /admin. Defaults to false. If you do not + * uncomment this, /admin will not be available! + * - readOnly: If true, this user will not be able to create new pads or + * modify existing pads. Defaults to false. + * - canCreate: If this is true and readOnly is false, this user can create + * new pads. Defaults to true. + * + * Authentication and authorization plugins may define additional properties. + * + * WARNING: passwords should not be stored in plaintext in this file. + * If you want to mitigate this, please install ep_hash_auth and + * follow the section "secure your installation" in README.md + */ + + /* + "users": { + "admin": { + // 1) "password" can be replaced with "hash" if you install ep_hash_auth + // 2) please note that if password is null, the user will not be created + "password": "changeme1", + "is_admin": true + }, + "user": { + // 1) "password" can be replaced with "hash" if you install ep_hash_auth + // 2) please note that if password is null, the user will not be created + "password": "changeme1", + "is_admin": false + } + }, + */ + /* * Restrict socket.io transport methods */ "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"], + "socketIo": { + /* + * Maximum permitted client message size (in bytes). All messages from + * clients that are larger than this will be rejected. Large values make it + * possible to paste large amounts of text, and plugins may require a larger + * value to work properly, but increasing the value increases susceptibility + * to denial of service attacks (malicious clients can exhaust memory). + */ + "maxHttpBufferSize": 10000 + }, + /* * Allow Load Testing tools to hit the Etherpad Instance. * @@ -408,21 +471,8 @@ */ "importMaxFileSize": 52428800, // 50 * 1024 * 1024 - /* - * From Etherpad 1.8.3 onwards import was restricted to authors who had - * content within the pad. - * - * This setting will override that restriction and allow any user to import - * without the requirement to add content to a pad. - * - * This setting is useful for when you use a plugin for authentication so you - * can already trust each user. - */ - "allowAnyoneToImport": false, - - /* - * From Etherpad 1.9.0 onwards, when Etherpad is in production mode commits from individual users are rate limited + * From Etherpad 1.8.5 onwards, when Etherpad is in production mode commits from individual users are rate limited * * The default is to allow at most 10 changes per IP in a 1 second window. * After that the change is rejected. @@ -433,7 +483,7 @@ // duration of the rate limit window (seconds) "duration": 1, - // maximum number of chanes per IP to allow during the rate limit window + // maximum number of changes per IP to allow during the rate limit window "points": 10 }, @@ -530,5 +580,8 @@ }, // logconfig /* Override any strings found in locale directories */ - "customLocaleStrings": {} + "customLocaleStrings": {}, + + /* Disable Admin UI tests */ + "enableAdminUITests": false } diff --git a/manifest.json b/manifest.json index 3b2bb2c..8ff9192 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Online editor providing collaborative editing in real-time.", "fr": "Éditeur en ligne fournissant l'édition collaborative en temps réel." }, - "version": "1.8.7~ynh2", + "version": "1.8.8~ynh1", "url": "https://etherpad.org/", "license": "Apache-2.0", "maintainer": { diff --git a/scripts/install b/scripts/install index b87daba..68e5bf8 100644 --- a/scripts/install +++ b/scripts/install @@ -69,7 +69,7 @@ ynh_app_setting_set --app=$app --key=port --value=$port #================================================= # INSTALL DEPENDENCIES #================================================= -ynh_script_progression --message="Installing dependencies..." --weight=12 +ynh_script_progression --message="Installing dependencies..." --weight=6 ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies @@ -85,8 +85,6 @@ ynh_app_setting_set --app=$app --key=db_name --value=$db_name ynh_psql_test_if_first_run ynh_psql_setup_db --db_user=$db_name --db_name=$db_name -db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -94,7 +92,7 @@ ynh_script_progression --message="Setting up source files..." --weight=1 ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source --dest_dir="$final_path" +ynh_setup_source --dest_dir=$final_path #================================================= # NGINX CONFIGURATION @@ -115,33 +113,22 @@ ynh_system_user_create --username=$app --home_dir=$final_path #================================================= # INSTALL ETHERPAD #================================================= -ynh_script_progression --message="Installing Etherpad..." --weight=60 +ynh_script_progression --message="Installing Etherpad..." --weight=2 chown -R $app: $final_path pushd $final_path || ynh_die ynh_use_nodejs - ynh_exec_as $app env "$ynh_node_load_PATH" bin/installDeps.sh + ynh_exec_as $app env "$ynh_node_load_PATH" src/bin/installDeps.sh popd || ynh_die #================================================= # MODIFY A CONFIG FILE #================================================= -ynh_script_progression --message="Configuring Etherpad..." --weight=6 +ynh_script_progression --message="Configuring Etherpad..." --weight=60 -cp ../conf/settings.json $final_path/settings.json -ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$final_path/settings.json" -ynh_replace_string --match_string="__LANGUAGE__" --replace_string="$language" --target_file="$final_path/settings.json" - -cp ../conf/credentials.json $final_path/credentials.json -ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --target_file="$final_path/credentials.json" -ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$final_path/credentials.json" -ynh_replace_string --match_string="__ADMIN__" --replace_string="$admin" --target_file="$final_path/credentials.json" -ynh_replace_string --match_string="__PASSWORD__" --replace_string="$password" --target_file="$final_path/credentials.json" - -#================================================= -# STORE THE CONFIG FILE CHECKSUM -#================================================= +ynh_add_config --template="../conf/settings.json" --destination="$final_path/settings.json" +ynh_add_config --template="../conf/credentials.json" --destination="$final_path/credentials.json" # Calculate and store the config file checksum into the app settings ynh_store_file_checksum --file="$final_path/settings.json" diff --git a/scripts/upgrade b/scripts/upgrade index ac21571..490deb9 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -122,6 +122,14 @@ ynh_script_progression --message="Making sure dedicated system user exists..." - # Create a dedicated user (if not existing) ynh_system_user_create --username=$app +#================================================= +# MODIFY A CONFIG FILE +#================================================= +ynh_script_progression --message="Reconfiguring Etherpad..." --weight=6 + +ynh_add_config --template="../conf/settings.json" --destination="$final_path/settings.json" +ynh_add_config --template="../conf/credentials.json" --destination="$final_path/credentials.json" + #================================================= # INSTALL ETHERPAD #================================================= @@ -131,24 +139,9 @@ chown -R $app: $final_path pushd $final_path || ynh_die ynh_use_nodejs - ynh_exec_as $app env $ynh_node_load_PATH bin/installDeps.sh + ynh_exec_as $app env $ynh_node_load_PATH src/bin/installDeps.sh popd || ynh_die -#================================================= -# MODIFY A CONFIG FILE -#================================================= -ynh_script_progression --message="Reconfiguring Etherpad..." --weight=6 - -cp ../conf/settings.json $final_path/settings.json -ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$final_path/settings.json" -ynh_replace_string --match_string="__LANGUAGE__" --replace_string="$language" --target_file="$final_path/settings.json" - -cp ../conf/credentials.json $final_path/credentials.json -ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --target_file="$final_path/credentials.json" -ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$final_path/credentials.json" -ynh_replace_string --match_string="__ADMIN__" --replace_string="$admin" --target_file="$final_path/credentials.json" -ynh_replace_string --match_string="__PASSWORD__" --replace_string="$password" --target_file="$final_path/credentials.json" - #================================================= # GENERIC FINALIZATION #=================================================