From e9d20c8baebebb87f4655c01dcb3b5d39ece84c3 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Thu, 9 Sep 2021 15:03:30 +0200 Subject: [PATCH 01/16] Fix --- check_process | 15 +++------------ conf/wireguard_ui.service | 30 ++++++++++++++++++++++++++++++ scripts/restore | 2 -- 3 files changed, 33 insertions(+), 14 deletions(-) diff --git a/check_process b/check_process index 89c76a4..1e4f4ec 100644 --- a/check_process +++ b/check_process @@ -1,13 +1,8 @@ -# See here for more information -# https://github.com/YunoHost/package_check#syntax-check_process-file - -# Move this file from check_process.default to check_process when you have filled it. - ;; Test complet ; Manifest - domain="domain.tld" (DOMAIN) - path="/" (PATH) - admin="john" (USER) + domain="domain.tld" + path="/" + admin="john" ; Checks pkg_linter=1 setup_sub_dir=0 @@ -19,11 +14,7 @@ upgrade=1 from_commit=797a3e5990571629a8525764ce6e8d359277313f backup_restore=1 multi_instance=0 - port_already_use=0 change_url=0 -;;; Levels - # If the level 5 (Package linter) is forced to 1. Please add justifications here. - Level 5=auto ;;; Options Email= Notification=none diff --git a/conf/wireguard_ui.service b/conf/wireguard_ui.service index af3a207..98e8724 100644 --- a/conf/wireguard_ui.service +++ b/conf/wireguard_ui.service @@ -9,5 +9,35 @@ Group=__APP__ WorkingDirectory=__FINALPATH__/ ExecStart=__FINALPATH__/wireguard-ui --bind-address="127.0.0.1:__PORT__" --disable-login +# Sandboxing options to harden security +# Depending on specificities of your service/app, you may need to tweak these +# .. but this should be a good baseline +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG + [Install] WantedBy=multi-user.target diff --git a/scripts/restore b/scripts/restore index 8b7a3f4..624d929 100644 --- a/scripts/restore +++ b/scripts/restore @@ -39,8 +39,6 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= ynh_script_progression --message="Validating restoration parameters..." --weight=1 -ynh_webpath_available --domain=$domain --path_url=$path_url \ - || ynh_die --message="Path not available: ${domain}${path_url}" test ! -d $final_path \ || ynh_die --message="There is already a directory: $final_path " From b82ee6e2d119d39c5484c23cd987cff990c88636 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Thu, 9 Sep 2021 17:49:45 +0200 Subject: [PATCH 02/16] Fix --- scripts/remove | 8 +------- scripts/restore | 6 +++--- 2 files changed, 4 insertions(+), 10 deletions(-) diff --git a/scripts/remove b/scripts/remove index e6aaf28..28162e9 100644 --- a/scripts/remove +++ b/scripts/remove @@ -78,7 +78,7 @@ ynh_secure_remove --file="/etc/wireguard" #================================================= # REMOVE NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Removing nginx web server configuration..." --weight=1 +ynh_script_progression --message="Removing NGINX web server configuration..." --weight=1 # Remove the dedicated nginx config ynh_remove_nginx_config @@ -101,12 +101,6 @@ then ynh_exec_warn_less yunohost firewall disallow UDP $port_wg fi -if yunohost firewall list | grep -q "\- $port$" -then - ynh_script_progression --message="Closing port $port..." --weight=1 - ynh_exec_warn_less yunohost firewall disallow TCP $port -fi - #================================================= # SPECIFIC REMOVE #================================================= diff --git a/scripts/restore b/scripts/restore index 624d929..51bd50a 100644 --- a/scripts/restore +++ b/scripts/restore @@ -94,10 +94,10 @@ ynh_script_progression --message="Reinstalling dependencies..." --weight=5 # Add buster-backports gpg key ynh_install_repo_gpg --key="https://ftp-master.debian.org/keys/archive-key-10.asc" --name="$app" -#Add buster-backports repo +# Add buster-backports repo ynh_add_repo --uri="http://deb.debian.org/debian" --suite="buster-backports" --component="main" --name="$app" -#Add pin-priority for wireguard packages +# Add pin-priority for wireguard packages ynh_pin_repo --package="wireguard*" --pin="origin deb http://deb.debian.org/debian buster-backports main" --priority=995 --name="$app" # Update the list of package with the new repo @@ -148,7 +148,7 @@ sleep 5 #================================================= # RELOAD NGINX AND PHP-FPM #================================================= -ynh_script_progression --message="Reloading nginx web server and php-fpm..." --weight=1 +ynh_script_progression --message="Reloading NGINX web server..." --weight=1 ynh_systemd_action --service_name=nginx --action=reload From 7cf8f97840a198068cd1893f794216bc109d2d1f Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Thu, 9 Sep 2021 17:58:14 +0200 Subject: [PATCH 03/16] Update install --- scripts/install | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/scripts/install b/scripts/install index 3a5e43c..dd35201 100644 --- a/scripts/install +++ b/scripts/install @@ -55,7 +55,7 @@ ynh_app_setting_set --app=$app --key=admin --value=$admin #================================================= # FIND AND OPEN A PORT #================================================= -ynh_script_progression --message="Configuring firewall..." --weight=1 +ynh_script_progression --message="Finding an available port..." --weight=1 # Find an available port for WireGuard port_wg=$(ynh_find_port --port=8095) @@ -66,6 +66,7 @@ port=$(ynh_find_port --port=$(($port_wg+1))) ynh_app_setting_set --app=$app --key=port --value=$port # Open the WireGuard port +ynh_script_progression --message="Configuring firewall..." --weight=1 ynh_exec_warn_less yunohost firewall allow --no-upnp UDP $port_wg #================================================= @@ -102,7 +103,7 @@ ynh_setup_source --dest_dir="$final_path" --source_id="$(ynh_detect_arch)" #================================================= # NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Configuring nginx web server..." --weight=1 +ynh_script_progression --message="Configuring NGINX web server..." --weight=1 # Create a dedicated nginx config ynh_add_nginx_config @@ -175,8 +176,8 @@ chown -R $app: /etc/wireguard #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 -yunohost service add wg-quick@wg0 --description "WireGuard VPN" --needs_exposed_ports $port_wg --test_status "wg show | grep wg0" -yunohost service add wireguard_ui --description "WireGuard UI" +yunohost service add wg-quick@wg0 --description="WireGuard VPN" --needs_exposed_ports="$port_wg" --test_status="wg show | grep wg0" +yunohost service add wireguard_ui --description="WireGuard UI" #================================================= # START SYSTEMD SERVICE @@ -191,7 +192,7 @@ ynh_systemd_action --service_name=wireguard_ui --action="start" --line_match="ht #================================================= ynh_script_progression --message="Configuring permissions..." --weight=1 -ynh_permission_update --permission "main" --remove "all_users" --add "$admin" +ynh_permission_update --permission="main" --remove="all_users" --add="$admin" #================================================= # RELOAD NGINX From 9b2da99ab71aae096f7f56e17e056dd3df7d3406 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Thu, 9 Sep 2021 18:00:31 +0200 Subject: [PATCH 04/16] Exception to ProtectSystem for /etc/wireguard --- conf/wireguard_ui.service | 3 +++ 1 file changed, 3 insertions(+) diff --git a/conf/wireguard_ui.service b/conf/wireguard_ui.service index 98e8724..2495c87 100644 --- a/conf/wireguard_ui.service +++ b/conf/wireguard_ui.service @@ -39,5 +39,8 @@ CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG +# Exception to ProtectSystem +ReadWritePaths=/etc/wireguard + [Install] WantedBy=multi-user.target From ce85ee0451ca3b26abcb5819552ec11f678df85e Mon Sep 17 00:00:00 2001 From: tituspijean Date: Thu, 9 Sep 2021 18:07:07 +0200 Subject: [PATCH 05/16] Proper backup/restore of config_file_path --- scripts/backup | 3 +++ scripts/restore | 2 +- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/scripts/backup b/scripts/backup index 6c7b085..496e228 100644 --- a/scripts/backup +++ b/scripts/backup @@ -66,6 +66,9 @@ ynh_backup --src_path="/etc/sudoers.d/${app}_ynh" # Backup the wireguard interface config ynh_backup --src_path="/etc/wireguard" +# Backing up specific config file, in case of it is not in /etc/wireguard +ynh_backup --src_path="$(jq -r ".config_file_path" $final_path/db/server/global_settings.json)" --not_mandatory + #================================================= # END OF SCRIPT #================================================= diff --git a/scripts/restore b/scripts/restore index 51bd50a..3d53d5c 100644 --- a/scripts/restore +++ b/scripts/restore @@ -133,7 +133,7 @@ yunohost service add wireguard_ui --description "WireGuard UI" # RESTORE VARIOUS FILES #================================================= -ynh_restore_file --origin_path=$(jq -r ".config_file_path" $final_path/db/server/global_settings.json) +ynh_restore_file --origin_path=$(jq -r ".config_file_path" $final_path/db/server/global_settings.json) --not_mandatory #================================================= # START SYSTEMD SERVICE From 4298c965e92592d8cc57fff706dfd088e5407019 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Thu, 9 Sep 2021 18:30:07 +0200 Subject: [PATCH 06/16] Have WireGuard start on boot --- scripts/install | 1 + scripts/upgrade | 1 + 2 files changed, 2 insertions(+) diff --git a/scripts/install b/scripts/install index dd35201..55a9364 100644 --- a/scripts/install +++ b/scripts/install @@ -155,6 +155,7 @@ systemctl enable --quiet wireguard_ui_conf.path # Create a dedicated systemd config for restarting WireGuard when its configuration changes ynh_add_systemd_config --service=wireguard_ui_conf --template=wireguard_ui_conf.service +systemctl enable --quiet wireguard_ui_conf.service #================================================= # GENERIC FINALIZATION diff --git a/scripts/upgrade b/scripts/upgrade index 57c79b3..3f06c46 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -181,6 +181,7 @@ systemctl enable --quiet wireguard_ui_conf.path # Create a dedicated systemd config for restarting WireGuard when its configuration changes ynh_add_systemd_config --service=wireguard_ui_conf --template=wireguard_ui_conf.service +systemctl enable --quiet wireguard_ui_conf.service #================================================= # CONFIGURING WIREGUARD From ac2ed5c292f2877edc439085286ba0469ff6754d Mon Sep 17 00:00:00 2001 From: tituspijean Date: Thu, 9 Sep 2021 20:39:53 +0200 Subject: [PATCH 07/16] Consistent commands for adding services --- scripts/restore | 4 ++-- scripts/upgrade | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/scripts/restore b/scripts/restore index 3d53d5c..c0a68d5 100644 --- a/scripts/restore +++ b/scripts/restore @@ -126,8 +126,8 @@ systemctl enable --quiet wireguard_ui_conf.service #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 -yunohost service add wg-quick@wg0 --description "WireGuard VPN" --needs_exposed_ports "$port_wg" --test_status "wg show | grep wg0" -yunohost service add wireguard_ui --description "WireGuard UI" +yunohost service add wg-quick@wg0 --description="WireGuard VPN" --needs_exposed_ports="$port_wg" --test_status="wg show | grep wg0" +yunohost service add wireguard_ui --description="WireGuard UI" #================================================= # RESTORE VARIOUS FILES diff --git a/scripts/upgrade b/scripts/upgrade index 3f06c46..a026238 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -214,8 +214,8 @@ chown -R $app: /etc/wireguard #================================================= ynh_script_progression --message="Integrating service in YunoHost..." --weight=1 -yunohost service add wg-quick@wg0 --description "WireGuard VPN" --needs_exposed_ports "$port_wg" --test_status "wg show | grep wg0" -yunohost service add wireguard_ui --description "WireGuard UI" +yunohost service add wg-quick@wg0 --description="WireGuard VPN" --needs_exposed_ports="$port_wg" --test_status="wg show | grep wg0" +yunohost service add wireguard_ui --description="WireGuard UI" #================================================= # START SYSTEMD SERVICE From c72beb9ab1b60999dfb040c7e58964d6cfb2c3ab Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Thu, 9 Sep 2021 21:15:09 +0200 Subject: [PATCH 08/16] 0.3.2 --- conf/386.src | 4 ++-- conf/amd64.src | 4 ++-- conf/arm.src | 4 ++-- conf/arm64.src | 4 ++-- manifest.json | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/conf/386.src b/conf/386.src index 129b396..38feee3 100644 --- a/conf/386.src +++ b/conf/386.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.2.7/wireguard-ui-v0.2.7-linux-386.tar.gz -SOURCE_SUM=16EA7A77E5BAC17C1B680ABF9CFF31E3F8313F8E00F9B88F8F6151D8F6A6EE12 +SOURCE_URL=https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.3.2/wireguard-ui-v0.3.2-linux-386.tar.gz +SOURCE_SUM=f76fc030d54e735977236d1984a906e749abb038208f410b406a2972498e3b9e SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=false diff --git a/conf/amd64.src b/conf/amd64.src index 27e1b19..2e07f8b 100644 --- a/conf/amd64.src +++ b/conf/amd64.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.2.7/wireguard-ui-v0.2.7-linux-amd64.tar.gz -SOURCE_SUM=DC0FF54ABD2E08DB5ED722E07CEDA6E007CD5E6DFABD3A3B5A948CC8275D8100 +SOURCE_URL=https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.3.2/wireguard-ui-v0.3.2-linux-amd64.tar.gz +SOURCE_SUM=71972b81f2d2ade50484cc1501a5896c8a08cfd82297f81c1d6279d7e0ff1f35 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=false diff --git a/conf/arm.src b/conf/arm.src index 38c70f3..cb12b18 100644 --- a/conf/arm.src +++ b/conf/arm.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.2.7/wireguard-ui-v0.2.7-linux-arm.tar.gz -SOURCE_SUM=07003BF178A81C3D699CB3977028DB728C5E4D44003A7972855C3488F416E467 +SOURCE_URL=https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.3.2/wireguard-ui-v0.3.2-linux-arm.tar.gz +SOURCE_SUM=4632fd96c7574321031907695fbbe6535884a8006b517c7f7d3ab289fb94be5f SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=false diff --git a/conf/arm64.src b/conf/arm64.src index ea0e232..cbfc24a 100644 --- a/conf/arm64.src +++ b/conf/arm64.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.2.7/wireguard-ui-v0.2.7-linux-arm64.tar.gz -SOURCE_SUM=32331E591B0C3B9E4EC360B53B967A3CCEEEFE5B7FFEC3ADD61A9483B50B9F0D +SOURCE_URL=https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.3.2/wireguard-ui-v0.3.2-linux-arm64.tar.gz +SOURCE_SUM=8d31fc39495f8a6480531859f225f0fee36788515532d75d9cfaaa866000f52f SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=false diff --git a/manifest.json b/manifest.json index ec6d434..7f20ff7 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Virtual Private Networks (VPN) via WireGuard, with a web UI to ease configuration", "fr": "Réseaux Privés Virtuels (VPN) via WireGuard, avec une web UI pour faciliter sa configuration" }, - "version": "0.2.7~ynh8", + "version": "0.3.2~ynh1", "url": "https://github.com/ngoduykhanh/wireguard-ui", "upstream": { "license": "MIT", From cd785c3fe8233aefe085c4809df2fa6356502552 Mon Sep 17 00:00:00 2001 From: Yunohost-Bot <> Date: Thu, 9 Sep 2021 19:15:16 +0000 Subject: [PATCH 09/16] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 710129a..7c0f20e 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Virtual Private Networks (VPN) via WireGuard, with a web UI to ease configuration -**Shipped version:** 0.2.7~ynh8 +**Shipped version:** 0.3.2~ynh1 diff --git a/README_fr.md b/README_fr.md index c193035..dda15a4 100644 --- a/README_fr.md +++ b/README_fr.md @@ -13,7 +13,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour Réseaux Privés Virtuels (VPN) via WireGuard, avec une web UI pour faciliter sa configuration -**Version incluse :** 0.2.7~ynh8 +**Version incluse :** 0.3.2~ynh1 From 3e75d535f1af824205b1e98e6e6944f8b1232a36 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Thu, 9 Sep 2021 21:15:09 +0200 Subject: [PATCH 10/16] 0.3.2 --- conf/386.src | 4 ++-- conf/amd64.src | 4 ++-- conf/arm.src | 4 ++-- conf/arm64.src | 4 ++-- manifest.json | 2 +- 5 files changed, 9 insertions(+), 9 deletions(-) diff --git a/conf/386.src b/conf/386.src index 129b396..38feee3 100644 --- a/conf/386.src +++ b/conf/386.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.2.7/wireguard-ui-v0.2.7-linux-386.tar.gz -SOURCE_SUM=16EA7A77E5BAC17C1B680ABF9CFF31E3F8313F8E00F9B88F8F6151D8F6A6EE12 +SOURCE_URL=https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.3.2/wireguard-ui-v0.3.2-linux-386.tar.gz +SOURCE_SUM=f76fc030d54e735977236d1984a906e749abb038208f410b406a2972498e3b9e SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=false diff --git a/conf/amd64.src b/conf/amd64.src index 27e1b19..2e07f8b 100644 --- a/conf/amd64.src +++ b/conf/amd64.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.2.7/wireguard-ui-v0.2.7-linux-amd64.tar.gz -SOURCE_SUM=DC0FF54ABD2E08DB5ED722E07CEDA6E007CD5E6DFABD3A3B5A948CC8275D8100 +SOURCE_URL=https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.3.2/wireguard-ui-v0.3.2-linux-amd64.tar.gz +SOURCE_SUM=71972b81f2d2ade50484cc1501a5896c8a08cfd82297f81c1d6279d7e0ff1f35 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=false diff --git a/conf/arm.src b/conf/arm.src index 38c70f3..cb12b18 100644 --- a/conf/arm.src +++ b/conf/arm.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.2.7/wireguard-ui-v0.2.7-linux-arm.tar.gz -SOURCE_SUM=07003BF178A81C3D699CB3977028DB728C5E4D44003A7972855C3488F416E467 +SOURCE_URL=https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.3.2/wireguard-ui-v0.3.2-linux-arm.tar.gz +SOURCE_SUM=4632fd96c7574321031907695fbbe6535884a8006b517c7f7d3ab289fb94be5f SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=false diff --git a/conf/arm64.src b/conf/arm64.src index ea0e232..cbfc24a 100644 --- a/conf/arm64.src +++ b/conf/arm64.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.2.7/wireguard-ui-v0.2.7-linux-arm64.tar.gz -SOURCE_SUM=32331E591B0C3B9E4EC360B53B967A3CCEEEFE5B7FFEC3ADD61A9483B50B9F0D +SOURCE_URL=https://github.com/ngoduykhanh/wireguard-ui/releases/download/v0.3.2/wireguard-ui-v0.3.2-linux-arm64.tar.gz +SOURCE_SUM=8d31fc39495f8a6480531859f225f0fee36788515532d75d9cfaaa866000f52f SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=false diff --git a/manifest.json b/manifest.json index ec6d434..7f20ff7 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Virtual Private Networks (VPN) via WireGuard, with a web UI to ease configuration", "fr": "Réseaux Privés Virtuels (VPN) via WireGuard, avec une web UI pour faciliter sa configuration" }, - "version": "0.2.7~ynh8", + "version": "0.3.2~ynh1", "url": "https://github.com/ngoduykhanh/wireguard-ui", "upstream": { "license": "MIT", From 894498a413d69545556e9c99349bf75d78dcd7a0 Mon Sep 17 00:00:00 2001 From: Yunohost-Bot <> Date: Thu, 9 Sep 2021 19:15:16 +0000 Subject: [PATCH 11/16] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 710129a..7c0f20e 100644 --- a/README.md +++ b/README.md @@ -17,7 +17,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in Virtual Private Networks (VPN) via WireGuard, with a web UI to ease configuration -**Shipped version:** 0.2.7~ynh8 +**Shipped version:** 0.3.2~ynh1 diff --git a/README_fr.md b/README_fr.md index c193035..dda15a4 100644 --- a/README_fr.md +++ b/README_fr.md @@ -13,7 +13,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour Réseaux Privés Virtuels (VPN) via WireGuard, avec une web UI pour faciliter sa configuration -**Version incluse :** 0.2.7~ynh8 +**Version incluse :** 0.3.2~ynh1 From a0fef6524fbe6b8d8aff04411cc0a366be6fab98 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Sat, 6 Nov 2021 15:32:36 +0100 Subject: [PATCH 12/16] v0.3.2 --- conf/386.src | 1 - conf/amd64.src | 1 - conf/arm.src | 1 - conf/arm64.src | 1 - manifest.json | 12 +++--------- 5 files changed, 3 insertions(+), 13 deletions(-) diff --git a/conf/386.src b/conf/386.src index 38feee3..8fb5f9a 100644 --- a/conf/386.src +++ b/conf/386.src @@ -3,4 +3,3 @@ SOURCE_SUM=f76fc030d54e735977236d1984a906e749abb038208f410b406a2972498e3b9e SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=false -SOURCE_FILENAME= diff --git a/conf/amd64.src b/conf/amd64.src index 2e07f8b..a720292 100644 --- a/conf/amd64.src +++ b/conf/amd64.src @@ -3,4 +3,3 @@ SOURCE_SUM=71972b81f2d2ade50484cc1501a5896c8a08cfd82297f81c1d6279d7e0ff1f35 SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=false -SOURCE_FILENAME= diff --git a/conf/arm.src b/conf/arm.src index cb12b18..2b32887 100644 --- a/conf/arm.src +++ b/conf/arm.src @@ -3,4 +3,3 @@ SOURCE_SUM=4632fd96c7574321031907695fbbe6535884a8006b517c7f7d3ab289fb94be5f SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=false -SOURCE_FILENAME= diff --git a/conf/arm64.src b/conf/arm64.src index cbfc24a..97638b8 100644 --- a/conf/arm64.src +++ b/conf/arm64.src @@ -3,4 +3,3 @@ SOURCE_SUM=8d31fc39495f8a6480531859f225f0fee36788515532d75d9cfaaa866000f52f SOURCE_SUM_PRG=sha256sum SOURCE_FORMAT=tar.gz SOURCE_IN_SUBDIR=false -SOURCE_FILENAME= diff --git a/manifest.json b/manifest.json index 7f20ff7..de06e57 100644 --- a/manifest.json +++ b/manifest.json @@ -19,7 +19,7 @@ "email": "tituspijean@outlook.com" }, "requirements": { - "yunohost": ">= 4.2" + "yunohost": ">= 4.2.8" }, "multi_instance": false, "services": [ @@ -37,17 +37,11 @@ }, { "name": "domain", - "type": "domain", - "example": "wg.example.com", - "help": { - "en": "The web UI requires its own dedicated domain.", - "fr": "L'interface web nécessite son propre domaine." - } + "type": "domain" }, { "name": "admin", - "type": "user", - "example": "johndoe" + "type": "user" } ] } From f3625daaf96ce33e0c69e96c453493458caa43b1 Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sat, 6 Nov 2021 16:00:12 +0100 Subject: [PATCH 13/16] Do not require linux headers if kernel version >= 5.6 --- scripts/_common.sh | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index cb7337e..cb121ff 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,11 +4,16 @@ # COMMON VARIABLES #================================================= -# dependencies used by the app -if grep "Raspberry Pi" /proc/device-tree/model; then - pkg_headers="raspberrypi-kernel-headers" +# WireGuard was integrated in Linux kernel 5.6 +# Before that, we need Linux Headers +if dpkg --compare-versions $(uname -r) lt 5.6; then + if grep "Raspberry Pi" /proc/device-tree/model; then + pkg_headers="raspberrypi-kernel-headers" + else + pkg_headers="linux-headers-$(uname -r)" + fi else - pkg_headers="linux-headers-$(uname -r)" + pkg_headers="" fi # dependencies used by the app From c01884cf2f4161bf52a34a542ff8701648598cbd Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Thu, 9 Dec 2021 12:31:02 +0100 Subject: [PATCH 14/16] 4.3 --- conf/{arm.src => armhf.src} | 0 conf/{386.src => i386.src} | 0 conf/nginx.conf | 5 ----- doc/DESCRIPTION.md | 1 + manifest.json | 6 +++--- scripts/_common.sh | 24 ------------------------ scripts/install | 5 +++-- scripts/restore | 3 +-- scripts/upgrade | 5 +++-- 9 files changed, 11 insertions(+), 38 deletions(-) rename conf/{arm.src => armhf.src} (100%) rename conf/{386.src => i386.src} (100%) create mode 100644 doc/DESCRIPTION.md diff --git a/conf/arm.src b/conf/armhf.src similarity index 100% rename from conf/arm.src rename to conf/armhf.src diff --git a/conf/386.src b/conf/i386.src similarity index 100% rename from conf/386.src rename to conf/i386.src diff --git a/conf/nginx.conf b/conf/nginx.conf index 265a4c2..ae67a33 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,11 +1,6 @@ #sub_path_only rewrite ^__PATH__$ __PATH__/ permanent; location __PATH__/ { - # Force usage of https - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; - } - proxy_pass http://127.0.0.1:__PORT__/; proxy_redirect off; proxy_set_header Host $host; diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md new file mode 100644 index 0000000..7799894 --- /dev/null +++ b/doc/DESCRIPTION.md @@ -0,0 +1 @@ +WireGuard® is fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN. \ No newline at end of file diff --git a/manifest.json b/manifest.json index de06e57..a0c431a 100644 --- a/manifest.json +++ b/manifest.json @@ -3,8 +3,8 @@ "id": "wireguard", "packaging_format": 1, "description": { - "en": "Virtual Private Networks (VPN) via WireGuard, with a web UI to ease configuration", - "fr": "Réseaux Privés Virtuels (VPN) via WireGuard, avec une web UI pour faciliter sa configuration" + "en": "Web user interface to manage your WireGuard setup", + "fr": "Interface utilisateur Web pour gérer votre configuration WireGuard" }, "version": "0.3.2~ynh1", "url": "https://github.com/ngoduykhanh/wireguard-ui", @@ -19,7 +19,7 @@ "email": "tituspijean@outlook.com" }, "requirements": { - "yunohost": ">= 4.2.8" + "yunohost": ">= 4.3.0" }, "multi_instance": false, "services": [ diff --git a/scripts/_common.sh b/scripts/_common.sh index cb121ff..63549ca 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -68,30 +68,6 @@ ynh_install_repo_gpg () { # EXPERIMENTAL HELPERS #================================================= -# Check the architecture -# -# example: architecture=$(ynh_detect_arch) -# -# usage: ynh_detect_arch -# -# Requires YunoHost version 2.2.4 or higher. - -ynh_detect_arch(){ - local architecture - if [ -n "$(uname -m | grep arm64)" ] || [ -n "$(uname -m | grep aarch64)" ]; then - architecture="arm64" - elif [ -n "$(uname -m | grep 64)" ]; then - architecture="amd64" - elif [ -n "$(uname -m | grep 86)" ]; then - architecture="386" - elif [ -n "$(uname -m | grep arm)" ]; then - architecture="arm" - else - architecture="unknown" - fi - echo $architecture -} - # Send an email to inform the administrator # # usage: ynh_send_readme_to_admin --app_message=app_message [--recipients=recipients] [--type=type] diff --git a/scripts/install b/scripts/install index 55a9364..b0e7745 100644 --- a/scripts/install +++ b/scripts/install @@ -27,6 +27,7 @@ ynh_abort_if_errors domain=$YNH_APP_ARG_DOMAIN path_url="/" admin=$YNH_APP_ARG_ADMIN +architecture=$YNH_ARCH app=$YNH_APP_INSTANCE_NAME @@ -98,7 +99,7 @@ ynh_script_progression --message="Setting up source files..." --weight=1 ynh_app_setting_set --app=$app --key=final_path --value=$final_path # Download, check integrity, uncompress and patch the source from app.src -ynh_setup_source --dest_dir="$final_path" --source_id="$(ynh_detect_arch)" +ynh_setup_source --dest_dir="$final_path" --source_id="$architecture" #================================================= # NGINX CONFIGURATION @@ -198,7 +199,7 @@ ynh_permission_update --permission="main" --remove="all_users" --add="$admin" #================================================= # RELOAD NGINX #================================================= -ynh_script_progression --message="Reloading nginx web server..." --weight=1 +ynh_script_progression --message="Reloading NGINX web server..." --weight=1 ynh_systemd_action --service_name=nginx --action=reload diff --git a/scripts/restore b/scripts/restore index c0a68d5..1f1f20c 100644 --- a/scripts/restore +++ b/scripts/restore @@ -39,8 +39,7 @@ final_path=$(ynh_app_setting_get --app=$app --key=final_path) #================================================= ynh_script_progression --message="Validating restoration parameters..." --weight=1 -test ! -d $final_path \ - || ynh_die --message="There is already a directory: $final_path " +test ! -d $final_path || ynh_die --message="There is already a directory: $final_path " #================================================= # STANDARD RESTORATION STEPS diff --git a/scripts/upgrade b/scripts/upgrade index a026238..5c0a2e5 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -21,6 +21,7 @@ path_url=$(ynh_app_setting_get --app=$app --key=path) port=$(ynh_app_setting_get --app=$app --key=port) port_wg=$(ynh_app_setting_get --app=$app --key=port_wg) final_path=$(ynh_app_setting_get --app=$app --key=final_path) +architecture=$YNH_ARCH #================================================= # CHECK VERSION @@ -124,13 +125,13 @@ then ynh_script_progression --message="Upgrading source files..." --weight=1 # Download, check integrity, uncompress and patch the source from app.src - ynh_setup_source --dest_dir="$final_path" --source_id="$(ynh_detect_arch)" + ynh_setup_source --dest_dir="$final_path" --source_id="$architecture" fi #================================================= # NGINX CONFIGURATION #================================================= -ynh_script_progression --message="Upgrading nginx web server configuration..." --weight=1 +ynh_script_progression --message="Upgrading NGINX web server configuration..." --weight=1 # Create a dedicated nginx config ynh_add_nginx_config From 31c4a2176cff204e6c432d63e27de977049138b2 Mon Sep 17 00:00:00 2001 From: Yunohost-Bot <> Date: Thu, 9 Dec 2021 11:31:08 +0000 Subject: [PATCH 15/16] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 7c0f20e..9da5da8 100644 --- a/README.md +++ b/README.md @@ -15,7 +15,7 @@ If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/in ## Overview -Virtual Private Networks (VPN) via WireGuard, with a web UI to ease configuration +WireGuard® is fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN. **Shipped version:** 0.3.2~ynh1 diff --git a/README_fr.md b/README_fr.md index dda15a4..a23e891 100644 --- a/README_fr.md +++ b/README_fr.md @@ -11,7 +11,7 @@ Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour ## Vue d'ensemble -Réseaux Privés Virtuels (VPN) via WireGuard, avec une web UI pour faciliter sa configuration +WireGuard® is fast and modern VPN that utilizes state-of-the-art cryptography. It aims to be faster, simpler, leaner, and more useful than IPsec. It intends to be considerably more performant than OpenVPN. WireGuard is designed as a general purpose VPN. **Version incluse :** 0.3.2~ynh1 From 806e6d4b181a08284093a68763878a53c2141e8e Mon Sep 17 00:00:00 2001 From: tituspijean Date: Sun, 12 Dec 2021 17:59:22 +0100 Subject: [PATCH 16/16] ynh_detect_arch is now deprecated --- scripts/upgrade | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index 5c0a2e5..ff6d92e 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -71,14 +71,13 @@ then fi # Downgrade linux-image-$arch if updated to the buster-backports version -arch=$(ynh_detect_arch) -linuximage_version=$(ynh_package_version --package=linux-image-$arch) +linuximage_version=$(ynh_package_version --package=linux-image-$architecture) if [[ $linuximage_version == *"bpo10"* ]] then # Downgrading using ynh_package_install apt command without "--no-remove" and with "--allow-downgrades" # It will remove wireguard-ynh-deps and wireguard but they will be reinstalled throught upgrade process ynh_apt --allow-downgrades --option Dpkg::Options::=--force-confdef \ - --option Dpkg::Options::=--force-confold install linux-image-$arch/stable + --option Dpkg::Options::=--force-confold install linux-image-$architecture/stable #Remove backports kernel if running on it and send a mail to the admin to ask him to reboot linuxkernel_version=$(uname -r)