YunoHost-Apps/nextcloud_ynh
1
0
Fork 0
mirror of https://github.com/YunoHost-Apps/nextcloud_ynh.git synced 2024-09-03 19:55:57 +02:00
Code Issues Activity Actions

Merge pull request #152 from YunoHost-Apps/testing

Browse source 
Testing
This commit is contained in:
JimboJoe 2019-02-20 21:13:52 +01:00 committed by GitHub
commit a937450910
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
12 changed files with 187 additions and 63 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
README.md
View file

@ -5,10 +5,10 @@ Nextcloud for YunoHost
own data. A personal cloud which run on your own server. With Nextcloud own data. A personal cloud which run on your own server. With Nextcloud
you can synchronize your files over your devices. you can synchronize your files over your devices.
**Shipped version:** 13.0.6 **Shipped version:** 15.0.4
[![Install Nextcloud with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=nextcloud) [![Install Nextcloud with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=nextcloud)
![](https://github.com/nextcloud/screenshots/blob/master/files/filelist.png) ![](https://raw.githubusercontent.com/nextcloud/screenshots/master/files/Files%20Overview.png)
## Features ## Features

29
conf/nginx.conf
View file

@ -13,12 +13,13 @@ location ^~ __PATH__ {
} }
# Add headers to serve security related headers # Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000;"; more_set_headers "Strict-Transport-Security: max-age=15768000";
add_header X-Content-Type-Options nosniff; more_set_headers "X-Content-Type-Options: nosniff";
add_header X-XSS-Protection "1; mode=block"; more_set_headers "X-XSS-Protection: 1; mode=block";
add_header X-Robots-Tag none; more_set_headers "X-Robots-Tag: none";
add_header X-Download-Options noopen; more_set_headers "X-Download-Options: noopen";
add_header X-Permitted-Cross-Domain-Policies none; more_set_headers "X-Permitted-Cross-Domain-Policies: none";
more_set_headers "Referrer-Policy: no-referrer";
# Set max upload size # Set max upload size
client_max_body_size 10G; client_max_body_size 10G;
@ -77,14 +78,16 @@ location ^~ __PATH__ {
# Adding the cache control header for js and css files # Adding the cache control header for js and css files
location ~* \.(?:css|js)$ { location ~* \.(?:css|js)$ {
add_header Cache-Control "public, max-age=7200"; more_set_headers "Cache-Control: public, max-age=7200";
# Add headers to serve security related headers # Add headers to serve security related headers
add_header Strict-Transport-Security "max-age=15768000;"; more_set_headers "Strict-Transport-Security: max-age=15768000";
add_header X-Content-Type-Options nosniff; more_set_headers "X-Content-Type-Options: nosniff";
add_header X-XSS-Protection "1; mode=block"; more_set_headers "X-XSS-Protection: 1; mode=block";
add_header X-Robots-Tag none; more_set_headers "X-Robots-Tag: none";
add_header X-Download-Options noopen; more_set_headers "X-Download-Options: noopen";
add_header X-Permitted-Cross-Domain-Policies none; more_set_headers "X-Permitted-Cross-Domain-Policies: none";
more_set_headers "Referrer-Policy: no-referrer";
# Optional: Don't log access to assets # Optional: Don't log access to assets
access_log off; access_log off;
} }

6
manifest.json
View file

@ -6,12 +6,12 @@
"en": "Access & share your files, calendars, contacts, mail & more from any device, on your terms", "en": "Access & share your files, calendars, contacts, mail & more from any device, on your terms",
"fr": "Consultez et partagez vos fichiers, agendas, carnets d'adresses, emails et bien plus depuis les appareils de votre choix, sous vos conditions" "fr": "Consultez et partagez vos fichiers, agendas, carnets d'adresses, emails et bien plus depuis les appareils de votre choix, sous vos conditions"
}, },
"version": "13.0.6~ynh1", "version": "15.0.4~ynh1",
"url": "https://nextcloud.com", "url": "https://nextcloud.com",
"license": "AGPL-3.0", "license": "AGPL-3.0",
"maintainer": { "maintainer": {
"name": "-", "name": "YunoHost Contributors",
"email": "-" "email": "apps@yunohost.org"
}, },
"requirements": { "requirements": {
"yunohost": ">= 2.7.2" "yunohost": ">= 2.7.2"

28
scripts/_common.sh
View file

@ -3,7 +3,7 @@
# COMMON VARIABLES # COMMON VARIABLES
#================================================= #=================================================
pkg_dependencies="php5-gd php5-json php5-intl php5-mcrypt php5-curl php5-apcu php5-redis php5-ldap php5-imagick imagemagick acl tar smbclient" pkg_dependencies="php5-gd php5-json php5-intl php5-mcrypt php5-curl php5-apcu php5-redis php5-ldap php5-imagick imagemagick acl tar smbclient at"
if [ "$(lsb_release --codename --short)" != "jessie" ]; then if [ "$(lsb_release --codename --short)" != "jessie" ]; then
pkg_dependencies="$pkg_dependencies php-zip php-apcu php-mbstring php-xml" pkg_dependencies="$pkg_dependencies php-zip php-apcu php-mbstring php-xml"
@ -356,3 +356,29 @@ ynh_multimedia_addaccess () {
groupadd -f multimedia groupadd -f multimedia
usermod -a -G multimedia $user_name usermod -a -G multimedia $user_name
} }
ynh_smart_mktemp () {
local min_size="${1:-300}"
# Transform the minimum size from megabytes to kilobytes
min_size=$(( $min_size * 1024 ))
# Check if there's enough free space in a directory
is_there_enough_space () {
local free_space=$(df --output=avail "$1" | sed 1d)
test $free_space -ge $min_size
}
if is_there_enough_space /tmp; then
local tmpdir=/tmp
elif is_there_enough_space /var; then
local tmpdir=/var
elif is_there_enough_space /; then
local tmpdir=/
elif is_there_enough_space /home; then
local tmpdir=/home
else
ynh_die "Insufficient free space to continue..."
fi
echo "$(sudo mktemp --directory --tmpdir="$tmpdir")"
}

7
scripts/install
View file

@ -79,6 +79,8 @@ ynh_replace_string "__VERSION__" "$next_version" "../conf/app.src"
ynh_replace_string "__SHA256_SUM__" "$nextcloud_source_sha256" "../conf/app.src" ynh_replace_string "__SHA256_SUM__" "$nextcloud_source_sha256" "../conf/app.src"
ynh_app_setting_set $app final_path $final_path ynh_app_setting_set $app final_path $final_path
# Enable YunoHost patches on Nextcloud sources
cp -a ../sources/patches_last_version/* ../sources/patches
# Download, check integrity, uncompress and patch the source from app.src # Download, check integrity, uncompress and patch the source from app.src
ynh_setup_source "$final_path" ynh_setup_source "$final_path"
@ -234,6 +236,11 @@ ynh_replace_string "#DESTDIR#" "$final_path" "$cron_path"
exec_occ background:cron exec_occ background:cron
#=================================================
# POST-INSTALL MAINTENANCE
#=================================================
(cd /tmp ; at now + 10 minutes <<< "(cd $final_path ; sudo -u $app php occ db:add-missing-indices ; sudo -u $app php occ db:convert-filecache-bigint -n) > /tmp/${app}_maintenance.log")
#================================================= #=================================================
# CONFIGURE THE HOOK FILE FOR USER CREATE # CONFIGURE THE HOOK FILE FOR USER CREATE
#================================================= #=================================================

5
scripts/upgrade
View file

@ -176,6 +176,8 @@ do
# then it's the last upgrade to do # then it's the last upgrade to do
if [ "$major_version" -eq "$current_major_version" ]; then if [ "$major_version" -eq "$current_major_version" ]; then
current_major_version=last current_major_version=last
# Execute the commands dedicated to the last upgrade
last_upgrade_operations
fi fi
# Load the value for this version # Load the value for this version
@ -189,7 +191,7 @@ do
ynh_replace_string "__SHA256_SUM__" "$nextcloud_source_sha256" "../conf/app.src" ynh_replace_string "__SHA256_SUM__" "$nextcloud_source_sha256" "../conf/app.src"
# Create a temporary directory # Create a temporary directory
tmpdir=$(mktemp -d) tmpdir="$(ynh_smart_mktemp 300)"
# Install the next nextcloud version in $tmpdir # Install the next nextcloud version in $tmpdir
ynh_setup_source "$tmpdir" ynh_setup_source "$tmpdir"
@ -208,6 +210,7 @@ do
# Replace the old nextcloud by the new one # Replace the old nextcloud by the new one
ynh_secure_remove "$final_path" ynh_secure_remove "$final_path"
mv "$tmpdir" "$final_path" mv "$tmpdir" "$final_path"
ynh_secure_remove "$tmpdir"
# Set write access for the following commands # Set write access for the following commands
chown -R $app: "$final_path" "$datadir" chown -R $app: "$final_path" "$datadir"

7
scripts/upgrade.d/upgrade.13.sh Normal file
View file

@ -0,0 +1,7 @@
#!/bin/bash
# Last available nextcloud version
next_version="14.0.0"
# Nextcloud tarball checksum sha256
nextcloud_source_sha256="f965c14286e7aabbfe49c947d86af59597af302c35d10e0b5440e7e6c53b8f47"

7
scripts/upgrade.d/upgrade.14.sh Executable file
View file

@ -0,0 +1,7 @@
#!/bin/bash
# Last available nextcloud version
next_version="15.0.0"
# Nextcloud tarball checksum sha256
nextcloud_source_sha256="5bb0c58171353da844019b64080c21078002a59ab956ab72adb958844a98eb78"

10
scripts/upgrade.d/upgrade.last.sh
View file

@ -1,10 +1,16 @@
#!/bin/bash #!/bin/bash
# Last available nextcloud version # Last available nextcloud version
next_version="13.0.6" next_version="15.0.4"
# Nextcloud tarball checksum sha256 # Nextcloud tarball checksum sha256
nextcloud_source_sha256="90fc9e960b6a477bb14ee87042b3d158bde95c3f0157677cb4547ca7649968d4" nextcloud_source_sha256="f87db047c174f563e391a22c959d9ace767ca14ef0f97fc394f3061fc63d8f77"
# This function will only be executed upon applying the last upgrade referenced above
last_upgrade_operations () {
# Patch nextcloud files only for the last version # Patch nextcloud files only for the last version
cp -a ../sources/patches_last_version/* ../sources/patches cp -a ../sources/patches_last_version/* ../sources/patches
# Execute post-upgrade operations later on
(cd /tmp ; at now + 10 minutes <<< "(cd $final_path ; sudo -u $app php occ db:add-missing-indices ; sudo -u $app php occ db:convert-filecache-bigint -n) > /tmp/${app}_maintenance.log")
}

52
sources/patches_last_version/app-00-add-logout_url-conf.patch
View file

@ -1,6 +1,32 @@
core/Controller/LoginController.php | 25 ++++++++++++++-----------
1 file changed, 14 insertions(+), 11 deletions(-)
diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php
index 182d2bc106..82523e306e 100644
--- a/core/Controller/LoginController.php --- a/core/Controller/LoginController.php
+++ b/core/Controller/LoginController.php +++ b/core/Controller/LoginController.php
@@ -119,7 +119,10 @@ @@ -95,13 +95,13 @@ class LoginController extends Controller {
* @param Throttler $throttler
*/
public function __construct($appName,
- IRequest $request,
- IUserManager $userManager,
- IConfig $config,
- ISession $session,
- IUserSession $userSession,
- IURLGenerator $urlGenerator,
- ILogger $logger,
+ IRequest $request,
+ IUserManager $userManager,
+ IConfig $config,
+ ISession $session,
+ IUserSession $userSession,
+ IURLGenerator $urlGenerator,
+ ILogger $logger,
Manager $twoFactorManager,
Defaults $defaults,
Throttler $throttler) {
@@ -130,7 +130,10 @@ class LoginController extends Controller {
} }
$this->userSession->logout(); $this->userSession->logout();
@ -9,6 +35,28 @@
+ $this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm') + $this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm')
+ ); + );
+ $response = new RedirectResponse($redirectUrl); + $response = new RedirectResponse($redirectUrl);
$response->addHeader('Clear-Site-Data', '"cache", "cookies", "storage", "executionContexts"'); $response->addHeader('Clear-Site-Data', '"cache", "storage", "executionContexts"');
return $response; return $response;
} }
@@ -303,10 +306,10 @@ class LoginController extends Controller {
$previousUser = $user;
$user = $users[0]->getUID();
if($user !== $previousUser) {
- $loginResult = $this->userManager->checkPassword($user, $password);
- }
+ $loginResult = $this->userManager->checkPassword($user, $password);
}
}
+ }
if ($loginResult === false) {
$this->logger->warning('Login failed: \''. $user .
@@ -314,7 +317,7 @@ class LoginController extends Controller {
['app' => 'core']);
return $this->createLoginFailedResponse($user, $originalUser,
$redirect_url, self::LOGIN_MSG_INVALIDPASSWORD);
- }
+ }
// TODO: remove password checks from above and let the user session handle failures
// requires https://github.com/owncloud/core/pull/24616

12
sources/patches_last_version/app-01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch
View file

@ -1,15 +1,15 @@
lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php | 4 ++++ .../Security/CSP/ContentSecurityPolicyNonceManager.php | 4 ++++
lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php | 3 ++- lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php | 3 ++-
2 files changed, 6 insertions(+), 1 deletion(-) 2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php diff --git a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
index 85ae127f5f..91618a09fc 100644 index 795d8cc864..5f3c961445 100644
--- a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php --- a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
+++ b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php +++ b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
@@ -65,6 +65,10 @@ class ContentSecurityPolicyNonceManager { @@ -70,6 +70,10 @@ class ContentSecurityPolicyNonceManager {
* @return bool * @return bool
*/ */
public function browserSupportsCspV3() { public function browserSupportsCspV3(): bool {
+ // YunoHost patch: disable CSPv3 nonces to: + // YunoHost patch: disable CSPv3 nonces to:
+ // - avoid white page on first login from YunoHost portal + // - avoid white page on first login from YunoHost portal
+ // - allow YunoHost tile display + // - allow YunoHost tile display
@ -18,10 +18,10 @@ index 85ae127f5f..91618a09fc 100644
Request::USER_AGENT_CHROME, Request::USER_AGENT_CHROME,
// Firefox 45+ // Firefox 45+
diff --git a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php diff --git a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
index 64d4eb6e5d..59d5885620 100644 index 3fcef1d0ef..7ce01a68fc 100644
--- a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php --- a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
+++ b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php +++ b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
@@ -377,7 +377,8 @@ class EmptyContentSecurityPolicy { @@ -449,7 +449,8 @@ class EmptyContentSecurityPolicy {
if(!empty($this->allowedFontDomains)) { if(!empty($this->allowedFontDomains)) {
$policy .= 'font-src ' . implode(' ', $this->allowedFontDomains); $policy .= 'font-src ' . implode(' ', $this->allowedFontDomains);

17
sources/patches_last_version/app-02-Allow-for-eval-in-JS-scripts-for-YunoHost-tile.patch Normal file
View file

@ -0,0 +1,17 @@
lib/public/AppFramework/Http/ContentSecurityPolicy.php | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/lib/public/AppFramework/Http/ContentSecurityPolicy.php b/lib/public/AppFramework/Http/ContentSecurityPolicy.php
index e9ecf00036..8e69c8d2dc 100644
--- a/lib/public/AppFramework/Http/ContentSecurityPolicy.php
+++ b/lib/public/AppFramework/Http/ContentSecurityPolicy.php
@@ -44,7 +44,8 @@ class ContentSecurityPolicy extends EmptyContentSecurityPolicy {
/** @var bool Whether inline JS snippets are allowed */
protected $inlineScriptAllowed = false;
/** @var bool Whether eval in JS scripts is allowed */
- protected $evalScriptAllowed = false;
+ // YunoHost patch: allow for eval in JS scripts for YunoHost tile
+ protected $evalScriptAllowed = true;
/** @var array Domains from which scripts can get loaded */
protected $allowedScriptDomains = [
'\'self\'',