mirror of
https://github.com/YunoHost-Apps/nextcloud_ynh.git
synced 2024-09-03 19:55:57 +02:00
JimboJoe
GitHub
commit
a937450910
12 changed files with 187 additions and 63 deletions
|
|
@ -5,10 +5,10 @@ Nextcloud for YunoHost
|
|||
own data. A personal cloud which run on your own server. With Nextcloud
|
||||
you can synchronize your files over your devices.
|
||||
|
||||
**Shipped version:** 13.0.6
|
||||
**Shipped version:** 15.0.4
|
||||
|
||||
[](https://install-app.yunohost.org/?app=nextcloud)
|
||||
|
||||
|
||||
|
||||
## Features
|
||||
|
||||
|
|
|
|||
|
|
@ -13,12 +13,13 @@ location ^~ __PATH__ {
|
|||
}
|
||||
|
||||
# Add headers to serve security related headers
|
||||
add_header Strict-Transport-Security "max-age=15768000;";
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
more_set_headers "Strict-Transport-Security: max-age=15768000";
|
||||
more_set_headers "X-Content-Type-Options: nosniff";
|
||||
more_set_headers "X-XSS-Protection: 1; mode=block";
|
||||
more_set_headers "X-Robots-Tag: none";
|
||||
more_set_headers "X-Download-Options: noopen";
|
||||
more_set_headers "X-Permitted-Cross-Domain-Policies: none";
|
||||
more_set_headers "Referrer-Policy: no-referrer";
|
||||
|
||||
# Set max upload size
|
||||
client_max_body_size 10G;
|
||||
|
|
@ -77,14 +78,16 @@ location ^~ __PATH__ {
|
|||
|
||||
# Adding the cache control header for js and css files
|
||||
location ~* \.(?:css|js)$ {
|
||||
add_header Cache-Control "public, max-age=7200";
|
||||
more_set_headers "Cache-Control: public, max-age=7200";
|
||||
# Add headers to serve security related headers
|
||||
add_header Strict-Transport-Security "max-age=15768000;";
|
||||
add_header X-Content-Type-Options nosniff;
|
||||
add_header X-XSS-Protection "1; mode=block";
|
||||
add_header X-Robots-Tag none;
|
||||
add_header X-Download-Options noopen;
|
||||
add_header X-Permitted-Cross-Domain-Policies none;
|
||||
more_set_headers "Strict-Transport-Security: max-age=15768000";
|
||||
more_set_headers "X-Content-Type-Options: nosniff";
|
||||
more_set_headers "X-XSS-Protection: 1; mode=block";
|
||||
more_set_headers "X-Robots-Tag: none";
|
||||
more_set_headers "X-Download-Options: noopen";
|
||||
more_set_headers "X-Permitted-Cross-Domain-Policies: none";
|
||||
more_set_headers "Referrer-Policy: no-referrer";
|
||||
|
||||
# Optional: Don't log access to assets
|
||||
access_log off;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -6,12 +6,12 @@
|
|||
"en": "Access & share your files, calendars, contacts, mail & more from any device, on your terms",
|
||||
"fr": "Consultez et partagez vos fichiers, agendas, carnets d'adresses, emails et bien plus depuis les appareils de votre choix, sous vos conditions"
|
||||
},
|
||||
"version": "13.0.6~ynh1",
|
||||
"version": "15.0.4~ynh1",
|
||||
"url": "https://nextcloud.com",
|
||||
"license": "AGPL-3.0",
|
||||
"maintainer": {
|
||||
"name": "-",
|
||||
"email": "-"
|
||||
"name": "YunoHost Contributors",
|
||||
"email": "apps@yunohost.org"
|
||||
},
|
||||
"requirements": {
|
||||
"yunohost": ">= 2.7.2"
|
||||
|
|
|
|||
|
|
@ -3,7 +3,7 @@
|
|||
# COMMON VARIABLES
|
||||
#=================================================
|
||||
|
||||
pkg_dependencies="php5-gd php5-json php5-intl php5-mcrypt php5-curl php5-apcu php5-redis php5-ldap php5-imagick imagemagick acl tar smbclient"
|
||||
pkg_dependencies="php5-gd php5-json php5-intl php5-mcrypt php5-curl php5-apcu php5-redis php5-ldap php5-imagick imagemagick acl tar smbclient at"
|
||||
|
||||
if [ "$(lsb_release --codename --short)" != "jessie" ]; then
|
||||
pkg_dependencies="$pkg_dependencies php-zip php-apcu php-mbstring php-xml"
|
||||
|
|
@ -356,3 +356,29 @@ ynh_multimedia_addaccess () {
|
|||
groupadd -f multimedia
|
||||
usermod -a -G multimedia $user_name
|
||||
}
|
||||
|
||||
ynh_smart_mktemp () {
|
||||
local min_size="${1:-300}"
|
||||
# Transform the minimum size from megabytes to kilobytes
|
||||
min_size=$(( $min_size * 1024 ))
|
||||
|
||||
# Check if there's enough free space in a directory
|
||||
is_there_enough_space () {
|
||||
local free_space=$(df --output=avail "$1" | sed 1d)
|
||||
test $free_space -ge $min_size
|
||||
}
|
||||
|
||||
if is_there_enough_space /tmp; then
|
||||
local tmpdir=/tmp
|
||||
elif is_there_enough_space /var; then
|
||||
local tmpdir=/var
|
||||
elif is_there_enough_space /; then
|
||||
local tmpdir=/
|
||||
elif is_there_enough_space /home; then
|
||||
local tmpdir=/home
|
||||
else
|
||||
ynh_die "Insufficient free space to continue..."
|
||||
fi
|
||||
|
||||
echo "$(sudo mktemp --directory --tmpdir="$tmpdir")"
|
||||
}
|
||||
|
|
|
|||
|
|
@ -79,6 +79,8 @@ ynh_replace_string "__VERSION__" "$next_version" "../conf/app.src"
|
|||
ynh_replace_string "__SHA256_SUM__" "$nextcloud_source_sha256" "../conf/app.src"
|
||||
|
||||
ynh_app_setting_set $app final_path $final_path
|
||||
# Enable YunoHost patches on Nextcloud sources
|
||||
cp -a ../sources/patches_last_version/* ../sources/patches
|
||||
# Download, check integrity, uncompress and patch the source from app.src
|
||||
ynh_setup_source "$final_path"
|
||||
|
||||
|
|
@ -234,6 +236,11 @@ ynh_replace_string "#DESTDIR#" "$final_path" "$cron_path"
|
|||
|
||||
exec_occ background:cron
|
||||
|
||||
#=================================================
|
||||
# POST-INSTALL MAINTENANCE
|
||||
#=================================================
|
||||
(cd /tmp ; at now + 10 minutes <<< "(cd $final_path ; sudo -u $app php occ db:add-missing-indices ; sudo -u $app php occ db:convert-filecache-bigint -n) > /tmp/${app}_maintenance.log")
|
||||
|
||||
#=================================================
|
||||
# CONFIGURE THE HOOK FILE FOR USER CREATE
|
||||
#=================================================
|
||||
|
|
|
|||
|
|
@ -176,6 +176,8 @@ do
|
|||
# then it's the last upgrade to do
|
||||
if [ "$major_version" -eq "$current_major_version" ]; then
|
||||
current_major_version=last
|
||||
# Execute the commands dedicated to the last upgrade
|
||||
last_upgrade_operations
|
||||
fi
|
||||
|
||||
# Load the value for this version
|
||||
|
|
@ -189,7 +191,7 @@ do
|
|||
ynh_replace_string "__SHA256_SUM__" "$nextcloud_source_sha256" "../conf/app.src"
|
||||
|
||||
# Create a temporary directory
|
||||
tmpdir=$(mktemp -d)
|
||||
tmpdir="$(ynh_smart_mktemp 300)"
|
||||
|
||||
# Install the next nextcloud version in $tmpdir
|
||||
ynh_setup_source "$tmpdir"
|
||||
|
|
@ -208,6 +210,7 @@ do
|
|||
# Replace the old nextcloud by the new one
|
||||
ynh_secure_remove "$final_path"
|
||||
mv "$tmpdir" "$final_path"
|
||||
ynh_secure_remove "$tmpdir"
|
||||
|
||||
# Set write access for the following commands
|
||||
chown -R $app: "$final_path" "$datadir"
|
||||
|
|
|
|||
7
scripts/upgrade.d/upgrade.13.sh
Normal file
7
scripts/upgrade.d/upgrade.13.sh
Normal file
|
|
@ -0,0 +1,7 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Last available nextcloud version
|
||||
next_version="14.0.0"
|
||||
|
||||
# Nextcloud tarball checksum sha256
|
||||
nextcloud_source_sha256="f965c14286e7aabbfe49c947d86af59597af302c35d10e0b5440e7e6c53b8f47"
|
||||
7
scripts/upgrade.d/upgrade.14.sh
Executable file
7
scripts/upgrade.d/upgrade.14.sh
Executable file
|
|
@ -0,0 +1,7 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Last available nextcloud version
|
||||
next_version="15.0.0"
|
||||
|
||||
# Nextcloud tarball checksum sha256
|
||||
nextcloud_source_sha256="5bb0c58171353da844019b64080c21078002a59ab956ab72adb958844a98eb78"
|
||||
|
|
@ -1,10 +1,16 @@
|
|||
#!/bin/bash
|
||||
|
||||
# Last available nextcloud version
|
||||
next_version="13.0.6"
|
||||
next_version="15.0.4"
|
||||
|
||||
# Nextcloud tarball checksum sha256
|
||||
nextcloud_source_sha256="90fc9e960b6a477bb14ee87042b3d158bde95c3f0157677cb4547ca7649968d4"
|
||||
nextcloud_source_sha256="f87db047c174f563e391a22c959d9ace767ca14ef0f97fc394f3061fc63d8f77"
|
||||
|
||||
# This function will only be executed upon applying the last upgrade referenced above
|
||||
last_upgrade_operations () {
|
||||
# Patch nextcloud files only for the last version
|
||||
cp -a ../sources/patches_last_version/* ../sources/patches
|
||||
|
||||
# Execute post-upgrade operations later on
|
||||
(cd /tmp ; at now + 10 minutes <<< "(cd $final_path ; sudo -u $app php occ db:add-missing-indices ; sudo -u $app php occ db:convert-filecache-bigint -n) > /tmp/${app}_maintenance.log")
|
||||
}
|
||||
|
|
|
|||
|
|
@ -1,6 +1,32 @@
|
|||
core/Controller/LoginController.php | 25 ++++++++++++++-----------
|
||||
1 file changed, 14 insertions(+), 11 deletions(-)
|
||||
|
||||
diff --git a/core/Controller/LoginController.php b/core/Controller/LoginController.php
|
||||
index 182d2bc106..82523e306e 100644
|
||||
--- a/core/Controller/LoginController.php
|
||||
+++ b/core/Controller/LoginController.php
|
||||
@@ -119,7 +119,10 @@
|
||||
@@ -95,13 +95,13 @@ class LoginController extends Controller {
|
||||
* @param Throttler $throttler
|
||||
*/
|
||||
public function __construct($appName,
|
||||
- IRequest $request,
|
||||
- IUserManager $userManager,
|
||||
- IConfig $config,
|
||||
- ISession $session,
|
||||
- IUserSession $userSession,
|
||||
- IURLGenerator $urlGenerator,
|
||||
- ILogger $logger,
|
||||
+ IRequest $request,
|
||||
+ IUserManager $userManager,
|
||||
+ IConfig $config,
|
||||
+ ISession $session,
|
||||
+ IUserSession $userSession,
|
||||
+ IURLGenerator $urlGenerator,
|
||||
+ ILogger $logger,
|
||||
Manager $twoFactorManager,
|
||||
Defaults $defaults,
|
||||
Throttler $throttler) {
|
||||
@@ -130,7 +130,10 @@ class LoginController extends Controller {
|
||||
}
|
||||
$this->userSession->logout();
|
||||
|
||||
|
|
@ -9,6 +35,28 @@
|
|||
+ $this->urlGenerator->linkToRouteAbsolute('core.login.showLoginForm')
|
||||
+ );
|
||||
+ $response = new RedirectResponse($redirectUrl);
|
||||
$response->addHeader('Clear-Site-Data', '"cache", "cookies", "storage", "executionContexts"');
|
||||
$response->addHeader('Clear-Site-Data', '"cache", "storage", "executionContexts"');
|
||||
return $response;
|
||||
}
|
||||
@@ -303,10 +306,10 @@ class LoginController extends Controller {
|
||||
$previousUser = $user;
|
||||
$user = $users[0]->getUID();
|
||||
if($user !== $previousUser) {
|
||||
- $loginResult = $this->userManager->checkPassword($user, $password);
|
||||
- }
|
||||
+ $loginResult = $this->userManager->checkPassword($user, $password);
|
||||
}
|
||||
}
|
||||
+ }
|
||||
|
||||
if ($loginResult === false) {
|
||||
$this->logger->warning('Login failed: \''. $user .
|
||||
@@ -314,7 +317,7 @@ class LoginController extends Controller {
|
||||
['app' => 'core']);
|
||||
return $this->createLoginFailedResponse($user, $originalUser,
|
||||
$redirect_url, self::LOGIN_MSG_INVALIDPASSWORD);
|
||||
- }
|
||||
+ }
|
||||
|
||||
// TODO: remove password checks from above and let the user session handle failures
|
||||
// requires https://github.com/owncloud/core/pull/24616
|
||||
|
|
|
|||
|
|
@ -1,15 +1,15 @@
|
|||
lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php | 4 ++++
|
||||
.../Security/CSP/ContentSecurityPolicyNonceManager.php | 4 ++++
|
||||
lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php | 3 ++-
|
||||
2 files changed, 6 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
|
||||
index 85ae127f5f..91618a09fc 100644
|
||||
index 795d8cc864..5f3c961445 100644
|
||||
--- a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
|
||||
+++ b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
|
||||
@@ -65,6 +65,10 @@ class ContentSecurityPolicyNonceManager {
|
||||
@@ -70,6 +70,10 @@ class ContentSecurityPolicyNonceManager {
|
||||
* @return bool
|
||||
*/
|
||||
public function browserSupportsCspV3() {
|
||||
public function browserSupportsCspV3(): bool {
|
||||
+ // YunoHost patch: disable CSPv3 nonces to:
|
||||
+ // - avoid white page on first login from YunoHost portal
|
||||
+ // - allow YunoHost tile display
|
||||
|
|
@ -18,10 +18,10 @@ index 85ae127f5f..91618a09fc 100644
|
|||
Request::USER_AGENT_CHROME,
|
||||
// Firefox 45+
|
||||
diff --git a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
|
||||
index 64d4eb6e5d..59d5885620 100644
|
||||
index 3fcef1d0ef..7ce01a68fc 100644
|
||||
--- a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
|
||||
+++ b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
|
||||
@@ -377,7 +377,8 @@ class EmptyContentSecurityPolicy {
|
||||
@@ -449,7 +449,8 @@ class EmptyContentSecurityPolicy {
|
||||
|
||||
if(!empty($this->allowedFontDomains)) {
|
||||
$policy .= 'font-src ' . implode(' ', $this->allowedFontDomains);
|
||||
|
|
|
|||
|
|
@ -0,0 +1,17 @@
|
|||
lib/public/AppFramework/Http/ContentSecurityPolicy.php | 3 ++-
|
||||
1 file changed, 2 insertions(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/public/AppFramework/Http/ContentSecurityPolicy.php b/lib/public/AppFramework/Http/ContentSecurityPolicy.php
|
||||
index e9ecf00036..8e69c8d2dc 100644
|
||||
--- a/lib/public/AppFramework/Http/ContentSecurityPolicy.php
|
||||
+++ b/lib/public/AppFramework/Http/ContentSecurityPolicy.php
|
||||
@@ -44,7 +44,8 @@ class ContentSecurityPolicy extends EmptyContentSecurityPolicy {
|
||||
/** @var bool Whether inline JS snippets are allowed */
|
||||
protected $inlineScriptAllowed = false;
|
||||
/** @var bool Whether eval in JS scripts is allowed */
|
||||
- protected $evalScriptAllowed = false;
|
||||
+ // YunoHost patch: allow for eval in JS scripts for YunoHost tile
|
||||
+ protected $evalScriptAllowed = true;
|
||||
/** @var array Domains from which scripts can get loaded */
|
||||
protected $allowedScriptDomains = [
|
||||
'\'self\'',
|
||||
Loading…
Add table
Reference in a new issue