diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh deleted file mode 100644 index 1e22ce2..0000000 --- a/.github/workflows/updater.sh +++ /dev/null @@ -1,137 +0,0 @@ -#!/bin/bash - -#================================================= -# PACKAGE UPDATING HELPER -#================================================= - -# This script is meant to be run by GitHub Actions -# The YunoHost-Apps organisation offers a template Action to run this script periodically -# Since each app is different, maintainers can adapt its contents so as to perform -# automatic actions when a new upstream release is detected. - -exit 1 - -#================================================= -# FETCHING LATEST RELEASE AND ITS ASSETS -#================================================= - -# Fetching information -current_version=$(cat manifest.json | jq -j '.version|split("~")[0]') -repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]') -# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions) -version=$(curl --silent "https://api.github.com/repos/$repo/tags" | jq -r '.[] | .name' | sort -V | tail -1) -assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'")) - -# Later down the script, we assume the version has only digits and dots -# Sometimes the release name starts with a "v", so let's filter it out. -# You may need more tweaks here if the upstream repository has different naming conventions. -if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then - version=${version:1} -fi - -# Setting up the environment variables -echo "Current version: $current_version" -echo "Latest release from upstream: $version" -echo "VERSION=$version" >> $GITHUB_ENV -echo "REPO=$repo" >> $GITHUB_ENV -# For the time being, let's assume the script will fail -echo "PROCEED=false" >> $GITHUB_ENV - -# Proceed only if the retrieved version is greater than the current one -if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then - echo "::warning ::No new version available" - exit 0 -# Proceed only if a PR for this new version does not already exist -elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then - echo "::warning ::A branch already exists for this update" - exit 0 -fi - -# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.) -echo "${#assets[@]} available asset(s)" - -#================================================= -# UPDATE SOURCE FILES -#================================================= - -# Here we use the $assets variable to get the resources published in the upstream release. -# Here is an example for Grav, it has to be adapted in accordance with how the upstream releases look like. - -# Let's loop over the array of assets URLs -for asset_url in ${assets[@]}; do - - echo "Handling asset at $asset_url" - - # Assign the asset to a source file in conf/ directory - # Here we base the source file name upon a unique keyword in the assets url (admin vs. update) - # Leave $src empty to ignore the asset - case $asset_url in - *"admin"*) - src="app" - ;; - *"update"*) - src="app-upgrade" - ;; - *) - src="" - ;; - esac - - # If $src is not empty, let's process the asset - if [ ! -z "$src" ]; then - - # Create the temporary directory - tempdir="$(mktemp -d)" - - # Download sources and calculate checksum - filename=${asset_url##*/} - curl --silent -4 -L $asset_url -o "$tempdir/$filename" - checksum=$(sha256sum "$tempdir/$filename" | head -c 64) - - # Delete temporary directory - rm -rf $tempdir - - # Get extension - if [[ $filename == *.tar.gz ]]; then - extension=tar.gz - else - extension=${filename##*.} - fi - - # Rewrite source file - cat < conf/$src.src -SOURCE_URL=$asset_url -SOURCE_SUM=$checksum -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=$extension -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= -SOURCE_EXTRACT=true -EOT - echo "... conf/$src.src updated" - - else - echo "... asset ignored" - fi - -done - -#================================================= -# SPECIFIC UPDATE STEPS -#================================================= - -# Any action on the app's source code can be done. -# The GitHub Action workflow takes care of committing all changes after this script ends. - -#================================================= -# GENERIC FINALIZATION -#================================================= - -# Replace new version in manifest -echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json - -# No need to update the README, yunohost-bot takes care of it - -# The Action will proceed only if the PROCEED environment variable is set to true -echo "PROCEED=true" >> $GITHUB_ENV -exit 0 diff --git a/.github/workflows/updater.yml b/.github/workflows/updater.yml deleted file mode 100644 index a56d7cb..0000000 --- a/.github/workflows/updater.yml +++ /dev/null @@ -1,49 +0,0 @@ -# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected. -# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization. -# This file should be enough by itself, but feel free to tune it to your needs. -# It calls updater.sh, which is where you should put the app-specific update steps. -name: Check for new upstream releases -on: - # Allow to manually trigger the workflow - workflow_dispatch: - # Run it every day at 6:00 UTC - schedule: - - cron: '0 6 * * *' -jobs: - updater: - runs-on: ubuntu-latest - steps: - - name: Fetch the source code - uses: actions/checkout@v3 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - name: Run the updater script - id: run_updater - run: | - # Setting up Git user - git config --global user.name 'yunohost-bot' - git config --global user.email 'yunohost-bot@users.noreply.github.com' - # Run the updater script - /bin/bash .github/workflows/updater.sh - - name: Commit changes - id: commit - if: ${{ env.PROCEED == 'true' }} - run: | - git commit -am "Upgrade to v$VERSION" - - name: Create Pull Request - id: cpr - if: ${{ env.PROCEED == 'true' }} - uses: peter-evans/create-pull-request@v4 - with: - token: ${{ secrets.GITHUB_TOKEN }} - commit-message: Update to version ${{ env.VERSION }} - committer: 'yunohost-bot ' - author: 'yunohost-bot ' - signoff: false - base: testing - branch: ci-auto-update-v${{ env.VERSION }} - delete-branch: true - title: 'Upgrade to version ${{ env.VERSION }}' - body: | - Upgrade to v${{ env.VERSION }} - draft: false diff --git a/README.md b/README.md index 337e6f7..f30ba3e 100644 --- a/README.md +++ b/README.md @@ -29,7 +29,7 @@ Galène is a videoconference server (an “SFU”) that is easy to deploy and th - LDAP support -**Shipped version:** 0.6.2~ynh3 +**Shipped version:** 0.6.2~ynh4 **Demo:** https://galene.org:8443/ diff --git a/README_fr.md b/README_fr.md index 205a331..1a7870d 100644 --- a/README_fr.md +++ b/README_fr.md @@ -29,7 +29,7 @@ Galène est un serveur de visioconférence (un « SFU ») facile à déployer et - prise en charge LDAP -**Version incluse :** 0.6.2~ynh3 +**Version incluse :** 0.6.2~ynh4 **Démo :** https://galene.org:8443/ diff --git a/doc/ADMIN.md b/doc/ADMIN.md index 923ce96..ba56d5e 100644 --- a/doc/ADMIN.md +++ b/doc/ADMIN.md @@ -12,6 +12,27 @@ To create a new group, you need to create a `GroupNameExample.json` file and res When Galène is removed, the data directory (`__DATA_DIR__`) is preserved. If you want to remove it along with Galène app, use the `--purge` option: `sudo yunohost app remove galene --purge`. +#### Hashed passwords + +If you don’t wish to store cleartext passwords on the server, you may generate hashed passwords with the galene-password-generator utility: + +`./__INSTALL_DIR__/galene-password-generator your_password` + + +A user entry with a hashed password looks like this: +``` +{ + "username": "jch", + "password": { + "type": "pbkdf2", + "hash": "sha-256", + "key": "f591c35604e6aef572851d9c3543c812566b032b6dc083c81edd15cc24449913", + "salt": "92bff2ace56fe38f", + "iterations": 4096 + } +} +``` + ### Configuring your TURN server #### Using *Galène*'s internal TURN server diff --git a/doc/ADMIN_fr.md b/doc/ADMIN_fr.md index ec87b26..b61a8ea 100644 --- a/doc/ADMIN_fr.md +++ b/doc/ADMIN_fr.md @@ -12,6 +12,27 @@ Pour créer un nouveau groupe, vous devez créer un fichier `GroupNameExample.js Lorsque Galène est supprimé, le répertoire de données (`__DATA_DIR__`) est conservé. Si vous souhaitez le supprimer avec l'application Galène, utilisez l'option `--purge` : `sudo yunohost app remove galene --purge`. +#### Mots de passe hachés + +Si vous ne souhaitez pas stocker les mots de passe en clair sur le serveur, vous pouvez générer des mots de passe hachés avec l'utilitaire galene-password-generator : + +`./__INSTALL_DIR__/galene-password-generator votre_mot_de_passe` + +Une entrée utilisateur avec un mot de passe haché ressemble à ceci : + +``` +{ + "username": "jch", + "password": { + "type": "pbkdf2", + "hash": "sha-256", + "key": "f591c35604e6aef572851d9c3543c812566b032b6dc083c81edd15cc24449913", + "salt": "92bff2ace56fe38f", + "iterations": 4096 + } +} +``` + ### Configurer votre serveur TURN #### Utilisation du serveur TURN de *Galène* diff --git a/manifest.toml b/manifest.toml index cbd68a5..41765ec 100644 --- a/manifest.toml +++ b/manifest.toml @@ -5,7 +5,7 @@ name = "Galène" description.en = "Videoconferencing server that is easy to deploy" description.fr = "Serveur de visioconférence facile à déployer" -version = "0.6.2~ynh3" +version = "0.6.2~ynh4" maintainers = ["eric_G"] @@ -67,10 +67,13 @@ ram.runtime = "50M" [resources.sources.main] url = "https://github.com/jech/galene/archive/refs/tags/galene-0.6.2.tar.gz" sha256 = "7caedc1b2cb8cfeee0136e02c006d13d7b2b3cb9908685654c8cec020265428d" + autoupdate.strategy = "latest_github_tag" [resources.sources.ldap] url = "https://github.com/jech/galene-ldap/archive/33b8a930372388b2b8b506d2564516fb3eaf895a.tar.gz" sha256 = "00247712e4e7944fed42026f056f48eb59a95cf476c3ff1cb6e24c54469ce070" + autoupdate.upstream = "https://github.com/jech/galene-ldap" + autoupdate.strategy = "latest_github_commit" [resources.system_user]