From b78995c6ed3a5de85b734bd9f2c9aa9d30cbe98c Mon Sep 17 00:00:00 2001 From: OniriCorpe Date: Mon, 15 Aug 2022 19:38:57 +0200 Subject: [PATCH 1/4] Improve systemd hardening --- conf/systemd.service | 8 ++++++-- manifest.json | 2 +- 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/conf/systemd.service b/conf/systemd.service index b7a961d..0c5bc1f 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -20,16 +20,20 @@ StandardError=inherit NoNewPrivileges=yes PrivateTmp=yes PrivateDevices=yes -RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK RestrictNamespaces=yes RestrictRealtime=yes DevicePolicy=closed +ProtectClock=yes +ProtectHostname=yes +ProtectProc=invisible ProtectSystem=full ProtectControlGroups=yes ProtectKernelModules=yes ProtectKernelTunables=yes LockPersonality=yes -SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap +SystemCallArchitectures=native +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged # Denying access to capabilities that should not be relevant for webapps # Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html diff --git a/manifest.json b/manifest.json index 1731a0f..618725a 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "An ActivityPub social network server, written in Golang.", "fr": "Un serveur de réseau social basé sur ActivityPub écrit en Golang." }, - "version": "0.3.8~ynh2", + "version": "0.3.8~ynh3", "url": "https://github.com/superseriousbusiness/gotosocial", "upstream": { "license": "AGPL-3.0-only", From 8a4bf31a71165b0d35b8b874c81935141dad5c9e Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Mon, 15 Aug 2022 17:39:04 +0000 Subject: [PATCH 2/4] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index e9e0b9b..2e8f1a6 100644 --- a/README.md +++ b/README.md @@ -24,7 +24,7 @@ With GoToSocial, you can keep in touch with your friends, post, read, and share Documentation is at [docs.gotosocial.org](https://docs.gotosocial.org). -**Shipped version:** 0.3.8~ynh2 +**Shipped version:** 0.3.8~ynh3 ## Screenshots diff --git a/README_fr.md b/README_fr.md index 8715564..9a627f1 100644 --- a/README_fr.md +++ b/README_fr.md @@ -24,7 +24,7 @@ Avec GoToSocial, vous pouvez rester en contact avec vos amis, publier, lire et p Vous pouvez consulter la documentation à l'adresse : [docs.gotosocial.org](https://docs.gotosocial.org). -**Version incluse :** 0.3.8~ynh2 +**Version incluse :** 0.3.8~ynh3 ## Captures d'écran From 7a79adf12e8992fffe86c0c0ade89d1d93fa7a63 Mon Sep 17 00:00:00 2001 From: OniriCorpe Date: Tue, 16 Aug 2022 19:13:01 +0200 Subject: [PATCH 3/4] ci-auto-update: ignore release candidates --- .github/workflows/updater.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh index 6aa3d2b..218e48e 100755 --- a/.github/workflows/updater.sh +++ b/.github/workflows/updater.sh @@ -41,6 +41,10 @@ echo "PROCEED=false" >> "$GITHUB_ENV" if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then echo "::warning ::No new version available" exit 0 +# Proceed only if the retrieved version is not a release candidate +elif [[ "$version" == *"rc"* ]] ; then + echo "::warning ::No new version available" + exit 0 # Proceed only if a PR for this new version does not already exist elif git ls-remote -q --exit-code --heads https://github.com/"$GITHUB_REPOSITORY".git ci-auto-update-v"$version" ; then echo "::warning ::A branch already exists for this update" From d007b4ffe2b22de1c74baf68970d245339f5725d Mon Sep 17 00:00:00 2001 From: OniriCorpe Date: Tue, 16 Aug 2022 20:11:36 +0200 Subject: [PATCH 4/4] alignment of the license to upsream --- manifest.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.json b/manifest.json index 618725a..2d15df9 100644 --- a/manifest.json +++ b/manifest.json @@ -16,7 +16,7 @@ "userdoc": "https://docs.gotosocial.org/en/latest/", "code": "https://github.com/superseriousbusiness/gotosocial" }, - "license": "WTFPL", + "license": "AGPL-3.0-only", "maintainer": { "name": "OniriCorpe", "email": ""