diff --git a/check_process b/check_process index f176d51..9252357 100644 --- a/check_process +++ b/check_process @@ -1,15 +1,10 @@ -# See here for more information -# https://github.com/YunoHost/package_check#syntax-check_process-file - -# Move this file from check_process.default to check_process when you have filled it. - ;; Test complet ; Manifest - domain="domain.tld" (DOMAIN) - path="/path" (PATH) - admin="john" (USER) - language="fr" (LANGUAGE) - is_public=1 (PUBLIC|public=1|private=0) + domain="domain.tld" + path="/path" + admin="john" + language="fr" + is_public=1 ; Checks pkg_linter=1 setup_sub_dir=0 diff --git a/conf/nginx.conf b/conf/nginx.conf index 8cb9e61..42927cc 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -8,8 +8,10 @@ location / { rewrite ^ https://$server_name$request_uri? permanent; } - index index.php; + more_set_headers "X-Content-Type-Options: nosniff"; + index index.php; + try_files $uri __PATH__/index.php; location ~ [^/]\.php(/|$) { diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md new file mode 100644 index 0000000..d87cd4c --- /dev/null +++ b/doc/DISCLAIMER.md @@ -0,0 +1,9 @@ +## Configuration + + Default login + * user: **admin** + * password: **admin** + +## Limitations + +:warning: For now, Grocy must be installed in a root domain or subdirectory. diff --git a/doc/DISCLAIMER_fr.md b/doc/DISCLAIMER_fr.md new file mode 100644 index 0000000..4837ba4 --- /dev/null +++ b/doc/DISCLAIMER_fr.md @@ -0,0 +1,9 @@ +## Configuration + +Connexion par défaut + * utilisateur : **admin** + * mot de passe : **admin** + +## Limitations + +:warning: Pour l'instant, Grocy doit être installé dans un domaine racine ou un sous-domaine. diff --git a/doc/screenshots/stock-en.png b/doc/screenshots/stock-en.png new file mode 100644 index 0000000..c7d18ed Binary files /dev/null and b/doc/screenshots/stock-en.png differ diff --git a/manifest.json b/manifest.json index f5745fc..bdacf8b 100644 --- a/manifest.json +++ b/manifest.json @@ -7,14 +7,20 @@ "fr": "Solution Web de gestion d'épicerie et de gestion de la maison" }, "version": "3.0.1~ynh2", - "url": "https://github.com/grocy/grocy", + "url": "https://grocy.info", + "upstream": { + "license": "MIT", + "website": "https://grocy.info/", + "demo": "https://en.demo.grocy.info/stockoverview", + "code": "https://github.com/grocy/grocy" + }, "license": "MIT", "maintainer": { "name": "", "email": "" }, "requirements": { - "yunohost": ">= 4.1.7" + "yunohost": ">= 4.2.4" }, "multi_instance": true, "services": [ diff --git a/scripts/install b/scripts/install index 367a871..6a7513d 100644 --- a/scripts/install +++ b/scripts/install @@ -47,6 +47,14 @@ ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url ynh_app_setting_set --app=$app --key=language --value=$language +#================================================= +# CREATE DEDICATED USER +#================================================= +ynh_script_progression --message="Configuring system user..." --weight=1 + +# Create a system user +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -56,6 +64,10 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= @@ -64,14 +76,6 @@ ynh_script_progression --message="Configuring NGINX web server..." --weight=10 # Create a dedicated NGINX config ynh_add_nginx_config -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." --weight=1 - -# Create a system user -ynh_system_user_create --username=$app - #================================================= # PHP-FPM CONFIGURATION #================================================= @@ -87,11 +91,8 @@ phpversion=$(ynh_app_setting_get --app="$app" --key=phpversion) ynh_add_config --template="../conf/config-dist.php" --destination="$final_path/data/config.php" -#================================================= -# STORE THE CONFIG FILE CHECKSUM -#================================================= - -ynh_store_file_checksum --file="$final_path/data/config.php" +chmod 400 "$final_path/data/config.php" +chown $app "$final_path/data/config.php" #================================================= # GENERIC FINALIZATION @@ -100,9 +101,9 @@ ynh_store_file_checksum --file="$final_path/data/config.php" #================================================= # Set permissions to app files -chown -R $app: $final_path -chmod o-rwx $final_path -chmod -R 755 $final_path/data +# chown -R $app: $final_path +# chmod o-rwx $final_path +# chmod -R 755 $final_path/data #================================================= # SETUP SSOWAT diff --git a/scripts/restore b/scripts/restore index 425d5f4..75d5681 100644 --- a/scripts/restore +++ b/scripts/restore @@ -46,6 +46,14 @@ test ! -d $final_path \ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" +#================================================= +# RECREATE THE DEDICATED USER +#================================================= +ynh_script_progression --message="Recreating the dedicated system user..." --weight=1 + +# Create the dedicated user (if not existing) +ynh_system_user_create --username=$app --home_dir="$final_path" + #================================================= # RESTORE THE APP MAIN DIR #================================================= @@ -53,13 +61,9 @@ ynh_script_progression --message="Restoring $app main directory..." --weight=5 ynh_restore_file --origin_path="$final_path" -#================================================= -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." --weight=1 - -# Create the dedicated user (if not existing) -ynh_system_user_create --username=$app +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" #================================================= # RESTORE THE PHP-FPM CONFIGURATION @@ -75,10 +79,10 @@ ynh_add_fpm_config --package="$extra_php_dependencies" # RESTORE USER RIGHTS #================================================= -# Restore permissions on app files -chown -R $app: $final_path -chmod o-rwx $final_path -chmod -R 755 $final_path/data +# # Restore permissions on app files +# chown -R $app: $final_path +# chmod o-rwx $final_path +# chmod -R 755 $final_path/data #================================================= # GENERIC FINALIZATION diff --git a/scripts/upgrade b/scripts/upgrade index b802671..b993ea9 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -87,6 +87,10 @@ then #ynh_secure_remove --file="$tmpdir" fi +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:www-data "$final_path" + #================================================= # NGINX CONFIGURATION #================================================= @@ -117,14 +121,17 @@ ynh_add_fpm_config --package="$extra_php_dependencies" ynh_add_config --template="../conf/config-dist.php" --destination="$final_path/data/config.php" +chmod 400 "$final_path/data/config.php" +chown $app "$final_path/data/config.php" + #================================================= # SECURE FILES AND DIRECTORIES #================================================= # Set permissions to app files -chown -R $app: $final_path -chmod o-rwx $final_path -chmod -R 755 $final_path/data +# chown -R $app: $final_path +# chmod o-rwx $final_path +# chmod -R 755 $final_path/data #================================================= # RELOAD NGINX