From 26dd041d9a6defeb64f3d84e836a89ccaddb1cdc Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Tue, 10 Jan 2023 23:00:27 +0000 Subject: [PATCH 1/4] Auto-update README --- README.md | 21 +++++++++++---------- README_fr.md | 27 ++++++++++++++++----------- 2 files changed, 27 insertions(+), 21 deletions(-) diff --git a/README.md b/README.md index 7313020..c678fbd 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ It shall NOT be edited by hand. # Facilmap for YunoHost -[![Integration level](https://dash.yunohost.org/integration/facilmap.svg)](https://dash.yunohost.org/appci/app/facilmap) ![](https://ci-apps.yunohost.org/ci/badges/facilmap.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/facilmap.maintain.svg) +[![Integration level](https://dash.yunohost.org/integration/facilmap.svg)](https://dash.yunohost.org/appci/app/facilmap) ![Working status](https://ci-apps.yunohost.org/ci/badges/facilmap.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/facilmap.maintain.svg) [![Install Facilmap with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=facilmap) *[Lire ce readme en français.](./README_fr.md)* @@ -23,26 +23,27 @@ Collaborative maps and routing with a straightforward interface ## Screenshots -![](./doc/screenshots/screenshot.png) +![Screenshot of Facilmap](./doc/screenshots/screenshot.png) ## Documentation and resources -* Official app website: https://facilmap.org/ -* Official user documentation: https://docs.facilmap.org/users/ -* Official admin documentation: https://docs.facilmap.org/developers/ -* Upstream app code repository: https://github.com/FacilMap/facilmap -* YunoHost documentation for this app: https://yunohost.org/app_facilmap -* Report a bug: https://github.com/YunoHost-Apps/facilmap_ynh/issues +* Official app website: +* Official user documentation: +* Official admin documentation: +* Upstream app code repository: +* YunoHost documentation for this app: +* Report a bug: ## Developer info Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/facilmap_ynh/tree/testing). To try the testing branch, please proceed like that. -``` + +``` bash sudo yunohost app install https://github.com/YunoHost-Apps/facilmap_ynh/tree/testing --debug or sudo yunohost app upgrade facilmap -u https://github.com/YunoHost-Apps/facilmap_ynh/tree/testing --debug ``` -**More info regarding app packaging:** https://yunohost.org/packaging_apps \ No newline at end of file +**More info regarding app packaging:** diff --git a/README_fr.md b/README_fr.md index 03ac7e9..6e1abc4 100644 --- a/README_fr.md +++ b/README_fr.md @@ -1,10 +1,14 @@ + + # Facilmap pour YunoHost -[![Niveau d'intégration](https://dash.yunohost.org/integration/facilmap.svg)](https://dash.yunohost.org/appci/app/facilmap) ![](https://ci-apps.yunohost.org/ci/badges/facilmap.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/facilmap.maintain.svg) +[![Niveau d'intégration](https://dash.yunohost.org/integration/facilmap.svg)](https://dash.yunohost.org/appci/app/facilmap) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/facilmap.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/facilmap.maintain.svg) [![Installer Facilmap avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=facilmap) *[Read this readme in english.](./README.md)* -*[Lire ce readme en français.](./README_fr.md)* > *Ce package vous permet d'installer Facilmap rapidement et simplement sur un serveur YunoHost. Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.* @@ -19,26 +23,27 @@ Carte collaborative avec une interface simple et pratique ## Captures d'écran -![](./doc/screenshots/screenshot.png) +![Capture d'écran de Facilmap](./doc/screenshots/screenshot.png) ## Documentations et ressources -* Site officiel de l'app : https://facilmap.org/ -* Documentation officielle utilisateur : https://docs.facilmap.org/users/ -* Documentation officielle de l'admin : https://docs.facilmap.org/developers/ -* Dépôt de code officiel de l'app : https://github.com/FacilMap/facilmap -* Documentation YunoHost pour cette app : https://yunohost.org/app_facilmap -* Signaler un bug : https://github.com/YunoHost-Apps/facilmap_ynh/issues +* Site officiel de l'app : +* Documentation officielle utilisateur : +* Documentation officielle de l'admin : +* Dépôt de code officiel de l'app : +* Documentation YunoHost pour cette app : +* Signaler un bug : ## Informations pour les développeurs Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/facilmap_ynh/tree/testing). Pour essayer la branche testing, procédez comme suit. -``` + +``` bash sudo yunohost app install https://github.com/YunoHost-Apps/facilmap_ynh/tree/testing --debug ou sudo yunohost app upgrade facilmap -u https://github.com/YunoHost-Apps/facilmap_ynh/tree/testing --debug ``` -**Plus d'infos sur le packaging d'applications :** https://yunohost.org/packaging_apps \ No newline at end of file +**Plus d'infos sur le packaging d'applications :** From 3122b3c2923f81509cf9918c8afb9265ba02b32e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Wed, 11 Jan 2023 00:01:24 +0100 Subject: [PATCH 2/4] Systemd --- conf/systemd.service | 47 +++++++++++++++++++++++++++++++------------- manifest.json | 2 +- 2 files changed, 34 insertions(+), 15 deletions(-) diff --git a/conf/systemd.service b/conf/systemd.service index 09bd16c..321217d 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -16,21 +16,40 @@ StandardError=syslog SyslogIdentifier=__APP__ Restart=always -; Some security directives (inspired from peertube_ynh package) -; Mount /usr, /boot, and /etc as read-only for processes invoked by this service. +# Sandboxing options to harden security +# Depending on specificities of your service/app, you may need to tweak these +# .. but this should be a good baseline +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectClock=yes +ProtectHostname=yes +ProtectProc=invisible ProtectSystem=full -; Sets up a new /dev mount for the process and only adds API pseudo devices -; like /dev/null, /dev/zero or /dev/random but not physical devices. Disabled -; by default because it may not work on devices like the Raspberry Pi. -PrivateDevices=false -; Ensures that the service process and all its children can never gain new -; privileges through execve(). -NoNewPrivileges=true -; This makes /home, /root, and /run/user inaccessible and empty for processes invoked -; by this unit. Make sure that you do not depend on data inside these folders. -ProtectHome=false -; Drops the sys admin capability from the daemon. -CapabilityBoundingSet=~CAP_SYS_ADMIN +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallArchitectures=native +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG + [Install] WantedBy=multi-user.target diff --git a/manifest.json b/manifest.json index 3f539da..78cd3e9 100644 --- a/manifest.json +++ b/manifest.json @@ -23,7 +23,7 @@ "url": "https://squeak.eauchat.org" }, "requirements": { - "yunohost": ">= 4.3.0" + "yunohost": ">= 11.0.9" }, "multi_instance": true, "services": [ From 0ee10785de2e6644c0d016ec306047c7146197e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 27 Jan 2023 22:03:00 +0100 Subject: [PATCH 3/4] Update manifest.json --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index 78cd3e9..2f62a40 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Collaborative maps and routing with a straightforward interface", "fr": "Carte collaborative avec une interface simple et pratique" }, - "version": "3.4.0~ynh1", + "version": "3.4.0~ynh2", "url": "https://github.com/FacilMap/facilmap", "upstream": { "license": "AGPL-3.0", From 36da7ece89471280894f9da7a811f302d1d48ae4 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Fri, 27 Jan 2023 21:03:06 +0000 Subject: [PATCH 4/4] Auto-update README --- README.md | 4 ++-- README_fr.md | 22 +++++++++++----------- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/README.md b/README.md index c678fbd..6c62e45 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ It shall NOT be edited by hand. # Facilmap for YunoHost -[![Integration level](https://dash.yunohost.org/integration/facilmap.svg)](https://dash.yunohost.org/appci/app/facilmap) ![Working status](https://ci-apps.yunohost.org/ci/badges/facilmap.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/facilmap.maintain.svg) +[![Integration level](https://dash.yunohost.org/integration/facilmap.svg)](https://dash.yunohost.org/appci/app/facilmap) ![Working status](https://ci-apps.yunohost.org/ci/badges/facilmap.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/facilmap.maintain.svg) [![Install Facilmap with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=facilmap) *[Lire ce readme en français.](./README_fr.md)* @@ -17,7 +17,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Collaborative maps and routing with a straightforward interface -**Shipped version:** 3.4.0~ynh1 +**Shipped version:** 3.4.0~ynh2 **Demo:** https://facilmap.org/ diff --git a/README_fr.md b/README_fr.md index 6e1abc4..b1a83ef 100644 --- a/README_fr.md +++ b/README_fr.md @@ -5,32 +5,32 @@ It shall NOT be edited by hand. # Facilmap pour YunoHost -[![Niveau d'intégration](https://dash.yunohost.org/integration/facilmap.svg)](https://dash.yunohost.org/appci/app/facilmap) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/facilmap.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/facilmap.maintain.svg) +[![Niveau d’intégration](https://dash.yunohost.org/integration/facilmap.svg)](https://dash.yunohost.org/appci/app/facilmap) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/facilmap.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/facilmap.maintain.svg) [![Installer Facilmap avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=facilmap) *[Read this readme in english.](./README.md)* -> *Ce package vous permet d'installer Facilmap rapidement et simplement sur un serveur YunoHost. -Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.* +> *Ce package vous permet d’installer Facilmap rapidement et simplement sur un serveur YunoHost. +Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l’installer et en profiter.* -## Vue d'ensemble +## Vue d’ensemble Carte collaborative avec une interface simple et pratique -**Version incluse :** 3.4.0~ynh1 +**Version incluse :** 3.4.0~ynh2 **Démo :** https://facilmap.org/ -## Captures d'écran +## Captures d’écran -![Capture d'écran de Facilmap](./doc/screenshots/screenshot.png) +![Capture d’écran de Facilmap](./doc/screenshots/screenshot.png) ## Documentations et ressources -* Site officiel de l'app : +* Site officiel de l’app : * Documentation officielle utilisateur : -* Documentation officielle de l'admin : -* Dépôt de code officiel de l'app : +* Documentation officielle de l’admin : +* Dépôt de code officiel de l’app : * Documentation YunoHost pour cette app : * Signaler un bug : @@ -46,4 +46,4 @@ ou sudo yunohost app upgrade facilmap -u https://github.com/YunoHost-Apps/facilmap_ynh/tree/testing --debug ``` -**Plus d'infos sur le packaging d'applications :** +**Plus d’infos sur le packaging d’applications :** \ No newline at end of file