From bfea1811645a5b7f59dd8110aa73204397bbac67 Mon Sep 17 00:00:00 2001 From: Huang Junxiang Date: Sun, 27 Apr 2025 11:33:12 +0800 Subject: [PATCH] Merge 12.0 to 13.0 (#513) * Add changelog for 12.0.10 * Add changelog for 12.0.10 * fix: migrate from non-docker * fix: minimal install for mariadb in backup and recover * fix: fuse content missing in host * opt:adjusting migration strategy * Add changelog for pro 12.0.10 * Update security_features.md Update descriptions for encrypted library. * Update seahub_settings_py.md Update description for encrypted library versions. * docs: update Windows development setup instructions for vcpkg (#471) * Update drive-client-changelog.md 3.0.13 * update seasearch.yml * update * Update shibboleth_authentication.md * Update remote_user.md * fix: backup & restore command mysql -> mariadb * update backup and recovery commands and tip * opt: steps in recovering DB * update link of note of MDEV-30203 note from Mariadb * update link of note of MDEV-30203 note from Mariadb * opt: steps in recovering DB * Add changelog for 12.0.11-pro * Add changelog for v12.0.11 * fix: ce binary deployment format error * Update changelog-for-seafile-professional-server.md * feat: helm support custom storageClassName (#486) * docs(onlyoffice): syntax error (#489) * Custom set user role when shib login (#493) Co-authored-by: lian * Seahub customizing opt (#499) * update * Update seahub_customization.md * Update client-changelog.md 9.0.13 * Update upgrade_notes_for_12.0.x.md (#501) * Update upgrade_notes_for_12.0.x.md * Update upgrade_notes_for_12.0.x.md --------- Co-authored-by: Daniel Pan * Update upgrade_docker.md * update upgrade to 12.0: other configuration changes (#502) * Update changelog-for-seafile-professional-server.md * Update sending_email.md (#512) * Update sending_email.md * Update sending_email.md --------- Co-authored-by: Daniel Pan Co-authored-by: Daniel Pan Co-authored-by: Jiaqiang Xu Co-authored-by: rumtid Co-authored-by: r350178982 <32759763+r350178982@users.noreply.github.com> Co-authored-by: lian Co-authored-by: seafile-dev <57566977+seafile-dev@users.noreply.github.com> --- ...angelog-for-seafile-professional-server.md | 6 ++++ manual/changelog/client-changelog.md | 8 +++++ manual/config/seahub_customization.md | 28 ++++++---------- manual/config/sending_email.md | 22 +++++++++++++ manual/config/shibboleth_authentication.md | 32 +++++++++++++++++++ manual/upgrade/upgrade_docker.md | 19 +++++++++++ manual/upgrade/upgrade_notes_for_12.0.x.md | 31 +++++++++++++++++- 7 files changed, 127 insertions(+), 19 deletions(-) diff --git a/manual/changelog/changelog-for-seafile-professional-server.md b/manual/changelog/changelog-for-seafile-professional-server.md index 1bf1f5b0..bb26ffcc 100644 --- a/manual/changelog/changelog-for-seafile-professional-server.md +++ b/manual/changelog/changelog-for-seafile-professional-server.md @@ -8,6 +8,12 @@ Please check our document for how to upgrade to [12.0](../upgrade/upgrade_notes_for_12.0.x.md) +### 12.0.12 (2025-04-21) + +* [fix] Fix a UI bug in "share admin -> share links" +* [fix] Fix a bug in rendering "system admin -> users" +* Update translations + ### 12.0.11 (2025-03-20) * [fix] Fix a stored XSS issue diff --git a/manual/changelog/client-changelog.md b/manual/changelog/client-changelog.md index 3745cf9e..2215fa0b 100644 --- a/manual/changelog/client-changelog.md +++ b/manual/changelog/client-changelog.md @@ -2,6 +2,14 @@ ## 9.0 +### 9.0.13 (2025/04/02) + +* \[win] Fix bug that some items of context menu in Windows Explorer don't show up +* \[mac] Fix bug of handling rename events, that can cause files moved to wrong folder +* \[linux] Support Wayland +* \[linux] Auto lock Office files opened by LibreOffice and WPS +* Upgrade OpenSSL + ### 9.0.12 (2025/02/12) * Improve sync error descriptions in the main window for file sync errors diff --git a/manual/config/seahub_customization.md b/manual/config/seahub_customization.md index bf33531a..f7a1a46a 100644 --- a/manual/config/seahub_customization.md +++ b/manual/config/seahub_customization.md @@ -39,7 +39,7 @@ Add your favicon file to `custom/` Overwrite `FAVICON_PATH` in `seahub_settings.py` ```py -LOGO_PATH = 'custom/favicon.png' +FAVICON_PATH = 'custom/favicon.png' ``` ### Customize Seahub CSS @@ -49,7 +49,7 @@ Add your css file to `custom/`, for example, `custom.css` Overwrite `BRANDING_CSS` in `seahub_settings.py` ```py -LOGO_PATH = 'custom/custom.css' +BRANDING_CSS = 'custom/custom.css' ``` ## Customize help page @@ -58,16 +58,20 @@ LOGO_PATH = 'custom/custom.css' ```sh mkdir -p /opt/seafile-data/seahub/media/custom/templates/help/ cd /opt/seafile-data/seahub/media/custom - cp ../../help/templates/help/install.html templates/help/ + cp ../../help/templates/help/base.html templates/help/ ``` === "Deploy from binary packages" ```sh mkdir /opt/seafile/seafile-server-latest/seahub/media/custom/templates/help/ cd /opt/seafile/seafile-server-latest/seahub/media/custom - cp ../../help/templates/help/install.html templates/help/ + cp ../../help/templates/help/base.html templates/help/ ``` -Modify the `templates/help/install.html` file and save it. You will see the new help page. +For example, modify the `templates/help/base.html` file and save it. You will see the new help page. + +!!! note + There are some more help pages available for modifying, you can find the list of the html file [here](https://github.com/haiwen/seahub/tree/master/seahub/help/templates/help) + ## Add an extra note in sharing dialog @@ -106,24 +110,12 @@ CUSTOM_NAV_ITEMS = [ ``` !!! note - The `icon` field currently only supports icons in Seafile that begin with `sf2-icon`. You can find the list of icons here: + The `icon` field currently only supports icons in Seafile that begin with `sf2-icon`. You can find the list of icons [here](https://github.com/haiwen/seahub/blob/master/media/css/seahub.css) Then restart the Seahub service to take effect. Once you log in to the Seafile system homepage again, you will see the new navigation entry under the `Tools` navigation bar on the left. -## Add more links to the bottom bar - -``` -ADDITIONAL_APP_BOTTOM_LINKS = { - 'seafile': 'https://example.seahub.com/seahub', - 'dtable-web': 'https://example.seahub.com/web' -} -``` - -Result: - -![](../images/additional-app-bottom-links.png) ## Add more links to about dialog diff --git a/manual/config/sending_email.md b/manual/config/sending_email.md index 1670fe6a..8b159ee8 100644 --- a/manual/config/sending_email.md +++ b/manual/config/sending_email.md @@ -65,6 +65,28 @@ interval = 30m ``` +## Add S/MIME signature to email + +If you want the email signed by S/MIME, please add the config in `seahub_settings.py` + + +```python +ENABLE_SMIME = True +SMIME_CERTS_DIR = /opt/seafile/seahub-data/smime-certs # including cert.pem and private_key.pem + +``` +The certificate can be generated by the openssl command, or you can apply to the certificate manufacturer, it is up to you. +For example, generate the certs using the following command: + +``` +mkdir -p /opt/seafile/seahub-data/smime-certs +cd /opt/seafile/seahub-data/smime-certs +openssl req -x509 -newkey rsa:4096 -keyout private_key.pem -outform PEM -out cert.pem -days 3650 -nodes +``` +!!! tip + Some email clients may not verify the email signed by certs generated by command line. So it's better to apply the certs from a manufacture + + ## Customize email messages The simplest way to customize the email messages is setting the `SITE_NAME` variable in `seahub_settings.py`. If it is not enough for your case, you can customize the email templates. diff --git a/manual/config/shibboleth_authentication.md b/manual/config/shibboleth_authentication.md index 88aeca9c..a1a75c90 100644 --- a/manual/config/shibboleth_authentication.md +++ b/manual/config/shibboleth_authentication.md @@ -248,6 +248,38 @@ SHIBBOLETH_AFFILIATION_ROLE_MAP = { After Shibboleth login, Seafile should calcualte user's role from affiliation and SHIBBOLETH_AFFILIATION_ROLE_MAP. +### Custom set user role + +If you are unable to set user roles by obtaining affiliation information, or if you wish to have a more customized way of setting user roles, you can add the following configuration to achieve this. + +For example, set all users whose email addresses end with `@seafile.com` as `default`, and set other users as `guest`. + +First, update the `SHIBBOLETH_ATTRIBUTE_MAP` configuration in seahub_settings.py, and add `HTTP_REMOTE_USER`. + +``` +SHIBBOLETH_ATTRIBUTE_MAP = { + .... + "HTTP_REMOTE_USER": (False, "remote_user"), + .... +} +``` + +Then, create `/opt/seafile/conf/seahub_custom_functions/__init__.py` file and add the following code. +``` +# function name `custom_shibboleth_get_user_role` should NOT be changed +def custom_shibboleth_get_user_role(shib_meta): + + remote_user = shib_meta.get('remote_user', '') + if not remote_user: + return '' + + remote_user = remote_user.lower() + if remote_user.endswith('@seafile.com'): + return 'default' + else: + return 'guest' +``` + ## Verify After restarting Apache and Seahub service (`./seahub.sh restart`), you can then test the shibboleth login workflow. diff --git a/manual/upgrade/upgrade_docker.md b/manual/upgrade/upgrade_docker.md index 1c112829..9aa18e48 100644 --- a/manual/upgrade/upgrade_docker.md +++ b/manual/upgrade/upgrade_docker.md @@ -269,6 +269,25 @@ If you have deployed SeaDoc older version, you should remove `/sdoc-server/`, `/ Please see the document [Setup SeaDoc](../extension/setup_seadoc.md) to install SeaDoc with Seafile. +### Other configuration changes + +#### Enable passing of REMOTE_USER + +REMOTE_USER header is not passed to Seafile by default, you need to change `gunicorn.conf.py` if you need REMOTE_USER header for SSO. + +```python +forwarder_headers = 'SCRIPT_NAME,PATH_INFO,REMOTE_USER' +``` + +#### Supplement or remove ALLOWED_HOSTS in seahub_settings.py + +Since version 12.0, the seaf-server component need to send internal requests to seahub component to check permissions, as reporting ***400 Error*** when downloading files if the `ALLOWED_HOSTS` set incorrect. In this case, you can either **remove** `ALLOWED_HOSTS` in `seahub_settings.py` or **supplement** `127.0.0.1` in `ALLOWED_HOSTS` list: + +```py +# seahub_settings.py + +ALLOWED_HOSTS = ['...(your domain)', '127.0.0.1'] +``` ## Upgrade from 10.0 to 11.0 diff --git a/manual/upgrade/upgrade_notes_for_12.0.x.md b/manual/upgrade/upgrade_notes_for_12.0.x.md index 6d20e6b2..9ed92ce6 100644 --- a/manual/upgrade/upgrade_notes_for_12.0.x.md +++ b/manual/upgrade/upgrade_notes_for_12.0.x.md @@ -25,7 +25,7 @@ Configuration changes: * SERVICE_URL and FILE_SERVER_ROOT are removed. SERVICE_URL will be calculated from SEAFILE_SERVER_PROTOCOL and SEAFILE_SERVER_HOSTNAME in `.env` file. * `ccnet.conf` is removed. Some of its configuration items are moved from `.env` file, others are read from items in `seafile.conf` with same name. * Two role permissions are added, `can_create_wiki` and `can_publish_wiki` are used to control whether a role can create a Wiki and publish a Wiki. The old role permission `can_publish_repo` is removed. - +* REMOTE_USER header is not passed to Seafile by default, you need to change `gunicorn.conf.py` if you need REMOTE_USER header for SSO. Other changes: @@ -175,6 +175,35 @@ From version 1.0, SeaDoc is using seahub_db database to store its operation logs Please see the document [Setup SeaDoc](../extension/setup_seadoc.md) to install SeaDoc on a separate machine and integrate with your binary packaged based Seafile server v12.0. +### 9) (Optional) Update `gunicorn.conf.py` file in `conf/` directory + +If you deployed single sign on (SSO) by Shibboleth protocol, the following line should be added to the gunicorn config file. + +```python + +forwarder_headers = 'SCRIPT_NAME,PATH_INFO,REMOTE_USER' +``` + +### 10) (Optional) Other configuration changes + +#### Enable passing of REMOTE_USER + +REMOTE_USER header is not passed to Seafile by default, you need to change `gunicorn.conf.py` if you need REMOTE_USER header for SSO. + +```python +forwarder_headers = 'SCRIPT_NAME,PATH_INFO,REMOTE_USER' +``` + +#### Supplement or remove ALLOWED_HOSTS in seahub_settings.py + +Since version 12.0, the seaf-server component need to send internal requests to seahub component to check permissions, as reporting ***400 Error*** when downloading files if the `ALLOWED_HOSTS` set incorrect. In this case, you can either **remove** `ALLOWED_HOSTS` in `seahub_settings.py` or **supplement** `127.0.0.1` in `ALLOWED_HOSTS` list: + +```py +# seahub_settings.py + +ALLOWED_HOSTS = ['...(your domain)', '127.0.0.1'] +``` + ## FAQ We have documented common issues encountered by users when upgrading to version 12.0 in our FAQ .