diff --git a/README.md b/README.md index ba1c4de..687b571 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ It shall NOT be edited by hand. # Timeoff for YunoHost -[![Integration level](https://dash.yunohost.org/integration/timeoff.svg)](https://dash.yunohost.org/appci/app/timeoff) ![](https://ci-apps.yunohost.org/ci/badges/timeoff.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/timeoff.maintain.svg) +[![Integration level](https://dash.yunohost.org/integration/timeoff.svg)](https://dash.yunohost.org/appci/app/timeoff) ![Working status](https://ci-apps.yunohost.org/ci/badges/timeoff.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/timeoff.maintain.svg) [![Install Timeoff with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=timeoff) *[Lire ce readme en français.](./README_fr.md)* @@ -17,31 +17,30 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Web application for managing employee absences -**Shipped version:** 1.4.0~ynh2 - - +**Shipped version:** 1.4.2~ynh1 ## Screenshots -![](./doc/screenshots/smartmockups_kkjk5hh4-p-2000.png) +![Screenshot of Timeoff](./doc/screenshots/smartmockups_kkjk5hh4-p-2000.png) ## Documentation and resources -* Official app website: https://timeoff.management/ -* Official admin documentation: https://timeoff.management/support/main-page.html -* Upstream app code repository: https://github.com/timeoff-management/timeoff-management-application -* YunoHost documentation for this app: https://yunohost.org/app_timeoff -* Report a bug: https://github.com/YunoHost-Apps/timeoff_ynh/issues +* Official app website: +* Official admin documentation: +* Upstream app code repository: +* YunoHost documentation for this app: +* Report a bug: ## Developer info Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/timeoff_ynh/tree/testing). To try the testing branch, please proceed like that. -``` + +``` bash sudo yunohost app install https://github.com/YunoHost-Apps/timeoff_ynh/tree/testing --debug or sudo yunohost app upgrade timeoff -u https://github.com/YunoHost-Apps/timeoff_ynh/tree/testing --debug ``` -**More info regarding app packaging:** https://yunohost.org/packaging_apps \ No newline at end of file +**More info regarding app packaging:** diff --git a/README_fr.md b/README_fr.md index ae9d7de..ed286a2 100644 --- a/README_fr.md +++ b/README_fr.md @@ -1,10 +1,14 @@ + + # Timeoff pour YunoHost -[![Niveau d'intégration](https://dash.yunohost.org/integration/timeoff.svg)](https://dash.yunohost.org/appci/app/timeoff) ![](https://ci-apps.yunohost.org/ci/badges/timeoff.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/timeoff.maintain.svg) +[![Niveau d'intégration](https://dash.yunohost.org/integration/timeoff.svg)](https://dash.yunohost.org/appci/app/timeoff) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/timeoff.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/timeoff.maintain.svg) [![Installer Timeoff avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=timeoff) *[Read this readme in english.](./README.md)* -*[Lire ce readme en français.](./README_fr.md)* > *Ce package vous permet d'installer Timeoff rapidement et simplement sur un serveur YunoHost. Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.* @@ -13,31 +17,30 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour Application Web de gestion des absences des employés -**Version incluse :** 1.4.0~ynh2 - - +**Version incluse :** 1.4.2~ynh1 ## Captures d'écran -![](./doc/screenshots/smartmockups_kkjk5hh4-p-2000.png) +![Capture d'écran de Timeoff](./doc/screenshots/smartmockups_kkjk5hh4-p-2000.png) ## Documentations et ressources -* Site officiel de l'app : https://timeoff.management/ -* Documentation officielle de l'admin : https://timeoff.management/support/main-page.html -* Dépôt de code officiel de l'app : https://github.com/timeoff-management/timeoff-management-application -* Documentation YunoHost pour cette app : https://yunohost.org/app_timeoff -* Signaler un bug : https://github.com/YunoHost-Apps/timeoff_ynh/issues +* Site officiel de l'app : +* Documentation officielle de l'admin : +* Dépôt de code officiel de l'app : +* Documentation YunoHost pour cette app : +* Signaler un bug : ## Informations pour les développeurs Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/timeoff_ynh/tree/testing). Pour essayer la branche testing, procédez comme suit. -``` + +``` bash sudo yunohost app install https://github.com/YunoHost-Apps/timeoff_ynh/tree/testing --debug ou sudo yunohost app upgrade timeoff -u https://github.com/YunoHost-Apps/timeoff_ynh/tree/testing --debug ``` -**Plus d'infos sur le packaging d'applications :** https://yunohost.org/packaging_apps \ No newline at end of file +**Plus d'infos sur le packaging d'applications :** diff --git a/conf/app.src b/conf/app.src index b4d917b..9bf2792 100644 --- a/conf/app.src +++ b/conf/app.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/timeoff-management/timeoff-management-application/archive/refs/tags/1.4.0.tar.gz -SOURCE_SUM=2831826b689cf1f4bc7e7ae03ac42c4c846a56a8c3e1368f3a1326f46977cdcc +SOURCE_URL=https://github.com/timeoff-management/timeoff-management-application/archive/refs/tags/1.4.2.tar.gz +SOURCE_SUM=b0a5f7e88c39a0ae43e5c53c50efb82e9a78add1954f7c0a60ae91c25bbf608f SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=true diff --git a/conf/systemd.service b/conf/systemd.service index 9bf9929..75c0bab 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -13,5 +13,36 @@ WorkingDirectory=__FINALPATH__/ ExecStart=__YNH_NODE__ bin/wwww Restart=always + +# Sandboxing options to harden security +# Depending on specificities of your service/app, you may need to tweak these +# .. but this should be a good baseline +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG + [Install] WantedBy=multi-user.target diff --git a/manifest.json b/manifest.json index b1cab71..1062852 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Web application for managing employee absences", "fr": "Application Web de gestion des absences des employés" }, - "version": "1.4.0~ynh2", + "version": "1.4.2~ynh1", "url": "https://timeoff.management/", "upstream": { "license": "MIT", @@ -20,7 +20,7 @@ "email": "ju@paraiso.me" }, "requirements": { - "yunohost": ">= 4.3.0" + "yunohost": ">= 11.0.9" }, "multi_instance": false, "services": [