Prepare version 2.8.0

* Makefile: Mise à jour de la release.
Merge branch 'develop' into staging
2020-10-14 13:15:19 +02:00 · 2020-01-16 09:35:09 +01:00 · 2020-01-16 09:27:47 +01:00 · 2020-01-16 09:13:16 +01:00 · 2020-01-06 14:58:33 +01:00 · 2019-12-12 12:01:18 +01:00
15 changed files with 36 additions and 89 deletions
--- a/6
+++ b/6
@ -3,9 +3,9 @@
 ################################

 SOURCE=eole-lemonldap
-VERSION=0.1
-EOLE_VERSION=2.6
-EOLE_RELEASE=2.6.2
+VERSION=2.8.0
+EOLE_VERSION=2.8
+EOLE_RELEASE=2.8.0
 PKGAPPS=non
 #FLASK_MODULE=<APPLICATION>

--- a/README.md
+++ b/README.md
@ -12,8 +12,8 @@ GenConfig -> Mode Expert -> Dépôts tiers -> Libellé du dépôt

 #### LemonLDAP::NG repository
 
-* deb     https://lemonldap-ng.org/deb stable main
-* deb-src https://lemonldap-ng.org/deb stable main
+* deb     https://lemonldap-ng.org/deb 1.9 main
+* deb-src https://lemonldap-ng.org/deb 1.9 main
 * Key URL : https://lemonldap-ng.org/_media/rpm-gpg-key-ow2 

 #### Cadoles Repository
--- a/debian/compat
+++ b/debian/compat
@ -1 +0,0 @@
-9
--- a/debian/control
+++ b/debian/control
@ -1,25 +0,0 @@
-Source: eole-lemonldap
-Section: web
-Priority: optional
-Maintainer: Cadoles <eole@ac-dijon.fr>
-Build-Depends: debhelper (>= 9)
-Standards-Version: 3.9.3
-Homepage: https://forge.cadoles.com/Cadoles/eole-lemonldap
-Vcs-Git: https://forge.cadoles.com/Cadoles/eole-lemonldap.git
-Vcs-Browser: https://forge.cadoles.com/Cadoles/eole-lemonldap
-
-Package: eole-lemonldap
-Architecture: all
-Depends: ${misc:Depends}, lemonldap-ng, lemonldap-ng-doc, lemonldap-ng-fastcgi-server,
-   libxml-libxml-perl, libxml-libxslt-perl, libcgi-emulate-psgi-perl, libauthen-captcha-perl, liblasso-perl,
-   libxml-simple-perl, libcgi-compile-perl, libmouse-perl,
-   libio-string-perl,
-   libnet-openid-server-perl,
-   libemail-sender-perl,
-   libgd-securityimage-perl,
-   libimage-magick-perl
-Conflicts: eole-sso
-Provides: eole-sso
-Description: Dictionnaires et templates pour la configuration d'un serveur LemonLDAP::NG, testée uniquement avec eolebase
- .
- Pour toute information complémentaire, veuillez vous rendre sur la forge Cadoles.
--- a/debian/copyright
+++ b/debian/copyright
@ -1,44 +0,0 @@
-Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
-Upstream-Name: {PROJECT}
-Source: {URL}
-
-Files: *
-Copyright: YEAR {UPSTREAM} {AUTHOR} <{MAIL}>
-License: {UPSTREAM LICENSE}
-
-Files: debian/*
-Copyright: 2012 Équipe EOLE <eole@ac-dijon.fr>
-License: CeCILL-2
-
-License: {UPSTREAM LICENSE}
- {TEXT OF THE LICENSE}
-
-License: CeCILL-2
- This software is governed by the CeCILL-2 license under French law and
- abiding by the rules of distribution of free software.  You can  use,
- modify and or redistribute the software under the terms of the CeCILL-2
- license as circulated by CEA, CNRS and INRIA at the following URL
- "http://www.cecill.info";.
- .
- As a counterpart to the access to the source code and  rights to copy,
- modify and redistribute granted by the license, users are provided only
- with a limited warranty  and the software's author,  the holder of the
- economic rights,  and the successive licensors  have only  limited
- liability.
- .
- In this respect, the user's attention is drawn to the risks associated
- with loading,  using,  modifying and/or developing or reproducing the
- software by the user in light of its specific status of free software,
- that may mean  that it is complicated to manipulate,  and  that  also
- therefore means  that it is reserved for developers  and  experienced
- professionals having in-depth computer knowledge. Users are therefore
- encouraged to load and test the software's suitability as regards their
- requirements in conditions enabling the security of their systems and/or
- data to be ensured and,  more generally, to use and operate it in the
- same conditions as regards security.
- .
- The fact that you are presently reading this means that you have had
- knowledge of the CeCILL-2 license and that you accept its terms.
- .
- On Eole systems, the complete text of the CeCILL-2 License can be found
- in '/usr/share/common-licenses/CeCILL-2-en'.
--- a/debian/gbp.conf
+++ b/debian/gbp.conf
@ -1,3 +0,0 @@
-# Set per distribution debian tag
-[DEFAULT]
-debian-tag = debian/eole/%(version)s
--- a/debian/rules
+++ b/debian/rules
@ -1,8 +0,0 @@
-#!/usr/bin/make -f
-# -*- makefile -*-
-
-# Uncomment this to turn on verbose mode.
-#export DH_VERBOSE=1
-
-%:
-	dh $@
--- a/debian/source/.format.un~
+++ b/debian/source/.format.un~
--- a/debian/source/format
+++ b/debian/source/format
@ -1 +0,0 @@
-3.0 (native)
--- a/dicos/70_lemonldap_ng.xml
+++ b/dicos/70_lemonldap_ng.xml
@ -8,6 +8,7 @@
 		<file filelist='lemon' name='/etc/lemonldap-ng/test-nginx.conf' mkdir='True' rm='True'/>
 		<file filelist='lemon' name='/etc/lemonldap-ng/lemonldap-ng.ini' mkdir='True' rm='True'/>
 		<file filelist='lemon' name='/var/lib/lemonldap-ng/conf/lmConf-1.json' mkdir='True' rm='True'/>
+        <file filelist='lemon' name='/etc/default/lemonldap-ng-fastcgi-server' mkdir='True' rm='True'/>
 		<file filelist='lemonCAS' name='/usr/share/php/configCAS/cas.inc.php' source='cas.inc.php.tmpl' mkdir='True'/>
 		<file filelist='lemonCAS' name='/usr/share/php/CAS/eoleCASConfig.php' source='eoleCASConfig.php.tmpl' mkdir='True'/>
 		<file filelist='lemonCAS' name='/etc/pam_cas.conf' source="pam_cas_auth.conf"/>
@ -34,6 +35,10 @@
 			<variable name='ldapBindUserDN' type='string' description="Utilisateur de connection à l'annuaire" mandatory="True"/>
 			<variable name='ldapBindUserPassword' type='string' description="Mot de passe de l'utilisateur de connection à l'annuaire" mandatory="True"/>
 			<variable name="samlOrganizationName" type='string' description="Nom de l'organisation SAML" mode='expert'/>
+            <variable name="lemonproc" type='number' description="Nombre de processus dédié à Lemon (équivalent au nombre de processeur)" mandatory="True">
+                <value>4</value>
+            </variable>
+
 			<variable name="lemonAdmin" type='string' description="LemonLDAP Administrator username" mode='expert'>
 				<value>admin</value>
 			</variable>
@ -67,6 +72,7 @@
 			</variable>
 			<variable name='llRegisterDB' type='string' description="Base de comptes pour l'enregistrement"/>
 			<variable name='llRegisterURL' type='string' description="Adresse de l'application de création de compte"/>
+			<variable name='llCSPTargets' type='domain' description="Domaines vers lesquels le forumaire peut renvoyer" multi='True'/>
 		</family>
        <separators>
 		    <separator name="managerWebName">Configuration DNS</separator>
@ -132,5 +138,6 @@
 		<variable name='ldapUserBaseDN'>DN de l'utilisateur de connection en lecture à l'annuaire (ex: cn=reader,o=gouv,c=fr)</variable>
 		<variable name='nginxBucketSize'>server_names_hash_bucket_size Taille du hash des noms de serveur pour NGINX</variable>
 		<variable name='llCheckLogins'>Affiche une case à cocher sur la mire SSO qui permet a l'utilisateur de voir l'historique de connection de son compte avant d'être redirigé vers le service demandé</variable>
+		<variable name='llCSPTargets'>Liste des domaines à ajouter à la directive form-action.</variable>
 	</help>
 </creole>
--- a/tmpl/handler-nginx.conf
+++ b/tmpl/handler-nginx.conf
@ -39,7 +39,7 @@ server {

  error_page   403 404 502 503 504  /nginx.html;
  location = /nginx.html{
-       root /usr/share/nginx/www;
+       root /usr/share/nginx/html;
    }

  location = /reload {
--- a/tmpl/lemonldap-ng-fastcgi-server
+++ b/tmpl/lemonldap-ng-fastcgi-server
@ -0,0 +1,15 @@
+# Number of process (default: 7)
+NPROC = %%lemonproc
+
+# Unix socket to listen to
+SOCKET=/run/llng-fastcgi-server/llng-fastcgi.sock
+
+# Pid file
+PID=/run/llng-fastcgi-server/llng-fastcgi-server.pid
+
+# User and GROUP
+USER=www-data
+GROUP=www-data
+
+# Custom functions file
+#CUSTOM_FUNCTIONS_FILE=/var/lib/lemonldap-ng/myfile.pm
--- a/tmpl/manager-nginx.conf
+++ b/tmpl/manager-nginx.conf
@ -20,7 +20,7 @@ server {

  error_page   403 404 502 503 504  /nginx.html;
  location = /nginx.html{
-    root /usr/share/nginx/www;
+    root /usr/share/nginx/html;
  } 

  root /usr/share/lemonldap-ng/manager/htdocs/;
--- a/tmpl/portal-nginx.conf
+++ b/tmpl/portal-nginx.conf
@ -4,6 +4,9 @@
 #  default           "";
 #  ~/CN=(?<CN>[^/]+) $CN;
 #}
+%set %%webDomain = %%authWebName.split('.',1)[1]
+%set %%CSPTargets = %%custom_join(['http://*.{0} https://*.{0}'.format(d) for d in set([%%webDomain] + %%getVar('llCSPTargets'))], ' ')
+

 server {
  listen 80;
@ -22,6 +25,7 @@ server {
  ssl_certificate_key %%server_key;
 %end if
  ssl_client_certificate /etc/ssl/certs/ca..crt;
+  ssl_session_cache shared:SSL:10m;
  access_log /var/log/nginx/auth-lemon-ldap.access-ssl.log;
  server_name %%authWebName;
  root /usr/share/lemonldap-ng/portal/htdocs/;
@ -40,6 +44,8 @@ server {
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_split_path_info ^(.*\.psgi)(/.*)$;
    fastcgi_param PATH_INFO  $fastcgi_path_info;
+    fastcgi_hide_header Content-Security-Policy;
+    add_header Content-Security-Policy "default-src 'self'; form-action 'self' %%CSPTargets; object-src 'none'";

  }

--- a/tmpl/test-nginx.conf
+++ b/tmpl/test-nginx.conf
@ -50,6 +50,7 @@ server {
    ##################################
    auth_request /lmauth;
    auth_request_set $lmremote_user $upstream_http_lm_remote_user;
+    auth_request_set $lmremote_custom $upstream_http_lm_remote_custom;
    auth_request_set $lmlocation $upstream_http_location;
    # If CDA is used, uncomment this
    #auth_request_set $cookie_value $upstream_http_set_cookie;
Author	SHA1	Message	Date
Daniel Dehennin	1ad8da6343	Prepare version 2.8.0 * Makefile: Mise à jour de la release.	2020-10-14 13:15:19 +02:00
Arnaud Fornerot	7d05697ad0	Merge branch 'develop' into staging	2020-01-16 09:35:09 +01:00
Arnaud Fornerot	7328d4b968	utilisation de la variable lemonproc dans la conf fastcgi	2020-01-16 09:27:47 +01:00
Arnaud Fornerot	267b96bd16	optimisation	2020-01-16 09:13:16 +01:00
Benjamin Bohard	3326273e21	Merge branch 'develop' into staging	2020-01-06 14:58:33 +01:00
Benjamin Bohard	53e17b8da0	Merge branch 'issue/3-CSP_targets' into develop	2019-12-12 12:01:18 +01:00
Benjamin Bohard	207dadd5cc	Add variables to defined allowed CSP targets	2019-12-12 12:01:00 +01:00
Benjamin Bohard	994166b1fd	Merge branch 'issue/2-variable_init' into develop	2019-12-12 11:16:48 +01:00
Benjamin Bohard	20c513e4fd	declare lmremote_custom variable in test-nginx.conf	2019-12-12 11:16:38 +01:00
Benjamin Bohard	0980b3d30c	Merge branch 'issue/1-error_page_location' into develop	2019-12-12 11:15:07 +01:00
Benjamin Bohard	9003ecbcb3	nginx error pages are located in html subfolder, not www	2019-12-12 11:14:54 +01:00
Philippe Caseiro	8fbafb4c70	Merge branch 'develop' into staging	2019-09-13 16:08:44 +02:00
Philippe Caseiro	cc1da0773b	Work around CSP form-action issue with CAS. Replace header with nicer values	2019-09-13 16:02:48 +02:00
Philippe Caseiro	a96d56b19c	Merge branch 'develop'	2019-09-13 10:00:17 +02:00
Philippe Caseiro	c7b38c52d0	Update README	2019-07-11 09:44:49 +02:00