Upgrade to 0.12

conf/app.src

@@ -1,5 +1,5 @@
-SOURCE_URL=https://code.eliotberriot.com/funkwhale/funkwhale/repository/0.8/archive.tar.bz2
-SOURCE_SUM=c74287d46cd88880292fe5b5f1972a5bc393724e581bea015ff7808f13753bf4
+SOURCE_URL=https://code.eliotberriot.com/funkwhale/funkwhale/-/archive/0.12/funkwhale-0.12.tar.bz2
+SOURCE_SUM=5ef7a2cdc760f16f9fde818e1a17eff18bc59e47b985f405b85337d38f71ddaf
 SOURCE_SUM_PRG=sha256sum
 SOURCE_FORMAT=tar.bz2
 SOURCE_IN_SUBDIR=true

conf/env.prod

@@ -1,10 +1,14 @@
+# If you have any doubts about what a setting does,
+# check https://docs.funkwhale.audio/configuration.html#configuration-reference
+
 # If you're tweaking this file from the template, ensure you edit at least the
 # following variables:
 # - DJANGO_SECRET_KEY
 # - DJANGO_ALLOWED_HOSTS
 # - FUNKWHALE_URL
+# - EMAIL_CONFIG and DEFAULT_FROM_EMAIL if you plan to send emails)
 
-# Additionaly, on non-docker setup **only**, you'll also have to tweak/uncomment those variables:
+# On non-docker setup **only**, you'll also have to tweak/uncomment those variables:
 # - DATABASE_URL
 # - CACHE_URL
 # - STATIC_ROOT
@@ -20,6 +24,8 @@
 # You can comment or ignore this if you're not using docker
 # FUNKWHALE_VERSION=latest
 
+# In-place import, see https://code.eliotberriot.com/funkwhale/funkwhale/tags/0.10
+MUSIC_DIRECTORY_PATH=__FINALPATH__/data/music
 
 # General configuration
 # ---------------------
@@ -34,6 +40,24 @@ FUNKWHALE_API_PORT=__PORT__
 # your instance
 FUNKWHALE_URL=__DOMAIN__
 
+# Configure email sending using this variale
+# By default, funkwhale will output emails sent to stdout
+# here are a few examples for this setting
+# EMAIL_CONFIG=consolemail://         # output emails to console (the default)
+# EMAIL_CONFIG=dummymail://          # disable email sending completely
+# On a production instance, you'll usually want to use an external SMTP server:
+# EMAIL_CONFIG=smtp://user@:password@youremail.host:25
+# EMAIL_CONFIG=smtp+ssl://user@:password@youremail.host:465
+# EMAIL_CONFIG=smtp+tls://user@:password@youremail.host:587
+
+# The email address to use to send systme emails. By default, we will
+# DEFAULT_FROM_EMAIL=noreply@yourdomain
+
+# Depending on the reverse proxy used in front of your funkwhale instance,
+# the API will use different kind of headers to serve audio files
+# Allowed values: nginx, apache2
+REVERSE_PROXY_TYPE=nginx
+
 # API/Django configuration
 
 # Database configuration
@@ -76,9 +100,6 @@ DJANGO_SECRET_KEY=__KEY__
 # want to
 # DJANGO_ADMIN_URL=^api/admin/
 
-# If True, unauthenticated users won't be able to query the API
-API_AUTHENTICATION_REQUIRED=True
-
 # Sentry/Raven error reporting (server side)
 # Enable Raven if you want to help improve funkwhale by
 # automatically sending error reports our Sentry instance.

conf/funkwhale-beat.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=Funkwhale (__APP__) celery beat process
+After=redis.service postgresql.service
+PartOf=__APP__.target
+
+[Service]
+User=__APP__
+# adapt this depending on the path of your funkwhale installation
+WorkingDirectory=__FINALPATH__/api
+EnvironmentFile=__FINALPATH__/config/.env
+ExecStart=__FINALPATH__/virtualenv/bin/celery -A funkwhale_api.taskapp beat -l INFO
+
+[Install]
+WantedBy=multi-user.target

conf/funkwhale-server.service

@@ -8,7 +8,7 @@ User=__APP__
 # adapt this depending on the path of your funkwhale installation
 WorkingDirectory=__FINALPATH__/api
 EnvironmentFile=__FINALPATH__/config/.env
-ExecStart=__FINALPATH__/virtualenv/bin/daphne -b ${FUNKWHALE_API_IP} -p ${FUNKWHALE_API_PORT} config.asgi:application
+ExecStart=__FINALPATH__/virtualenv/bin/daphne -b ${FUNKWHALE_API_IP} -p ${FUNKWHALE_API_PORT} config.asgi:application --proxy-headers
 
 [Install]
 WantedBy=multi-user.target

conf/funkwhale.target

@@ -1,3 +1,3 @@
 [Unit]
 Description=Funkwhale (__APP__)
-Wants=__APP__-server.service __APP__-worker.service
+Wants=__APP__-server.service __APP__-worker.service __APP__-beat.service

conf/nginx.conf

@@ -18,9 +18,9 @@ location /federation/ {
 	proxy_pass   http://127.0.0.1:__PORT__/federation/;
 }
 
-location /.well-known/webfinger {
+location /.well-known/ {
 	include __FINALPATH__/deploy/funkwhale_proxy.conf;
-	proxy_pass   http://127.0.0.1:__PORT__/.well-known/webfinger;
+	proxy_pass   http://127.0.0.1:__PORT__/.well-known/;
 }
 
 location /media/ {
@@ -78,3 +78,13 @@ location /staticfiles/ {
 	# django static files
 	alias __FINALPATH__/data/static/;
 }
+
+location /rest/ {
+	include __FINALPATH__/deploy/funkwhale_proxy.conf;
+	proxy_pass   http://127.0.0.1:__PORT__/api/subsonic/rest/;
+}
+
+location /_protected/music {
+	internal;
+	alias   __FINALPATH__/data/music;
+}

manifest.json

@@ -3,12 +3,12 @@
 	"id": "funkwhale",
 	"packaging_format": 1,
 	"requirements": {
-		"yunohost": ">= 2.7.10"
+		"yunohost": ">= 2.7.12"
 	},
 	"description": {
 		"en": "A translation platform using Git and Python"
 	},
-	"version": "0.8.0-1",
+	"version": "0.12.0-1",
 	"url": "https://funkwhale.audio",
 	"license": "BSD-3-Clause",
 	"maintainer": {

scripts/_common.sh

@@ -217,7 +217,6 @@ ynh_psql_execute_file_as_root() {
 # | arg: pwd - Password of the database. If not given, a password will be generated
 ynh_psql_setup_db () {
 	db_user="$1"
-	app="$1"
 	db_name="$2"
 	new_db_pwd=$(ynh_string_random)	# Generate a random password
 	# If $3 is not given, use new_db_pwd instead for db_pwd.

scripts/install

@@ -73,14 +73,13 @@ ynh_install_app_dependencies build-essential curl ffmpeg \
 ynh_psql_test_if_first_run
 
 db_name=$(ynh_sanitize_dbid "$app")
+db_user=$db_name
 db_user_pwd=$(ynh_string_random)
 # Initialize database and store postgres password for upgrade
-ynh_psql_create_db "$db_name" "$app" "$db_user_pwd"
+ynh_psql_create_db "$db_name" "$db_user" "$db_user_pwd"
 ynh_app_setting_set "$app" db_name "$db_name"
 ynh_app_setting_set "$app" psqlpwd "$db_user_pwd"
 
-ynh_psql_execute_as_root "CREATE EXTENSION IF NOT EXISTS unaccent;"
-
 systemctl reload postgresql
 
 #=================================================
@@ -159,7 +158,7 @@ ynh_replace_string "__DBNAME__"    "$app"         "$configfile"
 ynh_replace_string "__FINALPATH__" "$final_path"  "$configfile"
 ynh_replace_string "__KEY__"       "$key"         "$configfile"
 
-cat > "$final_path/load_env" <<'EOL'
+cat > "$final_path/load_env" <<EOL
 #!/bin/bash
 export $(cat "$final_path/config/.env" | grep -v ^# | xargs)
 EOL
@@ -174,13 +173,19 @@ admin_mail=$(ynh_user_get_info "$admin" "mail")
 (
 	set +o nounset
 	source "${final_path}/virtualenv/bin/activate"
+	cat "${final_path}/load_env"
 	source "${final_path}/load_env"
 	set -o nounset
 	cd "$final_path"
+
+	# needed for enabling the 'unaccent' extension
+	ynh_psql_execute_as_root "ALTER USER $db_user WITH SUPERUSER;"
 	python api/manage.py migrate
+	ynh_psql_execute_as_root "ALTER USER $db_user WITH NOSUPERUSER;"
 	python api/manage.py createsuperuser \
 		--username "$admin" \
-		--email "$admin_mail"
+		--email "$admin_mail" \
+		--noinput
 	python api/manage.py collectstatic
 )
 
@@ -188,15 +193,41 @@ admin_mail=$(ynh_user_get_info "$admin" "mail")
 # SETUP SYSTEMD
 #=================================================
 
-# Create a dedicated systemd config
-ynh_add_systemd_config "$app-server" "funkwhale-server"
-ynh_add_systemd_config "$app-worker" "funkwhale-worker"
-
 cp ../conf/funkwhale.target "/etc/systemd/system/$app.target"
+# Create a dedicated systemd config
+ynh_add_systemd_config "$app-server" "funkwhale-server.service"
+ynh_add_systemd_config "$app-worker" "funkwhale-worker.service"
+ynh_add_systemd_config "$app-beat"   "funkwhale-beat.service"
 
-#=================================================
-# SETUP SYSTEMD
-#=================================================
-
-systemctl daemon-reload
+systemctl enable "$app".target
 systemctl start "$app".target
+
+#=================================================
+# GENERIC FINALIZATION
+#=================================================
+# SECURE FILES AND DIRECTORIES
+#=================================================
+
+# Set permissions to app files
+chown -R "$app": "$final_path"
+
+#=================================================
+# SETUP SSOWAT
+#=================================================
+
+if [ "$is_public" -eq 0 ]
+then	# Remove the public access
+	ynh_app_setting_delete "$app" skipped_uris
+fi
+# Make app public if necessary
+if [ "$is_public" -eq 1 ]
+then
+	# unprotected_uris allows SSO credentials to be passed anyway.
+	ynh_app_setting_set "$app" unprotected_uris "/"
+fi
+
+#=================================================
+# RELOAD NGINX
+#=================================================
+
+systemctl reload nginx

scripts/remove

@@ -29,6 +29,7 @@ final_path=$(ynh_app_setting_get $app final_path)
 # Remove the dedicated systemd config
 ynh_remove_systemd_config "$app-server"
 ynh_remove_systemd_config "$app-worker"
+ynh_remove_systemd_config "$app-beat"
 ynh_secure_remove "/etc/systemd/system/$app.target"
 
 #=================================================
@@ -44,7 +45,6 @@ ynh_remove_app_dependencies
 
 # Remove a database if it exists, along with the associated user
 ynh_psql_remove_db "$db_name" "$app"
-ynh_psql_execute_as_root "DROP EXTENSION IF EXISTS unaccent;"
 
 #=================================================
 # REMOVE DEPENDENCIES

sources/patches/app-001.patch

@@ -0,0 +1,42 @@
+diff --git a/api/funkwhale_api/users/models.py b/api/funkwhale_api/users/models.py
+index 773d60f38ebec50dd46cda63b05b37ac4659573c..f067a2a8b44b4bfbd61b8f7af86829301d178da0 100644
+--- a/api/funkwhale_api/users/models.py
++++ b/api/funkwhale_api/users/models.py
+@@ -1,8 +1,9 @@
+ # -*- coding: utf-8 -*-
+ from __future__ import unicode_literals, absolute_import
+
++import binascii
++import os
+ import uuid
+-import secrets
+
+ from django.conf import settings
+ from django.contrib.auth.models import AbstractUser
+@@ -14,6 +15,10 @@ from django.utils.translation import ugettext_lazy as _
+ from funkwhale_api.common import fields
+
+
++def get_token():
++    return binascii.b2a_hex(os.urandom(15)).decode('utf-8')
++
++
+ @python_2_unicode_compatible
+ class User(AbstractUser):
+
+@@ -58,7 +63,7 @@ class User(AbstractUser):
+         return self.secret_key
+
+     def update_subsonic_api_token(self):
+-        self.subsonic_api_token = secrets.token_hex(32)
++        self.subsonic_api_token = get_token()
+         return self.subsonic_api_token
+
+     def set_password(self, raw_password):
+diff --git a/changes/changelog.d/198.bugfix b/changes/changelog.d/198.bugfix
+new file mode 100644
+index 0000000000000000000000000000000000000000..dd2f4e8fc59c36fa232366e10c0723089345889d
+--- /dev/null
++++ b/changes/changelog.d/198.bugfix
+@@ -0,0 +1 @@
++Removed Python 3.6 dependency (secrets module) (#198)