From c0e39f528f6e4314cd4a02f6fe49b6a5a89f33a2 Mon Sep 17 00:00:00 2001 From: lapineige Date: Mon, 21 Aug 2023 18:27:47 +0200 Subject: [PATCH 1/2] Testing : fix emails (#232) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * v2 * v2 * Create tests.toml * Auto-update README * fix * Update _common.sh * Update install * Update manifest.toml * Update manifest.toml * cleaning * Auto-update README * Auto-update README * Add post edits (from dev branch) Using lastest commit as most of the previous ones fix edits stuff + bugs https://github.com/pixelfed/pixelfed/commit/5cfe8cd56a5a9f9fb1b1c813d50d07ba6839181d * bump version * Auto-update README * cleaning * Update manifest.toml * Auto-update README * Update ADMIN.md * Update change_url * php8.2 * php8.2 * add ressources needed * php8.2 * update PHP * post edit formatting fixes https://github.com/pixelfed/pixelfed/commit/4479055e1e4700a58479f038d5b0d5d14e2f6897 * v0.11.8 * v0.11.8 * Auto-update README * Master -> ynh V2 (v0.11.8) * Auto-update README * Update .env * Fix .env + improvements https://github.com/YunoHost-Apps/pixelfed_ynh/pull/219#issuecomment-1568049256 * Update manifest.toml * Auto-update README * Typo * Patch file access right (fix post 0.11.5 installs) * Bump version (post v0.11.5 install fixes) * Auto-update README * Update extra_php-fpm.conf Fix #223 * Testing : fix ≥0.11.5 installs (#222) (#225) * v2 * v2 * Create tests.toml * Auto-update README * fix * Update _common.sh * Update install * Update manifest.toml * Update manifest.toml * cleaning * Auto-update README * Auto-update README * Add post edits (from dev branch) Using lastest commit as most of the previous ones fix edits stuff + bugs https://github.com/pixelfed/pixelfed/commit/5cfe8cd56a5a9f9fb1b1c813d50d07ba6839181d * bump version * Auto-update README * cleaning * Update manifest.toml * Auto-update README * Update ADMIN.md * Update change_url * php8.2 * php8.2 * add ressources needed * php8.2 * update PHP * post edit formatting fixes https://github.com/pixelfed/pixelfed/commit/4479055e1e4700a58479f038d5b0d5d14e2f6897 * v0.11.8 * v0.11.8 * Auto-update README * Master -> ynh V2 (v0.11.8) * Auto-update README * Update .env * Fix .env + improvements https://github.com/YunoHost-Apps/pixelfed_ynh/pull/219#issuecomment-1568049256 * Update manifest.toml * Auto-update README * Typo * Patch file access right (fix post 0.11.5 installs) * Bump version (post v0.11.5 install fixes) * Auto-update README --------- Co-authored-by: Éric Gaspar <46165813+ericgaspar@users.noreply.github.com> Co-authored-by: yunohost-bot Co-authored-by: ericgaspar * Bump version * Auto-update README * Fix post-v2 issues * Patch post v0.11.5 permissions Why are they not correct by default ? * Testing : fix images rights in package v2 (#224) (#227) * v2 * v2 * Create tests.toml * Auto-update README * fix * Update _common.sh * Update install * Update manifest.toml * Update manifest.toml * cleaning * Auto-update README * Auto-update README * Add post edits (from dev branch) Using lastest commit as most of the previous ones fix edits stuff + bugs https://github.com/pixelfed/pixelfed/commit/5cfe8cd56a5a9f9fb1b1c813d50d07ba6839181d * bump version * Auto-update README * cleaning * Update manifest.toml * Auto-update README * Update ADMIN.md * Update change_url * php8.2 * php8.2 * add ressources needed * php8.2 * update PHP * post edit formatting fixes https://github.com/pixelfed/pixelfed/commit/4479055e1e4700a58479f038d5b0d5d14e2f6897 * v0.11.8 * v0.11.8 * Auto-update README * Master -> ynh V2 (v0.11.8) * Auto-update README * Update .env * Fix .env + improvements https://github.com/YunoHost-Apps/pixelfed_ynh/pull/219#issuecomment-1568049256 * Update manifest.toml * Auto-update README * Typo * Patch file access right (fix post 0.11.5 installs) * Bump version (post v0.11.5 install fixes) * Auto-update README * Update extra_php-fpm.conf Fix #223 * Testing : fix ≥0.11.5 installs (#222) (#225) * v2 * v2 * Create tests.toml * Auto-update README * fix * Update _common.sh * Update install * Update manifest.toml * Update manifest.toml * cleaning * Auto-update README * Auto-update README * Add post edits (from dev branch) Using lastest commit as most of the previous ones fix edits stuff + bugs https://github.com/pixelfed/pixelfed/commit/5cfe8cd56a5a9f9fb1b1c813d50d07ba6839181d * bump version * Auto-update README * cleaning * Update manifest.toml * Auto-update README * Update ADMIN.md * Update change_url * php8.2 * php8.2 * add ressources needed * php8.2 * update PHP * post edit formatting fixes https://github.com/pixelfed/pixelfed/commit/4479055e1e4700a58479f038d5b0d5d14e2f6897 * v0.11.8 * v0.11.8 * Auto-update README * Master -> ynh V2 (v0.11.8) * Auto-update README * Update .env * Fix .env + improvements https://github.com/YunoHost-Apps/pixelfed_ynh/pull/219#issuecomment-1568049256 * Update manifest.toml * Auto-update README * Typo * Patch file access right (fix post 0.11.5 installs) * Bump version (post v0.11.5 install fixes) * Auto-update README --------- * Bump version * Auto-update README * Fix post-v2 issues --------- Co-authored-by: Éric Gaspar <46165813+ericgaspar@users.noreply.github.com> Co-authored-by: yunohost-bot Co-authored-by: ericgaspar * Bump version * Auto-update README * Fix mail sendmail (#230) * Testing : patch install permissions (#226) * v2 * v2 * Create tests.toml * Auto-update README * fix * Update _common.sh * Update install * Update manifest.toml * Update manifest.toml * cleaning * Auto-update README * Auto-update README * Add post edits (from dev branch) Using lastest commit as most of the previous ones fix edits stuff + bugs https://github.com/pixelfed/pixelfed/commit/5cfe8cd56a5a9f9fb1b1c813d50d07ba6839181d * bump version * Auto-update README * cleaning * Update manifest.toml * Auto-update README * Update ADMIN.md * Update change_url * php8.2 * php8.2 * add ressources needed * php8.2 * update PHP * post edit formatting fixes https://github.com/pixelfed/pixelfed/commit/4479055e1e4700a58479f038d5b0d5d14e2f6897 * v0.11.8 * v0.11.8 * Auto-update README * Master -> ynh V2 (v0.11.8) * Auto-update README * Update .env * Fix .env + improvements https://github.com/YunoHost-Apps/pixelfed_ynh/pull/219#issuecomment-1568049256 * Update manifest.toml * Auto-update README * Typo * Patch file access right (fix post 0.11.5 installs) * Bump version (post v0.11.5 install fixes) * Auto-update README * Update extra_php-fpm.conf Fix #223 * Testing : fix ≥0.11.5 installs (#222) (#225) * v2 * v2 * Create tests.toml * Auto-update README * fix * Update _common.sh * Update install * Update manifest.toml * Update manifest.toml * cleaning * Auto-update README * Auto-update README * Add post edits (from dev branch) Using lastest commit as most of the previous ones fix edits stuff + bugs https://github.com/pixelfed/pixelfed/commit/5cfe8cd56a5a9f9fb1b1c813d50d07ba6839181d * bump version * Auto-update README * cleaning * Update manifest.toml * Auto-update README * Update ADMIN.md * Update change_url * php8.2 * php8.2 * add ressources needed * php8.2 * update PHP * post edit formatting fixes https://github.com/pixelfed/pixelfed/commit/4479055e1e4700a58479f038d5b0d5d14e2f6897 * v0.11.8 * v0.11.8 * Auto-update README * Master -> ynh V2 (v0.11.8) * Auto-update README * Update .env * Fix .env + improvements https://github.com/YunoHost-Apps/pixelfed_ynh/pull/219#issuecomment-1568049256 * Update manifest.toml * Auto-update README * Typo * Patch file access right (fix post 0.11.5 installs) * Bump version (post v0.11.5 install fixes) * Auto-update README --------- Co-authored-by: Éric Gaspar <46165813+ericgaspar@users.noreply.github.com> Co-authored-by: yunohost-bot Co-authored-by: ericgaspar * Bump version * Auto-update README * Fix post-v2 issues * Patch post v0.11.5 permissions Why are they not correct by default ? * Testing : fix images rights in package v2 (#224) (#227) * v2 * v2 * Create tests.toml * Auto-update README * fix * Update _common.sh * Update install * Update manifest.toml * Update manifest.toml * cleaning * Auto-update README * Auto-update README * Add post edits (from dev branch) Using lastest commit as most of the previous ones fix edits stuff + bugs https://github.com/pixelfed/pixelfed/commit/5cfe8cd56a5a9f9fb1b1c813d50d07ba6839181d * bump version * Auto-update README * cleaning * Update manifest.toml * Auto-update README * Update ADMIN.md * Update change_url * php8.2 * php8.2 * add ressources needed * php8.2 * update PHP * post edit formatting fixes https://github.com/pixelfed/pixelfed/commit/4479055e1e4700a58479f038d5b0d5d14e2f6897 * v0.11.8 * v0.11.8 * Auto-update README * Master -> ynh V2 (v0.11.8) * Auto-update README * Update .env * Fix .env + improvements https://github.com/YunoHost-Apps/pixelfed_ynh/pull/219#issuecomment-1568049256 * Update manifest.toml * Auto-update README * Typo * Patch file access right (fix post 0.11.5 installs) * Bump version (post v0.11.5 install fixes) * Auto-update README * Update extra_php-fpm.conf Fix #223 * Testing : fix ≥0.11.5 installs (#222) (#225) * v2 * v2 * Create tests.toml * Auto-update README * fix * Update _common.sh * Update install * Update manifest.toml * Update manifest.toml * cleaning * Auto-update README * Auto-update README * Add post edits (from dev branch) Using lastest commit as most of the previous ones fix edits stuff + bugs https://github.com/pixelfed/pixelfed/commit/5cfe8cd56a5a9f9fb1b1c813d50d07ba6839181d * bump version * Auto-update README * cleaning * Update manifest.toml * Auto-update README * Update ADMIN.md * Update change_url * php8.2 * php8.2 * add ressources needed * php8.2 * update PHP * post edit formatting fixes https://github.com/pixelfed/pixelfed/commit/4479055e1e4700a58479f038d5b0d5d14e2f6897 * v0.11.8 * v0.11.8 * Auto-update README * Master -> ynh V2 (v0.11.8) * Auto-update README * Update .env * Fix .env + improvements https://github.com/YunoHost-Apps/pixelfed_ynh/pull/219#issuecomment-1568049256 * Update manifest.toml * Auto-update README * Typo * Patch file access right (fix post 0.11.5 installs) * Bump version (post v0.11.5 install fixes) * Auto-update README --------- * Bump version * Auto-update README * Fix post-v2 issues --------- Co-authored-by: Éric Gaspar <46165813+ericgaspar@users.noreply.github.com> Co-authored-by: yunohost-bot Co-authored-by: ericgaspar * Bump version * Auto-update README --------- Co-authored-by: Éric Gaspar <46165813+ericgaspar@users.noreply.github.com> Co-authored-by: yunohost-bot Co-authored-by: ericgaspar * Update .env use sendmail for default mail sending, should work out of the box for fresh installs * patch source prevent privilege escalation * patching source prevent privilege escalation * patching source prevent privilege escalation * Update manifest.toml Enable authentication on the mail stack for the system user * Update .env authentication on the mail stack with app system user * Fix old email configs --------- Co-authored-by: lapineige Co-authored-by: Éric Gaspar <46165813+ericgaspar@users.noreply.github.com> Co-authored-by: yunohost-bot Co-authored-by: ericgaspar * remove full_domain * Add manual email verification doc (#233) * Add manual email verification doc * email verification doc (fr) * fix doc --------- Co-authored-by: Éric Gaspar <46165813+ericgaspar@users.noreply.github.com> Co-authored-by: yunohost-bot Co-authored-by: ericgaspar Co-authored-by: themancalledjakob --- conf/.env | 10 +++++----- doc/ADMIN.md | 5 ++++- doc/ADMIN_fr.md | 5 ++++- manifest.toml | 2 +- scripts/install | 9 +++++++++ scripts/restore | 9 +++++++++ scripts/upgrade | 18 ++++++++++++++++++ 7 files changed, 50 insertions(+), 8 deletions(-) diff --git a/conf/.env b/conf/.env index 8f21fa35..615ba19d 100644 --- a/conf/.env +++ b/conf/.env @@ -84,13 +84,13 @@ NODEINFO=true WEBFINGER=true ## Mail Configuration (Post-Installer) -MAIL_DRIVER=smtp -MAIL_HOST=localhost +MAIL_DRIVER=sendmail +MAIL_HOST=127.0.0.1 MAIL_PORT=25 -MAIL_USERNAME=null -MAIL_PASSWORD=null +MAIL_USERNAME=__APP__ +MAIL_PASSWORD=__MAIL_PWD__ MAIL_ENCRYPTION=null -MAIL_FROM_ADDRESS="pixelfed@__DOMAIN__" +MAIL_FROM_ADDRESS="__APP__@__DOMAIN__" MAIL_FROM_NAME="Pixelfed" ## S3 Configuration (Post-Installer) diff --git a/doc/ADMIN.md b/doc/ADMIN.md index b205db60..483049ff 100644 --- a/doc/ADMIN.md +++ b/doc/ADMIN.md @@ -12,7 +12,10 @@ and respond yes to the question ` Add admin privileges to this user?`. Registrations are open by default. To change that setting, edit `__INSTALL_DIR__/.env` and set `OPEN_REGISTRATION=false` instead of `true`. -Then run `php8.2 artisan config:cache` to reload the settings. +Then run `php8.2 artisan config:cache` (from the app `/var/www/pixelfed…` folder) to reload the settings. + +### Manually verifying emails +By default, email verification is activated (adjust the `.env` file if needed). If your server can't send emails, you can manually confirm one user's email in the admin UI, tab `Moderation`, and by using the command `php8.2 artisan user:verify UserName`. ### Disable search engine indexing diff --git a/doc/ADMIN_fr.md b/doc/ADMIN_fr.md index 41cc2dbf..3824e372 100644 --- a/doc/ADMIN_fr.md +++ b/doc/ADMIN_fr.md @@ -12,7 +12,10 @@ et répondez oui à la question « Ajouter des privilèges d'administrateur à c Les inscriptions sont ouvertes par défaut. Pour modifier ce paramètre, modifiez `__INSTALL_DIR__/.env` et définissez `OPEN_REGISTRATION=false` au lieu de `true`. -Ensuite, exécutez `php8.2 artisan config:cache` pour recharger les paramètres. +Ensuite, exécutez `php8.2 artisan config:cache` depuis le dossier de l'application (dans `/var/www/pixelfed…`) pour recharger les paramètres. + +### Vérification manuelle des emails +Par défaut, la vérification des emails est activée (ajustez le fichier `.env` si nécessaire). Si votre serveur ne peut pas envoyer d'emails, vous pouvez confirmer manuellement l'email d'un compte dans l'interface d'administration, onglet `Modération`, et en utilisant la commande `php8.2 artisan user:verify NomUtilisateur`. ### Désactiver l'indexation des moteurs de recherche diff --git a/manifest.toml b/manifest.toml index 015ed498..11bce74a 100644 --- a/manifest.toml +++ b/manifest.toml @@ -29,7 +29,6 @@ ram.runtime = "100M" [install] [install.domain] type = "domain" - full_domain = true [install.init_main_permission] type = "group" @@ -42,6 +41,7 @@ ram.runtime = "100M" autoupdate.strategy = "latest_github_tag" [resources.system_user] + allow_email = true [resources.install_dir] diff --git a/scripts/install b/scripts/install index 8cffce4f..38a3213e 100644 --- a/scripts/install +++ b/scripts/install @@ -47,6 +47,15 @@ ynh_setup_source --dest_dir="$install_dir" chmod -R o-rwx "$install_dir" chown -R $app:www-data "$install_dir" +#================================================= +# PATCHING SOURCE +#================================================= +ynh_script_progression --message="Patching source files..." --weight=1 + +# Prevent privilege escalation by injecting commands in an email name +# This described in more detail on the manpage https://www.postfix.org/sendmail.1.html under security +ynh_replace_string --match_string="'/usr/sbin/sendmail -bs'" --replace_string="'/usr/sbin/sendmail -bs -- '" --target_file=$install_dir/config/mail.php + #================================================= # PHP-FPM CONFIGURATION #================================================= diff --git a/scripts/restore b/scripts/restore index cf0d895d..085b019e 100644 --- a/scripts/restore +++ b/scripts/restore @@ -20,6 +20,15 @@ ynh_restore_file --origin_path="$install_dir" chmod -R o-rwx "$install_dir" chown -R $app:www-data "$install_dir" +#================================================= +# PATCHING SOURCE +#================================================= +ynh_script_progression --message="Patching source files..." --weight=1 + +# Prevent privilege escalation by injecting commands in an email name +# This described in more detail on the manpage https://www.postfix.org/sendmail.1.html under security +ynh_replace_string --match_string="'/usr/sbin/sendmail -bs'" --replace_string="'/usr/sbin/sendmail -bs -- '" --target_file=$install_dir/config/mail.php + #================================================= # RESTORE THE PHP-FPM CONFIGURATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 51dc4d48..da9f593e 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -92,6 +92,15 @@ if dpkg --compare-versions "0.10.9~ynh3" gt "$(ynh_read_manifest --manifest="/et yunohost service add "supervisor" --description="Supervisor daemon for $app" --log="/var/log/$app/${app}-horizon.log" fi +# Fix old email configs +if ynh_compare_current_package_version --comparison lt --version "0.11.8~ynh5" ; then + ynh_replace_special_string --match_string="MAIL_DRIVER=[^\\n]*" --replace_string="MAIL_DRIVER=sendmail" --target_file="$install_dir/.env" # two \\ because it's in a "" + ynh_replace_special_string --match_string="MAIL_HOST=[^\\n]*" --replace_string="MAIL_HOST=127.0.0.1" --target_file="$install_dir/.env" # two \\ because it's in a "" + ynh_replace_special_string --match_string="MAIL_USERNAME=[^\\n]*" --replace_string="MAIL_USERNAME=$app" --target_file="$install_dir/.env" # two \\ because it's in a "" + ynh_replace_special_string --match_string="MAIL_PASSWORD=[^\\n]*" --replace_string="MAIL_PASSWORD=$mail_pwd" --target_file="$install_dir/.env" # two \\ because it's in a "" + ynh_replace_special_string --match_string="MAIL_FROM_ADDRESS=pixelfed" --replace_string=`MAIL_FROM_ADDRESS="$app"` --target_file="$install_dir/.env" +fi + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -109,6 +118,15 @@ chown -R $app:www-data "$install_dir" # Pixelfed app should be able to edit its settings from the admin panel chmod 600 "$install_dir"/.env +#================================================= +# PATCHING SOURCE +#================================================= +ynh_script_progression --message="Patching source files..." --weight=1 + +# Prevent privilege escalation by injecting commands in an email name +# This described in more detail on the manpage https://www.postfix.org/sendmail.1.html under security +ynh_replace_string --match_string="'/usr/sbin/sendmail -bs'" --replace_string="'/usr/sbin/sendmail -bs -- '" --target_file=$install_dir/config/mail.php + #================================================= # PHP-FPM CONFIGURATION #================================================= From 5570a7c36c5c37c38aa4a263dafb1ec85e1b9e40 Mon Sep 17 00:00:00 2001 From: lapineige Date: Mon, 21 Aug 2023 18:29:53 +0200 Subject: [PATCH 2/2] typo (#235) * bump version * Auto-update README --------- Co-authored-by: yunohost-bot --- README.md | 2 +- README_fr.md | 2 +- manifest.toml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/README.md b/README.md index 39d96724..816dbbaa 100644 --- a/README.md +++ b/README.md @@ -25,7 +25,7 @@ In addition to taking over the functionality of Instagram, the functioning of Pi It is also possible to import your data from Instagram. -**Shipped version:** 0.11.8~ynh5 +**Shipped version:** 0.11.8~ynh6 ## Screenshots diff --git a/README_fr.md b/README_fr.md index d9c882a9..7a7fc0a2 100644 --- a/README_fr.md +++ b/README_fr.md @@ -26,7 +26,7 @@ En plus de reprendre les fonctionnalités d'Instagram, le fonctionnement de Pixe Il est également possible d'importer ses données depuis Instagram. -**Version incluse :** 0.11.8~ynh5 +**Version incluse :** 0.11.8~ynh6 ## Captures d’écran diff --git a/manifest.toml b/manifest.toml index 11bce74a..a45a362c 100644 --- a/manifest.toml +++ b/manifest.toml @@ -5,7 +5,7 @@ name = "Pixelfed" description.en = "ActivityPub Federated Image Sharing" description.fr = "Logiciel de partage d'image fédéré via ActivityPub" -version = "0.11.8~ynh5" +version = "0.11.8~ynh6" maintainers = ["yalh76", "Lapineige"]