From b6ad904337ac5e3af65c9e41c8daa02e361848e2 Mon Sep 17 00:00:00 2001 From: Navan Chauhan Date: Tue, 27 Dec 2022 17:41:25 -0500 Subject: [PATCH] Revert "Fixes" --- README.md | 3 ++- README_fr.md | 3 ++- conf/amd64.src | 4 ++-- conf/app.src | 4 ++-- conf/config.toml | 4 ++-- conf/systemd.service | 34 ---------------------------------- manifest.json | 10 +++++++++- scripts/install | 8 ++++---- scripts/upgrade | 29 +++++++++-------------------- 9 files changed, 32 insertions(+), 67 deletions(-) diff --git a/README.md b/README.md index b082b20..90785e8 100644 --- a/README.md +++ b/README.md @@ -18,7 +18,8 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Listmonk is a standalone, self-hosted, newsletter and mailing list manager. It is fast, feature-rich, and packed into a single binary. It uses a PostgreSQL (⩾ v9.4) database as its data store. -**Shipped version:** 2.3.0~ynh2 +**Shipped version:** 2.2.0~ynh1 + **Demo:** https://demo.listmonk.app/ diff --git a/README_fr.md b/README_fr.md index f4f2b34..bc2eb8b 100644 --- a/README_fr.md +++ b/README_fr.md @@ -18,7 +18,8 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour Listmonk is a standalone, self-hosted, newsletter and mailing list manager. It is fast, feature-rich, and packed into a single binary. It uses a PostgreSQL (⩾ v9.4) database as its data store. -**Version incluse :** 2.3.0~ynh2 +**Version incluse :** 2.2.0~ynh1 + **Démo :** https://demo.listmonk.app/ diff --git a/conf/amd64.src b/conf/amd64.src index ae67069..13d7501 100644 --- a/conf/amd64.src +++ b/conf/amd64.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/knadh/listmonk/releases/download/v2.3.0/listmonk_2.3.0_linux_amd64.tar.gz -SOURCE_SUM=4ad9ff7a04e13c9f8609c705e4850046ae8a3c9a03b0c4ac04e3c1d1c8fe8b7a +SOURCE_URL=https://github.com/knadh/listmonk/releases/download/v2.2.0/listmonk_2.2.0_linux_amd64.tar.gz +SOURCE_SUM=c2bdccd073d768d2b8dfbfad6469c5b41cf39b44a20c263cbaebf15876463709 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=false diff --git a/conf/app.src b/conf/app.src index 0d741d0..af92853 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/knadh/listmonk/archive/refs/tags/v2.3.0.tar.gz -SOURCE_SUM=54cab80ca16dbf58ce40b7fc1ae88a9f8ed4c9d9a54387a77b1a90cb4dba3404 +SOURCE_URL=https://github.com/knadh/listmonk/archive/refs/tags/v2.2.0.tar.gz +SOURCE_SUM=e3f1cc89972cafaab78cda38be54ab3fc115fd7846e2e7dae1b19fff002e1c77 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/conf/config.toml b/conf/config.toml index 5ca5112..566e417 100644 --- a/conf/config.toml +++ b/conf/config.toml @@ -9,8 +9,8 @@ address = "127.0.0.1:__PORT__" # be replaced with a better multi-user, role-based authentication system. # IMPORTANT: Leave both values empty to disable authentication on admin # only where an external authentication is already setup. -admin_username = "" -admin_password = "" +admin_username = "__ADMIN__" +admin_password = "__PASSWORD__" # Database. [db] diff --git a/conf/systemd.service b/conf/systemd.service index ad31981..a5fcd31 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -1,48 +1,14 @@ [Unit] Description=Listmonk: newsletter and mailing list manager Documentation=https://listmonk.app/docs/ -ConditionPathExists=__FINALPATH__/config.toml -After=network.target [Service] Type=simple User=__APP__ Group=__APP__ WorkingDirectory=__FINALPATH__/ -ExecStartPre=/usr/bin/mkdir -p "__FINALPATH__/uploads" -ExecStartPre=__FINALPATH__/listmonk --config __FINALPATH__/config.toml --upgrade --yes ExecStart=__FINALPATH__/listmonk Restart=always -# Sandboxing options to harden security -# Depending on specificities of your service/app, you may need to tweak these -# .. but this should be a good baseline -# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html -NoNewPrivileges=yes -PrivateTmp=yes -PrivateDevices=yes -RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 -RestrictNamespaces=yes -RestrictRealtime=yes -DevicePolicy=closed -ProtectSystem=full -ProtectControlGroups=yes -ProtectKernelModules=yes -ProtectKernelTunables=yes -LockPersonality=yes -SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap - -# Denying access to capabilities that should not be relevant for webapps -# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html -CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD -CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE -CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT -CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK -CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM -CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG -CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE -CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW -CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG - [Install] WantedBy=multi-user.target diff --git a/manifest.json b/manifest.json index b976221..9541a8d 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Newsletter and mailing list manager", "fr": "Manager de newsletter et mailing list" }, - "version": "2.3.0~ynh2", + "version": "2.2.0~ynh1", "url": "https://listmonk.app/", "upstream": { "license": "AGPL-3.0-only", @@ -38,6 +38,14 @@ "name": "is_public", "type": "boolean", "default": true + }, + { + "name": "admin", + "type": "user" + }, + { + "name": "password", + "type": "password" } ] } diff --git a/scripts/install b/scripts/install index 81d5a7b..28325fa 100755 --- a/scripts/install +++ b/scripts/install @@ -28,8 +28,8 @@ ynh_abort_if_errors domain=$YNH_APP_ARG_DOMAIN path_url="/" is_public=$YNH_APP_ARG_IS_PUBLIC -admin="" -password="" +admin=$YNH_APP_ARG_ADMIN +password=$YNH_APP_ARG_PASSWORD app=$YNH_APP_INSTANCE_NAME @@ -209,12 +209,12 @@ then fi # Only the admin can access the admin panel of the app (if the app has an admin panel) -ynh_permission_create --permission="admin" --url="/admin" --additional_urls="/admin /api" --allowed=$admin --auth_header=false +ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin --auth_header=false # Everyone can access the API part # We don't want to display the tile in the SSO so we put --show_tile="false" # And we don't want the YunoHost admin to be able to remove visitors group to this permission, so we put --protected="true" -ynh_permission_create --permission="api" --url="/public" --additional_urls="/api/public" --allowed="visitors" --show_tile="false" --protected="true" +ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true" #================================================= # RELOAD NGINX diff --git a/scripts/upgrade b/scripts/upgrade index e031eb6..8f4f7e7 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -70,26 +70,14 @@ fi if ! ynh_permission_exists --permission="admin"; then # Create the required permissions - ynh_permission_create --permission="admin" --url="/admin" --additional_urls="/admin /api" --allowed=$admin --auth_header=false + ynh_permission_create --permission="admin" --url="/admin" --allowed=$admin --auth_header=false fi # Create a permission if needed if ! ynh_permission_exists --permission="api"; then - ynh_permission_create --permission="api" --url="/public" --additional_urls="/api/public" --allowed="visitors" --show_tile="false" --protected="true" + ynh_permission_create --permission="api" --url="/api" --allowed="visitors" --show_tile="false" --protected="true" fi -if ynh_compare_current_package_version --comparison le --version 2.3.0~ynh1 -then - mkdir -p "$final_path/uploads" - - ynh_permission_delete --permission="admin" - ynh_permission_delete --permission="api" - - ynh_permission_create --permission="admin" --url="/admin" --additional_urls="/admin /api" --allowed=$admin --auth_header=false - ynh_permission_create --permission="api" --url="/public" --additional_urls="/api/public" --allowed="visitors" --show_tile="false" --protected="true" -fi - - #================================================= # CREATE DEDICATED USER #================================================= @@ -105,10 +93,11 @@ ynh_system_user_create --username=$app --home_dir="$final_path" if [ "$upgrade_type" == "UPGRADE_APP" ] then ynh_script_progression --message="Upgrading source files..." --weight=5 + # Download, check integrity, uncompress and patch the source from app.src if [ $YNH_ARCH == "armhf" ] || [ $YNH_ARCH == "arm64" ] then - ynh_setup_source --dest_dir="$final_path/build" --keep="$final_path/config.toml uploads" + ynh_setup_source --dest_dir="$final_path/build" --keep="$final_path/config.toml" # Install Nodejs ynh_exec_warn_less ynh_install_nodejs --nodejs_version=$nodejs_version # Install Yarn @@ -128,7 +117,7 @@ then ynh_remove_nodejs ynh_secure_remove --file="$final_path/build" else - ynh_setup_source --dest_dir="$final_path" --source_id=$YNH_ARCH --keep="$final_path/config.toml uploads" + ynh_setup_source --dest_dir="$final_path" --source_id=$YNH_ARCH --keep="$final_path/config.toml" fi fi @@ -155,12 +144,12 @@ ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies #================================================= # UPDATE A CONFIG FILE #================================================= -ynh_script_progression --message="Updating a configuration file..." --time --weight=1 +# ynh_script_progression --message="Updating a configuration file..." --time --weight=1 -ynh_add_config --template="../conf/config.toml" --destination="$final_path/config.toml" +# ynh_add_config --template="../conf/config.toml" --destination="$final_path/config.toml" -chmod 400 "$final_path/config.toml" -chown $app:$app "$final_path/config.toml" +# chmod 400 "$final_path/config.toml" +# chown $app:$app "$final_path/config.toml" #================================================= # DATABASE CONFIGURATION