From cc7c50530879e26224c88f33124e468e2865a527 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Fri, 7 Jan 2022 00:29:13 +0100 Subject: [PATCH 1/4] Upgrade to 0.6.3~ynh1 --- README.md | 2 +- README_fr.md | 2 +- check_process | 6 +++++- conf/app.src | 4 ++-- manifest.json | 2 +- 5 files changed, 10 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index cc9750c..707e50c 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in A gemini server written in rust. -**Shipped version:** 0.4.5~ynh1 +**Shipped version:** 0.6.3~ynh1 diff --git a/README_fr.md b/README_fr.md index 065dc46..0a76e26 100644 --- a/README_fr.md +++ b/README_fr.md @@ -13,7 +13,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour -**Version incluse :** 0.4.5~ynh1 +**Version incluse :** 0.6.3~ynh1 diff --git a/check_process b/check_process index f4efec3..dbd140a 100644 --- a/check_process +++ b/check_process @@ -16,6 +16,8 @@ upgrade=1 # 0.4.4~ynh1 upgrade=1 from_commit=3fcde5a7829938763b393ac1e878929bdc35297f + # 0.4.5~ynh1 + upgrade=1 from_commit=d1e78f8cb47fc61dc3ede3e9cbb8445e364f0ab0 backup_restore=1 multi_instance=0 port_already_use=0 @@ -25,4 +27,6 @@ Email=yalh@yahoo.com Notification=all ;;; Upgrade options ; commit=3fcde5a7829938763b393ac1e878929bdc35297f - name=0.4.4~ynh1. + name=0.4.4~ynh1 + ; commit=d1e78f8cb47fc61dc3ede3e9cbb8445e364f0ab0 + name=0.4.5~ynh1 diff --git a/conf/app.src b/conf/app.src index ca65e49..9d95499 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://git.sr.ht/~int80h/gemserv/archive/v0.4.5.tar.gz -SOURCE_SUM=7aeb5edc8af6ebefc2331aebc0c360798711c2fb16ee9cbde8c5c4f9502c491f +SOURCE_URL=https://git.sr.ht/~int80h/gemserv/archive/v0.6.3.tar.gz +SOURCE_SUM=e84656f1a3274d2becdecd731afe767477ead7f2c265c0d7ae8ee9e8bc81ded8 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/manifest.json b/manifest.json index db210cb..37a6a15 100644 --- a/manifest.json +++ b/manifest.json @@ -5,7 +5,7 @@ "description": { "en": "A gemini server written in rust." }, - "version": "0.4.5~ynh1", + "version": "0.6.3~ynh1", "url": "https://git.sr.ht/~int80h/gemserv/", "upstream": { "license": "MIT", From a8db5a0b5d8c683e4399cffa0781a673873f04a3 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Fri, 7 Jan 2022 00:42:59 +0100 Subject: [PATCH 2/4] Apply last example_ynh --- README.md | 2 -- README_fr.md | 74 -------------------------------------------- check_process | 5 --- conf/systemd.service | 30 ++++++++++++++++++ doc/DESCRIPTION.md | 1 + manifest.json | 2 +- scripts/install | 6 ++-- scripts/remove | 16 +++++----- scripts/restore | 16 +++++----- scripts/upgrade | 6 ++-- 10 files changed, 54 insertions(+), 104 deletions(-) delete mode 100644 README_fr.md create mode 100644 doc/DESCRIPTION.md diff --git a/README.md b/README.md index 707e50c..ad1627a 100644 --- a/README.md +++ b/README.md @@ -8,8 +8,6 @@ It shall NOT be edited by hand. [![Integration level](https://dash.yunohost.org/integration/gemserv.svg)](https://dash.yunohost.org/appci/app/gemserv) ![](https://ci-apps.yunohost.org/ci/badges/gemserv.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/gemserv.maintain.svg) [![Install Gemserv with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=gemserv) -*[Lire ce readme en français.](./README_fr.md)* - > *This package allows you to install Gemserv quickly and simply on a YunoHost server. If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.* diff --git a/README_fr.md b/README_fr.md deleted file mode 100644 index 0a76e26..0000000 --- a/README_fr.md +++ /dev/null @@ -1,74 +0,0 @@ -# Gemserv pour YunoHost - -[![Niveau d'intégration](https://dash.yunohost.org/integration/gemserv.svg)](https://dash.yunohost.org/appci/app/gemserv) ![](https://ci-apps.yunohost.org/ci/badges/gemserv.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/gemserv.maintain.svg) -[![Installer Gemserv avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=gemserv) - -*[Read this readme in english.](./README.md)* -*[Lire ce readme en français.](./README_fr.md)* - -> *Ce package vous permet d'installer Gemserv rapidement et simplement sur un serveur YunoHost. -Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.* - -## Vue d'ensemble - - - -**Version incluse :** 0.6.3~ynh1 - - - -## Avertissements / informations importantes - -* Other infos that people should be aware of, such as: - * Redirect TCP/1965 port to the server - * To add a gemini capsule, create a /etc/gemserv/config.d/example.toml - -``` -[[server]] -hostname = "youdomain.org" -dir = "/path/to/serv/" -key = "/etc/yunohost/certs/youdomain.org/key.pem" -cert = "/etc/yunohost/certs/youdomain.org/crt.pem" -# index is optional but defaults to index.gemini. The server will serve files -# ending in gemini or gmi. -index = "index.gmi" -# lang is optional -lang = "en" -# cgi is optional bool -cgi = true -# cgipath is optional and only checked if cgi is true. It restricts cgi to only -# this directory. -cgipath = "/path/to/cgi-bin/" -# scgi is optional -scgi = { "/scgi" = "localhost:4000" } -# cgienv is optional -cgienv = { "GIT_PROJECT_ROOT" = "/srv/git" } -# usrdir is optional. it'll look in /home/usr/public_gemini -usrdir = true -# proxy is optional -# path is what comes after the hostname e.g. example.com/path -proxy = { path = "localhost:1966" } -# proxy_all is optional -# It will send all requests to the specified server. It also supports streamming. -proxy_all = localhost:1967 -# redirect is optional -redirect = { "/redirect" = "/", "/newdomain" = "gemini://example.net" } -``` -## Documentations et ressources - -* Dépôt de code officiel de l'app : https://git.sr.ht/~int80h/gemserv -* Documentation YunoHost pour cette app : https://yunohost.org/app_gemserv -* Signaler un bug : https://github.com/YunoHost-Apps/gemserv_ynh/issues - -## Informations pour les développeurs - -Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/gemserv_ynh/tree/testing). - -Pour essayer la branche testing, procédez comme suit. -``` -sudo yunohost app install https://github.com/YunoHost-Apps/gemserv_ynh/tree/testing --debug -ou -sudo yunohost app upgrade gemserv -u https://github.com/YunoHost-Apps/gemserv_ynh/tree/testing --debug -``` - -**Plus d'infos sur le packaging d'applications :** https://yunohost.org/packaging_apps \ No newline at end of file diff --git a/check_process b/check_process index dbd140a..a75248c 100644 --- a/check_process +++ b/check_process @@ -1,8 +1,3 @@ -# See here for more information -# https://github.com/YunoHost/package_check#syntax-check_process-file - -# Move this file from check_process.default to check_process when you have filled it. - ;; Test complet ; Manifest port="1965" diff --git a/conf/systemd.service b/conf/systemd.service index 33c9d25..a7758cd 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -15,5 +15,35 @@ StandardError=inherit Restart=always RestartSec=5 +# Sandboxing options to harden security +# Depending on specificities of your service/app, you may need to tweak these +# .. but this should be a good baseline +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG + [Install] WantedBy=multi-user.target diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md new file mode 100644 index 0000000..241011b --- /dev/null +++ b/doc/DESCRIPTION.md @@ -0,0 +1 @@ +A gemini server written in rust. diff --git a/manifest.json b/manifest.json index 37a6a15..1d41bca 100644 --- a/manifest.json +++ b/manifest.json @@ -13,7 +13,7 @@ }, "license": "MIT", "maintainer": { - "name": "yalh76" + "name": "yalh76" }, "requirements": { "yunohost": ">= 4.1.3" diff --git a/scripts/install b/scripts/install index 91e0c93..250b2ae 100755 --- a/scripts/install +++ b/scripts/install @@ -61,7 +61,7 @@ ynh_install_app_dependencies $pkg_dependencies ynh_script_progression --message="Configuring system user..." # Create a system user -ynh_system_user_create --username=$app --home_dir="$final_path" +ynh_system_user_create --username=$app --home_dir=$final_path usermod -a -G ssl-cert $app @@ -89,14 +89,14 @@ ynh_script_progression --message="Making install..." # Install rustup with the toolchain needed by Gemserv pushd "$final_path" - sudo -u "$app" RUSTUP_HOME="$final_path"/.rustup CARGO_HOME="$final_path"/.cargo bash -c 'curl -sSf -L https://static.rust-lang.org/rustup.sh | sh -s -- -y --default-toolchain nightly' + ynh_exec_as "$app" RUSTUP_HOME="$final_path"/.rustup CARGO_HOME="$final_path"/.cargo bash -c 'curl -sSf -L https://static.rust-lang.org/rustup.sh | sh -s -- -y --default-toolchain nightly' popd export PATH="$PATH:$final_path/.cargo/bin:$final_path/.local/bin:/usr/local/sbin" # Compile Gemserv pushd "$final_path"/build - ynh_exec_warn_less sudo -u "$app" env PATH="$PATH" cargo build --release + ynh_exec_warn_less ynh_exec_as "$app" env PATH="$PATH" cargo build --release popd # Install Gemserv diff --git a/scripts/remove b/scripts/remove index 028ffac..fb7ba04 100755 --- a/scripts/remove +++ b/scripts/remove @@ -41,12 +41,12 @@ ynh_script_progression --message="Stopping and removing the systemd service..." ynh_remove_systemd_config #================================================= -# REMOVE DEPENDENCIES +# REMOVE LOGROTATE CONFIGURATION #================================================= -ynh_script_progression --message="Removing dependencies..." +ynh_script_progression --message="Removing logrotate configuration..." -# Remove metapackage and its dependencies -ynh_remove_app_dependencies +# Remove the app-specific logrotate config +ynh_remove_logrotate #================================================= # REMOVE APP MAIN DIR @@ -57,12 +57,12 @@ ynh_script_progression --message="Removing app main directory..." ynh_secure_remove --file="$final_path" #================================================= -# REMOVE LOGROTATE CONFIGURATION +# REMOVE DEPENDENCIES #================================================= -ynh_script_progression --message="Removing logrotate configuration..." +ynh_script_progression --message="Removing dependencies..." -# Remove the app-specific logrotate config -ynh_remove_logrotate +# Remove metapackage and its dependencies +ynh_remove_app_dependencies #================================================= # CLOSE A PORT diff --git a/scripts/restore b/scripts/restore index b4e97f6..bea2570 100755 --- a/scripts/restore +++ b/scripts/restore @@ -45,7 +45,7 @@ test ! -d $final_path \ ynh_script_progression --message="Recreating the dedicated system user..." # Create the dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" +ynh_system_user_create --username=$app --home_dir=$final_path #================================================= # RESTORE THE APP MAIN DIR @@ -83,6 +83,13 @@ ynh_script_progression --message="Restoring the systemd configuration..." ynh_restore_file --origin_path="/etc/systemd/system/$app.service" systemctl enable $app.service --quiet +#================================================= +# RESTORE THE LOGROTATE CONFIGURATION +#================================================= +ynh_script_progression --message="Restoring the logrotate configuration..." + +ynh_restore_file --origin_path="/etc/logrotate.d/$app" + #================================================= # INTEGRATE SERVICE IN YUNOHOST #================================================= @@ -97,13 +104,6 @@ ynh_script_progression --message="Starting a systemd service..." ynh_systemd_action --service_name=$app --action="start" --line_match="Started" --log_path="systemd" -#================================================= -# RESTORE THE LOGROTATE CONFIGURATION -#================================================= -ynh_script_progression --message="Restoring the logrotate configuration..." - -ynh_restore_file --origin_path="/etc/logrotate.d/$app" - #================================================= # GENERIC FINALIZATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index ac745a0..8b13bbc 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -59,7 +59,7 @@ ynh_script_progression --message="Ensuring downward compatibility..." ynh_script_progression --message="Making sure dedicated system user exists..." # Create a dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" +ynh_system_user_create --username=$app --home_dir=$final_path usermod -a -G ssl-cert $app @@ -99,14 +99,14 @@ if [ "$upgrade_type" == "UPGRADE_APP" ] then # Install rustup with the toolchain needed by Gemserv pushd "$final_path" - sudo -u "$app" RUSTUP_HOME="$final_path"/.rustup CARGO_HOME="$final_path"/.cargo bash -c 'curl -sSf -L https://static.rust-lang.org/rustup.sh | sh -s -- -y --default-toolchain nightly' + ynh_exec_as "$app" RUSTUP_HOME="$final_path"/.rustup CARGO_HOME="$final_path"/.cargo bash -c 'curl -sSf -L https://static.rust-lang.org/rustup.sh | sh -s -- -y --default-toolchain nightly' popd export PATH="$PATH:$final_path/.cargo/bin:$final_path/.local/bin:/usr/local/sbin" # Compile Gemserv pushd "$final_path"/build - ynh_exec_warn_less sudo -u "$app" env PATH="$PATH" cargo build --release + ynh_exec_warn_less ynh_exec_as "$app" env PATH="$PATH" cargo build --release popd # Install Gemserv From 08ac08d9b83be88727f26bcf97c788dd7bafb331 Mon Sep 17 00:00:00 2001 From: Yunohost-Bot <> Date: Thu, 6 Jan 2022 23:43:10 +0000 Subject: [PATCH 3/4] Auto-update README --- README.md | 3 +++ README_fr.md | 75 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 78 insertions(+) create mode 100644 README_fr.md diff --git a/README.md b/README.md index ad1627a..70b03a9 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,8 @@ It shall NOT be edited by hand. [![Integration level](https://dash.yunohost.org/integration/gemserv.svg)](https://dash.yunohost.org/appci/app/gemserv) ![](https://ci-apps.yunohost.org/ci/badges/gemserv.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/gemserv.maintain.svg) [![Install Gemserv with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=gemserv) +*[Lire ce readme en français.](./README_fr.md)* + > *This package allows you to install Gemserv quickly and simply on a YunoHost server. If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.* @@ -15,6 +17,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in A gemini server written in rust. + **Shipped version:** 0.6.3~ynh1 diff --git a/README_fr.md b/README_fr.md new file mode 100644 index 0000000..abef5e4 --- /dev/null +++ b/README_fr.md @@ -0,0 +1,75 @@ +# Gemserv pour YunoHost + +[![Niveau d'intégration](https://dash.yunohost.org/integration/gemserv.svg)](https://dash.yunohost.org/appci/app/gemserv) ![](https://ci-apps.yunohost.org/ci/badges/gemserv.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/gemserv.maintain.svg) +[![Installer Gemserv avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=gemserv) + +*[Read this readme in english.](./README.md)* +*[Lire ce readme en français.](./README_fr.md)* + +> *Ce package vous permet d'installer Gemserv rapidement et simplement sur un serveur YunoHost. +Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.* + +## Vue d'ensemble + +A gemini server written in rust. + + +**Version incluse :** 0.6.3~ynh1 + + + +## Avertissements / informations importantes + +* Other infos that people should be aware of, such as: + * Redirect TCP/1965 port to the server + * To add a gemini capsule, create a /etc/gemserv/config.d/example.toml + +``` +[[server]] +hostname = "youdomain.org" +dir = "/path/to/serv/" +key = "/etc/yunohost/certs/youdomain.org/key.pem" +cert = "/etc/yunohost/certs/youdomain.org/crt.pem" +# index is optional but defaults to index.gemini. The server will serve files +# ending in gemini or gmi. +index = "index.gmi" +# lang is optional +lang = "en" +# cgi is optional bool +cgi = true +# cgipath is optional and only checked if cgi is true. It restricts cgi to only +# this directory. +cgipath = "/path/to/cgi-bin/" +# scgi is optional +scgi = { "/scgi" = "localhost:4000" } +# cgienv is optional +cgienv = { "GIT_PROJECT_ROOT" = "/srv/git" } +# usrdir is optional. it'll look in /home/usr/public_gemini +usrdir = true +# proxy is optional +# path is what comes after the hostname e.g. example.com/path +proxy = { path = "localhost:1966" } +# proxy_all is optional +# It will send all requests to the specified server. It also supports streamming. +proxy_all = localhost:1967 +# redirect is optional +redirect = { "/redirect" = "/", "/newdomain" = "gemini://example.net" } +``` +## Documentations et ressources + +* Dépôt de code officiel de l'app : https://git.sr.ht/~int80h/gemserv +* Documentation YunoHost pour cette app : https://yunohost.org/app_gemserv +* Signaler un bug : https://github.com/YunoHost-Apps/gemserv_ynh/issues + +## Informations pour les développeurs + +Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/gemserv_ynh/tree/testing). + +Pour essayer la branche testing, procédez comme suit. +``` +sudo yunohost app install https://github.com/YunoHost-Apps/gemserv_ynh/tree/testing --debug +ou +sudo yunohost app upgrade gemserv -u https://github.com/YunoHost-Apps/gemserv_ynh/tree/testing --debug +``` + +**Plus d'infos sur le packaging d'applications :** https://yunohost.org/packaging_apps \ No newline at end of file From 3dbca98b0092fead9bf5da8b9c2b69b5b40f0530 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Mon, 10 Jan 2022 21:41:15 +0100 Subject: [PATCH 4/4] Update manifest.json --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index 1d41bca..375404a 100644 --- a/manifest.json +++ b/manifest.json @@ -16,7 +16,7 @@ "name": "yalh76" }, "requirements": { - "yunohost": ">= 4.1.3" + "yunohost": ">= 4.3.0" }, "multi_instance": false, "services": [