From 225f1bb1b358b41f3c5365ee09471b6e59ca054e Mon Sep 17 00:00:00 2001 From: eric_G <46165813+ericgaspar@users.noreply.github.com> Date: Thu, 19 Dec 2024 13:07:17 +0100 Subject: [PATCH 1/8] move function to common.sh (#764) * move function to common.sh * Update config --- scripts/_common.sh | 6 ++++++ scripts/change_url | 6 ------ scripts/config | 6 ------ scripts/install | 6 ------ scripts/restore | 5 ----- 5 files changed, 6 insertions(+), 23 deletions(-) diff --git a/scripts/_common.sh b/scripts/_common.sh index 33c1736a..19c0decc 100644 --- a/scripts/_common.sh +++ b/scripts/_common.sh @@ -4,6 +4,12 @@ # COMMON VARIABLES AND CUSTOM HELPERS #================================================= +# Define a function to execute commands with `occ` +exec_occ() { + (cd "$install_dir" && ynh_exec_as_app \ + php${php_version} --define apc.enable_cli=1 occ --no-interaction --no-ansi "$@") +} + wait_nginx_reload() { # NGINX may take some time to support the new configuration, # wait for the Nextcloud configuration file to disappear from NGINX before checking the CalDAV/CardDAV URL. diff --git a/scripts/change_url b/scripts/change_url index 509b92dc..449c14b4 100644 --- a/scripts/change_url +++ b/scripts/change_url @@ -28,12 +28,6 @@ ynh_config_change_url_nginx #================================================= ynh_script_progression "Applying $app specific modifications..." -# Define a function to execute commands with `occ` -exec_occ() { - (cd "$install_dir" && ynh_exec_as_app \ - php${php_version} --define apc.enable_cli=1 occ --no-interaction --no-ansi "$@") -} - if [ $change_domain -eq 1 ] then # Change the trusted domain diff --git a/scripts/config b/scripts/config index fc45c353..a2939758 100644 --- a/scripts/config +++ b/scripts/config @@ -8,12 +8,6 @@ source /usr/share/yunohost/helpers #================================================= php_version=$(ynh_app_setting_get --key=php_version) -current_fpm_footprint=$(ynh_app_setting_get --key=fpm_footprint) - -exec_occ() { - (cd "$install_dir" && ynh_exec_as_app \ - php${php_version} --define apc.enable_cli=1 occ --no-interaction --no-ansi "$@") -} #================================================= # SPECIFIC GETTERS FOR TOML SHORT KEY diff --git a/scripts/install b/scripts/install index cd270cc0..69d7ddce 100755 --- a/scripts/install +++ b/scripts/install @@ -72,12 +72,6 @@ ynh_config_add_nginx #================================================= ynh_script_progression "Installing $app..." -# Define a function to execute commands with `occ` -exec_occ() { - (cd "$install_dir" && ynh_exec_as_app \ - php${php_version} --define apc.enable_cli=1 occ --no-interaction --no-ansi "$@") -} - # Set write access for the following commands chown -R $app:www-data "$install_dir" chown -R $app: "$data_dir" diff --git a/scripts/restore b/scripts/restore index 9be6e2b8..1ed03c8e 100755 --- a/scripts/restore +++ b/scripts/restore @@ -146,11 +146,6 @@ ynh_systemctl --service=nginx --action=reload # CHECK IF NOTIFY_PUSH WORKS #================================================= -exec_occ() { - (cd "$install_dir" && ynh_exec_as_app \ - php${php_version} --define apc.enable_cli=1 occ --no-interaction --no-ansi "$@") -} - if [ $enable_notify_push -eq 1 ] then count=0 From 773ada7b68f66e4cfa2f33a93cbcbd20ee303876 Mon Sep 17 00:00:00 2001 From: eric_G <46165813+ericgaspar@users.noreply.github.com> Date: Thu, 19 Dec 2024 13:11:25 +0100 Subject: [PATCH 2/8] add default_phone_region --- conf/config.json | 1 + 1 file changed, 1 insertion(+) diff --git a/conf/config.json b/conf/config.json index bb800325..0063ee9a 100644 --- a/conf/config.json +++ b/conf/config.json @@ -14,6 +14,7 @@ "hashing_default_password": true, "localstorage.allowsymlinks": true, "simpleSignUpLink.shown": false, + "default_phone_region": "", "maintenance_window_start": 1, "mail_smtpmode": "smtp", "mail_smtpport": "25", From 3fb2bb691e88369560ea6fe8321eada5bdd7449e Mon Sep 17 00:00:00 2001 From: eric_G <46165813+ericgaspar@users.noreply.github.com> Date: Thu, 19 Dec 2024 13:14:24 +0100 Subject: [PATCH 3/8] Update nginx.conf --- conf/nginx.conf | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/conf/nginx.conf b/conf/nginx.conf index 0b6c2fd1..f521457e 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -1,6 +1,7 @@ -# Add .mjs as a file extension for javascript +# Set .mjs MIME types # Either include it in the default mime.types list # or include you can include that list explicitly and add the file extension +# and include that list explicitly or add the file extension # only for Nextcloud like below: include mime.types; types { @@ -54,8 +55,15 @@ location ^~ __PATH__/ { # for tunning hints client_body_buffer_size 512k; - # HTTP response headers borrowed from Nextcloud `.htaccess` + # HSTS settings + # WARNING: Only add the preload option once you read about + # the consequences in https://hstspreload.org/. This option + # will add the domain to a hardcoded list that is shipped + # in all major browsers and getting removed from this list + # could take several months. #more_set_headers "Strict-Transport-Security: max-age=15768000; includeSubDomains; preload;"; + + # HTTP response headers borrowed from Nextcloud `.htaccess` more_set_headers "Referrer-Policy: no-referrer"; more_set_headers "X-Content-Type-Options: nosniff"; more_set_headers "X-Download-Options: noopen"; From 25341f9ff558099f742262c939a13888a0c22d86 Mon Sep 17 00:00:00 2001 From: eric_G <46165813+ericgaspar@users.noreply.github.com> Date: Thu, 19 Dec 2024 13:17:32 +0100 Subject: [PATCH 4/8] Update install --- scripts/install | 2 ++ 1 file changed, 2 insertions(+) diff --git a/scripts/install b/scripts/install index 69d7ddce..fc4d6455 100755 --- a/scripts/install +++ b/scripts/install @@ -247,10 +247,12 @@ ynh_script_progression "Adding multimedia directories..." # Build YunoHost multimedia directories ynh_multimedia_build_main_dir + # Mount the user directory in Nextcloud exec_occ app:enable files_external create_external_storage "/home/yunohost.multimedia/\$user" "Multimedia" create_external_storage "/home/yunohost.multimedia/share" "Shared multimedia" + # Allow nextcloud to write into these directories ynh_multimedia_addaccess $app From 85c31870a735ffe6521cd7f622317954156c696b Mon Sep 17 00:00:00 2001 From: Robles Rodolphe Date: Fri, 20 Dec 2024 03:40:35 +0100 Subject: [PATCH 5/8] Fix upgrade exploding when $app is nextcloud__2, __3 etc because the virtual apt/dpkg package is named with - and not _ (#767) * Update upgrade replace correct file for nextcloud--x-ynh-deps * Update upgrade correct syntax for the helpers --- scripts/upgrade | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/upgrade b/scripts/upgrade index 12fe5a7b..8a20d119 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -74,7 +74,7 @@ exec_occ() { # will do magic regarding php configuration and $php_version when the php version of the dependencies changes ... php_version=$(ynh_app_setting_get --key=php_version) if [[ "$NEXTCLOUD_PHP_VERSION" != "$php_version" ]]; then - local pkg_dependencies="$(dpkg-query --show --showformat='${Depends}' ${app}-ynh-deps)" + local pkg_dependencies="$(dpkg-query --show --showformat='${Depends}' ${app//_/-}-ynh-deps)" pkg_dependencies="${pkg_dependencies//$php_version/$NEXTCLOUD_PHP_VERSION}" # Packaging v1 ~legacy : ynh_apt_install_dependencies is designed to be called several times # but the second time it will *append* the list of dependencies rather than replace the existing dependencies From 5e4f393d374f66dc4f45378045f8eb53f08f59dd Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Fri, 20 Dec 2024 03:41:53 +0100 Subject: [PATCH 6/8] Bump package revision --- manifest.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/manifest.toml b/manifest.toml index 6f32edfd..3b7ac246 100644 --- a/manifest.toml +++ b/manifest.toml @@ -5,7 +5,7 @@ name = "Nextcloud" description.en = "Online storage, file sharing platform and various other applications" description.fr = "Stockage en ligne, plateforme de partage de fichiers et diverses autres applications" -version = "30.0.4~ynh1" +version = "30.0.4~ynh2" maintainers = ["kay0u"] From a8378a548f6464e4b1893787c61921de2ba00b60 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Fri, 20 Dec 2024 03:41:58 +0100 Subject: [PATCH 7/8] Auto-update READMEs --- README.md | 2 +- README_es.md | 2 +- README_eu.md | 2 +- README_fr.md | 2 +- README_gl.md | 2 +- README_id.md | 2 +- README_nl.md | 2 +- README_pl.md | 2 +- README_ru.md | 2 +- README_zh_Hans.md | 2 +- 10 files changed, 10 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index f9e03051..dc0c22dc 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ The `/.well-known` address will be automatically configured for CalDAV and CardD The YunoHost catalog has two collaborative office suites, [OnlyOffice](https://github.com/YunoHost-Apps/onlyoffice_ynh) and [Collabora](https://github.com/YunoHost-Apps/collabora_ynh), which can be integrated with Nextcloud. -**Shipped version:** 30.0.4~ynh1 +**Shipped version:** 30.0.4~ynh2 **Demo:** diff --git a/README_es.md b/README_es.md index 19fc4b46..f104760c 100644 --- a/README_es.md +++ b/README_es.md @@ -26,7 +26,7 @@ The `/.well-known` address will be automatically configured for CalDAV and CardD The YunoHost catalog has two collaborative office suites, [OnlyOffice](https://github.com/YunoHost-Apps/onlyoffice_ynh) and [Collabora](https://github.com/YunoHost-Apps/collabora_ynh), which can be integrated with Nextcloud. -**Versión actual:** 30.0.4~ynh1 +**Versión actual:** 30.0.4~ynh2 **Demo:** diff --git a/README_eu.md b/README_eu.md index a97367ef..120dd6b7 100644 --- a/README_eu.md +++ b/README_eu.md @@ -26,7 +26,7 @@ The `/.well-known` address will be automatically configured for CalDAV and CardD The YunoHost catalog has two collaborative office suites, [OnlyOffice](https://github.com/YunoHost-Apps/onlyoffice_ynh) and [Collabora](https://github.com/YunoHost-Apps/collabora_ynh), which can be integrated with Nextcloud. -**Paketatutako bertsioa:** 30.0.4~ynh1 +**Paketatutako bertsioa:** 30.0.4~ynh2 **Demoa:** diff --git a/README_fr.md b/README_fr.md index 276d38be..38500704 100644 --- a/README_fr.md +++ b/README_fr.md @@ -27,7 +27,7 @@ L'adresse `/.well-known` sera automatiquement configuré pour la synchronisatio Le catalogue YunoHost dispose de deux suites bureautiques collaboratives, [OnlyOffice](https://github.com/YunoHost-Apps/onlyoffice_ynh) et [Collabora](https://github.com/YunoHost-Apps/collabora_ynh), qui peuvent être intégrées à Nextcloud. -**Version incluse :** 30.0.4~ynh1 +**Version incluse :** 30.0.4~ynh2 **Démo :** diff --git a/README_gl.md b/README_gl.md index 50121dc0..d930a5ec 100644 --- a/README_gl.md +++ b/README_gl.md @@ -26,7 +26,7 @@ The `/.well-known` address will be automatically configured for CalDAV and CardD The YunoHost catalog has two collaborative office suites, [OnlyOffice](https://github.com/YunoHost-Apps/onlyoffice_ynh) and [Collabora](https://github.com/YunoHost-Apps/collabora_ynh), which can be integrated with Nextcloud. -**Versión proporcionada:** 30.0.4~ynh1 +**Versión proporcionada:** 30.0.4~ynh2 **Demo:** diff --git a/README_id.md b/README_id.md index 5cf9feaa..3d6cc343 100644 --- a/README_id.md +++ b/README_id.md @@ -26,7 +26,7 @@ The `/.well-known` address will be automatically configured for CalDAV and CardD The YunoHost catalog has two collaborative office suites, [OnlyOffice](https://github.com/YunoHost-Apps/onlyoffice_ynh) and [Collabora](https://github.com/YunoHost-Apps/collabora_ynh), which can be integrated with Nextcloud. -**Versi terkirim:** 30.0.4~ynh1 +**Versi terkirim:** 30.0.4~ynh2 **Demo:** diff --git a/README_nl.md b/README_nl.md index 00322ce2..df6b6c37 100644 --- a/README_nl.md +++ b/README_nl.md @@ -26,7 +26,7 @@ The `/.well-known` address will be automatically configured for CalDAV and CardD The YunoHost catalog has two collaborative office suites, [OnlyOffice](https://github.com/YunoHost-Apps/onlyoffice_ynh) and [Collabora](https://github.com/YunoHost-Apps/collabora_ynh), which can be integrated with Nextcloud. -**Geleverde versie:** 30.0.4~ynh1 +**Geleverde versie:** 30.0.4~ynh2 **Demo:** diff --git a/README_pl.md b/README_pl.md index 792231a2..2465b2b1 100644 --- a/README_pl.md +++ b/README_pl.md @@ -26,7 +26,7 @@ The `/.well-known` address will be automatically configured for CalDAV and CardD The YunoHost catalog has two collaborative office suites, [OnlyOffice](https://github.com/YunoHost-Apps/onlyoffice_ynh) and [Collabora](https://github.com/YunoHost-Apps/collabora_ynh), which can be integrated with Nextcloud. -**Dostarczona wersja:** 30.0.4~ynh1 +**Dostarczona wersja:** 30.0.4~ynh2 **Demo:** diff --git a/README_ru.md b/README_ru.md index 6e60ecff..525a7f1e 100644 --- a/README_ru.md +++ b/README_ru.md @@ -26,7 +26,7 @@ The `/.well-known` address will be automatically configured for CalDAV and CardD The YunoHost catalog has two collaborative office suites, [OnlyOffice](https://github.com/YunoHost-Apps/onlyoffice_ynh) and [Collabora](https://github.com/YunoHost-Apps/collabora_ynh), which can be integrated with Nextcloud. -**Поставляемая версия:** 30.0.4~ynh1 +**Поставляемая версия:** 30.0.4~ynh2 **Демо-версия:** diff --git a/README_zh_Hans.md b/README_zh_Hans.md index 23f0f3a9..888ce826 100644 --- a/README_zh_Hans.md +++ b/README_zh_Hans.md @@ -26,7 +26,7 @@ The `/.well-known` address will be automatically configured for CalDAV and CardD The YunoHost catalog has two collaborative office suites, [OnlyOffice](https://github.com/YunoHost-Apps/onlyoffice_ynh) and [Collabora](https://github.com/YunoHost-Apps/collabora_ynh), which can be integrated with Nextcloud. -**分发版本:** 30.0.4~ynh1 +**分发版本:** 30.0.4~ynh2 **演示:** From be58bb1ea1798680a0f803285396526f0387714c Mon Sep 17 00:00:00 2001 From: eric_G <46165813+ericgaspar@users.noreply.github.com> Date: Sat, 21 Dec 2024 14:32:09 +0100 Subject: [PATCH 8/8] Patch (#768) * remove inused patch with YNH 12 * reorder patch --- ...val-in-JS-scripts-for-YunoHost-tile.patch} | 0 ...able-CSPv3-nonce_and_allow-YNH-fonts.patch | 29 ------------------- 2 files changed, 29 deletions(-) rename patches/main/{02-Allow-for-eval-in-JS-scripts-for-YunoHost-tile.patch => 01-Allow-for-eval-in-JS-scripts-for-YunoHost-tile.patch} (100%) delete mode 100644 patches/main/01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch diff --git a/patches/main/02-Allow-for-eval-in-JS-scripts-for-YunoHost-tile.patch b/patches/main/01-Allow-for-eval-in-JS-scripts-for-YunoHost-tile.patch similarity index 100% rename from patches/main/02-Allow-for-eval-in-JS-scripts-for-YunoHost-tile.patch rename to patches/main/01-Allow-for-eval-in-JS-scripts-for-YunoHost-tile.patch diff --git a/patches/main/01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch b/patches/main/01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch deleted file mode 100644 index 1cbbd31a..00000000 --- a/patches/main/01-disable-CSPv3-nonce_and_allow-YNH-fonts.patch +++ /dev/null @@ -1,29 +0,0 @@ -diff --git a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php -index 993f74ae0e4..c85aadc49db 100644 ---- a/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php -+++ b/lib/private/Security/CSP/ContentSecurityPolicyNonceManager.php -@@ -47,6 +47,10 @@ class ContentSecurityPolicyNonceManager { - * Check if the browser supports CSP v3 - */ - public function browserSupportsCspV3(): bool { -+ // YunoHost patch: disable CSPv3 nonces to: -+ // - avoid white page on first login from YunoHost portal -+ // - allow YunoHost tile display -+ return false; - $browserBlocklist = [ - Request::USER_AGENT_IE, - ]; -diff --git a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php -index b8bbfdb7d67..a51a15ca0e6 100644 ---- a/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php -+++ b/lib/public/AppFramework/Http/EmptyContentSecurityPolicy.php -@@ -493,7 +493,8 @@ class EmptyContentSecurityPolicy { - - if (!empty($this->allowedFontDomains)) { - $policy .= 'font-src ' . implode(' ', $this->allowedFontDomains); -- $policy .= ';'; -+ // YunoHost patch: extend font-src to load data fonts embedded in YunoHost tile script -+ $policy .= ' data:;'; - } - - if (!empty($this->allowedConnectDomains)) {