From 6008927b611d1dcf814700de12a1147a089419dc Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Fri, 15 Sep 2023 18:17:39 +0200 Subject: [PATCH 1/5] Upgrade to v4.4.2 --- manifest.toml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/manifest.toml b/manifest.toml index 225d77a..81bcd6d 100644 --- a/manifest.toml +++ b/manifest.toml @@ -5,7 +5,7 @@ name = "YesWiki" description.en = "Wiki that is quick and easy to use" description.fr = "Wiki facile et rapide à prendre en main" -version = "4.4.1~ynh2" +version = "4.4.2~ynh2" maintainers = ["Florian Schmitt", "Nils Van Zuijlen", "Plumf"] @@ -60,8 +60,8 @@ ram.runtime = "50M" [resources] [resources.sources.main] - url = "https://github.com/YesWiki/yeswiki/archive/refs/tags/v4.4.1.tar.gz" - sha256 = "1f1a42b8596e4061b7f36c7956afcf097e90e8ea4963226cded587248f78e44f" + url = "https://github.com/YesWiki/yeswiki/archive/refs/tags/v4.4.2.tar.gz" + sha256 = "8c4fe3c0a0f76f47ab5b2c8399b437bd95548d6fa620c90c152a6acd56c25e99" autoupdate.strategy = "latest_github_tag" [resources.system_user] From 7573e36a794607e0142829e556caaeb9bfc8228d Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Fri, 15 Sep 2023 16:17:42 +0000 Subject: [PATCH 2/5] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index c9362e8..2b152ad 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ However, with a YesWiki we can build a website with multiple uses: - Cultivate a bit of freedom... -**Shipped version:** 4.4.1~ynh2 +**Shipped version:** 4.4.2~ynh2 **Demo:** https://ferme.yeswiki.net/?CreerSonWiki diff --git a/README_fr.md b/README_fr.md index 5ae264d..e54f37b 100644 --- a/README_fr.md +++ b/README_fr.md @@ -26,7 +26,7 @@ Néanmoins, avec un YesWiki on peut fabriquer un site internet aux usages multip - Cultiver un bout de liberté... -**Version incluse :** 4.4.1~ynh2 +**Version incluse :** 4.4.2~ynh2 **Démo :** https://ferme.yeswiki.net/?CreerSonWiki From 8d8cb0bdb7ccf0986a953aed03ebb18e02de1a22 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sun, 10 Dec 2023 10:28:07 +0100 Subject: [PATCH 3/5] More standard way to apply permissions + harden security for wakka.config.php --- scripts/_common.sh | 28 ---------------------------- scripts/install | 9 +++++---- scripts/restore | 8 +++----- scripts/upgrade | 5 +++-- 4 files changed, 11 insertions(+), 39 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index 6e71054..5ea3694 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,31 +1,3 @@ #!/bin/bash -#================================================= -# COMMON VARIABLES -#================================================= - loginldap_version="2021-03-01-2" - -#================================================= -# PERSONAL HELPERS -#================================================= - -# update directory right -# | arg: app - The application's name ; default : yeswiki -# | arg: install_dir - The path of the application's folder -# yeswiki_update_dir_rights yeswiki /var/www/yeswiki -yeswiki_update_dir_rights() { - local app="${1:-yeswiki}" - local install_dir="${2}" - - chown -R $app:www-data $install_dir - chmod -R u=rwx,g=rx,o-rwx $install_dir -} - -#================================================= -# EXPERIMENTAL HELPERS -#================================================= - -#================================================= -# FUTURE OFFICIAL HELPERS -#================================================= diff --git a/scripts/install b/scripts/install index d037d33..2868ff4 100755 --- a/scripts/install +++ b/scripts/install @@ -17,8 +17,8 @@ ynh_script_progression --message="Setting up source files..." --weight=5 # Download, check integrity, uncompress and patch the source from app.src ynh_setup_source --dest_dir="$install_dir" -chmod -R o-rwx "$install_dir" -chown -R $app:www-data "$install_dir" +chown -R $app:www-data $install_dir +chmod -R u=rwX,g=rX,o-rwx $install_dir #================================================= # PHP-FPM CONFIGURATION @@ -85,8 +85,9 @@ ynh_replace_string --match_string=");" --replace_string=" 'ldap_base' => 'ou=us # SECURE FILES AND DIRECTORIES #================================================= -# Set permissions to app files -yeswiki_update_dir_rights $app $install_dir +chown -R $app:www-data $install_dir +chmod -R u=rwX,g=rX,o-rwx $install_dir +chmod g-rwx $install_dir/wakka.config.php #================================================= # END OF SCRIPT diff --git a/scripts/restore b/scripts/restore index a8f29f5..2dff91d 100755 --- a/scripts/restore +++ b/scripts/restore @@ -17,11 +17,9 @@ ynh_script_progression --message="Restoring the app main directory..." --weight= ynh_restore_file --origin_path="$install_dir" -chmod -R o-rwx "$install_dir" -chown -R $app:www-data "$install_dir" - -# Restore permissions on app files -yeswiki_update_dir_rights $app $install_dir +chown -R $app:www-data $install_dir +chmod -R u=rwX,g=rX,o-rwx $install_dir +chmod g-rwx $install_dir/wakka.config.php #================================================= # RESTORE THE PHP-FPM CONFIGURATION diff --git a/scripts/upgrade b/scripts/upgrade index a6e85f1..9618e9e 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -85,8 +85,9 @@ fi # SECURE FILES AND DIRECTORIES #================================================= -# Set permissions on app files -yeswiki_update_dir_rights $app $install_dir +chown -R $app:www-data $install_dir +chmod -R u=rwX,g=rX,o-rwx $install_dir +chmod g-rwx $install_dir/wakka.config.php #================================================= # END OF SCRIPT From c39ab4201f41d50c4ac30a3c2646a3d6df295d29 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sun, 10 Dec 2023 10:55:50 +0100 Subject: [PATCH 4/5] Handle loginldap extension using a manifest source --- manifest.toml | 4 ++++ scripts/_common.sh | 2 -- scripts/install | 20 ++++++-------------- scripts/upgrade | 33 ++++++++++++--------------------- 4 files changed, 22 insertions(+), 37 deletions(-) diff --git a/manifest.toml b/manifest.toml index 81bcd6d..29a4842 100644 --- a/manifest.toml +++ b/manifest.toml @@ -64,6 +64,10 @@ ram.runtime = "50M" sha256 = "8c4fe3c0a0f76f47ab5b2c8399b437bd95548d6fa620c90c152a6acd56c25e99" autoupdate.strategy = "latest_github_tag" + [resources.sources.loginldap] + url = "https://repository.yeswiki.net/doryphore/extension-loginldap-1.0.0.zip" + sha256 = "40fe941d1eef191bb62cf454d3ee437d26d1d16181ab30d6a3602930d91a94bb" + [resources.system_user] [resources.install_dir] diff --git a/scripts/_common.sh b/scripts/_common.sh index 5ea3694..a9bf588 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -1,3 +1 @@ #!/bin/bash - -loginldap_version="2021-03-01-2" diff --git a/scripts/install b/scripts/install index 2868ff4..327d570 100755 --- a/scripts/install +++ b/scripts/install @@ -47,7 +47,7 @@ ynh_exec_warn_less ynh_install_composer --phpversion="$phpversion" --workdir="$i # Installation with curl ynh_script_progression --message="Finalizing installation..." --weight=2 -admin_temp_pass=$(ynh_string_random 6) +admin_temp_pass=$(ynh_string_random 20) ynh_local_curl "/?PagePrincipale&installAction=install" "config[default_language]=$language" "config[wakka_name]=$wiki_name" \ "config[root_page]=PagePrincipale" "config[mysql_host]=localhost" \ @@ -56,29 +56,21 @@ ynh_local_curl "/?PagePrincipale&installAction=install" "config[default_language "admin_email=$admin%40$domain" "submit=Continue" # authorization of html +# (kind of strange, should be doable using the previous curl?) ynh_replace_string --match_string="'allow_raw_html' => false," --replace_string="'allow_raw_html' => true," --target_file="$install_dir/wakka.config.php" -ynh_replace_string --match_string="yeswiki_release' \?=> \?'.*',$" --replace_string="yeswiki_release' => '$(ynh_app_upstream_version)'," --target_file="$install_dir/wakka.config.php" - #================================================= # DOWNLOAD AND CONFIGURE LDAP PLUGIN #================================================= -ynh_script_progression --message="Dowloading and configuring LDAP plugin" --weight=2 +ynh_script_progression --message="Configure LDAP plugin" --weight=2 -# Download from yeswiki repository -wget https://repository.yeswiki.net/doryphore/extension-loginldap-$loginldap_version.zip 2>&1 -wget https://repository.yeswiki.net/doryphore/extension-loginldap-$loginldap_version.zip.md5 2>&1 -md5sum -c extension-loginldap-$loginldap_version.zip.md5 || ynh_die "Checksum for LDAP plugin does not match" - -unzip extension-loginldap-$loginldap_version.zip -d $install_dir/tools - -ynh_app_setting_set --app=$app --key=loginldap_version --value=$loginldap_version +# Download LDAP plugin from yeswiki repository +mkdir -p "$install_dir/tools/loginldap" +ynh_setup_source --dest_dir="$install_dir/tools/loginldap" --source_id="loginldap" # Add config at the end of wakka.config.php ynh_replace_string --match_string=");" --replace_string=" 'ldap_host' => '127.0.0.1',\n);" --target_file="$install_dir/wakka.config.php" - ynh_replace_string --match_string=");" --replace_string=" 'ldap_port' => '389',\n);" --target_file="$install_dir/wakka.config.php" - ynh_replace_string --match_string=");" --replace_string=" 'ldap_base' => 'ou=users,dc=yunohost,dc=org'\n);" --target_file="$install_dir/wakka.config.php" #================================================= diff --git a/scripts/upgrade b/scripts/upgrade index 9618e9e..1990858 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -57,28 +57,19 @@ ynh_exec_warn_less ynh_install_composer --phpversion="$phpversion" --workdir="$i # DOWNLOAD AND CONFIGURE LDAP PLUGIN #================================================= -if [[ $(ynh_app_setting_get --app=$app --key=loginldap_version) != $loginldap_version ]] +ynh_script_progression --message="Upgrading LDAP plugin..." --weight=3 + +# Download LDAP plugin from yeswiki repository +ynh_secure_remove "$install_dir/tools/loginldap" +mkdir -p "$install_dir/tools/loginldap" +ynh_setup_source --dest_dir="$install_dir/tools/loginldap" --source_id="loginldap" + +if ! grep -q "ldap_host" "$install_dir/wakka.config.php" then - ynh_script_progression --message="Upgrading LDAP plugin..." --weight=3 - - # Download LDAP plugin from yeswiki repository - wget https://repository.yeswiki.net/doryphore/extension-loginldap-$loginldap_version.zip 2>&1 - wget https://repository.yeswiki.net/doryphore/extension-loginldap-$loginldap_version.zip.md5 2>&1 - md5sum -c extension-loginldap-$loginldap_version.zip.md5 || ynh_die "Checksum for LDAP plugin does not match" - - unzip -o extension-loginldap-$loginldap_version.zip -d $install_dir/tools - - ynh_app_setting_set --app=$app --key=loginldap_version --value=$loginldap_version - - if ! grep -q "ldap_host" "$install_dir/wakka.config.php" - then - # Add LDAP config at the end of wakka.config.php - ynh_replace_string --match_string=");" --replace_string=" 'ldap_host' => '127.0.0.1',\n);" --target_file="$install_dir/wakka.config.php" - - ynh_replace_string --match_string=");" --replace_string=" 'ldap_port' => '389',\n);" --target_file="$install_dir/wakka.config.php" - - ynh_replace_string --match_string=");" --replace_string=" 'ldap_base' => 'ou=users,dc=yunohost,dc=org'\n);" --target_file="$install_dir/wakka.config.php" - fi + # Add LDAP config at the end of wakka.config.php + ynh_replace_string --match_string=");" --replace_string=" 'ldap_host' => '127.0.0.1',\n);" --target_file="$install_dir/wakka.config.php" + ynh_replace_string --match_string=");" --replace_string=" 'ldap_port' => '389',\n);" --target_file="$install_dir/wakka.config.php" + ynh_replace_string --match_string=");" --replace_string=" 'ldap_base' => 'ou=users,dc=yunohost,dc=org'\n);" --target_file="$install_dir/wakka.config.php" fi #================================================= From c7b3d9772fdfe851a0fd6c04eed79a97d8bf1743 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Sun, 10 Dec 2023 11:09:21 +0000 Subject: [PATCH 5/5] Auto-update README --- README.md | 2 +- README_fr.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 2b152ad..12001cd 100644 --- a/README.md +++ b/README.md @@ -39,7 +39,7 @@ However, with a YesWiki we can build a website with multiple uses: * Official app website: * Official admin documentation: * Upstream app code repository: -* YunoHost documentation for this app: +* YunoHost Store: * Report a bug: ## Developer info diff --git a/README_fr.md b/README_fr.md index e54f37b..fea6798 100644 --- a/README_fr.md +++ b/README_fr.md @@ -39,7 +39,7 @@ Néanmoins, avec un YesWiki on peut fabriquer un site internet aux usages multip * Site officiel de l’app : * Documentation officielle de l’admin : * Dépôt de code officiel de l’app : -* Documentation YunoHost pour cette app : +* YunoHost Store: * Signaler un bug : ## Informations pour les développeurs