forked from stove/dataset
upgrade peertube
This commit is contained in:
parent
856607fc52
commit
8b3bcd14a1
7 changed files with 150 additions and 78 deletions
7
seed/peertube/UPGRADE.md
Normal file
7
seed/peertube/UPGRADE.md
Normal file
|
@ -0,0 +1,7 @@
|
|||
peertube-plugin-auth-openid-connect
|
||||
===================================
|
||||
|
||||
Modify version in:
|
||||
- peertube/manual/image/postinstall/peertube.sh
|
||||
- peertube/templates/peertube.service
|
||||
- peertube/dictionaries/30_peertube.xml
|
|
@ -63,7 +63,7 @@
|
|||
<fill name="calc_oauth2_client_external">
|
||||
<param type="variable">revprox_client_external_domainnames</param>
|
||||
<param type="variable">revprox_client_location</param>
|
||||
<param>plugins/auth-openid-connect/0.0.7/auth/openid-connect</param>
|
||||
<param>plugins/auth-openid-connect/0.1.0/auth/openid-connect</param>
|
||||
<target>oauth2_client_external</target>
|
||||
</fill>
|
||||
<fill name="calc_value">
|
||||
|
|
|
@ -1,60 +0,0 @@
|
|||
--- peertube_plugins/node_modules/peertube-plugin-auth-openid-connect/main.js
|
||||
+++ peertube_plugins/node_modules/peertube-plugin-auth-openid-connect/main.js
|
||||
@@ -110,6 +110,14 @@ async function register ({
|
||||
descriptionHTML: 'Will only allow login for users whose group array contains this group'
|
||||
})
|
||||
|
||||
+ registerSetting({
|
||||
+ name: 'signature-algorithm',
|
||||
+ label: 'Token signature algorithm',
|
||||
+ type: 'input',
|
||||
+ private: true,
|
||||
+ default: 'RS256'
|
||||
+ })
|
||||
+
|
||||
const router = getRouter()
|
||||
router.use('/code-cb', (req, res) => handleCb(peertubeHelpers, settingsManager, req, res))
|
||||
|
||||
@@ -159,7 +167,8 @@ async function loadSettingsAndCreateClient (registerExternalAuth, unregisterExte
|
||||
'scope',
|
||||
'discover-url',
|
||||
'client-id',
|
||||
- 'client-secret'
|
||||
+ 'client-secret',
|
||||
+ 'signature-algorithm'
|
||||
])
|
||||
|
||||
if (!settings['discover-url']) {
|
||||
@@ -188,6 +197,8 @@ async function loadSettingsAndCreateClient (registerExternalAuth, unregisterExte
|
||||
} else {
|
||||
clientOptions.token_endpoint_auth_method = 'none'
|
||||
}
|
||||
+ clientOptions.id_token_signed_response_alg = settings['signature-algorithm']
|
||||
+ clientOptions.authorization_signed_response_alg = settings['signature-algorithm']
|
||||
|
||||
store.client = new issuer.Client(clientOptions)
|
||||
|
||||
--- peertube/dist/server/helpers/custom-validators/activitypub/actor.js.ori 2022-04-06 13:58:17.752681849 +0000
|
||||
+++ peertube/dist/server/helpers/custom-validators/activitypub/actor.js 2022-04-06 13:58:22.268682531 +0000
|
||||
@@ -43,8 +43,8 @@
|
||||
function isActorPrivateKeyValid(privateKey) {
|
||||
return (0, misc_1.exists)(privateKey) &&
|
||||
typeof privateKey === 'string' &&
|
||||
- privateKey.startsWith('-----BEGIN RSA PRIVATE KEY-----') &&
|
||||
- privateKey.includes('-----END RSA PRIVATE KEY-----') &&
|
||||
+ privateKey.startsWith('-----BEGIN PRIVATE KEY-----') &&
|
||||
+ privateKey.includes('-----END PRIVATE KEY-----') &&
|
||||
validator_1.default.isLength(privateKey, constants_1.CONSTRAINTS_FIELDS.ACTORS.PRIVATE_KEY);
|
||||
}
|
||||
exports.isActorPrivateKeyValid = isActorPrivateKeyValid;
|
||||
--- peertube/node_modules/pem/lib/pem.js.ori 2022-04-06 13:59:36.232693763 +0000
|
||||
+++ peertube/node_modules/pem/lib/pem.js 2022-04-06 13:59:48.916695687 +0000
|
||||
@@ -74,7 +74,7 @@
|
||||
|
||||
params.push(keyBitsize)
|
||||
|
||||
- openssl.exec(params, 'RSA PRIVATE KEY', function (sslErr, key) {
|
||||
+ openssl.exec(params, 'PRIVATE KEY', function (sslErr, key) {
|
||||
function done (err) {
|
||||
if (err) {
|
||||
return callback(err)
|
|
@ -8,7 +8,7 @@ echo "nameserver 9.9.9.9" > /etc/resolv.conf
|
|||
PLUGINS_DIR=$PLUGINS_DIR
|
||||
mkdir -p "\$PLUGINS_DIR"
|
||||
cd "\$PLUGINS_DIR"
|
||||
yarn add peertube-plugin-auth-openid-connect@0.0.7 --production
|
||||
yarn add peertube-plugin-auth-openid-connect@0.1.0 --production
|
||||
mkdir -p "\$PLUGINS_DIR/data/peertube-plugin-auth-openid-connect"
|
||||
chown peertube: "\$PLUGINS_DIR/data"
|
||||
chown peertube: "\$PLUGINS_DIR/data/peertube-plugin-auth-openid-connect"
|
||||
|
@ -23,5 +23,5 @@ rmdir "$IMAGE_NAME_RISOTTO_IMAGE_DIR/proc/self/"
|
|||
|
||||
rm -f "$IMAGE_NAME_RISOTTO_IMAGE_DIR/install.sh"
|
||||
cd "$IMAGE_NAME_RISOTTO_IMAGE_DIR$PLUGINS_DIR/.."
|
||||
patch -p0 < "$IMAGE_DIR_RECIPIENT_IMAGE/postinstall/peertube.patch"
|
||||
#patch -p0 < "$IMAGE_DIR_RECIPIENT_IMAGE/postinstall/peertube.patch"
|
||||
cd -
|
||||
|
|
|
@ -1,3 +1,4 @@
|
|||
PKG="$PKG peertube yarnpkg"
|
||||
PKG="$PKG peertube peertube-tools yarnpkg"
|
||||
#PKG="$PKG peertube yarnpkg"
|
||||
COPR="https://copr.fedorainfracloud.org/coprs/daftaupe/peertube/repo/fedora-36/daftaupe-peertube-fedora-36.repo"
|
||||
FUSION=true
|
||||
|
|
|
@ -2,4 +2,4 @@
|
|||
Environment=PGPASSFILE=/usr/local/lib/secrets/postgresql.pass
|
||||
ExecStartPost=+/usr/bin/timeout 90 sh -c 'while ! /usr/bin/psql --set=sslmode=verify-full -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "SELECT * FROM plugin;"; do sleep 1; done'
|
||||
ExecStartPost=+/usr/bin/psql --set=sslmode=verify-full -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "DELETE FROM plugin;"
|
||||
ExecStartPost=+/usr/bin/psql --set=sslmode=verify-full -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "INSERT INTO plugin (name, type, version, enabled, uninstalled, \"peertubeEngine\", description, homepage, settings, \"createdAt\", \"updatedAt\") VALUES ('auth-openid-connect', '1', '0.0.7', true, false, '>=2.2.0', 'Add OpenID connect support to login form in PeerTube.', 'https://framagit.org/framasoft/peertube/official-plugins/tree/master/peertube-plugin-auth-openid-connect', '{\"scope\": \"openid email profile\", \"client-id\": \"%%oauth2_client_id\", \"discover-url\": \"https://%%oauth2_client_server_domainname/.well-known/openid-configuration\", \"client-secret\": \"%%oauth2_client_secret\", \"mail-property\": \"email\", \"auth-display-name\": \"OpenID Connect\", \"username-property\": \"nickname\", \"signature-algorithm\": \"%%oauth2_client_token_signature_algo\", \"display-name-property\": \"email\"}', '2022-04-05 18:12:34.832+02', '2022-04-05 18:12:34.832+02')"
|
||||
ExecStartPost=+/usr/bin/psql --set=sslmode=verify-full -h %%pg_client_server_domainname -U %%pg_client_username %%pg_client_database -c "INSERT INTO plugin (name, type, version, enabled, uninstalled, \"peertubeEngine\", description, homepage, settings, \"createdAt\", \"updatedAt\") VALUES ('auth-openid-connect', '1', '0.1.0', true, false, '>=2.2.0', 'Add OpenID connect support to login form in PeerTube.', 'https://framagit.org/framasoft/peertube/official-plugins/tree/master/peertube-plugin-auth-openid-connect', '{\"scope\": \"openid email profile\", \"client-id\": \"%%oauth2_client_id\", \"discover-url\": \"https://%%oauth2_client_server_domainname/.well-known/openid-configuration\", \"client-secret\": \"%%oauth2_client_secret\", \"mail-property\": \"email\", \"auth-display-name\": \"OpenID Connect\", \"username-property\": \"nickname\", \"signature-algorithm\": \"%%oauth2_client_token_signature_algo\", \"display-name-property\": \"email\"}', '2022-04-05 18:12:34.832+02', '2022-04-05 18:12:34.832+02')"
|
||||
|
|
|
@ -28,6 +28,10 @@ rates_limit:
|
|||
# 3 attempts in 5 min
|
||||
window: 5 minutes
|
||||
max: 3
|
||||
receive_client_log:
|
||||
# 10 attempts in 10 min
|
||||
window: 10 minutes
|
||||
max: 10
|
||||
|
||||
# Proxies to trust to get real client IP
|
||||
# If you run PeerTube just behind a local proxy (nginx), keep 'loopback'
|
||||
|
@ -49,7 +53,7 @@ database:
|
|||
|
||||
# Redis server for short time storage
|
||||
# You can also specify a 'socket' path to a unix socket but first need to
|
||||
# comment out hostname and port
|
||||
# set 'hostname' and 'port' to null
|
||||
redis:
|
||||
hostname: '%%redis_client_server_domainname'
|
||||
port: 6379
|
||||
|
@ -95,11 +99,13 @@ defaults:
|
|||
licence: null
|
||||
|
||||
p2p:
|
||||
# Enable P2P by default
|
||||
# Enable P2P by default in PeerTube client
|
||||
# Can be enabled/disabled by anonymous users and logged in users
|
||||
webapp:
|
||||
enabled: true
|
||||
|
||||
# Enable P2P by default in PeerTube embed
|
||||
# Can be enabled/disabled by URL option
|
||||
embed:
|
||||
enabled: true
|
||||
|
||||
|
@ -138,6 +144,9 @@ object_storage:
|
|||
|
||||
region: 'us-east-1'
|
||||
|
||||
# Set this ACL on each uploaded object
|
||||
upload_acl: 'public-read'
|
||||
|
||||
credentials:
|
||||
# You can also use AWS_ACCESS_KEY_ID env variable
|
||||
access_key_id: ''
|
||||
|
@ -145,7 +154,10 @@ object_storage:
|
|||
secret_access_key: ''
|
||||
|
||||
# Maximum amount to upload in one request to object storage
|
||||
# GNUNUX max_upload_part: 100MB
|
||||
#>GNUNUX
|
||||
max_upload_part: 2GB
|
||||
#<GNUNUX
|
||||
|
||||
streaming_playlists:
|
||||
bucket_name: 'streaming-playlists'
|
||||
|
@ -165,20 +177,46 @@ object_storage:
|
|||
|
||||
log:
|
||||
level: 'info' # 'debug' | 'info' | 'warn' | 'error'
|
||||
|
||||
rotation:
|
||||
# GNUNUX enabled : true # Enabled by default, if disabled make sure that 'storage.logs' is pointing to a folder handled by logrotate
|
||||
#>GNUNUX
|
||||
enabled : false # Enabled by default, if disabled make sure that 'storage.logs' is pointing to a folder handled by logrotate
|
||||
#<GNUNUX
|
||||
max_file_size: 12MB
|
||||
max_files: 20
|
||||
|
||||
anonymize_ip: false
|
||||
|
||||
log_ping_requests: true
|
||||
log_tracker_unknown_infohash: true
|
||||
|
||||
prettify_sql: false
|
||||
|
||||
# Accept warn/error logs coming from the client
|
||||
accept_client_log: true
|
||||
|
||||
# Highly experimental support of Open Telemetry
|
||||
open_telemetry:
|
||||
metrics:
|
||||
enabled: false
|
||||
|
||||
# Create a prometheus exporter server on this port so prometheus server can scrape PeerTube metrics
|
||||
prometheus_exporter:
|
||||
port: 9091
|
||||
|
||||
tracing:
|
||||
enabled: false
|
||||
|
||||
# Send traces to a Jaeger compatible endpoint
|
||||
jaeger_exporter:
|
||||
endpoint: ''
|
||||
|
||||
trending:
|
||||
videos:
|
||||
interval_days: 7 # Compute trending videos for the last x days
|
||||
algorithms:
|
||||
enabled:
|
||||
- 'best' # adaptation of Reddit's 'Best' algorithm (Hot minus History)
|
||||
- 'hot' # adaptation of Reddit's 'Hot' algorithm
|
||||
- 'most-viewed' # default, used initially by PeerTube as the trending page
|
||||
- 'most-liked'
|
||||
|
@ -227,7 +265,7 @@ security:
|
|||
enabled: true
|
||||
|
||||
tracker:
|
||||
# If you disable the tracker, you disable the P2P aspect of PeerTube
|
||||
# If you disable the tracker, you disable the P2P on your PeerTube instance
|
||||
enabled: true
|
||||
# Only handle requests on your videos
|
||||
# If you set this to false it means you have a public tracker
|
||||
|
@ -258,11 +296,21 @@ views:
|
|||
|
||||
ip_view_expiration: '1 hour'
|
||||
|
||||
# Used to get country location of views of local videos
|
||||
geo_ip:
|
||||
enabled: true
|
||||
|
||||
country:
|
||||
database_url: 'https://dbip.mirror.framasoft.org/files/dbip-country-lite-latest.mmdb'
|
||||
|
||||
plugins:
|
||||
# The website PeerTube will ask for available PeerTube plugins and themes
|
||||
# This is an unmoderated plugin index, so only install plugins/themes you trust
|
||||
index:
|
||||
# GNUNUX enabled: true
|
||||
#>GNUNUX
|
||||
enabled: false
|
||||
#<GNUNUX
|
||||
check_latest_versions_interval: '12 hours' # How often you want to check new plugins/themes versions
|
||||
url: 'https://packages.joinpeertube.org'
|
||||
|
||||
|
@ -277,7 +325,10 @@ federation:
|
|||
peertube:
|
||||
check_latest_version:
|
||||
# Check and notify admins of new PeerTube versions
|
||||
# GNUNUX enabled: true
|
||||
#>GNUNUX
|
||||
enabled: false
|
||||
#<GNUNUX
|
||||
# You can use a custom URL if your want, that respect the format behind https://joinpeertube.org/api/v1/versions.json
|
||||
url: 'https://joinpeertube.org/api/v1/versions.json'
|
||||
|
||||
|
@ -285,17 +336,30 @@ webadmin:
|
|||
configuration:
|
||||
edition:
|
||||
# Set this to false if you don't want to allow config edition in the web interface by instance admins
|
||||
# GNUNUX allowed: true
|
||||
#>GNUNUX
|
||||
allowed: false
|
||||
#<GNUNUX
|
||||
|
||||
# XML, Atom or JSON feeds
|
||||
feeds:
|
||||
videos:
|
||||
# Default number of videos displayed in feeds
|
||||
count: 20
|
||||
|
||||
comments:
|
||||
# Default number of comments displayed in feeds
|
||||
count: 20
|
||||
|
||||
###############################################################################
|
||||
#
|
||||
# From this point, all the following keys can be overridden by the web interface
|
||||
# From this point, almost all following keys can be overridden by the web interface
|
||||
# (local-production.json file). If you need to change some values, prefer to
|
||||
# use the web interface because the configuration will be automatically
|
||||
# reloaded without any need to restart PeerTube
|
||||
#
|
||||
# /!\ If you already have a local-production.json file, the modification of the
|
||||
# following keys will have no effect /!\
|
||||
# /!\ If you already have a local-production.json file, modification of some of
|
||||
# the following keys will have no effect /!\
|
||||
#
|
||||
###############################################################################
|
||||
|
||||
|
@ -368,6 +432,9 @@ transcoding:
|
|||
1440p: false
|
||||
2160p: false
|
||||
|
||||
# Transcode and keep original resolution, even if it's above your maximum enabled resolution
|
||||
always_transcode_original_resolution: true
|
||||
|
||||
# Generate videos in a WebTorrent format (what we do since the first PeerTube release)
|
||||
# If you also enabled the hls format, it will multiply videos storage by 2
|
||||
# If disabled, breaks federation with PeerTube instances < 2.1
|
||||
|
@ -404,19 +471,43 @@ live:
|
|||
# /!\ transcoding.enabled (and not live.transcoding.enabled) has to be true to create a replay
|
||||
allow_replay: true
|
||||
|
||||
# Allow your users to change latency settings (small latency/default/high latency)
|
||||
# Small latency live streams cannot use P2P
|
||||
# High latency live streams can increase P2P ratio
|
||||
latency_setting:
|
||||
enabled: true
|
||||
|
||||
# Your firewall should accept traffic from this port in TCP if you enable live
|
||||
rtmp:
|
||||
enabled: true
|
||||
|
||||
# Listening hostname/port for RTMP server
|
||||
# '::' to listen on IPv6 and IPv4, '0.0.0.0' to listen on IPv4
|
||||
# Use null to automatically listen on '::' if IPv6 is available, or '0.0.0.0' otherwise
|
||||
hostname: null
|
||||
port: 1935
|
||||
|
||||
# Public hostname of your RTMP server
|
||||
# Use null to use the same value than `webserver.hostname`
|
||||
public_hostname: null
|
||||
|
||||
rtmps:
|
||||
enabled: false
|
||||
|
||||
# Listening hostname/port for RTMPS server
|
||||
# '::' to listen on IPv6 and IPv4, '0.0.0.0' to listen on IPv4
|
||||
# Use null to automatically listen on '::' if IPv6 is available, or '0.0.0.0' otherwise
|
||||
hostname: null
|
||||
port: 1936
|
||||
# Absolute path
|
||||
|
||||
# Absolute paths
|
||||
key_file: ''
|
||||
# Absolute path
|
||||
cert_file: ''
|
||||
|
||||
# Public hostname of your RTMPS server
|
||||
# Use null to use the same value than `webserver.hostname`
|
||||
public_hostname: null
|
||||
|
||||
# Allow to transcode the live streaming in multiple live resolutions
|
||||
transcoding:
|
||||
enabled: true
|
||||
|
@ -437,17 +528,31 @@ live:
|
|||
1440p: false
|
||||
2160p: false
|
||||
|
||||
# Also transcode original resolution, even if it's above your maximum enabled resolution
|
||||
always_transcode_original_resolution: true
|
||||
|
||||
video_studio:
|
||||
# Enable video edition by users (cut, add intro/outro, add watermark etc)
|
||||
# If enabled, users can create transcoding tasks as they wish
|
||||
enabled: false
|
||||
|
||||
import:
|
||||
# Add ability for your users to import remote videos (from YouTube, torrent...)
|
||||
videos:
|
||||
# Amount of import jobs to execute in parallel
|
||||
concurrency: 1
|
||||
|
||||
# Set a custom video import timeout to not block import queue
|
||||
timeout: '2 hours'
|
||||
|
||||
# Classic HTTP or all sites supported by youtube-dl https://rg3.github.io/youtube-dl/supportedsites.html
|
||||
http:
|
||||
# We recommend to use a HTTP proxy if you enable HTTP import to prevent private URL access from this server
|
||||
# See https://docs.joinpeertube.org/maintain-configuration?id=security for more information
|
||||
# GNUNUX enabled: false
|
||||
#>GNUNUX
|
||||
enabled: true
|
||||
#<GNUNUX
|
||||
|
||||
youtube_dl_release:
|
||||
# Direct download URL to youtube-dl binary
|
||||
|
@ -455,11 +560,11 @@ import:
|
|||
# Examples:
|
||||
# * https://api.github.com/repos/ytdl-org/youtube-dl/releases
|
||||
# * https://api.github.com/repos/yt-dlp/yt-dlp/releases
|
||||
url: 'https://yt-dl.org/downloads/latest/youtube-dl'
|
||||
# * https://yt-dl.org/downloads/latest/youtube-dl
|
||||
url: 'https://api.github.com/repos/yt-dlp/yt-dlp/releases'
|
||||
|
||||
# youtube-dl binary name
|
||||
# yt-dlp is also supported
|
||||
name: 'youtube-dl'
|
||||
# Release binary name: 'yt-dlp' or 'youtube-dl'
|
||||
name: 'yt-dlp'
|
||||
|
||||
# Path to the python binary to execute for youtube-dl or yt-dlp
|
||||
python_path: '/usr/bin/python3'
|
||||
|
@ -473,6 +578,17 @@ import:
|
|||
# See https://docs.joinpeertube.org/maintain-configuration?id=security for more information
|
||||
enabled: false
|
||||
|
||||
# Add ability for your users to synchronize their channels with external channels, playlists, etc.
|
||||
video_channel_synchronization:
|
||||
enabled: false
|
||||
|
||||
max_per_user: 10
|
||||
|
||||
check_interval: 1 hour
|
||||
|
||||
# Number of latest published videos to check and to potentially import when syncing a channel
|
||||
videos_limit_per_synchronization: 10
|
||||
|
||||
auto_blacklist:
|
||||
# New videos automatically blacklisted so moderators can review before publishing
|
||||
videos:
|
||||
|
@ -512,7 +628,10 @@ instance:
|
|||
languages:
|
||||
# - en
|
||||
# - es
|
||||
# GNUNUX - fr
|
||||
#>GNUNUX
|
||||
- fr
|
||||
#<GNUNUX
|
||||
|
||||
# You can specify the main categories of your instance (dedicated to music, gaming or politics etc)
|
||||
# Uncomment or add the category ids you want
|
||||
|
@ -630,6 +749,11 @@ client:
|
|||
miniature:
|
||||
# By default PeerTube client displays author username
|
||||
prefer_author_display_name: false
|
||||
display_author_avatar: false
|
||||
resumable_upload:
|
||||
# Max size of upload chunks, e.g. '90MB'
|
||||
# If null, it will be calculated based on network speed
|
||||
max_chunk_size: null
|
||||
|
||||
menu:
|
||||
login:
|
||||
|
|
Loading…
Reference in a new issue