From 347a733d011e23b5cc85425e66c57eacbe579e87 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Wed, 7 Mar 2018 21:03:01 +0100 Subject: [PATCH 1/6] Stretch fix Add disable-ssl to prevent a failure of shellinabox because of the reverse proxy without ssl. (Not tested on jessie) Still there's a problem, no login prompt are printed. The sysvinit script need to be tweaked to remove this fucking `-q` to see anything in syslog... --- conf/shellinabox | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/shellinabox b/conf/shellinabox index 5d0bbea..c5d47db 100644 --- a/conf/shellinabox +++ b/conf/shellinabox @@ -15,4 +15,4 @@ SHELLINABOX_PORT=__PORT__ # # Beeps are disabled because of reports of the VLC plugin crashing # Firefox on Linux/x86_64. -SHELLINABOX_ARGS="--no-beep --localhost-only" +SHELLINABOX_ARGS="--no-beep --localhost-only --disable-ssl" From 583328ef11e33feb43c1a5299b51c3a19790ad93 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Thu, 8 Mar 2018 00:17:00 +0100 Subject: [PATCH 2/6] Allow eval MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The blank page, instead of a login prompt, is linked to this error: `Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src https: 'unsafe-eval'”)` Maybe it's something about [this line](https://github.com/shellinabox/shellinabox/blob/d4bd77ca45a24befcd08f9046f450bd9eda8646b/shellinabox/shell_in_a_box.jspp#L200) The only way I found to fix that is to allow to use eval. --- conf/nginx.conf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/conf/nginx.conf b/conf/nginx.conf index 374702d..e172ad6 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -10,6 +10,9 @@ location __PATH__ { tcp_nodelay on; access_log off; + # Allow shellinabox to use 'eval' without blocking the execution. But keep a warning. + add_header Content-Security-Policy-Report-Only "script-src https: 'unsafe-eval'"; + # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; more_clear_input_headers 'Accept-Encoding'; From da26c309eb9993d349cb3684fac857c0a2a63d6e Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Thu, 8 Mar 2018 00:25:33 +0100 Subject: [PATCH 3/6] Allow shellinabox to log in syslog Why a fucking --quiet hidden in the sysvinit service! How are we suppose to know what doesn't work if there's no log! --- scripts/install | 4 ++++ scripts/restore | 4 ++++ 2 files changed, 8 insertions(+) diff --git a/scripts/install b/scripts/install index ef928f0..ff372d9 100644 --- a/scripts/install +++ b/scripts/install @@ -75,6 +75,10 @@ ynh_add_nginx_config cp ../conf/shellinabox /etc/default/shellinabox ynh_replace_string "__PORT__" "$port" "/etc/default/shellinabox" + +# Allow the service to log in syslog +ynh_replace_string " -- -q --background" " -- --background" "/etc/init.d/shellinabox" + systemctl restart shellinabox #================================================= diff --git a/scripts/restore b/scripts/restore index 2709165..e728df0 100644 --- a/scripts/restore +++ b/scripts/restore @@ -53,6 +53,10 @@ ynh_package_install shellinabox ynh_restore_file "/etc/shellinabox" ynh_restore_file "/etc/default/shellinabox" + +# Allow the service to log in syslog +ynh_replace_string " -- -q --background" " -- --background" "/etc/init.d/shellinabox" + systemctl restart shellinabox #================================================= From 49dd8bd6775c8ed1092be786097b17a4d5e26079 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Thu, 8 Mar 2018 00:51:15 +0100 Subject: [PATCH 4/6] systemctl daemon-reload --- scripts/install | 1 + scripts/restore | 1 + 2 files changed, 2 insertions(+) diff --git a/scripts/install b/scripts/install index ff372d9..be37296 100644 --- a/scripts/install +++ b/scripts/install @@ -78,6 +78,7 @@ ynh_replace_string "__PORT__" "$port" "/etc/default/shellinabox" # Allow the service to log in syslog ynh_replace_string " -- -q --background" " -- --background" "/etc/init.d/shellinabox" +systemctl daemon-reload systemctl restart shellinabox diff --git a/scripts/restore b/scripts/restore index e728df0..a54f2df 100644 --- a/scripts/restore +++ b/scripts/restore @@ -56,6 +56,7 @@ ynh_restore_file "/etc/default/shellinabox" # Allow the service to log in syslog ynh_replace_string " -- -q --background" " -- --background" "/etc/init.d/shellinabox" +systemctl daemon-reload systemctl restart shellinabox From f45338f69e84e1eb9aa3e714cd37e4d722f6dfda Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Wed, 11 Apr 2018 20:42:20 +0200 Subject: [PATCH 5/6] Add upgrade from a previous commit --- check_process | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/check_process b/check_process index f6eb3c3..a24dabf 100644 --- a/check_process +++ b/check_process @@ -11,6 +11,7 @@ setup_private=0 setup_public=0 upgrade=1 + upgrade=1 from_commit=a94b50de8b68501148fa90419ad3ea8e24c675e1 backup_restore=1 multi_instance=0 incorrect_path=1 @@ -31,3 +32,7 @@ ;;; Options Email= Notification=none +;;; Upgrade options + ; commit=a94b50de8b68501148fa90419ad3ea8e24c675e1 + name=Refactoring + manifest_arg=domain=DOMAIN&path=PATH& From 46052860d79debd79f05be79054efd86662a9eb8 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Tue, 17 Apr 2018 17:30:44 +0200 Subject: [PATCH 6/6] Allow the service to log in syslog also in upgrade --- scripts/upgrade | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/scripts/upgrade b/scripts/upgrade index 8815730..1b3aae2 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -59,3 +59,12 @@ ynh_add_nginx_config #================================================= systemctl reload nginx + +#================================================= +# ALLOW THE SERVICE TO LOG IN SYSLOG +#================================================= + +ynh_replace_string " -- -q --background" " -- --background" "/etc/init.d/shellinabox" +systemctl daemon-reload + +systemctl restart shellinabox