diff --git a/conf/x86-64.src b/conf/amd64.src similarity index 100% rename from conf/x86-64.src rename to conf/amd64.src diff --git a/conf/x86-64_7_0.src b/conf/amd64_7_0.src similarity index 100% rename from conf/x86-64_7_0.src rename to conf/amd64_7_0.src diff --git a/conf/arm.src b/conf/armhf.src similarity index 100% rename from conf/arm.src rename to conf/armhf.src diff --git a/conf/arm_7_0.src b/conf/armhf_7_0.src similarity index 100% rename from conf/arm_7_0.src rename to conf/armhf_7_0.src diff --git a/conf/seafile.service b/conf/seafile.service index ce082eb..8a5dbc1 100644 --- a/conf/seafile.service +++ b/conf/seafile.service @@ -10,5 +10,32 @@ ExecStop=/opt/yunohost/__APP__/seafile-server-latest/seafile.sh stop User=__APP__ Group=__APP__ +# Sandboxing options to harden security +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap + +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG + [Install] WantedBy=multi-user.target diff --git a/conf/seahub.service b/conf/seahub.service index 554e133..c161407 100644 --- a/conf/seahub.service +++ b/conf/seahub.service @@ -9,5 +9,32 @@ ExecStop=/opt/yunohost/__APP__/seafile-server-latest/seahub.sh stop User=__APP__ Group=__APP__ +# Sandboxing options to harden security +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap + +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG + [Install] WantedBy=multi-user.target diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md new file mode 100644 index 0000000..22fcfa9 --- /dev/null +++ b/doc/DESCRIPTION.md @@ -0,0 +1,3 @@ +Seafile is an open Source Cloud Storage application. + +It's a Enterprise file sync and share platform with high reliability and performance. It's a file hosting platform with high reliability and performance. Put files on your own server. Sync and share files across different devices, or access all the files as a virtual disk. diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md new file mode 100644 index 0000000..21af89a --- /dev/null +++ b/doc/DISCLAIMER.md @@ -0,0 +1,100 @@ +### Multi-users support + +This app support LDAP and the SSO authentification. + +If you have Seafile installed before 7.x and you have more than one domain for users in Yunohost or Seafile app is installed on a different domain, you need to migrate your accounts. +You can use the provided action at https://domain.tld/yunohost/admin/#/apps/seafile/actions. You can also use this following command to migrate all of your accounts: +``` +yunohost app action run seafile migrate_user_email_to_mail_email +``` +See [issue#44](https://github.com/YunoHost-Apps/seafile_ynh/issues/44) +for more information. + +### Supported architectures + +Since seafile 6.3 the i386 architecture is no more supported. + +Seafile don't distribute binary for generic armhf architectures but rpi binary generally work on all arm board. + +* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/seafile%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/seafile/) +* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/seafile%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/seafile/) + + + +Additional informations +----------------------- + +### Links + + * Report a bug: https://github.com/YunoHost-Apps/seafile_ynh/issues + * App website: https://www.seafile.com + * YunoHost website: https://yunohost.org/ + +--- + +### Install + +From command line: + +`yunohost app install seafile` + +### Upgrade + +By default a backup is made before the upgrade. To avoid this you have theses following possibilites: +- Pass the `NO_BACKUP_UPGRADE` env variable with `1` at each upgrade. By example `NO_BACKUP_UPGRADE=1 yunohost app upgrade synapse`. +- Set the settings `disable_backup_before_upgrade` to `1`. You can set this with this command: + +`yunohost app setting synapse disable_backup_before_upgrade -v 1` + +After this settings will be applied for **all** next upgrade. + +From command line: + +`yunohost app upgrade seafile` + +### Backup + +This app use now the core-only feature of the backup. To keep the integrity of the data and to have a better guarantee of the restoration is recommended to proceed like this: + +- Stop seafile service with theses following command: + +`systemctl stop seafile.service seahub.service` + +- Launch the backup of seafile with this following command: + +`yunohost backup create --app seafile` + +- Do a backup of your data with your specific strategy (could be with rsync, borg backup or just cp). The data is stored in `/home/yunohost.app/seafile-data`. +- Restart the seafile service with theses command: + +`systemctl start seafile.service seahub.service` + +### Remove + +Due of the backup core only feature the data directory in `/home/yunohost.app/seafile-data` **is not removed**. It need to be removed manually to purge app user data. + +### Change URL + +Since now it's possible to change domain or the url of seafile. + +To do this run : `yunohost app change-url seafile -d new_domain.tld -p PATH new_path` + +Developers infos +---------------- + +Please do your pull request to the [testing branch](https://github.com/YunoHost-Apps/seafile_ynh/tree/testing). + +To try the testing branch, please proceed like that. +``` +sudo yunohost app install https://github.com/YunoHost-Apps/seafile_ynh/tree/testing --debug +or +sudo yunohost app upgrade seafile -u https://github.com/YunoHost-Apps/seafile_ynh/tree/testing --debug +``` + +TODO +---- + +- Find a way to fix the issue https://github.com/YunoHost-Apps/seafile_ynh/issues/5 diff --git a/doc/screenshots/access-logs.jpg b/doc/screenshots/access-logs.jpg new file mode 100644 index 0000000..e3d588b Binary files /dev/null and b/doc/screenshots/access-logs.jpg differ diff --git a/doc/screenshots/drive-client.png b/doc/screenshots/drive-client.png new file mode 100644 index 0000000..9996dd2 Binary files /dev/null and b/doc/screenshots/drive-client.png differ diff --git a/doc/screenshots/file-history.png b/doc/screenshots/file-history.png new file mode 100644 index 0000000..969734e Binary files /dev/null and b/doc/screenshots/file-history.png differ diff --git a/doc/screenshots/file-locking.jpg b/doc/screenshots/file-locking.jpg new file mode 100644 index 0000000..48eff4b Binary files /dev/null and b/doc/screenshots/file-locking.jpg differ diff --git a/doc/screenshots/mobile-ios-client.jpg b/doc/screenshots/mobile-ios-client.jpg new file mode 100644 index 0000000..7a8c798 Binary files /dev/null and b/doc/screenshots/mobile-ios-client.jpg differ diff --git a/doc/screenshots/sharing-dialog.png b/doc/screenshots/sharing-dialog.png new file mode 100644 index 0000000..b299201 Binary files /dev/null and b/doc/screenshots/sharing-dialog.png differ diff --git a/doc/screenshots/sync-client.jpg b/doc/screenshots/sync-client.jpg new file mode 100644 index 0000000..f514cb9 Binary files /dev/null and b/doc/screenshots/sync-client.jpg differ diff --git a/doc/screenshots/wiki_en.png b/doc/screenshots/wiki_en.png new file mode 100644 index 0000000..8fff575 Binary files /dev/null and b/doc/screenshots/wiki_en.png differ diff --git a/manifest.json b/manifest.json index e20cb91..55eb835 100644 --- a/manifest.json +++ b/manifest.json @@ -4,6 +4,13 @@ "packaging_format": 1, "license": "AGPL-3.0,Apache-2.0,MIT,GPL-2.0", "url": "https://www.seafile.com", + "upstream": { + "license": "free", + "website": "https://www.seafile.com", + "demo": "https://demo.seafile.com", + "admindoc": "https://manual.seafile.com", + "code": "https://github.com/haiwen/seafile-server" + }, "version": "9.0.2~ynh1", "description": { "en": "Open Source Cloud Storage", @@ -23,27 +30,17 @@ "mysql" ], "requirements": { - "yunohost": ">= 4.1" + "yunohost": ">= 4.3" }, "arguments": { "install": [ { "name": "domain", - "type": "domain", - "ask": { - "en": "Choose a domain for Seafile", - "fr": "Choisissez un domaine pour Seafile" - }, - "example": "domain.org" + "type": "domain" }, { "name": "path", "type": "path", - "ask": { - "en": "Choose a path for Seafile", - "fr": "Choisissez un chemin pour Seafile" - }, - "example": "/seafile", "default": "/seafile" }, { @@ -58,12 +55,7 @@ }, { "name": "admin", - "type": "user", - "ask": { - "en": "Choose the admin user for Seafile", - "fr": "Choisissez l'administrateur de Seafile" - }, - "example": "johndoe" + "type": "user" }, { "name": "admin_password", @@ -71,16 +63,11 @@ "ask": { "en": "Enter a password for the administrator", "fr": "Entrez un mot de passe pour l'administrateur" - }, - "example": "**Sup3rS3cr3t**" + } }, { "name": "is_public", "type": "boolean", - "ask": { - "en": "Is it a public site ? If you want to use a desktop client or the smartphone app, make Seafile public.", - "fr": "Est-ce un site public ? Pour utiliser un client sur PC ou l'application mobile, Seafile doit être public" - }, "help": { "en": "If it's not public, everybody which want to access to any page of seafile need to be authenticated on the SSO. On the public mode anybody can access to the authentication page. The shared link will be olso accessible by anybody who has this link.", "fr": "Si n'est pas publique, n'importe qui veux accéder à n'importe quelle page de seafile doit être authentifié dans le SSO. Dans le mode publique n'importe qui peut accéder à la page d'authentification de seafile. Les liens partagé seront aussi accessible par n'import qui qui à ce liens." diff --git a/scripts/_common.sh b/scripts/_common.sh index acbec8d..aef1da2 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -10,21 +10,21 @@ app=$YNH_APP_INSTANCE_NAME install_source() { mkdir "$final_path/seafile-server-$seafile_version" - if [[ $architecture == "i386" ]] + if [ $YNH_ARCH == "i386" ] || [ $YNH_ARCH == "armel" ] then ynh_die --message "Error : this architecture is no longer supported by the upstream. Please create en issue here : https://github.com/YunoHost-Apps/seafile_ynh/issues to ask to discuss about a support of this architecture" fi - ynh_setup_source "$final_path/seafile-server-$seafile_version" "$architecture" + ynh_setup_source "$final_path/seafile-server-$seafile_version" "$YNH_ARCH" } install_source_7_0() { if ! [ -e $final_path/seafile-server-7.0.5 ]; then mkdir "$final_path/seafile-server-7.0.5" - if [[ $architecture == "i386" ]] + if [ $YNH_ARCH == "i386" ] || [ $YNH_ARCH == "armel" ] then ynh_die --message "Error : this architecture is no longer supported by the upstream. Please create en issue here : https://github.com/YunoHost-Apps/seafile_ynh/issues to ask to discuss about a support of this architecture" fi - ynh_setup_source "$final_path/seafile-server-7.0.5" "$architecture"_7_0 + ynh_setup_source "$final_path/seafile-server-7.0.5" "$YNH_ARCH"_7_0 fi } diff --git a/scripts/experimental_helper.sh b/scripts/experimental_helper.sh index 6df5480..717906f 100644 --- a/scripts/experimental_helper.sh +++ b/scripts/experimental_helper.sh @@ -1,29 +1,3 @@ - -# Check the architecture -# -# example: architecture=$(ynh_detect_arch) -# -# usage: ynh_detect_arch -# -# Requires YunoHost version 2.2.4 or higher. - -ynh_detect_arch(){ - local architecture - if [ -n "$(uname -m | grep arm64)" ] || [ -n "$(uname -m | grep aarch64)" ]; then - architecture="arm64" - elif [ -n "$(uname -m | grep 64)" ]; then - architecture="x86-64" - elif [ -n "$(uname -m | grep 86)" ]; then - architecture="i386" - elif [ -n "$(uname -m | grep arm)" ]; then - architecture="arm" - else - architecture="unknown" - fi - echo $architecture -} - - # Add swap # # usage: ynh_add_swap --size=SWAP in Mb diff --git a/scripts/install b/scripts/install index c0f40bb..0aabce2 100644 --- a/scripts/install +++ b/scripts/install @@ -27,7 +27,6 @@ final_path=/opt/yunohost/$app seafile_user=$app admin_password=$YNH_APP_ARG_ADMIN_PASSWORD seafile_version=$(ynh_app_upstream_version) -architecture=$(ynh_detect_arch) # Create special path with / at the end if [[ $path_url == '/' ]] diff --git a/scripts/restore b/scripts/restore index 60adb58..c219717 100644 --- a/scripts/restore +++ b/scripts/restore @@ -24,10 +24,6 @@ db_pwd=$(ynh_app_setting_get --app $app --key mysqlpwd) final_path=$(ynh_app_setting_get --app $app --key final_path) seafile_version=$(ynh_app_upstream_version) seafile_user=$app -architecture=$(ynh_detect_arch) - -# Check domain/path availability -ynh_webpath_available --domain $domain --path_url $path_url || ynh_die --message "$domain/$path_url is not available, please use an other domain or path." #================================================= # STANDARD RESTORATION STEPS diff --git a/scripts/upgrade b/scripts/upgrade index 5d6774b..638f45b 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -27,7 +27,6 @@ seafile_user=$app seafile_data=/home/yunohost.app/seafile-data installed_version=${YNH_APP_CURRENT_VERSION/~ynh*/} seafile_version=$(ynh_app_upstream_version) -architecture=$(ynh_detect_arch) if [ "$YNH_APP_CURRENT_VERSION" == '-' ]; then YNH_APP_CURRENT_VERSION="6.0.9~ynh0"