From 6e1d9c63dadbd767d632ff550b12363f73895788 Mon Sep 17 00:00:00 2001 From: FloatingGhost Date: Tue, 14 Jun 2022 17:41:25 +0100 Subject: [PATCH] allow %{source} dict in no_empty --- .../web/activity_pub/mrf/no_empty_policy.ex | 18 +- rel/env.sh.eex | 12 ++ rel/files/bin/pleroma_ctl | 159 ++++++++++++++++++ rel/files/installation/init.d/pleroma | 21 +++ rel/files/installation/pleroma.service | 36 ++++ rel/vm.args.eex | 11 ++ .../activity_pub/mrf/no_empty_policy_test.exs | 4 +- 7 files changed, 259 insertions(+), 2 deletions(-) create mode 100644 rel/env.sh.eex create mode 100755 rel/files/bin/pleroma_ctl create mode 100755 rel/files/installation/init.d/pleroma create mode 100644 rel/files/installation/pleroma.service create mode 100644 rel/vm.args.eex diff --git a/lib/pleroma/web/activity_pub/mrf/no_empty_policy.ex b/lib/pleroma/web/activity_pub/mrf/no_empty_policy.ex index 80bef591e..b2939a4d6 100644 --- a/lib/pleroma/web/activity_pub/mrf/no_empty_policy.ex +++ b/lib/pleroma/web/activity_pub/mrf/no_empty_policy.ex @@ -40,7 +40,23 @@ defp has_attachment?(%{ defp has_attachment?(_), do: false - defp only_mentions?(%{"type" => "Create", "object" => %{"type" => "Note", "source" => source}}) do + defp only_mentions?(%{"type" => "Create", "object" => %{"type" => "Note", "source" => source}}) + when is_binary(source) do + non_mentions = + source |> String.split() |> Enum.filter(&(not String.starts_with?(&1, "@"))) |> length + + if non_mentions > 0 do + false + else + true + end + end + + defp only_mentions?(%{ + "type" => "Create", + "object" => %{"type" => "Note", "source" => %{"content" => source}} + }) + when is_binary(source) do non_mentions = source |> String.split() |> Enum.filter(&(not String.starts_with?(&1, "@"))) |> length diff --git a/rel/env.sh.eex b/rel/env.sh.eex new file mode 100644 index 000000000..e1b87102d --- /dev/null +++ b/rel/env.sh.eex @@ -0,0 +1,12 @@ +#!/bin/sh + +# Sets and enables heart (recommended only in daemon mode) +# if [ "$RELEASE_COMMAND" = "daemon" ] || [ "$RELEASE_COMMAND" = "daemon_iex" ]; then +# HEART_COMMAND="$RELEASE_ROOT/bin/$RELEASE_NAME $RELEASE_COMMAND" +# export HEART_COMMAND +# export ELIXIR_ERL_OPTIONS="-heart" +# fi + +# Set the release to work across nodes +export RELEASE_DISTRIBUTION="${RELEASE_DISTRIBUTION:-name}" +export RELEASE_NODE="${RELEASE_NODE:-<%= @release.name %>@127.0.0.1}" diff --git a/rel/files/bin/pleroma_ctl b/rel/files/bin/pleroma_ctl new file mode 100755 index 000000000..648ca405e --- /dev/null +++ b/rel/files/bin/pleroma_ctl @@ -0,0 +1,159 @@ +#!/bin/sh +# XXX: This should be removed when elixir's releases get custom command support + +detect_flavour() { + arch="$(uname -m)" + if [ "$arch" = "x86_64" ]; then + arch="amd64" + elif [ "$arch" = "aarch64" ]; then + arch="arm64" + else + echo "Unsupported arch: $arch" >&2 + exit 1 + fi + + if getconf GNU_LIBC_VERSION >/dev/null; then + libc_postfix="" + elif [ "$(ldd 2>&1 | head -c 9)" = "musl libc" ]; then + libc_postfix="-musl" + elif [ "$(find /lib/libc.musl* | wc -l)" ]; then + libc_postfix="-musl" + else + echo "Unsupported libc" >&2 + exit 1 + fi + + echo "$arch$libc_postfix" +} + +detect_branch() { + version="$(cut -d' ' -f2 <"$RELEASE_ROOT"/releases/start_erl.data)" + # Expected format: major.minor.patch_version(-number_of_commits_ahead_of_tag-gcommit_hash).branch + branch="$(echo "$version" | cut -d'.' -f 4)" + if [ "$branch" = "develop" ]; then + echo "develop" + elif [ "$branch" = "" ]; then + echo "stable" + else + # Note: branch name in version is of SemVer format and may only contain [0-9a-zA-Z-] symbols — + # if supporting releases for more branches, need to ensure they contain only these symbols. + echo "Can't detect the branch automatically, please specify it by using the --branch option." >&2 + exit 1 + fi +} +update() { + set -e + NO_RM=false + + while echo "$1" | grep "^-" >/dev/null; do + case "$1" in + --zip-url) + FULL_URI="$2" + shift 2 + ;; + --no-rm) + NO_RM=true + shift + ;; + --flavour) + FLAVOUR="$2" + shift 2 + ;; + --branch) + BRANCH="$2" + shift 2 + ;; + --tmp-dir) + TMP_DIR="$2" + shift 2 + ;; + -*) + echo "invalid option: $1" 1>&2 + shift + ;; + esac + done + + RELEASE_ROOT=$(dirname "$SCRIPTPATH") + uri="https://akkoma-updates.s3-website.fr-par.scw.cloud" + project_id="2" + project_branch="${BRANCH:-$(detect_branch)}" + flavour="${FLAVOUR:-$(detect_flavour)}" + tmp="${TMP_DIR:-/tmp}" + artifact="$tmp/pleroma.zip" + full_uri="${FULL_URI:-${uri}/${project_branch}/akkoma-${flavour}}.zip" + echo "Downloading the artifact from ${full_uri} to ${artifact}" + curl "$full_uri" -o "${artifact}" + echo "Unpacking ${artifact} to ${tmp}" + unzip -q "$artifact" -d "$tmp" + echo "Copying files over to $RELEASE_ROOT" + if [ "$NO_RM" = false ]; then + echo "Removing files from the previous release" + rm -r "${RELEASE_ROOT:-?}"/* + fi + cp -rf "$tmp/release"/* "$RELEASE_ROOT" + echo "Removing temporary files" + rm -r "$tmp/release" + rm "$artifact" + echo "Done! Please refer to the changelog/release notes for changes and update instructions" + set +e +} + +if [ -z "$1" ] || [ "$1" = "help" ]; then + # TODO: Just list the commands on `pleroma_ctl help` and output help for the individual command on `pleroma_ctl help $COMMAND` + echo "Usage: $(basename "$0") COMMAND [ARGS] + + The known commands are: + + create + Create database schema (needs to be executed only once) + + migrate + Execute database migrations (needs to be done after updates) + + rollback [VERSION] + Rollback database migrations (needs to be done before downgrading) + + update [OPTIONS] + Update the instance. + + Options: + --branch Update to a specified branch, instead of the latest version of the current one. + --flavour Update to a specified flavour (CPU architecture+libc), instead of the current one. + --zip-url Get the release from a specified url. If set, renders the previous 2 options inactive. + --no-rm Do not erase previous release's files. + --tmp-dir Download the temporary files to a specified directory. + + and any mix tasks under Pleroma namespace, for example \`mix pleroma.user COMMAND\` is + equivalent to \`$(basename "$0") user COMMAND\` + + By default pleroma_ctl will try calling into a running instance to execute non migration-related commands, + if for some reason this is undesired, set PLEROMA_CTL_RPC_DISABLED environment variable. + +" +else + SCRIPT=$(readlink -f "$0") + SCRIPTPATH=$(dirname "$SCRIPT") + + FULL_ARGS="$*" + + ACTION="$1" + if [ $# -gt 0 ]; then + shift + fi + echo "$1" | grep "^-" >/dev/null + if [ $? -eq 1 ]; then + SUBACTION="$1" + if [ $# -gt 0 ]; then + shift + fi + fi + + if [ "$ACTION" = "update" ]; then + update "$@" + elif [ "$ACTION" = "migrate" ] || [ "$ACTION" = "rollback" ] || [ "$ACTION" = "create" ] || [ "$ACTION $SUBACTION" = "instance gen" ] || [ "$PLEROMA_CTL_RPC_DISABLED" = true ]; then + "$SCRIPTPATH"/pleroma eval 'Pleroma.ReleaseTasks.run("'"$FULL_ARGS"'")' + else + "$SCRIPTPATH"/pleroma rpc 'Pleroma.ReleaseTasks.run("'"$FULL_ARGS"'")' + fi +fi diff --git a/rel/files/installation/init.d/pleroma b/rel/files/installation/init.d/pleroma new file mode 100755 index 000000000..dea1db26c --- /dev/null +++ b/rel/files/installation/init.d/pleroma @@ -0,0 +1,21 @@ +#!/sbin/openrc-run + +supervisor=supervise-daemon + +# Requires OpenRC >= 0.35 +directory=/opt/pleroma + +command=/opt/pleroma/bin/pleroma +command_args="start" +command_user=pleroma +command_background=1 + +# Ask process to terminate within 30 seconds, otherwise kill it +retry="SIGTERM/30/SIGKILL/5" + +pidfile="/var/run/pleroma.pid" + +depend() { + want nginx + need postgresql +} diff --git a/rel/files/installation/pleroma.service b/rel/files/installation/pleroma.service new file mode 100644 index 000000000..e47cf58dc --- /dev/null +++ b/rel/files/installation/pleroma.service @@ -0,0 +1,36 @@ +[Unit] +Description=Pleroma social network +After=network.target postgresql.service nginx.service + +[Service] +KillMode=process +Restart=on-failure + +; Name of the user that runs the Pleroma service. +User=pleroma + +; Make sure that all paths fit your installation. +; Path to the home directory of the user running the Pleroma service. +Environment="HOME=/opt/pleroma" +; Path to the folder containing the Pleroma installation. +WorkingDirectory=/opt/pleroma +; Path to the Pleroma binary. +ExecStart=/opt/pleroma/bin/pleroma start +ExecStop=/opt/pleroma/bin/pleroma stop + +; Some security directives. +; Use private /tmp and /var/tmp folders inside a new file system namespace, which are discarded after the process stops. +PrivateTmp=true +; The /home, /root, and /run/user folders can not be accessed by this service anymore. If your Pleroma user has its home folder in one of the restricted places, or use one of these folders as its working directory, you have to set this to false. +ProtectHome=true +; Mount /usr, /boot, and /etc as read-only for processes invoked by this service. +ProtectSystem=full +; Sets up a new /dev mount for the process and only adds API pseudo devices like /dev/null, /dev/zero or /dev/random but not physical devices. Disabled by default because it may not work on devices like the Raspberry Pi. +PrivateDevices=false +; Ensures that the service process and all its children can never gain new privileges through execve(). +NoNewPrivileges=true +; Drops the sysadmin capability from the daemon. +CapabilityBoundingSet=~CAP_SYS_ADMIN + +[Install] +WantedBy=multi-user.target diff --git a/rel/vm.args.eex b/rel/vm.args.eex new file mode 100644 index 000000000..71e803264 --- /dev/null +++ b/rel/vm.args.eex @@ -0,0 +1,11 @@ +## Customize flags given to the VM: http://erlang.org/doc/man/erl.html +## -mode/-name/-sname/-setcookie are configured via env vars, do not set them here + +## Number of dirty schedulers doing IO work (file, sockets, etc) +##+SDio 5 + +## Increase number of concurrent ports/sockets +##+Q 65536 + +## Tweak GC to run more often +##-env ERL_FULLSWEEP_AFTER 10 diff --git a/test/pleroma/web/activity_pub/mrf/no_empty_policy_test.exs b/test/pleroma/web/activity_pub/mrf/no_empty_policy_test.exs index fbcf68414..1e345d482 100644 --- a/test/pleroma/web/activity_pub/mrf/no_empty_policy_test.exs +++ b/test/pleroma/web/activity_pub/mrf/no_empty_policy_test.exs @@ -16,7 +16,9 @@ test "Notes with content are exempt" do "actor" => "http://localhost:4001/users/testuser", "attachment" => [], "cc" => ["http://localhost:4001/users/testuser/followers"], - "source" => "this is a test post", + "source" => %{ + "content" => "this is a test post" + }, "to" => ["https://www.w3.org/ns/activitystreams#Public"], "type" => "Note" },