From 70fbc8c7b0d65fd71878520e5cb14e4a494137fa Mon Sep 17 00:00:00 2001 From: Jacob Weisz Date: Sat, 24 Sep 2022 05:29:27 +0000 Subject: [PATCH] Add Sandstorm packaging files (#26) I am not quite done here, I need to finish some of the packaging metadata, and I am going to maybe take a pass at permissions prior to release. Opening the pull request so you can easily track the progress. Note that Sandstorm app metadata is supposed to be less than 1 MB total, so I optimized your screenshots. I dare you to tell the difference with the naked eye. Co-authored-by: Jacob Weisz Reviewed-on: https://git.mills.io/prologic/tube/pulls/26 Co-authored-by: Jacob Weisz Co-committed-by: Jacob Weisz --- .gitignore | 1 + .sandstorm/.gitattributes | 5 + .sandstorm/.gitignore | 5 + .sandstorm/DESCRIPTION.md | 10 + .sandstorm/Vagrantfile | 110 ++++++++ .sandstorm/build.sh | 16 ++ .sandstorm/config.json | 37 +++ .sandstorm/global-setup.sh | 59 +++++ .sandstorm/launcher.sh | 1 + .sandstorm/pgp-keyring | Bin 0 -> 3358 bytes .sandstorm/pgp-signature | Bin 0 -> 448 bytes .sandstorm/sandstorm-files.list | 425 ++++++++++++++++++++++++++++++ .sandstorm/sandstorm-pkgdef.capnp | 202 ++++++++++++++ .sandstorm/setup.sh | 22 ++ .sandstorm/stack | 1 + AUTHORS | 1 + README.md | 2 + app/app.go | 7 +- app/middleware/auth.go | 15 ++ screenshot-1.png | Bin 1684723 -> 350078 bytes screenshot-2.png | Bin 547304 -> 137113 bytes static/tube.svg | 47 ++++ 22 files changed, 965 insertions(+), 1 deletion(-) create mode 100644 .sandstorm/.gitattributes create mode 100644 .sandstorm/.gitignore create mode 100644 .sandstorm/DESCRIPTION.md create mode 100644 .sandstorm/Vagrantfile create mode 100644 .sandstorm/build.sh create mode 100644 .sandstorm/config.json create mode 100644 .sandstorm/global-setup.sh create mode 100644 .sandstorm/launcher.sh create mode 100644 .sandstorm/pgp-keyring create mode 100644 .sandstorm/pgp-signature create mode 100644 .sandstorm/sandstorm-files.list create mode 100644 .sandstorm/sandstorm-pkgdef.capnp create mode 100644 .sandstorm/setup.sh create mode 100644 .sandstorm/stack create mode 100644 static/tube.svg diff --git a/.gitignore b/.gitignore index 0e81ec3..1c7bf4f 100644 --- a/.gitignore +++ b/.gitignore @@ -5,6 +5,7 @@ /dist /tube +tube /.DS_Store videos/* diff --git a/.sandstorm/.gitattributes b/.sandstorm/.gitattributes new file mode 100644 index 0000000..5a533b9 --- /dev/null +++ b/.sandstorm/.gitattributes @@ -0,0 +1,5 @@ + + +# vagrant-spk creates shell scripts, which must end in \n, even on a \r\n system. +*.sh text eol=lf + diff --git a/.sandstorm/.gitignore b/.sandstorm/.gitignore new file mode 100644 index 0000000..d70e1e3 --- /dev/null +++ b/.sandstorm/.gitignore @@ -0,0 +1,5 @@ + + +# This file stores a list of sub-paths of .sandstorm/ that should be ignored by git. +.vagrant + diff --git a/.sandstorm/DESCRIPTION.md b/.sandstorm/DESCRIPTION.md new file mode 100644 index 0000000..a4a1c9e --- /dev/null +++ b/.sandstorm/DESCRIPTION.md @@ -0,0 +1,10 @@ +Tube is a YouTube-like (_without censorship and features you don't need!_) +video sharing app written in Go which also supports automatic transcoding to +MP4 H.265 AAC + +## Features + +- Easy to upload videos (just use the builtin uploader and automatic transcoder!) +- Builtin ffmpeg-based Transcoder that automatically converts your uploaded content to MP4 H.264 / AAC +- Builtin automatic thumbnail generator +- Clean, simple, familiar UI \ No newline at end of file diff --git a/.sandstorm/Vagrantfile b/.sandstorm/Vagrantfile new file mode 100644 index 0000000..481ed81 --- /dev/null +++ b/.sandstorm/Vagrantfile @@ -0,0 +1,110 @@ +# -*- mode: ruby -*- +# vi: set ft=ruby : + +# CAUTION: DO NOT MAKE CHANGES TO THIS FILE. The vagrant-spk upgradevm process will overwrite it. + +# Guess at a reasonable name for the VM based on the folder vagrant-spk is +# run from. The timestamp is there to avoid conflicts if you have multiple +# folders with the same name. +VM_NAME = File.basename(File.dirname(File.dirname(__FILE__))) + "_sandstorm_#{Time.now.utc.to_i}" + +# Vagrantfile API/syntax version. Don't touch unless you know what you're doing! +VAGRANTFILE_API_VERSION = "2" + +# ugly hack to prevent hashicorp's bitrot. See https://github.com/hashicorp/vagrant/issues/9442 +# this setting is required for pre-2.0 vagrant, but causes an error as of 2.0.3, +# remove entirely when confident nobody uses vagrant 1.x for anything. +unless Vagrant::DEFAULT_SERVER_URL.frozen? + Vagrant::DEFAULT_SERVER_URL.replace('https://vagrantcloud.com') +end + +Vagrant.configure(VAGRANTFILE_API_VERSION) do |config| + # Base on the Sandstorm snapshots of the official Debian 9 (stretch) box with vboxsf support. + config.vm.box = "debian/bullseye64" + config.vm.post_up_message = "Your virtual server is running at http://local.sandstorm.io:6090." + + + if Vagrant.has_plugin?("vagrant-vbguest") then + # vagrant-vbguest is a Vagrant plugin that upgrades + # the version of VirtualBox Guest Additions within each + # guest. If you have the vagrant-vbguest plugin, then it + # needs to know how to compile kernel modules, etc., and so + # we give it this hint about operating system type. + config.vm.guest = "debian" + end + + # We forward port 6090, the vagrant-spk web port, so that developers can + # visit their Sandstorm app from their browser as local.sandstorm.io:6090 + # (aka 127.0.0.1:6090). + config.vm.network :forwarded_port, guest: 6090, host: 6090, host_ip: "127.0.0.1" + + # Use a shell script to "provision" the box. This installs Sandstorm using + # the bundled installer. + config.vm.provision "shell", inline: "sudo bash /opt/app/.sandstorm/global-setup.sh", keep_color: true + # Then, do stack-specific and app-specific setup. + config.vm.provision "shell", inline: "sudo bash /opt/app/.sandstorm/setup.sh", keep_color: true + + # Shared folders are configured per-provider since vboxsf can't handle >4096 open files, + # NFS requires privilege escalation every time you bring a VM up, + # and 9p is only available on libvirt. + + # Calculate the number of CPUs and the amount of RAM the system has, + # in a platform-dependent way; further logic below. + cpus = nil + total_kB_ram = nil + + host = RbConfig::CONFIG['host_os'] + if host =~ /darwin/ + cpus = `sysctl -n hw.ncpu`.to_i + total_kB_ram = `sysctl -n hw.memsize`.to_i / 1024 + elsif host =~ /linux/ + cpus = `nproc`.to_i + total_kB_ram = `grep MemTotal /proc/meminfo | awk '{print $2}'`.to_i + elsif host =~ /mingw/ + cpus = `powershell -Command "(Get-WmiObject Win32_Processor -Property NumberOfLogicalProcessors | Select-Object -Property NumberOfLogicalProcessors | Measure-Object NumberOfLogicalProcessors -Sum).Sum"`.to_i + total_kB_ram = `powershell -Command "[math]::Round((Get-WmiObject -Class Win32_ComputerSystem).TotalPhysicalMemory)"`.to_i / 1024 + end + # Use the same number of CPUs within Vagrant as the system, with 1 + # as a default. + # + # Use at least 512MB of RAM, and if the system has more than 2GB of + # RAM, use 1/4 of the system RAM. This seems a reasonable compromise + # between having the Vagrant guest operating system not run out of + # RAM entirely (which it basically would if we went much lower than + # 512MB) and also allowing it to use up a healthily large amount of + # RAM so it can run faster on systems that can afford it. + if cpus.nil? or cpus.zero? + cpus = 1 + end + if total_kB_ram.nil? or total_kB_ram < 2048000 + assign_ram_mb = 512 + else + assign_ram_mb = (total_kB_ram / 1024 / 4) + end + # Actually apply these CPU/memory values to the providers. + config.vm.provider :virtualbox do |vb, override| + vb.cpus = cpus + vb.memory = assign_ram_mb + vb.name = VM_NAME + vb.customize ["modifyvm", :id, "--nictype1", "Am79C973"] + + # /opt/app and /host-dot-sandstorm are used by vagrant-spk + override.vm.synced_folder "..", "/opt/app" + override.vm.synced_folder ENV["HOME"] + "/.sandstorm", "/host-dot-sandstorm" + # /vagrant is not used by vagrant-spk; we need this line so it gets disabled; if we removed the + # line, vagrant would automatically insert a synced folder in /vagrant, which is not what we want. + override.vm.synced_folder "..", "/vagrant", disabled: true + end + config.vm.provider :libvirt do |libvirt, override| + libvirt.cpus = cpus + libvirt.memory = assign_ram_mb + libvirt.default_prefix = VM_NAME + + # /opt/app and /host-dot-sandstorm are used by vagrant-spk + override.vm.synced_folder "..", "/opt/app", type: "9p", accessmode: "passthrough" + override.vm.synced_folder ENV["HOME"] + "/.sandstorm", "/host-dot-sandstorm", type: "9p", accessmode: "passthrough" + # /vagrant is not used by vagrant-spk; we need this line so it gets disabled; if we removed the + # line, vagrant would automatically insert a synced folder in /vagrant, which is not what we want. + override.vm.synced_folder "..", "/vagrant", type: "9p", accessmode: "passthrough", disabled: true + end +end diff --git a/.sandstorm/build.sh b/.sandstorm/build.sh new file mode 100644 index 0000000..a6b3bd1 --- /dev/null +++ b/.sandstorm/build.sh @@ -0,0 +1,16 @@ +#!/bin/bash +set -euo pipefail + +cd /opt/app +if [ ! -e go.mod ]; then + printf "Error: This directory does not contain a go module;\n" + printf "vagrant-spk's golang stack does not support older GOPATH\n" + printf "based projects. Try running:\n" >&2 + printf "\n" >&2 + printf " vagrant-spk vm ssh\n" >&2 + printf " cd /opt/app\n" >&2 + printf " go mod init example.com/mypkg\n" >&2 + exit 1 +fi +go build -o tube +exit 0 diff --git a/.sandstorm/config.json b/.sandstorm/config.json new file mode 100644 index 0000000..88165c9 --- /dev/null +++ b/.sandstorm/config.json @@ -0,0 +1,37 @@ +{ + "library": [ + { + "path": "/var/videos", + "prefix": "" + } + ], + "server": { + "host": "0.0.0.0", + "port": 8000, + "store_path": "/var/tube.db", + "upload_path": "/var/uploads", + "max_upload_size": 104857600 + }, + "thumbnailer": { + "timeout": 60, + "position_from_start": 3 + }, + "transcoder": { + "timeout": 300, + "sizes": null + }, + "feed": { + "external_url": "", + "title": "Feed Title", + "link": "http://your-url.example/about", + "description": "Feed Description", + "author": { + "name": "Author Name", + "email": "author@somewhere.example" + }, + "copyright": "Copyright Text" + }, + "copyright": { + "content": "" + } +} \ No newline at end of file diff --git a/.sandstorm/global-setup.sh b/.sandstorm/global-setup.sh new file mode 100644 index 0000000..0122740 --- /dev/null +++ b/.sandstorm/global-setup.sh @@ -0,0 +1,59 @@ +#!/bin/bash +set -euo pipefail + +# CAUTION: DO NOT MAKE CHANGES TO THIS FILE. The vagrant-spk upgradevm process will overwrite it. +# App-specific setup should be done in the setup.sh file. + +# Set options for curl. Since we only want to show errors from these curl commands, we also use +# 'cat' to buffer the output; for more information: +# https://github.com/sandstorm-io/vagrant-spk/issues/158 + +CURL_OPTS="--silent --show-error" +echo localhost > /etc/hostname +hostname localhost + +# Grub updates don't silent install well +apt-mark hold grub-pc +apt-get update +apt-get upgrade -y + +# Install curl that is needed below. +apt-get install -y curl + +# The following line copies stderr through stderr to cat without accidentally leaving it in the +# output file. Be careful when changing. See: https://github.com/sandstorm-io/vagrant-spk/pull/159 +curl $CURL_OPTS https://install.sandstorm.io/ 2>&1 > /host-dot-sandstorm/caches/install.sh | cat + +SANDSTORM_CURRENT_VERSION=$(curl $CURL_OPTS -f "https://install.sandstorm.io/dev?from=0&type=install") +SANDSTORM_PACKAGE="sandstorm-$SANDSTORM_CURRENT_VERSION.tar.xz" +if [[ ! -f /host-dot-sandstorm/caches/$SANDSTORM_PACKAGE ]] ; then + echo -n "Downloading Sandstorm version ${SANDSTORM_CURRENT_VERSION}..." + curl $CURL_OPTS --output "/host-dot-sandstorm/caches/$SANDSTORM_PACKAGE.partial" "https://dl.sandstorm.io/$SANDSTORM_PACKAGE" 2>&1 | cat + mv "/host-dot-sandstorm/caches/$SANDSTORM_PACKAGE.partial" "/host-dot-sandstorm/caches/$SANDSTORM_PACKAGE" + echo "...done." +fi +if [ ! -e /opt/sandstorm/latest/sandstorm ] ; then + echo -n "Installing Sandstorm version ${SANDSTORM_CURRENT_VERSION}..." + bash /host-dot-sandstorm/caches/install.sh -d -e -p 6090 "/host-dot-sandstorm/caches/$SANDSTORM_PACKAGE" >/dev/null + echo "...done." +fi +modprobe ip_tables +# Make the vagrant user part of the sandstorm group so that commands like +# `spk dev` work. +usermod -a -G 'sandstorm' 'vagrant' +# Bind to all addresses, so the vagrant port-forward works. +sudo sed --in-place='' \ + --expression='s/^BIND_IP=.*/BIND_IP=0.0.0.0/' \ + /opt/sandstorm/sandstorm.conf + +# Force vagrant-spk to use the strict CSP, see sandstorm#3424 for details. +echo 'ALLOW_LEGACY_RELAXED_CSP=false' >> /opt/sandstorm/sandstorm.conf + +sudo service sandstorm restart +# Enable apt-cacher-ng proxy to make things faster if one appears to be running on the gateway IP +GATEWAY_IP=$(ip route | grep ^default | cut -d ' ' -f 3) +if nc -z "$GATEWAY_IP" 3142 ; then + echo "Acquire::http::Proxy \"http://$GATEWAY_IP:3142\";" > /etc/apt/apt.conf.d/80httpproxy +fi +# Configure apt to retry fetching things that fail to download. +echo "APT::Acquire::Retries \"10\";" > /etc/apt/apt.conf.d/80sandstorm-retry diff --git a/.sandstorm/launcher.sh b/.sandstorm/launcher.sh new file mode 100644 index 0000000..f15c7d0 --- /dev/null +++ b/.sandstorm/launcher.sh @@ -0,0 +1 @@ +exec /opt/app/tube -c /opt/app/.sandstorm/config.json diff --git a/.sandstorm/pgp-keyring b/.sandstorm/pgp-keyring new file mode 100644 index 0000000000000000000000000000000000000000..f49fdb7f1ac5ffa18fe090daf6ed0fdd2270b319 GIT binary patch literal 3358 zcmai!S2!Dt0)`VIh%HuHqSPk#j8UWnwMR>}YK1CkilS!iO|9DVx2jfa*Pf;Jrql{m zqoOEkg!7#7JpZ{m=kB|BFTeNAAfX{OoAgiu(gWUcD}wE}bL_)rgzx^Bq8p36(ZX>E!sM}=6J zuEYjq+hZqMJ%pQ?BBDOOtyQpn?c&u}Pa(K^B^70h2wv<5-jqJW^^KY4HpJC6u+lR( zargEN$0L-M3_#3RY}T{VD9h|9CI+mvniTX~5qp=uv>wUs#dAG{*|}QXXg)6U6S6mE z=W7+=1=v7T%3@tZ6srXu#5V0isL58Oi4K=`8Bj{klS1lY*fL z8^&>H0`(!)%CxwYqnj{!Vcnhg^19^#aOVD`mDCCTs&%aBZQZBh^}wYiHf;ZL6ri<8 zezy;VE}clF=1DGNuN^Ac_DEX@4Z-a>h&1ETY;ep78H)j(RMMG6(aI&gsmY#iNx>g? zD+VHw{(ax^laM%lM~}WZUMMxVI?L*ZCLjF=bCm(E$6OBJ9?gsyK3Sjn>nkVPw*^7O z^ijSBW;tL3vzLf_0hOxa;+<6AE>nu_fkXr8nhuZiyW!PlR?zG#UWqO6Q@nUbL$d%~ zF)_+?lsau~9ow|5(sB1QZjKry6c^ctNT+4NZ|7lCLF;JFV27^bU{{@kb(G+*;QUIE z(Jb|8uT#z)^yG;1y96^`m8}pe00R&JtV1|sylrjVF``a5F`S+KOE-+OvlHf)(%)P4 zZ$c%CM3fW?gaEk7NdEaEO8R7;3I(pCDUN#0;STv5)`(fWlC^YxN#= z+E&O(SqZ+WN~Bo~SepOKzpuyH&~e9VZyudA&rQ1#p6e8~tjKQK%Y@vkl<7HO9=UK5 zQ6<%iwInT=cxAS4T|1S@_~a>%I!nZ-l+r|tsB*-2uB;G~xp1flk}OV3YV#&-i{>Nz zHTU9CApQ4hzWkx-^-$?yf^u#lnIauOD#=w8M=p5A!3l8_ZDA9v=}9b^0T?&4V~h%) zu>^7NH~Dk1fg_vOT~1Qi4(4cicz#|VR=~UozNUz}^>ZQZT2G07(qcn)A7l?MqS(TJ z*IRa@UbP=A&%&x7SX^>y%jtt&^_SgtTfPSdIQ!tGm7`B(T1cZ)btH$vYlN!nvT7^R zPsum!&%HGk1q z&-qOetV}^sOS=;&sBTq8#k#^7&wkJ7v;Bau`EO3|=jk71OQV%&Qm+{R?2F!tj%j5j zQ|iZ-0-3p|!mV9%m`S0EcstlY8HjxR<4AItovLf3rcoXHTGf+i;pULoi#=41XHn;e z0I1$z*lW4%ANW?BzSv93l;_5RcRK0s<@l#_X#Zf2NU5a&rPFk4SCU>|6KkTb6gC-GZin{~F$WWjWa``+QzbGoKK z)oF<7iPa;fHdZOAUaOvYQZM+zlOe5_?%^hTY(KltViTU|9(<7(Hh*!wm1`W+a@ZyG z?h2Inc1e_sl^7Qa{R4)Bo=rJ~e0NC1_Z(~L@C%3>C?4p8V~`Rd-CF`R({qQknme}a z;CVIaxq9@^7sx}r^}F9c%oSmFZa(z{T^DR{G=H9J*lOC#;Z-Kc5dSsZAbHKJKnazf z@SCpJtPR7Tr`QOcLpfZ8*4y1|HkmVeUua*6vFHirVwf4kKA_!cP)2myfq%>W>j^klb+M!=zNu3W0**G@V+*a!{C zHT5$7(f+^-@lP9T{(Vrgo*39~*FFRnzPnFaC)>#s`RW=NV`;>l??L|dLgwsG!*xWn z3DcT6PDzecc*?+tE=1d`6xmV)Eu1^wCZhTkzGYNudWDE_2n#AKE`3r=l#o0tD{3rL zxXVz$oyQa#lPJAqNgyE(^lBSck}J4fuX!8!hnv=*hSRdpxR?^0U`87K^BJi@KwtrkMXRG1z=I6JFhKK`s?eFqEOY5-i@A0Kn^4 z#mq~0rkcmEk4%o7R#o%VA^me{nT;dP3mqz*W5a)y44U-6z_ff}eiPO)JY&6LS|{o*U6_>~97yDm=0q$hXhvv!Z0GdWYN#Ld3)#9t3R4m(sc3w6Clf>x z%3Z|W%Ihq7m#*}0-B{y~PsUGFQ_*em24GI*VOJ*-c7El;>4V=At0w=*k$$Z!#V-Mt zjgh^4KcB7b$!hn6$|q-iA{y9p7h6j9owlgF*qe8S z$;|WDQa5tP<_J!a=+N}ZWl~$b)}+P_)>o%vd!;vMt6xn^&)_k?-70u>@8!=1C5Opq zh1wt~C9u-usV3wVU{9D$a!l3g`VU?#@64E;6bq3n@6)7$wP($yWTVNA5yKC3nCyYd z^wr<1g^XD<`1>CRww=xzsS*#5)0VQ-{ER*D@unNjYZF}A!qHLTs4VLdo+*K1^(rP) zGkb93{JHz<$GP^ggoNN~Gkl7hPv_jzV}UD%y!N%B_e?C1T;IwygN`RV29DqO9Z#Fn zIO@>!(FFtm25nF1V{!QfDMBQd`1O=1^W&ms=Dx-Gv_|l)|5sKzMn@+!4tRp*$_Ff@ z8mVqg34dpn8Jw|dNBEkADbvAGb6wH|7Zfs{+Nc`E^ObqWm=2n)Fi>r{Doc_KAyr&E znb|F4SU{|614*he@B~KAzq*Sp);ZM6!>TV|OIZa{UN#daMTl8rv$pepE+bEJy3(W) z661*dE@y|TScAeCv{uFHPOm#+bT)dTc+?`5c9_5Mesn-zd1Qg7&l0;s#~<5=H>{_# zPuvW>lQYPAlUo2s54_7mxsdfI6xv@__nn^V%gH~`skD^t=h=OJ*iMA%`>*j7r^xXG z?`dDkc30a62IAgCjv5}Oi(G^%hGwuklnl&Eb*h|ihRyu1tZ@IItY{=~j8i+vzqC*y zzl3~Mfj_)O;GD^rH$D};I&XrmPlBO``a;g zoL@CXxtlAj{_aQvlS@ocjGqkpN-c8)=%t?~kdQ0vw3Csk)^ZLMQ$C+6URhr;9r*T0 zu&omfu2~j|sxge3I%bxzupbK;tx2ks?6^wJZ@Fhr8=oPh>x|7SO6t!LT6Hs zzp4YC5fd4$ooiA1@}qCkw32$*jq>V=d-*i3)0nTWOUo?UV4o+ z#)Eri)49JERLoi$SSdAK<)gyS5JNz@Bn0)+;ydl8z>7|yN|D{p27EHLR;BCY#D(H^W_v?rtIB*E5`()kuTsQ6*A0DHfN^B_&^ vkamzATvhI%%$()8ei*CX3tqc`v37>??_h9uxeK%qRdBm*pymYCjP^2pFr*hM` z^D0><_r``==!yPmI-?%M7|`@H_S;lBr@Q7W51iz