diff --git a/README.md b/README.md index bfc108e..9401665 100644 --- a/README.md +++ b/README.md @@ -32,7 +32,7 @@ Navidrome indexes all digital music stored in your hard drive and makes it avail - Transcoding on the fly. Can be set per user/player. Opus encoding is supported -**Shipped version:** 0.47.5~ynh3 +**Shipped version:** 0.48.0~ynh1 **Demo:** https://demo.navidrome.org/app/#/login diff --git a/README_fr.md b/README_fr.md index 794b19d..9b515ac 100644 --- a/README_fr.md +++ b/README_fr.md @@ -31,7 +31,7 @@ Navidrome indexe toute la musique numérique stockée sur votre disque dur et la - Compatible avec tous les clients subsonique/madsononique/aironique - Encodage à la volée. Peut être défini par utilisateur/lecteur. Le codage opus est pris en charge -**Version incluse :** 0.47.5~ynh3 +**Version incluse :** 0.48.0~ynh1 **Démo :** https://demo.navidrome.org/app/#/login diff --git a/conf/amd64.src b/conf/amd64.src index 13dc6b2..87c2450 100644 --- a/conf/amd64.src +++ b/conf/amd64.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/deluan/navidrome/releases/download/v0.47.5/navidrome_0.47.5_Linux_x86_64.tar.gz -SOURCE_SUM=0244a3b659f9dc70dd21c4209c0f168f4d744579ce94eb059b6c1f5606efc2d7 +SOURCE_URL=https://github.com/deluan/navidrome/releases/download/v0.48.0/navidrome_0.48.0_Linux_x86_64.tar.gz +SOURCE_SUM=e8d98fb6ce73ac0878ec404b430f2a5b1589515a569072089a4cf6b419bc5f90 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=false diff --git a/conf/arm64.src b/conf/arm64.src index c0685e1..45607ef 100644 --- a/conf/arm64.src +++ b/conf/arm64.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/deluan/navidrome/releases/download/v0.47.5/navidrome_0.47.5_Linux_arm64.tar.gz -SOURCE_SUM=f95051895db329ae8fc1a9968ff8e61388aea288400faa1e1a79458b8ff4d473 +SOURCE_URL=https://github.com/deluan/navidrome/releases/download/v0.48.0/navidrome_0.48.0_Linux_arm64.tar.gz +SOURCE_SUM=f2bbb57d453ce6b06b84bccf57189a6e3258d943d552dfcf58e32720fb4e90ea SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=false diff --git a/conf/armhf.src b/conf/armhf.src index beca70a..dd41823 100644 --- a/conf/armhf.src +++ b/conf/armhf.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/deluan/navidrome/releases/download/v0.47.5/navidrome_0.47.5_Linux_armv7.tar.gz -SOURCE_SUM=81663cd2e7a571e9db798f45161bdde8c681fa60e0e30e454dcee403010d0632 +SOURCE_URL=https://github.com/deluan/navidrome/releases/download/v0.48.0/navidrome_0.48.0_Linux_armv7.tar.gz +SOURCE_SUM=cf078d3e7064597a128e9d82ae92e3055844bbdd63d264603cd54d53414b9919 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=false diff --git a/conf/navidrome.toml b/conf/navidrome.toml index ffa96a1..cf87b68 100644 --- a/conf/navidrome.toml +++ b/conf/navidrome.toml @@ -93,3 +93,6 @@ EnableUserEditing = "true" # Enable Navidrome to connect to any external service EnableExternalServices = "true" + +# Set the language by default +DefaultLanguage="__LANGUAGE__" diff --git a/conf/systemd.service b/conf/systemd.service index 7075e05..2a18a96 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -14,10 +14,13 @@ KillMode=process Restart=on-failure ReadWritePaths=__CONFIG_PATH__ -# See https://www.freedesktop.org/software/systemd/man/systemd.exec.html +# Sandboxing options to harden security +# Depending on specificities of your service/app, you may need to tweak these +# .. but this should be a good baseline +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html NoNewPrivileges=yes PrivateTmp=yes -PrivateUsers=yes +PrivateDevices=yes RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 RestrictNamespaces=yes RestrictRealtime=yes @@ -26,11 +29,20 @@ ProtectSystem=full ProtectControlGroups=yes ProtectKernelModules=yes ProtectKernelTunables=yes -SystemCallFilter=~@clock @debug @module @mount @obsolete @privileged @reboot @setuid @swap +LockPersonality=yes +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap -# You can comment the following line if you don't have any media in /home/*. -# This will prevent navidrome from ever reading/writing anything there. -#ProtectHome=true +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG [Install] WantedBy=multi-user.target diff --git a/doc/screenshots/ss-desktop-player.png b/doc/screenshots/ss-desktop-player.png index b9ec428..0f94b4a 100644 Binary files a/doc/screenshots/ss-desktop-player.png and b/doc/screenshots/ss-desktop-player.png differ diff --git a/manifest.json b/manifest.json index 6c6b255..c12251a 100644 --- a/manifest.json +++ b/manifest.json @@ -6,21 +6,22 @@ "en": "Modern Music Server and Streamer compatible with Subsonic/Airsonic", "fr": "Serveur de musique moderne et Streamer compatibles avec Subsonic/Airsonic" }, - "version": "0.47.5~ynh3", + "version": "0.48.0~ynh1", "url": "https://www.navidrome.org", "upstream": { "license": "GPL-3.0-only", "website": "https://www.navidrome.org", "demo": "https://demo.navidrome.org/app/#/login", "admindoc": "https://www.navidrome.org/docs", - "code": "https://github.com/deluan/navidrome" + "code": "https://github.com/deluan/navidrome", + "cpe": "cpe:2.3:a:navidrome:navidrome" }, "license": "GPL-3.0-only", "maintainer": { "name": "eric_G" }, "requirements": { - "yunohost": ">= 4.3.0" + "yunohost": ">= 11.0.9" }, "multi_instance": false, "services": [ @@ -46,7 +47,17 @@ "fr": "Vous devez activer site public si vous souhaitez connecter un lecteur client à Navidrome. Vous pourrez changer ceci plus tard via la webadmin." }, "default": true + }, + { + "name": "language", + "type": "string", + "ask": { + "en": "Choose the application language", + "fr": "Choisissez la langue de l'application" + }, + "choices": ["fr", "en"], + "default": "fr" } ] } -} +} \ No newline at end of file diff --git a/scripts/change_url b/scripts/change_url index 2c083c3..f791588 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -29,6 +29,7 @@ ynh_script_progression --message="Loading installation settings..." --weight=1 # Needed for helper "ynh_add_nginx_config" final_path=$(ynh_app_setting_get --app=$app --key=final_path) port=$(ynh_app_setting_get --app=$app --key=port) +language=$(ynh_app_setting_get --app=$app --key=language) enable_downloads=$(ynh_app_setting_get --app=$app --key=enable_downloads) scanner_extractor=$(ynh_app_setting_get --app=$app --key=scanner_extractor) diff --git a/scripts/install b/scripts/install index 166ebe9..e50eefd 100644 --- a/scripts/install +++ b/scripts/install @@ -26,6 +26,7 @@ ynh_abort_if_errors domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH is_public=$YNH_APP_ARG_IS_PUBLIC +language=$YNH_APP_ARG_LANGUAGE app=$YNH_APP_INSTANCE_NAME @@ -53,6 +54,7 @@ ynh_script_progression --message="Storing installation settings..." --weight=2 ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url +ynh_app_setting_set --app=$app --key=language --value=$language ynh_app_setting_set --app=$app --key=enable_downloads --value=$enable_downloads ynh_app_setting_set --app=$app --key=scanner_extractor --value=$scanner_extractor ynh_app_setting_set --app=$app --key=enable_animation --value=$enable_animation @@ -121,6 +123,8 @@ ynh_multimedia_build_main_dir ynh_script_progression --message="Adding a configuration file..." --weight=1 config_path="/var/lib/$app" +ynh_app_setting_set --app=$app --key=config_path --value=$config_path + mkdir -p "$config_path" # Main config File diff --git a/scripts/upgrade b/scripts/upgrade index 6bdc026..24282f4 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -18,6 +18,7 @@ app=$YNH_APP_INSTANCE_NAME domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_app_setting_get --app=$app --key=path) +language=$(ynh_app_setting_get --app=$app --key=language) final_path=$(ynh_app_setting_get --app=$app --key=final_path) port=$(ynh_app_setting_get --app=$app --key=port) @@ -30,7 +31,6 @@ welcome_message=$(ynh_app_setting_get --app=$app --key=welcome_message) #================================================= # CHECK VERSION #================================================= -ynh_script_progression --message="Checking version..." upgrade_type=$(ynh_check_app_version_changed) @@ -70,6 +70,11 @@ if ynh_legacy_permissions_exists; then ynh_app_setting_delete --app=$app --key=is_public fi +if [ -z "$language" ]; then + language="en" + ynh_app_setting_set --app=$app --key=language --value=$language +fi + if [ -z "$enable_animation" ]; then enable_animation="true" ynh_app_setting_set --app=$app --key=enable_animation --value=$enable_animation @@ -140,15 +145,15 @@ ynh_add_nginx_config #================================================= # UPDATE A CONFIG FILE #================================================= -ynh_script_progression --message="Updating a configuration file..." +# ynh_script_progression --message="Updating a configuration file..." config_path="/var/lib/$app" -# Uncomment when there is new options added upstream -ynh_add_config --template="../conf/navidrome.toml" --destination="$config_path/navidrome.toml" +# # Uncomment when there is new options added upstream +# ynh_add_config --template="../conf/navidrome.toml" --destination="$config_path/navidrome.toml" -chmod 600 "$config_path/navidrome.toml" -chown -R $app:$app "$config_path" +# chmod 600 "$config_path/navidrome.toml" +# chown -R $app:$app "$config_path" #================================================= # SETUP SYSTEMD