diff --git a/README.md b/README.md index ad9920fa..eb78c8f1 100644 --- a/README.md +++ b/README.md @@ -30,7 +30,7 @@ this package: * Serve `/.well-known` paths for CalDAV and CardDAV on the domain only if it's not already served - i.e. by Baïkal -**Shipped version:** 25.0.4~ynh1 +**Shipped version:** 26.0.2~ynh3 **Demo:** https://demo.nextcloud.com/ diff --git a/README_fr.md b/README_fr.md index 6bced778..8ab49432 100644 --- a/README_fr.md +++ b/README_fr.md @@ -29,7 +29,7 @@ En plus des fonctionnalités principales de Nextcloud, les fonctionnalités suiv * Utilise l'adresse `/.well-known` pour la synchronisation CalDAV et CardDAV du domaine si aucun autre service ne l'utilise déjà - par exemple, Baïkal -**Version incluse :** 25.0.4~ynh1 +**Version incluse :** 26.0.2~ynh3 **Démo :** https://demo.nextcloud.com/ diff --git a/actions.toml b/actions.toml deleted file mode 100644 index fc6cb0fc..00000000 --- a/actions.toml +++ /dev/null @@ -1,17 +0,0 @@ -[disable_maintenance] -name = "Disable the maintenance mode of Nextcloud" -command = "/bin/bash scripts/actions/disable_maintenance" -# user = "root" # optional -# cwd = "/" # optional -# accepted_return_codes = [0, 1, 2, 3] # optional -accepted_return_codes = [0] -description = "Disable the maintenance mode of Nextcloud if you're stuck after an upgrade" - -[add_multimedia_directories] -name = "Add multimedia directories" -command = "/bin/bash scripts/actions/add_multimedia_directories" -# user = "root" # optional -# cwd = "/" # optional -# accepted_return_codes = [0, 1, 2, 3] # optional -accepted_return_codes = [0] -description = "Add the multimedia and shared multimedia directories again" diff --git a/conf/nginx.conf b/conf/nginx.conf index d6b7aa9a..a9fb919c 100644 --- a/conf/nginx.conf +++ b/conf/nginx.conf @@ -28,7 +28,7 @@ location ^~ __PATH__/ { more_set_headers "X-Download-Options: noopen"; more_set_headers "X-Frame-Options: SAMEORIGIN"; more_set_headers "X-Permitted-Cross-Domain-Policies: none"; - more_set_headers "X-Robots-Tag: none"; + more_set_headers "X-Robots-Tag: noindex, nofollow"; more_set_headers "X-XSS-Protection: 1; mode=block"; # Set max upload size @@ -77,7 +77,7 @@ location ^~ __PATH__/ { # Rules borrowed from `.htaccess` to hide certain paths from clients location ~ ^__PATH__/(?:build|tests|config|lib|3rdparty|templates|data)(?:$|/) { return 404; } - location ~ ^__PATH__/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } + location ~ ^__PATH__/(?:\.|autotest|occ|issue|indie|db_|console) { return 404; } # Ensure this block, which passes PHP files to the PHP process, is above the blocks # which handle static assets (as seen below). If this block is not declared first, @@ -88,14 +88,17 @@ location ^~ __PATH__/ { # https://github.com/nextcloud/documentation/pull/2197#issuecomment-721432337 # This line fix the ldap admin page rewrite ^__PATH__/(?!index|remote|public|cron|core\/ajax\/update|status|ocs\/v[12]|updater\/.+|oc[ms]-provider\/.+|.+\/richdocumentscode\/proxy) __PATH__/index.php$request_uri; + fastcgi_split_path_info ^(.+?\.php)(/.*)$; set $path_info $fastcgi_path_info; + try_files $fastcgi_script_name =404; + include fastcgi_params; - fastcgi_param SCRIPT_FILENAME $request_filename; fastcgi_param PATH_INFO $path_info; fastcgi_param HTTPS on; + fastcgi_param modHeadersAvailable true; # Avoid sending the security headers twice fastcgi_param front_controller_active true; # Enable pretty urls fastcgi_param HTTP_ACCEPT_ENCODING ""; # Disable encoding of nextcloud response to inject ynh scripts @@ -104,10 +107,19 @@ location ^~ __PATH__/ { fastcgi_request_buffering off; } - location ~ \.(?:css|js|svg|gif)$ { + location ~ ^__PATH__/(?:updater|oc[ms]-provider)(?:$|/) { + try_files $uri/ =404; + index index.php; + } + + location ~ \.(?:css|js|svg|gif|png|jpg|ico|wasm|tflite|map)$ { try_files $uri / __PATH__/index.php$request_uri; expires 6M; # Cache-Control policy borrowed from `.htaccess` access_log off; # Optional: Don't log access to assets + + location ~ \.wasm$ { + default_type application/wasm; + } } location ~ \.woff2?$ { diff --git a/manifest.json b/manifest.json index 93e5670c..fdcd515b 100644 --- a/manifest.json +++ b/manifest.json @@ -6,7 +6,7 @@ "en": "Online storage, file sharing platform and various other applications", "fr": "Stockage en ligne, plateforme de partage de fichiers et diverses autres applications" }, - "version": "25.0.4~ynh1", + "version": "26.0.2~ynh3", "url": "https://nextcloud.com", "upstream": { "license": "AGPL-3.0", @@ -23,7 +23,7 @@ "email": "pierre@kayou.io" }, "requirements": { - "yunohost": ">= 11.0.9" + "yunohost": ">= 11.1.15" }, "multi_instance": true, "services": [ @@ -51,8 +51,8 @@ "name": "is_public", "type": "boolean", "help": { - "en": "If enabled, Nextcloud will be accessible by Nextcloud Desktop and by users without a YunoHost account. This can be changed later in the webadmin.", - "fr": "Si cette case est cochée, Nextcloud sera accessible par Nextcloud Desktop et par les utilisateurs n’ayant pas de compte YunoHost. Vous pourrez changer dans la webadmin." + "en": "You need to enable public if you want to connect Nextcloud Desktop client to Nextcloud server. This can be changed later via the webadmin.", + "fr": "Vous devez cocher cette case si vous souhaitez connecter le client Nextcloud Desktop au serveur Nextcloud. Cela peut être modifié ultérieurement via l'administrateur Web." }, "default": true }, diff --git a/scripts/_ynh_mysql_connect_as.sh b/scripts/_ynh_mysql_connect_as.sh new file mode 100644 index 00000000..a22963e8 --- /dev/null +++ b/scripts/_ynh_mysql_connect_as.sh @@ -0,0 +1,36 @@ +#!/bin/bash + +# Open a connection as a user +# +# example: ynh_mysql_connect_as --user="user" --password="pass" <<< "UPDATE ...;" +# example: ynh_mysql_connect_as --user="user" --password="pass" --default_character_set="utf8mb4" < /path/to/file.sql +# +# usage: ynh_mysql_connect_as --user=user --password=password [--database=database] [--default_character_set=character-set] +# | arg: -u, --user= - the user name to connect as +# | arg: -p, --password= - the user password +# | arg: -d, --database= - the database to connect to +# | arg: -c, --default_character_set= - the charset to use +# +# Requires YunoHost version 2.2.4 or higher. +ynh_mysql_connect_as() { + # Declare an array to define the options of this helper. + local legacy_args=updc + local -A args_array=( [u]=user= [p]=password= [d]=database= [c]=default_character_set= ) + local user + local password + local database + local default_character_set + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + database="${database:-}" + default_character_set="${default_character_set:-}" + + if [ -n "$default_character_set" ] + then + default_character_set="--default-character-set=$default_character_set" + else + default_character_set="--default-character-set=latin1" + fi + + mysql --user="$user" --password="$password" "$default_character_set" --batch "$database" +} \ No newline at end of file diff --git a/scripts/_ynh_mysql_dump_db.sh b/scripts/_ynh_mysql_dump_db.sh new file mode 100644 index 00000000..3b922bb8 --- /dev/null +++ b/scripts/_ynh_mysql_dump_db.sh @@ -0,0 +1,37 @@ +#!/bin/bash + +# Dump a database +# +# example: ynh_mysql_dump_db --database=roundcube --default_character_set="utf8mb4" > ./dump.sql +# +# usage: ynh_mysql_dump_db --database=database +# | arg: -d, --database= - the database name to dump +# | arg: -c, --default_character_set= - the charset to use +# | ret: the mysqldump output +# +# Requires YunoHost version 2.2.4 or higher. +ynh_mysql_dump_db() { + # Declare an array to define the options of this helper. + local legacy_args=dc + local -A args_array=( [d]=database= [c]=default_character_set= ) + local database + local default_character_set + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + default_character_set="${default_character_set:-}" + MYSQL_ROOT_PWD_FILE=/etc/yunohost/mysql + + if [ -n "$default_character_set" ] + then + default_character_set="--default-character-set=$default_character_set" + else + # By default, default character set is "latin1" + default_character_set="--default-character-set=latin1" + fi + + if [ -f "$MYSQL_ROOT_PWD_FILE" ]; then + mysqldump --user="root" --password="$(cat $MYSQL_ROOT_PWD_FILE)" --single-transaction --skip-dump-date "$default_character_set" "$database" + else + mysqldump --single-transaction --skip-dump-date "$default_character_set" "$database" + fi +} \ No newline at end of file diff --git a/scripts/actions/add_multimedia_directories b/scripts/actions/add_multimedia_directories deleted file mode 100755 index 8b5a9aff..00000000 --- a/scripts/actions/add_multimedia_directories +++ /dev/null @@ -1,66 +0,0 @@ -#!/bin/bash - -#================================================= -# GENERIC STARTING -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - -source scripts/_common.sh -source /usr/share/yunohost/helpers - -#================================================= -# RETRIEVE ARGUMENTS -#================================================= - -app=$YNH_APP_INSTANCE_NAME - -final_path=$(ynh_app_setting_get --app=$app --key=final_path) - -#================================================= -# CHECK IF ARGUMENTS ARE CORRECT -#================================================= - -#================================================= -# DEFINE FUNCTION -#================================================= - -# Define a function to execute commands with `occ` -exec_occ() { - (cd "$final_path" && exec_as "$app" \ - php$YNH_PHP_VERSION --define apc.enable_cli=1 occ --no-interaction --no-ansi "$@") -} - -# Define a function to add an external storage -# Create the external storage for the given folders and enable sharing -create_external_storage() { -local datadir="$1" -local mount_name="$2" -local mount_id=`exec_occ files_external:create --output=json \ - "$mount_name" 'local' 'null::null' -c "datadir=$datadir" || true` -! [[ $mount_id =~ ^[0-9]+$ ]] \ - && ynh_print_warn --message="Unable to create external storage" \ - || exec_occ files_external:option "$mount_id" enable_sharing true -} - -#================================================= -# SPECIFIC ACTION -#================================================= -# YUNOHOST MULTIMEDIA INTEGRATION -#================================================= -ynh_script_progression --message="Updating multimedia directories..." --weight=6 - -# Build YunoHost multimedia directories -ynh_multimedia_build_main_dir -# Mount the user directory in Nextcloud -exec_occ app:enable files_external -create_external_storage "/home/yunohost.multimedia/\$user" "Multimedia" -create_external_storage "/home/yunohost.multimedia/share" "Shared multimedia" -# Allow nextcloud to write into these directories -ynh_multimedia_addaccess $app - -#================================================= -# END OF SCRIPT -#================================================= - -ynh_script_progression --message="Execution completed" --last diff --git a/scripts/actions/disable_maintenance b/scripts/actions/disable_maintenance deleted file mode 100755 index 60e8738e..00000000 --- a/scripts/actions/disable_maintenance +++ /dev/null @@ -1,52 +0,0 @@ -#!/bin/bash - -#================================================= -# GENERIC STARTING -#================================================= -# IMPORT GENERIC HELPERS -#================================================= - -source scripts/_common.sh -source /usr/share/yunohost/helpers - -#================================================= -# RETRIEVE ARGUMENTS -#================================================= - -app=$YNH_APP_INSTANCE_NAME - -final_path=$(ynh_app_setting_get --app=$app --key=final_path) - -#================================================= -# CHECK IF ARGUMENTS ARE CORRECT -#================================================= - -#================================================= -# CHECK IF AN ACTION HAS TO BE DONE -#================================================= - -# Check the current status of the maintenance mode - -if [ "$(grep "maintenance" "$final_path/config/config.php" | awk '{print $3}' | cut -d',' -f1)" != "true" ] -then - ynh_die --message="Nextcloud isn't currently under maintenance." --ret_code=0 -fi - -#================================================= -# SPECIFIC ACTION -#================================================= -# DISABLE THE MAINTENANCE MODE -#================================================= - -ynh_script_progression --message="Disabling maintenance mode..." --weight=3 - -( -cd "$final_path" && exec_as "$app" \ - php$YNH_PHP_VERSION --define apc.enable_cli=1 occ --no-interaction --no-ansi maintenance:mode --off -) - -#================================================= -# END OF SCRIPT -#================================================= - -ynh_script_progression --message="Execution completed" --last diff --git a/scripts/backup b/scripts/backup index ebf77613..486c1eac 100755 --- a/scripts/backup +++ b/scripts/backup @@ -8,6 +8,7 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers +source ../settings/scripts/_ynh_mysql_dump_db.sh #================================================= # MANAGE SCRIPT FAILURE @@ -57,7 +58,7 @@ ynh_backup --src_path="/etc/php/$phpversion/fpm/pool.d/$app.conf" #================================================= ynh_print_info --message="Backing up the MySQL database..." -ynh_mysql_dump_db --database="$db_name" > db.sql +ynh_mysql_dump_db --database="$db_name" --default_character_set="utf8mb4" > db.sql #================================================= # SPECIFIC BACKUP diff --git a/scripts/install b/scripts/install index 981c8be7..102e9840 100755 --- a/scripts/install +++ b/scripts/install @@ -8,6 +8,7 @@ source _common.sh source /usr/share/yunohost/helpers +source _ynh_mysql_connect_as.sh #================================================= # MANAGE SCRIPT FAILURE @@ -78,6 +79,9 @@ db_user=$db_name ynh_app_setting_set --app=$app --key=db_name --value=$db_name ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name +ynh_mysql_connect_as --user=$db_user --password="$db_pwd" --database=$db_name \ + <<< "ALTER DATABASE $db_name CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;" + #================================================= # DOWNLOAD, CHECK AND UNPACK SOURCE #================================================= @@ -190,6 +194,9 @@ exec_occ maintenance:install \ #================================================= ynh_script_progression --message="Configuring Nextcloud..." --weight=8 +# Set the mysql.utf8mb4 config to true in config.php +exec_occ config:system:set mysql.utf8mb4 --type boolean --value="true" + # Ensure that UpdateNotification app is disabled exec_occ app:disable updatenotification @@ -275,7 +282,7 @@ exec_occ config:system:set overwrite.cli.url --value="https://${domain}" #================================================= # Set the user as admin -ynh_mysql_connect_as --user=$db_user --password="$db_pwd" --database=$db_name \ +ynh_mysql_connect_as --user=$db_name --password="$db_pwd" --database=$db_name --default_character_set="utf8mb4" \ <<< "INSERT INTO oc_group_user VALUES ('admin','$admin');" # And delete admin user exec_occ user:delete admin @@ -329,10 +336,10 @@ ynh_multimedia_addaccess $app # Fix app ownerships & permissions chown -R $app:www-data "$final_path" chown -R $app: "$datadir" -find $final_path/ -type f -print0 | xargs -0 chmod 0644 -find $final_path/ -type d -print0 | xargs -0 chmod 0755 -find $datadir/ -type f -print0 | xargs -0 chmod 0640 -find $datadir/ -type d -print0 | xargs -0 chmod 0750 +find $final_path/ -type f -print0 | xargs -r0 chmod 0644 +find $final_path/ -type d -print0 | xargs -r0 chmod 0755 +find $datadir/ -type f -print0 | xargs -r0 chmod 0640 +find $datadir/ -type d -print0 | xargs -r0 chmod 0750 chmod 640 "$final_path/config/config.php" chmod 755 /home/yunohost.app chmod 750 $final_path diff --git a/scripts/restore b/scripts/restore index 45c43f48..4603c603 100755 --- a/scripts/restore +++ b/scripts/restore @@ -8,6 +8,7 @@ source ../settings/scripts/_common.sh source /usr/share/yunohost/helpers +source ../settings/scripts/_ynh_mysql_connect_as.sh #================================================= # MANAGE SCRIPT FAILURE @@ -57,8 +58,11 @@ ynh_restore_file --origin_path="$final_path" ynh_script_progression --message="Restoring the MySQL database..." --weight=9 db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) -ynh_mysql_setup_db --db_user=$db_user --db_name=$db_name --db_pwd=$db_pwd -ynh_mysql_connect_as --user=$db_user --password=$db_pwd --database=$db_name < ./db.sql +ynh_mysql_setup_db --db_user=$db_name --db_name=$db_name --db_pwd=$db_pwd +ynh_mysql_connect_as --user=$db_name --password="$db_pwd" --database=$db_name \ + <<< "ALTER DATABASE $db_name CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;" + +ynh_mysql_connect_as --user=$db_name --password=$db_pwd --database=$db_name --default_character_set="utf8mb4" < ./db.sql #================================================= # RECREATE THE DEDICATED USER @@ -137,10 +141,10 @@ mkdir -p "$datadir" # Fix app ownerships & permissions chown -R $app:www-data "$final_path" chown -R $app: "$datadir" -find $final_path/ -type f -print0 | xargs -0 chmod 0644 -find $final_path/ -type d -print0 | xargs -0 chmod 0755 -find $datadir/ -type f -print0 | xargs -0 chmod 0640 -find $datadir/ -type d -print0 | xargs -0 chmod 0750 +find $final_path/ -type f -print0 | xargs -r0 chmod 0644 +find $final_path/ -type d -print0 | xargs -r0 chmod 0755 +find $datadir/ -type f -print0 | xargs -r0 chmod 0640 +find $datadir/ -type d -print0 | xargs -r0 chmod 0750 chmod 640 "$final_path/config/config.php" chmod 755 /home/yunohost.app chmod 750 $final_path diff --git a/scripts/upgrade b/scripts/upgrade index 33fb4604..d965dff2 100755 --- a/scripts/upgrade +++ b/scripts/upgrade @@ -251,6 +251,15 @@ then # Print the current version number of Nextcloud exec_occ -V + if [ "$(exec_occ config:system:get mysql.utf8mb4)" != "true" ]; then + db_pwd=$(ynh_app_setting_get --app=$app --key=mysqlpwd) + # Change your databases character set and collation + ynh_mysql_connect_as --user=$db_user --password="$db_pwd" --database=$db_name \ + <<< "ALTER DATABASE $db_name CHARACTER SET utf8mb4 COLLATE utf8mb4_general_ci;" + # Set the mysql.utf8mb4 config to true in config.php + exec_occ config:system:set mysql.utf8mb4 --type boolean --value="true" + exec_occ maintenance:repair + fi # Upgrade may fail if this app is enabled # Take all apps enabled, and check if mail is one of them @@ -443,10 +452,10 @@ exec_occ background:cron # Fix app ownerships & permissions chown -R $app:www-data "$final_path" chown -R $app: "$datadir" -find $final_path/ -type f -print0 | xargs -0 chmod 0644 -find $final_path/ -type d -print0 | xargs -0 chmod 0755 -find $datadir/ -type f -print0 | xargs -0 chmod 0640 -find $datadir/ -type d -print0 | xargs -0 chmod 0750 +find $final_path/ -type f -print0 | xargs -r0 chmod 0644 +find $final_path/ -type d -print0 | xargs -r0 chmod 0755 +find $datadir/ -type f -print0 | xargs -r0 chmod 0640 +find $datadir/ -type d -print0 | xargs -r0 chmod 0750 chmod 640 "$final_path/config/config.php" chmod 755 /home/yunohost.app chmod 750 $final_path diff --git a/scripts/upgrade.d/upgrade.25.sh b/scripts/upgrade.d/upgrade.25.sh new file mode 100644 index 00000000..fedd8f19 --- /dev/null +++ b/scripts/upgrade.d/upgrade.25.sh @@ -0,0 +1,7 @@ +#!/bin/bash + +# Last available Nextcloud version +next_version="26.0.0" + +# Nextcloud tarball checksum sha256 +nextcloud_source_sha256="f163150363aee9366ecb5cd5259bf6756ed4f073cea78b5fa515cada7a0d0c3d" diff --git a/scripts/upgrade.d/upgrade.last.sh b/scripts/upgrade.d/upgrade.last.sh index ed2c9049..ba24f4f0 100644 --- a/scripts/upgrade.d/upgrade.last.sh +++ b/scripts/upgrade.d/upgrade.last.sh @@ -1,7 +1,7 @@ #!/bin/bash # Last available Nextcloud version -next_version="25.0.4" +next_version="26.0.2" # Nextcloud tarball checksum sha256 -nextcloud_source_sha256="c3251e0083a94303e2d6988b352f3b33082a79a726b30ff746709b0fe869a1a6" +nextcloud_source_sha256="f3db0ec5e0aaff7c088eb34f752d77d79913bc6784e0fc47a84cdaa28e567a33"