Fix linter

conf/seafile.service

@@ -10,5 +10,32 @@ ExecStop=/opt/yunohost/__APP__/seafile-server-latest/seafile.sh stop
 User=__APP__
 Group=__APP__
 
+# Sandboxing options to harden security
+# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+DevicePolicy=closed
+ProtectSystem=full
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+LockPersonality=yes
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
+
+# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
+CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
+CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
+CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
+CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
+CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
+CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
+CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
+CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
+
 [Install]
 WantedBy=multi-user.target

conf/seahub.service

@@ -9,5 +9,32 @@ ExecStop=/opt/yunohost/__APP__/seafile-server-latest/seahub.sh stop
 User=__APP__
 Group=__APP__
 
+# Sandboxing options to harden security
+# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+NoNewPrivileges=yes
+PrivateTmp=yes
+PrivateDevices=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
+RestrictNamespaces=yes
+RestrictRealtime=yes
+DevicePolicy=closed
+ProtectSystem=full
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+LockPersonality=yes
+SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap
+
+# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html
+CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD
+CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE
+CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT
+CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK
+CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM
+CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
+CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE
+CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW
+CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG
+
 [Install]
 WantedBy=multi-user.target

doc/DESCRIPTION.md

@@ -0,0 +1,3 @@
+Seafile is an open Source Cloud Storage application.
+
+It's a Enterprise file sync and share platform with high reliability and performance. It's a file hosting platform with high reliability and performance. Put files on your own server. Sync and share files across different devices, or access all the files as a virtual disk.

doc/DISCLAIMER.md

@@ -0,0 +1,100 @@
+### Multi-users support
+
+This app support LDAP and the SSO authentification.
+
+If you have Seafile installed before 7.x and you have more than one domain for users in Yunohost or Seafile app is installed on a different domain, you need to migrate your accounts.
+You can use the provided action at https://domain.tld/yunohost/admin/#/apps/seafile/actions. You can also use this following command to migrate all of your accounts:
+```
+yunohost app action run seafile migrate_user_email_to_mail_email
+```
+See [issue#44](https://github.com/YunoHost-Apps/seafile_ynh/issues/44)
+for more information.
+
+### Supported architectures
+
+Since seafile 6.3 the i386 architecture is no more supported.
+
+Seafile don't distribute binary for generic armhf architectures but rpi binary generally work on all arm board.
+
+* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/seafile%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/seafile/)
+* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/seafile%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/seafile/)
+
+<!--Limitations
+------------
+
+* Any known limitations.-->
+
+Additional informations
+-----------------------
+
+### Links
+
+ * Report a bug: https://github.com/YunoHost-Apps/seafile_ynh/issues
+ * App website: https://www.seafile.com
+ * YunoHost website: https://yunohost.org/
+
+---
+
+### Install
+
+From command line:
+
+`yunohost app install seafile`
+
+### Upgrade
+
+By default a backup is made before the upgrade. To avoid this you have theses following possibilites:
+- Pass the `NO_BACKUP_UPGRADE` env variable with `1` at each upgrade. By example `NO_BACKUP_UPGRADE=1 yunohost app upgrade synapse`.
+- Set the settings `disable_backup_before_upgrade` to `1`. You can set this with this command:
+
+`yunohost app setting synapse disable_backup_before_upgrade -v 1`
+
+After this settings will be applied for **all** next upgrade.
+
+From command line:
+
+`yunohost app upgrade seafile`
+
+### Backup
+
+This app use now the core-only feature of the backup. To keep the integrity of the data and to have a better guarantee of the restoration is recommended to proceed like this:
+
+- Stop seafile service with theses following command:
+
+`systemctl stop seafile.service seahub.service`
+
+- Launch the backup of seafile with this following command:
+
+`yunohost backup create --app seafile`
+
+- Do a backup of your data with your specific strategy (could be with rsync, borg backup or just cp). The data is stored in `/home/yunohost.app/seafile-data`.
+- Restart the seafile service with theses command:
+
+`systemctl start seafile.service seahub.service`
+
+### Remove
+
+Due of the backup core only feature the data directory in `/home/yunohost.app/seafile-data` **is not removed**. It need to be removed manually to purge app user data.
+
+### Change URL
+
+Since now it's possible to change domain or the url of seafile.
+
+To do this run : `yunohost app change-url seafile -d new_domain.tld -p PATH new_path`
+
+Developers infos
+----------------
+
+Please do your pull request to the [testing branch](https://github.com/YunoHost-Apps/seafile_ynh/tree/testing).
+
+To try the testing branch, please proceed like that.
+```
+sudo yunohost app install https://github.com/YunoHost-Apps/seafile_ynh/tree/testing --debug
+or
+sudo yunohost app upgrade seafile -u https://github.com/YunoHost-Apps/seafile_ynh/tree/testing --debug
+```
+
+TODO
+----
+
+- Find a way to fix the issue https://github.com/YunoHost-Apps/seafile_ynh/issues/5

manifest.json

@@ -4,6 +4,13 @@
     "packaging_format": 1,
     "license": "AGPL-3.0,Apache-2.0,MIT,GPL-2.0",
     "url": "https://www.seafile.com",
+    "upstream": {
+        "license": "free",
+        "website": "https://www.seafile.com",
+        "demo": "https://demo.seafile.com",
+        "admindoc": "https://manual.seafile.com",
+        "code": "https://github.com/haiwen/seafile-server"
+    },
     "version": "9.0.2~ynh1",
     "description": {
         "en": "Open Source Cloud Storage",
@@ -23,27 +30,17 @@
         "mysql"
     ],
     "requirements": {
-        "yunohost": ">= 4.1"
+        "yunohost": ">= 4.3"
     },
     "arguments": {
         "install": [
             {
                 "name": "domain",
-                "type": "domain",
+                "type": "domain"
-                "ask": {
-                    "en": "Choose a domain for Seafile",
-                    "fr": "Choisissez un domaine pour Seafile"
-                },
-                "example": "domain.org"
             },
             {
                 "name": "path",
                 "type": "path",
-                "ask": {
-                    "en": "Choose a path for Seafile",
-                    "fr": "Choisissez un chemin pour Seafile"
-                },
-                "example": "/seafile",
                 "default": "/seafile"
             },
             {
@@ -58,12 +55,7 @@
             },
             {
                 "name": "admin",
-                "type": "user",
+                "type": "user"
-                "ask": {
-                    "en": "Choose the admin user for Seafile",
-                    "fr": "Choisissez l'administrateur de Seafile"
-                },
-                "example": "johndoe"
             },
             {
                 "name": "admin_password",
@@ -71,16 +63,11 @@
                 "ask": {
                     "en": "Enter a password for the administrator",
                     "fr": "Entrez un mot de passe pour l'administrateur"
-                },
+                }
-                "example": "**Sup3rS3cr3t**"
             },
             {
                 "name": "is_public",
                 "type": "boolean",
-                "ask": {
-                    "en": "Is it a public site ? If you want to use a desktop client or the smartphone app, make Seafile public.",
-                    "fr": "Est-ce un site public ? Pour utiliser un client sur PC ou l'application mobile, Seafile doit être public"
-                },
                 "help": { 
                     "en": "If it's not public, everybody which want to access to any page of seafile need to be authenticated on the SSO. On the public mode anybody can access to the authentication page. The shared link will be olso accessible by anybody who has this link.",
                     "fr": "Si n'est pas publique, n'importe qui veux accéder à n'importe quelle page de seafile doit être authentifié dans le SSO. Dans le mode publique n'importe qui peut accéder à la page d'authentification de seafile. Les liens partagé seront aussi accessible par n'import qui qui à ce liens."

scripts/_common.sh

@@ -10,21 +10,21 @@ app=$YNH_APP_INSTANCE_NAME
 
 install_source() {
     mkdir "$final_path/seafile-server-$seafile_version"
-    if [[ $architecture == "i386" ]]
+    if [ $YNH_ARCH == "i386" ] || [ $YNH_ARCH == "armel" ]
     then
         ynh_die --message "Error : this architecture is no longer supported by the upstream. Please create en issue here : https://github.com/YunoHost-Apps/seafile_ynh/issues to ask to discuss about a support of this architecture"
     fi
-    ynh_setup_source "$final_path/seafile-server-$seafile_version" "$architecture"
+    ynh_setup_source "$final_path/seafile-server-$seafile_version" "$YNH_ARCH"
 }
 
 install_source_7_0() {
     if ! [ -e $final_path/seafile-server-7.0.5 ]; then
         mkdir "$final_path/seafile-server-7.0.5"
-        if [[ $architecture == "i386" ]]
+        if [ $YNH_ARCH == "i386" ] || [ $YNH_ARCH == "armel" ]
         then
             ynh_die --message "Error : this architecture is no longer supported by the upstream. Please create en issue here : https://github.com/YunoHost-Apps/seafile_ynh/issues to ask to discuss about a support of this architecture"
         fi
-        ynh_setup_source "$final_path/seafile-server-7.0.5" "$architecture"_7_0
+        ynh_setup_source "$final_path/seafile-server-7.0.5" "$YNH_ARCH"_7_0
     fi
 }
 

scripts/experimental_helper.sh

@@ -1,29 +1,3 @@
-
-# Check the architecture
-#
-# example: architecture=$(ynh_detect_arch)
-#
-# usage: ynh_detect_arch
-#
-# Requires YunoHost version 2.2.4 or higher.
-
-ynh_detect_arch(){
-	local architecture
-	if [ -n "$(uname -m | grep arm64)" ] || [ -n "$(uname -m | grep aarch64)" ]; then
-		architecture="arm64"
-	elif [ -n "$(uname -m | grep 64)" ]; then
-		architecture="x86-64"
-	elif [ -n "$(uname -m | grep 86)" ]; then
-		architecture="i386"
-	elif [ -n "$(uname -m | grep arm)" ]; then
-		architecture="arm"
-	else
-		architecture="unknown"
-	fi
-	echo $architecture
-}
-
-
 # Add swap
 #
 # usage: ynh_add_swap --size=SWAP in Mb

scripts/install

@@ -27,7 +27,6 @@ final_path=/opt/yunohost/$app
 seafile_user=$app
 admin_password=$YNH_APP_ARG_ADMIN_PASSWORD
 seafile_version=$(ynh_app_upstream_version)
-architecture=$(ynh_detect_arch)
 
 # Create special path with / at the end
 if [[ $path_url == '/' ]]

scripts/restore

@@ -24,10 +24,6 @@ db_pwd=$(ynh_app_setting_get --app $app --key mysqlpwd)
 final_path=$(ynh_app_setting_get --app $app --key final_path)
 seafile_version=$(ynh_app_upstream_version)
 seafile_user=$app
-architecture=$(ynh_detect_arch)
-
-# Check domain/path availability
-ynh_webpath_available --domain $domain --path_url $path_url || ynh_die --message "$domain/$path_url is not available, please use an other domain or path."
 
 #=================================================
 # STANDARD RESTORATION STEPS

scripts/upgrade

@@ -27,7 +27,6 @@ seafile_user=$app
 seafile_data=/home/yunohost.app/seafile-data
 installed_version=${YNH_APP_CURRENT_VERSION/~ynh*/}
 seafile_version=$(ynh_app_upstream_version)
-architecture=$(ynh_detect_arch)
 
 if [ "$YNH_APP_CURRENT_VERSION" == '-' ]; then
     YNH_APP_CURRENT_VERSION="6.0.9~ynh0"