Merge branch 'CVE-2017-1000117' into 'master'

Cve 2017 1000117

See merge request !4

CHANGELOG

@@ -1,96 +1,20 @@
-[0.6.10]
+[0.1.0]
-* Works with readonly rootfs
+* Initial package (forked from Gogs app)
 
-[0.6.11]
+[0.1.1]
-* Fix bug where app wouldn't start up
+* Removed reference to Gogs
 
-[0.7.0]
+[0.1.2]
-* Update to latest base image
+* Updated description
 
-[0.7.1]
+[0.1.3]
-* Remove some backward compat code
+* Updated to version 1.1.2
 
-[0.8.0]
+[1.0.0]
-* Use Gogs 0.8.25
+* Update to version 1.1.3
-* Support GitHub style Markdown checklist
-* Add more APIs: user followers
-* Support side-by-side diff view
-* Support highlight inline diff
-* Complete [Changelog](https://github.com/gogits/gogs/releases/tag/v0.8.25)
 
-[0.9.0]
+[1.0.1]
-* Use 'git' instead of 'cloudron' user
+* Update Git to v2.7.4-0ubuntu1.2
-
+* Fixes critical security issue that allows remote command execution in git
-[0.10.0]
+* https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-1000117.html
-* Use Gogs 0.8.43
-* Issue references have bad links behind a reverse proxy sub-path #2229
-
-[0.11.0]
-* Use Gogs 0.9.0
-* [Changelog](https://github.com/gogits/gogs/releases/tag/v0.9.0)
-
-[0.12.0]
-* Use Gogs 0.9.13
-
-[0.12.1]
-* Fix username login
-
-[0.12.2]
-* Allow disabling SSH
-
-[0.12.3]
-* Fix login via email
-
-[0.12.4]
-* Fix ldap update query
-
-[0.12.5]
-* Preserve ssh host keys across updates
-
-[0.12.6]
-* Use latest SMTP configuration
-
-[0.12.7]
-* Update base image to 0.8.1
-
-[0.13.0]
-* Update Gogs to 0.9.48
-* [Changelog](https://github.com/gogits/gogs/releases/tag/v0.9.48)
-
-[0.13.1]
-* Update Gogs to 0.9.71
-* [Changelog](https://github.com/gogits/gogs/releases/tag/v0.9.71)
-
-[0.13.2]
-* Update base image
-
-[0.13.3]
-* Implement public mode
-
-[0.13.4]
-* Add post install message
-
-[0.13.5]
-* Fix post install message
-
-[0.14.0]
-* Update base image
-* Update Gogs to 0.9.128
-
-[0.14.1]
-* Update description
-
-[0.15.0]
-* Update to 0.10.18
-
-[0.16.0]
-* Update Gogs to 0.11
-* Fix issue where custom avatars could not be uploaded
-* Fix issue where web based editing would not work
-
-[0.16.1]
-* Update Gogs to 0.11.4
-
-[0.16.2]
-* Update description
 

CloudronManifest.json

@@ -1,10 +1,10 @@
 {
-  "id": "io.gogs.cloudronapp",
+  "id": "io.gitea.cloudronapp",
-  "title": "Gogs",
+  "title": "Gitea",
-  "author": "Gogs developers",
+  "author": "Gitea developers",
   "description": "file://DESCRIPTION.md",
   "tagline": "A painless self-hosted Git Service",
-  "version": "0.16.2",
+  "version": "1.0.1",
   "healthCheckPath": "/healthcheck",
   "httpPort": 3000,
   "addons": {
@@ -21,14 +21,15 @@
     }
   },
   "manifestVersion": 1,
-  "website": "https://gogs.io",
+  "website": "https://gitea.io",
   "contactEmail": "apps@cloudron.io",
   "icon": "file://logo.png",
   "mediaLinks": [
-    "https://gogs.io/img/screenshots/1.png",
+    "https://s3.amazonaws.com/cloudron-app-screenshots/io.gitea.cloudronapp/f89a2ab8d49094c80589f69a2d60bef63b2dbb62/1.png",
-    "https://gogs.io/img/screenshots/2.png",
+    "https://s3.amazonaws.com/cloudron-app-screenshots/io.gitea.cloudronapp/f89a2ab8d49094c80589f69a2d60bef63b2dbb62/2.png",
-    "https://gogs.io/img/screenshots/4.png",
+    "https://s3.amazonaws.com/cloudron-app-screenshots/io.gitea.cloudronapp/f89a2ab8d49094c80589f69a2d60bef63b2dbb62/3.png",
-    "https://gogs.io/img/screenshots/5.png"
+    "https://s3.amazonaws.com/cloudron-app-screenshots/io.gitea.cloudronapp/f89a2ab8d49094c80589f69a2d60bef63b2dbb62/4.png",
+    "https://s3.amazonaws.com/cloudron-app-screenshots/io.gitea.cloudronapp/f89a2ab8d49094c80589f69a2d60bef63b2dbb62/5.png"
   ],
   "tags": [ "version control", "git", "code hosting", "development" ],
   "changelog": "file://CHANGELOG",

DESCRIPTION.md

@@ -1,6 +1,6 @@
-Gogs (Go Git Service) is a painless self-hosted Git service.
+Gitea is a painless self-hosted Git service. It is similar to GitHub, Bitbucket or Gitlab. The initial development have been done on Gogs but we have forked it and named it Gitea. If you want to read more about the reasons why we have done that please read [this](https://blog.gitea.io/2016/12/welcome-to-gitea/) blog post.
 
-This app packages Gogs <upstream>0.11.4</upstream>
+This app packages Gitea <upstream>1.1.3</upstream>
 
 ### Purpose
 
@@ -20,9 +20,7 @@ The goal of this project is to make the easiest, fastest, and most painless way
 - Gravatar and custom source
 - Mail service
 - Administration panel
-- Supports MySQL, PostgreSQL, SQLite3 and [TiDB](https://github.com/pingcap/tidb) (experimental)
-- Multi-language support ([15 languages](https://crowdin.com/project/gogs))
 
 ### Bug reports
 
-Open bugs on [Github](https://git.cloudron.io/cloudron/gogs-app/issues)
+Open bugs on [Github](https://git.cloudron.io/cloudron/gitea-app/issues)

Dockerfile

@@ -1,28 +1,30 @@
 FROM cloudron/base:0.10.0
 
+ENV VERSION 1.1.3
+
 RUN apt-get update && \
-    apt-get install -y openssh-server && \
+    apt-get install -y openssh-server git && \
     rm -rf /etc/ssh_host_* && \
     rm -r /var/cache/apt /var/lib/apt/lists
 
 ADD supervisor/ /etc/supervisor/conf.d/
 
-RUN adduser --disabled-login --gecos 'Gogs' git
+RUN adduser --disabled-login --gecos 'Gitea' git
 # by default, git account is created as inactive which prevents login via openssh
 # https://github.com/gitlabhq/gitlabhq/issues/5304
 RUN passwd -d git
 
-RUN mkdir -p /home/git/gogs
+RUN mkdir -p /home/git/gitea
 ## TODO: use redis as well
-RUN cd /home/git/gogs && \
+RUN curl -L https://dl.gitea.io/gitea/${VERSION}/gitea-${VERSION}-linux-amd64 -o /home/git/gitea/gitea \
-    curl -L https://github.com/gogits/gogs/releases/download/v0.11.4/linux_amd64.tar.gz | tar zxvf - --strip-components 1
+    && chmod +x /home/git/gitea/gitea
 
 # setup config paths
 ADD app.ini.template /home/git/app.ini.template
 
 # setup log paths
-RUN mkdir -p /run/gogs && chown -R git:git /run/gogs
+RUN mkdir -p /run/gitea && chown -R git:git /run/gitea
-RUN sed -e 's,^logfile=.*$,logfile=/run/gogs/supervisord.log,' -i /etc/supervisor/supervisord.conf
+RUN sed -e 's,^logfile=.*$,logfile=/run/gitea/supervisord.log,' -i /etc/supervisor/supervisord.conf
 
 RUN ln -s /app/data/ssh /home/git/.ssh
 RUN ln -s /app/data/gitconfig /home/git/.gitconfig

POSTINSTALL.md

@@ -1,12 +1,12 @@
 This app integrates with the Cloudron SSO. Admins on Cloudron automatically
-become admins on Gogs.
+become admins on Gitea.
 
 If you want to disable Cloudron SSO, do the following:
 
 * Admin Panel -> Authentication -> 'cloudron' -> Uncheck 'This authentication is activated'
 * Admin Panel -> Users -> Change Authentication Source to 'Local' and also give a password
 
-You can create a `/app/data/app.ini` with any custom configuration. See the 
+You can edit `/app/data/app.ini` and add any custom configuration. See the 
-[configuration cheat sheet](https://gogs.io/docs/advanced/configuration_cheat_sheet)
+[configuration cheat sheet](https://docs.gitea.io/en-us/config-cheat-sheet)
 for more information.
 

README.md

@@ -1,15 +1,15 @@
-# Gogs Cloudron App
+# Gitea Cloudron App
 
-This repository contains the Cloudron app package source for [Gogs](http://gogs.io/).
+This repository contains the Cloudron app package source for [Gitea](http://gitea.io/).
 
 ## Installation
 
-[![Install](https://cloudron.io/img/button.svg)](https://cloudron.io/button.html?app=io.gogs.cloudronapp)
+[![Install](https://cloudron.io/img/button.svg)](https://cloudron.io/button.html?app=io.gitea.cloudronapp)
 
 or using the [Cloudron command line tooling](https://cloudron.io/references/cli.html)
 
 ```
-cloudron install --appstore-id io.gogs.cloudronapp
+cloudron install --appstore-id io.gitea.cloudronapp
 ```
 
 ## Building
@@ -17,7 +17,7 @@ cloudron install --appstore-id io.gogs.cloudronapp
 The app package can be built using the [Cloudron command line tooling](https://cloudron.io/references/cli.html).
 
 ```
-cd gogs-app
+cd gitea-app
 
 cloudron build
 cloudron install
@@ -28,9 +28,9 @@ cloudron install
 The e2e tests are located in the `test/` folder and require [nodejs](http://nodejs.org/). They are creating a fresh build, install the app on your Cloudron, perform tests, backup, restore and test if the repos are still ok. The tests expect port 29418 to be available.
 
 ```
-cd gogs-app/test
+cd gitea-app/test
 
 npm install
-USERNAME=<cloudron username> PASSWORD=<cloudron password> mocha --bail test.js
+PATH=$PATH:node_modules/.bin USERNAME=<cloudron username> PASSWORD=<cloudron password> mocha --bail test.js
 ```
 

app.ini.template

@@ -1,8 +1,10 @@
-APP_NAME = Gogs: Go Git Service
+APP_NAME = Gitea
 RUN_USER = git
 RUN_MODE = prod
 
+
 [database]
+; those settings are protected and can't be modified
 DB_TYPE = mysql
 HOST = ##MYSQL_HOST:##MYSQL_PORT
 NAME = ##MYSQL_DATABASE
@@ -11,7 +13,9 @@ PASSWD = ##MYSQL_PASSWORD
 SSL_MODE = disable
 PATH =
 
+
 [server]
+; those settings are protected and can't be modified
 PROTOCOL = http
 DOMAIN = ##DOMAIN
 ROOT_URL = https://%(DOMAIN)s/
@@ -20,44 +24,60 @@ HTTP_PORT = 3000
 DISABLE_SSH = ##DISABLE_SSH
 SSH_PORT = ##SSH_PORT
 APP_DATA_PATH = /app/data/appdata
+
 ; Landing page for non-logged users, can be "home" or "explore"
 LANDING_PAGE = explore
 
+
 [repository]
+; this setting is protected and can't be modified
 ROOT = /app/data/repository
+
 SCRIPT_TYPE = bash
 
+
 [repository.upload]
 ENABLED = true
-TEMP_PATH = /run/gogs/tmp/uploads
+
+; this setting is protected and can't be modified
+TEMP_PATH = /run/gitea/tmp/uploads
+
 
 [release.attachment]
 ENABLED = true
 ; APP_DATA_PATH/attachments
 PATH =
 
+
 [mailer]
 ENABLED = true
+
+; those settings are protected and can't be modified
 HOST = ##MAIL_SERVER:##MAIL_PORT
 USER = ##MAIL_SMTP_USERNAME
 PASSWD = ##MAIL_SMTP_PASSWORD
 FROM = ##MAIL_FROM
 SKIP_VERIFY = true
 
+
 [security]
+; those settings are protected and can't be modified
 INSTALL_LOCK = true
 SECRET_KEY = ##SECRET_KEY
 
+
 [service]
 DISABLE_REGISTRATION = false
 SHOW_REGISTRATION_BUTTON = false
 ENABLE_NOTIFY_MAIL = true
 
+
 [log]
-; Either "console", "file", "conn", "smtp" or "database", default is "console"
+; those settings are protected and can't be modified
 MODE = console
 ; used for xorm.log
-ROOT_PATH = /run/gogs
+ROOT_PATH = /run/gitea
+
 
 [picture]
 ; APP_DATA_PATH/avatars
@@ -65,8 +85,13 @@ AVATAR_UPLOAD_PATH =
 GRAVATAR_SOURCE = gravatar
 DISABLE_GRAVATAR = false
 
+
 [attachment]
 ENABLE = true
 ; APP_DATA_PATH/attachments
 PATH =
 
+
+[indexer]
+; this setting is protected and can't be modified
+ISSUE_INDEXER_PATH = /app/data/appdata/indexers/issues.bleve

start.sh

@@ -2,14 +2,14 @@
 
 set -eu -o pipefail
 
-mkdir -p /run/gogs/tmp/uploads
+mkdir -p /run/gitea/tmp/uploads
 
 setup_ldap_source() {
     set -eu
 
-    # Wait for gogs to finish db setup, before we insert ldap source in db
+    # Wait for gitea to finish db setup, before we insert ldap source in db
     while ! curl --fail http://localhost:3000/healthcheck; do
-        echo "Waiting for gogs to come up"
+        echo "Waiting for gitea to come up"
         sleep 1
     done
 
@@ -53,32 +53,52 @@ chmod 0644 /app/data/sshd/*.pub
 sed -e "s/^Port .*/Port ${SSH_PORT}/" \
     -e "s/^#ListenAddress .*/ListenAddress 0.0.0.0/" \
     -e "s,^HostKey /etc/ssh/,HostKey /app/data/sshd/," \
-    /etc/ssh/sshd_config > /run/gogs/sshd_config
+    /etc/ssh/sshd_config > /run/gitea/sshd_config
 
-sed -e "s/##DOMAIN/${APP_DOMAIN}/g" \
+cp /home/git/app.ini.template "/run/gitea/app.ini"
-    -e "s/##SSH_PORT/${SSH_PORT}/g" \
+
-    -e "s/##DISABLE_SSH/${disable_ssh}/g" \
+# create default user config file
-    -e "s/##MYSQL_HOST/${MYSQL_HOST}/g" \
+if ! [ -f /app/data/app.ini ]; then
-    -e "s/##MYSQL_PORT/${MYSQL_PORT}/g" \
+    cp /home/git/app.ini.template /app/data/app.ini
-    -e "s/##MYSQL_USERNAME/${MYSQL_USERNAME}/g" \
+fi
-    -e "s/##MYSQL_PASSWORD/${MYSQL_PASSWORD}/g" \
+
-    -e "s/##MYSQL_DATABASE/${MYSQL_DATABASE}/g" \
+# merge user config file
-    -e "s/##MAIL_SERVER/${MAIL_SMTP_SERVER}/g" \
+crudini --merge "/run/gitea/app.ini" < "/app/data/app.ini"
-    -e "s/##MAIL_PORT/${MAIL_SMTP_PORT}/g" \
+
-    -e "s/##MAIL_FROM/${MAIL_FROM}/g" \
+# override important values
-    -e "s/##MAIL_SMTP_USERNAME/${MAIL_SMTP_USERNAME}/g" \
+crudini --set "/run/gitea/app.ini" database DB_TYPE mysql
-    -e "s/##MAIL_SMTP_PASSWORD/${MAIL_SMTP_PASSWORD}/g" \
+crudini --set "/run/gitea/app.ini" database HOST "${MYSQL_HOST}:${MYSQL_PORT}"
-    -e "s/##SECRET_KEY/$(pwgen -1 -s)/g" \
+crudini --set "/run/gitea/app.ini" database NAME "${MYSQL_DATABASE}"
-    /home/git/app.ini.template > "/run/gogs/app.ini"
+crudini --set "/run/gitea/app.ini" database USER "${MYSQL_USERNAME}"
+crudini --set "/run/gitea/app.ini" database PASSWD "${MYSQL_PASSWORD}"
+crudini --set "/run/gitea/app.ini" database SSL_MODE "disable"
+crudini --set "/run/gitea/app.ini" server PROTOCOL "http"
+crudini --set "/run/gitea/app.ini" server DOMAIN "${APP_DOMAIN}"
+crudini --set "/run/gitea/app.ini" server ROOT_URL "https://%(DOMAIN)s/"
+crudini --set "/run/gitea/app.ini" server HTTP_ADDR ""
+crudini --set "/run/gitea/app.ini" server HTTP_PORT "3000"
+crudini --set "/run/gitea/app.ini" server DISABLE_SSH "${disable_ssh}"
+crudini --set "/run/gitea/app.ini" server SSH_PORT "${SSH_PORT}"
+crudini --set "/run/gitea/app.ini" server APP_DATA_PATH "/app/data/appdata"
+crudini --set "/run/gitea/app.ini" repository ROOT "/app/data/repository"
+crudini --set "/run/gitea/app.ini" repository.upload TEMP_PATH "/run/gitea/tmp/uploads"
+crudini --set "/run/gitea/app.ini" mailer HOST "${MAIL_SMTP_SERVER}:${MAIL_SMTP_PORT}"
+crudini --set "/run/gitea/app.ini" mailer USER "${MAIL_SMTP_USERNAME}"
+crudini --set "/run/gitea/app.ini" mailer PASSWD "${MAIL_SMTP_PASSWORD}"
+crudini --set "/run/gitea/app.ini" mailer FROM "${MAIL_FROM}"
+crudini --set "/run/gitea/app.ini" mailer SKIP_VERIFY "true"
+crudini --set "/run/gitea/app.ini" security SECRET_KEY $(pwgen -1 -s)
+crudini --set "/run/gitea/app.ini" security INSTALL_LOCK "true"
+crudini --set "/run/gitea/app.ini" log MODE "console"
+crudini --set "/run/gitea/app.ini" log ROOT_PATH "/run/gitea"
+crudini --set "/run/gitea/app.ini" indexer ISSUE_INDEXER_PATH "/app/data/appdata/indexers/issues.bleve"
 
-# merge any user config file
-[[ -f /app/data/app.ini ]] && cat "/app/data/app.ini" >> "/run/gogs/app.ini"
 
 mkdir -p /app/data/repository /app/data/ssh
 
-chown -R git:git /app/data /run/gogs
+chown -R git:git /app/data /run/gitea
 
 ( setup_ldap_source ) &
 
-exec /usr/bin/supervisord --configuration /etc/supervisor/supervisord.conf --nodaemon -i Gogs
+exec /usr/bin/supervisord --configuration /etc/supervisor/supervisord.conf --nodaemon -i Gitea
 

supervisor/gitea.conf

@@ -1,6 +1,6 @@
-[program:gogs]
+[program:gitea]
-directory=/home/git/gogs
+directory=/home/git/gitea
-command=/home/git/gogs/gogs web -c /run/gogs/app.ini -p 3000
+command=/home/git/gitea/gitea web -c /run/gitea/app.ini -p 3000
 user=git
 autostart=true
 autorestart=true

supervisor/sshd.conf

@@ -1,6 +1,6 @@
 [program:sshd]
 directory=/
-command=/usr/sbin/sshd -f /run/gogs/sshd_config -D
+command=/usr/sbin/sshd -f /run/gitea/sshd_config -D
 user=root
 autostart=true
 autorestart=true

test/test.js

@@ -33,7 +33,7 @@ describe('Application life cycle test', function () {
     var app, reponame = 'testrepo';
     var username = process.env.USERNAME;
     var password = process.env.PASSWORD;
-    var TIMEOUT = process.env.TIMEOUT || 5000;
+    var TIMEOUT = parseInt(process.env.TIMEOUT, 10) || 5000;
     var email, token;
 
     before(function (done) {
@@ -63,18 +63,26 @@ describe('Application life cycle test', function () {
         }, TIMEOUT).then(function () { done(); });
     }
 
+    function getAppInfo() {
+        var inspect = JSON.parse(execSync('cloudron inspect'));
+
+        app = inspect.apps.filter(function (a) { return a.location === LOCATION; })[0];
+
+        expect(app).to.be.an('object');
+    }
+
     function setAvatar(done) {
-        browser.get('https://' + app.fqdn + '/user/settings/avatar');
+        browser.get('https://' + app.fqdn + '/user/settings/avatar').then(function () {
-
+            return browser.findElement(by.xpath('//input[@type="file" and @name="avatar"]')).sendKeys(path.resolve(__dirname, '../logo.png'));
-        browser.findElement(by.xpath('//input[@type="file" and @name="avatar"]')).sendKeys(path.resolve(__dirname, '../logo.png')).then(function () {
+        }).then(function () {
-            browser.findElement(by.xpath('//button[contains(text(), "Update Avatar Setting")]')).click();
+            return browser.findElement(by.xpath('//button[contains(text(), "Update Avatar Setting")]')).click();
-
+        }).then(function () {
             browser.wait(until.elementLocated(by.xpath('//p[contains(text(),"updated successfully")]')), TIMEOUT).then(function () { done(); });
         });
     }
 
     function checkAvatar(done) {
-        superagent.get('https://' + app.fqdn + '/avatars/1').end(function (error, result) {
+        superagent.get('https://' + app.fqdn + '/avatars/a3e6f3316fc1738e29d621e6a26e93d3').end(function (error, result) {
             expect(error).to.be(null);
             expect(result.statusCode).to.be(200);
             done();
@@ -82,18 +90,105 @@ describe('Application life cycle test', function () {
     }
 
     function editFile(done) {
-        browser.get('https://' + app.fqdn + '/' + username + '/' + reponame + '/_edit/master/newfile');
+        browser.get('https://' + app.fqdn + '/' + username + '/' + reponame + '/_edit/master/newfile').then(function () {
-
+            var cm = browser.findElement(by.xpath('//div[contains(@class,"CodeMirror")]'));
-        var cm = browser.findElement(by.xpath('//div[contains(@class,"CodeMirror")]'));
+            var text = 'yo';
-        var text = 'yo';
+            return browser.executeScript('arguments[0].CodeMirror.setValue("' + text + '");', cm);
-        browser.executeScript('arguments[0].CodeMirror.setValue("' + text + '");', cm).then(function () {
+        }).then(function () {
-            browser.findElement(by.xpath('//input[@name="commit_summary"]')).sendKeys('Dummy edit');
+            return browser.findElement(by.xpath('//input[@name="commit_summary"]')).sendKeys('Dummy edit');
-            browser.findElement(by.xpath('//button[contains(text(), "Commit Changes")]')).click();
+        }).then(function () {
-
+            return browser.findElement(by.xpath('//button[contains(text(), "Commit Changes")]')).click();
+        }).then(function () {
             waitForUrl('https://' + app.fqdn + '/' + username + '/' + reponame + '/src/master/newfile', done);
         });
     }
 
+    function login(done) {
+        browser.get('https://' + app.fqdn + '/user/login').then(function () {
+            return browser.findElement(by.id('user_name')).sendKeys(username);
+        }).then(function () {
+            return browser.findElement(by.id('password')).sendKeys(password);
+        }).then(function () {
+            return browser.findElement(by.tagName('form')).submit();
+        }).then(function () {
+            return browser.wait(until.elementLocated(by.linkText('Dashboard')), TIMEOUT);
+        }).then(function () {
+            done();
+        });
+    }
+
+    function addPublicKey(done) {
+        var publicKey = fs.readFileSync(__dirname + '/id_rsa.pub', 'utf8');
+
+        browser.get('https://' + app.fqdn + '/user/settings/ssh').then(function () {
+            return browser.findElement(by.xpath('//div[text()="Add Key"]')).click();
+        }).then(function () {
+            return browser.findElement(by.id('ssh-key-title')).sendKeys('testkey');
+        }).then(function () {
+            return browser.findElement(by.id('ssh-key-content')).sendKeys(publicKey.trim()); // #3480
+        }).then(function () {
+            return browser.findElement(by.xpath('//button[contains(text(), "Add Key")]')).click();
+        }).then(function () {
+            return browser.wait(until.elementLocated(by.xpath('//p[contains(text(), "added successfully!")]')), TIMEOUT);
+        }).then(function () {
+            done();
+        });
+    }
+
+    function createRepo(done) {
+        browser.get('https://' + app.fqdn).then(function () {
+            return browser.findElement(by.linkText('New Repository')).click();
+        }).then(function () {
+            return browser.wait(until.elementLocated(by.xpath('//*[contains(text(), "New Repository")]')), TIMEOUT);
+        }).then(function () {
+            return browser.findElement(by.id('repo_name')).sendKeys(reponame);
+        }).then(function () {
+            return browser.findElement(by.id('auto-init')).click();
+        }).then(function () {
+            return browser.findElement(by.xpath('//button[contains(text(), "Create Repository")]')).click();
+        }).then(function () {
+            browser.wait(function () {
+                return browser.getCurrentUrl().then(function (url) {
+                    return url === 'https://' + app.fqdn + '/' + username + '/' + reponame;
+                });
+            }, TIMEOUT);
+        }).then(function () {
+            done();
+        });
+    }
+
+    function checkCloneUrl(done) {
+        browser.get('https://' + app.fqdn + '/' + username + '/' + reponame).then(function () {
+            return browser.findElement(by.id('repo-clone-ssh')).click();
+        }).then(function () {
+            return browser.findElement(by.id('repo-clone-url')).getAttribute('value');
+        }).then(function (cloneUrl) {
+            expect(cloneUrl).to.be('ssh://git@' + app.fqdn + ':29418/' + username + '/' + reponame + '.git');
+            done();
+        });
+    }
+
+    function cloneRepo(done) {
+        rimraf.sync(repodir);
+        var env = Object.create(process.env);
+        env.GIT_SSH = __dirname + '/git_ssh_wrapper.sh';
+        execSync('git clone ssh://git@' + app.fqdn + ':29418/' + username + '/' + reponame + '.git ' + repodir, { env: env });
+        done();
+    }
+
+    function pushFile(done) {
+        var env = Object.create(process.env);
+        env.GIT_SSH = __dirname + '/git_ssh_wrapper.sh';
+        execSync('touch newfile && git add newfile && git commit -a -mx && git push ssh://git@' + app.fqdn + ':29418/' + username + '/' + reponame + ' master',
+                 { env: env, cwd: repodir });
+        rimraf.sync('/tmp/testrepo');
+        done();
+    }
+
+    function fileExists() {
+        expect(fs.existsSync(repodir + '/newfile')).to.be(true);
+    }
+
     xit('build app', function () {
         execSync('cloudron build', { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
     });
@@ -121,19 +216,11 @@ describe('Application life cycle test', function () {
         });
     });
 
-
     it('install app', function () {
         execSync('cloudron install --new --wait --location ' + LOCATION, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
     });
 
-    it('can get app information', function () {
+    it('can get app information', getAppInfo);
-        var inspect = JSON.parse(execSync('cloudron inspect'));
-
-        app = inspect.apps.filter(function (a) { return a.location === LOCATION; })[0];
-
-        expect(app).to.be.an('object');
-    });
-
     it('can get the main page', function (done) {
         superagent.get('https://' + app.fqdn).end(function (error, result) {
             expect(error).to.be(null);
@@ -143,82 +230,29 @@ describe('Application life cycle test', function () {
         });
     });
 
-    it('can login', function (done) {
+    it('can login', login);
-        browser.get('https://' + app.fqdn + '/user/login');
-        browser.findElement(by.id('user_name')).sendKeys(username);
-        browser.findElement(by.id('password')).sendKeys(password);
-        browser.findElement(by.tagName('form')).submit();
-        browser.wait(until.elementLocated(by.linkText('Dashboard')), TIMEOUT).then(function () { done(); });
-    });
-
     it('can set avatar', setAvatar);
     it('can get avatar', checkAvatar);
 
-    it('can add public key', function (done) {
+    it('can add public key', addPublicKey);
-        browser.get('https://' + app.fqdn + '/user/settings/ssh');
-        var publicKey = fs.readFileSync(__dirname + '/id_rsa.pub', 'utf8');
 
-        browser.findElement(by.xpath('//div[text()="Add Key"]')).click();
+    it('can create repo', createRepo);
-        browser.findElement(by.id('title')).sendKeys('testkey');
-        browser.findElement(by.id('content')).sendKeys(publicKey.trim()); // #3480
-        browser.findElement(by.xpath('//button[contains(text(), "Add Key")]')).click();
-        browser.wait(until.elementLocated(by.xpath('//p[contains(text(), "added successfully!")]')), TIMEOUT).then(function () { done(); });
-    });
 
-    it('can create repo', function (done) {
+    it('displays correct clone url', checkCloneUrl);
-        browser.get('https://' + app.fqdn);
-        browser.findElement(by.linkText('New Repository')).click();
-        browser.wait(until.elementLocated(by.xpath('//*[contains(text(), "New Repository")]')), TIMEOUT);
-        browser.findElement(by.id('repo_name')).sendKeys(reponame);
-        browser.findElement(by.id('auto-init')).click();
-        browser.findElement(by.xpath('//button[contains(text(), "Create Repository")]')).click();
-        browser.wait(function () {
-            return browser.getCurrentUrl().then(function (url) {
-                return url === 'https://' + app.fqdn + '/' + username + '/' + reponame;
-            });
-        }, TIMEOUT).then(function () { done(); });
-    });
 
-    it('displays correct clone url', function (done) {
+    it('can clone the url', cloneRepo);
-        browser.get('https://' + app.fqdn + '/' + username + '/' + reponame);
-        browser.findElement(by.id('repo-clone-ssh')).click();
-        browser.findElement(by.id('repo-clone-url')).getAttribute('value').then(function (cloneUrl) {
-            expect(cloneUrl).to.be('ssh://git@' + app.fqdn + ':29418/' + username + '/' + reponame + '.git');
-            done();
-        });
-    });
-
-    it('can clone the url', function (done) {
-        var env = Object.create(process.env);
-        env.GIT_SSH = __dirname + '/git_ssh_wrapper.sh';
-        execSync('git clone ssh://git@' + app.fqdn + ':29418/' + username + '/' + reponame + '.git ' + repodir, { env: env });
-        done();
-    });
-
-    it('can add and push a file', function (done) {
-        var env = Object.create(process.env);
-        env.GIT_SSH = __dirname + '/git_ssh_wrapper.sh';
-        execSync('touch newfile && git add newfile && git commit -a -mx && git push ssh://git@' + app.fqdn + ':29418/' + username + '/' + reponame + ' master',
-                 { env: env, cwd: repodir });
-        rimraf.sync('/tmp/testrepo');
-        done();
-    });
 
+    it('can add and push a file', pushFile);
     it('can edit file', editFile);
 
     it('can restart app', function (done) {
-        execSync('cloudron restart');
+        execSync('cloudron restart --wait');
         done();
     });
 
-    it('can clone the url', function (done) {
+    it('can clone the url', checkCloneUrl);
-        var env = Object.create(process.env);
+    it('can clone the url', cloneRepo);
-        env.GIT_SSH = __dirname + '/git_ssh_wrapper.sh';
+    it('file exists in repo', fileExists);
-        execSync('git clone ssh://git@' + app.fqdn + ':29418/' + username + '/' + reponame + '.git ' + repodir, { env: env });
-        expect(fs.existsSync(repodir + '/newfile')).to.be(true);
-        rimraf.sync(repodir);
-        done();
-    });
 
     it('backup app', function () {
         execSync('cloudron backup create --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
@@ -229,51 +263,22 @@ describe('Application life cycle test', function () {
     });
 
     it('can get avatar', checkAvatar);
-
+    it('can clone the url', cloneRepo);
-    it('can clone the url', function (done) {
+    it('file exists in repo', function () { expect(fs.existsSync(repodir + '/newfile')).to.be(true); });
-        var env = Object.create(process.env);
-        env.GIT_SSH = __dirname + '/git_ssh_wrapper.sh';
-        execSync('git clone ssh://git@' + app.fqdn + ':29418/' + username + '/' + reponame + '.git ' + repodir, { env: env });
-        expect(fs.existsSync(repodir + '/newfile')).to.be(true);
-        rimraf.sync(repodir);
-        done();
-    });
 
     it('move to different location', function () {
         browser.manage().deleteAllCookies();
-        execSync('cloudron configure --location ' + LOCATION + '2', { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+        execSync('cloudron configure --wait --location ' + LOCATION + '2', { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
         var inspect = JSON.parse(execSync('cloudron inspect'));
         app = inspect.apps.filter(function (a) { return a.location === LOCATION + '2'; })[0];
         expect(app).to.be.an('object');
     });
 
-    it('can login', function (done) {
+    it('can login', login);
-        browser.get('https://' + app.fqdn + '/user/login');
-        browser.findElement(by.id('user_name')).sendKeys(username);
-        browser.findElement(by.id('password')).sendKeys(password);
-        browser.findElement(by.tagName('form')).submit();
-        browser.wait(until.elementLocated(by.linkText('Dashboard')), TIMEOUT).then(function () { done(); });
-    });
-
     it('can get avatar', checkAvatar);
-
+    it('displays correct clone url', checkCloneUrl);
-    it('displays correct clone url', function (done) {
+    it('can clone the url', cloneRepo);
-        browser.get('https://' + app.fqdn + '/' + username + '/' + reponame);
+    it('file exists in repo', function () { expect(fs.existsSync(repodir + '/newfile')).to.be(true); });
-        browser.findElement(by.id('repo-clone-ssh')).click();
-        browser.findElement(by.id('repo-clone-url')).getAttribute('value').then(function (cloneUrl) {
-            expect(cloneUrl).to.be('ssh://git@' + app.fqdn + ':29418/' + username + '/' + reponame + '.git');
-            done();
-        });
-    });
-
-    it('can clone the url', function (done) {
-        var env = Object.create(process.env);
-        env.GIT_SSH = __dirname + '/git_ssh_wrapper.sh';
-        execSync('git clone ssh://git@' + app.fqdn + ':29418/' + username + '/' + reponame + '.git ' + repodir, { env: env });
-        expect(fs.existsSync(repodir + '/newfile')).to.be(true);
-        rimraf.sync(repodir);
-        done();
-    });
 
     it('uninstall app', function () {
         execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
@@ -287,13 +292,36 @@ describe('Application life cycle test', function () {
         app = inspect.apps.filter(function (a) { return a.location === LOCATION; })[0];
         expect(app).to.be.an('object');
 
-        browser.get('https://' + app.fqdn + '/user/login');
+        login(function (error) {
-        browser.findElement(by.id('user_name')).sendKeys(email);
+            if (error) return done(error);
-        browser.findElement(by.id('password')).sendKeys(password);
-        browser.findElement(by.tagName('form')).submit();
-        browser.wait(until.elementLocated(by.linkText('Dashboard')), TIMEOUT).then(function () {
             execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
             done();
         });
     });
+
+    // test update
+    it('can install app', function () {
+        execSync('cloudron install --new --wait --appstore-id ' + app.manifest.id + ' --location ' + LOCATION, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+    });
+
+    it('can get app information', getAppInfo);
+    it('can login', login);
+    it('can set avatar', setAvatar);
+    it('can get avatar', checkAvatar);
+    it('can add public key', addPublicKey);
+    it('can create repo', createRepo);
+    it('can clone the url', cloneRepo);
+    it('can add and push a file', pushFile);
+
+    it('can update', function () {
+        execSync('cloudron install --wait --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+    });
+
+    it('can get avatar', checkAvatar);
+    it('can clone the url', cloneRepo);
+    it('file exists in cloned repo', fileExists);
+
+    it('uninstall app', function () {
+        execSync('cloudron uninstall --app ' + app.id, { cwd: path.resolve(__dirname, '..'), stdio: 'inherit' });
+    });
 });