diff --git a/README.md b/README.md
index fc260a3..194f0ae 100644
--- a/README.md
+++ b/README.md
@@ -18,7 +18,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in
Syncthing is a continuous file synchronization program. It synchronizes files between two or more computers in real time, safely protected from prying eyes. Your data is your data alone and you deserve to choose where it is stored, whether it is shared with some third party, and how it's transmitted over the internet.
-**Shipped version:** 1.18.6~ynh1
+**Shipped version:** 1.18.6~ynh2
diff --git a/README_fr.md b/README_fr.md
index b6e6650..430684a 100644
--- a/README_fr.md
+++ b/README_fr.md
@@ -14,7 +14,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour
Syncthing is a continuous file synchronization program. It synchronizes files between two or more computers in real time, safely protected from prying eyes. Your data is your data alone and you deserve to choose where it is stored, whether it is shared with some third party, and how it's transmitted over the internet.
-**Version incluse :** 1.18.6~ynh1
+**Version incluse :** 1.18.6~ynh2
diff --git a/check_process b/check_process
index 6c257c7..7a11dff 100644
--- a/check_process
+++ b/check_process
@@ -49,6 +49,8 @@
#upgrade=1 from_commit=3e69fac2078f96ba5a4cb73966345f44a95147bf
# 1.18.2~ynh1
upgrade=1 from_commit=f0cfbbfd9acf04d7df4d2b7c6c6f80da4db04f24
+ # 1.18.6~ynh1
+ upgrade=1 from_commit=75e55a85c81efbd26a2b2120916becb6940367ba
backup_restore=1
multi_instance=1
port_already_use=0
@@ -95,3 +97,5 @@ Notification=all
name=1.18.1~ynh1
; commit=f0cfbbfd9acf04d7df4d2b7c6c6f80da4db04f24
name=1.18.2~ynh1
+ ; commit=75e55a85c81efbd26a2b2120916becb6940367ba
+ name=1.18.6~ynh1
diff --git a/conf/config.xml b/conf/config.xml
index f2c384a..bc48c4e 100644
--- a/conf/config.xml
+++ b/conf/config.xml
@@ -10,8 +10,8 @@
false
- tcp://0.0.0.0:__SYNC_PORT__
- quic://0.0.0.0:__SYNC_PORT__
+ tcp://0.0.0.0:__PORT__
+ quic://0.0.0.0:__PORT__
default
true
true
@@ -43,7 +43,7 @@
true
10
0
- __SYNC_HOME__
+ __DATADIR__
true
0
diff --git a/conf/systemd.service b/conf/systemd.service
index 991e74b..3cb8b88 100644
--- a/conf/systemd.service
+++ b/conf/systemd.service
@@ -10,12 +10,15 @@ Restart=on-failure
SuccessExitStatus=3 4
RestartForceExitStatus=3 4
-# Hardening
+# Sandboxing options to harden security
+# Depending on specificities of your service/app, you may need to tweak these
+# .. but this should be a good baseline
+# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html
+NoNewPrivileges=true
+PrivateTmp=yes
ProtectSystem=full
-PrivateTmp=true
SystemCallArchitectures=native
MemoryDenyWriteExecute=true
-NoNewPrivileges=true
[Install]
WantedBy=multi-user.target
diff --git a/manifest.json b/manifest.json
index f4bda9d..5668c7c 100644
--- a/manifest.json
+++ b/manifest.json
@@ -6,7 +6,7 @@
"en": "Continuous file synchronization program",
"fr": "Programme de synchronisation de fichiers en continu"
},
- "version": "1.18.6~ynh1",
+ "version": "1.18.6~ynh2",
"url": "https://syncthing.net/",
"upstream": {
"license": "MPL-2.0",
diff --git a/scripts/backup b/scripts/backup
index 11eb9f9..d8cb0be 100644
--- a/scripts/backup
+++ b/scripts/backup
@@ -29,7 +29,7 @@ app=$YNH_APP_INSTANCE_NAME
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
domain=$(ynh_app_setting_get --app=$app --key=domain)
-sync_home=$(ynh_app_setting_get --app=$app --key=sync_home)
+datadir=$(ynh_app_setting_get --app=$app --key=datadir)
#=================================================
# DECLARE DATA AND CONF FILES TO BACKUP
@@ -43,10 +43,10 @@ ynh_print_info --message="Declaring files to be backed up..."
ynh_backup --src_path="$final_path"
#=================================================
-# BACKUP THE DATA DIRECTORY
+# BACKUP THE DATA DIR
#=================================================
-ynh_backup --src_path="$sync_home" --is_big
+ynh_backup --src_path="$datadir" --is_big
#=================================================
# BACKUP THE NGINX CONFIGURATION
diff --git a/scripts/install b/scripts/install
index 0472aa6..d822f67 100644
--- a/scripts/install
+++ b/scripts/install
@@ -58,15 +58,15 @@ ynh_app_setting_set --app=$app --key=admin --value=$admin
ynh_script_progression --message="Finding an available port..."
# Find an available port
+port=$(ynh_find_port --port=22000)
+ynh_app_setting_set --app=$app --key=port --value=$port
+
gui_port=$(ynh_find_port --port=8384)
ynh_app_setting_set --app=$app --key=gui_port --value=$gui_port
-sync_port=$(ynh_find_port --port=22000)
-ynh_app_setting_set --app=$app --key=sync_port --value=$sync_port
-
# Open the port
ynh_script_progression --message="Configuring firewall..."
-ynh_exec_warn_less yunohost firewall allow TCP $sync_port
+ynh_exec_warn_less yunohost firewall allow TCP $port
#=================================================
# CREATE DEDICATED USER
@@ -100,23 +100,23 @@ ynh_add_nginx_config
#=================================================
# SPECIFIC SETUP
#=================================================
-# CREATE SYNC DIRECTORY
+# CREATE DATA DIRECTORY
#=================================================
-ynh_script_progression --message="Creating sync directory..."
+ynh_script_progression --message="Creating a data directory..."
-sync_home=/home/yunohost.app/$app
-ynh_app_setting_set --app=$app --key=sync_home --value=$sync_home
+datadir=/home/yunohost.app/$app
+ynh_app_setting_set --app=$app --key=datadir --value=$datadir
-mkdir -p $sync_home
+mkdir -p $datadir
-chmod 750 "$sync_home"
-chmod -R o-rwx "$sync_home"
-chown -R $app:$app "$sync_home"
+chmod 750 "$datadir"
+chmod -R o-rwx "$datadir"
+chown -R $app:$app "$datadir"
#=================================================
# ADD A CONFIGURATION
#=================================================
-ynh_script_progression --message="Adding a config file..."
+ynh_script_progression --message="Adding a configuration file..."
mkdir -p "$final_path/.config/syncthing"
config_file="$final_path/.config/syncthing/config.xml"
@@ -142,7 +142,7 @@ chown -R $app: $final_path
ynh_systemd_action --service_name=$app --action="start" --log_path=systemd --line_match="Access the GUI via the following URL"
-ynh_replace_string --match_string="tcp://quic:%2F%2F0.0.0.0:$sync_port" --replace_string="quic//0.0.0.0:$sync_port" --target_file="$config_file"
+ynh_replace_string --match_string="tcp://quic:%2F%2F0.0.0.0:$port" --replace_string="quic//0.0.0.0:$port" --target_file="$config_file"
ynh_systemd_action --service_name=$app --action="stop" --log_path=systemd
@@ -155,7 +155,7 @@ ynh_store_file_checksum --file="$config_file"
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..."
-yunohost service add $app --description="$app daemon for Syncthing" --needs_exposed_ports=$sync_port
+yunohost service add $app --description="$app daemon for Syncthing" --needs_exposed_ports=$port
#=================================================
# START SYSTEMD SERVICE
diff --git a/scripts/remove b/scripts/remove
index 5fb98ea..f6e9f92 100644
--- a/scripts/remove
+++ b/scripts/remove
@@ -17,10 +17,9 @@ ynh_script_progression --message="Loading installation settings..."
app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
+port=$(ynh_app_setting_get --app=$app --key=port)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
-sync_home=$(ynh_app_setting_get --app=$app --key=sync_home)
-
-sync_port=$(ynh_app_setting_get --app=$app --key=sync_port)
+datadir=$(ynh_app_setting_get --app=$app --key=datadir)
#=================================================
# STANDARD REMOVE
@@ -55,11 +54,11 @@ ynh_secure_remove --file="$final_path"
# REMOVE DATA DIR
#=================================================
-# Remove the app data directory with the command `yunohost app remove syncthing --purge`
+# Remove the data directory if --purge option is used
if [ "${YNH_APP_PURGE:-0}" -eq 1 ]
then
- ynh_script_progression --message="Removing $app data directory..." --weight=2
- ynh_secure_remove --file="$sync_home"
+ ynh_script_progression --message="Removing app data directory..."
+ ynh_secure_remove --file="$datadir"
fi
#=================================================
@@ -74,10 +73,10 @@ ynh_remove_nginx_config
# CLOSE A PORT
#=================================================
-if yunohost firewall list | grep -q "\- $sync_port$"
+if yunohost firewall list | grep -q "\- $port$"
then
- ynh_script_progression --message="Closing port $sync_port..."
- ynh_exec_warn_less yunohost firewall disallow TCP $sync_port
+ ynh_script_progression --message="Closing port $port..."
+ ynh_exec_warn_less yunohost firewall disallow TCP $port
fi
#=================================================
diff --git a/scripts/restore b/scripts/restore
index c327c7c..ef19662 100644
--- a/scripts/restore
+++ b/scripts/restore
@@ -30,15 +30,16 @@ app=$YNH_APP_INSTANCE_NAME
domain=$(ynh_app_setting_get --app=$app --key=domain)
path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
-sync_home=$(ynh_app_setting_get --app=$app --key=sync_home)
-sync_port=$(ynh_app_setting_get --app=$app --key=sync_port)
+port=$(ynh_app_setting_get --app=$app --key=port)
+datadir=$(ynh_app_setting_get --app=$app --key=datadir)
#=================================================
# CHECK IF THE APP CAN BE RESTORED
#=================================================
ynh_script_progression --message="Validating restoration parameters..."
-test ! -d $final_path || ynh_die --message="There is already a directory: $final_path "
+test ! -d $final_path \
+ || ynh_die --message="There is already a directory: $final_path "
#=================================================
# STANDARD RESTORATION STEPS
@@ -48,7 +49,7 @@ test ! -d $final_path || ynh_die --message="There is already a directory: $final
ynh_script_progression --message="Configuring firewall..."
# Open the port
-ynh_exec_warn_less yunohost firewall allow TCP $sync_port
+ynh_exec_warn_less yunohost firewall allow TCP $port
#=================================================
# RESTORE THE NGINX CONFIGURATION
@@ -63,7 +64,7 @@ ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf"
ynh_script_progression --message="Recreating the dedicated system user..."
# Create the dedicated user (if not existing)
-ynh_system_user_create --username=$app --home_dir="$final_path"
+ynh_system_user_create --username=$app --home_dir=$final_path
#=================================================
# RESTORE THE APP MAIN DIR
@@ -77,17 +78,17 @@ chmod -R o-rwx "$final_path"
chown -R $app:$app "$final_path"
#=================================================
-# RECREATE SYNC DIRECTORY
+# RESTORE THE DATA DIRECTORY
#=================================================
-ynh_script_progression --message="Recreating sync directory..."
+ynh_script_progression --message="Restoring the data directory..."
-ynh_restore_file --origin_path="$sync_home" --not_mandatory
+ynh_restore_file --origin_path="$datadir" --not_mandatory
-mkdir -p $sync_home
+mkdir -p $datadir
-chmod 750 "$sync_home"
-chmod -R o-rwx "$sync_home"
-chown -R $app:$app "$sync_home"
+chmod 750 "$datadir"
+chmod -R o-rwx "$datadir"
+chown -R $app:$app "$datadir"
#=================================================
# SPECIFIC RESTORATION
@@ -104,7 +105,7 @@ systemctl enable $app.service --quiet
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..."
-yunohost service add $app --description="$app daemon for Syncthing" --needs_exposed_ports=$sync_port
+yunohost service add $app --description="$app daemon for Syncthing" --needs_exposed_ports=$port
#=================================================
# START SYSTEMD SERVICE
diff --git a/scripts/upgrade b/scripts/upgrade
index fbdda49..418c1dc 100644
--- a/scripts/upgrade
+++ b/scripts/upgrade
@@ -21,8 +21,8 @@ path_url=$(ynh_app_setting_get --app=$app --key=path)
final_path=$(ynh_app_setting_get --app=$app --key=final_path)
architecture=$YNH_ARCH
-sync_home=$(ynh_app_setting_get --app=$app --key=sync_home)
-sync_port=$(ynh_app_setting_get --app=$app --key=sync_port)
+datadir=$(ynh_app_setting_get --app=$app --key=datadir)
+port=$(ynh_app_setting_get --app=$app --key=port)
gui_port=$(ynh_app_setting_get --app=$app --key=gui_port)
#=================================================
@@ -78,16 +78,16 @@ if [ -z $gui_port ]; then
gui_port=$OLD_GUIPORT
ynh_app_setting_set --app=$app --key=gui_port --value=$gui_port
- sync_home="/home/yunohost.app/$app"
- ynh_app_setting_set --app=$app --key=sync_home --value=$sync_home
+ datadir="/home/yunohost.app/$app"
+ ynh_app_setting_set --app=$app --key=datadir --value=$datadir
- sync_port=$OLD_SYNCPORT
- ynh_app_setting_set --app=$app --key=sync_port --value=$sync_port
+ port=$OLD_SYNCPORT
+ ynh_app_setting_set --app=$app --key=port --value=$port
mkdir -p $final_path
cp -R $OLD_SYNCHOME/.config $final_path/.config
- ynh_replace_string --match_string="~" --replace_string="$sync_home" --target_file="$final_path/.config/syncthing/config.xml"
+ ynh_replace_string --match_string="~" --replace_string="$datadir" --target_file="$final_path/.config/syncthing/config.xml"
systemctl stop syncthing@$OLD_SYNCUSER.service
yunohost service remove syncthing@$OLD_SYNCUSER.service
@@ -102,6 +102,20 @@ if [ -z $gui_port ]; then
ynh_remove_app_dependencies
fi
+# If port doesn't exist, create it
+if [ -z $port ]; then
+ port=$(ynh_app_setting_get --app=$app --key=sync_port)
+ ynh_app_setting_set --app=$app --key=port --value=$port
+ ynh_app_setting_delete --app=$app --key=sync_port
+fi
+
+# If datadir doesn't exist, create it
+if [ -z $datadir ]; then
+ datadir=$(ynh_app_setting_get --app=$app --key=sync_home)
+ ynh_app_setting_set --app=$app --key=datadir --value=$datadir
+ ynh_app_setting_delete --app="$app" --key="sync_home"
+fi
+
# Cleaning legacy permissions
if ynh_legacy_permissions_exists; then
ynh_legacy_permissions_delete_all
@@ -144,20 +158,20 @@ ynh_add_nginx_config
#=================================================
# SPECIFIC UPGRADE
#=================================================
-# CREATE SYNC DIRECTORY
+# CREATE DATA DIRECTORY
#=================================================
-ynh_script_progression --message="Creating sync directory..."
+ynh_script_progression --message="Creating a data directory..."
# Make directories and set rights
-mkdir -p "$sync_home"
-chmod 750 "$sync_home"
-chmod -R o-rwx "$sync_home"
-chown -R $app:$app "$sync_home"
+mkdir -p "$datadir"
+chmod 750 "$datadir"
+chmod -R o-rwx "$datadir"
+chown -R $app:$app "$datadir"
#=================================================
# UPDATE A CONFIG FILE
#=================================================
-ynh_script_progression --message="Updating a config file..."
+ynh_script_progression --message="Updating a configuration file..."
config_file="$final_path/.config/syncthing/config.xml"
@@ -185,7 +199,7 @@ ynh_add_systemd_config
#=================================================
ynh_script_progression --message="Integrating service in YunoHost..."
-yunohost service add $app --description="$app daemon for Syncthing" --needs_exposed_ports=$sync_port
+yunohost service add $app --description="$app daemon for Syncthing" --needs_exposed_ports=$port
#=================================================
# START SYSTEMD SERVICE