From 242f20365f8faecc1f7c1892cff24aba5d605ef2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 2 May 2023 14:21:10 +0200 Subject: [PATCH 01/27] v2 --- conf/app.src | 7 ----- conf/systemd.service | 2 +- manifest.toml | 52 ++++++++++++++++++++++++++++++++++ scripts/backup | 14 +++++----- scripts/change_url | 64 +++++++++++++++++++++--------------------- scripts/install | 66 ++++++++++++++++++++++---------------------- scripts/remove | 18 ++++++------ scripts/restore | 34 +++++++++++------------ scripts/upgrade | 40 +++++++++++++-------------- 9 files changed, 172 insertions(+), 125 deletions(-) delete mode 100644 conf/app.src create mode 100644 manifest.toml diff --git a/conf/app.src b/conf/app.src deleted file mode 100644 index d0cb8b6..0000000 --- a/conf/app.src +++ /dev/null @@ -1,7 +0,0 @@ -SOURCE_URL=https://github.com/sh-dv/hat.sh/archive/refs/tags/v2.3.6.zip -SOURCE_SUM=04f57d2d621e73faced46bf8738f921d5d2ca99e5ac37a41ff5391e3aa27e8f1 -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=zip -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= -SOURCE_EXTRACT=true diff --git a/conf/systemd.service b/conf/systemd.service index ea44e0d..1767e5c 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -7,7 +7,7 @@ Type=simple User=__APP__ Group=__APP__ Environment=NODE_PORT=__PORT__ -WorkingDirectory=__FINALPATH__ +WorkingDirectory=__INSTALL_DIR__ Environment=PATH=__ENV_PATH__ Environment=NODE_ENV=production ExecStart=__YNH_NPM__ run start diff --git a/manifest.toml b/manifest.toml new file mode 100644 index 0000000..8116cb2 --- /dev/null +++ b/manifest.toml @@ -0,0 +1,52 @@ +packaging_format = 2 + +id = "hat" +name = "Hat.sh" +description.en = "Encrypt and Decrypt files securely in your browser" +description.fr = "Chiffrer et déchiffrer les fichiers en toute sécurité dans votre navigateur" + +version = "2.3.6~ynh2" + +maintainers = ["eric_G"] + +[upstream] +license = "MIT" +website = "hat.sh" +demo = "https://hat.sh" +admindoc = "https://hat.sh/about/" +code = "https://github.com/sh-dv/hat.sh" +cpe = "???" # FIXME: optional but recommended if relevant, this is meant to contain the Common Platform Enumeration, which is sort of a standard id for applications defined by the NIST. In particular, Yunohost may use this is in the future to easily track CVE (=security reports) related to apps. The CPE may be obtained by searching here: https://nvd.nist.gov/products/cpe/search. For example, for Nextcloud, the CPE is 'cpe:2.3:a:nextcloud:nextcloud' (no need to include the version number) +fund = "???" # FIXME: optional but recommended (or remove if irrelevant / not applicable). This is meant to be an URL where people can financially support this app, especially when its development is based on volunteers and/or financed by its community. YunoHost may later advertise it in the webadmin. + +[integration] +yunohost = ">= 11.0.9" +architectures = "all" # FIXME: can be replaced by a list of supported archs using the dpkg --print-architecture nomenclature (amd64/i386/armhf/arm64), for example: ["amd64", "i386"] +multi_instance = false +ldap = "?" # FIXME: replace with true, false, or "not_relevant". Not to confuse with the "sso" key : the "ldap" key corresponds to wether or not a user *can* login on the app using its YunoHost credentials. +sso = "?" # FIXME: replace with true, false, or "not_relevant". Not to confuse with the "ldap" key : the "sso" key corresponds to wether or not a user is *automatically logged-in* on the app when logged-in on the YunoHost portal. +disk = "50M" # FIXME: replace with an **estimate** minimum disk requirement. e.g. 20M, 400M, 1G, ... +ram.build = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ... +ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ... + +[install] + [install.domain] + # this is a generic question - ask strings are automatically handled by Yunohost's core + type = "domain" + full_domain = true + + [install.init_main_permission] + type = "group" + default = "visitors" + +[resources] + [resources.sources.main] + url = "https://github.com/sh-dv/hat.sh/archive/refs/tags/v2.3.6.zip" + sha256 = "04f57d2d621e73faced46bf8738f921d5d2ca99e5ac37a41ff5391e3aa27e8f1" + + + [resources.system_user] + + [resources.install_dir] + + [resources.permissions] + main.url = "/" diff --git a/scripts/backup b/scripts/backup index fb3c925..4293a50 100755 --- a/scripts/backup +++ b/scripts/backup @@ -14,22 +14,22 @@ source /usr/share/yunohost/helpers # MANAGE SCRIPT FAILURE #================================================= -ynh_clean_setup () { +#REMOVEME? ynh_clean_setup () { ### Remove this function if there's nothing to clean before calling the remove script. true } # Exit if an error occurs during the execution of the script -ynh_abort_if_errors +#REMOVEME? ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= -ynh_print_info --message="Loading installation settings..." +#REMOVEME? ynh_print_info --message="Loading installation settings..." -app=$YNH_APP_INSTANCE_NAME +#REMOVEME? app=$YNH_APP_INSTANCE_NAME -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -domain=$(ynh_app_setting_get --app=$app --key=domain) +#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir) +#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain) #================================================= # DECLARE DATA AND CONF FILES TO BACKUP @@ -40,7 +40,7 @@ ynh_print_info --message="Declaring files to be backed up..." # BACKUP THE APP MAIN DIR #================================================= -ynh_backup --src_path="$final_path" +ynh_backup --src_path="$install_dir" #================================================= # BACKUP THE NGINX CONFIGURATION diff --git a/scripts/change_url b/scripts/change_url index 85f4573..9d941ef 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -13,54 +13,54 @@ source /usr/share/yunohost/helpers # RETRIEVE ARGUMENTS #================================================= -old_domain=$YNH_APP_OLD_DOMAIN -old_path=$YNH_APP_OLD_PATH +#REMOVEME? old_domain=$YNH_APP_OLD_DOMAIN +#REMOVEME? old_path=$YNH_APP_OLD_PATH -new_domain=$YNH_APP_NEW_DOMAIN -new_path=$YNH_APP_NEW_PATH +#REMOVEME? new_domain=$YNH_APP_NEW_DOMAIN +#REMOVEME? new_path=$YNH_APP_NEW_PATH -app=$YNH_APP_INSTANCE_NAME +#REMOVEME? app=$YNH_APP_INSTANCE_NAME #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --time --weight=1 +#REMOVEME? ynh_script_progression --message="Loading installation settings..." --time --weight=1 -# Needed for helper "ynh_add_nginx_config" -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -port=$(ynh_app_setting_get --app=$app --key=port) +#REMOVEME? # Needed for helper "ynh_add_nginx_config" +#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir) +#REMOVEME? port=$(ynh_app_setting_get --app=$app --key=port) #================================================= # BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP #================================================= -ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --time --weight=1 +#REMOVEME? ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --time --weight=1 # Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { +#REMOVEME? ynh_backup_before_upgrade +#REMOVEME? ynh_clean_setup () { # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location. - ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" +#REMOVEME? ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" # Restore it if the upgrade fails - ynh_restore_upgradebackup +#REMOVEME? ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script -ynh_abort_if_errors +#REMOVEME? ynh_abort_if_errors #================================================= # CHECK WHICH PARTS SHOULD BE CHANGED #================================================= -change_domain=0 -if [ "$old_domain" != "$new_domain" ] +#REMOVEME? change_domain=0 +#REMOVEME? if [ "$old_domain" != "$new_domain" ] then - change_domain=1 + #REMOVEME? change_domain=1 fi -change_path=0 -if [ "$old_path" != "$new_path" ] +#REMOVEME? change_path=0 +#REMOVEME? if [ "$old_path" != "$new_path" ] then - change_path=1 + #REMOVEME? change_path=1 fi #================================================= @@ -77,28 +77,30 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app #================================================= ynh_script_progression --message="Updating NGINX web server configuration..." --time --weight=1 -nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf +ynh_change_url_nginx_config + +#REMOVEME? nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf # Change the path in the NGINX config file if [ $change_path -eq 1 ] then # Make a backup of the original NGINX config file if modified - ynh_backup_if_checksum_is_different --file="$nginx_conf_path" +#REMOVEME? ynh_backup_if_checksum_is_different --file="$nginx_conf_path" # Set global variables for NGINX helper - domain="$old_domain" - path_url="$new_path" +#REMOVEME? domain="$old_domain" +#REMOVEME? path="$new_path" # Create a dedicated NGINX config - ynh_add_nginx_config +#REMOVEME? ynh_add_nginx_config fi # Change the domain for NGINX if [ $change_domain -eq 1 ] then # Delete file checksum for the old conf file location - ynh_delete_file_checksum --file="$nginx_conf_path" - mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf +#REMOVEME? ynh_delete_file_checksum --file="$nginx_conf_path" +#REMOVEME? mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf # Store file checksum for the new config file location - ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" +#REMOVEME? ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" fi #================================================= @@ -113,9 +115,9 @@ ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$ap #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading NGINX web server..." --time --weight=1 +#REMOVEME? ynh_script_progression --message="Reloading NGINX web server..." --time --weight=1 -ynh_systemd_action --service_name=nginx --action=reload +#REMOVEME? #REMOVEME? ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT diff --git a/scripts/install b/scripts/install index af44d40..1d07572 100755 --- a/scripts/install +++ b/scripts/install @@ -13,57 +13,57 @@ source /usr/share/yunohost/helpers # MANAGE SCRIPT FAILURE #================================================= -ynh_clean_setup () { +#REMOVEME? ynh_clean_setup () { ### Remove this function if there's nothing to clean before calling the remove script. true } # Exit if an error occurs during the execution of the script -ynh_abort_if_errors +#REMOVEME? ynh_abort_if_errors #================================================= # RETRIEVE ARGUMENTS FROM THE MANIFEST #================================================= -domain=$YNH_APP_ARG_DOMAIN -path_url="/" -is_public=$YNH_APP_ARG_IS_PUBLIC +#REMOVEME? domain=$YNH_APP_ARG_DOMAIN +path="/" +#REMOVEME? is_public=$YNH_APP_ARG_IS_PUBLIC -app=$YNH_APP_INSTANCE_NAME +#REMOVEME? app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= -ynh_script_progression --message="Validating installation parameters..." --weight=1 +#REMOVEME? ynh_script_progression --message="Validating installation parameters..." --weight=1 -final_path=/var/www/$app -test ! -e "$final_path" || ynh_die --message="This path already contains a folder" +#REMOVEME? install_dir=/var/www/$app +#REMOVEME? test ! -e "$install_dir" || ynh_die --message="This path already contains a folder" # Register (book) web path -ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url +#REMOVEME? ynh_webpath_register --app=$app --domain=$domain --path=$path #================================================= # STORE SETTINGS FROM MANIFEST #================================================= -ynh_script_progression --message="Storing installation settings..." --weight=1 +#REMOVEME? ynh_script_progression --message="Storing installation settings..." --weight=1 -ynh_app_setting_set --app=$app --key=domain --value=$domain -ynh_app_setting_set --app=$app --key=path --value=$path_url +#REMOVEME? ynh_app_setting_set --app=$app --key=domain --value=$domain +#REMOVEME? ynh_app_setting_set --app=$app --key=path --value=$path #================================================= # STANDARD MODIFICATIONS #================================================= # FIND AND OPEN A PORT #================================================= -ynh_script_progression --message="Finding an available port..." --weight=1 +#REMOVEME? ynh_script_progression --message="Finding an available port..." --weight=1 # Find an available port -port=$(ynh_find_port --port=3991) -ynh_app_setting_set --app=$app --key=port --value=$port +#REMOVEME? port=$(ynh_find_port --port=3991) +#REMOVEME? ynh_app_setting_set --app=$app --key=port --value=$port #================================================= # INSTALL DEPENDENCIES #================================================= -ynh_script_progression --message="Installing dependencies..." --weight=7 +#REMOVEME? ynh_script_progression --message="Installing dependencies..." --weight=7 # Install Nodejs ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version @@ -71,23 +71,23 @@ ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version #================================================= # CREATE DEDICATED USER #================================================= -ynh_script_progression --message="Configuring system user..." --weight=1 +#REMOVEME? ynh_script_progression --message="Configuring system user..." --weight=1 # Create a system user -ynh_system_user_create --username=$app --home_dir="$final_path" +#REMOVEME? ynh_system_user_create --username=$app --home_dir="$install_dir" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." --weight=3 -ynh_app_setting_set --app=$app --key=final_path --value=$final_path +#REMOVEME? ynh_app_setting_set --app=$app --key=install_dir --value=$install_dir # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source --dest_dir="$final_path" +ynh_setup_source --dest_dir="$install_dir" -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" +chmod 750 "$install_dir" +chmod -R o-rwx "$install_dir" +chown -R $app:www-data "$install_dir" #================================================= # NGINX CONFIGURATION @@ -102,17 +102,17 @@ ynh_add_nginx_config #================================================= ynh_script_progression --message="Adding a configuration file..." --weight=1 -ynh_add_config --template="../conf/.env" --destination="$final_path/.env" +ynh_add_config --template="../conf/.env" --destination="$install_dir/.env" -chmod 400 "$final_path/.env" -chown $app:$app "$final_path/.env" +chmod 400 "$install_dir/.env" +chown $app:$app "$install_dir/.env" #================================================= # INSTALL THE LOUNGE #================================================= ynh_script_progression --message="Installing $app..." --weight=10 -pushd $final_path +pushd $install_dir ynh_use_nodejs ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH npm install ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH npm run build @@ -145,20 +145,20 @@ ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$ap #================================================= # SETUP SSOWAT #================================================= -ynh_script_progression --message="Configuring permissions..." --weight=1 +#REMOVEME? ynh_script_progression --message="Configuring permissions..." --weight=1 # Make app public if necessary -if [ $is_public -eq 1 ] +#REMOVEME? if [ $is_public -eq 1 ] then - ynh_permission_update --permission="main" --add="visitors" +#REMOVEME? ynh_permission_update --permission="main" --add="visitors" fi #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 +#REMOVEME? ynh_script_progression --message="Reloading NGINX web server..." --weight=1 -ynh_systemd_action --service_name=nginx --action=reload +#REMOVEME? ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT diff --git a/scripts/remove b/scripts/remove index 4509e27..b38241f 100755 --- a/scripts/remove +++ b/scripts/remove @@ -12,12 +12,12 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 +#REMOVEME? ynh_script_progression --message="Loading installation settings..." --weight=1 -app=$YNH_APP_INSTANCE_NAME +#REMOVEME? app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get --app=$app --key=domain) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) +#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain) +#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir) #================================================= # STANDARD REMOVE @@ -43,10 +43,10 @@ ynh_remove_systemd_config #================================================= # REMOVE APP MAIN DIR #================================================= -ynh_script_progression --message="Removing app main directory..." --weight=3 +#REMOVEME? ynh_script_progression --message="Removing app main directory..." --weight=3 # Remove the app directory securely -ynh_secure_remove --file="$final_path" +#REMOVEME? ynh_secure_remove --file="$install_dir" #================================================= # REMOVE NGINX CONFIGURATION @@ -59,7 +59,7 @@ ynh_remove_nginx_config #================================================= # REMOVE DEPENDENCIES #================================================= -ynh_script_progression --message="Removing dependencies..." --weight=5 +#REMOVEME? ynh_script_progression --message="Removing dependencies..." --weight=5 # Remove NodeJS ynh_remove_nodejs @@ -69,10 +69,10 @@ ynh_remove_nodejs #================================================= # REMOVE DEDICATED USER #================================================= -ynh_script_progression --message="Removing the dedicated system user..." --weight=1 +#REMOVEME? ynh_script_progression --message="Removing the dedicated system user..." --weight=1 # Delete a system user -ynh_system_user_delete --username=$app +#REMOVEME? ynh_system_user_delete --username=$app #================================================= # END OF SCRIPT diff --git a/scripts/restore b/scripts/restore index 84c3fc7..ab55b51 100755 --- a/scripts/restore +++ b/scripts/restore @@ -14,31 +14,31 @@ source /usr/share/yunohost/helpers # MANAGE SCRIPT FAILURE #================================================= -ynh_clean_setup () { +#REMOVEME? ynh_clean_setup () { #### Remove this function if there's nothing to clean before calling the remove script. true } # Exit if an error occurs during the execution of the script -ynh_abort_if_errors +#REMOVEME? ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 +#REMOVEME? ynh_script_progression --message="Loading installation settings..." --weight=1 -app=$YNH_APP_INSTANCE_NAME +#REMOVEME? app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) +#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain) +#REMOVEME? path=$(ynh_app_setting_get --app=$app --key=path) +#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir) #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= -ynh_script_progression --message="Validating restoration parameters..." --weight=1 +#REMOVEME? ynh_script_progression --message="Validating restoration parameters..." --weight=1 -test ! -d $final_path \ - || ynh_die --message="There is already a directory: $final_path " +#REMOVEME? test ! -d $install_dir \ + || ynh_die --message="There is already a directory: $install_dir " #================================================= # STANDARD RESTORATION STEPS @@ -52,28 +52,28 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" #================================================= # RECREATE THE DEDICATED USER #================================================= -ynh_script_progression --message="Recreating the dedicated system user..." --weight=1 +#REMOVEME? ynh_script_progression --message="Recreating the dedicated system user..." --weight=1 # Create the dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" +#REMOVEME? ynh_system_user_create --username=$app --home_dir="$install_dir" #================================================= # RESTORE THE APP MAIN DIR #================================================= ynh_script_progression --message="Restoring the app main directory..." --weight=4 -ynh_restore_file --origin_path="$final_path" +ynh_restore_file --origin_path="$install_dir" -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" +chmod 750 "$install_dir" +chmod -R o-rwx "$install_dir" +chown -R $app:www-data "$install_dir" #================================================= # SPECIFIC RESTORATION #================================================= # REINSTALL DEPENDENCIES #================================================= -ynh_script_progression --message="Reinstalling dependencies..." --weight=10 +#REMOVEME? ynh_script_progression --message="Reinstalling dependencies..." --weight=10 # Install Nodejs ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version diff --git a/scripts/upgrade b/scripts/upgrade index 1df7209..b94778f 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -12,14 +12,14 @@ source /usr/share/yunohost/helpers #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 +#REMOVEME? ynh_script_progression --message="Loading installation settings..." --weight=1 -app=$YNH_APP_INSTANCE_NAME +#REMOVEME? app=$YNH_APP_INSTANCE_NAME -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -port=$(ynh_app_setting_get --app=$app --key=port) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) +#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain) +#REMOVEME? path=$(ynh_app_setting_get --app=$app --key=path) +#REMOVEME? port=$(ynh_app_setting_get --app=$app --key=port) +#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir) #================================================= # CHECK VERSION @@ -30,16 +30,16 @@ upgrade_type=$(ynh_check_app_version_changed) #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1 +#REMOVEME? ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1 # Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { +#REMOVEME? ynh_backup_before_upgrade +#REMOVEME? ynh_clean_setup () { # Restore it if the upgrade fails - ynh_restore_upgradebackup +#REMOVEME? ynh_restore_upgradebackup } # Exit if an error occurs during the execution of the script -ynh_abort_if_errors +#REMOVEME? ynh_abort_if_errors #================================================= # STANDARD UPGRADE STEPS @@ -53,10 +53,10 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" #================================================= # CREATE DEDICATED USER #================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 +#REMOVEME? ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 # Create a dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" +#REMOVEME? ynh_system_user_create --username=$app --home_dir="$install_dir" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE @@ -67,12 +67,12 @@ then ynh_script_progression --message="Upgrading source files..." --weight=4 # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir="$final_path" --keep=".env" + ynh_setup_source --dest_dir="$install_dir" --keep=".env" fi -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:www-data "$final_path" +chmod 750 "$install_dir" +chmod -R o-rwx "$install_dir" +chown -R $app:www-data "$install_dir" #================================================= # NGINX CONFIGURATION @@ -85,7 +85,7 @@ ynh_add_nginx_config #================================================= # UPGRADE DEPENDENCIES #================================================= -ynh_script_progression --message="Upgrading dependencies..." --weight=10 +#REMOVEME? ynh_script_progression --message="Upgrading dependencies..." --weight=10 # Install Nodejs ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version @@ -116,9 +116,9 @@ ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 +#REMOVEME? ynh_script_progression --message="Reloading NGINX web server..." --weight=1 -ynh_systemd_action --service_name=nginx --action=reload +#REMOVEME? ynh_systemd_action --service_name=nginx --action=reload #================================================= # END OF SCRIPT From 2670f5e7a4156bcfef3125226496154f35ac4aba Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Tue, 2 May 2023 12:21:15 +0000 Subject: [PATCH 02/27] Auto-update README --- README.md | 3 ++- README_fr.md | 21 +++++++++++---------- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 7441d07..e3cbc5c 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,8 @@ It shall NOT be edited by hand. # Hat.sh for YunoHost -[![Integration level](https://dash.yunohost.org/integration/hat.svg)](https://dash.yunohost.org/appci/app/hat) ![Working status](https://ci-apps.yunohost.org/ci/badges/hat.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/hat.maintain.svg) +[![Integration level](https://dash.yunohost.org/integration/hat.svg)](https://dash.yunohost.org/appci/app/hat) ![Working status](https://ci-apps.yunohost.org/ci/badges/hat.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/hat.maintain.svg) + [![Install Hat.sh with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=hat) *[Lire ce readme en français.](./README_fr.md)* diff --git a/README_fr.md b/README_fr.md index 49e8c0a..7f861de 100644 --- a/README_fr.md +++ b/README_fr.md @@ -5,15 +5,16 @@ It shall NOT be edited by hand. # Hat.sh pour YunoHost -[![Niveau d'intégration](https://dash.yunohost.org/integration/hat.svg)](https://dash.yunohost.org/appci/app/hat) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/hat.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/hat.maintain.svg) +[![Niveau d’intégration](https://dash.yunohost.org/integration/hat.svg)](https://dash.yunohost.org/appci/app/hat) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/hat.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/hat.maintain.svg) + [![Installer Hat.sh avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=hat) *[Read this readme in english.](./README.md)* -> *Ce package vous permet d'installer Hat.sh rapidement et simplement sur un serveur YunoHost. -Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.* +> *Ce package vous permet d’installer Hat.sh rapidement et simplement sur un serveur YunoHost. +Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l’installer et en profiter.* -## Vue d'ensemble +## Vue d’ensemble Hat.sh is a web app that provides secure local file encryption in the browser. It's fast, secure, and uses modern cryptographic algorithms with chunked AEAD stream encryption/decryption. @@ -22,18 +23,18 @@ Hat.sh is a web app that provides secure local file encryption in the browser. I **Démo :** https://hat.sh -## Captures d'écran +## Captures d’écran -![Capture d'écran de Hat.sh](./doc/screenshots/screenshot.png) +![Capture d’écran de Hat.sh](./doc/screenshots/screenshot.png) ## Avertissements / informations importantes Hat.sh requires a dedicated domain or subdomain. ## Documentations et ressources -* Site officiel de l'app : -* Documentation officielle de l'admin : -* Dépôt de code officiel de l'app : +* Site officiel de l’app : +* Documentation officielle de l’admin : +* Dépôt de code officiel de l’app : * Documentation YunoHost pour cette app : * Signaler un bug : @@ -49,4 +50,4 @@ ou sudo yunohost app upgrade hat -u https://github.com/YunoHost-Apps/hat_ynh/tree/testing --debug ``` -**Plus d'infos sur le packaging d'applications :** +**Plus d’infos sur le packaging d’applications :** \ No newline at end of file From a7b511879df05afe4d9c39601b8f73db50f927ce Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 2 May 2023 14:26:39 +0200 Subject: [PATCH 03/27] v2 --- manifest.json | 43 ----------------------- manifest.toml | 17 +++++----- scripts/backup | 21 ------------ scripts/change_url | 85 ---------------------------------------------- scripts/install | 81 +------------------------------------------ scripts/remove | 30 +--------------- 6 files changed, 10 insertions(+), 267 deletions(-) delete mode 100644 manifest.json diff --git a/manifest.json b/manifest.json deleted file mode 100644 index 08519ff..0000000 --- a/manifest.json +++ /dev/null @@ -1,43 +0,0 @@ -{ - "name": "Hat.sh", - "id": "hat", - "packaging_format": 1, - "description": { - "en": "Encrypt and Decrypt files securely in your browser", - "fr": "Chiffrer et déchiffrer les fichiers en toute sécurité dans votre navigateur" - }, - "version": "2.3.6~ynh2", - "url": "https://hat.sh", - "upstream": { - "license": "MIT", - "website": "hat.sh", - "demo": "https://hat.sh", - "admindoc": "https://hat.sh/about/", - "code": "https://github.com/sh-dv/hat.sh" - }, - "license": "MIT", - "maintainer": { - "name": "eric_G", - "email": "" - }, - "requirements": { - "yunohost": ">= 11.0.9" - }, - "multi_instance": false, - "services": [ - "nginx" - ], - "arguments": { - "install" : [ - { - "name": "domain", - "type": "domain" - }, - { - "name": "is_public", - "type": "boolean", - "default": true - } - ] - } -} diff --git a/manifest.toml b/manifest.toml index 8116cb2..fdb8146 100644 --- a/manifest.toml +++ b/manifest.toml @@ -15,18 +15,16 @@ website = "hat.sh" demo = "https://hat.sh" admindoc = "https://hat.sh/about/" code = "https://github.com/sh-dv/hat.sh" -cpe = "???" # FIXME: optional but recommended if relevant, this is meant to contain the Common Platform Enumeration, which is sort of a standard id for applications defined by the NIST. In particular, Yunohost may use this is in the future to easily track CVE (=security reports) related to apps. The CPE may be obtained by searching here: https://nvd.nist.gov/products/cpe/search. For example, for Nextcloud, the CPE is 'cpe:2.3:a:nextcloud:nextcloud' (no need to include the version number) -fund = "???" # FIXME: optional but recommended (or remove if irrelevant / not applicable). This is meant to be an URL where people can financially support this app, especially when its development is based on volunteers and/or financed by its community. YunoHost may later advertise it in the webadmin. [integration] -yunohost = ">= 11.0.9" -architectures = "all" # FIXME: can be replaced by a list of supported archs using the dpkg --print-architecture nomenclature (amd64/i386/armhf/arm64), for example: ["amd64", "i386"] +yunohost = ">= 11.1.18" +architectures = "all" multi_instance = false -ldap = "?" # FIXME: replace with true, false, or "not_relevant". Not to confuse with the "sso" key : the "ldap" key corresponds to wether or not a user *can* login on the app using its YunoHost credentials. -sso = "?" # FIXME: replace with true, false, or "not_relevant". Not to confuse with the "ldap" key : the "sso" key corresponds to wether or not a user is *automatically logged-in* on the app when logged-in on the YunoHost portal. -disk = "50M" # FIXME: replace with an **estimate** minimum disk requirement. e.g. 20M, 400M, 1G, ... -ram.build = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ... -ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ... +ldap = false +sso = false +disk = "50M" +ram.build = "50M" +ram.runtime = "50M" [install] [install.domain] @@ -43,6 +41,7 @@ ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requiremen url = "https://github.com/sh-dv/hat.sh/archive/refs/tags/v2.3.6.zip" sha256 = "04f57d2d621e73faced46bf8738f921d5d2ca99e5ac37a41ff5391e3aa27e8f1" + [resources.ports] [resources.system_user] diff --git a/scripts/backup b/scripts/backup index 4293a50..f8e82aa 100755 --- a/scripts/backup +++ b/scripts/backup @@ -10,27 +10,6 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -#REMOVEME? ynh_clean_setup () { - ### Remove this function if there's nothing to clean before calling the remove script. - true -} -# Exit if an error occurs during the execution of the script -#REMOVEME? ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -#REMOVEME? ynh_print_info --message="Loading installation settings..." - -#REMOVEME? app=$YNH_APP_INSTANCE_NAME - -#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir) -#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain) - #================================================= # DECLARE DATA AND CONF FILES TO BACKUP #================================================= diff --git a/scripts/change_url b/scripts/change_url index 9d941ef..f5ff536 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -9,60 +9,6 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# RETRIEVE ARGUMENTS -#================================================= - -#REMOVEME? old_domain=$YNH_APP_OLD_DOMAIN -#REMOVEME? old_path=$YNH_APP_OLD_PATH - -#REMOVEME? new_domain=$YNH_APP_NEW_DOMAIN -#REMOVEME? new_path=$YNH_APP_NEW_PATH - -#REMOVEME? app=$YNH_APP_INSTANCE_NAME - -#================================================= -# LOAD SETTINGS -#================================================= -#REMOVEME? ynh_script_progression --message="Loading installation settings..." --time --weight=1 - -#REMOVEME? # Needed for helper "ynh_add_nginx_config" -#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir) -#REMOVEME? port=$(ynh_app_setting_get --app=$app --key=port) - -#================================================= -# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP -#================================================= -#REMOVEME? ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --time --weight=1 - -# Backup the current version of the app -#REMOVEME? ynh_backup_before_upgrade -#REMOVEME? ynh_clean_setup () { - # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location. -#REMOVEME? ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" - - # Restore it if the upgrade fails -#REMOVEME? ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -#REMOVEME? ynh_abort_if_errors - -#================================================= -# CHECK WHICH PARTS SHOULD BE CHANGED -#================================================= - -#REMOVEME? change_domain=0 -#REMOVEME? if [ "$old_domain" != "$new_domain" ] -then - #REMOVEME? change_domain=1 -fi - -#REMOVEME? change_path=0 -#REMOVEME? if [ "$old_path" != "$new_path" ] -then - #REMOVEME? change_path=1 -fi - #================================================= # STANDARD MODIFICATIONS #================================================= @@ -79,30 +25,6 @@ ynh_script_progression --message="Updating NGINX web server configuration..." -- ynh_change_url_nginx_config -#REMOVEME? nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf - -# Change the path in the NGINX config file -if [ $change_path -eq 1 ] -then - # Make a backup of the original NGINX config file if modified -#REMOVEME? ynh_backup_if_checksum_is_different --file="$nginx_conf_path" - # Set global variables for NGINX helper -#REMOVEME? domain="$old_domain" -#REMOVEME? path="$new_path" - # Create a dedicated NGINX config -#REMOVEME? ynh_add_nginx_config -fi - -# Change the domain for NGINX -if [ $change_domain -eq 1 ] -then - # Delete file checksum for the old conf file location -#REMOVEME? ynh_delete_file_checksum --file="$nginx_conf_path" -#REMOVEME? mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf - # Store file checksum for the new config file location -#REMOVEME? ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" -fi - #================================================= # GENERIC FINALISATION #================================================= @@ -112,13 +34,6 @@ ynh_script_progression --message="Starting a systemd service..." --time --weight ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" -#================================================= -# RELOAD NGINX -#================================================= -#REMOVEME? ynh_script_progression --message="Reloading NGINX web server..." --time --weight=1 - -#REMOVEME? #REMOVEME? ynh_systemd_action --service_name=nginx --action=reload - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/install b/scripts/install index 1d07572..c42fc9e 100755 --- a/scripts/install +++ b/scripts/install @@ -9,83 +9,22 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -#REMOVEME? ynh_clean_setup () { - ### Remove this function if there's nothing to clean before calling the remove script. - true -} -# Exit if an error occurs during the execution of the script -#REMOVEME? ynh_abort_if_errors - -#================================================= -# RETRIEVE ARGUMENTS FROM THE MANIFEST -#================================================= - -#REMOVEME? domain=$YNH_APP_ARG_DOMAIN -path="/" -#REMOVEME? is_public=$YNH_APP_ARG_IS_PUBLIC - -#REMOVEME? app=$YNH_APP_INSTANCE_NAME - -#================================================= -# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS -#================================================= -#REMOVEME? ynh_script_progression --message="Validating installation parameters..." --weight=1 - -#REMOVEME? install_dir=/var/www/$app -#REMOVEME? test ! -e "$install_dir" || ynh_die --message="This path already contains a folder" - -# Register (book) web path -#REMOVEME? ynh_webpath_register --app=$app --domain=$domain --path=$path - -#================================================= -# STORE SETTINGS FROM MANIFEST -#================================================= -#REMOVEME? ynh_script_progression --message="Storing installation settings..." --weight=1 - -#REMOVEME? ynh_app_setting_set --app=$app --key=domain --value=$domain -#REMOVEME? ynh_app_setting_set --app=$app --key=path --value=$path - -#================================================= -# STANDARD MODIFICATIONS -#================================================= -# FIND AND OPEN A PORT -#================================================= -#REMOVEME? ynh_script_progression --message="Finding an available port..." --weight=1 - -# Find an available port -#REMOVEME? port=$(ynh_find_port --port=3991) -#REMOVEME? ynh_app_setting_set --app=$app --key=port --value=$port - #================================================= # INSTALL DEPENDENCIES #================================================= -#REMOVEME? ynh_script_progression --message="Installing dependencies..." --weight=7 +ynh_script_progression --message="Installing dependencies..." --weight=7 # Install Nodejs ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version -#================================================= -# CREATE DEDICATED USER -#================================================= -#REMOVEME? ynh_script_progression --message="Configuring system user..." --weight=1 - -# Create a system user -#REMOVEME? ynh_system_user_create --username=$app --home_dir="$install_dir" - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." --weight=3 -#REMOVEME? ynh_app_setting_set --app=$app --key=install_dir --value=$install_dir # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$install_dir" -chmod 750 "$install_dir" chmod -R o-rwx "$install_dir" chown -R $app:www-data "$install_dir" @@ -142,24 +81,6 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1 # Start a systemd service ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" -#================================================= -# SETUP SSOWAT -#================================================= -#REMOVEME? ynh_script_progression --message="Configuring permissions..." --weight=1 - -# Make app public if necessary -#REMOVEME? if [ $is_public -eq 1 ] -then -#REMOVEME? ynh_permission_update --permission="main" --add="visitors" -fi - -#================================================= -# RELOAD NGINX -#================================================= -#REMOVEME? ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - -#REMOVEME? ynh_systemd_action --service_name=nginx --action=reload - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/remove b/scripts/remove index b38241f..d6746cb 100755 --- a/scripts/remove +++ b/scripts/remove @@ -9,16 +9,6 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -#REMOVEME? ynh_script_progression --message="Loading installation settings..." --weight=1 - -#REMOVEME? app=$YNH_APP_INSTANCE_NAME - -#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain) -#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir) - #================================================= # STANDARD REMOVE #================================================= @@ -40,14 +30,6 @@ ynh_script_progression --message="Stopping and removing the systemd service..." # Remove the dedicated systemd config ynh_remove_systemd_config -#================================================= -# REMOVE APP MAIN DIR -#================================================= -#REMOVEME? ynh_script_progression --message="Removing app main directory..." --weight=3 - -# Remove the app directory securely -#REMOVEME? ynh_secure_remove --file="$install_dir" - #================================================= # REMOVE NGINX CONFIGURATION #================================================= @@ -59,21 +41,11 @@ ynh_remove_nginx_config #================================================= # REMOVE DEPENDENCIES #================================================= -#REMOVEME? ynh_script_progression --message="Removing dependencies..." --weight=5 +ynh_script_progression --message="Removing dependencies..." --weight=5 # Remove NodeJS ynh_remove_nodejs -#================================================= -# GENERIC FINALIZATION -#================================================= -# REMOVE DEDICATED USER -#================================================= -#REMOVEME? ynh_script_progression --message="Removing the dedicated system user..." --weight=1 - -# Delete a system user -#REMOVEME? ynh_system_user_delete --username=$app - #================================================= # END OF SCRIPT #================================================= From 3af952eb27986dad3a736b2401326264fc3e3bcb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 2 May 2023 14:29:47 +0200 Subject: [PATCH 04/27] v2 --- conf/nginx.conf | 3 ++- doc/DISCLAIMER.md | 1 - manifest.toml | 1 - scripts/change_url | 8 ++++---- scripts/upgrade | 46 ++-------------------------------------------- tests.toml | 7 +++++++ 6 files changed, 15 insertions(+), 51 deletions(-) delete mode 100644 doc/DISCLAIMER.md create mode 100644 tests.toml diff --git a/conf/nginx.conf b/conf/nginx.conf index dbf29e6..6867a61 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,4 +1,5 @@ -location / { +#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; +location __PATH__/ { proxy_pass http://127.0.0.1:__PORT__/; proxy_http_version 1.1; diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md deleted file mode 100644 index c8c5e1e..0000000 --- a/doc/DISCLAIMER.md +++ /dev/null @@ -1 +0,0 @@ -Hat.sh requires a dedicated domain or subdomain. \ No newline at end of file diff --git a/manifest.toml b/manifest.toml index fdb8146..c2e872c 100644 --- a/manifest.toml +++ b/manifest.toml @@ -28,7 +28,6 @@ ram.runtime = "50M" [install] [install.domain] - # this is a generic question - ask strings are automatically handled by Yunohost's core type = "domain" full_domain = true diff --git a/scripts/change_url b/scripts/change_url index f5ff536..ae914ad 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -14,14 +14,14 @@ source /usr/share/yunohost/helpers #================================================= # STOP SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Stopping a systemd service..." --time --weight=1 +ynh_script_progression --message="Stopping a systemd service..." --weight=1 ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" #================================================= # MODIFY URL IN NGINX CONF #================================================= -ynh_script_progression --message="Updating NGINX web server configuration..." --time --weight=1 +ynh_script_progression --message="Updating NGINX web server configuration..." --weight=1 ynh_change_url_nginx_config @@ -30,7 +30,7 @@ ynh_change_url_nginx_config #================================================= # START SYSTEMD SERVICE #================================================= -ynh_script_progression --message="Starting a systemd service..." --time --weight=1 +ynh_script_progression --message="Starting a systemd service..." --weight=1 ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" @@ -38,4 +38,4 @@ ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$ap # END OF SCRIPT #================================================= -ynh_script_progression --message="Change of URL completed for $app" --time --last +ynh_script_progression --message="Change of URL completed for $app" --last diff --git a/scripts/upgrade b/scripts/upgrade index b94778f..cc5448e 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -9,38 +9,12 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -#REMOVEME? ynh_script_progression --message="Loading installation settings..." --weight=1 - -#REMOVEME? app=$YNH_APP_INSTANCE_NAME - -#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain) -#REMOVEME? path=$(ynh_app_setting_get --app=$app --key=path) -#REMOVEME? port=$(ynh_app_setting_get --app=$app --key=port) -#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir) - #================================================= # CHECK VERSION #================================================= upgrade_type=$(ynh_check_app_version_changed) -#================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP -#================================================= -#REMOVEME? ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=1 - -# Backup the current version of the app -#REMOVEME? ynh_backup_before_upgrade -#REMOVEME? ynh_clean_setup () { - # Restore it if the upgrade fails -#REMOVEME? ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -#REMOVEME? ynh_abort_if_errors - #================================================= # STANDARD UPGRADE STEPS #================================================= @@ -50,14 +24,6 @@ ynh_script_progression --message="Stopping a systemd service..." --weight=1 ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" -#================================================= -# CREATE DEDICATED USER -#================================================= -#REMOVEME? ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 - -# Create a dedicated user (if not existing) -#REMOVEME? ynh_system_user_create --username=$app --home_dir="$install_dir" - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -70,8 +36,7 @@ then ynh_setup_source --dest_dir="$install_dir" --keep=".env" fi -chmod 750 "$install_dir" -chmod -R o-rwx "$install_dir" +chmod 750 "$install_dir"chmod -R o-rwx "$install_dir" chown -R $app:www-data "$install_dir" #================================================= @@ -85,7 +50,7 @@ ynh_add_nginx_config #================================================= # UPGRADE DEPENDENCIES #================================================= -#REMOVEME? ynh_script_progression --message="Upgrading dependencies..." --weight=10 +ynh_script_progression --message="Upgrading dependencies..." --weight=10 # Install Nodejs ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version @@ -113,13 +78,6 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1 ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" -#================================================= -# RELOAD NGINX -#================================================= -#REMOVEME? ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - -#REMOVEME? ynh_systemd_action --service_name=nginx --action=reload - #================================================= # END OF SCRIPT #================================================= diff --git a/tests.toml b/tests.toml new file mode 100644 index 0000000..91daf17 --- /dev/null +++ b/tests.toml @@ -0,0 +1,7 @@ +test_format = 1.0 + +[default] + + # ------------ + # Tests to run + # ------------ \ No newline at end of file From 532713f09db7b522959a3a5b11c68506431c4cfb Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Tue, 2 May 2023 12:29:52 +0000 Subject: [PATCH 05/27] Auto-update README --- README.md | 3 --- README_fr.md | 3 --- 2 files changed, 6 deletions(-) diff --git a/README.md b/README.md index e3cbc5c..24bac76 100644 --- a/README.md +++ b/README.md @@ -27,9 +27,6 @@ Hat.sh is a web app that provides secure local file encryption in the browser. I ![Screenshot of Hat.sh](./doc/screenshots/screenshot.png) -## Disclaimers / important information - -Hat.sh requires a dedicated domain or subdomain. ## Documentation and resources * Official app website: diff --git a/README_fr.md b/README_fr.md index 7f861de..99ffa95 100644 --- a/README_fr.md +++ b/README_fr.md @@ -27,9 +27,6 @@ Hat.sh is a web app that provides secure local file encryption in the browser. I ![Capture d’écran de Hat.sh](./doc/screenshots/screenshot.png) -## Avertissements / informations importantes - -Hat.sh requires a dedicated domain or subdomain. ## Documentations et ressources * Site officiel de l’app : From 409099926fae1b9f4f6b1a999eaaefad3a5caf87 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 2 May 2023 14:30:32 +0200 Subject: [PATCH 06/27] fix --- .github/workflows/updater.sh | 137 ----------------------------------- manifest.toml | 1 + 2 files changed, 1 insertion(+), 137 deletions(-) delete mode 100755 .github/workflows/updater.sh diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh deleted file mode 100755 index 72eb5cb..0000000 --- a/.github/workflows/updater.sh +++ /dev/null @@ -1,137 +0,0 @@ -#!/bin/bash - -#================================================= -# PACKAGE UPDATING HELPER -#================================================= - -# This script is meant to be run by GitHub Actions -# The YunoHost-Apps organisation offers a template Action to run this script periodically -# Since each app is different, maintainers can adapt its contents so as to perform -# automatic actions when a new upstream release is detected. - -# Remove this exit command when you are ready to run this Action -exit 1 - -#================================================= -# FETCHING LATEST RELEASE AND ITS ASSETS -#================================================= - -# Fetching information -current_version=$(cat manifest.json | jq -j '.version|split("~")[0]') -repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]') -# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions) -version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1) -assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'")) - -# Later down the script, we assume the version has only digits and dots -# Sometimes the release name starts with a "v", so let's filter it out. -# You may need more tweaks here if the upstream repository has different naming conventions. -if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then - version=${version:1} -fi - -# Setting up the environment variables -echo "Current version: $current_version" -echo "Latest release from upstream: $version" -echo "VERSION=$version" >> $GITHUB_ENV -echo "REPO=$repo" >> $GITHUB_ENV -# For the time being, let's assume the script will fail -echo "PROCEED=false" >> $GITHUB_ENV - -# Proceed only if the retrieved version is greater than the current one -if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then - echo "::warning ::No new version available" - exit 0 -# Proceed only if a PR for this new version does not already exist -elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY.git ci-auto-update-v$version ; then - echo "::warning ::A branch already exists for this update" - exit 0 -fi - -# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.) -echo "${#assets[@]} available asset(s)" - -#================================================= -# UPDATE SOURCE FILES -#================================================= - -# Here we use the $assets variable to get the resources published in the upstream release. -# Here is an example for Grav, it has to be adapted in accordance with how the upstream releases look like. - -# Let's loop over the array of assets URLs -for asset_url in ${assets[@]}; do - -echo "Handling asset at $asset_url" - -# Assign the asset to a source file in conf/ directory -# Here we base the source file name upon a unique keyword in the assets url (admin vs. update) -# Leave $src empty to ignore the asset -case $asset_url in - *"admin"*) - src="app" - ;; - *"update"*) - src="app-upgrade" - ;; - *) - src="" - ;; -esac - -# If $src is not empty, let's process the asset -if [ ! -z "$src" ]; then - -# Create the temporary directory -tempdir="$(mktemp -d)" - -# Download sources and calculate checksum -filename=${asset_url##*/} -curl --silent -4 -L $asset_url -o "$tempdir/$filename" -checksum=$(sha256sum "$tempdir/$filename" | head -c 64) - -# Delete temporary directory -rm -rf $tempdir - -# Get extension -if [[ $filename == *.tar.gz ]]; then - extension=tar.gz -else - extension=${filename##*.} -fi - -# Rewrite source file -cat < conf/$src.src -SOURCE_URL=$asset_url -SOURCE_SUM=$checksum -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=$extension -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= -EOT -echo "... conf/$src.src updated" - -else -echo "... asset ignored" -fi - -done - -#================================================= -# SPECIFIC UPDATE STEPS -#================================================= - -# Any action on the app's source code can be done. -# The GitHub Action workflow takes care of committing all changes after this script ends. - -#================================================= -# GENERIC FINALIZATION -#================================================= - -# Replace new version in manifest -echo "$(jq -s --indent 4 ".[] | .version = \"$version~ynh1\"" manifest.json)" > manifest.json - -# No need to update the README, yunohost-bot takes care of it - -# The Action will proceed only if the PROCEED environment variable is set to true -echo "PROCEED=true" >> $GITHUB_ENV -exit 0 diff --git a/manifest.toml b/manifest.toml index c2e872c..f46466f 100644 --- a/manifest.toml +++ b/manifest.toml @@ -39,6 +39,7 @@ ram.runtime = "50M" [resources.sources.main] url = "https://github.com/sh-dv/hat.sh/archive/refs/tags/v2.3.6.zip" sha256 = "04f57d2d621e73faced46bf8738f921d5d2ca99e5ac37a41ff5391e3aa27e8f1" + autoupdate.strategy = "latest_github_tag" [resources.ports] From f713dacde29eee473e1ffdf65f7a2d7028a12340 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 2 May 2023 14:35:34 +0200 Subject: [PATCH 07/27] fix --- scripts/config | 2 -- scripts/restore | 41 +---------------------------------------- 2 files changed, 1 insertion(+), 42 deletions(-) diff --git a/scripts/config b/scripts/config index b9e79f8..7ce5e59 100644 --- a/scripts/config +++ b/scripts/config @@ -16,8 +16,6 @@ source /usr/share/yunohost/helpers -ynh_abort_if_errors - #================================================= # RETRIEVE ARGUMENTS #================================================= diff --git a/scripts/restore b/scripts/restore index ab55b51..a2b42dd 100755 --- a/scripts/restore +++ b/scripts/restore @@ -10,36 +10,6 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -#REMOVEME? ynh_clean_setup () { - #### Remove this function if there's nothing to clean before calling the remove script. - true -} -# Exit if an error occurs during the execution of the script -#REMOVEME? ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -#REMOVEME? ynh_script_progression --message="Loading installation settings..." --weight=1 - -#REMOVEME? app=$YNH_APP_INSTANCE_NAME - -#REMOVEME? domain=$(ynh_app_setting_get --app=$app --key=domain) -#REMOVEME? path=$(ynh_app_setting_get --app=$app --key=path) -#REMOVEME? #REMOVEME? install_dir=$(ynh_app_setting_get --app=$app --key=install_dir) - -#================================================= -# CHECK IF THE APP CAN BE RESTORED -#================================================= -#REMOVEME? ynh_script_progression --message="Validating restoration parameters..." --weight=1 - -#REMOVEME? test ! -d $install_dir \ - || ynh_die --message="There is already a directory: $install_dir " - #================================================= # STANDARD RESTORATION STEPS #================================================= @@ -49,14 +19,6 @@ ynh_script_progression --message="Restoring the NGINX web server configuration.. ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" -#================================================= -# RECREATE THE DEDICATED USER -#================================================= -#REMOVEME? ynh_script_progression --message="Recreating the dedicated system user..." --weight=1 - -# Create the dedicated user (if not existing) -#REMOVEME? ynh_system_user_create --username=$app --home_dir="$install_dir" - #================================================= # RESTORE THE APP MAIN DIR #================================================= @@ -64,7 +26,6 @@ ynh_script_progression --message="Restoring the app main directory..." --weight= ynh_restore_file --origin_path="$install_dir" -chmod 750 "$install_dir" chmod -R o-rwx "$install_dir" chown -R $app:www-data "$install_dir" @@ -73,7 +34,7 @@ chown -R $app:www-data "$install_dir" #================================================= # REINSTALL DEPENDENCIES #================================================= -#REMOVEME? ynh_script_progression --message="Reinstalling dependencies..." --weight=10 +ynh_script_progression --message="Reinstalling dependencies..." --weight=10 # Install Nodejs ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version From 9683ab0cabf9cf8fe11d827ee79162ee0e572aa7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 2 May 2023 14:38:54 +0200 Subject: [PATCH 08/27] Fix --- scripts/change_url | 4 ++-- scripts/install | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/change_url b/scripts/change_url index ae914ad..3a9b28d 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -16,7 +16,7 @@ source /usr/share/yunohost/helpers #================================================= ynh_script_progression --message="Stopping a systemd service..." --weight=1 -ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name=$app --action="stop" --log_path="systemd" #================================================= # MODIFY URL IN NGINX CONF @@ -32,7 +32,7 @@ ynh_change_url_nginx_config #================================================= ynh_script_progression --message="Starting a systemd service..." --weight=1 -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" #================================================= # END OF SCRIPT diff --git a/scripts/install b/scripts/install index c42fc9e..2bbfcd3 100755 --- a/scripts/install +++ b/scripts/install @@ -79,7 +79,7 @@ yunohost service add $app --description="Encrypt and Decrypt files securely" --l ynh_script_progression --message="Starting a systemd service..." --weight=1 # Start a systemd service -ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" +ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" #================================================= # END OF SCRIPT From 122948145e8b076d3f47c6f25e8df99486d04907 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 2 May 2023 14:39:24 +0200 Subject: [PATCH 09/27] Update systemd.service --- conf/systemd.service | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/conf/systemd.service b/conf/systemd.service index 1767e5c..18c31ce 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -6,8 +6,8 @@ After=network.target Type=simple User=__APP__ Group=__APP__ -Environment=NODE_PORT=__PORT__ -WorkingDirectory=__INSTALL_DIR__ +Environment="NODE_PORT=__PORT__" +WorkingDirectory=__INSTALL_DIR__/ Environment=PATH=__ENV_PATH__ Environment=NODE_ENV=production ExecStart=__YNH_NPM__ run start From c6dbfba3a13bb291d3ddb669d04d9dc9dab2b83a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 2 May 2023 14:42:09 +0200 Subject: [PATCH 10/27] Update systemd.service --- conf/systemd.service | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/conf/systemd.service b/conf/systemd.service index 18c31ce..453770d 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -6,11 +6,11 @@ After=network.target Type=simple User=__APP__ Group=__APP__ -Environment="NODE_PORT=__PORT__" +#Environment="NODE_PORT=__PORT__" WorkingDirectory=__INSTALL_DIR__/ Environment=PATH=__ENV_PATH__ -Environment=NODE_ENV=production -ExecStart=__YNH_NPM__ run start +#Environment=NODE_ENV=production +ExecStart=__YNH_NPM__ run start -p __PORT__ # Sandboxing options to harden security # Depending on specificities of your service/app, you may need to tweak these From 40ebd3f5885c45ab6fc836875fd1e16cacfbe164 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 2 May 2023 14:43:18 +0200 Subject: [PATCH 11/27] Update manifest.toml --- manifest.toml | 1 + 1 file changed, 1 insertion(+) diff --git a/manifest.toml b/manifest.toml index f46466f..3664c61 100644 --- a/manifest.toml +++ b/manifest.toml @@ -42,6 +42,7 @@ ram.runtime = "50M" autoupdate.strategy = "latest_github_tag" [resources.ports] + main.default = 3391 [resources.system_user] From 4341b6516f7059f34a3edec7a1313f3c8f8abf7a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 2 May 2023 15:02:01 +0200 Subject: [PATCH 12/27] Update systemd.service --- conf/systemd.service | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/conf/systemd.service b/conf/systemd.service index 453770d..532e581 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -10,7 +10,10 @@ Group=__APP__ WorkingDirectory=__INSTALL_DIR__/ Environment=PATH=__ENV_PATH__ #Environment=NODE_ENV=production -ExecStart=__YNH_NPM__ run start -p __PORT__ + +ExecStart=__YNH_NPM__ run next start -p __PORT__ + +#ExecStart=__YNH_NPM__ run start # Sandboxing options to harden security # Depending on specificities of your service/app, you may need to tweak these From 714792e9e07f8085fbb22c5febd8f634f783c2e0 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 17 May 2023 06:54:39 +0200 Subject: [PATCH 13/27] cleaning --- check_process | 24 ------------------------ conf/systemd.service | 5 ----- manifest.toml | 2 +- scripts/remove | 15 --------------- scripts/upgrade | 2 +- 5 files changed, 2 insertions(+), 46 deletions(-) delete mode 100644 check_process diff --git a/check_process b/check_process deleted file mode 100644 index ad5191d..0000000 --- a/check_process +++ /dev/null @@ -1,24 +0,0 @@ -;; Test complet - ; Manifest - domain="domain.tld" - path="/path" - is_public=1 - ; Checks - pkg_linter=1 - setup_sub_dir=0 - setup_root=1 - setup_nourl=0 - setup_private=1 - setup_public=1 - upgrade=1 - #upgrade=1 from_commit=CommitHash - backup_restore=1 - multi_instance=0 - change_url=1 -;;; Options -Email= -Notification=none -;;; Upgrade options - ; commit=CommitHash - name=Name and date of the commit. - manifest_arg=domain=DOMAIN&path=PATH&is_public=1&language=fr&admin=USER&password=pass&port=666& diff --git a/conf/systemd.service b/conf/systemd.service index 532e581..a9b5b91 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -6,15 +6,10 @@ After=network.target Type=simple User=__APP__ Group=__APP__ -#Environment="NODE_PORT=__PORT__" WorkingDirectory=__INSTALL_DIR__/ Environment=PATH=__ENV_PATH__ -#Environment=NODE_ENV=production - ExecStart=__YNH_NPM__ run next start -p __PORT__ -#ExecStart=__YNH_NPM__ run start - # Sandboxing options to harden security # Depending on specificities of your service/app, you may need to tweak these # .. but this should be a good baseline diff --git a/manifest.toml b/manifest.toml index 3664c61..b129d68 100644 --- a/manifest.toml +++ b/manifest.toml @@ -17,7 +17,7 @@ admindoc = "https://hat.sh/about/" code = "https://github.com/sh-dv/hat.sh" [integration] -yunohost = ">= 11.1.18" +yunohost = ">= 11.1.19" architectures = "all" multi_instance = false ldap = false diff --git a/scripts/remove b/scripts/remove index d6746cb..04dca7f 100755 --- a/scripts/remove +++ b/scripts/remove @@ -22,27 +22,12 @@ then yunohost service remove $app fi -#================================================= -# STOP AND REMOVE SERVICE -#================================================= -ynh_script_progression --message="Stopping and removing the systemd service..." --weight=1 - # Remove the dedicated systemd config ynh_remove_systemd_config -#================================================= -# REMOVE NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1 - # Remove the dedicated NGINX config ynh_remove_nginx_config -#================================================= -# REMOVE DEPENDENCIES -#================================================= -ynh_script_progression --message="Removing dependencies..." --weight=5 - # Remove NodeJS ynh_remove_nodejs diff --git a/scripts/upgrade b/scripts/upgrade index cc5448e..20ab2e0 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -36,7 +36,7 @@ then ynh_setup_source --dest_dir="$install_dir" --keep=".env" fi -chmod 750 "$install_dir"chmod -R o-rwx "$install_dir" +chmod -R o-rwx "$install_dir" chown -R $app:www-data "$install_dir" #================================================= From 0662f33b9671d06458b8db9d36f34d7d54adc542 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 17 May 2023 06:55:58 +0200 Subject: [PATCH 14/27] Update systemd.service --- conf/systemd.service | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/conf/systemd.service b/conf/systemd.service index a9b5b91..dd49422 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -6,9 +6,11 @@ After=network.target Type=simple User=__APP__ Group=__APP__ -WorkingDirectory=__INSTALL_DIR__/ +Environment=NODE_PORT=__PORT__ +WorkingDirectory=__FINALPATH__ Environment=PATH=__ENV_PATH__ -ExecStart=__YNH_NPM__ run next start -p __PORT__ +Environment=NODE_ENV=production +ExecStart=__YNH_NPM__ run start -p __PORT__ # Sandboxing options to harden security # Depending on specificities of your service/app, you may need to tweak these From 9eb461335258189d0c2614c24ba9ee0b38fdd272 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 17 May 2023 07:19:14 +0200 Subject: [PATCH 15/27] Update systemd.service --- conf/systemd.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/systemd.service b/conf/systemd.service index dd49422..e967f8b 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -7,7 +7,7 @@ Type=simple User=__APP__ Group=__APP__ Environment=NODE_PORT=__PORT__ -WorkingDirectory=__FINALPATH__ +WorkingDirectory=__INSTALL_DIR__ Environment=PATH=__ENV_PATH__ Environment=NODE_ENV=production ExecStart=__YNH_NPM__ run start -p __PORT__ From 1a24a8c934436ed3c7715f27e8b4a8bf91594722 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Wed, 17 May 2023 07:28:48 +0200 Subject: [PATCH 16/27] Update systemd.service --- conf/systemd.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/systemd.service b/conf/systemd.service index e967f8b..1767e5c 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -10,7 +10,7 @@ Environment=NODE_PORT=__PORT__ WorkingDirectory=__INSTALL_DIR__ Environment=PATH=__ENV_PATH__ Environment=NODE_ENV=production -ExecStart=__YNH_NPM__ run start -p __PORT__ +ExecStart=__YNH_NPM__ run start # Sandboxing options to harden security # Depending on specificities of your service/app, you may need to tweak these From 408a75b19ded228ec7280f8ce026616ed4b439e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Mon, 22 May 2023 21:33:02 +0200 Subject: [PATCH 17/27] Update systemd.service --- conf/systemd.service | 34 ---------------------------------- 1 file changed, 34 deletions(-) diff --git a/conf/systemd.service b/conf/systemd.service index 1767e5c..03b98c7 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -12,39 +12,5 @@ Environment=PATH=__ENV_PATH__ Environment=NODE_ENV=production ExecStart=__YNH_NPM__ run start -# Sandboxing options to harden security -# Depending on specificities of your service/app, you may need to tweak these -# .. but this should be a good baseline -# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html -NoNewPrivileges=yes -PrivateTmp=yes -PrivateDevices=yes -RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK -RestrictNamespaces=yes -RestrictRealtime=yes -DevicePolicy=closed -ProtectClock=yes -ProtectHostname=yes -ProtectProc=invisible -ProtectSystem=full -ProtectControlGroups=yes -ProtectKernelModules=yes -ProtectKernelTunables=yes -LockPersonality=yes -SystemCallArchitectures=native -SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged - -# Denying access to capabilities that should not be relevant for webapps -# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html -CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD -CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE -CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT -CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK -CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM -CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG -CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE -CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW -CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG - [Install] WantedBy=multi-user.target From e75971b30dafbb4785363d27c8cd2d51760ed01a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Mon, 22 May 2023 21:53:17 +0200 Subject: [PATCH 18/27] Update nginx.conf --- conf/nginx.conf | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 6867a61..dbf29e6 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,5 +1,4 @@ -#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; -location __PATH__/ { +location / { proxy_pass http://127.0.0.1:__PORT__/; proxy_http_version 1.1; From b3dc8700e70be15b10dd220663f0f9b076696f99 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Mon, 22 May 2023 21:57:13 +0200 Subject: [PATCH 19/27] Update install --- scripts/install | 24 +++++++----------------- 1 file changed, 7 insertions(+), 17 deletions(-) diff --git a/scripts/install b/scripts/install index 2bbfcd3..cdc2008 100755 --- a/scripts/install +++ b/scripts/install @@ -9,14 +9,6 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# INSTALL DEPENDENCIES -#================================================= -ynh_script_progression --message="Installing dependencies..." --weight=7 - -# Install Nodejs -ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -29,12 +21,12 @@ chmod -R o-rwx "$install_dir" chown -R $app:www-data "$install_dir" #================================================= -# NGINX CONFIGURATION +# INSTALL DEPENDENCIES #================================================= -ynh_script_progression --message="Configuring NGINX web server..." --weight=1 +ynh_script_progression --message="Installing dependencies..." --weight=7 -# Create a dedicated NGINX config -ynh_add_nginx_config +# Install Nodejs +ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version #================================================= # ADD A CONFIGURATION @@ -62,15 +54,13 @@ popd #================================================= ynh_script_progression --message="Configuring a systemd service..." --weight=3 +# Create a dedicated NGINX config +ynh_add_nginx_config + env_path="$PATH" # Create a dedicated systemd config ynh_add_systemd_config -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 - yunohost service add $app --description="Encrypt and Decrypt files securely" --log="/var/log/$app/$app.log" #================================================= From f6578f05225a742af0047dda2d77780301ea1cc4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Mon, 22 May 2023 22:02:16 +0200 Subject: [PATCH 20/27] Update install --- scripts/install | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/install b/scripts/install index cdc2008..a58b646 100755 --- a/scripts/install +++ b/scripts/install @@ -49,6 +49,10 @@ pushd $install_dir ynh_exec_warn_less sudo -u $app env $ynh_node_load_PATH npm run build popd +chmod -R 750 "$install_dir" +chmod -R o-rwx "$install_dir" +chown -R $app:www-data "$install_dir" + #================================================= # SETUP SYSTEMD #================================================= From 117ca7b52c070cd2905de891bb5762fa0b2314d2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Sat, 3 Jun 2023 14:37:41 +0200 Subject: [PATCH 21/27] cleaning --- conf/nginx.conf | 2 +- manifest.toml | 1 - scripts/_common.sh | 2 +- 3 files changed, 2 insertions(+), 3 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index dbf29e6..8629a9c 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,6 +1,6 @@ location / { - proxy_pass http://127.0.0.1:__PORT__/; + proxy_pass http://127.0.0.1:__PORT__; proxy_http_version 1.1; proxy_set_header Connection "upgrade"; proxy_set_header Upgrade $http_upgrade; diff --git a/manifest.toml b/manifest.toml index b129d68..f8b6b46 100644 --- a/manifest.toml +++ b/manifest.toml @@ -42,7 +42,6 @@ ram.runtime = "50M" autoupdate.strategy = "latest_github_tag" [resources.ports] - main.default = 3391 [resources.system_user] diff --git a/scripts/_common.sh b/scripts/_common.sh index a862ce1..2540c42 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -5,7 +5,7 @@ #================================================= # nodejs version -nodejs_version=16 +nodejs_version=18 #================================================= # PERSONAL HELPERS From 66fcc145585e7e475b2350b7cf6b6519b14bec2d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Sat, 3 Jun 2023 14:52:43 +0200 Subject: [PATCH 22/27] Update manifest.toml --- manifest.toml | 1 + 1 file changed, 1 insertion(+) diff --git a/manifest.toml b/manifest.toml index f8b6b46..3317a1d 100644 --- a/manifest.toml +++ b/manifest.toml @@ -42,6 +42,7 @@ ram.runtime = "50M" autoupdate.strategy = "latest_github_tag" [resources.ports] + main.default = 3991 [resources.system_user] From 322b9a652964278d1fbe74f8c6b4231e522fa0af Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 18 Aug 2023 11:19:59 +0200 Subject: [PATCH 23/27] fix --- conf/nginx.conf | 3 ++- conf/systemd.service | 2 +- manifest.toml | 2 +- scripts/install | 2 +- scripts/restore | 28 ++-------------------------- scripts/upgrade | 17 +---------------- 6 files changed, 8 insertions(+), 46 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 8629a9c..4b6cdf9 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,4 +1,5 @@ -location / { +#sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; +location __PATH__/ { proxy_pass http://127.0.0.1:__PORT__; proxy_http_version 1.1; diff --git a/conf/systemd.service b/conf/systemd.service index 03b98c7..94ad361 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -1,5 +1,5 @@ [Unit] -Description=Hat.sh: Encrypt and Decrypt files securely +Description=Hat.sh: encrypt and decrypt files securely After=network.target [Service] diff --git a/manifest.toml b/manifest.toml index 3317a1d..042c8e5 100644 --- a/manifest.toml +++ b/manifest.toml @@ -17,7 +17,7 @@ admindoc = "https://hat.sh/about/" code = "https://github.com/sh-dv/hat.sh" [integration] -yunohost = ">= 11.1.19" +yunohost = ">= 11.2" architectures = "all" multi_instance = false ldap = false diff --git a/scripts/install b/scripts/install index a58b646..c6b81ab 100755 --- a/scripts/install +++ b/scripts/install @@ -65,7 +65,7 @@ env_path="$PATH" # Create a dedicated systemd config ynh_add_systemd_config -yunohost service add $app --description="Encrypt and Decrypt files securely" --log="/var/log/$app/$app.log" +yunohost service add $app --description="Encrypt and decrypt files securely" --log="/var/log/$app/$app.log" #================================================= # START SYSTEMD SERVICE diff --git a/scripts/restore b/scripts/restore index a2b42dd..a3b9edd 100755 --- a/scripts/restore +++ b/scripts/restore @@ -10,15 +10,6 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# STANDARD RESTORATION STEPS -#================================================= -# RESTORE THE NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Restoring the NGINX web server configuration..." --weight=1 - -ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" - #================================================= # RESTORE THE APP MAIN DIR #================================================= @@ -39,20 +30,12 @@ ynh_script_progression --message="Reinstalling dependencies..." --weight=10 # Install Nodejs ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version -#================================================= -# RESTORE SYSTEMD -#================================================= -ynh_script_progression --message="Restoring the systemd configuration..." --weight=1 +ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" ynh_restore_file --origin_path="/etc/systemd/system/$app.service" systemctl enable $app.service --quiet -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 - -yunohost service add $app --description="Encrypt and Decrypt files securely" --log="/var/log/$app/$app.log" +yunohost service add $app --description="Encrypt and decrypt files securely" --log="/var/log/$app/$app.log" #================================================= # START SYSTEMD SERVICE @@ -61,13 +44,6 @@ ynh_script_progression --message="Starting a systemd service..." --weight=3 ynh_systemd_action --service_name=$app --action="start" --log_path="systemd" -#================================================= -# GENERIC FINALIZATION -#================================================= -# RELOAD NGINX AND PHP-FPM -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - ynh_systemd_action --service_name=nginx --action=reload #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 20ab2e0..b4142f4 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -47,29 +47,14 @@ ynh_script_progression --message="Upgrading NGINX web server configuration..." - # Create a dedicated NGINX config ynh_add_nginx_config -#================================================= -# UPGRADE DEPENDENCIES -#================================================= -ynh_script_progression --message="Upgrading dependencies..." --weight=10 - # Install Nodejs ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version -#================================================= -# SETUP SYSTEMD -#================================================= -ynh_script_progression --message="Upgrading systemd configuration..." --weight=1 - env_path="$PATH" # Create a dedicated systemd config ynh_add_systemd_config -#================================================= -# INTEGRATE SERVICE IN YUNOHOST -#================================================= -ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 - -yunohost service add $app --description="Encrypt and Decrypt files securely" --log="/var/log/$app/$app.log" +yunohost service add $app --description="Encrypt and decrypt files securely" --log="/var/log/$app/$app.log" #================================================= # START SYSTEMD SERVICE From cd46b53b26e6cf158d94d6f25a0a9ecb8538dd0b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 15 Sep 2023 23:20:04 +0200 Subject: [PATCH 24/27] Update manifest.toml --- manifest.toml | 1 - 1 file changed, 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index 042c8e5..ad914b2 100644 --- a/manifest.toml +++ b/manifest.toml @@ -29,7 +29,6 @@ ram.runtime = "50M" [install] [install.domain] type = "domain" - full_domain = true [install.init_main_permission] type = "group" From 9f70e5658c0ad71ddf080a512ddda8850234f56d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Sat, 16 Sep 2023 08:25:37 +0200 Subject: [PATCH 25/27] cleaning --- conf/systemd.service | 34 ++++++++++++++++++++++++++++++++++ doc/DESCRIPTION_fr.md | 1 + scripts/_common.sh | 2 +- 3 files changed, 36 insertions(+), 1 deletion(-) create mode 100644 doc/DESCRIPTION_fr.md diff --git a/conf/systemd.service b/conf/systemd.service index 94ad361..f788c59 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -12,5 +12,39 @@ Environment=PATH=__ENV_PATH__ Environment=NODE_ENV=production ExecStart=__YNH_NPM__ run start +# Sandboxing options to harden security +# Depending on specificities of your service/app, you may need to tweak these +# .. but this should be a good baseline +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectClock=yes +ProtectHostname=yes +ProtectProc=invisible +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallArchitectures=native +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG + [Install] WantedBy=multi-user.target diff --git a/doc/DESCRIPTION_fr.md b/doc/DESCRIPTION_fr.md new file mode 100644 index 0000000..3422fc6 --- /dev/null +++ b/doc/DESCRIPTION_fr.md @@ -0,0 +1 @@ +Hat.sh est une application Web qui fournit un chiffrement local sécurisé des fichiers dans le navigateur. Il est rapide, sécurisé et utilise des algorithmes cryptographiques modernes avec un chiffrement/déchiffrement de flux AEAD fragmenté. \ No newline at end of file diff --git a/scripts/_common.sh b/scripts/_common.sh index 2540c42..f053b64 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -5,7 +5,7 @@ #================================================= # nodejs version -nodejs_version=18 +nodejs_version=20 #================================================= # PERSONAL HELPERS From 76e898e889ba9d1d97df425542c78269ed0b4799 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Sat, 16 Sep 2023 06:25:48 +0000 Subject: [PATCH 26/27] Auto-update README --- README_fr.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/README_fr.md b/README_fr.md index 99ffa95..f4d83ea 100644 --- a/README_fr.md +++ b/README_fr.md @@ -16,8 +16,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po ## Vue d’ensemble -Hat.sh is a web app that provides secure local file encryption in the browser. It's fast, secure, and uses modern cryptographic algorithms with chunked AEAD stream encryption/decryption. - +Hat.sh est une application Web qui fournit un chiffrement local sécurisé des fichiers dans le navigateur. Il est rapide, sécurisé et utilise des algorithmes cryptographiques modernes avec un chiffrement/déchiffrement de flux AEAD fragmenté. **Version incluse :** 2.3.6~ynh2 From 4a503e0b1941a1454d1cfc241d7044300192bf78 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Sat, 16 Sep 2023 08:26:05 +0200 Subject: [PATCH 27/27] Update manifest.toml --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index ad914b2..f7e1c6f 100644 --- a/manifest.toml +++ b/manifest.toml @@ -23,7 +23,7 @@ multi_instance = false ldap = false sso = false disk = "50M" -ram.build = "50M" +ram.build = "900M" ram.runtime = "50M" [install]