capdrupal 3.0.2 → 3.0.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +8 -1
- data/README.md +5 -0
- data/capdrupal.gemspec +1 -1
- data/lib/capdrupal.rb +57 -2
- metadata +6 -6
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 7266984d5cca0bd4f27392796b71cca44f6a5be8017743ec8075c030e87d3c99
|
|
4
|
+
data.tar.gz: 719349f1a190ef5aca2833f9e37a682d3a111d1ec6498c6bf8a4d0a9c945d7cc
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 2b75fbaa093cc8e3d858f652bba34604ff32534ff8a21e46614c89feae8a77d21115638164cf15a09a65154a87da653da932c623615a3ebec7a3397f168ada72
|
|
7
|
+
data.tar.gz: d4ef047b57d2f1385d50db3305ce5b990e6ef955e62e333ada3bd097a04cc23138a8434c05b5a62e4263072357ce9507aad16d69e4bb7a980bbc96ea6665c1bd
|
data/CHANGELOG.md
CHANGED
|
@@ -1,6 +1,13 @@
|
|
|
1
1
|
# Capdrupal Changelog
|
|
2
2
|
|
|
3
|
-
##
|
|
3
|
+
## NEXT RELEASE
|
|
4
|
+
|
|
5
|
+
## 3.0.4 (2023-04-25)
|
|
6
|
+
- add command `drupal:security:obscurity:files` to obfuscate Drupal sensitive files by deletion
|
|
7
|
+
- add command `drupal:security:obscurity:htaccess` to obfuscate Drupal sensitive files by htaccess
|
|
8
|
+
|
|
9
|
+
## 3.0.3 (2023-03-14)
|
|
10
|
+
- Only files directory must have permissions fixed to be writable, not all shared files.
|
|
4
11
|
|
|
5
12
|
## 3.0.2 (2022-12-22)
|
|
6
13
|
- Allow Site directory to be configured
|
data/README.md
CHANGED
|
@@ -12,6 +12,7 @@ Capdrupal Gem Version | Branch | Capistrano Version | Drupal Version
|
|
|
12
12
|
0.11.0 | d7 | 2 | 7.x
|
|
13
13
|
3.x | main | 3.x | 8.x
|
|
14
14
|
3.x | main | 3.x | 9.x
|
|
15
|
+
3.x | main | 3.x | 10.x
|
|
15
16
|
|
|
16
17
|
## Prerequisites
|
|
17
18
|
|
|
@@ -152,6 +153,10 @@ namespace :deploy do
|
|
|
152
153
|
|
|
153
154
|
# Clear your Drupal 8 cache.
|
|
154
155
|
after :updated, "drupal:cache:clear"
|
|
156
|
+
|
|
157
|
+
# Obfuscate Drupal sensitive files by removing or by denying access to them.
|
|
158
|
+
# after :updated, "drupal:security:obscurity:files"
|
|
159
|
+
# after :updated, "drupal:security:obscurity:htaccess"
|
|
155
160
|
|
|
156
161
|
# Disable the maintence on the Drupal project.
|
|
157
162
|
after :updated, "drupal:maintenance:off"
|
data/capdrupal.gemspec
CHANGED
|
@@ -3,7 +3,7 @@ $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
|
|
|
3
3
|
|
|
4
4
|
Gem::Specification.new do |spec|
|
|
5
5
|
spec.name = 'capdrupal'
|
|
6
|
-
spec.version = '3.0.
|
|
6
|
+
spec.version = '3.0.4'
|
|
7
7
|
spec.authors = ['Kevin Wenger', 'Yann Lugrin', 'Gilles Doge', 'Toni Fisler', 'Simon Perdrisat', 'Robert Wohleb', 'Kim Pepper']
|
|
8
8
|
spec.email = ['hello@antistatique.net']
|
|
9
9
|
|
data/lib/capdrupal.rb
CHANGED
|
@@ -7,6 +7,27 @@ namespace :load do
|
|
|
7
7
|
set :keep_backups, 5
|
|
8
8
|
set :enable_modules, []
|
|
9
9
|
set :disable_modules, []
|
|
10
|
+
set :security, {
|
|
11
|
+
# Path of files to be removed from the release path.
|
|
12
|
+
obscurity: [
|
|
13
|
+
"#{fetch(:app_path)}/core/install.php",
|
|
14
|
+
"#{fetch(:app_path)}/install.php",
|
|
15
|
+
"#{fetch(:app_path)}/update.php",
|
|
16
|
+
"#{fetch(:app_path)}/core/COPYRIGHT.txt",
|
|
17
|
+
"#{fetch(:app_path)}/core/CHANGELOG.txt",
|
|
18
|
+
"#{fetch(:app_path)}/core/INSTALL.mysql.txt",
|
|
19
|
+
"#{fetch(:app_path)}/core/INSTALL.pgsql.txt",
|
|
20
|
+
"#{fetch(:app_path)}/core/INSTALL.sqlite.txt",
|
|
21
|
+
"#{fetch(:app_path)}/core/MAINTAINERS.txt",
|
|
22
|
+
"#{fetch(:app_path)}/core/LICENSE.txt",
|
|
23
|
+
"#{fetch(:app_path)}/core/INSTALL.txt",
|
|
24
|
+
"#{fetch(:app_path)}/core/UPDATE.txt",
|
|
25
|
+
"#{fetch(:app_path)}/core/USAGE.txt",
|
|
26
|
+
"#{fetch(:app_path)}/CHANGELOG.txt",
|
|
27
|
+
"#{fetch(:app_path)}/INSTALL.txt",
|
|
28
|
+
"#{fetch(:app_path)}/example.gitignore",
|
|
29
|
+
]
|
|
30
|
+
}
|
|
10
31
|
end
|
|
11
32
|
end
|
|
12
33
|
|
|
@@ -249,8 +270,42 @@ namespace :drupal do
|
|
|
249
270
|
within shared_path do
|
|
250
271
|
# Remove execution for files, keep execution on folder.
|
|
251
272
|
# "web/sites/defaults/files" is a shared dir and should be writable.
|
|
252
|
-
execute :find,
|
|
253
|
-
execute :find,
|
|
273
|
+
execute :find, "#{fetch(:app_path)}/sites/#{fetch(:site_path)}/files", '-type f ! -perm 664 -exec chmod 664 {} \;'
|
|
274
|
+
execute :find, "#{fetch(:app_path)}/sites/#{fetch(:site_path)}/files", '-type d ! -perm 2775 -exec chmod 2775 {} \;'
|
|
275
|
+
end
|
|
276
|
+
end
|
|
277
|
+
end
|
|
278
|
+
end
|
|
279
|
+
|
|
280
|
+
namespace :security do
|
|
281
|
+
|
|
282
|
+
desc 'Security by Obscurity'
|
|
283
|
+
namespace :obscurity do
|
|
284
|
+
|
|
285
|
+
desc 'Obfuscate Drupal sensitive files by deletion'
|
|
286
|
+
task :files do
|
|
287
|
+
on roles(:app) do
|
|
288
|
+
within release_path do
|
|
289
|
+
fetch(:security)[:obscurity].each do |file|
|
|
290
|
+
execute :rm, file, '-f'
|
|
291
|
+
end
|
|
292
|
+
end
|
|
293
|
+
end
|
|
294
|
+
end
|
|
295
|
+
|
|
296
|
+
desc 'Obfuscate Drupal sensitive files by htaccess'
|
|
297
|
+
task :htaccess do
|
|
298
|
+
on roles(:app) do
|
|
299
|
+
htaccessFile = release_path.join(fetch(:app_path)).join('.htaccess')
|
|
300
|
+
|
|
301
|
+
[
|
|
302
|
+
'## added during deploy',
|
|
303
|
+
'## Obfuscate Drupal sensitive files by denying access',
|
|
304
|
+
'<FilesMatch "(^API|CHANGELOG|COPYRIGHT|INSTALL|LICENSE|PATCHES|MAINTAINERS|README|TODO|UPGRADE|UPDATE|CHANGES|install|update|authorize).*\.(md|txt|php)$">',
|
|
305
|
+
' Order deny,allow',
|
|
306
|
+
' Deny from all',
|
|
307
|
+
'</FilesMatch>'
|
|
308
|
+
].each { |line| execute "echo '#{line}' >> #{htaccessFile}" }
|
|
254
309
|
end
|
|
255
310
|
end
|
|
256
311
|
end
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: capdrupal
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 3.0.
|
|
4
|
+
version: 3.0.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Kevin Wenger
|
|
@@ -11,10 +11,10 @@ authors:
|
|
|
11
11
|
- Simon Perdrisat
|
|
12
12
|
- Robert Wohleb
|
|
13
13
|
- Kim Pepper
|
|
14
|
-
autorequire:
|
|
14
|
+
autorequire:
|
|
15
15
|
bindir: bin
|
|
16
16
|
cert_chain: []
|
|
17
|
-
date:
|
|
17
|
+
date: 2023-04-25 00:00:00.000000000 Z
|
|
18
18
|
dependencies:
|
|
19
19
|
- !ruby/object:Gem::Dependency
|
|
20
20
|
name: capistrano
|
|
@@ -95,7 +95,7 @@ homepage: http://github.com/antistatique/capdrupal/
|
|
|
95
95
|
licenses:
|
|
96
96
|
- MIT
|
|
97
97
|
metadata: {}
|
|
98
|
-
post_install_message:
|
|
98
|
+
post_install_message:
|
|
99
99
|
rdoc_options: []
|
|
100
100
|
require_paths:
|
|
101
101
|
- lib
|
|
@@ -110,8 +110,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
110
110
|
- !ruby/object:Gem::Version
|
|
111
111
|
version: '0'
|
|
112
112
|
requirements: []
|
|
113
|
-
rubygems_version: 3.1.
|
|
114
|
-
signing_key:
|
|
113
|
+
rubygems_version: 3.1.2
|
|
114
|
+
signing_key:
|
|
115
115
|
specification_version: 4
|
|
116
116
|
summary: A set of tasks for deploying and managing Drupal projects with Capistrano
|
|
117
117
|
test_files: []
|