Merge branch 'master' into glitch-soc/merge-upstream

Conflicts:
- `Gemfile.lock`:
  Not a real conflict, just a glitch-soc-only dependency too close to a
  dependency that got updated upstream. Updated as well.
- `app/models/status.rb`:
  Not a real conflict, just a change too close to glitch-soc-changed code
  for optionally showing boosts in public timelines.
  Applied upstream changes.
- `app/views/layouts/application.html.haml`:
  Upstream a new, static CSS file, conflict due to glitch-soc's theming
  system, include the file regardless of the theme.
- `config/initializers/content_security_policy.rb`:
  Upstream dropped 'unsafe-inline' from the 'style-src' directive, but
  both files are very different. Removed 'unsafe-inline' as well.

config/application.rb

@@ -106,6 +106,7 @@ module Mastodon
       :tr,
       :uk,
       :ur,
+      :vi,
       :'zh-CN',
       :'zh-HK',
       :'zh-TW',

config/deploy.rb

@@ -1,6 +1,6 @@
 # frozen_string_literal: true
 
-lock '3.12.1'
+lock '3.14.0'
 
 set :repo_url, ENV.fetch('REPO', 'https://github.com/tootsuite/mastodon.git')
 set :branch, ENV.fetch('BRANCH', 'master')
@@ -12,3 +12,21 @@ set :migration_role, :app
 
 append :linked_files, '.env.production', 'public/robots.txt'
 append :linked_dirs, 'vendor/bundle', 'node_modules', 'public/system'
+
+namespace :systemd do
+  %i[sidekiq streaming web].each do |service|
+    %i[reload restart status].each do |action|
+      desc "Perform a #{action} on #{service} service"
+      task "#{service}:#{action}".to_sym do
+        on roles(:app) do
+          # runs e.g. "sudo restart mastodon-sidekiq.service"
+          sudo :systemctl, action, "#{fetch(:application)}-#{service}.service"
+        end
+      end
+    end
+  end
+end
+
+after 'deploy:publishing', 'systemd:web:reload'
+after 'deploy:publishing', 'systemd:sidekiq:restart'
+after 'deploy:publishing', 'systemd:streaming:restart'

config/initializers/content_security_policy.rb

@@ -34,7 +34,7 @@ if Rails.env.production?
     p.script_src      :self, assets_host
     p.font_src        :self, assets_host
     p.img_src         :self, :data, :blob, *data_hosts
-    p.style_src       :self, :unsafe_inline, assets_host
+    p.style_src       :self, assets_host
     p.media_src       :self, :data, *data_hosts
     p.frame_src       :self, :https
     p.child_src       :self, :blob, assets_host
@@ -48,3 +48,8 @@ end
 # For further information see the following documentation:
 # https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy-Report-Only
 # Rails.application.config.content_security_policy_report_only = true
+
+PgHero::HomeController.content_security_policy do |p|
+  p.script_src :self, :unsafe_inline, assets_host
+  p.style_src  :self, :unsafe_inline, assets_host
+end

config/initializers/http_client_proxy.rb

@@ -1,24 +1,22 @@
 Rails.application.configure do
   config.x.http_client_proxy = {}
+
   if ENV['http_proxy'].present?
     proxy = URI.parse(ENV['http_proxy'])
+
     raise "Unsupported proxy type: #{proxy.scheme}" unless %w(http https).include? proxy.scheme
     raise "No proxy host" unless proxy.host
 
     host = proxy.host
     host = host[1...-1] if host[0] == '[' # for IPv6 address
-    config.x.http_client_proxy[:proxy] = { proxy_address: host, proxy_port: proxy.port, proxy_username: proxy.user, proxy_password: proxy.password }.compact
+
+    config.x.http_client_proxy[:proxy] = {
+      proxy_address: host,
+      proxy_port: proxy.port,
+      proxy_username: proxy.user,
+      proxy_password: proxy.password,
+    }.compact
   end
 
   config.x.access_to_hidden_service = ENV['ALLOW_ACCESS_TO_HIDDEN_SERVICE'] == 'true'
 end
-
-module Goldfinger
-  def self.finger(uri, opts = {})
-    to_hidden = /\.(onion|i2p)(:\d+)?$/.match(uri)
-    raise Mastodon::HostValidationError, 'Instance does not support hidden service connections' if !Rails.configuration.x.access_to_hidden_service && to_hidden
-    opts = { ssl: !to_hidden, headers: {} }.merge(Rails.configuration.x.http_client_proxy).merge(opts)
-    opts[:headers]['User-Agent'] ||= Mastodon::Version.user_agent
-    Goldfinger::Client.new(uri, opts).finger
-  end
-end

config/initializers/inflections.rb

@@ -19,4 +19,6 @@ ActiveSupport::Inflector.inflections(:en) do |inflect|
   inflect.acronym 'ActivityStreams'
   inflect.acronym 'JsonLd'
   inflect.acronym 'NodeInfo'
+
+  inflect.singular 'data', 'data'
 end

config/locales/en.yml

@@ -858,12 +858,14 @@ en:
         invalid_token: Keybase tokens are hashes of signatures and must be 66 hex characters
         verification_failed: Keybase does not recognize this token as a signature of Keybase user %{kb_username}. Please retry from Keybase.
       wrong_user: Cannot create a proof for %{proving} while logged in as %{current}. Log in as %{proving} and try again.
-    explanation_html: Here you can cryptographically connect your other identities, such as a Keybase profile. This lets other people send you encrypted messages and trust content you send them.
+    explanation_html: Here you can cryptographically connect your other identities from other platforms, such as Keybase. This lets other people send you encrypted messages on those platforms and allows them to trust that the content you send them comes from you.
     i_am_html: I am %{username} on %{service}.
     identity: Identity
     inactive: Inactive
     publicize_checkbox: 'And toot this:'
     publicize_toot: 'It is proven! I am %{username} on %{service}: %{url}'
+    remove: Remove proof from account
+    removed: Successfully removed proof from account
     status: Verification status
     view_proof: View proof
   imports:

config/pghero.yml

@@ -38,4 +38,4 @@ databases:
 # aws_secret_access_key: ...
 # aws_region: us-east-1
 
-override_csp: true
+override_csp: false

config/routes.rb

@@ -130,7 +130,7 @@ Rails.application.routes.draw do
       resource :confirmation, only: [:new, :create]
     end
 
-    resources :identity_proofs, only: [:index, :show, :new, :create, :update]
+    resources :identity_proofs, only: [:index, :new, :create, :destroy]
 
     resources :applications, except: [:edit] do
       member do