From 74c9464518dcec73b56ce6f4c744dadd20c0755a Mon Sep 17 00:00:00 2001 From: Tagadda <36127788+Tagadda@users.noreply.github.com> Date: Sun, 23 Jan 2022 18:54:02 +0000 Subject: [PATCH 1/4] [fix] Allow datadir in systemd sandboxing [fix] .env was not found --- conf/systemd.service | 4 ++-- scripts/change_url | 2 +- scripts/install | 6 +++--- scripts/upgrade | 10 +++++----- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/conf/systemd.service b/conf/systemd.service index 7f91b11..ff2527e 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -8,8 +8,8 @@ After=network.target User=__APP__ Group=__APP__ WorkingDirectory=__FINALPATH__/live/ -ReadWriteDirectories=__FINALPATH__/live/ -EnvironmentFile=__FINALPATH__/live/vaultwarden.env +ReadWriteDirectories=__FINALPATH__/live/ __DATADIR__ +EnvironmentFile=__FINALPATH__/live/.env ExecStart=__FINALPATH__/live/vaultwarden # Set reasonable connection and process limits diff --git a/scripts/change_url b/scripts/change_url index 3a5905e..6c3a863 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -114,7 +114,7 @@ fi #================================================= ynh_script_progression --message="Modifying a config file..." -config="$final_path/live/vaultwarden.env" +config="$final_path/live/.env" ynh_backup_if_checksum_is_different --file="$config" diff --git a/scripts/install b/scripts/install index 98d090e..81f2a09 100644 --- a/scripts/install +++ b/scripts/install @@ -156,10 +156,10 @@ chown -R $app:$app "$datadir" #================================================= ynh_script_progression --message="Adding a configuration file..." -ynh_add_config --template="../conf/vaultwarden.env" --destination="$final_path/live/vaultwarden.env" +ynh_add_config --template="../conf/vaultwarden.env" --destination="$final_path/live/.env" -chmod 400 "$final_path/live/vaultwarden.env" -chown $app:$app "$final_path/live/vaultwarden.env" +chmod 400 "$final_path/live/vaulwarden.env" +chown $app:$app "$final_path/live/.env" #================================================= # SETUP SYSTEMD diff --git a/scripts/upgrade b/scripts/upgrade index 53daeee..217f73f 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -72,9 +72,9 @@ then db_name=$(ynh_app_setting_get --app=$app --key=db_name) # Move config file - mv $final_path/live/bitwarden_rs.env $final_path/live/vaultwarden.env + mv $final_path/live/bitwarden_rs.env $final_path/live/.env ynh_delete_file_checksum --file="/var/www/$old_app/live/bitwarden_rs.env" - ynh_store_file_checksum --file="$final_path/live/vaultwarden.env" + ynh_store_file_checksum --file="$final_path/live/.env" ynh_secure_remove --file="$final_path/live/bitwarden_rs" # Manage permissions @@ -214,10 +214,10 @@ fi #================================================= ynh_script_progression --message="Updating a configuration file..." -ynh_add_config --template="../conf/vaultwarden.env" --destination="$final_path/live/vaultwarden.env" +ynh_add_config --template="../conf/vaultwarden.env" --destination="$final_path/live/.env" -chmod 400 "$final_path/live/vaultwarden.env" -chown $app:$app "$final_path/live/vaultwarden.env" +chmod 400 "$final_path/live/.env" +chown $app:$app "$final_path/live/.env" #================================================= # SETUP SYSTEMD From d41a12b6a0f9fc96e8f71142a3818a713e82718c Mon Sep 17 00:00:00 2001 From: Tagadda <36127788+Tagadda@users.noreply.github.com> Date: Sun, 23 Jan 2022 19:52:53 +0000 Subject: [PATCH 2/4] oops --- scripts/install | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/install b/scripts/install index 81f2a09..ff9097e 100644 --- a/scripts/install +++ b/scripts/install @@ -158,7 +158,7 @@ ynh_script_progression --message="Adding a configuration file..." ynh_add_config --template="../conf/vaultwarden.env" --destination="$final_path/live/.env" -chmod 400 "$final_path/live/vaulwarden.env" +chmod 400 "$final_path/live/.env" chown $app:$app "$final_path/live/.env" #================================================= From c1e894a6b667559453e7132b86c919212fc1e535 Mon Sep 17 00:00:00 2001 From: Tagadda <36127788+Tagadda@users.noreply.github.com> Date: Sun, 23 Jan 2022 23:17:50 +0000 Subject: [PATCH 3/4] Fix sandboxing --- conf/systemd.service | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/systemd.service b/conf/systemd.service index ff2527e..16f4776 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -22,7 +22,7 @@ LimitNPROC=64 # Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html PrivateTmp=yes PrivateDevices=yes -ProtectHome=true +ProtectHome=false ProtectSystem=strict [Install] From 8c61324f5b6df30800e01e21fed574f7a62c9583 Mon Sep 17 00:00:00 2001 From: Tagadda <36127788+Tagadda@users.noreply.github.com> Date: Mon, 24 Jan 2022 21:21:08 +0000 Subject: [PATCH 4/4] [fix] Migrate datadir after user is created Fix #166 --- scripts/upgrade | 29 +++++++++++++++++------------ 1 file changed, 17 insertions(+), 12 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index 53daeee..b0c7470 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -91,18 +91,6 @@ fi ynh_remove_logrotate -# If datadir doesn't exist, create it -if [ -z $datadir ]; then - datadir=/home/yunohost.app/$app - ynh_app_setting_set --app=$app --key=datadir --value=$datadir - mkdir -p $datadir - rsync -arz "$final_path/live/data/" "$datadir/" --delete-after --remove-source-files - ynh_secure_remove --file="$final_path/live/data" - chmod 750 "$datadir" - chmod -R o-rwx "$datadir" - chown -R $app:$app "$datadir" -fi - #================================================= # ENSURE DOWNWARD COMPATIBILITY #================================================= @@ -133,6 +121,23 @@ ynh_script_progression --message="Making sure dedicated system user exists..." # Create a dedicated user (if not existing) ynh_system_user_create --username=$app --home_dir=$final_path +#================================================= +# CREATE DATA DIRECTORY +#================================================= +ynh_script_progression --message="Making sure data directory exists..." + +# If datadir doesn't exist, create it +if [ -z $datadir ]; then + datadir=/home/yunohost.app/$app + ynh_app_setting_set --app=$app --key=datadir --value=$datadir + mkdir -p $datadir + rsync -arz "$final_path/live/data/" "$datadir/" --delete-after --remove-source-files + ynh_secure_remove --file="$final_path/live/data" + chmod 750 "$datadir" + chmod -R o-rwx "$datadir" + chown -R $app:$app "$datadir" +fi + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #=================================================