Merge remote-tracking branch 'origin/testing' into example

2024-09-03 20:36:22 +02:00 · 2022-05-29 17:53:51 +02:00 · 2022-05-29 17:53:51 +02:00 · 575ccc32d2
commit 575ccc32d2
parent 7ea357724f 670c65e3ca
25 changed files with 188 additions and 23 deletions
--- a/.github/ISSUE_TEMPLATE.md
+++ b/.github/ISSUE_TEMPLATE.md
@ -0,0 +1,55 @@
+---
+name: Bug report
+about: When creating a bug report, please use the following template to provide all the relevant information and help debugging efficiently.
+
+---
+
+**How to post a meaningful bug report**
+1. *Read this whole template first.*
+2. *Determine if you are on the right place:*
+   - *If you were performing an action on the app from the webadmin or the CLI (install, update, backup, restore, change_url...), you are on the right place!*
+   - *Otherwise, the issue may be due to the app itself. Refer to its documentation or repository for help.*
+   - *When in doubt, post here and we will figure it out together.*
+3. *Delete the italic comments as you write over them below, and remove this guide.*
+--- 
+
+### Describe the bug
+
+*A clear and concise description of what the bug is.*
+
+### Context
+
+- Hardware: *VPS bought online / Old laptop or computer / Raspberry Pi at home / Internet Cube with VPN / Other ARM board / ...*
+- YunoHost version: x.x.x
+- I have access to my server: *Through SSH | through the webadmin | direct access via keyboard / screen | ...*
+- Are you in a special context or did you perform some particular tweaking on your YunoHost instance?: *no / yes*
+  - If yes, please explain:
+- Using, or trying to install package version/branch:
+- If upgrading, current package version: *can be found in the admin, or with `yunohost app info $app_id`*
+
+### Steps to reproduce
+
+- *If you performed a command from the CLI, the command itself is enough. For example:*
+    ```sh
+    sudo yunohost app install the_app
+    ```
+- *If you used the webadmin, please perform the equivalent command from the CLI first.*
+- *If the error occurs in your browser, explain what you did:*
+   1. *Go to '...'*
+   2. *Click on '...'*
+   3. *Scroll down to '...'*
+   4. *See error*
+
+### Expected behavior
+
+*A clear and concise description of what you expected to happen. You can remove this section if the command above is enough to understand your intent.*
+
+### Logs
+
+*When an operation fails, YunoHost provides a simple way to share the logs.*
+- *In the webadmin, the error message contains a link to the relevant log page. On that page, you will be able to 'Share with Yunopaste'. If you missed it, the logs of previous operations are also available under Tools > Logs.*
+- *In command line, the command to share the logs is displayed at the end of the operation and looks like `yunohost log display [log name] --share`. If you missed it, you can find the log ID of a previous operation using `yunohost log list`.*
+
+*After sharing the log, please copypaste directly the link provided by YunoHost (to help readability, no need to copypaste the entire content of the log here, just the link is enough...)*
+
+*If applicable and useful, add screenshots to help explain your problem.*
--- a/.github/PULL_REQUEST_TEMPLATE.md
+++ b/.github/PULL_REQUEST_TEMPLATE.md
@ -0,0 +1,16 @@
+## Problem
+
+- *Description of why you made this PR*
+
+## Solution
+
+- *And how do you fix that problem*
+
+## PR Status
+
+- [ ] Code finished and ready to be reviewed/tested
+- [ ] The fix/enhancement were manually tested (if applicable)
+
+## Automatic tests
+
+Automatic tests can be triggered on https://ci-apps-dev.yunohost.org/ *after creating the PR*, by commenting "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!". (N.B. : for this to work you need to be a member of the Yunohost-Apps organization)
--- a/README.md
+++ b/README.md
@ -13,7 +13,7 @@ Overview

 Gitea is a fork of Gogs a self-hosted Git service written in Go. Alternative to Github.

-**Shipped version:** 1.14.5
+**Shipped version:** 1.16.4

 Screenshots
 -----------
@ -68,12 +68,6 @@ Host domain.tld
    port 2222 # change this with the port you use
 ```

-You will also need to add the `gitea` user in the ssh permission with this command:
-
-```
-sudo adduser gitea ssh.app
-```
-
 ### Architecture

 This package is compatible with amd64, i386 and arm. The package will try to detect it with the command uname -m and fail if it can't detect the architecture. If that happens please open an issue describing your hardware and the result of the command `uname -m`.
--- a/conf/app.ini
+++ b/conf/app.ini
@ -40,8 +40,8 @@ ENABLE_NOTIFY_MAIL     = true
 DISABLE_REGISTRATION   = true
 ENABLE_CAPTCHA         = false
 REQUIRE_SIGNIN_VIEW    = false
-ENABLE_REVERSE_PROXY_AUTHENTICATION = false
-ENABLE_REVERSE_PROXY_AUTO_REGISTERATION = false
+ENABLE_REVERSE_PROXY_AUTHENTICATION     = true
+ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = false

 [picture]
 AVATAR_UPLOAD_PATH = __DATA_PATH__/avatars
@ -73,3 +73,4 @@ XORM                = file
 INSTALL_LOCK = true
 SECRET_KEY   = __KEY__
 REVERSE_PROXY_AUTHENTICATION_USER = REMOTE_USER
+REVERSE_PROXY_TRUSTED_PROXIES     = 127.0.0.0/8,::1/128
--- a/conf/login_source.sql
+++ b/conf/login_source.sql
@ -1,5 +1,5 @@
 INSERT INTO `__APP__`.`login_source` 
-(`id`, `type`, `name`, `is_actived`, `cfg`, `created_unix`, `updated_unix`)
+(`id`, `type`, `name`, `is_active`, `cfg`, `created_unix`, `updated_unix`)
 VALUES
 ('1', '2', 'Yunohost LDAP', '1', '{"Name":"Yunohost LDAP","Host":"localhost","Port":389,"UseSSL":false,"BindDN":"","BindPassword":"","UserBase":"ou=users,dc=yunohost,dc=org","AttributeName":"givenName","AttributeSurname":"sn","AttributeMail":"mail","Filter":"(&(uid=%s)(objectClass=posixAccount)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))","AdminFilter":"(permission=cn=__APP__.admin,ou=permission,dc=yunohost,dc=org)","Enabled":true}', '1464014433', '1464015955')
 ON DUPLICATE KEY 
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@ -3,7 +3,6 @@ location __PATH__/ {
    proxy_pass                  http://localhost:__PORT__/;
    proxy_set_header            Host $host;
    proxy_buffering off;
-    fastcgi_param REMOTE_USER   $remote_user;
    client_max_body_size        200M;
    proxy_set_header X-Real-IP $remote_addr;

--- a/conf/source/arm.src
+++ b/conf/source/arm.src
@ -1,5 +1,5 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.14.5/gitea-1.14.5-linux-arm-6
-SOURCE_SUM=2808bea62a84389e123b94331de7b330f8b9b9149bff1e8758d6c7adae88ef5a
+SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.16.4/gitea-1.16.4-linux-arm-6
+SOURCE_SUM=ed5c2fd355c05111c74cdf1ac9f6d184071fa1cabf194cdd11b8eb945db87195
 SOURCE_SUM_PRG=sha256sum
 SOURCE_FILENAME=gitea
 SOURCE_EXTRACT=false
--- a/conf/source/arm64.src
+++ b/conf/source/arm64.src
@ -1,5 +1,5 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.14.5/gitea-1.14.5-linux-arm64
-SOURCE_SUM=43a9b559d8a080cbf55aac8961074a25018e83edfe70d7dc8666b9acff794b09
+SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.16.4/gitea-1.16.4-linux-arm64
+SOURCE_SUM=570e334a327f4dc1b8412bf0af6423efc52508300ef54a646d63d4838dba0273
 SOURCE_SUM_PRG=sha256sum
 SOURCE_FILENAME=gitea
 SOURCE_EXTRACT=false
--- a/conf/source/arm64_1.14.src
+++ b/conf/source/arm64_1.14.src
@ -0,0 +1,5 @@
+SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.14.6/gitea-1.14.6-linux-arm64
+SOURCE_SUM=d0e177368445748dcbfc3a082e2f1c68317d1490e11574224fb12ca01e91e15e
+SOURCE_SUM_PRG=sha256sum
+SOURCE_FILENAME=gitea
+SOURCE_EXTRACT=false
--- a/conf/source/arm64_1.15.src
+++ b/conf/source/arm64_1.15.src
@ -0,0 +1,5 @@
+SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.15.11/gitea-1.15.11-linux-arm64
+SOURCE_SUM=a41a702d24e463c44dbc57a30551938a5e4c9377995065aca07e9dfbb22d5afc
+SOURCE_SUM_PRG=sha256sum
+SOURCE_FILENAME=gitea
+SOURCE_EXTRACT=false
--- a/conf/source/arm_1.14.src
+++ b/conf/source/arm_1.14.src
@ -0,0 +1,5 @@
+SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.14.6/gitea-1.14.6-linux-arm-6
+SOURCE_SUM=4c075c11ee6b89b6c436c94e47290cf7daeff2006bb7ca1fbe6f22db4482e16f
+SOURCE_SUM_PRG=sha256sum
+SOURCE_FILENAME=gitea
+SOURCE_EXTRACT=false
--- a/conf/source/arm_1.15.src
+++ b/conf/source/arm_1.15.src
@ -0,0 +1,5 @@
+SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.15.11/gitea-1.15.11-linux-arm-6
+SOURCE_SUM=c60d364d8cb7e25b341cb7d9988cbc7b3485ff5aa994e021980dc47996a870f9
+SOURCE_SUM_PRG=sha256sum
+SOURCE_FILENAME=gitea
+SOURCE_EXTRACT=false
--- a/conf/source/armv7.src
+++ b/conf/source/armv7.src
@ -1,8 +1,8 @@
 # The armv7 build is brocken
 # See : https://github.com/go-gitea/gitea/issues/6700
 # Use temporary the armv6 binary
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.14.5/gitea-1.14.5-linux-arm-6
-SOURCE_SUM=2808bea62a84389e123b94331de7b330f8b9b9149bff1e8758d6c7adae88ef5a
+SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.16.4/gitea-1.16.4-linux-arm-6
+SOURCE_SUM=ed5c2fd355c05111c74cdf1ac9f6d184071fa1cabf194cdd11b8eb945db87195
 SOURCE_SUM_PRG=sha256sum
 SOURCE_FILENAME=gitea
 SOURCE_EXTRACT=false
--- a/conf/source/armv7_1.14.src
+++ b/conf/source/armv7_1.14.src
@ -0,0 +1,8 @@
+# The armv7 build is brocken
+# See : https://github.com/go-gitea/gitea/issues/6700
+# Use temporary the armv6 binary
+SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.14.6/gitea-1.14.6-linux-arm-6
+SOURCE_SUM=4c075c11ee6b89b6c436c94e47290cf7daeff2006bb7ca1fbe6f22db4482e16f
+SOURCE_SUM_PRG=sha256sum
+SOURCE_FILENAME=gitea
+SOURCE_EXTRACT=false
--- a/conf/source/armv7_1.15.src
+++ b/conf/source/armv7_1.15.src
@ -0,0 +1,8 @@
+# The armv7 build is brocken
+# See : https://github.com/go-gitea/gitea/issues/6700
+# Use temporary the armv6 binary
+SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.15.11/gitea-1.15.11-linux-arm-6
+SOURCE_SUM=c60d364d8cb7e25b341cb7d9988cbc7b3485ff5aa994e021980dc47996a870f9
+SOURCE_SUM_PRG=sha256sum
+SOURCE_FILENAME=gitea
+SOURCE_EXTRACT=false
--- a/conf/source/i386.src
+++ b/conf/source/i386.src
@ -1,5 +1,5 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.14.5/gitea-1.14.5-linux-386
-SOURCE_SUM=4d144f146f85d8b87fd93809019e3d1fd1b691d1fcb1bd5ea3801e0dc5a87e84
+SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.16.4/gitea-1.16.4-linux-386
+SOURCE_SUM=016e4c7c99337edf4a44231e872aea4f29575a63efa9b15b39e3319efe962139
 SOURCE_SUM_PRG=sha256sum
 SOURCE_FILENAME=gitea
 SOURCE_EXTRACT=false
--- a/conf/source/i386_1.14.src
+++ b/conf/source/i386_1.14.src
@ -0,0 +1,5 @@
+SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.14.6/gitea-1.14.6-linux-386
+SOURCE_SUM=1a3382eb4faf60a5f5c590843f8e7cd1f7d0e78e99fe2511f86368340c0cfe2e
+SOURCE_SUM_PRG=sha256sum
+SOURCE_FILENAME=gitea
+SOURCE_EXTRACT=false
--- a/conf/source/i386_1.15.src
+++ b/conf/source/i386_1.15.src
@ -0,0 +1,5 @@
+SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.15.11/gitea-1.15.11-linux-386
+SOURCE_SUM=bad15648236e8da71de1a09b9fe0f21d955605c3aba92f6bcf7dc1f490791a8d
+SOURCE_SUM_PRG=sha256sum
+SOURCE_FILENAME=gitea
+SOURCE_EXTRACT=false
--- a/conf/source/x86-64.src
+++ b/conf/source/x86-64.src
@ -1,5 +1,5 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.14.5/gitea-1.14.5-linux-amd64
-SOURCE_SUM=8a6f7983bd47690e6087e14b7a32d6fb0b8868b137da0ea5edff28c32763ca6d
+SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.16.4/gitea-1.16.4-linux-amd64
+SOURCE_SUM=49f2469a7aabe3f5dc432b2c967e2d2c6c5c4fad6aae4c1ab4197ebbd159ddd1
 SOURCE_SUM_PRG=sha256sum
 SOURCE_FILENAME=gitea
 SOURCE_EXTRACT=false
--- a/conf/source/x86-64_1.14.src
+++ b/conf/source/x86-64_1.14.src
@ -0,0 +1,5 @@
+SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.14.6/gitea-1.14.6-linux-amd64
+SOURCE_SUM=20cc0a89421695320b077c9fe4f16996f03aaf9d24f661f8d2255794551c849b
+SOURCE_SUM_PRG=sha256sum
+SOURCE_FILENAME=gitea
+SOURCE_EXTRACT=false
--- a/conf/source/x86-64_1.15.src
+++ b/conf/source/x86-64_1.15.src
@ -0,0 +1,5 @@
+SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.15.11/gitea-1.15.11-linux-amd64
+SOURCE_SUM=e2f62b67c311116fbf8e52b4c162dbd7684ce9c7f0370642c1d402fece43aa8f
+SOURCE_SUM_PRG=sha256sum
+SOURCE_FILENAME=gitea
+SOURCE_EXTRACT=false
--- a/conf/systemd.service
+++ b/conf/systemd.service
@ -20,5 +20,35 @@ ExecStart=/opt/__APP__/gitea web
 Restart=always
 Environment=USER=__APP__ HOME=/home/__APP__

+# Sandboxing options to harden security
+# Depending on specificities of your service/app, you may need to tweak these 
+# .. but this should be a good baseline
+# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+DevicePolicy=closed
+ProtectSystem=full
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+LockPersonality=yes
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
+
+# Denying access to capabilities that should not be relevant for webapps
+# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
+CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
+CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
+CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
+CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
+CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
+CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
+CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
+CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG 
+
 [Install]
 WantedBy=multi-user.target
--- a/manifest.json
+++ b/manifest.json
@ -8,7 +8,7 @@
    },
    "url": "http://gitea.io",
    "license": "MIT",
-    "version": "1.14.5~ynh1",
+    "version": "1.16.4~ynh1",
    "maintainer": {
        "name": "Josué Tille",
        "email": "josue@tille.ch"
@ -63,7 +63,7 @@
                    "fr": "Est-ce un site public ?"
                },
 				"help": { 
-					"en": "A public server means that everybody is able to access to the pain page of the forge, on the public profile of the user and on the public repository. But you still can limit the access to each repository if you set it as private. Note that to be able to use the remote Git command (clone, pull, push) with HTTP and to use the API by (by example with a smartphone), you need to set this application as public.",
+					"en": "A public server means that everybody is able to access to the main page of the forge, on the public profile of the user and on the public repository. But you still can limit the access to each repository if you set it as private. Note that to be able to use the remote Git command (clone, pull, push) with HTTP and to use the API by (by example with a smartphone), you need to set this application as public.",
 					"fr": "Un serveur public signifie que tout le monde peut accéder à la page principale de la forge, au profil public des utilisateurs et aux dépôts publics. Vous pouvez également définir les dépôts comme étant privés. Notez que pour pouvoir utiliser les commandes Git distantes (clone, pull, push) avec HTTP et pour pouvoir utiliser l'API (par exemple avec un smartphone), vous devez paramétrer cette application comme étant publique."
 				},
                "default": true
--- a/scripts/install
+++ b/scripts/install
@ -66,6 +66,8 @@ ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass"
 # Add users
 ynh_script_progression --message="Configuring system user..."
 ynh_system_user_create --username=$app --home_dir=/home/$app --use_shell
+# Add ssh permission for gitea user
+adduser $app ssh.app

 # create needed directories
 create_dir
--- a/scripts/upgrade
+++ b/scripts/upgrade
@ -195,10 +195,19 @@ case $upstream_version in
    ynh_setup_source $final_path source/${architecture}_1.13
    restart_gitea
 ;&
+"1.13."* )
+    ynh_setup_source $final_path source/${architecture}_1.14
+    restart_gitea
+;&
+"1.14."* )
+    ynh_setup_source $final_path source/${architecture}_1.15
+    restart_gitea
+;&
 esac

 # Install gitea source
 ynh_setup_source $final_path source/$architecture
+restart_gitea

 # SETUP FAIL2BAN
 ynh_script_progression --message="Configuring fail2ban..."
@ -226,6 +235,9 @@ fi
 ynh_script_progression --message="Register gitea service..."
 yunohost service add "$app" --log "/var/log/$app/gitea.log"

+# Add ssh permission for gitea user
+adduser $app ssh.app
+
 # Set permissions
 ynh_script_progression --message="Protecting directory"
 set_permission