From ef2a8c8dbd66b490f48348cbbfe2051e4ac221f5 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Tue, 5 Oct 2021 13:02:51 +0200 Subject: [PATCH 01/25] Update logrotate --- data/helpers.d/logrotate | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/data/helpers.d/logrotate b/data/helpers.d/logrotate index 2d9ab6b72..27803bafd 100644 --- a/data/helpers.d/logrotate +++ b/data/helpers.d/logrotate @@ -96,6 +96,10 @@ $logfile { EOF mkdir --parents $(dirname "$logfile") # Create the log directory, if not exist cat ${app}-logrotate | $customtee /etc/logrotate.d/$app > /dev/null # Append this config to the existing config file, or replace the whole config file (depending on $customtee) + + ynh_user_exists "$app" || chown $app:$app "/var/log/$app" + chmod o-rwx "/var/log/$app" + } # Remove the app's logrotate config. From 423eef7a620192389170a158dfa77bc0469ccb12 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Tue, 5 Oct 2021 13:06:21 +0200 Subject: [PATCH 02/25] Update logrotate --- data/helpers.d/logrotate | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/helpers.d/logrotate b/data/helpers.d/logrotate index 27803bafd..e4b354e03 100644 --- a/data/helpers.d/logrotate +++ b/data/helpers.d/logrotate @@ -97,8 +97,8 @@ EOF mkdir --parents $(dirname "$logfile") # Create the log directory, if not exist cat ${app}-logrotate | $customtee /etc/logrotate.d/$app > /dev/null # Append this config to the existing config file, or replace the whole config file (depending on $customtee) - ynh_user_exists "$app" || chown $app:$app "/var/log/$app" - chmod o-rwx "/var/log/$app" + ynh_user_exists "$app" || chown $app:$app "$logfile" + chmod o-rwx "$logfile" } From 93a72a7b5fe4c7efbbecd9a1c6285ab5d9b97337 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C3=89ric=20Gaspar?= <46165813+ericgaspar@users.noreply.github.com> Date: Tue, 5 Oct 2021 13:52:45 +0200 Subject: [PATCH 03/25] Update data/helpers.d/logrotate Co-authored-by: Kayou --- data/helpers.d/logrotate | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/helpers.d/logrotate b/data/helpers.d/logrotate index e4b354e03..a4548512d 100644 --- a/data/helpers.d/logrotate +++ b/data/helpers.d/logrotate @@ -97,7 +97,7 @@ EOF mkdir --parents $(dirname "$logfile") # Create the log directory, if not exist cat ${app}-logrotate | $customtee /etc/logrotate.d/$app > /dev/null # Append this config to the existing config file, or replace the whole config file (depending on $customtee) - ynh_user_exists "$app" || chown $app:$app "$logfile" + ynh_user_exists --username="$app" || chown $app:$app "$logfile" chmod o-rwx "$logfile" } From eb8a59751ec112fc74526e53cb7c107be9b5228a Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Wed, 6 Oct 2021 00:57:04 +0000 Subject: [PATCH 04/25] [CI] Format code --- src/yunohost/app.py | 2 +- src/yunohost/tests/test_questions.py | 118 +++++++++++++-------------- src/yunohost/utils/config.py | 58 +++++++------ 3 files changed, 93 insertions(+), 85 deletions(-) diff --git a/src/yunohost/app.py b/src/yunohost/app.py index 2b8d71abf..fe5281384 100644 --- a/src/yunohost/app.py +++ b/src/yunohost/app.py @@ -169,7 +169,7 @@ def app_info(app, full=False): ret["from_catalog"] = _load_apps_catalog()["apps"].get(absolute_app_name, {}) ret["upgradable"] = _app_upgradable(ret) - ret["is_webapp"] = ("domain" in settings and "path" in settings) + ret["is_webapp"] = "domain" in settings and "path" in settings ret["supports_change_url"] = os.path.exists( os.path.join(setting_path, "scripts", "change_url") diff --git a/src/yunohost/tests/test_questions.py b/src/yunohost/tests/test_questions.py index b39990b73..c21ff8c40 100644 --- a/src/yunohost/tests/test_questions.py +++ b/src/yunohost/tests/test_questions.py @@ -15,7 +15,7 @@ from yunohost.utils.config import ( PathQuestion, BooleanQuestion, FileQuestion, - evaluate_simple_js_expression + evaluate_simple_js_expression, ) from yunohost.utils.error import YunohostError, YunohostValidationError @@ -2095,97 +2095,95 @@ def test_normalize_path(): assert PathQuestion.normalize("macnuggets/") == "/macnuggets" assert PathQuestion.normalize("////macnuggets///") == "/macnuggets" + def test_simple_evaluate(): context = { - 'a1': 1, - 'b2': 2, - 'c10': 10, - 'foo': 'bar', - 'comp': '1>2', - 'empty': '', - 'lorem': 'Lorem ipsum dolor et si qua met!', - 'warning': 'Warning! This sentence will fail!', - 'quote': "Je s'apelle Groot", - 'and_': '&&', - 'object': { 'a': 'Security risk' } + "a1": 1, + "b2": 2, + "c10": 10, + "foo": "bar", + "comp": "1>2", + "empty": "", + "lorem": "Lorem ipsum dolor et si qua met!", + "warning": "Warning! This sentence will fail!", + "quote": "Je s'apelle Groot", + "and_": "&&", + "object": {"a": "Security risk"}, } supported = { - '42': 42, - '9.5': 9.5, - "'bopbidibopbopbop'": 'bopbidibopbopbop', - 'true': True, - 'false': False, - 'null': None, - + "42": 42, + "9.5": 9.5, + "'bopbidibopbopbop'": "bopbidibopbopbop", + "true": True, + "false": False, + "null": None, # Math - '1 * (2 + 3 * (4 - 3))': 5, - '1 * (2 + 3 * (4 - 3)) > 10 - 2 || 3 * 2 > 9 - 2 * 3': True, - '(9 - 2) * 3 - 10': 11, - '12 - 2 * -2 + (3 - 4) * 3.1': 12.9, - '9 / 12 + 12 * 3 - 5': 31.75, - '9 / 12 + 12 * (3 - 5)': -23.25, - '12 > 13.1': False, - '12 < 14': True, - '12 <= 14': True, - '12 >= 14': False, - '12 == 14': False, - '12 % 5 > 3': False, - '12 != 14': True, - '9 - 1 > 10 && 3 * 5 > 10': False, - '9 - 1 > 10 || 3 * 5 > 10': True, - 'a1 > 0 || a1 < -12': True, - 'a1 > 0 && a1 < -12': False, - 'a1 + 1 > 0 && -a1 > -12': True, - '-(a1 + 1) < 0 || -(a1 + 2) > -12': True, - '-a1 * 2': -2, - '(9 - 2) * 3 - c10': 11, - '(9 - b2) * 3 - c10': 11, - 'c10 > b2': True, - + "1 * (2 + 3 * (4 - 3))": 5, + "1 * (2 + 3 * (4 - 3)) > 10 - 2 || 3 * 2 > 9 - 2 * 3": True, + "(9 - 2) * 3 - 10": 11, + "12 - 2 * -2 + (3 - 4) * 3.1": 12.9, + "9 / 12 + 12 * 3 - 5": 31.75, + "9 / 12 + 12 * (3 - 5)": -23.25, + "12 > 13.1": False, + "12 < 14": True, + "12 <= 14": True, + "12 >= 14": False, + "12 == 14": False, + "12 % 5 > 3": False, + "12 != 14": True, + "9 - 1 > 10 && 3 * 5 > 10": False, + "9 - 1 > 10 || 3 * 5 > 10": True, + "a1 > 0 || a1 < -12": True, + "a1 > 0 && a1 < -12": False, + "a1 + 1 > 0 && -a1 > -12": True, + "-(a1 + 1) < 0 || -(a1 + 2) > -12": True, + "-a1 * 2": -2, + "(9 - 2) * 3 - c10": 11, + "(9 - b2) * 3 - c10": 11, + "c10 > b2": True, # String - "foo == 'bar'":True, - "foo != 'bar'":False, - 'foo == "bar" && 1 > 0':True, - '!!foo': True, - '!foo': False, - 'foo': 'bar', + "foo == 'bar'": True, + "foo != 'bar'": False, + 'foo == "bar" && 1 > 0': True, + "!!foo": True, + "!foo": False, + "foo": "bar", '!(foo > "baa") || 1 > 2': False, '!(foo > "baa") || 1 < 2': True, 'empty == ""': True, '1 == "1"': True, '1.0 == "1"': True, '1 == "aaa"': False, - "'I am ' + b2 + ' years'": 'I am 2 years', + "'I am ' + b2 + ' years'": "I am 2 years", "quote == 'Je s\\'apelle Groot'": True, "lorem == 'Lorem ipsum dolor et si qua met!'": True, "and_ == '&&'": True, "warning == 'Warning! This sentence will fail!'": True, - # Match "match(lorem, '^Lorem [ia]psumE?')": bool, "match(foo, '^Lorem [ia]psumE?')": None, "match(lorem, '^Lorem [ia]psumE?') && 1 == 1": bool, - # No code "": False, " ": False, } trigger_errors = { - "object.a": YunohostError, # Keep unsupported, for security reasons - 'a1 ** b2': YunohostError, # Keep unsupported, for security reasons - '().__class__.__bases__[0].__subclasses__()': YunohostError, # Very dangerous code - 'a1 > 11 ? 1 : 0': SyntaxError, - 'c10 > b2 == false': YunohostError, # JS and Python doesn't do the same thing for this situation - 'c10 > b2 == true': YunohostError, + "object.a": YunohostError, # Keep unsupported, for security reasons + "a1 ** b2": YunohostError, # Keep unsupported, for security reasons + "().__class__.__bases__[0].__subclasses__()": YunohostError, # Very dangerous code + "a1 > 11 ? 1 : 0": SyntaxError, + "c10 > b2 == false": YunohostError, # JS and Python doesn't do the same thing for this situation + "c10 > b2 == true": YunohostError, } for expression, result in supported.items(): if result == bool: assert bool(evaluate_simple_js_expression(expression, context)), expression else: - assert evaluate_simple_js_expression(expression, context) == result, expression + assert ( + evaluate_simple_js_expression(expression, context) == result + ), expression for expression, error in trigger_errors.items(): with pytest.raises(error): evaluate_simple_js_expression(expression, context) - diff --git a/src/yunohost/utils/config.py b/src/yunohost/utils/config.py index 0f18fad0d..e38cfbb3a 100644 --- a/src/yunohost/utils/config.py +++ b/src/yunohost/utils/config.py @@ -55,24 +55,24 @@ def evaluate_simple_ast(node, context={}): operators = { ast.Not: op.not_, ast.Mult: op.mul, - ast.Div: op.truediv, # number - ast.Mod: op.mod, # number - ast.Add: op.add, #str - ast.Sub: op.sub, #number - ast.USub: op.neg, # Negative number + ast.Div: op.truediv, # number + ast.Mod: op.mod, # number + ast.Add: op.add, # str + ast.Sub: op.sub, # number + ast.USub: op.neg, # Negative number ast.Gt: op.gt, ast.Lt: op.lt, ast.GtE: op.ge, ast.LtE: op.le, ast.Eq: op.eq, - ast.NotEq: op.ne + ast.NotEq: op.ne, } - context['true'] = True - context['false'] = False - context['null'] = None + context["true"] = True + context["false"] = False + context["null"] = None # Variable - if isinstance(node, ast.Name): # Variable + if isinstance(node, ast.Name): # Variable return context[node.id] # Python <=3.7 String @@ -88,14 +88,16 @@ def evaluate_simple_ast(node, context={}): return node.value # + - * / % - elif isinstance(node, ast.BinOp) and type(node.op) in operators: # + elif ( + isinstance(node, ast.BinOp) and type(node.op) in operators + ): # left = evaluate_simple_ast(node.left, context) right = evaluate_simple_ast(node.right, context) if type(node.op) == ast.Add: - if isinstance(left, str) or isinstance(right, str): # support 'I am ' + 42 + if isinstance(left, str) or isinstance(right, str): # support 'I am ' + 42 left = str(left) right = str(right) - elif type(left) != type(right): # support "111" - "1" -> 110 + elif type(left) != type(right): # support "111" - "1" -> 110 left = float(left) right = float(right) @@ -104,7 +106,9 @@ def evaluate_simple_ast(node, context={}): # Comparison # JS and Python don't give the same result for multi operators # like True == 10 > 2. - elif isinstance(node, ast.Compare) and len(node.comparators) == 1: # + elif ( + isinstance(node, ast.Compare) and len(node.comparators) == 1 + ): # left = evaluate_simple_ast(node.left, context) right = evaluate_simple_ast(node.comparators[0], context) operator = node.ops[0] @@ -116,11 +120,11 @@ def evaluate_simple_ast(node, context={}): return type(operator) == ast.NotEq try: return operators[type(operator)](left, right) - except TypeError: # support "e" > 1 -> False like in JS + except TypeError: # support "e" > 1 -> False like in JS return False # and / or - elif isinstance(node, ast.BoolOp): # + elif isinstance(node, ast.BoolOp): # values = node.values for value in node.values: value = evaluate_simple_ast(value, context) @@ -131,20 +135,22 @@ def evaluate_simple_ast(node, context={}): return isinstance(node.op, ast.And) # not / USub (it's negation number -\d) - elif isinstance(node, ast.UnaryOp): # e.g., -1 + elif isinstance(node, ast.UnaryOp): # e.g., -1 return operators[type(node.op)](evaluate_simple_ast(node.operand, context)) # match function call - elif isinstance(node, ast.Call) and node.func.__dict__.get('id') == 'match': + elif isinstance(node, ast.Call) and node.func.__dict__.get("id") == "match": return re.match( - evaluate_simple_ast(node.args[1], context), - context[node.args[0].id] + evaluate_simple_ast(node.args[1], context), context[node.args[0].id] ) # Unauthorized opcode else: opcode = str(type(node)) - raise YunohostError(f"Unauthorize opcode '{opcode}' in visible attribute", raw_msg=True) + raise YunohostError( + f"Unauthorize opcode '{opcode}' in visible attribute", raw_msg=True + ) + def js_to_python(expr): in_string = None @@ -163,7 +169,7 @@ def js_to_python(expr): # If we are not in a string, replace operators elif not in_string: - if char == "!" and expr[i +1] != "=": + if char == "!" and expr[i + 1] != "=": char = "not " elif char in "|&" and py_expr[-1:] == char: py_expr = py_expr[:-1] @@ -172,15 +178,17 @@ def js_to_python(expr): # Determine if next loop will be in escaped mode escaped = char == "\\" and not escaped py_expr += char - i+=1 + i += 1 return py_expr + def evaluate_simple_js_expression(expr, context={}): if not expr.strip(): return False node = ast.parse(js_to_python(expr), mode="eval").body return evaluate_simple_ast(node, context) + class ConfigPanel: def __init__(self, config_path, save_path=None): self.config_path = config_path @@ -649,7 +657,9 @@ class Question(object): def ask_if_needed(self): - if self.visible and not evaluate_simple_js_expression(self.visible, context=self.context): + if self.visible and not evaluate_simple_js_expression( + self.visible, context=self.context + ): # FIXME There could be several use case if the question is not displayed: # - we doesn't want to give a specific value # - we want to keep the previous value From 344ed7252c996c7e907319853ba6decfabf90406 Mon Sep 17 00:00:00 2001 From: yunohost-bot Date: Wed, 6 Oct 2021 12:15:29 +0000 Subject: [PATCH 05/25] [CI] Format code --- src/yunohost/utils/config.py | 1 - 1 file changed, 1 deletion(-) diff --git a/src/yunohost/utils/config.py b/src/yunohost/utils/config.py index 4ee944126..4ee62c6f7 100644 --- a/src/yunohost/utils/config.py +++ b/src/yunohost/utils/config.py @@ -1241,7 +1241,6 @@ def ask_questions_and_parse_answers( else: answers = {} - out = [] for raw_question in raw_questions: From 644cdd41d8aa3cd27915dccbe472084961b742cc Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Mon, 15 Jun 2020 16:36:41 +0200 Subject: [PATCH 06/25] Allow to re-run ynh_install_app_dependencies multiple times --- data/helpers.d/apt | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) diff --git a/data/helpers.d/apt b/data/helpers.d/apt index c3439a583..aee022da7 100644 --- a/data/helpers.d/apt +++ b/data/helpers.d/apt @@ -210,6 +210,8 @@ ynh_package_install_from_equivs () { ynh_package_is_installed "$pkgname" } +YNH_INSTALL_APP_DEPENDENCIES_REPLACE="true" + # Define and install dependencies with a equivs control file # # This helper can/should only be called once per app @@ -248,6 +250,24 @@ ynh_install_app_dependencies () { dependencies="$(echo "$dependencies" | sed 's/\([^(\<=\>]\)\([\<=\>]\+\)\([^,]\+\)/\1 (\2 \3)/g')" fi + # The first time we run ynh_install_app_dependencies, we will replace the + # entire control file (This is in particular meant to cover the case of + # upgrade script where ynh_install_app_dependencies is called with this + # expected effect) Otherwise, any subsequent call will add dependencies + # to those already present in the equivs control file. + if [[ $YNH_INSTALL_APP_DEPENDENCIES_REPLACE == "true" ]] + then + YNH_INSTALL_APP_DEPENDENCIES_REPLACE="false" + else + local current_dependencies="" + if ynh_package_is_installed --package="${dep_app}-ynh-deps" + then + current_dependencies="$(dpkg-query --show --showformat='${Depends}' ${dep_app}-ynh-deps) " + fi + current_dependencies=${current_dependencies// | /|} + dependencies="$current_dependencies $dependencies" + fi + # # Epic ugly hack to fix the goddamn dependency nightmare of sury # Sponsored by the "Djeezusse Fokin Kraiste Why Do Adminsys Has To Be So Fucking Complicated I Should Go Grow Potatoes Instead Of This Shit" collective @@ -284,6 +304,9 @@ EOF ynh_app_setting_set --app=$app --key=apt_dependencies --value="$dependencies" } + + + # Add dependencies to install with ynh_install_app_dependencies # # usage: ynh_add_app_dependencies --package=phpversion [--replace] From 76aaaab74e80a827fbbb2474676b110e04fb6ad5 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Mon, 15 Jun 2020 16:47:51 +0200 Subject: [PATCH 07/25] Factorize sury repo configuration into ynh_add_sury --- data/helpers.d/apt | 19 ++++++++++++++++++- data/helpers.d/php | 3 +-- 2 files changed, 19 insertions(+), 3 deletions(-) diff --git a/data/helpers.d/apt b/data/helpers.d/apt index aee022da7..8ba5bbe3e 100644 --- a/data/helpers.d/apt +++ b/data/helpers.d/apt @@ -283,7 +283,7 @@ ynh_install_app_dependencies () { if ! grep --recursive --quiet "^ *deb.*sury" /etc/apt/sources.list* then # Re-add sury - ynh_install_extra_repo --repo="https://packages.sury.org/php/ $(ynh_get_debian_release) main" --key="https://packages.sury.org/php/apt.gpg" --name=extra_php_version --priority=600 + ynh_add_sury fi fi fi @@ -304,7 +304,24 @@ EOF ynh_app_setting_set --app=$app --key=apt_dependencies --value="$dependencies" } +# Add sury repository with adequate pin strategy +# +# [internal] +# +# usage: ynh_add_sury +# +ynh_add_sury() { + # Add an extra repository for those packages + ynh_install_extra_repo --repo="https://packages.sury.org/php/ $(ynh_get_debian_release) main" --key="https://packages.sury.org/php/apt.gpg" --name=extra_php_version --priority=600 + + # Pin this extra repository after packages are installed to prevent sury of doing shit + for package_to_not_upgrade in "php" "php-fpm" "php-mysql" "php-xml" "php-zip" "php-mbstring" "php-ldap" "php-gd" "php-curl" "php-bz2" "php-json" "php-sqlite3" "php-intl" "openssl" "libssl1.1" "libssl-dev" + do + ynh_pin_repo --package="$package_to_not_upgrade" --pin="origin \"packages.sury.org\"" --priority="-1" --name=extra_php_version --append + done + +} # Add dependencies to install with ynh_install_app_dependencies diff --git a/data/helpers.d/php b/data/helpers.d/php index 7c91d89d2..6d47fdc13 100644 --- a/data/helpers.d/php +++ b/data/helpers.d/php @@ -348,8 +348,7 @@ ynh_install_php () { echo "$YNH_APP_INSTANCE_NAME:$phpversion" | tee --append "/etc/php/ynh_app_version" fi - # Add an extra repository for those packages - ynh_install_extra_repo --repo="https://packages.sury.org/php/ $(ynh_get_debian_release) main" --key="https://packages.sury.org/php/apt.gpg" --name=extra_php_version --priority=600 + ynh_add_sury # Install requested dependencies from this extra repository. # Install PHP-FPM first, otherwise PHP will install apache as a dependency. From 040be532ad759b952c00a898136f5975d2e285ed Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Mon, 15 Jun 2020 17:39:16 +0200 Subject: [PATCH 08/25] During ynh_install_app_dependencies, if the dependency list contains specific php version stuff, add sury and other tweaks --- data/helpers.d/apt | 57 +++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 54 insertions(+), 3 deletions(-) diff --git a/data/helpers.d/apt b/data/helpers.d/apt index 8ba5bbe3e..0eedfd601 100644 --- a/data/helpers.d/apt +++ b/data/helpers.d/apt @@ -250,6 +250,25 @@ ynh_install_app_dependencies () { dependencies="$(echo "$dependencies" | sed 's/\([^(\<=\>]\)\([\<=\>]\+\)\([^,]\+\)/\1 (\2 \3)/g')" fi + # Check for specific php dependencies which requires sury + # This grep will for example return "7.4" if dependencies is "foo bar php7.4-pwet php-gni" + local specific_php_version=$(echo $dependencies | tr '-' ' ' | grep -o -E "\" | sed 's/php//g' | sort | uniq) + + # Ignore case where the php version found is the one available in debian vanilla + [[ "$specific_php_version" != "$YNH_DEFAULT_PHP_VERSION" ]] || specific_php_version="" + + if [[ -n "$specific_php_version" ]] + then + # Cover a small edge case where a packager could have specified "php7.4-pwet php5-gni" which is confusing + [[ $(echo $specific_php_version | wc -l) -eq 1 ]] \ + || ynh_die --message="Inconsistent php versions in dependencies ... found : $specific_php_version" + + dependencies+=", php${specific_php_version}, php${specific_php_version}-fpm, php${specific_php_version}-common" + + ynh_add_sury + fi + + # The first time we run ynh_install_app_dependencies, we will replace the # entire control file (This is in particular meant to cover the case of # upgrade script where ynh_install_app_dependencies is called with this @@ -263,9 +282,9 @@ ynh_install_app_dependencies () { if ynh_package_is_installed --package="${dep_app}-ynh-deps" then current_dependencies="$(dpkg-query --show --showformat='${Depends}' ${dep_app}-ynh-deps) " + current_dependencies=${current_dependencies// | /|} fi - current_dependencies=${current_dependencies// | /|} - dependencies="$current_dependencies $dependencies" + dependencies="$current_dependencies, $dependencies" fi # @@ -301,7 +320,20 @@ EOF ynh_package_install_from_equivs /tmp/${dep_app}-ynh-deps.control \ || ynh_die --message="Unable to install dependencies" # Install the fake package and its dependencies rm /tmp/${dep_app}-ynh-deps.control + ynh_app_setting_set --app=$app --key=apt_dependencies --value="$dependencies" + + if [[ -n "$specific_php_version" ]] + then + # Set the default php version back as the default version for php-cli. + update-alternatives --set php /usr/bin/php$YNH_DEFAULT_PHP_VERSION + + # Store phpversion into the config of this app + ynh_app_setting_set $app phpversion $specific_php_version + + # Integrate new php-fpm service in yunohost + yunohost service add php${specific_php_version}-fpm --log "/var/log/php${phpversion}-fpm.log" + fi } # Add sury repository with adequate pin strategy @@ -315,7 +347,7 @@ ynh_add_sury() { # Add an extra repository for those packages ynh_install_extra_repo --repo="https://packages.sury.org/php/ $(ynh_get_debian_release) main" --key="https://packages.sury.org/php/apt.gpg" --name=extra_php_version --priority=600 - # Pin this extra repository after packages are installed to prevent sury of doing shit + # Pin this extra repository after packages are installed to prevent sury from doing shit for package_to_not_upgrade in "php" "php-fpm" "php-mysql" "php-xml" "php-zip" "php-mbstring" "php-ldap" "php-gd" "php-curl" "php-bz2" "php-json" "php-sqlite3" "php-intl" "openssl" "libssl1.1" "libssl-dev" do ynh_pin_repo --package="$package_to_not_upgrade" --pin="origin \"packages.sury.org\"" --priority="-1" --name=extra_php_version --append @@ -365,7 +397,26 @@ ynh_add_app_dependencies () { # Requires YunoHost version 2.6.4 or higher. ynh_remove_app_dependencies () { local dep_app=${app//_/-} # Replace all '_' by '-' + + local current_dependencies="" + if ynh_package_is_installed --package="${dep_app}-ynh-deps" + then + current_dependencies="$(dpkg-query --show --showformat='${Depends}' ${dep_app}-ynh-deps) " + current_dependencies=${current_dependencies// | /|} + fi + ynh_package_autopurge ${dep_app}-ynh-deps # Remove the fake package and its dependencies if they not still used. + + # Check if this app used a specific php version ... in which case we check + # if the corresponding php-fpm is still there. Otherwise, we remove the + # service from yunohost as well + + local specific_php_version=$(echo $dependencies | tr '-' ' ' | grep -o -E "\" | sed 's/php//g' | sort | uniq) + [[ "$specific_php_version" != "$YNH_DEFAULT_PHP_VERSION" ]] || specific_php_version="" + if [[ -n "$specific_php_version" ]] && ! ynh_package_is_installed --package="php${specific_php_version}-fpm"; + then + yunohost service remove php${specific_php_version}-fpm + fi } # Install packages from an extra repository properly. From 76b60890c6f772f6a8e1aa105899f24877853dd3 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Mon, 15 Jun 2020 18:23:32 +0200 Subject: [PATCH 09/25] Propagate changes on other apt/php helpers... --- data/helpers.d/apt | 19 ++------------- data/helpers.d/php | 59 ++++------------------------------------------ 2 files changed, 6 insertions(+), 72 deletions(-) diff --git a/data/helpers.d/apt b/data/helpers.d/apt index 0eedfd601..f662c58e4 100644 --- a/data/helpers.d/apt +++ b/data/helpers.d/apt @@ -360,7 +360,6 @@ ynh_add_sury() { # # usage: ynh_add_app_dependencies --package=phpversion [--replace] # | arg: -p, --package= - Packages to add as dependencies for the app. -# | arg: -r, --replace - Replace dependencies instead of adding to existing ones. # # Requires YunoHost version 3.8.1 or higher. ynh_add_app_dependencies () { @@ -368,24 +367,10 @@ ynh_add_app_dependencies () { local legacy_args=pr local -A args_array=( [p]=package= [r]=replace) local package - local replace # Manage arguments with getopts ynh_handle_getopts_args "$@" - replace=${replace:-0} - local current_dependencies="" - if [ $replace -eq 0 ] - then - local dep_app=${app//_/-} # Replace all '_' by '-' - if ynh_package_is_installed --package="${dep_app}-ynh-deps" - then - current_dependencies="$(dpkg-query --show --showformat='${Depends}' ${dep_app}-ynh-deps) " - fi - - current_dependencies=${current_dependencies// | /|} - fi - - ynh_install_app_dependencies "${current_dependencies}${package}" + ynh_install_app_dependencies "${package}" } # Remove fake package and its dependencies @@ -450,7 +435,7 @@ ynh_install_extra_app_dependencies () { ynh_install_extra_repo --repo="$repo" $key --priority=995 --name=$name # Install requested dependencies from this extra repository. - ynh_add_app_dependencies --package="$package" + ynh_install_app_dependencies --package="$package" # Remove this extra repository after packages are installed ynh_remove_extra_repo --name=$app diff --git a/data/helpers.d/php b/data/helpers.d/php index 6d47fdc13..2191b0d22 100644 --- a/data/helpers.d/php +++ b/data/helpers.d/php @@ -111,7 +111,7 @@ ynh_add_fpm_config () { elif [ -n "$package" ] then # Install the additionnal packages from the default repository - ynh_add_app_dependencies --package="$package" + ynh_install_app_dependencies "$package" fi if [ $dedicated_service -eq 1 ] @@ -330,36 +330,13 @@ ynh_install_php () { ynh_handle_getopts_args "$@" package=${package:-} - # Store phpversion into the config of this app - ynh_app_setting_set $app phpversion $phpversion - if [ "$phpversion" == "$YNH_DEFAULT_PHP_VERSION" ] then ynh_die --message="Do not use ynh_install_php to install php$YNH_DEFAULT_PHP_VERSION" fi - # Create the file if doesn't exist already - touch /etc/php/ynh_app_version - - # Do not add twice the same line - if ! grep --quiet "$YNH_APP_INSTANCE_NAME:" "/etc/php/ynh_app_version" - then - # Store the ID of this app and the version of PHP requested for it - echo "$YNH_APP_INSTANCE_NAME:$phpversion" | tee --append "/etc/php/ynh_app_version" - fi - - ynh_add_sury - - # Install requested dependencies from this extra repository. - # Install PHP-FPM first, otherwise PHP will install apache as a dependency. - ynh_add_app_dependencies --package="php${phpversion}-fpm" - ynh_add_app_dependencies --package="php$phpversion php${phpversion}-common $package" - - # Set the default PHP version back as the default version for php-cli. - update-alternatives --set php /usr/bin/php$YNH_DEFAULT_PHP_VERSION - - # Advertise service in admin panel - yunohost service add php${phpversion}-fpm --log "/var/log/php${phpversion}-fpm.log" + ynh_install_app_dependencies "$package" + ynh_app_setting_set $app phpversion $phpversion } # Remove the specific version of PHP used by the app. @@ -370,35 +347,7 @@ ynh_install_php () { # # Requires YunoHost version 3.8.1 or higher. ynh_remove_php () { - # Get the version of PHP used by this app - local phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) - - if [ "$phpversion" == "$YNH_DEFAULT_PHP_VERSION" ] || [ -z "$phpversion" ] - then - if [ "$phpversion" == "$YNH_DEFAULT_PHP_VERSION" ] - then - ynh_print_err "Do not use ynh_remove_php to remove php$YNH_DEFAULT_PHP_VERSION !" - fi - return 0 - fi - - # Create the file if doesn't exist already - touch /etc/php/ynh_app_version - - # Remove the line for this app - sed --in-place "/$YNH_APP_INSTANCE_NAME:$phpversion/d" "/etc/php/ynh_app_version" - - # If no other app uses this version of PHP, remove it. - if ! grep --quiet "$phpversion" "/etc/php/ynh_app_version" - then - # Remove the service from the admin panel - if ynh_package_is_installed --package="php${phpversion}-fpm"; then - yunohost service remove php${phpversion}-fpm - fi - - # Purge PHP dependencies for this version. - ynh_package_autopurge "php$phpversion php${phpversion}-fpm php${phpversion}-common" - fi + ynh_remove_app_dependencies } # Define the values to configure PHP-FPM From e07e1a95f4e223808d15fed8098d67f27de01653 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Tue, 16 Jun 2020 21:31:24 +0200 Subject: [PATCH 10/25] Apply suggestions from code review Co-authored-by: Kayou --- data/helpers.d/apt | 4 ++-- data/helpers.d/php | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/data/helpers.d/apt b/data/helpers.d/apt index f662c58e4..8b284d4fc 100644 --- a/data/helpers.d/apt +++ b/data/helpers.d/apt @@ -329,7 +329,7 @@ EOF update-alternatives --set php /usr/bin/php$YNH_DEFAULT_PHP_VERSION # Store phpversion into the config of this app - ynh_app_setting_set $app phpversion $specific_php_version + ynh_app_setting_set --app=$app --key=phpversion --value=$specific_php_version # Integrate new php-fpm service in yunohost yunohost service add php${specific_php_version}-fpm --log "/var/log/php${phpversion}-fpm.log" @@ -435,7 +435,7 @@ ynh_install_extra_app_dependencies () { ynh_install_extra_repo --repo="$repo" $key --priority=995 --name=$name # Install requested dependencies from this extra repository. - ynh_install_app_dependencies --package="$package" + ynh_install_app_dependencies "$package" # Remove this extra repository after packages are installed ynh_remove_extra_repo --name=$app diff --git a/data/helpers.d/php b/data/helpers.d/php index 2191b0d22..d383c1e4f 100644 --- a/data/helpers.d/php +++ b/data/helpers.d/php @@ -336,7 +336,7 @@ ynh_install_php () { fi ynh_install_app_dependencies "$package" - ynh_app_setting_set $app phpversion $phpversion + ynh_app_setting_set --app=$app --key=phpversion --value=$specific_php_version } # Remove the specific version of PHP used by the app. From 5054397a5a73d13eb3e50a8f52b01c693d3c871d Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Wed, 6 Oct 2021 15:11:09 +0200 Subject: [PATCH 11/25] helpers: Add deprecation warning to ynh_add_app_dependencies --- data/helpers.d/apt | 1 + 1 file changed, 1 insertion(+) diff --git a/data/helpers.d/apt b/data/helpers.d/apt index 8b284d4fc..b182edc6c 100644 --- a/data/helpers.d/apt +++ b/data/helpers.d/apt @@ -370,6 +370,7 @@ ynh_add_app_dependencies () { # Manage arguments with getopts ynh_handle_getopts_args "$@" + ynh_print_warn --message="Packagers: ynh_add_app_dependencies is deprecated and is now only an alias to ynh_install_app_dependencies" ynh_install_app_dependencies "${package}" } From 9ee631c1c451f1befe59fa3c5abeed325a4d1b5d Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Wed, 6 Oct 2021 15:16:18 +0200 Subject: [PATCH 12/25] helpers: Typo in ynh_remove_app_dependencies --- data/helpers.d/apt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/helpers.d/apt b/data/helpers.d/apt index b182edc6c..6f1db90f8 100644 --- a/data/helpers.d/apt +++ b/data/helpers.d/apt @@ -397,7 +397,7 @@ ynh_remove_app_dependencies () { # if the corresponding php-fpm is still there. Otherwise, we remove the # service from yunohost as well - local specific_php_version=$(echo $dependencies | tr '-' ' ' | grep -o -E "\" | sed 's/php//g' | sort | uniq) + local specific_php_version=$(echo $current_dependencies | tr '-' ' ' | grep -o -E "\" | sed 's/php//g' | sort | uniq) [[ "$specific_php_version" != "$YNH_DEFAULT_PHP_VERSION" ]] || specific_php_version="" if [[ -n "$specific_php_version" ]] && ! ynh_package_is_installed --package="php${specific_php_version}-fpm"; then From 13d012bb4fe8ef05a1c6c8cfdab87a88b7b6cc87 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Wed, 6 Oct 2021 15:34:26 +0200 Subject: [PATCH 13/25] helpers apt: save phpversion in settings even when using php default version --- data/helpers.d/apt | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/data/helpers.d/apt b/data/helpers.d/apt index 6f1db90f8..235cc0067 100644 --- a/data/helpers.d/apt +++ b/data/helpers.d/apt @@ -293,7 +293,7 @@ ynh_install_app_dependencies () { # https://github.com/YunoHost/issues/issues/1407 # # If we require to install php dependency - if echo $dependencies | grep --quiet 'php' + if grep --quiet 'php' <<< "$dependencies" then # And we have packages from sury installed (7.0.33-10+weirdshiftafter instead of 7.0.33-0 on debian) if dpkg --list | grep "php7.0" | grep --quiet --invert-match "7.0.33-0+deb9" @@ -333,6 +333,9 @@ EOF # Integrate new php-fpm service in yunohost yunohost service add php${specific_php_version}-fpm --log "/var/log/php${phpversion}-fpm.log" + elif grep --quiet 'php' <<< "$dependencies" + # Store phpversion into the config of this app + ynh_app_setting_set --app=$app --key=phpversion --value=$YNH_DEFAULT_PHP_VERSION fi } From c9cdfc6b0f9417578704c1cfd32c69d5460129ff Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Wed, 6 Oct 2021 16:56:47 +0200 Subject: [PATCH 14/25] Typo :| --- data/helpers.d/apt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/helpers.d/apt b/data/helpers.d/apt index 235cc0067..f563757fb 100644 --- a/data/helpers.d/apt +++ b/data/helpers.d/apt @@ -333,7 +333,7 @@ EOF # Integrate new php-fpm service in yunohost yunohost service add php${specific_php_version}-fpm --log "/var/log/php${phpversion}-fpm.log" - elif grep --quiet 'php' <<< "$dependencies" + elif grep --quiet 'php' <<< "$dependencies"; then # Store phpversion into the config of this app ynh_app_setting_set --app=$app --key=phpversion --value=$YNH_DEFAULT_PHP_VERSION fi From 1d2e4e78f24b891e6cbe2a6d6e2f7a437f280759 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Wed, 6 Oct 2021 18:57:56 +0200 Subject: [PATCH 15/25] Safer, clearer ynh_secure_remove --- data/helpers.d/utils | 49 +++++++------ tests/test_helpers.d/ynhtest_secure_remove.sh | 71 +++++++++++++++++++ 2 files changed, 100 insertions(+), 20 deletions(-) create mode 100644 tests/test_helpers.d/ynhtest_secure_remove.sh diff --git a/data/helpers.d/utils b/data/helpers.d/utils index 061ff324d..a2d7855b9 100644 --- a/data/helpers.d/utils +++ b/data/helpers.d/utils @@ -724,6 +724,28 @@ properly with chmod/chown." echo $TMP_DIR } +_acceptable_path_to_delete() { + local file=$1 + + local forbidden_paths=$(ls -d / /* /{var,home,usr}/* /etc/{default,sudoers.d,yunohost,cron*}) + + # Legacy : A couple apps still have data in /home/$app ... + if [[ -n "$app" ]] + then + forbidden_paths=$(echo "$forbidden_paths" | grep -v "/home/$app") + fi + + # Use realpath to normalize the path .. + # i.e convert ///foo//bar//..///baz//// to /foo/baz + file=$(realpath --no-symlinks $file) + if [ -z "$file" ] || grep -q -x -F "$file" <<< "$forbidden_paths"; then + return 1 + else + return 0 + fi +} + + # Remove a file or a directory securely # # usage: ynh_secure_remove --file=path_to_remove @@ -739,31 +761,18 @@ ynh_secure_remove () { ynh_handle_getopts_args "$@" set +o xtrace # set +x - local forbidden_path=" \ - /var/www \ - /home/yunohost.app" - - if [ $# -ge 2 ] - then + if [ $# -ge 2 ]; then ynh_print_warn --message="/!\ Packager ! You provided more than one argument to ynh_secure_remove but it will be ignored... Use this helper with one argument at time." fi - if [[ -z "$file" ]] - then + if [[ -z "$file" ]]; then ynh_print_warn --message="ynh_secure_remove called with empty argument, ignoring." - elif [[ "$forbidden_path" =~ "$file" \ - # Match all paths or subpaths in $forbidden_path - || "$file" =~ ^/[[:alnum:]]+$ \ - # Match all first level paths from / (Like /var, /root, etc...) - || "${file:${#file}-1}" = "/" ]] - # Match if the path finishes by /. Because it seems there is an empty variable - then - ynh_print_warn --message="Not deleting '$file' because it is not an acceptable path to delete." - elif [ -e "$file" ] - then - rm --recursive "$file" - else + elif [[ ! -e $file ]]; then ynh_print_info --message="'$file' wasn't deleted because it doesn't exist." + elif ! _acceptable_path_to_delete "$file"; then + ynh_print_warn --message="Not deleting '$file' because it is not an acceptable path to delete." + else + rm --recursive "$file" fi set -o xtrace # set -x diff --git a/tests/test_helpers.d/ynhtest_secure_remove.sh b/tests/test_helpers.d/ynhtest_secure_remove.sh new file mode 100644 index 000000000..04d85fa7a --- /dev/null +++ b/tests/test_helpers.d/ynhtest_secure_remove.sh @@ -0,0 +1,71 @@ +ynhtest_acceptable_path_to_delete() { + + mkdir -p /home/someuser + mkdir -p /home/$app + mkdir -p /home/yunohost.app/$app + mkdir -p /var/www/$app + touch /var/www/$app/bar + touch /etc/cron.d/$app + + ! _acceptable_path_to_delete / + ! _acceptable_path_to_delete //// + ! _acceptable_path_to_delete " //// " + ! _acceptable_path_to_delete /var + ! _acceptable_path_to_delete /var/www + ! _acceptable_path_to_delete /var/cache + ! _acceptable_path_to_delete /usr + ! _acceptable_path_to_delete /usr/bin + ! _acceptable_path_to_delete /home + ! _acceptable_path_to_delete /home/yunohost.backup + ! _acceptable_path_to_delete /home/yunohost.app + ! _acceptable_path_to_delete /home/yunohost.app/ + ! _acceptable_path_to_delete ///home///yunohost.app/// + ! _acceptable_path_to_delete /home/yunohost.app/$app/.. + ! _acceptable_path_to_delete ///home///yunohost.app///$app///..// + ! _acceptable_path_to_delete /home/yunohost.app/../$app/.. + ! _acceptable_path_to_delete /home/someuser + ! _acceptable_path_to_delete /home/yunohost.app//../../$app + ! _acceptable_path_to_delete " /home/yunohost.app/// " + ! _acceptable_path_to_delete /etc/cron.d/ + ! _acceptable_path_to_delete /etc/yunohost/ + + _acceptable_path_to_delete /home/yunohost.app/$app + _acceptable_path_to_delete /home/yunohost.app/$app/bar + _acceptable_path_to_delete /etc/cron.d/$app + _acceptable_path_to_delete /var/www/$app/bar + _acceptable_path_to_delete /var/www/$app + + rm /var/www/$app/bar + rm /etc/cron.d/$app + rmdir /home/yunohost.app/$app + rmdir /home/$app + rmdir /home/someuser + rmdir /var/www/$app +} + +ynhtest_secure_remove() { + + mkdir -p /home/someuser + mkdir -p /home/yunohost.app/$app + mkdir -p /var/www/$app + mkdir -p /var/whatever + touch /var/www/$app/bar + touch /etc/cron.d/$app + + ! ynh_secure_remove --file="/home/someuser" + ! ynh_secure_remove --file="/home/yunohost.app/" + ! ynh_secure_remove --file="/var/whatever" + ynh_secure_remove --file="/home/yunohost.app/$app" + ynh_secure_remove --file="/var/www/$app" + ynh_secure_remove --file="/etc/cron.d/$app" + + test -e /home/someuser + test -e /home/yunohost.app + test -e /var/whatever + ! test -e /home/yunohost.app/$app + ! test -e /var/www/$app + ! test -e /etc/cron.d/$app + + rmdir /home/someuser + rmdir /var/whatever +} From e563a366ef5eb85ed9e90dc39fea6a2bbb670018 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Thu, 7 Oct 2021 01:46:09 +0200 Subject: [PATCH 16/25] helpers apt: Use smarter grep with lookbehind to extract php version from dependency list Co-authored-by: Florent --- data/helpers.d/apt | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/data/helpers.d/apt b/data/helpers.d/apt index f563757fb..46b769804 100644 --- a/data/helpers.d/apt +++ b/data/helpers.d/apt @@ -252,7 +252,8 @@ ynh_install_app_dependencies () { # Check for specific php dependencies which requires sury # This grep will for example return "7.4" if dependencies is "foo bar php7.4-pwet php-gni" - local specific_php_version=$(echo $dependencies | tr '-' ' ' | grep -o -E "\" | sed 's/php//g' | sort | uniq) + # The (?<=php) syntax corresponds to lookbehind ;) + local specific_php_version=$(echo $dependencies | grep -oP '(?<=php)[0-9.]+(?=-|\>)' | sort -u) # Ignore case where the php version found is the one available in debian vanilla [[ "$specific_php_version" != "$YNH_DEFAULT_PHP_VERSION" ]] || specific_php_version="" From 560162dd96e47aca8e49bbe0bbd7351a5c772cf3 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Thu, 7 Oct 2021 10:29:03 +0200 Subject: [PATCH 17/25] Sury pinning is managed in the core, c.f. 346728e5 --- data/helpers.d/apt | 6 ------ 1 file changed, 6 deletions(-) diff --git a/data/helpers.d/apt b/data/helpers.d/apt index 46b769804..2f5df175c 100644 --- a/data/helpers.d/apt +++ b/data/helpers.d/apt @@ -351,12 +351,6 @@ ynh_add_sury() { # Add an extra repository for those packages ynh_install_extra_repo --repo="https://packages.sury.org/php/ $(ynh_get_debian_release) main" --key="https://packages.sury.org/php/apt.gpg" --name=extra_php_version --priority=600 - # Pin this extra repository after packages are installed to prevent sury from doing shit - for package_to_not_upgrade in "php" "php-fpm" "php-mysql" "php-xml" "php-zip" "php-mbstring" "php-ldap" "php-gd" "php-curl" "php-bz2" "php-json" "php-sqlite3" "php-intl" "openssl" "libssl1.1" "libssl-dev" - do - ynh_pin_repo --package="$package_to_not_upgrade" --pin="origin \"packages.sury.org\"" --priority="-1" --name=extra_php_version --append - done - } From bde5590783f1e9a81b5b9ae33b1101c217fcf000 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Thu, 7 Oct 2021 10:33:33 +0200 Subject: [PATCH 18/25] Update data/helpers.d/logrotate --- data/helpers.d/logrotate | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/data/helpers.d/logrotate b/data/helpers.d/logrotate index a4548512d..1844cc5c7 100644 --- a/data/helpers.d/logrotate +++ b/data/helpers.d/logrotate @@ -97,8 +97,10 @@ EOF mkdir --parents $(dirname "$logfile") # Create the log directory, if not exist cat ${app}-logrotate | $customtee /etc/logrotate.d/$app > /dev/null # Append this config to the existing config file, or replace the whole config file (depending on $customtee) - ynh_user_exists --username="$app" || chown $app:$app "$logfile" - chmod o-rwx "$logfile" + if ynh_user_exists --username="$app"; then + chown $app:$app "$logfile" + chmod o-rwx "$logfile" + fi } From f769c40f9602d9ae85eb4c99d332ee6da9781f95 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Thu, 7 Oct 2021 10:37:05 +0200 Subject: [PATCH 19/25] Double quotes to prevent bash apocalypse --- data/helpers.d/utils | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/helpers.d/utils b/data/helpers.d/utils index a2d7855b9..1e1930010 100644 --- a/data/helpers.d/utils +++ b/data/helpers.d/utils @@ -737,7 +737,7 @@ _acceptable_path_to_delete() { # Use realpath to normalize the path .. # i.e convert ///foo//bar//..///baz//// to /foo/baz - file=$(realpath --no-symlinks $file) + file=$(realpath --no-symlinks "$file") if [ -z "$file" ] || grep -q -x -F "$file" <<< "$forbidden_paths"; then return 1 else From c8e14133d5757cefec3236a41c2914cb0a4feddd Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Thu, 7 Oct 2021 10:46:18 +0200 Subject: [PATCH 20/25] Update changelog for 4.3.1.2 --- debian/changelog | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/debian/changelog b/debian/changelog index a10c83888..f778e0e5d 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,17 @@ +yunohost (4.3.1.2) testing; urgency=low + + - [fix] apps: upgrade was broken because of typo ([#1350](https://github.com/YunoHost/yunohost/pull/1350)) + - [enh] apps: in app_info, return a new is_webapp info meant to be used by API/webadmin (4cd5e9b6) + - [fix] configpanel: handle case where file question didnt get modified from webadmin, in which case self.value contains a path (54d901ad) + - [fix] configpanel: bind_key -> bind_key_ to prevent yunohost from redacting key names which leads to broken log metadata.yml somehow (941cc294) + - [enh] questions: Add visible attribute support in cli (74256845) + - [enh] helpers: Simplify apt/php dependencies helpers ([#1018](https://github.com/YunoHost/yunohost/pull/1018)) + - [enh] helpers: In logrotate helper, enforce decent permissions on log file if app user exists ([#1352](https://github.com/YunoHost/yunohost/pull/1352)) + + Thanks to all contributors <3 ! (Éric Gaspar, Kay0u, ljf) + + -- Alexandre Aubin Thu, 07 Oct 2021 10:42:06 +0200 + yunohost (4.3.1.1) testing; urgency=low - [enh] app helpers: Update n version ([#1347](https://github.com/YunoHost/yunohost/pull/1347)) From 38cff4a98e9d52668a7360b53e0e685cfd77b612 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Thu, 7 Oct 2021 11:24:46 +0200 Subject: [PATCH 21/25] Fix app url regex, branch names may contain dots --- src/yunohost/app.py | 2 +- src/yunohost/tests/test_appurl.py | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/yunohost/app.py b/src/yunohost/app.py index fe5281384..fb544cab2 100644 --- a/src/yunohost/app.py +++ b/src/yunohost/app.py @@ -79,7 +79,7 @@ re_app_instance_name = re.compile( ) APP_REPO_URL = re.compile( - r"^https://[a-zA-Z0-9-_.]+/[a-zA-Z0-9-_./]+/[a-zA-Z0-9-_.]+_ynh(/?(-/)?tree/[a-zA-Z0-9-_]+)?(\.git)?/?$" + r"^https://[a-zA-Z0-9-_.]+/[a-zA-Z0-9-_./]+/[a-zA-Z0-9-_.]+_ynh(/?(-/)?tree/[a-zA-Z0-9-_.]+)?(\.git)?/?$" ) APP_FILES_TO_COPY = [ diff --git a/src/yunohost/tests/test_appurl.py b/src/yunohost/tests/test_appurl.py index cf2c6c2c3..28f33d998 100644 --- a/src/yunohost/tests/test_appurl.py +++ b/src/yunohost/tests/test_appurl.py @@ -68,6 +68,7 @@ def test_repo_url_definition(): assert _is_app_repo_url( "https://gitlab.domainepublic.net/Neutrinet/neutrinet_ynh/-/tree/unstable" ) + assert _is_app_repo_url("https://github.com/YunoHost-Apps/foobar/tree/1.23.4") assert _is_app_repo_url("git@github.com:YunoHost-Apps/foobar_ynh.git") assert not _is_app_repo_url("github.com/YunoHost-Apps/foobar_ynh") From 0b2ef5d16fa2f3be229bdd3ae211390ff388ae7b Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Thu, 7 Oct 2021 18:31:59 +0200 Subject: [PATCH 22/25] Update changelog for 4.3.1.3 --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index f778e0e5d..def37d6b2 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +yunohost (4.3.1.3) testing; urgency=low + + - [fix] app: repo url branch names may contain dots (38cff4a9) + + -- Alexandre Aubin Thu, 07 Oct 2021 18:31:09 +0200 + yunohost (4.3.1.2) testing; urgency=low - [fix] apps: upgrade was broken because of typo ([#1350](https://github.com/YunoHost/yunohost/pull/1350)) From df02f898ee2ee5fe9260d0875e40dc490ec72926 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sat, 9 Oct 2021 00:32:49 +0200 Subject: [PATCH 23/25] [enh] Don't generate dnsmasq conf for .local domains --- data/hooks/conf_regen/43-dnsmasq | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/data/hooks/conf_regen/43-dnsmasq b/data/hooks/conf_regen/43-dnsmasq index f3bed7b04..687fc704f 100755 --- a/data/hooks/conf_regen/43-dnsmasq +++ b/data/hooks/conf_regen/43-dnsmasq @@ -32,6 +32,7 @@ do_pre_regen() { # add domain conf files for domain in $YNH_DOMAINS; do + [[ ! $domain =~ \.local$ ]] || continue export domain ynh_render_template "domain.tpl" "${dnsmasq_dir}/${domain}" done @@ -40,8 +41,10 @@ do_pre_regen() { conf_files=$(ls -1 /etc/dnsmasq.d \ | awk '/^[^\.]+\.[^\.]+.*$/ { print $1 }') for domain in $conf_files; do - [[ $YNH_DOMAINS =~ $domain ]] \ - || touch "${dnsmasq_dir}/${domain}" + if [[ ! $YNH_DOMAINS =~ $domain ]] && [[ ! $domain =~ \.local$ ]] + then + touch "${dnsmasq_dir}/${domain}" + fi done } From e521fef23d204570735b2cf97382deb9f72902a5 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sat, 9 Oct 2021 02:20:08 +0200 Subject: [PATCH 24/25] Fix typo in tests @_@ --- src/yunohost/tests/test_appurl.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/yunohost/tests/test_appurl.py b/src/yunohost/tests/test_appurl.py index 28f33d998..7b4c6e2e3 100644 --- a/src/yunohost/tests/test_appurl.py +++ b/src/yunohost/tests/test_appurl.py @@ -68,7 +68,7 @@ def test_repo_url_definition(): assert _is_app_repo_url( "https://gitlab.domainepublic.net/Neutrinet/neutrinet_ynh/-/tree/unstable" ) - assert _is_app_repo_url("https://github.com/YunoHost-Apps/foobar/tree/1.23.4") + assert _is_app_repo_url("https://github.com/YunoHost-Apps/foobar_ynh/tree/1.23.4") assert _is_app_repo_url("git@github.com:YunoHost-Apps/foobar_ynh.git") assert not _is_app_repo_url("github.com/YunoHost-Apps/foobar_ynh") From dab3dc6f370e262ed427a3459aebde35f4f92da6 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Mon, 11 Oct 2021 19:42:39 +0200 Subject: [PATCH 25/25] dovecot: add conf snippet to get rid of stupid stats-writer errors in mail.log --- data/templates/dovecot/dovecot.conf | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/data/templates/dovecot/dovecot.conf b/data/templates/dovecot/dovecot.conf index ee8511f83..c7e937979 100644 --- a/data/templates/dovecot/dovecot.conf +++ b/data/templates/dovecot/dovecot.conf @@ -78,6 +78,20 @@ service quota-warning { } } +service stats { + unix_listener stats-reader { + user = vmail + group = mail + mode = 0660 + } + + unix_listener stats-writer { + user = vmail + group = mail + mode = 0660 + } +} + plugin { sieve = /var/mail/sievescript/%n/.dovecot.sieve sieve_dir = /var/mail/sievescript/%n/scripts/