From 99bd7bb545dc7ddc3fa6139387454f7e55728f7e Mon Sep 17 00:00:00 2001 From: tituspijean Date: Fri, 24 Feb 2023 00:19:25 +0100 Subject: [PATCH 01/16] [autopatch] Upgrade auto-updater --- .github/workflows/updater.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/updater.yml b/.github/workflows/updater.yml index e71f2cf..709d058 100644 --- a/.github/workflows/updater.yml +++ b/.github/workflows/updater.yml @@ -18,7 +18,7 @@ jobs: runs-on: ubuntu-latest steps: - name: Fetch the source code - uses: actions/checkout@v2 + uses: actions/checkout@v3 with: token: ${{ secrets.GITHUB_TOKEN }} @@ -27,7 +27,7 @@ jobs: - name: Create Pull Request if: ${{ env.PROCEED == 'true' }} - uses: peter-evans/create-pull-request@v3 + uses: peter-evans/create-pull-request@v4 with: token: ${{ secrets.GITHUB_TOKEN }} title: Upgrade ${{ env.APP_NAME }} to version ${{ env.VERSION }} From f381760def8baf4ec7fb58664475ead8f742acda Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Fri, 9 Jun 2023 20:20:21 +0000 Subject: [PATCH 02/16] Auto-update README --- README.md | 1 + README_fr.md | 1 + 2 files changed, 2 insertions(+) diff --git a/README.md b/README.md index e7945fc..ab6122c 100644 --- a/README.md +++ b/README.md @@ -6,6 +6,7 @@ It shall NOT be edited by hand. # Wetty for YunoHost [![Integration level](https://dash.yunohost.org/integration/wetty.svg)](https://dash.yunohost.org/appci/app/wetty) ![Working status](https://ci-apps.yunohost.org/ci/badges/wetty.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/wetty.maintain.svg) + [![Install Wetty with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=wetty) *[Lire ce readme en français.](./README_fr.md)* diff --git a/README_fr.md b/README_fr.md index 560192b..5404bcd 100644 --- a/README_fr.md +++ b/README_fr.md @@ -6,6 +6,7 @@ It shall NOT be edited by hand. # Wetty pour YunoHost [![Niveau d’intégration](https://dash.yunohost.org/integration/wetty.svg)](https://dash.yunohost.org/appci/app/wetty) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/wetty.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/wetty.maintain.svg) + [![Installer Wetty avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=wetty) *[Read this readme in english.](./README.md)* From b7f0114af14dfb50e090c1fcd8613e2d7b39833c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Fri, 9 Jun 2023 22:09:36 +0200 Subject: [PATCH 03/16] Manifest v2 port --- conf/app.src | 6 --- conf/config.json5 | 2 +- conf/systemd.service | 2 +- manifest.json | 54 ----------------------- manifest.toml | 54 +++++++++++++++++++++++ scripts/backup | 22 +-------- scripts/change_url | 84 ++--------------------------------- scripts/install | 103 ++++--------------------------------------- scripts/remove | 36 --------------- scripts/restore | 48 +++----------------- scripts/upgrade | 71 +++++------------------------ 11 files changed, 88 insertions(+), 394 deletions(-) delete mode 100644 conf/app.src delete mode 100644 manifest.json create mode 100644 manifest.toml diff --git a/conf/app.src b/conf/app.src deleted file mode 100644 index 5b622ab..0000000 --- a/conf/app.src +++ /dev/null @@ -1,6 +0,0 @@ -SOURCE_URL=https://github.com/butlerx/wetty/archive/refs/tags/v2.5.0.tar.gz -SOURCE_SUM=a6f7e3687619c29b2b8cc04b502fd8207c53a895527849557d3d3ed7f362cbac -SOURCE_SUM_PRG=sha256sum -SOURCE_FORMAT=tar.gz -SOURCE_IN_SUBDIR=true -SOURCE_EXTRACT=true diff --git a/conf/config.json5 b/conf/config.json5 index 0ad4358..a56041f 100644 --- a/conf/config.json5 +++ b/conf/config.json5 @@ -12,7 +12,7 @@ // config: '/home/user/.wetty_ssh_config', // alternative ssh configuration file, see "-F" option in ssh(1) }, server: { - base: '__PATH_URL__', // URL base to serve resources from + base: '__PATH__', // URL base to serve resources from port: __PORT__, // Port to listen on host: '127.0.0.1', // address to listen on title: 'WeTTy - The Web Terminal Emulator', // Page title diff --git a/conf/systemd.service b/conf/systemd.service index aaac467..aa317d2 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -7,7 +7,7 @@ Type=simple Environment=NODE_ENV=production User=__APP__ Group=__APP__ -WorkingDirectory=__FINALPATH__/ +WorkingDirectory=__INSTALL_DIR__/ ExecStart=__YNH_NODE__ . --conf ./config.json5 TimeoutStopSec=20 KillMode=mixed diff --git a/manifest.json b/manifest.json deleted file mode 100644 index d6daf5d..0000000 --- a/manifest.json +++ /dev/null @@ -1,54 +0,0 @@ -{ - "name": "Wetty", - "id": "wetty", - "packaging_format": 1, - "description": { - "en": "Terminal in browser over HTTP/HTTPS", - "fr": "Un terminal dans le navigateur sur HTTP/HTTPS" - }, - "version": "2.5.0~ynh2", - "url": "https://github.com/butlerx/wetty/", - "license": "MIT", - "upstream": { - "license": "MIT", - "admindoc": "https://github.com/butlerx/wetty/tree/main/docs", - "code": "https://github.com/butlerx/wetty", - "screenshots": [ - "https://raw.githubusercontent.com/butlerx/wetty/main/docs/terminal.png" - ] - }, - "maintainer": { - "name": "Salamandar", - "email": "salamandar@salamandar.fr" - }, - "requirements": { - "yunohost": ">= 11.0.9" - }, - "multi_instance": true, - "services": [ - "nginx" - ], - "arguments": { - "install": [ - { - "name": "domain", - "type": "domain" - }, - { - "name": "path", - "type": "path", - "example": "/wetty", - "default": "/wetty" - }, - { - "name": "is_public", - "type": "boolean", - "help": { - "en": "Even if public, it still requires authentication.", - "fr": "Même publique, vous devrez vous authentifier" - }, - "default": false - } - ] - } -} diff --git a/manifest.toml b/manifest.toml new file mode 100644 index 0000000..ed92bb0 --- /dev/null +++ b/manifest.toml @@ -0,0 +1,54 @@ +packaging_format = 2 + +id = "wetty" +name = "Wetty" +description.en = "Terminal in browser over http/https. (Ajaxterm/Anyterm alternative, but much better)" +description.fr = "Un terminal dans le navigateur sur http/https. (Alternative à Ajaxterm/Anyterm, mais bien meilleur)" + +version = "2.5.0~ynh3" + +maintainers = ["Salamandar"] + +[upstream] +license = "free" +website = "https://github.com/butlerx/wetty/" + +[integration] +yunohost = ">=11.1.0" +architectures = "all" +multi_instance = true +ldap = "not_relevant" +sso = false +# disk = "50M" # FIXME: replace with an **estimate** minimum disk requirement. e.g. 20M, 400M, 1G, ... +# ram.build = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ... +# ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ... + +[install] + [install.domain] + type = "domain" + + [install.path] + type = "path" + default = "/wetty" + + [install.init_main_permission] + help.en = "Even if public, it still requires authentication." + help.fr = "Même publique, vous devrez vous authentifier" + type = "group" + default = false + +[resources] + [resources.sources.main] + url = "https://github.com/butlerx/wetty/archive/refs/tags/v2.5.0.tar.gz" + sha256 = "a6f7e3687619c29b2b8cc04b502fd8207c53a895527849557d3d3ed7f362cbac" + autoupdate.strategy = "latest_github_release" + + [resources.system_user] + + [resources.install_dir] + + [resources.permissions] + main.url = "/" + + [resources.ports] + main.default = 8095 diff --git a/scripts/backup b/scripts/backup index f78c623..737146f 100755 --- a/scripts/backup +++ b/scripts/backup @@ -10,26 +10,6 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - true -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_print_info --message="Loading installation settings..." - -app=$YNH_APP_INSTANCE_NAME - -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -domain=$(ynh_app_setting_get --app=$app --key=domain) - #================================================= # DECLARE DATA AND CONF FILES TO BACKUP #================================================= @@ -39,7 +19,7 @@ ynh_print_info --message="Declaring files to be backed up..." # BACKUP THE APP MAIN DIR #================================================= -ynh_backup --src_path="$final_path" +ynh_backup --src_path="$install_dir" #================================================= # BACKUP THE NGINX CONFIGURATION diff --git a/scripts/change_url b/scripts/change_url index 5262c55..0b9155e 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -9,60 +9,6 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# RETRIEVE ARGUMENTS -#================================================= - -old_domain=$YNH_APP_OLD_DOMAIN -old_path=$YNH_APP_OLD_PATH - -new_domain=$YNH_APP_NEW_DOMAIN -new_path=$YNH_APP_NEW_PATH - -app=$YNH_APP_INSTANCE_NAME - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -# Needed for helper "ynh_add_nginx_config" -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -port=$(ynh_app_setting_get --app=$app --key=port) - -#================================================= -# BACKUP BEFORE CHANGE URL THEN ACTIVE TRAP -#================================================= -ynh_script_progression --message="Backing up the app before changing its URL (may take a while)..." --weight=1 - -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - # Remove the new domain config file, the remove script won't do it as it doesn't know yet its location. - ynh_secure_remove --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" - - # Restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# CHECK WHICH PARTS SHOULD BE CHANGED -#================================================= - -change_domain=0 -if [ "$old_domain" != "$new_domain" ] -then - change_domain=1 -fi - -change_path=0 -if [ "$old_path" != "$new_path" ] -then - change_path=1 -fi - #================================================= # STANDARD MODIFICATIONS #================================================= @@ -77,29 +23,7 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app #================================================= ynh_script_progression --message="Updating NGINX web server configuration..." --weight=1 -nginx_conf_path=/etc/nginx/conf.d/$old_domain.d/$app.conf - -# Change the path in the NGINX config file -if [ $change_path -eq 1 ] -then - # Make a backup of the original NGINX config file if modified - ynh_backup_if_checksum_is_different --file="$nginx_conf_path" - # Set global variables for NGINX helper - domain="$old_domain" - path_url="$new_path" - # Create a dedicated NGINX config - ynh_add_nginx_config -fi - -# Change the domain for NGINX -if [ $change_domain -eq 1 ] -then - # Delete file checksum for the old conf file location - ynh_delete_file_checksum --file="$nginx_conf_path" - mv $nginx_conf_path /etc/nginx/conf.d/$new_domain.d/$app.conf - # Store file checksum for the new config file location - ynh_store_file_checksum --file="/etc/nginx/conf.d/$new_domain.d/$app.conf" -fi +ynh_change_url_nginx_config #================================================= # SPECIFIC MODIFICATIONS @@ -112,10 +36,10 @@ domain="$new_domain" path_url="$new_path" # port is already defined in this file -ynh_add_config --template="config.json5" --destination="$final_path/config.json5" +ynh_add_config --template="config.json5" --destination="$install_dir/config.json5" -chmod 400 "$final_path/config.json5" -chown $app:$app "$final_path/config.json5" +chmod 400 "$install_dir/config.json5" +chown $app:$app "$install_dir/config.json5" #================================================= # GENERIC FINALISATION diff --git a/scripts/install b/scripts/install index 83ec516..c17e370 100755 --- a/scripts/install +++ b/scripts/install @@ -9,57 +9,6 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - true -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# RETRIEVE ARGUMENTS FROM THE MANIFEST -#================================================= - -domain=$YNH_APP_ARG_DOMAIN -path_url=$YNH_APP_ARG_PATH -is_public=$YNH_APP_ARG_IS_PUBLIC -app=$YNH_APP_INSTANCE_NAME - -#================================================= -# CHECK IF THE APP CAN BE INSTALLED WITH THESE ARGS -#================================================= -ynh_script_progression --message="Validating installation parameters..." --weight=1 - -final_path=/var/www/$app -test ! -e "$final_path" || ynh_die --message="This path already contains a folder" - -# Register (book) web path -ynh_webpath_register --app=$app --domain=$domain --path_url=$path_url - -#================================================= -# STORE SETTINGS FROM MANIFEST -#================================================= -ynh_script_progression --message="Storing installation settings..." --weight=1 - -ynh_app_setting_set --app=$app --key=domain --value=$domain -ynh_app_setting_set --app=$app --key=path --value=$path_url - -#================================================= -# STANDARD MODIFICATIONS -#================================================= -# FIND AND OPEN A PORT -#================================================= -ynh_script_progression --message="Finding an available port..." --weight=1 - -# Find an available port -port=$(ynh_find_port --port=8095) -ynh_app_setting_set --app=$app --key=port --value=$port - -# DO NOT OPEN THIS PORT - #================================================= # INSTALL DEPENDENCIES #================================================= @@ -71,34 +20,22 @@ ynh_install_nodejs --nodejs_version=$NODEJS_VERSION # Install Yarn ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" \ --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" - -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Configuring system user..." --weight=1 - -# Create a system user -ynh_system_user_create --username=$app --home_dir="$final_path" + --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= ynh_script_progression --message="Setting up source files..." --weight=1 -ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source --dest_dir="$final_path" - -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:$app "$final_path" +ynh_setup_source --dest_dir="$install_dir" #================================================= # NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Configuring NGINX web server..." --weight=1 +ynh_script_progression --message="Configuring nginx web server..." --weight=1 -# Create a dedicated NGINX config +# Create a dedicated nginx config ynh_add_nginx_config #================================================= @@ -108,22 +45,22 @@ ynh_add_nginx_config #================================================= ynh_script_progression --message="Adding a configuration file..." --weight=1 -ynh_add_config --template="config.json5" --destination="$final_path/config.json5" +ynh_add_config --template="config.json5" --destination="$install_dir/config.json5" -chmod 400 "$final_path/config.json5" -chown $app:$app "$final_path/config.json5" +chmod 400 "$install_dir/config.json5" +chown $app:$app "$install_dir/config.json5" #================================================= # BUILD YARN DEPENDENCIES #================================================= ynh_script_progression --message="Building Yarn dependencies... This may take several minutes for a first install." --weight=6 -pushd "$final_path" || return 1 +pushd "$install_dir" || return 1 ynh_use_nodejs ; set "${ynh_node_load_PATH:?}" sudo -u $app env "$ynh_node_load_PATH" yarn sudo -u $app env "$ynh_node_load_PATH" yarn build sudo -u $app env "$ynh_node_load_PATH" yarn install --production --ignore-scripts --prefer-offline - ynh_secure_remove --file="$final_path/.cache" + ynh_secure_remove --file="$install_dir/.cache" popd || return 1 #================================================= @@ -159,28 +96,6 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1 # Start a systemd service ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="Server started" -#================================================= -# SETUP SSOWAT -#================================================= -ynh_script_progression --message="Configuring permissions..." --weight=1 - -# Make app public if necessary -if [ $is_public -eq 1 ] -then - # Everyone can access the app. - # The "main" permission is automatically created before the install script. - ynh_permission_update --permission="main" --add="visitors" -fi - -ynh_permission_url --permission="main" --auth_header=false - -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - -ynh_systemd_action --service_name=nginx --action=reload - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/remove b/scripts/remove index ad2017e..352eaa2 100755 --- a/scripts/remove +++ b/scripts/remove @@ -9,16 +9,6 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) - #================================================= # STANDARD REMOVE #================================================= @@ -40,22 +30,6 @@ ynh_script_progression --message="Stopping and removing the systemd service..." # Remove the dedicated systemd config ynh_remove_systemd_config -#================================================= -# REMOVE DEPENDENCIES -#================================================= -ynh_script_progression --message="Removing dependencies..." --weight=3 - -# Remove metapackage and its dependencies -ynh_remove_app_dependencies - -#================================================= -# REMOVE APP MAIN DIR -#================================================= -ynh_script_progression --message="Removing app main directory..." --weight=1 - -# Remove the app directory securely -ynh_secure_remove --file="$final_path" - #================================================= # REMOVE NGINX CONFIGURATION #================================================= @@ -72,16 +46,6 @@ ynh_script_progression --message="Removing logrotate configuration..." --weight= # Remove the app-specific logrotate config ynh_remove_logrotate -#================================================= -# GENERIC FINALIZATION -#================================================= -# REMOVE DEDICATED USER -#================================================= -ynh_script_progression --message="Removing the dedicated system user..." --weight=1 - -# Delete a system user -ynh_system_user_delete --username=$app - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index dcf8b81..42aec37 100755 --- a/scripts/restore +++ b/scripts/restore @@ -10,35 +10,6 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers -#================================================= -# MANAGE SCRIPT FAILURE -#================================================= - -ynh_clean_setup () { - true -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) - -#================================================= -# CHECK IF THE APP CAN BE RESTORED -#================================================= -ynh_script_progression --message="Validating restoration parameters..." --weight=1 - -test ! -d $final_path \ - || ynh_die --message="There is already a directory: $final_path " - #================================================= # STANDARD RESTORATION STEPS #================================================= @@ -48,24 +19,19 @@ ynh_script_progression --message="Restoring the NGINX configuration..." --weight ynh_restore_file --origin_path="/etc/nginx/conf.d/$domain.d/$app.conf" -#================================================= -# RECREATE THE DEDICATED USER -#================================================= -ynh_script_progression --message="Recreating the dedicated system user..." --weight=1 - -# Create the dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" - #================================================= # RESTORE THE APP MAIN DIR #================================================= ynh_script_progression --message="Restoring the app main directory..." --weight=1 -ynh_restore_file --origin_path="$final_path" +ynh_restore_file --origin_path="$install_dir" -chmod 750 "$final_path" -chmod -R o-rwx "$final_path" -chown -R $app:$app "$final_path" +#================================================= +# RESTORE USER RIGHTS +#================================================= + +# Restore permissions on app files +chown -R root: "$install_dir" #================================================= # SPECIFIC RESTORATION diff --git a/scripts/upgrade b/scripts/upgrade index da386ea..308de62 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -9,18 +9,6 @@ source _common.sh source /usr/share/yunohost/helpers -#================================================= -# LOAD SETTINGS -#================================================= -ynh_script_progression --message="Loading installation settings..." --weight=1 - -app=$YNH_APP_INSTANCE_NAME - -domain=$(ynh_app_setting_get --app=$app --key=domain) -path_url=$(ynh_app_setting_get --app=$app --key=path) -final_path=$(ynh_app_setting_get --app=$app --key=final_path) -port=$(ynh_app_setting_get --app=$app --key=port) - #================================================= # CHECK VERSION #================================================= @@ -28,18 +16,9 @@ port=$(ynh_app_setting_get --app=$app --key=port) upgrade_type=$(ynh_check_app_version_changed) #================================================= -# BACKUP BEFORE UPGRADE THEN ACTIVE TRAP +# ENSURE DOWNWARD COMPATIBILITY #================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=3 - -# Backup the current version of the app -ynh_backup_before_upgrade -ynh_clean_setup () { - # Restore it if the upgrade fails - ynh_restore_upgradebackup -} -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors +ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1 #================================================= # STANDARD UPGRADE STEPS @@ -55,30 +34,9 @@ ynh_systemd_action --service_name=$app --action="stop" --log_path="/var/log/$app #================================================= ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 -# If final_path doesn't exist, create it -if [ -z "$final_path" ]; then - final_path="/var/www/$app" - ynh_app_setting_set --app=$app --key=final_path --value="$final_path" -fi - -# Cleaning legacy permissions -if ynh_legacy_permissions_exists; then - ynh_legacy_permissions_delete_all - - ynh_app_setting_delete --app=$app --key=is_public -fi - # Disable auth_header ynh_permission_url --permission="main" --auth_header=false -#================================================= -# CREATE DEDICATED USER -#================================================= -ynh_script_progression --message="Making sure dedicated system user exists..." --weight=1 - -# Create a dedicated user (if not existing) -ynh_system_user_create --username=$app --home_dir="$final_path" - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -88,11 +46,11 @@ then ynh_script_progression --message="Upgrading source files..." # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir="$final_path" + ynh_setup_source --dest_dir="$install_dir" fi -chmod -R u=rwX,g=rX,o= "$final_path" -chown -R $app:$app "$final_path" +chmod -R u=rwX,g=rX,o= "$install_dir" +chown -R $app:$app "$install_dir" #================================================= # NGINX CONFIGURATION @@ -121,24 +79,24 @@ ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ st #================================================= ynh_script_progression --message="Updating a configuration file..." -ynh_add_config --template="config.json5" --destination="$final_path/config.json5" +ynh_add_config --template="config.json5" --destination="$install_dir/config.json5" -chmod 400 "$final_path/config.json5" -chown $app:$app "$final_path/config.json5" +chmod 400 "$install_dir/config.json5" +chown $app:$app "$install_dir/config.json5" #================================================= # BUILD YARN DEPENDENCIES #================================================= ynh_script_progression --message="Rebuilding Yarn dependencies..." --weight=2 -chown -R $app:$app "$final_path" +chown -R $app:$app "$install_dir" -pushd "$final_path" || return 1 +pushd "$install_dir" || return 1 ynh_use_nodejs ; set "${ynh_node_load_PATH:?}" sudo -u $app env "$ynh_node_load_PATH" yarn sudo -u $app env "$ynh_node_load_PATH" yarn build sudo -u $app env "$ynh_node_load_PATH" yarn install --production --ignore-scripts --prefer-offline - ynh_secure_remove --file="$final_path/.cache" + ynh_secure_remove --file="$install_dir/.cache" popd || return 1 #================================================= @@ -173,13 +131,6 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1 ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="Server started" -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - -ynh_systemd_action --service_name=nginx --action=reload - #================================================= # END OF SCRIPT #================================================= From 27f835c72535b8485abbd6a26f0606fb27cca93b Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Fri, 9 Jun 2023 20:20:42 +0000 Subject: [PATCH 04/16] Auto-update README --- README.md | 5 ++--- README_fr.md | 5 ++--- 2 files changed, 4 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index ab6122c..ad2cb92 100644 --- a/README.md +++ b/README.md @@ -19,7 +19,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Terminal over HTTP and HTTPS. WeTTy is an alternative to ajaxterm and anyterm but much better than them because WeTTy uses xterm.js which is a full fledged implementation of terminal emulation written entirely in JavaScript. WeTTy uses websockets rather then Ajax and hence better response time. -**Shipped version:** 2.5.0~ynh2 +**Shipped version:** 2.5.0~ynh3 ## Screenshots @@ -44,8 +44,7 @@ There is few configuration in Wetty: ## Documentation and resources -* Official admin documentation: -* Upstream app code repository: +* Official app website: * YunoHost documentation for this app: * Report a bug: diff --git a/README_fr.md b/README_fr.md index 5404bcd..f960818 100644 --- a/README_fr.md +++ b/README_fr.md @@ -19,7 +19,7 @@ Si vous n’avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) po Terminal sur HTTP et HTTPS. WeTTy est une alternative à ajaxterm et anyterm mais bien meilleure qu'eux car WeTTy utilise xterm.js qui est une implémentation complète de l'émulation de terminal écrite entièrement en JavaScript. WeTTy utilise des websockets plutôt que Ajax et donc un meilleur temps de réponse. -**Version incluse :** 2.5.0~ynh2 +**Version incluse :** 2.5.0~ynh3 ## Captures d’écran @@ -43,8 +43,7 @@ Il y a peu de configuration dans Wetty : ## Documentations et ressources -* Documentation officielle de l’admin : -* Dépôt de code officiel de l’app : +* Site officiel de l’app : * Documentation YunoHost pour cette app : * Signaler un bug : From 426761b74728529f25d43c69f779c599de40bd2a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Fri, 9 Jun 2023 22:21:06 +0200 Subject: [PATCH 05/16] Remove updater workflow --- .github/workflows/updater.py | 126 ---------------------------------- .github/workflows/updater.yml | 40 ----------- 2 files changed, 166 deletions(-) delete mode 100755 .github/workflows/updater.py delete mode 100644 .github/workflows/updater.yml diff --git a/.github/workflows/updater.py b/.github/workflows/updater.py deleted file mode 100755 index 019ce2a..0000000 --- a/.github/workflows/updater.py +++ /dev/null @@ -1,126 +0,0 @@ -#!/usr/bin/env python3 -""" -This script is meant to be run by GitHub Actions. -It comes with a Github Action updater.yml to run this script periodically. - -Since each app is different, maintainers can adapt its contents to perform -automatic actions when a new upstream release is detected. - -You need to enable the action by removing `if ${{ false }}` in updater.yml! -""" - -import hashlib -import json -import logging -import os -import re -from subprocess import run, PIPE -import textwrap -from typing import List, Tuple, Any -import requests -from packaging import version - -logging.getLogger().setLevel(logging.INFO) - -# ========================================================================== # -# Functions customizable by app maintainer - -def get_latest_version(repo: str) -> Tuple[version.Version, Any]: - """May be customized by maintainers for other forges than Github""" - api_url = repo.replace("github.com", "api.github.com/repos") - # May use {api_url}/tags and release["name"] for tag-based upstream - releases = requests.get(f"{api_url}/tags").json() - release_info = next(release for release in releases) - return version.Version(release_info["name"]), release_info - -def get_asset_urls_of_release(repo: str, release: Any) -> List[str]: - """May be customized by maintainers for custom urls""" - return [ - # *[asset["browser_download_url"] for asset in release["assets"]], - f"{repo}/archive/refs/tags/{release['name']}.tar.gz" - ] - -def handle_asset(asset_url: str): - """This should be customized by the maintainer according to upstream""" - logging.info("Handling asset at %s", asset_url) - if re.match(r".*/v[0-9\.]+.(tar.gz)$", asset_url): - write_src_file("app.src", asset_url, "tar.gz") - else: - logging.info("Asset ignored") - -# ========================================================================== # -# Core generic code of the script - -def sha256sum_of_url(url: str) -> str: - """Compute checksum without saving the file""" - checksum = hashlib.sha256() - for chunk in requests.get(url, stream=True).iter_content(): - checksum.update(chunk) - return checksum.hexdigest() - -def write_src_file(name: str, asset_url: str, extension: str, - extract: bool = True, subdir: bool = True) -> None: - """Rewrite conf/app.src""" - logging.info("Writing %s...", name) - - with open(f"conf/{name}", "w", encoding="utf-8") as conf_file: - conf_file.write(textwrap.dedent(f"""\ - SOURCE_URL={asset_url} - SOURCE_SUM={sha256sum_of_url(asset_url)} - SOURCE_SUM_PRG=sha256sum - SOURCE_FORMAT={extension} - SOURCE_IN_SUBDIR={str(subdir).lower()} - SOURCE_EXTRACT={str(extract).lower()} - """)) - -def write_github_env(proceed: bool, new_version: str, branch: str): - """Those values will be used later in the workflow""" - if "GITHUB_ENV" not in os.environ: - logging.warning("GITHUB_ENV is not in the envvars, assuming not in CI") - return - with open(os.environ["GITHUB_ENV"], "w", encoding="utf-8") as github_env: - github_env.write(textwrap.dedent(f"""\ - VERSION={new_version} - BRANCH={branch} - PROCEED={str(proceed).lower()} - """)) - -def main(): - with open("manifest.json", "r", encoding="utf-8") as manifest_file: - manifest = json.load(manifest_file) - repo = manifest["upstream"]["code"] - - current_version = version.Version(manifest["version"].split("~")[0]) - latest_version, release_info = get_latest_version(repo) - logging.info("Current version: %s", current_version) - logging.info("Latest upstream version: %s", latest_version) - - # Proceed only if the retrieved version is greater than the current one - if latest_version <= current_version: - logging.warning("No new version available") - write_github_env(False, "", "") - return - - # Proceed only if a PR for this new version does not already exist - branch = f"ci-auto-update-v{latest_version}" - command = ["git", "ls-remote", "--exit-code", "-h", repo, branch] - if run(command, stderr=PIPE, stdout=PIPE, check=False).returncode == 0: - logging.warning("A branch already exists for this update") - write_github_env(False, "", "") - return - - assets = get_asset_urls_of_release(repo, release_info) - logging.info("%d available asset(s)", len(assets)) - for asset in assets: - handle_asset(asset) - - manifest["version"] = f"{latest_version}~ynh1" - with open("manifest.json", "w", encoding="utf-8") as manifest_file: - json.dump(manifest, manifest_file, indent=4, ensure_ascii=False) - manifest_file.write("\n") - - write_github_env(True, latest_version, branch) - - -if __name__ == "__main__": - main() diff --git a/.github/workflows/updater.yml b/.github/workflows/updater.yml deleted file mode 100644 index 709d058..0000000 --- a/.github/workflows/updater.yml +++ /dev/null @@ -1,40 +0,0 @@ -# This workflow allows GitHub Actions to automagically update your app whenever a new upstream release is detected. -# You need to enable Actions in your repository settings, and fetch this Action from the YunoHost-Apps organization. -# This file should be enough by itself, but feel free to tune it to your needs. -# It calls updater.sh, which is where you should put the app-specific update steps. -name: Check for new upstream releases -on: - # Allow to manually trigger the workflow - workflow_dispatch: - # Run it every day at 6:00 UTC - schedule: - - cron: '0 6 * * *' - -jobs: - updater: - # Maintainer should customize the updater script then comment this line. - # if: ${{ false }} - - runs-on: ubuntu-latest - steps: - - name: Fetch the source code - uses: actions/checkout@v3 - with: - token: ${{ secrets.GITHUB_TOKEN }} - - - name: Run the updater script - run: .github/workflows/updater.py - - - name: Create Pull Request - if: ${{ env.PROCEED == 'true' }} - uses: peter-evans/create-pull-request@v4 - with: - token: ${{ secrets.GITHUB_TOKEN }} - title: Upgrade ${{ env.APP_NAME }} to version ${{ env.VERSION }} - body: Upgrade ${{ env.APP_NAME }} to version ${{ env.VERSION }} - commit-message: Upgrade ${{ env.APP_NAME }} to version ${{ env.VERSION }} - committer: 'yunohost-bot ' - author: 'yunohost-bot ' - base: testing - branch: ${{ env.BRANCH }} - delete-branch: true From ae135e83479bcb0c5190cc2d54bd7f0cea4469e2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Sat, 10 Jun 2023 21:14:43 +0200 Subject: [PATCH 06/16] fix manifest --- manifest.toml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifest.toml b/manifest.toml index ed92bb0..4a6b22f 100644 --- a/manifest.toml +++ b/manifest.toml @@ -19,9 +19,9 @@ architectures = "all" multi_instance = true ldap = "not_relevant" sso = false -# disk = "50M" # FIXME: replace with an **estimate** minimum disk requirement. e.g. 20M, 400M, 1G, ... -# ram.build = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ... -# ram.runtime = "50M" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ... +disk = "?" # FIXME: replace with an **estimate** minimum disk requirement. e.g. 20M, 400M, 1G, ... +ram.build = "?" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ... +ram.runtime = "?" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ... [install] [install.domain] From dfa4ff1614d3da59278cdbd1d353b99ffc298e51 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Sat, 10 Jun 2023 17:35:18 +0200 Subject: [PATCH 07/16] linter --- conf/systemd.service | 2 +- doc/{DISCLAIMER.md => ADMIN.md} | 0 doc/{DISCLAIMER_fr.md => ADMIN_fr.md} | 0 manifest.toml | 8 +++++++- scripts/change_url | 7 ------- scripts/install | 5 ----- tests.toml | 5 +++++ 7 files changed, 13 insertions(+), 14 deletions(-) rename doc/{DISCLAIMER.md => ADMIN.md} (100%) rename doc/{DISCLAIMER_fr.md => ADMIN_fr.md} (100%) create mode 100644 tests.toml diff --git a/conf/systemd.service b/conf/systemd.service index aa317d2..bda4cf7 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -1,5 +1,5 @@ [Unit] -Description=Wetty Web Terminal +Description=Wetty: Web Terminal After=network.target [Service] diff --git a/doc/DISCLAIMER.md b/doc/ADMIN.md similarity index 100% rename from doc/DISCLAIMER.md rename to doc/ADMIN.md diff --git a/doc/DISCLAIMER_fr.md b/doc/ADMIN_fr.md similarity index 100% rename from doc/DISCLAIMER_fr.md rename to doc/ADMIN_fr.md diff --git a/manifest.toml b/manifest.toml index 4a6b22f..15e64ef 100644 --- a/manifest.toml +++ b/manifest.toml @@ -14,7 +14,7 @@ license = "free" website = "https://github.com/butlerx/wetty/" [integration] -yunohost = ">=11.1.0" +yunohost = ">=11.1.20" architectures = "all" multi_instance = true ldap = "not_relevant" @@ -52,3 +52,9 @@ ram.runtime = "?" # FIXME: replace with an **estimate** minimum ram requirement. [resources.ports] main.default = 8095 + + [resources.apt] + packages = "" + extras.yarn.repo = "deb https://dl.yarnpkg.com/debian/ stable main" + extras.yarn.key = "https://dl.yarnpkg.com/debian/pubkey.gpg" + extras.yarn.packages = "yarn" diff --git a/scripts/change_url b/scripts/change_url index 0b9155e..25c2008 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -50,13 +50,6 @@ ynh_script_progression --message="Starting a systemd service..." --weight=1 ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/$app.log" --line_match="Server started" -#================================================= -# RELOAD NGINX -#================================================= -ynh_script_progression --message="Reloading NGINX web server..." --weight=1 - -ynh_systemd_action --service_name=nginx --action=reload - #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/install b/scripts/install index c17e370..b478ae5 100755 --- a/scripts/install +++ b/scripts/install @@ -17,11 +17,6 @@ ynh_script_progression --message="Installing dependencies..." --weight=6 # Install nodejs ynh_install_nodejs --nodejs_version=$NODEJS_VERSION -# Install Yarn -ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" \ - --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" - --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" - #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= diff --git a/tests.toml b/tests.toml new file mode 100644 index 0000000..d7d98af --- /dev/null +++ b/tests.toml @@ -0,0 +1,5 @@ +test_format = 1.0 + +[default] + + test_upgrade_from.e7ffa9512f59c8c2097512a4b6613524c5284e77.name = "Upgrade from 2.0.3~ynh4" From 03cc4a989deaafefbfd766032fd3697c02752b19 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Sat, 10 Jun 2023 17:45:26 +0200 Subject: [PATCH 08/16] fix --- manifest.toml | 4 ++-- scripts/upgrade | 5 ----- 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/manifest.toml b/manifest.toml index 15e64ef..57c90e5 100644 --- a/manifest.toml +++ b/manifest.toml @@ -10,8 +10,8 @@ version = "2.5.0~ynh3" maintainers = ["Salamandar"] [upstream] -license = "free" -website = "https://github.com/butlerx/wetty/" +license = "MIT" +code = "https://github.com/butlerx/wetty" [integration] yunohost = ">=11.1.20" diff --git a/scripts/upgrade b/scripts/upgrade index 308de62..cf57754 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -15,11 +15,6 @@ source /usr/share/yunohost/helpers upgrade_type=$(ynh_check_app_version_changed) -#================================================= -# ENSURE DOWNWARD COMPATIBILITY -#================================================= -ynh_script_progression --message="Ensuring downward compatibility..." --time --weight=1 - #================================================= # STANDARD UPGRADE STEPS #================================================= From 2797bddde8fe17a152fb3deb7f2f516ff9ce4f3f Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Sat, 10 Jun 2023 15:35:23 +0000 Subject: [PATCH 09/16] Auto-update README --- README.md | 17 ----------------- README_fr.md | 16 ---------------- 2 files changed, 33 deletions(-) diff --git a/README.md b/README.md index ad2cb92..139482d 100644 --- a/README.md +++ b/README.md @@ -25,23 +25,6 @@ Terminal over HTTP and HTTPS. WeTTy is an alternative to ajaxterm and anyterm bu ![Screenshot of Wetty](./doc/screenshots/terminal.png) -## Disclaimers / important information - -### Configuration - -There is few configuration in Wetty: -* Startup config (listen port, URL path, SSH host) is contained in the systemd service file -* User interface configuration is done through the web GUI itself. - - -* Is LDAP and HTTP authentication supported? **No** - * You need to manually log in. - * You can log in as a specific user using `https:///wetty/ssh/` - -* You can specify at install if Wetty should be visible by users not logged into YunoHost. - -* You can't use ssh key authentication. - ## Documentation and resources * Official app website: diff --git a/README_fr.md b/README_fr.md index f960818..95ee096 100644 --- a/README_fr.md +++ b/README_fr.md @@ -25,22 +25,6 @@ Terminal sur HTTP et HTTPS. WeTTy est une alternative à ajaxterm et anyterm mai ![Capture d’écran de Wetty](./doc/screenshots/terminal.png) -## Avertissements / informations importantes - -### Configuration - -Il y a peu de configuration dans Wetty : -* La configuration de démarrage (port d'écoute, chemin d'URL, hôte SSH) est contenue dans le fichier de service systemd -* La configuration de l'interface utilisateur se fait via l'interface graphique Web elle-même. - -* L'authentification LDAP et HTTP est-elle prise en charge ? **Non** - * Vous devez vous connecter manuellement. - * Vous pouvez spécifier l'utilisateur en accédent directement `https:///wetty/ssh/` - -* Vous pouvez spécifier à l'installation si Wetty devrait être accessible par des visiteurs non connectés sur YunoHost. - -* Vous ne pouvez pas vous authentifier par une clé SSH. - ## Documentations et ressources * Site officiel de l’app : From d7c84e5347282497b0a8a0e3a5e69044bbf6f45b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Sat, 10 Jun 2023 17:46:36 +0200 Subject: [PATCH 10/16] fix --- scripts/restore | 3 --- scripts/upgrade | 4 ---- 2 files changed, 7 deletions(-) diff --git a/scripts/restore b/scripts/restore index 42aec37..2ee0f09 100755 --- a/scripts/restore +++ b/scripts/restore @@ -43,9 +43,6 @@ ynh_script_progression --message="Reinstalling dependencies..." --weight=3 # Install nodejs ynh_install_nodejs --nodejs_version=$NODEJS_VERSION -# Install Yarn -ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" - #================================================= # RESTORE SYSTEMD #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index cf57754..9496212 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -63,10 +63,6 @@ ynh_script_progression --message="Upgrading dependencies..." --weight=3 # Install nodejs ynh_install_nodejs --nodejs_version=$NODEJS_VERSION -# Install Yarn -ynh_install_extra_app_dependencies --repo="deb https://dl.yarnpkg.com/debian/ stable main" \ - --package="yarn" --key="https://dl.yarnpkg.com/debian/pubkey.gpg" - #================================================= # SPECIFIC UPGRADE #================================================= From 280d049c2f9c861ae316b104e3d4c93ef13cabbe Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Sat, 10 Jun 2023 15:45:35 +0000 Subject: [PATCH 11/16] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 139482d..f8d428e 100644 --- a/README.md +++ b/README.md @@ -27,7 +27,7 @@ Terminal over HTTP and HTTPS. WeTTy is an alternative to ajaxterm and anyterm bu ## Documentation and resources -* Official app website: +* Upstream app code repository: * YunoHost documentation for this app: * Report a bug: diff --git a/README_fr.md b/README_fr.md index 95ee096..321fd8c 100644 --- a/README_fr.md +++ b/README_fr.md @@ -27,7 +27,7 @@ Terminal sur HTTP et HTTPS. WeTTy est une alternative à ajaxterm et anyterm mai ## Documentations et ressources -* Site officiel de l’app : +* Dépôt de code officiel de l’app : * Documentation YunoHost pour cette app : * Signaler un bug : From 63ac5c33d51255f58b1778d710e74664ceca3cfe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Sat, 10 Jun 2023 17:47:01 +0200 Subject: [PATCH 12/16] Update systemd.service --- conf/systemd.service | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/conf/systemd.service b/conf/systemd.service index bda4cf7..89ec7f5 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -17,5 +17,40 @@ RestartSec=2 StandardOutput=append:/var/log/__APP__/__APP__.log StandardError=inherit + +# Sandboxing options to harden security +# Depending on specificities of your service/app, you may need to tweak these +# .. but this should be a good baseline +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectClock=yes +ProtectHostname=yes +ProtectProc=invisible +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallArchitectures=native +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap @cpu-emulation @privileged + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG + [Install] WantedBy=multi-user.target From b866a827b686d0e5bf7a864b33a88d2ed584afc8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Sat, 10 Jun 2023 17:59:24 +0200 Subject: [PATCH 13/16] Update manifest.toml --- manifest.toml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifest.toml b/manifest.toml index 57c90e5..8a156a5 100644 --- a/manifest.toml +++ b/manifest.toml @@ -19,9 +19,9 @@ architectures = "all" multi_instance = true ldap = "not_relevant" sso = false -disk = "?" # FIXME: replace with an **estimate** minimum disk requirement. e.g. 20M, 400M, 1G, ... -ram.build = "?" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ... -ram.runtime = "?" # FIXME: replace with an **estimate** minimum ram requirement. e.g. 50M, 400M, 1G, ... +disk = "50M" +ram.build = "700M" +ram.runtime = "50M" [install] [install.domain] From fe5b2cbb691a9644da404190af64df0a68c5045f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?E=CC=81ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Sat, 10 Jun 2023 18:00:55 +0200 Subject: [PATCH 14/16] cleaning --- doc/ADMIN.md | 8 +++----- doc/ADMIN_fr.md | 5 ++--- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/doc/ADMIN.md b/doc/ADMIN.md index 797a14b..af8f778 100644 --- a/doc/ADMIN.md +++ b/doc/ADMIN.md @@ -4,11 +4,9 @@ There is few configuration in Wetty: * Startup config (listen port, URL path, SSH host) is contained in the systemd service file * User interface configuration is done through the web GUI itself. - -* Is LDAP and HTTP authentication supported? **No** - * You need to manually log in. - * You can log in as a specific user using `https:///wetty/ssh/` +* You need to manually log in. +* You can log in as a specific user using `https://__DOMAIN__/wetty/ssh/` * You can specify at install if Wetty should be visible by users not logged into YunoHost. -* You can't use ssh key authentication. +* You can't use SSH key authentication. diff --git a/doc/ADMIN_fr.md b/doc/ADMIN_fr.md index c865f06..e3234eb 100644 --- a/doc/ADMIN_fr.md +++ b/doc/ADMIN_fr.md @@ -4,9 +4,8 @@ Il y a peu de configuration dans Wetty : * La configuration de démarrage (port d'écoute, chemin d'URL, hôte SSH) est contenue dans le fichier de service systemd * La configuration de l'interface utilisateur se fait via l'interface graphique Web elle-même. -* L'authentification LDAP et HTTP est-elle prise en charge ? **Non** - * Vous devez vous connecter manuellement. - * Vous pouvez spécifier l'utilisateur en accédent directement `https:///wetty/ssh/` +* Vous devez vous connecter manuellement. +* Vous pouvez spécifier l'utilisateur en accédent directement `https://__DOMAIN__/wetty/ssh/` * Vous pouvez spécifier à l'installation si Wetty devrait être accessible par des visiteurs non connectés sur YunoHost. From f9128326e3a7f7d9d36039af99b93c49640ee44c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?F=C3=A9lix=20Pi=C3=A9dallu?= Date: Sat, 10 Jun 2023 21:28:57 +0200 Subject: [PATCH 15/16] Fix restore script --- scripts/restore | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/scripts/restore b/scripts/restore index 2ee0f09..5257f08 100755 --- a/scripts/restore +++ b/scripts/restore @@ -26,12 +26,8 @@ ynh_script_progression --message="Restoring the app main directory..." --weight= ynh_restore_file --origin_path="$install_dir" -#================================================= -# RESTORE USER RIGHTS -#================================================= - -# Restore permissions on app files -chown -R root: "$install_dir" +chmod -R o-rwx "$install_dir" +chown -R $app:www-data "$install_dir" #================================================= # SPECIFIC RESTORATION From ce2a054a2e70e56445ced367cd7565ec545c6050 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Wed, 5 Jul 2023 00:46:27 +0200 Subject: [PATCH 16/16] [autopatch] Fix Host and X-Forwarded-For header spoofing --- conf/nginx.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 057beb4..a858275 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -13,7 +13,7 @@ location __PATH__/ { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header Host $http_host; + proxy_set_header Host $host; proxy_set_header X-NginX-Proxy true; # Include SSOWAT user panel.