From 666a4505268adad1173df842a5a75f071e62fccb Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Sun, 22 May 2022 22:23:07 +0200 Subject: [PATCH 01/11] 0.18.0 --- README.md | 2 +- README_fr.md | 2 +- conf/app.src | 4 ++-- manifest.json | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 089e6e6..3bb3b27 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Kresus is an open-source libre self-hosted personal finance manager. It allows you to safely track your banking history, check your overall balance and know exactly how you are spending money using categories! -**Shipped version:** 0.17.4~ynh2 +**Shipped version:** 0.18.0~ynh1 ## Screenshots diff --git a/README_fr.md b/README_fr.md index dfa063f..2c1ae76 100644 --- a/README_fr.md +++ b/README_fr.md @@ -17,7 +17,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour Kresus est un gestionnaire de finances personnelles gratuit et libre qui tourne sur votre serveur. Il récupère automatiquement et quotidiennement toutes vos nouvelles transactions bancaires et vous permet de les catégoriser, étudier via des graphiques, et établir un budget. -**Version incluse :** 0.17.4~ynh2 +**Version incluse :** 0.18.0~ynh1 ## Captures d'écran diff --git a/conf/app.src b/conf/app.src index df70627..a662e73 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://framagit.org/kresusapp/kresus/-/archive/0.17.4/kresus-0.17.4.tar.bz2 -SOURCE_SUM=bf08050b9f704c5727f2e6a8410f2a2914f589372a2de539c429fd1fec0e7613 +SOURCE_URL=https://framagit.org/kresusapp/kresus/-/archive/0.18.0/kresus-0.18.0.tar.bz2 +SOURCE_SUM=2bbade2feafc1ab60218f136fb5b5bb6c5b3d88a4936b2a39704c8b12cd64e68 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.bz2 SOURCE_IN_SUBDIR=true diff --git a/manifest.json b/manifest.json index ef7e6e8..c2faccb 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Personal finance manager", "fr": "Outil personnel de gestion de finances" }, - "version": "0.17.4~ynh2", + "version": "0.18.0~ynh1", "url": "https://framagit.org/kresusapp/kresus", "upstream": { "license": "free", From 7fba61557d9d1df3ac8cab298130366c14d9d24c Mon Sep 17 00:00:00 2001 From: Nicolas Frandeboeuf Date: Tue, 31 May 2022 06:36:02 +0000 Subject: [PATCH 02/11] Add python3-pdfminer dependency (banquepostale) --- scripts/_common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index e16025c..eaf544c 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -5,7 +5,7 @@ #================================================= # dependencies used by the app -pkg_dependencies="dh-autoreconf python3-pip python3-dev python3-lxml python3-pillow virtualenv postgresql libffi-dev libopenjp2-7" +pkg_dependencies="dh-autoreconf python3-pip python3-dev python3-lxml python3-pillow virtualenv postgresql libffi-dev libopenjp2-7 python3-pdfminer" nodejs_version=14 From 5a7ef0ae90b99d2bfd893eaf8ad724fb31acca35 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Tue, 31 May 2022 06:38:13 +0000 Subject: [PATCH 03/11] Auto-update README --- README_fr.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README_fr.md b/README_fr.md index 2c1ae76..da61b1f 100644 --- a/README_fr.md +++ b/README_fr.md @@ -5,7 +5,7 @@ It shall NOT be edited by hand. # Kresus pour YunoHost -[![Niveau d'intégration](https://dash.yunohost.org/integration/kresus.svg)](https://dash.yunohost.org/appci/app/kresus) ![Status du fonctionnement](https://ci-apps.yunohost.org/ci/badges/kresus.status.svg) ![Status de maintenance](https://ci-apps.yunohost.org/ci/badges/kresus.maintain.svg) +[![Niveau d'intégration](https://dash.yunohost.org/integration/kresus.svg)](https://dash.yunohost.org/appci/app/kresus) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/kresus.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/kresus.maintain.svg) [![Installer Kresus avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=kresus) *[Read this readme in english.](./README.md)* From a0ae56293e58c3e604e26d4c9fc219481d02c3f6 Mon Sep 17 00:00:00 2001 From: Nicolas Frandeboeuf Date: Tue, 31 May 2022 12:52:08 +0000 Subject: [PATCH 04/11] Remove python3-pdfminer and fix missing pdfminer dependency instead --- scripts/_common.sh | 2 +- scripts/install | 2 +- scripts/upgrade | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index eaf544c..e16025c 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -5,7 +5,7 @@ #================================================= # dependencies used by the app -pkg_dependencies="dh-autoreconf python3-pip python3-dev python3-lxml python3-pillow virtualenv postgresql libffi-dev libopenjp2-7 python3-pdfminer" +pkg_dependencies="dh-autoreconf python3-pip python3-dev python3-lxml python3-pillow virtualenv postgresql libffi-dev libopenjp2-7" nodejs_version=14 diff --git a/scripts/install b/scripts/install index d807374..5dfcd71 100644 --- a/scripts/install +++ b/scripts/install @@ -132,7 +132,7 @@ virtualenv --python=python3 --system-site-packages "${final_path}/venv" set -o nounset pip install --upgrade pip - pip install woob html2text simplejson BeautifulSoup4 PyExecJS pdfminer.six --ignore-installed + pip install woob html2text simplejson BeautifulSoup4 PyExecJS typing-extensions pdfminer.six --ignore-installed ) #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 6c4a21a..dfc9648 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -157,7 +157,7 @@ virtualenv --python=python3 --system-site-packages "${final_path}/venv" set -o nounset pip install --upgrade pip - pip install woob html2text simplejson BeautifulSoup4 PyExecJS pdfminer.six --ignore-installed + pip install woob html2text simplejson BeautifulSoup4 PyExecJS typing-extensions pdfminer.six --ignore-installed ) #================================================= From 7fb102d12532e98b81f18ab50635851240b57721 Mon Sep 17 00:00:00 2001 From: Nicolas Frandeboeuf Date: Tue, 14 Jun 2022 08:10:00 +0000 Subject: [PATCH 05/11] 0.18.1 --- README.md | 4 ++-- README_fr.md | 4 ++-- conf/app.src | 4 ++-- manifest.json | 2 +- 4 files changed, 7 insertions(+), 7 deletions(-) diff --git a/README.md b/README.md index 3bb3b27..e792c13 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ It shall NOT be edited by hand. # Kresus for YunoHost -[![Integration level](https://dash.yunohost.org/integration/kresus.svg)](https://dash.yunohost.org/appci/app/kresus) ![Working status](https://ci-apps.yunohost.org/ci/badges/kresus.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/kresus.maintain.svg) +[![Integration level](https://dash.yunohost.org/integration/kresus.svg)](https://dash.yunohost.org/appci/app/kresus) ![Working status](https://ci-apps.yunohost.org/ci/badges/kresus.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/kresus.maintain.svg) [![Install Kresus with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=kresus) *[Lire ce readme en français.](./README_fr.md)* @@ -18,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Kresus is an open-source libre self-hosted personal finance manager. It allows you to safely track your banking history, check your overall balance and know exactly how you are spending money using categories! -**Shipped version:** 0.18.0~ynh1 +**Shipped version:** 0.18.1~ynh1 ## Screenshots diff --git a/README_fr.md b/README_fr.md index da61b1f..fb1641d 100644 --- a/README_fr.md +++ b/README_fr.md @@ -5,7 +5,7 @@ It shall NOT be edited by hand. # Kresus pour YunoHost -[![Niveau d'intégration](https://dash.yunohost.org/integration/kresus.svg)](https://dash.yunohost.org/appci/app/kresus) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/kresus.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/kresus.maintain.svg) +[![Niveau d'intégration](https://dash.yunohost.org/integration/kresus.svg)](https://dash.yunohost.org/appci/app/kresus) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/kresus.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/kresus.maintain.svg) [![Installer Kresus avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=kresus) *[Read this readme in english.](./README.md)* @@ -17,7 +17,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour Kresus est un gestionnaire de finances personnelles gratuit et libre qui tourne sur votre serveur. Il récupère automatiquement et quotidiennement toutes vos nouvelles transactions bancaires et vous permet de les catégoriser, étudier via des graphiques, et établir un budget. -**Version incluse :** 0.18.0~ynh1 +**Version incluse :** 0.18.1~ynh1 ## Captures d'écran diff --git a/conf/app.src b/conf/app.src index a662e73..3bf7bfb 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://framagit.org/kresusapp/kresus/-/archive/0.18.0/kresus-0.18.0.tar.bz2 -SOURCE_SUM=2bbade2feafc1ab60218f136fb5b5bb6c5b3d88a4936b2a39704c8b12cd64e68 +SOURCE_URL=https://framagit.org/kresusapp/kresus/-/archive/0.18.1/kresus-0.18.1.tar.bz2 +SOURCE_SUM=3a32a3c78a3b724fd186ad212e743894872a0a7aee6efa8f02c454a76973e1ed SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.bz2 SOURCE_IN_SUBDIR=true diff --git a/manifest.json b/manifest.json index c2faccb..3d50f9e 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Personal finance manager", "fr": "Outil personnel de gestion de finances" }, - "version": "0.18.0~ynh1", + "version": "0.18.1~ynh1", "url": "https://framagit.org/kresusapp/kresus", "upstream": { "license": "free", From 5ce92fcf8262c7783560b3c88b3e6d716484b274 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Tue, 14 Jun 2022 08:13:38 +0000 Subject: [PATCH 06/11] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index e792c13..0c3eef2 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ It shall NOT be edited by hand. # Kresus for YunoHost -[![Integration level](https://dash.yunohost.org/integration/kresus.svg)](https://dash.yunohost.org/appci/app/kresus) ![Working status](https://ci-apps.yunohost.org/ci/badges/kresus.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/kresus.maintain.svg) +[![Integration level](https://dash.yunohost.org/integration/kresus.svg)](https://dash.yunohost.org/appci/app/kresus) ![Working status](https://ci-apps.yunohost.org/ci/badges/kresus.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/kresus.maintain.svg) [![Install Kresus with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=kresus) *[Lire ce readme en français.](./README_fr.md)* diff --git a/README_fr.md b/README_fr.md index fb1641d..4b0bc55 100644 --- a/README_fr.md +++ b/README_fr.md @@ -5,7 +5,7 @@ It shall NOT be edited by hand. # Kresus pour YunoHost -[![Niveau d'intégration](https://dash.yunohost.org/integration/kresus.svg)](https://dash.yunohost.org/appci/app/kresus) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/kresus.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/kresus.maintain.svg) +[![Niveau d'intégration](https://dash.yunohost.org/integration/kresus.svg)](https://dash.yunohost.org/appci/app/kresus) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/kresus.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/kresus.maintain.svg) [![Installer Kresus avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=kresus) *[Read this readme in english.](./README.md)* From e483320dfc9ae7db2dab22ebae1f2005194c7c83 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Wed, 15 Jun 2022 01:48:45 +0200 Subject: [PATCH 07/11] Upgrade to 0.18.1~ynh2 --- check_process | 1 - conf/nginx.conf | 30 +++++++++++++++--------------- conf/systemd.service | 2 +- manifest.json | 2 +- scripts/backup | 2 +- scripts/install | 9 +++++---- scripts/remove | 2 +- scripts/restore | 21 +++++++++++---------- scripts/upgrade | 17 +++++++++-------- 9 files changed, 44 insertions(+), 42 deletions(-) diff --git a/check_process b/check_process index ebb5e64..90cf11b 100644 --- a/check_process +++ b/check_process @@ -19,4 +19,3 @@ ;;; Options Email= Notification=all -;;; Upgrade options diff --git a/conf/nginx.conf b/conf/nginx.conf index e8a0e30..023598e 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,27 +1,27 @@ #sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; location __PATH__/ { - alias __FINALPATH__/build/client/; - try_files $uri $uri/index.html @kresus; + alias __FINALPATH__/build/client/; + try_files $uri $uri/index.html @kresus; - # Include SSOWAT user panel. - include conf.d/yunohost_panel.conf.inc; + # Include SSOWAT user panel. + include conf.d/yunohost_panel.conf.inc; } location ~ __PATH__/\.(css|js|png|jpe?g|svg|eot|woff2?)$ { - more_set_headers 'Cache-Control: max-age=2592000, must-revalidate, public'; - gzip_types text/plain text/css application/javascript text/javascript; - try_files $uri $uri/index.html @kresus; + more_set_headers 'Cache-Control: max-age=2592000, must-revalidate, public'; + gzip_types text/plain text/css application/javascript text/javascript; + try_files $uri $uri/index.html @kresus; } location @kresus { - client_max_body_size 8M; - send_timeout 600; - proxy_connect_timeout 600; - proxy_send_timeout 600; - proxy_read_timeout 600; - proxy_set_header Host $host; + client_max_body_size 8M; + send_timeout 600; + proxy_connect_timeout 600; + proxy_send_timeout 600; + proxy_read_timeout 600; + proxy_set_header Host $host; - proxy_pass http://127.0.0.1:__PORT__; - proxy_redirect off; + proxy_pass http://127.0.0.1:__PORT__; + proxy_redirect off; } diff --git a/conf/systemd.service b/conf/systemd.service index 78f9d9b..72099ae 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -7,7 +7,7 @@ Type=simple User=__APP__ Group=__APP__ WorkingDirectory=__FINALPATH__ -Environment="PATH=__YNH_NODE_LOAD_PATH__" +Environment="__YNH_NODE_LOAD_PATH__" Environment=NODE_ENV=production ExecStart=__FINALPATH__/bin/kresus.js --config __FINALPATH__/config.ini Restart=always diff --git a/manifest.json b/manifest.json index 3d50f9e..2cda8d9 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Personal finance manager", "fr": "Outil personnel de gestion de finances" }, - "version": "0.18.1~ynh1", + "version": "0.18.1~ynh2", "url": "https://framagit.org/kresusapp/kresus", "upstream": { "license": "free", diff --git a/scripts/backup b/scripts/backup index a9dd460..37a5e95 100644 --- a/scripts/backup +++ b/scripts/backup @@ -15,7 +15,7 @@ source /usr/share/yunohost/helpers #================================================= ynh_clean_setup () { - ynh_clean_check_starting + true } # Exit if an error occurs during the execution of the script ynh_abort_if_errors diff --git a/scripts/install b/scripts/install index 5dfcd71..f67e5e8 100644 --- a/scripts/install +++ b/scripts/install @@ -29,6 +29,8 @@ architecture=$YNH_ARCH app=$YNH_APP_INSTANCE_NAME +salt=$(ynh_string_random --length=40) + #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= @@ -53,6 +55,7 @@ ynh_script_progression --message="Storing installation settings..." ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url +ynh_app_setting_set --app=$app --key=salt --value=$salt #================================================= # STANDARD MODIFICATIONS @@ -61,12 +64,10 @@ ynh_app_setting_set --app=$app --key=path --value=$path_url #================================================= ynh_script_progression --message="Finding an available port..." +# Find an available port port=$(ynh_find_port --port=9876) ynh_app_setting_set --app=$app --key=port --value=$port -salt=$(ynh_string_random --length=40) -ynh_app_setting_set --app=$app --key=salt --value=$salt - #================================================= # INSTALL DEPENDENCIES #================================================= @@ -104,7 +105,7 @@ ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$final_path" -mkdir "$final_path/data" +mkdir -p "$final_path/data" chmod 750 "$final_path" chmod -R o-rwx "$final_path" diff --git a/scripts/remove b/scripts/remove index b975466..62bcce7 100644 --- a/scripts/remove +++ b/scripts/remove @@ -81,8 +81,8 @@ ynh_remove_nginx_config ynh_script_progression --message="Removing dependencies..." # Remove metapackage and its dependencies -ynh_remove_app_dependencies ynh_remove_nodejs +ynh_remove_app_dependencies #================================================= # SPECIFIC REMOVE diff --git a/scripts/restore b/scripts/restore index de39e0c..ff44581 100644 --- a/scripts/restore +++ b/scripts/restore @@ -14,6 +14,9 @@ source /usr/share/yunohost/helpers # MANAGE SCRIPT FAILURE #================================================= +ynh_clean_setup () { + ynh_clean_check_starting +} # Exit if an error occurs during the execution of the script ynh_abort_if_errors @@ -29,7 +32,6 @@ path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_user=$db_name -db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) salt=$(ynh_app_setting_get --app=$app --key=salt) #================================================= @@ -49,13 +51,6 @@ test ! -d $final_path \ #================================================= # STANDARD RESTORATION STEPS -#================================================= -# RESTORE THE NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Restoring the NGINX web server configuration..." - -ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" - #================================================= # RECREATE THE DEDICATED USER #================================================= @@ -89,15 +84,21 @@ ynh_script_progression --message="Reinstalling dependencies..." ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version +#================================================= +# RESTORE THE NGINX CONFIGURATION +#================================================= +ynh_script_progression --message="Restoring the NGINX web server configuration..." + +ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" + #================================================= # RESTORE THE POSTGRESQL DATABASE #================================================= ynh_script_progression --message="Restoring the PostgreSQL database..." ynh_psql_test_if_first_run -ynh_print_OFF +db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd -ynh_print_ON ynh_psql_execute_file_as_root --file="./db.sql" --database=$db_name #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index dfc9648..9f58fdf 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -40,6 +40,7 @@ ynh_script_progression --message="Backing up the app before upgrading (may take # Backup the current version of the app ynh_backup_before_upgrade ynh_clean_setup () { + ynh_clean_check_starting # Restore it if the upgrade fails ynh_restore_upgradebackup } @@ -117,14 +118,6 @@ chmod 750 "$final_path" chmod -R o-rwx "$final_path" chown -R $app:www-data "$final_path" -#================================================= -# NGINX CONFIGURATION -#================================================= -ynh_script_progression --message="Upgrading NGINX web server configuration..." - -# Create a dedicated NGINX config -ynh_add_nginx_config - #================================================= # UPGRADE DEPENDENCIES #================================================= @@ -142,6 +135,14 @@ then db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) fi +#================================================= +# NGINX CONFIGURATION +#================================================= +ynh_script_progression --message="Upgrading NGINX web server configuration..." + +# Create a dedicated NGINX config +ynh_add_nginx_config + #================================================= # SPECIFIC UPGRADE #================================================= From aec67ee411a8bb1872893625afb4d78346f38e66 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Tue, 14 Jun 2022 23:48:49 +0000 Subject: [PATCH 08/11] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 0c3eef2..a8bde23 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Kresus is an open-source libre self-hosted personal finance manager. It allows you to safely track your banking history, check your overall balance and know exactly how you are spending money using categories! -**Shipped version:** 0.18.1~ynh1 +**Shipped version:** 0.18.1~ynh2 ## Screenshots diff --git a/README_fr.md b/README_fr.md index 4b0bc55..31cd609 100644 --- a/README_fr.md +++ b/README_fr.md @@ -17,7 +17,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour Kresus est un gestionnaire de finances personnelles gratuit et libre qui tourne sur votre serveur. Il récupère automatiquement et quotidiennement toutes vos nouvelles transactions bancaires et vous permet de les catégoriser, étudier via des graphiques, et établir un budget. -**Version incluse :** 0.18.1~ynh1 +**Version incluse :** 0.18.1~ynh2 ## Captures d'écran From 90a7e903b1862e7fa2847e24555538a0d2dcdf8e Mon Sep 17 00:00:00 2001 From: yalh76 Date: Fri, 17 Jun 2022 03:00:20 +0200 Subject: [PATCH 09/11] Fix permissions --- conf/systemd.service | 17 +++++++++-------- scripts/install | 4 ++-- scripts/upgrade | 3 ++- 3 files changed, 13 insertions(+), 11 deletions(-) diff --git a/conf/systemd.service b/conf/systemd.service index 72099ae..e1fec1a 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -6,15 +6,19 @@ After=syslog.target network.target Type=simple User=__APP__ Group=__APP__ -WorkingDirectory=__FINALPATH__ +WorkingDirectory=__FINALPATH__/ Environment="__YNH_NODE_LOAD_PATH__" Environment=NODE_ENV=production ExecStart=__FINALPATH__/bin/kresus.js --config __FINALPATH__/config.ini Restart=always -NoNewPrivileges=true -PrivateDevices=true -PrivateTmp=true -ProtectHome=true +StandardOutput=syslog +StandardError=syslog +SyslogIdentifier=__APP__ + +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +ProtectHome=yes ProtectSystem=strict ProtectControlGroups=yes ProtectKernelModules=yes @@ -26,9 +30,6 @@ ProtectKernelModules=yes SupplementaryGroups=postdrop ReadWritePaths=__FINALPATH__/config.ini __FINALPATH__/data/ /var/spool/postfix/maildrop/ -StandardOutput=syslog -StandardError=syslog -SyslogIdentifier=__APP__ [Install] WantedBy=multi-user.target diff --git a/scripts/install b/scripts/install index f67e5e8..7e5b528 100644 --- a/scripts/install +++ b/scripts/install @@ -135,6 +135,7 @@ virtualenv --python=python3 --system-site-packages "${final_path}/venv" pip install --upgrade pip pip install woob html2text simplejson BeautifulSoup4 PyExecJS typing-extensions pdfminer.six --ignore-installed ) +chown -R $app:www-data "$final_path" #================================================= # INTSALL KRESUS WITH NPM @@ -144,10 +145,9 @@ ynh_script_progression --message="Installing app..." ynh_use_nodejs ( cd "$final_path" - chown -R "$app": "$final_path" - ynh_exec_warn_less $ynh_npm install --production --unsafe-perm ) +chown -R $app:www-data "$final_path" #================================================= # ADD A CONFIGURATION diff --git a/scripts/upgrade b/scripts/upgrade index 9f58fdf..f86f45d 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -160,6 +160,7 @@ virtualenv --python=python3 --system-site-packages "${final_path}/venv" pip install --upgrade pip pip install woob html2text simplejson BeautifulSoup4 PyExecJS typing-extensions pdfminer.six --ignore-installed ) +chown -R $app:www-data "$final_path" #================================================= # INSTALL KRESUS WITH NPM @@ -169,7 +170,6 @@ ynh_script_progression --message="Installing app..." ynh_use_nodejs ( cd "$final_path" - chown -R $app: "$final_path" # In case of nodejs upgrade, remove the current node_modules to make sure there are no errors # linked to modules compiled for the previous version. @@ -177,6 +177,7 @@ ynh_use_nodejs ynh_exec_warn_less $ynh_npm install --production --unsafe-perm ) +chown -R $app:www-data "$final_path" #================================================= # UPDATE A CONFIG FILE From 6883ba26f9adab07965afd51432bc30c3c95af21 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Fri, 17 Jun 2022 03:10:55 +0200 Subject: [PATCH 10/11] Update systemd.service --- conf/systemd.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/systemd.service b/conf/systemd.service index e1fec1a..6b13e26 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -19,7 +19,7 @@ NoNewPrivileges=yes PrivateTmp=yes PrivateDevices=yes ProtectHome=yes -ProtectSystem=strict +ProtectSystem=full ProtectControlGroups=yes ProtectKernelModules=yes # to allow this systemd service to use sendmail. From f54d8268edd511a6b199f891bcce30de21658bc0 Mon Sep 17 00:00:00 2001 From: Bruno Pagani Date: Sat, 21 May 2022 13:44:47 +0000 Subject: [PATCH 11/11] Harden systemd service This is a sync with current ArchLinux file. --- README.md | 2 +- README_fr.md | 2 +- conf/systemd.service | 36 +++++++++++++++++++++++++++++------- manifest.json | 2 +- 4 files changed, 32 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index a8bde23..2d5a746 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Kresus is an open-source libre self-hosted personal finance manager. It allows you to safely track your banking history, check your overall balance and know exactly how you are spending money using categories! -**Shipped version:** 0.18.1~ynh2 +**Shipped version:** 0.18.1~ynh3 ## Screenshots diff --git a/README_fr.md b/README_fr.md index 31cd609..d71b229 100644 --- a/README_fr.md +++ b/README_fr.md @@ -17,7 +17,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour Kresus est un gestionnaire de finances personnelles gratuit et libre qui tourne sur votre serveur. Il récupère automatiquement et quotidiennement toutes vos nouvelles transactions bancaires et vous permet de les catégoriser, étudier via des graphiques, et établir un budget. -**Version incluse :** 0.18.1~ynh2 +**Version incluse :** 0.18.1~ynh3 ## Captures d'écran diff --git a/conf/systemd.service b/conf/systemd.service index 6b13e26..c7bc558 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -14,14 +14,36 @@ Restart=always StandardOutput=syslog StandardError=syslog SyslogIdentifier=__APP__ +# /var/log is implied +LogsDirectory=__APP__ + +AmbientCapabilities= +CapabilityBoundingSet= +LockPersonality=true +#Not compatible with NodeJS +#MemoryDenyWriteExecute=true +NoNewPrivileges=true +PrivateDevices=true +PrivateTmp=true +PrivateUsers=true +ProtectClock=true +ProtectControlGroups=true +ProtectHome=true +ProtectHostname=true +ProtectKernelLogs=true +ProtectKernelModules=true +ProtectKernelTunables=true +ProtectProc=invisible +ProtectSystem=strict +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK +RestrictNamespaces=true +RestrictRealtime=true +RestrictSUIDSGID=true +#SecureBits=noroot-locked +SystemCallArchitectures=native +SystemCallFilter=@system-service +SystemCallErrorNumber=EPERM -NoNewPrivileges=yes -PrivateTmp=yes -PrivateDevices=yes -ProtectHome=yes -ProtectSystem=full -ProtectControlGroups=yes -ProtectKernelModules=yes # to allow this systemd service to use sendmail. # references: # https://bugs.archlinux.org/task/57721 diff --git a/manifest.json b/manifest.json index 2cda8d9..e06ddb5 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Personal finance manager", "fr": "Outil personnel de gestion de finances" }, - "version": "0.18.1~ynh2", + "version": "0.18.1~ynh3", "url": "https://framagit.org/kresusapp/kresus", "upstream": { "license": "free",