diff --git a/README.md b/README.md index 41b71ec..ebee65b 100644 --- a/README.md +++ b/README.md @@ -10,7 +10,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Weblate is a libre web-based translation tool with tight version control integration. It provides two user interfaces, propagation of translations across components, quality checks and automatic linking to source files. -**Shipped version:** 4.5.1 +**Shipped version:** 4.6.1 ## Screenshots diff --git a/conf/settings.py b/conf/settings.py index 5689750..e15e977 100644 --- a/conf/settings.py +++ b/conf/settings.py @@ -127,6 +127,7 @@ LANGUAGES = ( ("pl", "Polski"), ("pt", "Português"), ("pt-br", "Português brasileiro"), + ("ro", "Română"), ("ru", "Русский"), ("sk", "Slovenčina"), ("sl", "Slovenščina"), @@ -218,12 +219,12 @@ TEMPLATES = [ ] -# GitHub username for sending pull requests. +# GitHub username and token for sending pull requests. # Please see the documentation for more details. GITHUB_USERNAME = "__GITHUBUSER__" GITHUB_TOKEN = "__GITHUBTOKEN__" -# GitLab username for sending merge requests. +# GitLab username and token for sending merge requests. # Please see the documentation for more details. GITLAB_USERNAME = None GITLAB_TOKEN = None @@ -336,6 +337,14 @@ AUTH_PASSWORD_VALIDATORS = [ # }, ] +# Password hashing (prefer Argon) +PASSWORD_HASHERS = [ + "django.contrib.auth.hashers.Argon2PasswordHasher", + "django.contrib.auth.hashers.PBKDF2PasswordHasher", + "django.contrib.auth.hashers.PBKDF2SHA1PasswordHasher", + "django.contrib.auth.hashers.BCryptSHA256PasswordHasher", +] + # Allow new user registrations REGISTRATION_OPEN = True @@ -623,6 +632,7 @@ SECURE_REDIRECT_EXEMPT = (r"healthz/$",) # Allowing HTTP access to health check # Session cookie age (in seconds) SESSION_COOKIE_AGE = 1000 SESSION_COOKIE_AGE_AUTHENTICATED = 1209600 +SESSION_COOKIE_SAMESITE = "Lax" # Increase allowed upload size DATA_UPLOAD_MAX_MEMORY_SIZE = 50000000 @@ -630,6 +640,7 @@ DATA_UPLOAD_MAX_MEMORY_SIZE = 50000000 LANGUAGE_COOKIE_SECURE = SESSION_COOKIE_SECURE LANGUAGE_COOKIE_HTTPONLY = SESSION_COOKIE_HTTPONLY LANGUAGE_COOKIE_AGE = SESSION_COOKIE_AGE_AUTHENTICATED * 10 +LANGUAGE_COOKIE_SAMESITE = SESSION_COOKIE_SAMESITE # Some security headers SECURE_BROWSER_XSS_FILTER = True @@ -705,6 +716,7 @@ CRISPY_TEMPLATE_PACK = "bootstrap3" # "weblate.checks.format.PerlFormatCheck", # "weblate.checks.format.JavaScriptFormatCheck", # "weblate.checks.format.LuaFormatCheck", +# "weblate.checks.format.SchemeFormatCheck", # "weblate.checks.format.CSharpFormatCheck", # "weblate.checks.format.JavaFormatCheck", # "weblate.checks.format.JavaMessageFormatCheck", @@ -753,7 +765,6 @@ CRISPY_TEMPLATE_PACK = "bootstrap3" # List of enabled addons # WEBLATE_ADDONS = ( -# "weblate.addons.autotranslate.AutoTranslateAddon", # "weblate.addons.gettext.GenerateMoAddon", # "weblate.addons.gettext.UpdateLinguasAddon", # "weblate.addons.gettext.UpdateConfigureAddon", @@ -896,7 +907,7 @@ CELERY_RESULT_BACKEND = CELERY_BROKER_URL CELERY_WORKER_MAX_MEMORY_PER_CHILD = 200000 CELERY_BEAT_SCHEDULE_FILENAME = os.path.join(DATA_DIR, "celery", "beat-schedule") CELERY_TASK_ROUTES = { - "weblate.trans.tasks.auto_translate": {"queue": "translate"}, + "weblate.trans.tasks.auto_translate*": {"queue": "translate"}, "weblate.accounts.tasks.notify_*": {"queue": "notify"}, "weblate.accounts.tasks.send_mails": {"queue": "notify"}, "weblate.utils.tasks.settings_backup": {"queue": "backup"}, @@ -920,6 +931,7 @@ MATOMO_SITE_ID = None MATOMO_URL = None GOOGLE_ANALYTICS_ID = None SENTRY_DSN = None +SENTRY_ENVIRONMENT = None AKISMET_API_KEY = None try: diff --git a/manifest.json b/manifest.json index 41e51e0..57f1bc0 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "A translation platform using Git and Python", "fr": "Une plateforme de traduction utilisant Git et Python" }, - "version": "4.5.1~ynh1", + "version": "4.6.1~ynh1", "url": "https://weblate.org", "license": "AGPL-3.0", "maintainer": { @@ -18,7 +18,7 @@ "email": "jean-baptiste@holcroft.fr" }], "requirements": { - "yunohost": ">= 4.0.0" + "yunohost": ">= 4.1.0" }, "multi_instance": true, "services": [ @@ -29,29 +29,17 @@ { "name": "domain", "type": "domain", - "ask": { - "en": "Choose a domain for Weblate", - "fr": "Choisissez un domaine pour Weblate" - }, "example": "domain.org" }, { "name": "path", "type": "path", - "ask": { - "en": "Choose a path for Weblate", - "fr": "Choisissez un chemin pour Weblate" - }, "example": "/weblate", "default": "/weblate" }, { "name": "is_public", "type": "boolean", - "ask": { - "en": "Should Weblate be public accessible?", - "fr": "Weblate doit-il être accessible au public ?" - }, "help": { "en": "Any YunoHost user and anonymous people from the web will be able to access the application", "fr": "Tout utilisateur YunoHost et les personnes anonymes pourront accéder à l'application" @@ -61,19 +49,11 @@ { "name": "admin", "type": "user", - "ask": { - "en": "Choose an admin user for Weblate", - "fr": "Choisissez l'administrateur pour Weblate" - }, "example": "johndoe" }, { "name": "password", "type": "password", - "ask": { - "en": "Set the administrator password", - "fr": "Définissez le mot de passe administrateur" - }, "example": "Choose a password" }, { diff --git a/scripts/_common.sh b/scripts/_common.sh index 68ad43d..0af1aa3 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -12,7 +12,7 @@ pkg_dependencies="libxml2-dev libxslt-dev libfreetype6-dev libjpeg-dev libz-dev libpq-dev libglib2.0-dev mailutils python-celery-common hub" # Weblate's version for PIP and settings file -weblate_version="4.5.1" +weblate_version="4.6.1" debian_maj_version=$(sed 's/\..*//' /etc/debian_version) diff --git a/scripts/install b/scripts/install index 15c23ca..ff55bba 100755 --- a/scripts/install +++ b/scripts/install @@ -126,13 +126,15 @@ chown -R "$app": "$final_path" set +o nounset source "${final_path}/venv/bin/activate" set -o nounset - sudo -u $app $final_path/venv/bin/pip install --upgrade pip setuptools wheel + cd "${final_path}" + + sudo --user=$app $final_path/venv/bin/pip install --upgrade pip setuptools wheel # Still needed with latest version of weblate? - sudo -u $app $final_path/venv/bin/pip install Weblate=="$weblate_version" - sudo -u $app $final_path/venv/bin/pip install psycopg2-binary ruamel.yaml aeidon phply + sudo --user=$app $final_path/venv/bin/pip install Weblate=="$weblate_version" + sudo --user=$app $final_path/venv/bin/pip install psycopg2-binary ruamel.yaml aeidon phply #pip install pytz python-bidi PyYaML Babel pyuca pylibravatar py3dns psycopg2-binary phply django-redis hiredis aeidon ruamel.yaml # specific to YunoHost package: - sudo -u $app $final_path/venv/bin/pip install django_sendmail_backend + sudo --user=$app $final_path/venv/bin/pip install django_sendmail_backend ) #================================================= @@ -182,18 +184,20 @@ ynh_script_progression --message="Filling up the database..." --weight=10 source "${final_path}/venv/bin/activate" set -o nounset export DJANGO_SETTINGS_MODULE="weblate.settings" + cd "${final_path}" + # the user needs to be weblate for postgresql - sudo -u $app $final_path/venv/bin/weblate migrate --noinput + sudo --user=$app $final_path/venv/bin/weblate migrate --noinput # generate static files - sudo -u $app $final_path/venv/bin/weblate collectstatic --noinput - sudo -u $app $final_path/venv/bin/weblate createadmin --no-color \ + sudo --user=$app $final_path/venv/bin/weblate collectstatic --noinput + sudo --user=$app $final_path/venv/bin/weblate createadmin --no-color \ --password "$password" \ --username "$admin" \ --email "$admin_mail" # Check the configuration # This may fail in some cases with errors, etc., but the app works and the user can fix issues later. - sudo -u $app $final_path/venv/bin/weblate check --deploy || true + sudo --user=$app $final_path/venv/bin/weblate check --deploy || true ) #================================================= @@ -246,10 +250,10 @@ ynh_add_systemd_config --service="$app-celery" --template="celery-weblate.servic #================================================= # Set permissions to app files -chown -R "$app": "$final_path" - mkdir -p "$final_path/avatar-cache" -chown -R "$app": "$final_path/avatar-cache" +chown -R "$app": "$final_path" +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" #================================================= # SETUP LOGROTATE diff --git a/scripts/restore b/scripts/restore index 7be3bff..0ef83c8 100755 --- a/scripts/restore +++ b/scripts/restore @@ -70,10 +70,10 @@ ynh_system_user_create --username=$app --home_dir="$final_path" --use_shell #================================================= # Restore permissions on app files -chown -R "$app": "$final_path" - mkdir -p "$final_path/avatar-cache" -chown -R "$app": "$final_path/avatar-cache" +chown -R "$app": "$final_path" +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" #================================================= # SPECIFIC RESTORATION diff --git a/scripts/upgrade b/scripts/upgrade index 3506e41..1ce5d17 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -171,20 +171,22 @@ upgrade() { ynh_systemd_action --service_name="$app-celery" --action="stop" virtualenv --python=python3 "${final_path}/venv" - chown -R "$app": "$final_path/venv" + chown -R "$app": "$final_path" #run source in a 'sub shell' ( set +o nounset source "${final_path}/venv/bin/activate" set -o nounset - sudo -u $app $final_path/venv/bin/pip install --upgrade pip setuptools wheel + cd "${final_path}" + + sudo --user=$app $final_path/venv/bin/pip install --upgrade pip setuptools wheel # Still needed with latest version of weblate? - sudo -u $app $final_path/venv/bin/pip install --upgrade Weblate=="$new_version" - sudo -u $app $final_path/venv/bin/pip install psycopg2-binary ruamel.yaml aeidon phply + sudo --user=$app $final_path/venv/bin/pip install --upgrade Weblate=="$new_version" + sudo --user=$app $final_path/venv/bin/pip install psycopg2-binary ruamel.yaml aeidon phply #pip install pytz python-bidi PyYaML Babel pyuca pylibravatar py3dns psycopg2-binary phply django-redis hiredis aeidon ruamel.yaml # specific to YunoHost package: - sudo -u $app $final_path/venv/bin/pip install django_sendmail_backend + sudo --user=$app $final_path/venv/bin/pip install django_sendmail_backend ) #================================================= @@ -235,16 +237,16 @@ upgrade() { export DJANGO_SETTINGS_MODULE="weblate.settings" cd "${final_path}" - sudo -u $app $final_path/venv/bin/weblate migrate --noinput - sudo -u $app $final_path/venv/bin/weblate collectstatic --noinput - sudo -u $app $final_path/venv/bin/weblate setuplang - sudo -u $app $final_path/venv/bin/weblate setupgroups - sudo -u $app $final_path/venv/bin/weblate compilemessages + sudo --user=$app $final_path/venv/bin/weblate migrate --noinput + sudo --user=$app $final_path/venv/bin/weblate collectstatic --noinput + sudo --user=$app $final_path/venv/bin/weblate setuplang + sudo --user=$app $final_path/venv/bin/weblate setupgroups + sudo --user=$app $final_path/venv/bin/weblate compilemessages # Check the configuration # This may fail in some cases with errors, etc., but the app works and the user can fix issues later. if [ "$new_version" == "$weblate_version" ]; then - sudo -u $app $final_path/venv/bin/weblate check --deploy || true + sudo --user=$app $final_path/venv/bin/weblate check --deploy || true fi ) } @@ -253,6 +255,11 @@ file_version="${final_path}/venv/lib/$weblate_pypath/site-packages/weblate/__ini if [ -e $file_version ] then current_version=$(cat $file_version | grep "^VERSION = " | grep -o "[0-9].[0-9]" | head -n1 | cut -d"." -f1) + if [ -z "$current_version" ] + then + file_version="${final_path}/venv/lib/$weblate_pypath/site-packages/weblate/utils/version.py" + current_version=$(cat $file_version | grep "^VERSION = " | grep -o "[0-9].[0-9]" | head -n1 | cut -d"." -f1) + fi else current_version=3 fi @@ -289,10 +296,10 @@ yunohost service add "$app-celery" --log "/var/log/$app/weblate-celery-w1.log" #================================================= # Set right permissions for curl installation -chown -R "$app": "$final_path" - mkdir -p "$final_path/avatar-cache" -chown -R "$app": "$final_path/avatar-cache" +chown -R "$app": "$final_path" +chmod 750 "$final_path" +chmod -R o-rwx "$final_path" #================================================= # START SYSTEMD SERVICES