Merge branch 'testing'

conf/app.ini

@@ -2,6 +2,7 @@
 APP_NAME = Gitea
 RUN_USER = __APP__
 RUN_MODE = prod
+
 [database]
 DB_TYPE = mysql
 HOST = 127.0.0.1:3306
@@ -10,9 +11,12 @@ USER = __DB_USER__
 PASSWD = __DB_PASSWORD__
 SSL_MODE = disable
 PATH     = data/gitea.db
+LOG_SQL  = false
+
 [repository]
 ROOT = __REPOS_PATH__
 FORCE_PRIVATE = false
+
 [server]
 DOMAIN       = __DOMAIN__
 HTTP_PORT    = __PORT__
@@ -22,11 +26,13 @@ SSH_PORT     = __SSH_PORT__
 OFFLINE_MODE = false
 APP_DATA_PATH = __DATA_PATH__
 LANDING_PAGE = explore
+
 [mailer]
 ENABLED = true
 HOST = 127.0.0.1:25
 FROM = "Gitea" <gitea-noreply@__DOMAIN__>
 SKIP_VERIFY = true
+
 [service]
 REGISTER_EMAIL_CONFIRM = false
 ENABLE_NOTIFY_MAIL     = true
@@ -35,16 +41,33 @@ ENABLE_CAPTCHA         = false
 REQUIRE_SIGNIN_VIEW    = false
 ENABLE_REVERSE_PROXY_AUTHENTICATION = false
 ENABLE_REVERSE_PROXY_AUTO_REGISTERATION = false
+
 [picture]
 AVATAR_UPLOAD_PATH = __DATA_PATH__/avatars
+
 [attachment]
 PATH = __DATA_PATH__/attachments
+
 [session]
 PROVIDER = memory
+
 [log]
 MODE      = file
-LEVEL     = Warn
+LEVEL     = Info
 ROOT_PATH = /var/log/__APP__
+
+REDIRECT_MACARON_LOG= true
+MACARON             = file
+
+ROUTER_LOG_LEVEL    = Warn
+ROUTER              = file
+
+ENABLE_ACCESS_LOG   = Warn
+ACCESS              = file
+
+ENABLE_XORM_LOG     = Warn
+XORM                = file
+
 [security]
 INSTALL_LOCK = true
 SECRET_KEY   = __KEY__

conf/nginx.conf

@@ -5,6 +5,7 @@ location __PATH__/ {
     proxy_buffering off;
     fastcgi_param REMOTE_USER   $remote_user;
     client_max_body_size        200M;
+    proxy_set_header X-Real-IP $remote_addr;
 
     # Force https
     if ($scheme = http) {

conf/source/arm.src

@@ -1,5 +1,5 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.8.2/gitea-1.8.2-linux-arm-6
-SOURCE_SUM=38ab6c0ac42e87370238c2482432420ff509b5a03d964712a984d4d603bb4c97
+SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.9.0/gitea-1.9.0-linux-arm-6
+SOURCE_SUM=f2dff72ee94dd1c1bd2c067470469470ea079c47c07e862995cb85dc877ca389
 SOURCE_SUM_PRG=sha256sum
 SOURCE_FILENAME=gitea
 SOURCE_EXTRACT=false

conf/source/arm_1.8.src

@@ -0,0 +1,5 @@
+SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.8.3/gitea-1.8.3-linux-arm-6
+SOURCE_SUM=920b74ec10be323e5dc684fe3b5c3b157bf6f1d6cca0ee1c4f9693f766d1574d
+SOURCE_SUM_PRG=sha256sum
+SOURCE_FILENAME=gitea
+SOURCE_EXTRACT=false

conf/source/armv7.src

@@ -1,8 +1,8 @@
 # The armv7 build is brocken
 # See : https://github.com/go-gitea/gitea/issues/6700
 # Use temporary the armv6 binary
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.8.2/gitea-1.8.2-linux-arm-6
-SOURCE_SUM=38ab6c0ac42e87370238c2482432420ff509b5a03d964712a984d4d603bb4c97
+SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.9.0/gitea-1.9.0-linux-arm-6
+SOURCE_SUM=f2dff72ee94dd1c1bd2c067470469470ea079c47c07e862995cb85dc877ca389
 SOURCE_SUM_PRG=sha256sum
 SOURCE_FILENAME=gitea
 SOURCE_EXTRACT=false

conf/source/armv7_1.8.src

@@ -0,0 +1,8 @@
+# The armv7 build is brocken
+# See : https://github.com/go-gitea/gitea/issues/6700
+# Use temporary the armv6 binary
+SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.8.3/gitea-1.8.3-linux-arm-6
+SOURCE_SUM=920b74ec10be323e5dc684fe3b5c3b157bf6f1d6cca0ee1c4f9693f766d1574d
+SOURCE_SUM_PRG=sha256sum
+SOURCE_FILENAME=gitea
+SOURCE_EXTRACT=false

conf/source/i386.src

@@ -1,5 +1,5 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.8.2/gitea-1.8.2-linux-386
-SOURCE_SUM=762ab39855958f61165a1332a34d2a227f527acdc3bf60aa91c5a3e4e4e906ce
+SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.9.0/gitea-1.9.0-linux-386
+SOURCE_SUM=861125e85b95a90bb84279641ad60ee3c9570dd8b0d134d8419812ba7571af71
 SOURCE_SUM_PRG=sha256sum
 SOURCE_FILENAME=gitea
 SOURCE_EXTRACT=false

conf/source/i386_1.8.src

@@ -0,0 +1,5 @@
+SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.8.3/gitea-1.8.3-linux-386
+SOURCE_SUM=e58f4a88b01a4880f97ae32a92e869d978a434a9a876c6a3f4e4a5721e8c4bd6
+SOURCE_SUM_PRG=sha256sum
+SOURCE_FILENAME=gitea
+SOURCE_EXTRACT=false

conf/source/x86-64.src

@@ -1,5 +1,5 @@
-SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.8.2/gitea-1.8.2-linux-amd64
-SOURCE_SUM=a843f2fe526b62ad1e698b80f6193d8c42a3920b35542de014af44d1eb998141
+SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.9.0/gitea-1.9.0-linux-amd64
+SOURCE_SUM=8a2e02cee40086effd99058054af8fb1eee9344fad865e0c7292107833da78cc
 SOURCE_SUM_PRG=sha256sum
 SOURCE_FILENAME=gitea
 SOURCE_EXTRACT=false

conf/source/x86-64_1.8.src

@@ -0,0 +1,5 @@
+SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.8.3/gitea-1.8.3-linux-amd64
+SOURCE_SUM=7bb28b21cce4bdf0a24e6f6b21c064afa56d84904052dd55afdf59c419d49988
+SOURCE_SUM_PRG=sha256sum
+SOURCE_FILENAME=gitea
+SOURCE_EXTRACT=false

manifest.json

@@ -9,7 +9,7 @@
     },
     "url": "http://gitea.io",
     "license": "MIT",
-    "version": "1.8.0~ynh1",
+    "version": "1.9.0~ynh1",
     "maintainer": {
         "name": "rafi59",
         "email": "rafi59_dev@srvmaison.fr.nf"
@@ -20,7 +20,7 @@
         "mysql"
     ],
     "requirements": {
-        "yunohost": ">= 3.5.2.2"
+        "yunohost": ">= 3.6.4"
     },
     "arguments": {
         "install" : [

scripts/change_url

@@ -26,6 +26,7 @@ dbpass=$(ynh_app_setting_get --app $app --key mysqlpwd)
 admin=$(ynh_app_setting_get --app $app --key adminusername)
 key=$(ynh_app_setting_get --app $app --key secret_key)
 port=$(ynh_app_setting_get --app $app --key web_port)
+upstream_version=$(ynh_app_setting_get $app upstream_version)
 
 #=================================================
 # STANDARD MODIFICATIONS
@@ -50,7 +51,7 @@ config_nginx
 config_gitea
 
 # RELOAD services
-ynh_systemd_action -l "Serving \[::\]:$port with pid" -p "systemd" -a restart
+ynh_systemd_action -l "Serving \[::\]:$port with pid" -p "/var/log/$app/gitea.log" -a restart -t 10
 sleep 1
 
 # Store the checksum with the 'INTERNAL_TOKEN' value.

scripts/experimental_helper.sh

@@ -332,3 +332,39 @@ ynh_handle_app_migration ()  {
     migration_process=1
   fi
 }
+
+# Verify the checksum and backup the file if it's different
+# This helper is primarily meant to allow to easily backup personalised/manually
+# modified config files.
+#
+# $app should be defined when calling this helper
+#
+# usage: ynh_backup_if_checksum_is_different --file=file
+# | arg: -f, --file - The file on which the checksum test will be perfomed.
+# | ret: the name of a backup file, or nothing
+#
+# Requires YunoHost version 2.6.4 or higher.
+ynh_backup_if_checksum_is_different () {
+    # Declare an array to define the options of this helper.
+    local legacy_args=f
+    declare -Ar args_array=( [f]=file= )
+    local file
+    # Manage arguments with getopts
+    ynh_handle_getopts_args "$@"
+
+    local checksum_setting_name=checksum_${file//[\/ ]/_}    # Replace all '/' and ' ' by '_'
+    local checksum_value=$(ynh_app_setting_get --app=$app --key=$checksum_setting_name)
+    # backup_file_checksum isn't declare as local, so it can be reuse by ynh_store_file_checksum
+    backup_file_checksum=""
+    if [ -n "$checksum_value" ]
+    then    # Proceed only if a value was stored into the app settings
+        if [ -e $file ] && ! echo "$checksum_value $file" | sudo md5sum -c --status
+        then    # If the checksum is now different
+            backup_file_checksum="/home/yunohost.conf/backup/$file.backup.$(date '+%Y%m%d.%H%M%S')"
+            sudo mkdir -p "$(dirname "$backup_file_checksum")"
+            sudo cp -a "$file" "$backup_file_checksum"    # Backup the current file
+            ynh_print_warn "File $file has been manually modified since the installation or last upgrade. So it has been duplicated in $backup_file_checksum"
+            echo "$backup_file_checksum"    # Return the name of the backup file
+        fi
+    fi
+}

scripts/install

@@ -19,6 +19,7 @@ domain=$YNH_APP_ARG_DOMAIN
 path_url=$(ynh_normalize_url_path $YNH_APP_ARG_PATH)
 admin=$YNH_APP_ARG_ADMIN
 is_public=$YNH_APP_ARG_IS_PUBLIC
+upstream_version=$(ynh_app_upstream_version)
 
 # Register (book) web path
 ynh_webpath_register --app $app --domain $domain --path_url $path_url
@@ -98,6 +99,9 @@ ynh_replace_string "__ADMIN__" "$admin" ../conf/login_source.sql
 ynh_replace_string "__APP__" "$app" ../conf/login_source.sql
 ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql
 
+# SETUP FAIL2BAN
+ynh_add_fail2ban_config --logpath "/var/log/$app/gitea.log" --failregex ".*Failed authentication attempt for .* from <HOST>" --max_retry 5
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
@@ -106,7 +110,7 @@ ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql
 set_access_settings
 
 # Add gitea to YunoHost's monitored services
-yunohost service add "$app" --log "/var/log/$app/$app.log"
+yunohost service add "$app" --log "/var/log/$app/gitea.log"
 
 # Configure logrotate
 ynh_use_logrotate "/var/log/$app"
@@ -115,7 +119,7 @@ ynh_use_logrotate "/var/log/$app"
 ynh_app_setting_set --app $app --key upstream_version --value $(ynh_app_upstream_version)
 
 # Reload services
-ynh_systemd_action -l "Serving \[::\]:$port with pid" -p "systemd"
+ynh_systemd_action -l "Serving \[::\]:$port with pid" -p "/var/log/$app/gitea.log" -t 10
 sleep 1
 
 # Store the checksum with the 'INTERNAL_TOKEN' value.

scripts/remove

@@ -45,4 +45,7 @@ ynh_remove_systemd_config
 # Remove monitor
 yunohost service remove "$app"
 
+# Remove fail2ban config
+ynh_remove_fail2ban_config
+
 true # Do not fail if remove after install error

scripts/restore

@@ -20,6 +20,7 @@ path_url=$(ynh_app_setting_get --app $app --key path)
 dbpass=$(ynh_app_setting_get --app $app --key mysqlpwd)
 admin=$(ynh_app_setting_get --app $app --key adminusername)
 port=$(ynh_app_setting_get --app $app --key web_port)
+upstream_version=$(ynh_app_setting_get $app upstream_version)
 
 # Check domain/path availability with app helper
 ynh_webpath_available $domain $path_url || ynh_die --message "$domain is not available as domain, please use an other domain."
@@ -54,6 +55,9 @@ ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ./db.sql
 systemctl daemon-reload
 systemctl enable "$app".service
 
+# SETUP FAIL2BAN
+ynh_add_fail2ban_config --logpath "/var/log/$app/gitea.log" --failregex ".*Failed authentication attempt for .* from <HOST>" --max_retry 5
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
@@ -65,9 +69,9 @@ set_permission
 ynh_use_logrotate "/var/log/$app"
 
 # Add gitea to YunoHost's monitored services
-yunohost service add "$app" --log /var/log/"$app"/"$app".log
+yunohost service add "$app" --log /var/log/"$app"/gitea.log
 
 # Reload services
 systemctl reload nginx.service
-ynh_systemd_action -l "Serving \[::\]:$port with pid" -p "systemd"
+ynh_systemd_action -l "Serving \[::\]:$port with pid" -p "/var/log/$app/gitea.log" -t 10
 sleep 1

scripts/upgrade

@@ -155,11 +155,18 @@ case $upstream_version in
     ynh_setup_source $final_path source/${architecture}_1.7
     restart_gitea
 ;&
+"1.7."* )
+    ynh_setup_source $final_path source/${architecture}_1.8
+    restart_gitea
+;&
 esac
 
-# Install gitea
+# Install gitea source
 ynh_setup_source $final_path source/$architecture
 
+# SETUP FAIL2BAN
+ynh_add_fail2ban_config --logpath "/var/log/$app/gitea.log" --failregex ".*Failed authentication attempt for .* from <HOST>" --max_retry 5
+
 #=================================================
 # GENERIC FINALIZATION
 #=================================================
@@ -174,7 +181,7 @@ ynh_app_setting_set --app $app --key upstream_version --value $(ynh_app_upstream
 set_access_settings
 
 # Reload services
-ynh_systemd_action -l "Serving \[::\]:$port with pid" -p "systemd"
+ynh_systemd_action -l "Serving \[::\]:$port with pid" -p "/var/log/$app/gitea.log" -t 10
 sleep 1
 
 # Store the checksum with the 'INTERNAL_TOKEN' value.