diff --git a/README.md b/README.md index d10fcbc..e2e1095 100644 --- a/README.md +++ b/README.md @@ -69,8 +69,8 @@ To check if Galène can connect to the TURN server, connect to Galène as operat #### Supported architectures -* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/galene%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/galene/) -* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/galene%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/galene/) +* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/galene.svg)](https://ci-apps.yunohost.org/ci/apps/galene/) +* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/galene.svg)](https://ci-apps-arm.yunohost.org/ci/apps/galene/) ## Limitations diff --git a/README_fr.md b/README_fr.md index 4a0c64c..70ed87a 100644 --- a/README_fr.md +++ b/README_fr.md @@ -69,8 +69,8 @@ Pour vérifier si Galène peut se connecter au serveur TURN, connectez-vous à G #### Supported architectures -* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/galene%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/galene/) -* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/galene%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/galene/) +* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/galene.svg)](https://ci-apps.yunohost.org/ci/apps/galene/) +* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/galene.svg)](https://ci-apps-arm.yunohost.org/ci/apps/galene/) ## Limitations diff --git a/check_process b/check_process index ba2cc8f..3ddc082 100644 --- a/check_process +++ b/check_process @@ -23,7 +23,6 @@ upgrade=1 from_commit=c06f6235a93587e16524fa5b124e4d9e138a8109 backup_restore=1 multi_instance=0 - port_already_use=1 change_url=1 ;;; Options Email= diff --git a/manifest.json b/manifest.json index 4b01449..6a25fe0 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Videoconferencing server that is easy to deploy", "fr": "Serveur de visioconférence facile à déployer" }, - "version": "0.3.2~ynh3", + "version": "0.3.2~ynh4", "url": "https://galene.org/", "license": "MIT", "maintainer": { diff --git a/scripts/change_url b/scripts/change_url index e64cc7c..5ccf665 100755 --- a/scripts/change_url +++ b/scripts/change_url @@ -17,7 +17,7 @@ old_domain=$YNH_APP_OLD_DOMAIN old_path=$YNH_APP_OLD_PATH new_domain=$YNH_APP_NEW_DOMAIN -new_path=$YNH_APP_NEW_PATH +new_path="/" app=$YNH_APP_INSTANCE_NAME diff --git a/scripts/install b/scripts/install index d76b357..a978443 100755 --- a/scripts/install +++ b/scripts/install @@ -85,7 +85,6 @@ port=$(ynh_find_port --port=8443) turnserver_port=$(ynh_find_port --port=1194) # Open the ports -ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port ynh_exec_warn_less yunohost firewall allow Both $turnserver_port # Store opened ports @@ -215,13 +214,10 @@ mkdir -p "$groups" #================================================= ynh_add_config --template="../conf/passwd" --destination="$final_path/data/passwd" -ynh_store_file_checksum --file="$final_path/data/passwd" ynh_add_config --template="../conf/groupname.json" --destination="$final_path/groups/$group_name.json" -ynh_store_file_checksum --file="$final_path/groups/$group_name.json" ynh_add_config --template="../conf/ice-servers.json" --destination="$final_path/data/ice-servers.json" -ynh_store_file_checksum --file="$final_path/data/ice-servers.json" #================================================= # ADD SCRIPT FOR COTURN CRON AND APP SERVICE @@ -249,13 +245,15 @@ chmod -R u=rwX,g=rX,o= /etc/$app chmod 770 $final_path/Coturn_config_rotate.sh setfacl -R -m user:turnserver:rX /etc/$app setfacl -R -m user:turnserver:rwX /var/log/$app +chmod 600 $final_path/data/passwd +chmod 600 $final_path/data/ice-servers.json #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=2 -yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log" --needs_exposed_ports $port +yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log" yunohost service add coturn-$app --description="Coturn TURN server" --log="/var/log/$app/turnserver.log" --needs_exposed_ports $turnserver_port #================================================= diff --git a/scripts/remove b/scripts/remove index 78cdef0..1035d54 100755 --- a/scripts/remove +++ b/scripts/remove @@ -87,11 +87,6 @@ ynh_remove_logrotate #================================================= ynh_script_progression --message="Closing ports..." --weight=1 -if yunohost firewall list | grep -q "\- $port$" -then - ynh_exec_warn_less yunohost firewall disallow TCP $port -fi - if yunohost firewall list | grep -q "\- $turnserver_port$" then ynh_exec_warn_less yunohost firewall disallow Both $turnserver_port diff --git a/scripts/restore b/scripts/restore index a4c0dd8..8b77157 100755 --- a/scripts/restore +++ b/scripts/restore @@ -96,7 +96,7 @@ systemctl enable coturn-$app.service --quiet #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=2 -yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log" --needs_exposed_ports $port +yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log" yunohost service add coturn-$app --description="Coturn TURN server" --log="/var/log/$app/turnserver.log" --needs_exposed_ports $turnserver_port #================================================= @@ -127,7 +127,6 @@ fi #================================================= # Ouvre le port dans le firewall -ynh_exec_warn_less yunohost firewall allow --no-upnp TCP $port ynh_exec_warn_less yunohost firewall allow Both $turnserver_port #================================================= @@ -146,6 +145,9 @@ chmod -R u=rwX,g=rX,o= /etc/$app chmod 770 $final_path/Coturn_config_rotate.sh setfacl -R -m user:turnserver:rX /etc/$app setfacl -R -m user:turnserver:rwX /var/log/$app +# Set permissions on config files +chmod 600 $final_path/data/passwd +chmod 600 $final_path/data/ice-servers.json #================================================= # RESTORE THE LOGROTATE CONFIGURATION diff --git a/scripts/upgrade b/scripts/upgrade index 9f75f7e..dcf9e1d 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -37,6 +37,12 @@ upgrade_type=$(ynh_check_app_version_changed) #================================================= ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 +# If open, close direct access to $port in firewall +if yunohost firewall list | grep -q "\- $port$" +then + ynh_exec_warn_less yunohost firewall disallow TCP $port +fi + # If final_path doesn't exist, create it if [ -z "$final_path" ]; then final_path=/opt/yunohost/$app @@ -110,13 +116,11 @@ then # Remove the tmp directory securely ynh_secure_remove --file="$tmpdir" - ynh_backup_if_checksum_is_different --file="$final_path/data/passwd" ynh_add_config --template="../conf/passwd" --destination="$final_path/data/passwd" - ynh_store_file_checksum --file="$final_path/data/passwd" + chmod 600 $final_path/data/passwd - ynh_backup_if_checksum_is_different --file="$final_path/data/ice-servers.json" ynh_add_config --template="../conf/ice-servers.json" --destination="$final_path/data/ice-servers.json" - ynh_store_file_checksum --file="$final_path/data/ice-servers.json" + chmod 600 $final_path/data/ice-servers.json # Recreate certificates pushd "$final_path/data" @@ -252,7 +256,6 @@ ynh_add_systemd_config # Set permissions on app files chown -R $app: $final_path chmod -R 755 $final_path -chown -R $app /var/log/$app chown -R $app:root /etc/$app chown turnserver:root $coturn_config_path chmod -R u=rwX,g=rX,o= /etc/$app @@ -273,7 +276,7 @@ ynh_use_logrotate --non-append #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=2 -yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log" --needs_exposed_ports $port +yunohost service add $app --description="Videoconferencing server" --log="/var/log/$app/$app.log" yunohost service add coturn-$app --description="Coturn TURN server" --log="/var/log/$app/turnserver.log" --needs_exposed_ports $turnserver_port #=================================================