diff --git a/conf/app.ini b/conf/app.ini index 34d357c..9c557f0 100644 --- a/conf/app.ini +++ b/conf/app.ini @@ -2,6 +2,7 @@ APP_NAME = Gitea RUN_USER = __APP__ RUN_MODE = prod + [database] DB_TYPE = mysql HOST = 127.0.0.1:3306 @@ -10,9 +11,12 @@ USER = __DB_USER__ PASSWD = __DB_PASSWORD__ SSL_MODE = disable PATH = data/gitea.db +LOG_SQL = false + [repository] ROOT = __REPOS_PATH__ FORCE_PRIVATE = false + [server] DOMAIN = __DOMAIN__ HTTP_PORT = __PORT__ @@ -22,11 +26,13 @@ SSH_PORT = __SSH_PORT__ OFFLINE_MODE = false APP_DATA_PATH = __DATA_PATH__ LANDING_PAGE = explore + [mailer] ENABLED = true HOST = 127.0.0.1:25 FROM = "Gitea" SKIP_VERIFY = true + [service] REGISTER_EMAIL_CONFIRM = false ENABLE_NOTIFY_MAIL = true @@ -35,16 +41,33 @@ ENABLE_CAPTCHA = false REQUIRE_SIGNIN_VIEW = false ENABLE_REVERSE_PROXY_AUTHENTICATION = false ENABLE_REVERSE_PROXY_AUTO_REGISTERATION = false + [picture] AVATAR_UPLOAD_PATH = __DATA_PATH__/avatars + [attachment] PATH = __DATA_PATH__/attachments + [session] PROVIDER = memory + [log] MODE = file -LEVEL = Warn +LEVEL = Info ROOT_PATH = /var/log/__APP__ + +REDIRECT_MACARON_LOG= true +MACARON = file + +ROUTER_LOG_LEVEL = Warn +ROUTER = file + +ENABLE_ACCESS_LOG = Warn +ACCESS = file + +ENABLE_XORM_LOG = Warn +XORM = file + [security] INSTALL_LOCK = true SECRET_KEY = __KEY__ diff --git a/conf/nginx.conf b/conf/nginx.conf index aaa990e..536fa2e 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -5,6 +5,7 @@ location __PATH__/ { proxy_buffering off; fastcgi_param REMOTE_USER $remote_user; client_max_body_size 200M; + proxy_set_header X-Real-IP $remote_addr; # Force https if ($scheme = http) { diff --git a/conf/source/arm.src b/conf/source/arm.src index 9d17643..ec5d91f 100644 --- a/conf/source/arm.src +++ b/conf/source/arm.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.8.2/gitea-1.8.2-linux-arm-6 -SOURCE_SUM=38ab6c0ac42e87370238c2482432420ff509b5a03d964712a984d4d603bb4c97 +SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.9.0/gitea-1.9.0-linux-arm-6 +SOURCE_SUM=f2dff72ee94dd1c1bd2c067470469470ea079c47c07e862995cb85dc877ca389 SOURCE_SUM_PRG=sha256sum SOURCE_FILENAME=gitea SOURCE_EXTRACT=false diff --git a/conf/source/arm_1.8.src b/conf/source/arm_1.8.src new file mode 100644 index 0000000..d5005b9 --- /dev/null +++ b/conf/source/arm_1.8.src @@ -0,0 +1,5 @@ +SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.8.3/gitea-1.8.3-linux-arm-6 +SOURCE_SUM=920b74ec10be323e5dc684fe3b5c3b157bf6f1d6cca0ee1c4f9693f766d1574d +SOURCE_SUM_PRG=sha256sum +SOURCE_FILENAME=gitea +SOURCE_EXTRACT=false diff --git a/conf/source/armv7.src b/conf/source/armv7.src index faf17e7..a48f59b 100644 --- a/conf/source/armv7.src +++ b/conf/source/armv7.src @@ -1,8 +1,8 @@ # The armv7 build is brocken # See : https://github.com/go-gitea/gitea/issues/6700 # Use temporary the armv6 binary -SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.8.2/gitea-1.8.2-linux-arm-6 -SOURCE_SUM=38ab6c0ac42e87370238c2482432420ff509b5a03d964712a984d4d603bb4c97 +SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.9.0/gitea-1.9.0-linux-arm-6 +SOURCE_SUM=f2dff72ee94dd1c1bd2c067470469470ea079c47c07e862995cb85dc877ca389 SOURCE_SUM_PRG=sha256sum SOURCE_FILENAME=gitea SOURCE_EXTRACT=false diff --git a/conf/source/armv7_1.8.src b/conf/source/armv7_1.8.src new file mode 100644 index 0000000..918684d --- /dev/null +++ b/conf/source/armv7_1.8.src @@ -0,0 +1,8 @@ +# The armv7 build is brocken +# See : https://github.com/go-gitea/gitea/issues/6700 +# Use temporary the armv6 binary +SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.8.3/gitea-1.8.3-linux-arm-6 +SOURCE_SUM=920b74ec10be323e5dc684fe3b5c3b157bf6f1d6cca0ee1c4f9693f766d1574d +SOURCE_SUM_PRG=sha256sum +SOURCE_FILENAME=gitea +SOURCE_EXTRACT=false diff --git a/conf/source/i386.src b/conf/source/i386.src index fa9a6e6..be860f1 100644 --- a/conf/source/i386.src +++ b/conf/source/i386.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.8.2/gitea-1.8.2-linux-386 -SOURCE_SUM=762ab39855958f61165a1332a34d2a227f527acdc3bf60aa91c5a3e4e4e906ce +SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.9.0/gitea-1.9.0-linux-386 +SOURCE_SUM=861125e85b95a90bb84279641ad60ee3c9570dd8b0d134d8419812ba7571af71 SOURCE_SUM_PRG=sha256sum SOURCE_FILENAME=gitea SOURCE_EXTRACT=false diff --git a/conf/source/i386_1.8.src b/conf/source/i386_1.8.src new file mode 100644 index 0000000..256641b --- /dev/null +++ b/conf/source/i386_1.8.src @@ -0,0 +1,5 @@ +SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.8.3/gitea-1.8.3-linux-386 +SOURCE_SUM=e58f4a88b01a4880f97ae32a92e869d978a434a9a876c6a3f4e4a5721e8c4bd6 +SOURCE_SUM_PRG=sha256sum +SOURCE_FILENAME=gitea +SOURCE_EXTRACT=false diff --git a/conf/source/x86-64.src b/conf/source/x86-64.src index 329b91f..5da34a0 100644 --- a/conf/source/x86-64.src +++ b/conf/source/x86-64.src @@ -1,5 +1,5 @@ -SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.8.2/gitea-1.8.2-linux-amd64 -SOURCE_SUM=a843f2fe526b62ad1e698b80f6193d8c42a3920b35542de014af44d1eb998141 +SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.9.0/gitea-1.9.0-linux-amd64 +SOURCE_SUM=8a2e02cee40086effd99058054af8fb1eee9344fad865e0c7292107833da78cc SOURCE_SUM_PRG=sha256sum SOURCE_FILENAME=gitea SOURCE_EXTRACT=false diff --git a/conf/source/x86-64_1.8.src b/conf/source/x86-64_1.8.src new file mode 100644 index 0000000..d5d2530 --- /dev/null +++ b/conf/source/x86-64_1.8.src @@ -0,0 +1,5 @@ +SOURCE_URL=https://github.com/go-gitea/gitea/releases/download/v1.8.3/gitea-1.8.3-linux-amd64 +SOURCE_SUM=7bb28b21cce4bdf0a24e6f6b21c064afa56d84904052dd55afdf59c419d49988 +SOURCE_SUM_PRG=sha256sum +SOURCE_FILENAME=gitea +SOURCE_EXTRACT=false diff --git a/manifest.json b/manifest.json index 94a0d04..bb59c10 100644 --- a/manifest.json +++ b/manifest.json @@ -9,7 +9,7 @@ }, "url": "http://gitea.io", "license": "MIT", - "version": "1.8.0~ynh1", + "version": "1.9.0~ynh1", "maintainer": { "name": "rafi59", "email": "rafi59_dev@srvmaison.fr.nf" @@ -20,7 +20,7 @@ "mysql" ], "requirements": { - "yunohost": ">= 3.5.2.2" + "yunohost": ">= 3.6.4" }, "arguments": { "install" : [ diff --git a/scripts/change_url b/scripts/change_url index 72b0d48..a9962a3 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -26,6 +26,7 @@ dbpass=$(ynh_app_setting_get --app $app --key mysqlpwd) admin=$(ynh_app_setting_get --app $app --key adminusername) key=$(ynh_app_setting_get --app $app --key secret_key) port=$(ynh_app_setting_get --app $app --key web_port) +upstream_version=$(ynh_app_setting_get $app upstream_version) #================================================= # STANDARD MODIFICATIONS @@ -50,7 +51,7 @@ config_nginx config_gitea # RELOAD services -ynh_systemd_action -l "Serving \[::\]:$port with pid" -p "systemd" -a restart +ynh_systemd_action -l "Serving \[::\]:$port with pid" -p "/var/log/$app/gitea.log" -a restart -t 10 sleep 1 # Store the checksum with the 'INTERNAL_TOKEN' value. diff --git a/scripts/experimental_helper.sh b/scripts/experimental_helper.sh index a612477..ec89165 100644 --- a/scripts/experimental_helper.sh +++ b/scripts/experimental_helper.sh @@ -332,3 +332,39 @@ ynh_handle_app_migration () { migration_process=1 fi } + +# Verify the checksum and backup the file if it's different +# This helper is primarily meant to allow to easily backup personalised/manually +# modified config files. +# +# $app should be defined when calling this helper +# +# usage: ynh_backup_if_checksum_is_different --file=file +# | arg: -f, --file - The file on which the checksum test will be perfomed. +# | ret: the name of a backup file, or nothing +# +# Requires YunoHost version 2.6.4 or higher. +ynh_backup_if_checksum_is_different () { + # Declare an array to define the options of this helper. + local legacy_args=f + declare -Ar args_array=( [f]=file= ) + local file + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + local checksum_setting_name=checksum_${file//[\/ ]/_} # Replace all '/' and ' ' by '_' + local checksum_value=$(ynh_app_setting_get --app=$app --key=$checksum_setting_name) + # backup_file_checksum isn't declare as local, so it can be reuse by ynh_store_file_checksum + backup_file_checksum="" + if [ -n "$checksum_value" ] + then # Proceed only if a value was stored into the app settings + if [ -e $file ] && ! echo "$checksum_value $file" | sudo md5sum -c --status + then # If the checksum is now different + backup_file_checksum="/home/yunohost.conf/backup/$file.backup.$(date '+%Y%m%d.%H%M%S')" + sudo mkdir -p "$(dirname "$backup_file_checksum")" + sudo cp -a "$file" "$backup_file_checksum" # Backup the current file + ynh_print_warn "File $file has been manually modified since the installation or last upgrade. So it has been duplicated in $backup_file_checksum" + echo "$backup_file_checksum" # Return the name of the backup file + fi + fi +} diff --git a/scripts/install b/scripts/install index e49ddf0..48c2a1d 100644 --- a/scripts/install +++ b/scripts/install @@ -19,6 +19,7 @@ domain=$YNH_APP_ARG_DOMAIN path_url=$(ynh_normalize_url_path $YNH_APP_ARG_PATH) admin=$YNH_APP_ARG_ADMIN is_public=$YNH_APP_ARG_IS_PUBLIC +upstream_version=$(ynh_app_upstream_version) # Register (book) web path ynh_webpath_register --app $app --domain $domain --path_url $path_url @@ -98,6 +99,9 @@ ynh_replace_string "__ADMIN__" "$admin" ../conf/login_source.sql ynh_replace_string "__APP__" "$app" ../conf/login_source.sql ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql +# SETUP FAIL2BAN +ynh_add_fail2ban_config --logpath "/var/log/$app/gitea.log" --failregex ".*Failed authentication attempt for .* from " --max_retry 5 + #================================================= # GENERIC FINALIZATION #================================================= @@ -106,7 +110,7 @@ ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ../conf/login_source.sql set_access_settings # Add gitea to YunoHost's monitored services -yunohost service add "$app" --log "/var/log/$app/$app.log" +yunohost service add "$app" --log "/var/log/$app/gitea.log" # Configure logrotate ynh_use_logrotate "/var/log/$app" @@ -115,7 +119,7 @@ ynh_use_logrotate "/var/log/$app" ynh_app_setting_set --app $app --key upstream_version --value $(ynh_app_upstream_version) # Reload services -ynh_systemd_action -l "Serving \[::\]:$port with pid" -p "systemd" +ynh_systemd_action -l "Serving \[::\]:$port with pid" -p "/var/log/$app/gitea.log" -t 10 sleep 1 # Store the checksum with the 'INTERNAL_TOKEN' value. diff --git a/scripts/remove b/scripts/remove index 67b0ef0..bcc5268 100644 --- a/scripts/remove +++ b/scripts/remove @@ -45,4 +45,7 @@ ynh_remove_systemd_config # Remove monitor yunohost service remove "$app" +# Remove fail2ban config +ynh_remove_fail2ban_config + true # Do not fail if remove after install error diff --git a/scripts/restore b/scripts/restore index 15bf903..fc7ddc5 100644 --- a/scripts/restore +++ b/scripts/restore @@ -20,6 +20,7 @@ path_url=$(ynh_app_setting_get --app $app --key path) dbpass=$(ynh_app_setting_get --app $app --key mysqlpwd) admin=$(ynh_app_setting_get --app $app --key adminusername) port=$(ynh_app_setting_get --app $app --key web_port) +upstream_version=$(ynh_app_setting_get $app upstream_version) # Check domain/path availability with app helper ynh_webpath_available $domain $path_url || ynh_die --message "$domain is not available as domain, please use an other domain." @@ -54,6 +55,9 @@ ynh_mysql_connect_as "$dbuser" "$dbpass" "$dbname" < ./db.sql systemctl daemon-reload systemctl enable "$app".service +# SETUP FAIL2BAN +ynh_add_fail2ban_config --logpath "/var/log/$app/gitea.log" --failregex ".*Failed authentication attempt for .* from " --max_retry 5 + #================================================= # GENERIC FINALIZATION #================================================= @@ -65,9 +69,9 @@ set_permission ynh_use_logrotate "/var/log/$app" # Add gitea to YunoHost's monitored services -yunohost service add "$app" --log /var/log/"$app"/"$app".log +yunohost service add "$app" --log /var/log/"$app"/gitea.log # Reload services systemctl reload nginx.service -ynh_systemd_action -l "Serving \[::\]:$port with pid" -p "systemd" +ynh_systemd_action -l "Serving \[::\]:$port with pid" -p "/var/log/$app/gitea.log" -t 10 sleep 1 diff --git a/scripts/upgrade b/scripts/upgrade index 988ff52..7e6d7ab 100644 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -155,11 +155,18 @@ case $upstream_version in ynh_setup_source $final_path source/${architecture}_1.7 restart_gitea ;& +"1.7."* ) + ynh_setup_source $final_path source/${architecture}_1.8 + restart_gitea +;& esac -# Install gitea +# Install gitea source ynh_setup_source $final_path source/$architecture +# SETUP FAIL2BAN +ynh_add_fail2ban_config --logpath "/var/log/$app/gitea.log" --failregex ".*Failed authentication attempt for .* from " --max_retry 5 + #================================================= # GENERIC FINALIZATION #================================================= @@ -174,7 +181,7 @@ ynh_app_setting_set --app $app --key upstream_version --value $(ynh_app_upstream set_access_settings # Reload services -ynh_systemd_action -l "Serving \[::\]:$port with pid" -p "systemd" +ynh_systemd_action -l "Serving \[::\]:$port with pid" -p "/var/log/$app/gitea.log" -t 10 sleep 1 # Store the checksum with the 'INTERNAL_TOKEN' value.