diff --git a/README.md b/README.md index 7f224d6..fc136e8 100755 --- a/README.md +++ b/README.md @@ -1,59 +1,50 @@ + + # Plume for YunoHost [![Integration level](https://dash.yunohost.org/integration/plume.svg)](https://dash.yunohost.org/appci/app/plume) ![](https://ci-apps.yunohost.org/ci/badges/plume.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/plume.maintain.svg) [![Install Plume with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=plume) -> *This package allows you to install Plume quickly and simply on a YunoHost server. +*[Lire ce readme en français.](./README_fr.md)* + +> *This package allows you to install Plume quickly and simply on a YunoHost server. If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.* ## Overview + Federated blogging engine, based on ActivityPub. It uses the Rocket framework, and Diesel to interact with the database. -**Shipped version:** 0.6.0 +**Shipped version:** 0.6.0~ynh3 + +**Demo:** https://joinplu.me/#instances + +## Screenshots + +![](./doc/screenshots/screenshot.png) + +## Disclaimers / important information **Warning:** The package can take **15 to 30 minutes** to complete depending on your system configuration. **Don't intrupt the installation process while installing.** ## Important points to read before installing 1. **Plume** is still in **pre-release** stage and undergoing heavy development, so there can be **bugs**. -1. **Plume** require a dedicated **root domain**, eg. plume.domain.tld -1. **Plume** require a valid **certificate** installed on the domain. Yunohost can **install Letsencrypt certificate** on the domain from **admin web-interface** or through **command-line**. +1. **Plume** requires a dedicated **root domain**, eg. plume.domain.tld +1. **Plume** requires a valid **certificate** installed on the domain. YunoHost can **install a Let's Encrypt certificate** on the domain from **admin web-interface** or through **command-line**. 1. This package is **multi-instance** that means you can run **multiple Plume instances** on a **single server**. -## Screenshots - -![plume-screenshot1](https://user-images.githubusercontent.com/30271971/52232065-d6d83600-28bb-11e9-9a0a-b4b139c2eb25.png) - -## Demo - -* [List of instances](https://joinplu.me/#instances) - -## Documentation - - * Official documentation: https://docs.joinplu.me/ - -## YunoHost specific features - #### Multi-user support LDAP is activated but HTTP auth is not supported +## Documentation and resources -#### Supported architectures - -* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/plume.svg)](https://ci-apps.yunohost.org/ci/apps/plume/) -* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/plume.svg)](https://ci-apps-arm.yunohost.org/ci/apps/plume/) - -## Limitations - -* No known limitations. - -## Links - - * Report a bug: https://github.com/YunoHost-Apps/plume_ynh/issues - * App website: https://joinplu.me/ - * Upstream app repository: https://github.com/Plume-org/Plume - * YunoHost website: https://yunohost.org/ - ---- +* Official app website: https://joinplu.me/ +* Official admin documentation: https://docs.joinplu.me/ +* Upstream app code repository: https://github.com/Plume-org/Plume +* YunoHost documentation for this app: https://yunohost.org/app_plume +* Report a bug: https://github.com/YunoHost-Apps/plume_ynh/issues ## Developer info @@ -65,3 +56,5 @@ sudo yunohost app install https://github.com/YunoHost-Apps/plume_ynh/tree/testin or sudo yunohost app upgrade plume -u https://github.com/YunoHost-Apps/plume_ynh/tree/testing --debug ``` + +**More info regarding app packaging:** https://yunohost.org/packaging_apps \ No newline at end of file diff --git a/README_fr.md b/README_fr.md new file mode 100644 index 0000000..40cc0f8 --- /dev/null +++ b/README_fr.md @@ -0,0 +1,56 @@ +# Plume pour YunoHost + +[![Niveau d'intégration](https://dash.yunohost.org/integration/plume.svg)](https://dash.yunohost.org/appci/app/plume) ![](https://ci-apps.yunohost.org/ci/badges/plume.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/plume.maintain.svg) +[![Installer Plume avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=plume) + +*[Read this readme in english.](./README.md)* +*[Lire ce readme en français.](./README_fr.md)* + +> *Ce package vous permet d'installer Plume rapidement et simplement sur un serveur YunoHost. +Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.* + +## Vue d'ensemble + +Federated blogging engine, based on ActivityPub. It uses the Rocket framework, and Diesel to interact with the database. + +**Version incluse :** 0.6.0~ynh3 + +**Démo :** https://joinplu.me/#instances + +## Captures d'écran + +![](./doc/screenshots/screenshot.png) + +## Avertissements / informations importantes + +**Warning:** The package can take **15 to 30 minutes** to complete depending on your system configuration. **Don't intrupt the installation process while installing.** + +## Important points to read before installing +1. **Plume** is still in **pre-release** stage and undergoing heavy development, so there can be **bugs**. +1. **Plume** requires a dedicated **root domain**, eg. plume.domain.tld +1. **Plume** requires a valid **certificate** installed on the domain. YunoHost can **install a Let's Encrypt certificate** on the domain from **admin web-interface** or through **command-line**. +1. This package is **multi-instance** that means you can run **multiple Plume instances** on a **single server**. + +#### Multi-user support + +LDAP is activated but HTTP auth is not supported +## Documentations et ressources + +* Site officiel de l'app : https://joinplu.me/ +* Documentation officielle de l'admin : https://docs.joinplu.me/ +* Dépôt de code officiel de l'app : https://github.com/Plume-org/Plume +* Documentation YunoHost pour cette app : https://yunohost.org/app_plume +* Signaler un bug : https://github.com/YunoHost-Apps/plume_ynh/issues + +## Informations pour les développeurs + +Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/plume_ynh/tree/testing). + +Pour essayer la branche testing, procédez comme suit. +``` +sudo yunohost app install https://github.com/YunoHost-Apps/plume_ynh/tree/testing --debug +ou +sudo yunohost app upgrade plume -u https://github.com/YunoHost-Apps/plume_ynh/tree/testing --debug +``` + +**Plus d'infos sur le packaging d'applications :** https://yunohost.org/packaging_apps \ No newline at end of file diff --git a/check_process b/check_process index f3d5834..06c8904 100755 --- a/check_process +++ b/check_process @@ -1,11 +1,11 @@ ;; Test complet ; Manifest - domain="domain.tld" (DOMAIN) - admin="john" (USER) - is_public=1 (PUBLIC|public=1|private=0) + domain="domain.tld" + admin="john" + is_public=1 password="pass" name="my blog" - registration=0 (BOOLEAN) + registration=0 ; Checks pkg_linter=1 setup_sub_dir=0 diff --git a/conf/x86-64.src b/conf/amd64.src similarity index 93% rename from conf/x86-64.src rename to conf/amd64.src index 8951efd..8c85104 100644 --- a/conf/x86-64.src +++ b/conf/amd64.src @@ -3,4 +3,3 @@ SOURCE_SUM=faca15f1b036929fd9c0a5cff29dbf12eb559500ee25052ba716138c5b93e63f SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=false -SOURCE_FILENAME= diff --git a/conf/arm64.src b/conf/arm64.src index ea689bf..19c4291 100644 --- a/conf/arm64.src +++ b/conf/arm64.src @@ -3,4 +3,3 @@ SOURCE_SUM=c821052f0d7c6cbb2d4eeffd143fb36b3add30b57c4bfc442d6604bd43e2f1b2 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=false -SOURCE_FILENAME= diff --git a/conf/nginx.conf b/conf/nginx.conf index f057d1f..dcbc7d0 100755 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,8 +1,4 @@ location __PATH__/ { - # Force usage of https - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; - } proxy_pass http://localhost:__PORT__/; proxy_set_header Host $http_host; diff --git a/conf/systemd.service b/conf/systemd.service index e8d2327..4ea0196 100755 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -11,5 +11,36 @@ ExecStart=/bin/sh -c '__FINALPATH__/.cargo/bin/plume >> /var/log/__APP__/__APP__ TimeoutSec=30 Restart=always + +# Sandboxing options to harden security +# Depending on specificities of your service/app, you may need to tweak these +# .. but this should be a good baseline +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG + [Install] WantedBy=multi-user.target diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md new file mode 100644 index 0000000..04cfd65 --- /dev/null +++ b/doc/DESCRIPTION.md @@ -0,0 +1 @@ +Federated blogging engine, based on ActivityPub. It uses the Rocket framework, and Diesel to interact with the database. \ No newline at end of file diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md new file mode 100644 index 0000000..ab397ec --- /dev/null +++ b/doc/DISCLAIMER.md @@ -0,0 +1,11 @@ +**Warning:** The package can take **15 to 30 minutes** to complete depending on your system configuration. **Don't intrupt the installation process while installing.** + +## Important points to read before installing +1. **Plume** is still in **pre-release** stage and undergoing heavy development, so there can be **bugs**. +1. **Plume** requires a dedicated **root domain**, eg. plume.domain.tld +1. **Plume** requires a valid **certificate** installed on the domain. YunoHost can **install a Let's Encrypt certificate** on the domain from **admin web-interface** or through **command-line**. +1. This package is **multi-instance** that means you can run **multiple Plume instances** on a **single server**. + +#### Multi-user support + +LDAP is activated but HTTP auth is not supported \ No newline at end of file diff --git a/doc/screenshots/screenshot.png b/doc/screenshots/screenshot.png new file mode 100644 index 0000000..c251d1a Binary files /dev/null and b/doc/screenshots/screenshot.png differ diff --git a/manifest.json b/manifest.json index bc25a63..0b74fa0 100755 --- a/manifest.json +++ b/manifest.json @@ -4,16 +4,23 @@ "packaging_format": 1, "description": { "en": "Federated blogging application", - "fr": "Une application de blogging fédérée." + "fr": "Application de blogging fédérée" }, - "version": "0.6.0~ynh2", + "version": "0.6.0~ynh3", "url": "https://joinplu.me/", + "upstream": { + "license": "AGPL-3.0-only", + "website": "https://joinplu.me/", + "demo": "https://joinplu.me/#instances", + "admindoc": "https://docs.joinplu.me/", + "code": "https://github.com/Plume-org/Plume" + }, "license": "AGPL-3.0-only", "maintainer": { "name": "yalh76" }, "requirements": { - "yunohost": ">= 4.1.3" + "yunohost": ">= 4.3.1.8" }, "multi_instance": true, "services": [ @@ -23,13 +30,11 @@ "install" : [ { "name": "domain", - "type": "domain", - "example": "example.com" + "type": "domain" }, { "name": "admin", - "type": "user", - "example": "johndoe" + "type": "user" }, { "name": "is_public", @@ -38,8 +43,7 @@ }, { "name": "password", - "type": "password", - "example": "Choose a password" + "type": "password" }, { "name": "name", @@ -56,7 +60,7 @@ "type": "boolean", "ask": { "en": "Is registrations open to everyone?", - "fr": "Les inscriptions sont t'elles ouvertes à tout le monde?" + "fr": "Les inscriptions sont-elles ouvertes à tout le monde ?" }, "default": false } diff --git a/scripts/change_url b/scripts/change_url index 53e96df..f89d7aa 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -29,11 +29,6 @@ ynh_script_progression --message="Loading installation settings..." # Needed for helper "ynh_add_nginx_config" final_path=$(ynh_app_setting_get --app=$app --key=final_path) -# Add settings here as needed by your application -#db_name=$(ynh_app_setting_get --app=$app --key=db_name) -#db_user=$db_name -#db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd) - #================================================= # BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP #================================================= diff --git a/scripts/install b/scripts/install index 1c083b8..29ab12c 100755 --- a/scripts/install +++ b/scripts/install @@ -7,7 +7,6 @@ #================================================= source _common.sh -source ynh_detect_arch__2 source /usr/share/yunohost/helpers #================================================= @@ -33,6 +32,7 @@ instance_name=$YNH_APP_ARG_NAME registration=$YNH_APP_ARG_REGISTRATION admin_email=$(ynh_user_get_info $admin 'mail') secret_key=$(ynh_string_random --length=32 | base64) +architecture=$YNH_ARCH app=$YNH_APP_INSTANCE_NAME @@ -41,9 +41,8 @@ app=$YNH_APP_INSTANCE_NAME #================================================= ynh_script_progression --message="Validating installation parameters..." -architecture=$(ynh_detect_arch) # Check machine architecture (in particular, we don't support ARM and 32bit machines) -if [ $architecture == "arm" ] +if [ $architecture == "armhf" ] then ynh_die --message="Sorry, but this app can only be installed on a 64 bits machine :(" fi @@ -83,7 +82,7 @@ ynh_app_setting_set --app=$app --key=port --value=$port #================================================= ynh_script_progression --message="Installing dependencies..." -ynh_install_app_dependencies $pkg_dependencies +ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies #================================================= # CREATE DEDICATED USER @@ -98,13 +97,11 @@ ynh_system_user_create --username=$app --home_dir="$final_path" #================================================= ynh_script_progression --message="Creating a PostgreSQL database..." -ynh_psql_test_if_first_run db_name=$(ynh_sanitize_dbid --db_name=$app) db_user=$db_name -db_pwd=$(ynh_string_random --length=30) ynh_app_setting_set --app=$app --key=db_name --value=$db_name -ynh_app_setting_set --app=$app --key=db_pwd --value=$db_pwd -ynh_psql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd +ynh_psql_test_if_first_run +ynh_psql_setup_db --db_user=$db_user --db_name=$db_name #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE diff --git a/scripts/restore b/scripts/restore index b15d9a8..9d983e3 100755 --- a/scripts/restore +++ b/scripts/restore @@ -8,7 +8,6 @@ # Keep this path for calling _common.sh inside the execution's context of backup and restore scripts source ../settings/scripts/_common.sh -source ../settings/scripts/ynh_detect_arch__2 source /usr/share/yunohost/helpers #================================================= @@ -33,17 +32,14 @@ path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_user=$db_name -db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd) +db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) #================================================= # CHECK IF THE APP CAN BE RESTORED #================================================= ynh_script_progression --message="Validating restoration parameters..." -ynh_webpath_available --domain=$domain --path_url=$path_url \ - || ynh_die --message="Path not available: ${domain}${path_url}" -test ! -d $final_path \ - || ynh_die --message="There is already a directory: $final_path " +test ! -d $final_path || ynh_die --message="There is already a directory: $final_path " #================================================= # STANDARD RESTORATION STEPS @@ -89,7 +85,7 @@ chown -R "$app":"$app" "/var/log/$app" ynh_script_progression --message="Reinstalling dependencies..." # Define and install dependencies -ynh_install_app_dependencies $pkg_dependencies +ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies #================================================= # RESTORE THE POSTGRESQL DATABASE diff --git a/scripts/upgrade b/scripts/upgrade index a852f9d..597b478 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -7,7 +7,6 @@ #================================================= source _common.sh -source ynh_detect_arch__2 source /usr/share/yunohost/helpers #================================================= @@ -23,16 +22,14 @@ admin=$(ynh_app_setting_get --app=$app --key=admin) final_path=$(ynh_app_setting_get --app=$app --key=final_path) db_name=$(ynh_app_setting_get --app=$app --key=db_name) db_user=$db_name -db_pwd=$(ynh_app_setting_get --app=$app --key=db_pwd) +db_pwd=$(ynh_app_setting_get --app=$app --key=psqlpwd) port=$(ynh_app_setting_get --app=$app --key=port) secret_key=$(ynh_app_setting_get --app=$app --key=secret_key) - -architecture=$(ynh_detect_arch) +architecture=$YNH_ARCH #================================================= # CHECK VERSION #================================================= -ynh_script_progression --message="Checking version..." upgrade_type=$(ynh_check_app_version_changed) @@ -136,7 +133,7 @@ ynh_add_nginx_config #================================================= ynh_script_progression --message="Upgrading dependencies..." -ynh_install_app_dependencies $pkg_dependencies +ynh_exec_warn_less ynh_install_app_dependencies $pkg_dependencies #================================================= # SPECIFIC UPGRADE diff --git a/scripts/ynh_detect_arch__2 b/scripts/ynh_detect_arch__2 deleted file mode 100644 index b1c7375..0000000 --- a/scripts/ynh_detect_arch__2 +++ /dev/null @@ -1,25 +0,0 @@ -#!/bin/bash - -# Check the architecture -# -# example: architecture=$(ynh_detect_arch) -# -# usage: ynh_detect_arch -# -# Requires YunoHost version 2.2.4 or higher. - -ynh_detect_arch(){ - local architecture - if [ -n "$(uname -m | grep arm64)" ] || [ -n "$(uname -m | grep aarch64)" ]; then - architecture="arm64" - elif [ -n "$(uname -m | grep 64)" ]; then - architecture="x86-64" - elif [ -n "$(uname -m | grep 86)" ]; then - architecture="i386" - elif [ -n "$(uname -m | grep arm)" ]; then - architecture="arm" - else - architecture="unknown" - fi - echo $architecture -}