From 6008927b611d1dcf814700de12a1147a089419dc Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Fri, 15 Sep 2023 18:17:39 +0200 Subject: [PATCH 1/8] Upgrade to v4.4.2 --- manifest.toml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifest.toml b/manifest.toml index 225d77a..81bcd6d 100644 --- a/manifest.toml +++ b/manifest.toml @@ -5,7 +5,7 @@ name = "YesWiki" description.en = "Wiki that is quick and easy to use" description.fr = "Wiki facile et rapide à prendre en main" -version = "4.4.1~ynh2" +version = "4.4.2~ynh2" maintainers = ["Florian Schmitt", "Nils Van Zuijlen", "Plumf"] @@ -60,8 +60,8 @@ ram.runtime = "50M" [resources] [resources.sources.main] - url = "https://github.com/YesWiki/yeswiki/archive/refs/tags/v4.4.1.tar.gz" - sha256 = "1f1a42b8596e4061b7f36c7956afcf097e90e8ea4963226cded587248f78e44f" + url = "https://github.com/YesWiki/yeswiki/archive/refs/tags/v4.4.2.tar.gz" + sha256 = "8c4fe3c0a0f76f47ab5b2c8399b437bd95548d6fa620c90c152a6acd56c25e99" autoupdate.strategy = "latest_github_tag" [resources.system_user] From 7573e36a794607e0142829e556caaeb9bfc8228d Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Fri, 15 Sep 2023 16:17:42 +0000 Subject: [PATCH 2/8] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c9362e8..2b152ad 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ However, with a YesWiki we can build a website with multiple uses: - Cultivate a bit of freedom... -**Shipped version:** 4.4.1~ynh2 +**Shipped version:** 4.4.2~ynh2 **Demo:** https://ferme.yeswiki.net/?CreerSonWiki diff --git a/README_fr.md b/README_fr.md index 5ae264d..e54f37b 100644 --- a/README_fr.md +++ b/README_fr.md @@ -26,7 +26,7 @@ Néanmoins, avec un YesWiki on peut fabriquer un site internet aux usages multip - Cultiver un bout de liberté... -**Version incluse :** 4.4.1~ynh2 +**Version incluse :** 4.4.2~ynh2 **Démo :** https://ferme.yeswiki.net/?CreerSonWiki From 0602f8b2a1d8473d2a58b7642d5dae4ea3d535a5 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin <4533074+alexAubin@users.noreply.github.com> Date: Sat, 9 Dec 2023 13:28:50 +0100 Subject: [PATCH 3/8] Keep ferme instances during upgrade --- scripts/upgrade | 14 +++++++++----- 1 file changed, 9 insertions(+), 5 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index a6e85f1..ea571a4 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -21,13 +21,17 @@ upgrade_type=$(ynh_check_app_version_changed) if [ "$upgrade_type" == "UPGRADE_APP" ] then - ynh_script_progression --message="Upgrading source files..." --weight=5 + ynh_script_progression --message="Upgrading source files..." --weight=5 - # Download, check integrity, uncompress and patch the source from app.src - # TODO : find a way to sync stable extensions list to avoid hardcoded extensions folders to keep - ynh_setup_source --dest_dir="$install_dir" --full_replace=1 --keep=".env wakka.config.php files custom private themes tools/accountactivationbyemail tools/advancedsearch tools/benevolat tools/ferme tools/fontautoinstall tools/ipblock tools/lms tools/login-sso tools/logincas tools/loginldap tools/maintenance tools/multideletepages tools/nextcloudconnector tools/publication tools/qrcode tools/stats tools/tabdyn tools/twolevels tools/webhooks" + # Download, check integrity, uncompress and patch the source from app.src + # TODO : find a way to sync stable extensions list to avoid hardcoded extensions folders to keep + ferme_instances="$(cd $install_dir; for p in $(ls -- */wakka.config.php); do dirname "$p"; done)" + ynh_setup_source --dest_dir="$install_dir" --full_replace=1 --keep=".env $ferme_instances wakka.config.php files custom private themes +tools/accountactivationbyemail tools/advancedsearch tools/benevolat tools/ferme tools/fontautoinstall tools/ipblock +tools/lms tools/login-sso tools/logincas tools/loginldap tools/maintenance tools/multideletepages +tools/nextcloudconnector tools/publication tools/qrcode tools/stats tools/tabdyn tools/twolevels tools/webhooks" - ynh_replace_string --match_string="yeswiki_release' \?=> \?'.*',$" --replace_string="yeswiki_release' => '$(ynh_app_upstream_version)'," --target_file="$install_dir/wakka.config.php" + ynh_replace_string --match_string="yeswiki_release' \?=> \?'.*',$" --replace_string="yeswiki_release' => '$(ynh_app_upstream_version)'," --target_file="$install_dir/wakka.config.php" fi chmod -R o-rwx "$install_dir" From 60e07c3e2897ac5ebf4fbded3f019092deb5c803 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin <4533074+alexAubin@users.noreply.github.com> Date: Sun, 10 Dec 2023 00:53:54 +0100 Subject: [PATCH 4/8] Update scripts/upgrade: tweak to prevent unecessary warning --- scripts/upgrade | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/upgrade b/scripts/upgrade index ea571a4..fb9ec35 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -25,7 +25,7 @@ then # Download, check integrity, uncompress and patch the source from app.src # TODO : find a way to sync stable extensions list to avoid hardcoded extensions folders to keep - ferme_instances="$(cd $install_dir; for p in $(ls -- */wakka.config.php); do dirname "$p"; done)" + ferme_instances="$(cd $install_dir; for p in $(ls -- */wakka.config.php 2>/dev/null); do dirname "$p"; done)" ynh_setup_source --dest_dir="$install_dir" --full_replace=1 --keep=".env $ferme_instances wakka.config.php files custom private themes tools/accountactivationbyemail tools/advancedsearch tools/benevolat tools/ferme tools/fontautoinstall tools/ipblock tools/lms tools/login-sso tools/logincas tools/loginldap tools/maintenance tools/multideletepages From 8d8cb0bdb7ccf0986a953aed03ebb18e02de1a22 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sun, 10 Dec 2023 10:28:07 +0100 Subject: [PATCH 5/8] More standard way to apply permissions + harden security for wakka.config.php --- scripts/_common.sh | 28 ---------------------------- scripts/install | 9 +++++---- scripts/restore | 8 +++----- scripts/upgrade | 5 +++-- 4 files changed, 11 insertions(+), 39 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index 6e71054..5ea3694 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,31 +1,3 @@ #!/bin/bash -#================================================= -# COMMON VARIABLES -#================================================= - loginldap_version="2021-03-01-2" - -#================================================= -# PERSONAL HELPERS -#================================================= - -# update directory right -# | arg: app - The application's name ; default : yeswiki -# | arg: install_dir - The path of the application's folder -# yeswiki_update_dir_rights yeswiki /var/www/yeswiki -yeswiki_update_dir_rights() { - local app="${1:-yeswiki}" - local install_dir="${2}" - - chown -R $app:www-data $install_dir - chmod -R u=rwx,g=rx,o-rwx $install_dir -} - -#================================================= -# EXPERIMENTAL HELPERS -#================================================= - -#================================================= -# FUTURE OFFICIAL HELPERS -#================================================= diff --git a/scripts/install b/scripts/install index d037d33..2868ff4 100755 --- a/scripts/install +++ b/scripts/install @@ -17,8 +17,8 @@ ynh_script_progression --message="Setting up source files..." --weight=5 # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$install_dir" -chmod -R o-rwx "$install_dir" -chown -R $app:www-data "$install_dir" +chown -R $app:www-data $install_dir +chmod -R u=rwX,g=rX,o-rwx $install_dir #================================================= # PHP-FPM CONFIGURATION @@ -85,8 +85,9 @@ ynh_replace_string --match_string=");" --replace_string=" 'ldap_base' => 'ou=us # SECURE FILES AND DIRECTORIES #================================================= -# Set permissions to app files -yeswiki_update_dir_rights $app $install_dir +chown -R $app:www-data $install_dir +chmod -R u=rwX,g=rX,o-rwx $install_dir +chmod g-rwx $install_dir/wakka.config.php #================================================= # END OF SCRIPT diff --git a/scripts/restore b/scripts/restore index a8f29f5..2dff91d 100755 --- a/scripts/restore +++ b/scripts/restore @@ -17,11 +17,9 @@ ynh_script_progression --message="Restoring the app main directory..." --weight= ynh_restore_file --origin_path="$install_dir" -chmod -R o-rwx "$install_dir" -chown -R $app:www-data "$install_dir" - -# Restore permissions on app files -yeswiki_update_dir_rights $app $install_dir +chown -R $app:www-data $install_dir +chmod -R u=rwX,g=rX,o-rwx $install_dir +chmod g-rwx $install_dir/wakka.config.php #================================================= # RESTORE THE PHP-FPM CONFIGURATION diff --git a/scripts/upgrade b/scripts/upgrade index a6e85f1..9618e9e 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -85,8 +85,9 @@ fi # SECURE FILES AND DIRECTORIES #================================================= -# Set permissions on app files -yeswiki_update_dir_rights $app $install_dir +chown -R $app:www-data $install_dir +chmod -R u=rwX,g=rX,o-rwx $install_dir +chmod g-rwx $install_dir/wakka.config.php #================================================= # END OF SCRIPT From c39ab4201f41d50c4ac30a3c2646a3d6df295d29 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sun, 10 Dec 2023 10:55:50 +0100 Subject: [PATCH 6/8] Handle loginldap extension using a manifest source --- manifest.toml | 4 ++++ scripts/_common.sh | 2 -- scripts/install | 20 ++++++-------------- scripts/upgrade | 33 ++++++++++++--------------------- 4 files changed, 22 insertions(+), 37 deletions(-) diff --git a/manifest.toml b/manifest.toml index 81bcd6d..29a4842 100644 --- a/manifest.toml +++ b/manifest.toml @@ -64,6 +64,10 @@ ram.runtime = "50M" sha256 = "8c4fe3c0a0f76f47ab5b2c8399b437bd95548d6fa620c90c152a6acd56c25e99" autoupdate.strategy = "latest_github_tag" + [resources.sources.loginldap] + url = "https://repository.yeswiki.net/doryphore/extension-loginldap-1.0.0.zip" + sha256 = "40fe941d1eef191bb62cf454d3ee437d26d1d16181ab30d6a3602930d91a94bb" + [resources.system_user] [resources.install_dir] diff --git a/scripts/_common.sh b/scripts/_common.sh index 5ea3694..a9bf588 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,3 +1 @@ #!/bin/bash - -loginldap_version="2021-03-01-2" diff --git a/scripts/install b/scripts/install index 2868ff4..327d570 100755 --- a/scripts/install +++ b/scripts/install @@ -47,7 +47,7 @@ ynh_exec_warn_less ynh_install_composer --phpversion="$phpversion" --workdir="$i # Installation with curl ynh_script_progression --message="Finalizing installation..." --weight=2 -admin_temp_pass=$(ynh_string_random 6) +admin_temp_pass=$(ynh_string_random 20) ynh_local_curl "/?PagePrincipale&installAction=install" "config[default_language]=$language" "config[wakka_name]=$wiki_name" \ "config[root_page]=PagePrincipale" "config[mysql_host]=localhost" \ @@ -56,29 +56,21 @@ ynh_local_curl "/?PagePrincipale&installAction=install" "config[default_language "admin_email=$admin%40$domain" "submit=Continue" # authorization of html +# (kind of strange, should be doable using the previous curl?) ynh_replace_string --match_string="'allow_raw_html' => false," --replace_string="'allow_raw_html' => true," --target_file="$install_dir/wakka.config.php" -ynh_replace_string --match_string="yeswiki_release' \?=> \?'.*',$" --replace_string="yeswiki_release' => '$(ynh_app_upstream_version)'," --target_file="$install_dir/wakka.config.php" - #================================================= # DOWNLOAD AND CONFIGURE LDAP PLUGIN #================================================= -ynh_script_progression --message="Dowloading and configuring LDAP plugin" --weight=2 +ynh_script_progression --message="Configure LDAP plugin" --weight=2 -# Download from yeswiki repository -wget https://repository.yeswiki.net/doryphore/extension-loginldap-$loginldap_version.zip 2>&1 -wget https://repository.yeswiki.net/doryphore/extension-loginldap-$loginldap_version.zip.md5 2>&1 -md5sum -c extension-loginldap-$loginldap_version.zip.md5 || ynh_die "Checksum for LDAP plugin does not match" - -unzip extension-loginldap-$loginldap_version.zip -d $install_dir/tools - -ynh_app_setting_set --app=$app --key=loginldap_version --value=$loginldap_version +# Download LDAP plugin from yeswiki repository +mkdir -p "$install_dir/tools/loginldap" +ynh_setup_source --dest_dir="$install_dir/tools/loginldap" --source_id="loginldap" # Add config at the end of wakka.config.php ynh_replace_string --match_string=");" --replace_string=" 'ldap_host' => '127.0.0.1',\n);" --target_file="$install_dir/wakka.config.php" - ynh_replace_string --match_string=");" --replace_string=" 'ldap_port' => '389',\n);" --target_file="$install_dir/wakka.config.php" - ynh_replace_string --match_string=");" --replace_string=" 'ldap_base' => 'ou=users,dc=yunohost,dc=org'\n);" --target_file="$install_dir/wakka.config.php" #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 9618e9e..1990858 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -57,28 +57,19 @@ ynh_exec_warn_less ynh_install_composer --phpversion="$phpversion" --workdir="$i # DOWNLOAD AND CONFIGURE LDAP PLUGIN #================================================= -if [[ $(ynh_app_setting_get --app=$app --key=loginldap_version) != $loginldap_version ]] +ynh_script_progression --message="Upgrading LDAP plugin..." --weight=3 + +# Download LDAP plugin from yeswiki repository +ynh_secure_remove "$install_dir/tools/loginldap" +mkdir -p "$install_dir/tools/loginldap" +ynh_setup_source --dest_dir="$install_dir/tools/loginldap" --source_id="loginldap" + +if ! grep -q "ldap_host" "$install_dir/wakka.config.php" then - ynh_script_progression --message="Upgrading LDAP plugin..." --weight=3 - - # Download LDAP plugin from yeswiki repository - wget https://repository.yeswiki.net/doryphore/extension-loginldap-$loginldap_version.zip 2>&1 - wget https://repository.yeswiki.net/doryphore/extension-loginldap-$loginldap_version.zip.md5 2>&1 - md5sum -c extension-loginldap-$loginldap_version.zip.md5 || ynh_die "Checksum for LDAP plugin does not match" - - unzip -o extension-loginldap-$loginldap_version.zip -d $install_dir/tools - - ynh_app_setting_set --app=$app --key=loginldap_version --value=$loginldap_version - - if ! grep -q "ldap_host" "$install_dir/wakka.config.php" - then - # Add LDAP config at the end of wakka.config.php - ynh_replace_string --match_string=");" --replace_string=" 'ldap_host' => '127.0.0.1',\n);" --target_file="$install_dir/wakka.config.php" - - ynh_replace_string --match_string=");" --replace_string=" 'ldap_port' => '389',\n);" --target_file="$install_dir/wakka.config.php" - - ynh_replace_string --match_string=");" --replace_string=" 'ldap_base' => 'ou=users,dc=yunohost,dc=org'\n);" --target_file="$install_dir/wakka.config.php" - fi + # Add LDAP config at the end of wakka.config.php + ynh_replace_string --match_string=");" --replace_string=" 'ldap_host' => '127.0.0.1',\n);" --target_file="$install_dir/wakka.config.php" + ynh_replace_string --match_string=");" --replace_string=" 'ldap_port' => '389',\n);" --target_file="$install_dir/wakka.config.php" + ynh_replace_string --match_string=");" --replace_string=" 'ldap_base' => 'ou=users,dc=yunohost,dc=org'\n);" --target_file="$install_dir/wakka.config.php" fi #================================================= From c7b3d9772fdfe851a0fd6c04eed79a97d8bf1743 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Sun, 10 Dec 2023 11:09:21 +0000 Subject: [PATCH 7/8] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 2b152ad..12001cd 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ However, with a YesWiki we can build a website with multiple uses: * Official app website: * Official admin documentation: * Upstream app code repository: -* YunoHost documentation for this app: +* YunoHost Store: * Report a bug: ## Developer info diff --git a/README_fr.md b/README_fr.md index e54f37b..fea6798 100644 --- a/README_fr.md +++ b/README_fr.md @@ -39,7 +39,7 @@ Néanmoins, avec un YesWiki on peut fabriquer un site internet aux usages multip * Site officiel de l’app : * Documentation officielle de l’admin : * Dépôt de code officiel de l’app : -* Documentation YunoHost pour cette app : +* YunoHost Store: * Signaler un bug : ## Informations pour les développeurs From a9023de4125d1ccef6cc3af1f69b2e4c714ba60f Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sun, 10 Dec 2023 12:27:53 +0100 Subject: [PATCH 8/8] Improve handling of non-core extensions that should be kept during source upgrade --- scripts/upgrade | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/scripts/upgrade b/scripts/upgrade index 9a13bbf..9b1ffd6 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -25,11 +25,9 @@ then # Download, check integrity, uncompress and patch the source from app.src # TODO : find a way to sync stable extensions list to avoid hardcoded extensions folders to keep + noncore_extensions="$(echo tools/{accountactivationbyemail,advancedsearch,benevolat,ferme,fontautoinstall,ipblock,lms,login-sso,logincas,loginldap,maintenance,multideletepages,nextcloudconnector,publication,qrcode,stats,tabdyn,twolevels,webhooks,yunohost})" ferme_instances="$(cd $install_dir; for p in $(ls -- */wakka.config.php 2>/dev/null); do dirname "$p"; done)" - ynh_setup_source --dest_dir="$install_dir" --full_replace=1 --keep=".env $ferme_instances wakka.config.php files custom private themes -tools/accountactivationbyemail tools/advancedsearch tools/benevolat tools/ferme tools/fontautoinstall tools/ipblock -tools/lms tools/login-sso tools/logincas tools/loginldap tools/maintenance tools/multideletepages -tools/nextcloudconnector tools/publication tools/qrcode tools/stats tools/tabdyn tools/twolevels tools/webhooks" + ynh_setup_source --dest_dir="$install_dir" --full_replace=1 --keep=".env wakka.config.php files custom private themes $noncore_extensions $ferme_instances" ynh_replace_string --match_string="yeswiki_release' \?=> \?'.*',$" --replace_string="yeswiki_release' => '$(ynh_app_upstream_version)'," --target_file="$install_dir/wakka.config.php" fi