diff --git a/debian/changelog b/debian/changelog index 307dc4631..73b2d0683 100644 --- a/debian/changelog +++ b/debian/changelog @@ -25,6 +25,21 @@ yunohost (11.0.1~alpha) unstable; urgency=low -- Alexandre Aubin Fri, 05 Feb 2021 00:02:38 +0100 +yunohost (4.3.6) stable; urgency=low + + - [enh] ssh: add a new setting to manage PasswordAuthentication in sshd_config ([#1388](https://github.com/YunoHost/yunohost/pull/1388)) + - [enh] upgrades: filter more boring apt messages (3cc1a0a5) + - [fix] ynh_add_config: crons should be owned by root, otherwise they probably don't run? (0973301b) + - [fix] domains: force cert install during domain_add ([#1404](https://github.com/YunoHost/yunohost/pull/1404)) + - [fix] logs: remove 'args' for metadata, may contain unredacted secrets in edge cases + - [fix] helpers, apt: upgrade apt dependencies from extra repos ([#1407](https://github.com/YunoHost/yunohost/pull/1407)) + - [fix] diagnosis: incorrect dns check (relative vs absolute) for CNAME on subdomain (d81b85a4) + - [i18n] Translations updated for Dutch, French, Galician, German, Spanish, Ukrainian + + Thanks to all contributors <3 ! (Boudewijn, Christian Wehrli, Éric Gaspar, Germain Edy, José M, Kay0u, Kayou, ljf, Tagada, Tymofii-Lytvynenko) + + -- Alexandre Aubin Fri, 14 Jan 2022 01:29:58 +0100 + yunohost (4.3.5) stable; urgency=low - [fix] backup: bug in backup_delete when compress_tar_archives is True ([#1381](https://github.com/YunoHost/yunohost/pull/1381)) diff --git a/helpers/apt b/helpers/apt index ee352aebe..4a323262e 100644 --- a/helpers/apt +++ b/helpers/apt @@ -298,6 +298,24 @@ EOF if [[ -n "$specific_php_version" ]] then + # Set the default php version back as the default version for php-cli. + update-alternatives --set php /usr/bin/php$YNH_DEFAULT_PHP_VERSION + + local old_phpversion=$(ynh_app_setting_get --app=$app --key=phpversion) + + # If the PHP version changed, remove the old fpm conf + if [ -n "$old_phpversion" ] && [ "$old_phpversion" != "$specific_php_version" ]; then + local old_php_fpm_config_dir=$(ynh_app_setting_get --app=$app --key=fpm_config_dir) + local old_php_finalphpconf="$old_php_fpm_config_dir/pool.d/$app.conf" + + if [[ -f "$old_php_finalphpconf" ]] + then + ynh_backup_if_checksum_is_different --file="$old_php_finalphpconf" + ynh_remove_fpm_config + fi + fi + + # Store phpversion into the config of this app ynh_app_setting_set --app=$app --key=phpversion --value=$specific_php_version # Set the default php version back as the default version for php-cli. diff --git a/hooks/conf_regen/43-dnsmasq b/hooks/conf_regen/43-dnsmasq index 31f14a701..ec53d75bc 100755 --- a/hooks/conf_regen/43-dnsmasq +++ b/hooks/conf_regen/43-dnsmasq @@ -28,7 +28,7 @@ do_pre_regen() { interfaces="$(ip -j addr show | jq -r '[.[].ifname]|join(" ")')" wireless_interfaces="lo" for dev in $(ls /sys/class/net); do - if [ -d "/sys/class/net/$dev/wireless" ]; then + if [ -d "/sys/class/net/$dev/wireless" ] && grep -q "up" "/sys/class/net/$dev/operstate"; then wireless_interfaces+=" $dev" fi done diff --git a/locales/nl.json b/locales/nl.json index 038d18283..d9f4e7a93 100644 --- a/locales/nl.json +++ b/locales/nl.json @@ -40,7 +40,7 @@ "extracting": "Uitpakken...", "installation_complete": "Installatie voltooid", "mail_alias_remove_failed": "Kan mail-alias '{mail}' niet verwijderen", - "pattern_email": "Moet een geldig emailadres bevatten (bv. abc@example.org)", + "pattern_email": "Moet een geldig e-mailadres bevatten, zonder '+' symbool er in (bv. abc@example.org)", "pattern_mailbox_quota": "Mailbox quota moet een waarde bevatten met b/k/M/G/T erachter of 0 om geen quota in te stellen", "pattern_password": "Wachtwoord moet tenminste 3 karakters lang zijn", "port_already_closed": "Poort {port} is al gesloten voor {ip_version} verbindingen", @@ -129,5 +129,17 @@ "additional_urls_already_removed": "Extra URL '{url}' is al verwijderd in de extra URL voor privilege '{permission}'", "app_label_deprecated": "Dit commando is vervallen. Gebruik alsjeblieft het nieuwe commando 'yunohost user permission update' om het label van de app te beheren.", "app_change_url_no_script": "De app '{app_name}' ondersteunt nog geen URL-aanpassingen. Misschien wel na een upgrade.", - "app_upgrade_some_app_failed": "Sommige apps konden niet worden bijgewerkt" + "app_upgrade_some_app_failed": "Sommige apps konden niet worden bijgewerkt", + "other_available_options": "... en {n} andere beschikbare opties die niet getoond worden", + "password_listed": "Dit wachtwoord is een van de meest gebruikte wachtwoorden ter wereld. Kies alstublieft iets wat minder voor de hand ligt.", + "password_too_simple_4": "Het wachtwoord moet minimaal 12 tekens lang zijn en moet cijfers, hoofdletters, kleine letters en speciale tekens bevatten", + "pattern_email_forward": "Het moet een geldig e-mailadres zijn, '+' symbool is toegestaan (ikzelf@mijndomein.nl bijvoorbeeld, of ikzelf+yunohost@mijndomein.nl)", + "password_too_simple_2": "Het wachtwoord moet minimaal 8 tekens lang zijn en moet cijfers, hoofdletters en kleine letters bevatten", + "operation_interrupted": "Werd de bewerking handmatig onderbroken?", + "packages_upgrade_failed": "Niet alle pakketten konden bijgewerkt worden", + "pattern_backup_archive_name": "Moet een geldige bestandsnaam zijn van maximaal 30 tekens; alleen alfanumerieke tekens en -_. zijn toegestaan", + "pattern_domain": "Moet een geldige domeinnaam zijn (mijneigendomein.nl, bijvoorbeeld)", + "pattern_firstname": "Het moet een geldige voornaam zijn", + "pattern_lastname": "Het moet een geldige achternaam zijn", + "password_too_simple_3": "Het wachtwoord moet minimaal 8 tekens lang zijn en moet cijfers, hoofdletters, kleine letters en speciale tekens bevatten" } diff --git a/src/certificate.py b/src/certificate.py index ca3329539..a681d106b 100644 --- a/src/certificate.py +++ b/src/certificate.py @@ -852,14 +852,14 @@ def _check_domain_is_ready_for_ACME(domain): if is_yunohost_dyndns_domain(parent_domain): record_name = "@" - A_record_status = dnsrecords.get("data").get(f"A:{record_name}") - AAAA_record_status = dnsrecords.get("data").get(f"AAAA:{record_name}") + A_record_status = dnsrecords.get("data", {}).get(f"A:{record_name}") + AAAA_record_status = dnsrecords.get("data", {}).get(f"AAAA:{record_name}") # Fallback to wildcard in case no result yet for the DNS name? if not A_record_status: - A_record_status = dnsrecords.get("data").get("A:*") + A_record_status = dnsrecords.get("data", {}).get("A:*") if not AAAA_record_status: - AAAA_record_status = dnsrecords.get("data").get("AAAA:*") + AAAA_record_status = dnsrecords.get("data", {}).get("AAAA:*") if ( not httpreachable diff --git a/src/diagnosers/12-dnsrecords.py b/src/diagnosers/12-dnsrecords.py index 1fe3cf1f4..91fcf10fa 100644 --- a/src/diagnosers/12-dnsrecords.py +++ b/src/diagnosers/12-dnsrecords.py @@ -100,6 +100,8 @@ class MyDiagnoser(Diagnoser): r["current"] = self.get_current_record(fqdn, r["type"]) if r["value"] == "@": r["value"] = domain + "." + elif r["type"] == "CNAME": + r["value"] = r["value"] + f".{base_dns_zone}." if self.current_record_match_expected(r): results[id_] = "OK" diff --git a/src/migrations/0021_migrate_to_bullseye.py b/src/migrations/0021_migrate_to_bullseye.py index e47087976..58bb259f7 100644 --- a/src/migrations/0021_migrate_to_bullseye.py +++ b/src/migrations/0021_migrate_to_bullseye.py @@ -5,7 +5,7 @@ from moulinette import m18n from yunohost.utils.error import YunohostError from moulinette.utils.log import getActionLogger from moulinette.utils.process import check_output, call_async_output -from moulinette.utils.filesystem import read_file, rm +from moulinette.utils.filesystem import read_file, rm, write_to_file from yunohost.tools import ( Migration, @@ -81,6 +81,17 @@ class MyMigration(Migration): "echo 'libc6 libraries/restart-without-asking boolean true' | debconf-set-selections" ) + # Do not restart nginx during the upgrade of nginx-common and nginx-extras ... + # c.f. https://manpages.debian.org/bullseye/init-system-helpers/deb-systemd-invoke.1p.en.html + # and zcat /usr/share/doc/init-system-helpers/README.policy-rc.d.gz + # and the code inside /usr/bin/deb-systemd-invoke to see how it calls /usr/sbin/policy-rc.d ... + # and also invoke-rc.d ... + write_to_file( + '/usr/sbin/policy-rc.d', + '#!/bin/bash\n[[ "$1" =~ "nginx" ]] && [[ "$2" == "restart" ]] && exit 101 || exit 0' + ) + os.system("chmod +x /usr/sbin/policy-rc.d") + # Don't send an email to root about the postgresql migration. It should be handled automatically after. os.system( "echo 'postgresql-common postgresql-common/obsolete-major seen true' | debconf-set-selections" @@ -222,8 +233,6 @@ class MyMigration(Migration): "Failed to force the install of php dependencies ?", raw_msg=True ) - os.system(f"apt-mark auto {' '.join(basephp74packages_to_install)}") - # Clean the mess logger.info(m18n.n("migration_0021_cleaning_up")) os.system("apt autoremove --assume-yes") @@ -251,7 +260,13 @@ class MyMigration(Migration): raw_msg=True, ) - tools_upgrade(target="system") + + postupgradecmds = f"apt-mark auto {' '.join(basephp74packages_to_install)}\n" + postupgradecmds += "rm -f /usr/sbin/policy-rc.d\n" + postupgradecmds += "echo 'Restarting nginx...' >&2\n" + postupgradecmds += "systemctl restart nginx\n" + + tools_upgrade(target="system", postupgradecmds=postupgradecmds) def debian_major_version(self): # The python module "platform" and lsb_release are not reliable because diff --git a/src/tools.py b/src/tools.py index 7aa0fa42f..58358729a 100644 --- a/src/tools.py +++ b/src/tools.py @@ -552,10 +552,6 @@ def tools_upgrade( packages_list=", ".join(upgradables), ) ) - operation_logger.error(m18n.n("packages_upgrade_failed")) - raise YunohostError(m18n.n("packages_upgrade_failed")) - - # FIXME : add a dpkg --audit / check dpkg is broken here ? logger.success(m18n.n("system_upgraded")) operation_logger.success() @@ -575,6 +571,12 @@ def _apt_log_line_is_relevant(line): ", does not exist on system.", "unable to delete old directory", "update-alternatives:", + "Configuration file '/etc", + "==> Modified (by you or by a script) since installation.", + "==> Package distributor has shipped an updated version.", + "==> Keeping old config file as default.", + "is a disabled or a static unit", + " update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults", ] return line.rstrip() and all(i not in line.rstrip() for i in irrelevants)