From 22f92b688fd8fb50afc5558de93ef0cddec9190a Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Mon, 15 Feb 2021 11:37:42 +0100 Subject: [PATCH 1/8] Upgrade to version 1.8.8 --- README.md | 4 ++-- README_fr.md | 4 ++-- check_process | 5 +++-- conf/app.src | 4 ++-- manifest.json | 2 +- scripts/install | 23 +++++------------------ scripts/upgrade | 11 ++--------- 7 files changed, 17 insertions(+), 36 deletions(-) diff --git a/README.md b/README.md index 8421a61..bc1fb30 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to ## Overview Etherpad allows you to edit documents collaboratively in real-time, much like a live multi-player editor that runs in your browser. Write articles, press releases, to-do lists, etc. together with your friends, fellow students or colleagues, all working on the same document at the same time. -**Shipped version:** 1.8.7 +**Shipped version:** 1.8.8 ## Screenshots @@ -32,7 +32,7 @@ You can access Etherpad's admin panel at `domain.tld/admin`. The configuration f ## Documentation - * Official documentation: http://etherpad.org/doc/v1.8.7 + * Official documentation: http://etherpad.org/doc/v1.8.8 * YunoHost documentation: https://yunohost.org/#/app_etherpad ## YunoHost specific features diff --git a/README_fr.md b/README_fr.md index 4780b48..250abbe 100644 --- a/README_fr.md +++ b/README_fr.md @@ -14,7 +14,7 @@ Si vous n'avez pas YunoHost, merci de regarder [ici](https://yunohost.org/#/inst ## Résumé Etherpad vous permet d'éditer des documents de manière collaborative en temps réel, un peu comme un éditeur multi-joueurs en direct qui s'exécute dans votre navigateur. Rédigez des articles, des communiqués de presse, des listes de choses à faire, etc. avec vos amis, camarades ou collègues, tous travaillant sur le même document en même temps. -**Version embarquée :** 1.8.7 +**Version embarquée :** 1.8.8 ## Captures d'écran @@ -32,7 +32,7 @@ Vous pouvez accéder au panneau d'administration d'Etherpad à l'adresse `domain ## Documentation - * Documentation officielle : http://etherpad.org/doc/v1.8.7 + * Documentation officielle : http://etherpad.org/doc/v1.8.8 * Documentation YunoHost : https://yunohost.org/#/app_etherpad ## Fonctionnalités spécifiques à YunoHost diff --git a/check_process b/check_process index 12788aa..34cdadc 100644 --- a/check_process +++ b/check_process @@ -20,6 +20,7 @@ setup_private=1 setup_public=1 upgrade=1 + upgrade=1 from_commit=a343540d462848e87329bc81ec68ac73289dc0a1 backup_restore=1 multi_instance=1 port_already_use=0 @@ -28,6 +29,6 @@ Email= Notification=none ;;; Upgrade options - ; commit=CommitHash - name=Name and date of the commit. + ; commit=a343540d462848e87329bc81ec68ac73289dc0a1 + name=small Fixes manifest_arg=domain=DOMAIN&path=PATH&admin=USER&language=fr&is_public=1&password=pass&port=9001& diff --git a/conf/app.src b/conf/app.src index 43caaf7..8bbfa8d 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/ether/etherpad-lite/archive/1.8.7.tar.gz -SOURCE_SUM=39212e8b2ab025643367664238279ba189104ddadf8f18db8feb02ceda538867 +SOURCE_URL=https://github.com/ether/etherpad-lite/archive/1.8.8.tar.gz +SOURCE_SUM=20c9c63504e9a53ed5f5eb7c3fb80df1ac916cce22ce272135c6f15fe7ea4da1 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/manifest.json b/manifest.json index 3b2bb2c..8ff9192 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Online editor providing collaborative editing in real-time.", "fr": "Éditeur en ligne fournissant l'édition collaborative en temps réel." }, - "version": "1.8.7~ynh2", + "version": "1.8.8~ynh1", "url": "https://etherpad.org/", "license": "Apache-2.0", "maintainer": { diff --git a/scripts/install b/scripts/install index b87daba..d8326f3 100644 --- a/scripts/install +++ b/scripts/install @@ -69,7 +69,7 @@ ynh_app_setting_set --app=$app --key=port --value=$port #================================================= # INSTALL DEPENDENCIES #================================================= -ynh_script_progression --message="Installing dependencies..." --weight=12 +ynh_script_progression --message="Installing dependencies..." --weight=6 ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies @@ -85,8 +85,6 @@ ynh_app_setting_set --app=$app --key=db_name --value=$db_name ynh_psql_test_if_first_run ynh_psql_setup_db --db_user=$db_name --db_name=$db_name -db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -115,7 +113,7 @@ ynh_system_user_create --username=$app --home_dir=$final_path #================================================= # INSTALL ETHERPAD #================================================= -ynh_script_progression --message="Installing Etherpad..." --weight=60 +ynh_script_progression --message="Installing Etherpad..." --weight=2 chown -R $app: $final_path @@ -127,21 +125,10 @@ popd || ynh_die #================================================= # MODIFY A CONFIG FILE #================================================= -ynh_script_progression --message="Configuring Etherpad..." --weight=6 +ynh_script_progression --message="Configuring Etherpad..." --weight=60 -cp ../conf/settings.json $final_path/settings.json -ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$final_path/settings.json" -ynh_replace_string --match_string="__LANGUAGE__" --replace_string="$language" --target_file="$final_path/settings.json" - -cp ../conf/credentials.json $final_path/credentials.json -ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --target_file="$final_path/credentials.json" -ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$final_path/credentials.json" -ynh_replace_string --match_string="__ADMIN__" --replace_string="$admin" --target_file="$final_path/credentials.json" -ynh_replace_string --match_string="__PASSWORD__" --replace_string="$password" --target_file="$final_path/credentials.json" - -#================================================= -# STORE THE CONFIG FILE CHECKSUM -#================================================= +ynh_add_config --template="../conf/settings.json" --destination="$final_path/settings.json" +ynh_add_config --template="../conf/credentials.json" --destination="$final_path/credentials.json" # Calculate and store the config file checksum into the app settings ynh_store_file_checksum --file="$final_path/settings.json" diff --git a/scripts/upgrade b/scripts/upgrade index ac21571..6750370 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -139,15 +139,8 @@ popd || ynh_die #================================================= ynh_script_progression --message="Reconfiguring Etherpad..." --weight=6 -cp ../conf/settings.json $final_path/settings.json -ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$final_path/settings.json" -ynh_replace_string --match_string="__LANGUAGE__" --replace_string="$language" --target_file="$final_path/settings.json" - -cp ../conf/credentials.json $final_path/credentials.json -ynh_replace_string --match_string="__DB_NAME__" --replace_string="$db_name" --target_file="$final_path/credentials.json" -ynh_replace_string --match_string="__DB_PWD__" --replace_string="$db_pwd" --target_file="$final_path/credentials.json" -ynh_replace_string --match_string="__ADMIN__" --replace_string="$admin" --target_file="$final_path/credentials.json" -ynh_replace_string --match_string="__PASSWORD__" --replace_string="$password" --target_file="$final_path/credentials.json" +ynh_add_config --template="../conf/settings.json" --destination="$final_path/settings.json" +ynh_add_config --template="../conf/credentials.json" --destination="$final_path/credentials.json" #================================================= # GENERIC FINALIZATION From 01047ca2448b26ae41aa05d0217aee0d5ffc166b Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Mon, 15 Feb 2021 11:52:58 +0100 Subject: [PATCH 2/8] Update settings.json --- conf/settings.json | 98 +++++++++++++++++++++++++++++++++++----------- 1 file changed, 75 insertions(+), 23 deletions(-) diff --git a/conf/settings.json b/conf/settings.json index 6dd132a..e6f9f2f 100644 --- a/conf/settings.json +++ b/conf/settings.json @@ -232,12 +232,6 @@ */ "editOnly": false, - /* - * If set to true, those users who have a valid session will automatically be - * granted access to password protected pads. - */ - "sessionNoPassword": false, - /* * If true, all css & js will be minified before sending to the client. * @@ -308,6 +302,24 @@ */ "trustProxy": false, + /* + * Settings controlling the session cookie issued by Etherpad. + */ + "cookie": { + /* + * Value of the SameSite cookie property. "Lax" is recommended unless + * Etherpad will be embedded in an iframe from another site, in which case + * this must be set to "None". Note: "None" will not work (the browser will + * not send the cookie to Etherpad) unless https is used to access Etherpad + * (either directly or via a reverse proxy with "trustProxy" set to true). + * + * "Strict" is not recommended because it has few security benefits but + * significant usability drawbacks vs. "Lax". See + * https://stackoverflow.com/q/41841880 for discussion. + */ + "sameSite": "Lax" + }, + /* * Privacy: disable IP logging */ @@ -362,11 +374,62 @@ "percentageToScrollWhenUserPressesArrowUp": 0 }, + /* + * User accounts. These accounts are used by: + * - default HTTP basic authentication if no plugin handles authentication + * - some but not all authentication plugins + * - some but not all authorization plugins + * + * User properties: + * - password: The user's password. Some authentication plugins will ignore + * this. + * - is_admin: true gives access to /admin. Defaults to false. If you do not + * uncomment this, /admin will not be available! + * - readOnly: If true, this user will not be able to create new pads or + * modify existing pads. Defaults to false. + * - canCreate: If this is true and readOnly is false, this user can create + * new pads. Defaults to true. + * + * Authentication and authorization plugins may define additional properties. + * + * WARNING: passwords should not be stored in plaintext in this file. + * If you want to mitigate this, please install ep_hash_auth and + * follow the section "secure your installation" in README.md + */ + + /* + "users": { + "admin": { + // 1) "password" can be replaced with "hash" if you install ep_hash_auth + // 2) please note that if password is null, the user will not be created + "password": "changeme1", + "is_admin": true + }, + "user": { + // 1) "password" can be replaced with "hash" if you install ep_hash_auth + // 2) please note that if password is null, the user will not be created + "password": "changeme1", + "is_admin": false + } + }, + */ + /* * Restrict socket.io transport methods */ "socketTransportProtocols" : ["xhr-polling", "jsonp-polling", "htmlfile"], + "socketIo": { + /* + * Maximum permitted client message size (in bytes). All messages from + * clients that are larger than this will be rejected. Large values make it + * possible to paste large amounts of text, and plugins may require a larger + * value to work properly, but increasing the value increases susceptibility + * to denial of service attacks (malicious clients can exhaust memory). + */ + "maxHttpBufferSize": 10000 + }, + /* * Allow Load Testing tools to hit the Etherpad Instance. * @@ -408,21 +471,8 @@ */ "importMaxFileSize": 52428800, // 50 * 1024 * 1024 - /* - * From Etherpad 1.8.3 onwards import was restricted to authors who had - * content within the pad. - * - * This setting will override that restriction and allow any user to import - * without the requirement to add content to a pad. - * - * This setting is useful for when you use a plugin for authentication so you - * can already trust each user. - */ - "allowAnyoneToImport": false, - - /* - * From Etherpad 1.9.0 onwards, when Etherpad is in production mode commits from individual users are rate limited + * From Etherpad 1.8.5 onwards, when Etherpad is in production mode commits from individual users are rate limited * * The default is to allow at most 10 changes per IP in a 1 second window. * After that the change is rejected. @@ -433,7 +483,7 @@ // duration of the rate limit window (seconds) "duration": 1, - // maximum number of chanes per IP to allow during the rate limit window + // maximum number of changes per IP to allow during the rate limit window "points": 10 }, @@ -530,5 +580,7 @@ }, // logconfig /* Override any strings found in locale directories */ - "customLocaleStrings": {} -} + "customLocaleStrings": {}, + + /* Disable Admin UI tests */ + "enableAdminUITests": false \ No newline at end of file From 9f782db1d2aaaeb1dc7863639f65dcdf6a6bd02f Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Mon, 15 Feb 2021 12:40:54 +0100 Subject: [PATCH 3/8] Update settings.json --- conf/settings.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/conf/settings.json b/conf/settings.json index e6f9f2f..906af3c 100644 --- a/conf/settings.json +++ b/conf/settings.json @@ -583,4 +583,5 @@ "customLocaleStrings": {}, /* Disable Admin UI tests */ - "enableAdminUITests": false \ No newline at end of file + "enableAdminUITests": false +} From 2e6946bde150a18190387510bbcbe40c0bbe80e2 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Mon, 15 Feb 2021 12:42:26 +0100 Subject: [PATCH 4/8] Fix --- scripts/install | 2 +- scripts/upgrade | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/install b/scripts/install index d8326f3..d85f86f 100644 --- a/scripts/install +++ b/scripts/install @@ -119,7 +119,7 @@ chown -R $app: $final_path pushd $final_path || ynh_die ynh_use_nodejs - ynh_exec_as $app env "$ynh_node_load_PATH" bin/installDeps.sh + ynh_exec_as $app env "$ynh_node_load_PATH" src/bin/installDeps.sh popd || ynh_die #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 6750370..563eead 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -131,7 +131,7 @@ chown -R $app: $final_path pushd $final_path || ynh_die ynh_use_nodejs - ynh_exec_as $app env $ynh_node_load_PATH bin/installDeps.sh + ynh_exec_as $app env $ynh_node_load_PATH src/bin/installDeps.sh popd || ynh_die #================================================= From d4ba05bafde590074a4af2f213347026c875f14a Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Mon, 15 Feb 2021 13:56:09 +0100 Subject: [PATCH 5/8] Update upgrade --- scripts/upgrade | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index 563eead..522e509 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -122,6 +122,14 @@ ynh_script_progression --message="Making sure dedicated system user exists..." - # Create a dedicated user (if not existing) ynh_system_user_create --username=$app +#================================================= +# MODIFY A CONFIG FILE +#================================================= +ynh_script_progression --message="Reconfiguring Etherpad..." --weight=6 + +ynh_add_config --template="../conf/settings.json" --destination="$final_path/settings.json" +ynh_add_config --template="../conf/credentials.json" --destination="$final_path/credentials.json" + #================================================= # INSTALL ETHERPAD #================================================= @@ -131,17 +139,10 @@ chown -R $app: $final_path pushd $final_path || ynh_die ynh_use_nodejs + ynh_secure_remove --file="$final_path/bin" ynh_exec_as $app env $ynh_node_load_PATH src/bin/installDeps.sh popd || ynh_die -#================================================= -# MODIFY A CONFIG FILE -#================================================= -ynh_script_progression --message="Reconfiguring Etherpad..." --weight=6 - -ynh_add_config --template="../conf/settings.json" --destination="$final_path/settings.json" -ynh_add_config --template="../conf/credentials.json" --destination="$final_path/credentials.json" - #================================================= # GENERIC FINALIZATION #================================================= From cbab00065d8497998a270e7a18014687af66c1e3 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Mon, 15 Feb 2021 15:03:39 +0100 Subject: [PATCH 6/8] Update upgrade --- scripts/upgrade | 23 ++++++++++++++++++----- 1 file changed, 18 insertions(+), 5 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index 522e509..1fc7b93 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -137,11 +137,24 @@ ynh_script_progression --message="Installing Etherpad..." --weight=90 chown -R $app: $final_path -pushd $final_path || ynh_die - ynh_use_nodejs - ynh_secure_remove --file="$final_path/bin" - ynh_exec_as $app env $ynh_node_load_PATH src/bin/installDeps.sh -popd || ynh_die +# pushd $final_path || ynh_die +# ynh_use_nodejs +# ynh_exec_as $app env $ynh_node_load_PATH src/bin/installDeps.sh +# popd || ynh_die + +pushd $final_path + mkdir -p node_modules + cd node_modules + [ -e ep_etherpad-lite ] || ln -s $final_path/src ep_etherpad-lite + cd ep_etherpad-lite + npm ci --no-optional +popd || { + rm -rf $final_path/src/node_modules +} + +# Remove all minified data to force node creating it new + +rm -f $final_path/var/minified* #================================================= # GENERIC FINALIZATION From 4b2be8fccf70fd50f616da7521644d97801f26fe Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Mon, 15 Feb 2021 15:55:03 +0100 Subject: [PATCH 7/8] Update check_process --- check_process | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/check_process b/check_process index 34cdadc..121054c 100644 --- a/check_process +++ b/check_process @@ -20,7 +20,6 @@ setup_private=1 setup_public=1 upgrade=1 - upgrade=1 from_commit=a343540d462848e87329bc81ec68ac73289dc0a1 backup_restore=1 multi_instance=1 port_already_use=0 @@ -29,6 +28,6 @@ Email= Notification=none ;;; Upgrade options - ; commit=a343540d462848e87329bc81ec68ac73289dc0a1 - name=small Fixes + ; commit= + name= manifest_arg=domain=DOMAIN&path=PATH&admin=USER&language=fr&is_public=1&password=pass&port=9001& From d864115d038dc1c0d4f59fb59a7fc5ec0aabe444 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Mon, 15 Feb 2021 16:02:29 +0100 Subject: [PATCH 8/8] Fix --- scripts/install | 2 +- scripts/upgrade | 22 ++++------------------ 2 files changed, 5 insertions(+), 19 deletions(-) diff --git a/scripts/install b/scripts/install index d85f86f..68e5bf8 100644 --- a/scripts/install +++ b/scripts/install @@ -92,7 +92,7 @@ ynh_script_progression --message="Setting up source files..." --weight=1 ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source --dest_dir="$final_path" +ynh_setup_source --dest_dir=$final_path #================================================= # NGINX CONFIGURATION diff --git a/scripts/upgrade b/scripts/upgrade index 1fc7b93..490deb9 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -137,24 +137,10 @@ ynh_script_progression --message="Installing Etherpad..." --weight=90 chown -R $app: $final_path -# pushd $final_path || ynh_die -# ynh_use_nodejs -# ynh_exec_as $app env $ynh_node_load_PATH src/bin/installDeps.sh -# popd || ynh_die - -pushd $final_path - mkdir -p node_modules - cd node_modules - [ -e ep_etherpad-lite ] || ln -s $final_path/src ep_etherpad-lite - cd ep_etherpad-lite - npm ci --no-optional -popd || { - rm -rf $final_path/src/node_modules -} - -# Remove all minified data to force node creating it new - -rm -f $final_path/var/minified* +pushd $final_path || ynh_die + ynh_use_nodejs + ynh_exec_as $app env $ynh_node_load_PATH src/bin/installDeps.sh +popd || ynh_die #================================================= # GENERIC FINALIZATION