From fcd5cc77e5b7ff7287b9301336fc2d7e937aab0d Mon Sep 17 00:00:00 2001
From: yunohost-bot <yunohost-bot@users.noreply.github.com>
Date: Tue, 4 Jan 2022 06:13:55 +0000
Subject: [PATCH 1/9] Upgrade to v0.84.1

---
 conf/app.src  | 4 ++--
 manifest.json | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/conf/app.src b/conf/app.src
index 0db9987..4f9855b 100644
--- a/conf/app.src
+++ b/conf/app.src
@@ -1,5 +1,5 @@
-SOURCE_URL=https://github.com/nocodb/nocodb-seed/archive/e542be1003237e8da2df5c1e7893c1c8631a9cbc.zip
-SOURCE_SUM=ea9ec5aa9029344590c0aa5b80f9157080d12b17de0e5da50ab5482797401417
+SOURCE_URL=https://github.com/nocodb/nocodb-seed/archive/b9ee3ac8cc01e92bdfebac6d7c957c566503a3d0.zip
+SOURCE_SUM=83fea0d69c3afae36c69bc59af197dea42a3e612653d1d25c9da4d30946daf31
 SOURCE_SUM_PRG=sha256sum
 SOURCE_FORMAT=zip
 SOURCE_EXTRACT=true
diff --git a/manifest.json b/manifest.json
index 94423e1..d1cf6a1 100644
--- a/manifest.json
+++ b/manifest.json
@@ -6,7 +6,7 @@
         "en": "No-code platform that turns any database into a smart spreadsheet",
         "fr": "Plateform sans code qui transforme toute base de données en un tableur intelligent."
     },
-    "version": "0.83.8~ynh1",
+    "version": "0.84.1~ynh1",
     "url": "https://www.nocodb.com/",
     "upstream": {
         "license": "AGPL-3.0-only",

From 3d61c5305edafca5b67f53fe3491324320f0aa15 Mon Sep 17 00:00:00 2001
From: Yunohost-Bot <>
Date: Tue, 4 Jan 2022 06:14:00 +0000
Subject: [PATCH 2/9] Auto-update README

---
 README.md    | 2 +-
 README_fr.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index e725e74..e81d0fa 100644
--- a/README.md
+++ b/README.md
@@ -27,7 +27,7 @@ NocoDB is an open source NoCode platform that turns any database into a smart sp
 *(from NocoDB's website)*
 
 
-**Shipped version:** 0.83.8~ynh1
+**Shipped version:** 0.84.1~ynh1
 
 **Demo:** https://www.nocodb.com/demos
 
diff --git a/README_fr.md b/README_fr.md
index fa421a1..2e6ffe8 100644
--- a/README_fr.md
+++ b/README_fr.md
@@ -23,7 +23,7 @@ NocoDB is an open source NoCode platform that turns any database into a smart sp
 *(from NocoDB's website)*
 
 
-**Version incluse :** 0.83.8~ynh1
+**Version incluse :** 0.84.1~ynh1
 
 **Démo :** https://www.nocodb.com/demos
 

From d8af85d68dcbb32a41ea401bb5c9a898dade79e4 Mon Sep 17 00:00:00 2001
From: tituspijean <tituspijean@outlook.com>
Date: Wed, 5 Jan 2022 21:56:33 +0100
Subject: [PATCH 3/9] Prevent installation on ARM and ARMHF

---
 scripts/install | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/scripts/install b/scripts/install
index 5ad8cd1..39def25 100755
--- a/scripts/install
+++ b/scripts/install
@@ -31,6 +31,12 @@ app=$YNH_APP_INSTANCE_NAME
 #=================================================
 ynh_script_progression --message="Validating installation parameters..." --weight=1
 
+# Stop if architecture is 32-bit ARM
+case $YNH_ARCH in
+    arm|armhf) ynh_die --message="Sorry, your architecture $YNH_ARCH is not supported by NocoDB. Aborting.";;
+    *)         ;;
+esac
+
 final_path=/opt/yunohost/$app
 test ! -e "$final_path" || ynh_die --message="This path already contains a folder"
 

From 19d1744267125e0eaffaae40172cf6d06dce322c Mon Sep 17 00:00:00 2001
From: tituspijean <tituspijean@outlook.com>
Date: Wed, 5 Jan 2022 21:37:15 +0000
Subject: [PATCH 4/9] Build OracleDB dependency when on ARM64

---
 scripts/install | 8 ++++++++
 scripts/upgrade | 9 +++++++++
 2 files changed, 17 insertions(+)

diff --git a/scripts/install b/scripts/install
index 39def25..ca88b78 100755
--- a/scripts/install
+++ b/scripts/install
@@ -117,6 +117,14 @@ ynh_script_progression --message="Installing NocoDB..." --weight=5
 
 ynh_use_nodejs
 pushd $final_path
+
+	if [ $YNH_ARCH = "arm64" ]; then
+		ynh_print_info --message="Retrieving and building OracleDB for ARM64..."
+		ynh_exec_warn_less ynh_exec_as $app git clone --recursive https://github.com/oracle/node-oracledb.git oracledb
+		ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH $ynh_npm install ./oracledb
+		ynh_print_info --message="...Done! Installing NocoDB now..."
+	fi
+
 	ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH $ynh_npm install
 popd
 
diff --git a/scripts/upgrade b/scripts/upgrade
index 3551ab6..f11ea44 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -107,6 +107,15 @@ ynh_script_progression --message="Upgrading NocoDB..." --weight=5
 
 ynh_use_nodejs
 pushd $final_path
+
+        if [ $YNH_ARCH = "arm64" ]; then
+                ynh_print_info --message="Retrieving and building OracleDB for ARM64..."
+		ynh_secure_remove oracledb
+                ynh_exec_warn_less ynh_exec_as $app git clone --recursive https://github.com/oracle/node-oracledb.git oracledb
+                ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH $ynh_npm install ./oracledb
+                ynh_print_info --message="...Done! Installing NocoDB now..."
+        fi
+
         ynh_exec_warn_less ynh_exec_as $app $ynh_node_load_PATH $ynh_npm install
 popd
 

From f8672ca890a4de790c9d50553efd1402dacae0ad Mon Sep 17 00:00:00 2001
From: tituspijean <tituspijean@outlook.com>
Date: Wed, 5 Jan 2022 21:38:01 +0000
Subject: [PATCH 5/9] Bump package version

---
 manifest.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manifest.json b/manifest.json
index d1cf6a1..643d540 100644
--- a/manifest.json
+++ b/manifest.json
@@ -6,7 +6,7 @@
         "en": "No-code platform that turns any database into a smart spreadsheet",
         "fr": "Plateform sans code qui transforme toute base de données en un tableur intelligent."
     },
-    "version": "0.84.1~ynh1",
+    "version": "0.84.1~ynh2",
     "url": "https://www.nocodb.com/",
     "upstream": {
         "license": "AGPL-3.0-only",

From d5b98dd88415e4e9967e4b7d00ef98ebf22336c4 Mon Sep 17 00:00:00 2001
From: Yunohost-Bot <>
Date: Wed, 5 Jan 2022 21:38:17 +0000
Subject: [PATCH 6/9] Auto-update README

---
 README.md    | 2 +-
 README_fr.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index e81d0fa..1e45600 100644
--- a/README.md
+++ b/README.md
@@ -27,7 +27,7 @@ NocoDB is an open source NoCode platform that turns any database into a smart sp
 *(from NocoDB's website)*
 
 
-**Shipped version:** 0.84.1~ynh1
+**Shipped version:** 0.84.1~ynh2
 
 **Demo:** https://www.nocodb.com/demos
 
diff --git a/README_fr.md b/README_fr.md
index 2e6ffe8..bb06594 100644
--- a/README_fr.md
+++ b/README_fr.md
@@ -23,7 +23,7 @@ NocoDB is an open source NoCode platform that turns any database into a smart sp
 *(from NocoDB's website)*
 
 
-**Version incluse :** 0.84.1~ynh1
+**Version incluse :** 0.84.1~ynh2
 
 **Démo :** https://www.nocodb.com/demos
 

From adfe7b427bfa9b1af74abc42a72c8fd27d6dffe6 Mon Sep 17 00:00:00 2001
From: tituspijean <tituspijean@outlook.com>
Date: Wed, 5 Jan 2022 23:10:01 +0100
Subject: [PATCH 7/9] Appease linter Drop https redirect and bump ynh
 requirement Harden service security Bump package version and

---
 conf/nginx.conf      |  5 -----
 conf/systemd.service | 28 ++++++++++++++++++++++++++++
 manifest.json        |  4 ++--
 3 files changed, 30 insertions(+), 7 deletions(-)

diff --git a/conf/nginx.conf b/conf/nginx.conf
index d15c029..6ce91ce 100644
--- a/conf/nginx.conf
+++ b/conf/nginx.conf
@@ -1,11 +1,6 @@
 #sub_path_only rewrite ^__PATH__$ __PATH__/ permanent;
 location __PATH__/ {
 
-  # Force usage of https
-  if ($scheme = http) {
-    rewrite ^ https://$server_name$request_uri? permanent;
-  }
-
   proxy_pass http://127.0.0.1:__PORT____PATH__;
   proxy_set_header X-Real-IP $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
diff --git a/conf/systemd.service b/conf/systemd.service
index d2d7118..21d4989 100644
--- a/conf/systemd.service
+++ b/conf/systemd.service
@@ -13,5 +13,33 @@ ExecStart=__YNH_NODE__ index.js
 StandardOutput=append:/var/log/__APP__/__APP__.log
 StandardError=inherit
 
+# Sandboxing options to harden security
+# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+DevicePolicy=closed
+ProtectSystem=full
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+LockPersonality=yes
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
+
+# Denying access to capabilities that should not be relevant for webapps
+# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
+CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
+CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
+CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
+CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
+CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
+CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
+CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
+CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG 
+
 [Install]
 WantedBy=multi-user.target
diff --git a/manifest.json b/manifest.json
index 643d540..8b01dd6 100644
--- a/manifest.json
+++ b/manifest.json
@@ -6,7 +6,7 @@
         "en": "No-code platform that turns any database into a smart spreadsheet",
         "fr": "Plateform sans code qui transforme toute base de données en un tableur intelligent."
     },
-    "version": "0.84.1~ynh2",
+    "version": "0.84.1~ynh3",
     "url": "https://www.nocodb.com/",
     "upstream": {
         "license": "AGPL-3.0-only",
@@ -20,7 +20,7 @@
         "email": "tituspijean@outlook.com"
     },
     "requirements": {
-        "yunohost": ">= 4.1.7"
+        "yunohost": ">= 4.3"
     },
     "multi_instance": true,
     "services": [

From d7da2d75a78f0d82977a693c2881facad2ad0458 Mon Sep 17 00:00:00 2001
From: Yunohost-Bot <>
Date: Wed, 5 Jan 2022 22:10:59 +0000
Subject: [PATCH 8/9] Auto-update README

---
 README.md    | 2 +-
 README_fr.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index 1e45600..0f80849 100644
--- a/README.md
+++ b/README.md
@@ -27,7 +27,7 @@ NocoDB is an open source NoCode platform that turns any database into a smart sp
 *(from NocoDB's website)*
 
 
-**Shipped version:** 0.84.1~ynh2
+**Shipped version:** 0.84.1~ynh3
 
 **Demo:** https://www.nocodb.com/demos
 
diff --git a/README_fr.md b/README_fr.md
index bb06594..298a4c3 100644
--- a/README_fr.md
+++ b/README_fr.md
@@ -23,7 +23,7 @@ NocoDB is an open source NoCode platform that turns any database into a smart sp
 *(from NocoDB's website)*
 
 
-**Version incluse :** 0.84.1~ynh2
+**Version incluse :** 0.84.1~ynh3
 
 **Démo :** https://www.nocodb.com/demos
 

From 485316b5d7567bcb18f4e7ed1b1a13bcbeac73be Mon Sep 17 00:00:00 2001
From: tituspijean <tituspijean@outlook.com>
Date: Thu, 6 Jan 2022 14:29:56 +0100
Subject: [PATCH 9/9] Fix RestrictAddressFamilies in service conf

---
 conf/systemd.service | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/conf/systemd.service b/conf/systemd.service
index 21d4989..d0a49ce 100644
--- a/conf/systemd.service
+++ b/conf/systemd.service
@@ -18,7 +18,7 @@ StandardError=inherit
 NoNewPrivileges=yes
 PrivateTmp=yes
 PrivateDevices=yes
-RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
 RestrictNamespaces=yes
 RestrictRealtime=yes
 DevicePolicy=closed