From 3f8bc8983455c7b301e40bb0dde5d9c7fb954bae Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Wed, 25 Mar 2020 16:33:19 +0100 Subject: [PATCH 1/8] Add group-permission support --- conf/login_source.sql | 9 ++++++--- manifest.json | 2 +- scripts/_common.sh | 6 ++---- scripts/install | 7 +++++-- scripts/upgrade | 15 ++++++++++++++- 5 files changed, 28 insertions(+), 11 deletions(-) diff --git a/conf/login_source.sql b/conf/login_source.sql index 7454918..ee9da47 100644 --- a/conf/login_source.sql +++ b/conf/login_source.sql @@ -1,3 +1,6 @@ -INSERT INTO `__APP__`.`login_source` (`id`, `type`, `name`, `is_actived`, `cfg`, `created_unix`, `updated_unix`) VALUES -('1', '2', 'Yunohost LDAP', '1', '{"Name":"Yunohost LDAP","Host":"localhost","Port":389,"UseSSL":false,"BindDN":"","BindPassword":"","UserBase":"ou=users,dc=yunohost,dc=org","AttributeName":"givenName","AttributeSurname":"sn","AttributeMail":"mail","Filter":"(uid=%s)","AdminFilter":"(uid=__ADMIN__)","Enabled":true}', '1464014433', '1464015955') -ON DUPLICATE KEY UPDATE cfg='{"Name":"Yunohost LDAP","Host":"localhost","Port":389,"UseSSL":false,"BindDN":"","BindPassword":"","UserBase":"ou=users,dc=yunohost,dc=org","AttributeName":"givenName","AttributeSurname":"sn","AttributeMail":"mail","Filter":"(uid=%s)","AdminFilter":"(uid=__ADMIN__)","Enabled":true}' +INSERT INTO `__APP__`.`login_source` +(`id`, `type`, `name`, `is_actived`, `cfg`, `created_unix`, `updated_unix`) +VALUES +('1', '2', 'Yunohost LDAP', '1', '{"Name":"Yunohost LDAP","Host":"localhost","Port":389,"UseSSL":false,"BindDN":"","BindPassword":"","UserBase":"ou=users,dc=yunohost,dc=org","AttributeName":"givenName","AttributeSurname":"sn","AttributeMail":"mail","Filter":"(&(uid=%s)(objectClass=posixAccount)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))","AdminFilter":"(permission=cn=__APP__.admin,ou=permission,dc=yunohost,dc=org)","Enabled":true}', '1464014433', '1464015955') +ON DUPLICATE KEY +UPDATE cfg='{"Name":"Yunohost LDAP","Host":"localhost","Port":389,"UseSSL":false,"BindDN":"","BindPassword":"","UserBase":"ou=users,dc=yunohost,dc=org","AttributeName":"givenName","AttributeSurname":"sn","AttributeMail":"mail","Filter":"(&(uid=%s)(objectClass=posixAccount)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))","AdminFilter":"(permission=cn=__APP__.admin,ou=permission,dc=yunohost,dc=org)","Enabled":true}'; diff --git a/manifest.json b/manifest.json index 37eda47..897129c 100644 --- a/manifest.json +++ b/manifest.json @@ -20,7 +20,7 @@ "mysql" ], "requirements": { - "yunohost": ">= 3.6.4" + "yunohost": ">= 3.7.0.6" }, "arguments": { "install" : [ diff --git a/scripts/_common.sh b/scripts/_common.sh index d6e5689..d52dfc7 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -87,10 +87,8 @@ set_permission() { } set_access_settings() { - if [ "$is_public" = '1' ] + if [ "$is_public" == '1' ]; then - ynh_app_setting_set --app $app --key unprotected_uris --value "/" - else - ynh_app_setting_delete --app $app --key skipped_regex + ynh_permission_update --permission "main" --add "visitors" fi } diff --git a/scripts/install b/scripts/install index 57901c4..f5687ad 100644 --- a/scripts/install +++ b/scripts/install @@ -90,14 +90,13 @@ ynh_script_progression --message="Configuring application, step 2/2..." # Start gitea for building mysql tables systemctl start "$app".service -# Wait till login_source mysql table is created +# Wait untill login_source mysql table is created while ! $(ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" <<< "SELECT * FROM login_source;" &>/dev/null) do sleep 2 done # Add ldap config -ynh_replace_string --match_string "__ADMIN__" --replace_string "$admin" --target_file ../conf/login_source.sql ynh_replace_string --match_string "__APP__" --replace_string "$app" --target_file ../conf/login_source.sql ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql @@ -113,6 +112,10 @@ ynh_add_fail2ban_config --logpath "/var/log/$app/gitea.log" --failregex ".*Faile ynh_script_progression --message="Protecting directory" set_access_settings +# Create permission +ynh_script_progression --message="Configuring permissions" +ynh_permission_create --permission="admin" --allowed=$admin + # Add gitea to YunoHost's monitored services ynh_script_progression --message="Register gitea service..." yunohost service add "$app" --log "/var/log/$app/gitea.log" diff --git a/scripts/upgrade b/scripts/upgrade index 58eccbf..fb7e3f3 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -65,7 +65,6 @@ if [[ $migration_process -eq 1 ]]; then ynh_secure_remove --file=$final_path/custom/conf/auth.d # Restore authentication from SQL database - ynh_replace_string --match_string __ADMIN__ --replace_string "$admin" --target_file ../conf/login_source.sql ynh_replace_string --match_string __APP__ --replace_string "$app" --target_file ../conf/login_source.sql ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql @@ -189,6 +188,20 @@ ynh_add_fail2ban_config --logpath "/var/log/$app/gitea.log" --failregex ".*Faile # GENERIC FINALIZATION #================================================= +# Set all permissions +ynh_script_progression --message="Update permission..." +if ! ynh_permission_exists --permission admin; then + ynh_app_setting_delete --app $app --key unprotected_uris + ynh_permission_create --permission 'admin' --allowed "$admin" + # Update ldap config + ynh_replace_string --match_string "__APP__" --replace_string "$app" --target_file ../conf/login_source.sql + ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql +fi +if [ "$is_public" == '1' ]; +then + ynh_permission_update --permission "main" --add "visitors" +fi + # Set permissions ynh_script_progression --message="Protecting directory" set_permission From 580a891b84d9e8fded59bd6af0256d1ec65f4120 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Sun, 29 Mar 2020 21:15:03 +0200 Subject: [PATCH 2/8] Fix permission migration from gogs --- scripts/experimental_helper.sh | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/scripts/experimental_helper.sh b/scripts/experimental_helper.sh index ec89165..23d0e32 100644 --- a/scripts/experimental_helper.sh +++ b/scripts/experimental_helper.sh @@ -237,6 +237,9 @@ ynh_handle_app_migration () { new_label=$(echo $new_app_id | cut -c1 | tr [:lower:] [:upper:])$(echo $new_app_id | cut -c2-) ynh_app_setting_set $new_app label $new_label fi + + yunohost tools shell -c "from yunohost.permission import permission_delete; permission_delete('$old_app.main', force=True, sync_perm=False)" + yunohost tools shell -c "from yunohost.permission import permission_create; permission_create('$new_app.main', url='/' , sync_perm=True)" #================================================= # MOVE FILES TO THE NEW DESTINATION @@ -327,7 +330,6 @@ ynh_handle_app_migration () { app=$new_app - # Set migration_process to 1 to inform that an upgrade has been made migration_process=1 fi From bd3fe9a8467864391ffaf96426036ab731833f99 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Tue, 31 Mar 2020 17:20:12 +0200 Subject: [PATCH 3/8] Fix change-url script --- scripts/change_url | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/change_url b/scripts/change_url index a57b886..de3079f 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -55,7 +55,7 @@ config_gitea # RELOAD services ynh_script_progression --message="Starting services..." -ynh_systemd_action -l "Starting new server: tcp:127.0.0.1:" -p "/var/log/$app/gitea.log" -t 10 +ynh_systemd_action -l "Starting new server: tcp:127.0.0.1:" -p "/var/log/$app/gitea.log" -t 10 -a restart sleep 1 # Store the checksum with the 'INTERNAL_TOKEN' value. From 656a21ff0a6d3554f3256cfdd97c83ff5786621d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Wed, 1 Apr 2020 20:03:45 +0000 Subject: [PATCH 4/8] Upgrade gitea to 1.11.4 --- README.md | 2 +- conf/source/arm.src | 4 ++-- conf/source/armv7.src | 4 ++-- conf/source/i386.src | 4 ++-- conf/source/x86-64.src | 4 ++-- manifest.json | 2 +- 6 files changed, 10 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 814776e..8584fa6 100644 --- a/README.md +++ b/README.md @@ -12,7 +12,7 @@ Overview Gitea is a fork of Gogs a self-hosted Git service written in Go. Alternative to Github. -**Shipped version:** 1.11.3 +**Shipped version:** 1.11.4 Screenshots ----------- diff --git a/conf/source/arm.src b/conf/source/arm.src index da70eb6..2934cfb 100644 --- a/conf/source/arm.src +++ b/conf/source/arm.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.11.3/gitea-1.11.3-linux-arm-6 -SOURCE_SUM=578180011bc0f08208dcf6222d6e9c524efc1b2a5e62ef0858f3e8a742106c8a +SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.11.4/gitea-1.11.4-linux-arm-6 +SOURCE_SUM=402db838819576b9ca8f0b5cdd5d624acb06b70a4440324710c9f48e3730ab02 SOURCE_SUM_PRG=sha256sum SOURCE_FILENAME=gitea SOURCE_EXTRACT=false diff --git a/conf/source/armv7.src b/conf/source/armv7.src index 41046f0..4942b88 100644 --- a/conf/source/armv7.src +++ b/conf/source/armv7.src @@ -1,8 +1,8 @@ # The armv7 build is brocken # See : https://github.com/go-gitea/gitea/issues/6700 # Use temporary the armv6 binary -SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.11.3/gitea-1.11.3-linux-arm-6 -SOURCE_SUM=578180011bc0f08208dcf6222d6e9c524efc1b2a5e62ef0858f3e8a742106c8a +SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.11.4/gitea-1.11.4-linux-arm-6 +SOURCE_SUM=402db838819576b9ca8f0b5cdd5d624acb06b70a4440324710c9f48e3730ab02 SOURCE_SUM_PRG=sha256sum SOURCE_FILENAME=gitea SOURCE_EXTRACT=false diff --git a/conf/source/i386.src b/conf/source/i386.src index 08fa821..5c6d7c9 100644 --- a/conf/source/i386.src +++ b/conf/source/i386.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.11.3/gitea-1.11.3-linux-386 -SOURCE_SUM=9b85e8615a68424bb4621f9430c440955394c385969d2e86d94796373992d229 +SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.11.4/gitea-1.11.4-linux-386 +SOURCE_SUM=d37fdd1ab43d861650198aba8b850e7bf121dac4a03e61fb38bf463eba01f53a SOURCE_SUM_PRG=sha256sum SOURCE_FILENAME=gitea SOURCE_EXTRACT=false diff --git a/conf/source/x86-64.src b/conf/source/x86-64.src index 6d07d43..7642d7f 100644 --- a/conf/source/x86-64.src +++ b/conf/source/x86-64.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.11.3/gitea-1.11.3-linux-amd64 -SOURCE_SUM=bd4d3d4f2d3998ebd1fecc1e8fc09971bc822aa8437a72b7131bee6b944f5d51 +SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.11.4/gitea-1.11.4-linux-amd64 +SOURCE_SUM=4408c781069c36cbb1b5923ae924e67ceee661ba9c9bd6c73cd7408c9cd62af6 SOURCE_SUM_PRG=sha256sum SOURCE_FILENAME=gitea SOURCE_EXTRACT=false diff --git a/manifest.json b/manifest.json index 897129c..2154f00 100644 --- a/manifest.json +++ b/manifest.json @@ -9,7 +9,7 @@ }, "url": "http://gitea.io", "license": "MIT", - "version": "1.11.3~ynh1", + "version": "1.11.4~ynh1", "maintainer": { "name": "rafi59", "email": "rafi59_dev@srvmaison.fr.nf" From dab174662778f68694c02a4c8311b66f2f2a6135 Mon Sep 17 00:00:00 2001 From: Aurelien Vaillant Date: Sat, 11 Apr 2020 23:16:00 +0200 Subject: [PATCH 5/8] Update README.md, add any information about LFS settings --- README.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/README.md b/README.md index 36b8c5a..66e7023 100644 --- a/README.md +++ b/README.md @@ -71,6 +71,19 @@ Host domain.tld Architecture: this package is compatible with amd64, i386 and arm. The package will try to detect it with the command uname -m and fail if it can't detect the architecture. If that happens please open an issue describing your hardware and the result of the command `uname -m`. +### LFS setup +To use a repository with an `LFS` setup, you need to activate-it on `/opt/gitea/custom/conf/app.ini` +```bash +[server] +LFS_START_SERVER = true +LFS_HTTP_AUTH_EXPIRY = 20m +``` +By default Nginx is setup with a max value to updload files at 200 Mo. It's possible to change this value on `/etc/nginx/conf.d/my.domain.tld.d/gitea.conf`. +```bash +client_max_body_size 200M; +``` +Don't forget to restart Gitea `sudo systemctl restart gitea.service`. + ### Git command access with HTTPS If you want to use the git command (like `git clone`, `git pull`, `git push`), you need to set this app as **public**. From 514932430f00adb0a1efbe08721e5550666991f0 Mon Sep 17 00:00:00 2001 From: Aurelien Vaillant Date: Mon, 13 Apr 2020 19:00:35 +0200 Subject: [PATCH 6/8] Update markdown and add a small information about the update application --- README.md | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 66e7023..493810d 100644 --- a/README.md +++ b/README.md @@ -73,17 +73,19 @@ Architecture: this package is compatible with amd64, i386 and arm. The package w ### LFS setup To use a repository with an `LFS` setup, you need to activate-it on `/opt/gitea/custom/conf/app.ini` -```bash +```ini [server] LFS_START_SERVER = true LFS_HTTP_AUTH_EXPIRY = 20m ``` By default Nginx is setup with a max value to updload files at 200 Mo. It's possible to change this value on `/etc/nginx/conf.d/my.domain.tld.d/gitea.conf`. -```bash +```ini client_max_body_size 200M; ``` Don't forget to restart Gitea `sudo systemctl restart gitea.service`. +> This settings are restore to default when Gitea is update. Don't forget to restore your setup after all updates. + ### Git command access with HTTPS If you want to use the git command (like `git clone`, `git pull`, `git push`), you need to set this app as **public**. From 19a2834f227a786c0ecec9a1ef58b180a8539167 Mon Sep 17 00:00:00 2001 From: Aurelien Vaillant Date: Mon, 13 Apr 2020 22:16:16 +0200 Subject: [PATCH 7/8] Fix wrong Markdown --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 493810d..c95aba0 100644 --- a/README.md +++ b/README.md @@ -79,7 +79,7 @@ LFS_START_SERVER = true LFS_HTTP_AUTH_EXPIRY = 20m ``` By default Nginx is setup with a max value to updload files at 200 Mo. It's possible to change this value on `/etc/nginx/conf.d/my.domain.tld.d/gitea.conf`. -```ini +``` client_max_body_size 200M; ``` Don't forget to restart Gitea `sudo systemctl restart gitea.service`. From bfc7dd4ceaad0ecbb601cfd231e51402707fb2ce Mon Sep 17 00:00:00 2001 From: Aurelien Vaillant Date: Mon, 13 Apr 2020 22:17:01 +0200 Subject: [PATCH 8/8] Apply suggestion to README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c95aba0..187564c 100644 --- a/README.md +++ b/README.md @@ -84,7 +84,7 @@ client_max_body_size 200M; ``` Don't forget to restart Gitea `sudo systemctl restart gitea.service`. -> This settings are restore to default when Gitea is update. Don't forget to restore your setup after all updates. +> This settings are restored to the default config when Gitea is updated. Don't forget to restore your setup after all updates. ### Git command access with HTTPS