Date: Sunday, August 30, 2020 @ 09:46:55 Author: hashworks Revision: 692590
Moved package from AUR Added: filebin/ filebin/repos/ filebin/trunk/ filebin/trunk/PKGBUILD filebin/trunk/filebin-file-cron.service filebin/trunk/filebin-file-cron.timer filebin/trunk/filebin-nginx.conf filebin/trunk/filebin-php-fpm.conf filebin/trunk/filebin-user-cron.service filebin/trunk/filebin-user-cron.timer filebin/trunk/filebin.install ---------------------------+ PKGBUILD | 96 ++++++++++++++++++++++++++++++++++++++++++++ filebin-file-cron.service | 16 +++++++ filebin-file-cron.timer | 9 ++++ filebin-nginx.conf | 88 ++++++++++++++++++++++++++++++++++++++++ filebin-php-fpm.conf | 23 ++++++++++ filebin-user-cron.service | 15 ++++++ filebin-user-cron.timer | 9 ++++ filebin.install | 18 ++++++++ 8 files changed, 274 insertions(+) Added: filebin/trunk/PKGBUILD =================================================================== --- filebin/trunk/PKGBUILD (rev 0) +++ filebin/trunk/PKGBUILD 2020-08-30 09:46:55 UTC (rev 692590) @@ -0,0 +1,96 @@ +# Maintainer: hashworks<m...@hashworks.net> +# Contributor: Simon Hanna<simon DOT Hanna AT serve-me DOT info> +pkgname=filebin +pkgver=3.4.5 +pkgrel=3 +pkgdesc="A pastebin service written in PHP" +arch=('any') +url="https://wiki.server-speed.net/projects/filebin" +license=('AGPL' 'MIT') +makedepends=('nodejs' 'git') +optdepends=('mariadb' 'postgres') +depends=('php' + 'pygmentize' + 'python-ansi2html' + 'php-gd' + 'imagemagick' +) +backup=('etc/webapps/filebin/config-local.php' + 'etc/webapps/filebin/contact-info.php' + 'etc/webapps/filebin/database.php' + 'etc/webapps/filebin/memcached.php' +) +install=filebin.install +options=('!strip' 'emptydirs') +source=("git+https://github.com/Bluewind/filebin.git#tag=${pkgver}?signed" + "git+https://github.com/padraic/mockery.git" + "git+https://github.com/endroid/QrCode.git" + "git+https://github.com/erusev/parsedown.git" + "git+https://github.com/recurser/exif-orientation-examples.git" + 'filebin-nginx.conf' + 'filebin-php-fpm.conf' + 'filebin-file-cron.service' + 'filebin-file-cron.timer' + 'filebin-user-cron.service' + 'filebin-user-cron.timer' +) +sha256sums=('SKIP' + 'SKIP' + 'SKIP' + 'SKIP' + 'SKIP' + '6ed404a3fbc28c6ab35bf1eba67ddcf46cfd48893237155e38d297a13020180c' + '034442098d1608807bec2a03028a7c8bb9ae9d286c378e2f668b4aca3cc9d4e1' + '78dd850467d89ac3d1b57fa72fe9ce8d736ce29a89abe624d9c4d2e168e59d19' + '116b1e5031c22ad251c486b18ff203813f7227197ef853927ddc2de00e85cbe1' + '36c82c506a058edc50b882200332c6a540aa68a5749919eb62dc6c633c47deb3' + 'd73e4b984ab95954bd18e08237c6aa8bec32ccc5699531727362e2c75ba9c25e') + +validpgpkeys=('CFA6AF15E5C74149FC1D8C086D1655C14CE1C13E') # Florian Pritz <bluew...@archlinux.org> + +prepare() { + cd "${srcdir}/${pkgname}" + git submodule init + git config submodule."application/third_party/mockery".url "${srcdir}/mockery" + git config submodule."application/third_party/QrCode".url "${srcdir}/QrCode" + git config submodule."application/third_party/parsedown".url "${srcdir}/parsedown" + git config submodule."data/tests/exif-orientation-examples".url "${srcdir}/exif-orientation-examples" + git submodule update --recursive +} + +build () { + bash "${srcdir}/${pkgname}/scripts/optimize_js.sh" +} + +package() { + install -D -d -m755 "${pkgdir}/usr/lib/systemd/system" + install -D -d -m755 -g 33 "${pkgdir}/usr/share/webapps/filebin" "${pkgdir}/etc/webapps/filebin" + install -D -d -m755 -o 33 -g 33 "${pkgdir}/usr/share/webapps/filebin/data/uploads" + install -m640 -g 33 "${srcdir}/${pkgname}/data/local/examples/contact-info.php" "${pkgdir}/etc/webapps/filebin" + install -m640 -g 33 "${srcdir}/${pkgname}/application/config/example/config-local.php" "${pkgdir}/etc/webapps/filebin" + install -m640 -g 33 "${srcdir}/${pkgname}/application/config/example/database.php" "${pkgdir}/etc/webapps/filebin" + install -m640 -g 33 "${srcdir}/${pkgname}/application/config/example/memcached.php" "${pkgdir}/etc/webapps/filebin" + install -m644 filebin-file-cron.service filebin-file-cron.timer filebin-user-cron.service filebin-user-cron.timer "${pkgdir}/usr/lib/systemd/system" + cp -r "${srcdir}/${pkgname}"/* "${pkgdir}/usr/share/webapps/filebin/" + rm "${pkgdir}/usr/share/webapps/filebin/application/config/memcached.php" + ln -s /etc/webapps/filebin/{config-local,database,memcached}.php "${pkgdir}/usr/share/webapps/filebin/application/config" + ln -s /etc/webapps/filebin/contact-info.php "${pkgdir}/usr/share/webapps/filebin/data/local" + mkdir "${pkgdir}/usr/share/webapps/filebin/public_html/data/client" + + install -Dm644 "${srcdir}/${pkgname}/COPYING" "${pkgdir}/usr/share/licenses/${pkgname}/COPYING" + install -Dm644 "${srcdir}/${pkgname}/license.txt" "${pkgdir}/usr/share/licenses/${pkgname}/framework-license.txt" + + install -Dm644 filebin-nginx.conf "$pkgdir/usr/share/doc/$pkgname/examples/nginx.conf" + install -Dm644 filebin-php-fpm.conf "$pkgdir/usr/share/doc/$pkgname/examples/php-fpm.conf" + install -Dm644 "${srcdir}/${pkgname}/NEWS" "$pkgdir/usr/share/doc/$pkgname/NEWS" + install -Dm644 "${srcdir}/${pkgname}/README.md" "$pkgdir/usr/share/doc/$pkgname/README.md" + install -Dm644 "${srcdir}/${pkgname}/contributing.md" "$pkgdir/usr/share/doc/$pkgname/contributing.md" + install -Dm644 "${srcdir}/${pkgname}/doc/api.md" "$pkgdir/usr/share/doc/$pkgname/api.md" + install -Dm644 "${srcdir}/${pkgname}/doc/api/file.md" "$pkgdir/usr/share/doc/$pkgname/api/file.md" + install -Dm644 "${srcdir}/${pkgname}/doc/api/user.md" "$pkgdir/usr/share/doc/$pkgname/api/user.md" + rm -Rf "${pkgdir}/usr/share/webapps/filebin/"{COPYING,license.txt,NEWS,README.md,contributing.md,INSTALL,doc} + + # removing unnecessary data for a production environment + rm -Rf "${pkgdir}/usr/share/webapps/filebin/"{Dockerfile,docker,composer.json,composer.lock,git-hooks,run-tests.sh,data/tests,application/third_party/test-more-php,application/third_party/mockery,application/tests,scripts/optimize_js.sh,scripts/install-git-hooks.sh,scripts/hooks-wrapper.sh} + find "${pkgdir}/usr/share/webapps/filebin" -name ".git*" -type f -delete +} Property changes on: filebin/trunk/PKGBUILD ___________________________________________________________________ Added: svn:executable ## -0,0 +1 ## +* \ No newline at end of property Added: filebin/trunk/filebin-file-cron.service =================================================================== --- filebin/trunk/filebin-file-cron.service (rev 0) +++ filebin/trunk/filebin-file-cron.service 2020-08-30 09:46:55 UTC (rev 692590) @@ -0,0 +1,16 @@ +[Unit] +Description=Filebin file cronjob + +[Service] +User=http +Group=http + +PrivateDevices=yes +PrivateTmp=yes +ProtectHome=read-only +ProtectSystem=strict +NoNewPrivileges=yes +ReadWritePaths=-/usr/share/webapps/filebin/data/uploads + +Type=oneshot +ExecStart=/usr/bin/php /usr/share/webapps/filebin/index.php file cron Added: filebin/trunk/filebin-file-cron.timer =================================================================== --- filebin/trunk/filebin-file-cron.timer (rev 0) +++ filebin/trunk/filebin-file-cron.timer 2020-08-30 09:46:55 UTC (rev 692590) @@ -0,0 +1,9 @@ +[Unit] +Description=Run filebin file cron every ten minutes + +[Timer] +OnCalendar=*:0/10 +Persistent=true + +[Install] +WantedBy=timers.target Added: filebin/trunk/filebin-nginx.conf =================================================================== --- filebin/trunk/filebin-nginx.conf (rev 0) +++ filebin/trunk/filebin-nginx.conf 2020-08-30 09:46:55 UTC (rev 692590) @@ -0,0 +1,88 @@ +## Example config for http redirects +server { + listen 80; + listen [::]:80 default; + server_name example.com; + + return 301 https://$server_name$request_uri; +} + +## Example config for server secured with https +server { + listen 0.0.0.0:443 ssl http2; + listen [::]:443 ssl http2; + server_name example.com; + + access_log /var/log/nginx/example.com/access.log combined if=$log_ip; + error_log /var/log/nginx/example.com/error.log; + + root /usr/share/webapps/filebin/public_html/; + + add_header X-Frame-Options DENY; + + location / { + try_files $uri $uri/ @ee; + } + location @ee { + rewrite ^(.*) /index.php?$1 last; + } + + # Needs: + # $config['download_driver'] = 'nginx'; + # $config['download_nginx_location'] = '/u'; + location ^~ /u/ { + internal; + gzip off; + sendfile on; + sendfile_max_chunk 100m; + tcp_nopush on; + tcp_nodelay on; + keepalive_timeout 120; + proxy_max_temp_file_size 0; + chunked_transfer_encoding off; + alias /usr/share/webapps/filebin/data/uploads/; + } + + location ~ \.php$ { + fastcgi_pass unix:/run/php-fpm/fb.sock; + fastcgi_index index.php; + include fastcgi.conf; + } + + add_header Feature-Policy "geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; sync-xhr 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'none'; vibrate 'none'; fullscreen 'none'; payment 'none'"; + + add_header Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'none'; font-src 'self'; object-src 'none'; media-src 'self'; worker-src 'none'; frame-src 'none'; form-action 'self'; frame-ancestors 'none'; base-uri 'self';"; + + add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; + add_header Referrer-Policy "no-referrer, strict-origin-when-cross-origin"; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + + ssl_protocols TLSv1.2 TLSv1.3; + + # EECDH+AESGCM is a weaker cipher, but we need it for Android 5.0 / 6.0 support. + ssl_ciphers "EECDH+AESGCM+SHA384:EECDH+AESGCM"; + #ssl_ciphers "EECDH+AESGCM+SHA384"; + + ssl_prefer_server_ciphers on; + ssl_ecdh_curve secp384r1; + ssl_session_cache shared:SSL:10m; + ssl_session_tickets off; + ssl_stapling on; + ssl_stapling_verify on; + + resolver 127.0.0.1 valid=300s; + resolver_timeout 5s; + + # openssl dhparam -out /etc/ssl/dhparam.pem 4096 + ssl_dhparam /etc/ssl/dhparam.pem; + + # See https://wiki.archlinux.org/index.php/Certbot + ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; + + # Optional, needs to be generated + #ssl_stapling_file /etc/letsencrypt/ocspresponse/fb.hash.works.der; +} + +# vi:syntax=nginx Added: filebin/trunk/filebin-php-fpm.conf =================================================================== --- filebin/trunk/filebin-php-fpm.conf (rev 0) +++ filebin/trunk/filebin-php-fpm.conf 2020-08-30 09:46:55 UTC (rev 692590) @@ -0,0 +1,23 @@ +[fb] +user = http +group = http + +listen = /run/php-fpm/$pool.sock +listen.owner = http +listen.group = http + +pm = dynamic +pm.max_children = 100 +pm.start_servers = 2 +pm.min_spare_servers = 1 +pm.max_spare_servers = 10 + +php_flag[display_errors] = off + +php_admin_value[open_basedir] = /usr/share/webapps/filebin:/etc/webapps/filebin:/tmp + +; For absurdely large textfiles +php_admin_value[memory_limit] = 512M + +php_admin_value[post_max_size] = 1G +php_admin_value[upload_max_filesize] = 1G Added: filebin/trunk/filebin-user-cron.service =================================================================== --- filebin/trunk/filebin-user-cron.service (rev 0) +++ filebin/trunk/filebin-user-cron.service 2020-08-30 09:46:55 UTC (rev 692590) @@ -0,0 +1,15 @@ +[Unit] +Description=Filebin user cronjob + +[Service] +User=http +Group=http + +PrivateDevices=yes +PrivateTmp=yes +ProtectHome=read-only +ProtectSystem=strict +NoNewPrivileges=yes + +Type=oneshot +ExecStart=/usr/bin/php /usr/share/webapps/filebin/index.php user cron Added: filebin/trunk/filebin-user-cron.timer =================================================================== --- filebin/trunk/filebin-user-cron.timer (rev 0) +++ filebin/trunk/filebin-user-cron.timer 2020-08-30 09:46:55 UTC (rev 692590) @@ -0,0 +1,9 @@ +[Unit] +Description=Run filebin user cron hourly + +[Timer] +OnCalendar=hourly +Persistent=true + +[Install] +WantedBy=timers.target Added: filebin/trunk/filebin.install =================================================================== --- filebin/trunk/filebin.install (rev 0) +++ filebin/trunk/filebin.install 2020-08-30 09:46:55 UTC (rev 692590) @@ -0,0 +1,18 @@ +post_install() { + echo "-------------------------------------------------------------------------------" + echo "1. Update 'open_basedir' in php's config to include '/tmp', '/usr/share/webapps/filebin' and '/etc/webapps/filebin' (the example php-fpm config includes that)." + echo "2. Enable exif, phar and any of mysql, mysqli, pgsql, pdo_mysql or pdo_pgsql for database access." + echo "3. Edit the files in '/etc/webapps/filebin' to your liking." + echo "3. Run 'php /usr/share/webapps/filebin/index.php tools update_database' to initialize your database." + echo "4. Run 'php /usr/share/webapps/filebin/index.php user add_user' to add your first user." + echo "5. Enable 'filebin-user-cron.timer' and 'filebin-user-cron.timer'." + echo "" + echo "Additional information can be found in '/usr/share/doc/filebin'." + echo "For nginx and php-fpm there are sample configuration files in '/usr/share/doc/filebin/examples'." + echo "-------------------------------------------------------------------------------" + +} + +post_upgrade() { + php /usr/share/webapps/filebin/index.php tools update_database +}