From b5bf0cbdb98632a7fbe73efa22e4ee5c38e0ae95 Mon Sep 17 00:00:00 2001
From: Jacob Weisz <inbox@jacobweisz.com>
Date: Mon, 16 Oct 2023 08:00:24 -0500
Subject: [PATCH] ;feat: Upgrade Sandstorm package with permissions

---
 .sandstorm/README.md              |  2 +-
 .sandstorm/Vagrantfile            | 30 ++++++++--------
 .sandstorm/changelog.md           |  5 +++
 .sandstorm/description.md         |  2 +-
 .sandstorm/global-setup.sh        | 19 ++++++++---
 .sandstorm/sandstorm-files.list   | 57 +++++++++++--------------------
 .sandstorm/sandstorm-pkgdef.capnp |  5 +--
 .sandstorm/setup.sh               |  2 +-
 8 files changed, 60 insertions(+), 62 deletions(-)

diff --git a/.sandstorm/README.md b/.sandstorm/README.md
index 467993cd8..8d13547e5 100644
--- a/.sandstorm/README.md
+++ b/.sandstorm/README.md
@@ -7,6 +7,6 @@
 - Navigate your terminal to your local hledger repository folder
 - Run `vagrant-spk vm up`
 - Run `vagrant-spk dev` to run the app in Sandstorm dev mode
-- Visit http://local.sandstorm.io:6080 in your browser to see changes and test
+- Visit http://local.sandstorm.io:6090 in your browser to see changes and test
 - Press Ctrl-C to exit dev mode
 - Run `vagrant-spk pack hledger.spk` to create the Sandstorm package file
\ No newline at end of file
diff --git a/.sandstorm/Vagrantfile b/.sandstorm/Vagrantfile
index 71ed25900..132153bcd 100644
--- a/.sandstorm/Vagrantfile
+++ b/.sandstorm/Vagrantfile
@@ -1,6 +1,8 @@
 # -*- mode: ruby -*-
 # vi: set ft=ruby :
 
+# CAUTION: DO NOT MAKE CHANGES TO THIS FILE. The vagrant-spk upgradevm process will overwrite it.
+
 # Guess at a reasonable name for the VM based on the folder vagrant-spk is
 # run from.  The timestamp is there to avoid conflicts if you have multiple
 # folders with the same name.
@@ -17,9 +19,10 @@ unless Vagrant::DEFAULT_SERVER_URL.frozen?
 end
 
 Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
-  # Base on the Sandstorm snapshots of the official Debian 9 (stretch) box with vboxsf support.
-  config.vm.box = "debian/contrib-stretch64"
-  config.vm.box_version = "9.3.0"
+  # Base on a 64-bit Debian box with vboxsf support (ex. contrib-buster64, bullseye64)
+  config.vm.box = "debian/bookworm64"
+  config.vm.post_up_message = "Your virtual server is running at: http://local.sandstorm.io:6090"
+
 
   if Vagrant.has_plugin?("vagrant-vbguest") then
     # vagrant-vbguest is a Vagrant plugin that upgrades
@@ -28,12 +31,13 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
     # needs to know how to compile kernel modules, etc., and so
     # we give it this hint about operating system type.
     config.vm.guest = "debian"
+    config.vbguest.auto_update = false
   end
 
-  # We forward port 6080, the Sandstorm web port, so that developers can
-  # visit their sandstorm app from their browser as local.sandstorm.io:6080
-  # (aka 127.0.0.1:6080).
-  config.vm.network :forwarded_port, guest: 6080, host: 6080, host_ip: "127.0.0.1"
+  # We forward port 6090, the vagrant-spk web port, so that developers can
+  # visit their Sandstorm app from their browser as local.sandstorm.io:6090
+  # (aka 127.0.0.1:6090).
+  config.vm.network :forwarded_port, guest: 6090, host: 6090, host_ip: "127.0.0.1"
 
   # Use a shell script to "provision" the box. This installs Sandstorm using
   # the bundled installer.
@@ -58,12 +62,8 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
     cpus = `nproc`.to_i
     total_kB_ram = `grep MemTotal /proc/meminfo | awk '{print $2}'`.to_i
   elsif host =~ /mingw/
-    # powershell may not be available on Windows XP and Vista, so wrap this in a rescue block
-    begin
-      cpus = `powershell -Command "(Get-WmiObject Win32_Processor -Property NumberOfLogicalProcessors | Select-Object -Property NumberOfLogicalProcessors | Measure-Object NumberOfLogicalProcessors -Sum).Sum"`.to_i
-      total_kB_ram = `powershell -Command "Get-CimInstance -class cim_physicalmemory | % $_.Capacity}"`.to_i / 1024
-    rescue
-    end
+    cpus = `powershell -Command "(Get-WmiObject Win32_Processor -Property NumberOfLogicalProcessors | Select-Object -Property NumberOfLogicalProcessors | Measure-Object NumberOfLogicalProcessors -Sum).Sum"`.to_i
+    total_kB_ram = `powershell -Command "[math]::Round((Get-WmiObject -Class Win32_ComputerSystem).TotalPhysicalMemory)"`.to_i / 1024
   end
   # Use the same number of CPUs within Vagrant as the system, with 1
   # as a default.
@@ -80,7 +80,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
   if total_kB_ram.nil? or total_kB_ram < 2048000
     assign_ram_mb = 512
   else
-    assign_ram_mb = (total_kB_ram / 1024 / 2)
+    assign_ram_mb = (total_kB_ram / 1024 / 4)
   end
   # Actually apply these CPU/memory values to the providers.
   config.vm.provider :virtualbox do |vb, override|
@@ -91,7 +91,7 @@ Vagrant.configure(VAGRANTFILE_API_VERSION) do |config|
 
     # /opt/app and /host-dot-sandstorm are used by vagrant-spk
     override.vm.synced_folder "..", "/opt/app"
-    override.vm.synced_folder ENV["HOME"] + "/.sandstorm", "/host-dot-sandstorm"
+    override.vm.synced_folder ENV["HOME"] + "/.sandstorm", "/host-dot-sandstorm", mount_options: ["x-systemd.automount"]
     # /vagrant is not used by vagrant-spk; we need this line so it gets disabled; if we removed the
     # line, vagrant would automatically insert a synced folder in /vagrant, which is not what we want.
     override.vm.synced_folder "..", "/vagrant", disabled: true
diff --git a/.sandstorm/changelog.md b/.sandstorm/changelog.md
index 634db909c..7a0899cbc 100644
--- a/.sandstorm/changelog.md
+++ b/.sandstorm/changelog.md
@@ -1,3 +1,8 @@
+# V1.31 (2023-10-20)
+
+ * Upgrade to HLedger 1.31
+ * Add support for sharing permissions
+
 # V1.9.2 (2018-06-05)
 
  * Upgrade to HLedger 1.9.2
diff --git a/.sandstorm/description.md b/.sandstorm/description.md
index 3c979e824..2a4feea5d 100644
--- a/.sandstorm/description.md
+++ b/.sandstorm/description.md
@@ -2,4 +2,4 @@ hledger (http://hledger.org) is a dependable, precise, cross-platform program fo
 
 In double-entry accounting, each transaction must be balanced: An equal amount added to one account must be subtracted from another. You may wish to consult hledger documentation or other tutorials on the web to learn how to use double-entry accounting.
 
-Sandstorm users, thanks for your feedback. hledger's web UI is a simple one to fit current development resources, and I'm sorry that Sandstorm integration is lacking. Your help is needed. We have an open issue for this where you can add a bounty or contribute patches (https://github.com/simonmichael/hledger/issues/425). We also welcome bug reports with more detail (http://bugs.hledger.org/new), general hledger-web improvements, backers and sponsors (http://hledger.org).
+We welcome bug reports with more detail (http://bugs.hledger.org/new), general hledger-web improvements, backers and sponsors (http://hledger.org).
diff --git a/.sandstorm/global-setup.sh b/.sandstorm/global-setup.sh
index 6f1d1da99..746304b1e 100644
--- a/.sandstorm/global-setup.sh
+++ b/.sandstorm/global-setup.sh
@@ -1,6 +1,9 @@
 #!/bin/bash
 set -euo pipefail
 
+# CAUTION: DO NOT MAKE CHANGES TO THIS FILE. The vagrant-spk upgradevm process will overwrite it.
+# App-specific setup should be done in the setup.sh file.
+
 # Set options for curl. Since we only want to show errors from these curl commands, we also use
 # 'cat' to buffer the output; for more information:
 # https://github.com/sandstorm-io/vagrant-spk/issues/158
@@ -9,9 +12,13 @@ CURL_OPTS="--silent --show-error"
 echo localhost > /etc/hostname
 hostname localhost
 
-# Install curl that is needed below.
+# Grub updates don't silent install well
+apt-mark hold grub-pc
 apt-get update
-apt-get install -y curl
+apt-get upgrade -y
+
+# Install curl needed below, and gnupg for package signing
+apt-get install -y curl gnupg
 
 # The following line copies stderr through stderr to cat without accidentally leaving it in the
 # output file. Be careful when changing. See: https://github.com/sandstorm-io/vagrant-spk/pull/159
@@ -27,7 +34,7 @@ if [[ ! -f /host-dot-sandstorm/caches/$SANDSTORM_PACKAGE ]] ; then
 fi
 if [ ! -e /opt/sandstorm/latest/sandstorm ] ; then
     echo -n "Installing Sandstorm version ${SANDSTORM_CURRENT_VERSION}..."
-    bash /host-dot-sandstorm/caches/install.sh -d -e "/host-dot-sandstorm/caches/$SANDSTORM_PACKAGE" >/dev/null
+    bash /host-dot-sandstorm/caches/install.sh -d -e -p 6090 "/host-dot-sandstorm/caches/$SANDSTORM_PACKAGE" >/dev/null
     echo "...done."
 fi
 modprobe ip_tables
@@ -38,6 +45,10 @@ usermod -a -G 'sandstorm' 'vagrant'
 sudo sed --in-place='' \
         --expression='s/^BIND_IP=.*/BIND_IP=0.0.0.0/' \
         /opt/sandstorm/sandstorm.conf
+
+# Force vagrant-spk to use the strict CSP, see sandstorm#3424 for details.
+echo 'ALLOW_LEGACY_RELAXED_CSP=false' >> /opt/sandstorm/sandstorm.conf
+
 sudo service sandstorm restart
 # Enable apt-cacher-ng proxy to make things faster if one appears to be running on the gateway IP
 GATEWAY_IP=$(ip route  | grep ^default  | cut -d ' ' -f 3)
@@ -45,4 +56,4 @@ if nc -z "$GATEWAY_IP" 3142 ; then
     echo "Acquire::http::Proxy \"http://$GATEWAY_IP:3142\";" > /etc/apt/apt.conf.d/80httpproxy
 fi
 # Configure apt to retry fetching things that fail to download.
-echo "APT::Acquire::Retries \"10\";" > /etc/apt/apt.conf.d/80sandstorm-retry
+echo "APT::Acquire::Retries \"10\";" > /etc/apt/apt.conf.d/80sandstorm-retry
\ No newline at end of file
diff --git a/.sandstorm/sandstorm-files.list b/.sandstorm/sandstorm-files.list
index 05d74010f..25424ebe7 100644
--- a/.sandstorm/sandstorm-files.list
+++ b/.sandstorm/sandstorm-files.list
@@ -2,56 +2,37 @@
 # This file is automatically updated and rewritten in sorted order every time
 # the app runs in dev mode. You may manually add or remove files, but don't
 # expect comments or ordering to be retained.
-bin/bash
-bin/mkdir
-bin/touch
+bin
 etc/gai.conf
 etc/ld.so.cache
 etc/localtime
-lib/terminfo/d/dumb
-lib/x86_64-linux-gnu/ld-2.24.so
-lib/x86_64-linux-gnu/libc-2.24.so
-lib/x86_64-linux-gnu/libc.so.6
-lib/x86_64-linux-gnu/libdl-2.24.so
-lib/x86_64-linux-gnu/libdl.so.2
-lib/x86_64-linux-gnu/libgcc_s.so.1
-lib/x86_64-linux-gnu/libm-2.24.so
-lib/x86_64-linux-gnu/libm.so.6
-lib/x86_64-linux-gnu/libncurses.so.5
-lib/x86_64-linux-gnu/libncurses.so.5.9
-lib/x86_64-linux-gnu/libnsl-2.24.so
-lib/x86_64-linux-gnu/libnsl.so.1
-lib/x86_64-linux-gnu/libnss_compat-2.24.so
-lib/x86_64-linux-gnu/libnss_compat.so.2
-lib/x86_64-linux-gnu/libnss_files-2.24.so
-lib/x86_64-linux-gnu/libnss_files.so.2
-lib/x86_64-linux-gnu/libnss_nis-2.24.so
-lib/x86_64-linux-gnu/libnss_nis.so.2
-lib/x86_64-linux-gnu/libpcre.so.3
-lib/x86_64-linux-gnu/libpcre.so.3.13.3
-lib/x86_64-linux-gnu/libpthread-2.24.so
-lib/x86_64-linux-gnu/libpthread.so.0
-lib/x86_64-linux-gnu/librt-2.24.so
-lib/x86_64-linux-gnu/librt.so.1
-lib/x86_64-linux-gnu/libselinux.so.1
-lib/x86_64-linux-gnu/libtinfo.so.5
-lib/x86_64-linux-gnu/libtinfo.so.5.9
-lib/x86_64-linux-gnu/libutil-2.24.so
-lib/x86_64-linux-gnu/libutil.so.1
-lib/x86_64-linux-gnu/libz.so.1
-lib/x86_64-linux-gnu/libz.so.1.2.8
-lib64/ld-linux-x86-64.so.2
+lib
+lib64
 opt/app/.sandstorm/launcher.sh
 proc/cpuinfo
 sandstorm-http-bridge
 sandstorm-http-bridge-config
 sandstorm-manifest
+usr/bin/bash
+usr/bin/mkdir
 usr/bin/touch
+usr/lib/terminfo/d/dumb
 usr/lib/x86_64-linux-gnu/gconv/UTF-32.so
 usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache
-usr/lib/x86_64-linux-gnu/libffi.so.6
+usr/lib/x86_64-linux-gnu/ld-linux-x86-64.so.2
+usr/lib/x86_64-linux-gnu/libc.so.6
 usr/lib/x86_64-linux-gnu/libgmp.so.10
-usr/lib/x86_64-linux-gnu/libgmp.so.10.3.2
+usr/lib/x86_64-linux-gnu/libgmp.so.10.4.1
+usr/lib/x86_64-linux-gnu/libm.so.6
+usr/lib/x86_64-linux-gnu/libpcre2-8.so.0
+usr/lib/x86_64-linux-gnu/libpcre2-8.so.0.11.2
+usr/lib/x86_64-linux-gnu/libselinux.so.1
+usr/lib/x86_64-linux-gnu/libtinfo.so.6
+usr/lib/x86_64-linux-gnu/libtinfo.so.6.4
+usr/lib/x86_64-linux-gnu/libz.so.1
+usr/lib/x86_64-linux-gnu/libz.so.1.2.13
+usr/lib64/ld-linux-x86-64.so.2
 usr/local/bin/hledger-web
+usr/share/zoneinfo/Etc/UTC
 usr/share/zoneinfo/GMT
 usr/share/zoneinfo/GMT+0
diff --git a/.sandstorm/sandstorm-pkgdef.capnp b/.sandstorm/sandstorm-pkgdef.capnp
index dd088f84c..a2d11feaf 100644
--- a/.sandstorm/sandstorm-pkgdef.capnp
+++ b/.sandstorm/sandstorm-pkgdef.capnp
@@ -19,9 +19,9 @@ const pkgdef :Spk.PackageDefinition = (
 
     appTitle = (defaultText = "HLedger Web"),
 
-    appVersion = 3,  # Increment this for every release.
+    appVersion = 4,  # Increment this for every release.
 
-    appMarketingVersion = (defaultText = "1.9.2"),
+    appMarketingVersion = (defaultText = "1.31"),
     # Human-readable representation of appVersion. Should match the way you
     # identify versions of your app in documentation and marketing.
 
@@ -256,6 +256,7 @@ const myCommand :Spk.Manifest.Command = (
   environ = [
     # Note that this defines the *entire* environment seen by your app.
     (key = "PATH", value = "/usr/local/bin:/usr/bin:/bin"),
+    (key = "HOME", value = "/var/lib/hledger"),
     (key = "SANDSTORM", value = "1"),
     # Export SANDSTORM=1 into the environment, so that apps running within Sandstorm
     # can detect if $SANDSTORM="1" at runtime, switching UI and/or backend to use
diff --git a/.sandstorm/setup.sh b/.sandstorm/setup.sh
index 9ab622df4..038587902 100644
--- a/.sandstorm/setup.sh
+++ b/.sandstorm/setup.sh
@@ -22,4 +22,4 @@ set -euo pipefail
 # By default, this script does nothing.  You'll have to modify it as
 # appropriate for your application.
 apt-get install -y libtinfo-dev
-curl -ssl https://get.haskellstack.org/ | sh
+curl -ssl -L https://get.haskellstack.org/ | sh