From c7d0a1c87bee1325306c8a95ba8057adf9354c91 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Mon, 18 Jul 2022 21:17:17 +0200 Subject: [PATCH 1/2] Switch sources from docker --- .github/workflows/updater.sh | 71 ----------------------------------- conf/app.src | 7 ---- conf/docker-image-extract.src | 7 ++++ conf/web.src | 7 ---- manifest.json | 4 +- scripts/_common.sh | 2 +- scripts/install | 53 ++++++++++---------------- scripts/upgrade | 44 +++++----------------- 8 files changed, 40 insertions(+), 155 deletions(-) delete mode 100644 conf/app.src create mode 100644 conf/docker-image-extract.src delete mode 100644 conf/web.src diff --git a/.github/workflows/updater.sh b/.github/workflows/updater.sh index eec8545..c6c82b4 100644 --- a/.github/workflows/updater.sh +++ b/.github/workflows/updater.sh @@ -18,9 +18,6 @@ current_version=$(cat manifest.json | jq -j '.version|split("~")[0]') repo=$(cat manifest.json | jq -j '.upstream.code|split("https://github.com/")[1]') # Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions) version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1) -webversion=$(curl --silent "https://api.github.com/repos/dani-garcia/bw_web_builds/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1) -assets=($(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '[ .[] | select(.tag_name=="'$version'").tarball_url ] | join(" ") | @sh' | tr -d "'")) -assets+=($(curl --silent "https://api.github.com/repos/dani-garcia/bw_web_builds/releases" | jq -r '[ .[] | select(.tag_name=="'$webversion'").assets[].browser_download_url ] | join(" ") | @sh' | tr -d "'")) # Later down the script, we assume the version has only digits and dots # Sometimes the release name starts with a "v", so let's filter it out. @@ -47,74 +44,6 @@ elif git ls-remote -q --exit-code --heads https://github.com/$GITHUB_REPOSITORY. exit 0 fi -# Each release can hold multiple assets (e.g. binaries for different architectures, source code, etc.) -echo "${#assets[@]} available asset(s)" - -#================================================= -# UPDATE SOURCE FILES -#================================================= - -# Here we use the $assets variable to get the resources published in the upstream release. -# Here is an example for Grav, it has to be adapted in accordance with how the upstream releases look like. - -# Let's loop over the array of assets URLs -for asset_url in ${assets[@]}; do - - echo "Handling asset at $asset_url" - - # Assign the asset to a source file in conf/ directory - # Here we base the source file name upon a unique keyword in the assets url (admin vs. update) - # Leave $src empty to ignore the asset - case $asset_url in - *"vaultwarden"*) - src="app" - ;; - *"bw_web_v"*".tar.gz") - src="web" - ;; - *) - src="" - ;; - esac - - # If $src is not empty, let's process the asset - if [ ! -z "$src" ]; then - # Create the temporary directory - tempdir="$(mktemp -d)" - - # Download sources and calculate checksum - filename=${asset_url##*/} - curl --silent -4 -L $asset_url -o "$tempdir/$filename" - checksum=$(sha256sum "$tempdir/$filename" | head -c 64) - - # Delete temporary directory - rm -rf $tempdir - - # Get extension - if [[ $filename == *.tar.gz ]]; then - extension=tar.gz - else - extension=${filename##*.} - fi - - # Rewrite source file - cat < conf/$src.src -SOURCE_URL=$asset_url -SOURCE_SUM=$checksum -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= -SOURCE_EXTRACT=true -EOT - echo "... conf/$src.src updated" - - else - echo "... asset ignored" - fi - -done - #================================================= # SPECIFIC UPDATE STEPS #================================================= diff --git a/conf/app.src b/conf/app.src deleted file mode 100644 index ce014da..0000000 --- a/conf/app.src +++ /dev/null @@ -1,7 +0,0 @@ -SOURCE_URL=https://api.github.com/repos/dani-garcia/vaultwarden/tarball/1.25.1 -SOURCE_SUM=553cce24eec00c4fa9a08dabdcb50258cc479ff6a2e21d76153af343957114c2 -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= -SOURCE_EXTRACT=true diff --git a/conf/docker-image-extract.src b/conf/docker-image-extract.src new file mode 100644 index 0000000..64fe1a1 --- /dev/null +++ b/conf/docker-image-extract.src @@ -0,0 +1,7 @@ +SOURCE_URL=https://codeload.github.com/jjlin/docker-image-extract/tar.gz/a9e455e44bbbfba897bf3342d9661b182cee67a9 +SOURCE_SUM=9eb0c734e83a3fd7102fc7209af4977024ec467fbc819782491af47295675f67 +SOURCE_SUM_PRG=sha256sum +SOURCE_FORMAT=tar.gz +SOURCE_IN_SUBDIR=true +SOURCE_FILENAME= +SOURCE_EXTRACT=true diff --git a/conf/web.src b/conf/web.src deleted file mode 100644 index a6edd9d..0000000 --- a/conf/web.src +++ /dev/null @@ -1,7 +0,0 @@ -SOURCE_URL=https://github.com/dani-garcia/bw_web_builds/releases/download/v2022.6.2/bw_web_v2022.6.2.tar.gz -SOURCE_SUM=206fde0814d46bb78a79a7a5ab10963beaeb5c952e05a9e1b18c2495fb7174e1 -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_IN_SUBDIR=true -SOURCE_FILENAME= -SOURCE_EXTRACT=true diff --git a/manifest.json b/manifest.json index 636c550..1ce3837 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Manage passwords and other sensitive informations", "fr": "Gérez les mots de passe et autres informations sensibles" }, - "version": "1.25.1~ynh1", + "version": "1.25.1~ynh2", "url": "https://github.com/dani-garcia/vaultwarden", "upstream": { "license": "GPL-3.0-or-later", @@ -20,7 +20,7 @@ "name": "yalh76" }, "requirements": { - "yunohost": ">= 4.3.0" + "yunohost": ">= 11.0.0" }, "multi_instance": true, "services": [ diff --git a/scripts/_common.sh b/scripts/_common.sh index 65744f6..124b61d 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -5,7 +5,7 @@ #================================================= # dependencies used by the app -pkg_dependencies="build-essential pkg-config libssl-dev libc6-dev" +pkg_dependencies="libpq5" #================================================= # PERSONAL HELPERS diff --git a/scripts/install b/scripts/install index 9fb7e08..0a6c775 100644 --- a/scripts/install +++ b/scripts/install @@ -91,14 +91,9 @@ ynh_system_user_create --username=$app --home_dir="$final_path" ynh_script_progression --message="Setting up source files..." ynh_app_setting_set --app=$app --key=final_path --value=$final_path -# Download, check integrity, uncompress the source of vaultwarden from app.src to his build directory -ynh_setup_source --dest_dir="$final_path/build/" --source_id="app" - -# Download, check integrity, uncompress and patch the source from web.src -ynh_setup_source --dest_dir="$final_path/live/web-vault/" --source_id="web" - -mkdir -p "$final_path/.rustup" -mkdir -p "$final_path/.cargo" +# Download, check integrity, uncompress and patch the source from app.src +ynh_setup_source --dest_dir="$final_path/build/" --source_id="docker-image-extract" +mkdir -p "$final_path/live/" chmod 750 "$final_path" chmod -R o-rwx "$final_path" @@ -114,31 +109,6 @@ ynh_add_nginx_config #================================================= # SPECIFIC SETUP -#================================================= -# MAKE INSTALL -#================================================= -ynh_script_progression --message="Making install..." - -# Install rustup with the toolchain needed by vaultwarden -pushd "$final_path" - ynh_exec_warn_less ynh_exec_as "$app" RUSTUP_HOME="$final_path/.rustup" CARGO_HOME="$final_path/.cargo" bash -c 'curl -sSf -L https://static.rust-lang.org/rustup.sh | sh -s -- -y --default-toolchain stable' -popd - -export PATH="$PATH:$final_path/.cargo/bin:$final_path/.local/bin:/usr/local/sbin" - -# Compile vaultwarden -pushd "$final_path"/build - ynh_exec_warn_less ynh_exec_as "$app" env PATH="$PATH" CARGO_HOME="$final_path/.cargo" $final_path/.cargo/bin/cargo build --features sqlite --release -popd - -# Install vaultwarden -cp -af "$final_path/build/target/release/vaultwarden" "$final_path/live/vaultwarden" - -# Remove build files and rustup -ynh_secure_remove --file="$final_path/build" -ynh_secure_remove --file="$final_path/.cargo" -ynh_secure_remove --file="$final_path/.rustup" - #================================================= # CREATE DATA DIRECTORY #================================================= @@ -153,6 +123,23 @@ chmod 750 "$datadir" chmod -R o-rwx "$datadir" chown -R $app:$app "$datadir" +#================================================= +# MAKE INSTALL +#================================================= +ynh_script_progression --message="Making install..." + +pushd "$final_path"/build + ./docker-image-extract vaultwarden/server:$(ynh_app_upstream_version) +popd + +mv -f "$final_path/build/output/vaultwarden" "$final_path/live/vaultwarden" +rsync -a "$final_path/build/output/web-vault/" "$final_path/live/web-vault/" +ynh_secure_remove --file="$final_path/build" + +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:$app "$final_path" + #================================================= # ADD A CONFIGURATION #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index d40471b..ad6610f 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -141,13 +141,8 @@ then ynh_script_progression --message="Upgrading source files..." # Download, check integrity, uncompress the source of vaultwarden from app.src to his build directory - ynh_setup_source --dest_dir="$final_path/build/" --source_id="app" - - # Download, check integrity, uncompress and patch the source from web.src - ynh_setup_source --dest_dir="$final_path/live/web-vault/" --source_id="web" - - mkdir -p "$final_path/.rustup" - mkdir -p "$final_path/.cargo" + ynh_setup_source --dest_dir="$final_path/build/" --source_id="docker-image-extract" + mkdir -p "$final_path/live/" fi chmod 750 "$final_path" @@ -176,41 +171,22 @@ ynh_add_nginx_config #================================================= ynh_script_progression --message="Making upgrade..." -# Set right permissions -chown -R "$app":"$app" "$final_path" - if [ "$upgrade_type" == "UPGRADE_APP" ] then - # Install rustup with the toolchain needed by vaultwarden - pushd "$final_path" - ynh_exec_warn_less ynh_exec_as "$app" RUSTUP_HOME="$final_path/.rustup" CARGO_HOME="$final_path/.cargo" bash -c 'curl -sSf -L https://static.rust-lang.org/rustup.sh | sh -s -- -y --default-toolchain stable' - popd - - export PATH="$PATH:$final_path/.cargo/bin:$final_path/.local/bin:/usr/local/sbin" - - # Compile vaultwarden pushd "$final_path"/build - ynh_exec_warn_less ynh_exec_as "$app" env PATH="$PATH" CARGO_HOME="$final_path/.cargo" $final_path/.cargo/bin/cargo build --features sqlite --release + ./docker-image-extract vaultwarden/server:$(ynh_app_upstream_version) popd - # Remove old generated files before copying the new ones - ynh_secure_remove --file="$final_path/live/.fingerprint" - ynh_secure_remove --file="$final_path/live/build" - ynh_secure_remove --file="$final_path/live/deps" - ynh_secure_remove --file="$final_path/live/examples" - ynh_secure_remove --file="$final_path/live/incremental" - ynh_secure_remove --file="$final_path/live/.cargo-lock" - ynh_secure_remove --file="$final_path/live/vaultwarden.d" - - # Install vaultwarden - cp -af "$final_path/build/target/release/vaultwarden" "$final_path/live/vaultwarden" - - # Remove build files and rustup + mv -f "$final_path/build/output/vaultwarden" "$final_path/live/vaultwarden" + ynh_secure_remove --file="$final_path/live/web-vault/" + rsync -a "$final_path/build/output/web-vault/" "$final_path/live/web-vault/" ynh_secure_remove --file="$final_path/build" - ynh_secure_remove --file="$final_path/.cargo" - ynh_secure_remove --file="$final_path/.rustup" fi +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" +chown -R $app:$app "$final_path" + #================================================= # UPDATE A CONFIG FILE #================================================= From fb0e78e9b0f8ebee7fa197dfe106a66e7d59b949 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Mon, 18 Jul 2022 19:17:21 +0000 Subject: [PATCH 2/2] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 6d0b01a..cb85c14 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Alternative implementation of the Bitwarden server API written in Rust and compatible with upstream Bitwarden clients*, perfect for self-hosted deployment where running the official resource-heavy service might not be ideal. -**Shipped version:** 1.25.1~ynh1 +**Shipped version:** 1.25.1~ynh2 **Demo:** https://vault.bitwarden.com/#/register diff --git a/README_fr.md b/README_fr.md index 6696610..8487883 100644 --- a/README_fr.md +++ b/README_fr.md @@ -17,7 +17,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour Alternative implementation of the Bitwarden server API written in Rust and compatible with upstream Bitwarden clients*, perfect for self-hosted deployment where running the official resource-heavy service might not be ideal. -**Version incluse :** 1.25.1~ynh1 +**Version incluse :** 1.25.1~ynh2 **Démo :** https://vault.bitwarden.com/#/register