From 3dcf602d110ba7a7624e54b8e4cab61779cc098e Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Thu, 14 Dec 2017 10:23:17 +0100 Subject: [PATCH 1/8] Complete imagemagick dependency (for gallery plugin) --- scripts/_common.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index 3e7127d..55db0fb 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -3,7 +3,7 @@ # COMMON VARIABLES #================================================= -pkg_dependencies="php5-gd php5-json php5-intl php5-mcrypt php5-curl php5-apcu php5-imagick acl tar smbclient" +pkg_dependencies="php5-gd php5-json php5-intl php5-mcrypt php5-curl php5-apcu php5-imagick imagemagick acl tar smbclient" #================================================= # COMMON HELPERS From 2c92e580141db98962256c99d8d1f89b1478b20f Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Thu, 14 Dec 2017 11:37:40 +0100 Subject: [PATCH 2/8] Extend timeouts (for Gallery plugin at least) --- conf/nginx.conf | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 9cdfa11..3eee860 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -23,7 +23,12 @@ location ^~ __PATH__ { # Set max upload size client_max_body_size 10G; fastcgi_buffers 64 4K; - + + # Extend timeouts + client_body_timeout 60m; + proxy_read_timeout 60m; + fastcgi_read_timeout 60m; + # Disable gzip to avoid the removal of the ETag header gzip off; From 57c8122f4a441aba5aab6f041157399904d1de9e Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Thu, 14 Dec 2017 11:38:41 +0100 Subject: [PATCH 3/8] Enable Redis use for file locking https://docs.nextcloud.com/server/12.0/admin_manual/configuration_server/caching_configuration.html#small-organization-single-server-setup --- conf/config.json | 84 +++++++++++++++++++++++++--------------------- scripts/_common.sh | 2 +- 2 files changed, 47 insertions(+), 39 deletions(-) diff --git a/conf/config.json b/conf/config.json index 4f019e2..3de9379 100644 --- a/conf/config.json +++ b/conf/config.json @@ -1,38 +1,46 @@ -{ - "system": { - "datadirectory": "#DATADIR#", - "trusted_domains": [ - "localhost", - "#DOMAIN#" - ], - "updatechecker": false, - "memcache.local": "\\OC\\Memcache\\APCu", - "integrity.check.disabled": true - }, - "apps": { - "user_ldap": { - "ldap_base": "dc=yunohost,dc=org", - "ldap_base_groups": "ou=groups,dc=yunohost,dc=org", - "ldap_base_users": "ou=users,dc=yunohost,dc=org", - "ldap_cache_ttl": "600", - "ldap_configuration_active": "1", - "ldap_display_name": "displayname", - "ldap_email_attr": "mail", - "ldap_expert_username_attr": "uid", - "ldap_group_display_name": "cn", - "ldap_group_filter": "objectClass=posixGroup", - "ldap_group_filter_mode": "0", - "ldap_groupfilter_objectclass": "posixGroup", - "ldap_host": "localhost", - "ldap_login_filter": "(&(|(objectclass=posixAccount))(uid=%uid))", - "ldap_login_filter_mode": "0", - "ldap_port": "389", - "ldap_quota_attr": "userquota", - "ldap_tls": "0", - "ldap_user_display_name": "cn", - "ldap_user_filter_mode": "0", - "ldap_userfilter_objectclass": "posixAccount", - "ldap_userlist_filter": "objectclass=posixAccount" - } - } -} +{ + "system": { + "datadirectory": "#DATADIR#", + "trusted_domains": [ + "localhost", + "#DOMAIN#" + ], + "updatechecker": false, + "memcache.local": "\\OC\\Memcache\\APCu", + "integrity.check.disabled": true, + "filelocking.enabled": true, + "memcache.locking": "\\OC\\Memcache\\Redis", + "redis": { + "host": "localhost", + "port": "6379", + "timeout": "0.0", + "password": "" + } + }, + "apps": { + "user_ldap": { + "ldap_base": "dc=yunohost,dc=org", + "ldap_base_groups": "ou=groups,dc=yunohost,dc=org", + "ldap_base_users": "ou=users,dc=yunohost,dc=org", + "ldap_cache_ttl": "600", + "ldap_configuration_active": "1", + "ldap_display_name": "displayname", + "ldap_email_attr": "mail", + "ldap_expert_username_attr": "uid", + "ldap_group_display_name": "cn", + "ldap_group_filter": "objectClass=posixGroup", + "ldap_group_filter_mode": "0", + "ldap_groupfilter_objectclass": "posixGroup", + "ldap_host": "localhost", + "ldap_login_filter": "(&(|(objectclass=posixAccount))(uid=%uid))", + "ldap_login_filter_mode": "0", + "ldap_port": "389", + "ldap_quota_attr": "userquota", + "ldap_tls": "0", + "ldap_user_display_name": "cn", + "ldap_user_filter_mode": "0", + "ldap_userfilter_objectclass": "posixAccount", + "ldap_userlist_filter": "objectclass=posixAccount" + } + } +} diff --git a/scripts/_common.sh b/scripts/_common.sh index 55db0fb..4b9828c 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -3,7 +3,7 @@ # COMMON VARIABLES #================================================= -pkg_dependencies="php5-gd php5-json php5-intl php5-mcrypt php5-curl php5-apcu php5-imagick imagemagick acl tar smbclient" +pkg_dependencies="php5-gd php5-json php5-intl php5-mcrypt php5-curl php5-apcu php5-redis php5-imagick imagemagick acl tar smbclient" #================================================= # COMMON HELPERS From 68c2f41da6b33bd8c949e5ba624bedba08c448be Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Fri, 19 Jan 2018 21:45:39 +0100 Subject: [PATCH 4/8] Move patches to the right folder (fixes #83) --- ...patch => app-00-add-logout_url-conf.patch} | 0 ...able-CSPv3-nonce_and_allow-YNH-fonts.patch | 66 +++++++++---------- 2 files changed, 33 insertions(+), 33 deletions(-) rename sources/patches/{00-add-logout_url-conf.patch => app-00-add-logout_url-conf.patch} (100%) rename patches/01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch => sources/patches/app-01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch (97%) diff --git a/sources/patches/00-add-logout_url-conf.patch b/sources/patches/app-00-add-logout_url-conf.patch similarity index 100% rename from sources/patches/00-add-logout_url-conf.patch rename to sources/patches/app-00-add-logout_url-conf.patch diff --git a/patches/01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch b/sources/patches/app-01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch similarity index 97% rename from patches/01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch rename to sources/patches/app-01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch index eba7c0c..f5ced3a 100644 --- a/patches/01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch +++ b/sources/patches/app-01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch @@ -1,33 +1,33 @@ - lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php | 4 ++++ - lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php | 3 ++- - 2 files changed, 6 insertions(+), 1 deletion(-) - -diff --git a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php -index 85ae127f5f..91618a09fc 100644 ---- a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php -+++ b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php -@@ -65,6 +65,10 @@ class ContentSecurityPolicyNonceManager { - * @return bool - */ - public function browserSupportsCspV3() { -+ // YunoHost patch: disable CSPv3 nonces to: -+ // - avoid white page on first login from YunoHost portal -+ // - allow YunoHost tile display -+ return false; - $browserWhitelist = [ - Request::USER_AGENT_CHROME, - // Firefox 45+ -diff --git a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php -index 64d4eb6e5d..59d5885620 100644 ---- a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php -+++ b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php -@@ -377,7 +377,8 @@ class EmptyContentSecurityPolicy { - - if(!empty($this->allowedFontDomains)) { - $policy .= 'font-src ' . implode(' ', $this->allowedFontDomains); -- $policy .= ';'; -+ // YunoHost patch: extend font-src to load data fonts embedded in YunoHost tile script -+ $policy .= ' data:;'; - } - - if(!empty($this->allowedConnectDomains)) { + lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php | 4 ++++ + lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php | 3 ++- + 2 files changed, 6 insertions(+), 1 deletion(-) + +diff --git a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php +index 85ae127f5f..91618a09fc 100644 +--- a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php ++++ b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php +@@ -65,6 +65,10 @@ class ContentSecurityPolicyNonceManager { + * @return bool + */ + public function browserSupportsCspV3() { ++ // YunoHost patch: disable CSPv3 nonces to: ++ // - avoid white page on first login from YunoHost portal ++ // - allow YunoHost tile display ++ return false; + $browserWhitelist = [ + Request::USER_AGENT_CHROME, + // Firefox 45+ +diff --git a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php +index 64d4eb6e5d..59d5885620 100644 +--- a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php ++++ b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php +@@ -377,7 +377,8 @@ class EmptyContentSecurityPolicy { + + if(!empty($this->allowedFontDomains)) { + $policy .= 'font-src ' . implode(' ', $this->allowedFontDomains); +- $policy .= ';'; ++ // YunoHost patch: extend font-src to load data fonts embedded in YunoHost tile script ++ $policy .= ' data:;'; + } + + if(!empty($this->allowedConnectDomains)) { From 23f809d44c8b0e6ba6599547b5117743a2e79e54 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Mon, 22 Jan 2018 19:59:29 +0100 Subject: [PATCH 5/8] Fix duplicate log entry in logrotate --- scripts/upgrade | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/upgrade b/scripts/upgrade index 6692a38..a0ae504 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -334,7 +334,7 @@ they are probably disabled and you'll have to manually enable them again." >&2 #================================================= # Use logrotate to manage app-specific logfile(s) -ynh_use_logrotate +ynh_use_logrotate --non-append #================================================= # GENERIC FINALIZATION From 50defe4165c78b5cf7df508b4fb35abf069a101f Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Wed, 24 Jan 2018 15:57:17 +0100 Subject: [PATCH 6/8] Upgrade to upstream version 12.0.5 --- README.md | 2 +- manifest.json | 2 +- scripts/upgrade.d/upgrade.last.sh | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 26bf399..0f55f72 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ Nextcloud for YunoHost own data. A personal cloud which run on your own server. With Nextcloud you can synchronize your files over your devices. -**Shipped version:** 12.0.4 +**Shipped version:** 12.0.5 [![Install Nextcloud with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=nextcloud) ![](https://github.com/nextcloud/screenshots/blob/master/files/filelist.png) diff --git a/manifest.json b/manifest.json index ba96c7e..aa601ed 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Access & share your files, calendars, contacts, mail & more from any device, on your terms", "fr": "Consultez et partagez vos fichiers, agendas, carnets d'adresses, emails et bien plus depuis les appareils de votre choix, sous vos conditions" }, - "version": "12.0.4-1", + "version": "12.0.5-1", "url": "https://nextcloud.com", "license": "AGPL-3.0", "maintainer": { diff --git a/scripts/upgrade.d/upgrade.last.sh b/scripts/upgrade.d/upgrade.last.sh index 42df94c..92b7b2b 100755 --- a/scripts/upgrade.d/upgrade.last.sh +++ b/scripts/upgrade.d/upgrade.last.sh @@ -1,7 +1,7 @@ #!/bin/bash # Last available nextcloud version -next_version="12.0.4" +next_version="12.0.5" # Nextcloud tarball checksum sha256 -nextcloud_source_sha256="654161a74ceaf9a60c7731d7d6702e6710a972633a97955d16f01abeb09d09b6" \ No newline at end of file +nextcloud_source_sha256="c8be29ace6821079e881818266fe49d28812b5aa0c7d2e76511173d48828ca43" From 009466999dfaa7e7769b046d938035fa4bcb4aad Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Mon, 29 Jan 2018 21:58:35 +0100 Subject: [PATCH 7/8] Fix cron config file rights (fixes #88) --- scripts/install | 2 ++ scripts/upgrade | 2 ++ 2 files changed, 4 insertions(+) diff --git a/scripts/install b/scripts/install index 2eb6baa..ee80e92 100755 --- a/scripts/install +++ b/scripts/install @@ -216,6 +216,8 @@ ynh_store_file_checksum "${final_path}/config/config.php" cron_path="/etc/cron.d/$app" cp -a ../conf/nextcloud.cron "$cron_path" +chown root: "$cron_path" +chmod 644 "$cron_path" ynh_replace_string "#USER#" "$app" "$cron_path" ynh_replace_string "#DESTDIR#" "$final_path" "$cron_path" diff --git a/scripts/upgrade b/scripts/upgrade index a0ae504..a156b9f 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -286,6 +286,8 @@ ynh_store_file_checksum "${final_path}/config/config.php" cron_path="/etc/cron.d/$app" cp -a ../conf/nextcloud.cron "$cron_path" +chown root: "$cron_path" +chmod 644 "$cron_path" ynh_replace_string "#USER#" "$app" "$cron_path" ynh_replace_string "#DESTDIR#" "$final_path" "$cron_path" From 40526739d21d93820a745a9367edaafff0c3ac2c Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Mon, 29 Jan 2018 21:59:28 +0100 Subject: [PATCH 8/8] Don't overwrite all settings during upgrade --- conf/config.json | 5 ----- conf/config_install.json | 9 +++++++++ scripts/install | 18 ++++++++++++------ 3 files changed, 21 insertions(+), 11 deletions(-) create mode 100644 conf/config_install.json diff --git a/conf/config.json b/conf/config.json index 3de9379..2e7aca8 100644 --- a/conf/config.json +++ b/conf/config.json @@ -1,10 +1,5 @@ { "system": { - "datadirectory": "#DATADIR#", - "trusted_domains": [ - "localhost", - "#DOMAIN#" - ], "updatechecker": false, "memcache.local": "\\OC\\Memcache\\APCu", "integrity.check.disabled": true, diff --git a/conf/config_install.json b/conf/config_install.json new file mode 100644 index 0000000..52bff54 --- /dev/null +++ b/conf/config_install.json @@ -0,0 +1,9 @@ +{ + "system": { + "datadirectory": "#DATADIR#", + "trusted_domains": [ + "localhost", + "#DOMAIN#" + ] + } +} diff --git a/scripts/install b/scripts/install index ee80e92..cf22534 100755 --- a/scripts/install +++ b/scripts/install @@ -144,11 +144,6 @@ exec_occ maintenance:install \ # CONFIGURE NEXTCLOUD #================================================= -nc_conf="${final_path}/config.json" -cp ../conf/config.json "$nc_conf" -ynh_replace_string "#DOMAIN#" "$domain" "$nc_conf" -ynh_replace_string "#DATADIR#" "$datadir" "$nc_conf" - # Ensure that UpdateNotification app is disabled exec_occ app:disable updatenotification @@ -156,7 +151,18 @@ exec_occ app:disable updatenotification exec_occ app:enable user_ldap exec_occ ldap:create-empty-config -# Load the config file in nextcloud +# Load the installation config file in nextcloud +nc_conf="${final_path}/config_install.json" +cp ../conf/config_install.json "$nc_conf" +ynh_replace_string "#DOMAIN#" "$domain" "$nc_conf" +ynh_replace_string "#DATADIR#" "$datadir" "$nc_conf" +exec_occ config:import "$nc_conf" +# Then remove it +rm -f "$nc_conf" + +# Load the additional config file (used also for upgrade) +nc_conf="${final_path}/config_install.json" +cp ../conf/config.json "$nc_conf" exec_occ config:import "$nc_conf" # Then remove it rm -f "$nc_conf"