From 26e325edddd89a30c5fa21e44f75461f2bacf097 Mon Sep 17 00:00:00 2001 From: Fabian Wilkens Date: Sun, 8 Aug 2021 10:03:44 +0200 Subject: [PATCH 1/7] Update: snweb to latest version -> 3.8.18 --- manifest.json | 2 +- scripts/_common.sh | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/manifest.json b/manifest.json index 95787d9..4df435e 100644 --- a/manifest.json +++ b/manifest.json @@ -5,7 +5,7 @@ "description": { "en": "The Standard Notes Web App. An end-to-end encrypted note-taking app. Web, Mac, Windows, Linux, iOS, and Android." }, - "version": "3.6.8~ynh2", + "version": "3.8.18~ynh1", "url": "https://github.com/standardnotes/web", "upstream": { "license": "AGPL-3.0-or-later", diff --git a/scripts/_common.sh b/scripts/_common.sh index 366f9fe..196d60c 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -17,7 +17,7 @@ RUBY_VERSION="2.7.3" NODEJS_VERSION="15.11.0" SOURCE="https://github.com/standardnotes/web" -COMMIT="bc855b0a1722d2f4ac534ea4d4035299acb7a40a" +COMMIT="6408941c07effefc99c6622a8e599d1cab98cd09" #================================================= # PERSONAL HELPERS From f33df0209abc9722b6868afeb2278f5287c6d2e5 Mon Sep 17 00:00:00 2001 From: Fabian Wilkens Date: Sun, 8 Aug 2021 10:22:32 +0200 Subject: [PATCH 2/7] Update: scripts, conf files --- conf/env.sample | 30 +++++++++++++++----------- scripts/change_url | 9 ++++++-- scripts/install | 20 ++++++----------- scripts/upgrade | 53 ++++++++++++---------------------------------- 4 files changed, 45 insertions(+), 67 deletions(-) diff --git a/conf/env.sample b/conf/env.sample index 120447c..f911665 100644 --- a/conf/env.sample +++ b/conf/env.sample @@ -1,22 +1,28 @@ -RAILS_ENV=development -PORT=3001 +RAILS_ENV=production +PORT=__PORT__ WEB_CONCURRENCY=0 RAILS_LOG_TO_STDOUT=true +# Log Level options: "INFO" | "DEBUG" | "INFO" | "WARN" | "ERROR" | "FATAL" +RAILS_LOG_LEVEL=INFO RAILS_SERVE_STATIC_FILES=true -SECRET_KEY_BASE=test -APP_HOST=http://localhost:3001 +SECRET_KEY_BASE=__SECRET_KEY_BASE__ +APP_HOST=http://__DOMAIN____PATH__/ EXTENSIONS_MANAGER_LOCATION=extensions/extensions-manager/dist/index.html -BATCH_MANAGER_LOCATION=extensions/batch-manager/dist/index.min.html -SF_DEFAULT_SERVER=http://localhost:3000 - -# Datadog -DATADOG_ENABLED=false +SF_DEFAULT_SERVER=https://__SNSERVER_DOMAIN__/ # Development options -DEV_DEFAULT_SYNC_SERVER=https://sync.standardnotes.org +DEV_DEFAULT_SYNC_SERVER=https://api.standardnotes.org DEV_EXTENSIONS_MANAGER_LOCATION=public/extensions/extensions-manager/dist/index.html -DEV_BATCH_MANAGER_LOCATION=public/extensions/batch-manager/dist/index.min.html +ENABLE_UNFINISHED_FEATURES=false +DEV_WEBSOCKET_URL=wss://sockets-dev.standardnotes.com + +# NewRelic (Optional) +NEW_RELIC_ENABLED=false +NEW_RELIC_THREAD_PROFILER_ENABLED=false +NEW_RELIC_LICENSE_KEY= +NEW_RELIC_APP_NAME=Web +NEW_RELIC_BROWSER_MONITORING_AUTO_INSTRUMENT=false # Sub-URI -RAILS_RELATIVE_URL_ROOT=/ +RAILS_RELATIVE_URL_ROOT=__PATH__/ diff --git a/scripts/change_url b/scripts/change_url index e309997..09bfb4d 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -29,6 +29,8 @@ ynh_script_progression --message="Loading installation settings..." --weight=1 # Needed for helper "ynh_add_nginx_config" final_path=$(ynh_app_setting_get --app=$app --key=final_path) port=$(ynh_app_setting_get --app=$app --key=port) +snserver_domain=$(ynh_app_setting_get --app=$app --key=snserver_domain) +secret_key_base=$(ynh_app_setting_get --app=$app --key=secret_key_base) #================================================= # BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP @@ -106,8 +108,11 @@ fi #================================================= config_file="$final_path/live/.env" -ynh_replace_string --match_string="APP_HOST=http://localhost:3001" --replace_string="APP_HOST=https://$new_domain${new_path%/}" --target_file="$config_file" -ynh_replace_string --match_string="RAILS_RELATIVE_URL_ROOT=$old_path" --replace_string="RAILS_RELATIVE_URL_ROOT=$new_path" --target_file="$config_file" + +domain=$new_domain +path_url=$new_path + +ynh_add_config --template="env.sample" --destination="$config_file" #================================================= # GENERIC FINALISATION diff --git a/scripts/install b/scripts/install index c8bd49a..677b9db 100644 --- a/scripts/install +++ b/scripts/install @@ -28,6 +28,9 @@ domain=$YNH_APP_ARG_DOMAIN path_url=$YNH_APP_ARG_PATH is_public=$YNH_APP_ARG_IS_PUBLIC snserver_domain=$YNH_APP_ARG_SNSERVER_DOMAIN +if [ -z "$snserver_domain" ]; then + snserver_domain="api.standardnotes.com" +fi app=$YNH_APP_INSTANCE_NAME @@ -141,22 +144,11 @@ popd ynh_script_progression --message="Adding a configuration file..." --weight=1 config_file="$final_path/live/.env" -cp -f ../conf/env.sample $config_file +secret_key_base=$(ynh_string_random --length=48 | base64) -ynh_replace_string --match_string="RAILS_ENV=development" --replace_string="RAILS_ENV=production" --target_file="$config_file" -ynh_replace_string --match_string="PORT=3001" --replace_string="PORT=$port" --target_file="$config_file" -secret_key=$(ynh_string_random --length=48 | base64) -ynh_replace_string --match_string="SECRET_KEY_BASE=test" --replace_string="SECRET_KEY_BASE=$secret_key" --target_file="$config_file" -ynh_replace_string --match_string="APP_HOST=http://localhost:3001" --replace_string="APP_HOST=https://$domain${path_url%/}" --target_file="$config_file" -if [ "$snserver_domain" = "" ]; then - snserver_domain="sync.standardnotes.org" -fi -ynh_replace_string --match_string="SF_DEFAULT_SERVER=http://localhost:3000" --replace_string="SF_DEFAULT_SERVER=https://$snserver_domain" --target_file="$config_file" -ynh_replace_string --match_string="RAILS_RELATIVE_URL_ROOT=.*$" --replace_string="RAILS_RELATIVE_URL_ROOT=$path_url" --target_file="$config_file" +ynh_app_setting_set --app=$app --key=secret_key_base --value=$secret_key_base -# Calculate and store the config file checksum into the app settings -ynh_store_file_checksum --file="$config_file" -ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_add_config --template="env.sample" --destination="$config_file" #================================================= # BUILDING diff --git a/scripts/upgrade b/scripts/upgrade index 99bc95f..737bb1e 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -22,6 +22,7 @@ path_url=$(ynh_app_setting_get --app=$app --key=path) final_path=$(ynh_app_setting_get --app=$app --key=final_path) port=$(ynh_app_setting_get --app=$app --key=port) snserver_domain=$(ynh_app_setting_get --app=$app --key=snserver_domain) +secret_key_base=$(ynh_app_setting_get --app=$app --key=secret_key_base) config_file="$final_path/live/.env" @@ -73,21 +74,12 @@ if [ -z "$final_path" ]; then ynh_app_setting_set --app=$app --key=final_path --value=$final_path fi -if ynh_compare_current_package_version --comparison lt --version "3.6.8~ynh2" -then - # Add variables to .env config file - echo -e "\ -\n# Sub-URI\ -\nRAILS_RELATIVE_URL_ROOT=/\ -" >> "$config_file" +if [ -z "$snserver_domain" ]; then + snserver_domain="api.standardnotes.com" +fi - # Apply Patch - if [ -f "$YNH_CWD/../sources/patches/app-00-add-path-url.patch" ] - then - pushd "$final_path/live" - patch --strip=1 < "$YNH_CWD/../sources/patches/app-00-add-path-url.patch" - popd - fi +if [ -z "$secret_key_base" ]; then + secret_key_base=$(ynh_string_random --length=48 | base64) fi #================================================= @@ -106,11 +98,6 @@ if [ "$upgrade_type" == "UPGRADE_APP" ] then ynh_script_progression --message="Upgrading source files..." --weight=17 - # Backup files to keep - tmpdir=$(mktemp -d) - if [ -d $final_path/live/log ] ; then - cp -Rp $final_path/live/log $tmpdir - fi # Remove destination directory ynh_secure_remove --file=$final_path # Download @@ -120,9 +107,12 @@ then git checkout $COMMIT --quiet git submodule update --init --recursive --quiet popd - # Restore files - if [ -d $tmpdir/log ] ; then - cp -Rp $tmpdir/log "$final_path/live" + # Apply Patch + if [ -f "$YNH_CWD/../sources/patches/app-00-add-path-url.patch" ] + then + pushd "$final_path/live" + patch --strip=1 < "$YNH_CWD/../sources/patches/app-00-add-path-url.patch" + popd fi fi @@ -173,24 +163,9 @@ popd # UPDATE A CONFIG FILE #================================================= -if [ "$upgrade_type" == "UPGRADE_APP" ] -then - ynh_script_progression --message="Updating a configuration file..." --weight=2 +ynh_script_progression --message="Updating a configuration file..." --weight=2 - cp -f ../conf/env.sample $config_file - ynh_replace_string --match_string="RAILS_ENV=development" --replace_string="RAILS_ENV=production" --target_file="$config_file" - ynh_replace_string --match_string="PORT=3001" --replace_string="PORT=$port" --target_file="$config_file" - secret_key=$(ynh_string_random --length=48 | base64) - ynh_replace_string --match_string="SECRET_KEY_BASE=test" --replace_string="SECRET_KEY_BASE=$secret_key" --target_file="$config_file" - ynh_replace_string --match_string="APP_HOST=http://localhost:3001" --replace_string="APP_HOST=https://$domain${path_url%/}" --target_file="$config_file" - if [ "$snserver_domain" = "" ]; then - snserver_domain="sync.standardnotes.org" - fi - ynh_replace_string --match_string="SF_DEFAULT_SERVER=http://localhost:3000" --replace_string="SF_DEFAULT_SERVER=https://$snserver_domain" --target_file="$config_file" -fi - -ynh_store_file_checksum --file="$config_file" -ynh_store_file_checksum --file="/etc/nginx/conf.d/$domain.d/$app.conf" +ynh_add_config --template="env.sample" --destination="$config_file" #================================================= # BUILDING From 674729454fa59c36b1fd38d359db6e8c156cd480 Mon Sep 17 00:00:00 2001 From: Fabian Wilkens Date: Sun, 8 Aug 2021 10:23:58 +0200 Subject: [PATCH 3/7] Update: systemd.service security --- conf/systemd.service | 32 +++++++++++++++++++++++++++++--- 1 file changed, 29 insertions(+), 3 deletions(-) diff --git a/conf/systemd.service b/conf/systemd.service index 9725efa..1f22676 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -10,9 +10,35 @@ EnvironmentFile=__FINALPATH__/live/.env WorkingDirectory=__FINALPATH__/live/ ExecStart=__RBENV_INSTALL_DIR__/versions/__APP__/bin/bundle exec puma -C config/puma.rb -p __PORT__ -e production StandardOutput=append:/var/log/__APP__/snweb.log -StandardError=append:/var/log/__APP__/snweb.log -SyslogIdentifier=__APP__ +StandardError=inherit Restart=always +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG + [Install] -WantedBy=multi-user.target +WantedBy=default.target From 39036f986f5c4677038eef1272eeb2e9a06673ec Mon Sep 17 00:00:00 2001 From: Fabian Wilkens Date: Sun, 8 Aug 2021 10:25:21 +0200 Subject: [PATCH 4/7] Update: DISCLAMER.md --- doc/DISCLAIMER.md | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md index bf01b58..7711f9a 100644 --- a/doc/DISCLAIMER.md +++ b/doc/DISCLAIMER.md @@ -4,9 +4,8 @@ * The app requires at least 80MB of RAM to work properly. * The app requires around 1000MB of disk. * A dedicated domain is requierd if you want to use extensions. - notes.your-domain.tld/ -> Extension Manager is working - your-domain.tld/notes/ -> Extension Manager is not working + * notes.your-domain.tld/ -> Extension Manager is working + * your-domain.tld/notes/ -> Extension Manager is not working * Other infos that people should be aware of, such as: * The config-file is stored under "/opt/yunohost/$app/live/.env" - * You can find additional config features under https://your-domain.tld/yunohost/admin/#/apps/$app/config-panel From d2b57158fd521a5c155d04f556aa9521986b7961 Mon Sep 17 00:00:00 2001 From: Yunohost-Bot <> Date: Sun, 8 Aug 2021 08:26:29 +0000 Subject: [PATCH 5/7] Auto-update README --- README.md | 7 +++---- README_fr.md | 7 +++---- 2 files changed, 6 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index ab78ebc..d98c94d 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in The Standard Notes Web App. An end-to-end encrypted note-taking app. Web, Mac, Windows, Linux, iOS, and Android. -**Shipped version:** 3.6.8~ynh2 +**Shipped version:** 3.8.18~ynh1 **Demo:** https://standardnotes.org/demo @@ -33,12 +33,11 @@ The Standard Notes Web App. An end-to-end encrypted note-taking app. Web, Mac, W * The app requires at least 80MB of RAM to work properly. * The app requires around 1000MB of disk. * A dedicated domain is requierd if you want to use extensions. - notes.your-domain.tld/ -> Extension Manager is working - your-domain.tld/notes/ -> Extension Manager is not working + * notes.your-domain.tld/ -> Extension Manager is working + * your-domain.tld/notes/ -> Extension Manager is not working * Other infos that people should be aware of, such as: * The config-file is stored under "/opt/yunohost/$app/live/.env" - * You can find additional config features under https://your-domain.tld/yunohost/admin/#/apps/$app/config-panel ## Documentation and resources diff --git a/README_fr.md b/README_fr.md index 63b23c5..eaab9fb 100644 --- a/README_fr.md +++ b/README_fr.md @@ -13,7 +13,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour -**Version incluse :** 3.6.8~ynh2 +**Version incluse :** 3.8.18~ynh1 **Démo :** https://standardnotes.org/demo @@ -29,12 +29,11 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour * The app requires at least 80MB of RAM to work properly. * The app requires around 1000MB of disk. * A dedicated domain is requierd if you want to use extensions. - notes.your-domain.tld/ -> Extension Manager is working - your-domain.tld/notes/ -> Extension Manager is not working + * notes.your-domain.tld/ -> Extension Manager is working + * your-domain.tld/notes/ -> Extension Manager is not working * Other infos that people should be aware of, such as: * The config-file is stored under "/opt/yunohost/$app/live/.env" - * You can find additional config features under https://your-domain.tld/yunohost/admin/#/apps/$app/config-panel ## Documentations et ressources From 909547ab1219fcb7891caebb542135c3555a2bf1 Mon Sep 17 00:00:00 2001 From: Fabian Wilkens Date: Sun, 22 Aug 2021 11:19:28 +0200 Subject: [PATCH 6/7] Fix: systemd.service WantedBy -> install fails --- conf/systemd.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/systemd.service b/conf/systemd.service index 1f22676..711412c 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -41,4 +41,4 @@ CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG [Install] -WantedBy=default.target +WantedBy=multi-user.target From 1ac0832baaabcef68b6b6d3592b07383f13e03de Mon Sep 17 00:00:00 2001 From: Fabian Wilkens <46000361+FabianWilkens@users.noreply.github.com> Date: Mon, 23 Aug 2021 21:25:10 +0200 Subject: [PATCH 7/7] Update check_process --- check_process | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/check_process b/check_process index 2a04250..fdfe44f 100644 --- a/check_process +++ b/check_process @@ -11,6 +11,8 @@ setup_private=1 setup_public=1 upgrade=1 + # 3.6.8~ynh2 + upgrade=1 from_commit=89de808ffc824be93a4394abcf45219f9376dfa5 # 3.6.2~yhn1 #upgrade=1 from_commit=0459e279ab1ac0624203b710619bfe3f22686908 # 3.5.11~ynh1 @@ -23,6 +25,6 @@ Email= Notification=none ;;; Upgrade options - ; commit=0459e279ab1ac0624203b710619bfe3f22686908 - name=3.6.2~ynh1 + ; commit=89de808ffc824be93a4394abcf45219f9376dfa5 + name=3.6.8~ynh2 manifest_arg=domain=DOMAIN&is_public=1