diff --git a/.github/ISSUE_TEMPLATE.md b/.github/ISSUE_TEMPLATE.md new file mode 100644 index 0000000..2729a6b --- /dev/null +++ b/.github/ISSUE_TEMPLATE.md @@ -0,0 +1,55 @@ +--- +name: Bug report +about: When creating a bug report, please use the following template to provide all the relevant information and help debugging efficiently. + +--- + +**How to post a meaningful bug report** +1. *Read this whole template first.* +2. *Determine if you are on the right place:* + - *If you were performing an action on the app from the webadmin or the CLI (install, update, backup, restore, change_url...), you are on the right place!* + - *Otherwise, the issue may be due to the app itself. Refer to its documentation or repository for help.* + - *When in doubt, post here and we will figure it out together.* +3. *Delete the italic comments as you write over them below, and remove this guide.* +--- + +### Describe the bug + +*A clear and concise description of what the bug is.* + +### Context + +- Hardware: *VPS bought online / Old laptop or computer / Raspberry Pi at home / Internet Cube with VPN / Other ARM board / ...* +- YunoHost version: x.x.x +- I have access to my server: *Through SSH | through the webadmin | direct access via keyboard / screen | ...* +- Are you in a special context or did you perform some particular tweaking on your YunoHost instance?: *no / yes* + - If yes, please explain: +- Using, or trying to install package version/branch: +- If upgrading, current package version: *can be found in the admin, or with `yunohost app info $app_id`* + +### Steps to reproduce + +- *If you performed a command from the CLI, the command itself is enough. For example:* + ```sh + sudo yunohost app install the_app + ``` +- *If you used the webadmin, please perform the equivalent command from the CLI first.* +- *If the error occurs in your browser, explain what you did:* + 1. *Go to '...'* + 2. *Click on '...'* + 3. *Scroll down to '...'* + 4. *See error* + +### Expected behavior + +*A clear and concise description of what you expected to happen. You can remove this section if the command above is enough to understand your intent.* + +### Logs + +*When an operation fails, YunoHost provides a simple way to share the logs.* +- *In the webadmin, the error message contains a link to the relevant log page. On that page, you will be able to 'Share with Yunopaste'. If you missed it, the logs of previous operations are also available under Tools > Logs.* +- *In command line, the command to share the logs is displayed at the end of the operation and looks like `yunohost log display [log name] --share`. If you missed it, you can find the log ID of a previous operation using `yunohost log list`.* + +*After sharing the log, please copypaste directly the link provided by YunoHost (to help readability, no need to copypaste the entire content of the log here, just the link is enough...)* + +*If applicable and useful, add screenshots to help explain your problem.* diff --git a/.github/PULL_REQUEST_TEMPLATE.md b/.github/PULL_REQUEST_TEMPLATE.md new file mode 100644 index 0000000..ef70e18 --- /dev/null +++ b/.github/PULL_REQUEST_TEMPLATE.md @@ -0,0 +1,16 @@ +## Problem + +- *Description of why you made this PR* + +## Solution + +- *And how do you fix that problem* + +## PR Status + +- [ ] Code finished and ready to be reviewed/tested +- [ ] The fix/enhancement were manually tested (if applicable) + +## Automatic tests + +Automatic tests can be triggered on https://ci-apps-dev.yunohost.org/ *after creating the PR*, by commenting "!testme", "!gogogadgetoci" or "By the power of systemd, I invoke The Great App CI to test this Pull Request!". (N.B. : for this to work you need to be a member of the Yunohost-Apps organization) diff --git a/README.md b/README.md index 32f2004..5fe3ac0 100644 --- a/README.md +++ b/README.md @@ -1,92 +1,64 @@ -Gitea package for YunoHost -========================== - - -[![Integration level](https://dash.yunohost.org/integration/gitea.svg)](https://dash.yunohost.org/appci/app/gitea) ![](https://ci-apps.yunohost.org/ci/badges/gitea.status.svg) ![](https://ci-apps.yunohost.org/ci/badges/gitea.maintain.svg) -[![Install gitea with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=gitea) - -> *This package allow you to install gitea quickly and simply on a YunoHost server. -If you don't have YunoHost, please see [here](https://yunohost.org/#/install) to know how to install and enjoy it.* - -Overview --------- - -Gitea is a fork of Gogs a self-hosted Git service written in Go. Alternative to Github. - -**Shipped version:** 1.14.5 - -Screenshots ------------ - -![](https://gitea.io/images/screenshot.png) - -Documentation -------------- - - * Official documentation: https://docs.gitea.io/ - * YunoHost documentation: There no other documentations, feel free to contribute. - -YunoHost specific features --------------------------- - -### Multi-users support - -LDAP and HTTP auth are supported. - -### Supported architectures - -* x86-64 - [![Build Status](https://ci-apps.yunohost.org/ci/logs/gitea%20%28Apps%29.svg)](https://ci-apps.yunohost.org/ci/apps/gitea/) -* ARMv8-A - [![Build Status](https://ci-apps-arm.yunohost.org/ci/logs/gitea%20%28Apps%29.svg)](https://ci-apps-arm.yunohost.org/ci/apps/gitea/) - - -Additional informations ------------------------ +# Gitea for YunoHost + +[![Integration level](https://dash.yunohost.org/integration/gitea.svg)](https://dash.yunohost.org/appci/app/gitea) ![Working status](https://ci-apps.yunohost.org/ci/badges/gitea.status.svg) ![Maintenance status](https://ci-apps.yunohost.org/ci/badges/gitea.maintain.svg) +[![Install Gitea with YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=gitea) + +*[Lire ce readme en français.](./README_fr.md)* + +> *This package allows you to install Gitea quickly and simply on a YunoHost server. +If you don't have YunoHost, please consult [the guide](https://yunohost.org/#/install) to learn how to install it.* + +## Overview + +Gitea is a fork of Gogs a self-hosted Git service written in Go. Alternative to GitHub. + + +**Shipped version:** 1.17.1~ynh1 + + +## Screenshots + +![Screenshot of Gitea](./doc/screenshots/screenshot.png) + +## Disclaimers / important information + +## Additional informations ### Notes on SSH usage -If you want to use Gitea with ssh and be able to pull/push with you ssh key, your ssh daemon must be properly configured to use private/public keys. Here is a sample configuration of `/etc/ssh/sshd_config` that works with Gitea: +If you want to use Gitea with SSH and be able to pull/push with your SSH key, your SSH daemon must be properly configured to use private/public keys. Here is a sample configuration `/etc/ssh/sshd_config` that works with Gitea: ```bash PubkeyAuthentication yes -AuthorizedKeysFile /home/%u/.ssh/authorized_keys +AuthorizedKeysFile /home/yunohost.app/%u/.ssh/authorized_keys ChallengeResponseAuthentication no PasswordAuthentication no UsePAM no ``` -You also need to add your public key to your Gitea profile. +You must also add your public key to your Gitea profile. -If you use ssh on another port than 22, you need to add theses lines to your ssh config in `~/.ssh/config`: +When using SSH on any port other than 22, you need to add these lines to your SSH configuration `~/.ssh/config`: ```bash Host domain.tld port 2222 # change this with the port you use ``` -You will also need to add the `gitea` user in the ssh permission with this command: - -``` -sudo adduser gitea ssh.app -``` - -### Architecture - -This package is compatible with amd64, i386 and arm. The package will try to detect it with the command uname -m and fail if it can't detect the architecture. If that happens please open an issue describing your hardware and the result of the command `uname -m`. - ### Upgrade -By default a backup is made before the upgrade. To avoid this you have theses following possibilites: -- Pass the `NO_BACKUP_UPGRADE` env variable with `1` at each upgrade. By example `NO_BACKUP_UPGRADE=1 yunohost app upgrade gitea`. -- Set the settings `disable_backup_before_upgrade` to `1`. You can set this with this command: +By default, a backup is performed before upgrading. To avoid this, you have the following options: +- Pass the `NO_BACKUP_UPGRADE` env variable with `1` at each upgrade. For example `NO_BACKUP_UPGRADE=1 yunohost app upgrade gitea`. +- Set `disable_backup_before_upgrade` to `1`. You can set it with this command: `yunohost app setting gitea disable_backup_before_upgrade -v 1` -After this settings will be applied for **all** next upgrade. +After that, the settings will be applied for **all** the next updates. From command line: @@ -94,74 +66,63 @@ From command line: ### Backup -This app use now the core-only feature of the backup. To keep the integrity of the data and to have a better guarantee of the restoration is recommended to proceed like this: +This application now uses the core-only feature of the backup. To keep the integrity of the data and to have a better guarantee of the restoration it is recommended to proceed as follows: -- Stop gitea service with theses following command: +- Stop Gitea service with this command: `systemctl stop gitea.service` -- Launch the backup of gitea with this following command: +- Launch Gitea backup with this command: `yunohost backup create --app gitea` -- Do a backup of your data with your specific strategy (could be with rsync, borg backup or just cp). The data is generally stored in `/home/gitea`. -- Restart the gitea service with theses command: +- Backup your data with your specific strategy (could be with rsync, borg backup or just cp). The data is generally stored in `/home/yunohost.app/gitea`. +- Restart Gitea service with theses command: `systemctl start gitea.service` ### Remove -Due of the backup core only feature the data directory in `/home/gitea` **is not removed**. It need to be removed manually to purge app user data. +Due of the backup core only feature the data directory in `/home/yunohost.app/gitea` **is not removed**. It must be manually deleted to purge user data from the app. ### LFS setup -To use a repository with an `LFS` setup, you need to activate-it on `/opt/gitea/custom/conf/app.ini` +To use a repository with an `LFS` setup, you need to activate it on `/opt/gitea/custom/conf/app.ini` + ```ini [server] LFS_START_SERVER = true LFS_HTTP_AUTH_EXPIRY = 20m ``` -By default Nginx is setup with a max value to updload files at 200 Mo. It's possible to change this value on `/etc/nginx/conf.d/my.domain.tld.d/gitea.conf`. +By default, NGINX is configured with a maximum value for uploading files at 200 MB. It's possible to change this value on `/etc/nginx/conf.d/my.domain.tld.d/gitea.conf`. ``` client_max_body_size 200M; ``` Don't forget to restart Gitea `sudo systemctl restart gitea.service`. -> This settings are restored to the default config when Gitea is updated. Don't forget to restore your setup after all updates. +> These settings are restored to the default configuration when updating Gitea. Remember to restore your configuration after all updates. ### Git command access with HTTPS -If you want to use the git command (like `git clone`, `git pull`, `git push`), you need to set this app as **public**. +If you want to use the Git command (like `git clone`, `git pull`, `git push`), you need to set this app as **public**. -Links ------ +## Documentation and resources - * Report a bug: https://framagit.org/YunoHost-Apps/gitea_ynh/issues - * App website: http://gitea.io - * YunoHost website: https://yunohost.org/ +* Official app website: +* Official admin documentation: +* Upstream app code repository: +* YunoHost documentation for this app: +* Report a bug: ---- +## Developer info -Install -------- +Please send your pull request to the [testing branch](https://github.com/YunoHost-Apps/gitea_ynh/tree/testing). -From command line: +To try the testing branch, please proceed like that. -`sudo yunohost app install -l gitea https://github.com/YunoHost-Apps/gitea_ynh` +``` bash +sudo yunohost app install https://github.com/YunoHost-Apps/gitea_ynh/tree/testing --debug +or +sudo yunohost app upgrade gitea -u https://github.com/YunoHost-Apps/gitea_ynh/tree/testing --debug +``` -Upgrade -------- - -From command line: - -`sudo yunohost app upgrade gitea -u https://github.com/YunoHost-Apps/gitea_ynh` - -License -------- - -Gitea is published under the MIT License: -https://github.com/go-gitea/gitea/blob/master/LICENSE - -This package is published under the MIT License. - -Todo ----- +**More info regarding app packaging:** diff --git a/README_fr.md b/README_fr.md new file mode 100644 index 0000000..4ebf3dc --- /dev/null +++ b/README_fr.md @@ -0,0 +1,128 @@ + + +# Gitea pour YunoHost + +[![Niveau d'intégration](https://dash.yunohost.org/integration/gitea.svg)](https://dash.yunohost.org/appci/app/gitea) ![Statut du fonctionnement](https://ci-apps.yunohost.org/ci/badges/gitea.status.svg) ![Statut de maintenance](https://ci-apps.yunohost.org/ci/badges/gitea.maintain.svg) +[![Installer Gitea avec YunoHost](https://install-app.yunohost.org/install-with-yunohost.svg)](https://install-app.yunohost.org/?app=gitea) + +*[Read this readme in english.](./README.md)* + +> *Ce package vous permet d'installer Gitea rapidement et simplement sur un serveur YunoHost. +Si vous n'avez pas YunoHost, regardez [ici](https://yunohost.org/#/install) pour savoir comment l'installer et en profiter.* + +## Vue d'ensemble + +Gitea is a fork of Gogs a self-hosted Git service written in Go. Alternative to GitHub. + + +**Version incluse :** 1.17.1~ynh1 + + +## Captures d'écran + +![Capture d'écran de Gitea](./doc/screenshots/screenshot.png) + +## Avertissements / informations importantes + +## Additional informations + +### Notes on SSH usage + +If you want to use Gitea with SSH and be able to pull/push with your SSH key, your SSH daemon must be properly configured to use private/public keys. Here is a sample configuration `/etc/ssh/sshd_config` that works with Gitea: + +```bash +PubkeyAuthentication yes +AuthorizedKeysFile /home/yunohost.app/%u/.ssh/authorized_keys +ChallengeResponseAuthentication no +PasswordAuthentication no +UsePAM no +``` + +You must also add your public key to your Gitea profile. + +When using SSH on any port other than 22, you need to add these lines to your SSH configuration `~/.ssh/config`: + +```bash +Host domain.tld + port 2222 # change this with the port you use +``` + +### Upgrade + +By default, a backup is performed before upgrading. To avoid this, you have the following options: +- Pass the `NO_BACKUP_UPGRADE` env variable with `1` at each upgrade. For example `NO_BACKUP_UPGRADE=1 yunohost app upgrade gitea`. +- Set `disable_backup_before_upgrade` to `1`. You can set it with this command: + +`yunohost app setting gitea disable_backup_before_upgrade -v 1` + +After that, the settings will be applied for **all** the next updates. + +From command line: + +`yunohost app upgrade gitea` + +### Backup + +This application now uses the core-only feature of the backup. To keep the integrity of the data and to have a better guarantee of the restoration it is recommended to proceed as follows: + +- Stop Gitea service with this command: + +`systemctl stop gitea.service` + +- Launch Gitea backup with this command: + +`yunohost backup create --app gitea` + +- Backup your data with your specific strategy (could be with rsync, borg backup or just cp). The data is generally stored in `/home/yunohost.app/gitea`. +- Restart Gitea service with theses command: + +`systemctl start gitea.service` + +### Remove + +Due of the backup core only feature the data directory in `/home/yunohost.app/gitea` **is not removed**. It must be manually deleted to purge user data from the app. + +### LFS setup +To use a repository with an `LFS` setup, you need to activate it on `/opt/gitea/custom/conf/app.ini` + +```ini +[server] +LFS_START_SERVER = true +LFS_HTTP_AUTH_EXPIRY = 20m +``` +By default, NGINX is configured with a maximum value for uploading files at 200 MB. It's possible to change this value on `/etc/nginx/conf.d/my.domain.tld.d/gitea.conf`. +``` +client_max_body_size 200M; +``` +Don't forget to restart Gitea `sudo systemctl restart gitea.service`. + +> These settings are restored to the default configuration when updating Gitea. Remember to restore your configuration after all updates. + +### Git command access with HTTPS + +If you want to use the Git command (like `git clone`, `git pull`, `git push`), you need to set this app as **public**. + +## Documentations et ressources + +* Site officiel de l'app : +* Documentation officielle de l'admin : +* Dépôt de code officiel de l'app : +* Documentation YunoHost pour cette app : +* Signaler un bug : + +## Informations pour les développeurs + +Merci de faire vos pull request sur la [branche testing](https://github.com/YunoHost-Apps/gitea_ynh/tree/testing). + +Pour essayer la branche testing, procédez comme suit. + +``` bash +sudo yunohost app install https://github.com/YunoHost-Apps/gitea_ynh/tree/testing --debug +ou +sudo yunohost app upgrade gitea -u https://github.com/YunoHost-Apps/gitea_ynh/tree/testing --debug +``` + +**Plus d'infos sur le packaging d'applications :** diff --git a/check_process b/check_process index 7206f2b..1acdd87 100644 --- a/check_process +++ b/check_process @@ -1,9 +1,9 @@ ;; General ; Manifest - domain="domain.tld" (DOMAIN) - path="/path" (PATH) - admin="john" (USER) - is_public=1 (PUBLIC|public=1|private=0) + domain="domain.tld" + path="/path" + admin="john" + is_public=1 ; Checks pkg_linter=1 setup_sub_dir=1 @@ -12,7 +12,9 @@ setup_private=1 setup_public=1 upgrade=1 - upgrade=1 from_commit=349992d4f3921e4e1adb37a0cace4a5a9eb67099 + #1.14.5 + upgrade=1 from_commit=7ea357724f2371aa1173f15ba5a7502609a0a131 + upgrade=1 from_commit=bd3fe9a8467864391ffaf96426036ab731833f99 upgrade=1 from_commit=4e078e91129725c8b09ba551ab2a04e0328a45b3 backup_restore=1 multi_instance=1 @@ -20,7 +22,9 @@ port_already_use=1 (6000) change_url=1 ;;; Upgrade options - ; commit=349992d4f3921e4e1adb37a0cace4a5a9eb67099 - name=First package version + ; commit=7ea357724f2371aa1173f15ba5a7502609a0a131 + name=1.14.5 + ; commit=bd3fe9a8467864391ffaf96426036ab731833f99 + name=Just after group permission support ; commit=4e078e91129725c8b09ba551ab2a04e0328a45b3 name=Gogs code, check migration from gogs diff --git a/conf/app.ini b/conf/app.ini index 9f00522..c954f1d 100644 --- a/conf/app.ini +++ b/conf/app.ini @@ -21,12 +21,14 @@ FORCE_PRIVATE = false DOMAIN = __DOMAIN__ HTTP_PORT = __PORT__ HTTP_ADDR = 127.0.0.1 -ROOT_URL = https://__URL__/ +ROOT_URL = https://__DOMAIN____PATH_URL__ DISABLE_SSH = false SSH_PORT = __SSH_PORT__ OFFLINE_MODE = false APP_DATA_PATH = __DATA_PATH__ LANDING_PAGE = explore +LFS_START_SERVER = true +LFS_JWT_SECRET = __LFS_KEY__ [mailer] ENABLED = true @@ -40,8 +42,8 @@ ENABLE_NOTIFY_MAIL = true DISABLE_REGISTRATION = true ENABLE_CAPTCHA = false REQUIRE_SIGNIN_VIEW = false -ENABLE_REVERSE_PROXY_AUTHENTICATION = false -ENABLE_REVERSE_PROXY_AUTO_REGISTERATION = false +ENABLE_REVERSE_PROXY_AUTHENTICATION = true +ENABLE_REVERSE_PROXY_AUTO_REGISTRATION = true [picture] AVATAR_UPLOAD_PATH = __DATA_PATH__/avatars @@ -72,4 +74,5 @@ XORM = file [security] INSTALL_LOCK = true SECRET_KEY = __KEY__ -REVERSE_PROXY_AUTHENTICATION_USER = REMOTE_USER +REVERSE_PROXY_AUTHENTICATION_USER = REMOTE-USER +REVERSE_PROXY_TRUSTED_PROXIES = 127.0.0.0/8,::1/128 diff --git a/conf/login_source.sql b/conf/login_source.sql index ee9da47..72eb3b0 100644 --- a/conf/login_source.sql +++ b/conf/login_source.sql @@ -1,6 +1,6 @@ INSERT INTO `__APP__`.`login_source` -(`id`, `type`, `name`, `is_actived`, `cfg`, `created_unix`, `updated_unix`) +(`id`, `type`, `name`, `is_active`, `cfg`, `created_unix`, `updated_unix`) VALUES -('1', '2', 'Yunohost LDAP', '1', '{"Name":"Yunohost LDAP","Host":"localhost","Port":389,"UseSSL":false,"BindDN":"","BindPassword":"","UserBase":"ou=users,dc=yunohost,dc=org","AttributeName":"givenName","AttributeSurname":"sn","AttributeMail":"mail","Filter":"(&(uid=%s)(objectClass=posixAccount)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))","AdminFilter":"(permission=cn=__APP__.admin,ou=permission,dc=yunohost,dc=org)","Enabled":true}', '1464014433', '1464015955') +('1', '2', 'YunoHost LDAP', '1', '{"Name":"Yunohost LDAP","Host":"localhost","Port":389,"UseSSL":false,"BindDN":"","BindPassword":"","UserBase":"ou=users,dc=yunohost,dc=org","AttributeName":"givenName","AttributeSurname":"sn","AttributeMail":"mail","Filter":"(&(uid=%s)(objectClass=posixAccount)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))","AdminFilter":"(permission=cn=__APP__.admin,ou=permission,dc=yunohost,dc=org)","Enabled":true}', '1464014433', '1464015955') ON DUPLICATE KEY -UPDATE cfg='{"Name":"Yunohost LDAP","Host":"localhost","Port":389,"UseSSL":false,"BindDN":"","BindPassword":"","UserBase":"ou=users,dc=yunohost,dc=org","AttributeName":"givenName","AttributeSurname":"sn","AttributeMail":"mail","Filter":"(&(uid=%s)(objectClass=posixAccount)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))","AdminFilter":"(permission=cn=__APP__.admin,ou=permission,dc=yunohost,dc=org)","Enabled":true}'; +UPDATE cfg='{"Name":"YunoHost LDAP","Host":"localhost","Port":389,"UseSSL":false,"BindDN":"","BindPassword":"","UserBase":"ou=users,dc=yunohost,dc=org","AttributeName":"givenName","AttributeSurname":"sn","AttributeMail":"mail","Filter":"(&(uid=%s)(objectClass=posixAccount)(permission=cn=__APP__.main,ou=permission,dc=yunohost,dc=org))","AdminFilter":"(permission=cn=__APP__.admin,ou=permission,dc=yunohost,dc=org)","Enabled":true}'; diff --git a/conf/nginx.conf b/conf/nginx.conf index 536fa2e..acafbce 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -3,15 +3,9 @@ location __PATH__/ { proxy_pass http://localhost:__PORT__/; proxy_set_header Host $host; proxy_buffering off; - fastcgi_param REMOTE_USER $remote_user; client_max_body_size 200M; proxy_set_header X-Real-IP $remote_addr; - # Force https - if ($scheme = http) { - rewrite ^ https://$server_name$request_uri? permanent; - } - # Include SSOWAT user panel. include conf.d/yunohost_panel.conf.inc; } diff --git a/conf/source/arm.src b/conf/source/arm.src index df859ba..fbb2112 100644 --- a/conf/source/arm.src +++ b/conf/source/arm.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.14.5/gitea-1.14.5-linux-arm-6 -SOURCE_SUM=2808bea62a84389e123b94331de7b330f8b9b9149bff1e8758d6c7adae88ef5a +SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.17.1/gitea-1.17.1-linux-arm-6 +SOURCE_SUM=3229ddb4b4d9523c4dad2978c5af4da002a82f6dd65f4942e48ff9ea523f1f98 SOURCE_SUM_PRG=sha256sum SOURCE_FILENAME=gitea SOURCE_EXTRACT=false diff --git a/conf/source/arm64.src b/conf/source/arm64.src index 2cb7de0..534ea44 100644 --- a/conf/source/arm64.src +++ b/conf/source/arm64.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.14.5/gitea-1.14.5-linux-arm64 -SOURCE_SUM=43a9b559d8a080cbf55aac8961074a25018e83edfe70d7dc8666b9acff794b09 +SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.17.1/gitea-1.17.1-linux-arm64 +SOURCE_SUM=21a5fc2b2b31939bf81dac5f872af154c0b2070340beb30660fbfa90911b637b SOURCE_SUM_PRG=sha256sum SOURCE_FILENAME=gitea SOURCE_EXTRACT=false diff --git a/conf/source/arm64_1.14.src b/conf/source/arm64_1.14.src new file mode 100644 index 0000000..9bf2c89 --- /dev/null +++ b/conf/source/arm64_1.14.src @@ -0,0 +1,5 @@ +SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.14.6/gitea-1.14.6-linux-arm64 +SOURCE_SUM=d0e177368445748dcbfc3a082e2f1c68317d1490e11574224fb12ca01e91e15e +SOURCE_SUM_PRG=sha256sum +SOURCE_FILENAME=gitea +SOURCE_EXTRACT=false diff --git a/conf/source/arm64_1.15.src b/conf/source/arm64_1.15.src new file mode 100644 index 0000000..13f65f7 --- /dev/null +++ b/conf/source/arm64_1.15.src @@ -0,0 +1,5 @@ +SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.15.11/gitea-1.15.11-linux-arm64 +SOURCE_SUM=a41a702d24e463c44dbc57a30551938a5e4c9377995065aca07e9dfbb22d5afc +SOURCE_SUM_PRG=sha256sum +SOURCE_FILENAME=gitea +SOURCE_EXTRACT=false diff --git a/conf/source/arm64_1.16.src b/conf/source/arm64_1.16.src new file mode 100644 index 0000000..f686bfd --- /dev/null +++ b/conf/source/arm64_1.16.src @@ -0,0 +1,5 @@ +SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.16.9/gitea-1.16.9-linux-arm64 +SOURCE_SUM=c468cb92fee1fc917923fd2728449fb9da97e5e9e4322d531716b3c6571ceb20 +SOURCE_SUM_PRG=sha256sum +SOURCE_FILENAME=gitea +SOURCE_EXTRACT=false diff --git a/conf/source/arm_1.14.src b/conf/source/arm_1.14.src new file mode 100644 index 0000000..cb57028 --- /dev/null +++ b/conf/source/arm_1.14.src @@ -0,0 +1,5 @@ +SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.14.6/gitea-1.14.6-linux-arm-6 +SOURCE_SUM=4c075c11ee6b89b6c436c94e47290cf7daeff2006bb7ca1fbe6f22db4482e16f +SOURCE_SUM_PRG=sha256sum +SOURCE_FILENAME=gitea +SOURCE_EXTRACT=false diff --git a/conf/source/arm_1.15.src b/conf/source/arm_1.15.src new file mode 100644 index 0000000..25f4ee1 --- /dev/null +++ b/conf/source/arm_1.15.src @@ -0,0 +1,5 @@ +SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.15.11/gitea-1.15.11-linux-arm-6 +SOURCE_SUM=c60d364d8cb7e25b341cb7d9988cbc7b3485ff5aa994e021980dc47996a870f9 +SOURCE_SUM_PRG=sha256sum +SOURCE_FILENAME=gitea +SOURCE_EXTRACT=false diff --git a/conf/source/arm_1.16.src b/conf/source/arm_1.16.src new file mode 100644 index 0000000..13945b8 --- /dev/null +++ b/conf/source/arm_1.16.src @@ -0,0 +1,5 @@ +SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.16.9/gitea-1.16.9-linux-arm-6 +SOURCE_SUM=0f0af0169b17927db6e8fe8711ef40c139d366983653034d6601e27761c3aa2b +SOURCE_SUM_PRG=sha256sum +SOURCE_FILENAME=gitea +SOURCE_EXTRACT=false diff --git a/conf/source/armv7.src b/conf/source/armv7.src index aa2f7c6..fb84268 100644 --- a/conf/source/armv7.src +++ b/conf/source/armv7.src @@ -1,8 +1,8 @@ # The armv7 build is brocken # See : https://github.com/go-gitea/gitea/issues/6700 # Use temporary the armv6 binary -SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.14.5/gitea-1.14.5-linux-arm-6 -SOURCE_SUM=2808bea62a84389e123b94331de7b330f8b9b9149bff1e8758d6c7adae88ef5a +SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.17.1/gitea-1.17.1-linux-arm-6 +SOURCE_SUM=3229ddb4b4d9523c4dad2978c5af4da002a82f6dd65f4942e48ff9ea523f1f98 SOURCE_SUM_PRG=sha256sum SOURCE_FILENAME=gitea SOURCE_EXTRACT=false diff --git a/conf/source/armv7_1.14.src b/conf/source/armv7_1.14.src new file mode 100644 index 0000000..bd3cdc1 --- /dev/null +++ b/conf/source/armv7_1.14.src @@ -0,0 +1,8 @@ +# The armv7 build is brocken +# See : https://github.com/go-gitea/gitea/issues/6700 +# Use temporary the armv6 binary +SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.14.6/gitea-1.14.6-linux-arm-6 +SOURCE_SUM=4c075c11ee6b89b6c436c94e47290cf7daeff2006bb7ca1fbe6f22db4482e16f +SOURCE_SUM_PRG=sha256sum +SOURCE_FILENAME=gitea +SOURCE_EXTRACT=false diff --git a/conf/source/armv7_1.15.src b/conf/source/armv7_1.15.src new file mode 100644 index 0000000..3c2672e --- /dev/null +++ b/conf/source/armv7_1.15.src @@ -0,0 +1,8 @@ +# The armv7 build is brocken +# See : https://github.com/go-gitea/gitea/issues/6700 +# Use temporary the armv6 binary +SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.15.11/gitea-1.15.11-linux-arm-6 +SOURCE_SUM=c60d364d8cb7e25b341cb7d9988cbc7b3485ff5aa994e021980dc47996a870f9 +SOURCE_SUM_PRG=sha256sum +SOURCE_FILENAME=gitea +SOURCE_EXTRACT=false diff --git a/conf/source/armv7_1.16.src b/conf/source/armv7_1.16.src new file mode 100644 index 0000000..440a26a --- /dev/null +++ b/conf/source/armv7_1.16.src @@ -0,0 +1,8 @@ +# The armv7 build is brocken +# See : https://github.com/go-gitea/gitea/issues/6700 +# Use temporary the armv6 binary +SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.16.9/gitea-1.16.9-linux-arm-6 +SOURCE_SUM=0f0af0169b17927db6e8fe8711ef40c139d366983653034d6601e27761c3aa2b +SOURCE_SUM_PRG=sha256sum +SOURCE_FILENAME=gitea +SOURCE_EXTRACT=false diff --git a/conf/source/i386.src b/conf/source/i386.src index 5546686..aa7f8de 100644 --- a/conf/source/i386.src +++ b/conf/source/i386.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.14.5/gitea-1.14.5-linux-386 -SOURCE_SUM=4d144f146f85d8b87fd93809019e3d1fd1b691d1fcb1bd5ea3801e0dc5a87e84 +SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.17.1/gitea-1.17.1-linux-386 +SOURCE_SUM=013b1e527c20f68aebd82b9e43aa85bfcad76b9bc7934d5891bb823a19a9d9c6 SOURCE_SUM_PRG=sha256sum SOURCE_FILENAME=gitea SOURCE_EXTRACT=false diff --git a/conf/source/i386_1.14.src b/conf/source/i386_1.14.src new file mode 100644 index 0000000..b9868bd --- /dev/null +++ b/conf/source/i386_1.14.src @@ -0,0 +1,5 @@ +SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.14.6/gitea-1.14.6-linux-386 +SOURCE_SUM=1a3382eb4faf60a5f5c590843f8e7cd1f7d0e78e99fe2511f86368340c0cfe2e +SOURCE_SUM_PRG=sha256sum +SOURCE_FILENAME=gitea +SOURCE_EXTRACT=false diff --git a/conf/source/i386_1.15.src b/conf/source/i386_1.15.src new file mode 100644 index 0000000..53f0004 --- /dev/null +++ b/conf/source/i386_1.15.src @@ -0,0 +1,5 @@ +SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.15.11/gitea-1.15.11-linux-386 +SOURCE_SUM=bad15648236e8da71de1a09b9fe0f21d955605c3aba92f6bcf7dc1f490791a8d +SOURCE_SUM_PRG=sha256sum +SOURCE_FILENAME=gitea +SOURCE_EXTRACT=false diff --git a/conf/source/i386_1.16.src b/conf/source/i386_1.16.src new file mode 100644 index 0000000..ac697d4 --- /dev/null +++ b/conf/source/i386_1.16.src @@ -0,0 +1,5 @@ +SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.16.9/gitea-1.16.9-linux-386 +SOURCE_SUM=de40bf7cd20fe42f0d32bfc7401480cec7e1496297cb726acc94afd9d190bf9f +SOURCE_SUM_PRG=sha256sum +SOURCE_FILENAME=gitea +SOURCE_EXTRACT=false diff --git a/conf/source/x86-64.src b/conf/source/x86-64.src index 4dd441b..69dcac1 100644 --- a/conf/source/x86-64.src +++ b/conf/source/x86-64.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.14.5/gitea-1.14.5-linux-amd64 -SOURCE_SUM=8a6f7983bd47690e6087e14b7a32d6fb0b8868b137da0ea5edff28c32763ca6d +SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.17.1/gitea-1.17.1-linux-amd64 +SOURCE_SUM=eafd476ee2a303d758448314272add00898d045439ab0d353ff4286c5e63496f SOURCE_SUM_PRG=sha256sum SOURCE_FILENAME=gitea SOURCE_EXTRACT=false diff --git a/conf/source/x86-64_1.14.src b/conf/source/x86-64_1.14.src new file mode 100644 index 0000000..be76bd3 --- /dev/null +++ b/conf/source/x86-64_1.14.src @@ -0,0 +1,5 @@ +SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.14.6/gitea-1.14.6-linux-amd64 +SOURCE_SUM=20cc0a89421695320b077c9fe4f16996f03aaf9d24f661f8d2255794551c849b +SOURCE_SUM_PRG=sha256sum +SOURCE_FILENAME=gitea +SOURCE_EXTRACT=false diff --git a/conf/source/x86-64_1.15.src b/conf/source/x86-64_1.15.src new file mode 100644 index 0000000..b647844 --- /dev/null +++ b/conf/source/x86-64_1.15.src @@ -0,0 +1,5 @@ +SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.15.11/gitea-1.15.11-linux-amd64 +SOURCE_SUM=e2f62b67c311116fbf8e52b4c162dbd7684ce9c7f0370642c1d402fece43aa8f +SOURCE_SUM_PRG=sha256sum +SOURCE_FILENAME=gitea +SOURCE_EXTRACT=false diff --git a/conf/source/x86-64_1.16.src b/conf/source/x86-64_1.16.src new file mode 100644 index 0000000..ee599d3 --- /dev/null +++ b/conf/source/x86-64_1.16.src @@ -0,0 +1,5 @@ +SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.16.9/gitea-1.16.9-linux-amd64 +SOURCE_SUM=821dd30afed9ae42b18e727174b078ea9118a6ccc5106d8246bebf8180fcbef3 +SOURCE_SUM_PRG=sha256sum +SOURCE_FILENAME=gitea +SOURCE_EXTRACT=false diff --git a/conf/systemd.service b/conf/systemd.service index 821e0b9..3dcae38 100644 --- a/conf/systemd.service +++ b/conf/systemd.service @@ -15,10 +15,40 @@ After=slapd.service Type=simple User=__APP__ Group=__APP__ -WorkingDirectory=/home/__APP__ +WorkingDirectory=/home/yunohost.app/__APP__ ExecStart=/opt/__APP__/gitea web Restart=always -Environment=USER=__APP__ HOME=/home/__APP__ +Environment=USER=__APP__ HOME=/home/yunohost.app/__APP__ + +# Sandboxing options to harden security +# Depending on specificities of your service/app, you may need to tweak these +# .. but this should be a good baseline +# Details for these options: https://www.freedesktop.org/software/systemd/man/systemd.exec.html +NoNewPrivileges=yes +PrivateTmp=yes +PrivateDevices=yes +RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 +RestrictNamespaces=yes +RestrictRealtime=yes +DevicePolicy=closed +ProtectSystem=full +ProtectControlGroups=yes +ProtectKernelModules=yes +ProtectKernelTunables=yes +LockPersonality=yes +SystemCallFilter=~@clock @debug @module @mount @obsolete @reboot @setuid @swap + +# Denying access to capabilities that should not be relevant for webapps +# Doc: https://man7.org/linux/man-pages/man7/capabilities.7.html +CapabilityBoundingSet=~CAP_RAWIO CAP_MKNOD +CapabilityBoundingSet=~CAP_AUDIT_CONTROL CAP_AUDIT_READ CAP_AUDIT_WRITE +CapabilityBoundingSet=~CAP_SYS_BOOT CAP_SYS_TIME CAP_SYS_MODULE CAP_SYS_PACCT +CapabilityBoundingSet=~CAP_LEASE CAP_LINUX_IMMUTABLE CAP_IPC_LOCK +CapabilityBoundingSet=~CAP_BLOCK_SUSPEND CAP_WAKE_ALARM +CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG +CapabilityBoundingSet=~CAP_MAC_ADMIN CAP_MAC_OVERRIDE +CapabilityBoundingSet=~CAP_NET_ADMIN CAP_NET_BROADCAST CAP_NET_RAW +CapabilityBoundingSet=~CAP_SYS_ADMIN CAP_SYS_PTRACE CAP_SYSLOG [Install] WantedBy=multi-user.target diff --git a/doc/DESCRIPTION.md b/doc/DESCRIPTION.md new file mode 100644 index 0000000..c85e154 --- /dev/null +++ b/doc/DESCRIPTION.md @@ -0,0 +1 @@ +Gitea is a fork of Gogs a self-hosted Git service written in Go. Alternative to GitHub. diff --git a/doc/DISCLAIMER.md b/doc/DISCLAIMER.md new file mode 100644 index 0000000..018329f --- /dev/null +++ b/doc/DISCLAIMER.md @@ -0,0 +1,77 @@ +## Additional informations + +### Notes on SSH usage + +If you want to use Gitea with SSH and be able to pull/push with your SSH key, your SSH daemon must be properly configured to use private/public keys. Here is a sample configuration `/etc/ssh/sshd_config` that works with Gitea: + +```bash +PubkeyAuthentication yes +AuthorizedKeysFile /home/yunohost.app/%u/.ssh/authorized_keys +ChallengeResponseAuthentication no +PasswordAuthentication no +UsePAM no +``` + +You must also add your public key to your Gitea profile. + +When using SSH on any port other than 22, you need to add these lines to your SSH configuration `~/.ssh/config`: + +```bash +Host domain.tld + port 2222 # change this with the port you use +``` + +### Upgrade + +By default, a backup is performed before upgrading. To avoid this, you have the following options: +- Pass the `NO_BACKUP_UPGRADE` env variable with `1` at each upgrade. For example `NO_BACKUP_UPGRADE=1 yunohost app upgrade gitea`. +- Set `disable_backup_before_upgrade` to `1`. You can set it with this command: + +`yunohost app setting gitea disable_backup_before_upgrade -v 1` + +After that, the settings will be applied for **all** the next updates. + +From command line: + +`yunohost app upgrade gitea` + +### Backup + +This application now uses the core-only feature of the backup. To keep the integrity of the data and to have a better guarantee of the restoration it is recommended to proceed as follows: + +- Stop Gitea service with this command: + +`systemctl stop gitea.service` + +- Launch Gitea backup with this command: + +`yunohost backup create --app gitea` + +- Backup your data with your specific strategy (could be with rsync, borg backup or just cp). The data is generally stored in `/home/yunohost.app/gitea`. +- Restart Gitea service with theses command: + +`systemctl start gitea.service` + +### Remove + +Due of the backup core only feature the data directory in `/home/yunohost.app/gitea` **is not removed**. It must be manually deleted to purge user data from the app. + +### LFS setup +To use a repository with an `LFS` setup, you need to activate it on `/opt/gitea/custom/conf/app.ini` + +```ini +[server] +LFS_START_SERVER = true +LFS_HTTP_AUTH_EXPIRY = 20m +``` +By default, NGINX is configured with a maximum value for uploading files at 200 MB. It's possible to change this value on `/etc/nginx/conf.d/my.domain.tld.d/gitea.conf`. +``` +client_max_body_size 200M; +``` +Don't forget to restart Gitea `sudo systemctl restart gitea.service`. + +> These settings are restored to the default configuration when updating Gitea. Remember to restore your configuration after all updates. + +### Git command access with HTTPS + +If you want to use the Git command (like `git clone`, `git pull`, `git push`), you need to set this app as **public**. diff --git a/doc/screenshots/screenshot.png b/doc/screenshots/screenshot.png new file mode 100644 index 0000000..4e0350b Binary files /dev/null and b/doc/screenshots/screenshot.png differ diff --git a/manifest.json b/manifest.json index 7f9c989..7dcf0ff 100644 --- a/manifest.json +++ b/manifest.json @@ -6,9 +6,15 @@ "en": "Lightweight Git forge", "fr": "Forge Git légère" }, + "upstream": { + "license": "MIT", + "website": "https://gitea.io/", + "admindoc": "https://docs.gitea.io/", + "code": "https://github.com/go-gitea/gitea" + }, "url": "http://gitea.io", "license": "MIT", - "version": "1.14.5~ynh1", + "version": "1.17.1~ynh1", "maintainer": { "name": "Josué Tille", "email": "josue@tille.ch" @@ -29,41 +35,22 @@ "install" : [ { "name": "domain", - "type": "domain", - "ask": { - "en": "Choose a domain for Gitea", - "fr": "Choisissez un domaine pour Gitea" - }, - "example": "domain.org" + "type": "domain" }, { "name": "path", "type": "path", - "ask": { - "en": "Choose a path for Gitea", - "fr": "Choisissez un chemin pour Gitea" - }, - "example": "/gitea", "default": "/gitea" }, { "name": "admin", - "type": "user", - "ask": { - "en": "Choose the Gitea administrator (must be an existing YunoHost user)", - "fr": "Choisissez l'administrateur de Gitea (doit être un utilisateur YunoHost existant)" - }, - "example": "johndoe" + "type": "user" }, { "name": "is_public", "type": "boolean", - "ask": { - "en": "Is it a public site?", - "fr": "Est-ce un site public ?" - }, "help": { - "en": "A public server means that everybody is able to access to the pain page of the forge, on the public profile of the user and on the public repository. But you still can limit the access to each repository if you set it as private. Note that to be able to use the remote Git command (clone, pull, push) with HTTP and to use the API by (by example with a smartphone), you need to set this application as public.", + "en": "A public server means that everybody is able to access to the main page of the forge, on the public profile of the user and on the public repository. But you still can limit the access to each repository if you set it as private. Note that to be able to use the remote Git command (clone, pull, push) with HTTP and to use the API by (by example with a smartphone), you need to set this application as public.", "fr": "Un serveur public signifie que tout le monde peut accéder à la page principale de la forge, au profil public des utilisateurs et aux dépôts publics. Vous pouvez également définir les dépôts comme étant privés. Notez que pour pouvoir utiliser les commandes Git distantes (clone, pull, push) avec HTTP et pour pouvoir utiliser l'API (par exemple avec un smartphone), vous devez paramétrer cette application comme étant publique." }, "default": true diff --git a/scripts/_common.sh b/scripts/_common.sh index a613b7b..26483bc 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,12 +4,12 @@ app=$YNH_APP_INSTANCE_NAME dbname=$app -dbuser=$app +db_user=$app final_path="/opt/$app" -DATADIR="/home/$app" -REPO_PATH="$DATADIR/repositories" -DATA_PATH="$DATADIR/data" -SSH_PATH="$DATADIR/.ssh" +datadir="/home/yunohost.app/$app" +repos_path="$datadir/repositories" +data_path="$datadir/data" +ssh_path="$datadir/.ssh" # Detect the system architecture to download the right tarball # NOTE: `uname -m` is more accurate and universal than `arch` @@ -36,10 +36,10 @@ fi create_dir() { mkdir -p "$final_path/data" mkdir -p "$final_path/custom/conf" - mkdir -p "$SSH_PATH" - mkdir -p "$REPO_PATH" - mkdir -p "$DATA_PATH/avatars" - mkdir -p "$DATA_PATH/attachments" + mkdir -p "$ssh_path" + mkdir -p "$repos_path" + mkdir -p "$data_path/avatars" + mkdir -p "$data_path/attachments" mkdir -p "/var/log/$app" } @@ -53,46 +53,17 @@ config_nginx() { config_gitea() { ssh_port=$(grep -P "Port\s+\d+" /etc/ssh/sshd_config | grep -P -o "\d+") - ynh_backup_if_checksum_is_different --file "$final_path/custom/conf/app.ini" - - cp ../conf/app.ini "$final_path/custom/conf" - usermod -s /bin/bash $app - - if [ "$path_url" = "/" ] - then - ynh_replace_string --match_string __URL__ --replace_string "$domain" --target_file "$final_path/custom/conf/app.ini" - else - ynh_replace_string --match_string __URL__ --replace_string "$domain${path_url%/}" --target_file "$final_path/custom/conf/app.ini" - fi - - ynh_replace_string --match_string __REPOS_PATH__ --replace_string "$REPO_PATH" --target_file "$final_path/custom/conf/app.ini" - ynh_replace_string --match_string __DB_PASSWORD__ --replace_string "$dbpass" --target_file "$final_path/custom/conf/app.ini" - ynh_replace_string --match_string __DB_USER__ --replace_string "$dbuser" --target_file "$final_path/custom/conf/app.ini" - ynh_replace_string --match_string __DOMAIN__ --replace_string "$domain" --target_file "$final_path/custom/conf/app.ini" - ynh_replace_string --match_string __KEY__ --replace_string "$key" --target_file "$final_path/custom/conf/app.ini" - ynh_replace_string --match_string __DATA_PATH__ --replace_string "$DATA_PATH" --target_file "$final_path/custom/conf/app.ini" - ynh_replace_string --match_string __PORT__ --replace_string $port --target_file "$final_path/custom/conf/app.ini" - ynh_replace_string --match_string __APP__ --replace_string $app --target_file "$final_path/custom/conf/app.ini" - ynh_replace_string --match_string __SSH_PORT__ --replace_string $ssh_port --target_file "$final_path/custom/conf/app.ini" - - ynh_store_file_checksum --file "$final_path/custom/conf/app.ini" + ynh_add_config --template="app.ini" --destination="$final_path/custom/conf/app.ini" } set_permission() { chown -R $app:$app "$final_path" - chown -R $app:$app "/home/$app" + chown -R $app:$app "$datadir" chown -R $app:$app "/var/log/$app" chmod u=rwX,g=rX,o= "$final_path" chmod u=rwx,g=rx,o= "$final_path/gitea" chmod u=rwx,g=rx,o= "$final_path/custom/conf/app.ini" - chmod u=rwX,g=rX,o= "/home/$app" + chmod u=rwX,g=rX,o= "$datadir" chmod u=rwX,g=rX,o= "/var/log/$app" } - -set_access_settings() { - if [ "$is_public" == '1' ]; - then - ynh_permission_update --permission "main" --add "visitors" - fi -} diff --git a/scripts/backup b/scripts/backup index e78d87f..a311d22 100644 --- a/scripts/backup +++ b/scripts/backup @@ -32,7 +32,7 @@ ynh_backup --src_path "$final_path" # Copy the data files ynh_print_info --message="Backing up user data..." -ynh_backup --src_path "$DATADIR" --is_big=1 +ynh_backup --src_path "$datadir" --is_big=1 ynh_print_info --message="Backing up configuration..." diff --git a/scripts/change_url b/scripts/change_url index e5efd6e..46a03f3 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -22,9 +22,10 @@ domain=$YNH_APP_NEW_DOMAIN path_url=$(ynh_normalize_url_path --path_url ${YNH_APP_NEW_PATH:-'/'}) app=$YNH_APP_INSTANCE_NAME -dbpass=$(ynh_app_setting_get --app $app --key mysqlpwd) +db_password=$(ynh_app_setting_get --app $app --key mysqlpwd) admin=$(ynh_app_setting_get --app $app --key adminusername) key=$(ynh_app_setting_get --app $app --key secret_key) +lfs_key=$(ynh_app_setting_get --app $app --key lfs_key) port=$(ynh_app_setting_get --app $app --key web_port) upstream_version=$(ynh_app_setting_get $app upstream_version) @@ -55,7 +56,7 @@ config_gitea # RELOAD services ynh_script_progression --message="Starting services..." -ynh_systemd_action -l "Starting new server: tcp:127.0.0.1:" -p "/var/log/$app/gitea.log" -t 10 -a restart +ynh_systemd_action -l "Starting new Web server: tcp:127.0.0.1:" -p "/var/log/$app/gitea.log" -t 10 -a restart sleep 1 # Store the checksum with the 'INTERNAL_TOKEN' value. diff --git a/scripts/install b/scripts/install index 2fc9231..bc590ae 100644 --- a/scripts/install +++ b/scripts/install @@ -33,26 +33,27 @@ ynh_user_exists "$admin" \ # Check Final Path availability test ! -e "$final_path" || ynh_die --message "This path already contains a folder" -if [ -e "$DATADIR" ]; then - old_data_dir_path="$DATADIR$(date '+%Y%m%d.%H%M%S')" +if [ -e "$datadir" ]; then + old_data_dir_path="$datadir$(date '+%Y%m%d.%H%M%S')" ynh_print_warn "A data directory already exist. Data was renamed to $old_data_dir_path" - mv "$DATADIR" "$old_data_dir_path" + mv "$datadir" "$old_data_dir_path" fi # Generate random password and key ynh_script_progression --message="Defining db password and key..." -dbpass=$(ynh_string_random) +db_password=$(ynh_string_random) key=$(ynh_string_random) +lfs_key=$(ynh_string_random) # Find available ports port=$(ynh_find_port --port 6000) # Store Settings ynh_script_progression --message="Storing installation settings..." -ynh_app_setting_set --app $app --key mysqlpwd --value $dbpass +ynh_app_setting_set --app $app --key mysqlpwd --value $db_password ynh_app_setting_set --app $app --key adminusername --value $admin -ynh_app_setting_set --app $app --key is_public --value $is_public ynh_app_setting_set --app $app --key secret_key --value $key +ynh_app_setting_set --app $app --key lfs_key --value $lfs_key ynh_app_setting_set --app $app --key web_port --value $port #================================================= @@ -61,11 +62,13 @@ ynh_app_setting_set --app $app --key web_port --value $port # Initialize database and store mysql password for upgrade ynh_script_progression --message="Configuring MySQL database..." -ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass" +ynh_mysql_create_db "$dbname" "$db_user" "$db_password" # Add users ynh_script_progression --message="Configuring system user..." -ynh_system_user_create --username=$app --home_dir=/home/$app --use_shell +ynh_system_user_create --username=$app --home_dir=$datadir --use_shell +# Add ssh permission for gitea user +adduser $app ssh.app # create needed directories create_dir @@ -97,14 +100,14 @@ ynh_script_progression --message="Configuring application, step 2/2..." systemctl start "$app".service # Wait untill login_source mysql table is created -while ! $(ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" <<< "SELECT * FROM login_source;" &>/dev/null) +while ! $(ynh_mysql_connect_as "$db_user" "$db_password" "$dbname" <<< "SELECT * FROM login_source;" &>/dev/null) do sleep 2 done # Add ldap config ynh_replace_string --match_string "__APP__" --replace_string "$app" --target_file ../conf/login_source.sql -ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql +ynh_mysql_connect_as "$db_user" "$db_password" "$dbname" < ../conf/login_source.sql # SETUP FAIL2BAN ynh_script_progression --message="Configuring fail2ban..." @@ -115,16 +118,19 @@ ynh_add_fail2ban_config --logpath "/var/log/$app/gitea.log" --failregex ".*Faile #================================================= # Unprotect root from SSO if public -ynh_script_progression --message="Protecting directory" -set_access_settings +ynh_script_progression --message="Configuring permissions..." +if [ "$is_public" == '1' ]; +then + ynh_permission_update --permission "main" --add "visitors" +fi # Create permission ynh_script_progression --message="Configuring permissions" ynh_permission_create --permission="admin" --allowed=$admin # Add gitea to YunoHost's monitored services -ynh_script_progression --message="Register gitea service..." -yunohost service add "$app" --log "/var/log/$app/gitea.log" +ynh_script_progression --message="Register Gitea service..." +yunohost service add "$app" --log="/var/log/$app/gitea.log" # Configure logrotate ynh_script_progression --message="Configuring log rotation..." @@ -135,8 +141,8 @@ ynh_app_setting_set --app $app --key upstream_version --value $(ynh_app_upstream # Reload services ynh_script_progression --message="Starting gitea services..." --weight=3 -ynh_systemd_action -l "Starting new server: tcp:127.0.0.1:" -p "/var/log/$app/gitea.log" -t 10 -sleep 1 + +ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/gitea.log" --line_match="Starting new Web server: tcp:127.0.0.1:" # Store the checksum with the 'INTERNAL_TOKEN' value. # Should be removed when the issue https://github.com/go-gitea/gitea/issues/3246 is fixed diff --git a/scripts/remove b/scripts/remove index 36ce240..ebfab83 100644 --- a/scripts/remove +++ b/scripts/remove @@ -27,7 +27,7 @@ systemctl stop "$app".service # Drop MySQL database and user ynh_script_progression --message="Removing databases..." ynh_mysql_drop_db "$dbname" 2>/dev/null -ynh_mysql_drop_user "$dbuser" 2>/dev/null +ynh_mysql_drop_user "$db_user" 2>/dev/null # Delete app directory and configurations ynh_script_progression --message="Removing code..." @@ -58,7 +58,7 @@ yunohost service remove "$app" ynh_script_progression --message="Removing fail2ban configuration..." ynh_remove_fail2ban_config -ynh_print_info --message="Due of the backup core only feature the data directory in '$DATADIR' was not removed. It need to be removed manually to purge app user data." +ynh_print_info --message="Due of the backup core only feature the data directory in '$datadir' was not removed. It need to be removed manually to purge app user data." ynh_script_progression --message="Removal of $app completed" --last sleep 1 diff --git a/scripts/restore b/scripts/restore index 788a539..a7ae980 100644 --- a/scripts/restore +++ b/scripts/restore @@ -19,14 +19,11 @@ ynh_script_progression --message="Loading settings..." # Retrieve old app settings domain=$(ynh_app_setting_get --app $app --key domain) path_url=$(ynh_app_setting_get --app $app --key path) -dbpass=$(ynh_app_setting_get --app $app --key mysqlpwd) +db_password=$(ynh_app_setting_get --app $app --key mysqlpwd) admin=$(ynh_app_setting_get --app $app --key adminusername) port=$(ynh_app_setting_get --app $app --key web_port) upstream_version=$(ynh_app_setting_get $app upstream_version) -# Check domain/path availability with app helper -ynh_webpath_available --domain $domain --path_url $path_url || ynh_die --message "$domain is not available as domain, please use an other domain." - # Check user parameter ynh_user_exists "$admin" \ || ynh_die --message "The chosen admin user does not exist." @@ -40,7 +37,7 @@ test ! -e "$final_path" || ynh_die --message "This path already contains a folde # Add users ynh_script_progression --message="Configuring system user..." -ynh_system_user_create --username=$app --home_dir=/home/$app --use_shell +ynh_system_user_create --username=$app --home_dir=$datadir --use_shell # Restore all files ynh_script_progression --message="Restoring files..." --weight=10 @@ -48,8 +45,8 @@ ynh_restore # Create and restore the database ynh_script_progression --message="Restoring database..." --weight=3 -ynh_mysql_create_db "$dbname" "$dbuser" "$dbpass" -ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ./db.sql +ynh_mysql_create_db "$dbname" "$db_user" "$db_password" +ynh_mysql_connect_as "$db_user" "$db_password" "$dbname" < ./db.sql # Restore systemd files systemctl daemon-reload @@ -72,13 +69,13 @@ ynh_script_progression --message="Configuring log rotation..." ynh_use_logrotate --logfile "/var/log/$app" # Add gitea to YunoHost's monitored services -ynh_script_progression --message="Register gitea service..." -yunohost service add "$app" --log /var/log/"$app"/gitea.log +ynh_script_progression --message="Register Gitea service..." +yunohost service add "$app" --log=/var/log/$app/gitea.log # Reload services ynh_script_progression --message="Reloading services..." systemctl reload nginx.service -ynh_systemd_action -l "Starting new server: tcp:127.0.0.1:" -p "/var/log/$app/gitea.log" -t 10 +ynh_systemd_action -l "Starting new Web server: tcp:127.0.0.1:" -p "/var/log/$app/gitea.log" -t 10 sleep 1 ynh_script_progression --message="Restoration completed for $app" --last diff --git a/scripts/upgrade b/scripts/upgrade index 2b75536..476ef6a 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -11,29 +11,33 @@ source ./_common.sh # IMPORT GENERIC HELPERS source /usr/share/yunohost/helpers -# Exit if an error occurs during the execution of the script -ynh_abort_if_errors - -# Retrieve app settings +#================================================= +# LOAD SETTINGS +#================================================= ynh_script_progression --message="Loading installation settings..." -domain=$(ynh_app_setting_get --app $app --key domain) + +domain=$(ynh_app_setting_get --app=$app --key=domain) path_url=$(ynh_normalize_url_path --path_url $(ynh_app_setting_get --app $app --key path)) -dbpass=$(ynh_app_setting_get --app $app --key mysqlpwd) -admin=$(ynh_app_setting_get --app $app --key adminusername) -key=$(ynh_app_setting_get --app $app --key secret_key) -is_public=$(ynh_app_setting_get --app $app --key is_public) -port=$(ynh_app_setting_get --app $app --key web_port) -upstream_version=$(ynh_app_setting_get --app $app --key upstream_version) +db_password=$(ynh_app_setting_get --app=$app --key=mysqlpwd) +admin=$(ynh_app_setting_get --app=$app --key=adminusername) +key=$(ynh_app_setting_get --app=$app --key=secret_key) +lfs_key=$(ynh_app_setting_get --app=$app --key=lfs_key) +port=$(ynh_app_setting_get --app=$app --key=web_port) +upstream_version=$(ynh_app_setting_get --app=$app --key=upstream_version) + +#================================================= +# STOP SYSTEMD SERVICE +#================================================= +ynh_script_progression --message="Stopping a systemd service..." --weight=1 + +# We stop the service before to set ynh_clean_setup +ynh_systemd_action --service_name=$app --action="stop" #================================================= # BACKUP BEFORE UPGRADE THEN ACTIVE TRAP #================================================= -ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." --weight=10 +ynh_script_progression --message="Backing up the app before upgrading (may take a while)..." -# We stop the service before to set ynh_clean_setup -ynh_systemd_action --service_name=$app.service --action=stop - -# Backup the current version of the app if [ "0$(ynh_app_setting_get --app=$app --key=disable_backup_before_upgrade)" -ne 1 ] then ynh_backup_before_upgrade @@ -44,28 +48,42 @@ then } fi +# Exit if an error occurs during the execution of the script +ynh_abort_if_errors + +#================================================= +# ENSURE DOWNWARD COMPATIBILITY +#================================================= +ynh_script_progression --message="Ensuring downward compatibility..." --weight=1 + +# If lfs_key doesn't exist, create it +if [ -z "$lfs_key" ]; then + lfs_key=$(ynh_string_random) + ynh_app_setting_set --app=$app --key=lfs_key --value=$lfs_key +fi + #================================================= # MIGRATION FROM GOGS #================================================= [[ $YNH_APP_ID == "gogs" ]] \ && [[ "$(cat "/opt/$app/templates/.VERSION")" != 0.11.79.1211 ]] \ - && ynh_die --message "It look like that you have an old gogs install. You need first upgrade gogs instance (id : $gogs_migrate_id) and after migrate to gitea." + && ynh_die --message "It look like that you have an old Gogs install. You need first upgrade Gogs instance (id: $gogs_migrate_id) and after migrate to Gitea." ynh_handle_app_migration --migration_id=gogs --migration_list=gogs_migrations if [[ $migration_process -eq 1 ]]; then # Reload variables dbname=$app - dbuser=$app + db_user=$app final_path="/opt/$app" - DATADIR="/home/$app" - REPO_PATH="$DATADIR/repositories" - DATA_PATH="$DATADIR/data" + datadir="/home/""$app" + repos_path="$datadir/repositories" + data_path="$datadir/data" # Replace the user ynh_system_user_delete $old_app test getent passwd "$app" &>/dev/null || \ - useradd -d "$DATADIR" --system --user-group "$app" --shell /bin/bash || \ + useradd -d "$datadir" --system --user-group "$app" --shell /bin/bash || \ ynh_die --message "Unable to create $app system account" # Clean old binary @@ -74,14 +92,14 @@ if [[ $migration_process -eq 1 ]]; then # Restore authentication from SQL database ynh_replace_string --match_string __APP__ --replace_string "$app" --target_file ../conf/login_source.sql - ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql + ynh_mysql_connect_as "$db_user" "$db_password" "$dbname" < ../conf/login_source.sql # Fix hooks - if [[ -e $REPO_PATH ]];then - ls $REPO_PATH/*/*.git/hooks/pre-receive | while read p; do + if [[ -e $repos_path ]];then + ls $repos_path/*/*.git/hooks/pre-receive | while read p; do ynh_secure_remove --file=$p done - ls $REPO_PATH/*/*.git/hooks/post-receive | while read p; do + ls $repos_path/*/*.git/hooks/post-receive | while read p; do ynh_secure_remove --file=$p done fi @@ -89,10 +107,14 @@ if [[ $migration_process -eq 1 ]]; then upstream_version="0.0.1" fi +# Move data directory +if [ -e "/home/""$app" ] && [ ! -e $datadir ]; then + mv "/home/""$app" "$datadir" +fi + #================================================= # STANDARD UPGRADE STEPS #================================================= - ynh_script_progression --message="Configuring application..." # Clean template to fix issue : https://github.com/gogits/gogs/issues/4585 @@ -105,14 +127,13 @@ config_gitea ynh_script_progression --message="Updating systemd units..." ynh_add_systemd_config -# Modify Nginx configuration file and copy it to Nginx conf directory -ynh_script_progression --message="Configuring nginx..." --weight=1 +# Modify Nginx configuration file and copy it to NGINX conf directory +ynh_script_progression --message="Configuring NGINX..." --weight=1 config_nginx #================================================= # DB migration #================================================= - ynh_script_progression --message="Upgrading database and sources..." --weight=6 # Before the version 1.7 the upstream version was not stored @@ -129,7 +150,7 @@ fi restart_gitea() { # Set permissions set_permission - ynh_systemd_action -l "Starting new server: tcp:127.0.0.1:" -p "/var/log/$app/gitea.log" -t 30 + ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/gitea.log" --line_match="Starting new Web server: tcp:127.0.0.1:" # Leave the time to update the database schema sleep 5 systemctl stop $app @@ -195,14 +216,31 @@ case $upstream_version in ynh_setup_source $final_path source/${architecture}_1.13 restart_gitea ;& +"1.13."* ) + ynh_setup_source $final_path source/${architecture}_1.14 + restart_gitea +;& +"1.14."* ) + ynh_setup_source $final_path source/${architecture}_1.15 + restart_gitea +;& +"1.15."* ) + ynh_setup_source $final_path source/${architecture}_1.16 + restart_gitea +;& +"1.16."* ) + ynh_setup_source $final_path source/${architecture}_1.16 + restart_gitea +;& esac # Install gitea source ynh_setup_source $final_path source/$architecture +restart_gitea # SETUP FAIL2BAN -ynh_script_progression --message="Configuring fail2ban..." -ynh_add_fail2ban_config --logpath "/var/log/$app/gitea.log" --failregex ".*Failed authentication attempt for .* from " --max_retry 5 +ynh_script_progression --message="Configuring Fail2Ban..." +ynh_add_fail2ban_config --logpath="/var/log/$app/gitea.log" --failregex=".*Failed authentication attempt for .* from " --max_retry 5 #================================================= # GENERIC FINALIZATION @@ -212,46 +250,42 @@ ynh_add_fail2ban_config --logpath "/var/log/$app/gitea.log" --failregex ".*Faile ynh_script_progression --message="Update permission..." if ! ynh_permission_exists --permission admin; then ynh_app_setting_delete --app $app --key unprotected_uris - ynh_permission_create --permission 'admin' --allowed "$admin" + ynh_permission_create --permission="admin" --allowed="$admin" # Update ldap config - ynh_replace_string --match_string "__APP__" --replace_string "$app" --target_file ../conf/login_source.sql - ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql -fi -if [ "$is_public" == '1' ]; -then - ynh_permission_update --permission "main" --add "visitors" + ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="../conf/login_source.sql" + ynh_mysql_connect_as "$db_user" "$db_password" "$dbname" < ../conf/login_source.sql fi # Add gitea to YunoHost's monitored services -ynh_script_progression --message="Register gitea service..." -yunohost service add "$app" --log "/var/log/$app/gitea.log" +ynh_script_progression --message="Register Gitea service..." +yunohost service add "$app" --log="/var/log/$app/gitea.log" + +# Add ssh permission for gitea user +adduser $app ssh.app # Set permissions ynh_script_progression --message="Protecting directory" set_permission # Save Version -ynh_app_setting_set --app $app --key upstream_version --value $(ynh_app_upstream_version) - -# Unprotect root from SSO if public -ynh_script_progression --message="Configuring permissions..." -set_access_settings +ynh_app_setting_set --app=$app --key=upstream_version --value=$(ynh_app_upstream_version) # Reload services -ynh_script_progression --message="Starting gitea services..." --weight=3 -ynh_systemd_action -l "Starting new server: tcp:127.0.0.1:" -p "/var/log/$app/gitea.log" -t 10 -sleep 1 +ynh_script_progression --message="Starting Gitea services..." --weight=3 +#ynh_systemd_action -l "Starting new Web server: tcp:127.0.0.1:" -p "/var/log/$app/gitea.log" -t 10 +#sleep 1 +ynh_systemd_action --service_name=$app --action="start" --log_path="/var/log/$app/gitea.log" --line_match="Starting new Web server: tcp:127.0.0.1:" # Store the checksum with the 'INTERNAL_TOKEN' value. # Should be removed when the issue https://github.com/go-gitea/gitea/issues/3246 is fixed -ynh_store_file_checksum --file "$final_path/custom/conf/app.ini" +ynh_store_file_checksum --file="$final_path/custom/conf/app.ini" #================================================= # FINISH MIGRATION PROCESS #================================================= if [[ $migration_process -eq 1 ]]; then - echo "gogs has been successfully migrated to Gitea! \ + echo "Gogs has been successfully migrated to Gitea! \ A last scheduled operation will run in a couple of minutes to finish the \ migration in YunoHost side. Do not proceed any application operation while \ you don't see Gogs as installed." >&2