From 36a5c20fb261ba63951eab3e705e5cf73ef1ed48 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Mon, 14 Dec 2020 08:34:32 +0100 Subject: [PATCH 1/2] Testing (#2) * Fix linter warning --- README.md | 2 +- README_fr.md | 12 +++++++----- check_process | 2 -- manifest.json | 2 +- scripts/backup | 2 +- scripts/install | 2 +- scripts/upgrade | 9 +-------- 7 files changed, 12 insertions(+), 19 deletions(-) diff --git a/README.md b/README.md index cb0d3b8..2ef8201 100644 --- a/README.md +++ b/README.md @@ -46,7 +46,7 @@ This is a fork of ZeroBin, originally developed by Sébastien Sauvage. It was re ## Additional information -In the [update documentation](https://github.com/PrivateBin/PrivateBin/wiki/Configuration#zerobincompatibility) of Parsebin, it is specified that: +In the [update documentation](https://github.com/PrivateBin/PrivateBin/wiki/Configuration#zerobincompatibility) of ParsteBin, it is specified that: For full compatibility with ZeroBin and to be able to decrypt old pastes, you would enable this option. However this is not recommend for new installations as it weakens the security of your PrivateBin instance. diff --git a/README_fr.md b/README_fr.md index e321736..0918436 100644 --- a/README_fr.md +++ b/README_fr.md @@ -16,7 +16,7 @@ Les données sont chiffrées et déchiffrées dans le navigateur en utilisant la Ce projet est un fork de ZeroBin, développé à l'origine par Sébastien Sauvage. Il a été ré-écrit pour accepter plus facilement des extensions en rajoutant plus de fonctionnalités. Il reste cependant compatible avec le schéma original de stockage des données Zerobin 0.19. Ainsi toutes les installations peuvent être mises à jour vers ce projet, sans perte de données. -**Version incluse:** 1.3.4 +**Version incluse :** 1.3.4 ## Captures d'écran @@ -46,9 +46,11 @@ Ce projet est un fork de ZeroBin, développé à l'origine par Sébastien Sauvag ## Informations additionnelles -Dans la [documentation de mise à jour](https://github.com/PrivateBin/PrivateBin/wiki/Configuration#zerobincompatibility) de Privatebin, il est précisé que : -* Pour une compatibilité complète avec Zerobin et le déchiffrement de tous les vieux "paste", vous devriez activer cette option. Cependant, ce n'est pas recommandé pour les nouvelles installations car cela affaiblit la sécurité de votre instance PrivateBin. -* Ceci signifie que nous avons décidé de supprimer ce répertoire pour permettre la sécurisation des données. Vous pouvez sauvegarder le répertoire 'data', si vous voulez conservez vos données. Mais vous devriez savoir que cela réduit la sécurité de votre application. +Dans la [documentation de mise à jour](https://github.com/PrivateBin/PrivateBin/wiki/Configuration#zerobincompatibility) de PrivateBin, il est précisé que : + +Pour une compatibilité complète avec Zerobin et le déchiffrement de tous les vieux "paste", vous devriez activer cette option. Cependant, ce n'est pas recommandé pour les nouvelles installations car cela affaiblit la sécurité de votre instance PrivateBin. + +Ceci signifie que nous avons décidé de supprimer ce répertoire pour permettre la sécurisation des données. Vous pouvez sauvegarder le répertoire 'data', si vous voulez conservez vos données. Mais vous devriez savoir que cela réduit la sécurité de votre application. ## Liens @@ -66,6 +68,6 @@ Merci de faire vos pull request dans la [branche testing](https://github.com/Yun Pour essayer la branche testing, procédez comme suit. ``` sudo yunohost app install https://github.com/YunoHost-Apps/privatebin_ynh/tree/testing --debug -or +ou sudo yunohost app upgrade privatebin -u https://github.com/YunoHost-Apps/privatebin_ynh/tree/testing --debug ``` diff --git a/check_process b/check_process index aa24d7a..32cd1e9 100644 --- a/check_process +++ b/check_process @@ -17,8 +17,6 @@ incorrect_path=1 port_already_use=0 change_url=1 -;;; Levels - Level 5=auto ;;; Options Email= Notification=none diff --git a/manifest.json b/manifest.json index 5e91bbb..c55a692 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Minimalist pastebin where the server has zero knowledge of pasted data", "fr": "Pastebin minimaliste où le serveur n'a aucune connaissance des données copiées" }, - "version": "1.3.4~ynh1", + "version": "1.3.4~ynh2", "url": "https://github.com/PrivateBin/PrivateBin", "license": "Zlib", "maintainer": { diff --git a/scripts/backup b/scripts/backup index fa68a35..ea50559 100644 --- a/scripts/backup +++ b/scripts/backup @@ -18,7 +18,7 @@ ynh_abort_if_errors #================================================= # LOAD SETTINGS #================================================= -ynh_script_progression --message="Loading installation settings..." +ynh_print_info --message="Loading installation settings..." app=$YNH_APP_INSTANCE_NAME diff --git a/scripts/install b/scripts/install index 28f93f2..7087485 100644 --- a/scripts/install +++ b/scripts/install @@ -78,7 +78,7 @@ ynh_system_user_create --username=$app ynh_script_progression --message="Configuring PHP-FPM..." --weight=2 # Create a dedicated PHP-FPM config -ynh_add_fpm_config --phpversion=$YNH_PHP_VERSION +ynh_add_fpm_config phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 7dfe908..0acb397 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -72,13 +72,6 @@ ynh_clean_setup () { # Exit if an error occurs during the execution of the script ynh_abort_if_errors -#================================================= -# CHECK THE PATH -#================================================= - -# Normalize the URL path syntax -path_url=$(ynh_normalize_url_path $path_url) - #================================================= # STANDARD UPGRADE STEPS #================================================= @@ -115,7 +108,7 @@ ynh_system_user_create --username=$app ynh_script_progression --message="Upgrading PHP-FPM configuration..." --weight=3 # Create a dedicated PHP-FPM config -ynh_add_fpm_config --phpversion=$YNH_PHP_VERSION +ynh_add_fpm_config #================================================= # GENERIC FINALIZATION From 774eef21cd6852ffa42906b10bb5fc7a92aab919 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Fri, 5 Feb 2021 23:27:28 +0100 Subject: [PATCH 2/2] Testing (#4) * New permissions * Update check_process --- README.md | 2 +- README_fr.md | 2 +- check_process | 8 ++++---- conf/php-fpm.conf | 7 ++----- manifest.json | 4 ++-- pull_request_template.md | 4 +--- scripts/change_url | 1 + scripts/install | 10 +++++----- scripts/remove | 4 ++-- scripts/upgrade | 19 +------------------ 10 files changed, 20 insertions(+), 41 deletions(-) diff --git a/README.md b/README.md index 2ef8201..f3b6fa6 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # PrivateBin for YunoHost [![Integration level](https://dash.yunohost.org/integration/privatebin.svg)](https://dash.yunohost.org/appci/app/privatebin) ![](https://ci-apps.yunohost.org/ci/badges/privatebin.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/privatebin.maintain.svg) -[![Install PrivateBin with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=privatebin) +[![Install PrivateBin with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=privatebin) *[Lire ce readme en français.](./README_fr.md)* diff --git a/README_fr.md b/README_fr.md index 0918436..a74c0c1 100644 --- a/README_fr.md +++ b/README_fr.md @@ -1,7 +1,7 @@ # PrivateBin pour YunoHost [![Niveau d'intégration](https://dash.yunohost.org/integration/privatebin.svg)](https://dash.yunohost.org/appci/app/privatebin) ![](https://ci-apps.yunohost.org/ci/badges/privatebin.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/privatebin.maintain.svg) -[![Installer PrivateBin avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=privatebin) +[![Installer PrivateBin avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=privatebin) *[Read this readme in english.](./README.md)* diff --git a/check_process b/check_process index 32cd1e9..cd93ce5 100644 --- a/check_process +++ b/check_process @@ -8,10 +8,10 @@ setup_sub_dir=1 setup_root=1 setup_nourl=0 - setup_private=1 + setup_private=0 setup_public=1 upgrade=1 - upgrade=1 from_commit=42913fc917c98766b0cbba47a3b40148dffaac58 + upgrade=1 from_commit=8ce6cac57048e5df294269989c2432d67bef4c5c backup_restore=1 multi_instance=1 incorrect_path=1 @@ -21,6 +21,6 @@ Email= Notification=none ;;; Upgrade options - ; commit=42913fc917c98766b0cbba47a3b40148dffaac58 - name=Refactoring + ; commit=8ce6cac57048e5df294269989c2432d67bef4c5c + name=Testing (#1) manifest_arg=domain=DOMAIN&path=PATH&is_public=1& diff --git a/conf/php-fpm.conf b/conf/php-fpm.conf index 61b251f..37344f6 100644 --- a/conf/php-fpm.conf +++ b/conf/php-fpm.conf @@ -419,8 +419,8 @@ chdir = __FINALPATH__ ;php_admin_value[memory_limit] = 32M ; Common values to change to increase file upload limit -; php_admin_value[upload_max_filesize] = 50M -; php_admin_value[post_max_size] = 50M +php_admin_value[upload_max_filesize] = 30M +php_admin_value[post_max_size] = 30M ; php_admin_flag[mail.add_x_header] = Off ; Other common parameters @@ -428,6 +428,3 @@ chdir = __FINALPATH__ ; php_admin_value[max_input_time] = 300 ; php_admin_value[memory_limit] = 256M ; php_admin_flag[short_open_tag] = On - -php_admin_value[upload_max_filesize] = 30M -php_admin_value[post_max_size] = 30M diff --git a/manifest.json b/manifest.json index c55a692..f3b92d6 100644 --- a/manifest.json +++ b/manifest.json @@ -14,12 +14,12 @@ "email": "julien.malik@paraiso.me" }, "requirements": { - "yunohost": ">= 3.8.1" + "yunohost": ">= 4.0.0" }, "multi_instance": true, "services": [ "nginx", - "php7.0-fpm" + "php7.3-fpm" ], "arguments": { "install" : [ diff --git a/pull_request_template.md b/pull_request_template.md index 1b38eac..6c28fc5 100644 --- a/pull_request_template.md +++ b/pull_request_template.md @@ -13,6 +13,4 @@ ## Package_check results --- -*If you have access to [App Continuous Integration for packagers](https://yunohost.org/#/packaging_apps_ci) you can provide a link to the package_check results like below, replacing '-NUM-' in this link by the PR number and USERNAME by your username on the ci-apps-dev. Or you provide a screenshot or a pastebin of the results* - -[![Build Status](https://ci-apps-dev.yunohost.org/jenkins/job/privatebin_ynh%20PR-NUM-%20(USERNAME)/badge/icon)](https://ci-apps-dev.yunohost.org/jenkins/job/privatebin_ynh%20PR-NUM-%20(USERNAME)/) +* An automatic package_check will be launch at https://ci-apps-dev.yunohost.org/, when you add a specific comment to your Pull Request: "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!"* diff --git a/scripts/change_url b/scripts/change_url index 0017e2c..ac2c77f 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -28,6 +28,7 @@ ynh_script_progression --message="Loading installation settings..." # Needed for helper "ynh_add_nginx_config" final_path=$(ynh_app_setting_get --app=$app --key=final_path) +is_public=$(ynh_app_setting_get --app=$app --key=is_public) #================================================= # CHECK WHICH PARTS SHOULD BE CHANGED diff --git a/scripts/install b/scripts/install index 7087485..44b34de 100644 --- a/scripts/install +++ b/scripts/install @@ -28,7 +28,7 @@ app=$YNH_APP_INSTANCE_NAME #================================================= # CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS #================================================= -ynh_script_progression --message="Validating installation parameters..." +ynh_script_progression --message="Validating installation parameters..." --weight=1 final_path=/var/www/$app test ! -e "$final_path" || ynh_die --message="This path already contains a folder" @@ -39,7 +39,7 @@ ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url #================================================= # STORE SETTINGS FROM MANIFEST #================================================= -ynh_script_progression --message="Storing installation settings..." +ynh_script_progression --message="Storing installation settings..." --weight=1 ynh_app_setting_set --app=$app --key=domain --value=$domain ynh_app_setting_set --app=$app --key=path --value=$path_url @@ -59,7 +59,7 @@ ynh_setup_source --dest_dir="$final_path" #================================================= # NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Configuring NGINX web server..." +ynh_script_progression --message="Configuring NGINX web server..." --weight=1 # Create a dedicated NGINX config ynh_add_nginx_config @@ -101,12 +101,12 @@ chmod 700 $final_path/{data,tmp} #================================================= # SETUP SSOWAT #================================================= -ynh_script_progression --message="Configuring SSOwat..." +ynh_script_progression --message="Configuring permissions..." --weight=1 # If app is public, add url to SSOWat conf as skipped_uris if [ $is_public -eq 1 ]; then # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" + ynh_permission_update --permission="main" --add="visitors" else # If the app is private, viewing paste stays publicly accessible. # Modify the domain to be used in a regex diff --git a/scripts/remove b/scripts/remove index 4238aa0..5d1d855 100644 --- a/scripts/remove +++ b/scripts/remove @@ -40,7 +40,7 @@ ynh_remove_nginx_config #================================================= # REMOVE PHP-FPM CONFIGURATION #================================================= -ynh_script_progression --message="Removing PHP-FPM configuration" +ynh_script_progression --message="Removing PHP-FPM configuration" --weight=1 # Remove the dedicated PHP-FPM config ynh_remove_fpm_config @@ -50,7 +50,7 @@ ynh_remove_fpm_config #================================================= # REMOVE DEDICATED USER #================================================= -ynh_script_progression --message="Removing the dedicated system user" +ynh_script_progression --message="Removing the dedicated system user" --weight=2 # Delete a system user ynh_system_user_delete --username=$app diff --git a/scripts/upgrade b/scripts/upgrade index 0acb397..0a7ec94 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -89,7 +89,7 @@ fi #================================================= # NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Upgrading NGINX web server configuration..." +ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=1 # Create a dedicated NGINX config ynh_add_nginx_config @@ -127,23 +127,6 @@ mkdir -p $final_path/{data,tmp} chown -R $app:root $final_path/{data,tmp} chmod 700 $final_path/{data,tmp} -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Upgrading SSOwat configuration..." --weight=1 - -# If app is public, add url to SSOWat conf as skipped_uris -if [ $is_public -eq 1 ]; then - # unprotected_uris allows SSO credentials to be passed anyway. - ynh_app_setting_set --app=$app --key=unprotected_uris --value="/" -else - # If the app is private, viewing paste stays publicly accessible. - # Modify the domain to be used in a regex - domain_regex=$(echo "$domain" | sed 's@-@.@g') - ynh_app_setting_set --app=$app --key=protected_regex --value="$domain_regex$path_url/$" - ynh_app_setting_set --app=$app --key=unprotected_regex --value="$domain_regex$path_url/.*$" -fi - #================================================= # RELOAD NGINX #=================================================