gabriel
/
nextcloud_ynh
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Merge branch 'testing' into patch-2

pull/71/head
frju365 8 years ago
committed by GitHub
parent
6263a28954 2c937c078f
commit
8bcc16539e
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
14 changed files with 134 additions and 98 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 2
      README.md
  2. 79
      conf/config.json
  3. 9
      conf/config_install.json
  4. 7
      conf/nginx.conf
  5. 1
      conf/php-fpm.conf
  6. 4
      manifest.json
  7. 2
      scripts/_common.sh
  8. 14
      scripts/backup
  9. 20
      scripts/install
  10. 20
      scripts/restore
  11. 4
      scripts/upgrade
  12. 4
      scripts/upgrade.d/upgrade.last.sh
  13. 0
      sources/patches/app-00-add-logout_url-conf.patch
  14. 66
      sources/patches/app-01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch

2
README.md
View File

@ -5,7 +5,7 @@ Nextcloud for YunoHost
own data. A personal cloud which run on your own server. With Nextcloud own data. A personal cloud which run on your own server. With Nextcloud
you can synchronize your files over your devices. you can synchronize your files over your devices.
**Shipped version:** 12.0.2
**Shipped version:** 12.0.5
[![Install Nextcloud with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=nextcloud) [![Install Nextcloud with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=nextcloud)
![](https://github.com/nextcloud/screenshots/blob/master/files/filelist.png) ![](https://github.com/nextcloud/screenshots/blob/master/files/filelist.png)

79
conf/config.json
View File

@ -1,38 +1,41 @@
{
"system": {
"datadirectory": "#DATADIR#",
"trusted_domains": [
"localhost",
"#DOMAIN#"
],
"updatechecker": false,
"memcache.local": "\\OC\\Memcache\\APCu",
"integrity.check.disabled": true
},
"apps": {
"user_ldap": {
"ldap_base": "dc=yunohost,dc=org",
"ldap_base_groups": "ou=groups,dc=yunohost,dc=org",
"ldap_base_users": "ou=users,dc=yunohost,dc=org",
"ldap_cache_ttl": "600",
"ldap_configuration_active": "1",
"ldap_display_name": "displayname",
"ldap_email_attr": "mail",
"ldap_expert_username_attr": "uid",
"ldap_group_display_name": "cn",
"ldap_group_filter": "objectClass=posixGroup",
"ldap_group_filter_mode": "0",
"ldap_groupfilter_objectclass": "posixGroup",
"ldap_host": "localhost",
"ldap_login_filter": "(&(|(objectclass=posixAccount))(uid=%uid))",
"ldap_login_filter_mode": "0",
"ldap_port": "389",
"ldap_quota_attr": "userquota",
"ldap_tls": "0",
"ldap_user_display_name": "cn",
"ldap_user_filter_mode": "0",
"ldap_userfilter_objectclass": "posixAccount",
"ldap_userlist_filter": "objectclass=posixAccount"
}
}
}
{
"system": {
"updatechecker": false,
"memcache.local": "\\OC\\Memcache\\APCu",
"integrity.check.disabled": true,
"filelocking.enabled": true,
"memcache.locking": "\\OC\\Memcache\\Redis",
"redis": {
"host": "localhost",
"port": "6379",
"timeout": "0.0",
"password": ""
}
},
"apps": {
"user_ldap": {
"ldap_base": "dc=yunohost,dc=org",
"ldap_base_groups": "ou=groups,dc=yunohost,dc=org",
"ldap_base_users": "ou=users,dc=yunohost,dc=org",
"ldap_cache_ttl": "600",
"ldap_configuration_active": "1",
"ldap_display_name": "displayname",
"ldap_email_attr": "mail",
"ldap_expert_username_attr": "uid",
"ldap_group_display_name": "cn",
"ldap_group_filter": "objectClass=posixGroup",
"ldap_group_filter_mode": "0",
"ldap_groupfilter_objectclass": "posixGroup",
"ldap_host": "localhost",
"ldap_login_filter": "(&(|(objectclass=posixAccount))(uid=%uid))",
"ldap_login_filter_mode": "0",
"ldap_port": "389",
"ldap_quota_attr": "userquota",
"ldap_tls": "0",
"ldap_user_display_name": "cn",
"ldap_user_filter_mode": "0",
"ldap_userfilter_objectclass": "posixAccount",
"ldap_userlist_filter": "objectclass=posixAccount"
}
}
}

9
conf/config_install.json
View File

@ -0,0 +1,9 @@
{
"system": {
"datadirectory": "#DATADIR#",
"trusted_domains": [
"localhost",
"#DOMAIN#"
]
}
}

7
conf/nginx.conf
View File

@ -23,7 +23,12 @@ location ^~ __PATH__ {
# Set max upload size # Set max upload size
client_max_body_size 10G; client_max_body_size 10G;
fastcgi_buffers 64 4K; fastcgi_buffers 64 4K;
# Extend timeouts
client_body_timeout 60m;
proxy_read_timeout 60m;
fastcgi_read_timeout 60m;
# Disable gzip to avoid the removal of the ETag header # Disable gzip to avoid the removal of the ETag header
gzip off; gzip off;

1
conf/php-fpm.conf
View File

@ -365,6 +365,7 @@ catch_workers_output = yes
;env[TMP] = /tmp ;env[TMP] = /tmp
;env[TMPDIR] = /tmp ;env[TMPDIR] = /tmp
;env[TEMP] = /tmp ;env[TEMP] = /tmp
env[PATH] = $PATH
; Additional php.ini defines, specific to this pool of workers. These settings ; Additional php.ini defines, specific to this pool of workers. These settings
; overwrite the values previously defined in the php.ini. The directives are the ; overwrite the values previously defined in the php.ini. The directives are the

4
manifest.json
View File

@ -6,9 +6,9 @@
"en": "Access & share your files, calendars, contacts, mail & more from any device, on your terms", "en": "Access & share your files, calendars, contacts, mail & more from any device, on your terms",
"fr": "Consultez et partagez vos fichiers, agendas, carnets d'adresses, emails et bien plus depuis les appareils de votre choix, sous vos conditions" "fr": "Consultez et partagez vos fichiers, agendas, carnets d'adresses, emails et bien plus depuis les appareils de votre choix, sous vos conditions"
}, },
"version": "12.0.2",
"version": "12.0.5-1",
"url": "https://nextcloud.com", "url": "https://nextcloud.com",
"license": "AGPL-3",
"license": "AGPL-3.0",
"maintainer": { "maintainer": {
"name": "-", "name": "-",
"email": "-" "email": "-"

2
scripts/_common.sh
View File

@ -3,7 +3,7 @@
# COMMON VARIABLES # COMMON VARIABLES
#================================================= #=================================================
pkg_dependencies="php5-gd php5-json php5-intl php5-mcrypt php5-curl php5-apcu php5-imagick php5-ldap acl tar smbclient"
pkg_dependencies="php5-gd php5-json php5-intl php5-mcrypt php5-curl php5-apcu php5-redis php5-ldap php5-imagick imagemagick acl tar smbclient"
#================================================= #=================================================
# COMMON HELPERS # COMMON HELPERS

14
scripts/backup
View File

@ -3,11 +3,6 @@
#================================================= #=================================================
# GENERIC START # GENERIC START
#================================================= #=================================================
# MANAGE SCRIPT FAILURE
#=================================================
# Exit on command errors and treat access to unset variables as an error
set -eu
#================================================= #=================================================
# IMPORT GENERIC HELPERS # IMPORT GENERIC HELPERS
@ -21,6 +16,13 @@ fi
source _common.sh source _common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#================================================= #=================================================
# LOAD SETTINGS # LOAD SETTINGS
#================================================= #=================================================
@ -82,5 +84,5 @@ if [ -z $backup_core_only ]
then then
ynh_backup "/home/yunohost.app/${app}/data" ynh_backup "/home/yunohost.app/${app}/data"
else else
echo "Data dir will not saved, because backup_core_only is set." >&2
echo "Data dir will not be saved, because backup_core_only is set." >&2
fi fi

20
scripts/install
View File

@ -144,11 +144,6 @@ exec_occ maintenance:install \
# CONFIGURE NEXTCLOUD # CONFIGURE NEXTCLOUD
#================================================= #=================================================
nc_conf="${final_path}/config.json"
cp ../conf/config.json "$nc_conf"
ynh_replace_string "#DOMAIN#" "$domain" "$nc_conf"
ynh_replace_string "#DATADIR#" "$datadir" "$nc_conf"
# Ensure that UpdateNotification app is disabled # Ensure that UpdateNotification app is disabled
exec_occ app:disable updatenotification exec_occ app:disable updatenotification
@ -156,7 +151,18 @@ exec_occ app:disable updatenotification
exec_occ app:enable user_ldap exec_occ app:enable user_ldap
exec_occ ldap:create-empty-config exec_occ ldap:create-empty-config
# Load the config file in nextcloud
# Load the installation config file in nextcloud
nc_conf="${final_path}/config_install.json"
cp ../conf/config_install.json "$nc_conf"
ynh_replace_string "#DOMAIN#" "$domain" "$nc_conf"
ynh_replace_string "#DATADIR#" "$datadir" "$nc_conf"
exec_occ config:import "$nc_conf"
# Then remove it
rm -f "$nc_conf"
# Load the additional config file (used also for upgrade)
nc_conf="${final_path}/config_install.json"
cp ../conf/config.json "$nc_conf"
exec_occ config:import "$nc_conf" exec_occ config:import "$nc_conf"
# Then remove it # Then remove it
rm -f "$nc_conf" rm -f "$nc_conf"
@ -216,6 +222,8 @@ ynh_store_file_checksum "${final_path}/config/config.php"
cron_path="/etc/cron.d/$app" cron_path="/etc/cron.d/$app"
cp -a ../conf/nextcloud.cron "$cron_path" cp -a ../conf/nextcloud.cron "$cron_path"
chown root: "$cron_path"
chmod 644 "$cron_path"
ynh_replace_string "#USER#" "$app" "$cron_path" ynh_replace_string "#USER#" "$app" "$cron_path"
ynh_replace_string "#DESTDIR#" "$final_path" "$cron_path" ynh_replace_string "#DESTDIR#" "$final_path" "$cron_path"

20
scripts/restore
View File

@ -3,11 +3,6 @@
#================================================= #=================================================
# GENERIC START # GENERIC START
#================================================= #=================================================
# MANAGE SCRIPT FAILURE
#=================================================
# Exit on command errors and treat access to unset variables as an error
set -eu
#================================================= #=================================================
# IMPORT GENERIC HELPERS # IMPORT GENERIC HELPERS
@ -21,6 +16,13 @@ fi
source _common.sh source _common.sh
source /usr/share/yunohost/helpers source /usr/share/yunohost/helpers
#=================================================
# MANAGE SCRIPT FAILURE
#=================================================
# Exit if an error occurs during the execution of the script
ynh_abort_if_errors
#================================================= #=================================================
# LOAD SETTINGS # LOAD SETTINGS
#================================================= #=================================================
@ -102,12 +104,16 @@ ynh_restore_file "/etc/logrotate.d/$app"
# RESTORE THE DATA DIRECTORY # RESTORE THE DATA DIRECTORY
#================================================= #=================================================
datadir="/home/yunohost.app/${app}/data"
# The data directory will be restored only if it exists in the backup archive # The data directory will be restored only if it exists in the backup archive
# So only if it was backup previously. # So only if it was backup previously.
if [ -d "$YNH_BACKUP_DIR/data" ]
if [ -d "$YNH_BACKUP_DIR/apps/$app/backup/home/yunohost.app/$app" ]
then then
datadir="/home/yunohost.app/${app}/data"
ynh_restore_file "$datadir" ynh_restore_file "$datadir"
else
# Create app folders
mkdir -p "$datadir"
fi fi
# Remove the option backup_core_only if it's in the settings.yml file # Remove the option backup_core_only if it's in the settings.yml file
ynh_app_setting_delete $app backup_core_only ynh_app_setting_delete $app backup_core_only

4
scripts/upgrade
View File

@ -286,6 +286,8 @@ ynh_store_file_checksum "${final_path}/config/config.php"
cron_path="/etc/cron.d/$app" cron_path="/etc/cron.d/$app"
cp -a ../conf/nextcloud.cron "$cron_path" cp -a ../conf/nextcloud.cron "$cron_path"
chown root: "$cron_path"
chmod 644 "$cron_path"
ynh_replace_string "#USER#" "$app" "$cron_path" ynh_replace_string "#USER#" "$app" "$cron_path"
ynh_replace_string "#DESTDIR#" "$final_path" "$cron_path" ynh_replace_string "#DESTDIR#" "$final_path" "$cron_path"
@ -334,7 +336,7 @@ they are probably disabled and you'll have to manually enable them again." >&2
#================================================= #=================================================
# Use logrotate to manage app-specific logfile(s) # Use logrotate to manage app-specific logfile(s)
ynh_use_logrotate
ynh_use_logrotate --non-append
#================================================= #=================================================
# GENERIC FINALIZATION # GENERIC FINALIZATION

4
scripts/upgrade.d/upgrade.last.sh
View File

@ -1,7 +1,7 @@
#!/bin/bash #!/bin/bash
# Last available nextcloud version # Last available nextcloud version
next_version="12.0.2"
next_version="12.0.5"
# Nextcloud tarball checksum sha256 # Nextcloud tarball checksum sha256
nextcloud_source_sha256="eb34d6cb9f55ee84bf2ad847b4b08cdb925321848ffa2264a9b1566e7b21a17c"
nextcloud_source_sha256="c8be29ace6821079e881818266fe49d28812b5aa0c7d2e76511173d48828ca43"

0
sources/patches/00-add-logout_url-conf.patch → sources/patches/app-00-add-logout_url-conf.patch
View File

66
patches/01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch → sources/patches/app-01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch
View File

@ -1,33 +1,33 @@
lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php | 4 ++++
lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php | 3 ++-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
index 85ae127f5f..91618a09fc 100644
--- a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
+++ b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
@@ -65,6 +65,10 @@ class ContentSecurityPolicyNonceManager {
* @return bool
*/
public function browserSupportsCspV3() {
+ // YunoHost patch: disable CSPv3 nonces to:
+ // - avoid white page on first login from YunoHost portal
+ // - allow YunoHost tile display
+ return false;
$browserWhitelist = [
Request::USER_AGENT_CHROME,
// Firefox 45+
diff --git a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
index 64d4eb6e5d..59d5885620 100644
--- a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
+++ b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
@@ -377,7 +377,8 @@ class EmptyContentSecurityPolicy {
if(!empty($this->allowedFontDomains)) {
$policy .= 'font-src ' . implode(' ', $this->allowedFontDomains);
- $policy .= ';';
+ // YunoHost patch: extend font-src to load data fonts embedded in YunoHost tile script
+ $policy .= ' data:;';
}
if(!empty($this->allowedConnectDomains)) {
lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php | 4 ++++
lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php | 3 ++-
2 files changed, 6 insertions(+), 1 deletion(-)
diff --git a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
index 85ae127f5f..91618a09fc 100644
--- a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
+++ b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php
@@ -65,6 +65,10 @@ class ContentSecurityPolicyNonceManager {
* @return bool
*/
public function browserSupportsCspV3() {
+ // YunoHost patch: disable CSPv3 nonces to:
+ // - avoid white page on first login from YunoHost portal
+ // - allow YunoHost tile display
+ return false;
$browserWhitelist = [
Request::USER_AGENT_CHROME,
// Firefox 45+
diff --git a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
index 64d4eb6e5d..59d5885620 100644
--- a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
+++ b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php
@@ -377,7 +377,8 @@ class EmptyContentSecurityPolicy {
if(!empty($this->allowedFontDomains)) {
$policy .= 'font-src ' . implode(' ', $this->allowedFontDomains);
- $policy .= ';';
+ // YunoHost patch: extend font-src to load data fonts embedded in YunoHost tile script
+ $policy .= ' data:;';
}
if(!empty($this->allowedConnectDomains)) {
Write Preview
Loading…
Cancel
Save