include patches
All checks were successful
dockers/pixelfed/pipeline/head This commit looks good

This commit is contained in:
chris 2023-10-08 15:00:18 +02:00
parent 6d9842c969
commit 8ad1f9b8a2
8 changed files with 287 additions and 23 deletions

View file

@ -4,12 +4,6 @@ ARG VERSION=dev
ARG DATE
ENV IP_PATCH=14cca91255bca69dec195112ce2fbd110e2406ca
ENV DISCOVERY_PATCH=f4a01bc97efeb259fd0c6e2016949c90675cc555
ENV GITHUB_PATCH=06bcf80133f6c212f1674d280974c669b4524283
ENV BEAGLE_PATCH=f45a489d5e45de21d648437880ef525a2e957b7b
ENV USERNAME_PATCH=737319bff8697263df19b9b4c0a2ee7cc8055476
RUN set -xe;\
apt-get update &&\
apt-get install --no-install-recommends -y git locales libcurl4-openssl-dev libzip-dev libicu-dev libxml2-dev libjpeg62-turbo-dev libpng-dev libmagickwand-dev libpq-dev libxpm-dev libwebp-dev &&\
@ -27,21 +21,23 @@ RUN set -xe;\
curl https://raw.githubusercontent.com/composer/getcomposer.org/0a51b6fe383f7f61cf1d250c742ec655aa044c94/web/installer | php -- --quiet --2.2 &&\
mv composer.phar /usr/local/bin/composer
COPY patches/ /patches/
RUN set -xe;\
cd /var && rm -rf www &&\
git clone https://github.com/pixelfed/pixelfed.git www &&\
cd www &&\
git checkout $VERSION &&\
curl -L https://git.zknt.org/chris/pixelfed/commit/${IP_PATCH}.patch | git apply &&\
curl -L https://git.zknt.org/chris/pixelfed/commit/${DISCOVERY_PATCH}.patch | git apply &&\
curl -L https://git.zknt.org/chris/pixelfed/commit/${GITHUB_PATCH}.patch | git apply &&\
curl -L https://git.zknt.org/chris/pixelfed/commit/${BEAGLE_PATCH}.patch | git apply &&\
curl -L https://git.zknt.org/chris/pixelfed/commit/${USERNAME_PATCH}.patch | git apply &&\
git apply /patches/0001-remove-IP-logging.patch &&\
git apply /patches/0002-hardcode-discovery-settings.patch &&\
git apply /patches/0003-point-to-modified-sourcecode.patch &&\
git apply /patches/0004-disable-beagle-service.patch &&\
git apply /patches/0005-allow-30-char-usernames.patch &&\
composer install --prefer-dist --no-interaction --no-ansi --no-dev --optimize-autoloader &&\
ln -s public html &&\
chown -R www-data:www-data /var/www &&\
cp -r storage storage.skel &&\
rm -rf .git tests contrib CHANGELOG.md LICENSE .circleci .dependabot .github CODE_OF_CONDUCT.md .env.docker CONTRIBUTING.md README.md docker-compose.yml .env.testing phpunit.xml .env.example .gitignore .editorconfig .gitattributes .dockerignore
rm -rf .git tests contrib CHANGELOG.md LICENSE .circleci .dependabot .github CODE_OF_CONDUCT.md .env.docker CONTRIBUTING.md README.md docker-compose.yml .env.testing phpunit.xml .env.example .gitignore .editorconfig .gitattributes .dockerignore /patches
FROM docker.io/php:8.1-apache-bullseye
ARG DATE

View file

@ -3,12 +3,6 @@ FROM docker.io/php:8.1-fpm-bullseye as builder
ARG VERSION=dev
ARG DATE
ENV IP_PATCH=14cca91255bca69dec195112ce2fbd110e2406ca
ENV DISCOVERY_PATCH=f4a01bc97efeb259fd0c6e2016949c90675cc555
ENV GITHUB_PATCH=06bcf80133f6c212f1674d280974c669b4524283
ENV BEAGLE_PATCH=f45a489d5e45de21d648437880ef525a2e957b7b
ENV USERNAME_PATCH=737319bff8697263df19b9b4c0a2ee7cc8055476
RUN set -xe;\
apt-get update &&\
apt-get install --no-install-recommends -y git locales libcurl4-openssl-dev libzip-dev libicu-dev libxml2-dev libjpeg62-turbo-dev libpng-dev libmagickwand-dev libpq-dev libxpm-dev libwebp-dev &&\
@ -26,16 +20,18 @@ RUN set -xe;\
curl https://raw.githubusercontent.com/composer/getcomposer.org/0a51b6fe383f7f61cf1d250c742ec655aa044c94/web/installer | php -- --quiet --2.2 &&\
mv composer.phar /usr/local/bin/composer
COPY patches/ /patches/
RUN set -xe;\
cd /var && rm -rf www &&\
git clone https://github.com/pixelfed/pixelfed.git www &&\
cd www &&\
git checkout $VERSION &&\
curl -L https://git.zknt.org/chris/pixelfed/commit/${IP_PATCH}.patch | git apply &&\
curl -L https://git.zknt.org/chris/pixelfed/commit/${DISCOVERY_PATCH}.patch | git apply &&\
curl -L https://git.zknt.org/chris/pixelfed/commit/${GITHUB_PATCH}.patch | git apply &&\
curl -L https://git.zknt.org/chris/pixelfed/commit/${BEAGLE_PATCH}.patch | git apply &&\
curl -L https://git.zknt.org/chris/pixelfed/commit/${USERNAME_PATCH}.patch | git apply &&\
git apply /patches/0001-remove-IP-logging.patch &&\
git apply /patches/0002-hardcode-discovery-settings.patch &&\
git apply /patches/0003-point-to-modified-sourcecode.patch &&\
git apply /patches/0004-disable-beagle-service.patch &&\
git apply /patches/0005-allow-30-char-usernames.patch &&\
composer install --prefer-dist --no-interaction --no-ansi --no-dev --optimize-autoloader &&\
ln -s public html &&\
chown -R www-data:www-data /var/www &&\

View file

@ -0,0 +1,87 @@
From 983309a3f92c3cc40d70f46d0eb0ba8eb752d7ff Mon Sep 17 00:00:00 2001
From: hnrd <cg@zknt.org>
Date: Sat, 27 May 2023 11:27:56 +0200
Subject: [PATCH 1/6] remove IP logging
Replace unneeded logging of IPs and User-Agent strings with meaningless static data.
---
app/Http/Controllers/Auth/LoginController.php | 4 ++--
app/Http/Controllers/Settings/HomeSettings.php | 8 ++++----
app/Listeners/AuthLogin.php | 4 ++--
app/Listeners/LogFailedLogin.php | 4 ++--
4 files changed, 10 insertions(+), 10 deletions(-)
diff --git a/app/Http/Controllers/Auth/LoginController.php b/app/Http/Controllers/Auth/LoginController.php
index 3861d327..e6b345a6 100644
--- a/app/Http/Controllers/Auth/LoginController.php
+++ b/app/Http/Controllers/Auth/LoginController.php
@@ -108,8 +108,8 @@ class LoginController extends Controller
$log->action = 'auth.login';
$log->message = 'Account Login';
$log->link = null;
- $log->ip_address = $request->ip();
- $log->user_agent = $request->userAgent();
+ $log->ip_address = "127.0.0.23";
+ $log->user_agent = "Pixelfed.de";
$log->save();
}
diff --git a/app/Http/Controllers/Settings/HomeSettings.php b/app/Http/Controllers/Settings/HomeSettings.php
index 082a72af..63448905 100644
--- a/app/Http/Controllers/Settings/HomeSettings.php
+++ b/app/Http/Controllers/Settings/HomeSettings.php
@@ -139,8 +139,8 @@ trait HomeSettings
$log->action = 'account.edit.password';
$log->message = 'Password changed';
$log->link = null;
- $log->ip_address = $request->ip();
- $log->user_agent = $request->userAgent();
+ $log->ip_address = "127.0.0.23";
+ $log->user_agent = "Pixelfed.de";
$log->save();
Mail::to($request->user())->send(new PasswordChange($user));
@@ -185,8 +185,8 @@ trait HomeSettings
$log->action = 'account.edit.email';
$log->message = 'Email changed';
$log->link = null;
- $log->ip_address = $request->ip();
- $log->user_agent = $request->userAgent();
+ $log->ip_address = "127.0.0.23";
+ $log->user_agent = "Pixelfed.de";
$log->save();
}
diff --git a/app/Listeners/AuthLogin.php b/app/Listeners/AuthLogin.php
index 90806965..d0261ecc 100644
--- a/app/Listeners/AuthLogin.php
+++ b/app/Listeners/AuthLogin.php
@@ -122,8 +122,8 @@ class AuthLogin
$device = DB::transaction(function() use($user) {
return UserDevice::firstOrCreate([
'user_id' => $user->id,
- 'ip' => request()->ip(),
- 'user_agent' => str_limit(request()->userAgent(), 180),
+ 'ip' => "127.0.0.23",
+ 'user_agent' => "Pixelfed.de",
]);
});
}
diff --git a/app/Listeners/LogFailedLogin.php b/app/Listeners/LogFailedLogin.php
index c6ba3305..9442bfd0 100644
--- a/app/Listeners/LogFailedLogin.php
+++ b/app/Listeners/LogFailedLogin.php
@@ -41,8 +41,8 @@ class LogFailedLogin
$log->action = 'auth.failed';
$log->message = 'Failed login attempt';
$log->link = null;
- $log->ip_address = $request->ip();
- $log->user_agent = $request->userAgent();
+ $log->ip_address = "127.0.0.23";
+ $log->user_agent = "Pixelfed.de";
$log->save();
}
}
--
2.42.0

View file

@ -0,0 +1,38 @@
From 2e602bea61489ff59c8084a24de4bc33f44971ad Mon Sep 17 00:00:00 2001
From: hnrd <cg@zknt.org>
Date: Mon, 10 Apr 2023 18:04:17 +0200
Subject: [PATCH 2/6] hardcode discovery settings
force enable discovery (as dynamic settings are not saved properly)
---
app/Http/Controllers/DiscoverController.php | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/app/Http/Controllers/DiscoverController.php b/app/Http/Controllers/DiscoverController.php
index 4bb7277a..41251adb 100644
--- a/app/Http/Controllers/DiscoverController.php
+++ b/app/Http/Controllers/DiscoverController.php
@@ -279,16 +279,16 @@ class DiscoverController extends Controller
}
return [
'hashtags' => [
- 'enabled' => false,
+ 'enabled' => true,
],
'memories' => [
- 'enabled' => false,
+ 'enabled' => true,
],
'insights' => [
- 'enabled' => false,
+ 'enabled' => true,
],
'friends' => [
- 'enabled' => false,
+ 'enabled' => true,
],
'server' => [
'enabled' => false,
--
2.42.0

View file

@ -0,0 +1,26 @@
From 812e130d0ec6841bc822a3506485147eeae381d6 Mon Sep 17 00:00:00 2001
From: hnrd <cg@zknt.org>
Date: Mon, 10 Apr 2023 18:35:40 +0200
Subject: [PATCH 3/6] point to modified sourcecode
as per AGPL license of original source, modifications must be disclosed.
---
resources/views/site/opensource.blade.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/resources/views/site/opensource.blade.php b/resources/views/site/opensource.blade.php
index cb2e7c77..63645f0c 100644
--- a/resources/views/site/opensource.blade.php
+++ b/resources/views/site/opensource.blade.php
@@ -7,7 +7,7 @@
</div>
<hr>
<section>
- <p class="lead">The software that powers this website is called <a href="https://pixelfed.org">Pixelfed</a> and anyone can <a href="https://github.com/pixelfed/pixelfed">download</a> or <a href="https://github.com/pixelfed/pixelfed">view</a> the source code and run their own instance!</p>
+ <p class="lead">This website runs a modified version of the Pixelfed software, which you can find on <a href="https://git.zknt.org/chris/pixelfed/">Git</a> (original, unmodified software: <a href="https://github.com/pixelfed/pixelfed/">here on Github</a></p>
</section>
@endsection
--
2.42.0

View file

@ -0,0 +1,43 @@
From 13995f061214886fa9dda3f64341b543c2df5646 Mon Sep 17 00:00:00 2001
From: hnrd <cg@zknt.org>
Date: Mon, 17 Jul 2023 10:47:39 +0200
Subject: [PATCH 4/6] disable beagle service
beagle is a remote API service provided by dansup and used for centralised lookups.
Using the beagle service without users explicit consent violates GDPR.
As it's not configurable at the moment this patch disables remote communication with beagle.
---
app/Services/Account/RemoteAuthService.php | 3 +++
1 file changed, 3 insertions(+)
diff --git a/app/Services/Account/RemoteAuthService.php b/app/Services/Account/RemoteAuthService.php
index 4412352a..14b4d625 100644
--- a/app/Services/Account/RemoteAuthService.php
+++ b/app/Services/Account/RemoteAuthService.php
@@ -120,6 +120,7 @@ class RemoteAuthService
}
return Cache::remember(self::CACHE_KEY . 'domain-compatible:' . $domain, 14400, function() use($domain) {
+ return true;
try {
$res = Http::timeout(20)->retry(3, 750)->get('https://beagle.pixelfed.net/api/v1/raa/domain?domain=' . $domain);
if(!$res->ok()) {
@@ -144,6 +145,7 @@ class RemoteAuthService
public static function lookupWebfingerUses($wf)
{
+ return 0;
try {
$res = Http::timeout(20)->retry(3, 750)->get('https://beagle.pixelfed.net/api/v1/raa/lookup?webfinger=' . $wf);
if(!$res->ok()) {
@@ -166,6 +168,7 @@ class RemoteAuthService
public static function submitToBeagle($ow, $ou, $dw, $du)
{
+ return;
try {
$url = 'https://beagle.pixelfed.net/api/v1/raa/submit';
$res = Http::throw()->timeout(10)->get($url, [
--
2.42.0

View file

@ -0,0 +1,26 @@
From e860abb64b9f5f29b519dd85c976918152878437 Mon Sep 17 00:00:00 2001
From: hnrd <cg@zknt.org>
Date: Thu, 27 Jul 2023 12:49:01 +0200
Subject: [PATCH 5/6] allow 30 char usernames
raise maximum username length, because why not?
---
app/Http/Controllers/Auth/RegisterController.php | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/app/Http/Controllers/Auth/RegisterController.php b/app/Http/Controllers/Auth/RegisterController.php
index 5eb1159f..227bf06d 100644
--- a/app/Http/Controllers/Auth/RegisterController.php
+++ b/app/Http/Controllers/Auth/RegisterController.php
@@ -70,7 +70,7 @@ class RegisterController extends Controller
$usernameRules = [
'required',
'min:2',
- 'max:15',
+ 'max:30',
'unique:users',
function ($attribute, $value, $fail) {
$dash = substr_count($value, '-');
--
2.42.0

File diff suppressed because one or more lines are too long