From 788cfd2b797c13661ffbe28b6553fc25c7fa3f5e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Wed, 8 Sep 2021 17:14:14 +0200 Subject: [PATCH] Testing (#28) * Cleaning up --- README.md | 55 ++++++++----------- README_fr.md | 57 +++++++------------- conf/nginx.conf | 4 +- conf/systemd.service | 30 +++++++++++ doc/DESCRIPTION.md | 1 + doc/DESCRIPTION_fr.md | 1 + doc/DISCLAIMER.md | 14 +++++ doc/DISCLAIMER_fr.md | 15 ++++++ {sources => doc/screenshots}/screenshot.png | Bin manifest.json | 13 +++-- scripts/install | 12 +++-- scripts/restore | 5 +- scripts/upgrade | 6 +-- 13 files changed, 125 insertions(+), 88 deletions(-) create mode 100644 doc/DESCRIPTION.md create mode 100644 doc/DESCRIPTION_fr.md create mode 100644 doc/DISCLAIMER.md create mode 100644 doc/DISCLAIMER_fr.md rename {sources => doc/screenshots}/screenshot.png (100%) diff --git a/README.md b/README.md index 4a124be..e9b3098 100644 --- a/README.md +++ b/README.md @@ -1,3 +1,8 @@ + + # Haste for YunoHost [![Integration level](https://dash.yunohost.org/integration/haste.svg)](https://dash.yunohost.org/appci/app/haste) ![](https://ci-apps.yunohost.org/ci/badges/haste.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/haste.maintain.svg) @@ -5,49 +10,29 @@ *[Lire ce readme en français.](./README_fr.md)* -> *This package allows you to install Haste quickly and simply on a YunoHost server. +> *This package allows you to install Haste quickly and simply on a YunoHost server. If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.* ## Overview + Haste is an open-source pastebin software written in node.js, which is easily installable in any network. YunoHost Project uses Haste as pastebin for log sharing: [paste.yunohost.org](https://paste.yunohost.org/) -**Shipped version:** 0.1.0 (7.10.2020) + +**Shipped version:** 0.1.0~ynh8 + +**Demo:** http://hastebin.com/ ## Screenshots -![](sources/screenshot.png) +![](./doc/screenshots/screenshot.png) -## Demo - -* [Official demo](http://hastebin.com/) - -## Configuration - - * How to configure this app: a plain file with SSH. - -## Documentation - - * Official documentation: https://hastebin.com/about.md - * YunoHost documentation: https://yunohost.org/en/app_haste - -## YunoHost specific features +## Disclaimers / important information #### Multi-user support * Are LDAP and HTTP auth supported? **No** * Can the app be used by multiple users? **Yes** -#### Supported architectures - -* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/haste.svg)](https://ci-apps.yunohost.org/ci/apps/haste/) -* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/haste.svg)](https://ci-apps-arm.yunohost.org/ci/apps/haste/) - -## Limitations - -* Any known limitations. - -## Additional information - ## `haste` command This Haste package for Yunohost includes the [`haste` command](https://github.com/diethnis/standalones/blob/master/hastebin.sh), allowing you to share content from terminal: @@ -58,13 +43,13 @@ https://haste.example.com/zuyejeduzu ``` The [Haste-client](https://github.com/seejohnrun/haste-client) is a simple client for uploading data to you Haste server. -## Links +## Documentation and resources - * Report a bug: https://github.com/YunoHost-Apps/haste_ynh/issues - * Upstream app repository: https://github.com/seejohnrun/haste-server - * YunoHost website: https://yunohost.org/ - ---- +* Official app website: https://example.com +* Official user documentation: https://hastebin.com/about.md +* Upstream app code repository: https://github.com/seejohnrun/haste-server +* YunoHost documentation for this app: https://yunohost.org/app_haste +* Report a bug: https://github.com/YunoHost-Apps/haste_ynh/issues ## Developer info @@ -76,3 +61,5 @@ sudo yunohost app install https://github.com/YunoHost-Apps/haste_ynh/tree/testin or sudo yunohost app upgrade haste -u https://github.com/YunoHost-Apps/haste_ynh/tree/testing --debug ``` + +**More info regarding app packaging:** https://yunohost.org/packaging_apps \ No newline at end of file diff --git a/README_fr.md b/README_fr.md index d7ad440..6a33daf 100644 --- a/README_fr.md +++ b/README_fr.md @@ -3,51 +3,32 @@ [![Niveau d'intégration](https://dash.yunohost.org/integration/haste.svg)](https://dash.yunohost.org/appci/app/haste) ![](https://ci-apps.yunohost.org/ci/badges/haste.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/haste.maintain.svg) [![Installer Haste avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=haste) -*[Read this readme in english.](./README.md)* +*[Read this readme in english.](./README.md)* +*[Lire ce readme en français.](./README_fr.md)* -> *Ce package vous permet d'installer Haste rapidement et simplement sur un serveur YunoHost. -Si vous n'avez pas YunoHost, consultez [le guide](https://yunohost.org/#/install) pour apprendre comment l'installer.* +> *Ce package vous permet d'installer Haste rapidement et simplement sur un serveur YunoHost. +Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.* ## Vue d'ensemble + Haste est un logiciel pastebin open-source écrit en node.js, facilement installable sur n'importe quel réseau. Le projet YunoHost utilise Haste comme pastebin pour le partage de log : [paste.yunohost.org](https://paste.yunohost.org/) -**Version incluse :** 0.1.0 (7.10.2020) + +**Version incluse :** 0.1.0~ynh8 + +**Démo :** http://hastebin.com/ ## Captures d'écran -![](sources/screenshot.png) +![](./doc/screenshots/screenshot.png) -## Démo +## Avertissements / informations importantes -* [Démo officielle](http://hastebin.com/) - -## Configuration - - * Comment configurer cette application: un fichier brut en SSH. - -## Documentation - - * Documentation officielle: https://hastebin.com/about.md - * Documentation YunoHost: https://yunohost.org/fr/app_haste - -## Caractéristiques spécifiques YunoHost - -#### Support multi-utilisateur +### Support multi-utilisateur * L'authentification LDAP et HTTP est-elle prise en charge ? **Non** * L'application peut-elle être utilisée par plusieurs utilisateurs ? **Oui** -#### Architectures supportées - -* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/haste.svg)](https://ci-apps.yunohost.org/ci/apps/haste/) -* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/haste.svg)](https://ci-apps-arm.yunohost.org/ci/apps/haste/) - -## Limitations - -* Limitations connues. - -## Informations additionnelles - ## `haste` command Ce paquet de Haste pour YunoHost comprend une commande [`haste`](https://github.com/diethnis/standalones/blob/master/hastebin.sh), vous permettant de partager du contenu avec le terminal : @@ -59,13 +40,13 @@ https://haste.example.com/zuyejeduzu Le [client Haste](https://github.com/seejohnrun/haste-client) est un client simple pour télécharger des données sur votre serveur Haste. -## Liens +## Documentations et ressources - * Signaler un bug : https://github.com/YunoHost-Apps/haste_ynh/issues - * Dépôt de l'application principale : https://github.com/seejohnrun/haste-server - * Site web YunoHost : https://yunohost.org/ - ---- +* Site officiel de l'app : https://example.com +* Documentation officielle utilisateur : https://hastebin.com/about.md +* Dépôt de code officiel de l'app : https://github.com/seejohnrun/haste-server +* Documentation YunoHost pour cette app : https://yunohost.org/app_haste +* Signaler un bug : https://github.com/YunoHost-Apps/haste_ynh/issues ## Informations pour les développeurs @@ -77,3 +58,5 @@ sudo yunohost app install https://github.com/YunoHost-Apps/haste_ynh/tree/testin ou sudo yunohost app upgrade haste -u https://github.com/YunoHost-Apps/haste_ynh/tree/testing --debug ``` + +**Plus d'infos sur le packaging d'applications :** https://yunohost.org/packaging_apps \ No newline at end of file diff --git a/conf/nginx.conf b/conf/nginx.conf index 6e14d50..1648c31 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -5,8 +5,8 @@ location __PATH__/ { rewrite ^ https://$server_name$request_uri? permanent; } - proxy_pass http://127.0.0.1:__PORT__; - proxy_set_header Host $host; + proxy_pass http://127.0.0.1:__PORT__; + proxy_set_header Host $host; proxy_buffering off; client_max_body_size 50M; diff --git a/conf/systemd.service b/conf/systemd.service index c8af1d9..a25a77e 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -13,5 +13,35 @@ StandardOutput=append:/var/log/__APP__/__APP__.log StandardError=inherit Restart=always +# Sandboxing options to harden security +# Depending on specificities of your service/app, you may need to tweak these +# .. but this should be a good baseline +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG + [Install] WantedBy=multi-user.target diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md new file mode 100644 index 0000000..94f198b --- /dev/null +++ b/doc/DESCRIPTION.md @@ -0,0 +1 @@ +Haste is an open-source pastebin software written in node.js, which is easily installable in any network. YunoHost Project uses Haste as pastebin for log sharing: [paste.yunohost.org](https://paste.yunohost.org/) diff --git a/doc/DESCRIPTION_fr.md b/doc/DESCRIPTION_fr.md new file mode 100644 index 0000000..11d7dbc --- /dev/null +++ b/doc/DESCRIPTION_fr.md @@ -0,0 +1 @@ +Haste est un logiciel pastebin open-source écrit en node.js, facilement installable sur n'importe quel réseau. Le projet YunoHost utilise Haste comme pastebin pour le partage de log : [paste.yunohost.org](https://paste.yunohost.org/) diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md new file mode 100644 index 0000000..4fcef40 --- /dev/null +++ b/doc/DISCLAIMER.md @@ -0,0 +1,14 @@ +#### Multi-user support + +* Are LDAP and HTTP auth supported? **No** +* Can the app be used by multiple users? **Yes** + +## `haste` command + +This Haste package for Yunohost includes the [`haste` command](https://github.com/diethnis/standalones/blob/master/hastebin.sh), allowing you to share content from terminal: + +```bash +cat something | haste +https://haste.example.com/zuyejeduzu +``` +The [Haste-client](https://github.com/seejohnrun/haste-client) is a simple client for uploading data to you Haste server. diff --git a/doc/DISCLAIMER_fr.md b/doc/DISCLAIMER_fr.md new file mode 100644 index 0000000..caa910a --- /dev/null +++ b/doc/DISCLAIMER_fr.md @@ -0,0 +1,15 @@ +### Support multi-utilisateur + +* L'authentification LDAP et HTTP est-elle prise en charge ? **Non** +* L'application peut-elle être utilisée par plusieurs utilisateurs ? **Oui** + +## `haste` command + +Ce paquet de Haste pour YunoHost comprend une commande [`haste`](https://github.com/diethnis/standalones/blob/master/hastebin.sh), vous permettant de partager du contenu avec le terminal : + +```bash +cat something | haste +https://haste.example.com/zuyejeduzu +``` + +Le [client Haste](https://github.com/seejohnrun/haste-client) est un client simple pour télécharger des données sur votre serveur Haste. diff --git a/sources/screenshot.png b/doc/screenshots/screenshot.png similarity index 100% rename from sources/screenshot.png rename to doc/screenshots/screenshot.png diff --git a/manifest.json b/manifest.json index b3dde7a..04f6401 100644 --- a/manifest.json +++ b/manifest.json @@ -6,8 +6,15 @@ "en": "Open-source pastebin allowing to upload texts", "fr": "Pastebin open-source permettant de mettre en ligne du texte" }, - "version": "0.1.0~ynh7", - "url": "https://github.com/seejohnrun/haste-server", + "version": "0.1.0~ynh8", + "url": "http://hastebin.com/", + "upstream": { + "license": "MIT", + "website": "https://example.com", + "demo": "http://hastebin.com/", + "userdoc": "https://hastebin.com/about.md", + "code": "https://github.com/seejohnrun/haste-server" + }, "license": "MIT", "maintainer": { "name": "eric_G", @@ -31,7 +38,7 @@ "type": "domain", "help": { "en": "Haste can only be installed in a root domain or subdomain", - "fr": "Haste ne peut être installé que dans un domaine racine ou un sous-domaine " + "fr": "Haste ne peut être installé que dans un domaine racine ou un sous-domaine" }, "example": "paste.example.com" }, diff --git a/scripts/install b/scripts/install index 05612cf..307e3c2 100755 --- a/scripts/install +++ b/scripts/install @@ -96,7 +96,6 @@ ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version #================================================= ynh_replace_string --match_string="__ENV_PATH__" --replace_string="$PATH" --target_file="../conf/systemd.service" -ynh_replace_string --match_string="__YNH_NPM__" --replace_string="$ynh_npm" --target_file="../conf/systemd.service" ynh_add_systemd_config @@ -104,10 +103,10 @@ ynh_add_systemd_config # INSTALL HASTEBIN #================================================= -pushd "$final_path" || ynh_die +pushd "$final_path" ynh_use_nodejs ynh_exec_warn_less ynh_npm install -popd || ynh_die +popd #================================================= # CREATE DIRECTORY FOR DATA @@ -116,10 +115,14 @@ ynh_script_progression --message="Creating the data directory..." # Define app's data directory data_path="/home/yunohost.app/${app}" +ynh_app_setting_set --app=$app --key=data_path --value=$data_path # Create app folders mkdir -p "$data_path" -ynh_app_setting_set --app=$app --key=data_path --value=$data_path + +chmod 750 "$data_path" +chmod -R o-rwx "$data_path" +chown -R $app:www-data "$data_path" #================================================= # CONFIGURE HASTE @@ -148,7 +151,6 @@ ynh_add_config --template="../conf/haste.sh" --destination="/usr/bin/$app" chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:www-data "$final_path" -chown -R $app: $data_path chmod +x /usr/bin/$app #================================================= diff --git a/scripts/restore b/scripts/restore index 9d68823..0cb0ac8 100755 --- a/scripts/restore +++ b/scripts/restore @@ -33,8 +33,6 @@ data_path=$(ynh_app_setting_get --app=$app --key=data_path) #================================================= ynh_script_progression --message="Validating restoration parameters..." --weight=2 -ynh_webpath_available $domain $path_url \ - || ynh_die "Path not available: ${domain}${path_url}" test ! -d $final_path \ || ynh_die "There is already a directory: $final_path " @@ -66,6 +64,7 @@ ynh_system_user_create --username=$app --home_dir=$final_path #================================================= # INSTALL NODEJS #================================================= +ynh_script_progression --message="Reinstalling dependencies..." --weight=1 ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version @@ -73,7 +72,7 @@ ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version # RESTORE VARIOUS FILES #================================================= -ynh_restore_file "$data_path" +ynh_restore_file --origin_path="$data_path" #================================================= # RESTORE BINARY diff --git a/scripts/upgrade b/scripts/upgrade index 23933b2..8f9fae4 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -115,10 +115,10 @@ ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version # UPGRADE NPM MODULES #================================================= -pushd "$final_path" || ynh_die +pushd "$final_path" ynh_use_nodejs ynh_exec_warn_less ynh_npm install -popd || ynh_die +popd #================================================= # SETUP LOGROTATE @@ -134,7 +134,6 @@ ynh_use_logrotate --non-append ynh_script_progression --message="Upgrading systemd configuration..." --weight=1 ynh_replace_string --match_string="__ENV_PATH__" --replace_string="$PATH" --target_file="../conf/systemd.service" -ynh_replace_string --match_string="__YNH_NPM__" --replace_string="$ynh_npm" --target_file="../conf/systemd.service" ynh_add_systemd_config @@ -163,7 +162,6 @@ ynh_add_config --template="../conf/haste.sh" --destination="/usr/bin/$app" chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:www-data "$final_path" -chown -R $app: $data_path chmod +x /usr/bin/$app #=================================================