From 6b04a4cae40ebee54ef10cf59e245d80ba2179a3 Mon Sep 17 00:00:00 2001 From: Dave Date: Mon, 2 Nov 2020 15:30:23 +0100 Subject: [PATCH 01/36] Define a new "yunohost app search" command --- data/actionsmap/yunohost.yml | 7 +++++++ src/yunohost/app.py | 17 +++++++++++++++++ 2 files changed, 24 insertions(+) diff --git a/data/actionsmap/yunohost.yml b/data/actionsmap/yunohost.yml index 5371d576d..acdd38a00 100644 --- a/data/actionsmap/yunohost.yml +++ b/data/actionsmap/yunohost.yml @@ -569,6 +569,13 @@ app: full: --with-categories help: Also return a list of app categories action: store_true + + ### app_search() + search: + action_help: Search installable apps + arguments: + string: + help: Return matching app name or description with "string" fetchlist: deprecated: true diff --git a/src/yunohost/app.py b/src/yunohost/app.py index 7d5d36c4d..5e8ac929b 100644 --- a/src/yunohost/app.py +++ b/src/yunohost/app.py @@ -104,6 +104,23 @@ def app_catalog(full=False, with_categories=False): return {"apps": catalog["apps"]} else: return {"apps": catalog["apps"], "categories": catalog["categories"]} + + +def app_search(string): + """ + Return a dict of apps whose description or name match the search string + """ + + # Retrieve a simple dict listing all apps + catalog_of_apps = app_catalog() + + # Selecting apps according to a match in app name or description + for app in catalog_of_apps["apps"].items(): + if not (re.search(string, app[0], flags=re.IGNORECASE) or + re.search(string, app[1]['description'], flags=re.IGNORECASE)): + del catalog_of_apps["apps"][app[0]] + + return catalog_of_apps # Old legacy function... From bfecb8b7dc23a1574e0dba15ec15edf86311d1b2 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sun, 22 Nov 2020 02:19:56 +0100 Subject: [PATCH 02/36] Support more complex errors (be able to return additional data in a json structure) --- src/yunohost/app.py | 2 +- src/yunohost/utils/error.py | 14 +++++++++++++- 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/src/yunohost/app.py b/src/yunohost/app.py index 076096eef..7a8fa695a 100644 --- a/src/yunohost/app.py +++ b/src/yunohost/app.py @@ -930,7 +930,7 @@ def app_install(operation_logger, app, label=None, args=None, no_remove_on_failu permission_sync_to_user() - raise YunohostError(failure_message_with_debug_instructions, raw_msg=True) + raise YunohostError(failure_message_with_debug_instructions, raw_msg=True, log_ref=operation_logger.name) # Clean hooks and add new ones hook_remove(app_instance_name) diff --git a/src/yunohost/utils/error.py b/src/yunohost/utils/error.py index f2486473b..78077b42a 100644 --- a/src/yunohost/utils/error.py +++ b/src/yunohost/utils/error.py @@ -32,11 +32,23 @@ class YunohostError(MoulinetteError): are translated via m18n.n (namespace) instead of m18n.g (global?) """ - def __init__(self, key, raw_msg=False, *args, **kwargs): + def __init__(self, key, raw_msg=False, log_ref=None, *args, **kwargs): self.key = key # Saving the key is useful for unit testing self.kwargs = kwargs # Saving the key is useful for unit testing + self.log_ref = log_ref if raw_msg: msg = key else: msg = m18n.n(key, *args, **kwargs) + super(YunohostError, self).__init__(msg, raw_msg=True) + + def content(self): + + if not self.log_ref: + return super(YunohostError, self).content() + else: + return { + "error": self.strerror, + "log_ref": self.log_ref + } From 11cef18ab9e7adccbd3c55ba1b9d0602245187d0 Mon Sep 17 00:00:00 2001 From: yalh76 Date: Tue, 1 Dec 2020 23:19:07 +0100 Subject: [PATCH 03/36] [enh] Adding composer helper --- data/helpers.d/php | 60 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) diff --git a/data/helpers.d/php b/data/helpers.d/php index 95cc15402..ad6683944 100644 --- a/data/helpers.d/php +++ b/data/helpers.d/php @@ -560,3 +560,63 @@ ynh_get_scalable_phpfpm () { fi fi } + +readonly YNH_DEFAULT_COMPOSER_VERSION=1.10.17 +# Declare the actual composer version to use. +# A packager willing to use another version of composer can override the variable into its _common.sh. +YNH_COMPOSER_VERSION=${YNH_COMPOSER_VERSION:-$YNH_DEFAULT_COMPOSER_VERSION} + +# Execute a command with Composer +# +# usage: ynh_composer_exec [--phpversion=phpversion] [--workdir=$final_path] --commands="commands" +# | arg: -v, --phpversion - PHP version to use with composer +# | arg: -w, --workdir - The directory from where the command will be executed. Default $final_path. +# | arg: -c, --commands - Commands to execute. +ynh_composer_exec () { + # Declare an array to define the options of this helper. + local legacy_args=vwc + declare -Ar args_array=( [v]=phpversion= [w]=workdir= [c]=commands= ) + local phpversion + local workdir + local commands + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + workdir="${workdir:-$final_path}" + phpversion="${phpversion:-$YNH_PHP_VERSION}" + + COMPOSER_HOME="$workdir/.composer" \ + php${phpversion} "$workdir/composer.phar" $commands \ + -d "$workdir" --quiet --no-interaction +} + +# Install and initialize Composer in the given directory +# +# usage: ynh_install_composer [--phpversion=phpversion] [--workdir=$final_path] [--install_args="--optimize-autoloader"] [--composerversion=composerversion] +# | arg: -v, --phpversion - PHP version to use with composer +# | arg: -w, --workdir - The directory from where the command will be executed. Default $final_path. +# | arg: -a, --install_args - Additional arguments provided to the composer install. Argument --no-dev already include +# | arg: -c, --composerversion - Composer version to install +ynh_install_composer () { + # Declare an array to define the options of this helper. + local legacy_args=vwac + declare -Ar args_array=( [v]=phpversion= [w]=workdir= [a]=install_args= [c]=composerversion=) + local phpversion + local workdir + local install_args + local composerversion + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + workdir="${workdir:-$final_path}" + phpversion="${phpversion:-$YNH_PHP_VERSION}" + install_args="${install_args:-}" + composerversion="${composerversion:-$YNH_COMPOSER_VERSION}" + + curl -sS https://getcomposer.org/installer \ + | COMPOSER_HOME="$workdir/.composer" \ + php${phpversion} -- --quiet --install-dir="$workdir" --version=$composerversion \ + || ynh_die "Unable to install Composer." + + # install dependencies + ynh_composer_exec --phpversion="${phpversion}" --workdir="$workdir" --commands="install --no-dev $install_args" \ + || ynh_die "Unable to install core dependencies with Composer." +} From d5efb06b6221bdb48d6ef343c91d834fb363a059 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Thu, 14 Jan 2021 11:21:07 +0100 Subject: [PATCH 04/36] Upgrade n to v7.0.0 --- data/helpers.d/nodejs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/helpers.d/nodejs b/data/helpers.d/nodejs index f84f908b4..2e1c787cf 100644 --- a/data/helpers.d/nodejs +++ b/data/helpers.d/nodejs @@ -1,6 +1,6 @@ #!/bin/bash -n_version=6.7.0 +n_version=7.0.0 n_install_dir="/opt/node_n" node_version_path="$n_install_dir/n/versions/node" # N_PREFIX is the directory of n, it needs to be loaded as a environment variable. @@ -18,7 +18,7 @@ ynh_install_n () { # Build an app.src for n mkdir --parents "../conf" echo "SOURCE_URL=https://github.com/tj/n/archive/v${n_version}.tar.gz -SOURCE_SUM=92e00fa86d1c4e8dc6ca8df7e75fc93afe8f71949890ef67c40555df4efc4abe" > "../conf/n.src" +SOURCE_SUM=2933855140f980fc6d1d6103ea07cd4d915b17dea5e17e43921330ea89978b5b" > "../conf/n.src" # Download and extract n ynh_setup_source --dest_dir="$n_install_dir/git" --source_id=n # Install n From 8b3ec8a1372d24404caf0067228db3d99242ebf1 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Thu, 21 Jan 2021 20:34:43 +0100 Subject: [PATCH 05/36] Diagnosis: report low total space for rootfs --- data/hooks/diagnosis/50-systemresources.py | 20 ++++++++++++++++++++ locales/en.json | 2 ++ 2 files changed, 22 insertions(+) diff --git a/data/hooks/diagnosis/50-systemresources.py b/data/hooks/diagnosis/50-systemresources.py index 30a2ad1f8..fdda2c2f0 100644 --- a/data/hooks/diagnosis/50-systemresources.py +++ b/data/hooks/diagnosis/50-systemresources.py @@ -103,6 +103,26 @@ class SystemResourcesDiagnoser(Diagnoser): yield item + # + # Check for minimal space on / + /var + # because some stupid VPS provider only configure a stupidly + # low amount of disk space for the root partition + # which later causes issue when it gets full... + # + + main_disk_partitions = [d for d in disk_partitions if d.mountpoint in ['/', '/var']] + main_space = sum([psutil.disk_usage(d.mountpoint).total for d in main_disk_partitions]) + if main_space < 10 * GB: + yield dict(meta={"test": "rootfstotalspace"}, + data={"space": human_size(main_space)}, + status="ERROR", + summary="diagnosis_rootfstotalspace_critical") + if main_space < 14 * GB: + yield dict(meta={"test": "rootfstotalspace"}, + data={"space": human_size(main_space)}, + status="WARNING", + summary="diagnosis_rootfstotalspace_warning") + # # Recent kills by oom_reaper # diff --git a/locales/en.json b/locales/en.json index dbaee0bdf..33efcda14 100644 --- a/locales/en.json +++ b/locales/en.json @@ -232,6 +232,8 @@ "diagnosis_regenconf_allgood": "All configurations files are in line with the recommended configuration!", "diagnosis_regenconf_manually_modified": "Configuration file {file} appears to have been manually modified.", "diagnosis_regenconf_manually_modified_details": "This is probably OK if you know what you're doing! YunoHost will stop updating this file automatically... But beware that YunoHost upgrades could contain important recommended changes. If you want to, you can inspect the differences with yunohost tools regen-conf {category} --dry-run --with-diff and force the reset to the recommended configuration with yunohost tools regen-conf {category} --force", + "diagnosis_rootfstotalspace_warning": "The root filesystem only has a total of {space}. This may be okay, but be careful because ultimately you may run out of disk space quickly... It's recommended to have at least 16 GB for the root filesystem.", + "diagnosis_rootfstotalspace_critical": "The root filesystem only has a total of {space} which is quite worrisome! You will likely run out of disk space very quickly! It's recommended to have at least 16 GB for the root filesystem.", "diagnosis_security_vulnerable_to_meltdown": "You appear vulnerable to the Meltdown criticial security vulnerability", "diagnosis_security_vulnerable_to_meltdown_details": "To fix this, you should upgrade your system and reboot to load the new linux kernel (or contact your server provider if this doesn't work). See https://meltdownattack.com/ for more infos.", "diagnosis_description_basesystem": "Base system", From fd61900352472af763b5511f65a0cbd4742bfe01 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Thu, 21 Jan 2021 20:53:07 +0100 Subject: [PATCH 06/36] Also complain about low rootfs total disk space during postinstall --- .gitlab/ci/install.gitlab-ci.yml | 2 +- .gitlab/ci/test.gitlab-ci.yml | 2 +- data/actionsmap/yunohost.yml | 4 ++++ locales/en.json | 1 + src/yunohost/tools.py | 11 ++++++++++- 5 files changed, 17 insertions(+), 3 deletions(-) diff --git a/.gitlab/ci/install.gitlab-ci.yml b/.gitlab/ci/install.gitlab-ci.yml index 1df4fc4b9..e2662e9e2 100644 --- a/.gitlab/ci/install.gitlab-ci.yml +++ b/.gitlab/ci/install.gitlab-ci.yml @@ -26,4 +26,4 @@ install-postinstall: script: - apt-get update -o Acquire::Retries=3 - DEBIAN_FRONTEND=noninteractive SUDO_FORCE_REMOVE=yes apt --assume-yes -o Dpkg::Options::="--force-confold" --allow-downgrades install ./$YNH_BUILD_DIR/*.deb - - yunohost tools postinstall -d domain.tld -p the_password --ignore-dyndns + - yunohost tools postinstall -d domain.tld -p the_password --ignore-dyndns --force-diskspace diff --git a/.gitlab/ci/test.gitlab-ci.yml b/.gitlab/ci/test.gitlab-ci.yml index 6cbb89d0c..a4ec77ee8 100644 --- a/.gitlab/ci/test.gitlab-ci.yml +++ b/.gitlab/ci/test.gitlab-ci.yml @@ -34,7 +34,7 @@ full-tests: PYTEST_ADDOPTS: "--color=yes" before_script: - *install_debs - - yunohost tools postinstall -d domain.tld -p the_password --ignore-dyndns + - yunohost tools postinstall -d domain.tld -p the_password --ignore-dyndns --force-diskspace script: - python3 -m pytest --cov=yunohost tests/ src/yunohost/tests/ --junitxml=report.xml needs: diff --git a/data/actionsmap/yunohost.yml b/data/actionsmap/yunohost.yml index 8eee048f2..fcc2c5e72 100644 --- a/data/actionsmap/yunohost.yml +++ b/data/actionsmap/yunohost.yml @@ -1416,6 +1416,10 @@ tools: --force-password: help: Use this if you really want to set a weak password action: store_true + --force-diskspace: + help: Use this if you really want to install Yunohost on a setup with less than 10 GB on the root filesystem + action: store_true + ### tools_update() update: diff --git a/locales/en.json b/locales/en.json index 33efcda14..931b1476b 100644 --- a/locales/en.json +++ b/locales/en.json @@ -508,6 +508,7 @@ "permission_require_account": "Permission {permission} only makes sense for users having an account, and therefore cannot be enabled for visitors.", "port_already_closed": "Port {port:d} is already closed for {ip_version:s} connections", "port_already_opened": "Port {port:d} is already opened for {ip_version:s} connections", + "postinstall_low_rootfsspace": "The root filesystem has a total space less than 10 GB, which is quite worrisome! You will likely run out of disk space very quickly! It's recommended to have at least 16GB for the root filesystem. If you want to install YunoHost despite this warning, re-run the postinstall with --force-diskspace", "regenconf_file_backed_up": "Configuration file '{conf}' backed up to '{backup}'", "regenconf_file_copy_failed": "Could not copy the new configuration file '{new}' to '{conf}'", "regenconf_file_kept_back": "The configuration file '{conf}' is expected to be deleted by regen-conf (category {category}) but was kept back.", diff --git a/src/yunohost/tools.py b/src/yunohost/tools.py index f01f6adb8..f7b2b91cb 100644 --- a/src/yunohost/tools.py +++ b/src/yunohost/tools.py @@ -229,7 +229,7 @@ def _detect_virt(): @is_unit_operation() def tools_postinstall(operation_logger, domain, password, ignore_dyndns=False, - force_password=False): + force_password=False, force_diskspace=False): """ YunoHost post-install @@ -242,6 +242,7 @@ def tools_postinstall(operation_logger, domain, password, ignore_dyndns=False, """ from yunohost.utils.password import assert_password_is_strong_enough from yunohost.domain import domain_main_domain + import psutil dyndns_provider = "dyndns.yunohost.org" @@ -249,6 +250,14 @@ def tools_postinstall(operation_logger, domain, password, ignore_dyndns=False, if os.path.isfile('/etc/yunohost/installed'): raise YunohostError('yunohost_already_installed') + # Check there's at least 10 GB on the rootfs... + disk_partitions = sorted(psutil.disk_partitions(), key=lambda k: k.mountpoint) + main_disk_partitions = [d for d in disk_partitions if d.mountpoint in ['/', '/var']] + main_space = sum([psutil.disk_usage(d.mountpoint).total for d in main_disk_partitions]) + GB = 1024**3 + if not force_diskspace and main_space < 10 * GB: + raise YunohostError("postinstall_low_rootfsspace") + # Check password if not force_password: assert_password_is_strong_enough("admin", password) From 15e47b2a2bfc2f24fa2a23b79cf799f1b6348cba Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Thu, 21 Jan 2021 21:24:42 +0100 Subject: [PATCH 07/36] yunohost log share --- data/actionsmap/yunohost.yml | 10 +++++++++- locales/ca.json | 2 +- locales/de.json | 2 +- locales/en.json | 2 +- locales/eo.json | 2 +- locales/es.json | 2 +- locales/fr.json | 2 +- locales/it.json | 2 +- locales/oc.json | 2 +- src/yunohost/log.py | 3 +++ 10 files changed, 20 insertions(+), 9 deletions(-) diff --git a/data/actionsmap/yunohost.yml b/data/actionsmap/yunohost.yml index 8eee048f2..549ac7111 100644 --- a/data/actionsmap/yunohost.yml +++ b/data/actionsmap/yunohost.yml @@ -1681,7 +1681,7 @@ log: default: 50 type: int --share: - help: Share the full log using yunopaste + help: (Deprecated, see yunohost log share) Share the full log using yunopaste action: store_true -i: full: --filter-irrelevant @@ -1692,6 +1692,14 @@ log: help: Include metadata about sub-operations of this operation... (e.g. initializing groups/permissions when installing an app) action: store_true + ### log_share() + share: + action_help: Share the full log on yunopaste (alias to display --share) + api: GET /logs/share + arguments: + path: + help: Log file to share + ############################# # Diagnosis # diff --git a/locales/ca.json b/locales/ca.json index 716ffce5f..d3188a9c0 100644 --- a/locales/ca.json +++ b/locales/ca.json @@ -201,7 +201,7 @@ "log_link_to_log": "El registre complet d'aquesta operació: «{desc}»", "log_help_to_get_log": "Per veure el registre de l'operació « {desc} », utilitzeu l'ordre « yunohost log display {name} »", "log_link_to_failed_log": "No s'ha pogut completar l'operació « {desc} ». Per obtenir ajuda, proveïu el registre complete de l'operació clicant aquí", - "log_help_to_get_failed_log": "No s'ha pogut completar l'operació « {desc} ». Per obtenir ajuda, compartiu el registre complete de l'operació utilitzant l'ordre « yunohost log display {name} --share »", + "log_help_to_get_failed_log": "No s'ha pogut completar l'operació « {desc} ». Per obtenir ajuda, compartiu el registre complete de l'operació utilitzant l'ordre « yunohost log share {name} »", "log_does_exists": "No hi ha cap registre per l'operació amb el nom« {log} », utilitzeu « yunohost log list » per veure tots els registre d'operació disponibles", "log_operation_unit_unclosed_properly": "L'operació no s'ha tancat de forma correcta", "log_app_change_url": "Canvia l'URL de l'aplicació « {} »", diff --git a/locales/de.json b/locales/de.json index 764ca2c1e..2b413a241 100644 --- a/locales/de.json +++ b/locales/de.json @@ -284,7 +284,7 @@ "good_practices_about_admin_password": "Sie sind nun dabei, ein neues Administrationspasswort zu definieren. Das Passwort sollte mindestens 8 Zeichen lang sein - obwohl es sinnvoll ist, ein längeres Passwort (z.B. eine Passphrase) und/oder eine Variation von Zeichen (Groß- und Kleinschreibung, Ziffern und Sonderzeichen) zu verwenden.", "log_corrupted_md_file": "Die mit Protokollen verknüpfte YAML-Metadatendatei ist beschädigt: '{md_file}\nFehler: {error}''", "global_settings_cant_serialize_settings": "Einstellungsdaten konnten nicht serialisiert werden, Grund: {reason:s}", - "log_help_to_get_failed_log": "Der Vorgang'{desc}' konnte nicht abgeschlossen werden. Bitte teile das vollständige Protokoll dieser Operation mit dem Befehl 'yunohost log display {name} --share', um Hilfe zu erhalten", + "log_help_to_get_failed_log": "Der Vorgang'{desc}' konnte nicht abgeschlossen werden. Bitte teile das vollständige Protokoll dieser Operation mit dem Befehl 'yunohost log share {name}', um Hilfe zu erhalten", "backup_no_uncompress_archive_dir": "Dieses unkomprimierte Archivverzeichnis gibt es nicht", "log_app_change_url": "Ändere die URL der Anwendung '{}'", "global_settings_setting_security_password_user_strength": "Stärke des Benutzerpassworts", diff --git a/locales/en.json b/locales/en.json index dbaee0bdf..28dabaacf 100644 --- a/locales/en.json +++ b/locales/en.json @@ -362,7 +362,7 @@ "log_link_to_log": "Full log of this operation: '{desc}'", "log_help_to_get_log": "To view the log of the operation '{desc}', use the command 'yunohost log display {name}'", "log_link_to_failed_log": "Could not complete the operation '{desc}'. Please provide the full log of this operation by clicking here to get help", - "log_help_to_get_failed_log": "The operation '{desc}' could not be completed. Please share the full log of this operation using the command 'yunohost log display {name} --share' to get help", + "log_help_to_get_failed_log": "The operation '{desc}' could not be completed. Please share the full log of this operation using the command 'yunohost log share {name}' to get help", "log_does_exists": "There is no operation log with the name '{log}', use 'yunohost log list' to see all available operation logs", "log_operation_unit_unclosed_properly": "Operation unit has not been closed properly", "log_app_change_url": "Change the URL of the '{}' app", diff --git a/locales/eo.json b/locales/eo.json index f093633a5..a89cb313b 100644 --- a/locales/eo.json +++ b/locales/eo.json @@ -295,7 +295,7 @@ "restore_extracting": "Eltirante bezonatajn dosierojn el la ar theivo…", "upnp_port_open_failed": "Ne povis malfermi havenon per UPnP", "log_app_upgrade": "Ĝisdatigu la aplikon '{}'", - "log_help_to_get_failed_log": "La operacio '{desc}' ne povis finiĝi. Bonvolu dividi la plenan ŝtipon de ĉi tiu operacio per la komando 'yunohost log display {name} --share' por akiri helpon", + "log_help_to_get_failed_log": "La operacio '{desc}' ne povis finiĝi. Bonvolu dividi la plenan ŝtipon de ĉi tiu operacio per la komando 'yunohost log share {name}' por akiri helpon", "migration_description_0002_migrate_to_tsig_sha256": "Plibonigu sekurecon de DynDNS TSIG-ĝisdatigoj per SHA-512 anstataŭ MD5", "port_already_closed": "Haveno {port:d} estas jam fermita por {ip_version:s} rilatoj", "hook_name_unknown": "Nekonata hoko-nomo '{name:s}'", diff --git a/locales/es.json b/locales/es.json index 21944c372..e9ccad7ae 100644 --- a/locales/es.json +++ b/locales/es.json @@ -408,7 +408,7 @@ "log_app_change_url": "Cambiar el URL de la aplicación «{}»", "log_operation_unit_unclosed_properly": "La unidad de operación no se ha cerrado correctamente", "log_does_exists": "No existe ningún registro de actividades con el nombre '{log}', ejecute 'yunohost log list' para ver todos los registros de actividades disponibles", - "log_help_to_get_failed_log": "No se pudo completar la operación «{desc}». Para obtener ayuda, comparta el registro completo de esta operación ejecutando la orden «yunohost log display {name} --share»", + "log_help_to_get_failed_log": "No se pudo completar la operación «{desc}». Para obtener ayuda, comparta el registro completo de esta operación ejecutando la orden «yunohost log share {name}»", "log_link_to_failed_log": "No se pudo completar la operación «{desc}». Para obtener ayuda, proporcione el registro completo de esta operación pulsando aquí", "log_help_to_get_log": "Para ver el registro de la operación «{desc}», ejecute la orden «yunohost log display {name}»", "log_link_to_log": "Registro completo de esta operación: «{desc}»", diff --git a/locales/fr.json b/locales/fr.json index 31c65d1cd..3d84914c3 100644 --- a/locales/fr.json +++ b/locales/fr.json @@ -280,7 +280,7 @@ "log_help_to_get_log": "Pour voir le journal de cette opération '{desc}', utilisez la commande 'yunohost log display {name}'", "log_link_to_failed_log": "L’opération '{desc}' a échoué ! Pour obtenir de l’aide, merci de partager le journal de l’opération en cliquant ici", "backup_php5_to_php7_migration_may_fail": "Impossible de convertir votre archive pour prendre en charge PHP 7, vous pourriez ne plus pouvoir restaurer vos applications PHP (cause : {error:s})", - "log_help_to_get_failed_log": "L’opération '{desc}' a échoué ! Pour obtenir de l’aide, merci de partager le journal de l’opération en utilisant la commande 'yunohost log display {name} --share'", + "log_help_to_get_failed_log": "L’opération '{desc}' a échoué ! Pour obtenir de l’aide, merci de partager le journal de l’opération en utilisant la commande 'yunohost log share {name}'", "log_does_exists": "Il n’y a pas de journal des opérations avec le nom '{log}', utilisez 'yunohost log list' pour voir tous les journaux d’opérations disponibles", "log_operation_unit_unclosed_properly": "L’opération ne s’est pas terminée correctement", "log_app_change_url": "Changer l’URL de l’application '{}'", diff --git a/locales/it.json b/locales/it.json index 9b5d18f1a..5615ac1b7 100644 --- a/locales/it.json +++ b/locales/it.json @@ -281,7 +281,7 @@ "log_help_to_get_log": "Per vedere il registro dell'operazione '{desc}', usa il comando 'yunohost log display {name}'", "global_settings_setting_security_postfix_compatibility": "Bilanciamento tra compatibilità e sicurezza per il server Postfix. Riguarda gli algoritmi di cifratura (e altri aspetti legati alla sicurezza)", "log_link_to_failed_log": "Impossibile completare l'operazione '{desc}'! Per ricevere aiuto, per favore fornisci il registro completo dell'operazione cliccando qui", - "log_help_to_get_failed_log": "L'operazione '{desc}' non può essere completata. Per ottenere aiuto, per favore condividi il registro completo dell'operazione utilizzando il comando 'yunohost log display {name} --share'", + "log_help_to_get_failed_log": "L'operazione '{desc}' non può essere completata. Per ottenere aiuto, per favore condividi il registro completo dell'operazione utilizzando il comando 'yunohost log share {name}'", "log_does_exists": "Non esiste nessun registro delle operazioni chiamato '{log}', usa 'yunohost log list' per vedere tutti i registri delle operazioni disponibili", "log_app_change_url": "Cambia l'URL dell'app '{}'", "log_app_install": "Installa l'app '{}'", diff --git a/locales/oc.json b/locales/oc.json index 17201fefe..5a2a9401e 100644 --- a/locales/oc.json +++ b/locales/oc.json @@ -303,7 +303,7 @@ "log_help_to_get_log": "Per veire lo jornal d’aquesta operacion « {desc} », utilizatz la comanda « yunohost log display {name} »", "backup_php5_to_php7_migration_may_fail": "Impossible de convertir vòstre archiu per prendre en carga PHP 7, la restauracion de vòstras aplicacions PHP pòt reüssir pas a restaurar vòstras aplicacions PHP (rason : {error:s})", "log_link_to_failed_log": "L’operacion « {desc} » a pas capitat ! Per obténer d’ajuda, mercés de fornir lo jornal complèt de l’operacion", - "log_help_to_get_failed_log": "L’operacion « {desc} » a pas reüssit ! Per obténer d’ajuda, mercés de partejar lo jornal d’audit complèt d’aquesta operacion en utilizant la comanda « yunohost log display {name} --share »", + "log_help_to_get_failed_log": "L’operacion « {desc} » a pas reüssit ! Per obténer d’ajuda, mercés de partejar lo jornal d’audit complèt d’aquesta operacion en utilizant la comanda « yunohost log share {name} »", "log_does_exists": "I a pas cap de jornal d’audit per l’operacion amb lo nom « {log} », utilizatz « yunohost log list » per veire totes los jornals d’operacion disponibles", "log_operation_unit_unclosed_properly": "L’operacion a pas acabat corrèctament", "log_app_change_url": "Cambiar l’URL de l’aplicacion « {} »", diff --git a/src/yunohost/log.py b/src/yunohost/log.py index 850680237..235084c19 100644 --- a/src/yunohost/log.py +++ b/src/yunohost/log.py @@ -282,6 +282,9 @@ def log_display(path, number=None, share=False, filter_irrelevant=False, with_su return infos +def log_share(path): + return log_display(path, share=True) + def is_unit_operation(entities=['app', 'domain', 'group', 'service', 'user'], exclude=['password'], operation_key=None): From e22168a98d301701e85f53c3d944dd966760ee9d Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Thu, 21 Jan 2021 21:35:37 +0100 Subject: [PATCH 08/36] log display -> log show (+ fix API route) --- data/actionsmap/yunohost.yml | 10 ++++++---- locales/ca.json | 2 +- locales/de.json | 2 +- locales/en.json | 2 +- locales/eo.json | 2 +- locales/es.json | 2 +- locales/fr.json | 2 +- locales/it.json | 2 +- locales/nb_NO.json | 2 +- locales/oc.json | 2 +- src/yunohost/log.py | 4 ++-- 11 files changed, 17 insertions(+), 15 deletions(-) diff --git a/data/actionsmap/yunohost.yml b/data/actionsmap/yunohost.yml index 549ac7111..a20e04ba4 100644 --- a/data/actionsmap/yunohost.yml +++ b/data/actionsmap/yunohost.yml @@ -1668,10 +1668,12 @@ log: help: Include metadata about operations that are not the main operation but are sub-operations triggered by another ongoing operation... (e.g. initializing groups/permissions when installing an app) action: store_true - ### log_display() - display: + ### log_show() + show: action_help: Display a log content - api: GET /logs/display + api: GET /logs/ + deprecated_alias: + - display arguments: path: help: Log file which to display the content @@ -1694,7 +1696,7 @@ log: ### log_share() share: - action_help: Share the full log on yunopaste (alias to display --share) + action_help: Share the full log on yunopaste (alias to show --share) api: GET /logs/share arguments: path: diff --git a/locales/ca.json b/locales/ca.json index d3188a9c0..ce23d7212 100644 --- a/locales/ca.json +++ b/locales/ca.json @@ -199,7 +199,7 @@ "log_corrupted_md_file": "El fitxer de metadades YAML associat amb els registres està malmès: « {md_file} »\nError: {error}", "log_category_404": "La categoria de registres « {category} » no existeix", "log_link_to_log": "El registre complet d'aquesta operació: «{desc}»", - "log_help_to_get_log": "Per veure el registre de l'operació « {desc} », utilitzeu l'ordre « yunohost log display {name} »", + "log_help_to_get_log": "Per veure el registre de l'operació « {desc} », utilitzeu l'ordre « yunohost log show {name}{name} »", "log_link_to_failed_log": "No s'ha pogut completar l'operació « {desc} ». Per obtenir ajuda, proveïu el registre complete de l'operació clicant aquí", "log_help_to_get_failed_log": "No s'ha pogut completar l'operació « {desc} ». Per obtenir ajuda, compartiu el registre complete de l'operació utilitzant l'ordre « yunohost log share {name} »", "log_does_exists": "No hi ha cap registre per l'operació amb el nom« {log} », utilitzeu « yunohost log list » per veure tots els registre d'operació disponibles", diff --git a/locales/de.json b/locales/de.json index 2b413a241..efc25f7c5 100644 --- a/locales/de.json +++ b/locales/de.json @@ -269,7 +269,7 @@ "global_settings_unknown_setting_from_settings_file": "Unbekannter Schlüssel in den Einstellungen: '{setting_key:s}', verwerfen und speichern in /etc/yunohost/settings-unknown.json", "log_link_to_log": "Vollständiges Log dieser Operation: '{desc}'", "global_settings_setting_example_bool": "Beispiel einer booleschen Option", - "log_help_to_get_log": "Um das Protokoll der Operation '{desc}' anzuzeigen, verwende den Befehl 'yunohost log display {name}'", + "log_help_to_get_log": "Um das Protokoll der Operation '{desc}' anzuzeigen, verwende den Befehl 'yunohost log show {name}{name}'", "global_settings_setting_security_nginx_compatibility": "Kompatibilität vs. Sicherheitskompromiss für den Webserver NGINX. Beeinflusst die Chiffren (und andere sicherheitsrelevante Aspekte)", "backup_php5_to_php7_migration_may_fail": "Dein Archiv konnte nicht für PHP 7 konvertiert werden, Du kannst deine PHP-Anwendungen möglicherweise nicht wiederherstellen (Grund: {error:s})", "global_settings_setting_service_ssh_allow_deprecated_dsa_hostkey": "Erlaubt die Verwendung eines (veralteten) DSA-Hostkeys für die SSH-Daemon-Konfiguration", diff --git a/locales/en.json b/locales/en.json index 28dabaacf..9c96261f4 100644 --- a/locales/en.json +++ b/locales/en.json @@ -360,7 +360,7 @@ "iptables_unavailable": "You cannot play with iptables here. You are either in a container or your kernel does not support it", "log_corrupted_md_file": "The YAML metadata file associated with logs is damaged: '{md_file}\nError: {error}'", "log_link_to_log": "Full log of this operation: '{desc}'", - "log_help_to_get_log": "To view the log of the operation '{desc}', use the command 'yunohost log display {name}'", + "log_help_to_get_log": "To view the log of the operation '{desc}', use the command 'yunohost log show {name}{name}'", "log_link_to_failed_log": "Could not complete the operation '{desc}'. Please provide the full log of this operation by clicking here to get help", "log_help_to_get_failed_log": "The operation '{desc}' could not be completed. Please share the full log of this operation using the command 'yunohost log share {name}' to get help", "log_does_exists": "There is no operation log with the name '{log}', use 'yunohost log list' to see all available operation logs", diff --git a/locales/eo.json b/locales/eo.json index a89cb313b..de301845d 100644 --- a/locales/eo.json +++ b/locales/eo.json @@ -397,7 +397,7 @@ "password_too_simple_4": "La pasvorto bezonas almenaŭ 12 signojn kaj enhavas ciferon, majuskle, pli malaltan kaj specialajn signojn", "migration_0003_main_upgrade": "Komencanta ĉefa ĝisdatigo …", "regenconf_file_updated": "Agordodosiero '{conf}' ĝisdatigita", - "log_help_to_get_log": "Por vidi la protokolon de la operacio '{desc}', uzu la komandon 'yunohost log display {name}'", + "log_help_to_get_log": "Por vidi la protokolon de la operacio '{desc}', uzu la komandon 'yunohost log show {name}{name}'", "global_settings_setting_security_nginx_compatibility": "Kongruo vs sekureca kompromiso por la TTT-servilo NGINX. Afektas la ĉifradojn (kaj aliajn aspektojn pri sekureco)", "no_internet_connection": "La servilo ne estas konektita al la interreto", "migration_0008_dsa": "• La DSA-ŝlosilo estos malŝaltita. Tial vi eble bezonos nuligi spuran averton de via SSH-kliento kaj revizii la fingrospuron de via servilo;", diff --git a/locales/es.json b/locales/es.json index e9ccad7ae..ed02e9802 100644 --- a/locales/es.json +++ b/locales/es.json @@ -410,7 +410,7 @@ "log_does_exists": "No existe ningún registro de actividades con el nombre '{log}', ejecute 'yunohost log list' para ver todos los registros de actividades disponibles", "log_help_to_get_failed_log": "No se pudo completar la operación «{desc}». Para obtener ayuda, comparta el registro completo de esta operación ejecutando la orden «yunohost log share {name}»", "log_link_to_failed_log": "No se pudo completar la operación «{desc}». Para obtener ayuda, proporcione el registro completo de esta operación pulsando aquí", - "log_help_to_get_log": "Para ver el registro de la operación «{desc}», ejecute la orden «yunohost log display {name}»", + "log_help_to_get_log": "Para ver el registro de la operación «{desc}», ejecute la orden «yunohost log show {name}{name}»", "log_link_to_log": "Registro completo de esta operación: «{desc}»", "log_category_404": "La categoría de registro «{category}» no existe", "log_corrupted_md_file": "El archivo de metadatos YAML asociado con el registro está dañado: «{md_file}\nError: {error}»", diff --git a/locales/fr.json b/locales/fr.json index 3d84914c3..510528875 100644 --- a/locales/fr.json +++ b/locales/fr.json @@ -277,7 +277,7 @@ "log_corrupted_md_file": "Le fichier YAML de métadonnées associé aux logs est corrompu : '{md_file}'\nErreur : {error}", "log_category_404": "Le journal de la catégorie '{category}' n’existe pas", "log_link_to_log": "Journal complet de cette opération : ' {desc} '", - "log_help_to_get_log": "Pour voir le journal de cette opération '{desc}', utilisez la commande 'yunohost log display {name}'", + "log_help_to_get_log": "Pour voir le journal de cette opération '{desc}', utilisez la commande 'yunohost log show {name}{name}'", "log_link_to_failed_log": "L’opération '{desc}' a échoué ! Pour obtenir de l’aide, merci de partager le journal de l’opération en cliquant ici", "backup_php5_to_php7_migration_may_fail": "Impossible de convertir votre archive pour prendre en charge PHP 7, vous pourriez ne plus pouvoir restaurer vos applications PHP (cause : {error:s})", "log_help_to_get_failed_log": "L’opération '{desc}' a échoué ! Pour obtenir de l’aide, merci de partager le journal de l’opération en utilisant la commande 'yunohost log share {name}'", diff --git a/locales/it.json b/locales/it.json index 5615ac1b7..ab974428f 100644 --- a/locales/it.json +++ b/locales/it.json @@ -278,7 +278,7 @@ "log_corrupted_md_file": "Il file dei metadati YAML associato con i registri è danneggiato: '{md_file}'\nErrore: {error}", "log_category_404": "La categoria di registrazione '{category}' non esiste", "log_link_to_log": "Registro completo di questa operazione: '{desc}'", - "log_help_to_get_log": "Per vedere il registro dell'operazione '{desc}', usa il comando 'yunohost log display {name}'", + "log_help_to_get_log": "Per vedere il registro dell'operazione '{desc}', usa il comando 'yunohost log show {name}{name}'", "global_settings_setting_security_postfix_compatibility": "Bilanciamento tra compatibilità e sicurezza per il server Postfix. Riguarda gli algoritmi di cifratura (e altri aspetti legati alla sicurezza)", "log_link_to_failed_log": "Impossibile completare l'operazione '{desc}'! Per ricevere aiuto, per favore fornisci il registro completo dell'operazione cliccando qui", "log_help_to_get_failed_log": "L'operazione '{desc}' non può essere completata. Per ottenere aiuto, per favore condividi il registro completo dell'operazione utilizzando il comando 'yunohost log share {name}'", diff --git a/locales/nb_NO.json b/locales/nb_NO.json index 07695ec3d..66cefad04 100644 --- a/locales/nb_NO.json +++ b/locales/nb_NO.json @@ -132,7 +132,7 @@ "domain_dyndns_already_subscribed": "Du har allerede abonnement på et DynDNS-domene", "log_category_404": "Loggkategorien '{category}' finnes ikke", "log_link_to_log": "Full logg for denne operasjonen: '{desc}'", - "log_help_to_get_log": "For å vise loggen for operasjonen '{desc}', bruk kommandoen 'yunohost log display {name}'", + "log_help_to_get_log": "For å vise loggen for operasjonen '{desc}', bruk kommandoen 'yunohost log show {name}{name}'", "log_user_create": "Legg til '{}' bruker", "app_change_url_success": "{app:s} nettadressen er nå {domain:s}{path:s}", "app_install_failed": "Kunne ikke installere {app}: {error}" diff --git a/locales/oc.json b/locales/oc.json index 5a2a9401e..68d142f2b 100644 --- a/locales/oc.json +++ b/locales/oc.json @@ -300,7 +300,7 @@ "log_corrupted_md_file": "Lo fichièr YAML de metadonadas ligat als jornals d’audit es damatjat : « {md_file} »\nError : {error:s}", "log_category_404": "La categoria de jornals d’audit « {category} » existís pas", "log_link_to_log": "Jornal complèt d’aquesta operacion : {desc}", - "log_help_to_get_log": "Per veire lo jornal d’aquesta operacion « {desc} », utilizatz la comanda « yunohost log display {name} »", + "log_help_to_get_log": "Per veire lo jornal d’aquesta operacion « {desc} », utilizatz la comanda « yunohost log show {name}{name} »", "backup_php5_to_php7_migration_may_fail": "Impossible de convertir vòstre archiu per prendre en carga PHP 7, la restauracion de vòstras aplicacions PHP pòt reüssir pas a restaurar vòstras aplicacions PHP (rason : {error:s})", "log_link_to_failed_log": "L’operacion « {desc} » a pas capitat ! Per obténer d’ajuda, mercés de fornir lo jornal complèt de l’operacion", "log_help_to_get_failed_log": "L’operacion « {desc} » a pas reüssit ! Per obténer d’ajuda, mercés de partejar lo jornal d’audit complèt d’aquesta operacion en utilizant la comanda « yunohost log share {name} »", diff --git a/src/yunohost/log.py b/src/yunohost/log.py index 235084c19..9159d4117 100644 --- a/src/yunohost/log.py +++ b/src/yunohost/log.py @@ -130,7 +130,7 @@ def log_list(limit=None, with_details=False, with_suboperations=False): return {"operation": operations} -def log_display(path, number=None, share=False, filter_irrelevant=False, with_suboperations=False): +def log_show(path, number=None, share=False, filter_irrelevant=False, with_suboperations=False): """ Display a log file enriched with metadata if any. @@ -283,7 +283,7 @@ def log_display(path, number=None, share=False, filter_irrelevant=False, with_su return infos def log_share(path): - return log_display(path, share=True) + return log_show(path, share=True) def is_unit_operation(entities=['app', 'domain', 'group', 'service', 'user'], From c7b55cdfad8dbb89b7e152aeae269f4845741bfd Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Thu, 21 Jan 2021 22:30:31 +0100 Subject: [PATCH 09/36] migrations migrate -> migrations run --- data/actionsmap/yunohost.yml | 6 ++++-- debian/postinst | 2 +- locales/ca.json | 2 +- locales/en.json | 2 +- locales/eo.json | 2 +- locales/es.json | 2 +- locales/fr.json | 2 +- locales/it.json | 2 +- locales/oc.json | 2 +- src/yunohost/tools.py | 2 +- 10 files changed, 13 insertions(+), 11 deletions(-) diff --git a/data/actionsmap/yunohost.yml b/data/actionsmap/yunohost.yml index a20e04ba4..1f1109dde 100644 --- a/data/actionsmap/yunohost.yml +++ b/data/actionsmap/yunohost.yml @@ -1519,9 +1519,11 @@ tools: action: store_true ### tools_migrations_migrate() - migrate: + run: action_help: Run migrations - api: POST /migrations/migrate + api: POST /migrations/run + deprecated_alias: + - migrate arguments: targets: help: Migrations to run (all pendings by default) diff --git a/debian/postinst b/debian/postinst index 4b43b2506..7a0371dc2 100644 --- a/debian/postinst +++ b/debian/postinst @@ -15,7 +15,7 @@ do_configure() { yunohost tools regen-conf --output-as none echo "Launching migrations..." - yunohost tools migrations migrate --auto + yunohost tools migrations run --auto echo "Re-diagnosing server health..." yunohost diagnosis run --force diff --git a/locales/ca.json b/locales/ca.json index ce23d7212..7924193d0 100644 --- a/locales/ca.json +++ b/locales/ca.json @@ -292,7 +292,7 @@ "migrations_migration_has_failed": "La migració {id} ha fallat, cancel·lant. Error: {exception}", "migrations_no_migrations_to_run": "No hi ha cap migració a fer", "migrations_skip_migration": "Saltant migració {id}...", - "migrations_to_be_ran_manually": "La migració {id} s'ha de fer manualment. Aneu a Eines → Migracions a la interfície admin, o executeu «yunohost tools migrations migrate».", + "migrations_to_be_ran_manually": "La migració {id} s'ha de fer manualment. Aneu a Eines → Migracions a la interfície admin, o executeu «yunohost tools migrations run».", "migrations_need_to_accept_disclaimer": "Per fer la migració {id}, heu d'acceptar aquesta clàusula de no responsabilitat:\n---\n{disclaimer}\n---\nSi accepteu fer la migració, torneu a executar l'ordre amb l'opció «--accept-disclaimer».", "no_internet_connection": "El servidor no està connectat a Internet", "not_enough_disk_space": "No hi ha prou espai en «{path:s}»", diff --git a/locales/en.json b/locales/en.json index 9c96261f4..629907bb7 100644 --- a/locales/en.json +++ b/locales/en.json @@ -467,7 +467,7 @@ "migrations_running_forward": "Running migration {id}...", "migrations_skip_migration": "Skipping migration {id}...", "migrations_success_forward": "Migration {id} completed", - "migrations_to_be_ran_manually": "Migration {id} has to be run manually. Please go to Tools → Migrations on the webadmin page, or run `yunohost tools migrations migrate`.", + "migrations_to_be_ran_manually": "Migration {id} has to be run manually. Please go to Tools → Migrations on the webadmin page, or run `yunohost tools migrations run`.", "not_enough_disk_space": "Not enough free space on '{path:s}'", "invalid_number": "Must be a number", "operation_interrupted": "The operation was manually interrupted?", diff --git a/locales/eo.json b/locales/eo.json index de301845d..1a27831f2 100644 --- a/locales/eo.json +++ b/locales/eo.json @@ -358,7 +358,7 @@ "dyndns_registration_failed": "Ne povis registri DynDNS-domajnon: {error:s}", "migration_0003_not_jessie": "La nuna Debian-distribuo ne estas Jessie!", "user_unknown": "Nekonata uzanto: {user:s}", - "migrations_to_be_ran_manually": "Migrado {id} devas funkcii permane. Bonvolu iri al Iloj → Migradoj en la retpaĝa paĝo, aŭ kuri `yunohost tools migrations migrate`.", + "migrations_to_be_ran_manually": "Migrado {id} devas funkcii permane. Bonvolu iri al Iloj → Migradoj en la retpaĝa paĝo, aŭ kuri `yunohost tools migrations run`.", "migration_0008_warning": "Se vi komprenas tiujn avertojn kaj volas ke YunoHost preterlasu vian nunan agordon, faru la migradon. Alie, vi ankaŭ povas salti la migradon, kvankam ĝi ne rekomendas.", "certmanager_cert_renew_success": "Ni Ĉifru atestilon renovigitan por la domajno '{domain:s}'", "global_settings_reset_success": "Antaŭaj agordoj nun estas rezervitaj al {path:s}", diff --git a/locales/es.json b/locales/es.json index ed02e9802..cfcca071f 100644 --- a/locales/es.json +++ b/locales/es.json @@ -303,7 +303,7 @@ "permission_created": "Creado el permiso «{permission:s}»", "permission_already_exist": "El permiso «{permission}» ya existe", "pattern_password_app": "Las contraseñas no pueden incluir los siguientes caracteres: {forbidden_chars}", - "migrations_to_be_ran_manually": "La migración {id} hay que ejecutarla manualmente. Vaya a Herramientas → Migraciones en la página web de administración o ejecute `yunohost tools migrations migrate`.", + "migrations_to_be_ran_manually": "La migración {id} hay que ejecutarla manualmente. Vaya a Herramientas → Migraciones en la página web de administración o ejecute `yunohost tools migrations run`.", "migrations_success_forward": "Migración {id} completada", "migrations_skip_migration": "Omitiendo migración {id}…", "migrations_running_forward": "Ejecutando migración {id}…", diff --git a/locales/fr.json b/locales/fr.json index 510528875..b65268fb7 100644 --- a/locales/fr.json +++ b/locales/fr.json @@ -256,7 +256,7 @@ "app_upgrade_app_name": "Mise à jour de {app}...", "backup_output_symlink_dir_broken": "Votre répertoire d’archivage '{path:s}' est un lien symbolique brisé. Peut-être avez-vous oublié de re/monter ou de brancher le support de stockage sur lequel il pointe.", "migrations_list_conflict_pending_done": "Vous ne pouvez pas utiliser --previous et --done simultanément.", - "migrations_to_be_ran_manually": "La migration {id} doit être lancée manuellement. Veuillez aller dans Outils > Migrations dans l’interface admin, ou lancer `yunohost tools migrations migrate`.", + "migrations_to_be_ran_manually": "La migration {id} doit être lancée manuellement. Veuillez aller dans Outils > Migrations dans l’interface admin, ou lancer `yunohost tools migrations run`.", "migrations_need_to_accept_disclaimer": "Pour lancer la migration {id}, vous devez accepter cet avertissement :\n---\n{disclaimer}\n---\nSi vous acceptez de lancer la migration, veuillez relancer la commande avec l’option --accept-disclaimer.", "service_description_avahi-daemon": "Vous permet d’atteindre votre serveur en utilisant « yunohost.local » sur votre réseau local", "service_description_dnsmasq": "Gère la résolution des noms de domaine (DNS)", diff --git a/locales/it.json b/locales/it.json index ab974428f..29f1db1e9 100644 --- a/locales/it.json +++ b/locales/it.json @@ -531,7 +531,7 @@ "pattern_email_forward": "Dev'essere un indirizzo mail valido, simbolo '+' accettato (es: tizio+tag@example.com)", "operation_interrupted": "L'operazione è stata interrotta manualmente?", "invalid_number": "Dev'essere un numero", - "migrations_to_be_ran_manually": "Migrazione {id} dev'essere eseguita manualmente. Vai in Strumenti → Migrazioni nella pagina webadmin, o esegui `yunohost tools migrations migrate`.", + "migrations_to_be_ran_manually": "Migrazione {id} dev'essere eseguita manualmente. Vai in Strumenti → Migrazioni nella pagina webadmin, o esegui `yunohost tools migrations run`.", "migrations_success_forward": "Migrazione {id} completata", "migrations_skip_migration": "Salto migrazione {id}...", "migrations_running_forward": "Eseguo migrazione {id}...", diff --git a/locales/oc.json b/locales/oc.json index 68d142f2b..07d841579 100644 --- a/locales/oc.json +++ b/locales/oc.json @@ -281,7 +281,7 @@ "migration_0003_problematic_apps_warning": "Notatz que las aplicacions seguentas, saique problematicas, son estadas desactivadas. Semblan d’aver estadas installadas d’una lista d’aplicacions o que son pas marcadas coma «working ». En consequéncia, podèm pas assegurar que tendràn de foncionar aprèp la mesa a nivèl : {problematic_apps}", "migrations_migration_has_failed": "La migracion {id} a pas capitat, abandon. Error : {exception}", "migrations_skip_migration": "Passatge de la migracion {id}…", - "migrations_to_be_ran_manually": "La migracion {id} deu èsser lançada manualament. Mercés d’anar a Aisinas > Migracion dins l’interfàcia admin, o lançar « yunohost tools migrations migrate ».", + "migrations_to_be_ran_manually": "La migracion {id} deu èsser lançada manualament. Mercés d’anar a Aisinas > Migracion dins l’interfàcia admin, o lançar « yunohost tools migrations run ».", "migrations_need_to_accept_disclaimer": "Per lançar la migracion {id} , avètz d’acceptar aquesta clausa de non-responsabilitat :\n---\n{disclaimer}\n---\nS’acceptatz de lançar la migracion, mercés de tornar executar la comanda amb l’opcion accept-disclaimer.", "pattern_backup_archive_name": "Deu èsser un nom de fichièr valid compausat de 30 caractèrs alfanumerics al maximum e « -_. »", "service_description_dovecot": "permet als clients de messatjariá d’accedir/recuperar los corrièls (via IMAP e POP3)", diff --git a/src/yunohost/tools.py b/src/yunohost/tools.py index f01f6adb8..f5d79a667 100644 --- a/src/yunohost/tools.py +++ b/src/yunohost/tools.py @@ -641,7 +641,7 @@ def tools_upgrade(operation_logger, apps=None, system=False, allow_yunohost_upgr # # Here we use a dirty hack to run a command after the current # "yunohost tools upgrade", because the upgrade of yunohost - # will also trigger other yunohost commands (e.g. "yunohost tools migrations migrate") + # will also trigger other yunohost commands (e.g. "yunohost tools migrations run") # (also the upgrade of the package, if executed from the webadmin, is # likely to kill/restart the api which is in turn likely to kill this # command before it ends...) From 9971c1751b8340dfb3c2be957cc6089cb873d524 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Thu, 21 Jan 2021 22:49:40 +0100 Subject: [PATCH 10/36] Abort postinstall if /etc/yunohost/apps ain't empty --- src/yunohost/tools.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/yunohost/tools.py b/src/yunohost/tools.py index f01f6adb8..da88560c3 100644 --- a/src/yunohost/tools.py +++ b/src/yunohost/tools.py @@ -249,6 +249,9 @@ def tools_postinstall(operation_logger, domain, password, ignore_dyndns=False, if os.path.isfile('/etc/yunohost/installed'): raise YunohostError('yunohost_already_installed') + if os.path.isdir("/etc/yunohost/apps") and os.listdir("/etc/yunohost/apps") != []: + raise YunohostError("It looks like you're trying to re-postinstall a system that was already working previously ... If you recently had some bug or issues with your installation, please first discuss with the team on how to fix the situation instead of savagely re-running the postinstall ...", raw_msg=True) + # Check password if not force_password: assert_password_is_strong_enough("admin", password) From 1fdccb7c7a0d2a603ca15b7ae445f5125d3dede4 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Thu, 21 Jan 2021 23:30:15 +0100 Subject: [PATCH 11/36] Forgot to rename function #oopsies --- data/actionsmap/yunohost.yml | 2 +- src/yunohost/tools.py | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/data/actionsmap/yunohost.yml b/data/actionsmap/yunohost.yml index 1f1109dde..a4f27ee18 100644 --- a/data/actionsmap/yunohost.yml +++ b/data/actionsmap/yunohost.yml @@ -1518,7 +1518,7 @@ tools: help: list only migrations already performed action: store_true - ### tools_migrations_migrate() + ### tools_migrations_run() run: action_help: Run migrations api: POST /migrations/run diff --git a/src/yunohost/tools.py b/src/yunohost/tools.py index f5d79a667..bdef71cee 100644 --- a/src/yunohost/tools.py +++ b/src/yunohost/tools.py @@ -792,7 +792,7 @@ def tools_migrations_list(pending=False, done=False): return {"migrations": migrations} -def tools_migrations_migrate(targets=[], skip=False, auto=False, force_rerun=False, accept_disclaimer=False): +def tools_migrations_run(targets=[], skip=False, auto=False, force_rerun=False, accept_disclaimer=False): """ Perform migrations From 3e290d5c37163f09969f0dd38df144bb12824086 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Thu, 21 Jan 2021 23:55:37 +0100 Subject: [PATCH 12/36] Prevent the installation of apache2 ... --- data/hooks/conf_regen/10-apt | 25 +++++++++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/data/hooks/conf_regen/10-apt b/data/hooks/conf_regen/10-apt index 09789470b..10406708d 100755 --- a/data/hooks/conf_regen/10-apt +++ b/data/hooks/conf_regen/10-apt @@ -15,6 +15,31 @@ Package: $package Pin: origin \"packages.sury.org\" Pin-Priority: -1" >> "${pending_dir}/etc/apt/preferences.d/extra_php_version" done + + echo " +# Yes ! +# This is what's preventing you from installing apache2 ! +# +# Maybe take two fucking minutes to realize that if you try to install +# apache2, this will break nginx and break the entire YunoHost ecosystem. +# on your server. +# +# So, *NO* +# DO NOT do this. +# DO NOT remove these lines. +# +# I warned you. I WARNED YOU! But did you listen to me? +# Oooooh, noooo. You knew it all, didn't you? + +Package: apache2 +Pin: release * +Pin-Priority: -1 + +Package: apache2-bin +Pin: release * +Pin-Priority: -1 +" >> "${pending_dir}/etc/apt/preferences.d/forbid_apache2" + } do_post_regen() { From 148bfdac0d2a8deb1d3f4447aa06cb118df42ca8 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Thu, 21 Jan 2021 23:59:22 +0100 Subject: [PATCH 13/36] Also ban bind9 --- data/hooks/conf_regen/10-apt | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/data/hooks/conf_regen/10-apt b/data/hooks/conf_regen/10-apt index 10406708d..bb5caf67f 100755 --- a/data/hooks/conf_regen/10-apt +++ b/data/hooks/conf_regen/10-apt @@ -38,7 +38,15 @@ Pin-Priority: -1 Package: apache2-bin Pin: release * Pin-Priority: -1 -" >> "${pending_dir}/etc/apt/preferences.d/forbid_apache2" + +# Also yes, bind9 will conflict with dnsmasq. +# Same story than for apache2. +# Don't fucking install it. + +Package: bind9 +Pin: release * +Pin-Priority: -1 +" >> "${pending_dir}/etc/apt/preferences.d/ban_packages" } From 0efd8307430dfd9b62aca60be00528202cdd7967 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Fri, 22 Jan 2021 14:49:47 +0100 Subject: [PATCH 14/36] fix can ynh-admin vuejs --- data/templates/nginx/plain/yunohost_admin.conf.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/templates/nginx/plain/yunohost_admin.conf.inc b/data/templates/nginx/plain/yunohost_admin.conf.inc index 8b81ab932..ab6d270c7 100644 --- a/data/templates/nginx/plain/yunohost_admin.conf.inc +++ b/data/templates/nginx/plain/yunohost_admin.conf.inc @@ -10,7 +10,7 @@ location /yunohost/admin/ { more_set_headers "Content-Security-Policy-Report-Only:"; # Short cache on handlebars templates - location ~* \.(?:ms)$ { + location ~* \.(js|css|png|jpg|jpeg|gif|ico|json|woff|woff2|ttf|eot)$ { expires 5m; add_header Cache-Control "public"; } From 6e9ab553b8006a14723db673c62d595364dc3be6 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Fri, 22 Jan 2021 17:08:28 +0100 Subject: [PATCH 15/36] Add ynh_exec_as to official --- data/helpers.d/logging | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/data/helpers.d/logging b/data/helpers.d/logging index dc32ecba9..e5d208a0f 100644 --- a/data/helpers.d/logging +++ b/data/helpers.d/logging @@ -100,6 +100,30 @@ ynh_print_err () { ynh_print_log "[Error] ${message}" >&2 } +# Execute a command as another user +# +# usage: ynh_exec_as --user=USER --command=COMMAND [ARG ...] +# | arg: -u, --user= - the user that will execute the command +# | arg: -n, --command= - the command to be executed +# +# Requires YunoHost version 4.1.7 or higher. +ynh_exec_as() +{ + # Declare an array to define the options of this helper. + local legacy_args=uc + local -A args_array=( [u]=user= [c]=command= ) + local user + local command + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + if [[ $user = $(whoami) ]]; then + eval "$command" + else + sudo -u "$user" "$command" + fi +} + # Execute a command and print the result as an error # # usage: ynh_exec_err your_command From 25f2bdf83ac91fe699024dc8bbab8632c184eda7 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Fri, 9 Oct 2020 18:11:24 +0200 Subject: [PATCH 16/36] Refactor local CA management for more consistency and simpler postinstall --- data/hooks/conf_regen/02-ssl | 122 ++++++++++++++++++----------------- src/yunohost/domain.py | 30 ++------- src/yunohost/tools.py | 30 --------- 3 files changed, 68 insertions(+), 114 deletions(-) diff --git a/data/hooks/conf_regen/02-ssl b/data/hooks/conf_regen/02-ssl index 310a5d526..ac740f6ea 100755 --- a/data/hooks/conf_regen/02-ssl +++ b/data/hooks/conf_regen/02-ssl @@ -3,71 +3,81 @@ set -e ssl_dir="/usr/share/yunohost/yunohost-config/ssl/yunoCA" +ynh_ca="/etc/yunohost/certs/yunohost.org/ca.pem" +ynh_crt="/etc/yunohost/certs/yunohost.org/crt.pem" +ynh_key="/etc/yunohost/certs/yunohost.org/key.pem" +openssl_conf="/usr/share/yunohost/templates/ssl/openssl.cnf" + +regen_local_ca() { + + domain="$1" + + echo -e "\n# Creating local certification authority with domain=$domain\n" + + # create certs and SSL directories + mkdir -p "/etc/yunohost/certs/yunohost.org" + mkdir -p "${ssl_dir}/"{ca,certs,crl,newcerts} + + pushd ${ssl_dir} + + # (Update the serial so that it's specific to this very instance) + # N.B. : the weird RANDFILE thing comes from: + # https://stackoverflow.com/questions/94445/using-openssl-what-does-unable-to-write-random-state-mean + RANDFILE=.rnd openssl rand -hex 19 > serial + rm -f index.txt + touch index.txt + cp /usr/share/yunohost/templates/ssl/openssl.cnf openssl.ca.cnf + sed -i s/yunohost.org/${domain}/g openssl.ca.cnf + openssl req -x509 \ + -new \ + -config openssl.ca.cnf \ + -days 3650 \ + -out ca/cacert.pem \ + -keyout ca/cakey.pem \ + -nodes \ + -batch \ + -subj /CN=${domain}/O=${domain%.*} 2>&1 + + chmod 640 ca/cacert.pem + chmod 640 ca/cakey.pem + + cp ca/cacert.pem $ynh_ca + ln -sf "$ynh_ca" /etc/ssl/certs/ca-yunohost_crt.pem + update-ca-certificates + + popd +} + + do_init_regen() { - if [[ $EUID -ne 0 ]]; then - echo "You must be root to run this script" 1>&2 - exit 1 - fi - LOGFILE="/tmp/yunohost-ssl-init" - - echo "Initializing a local SSL certification authority ..." - echo "(logs available in $LOGFILE)" - - rm -f $LOGFILE - touch $LOGFILE - - # create certs and SSL directories - mkdir -p "/etc/yunohost/certs/yunohost.org" - mkdir -p "${ssl_dir}/"{ca,certs,crl,newcerts} - - # initialize some files - # N.B. : the weird RANDFILE thing comes from: - # https://stackoverflow.com/questions/94445/using-openssl-what-does-unable-to-write-random-state-mean - [[ -f "${ssl_dir}/serial" ]] \ - || RANDFILE=.rnd openssl rand -hex 19 > "${ssl_dir}/serial" - [[ -f "${ssl_dir}/index.txt" ]] \ - || touch "${ssl_dir}/index.txt" - - openssl_conf="/usr/share/yunohost/templates/ssl/openssl.cnf" - ynh_ca="/etc/yunohost/certs/yunohost.org/ca.pem" - ynh_crt="/etc/yunohost/certs/yunohost.org/crt.pem" - ynh_key="/etc/yunohost/certs/yunohost.org/key.pem" + LOGFILE=/tmp/yunohost-ssl-init + echo "" > $LOGFILE + chown root:root $LOGFILE + chmod 640 $LOGFILE # create default certificates if [[ ! -f "$ynh_ca" ]]; then - echo -e "\n# Creating the CA key (?)\n" >>$LOGFILE - - openssl req -x509 \ - -new \ - -config "$openssl_conf" \ - -days 3650 \ - -out "${ssl_dir}/ca/cacert.pem" \ - -keyout "${ssl_dir}/ca/cakey.pem" \ - -nodes -batch >>$LOGFILE 2>&1 - - cp "${ssl_dir}/ca/cacert.pem" "$ynh_ca" - ln -sf "$ynh_ca" /etc/ssl/certs/ca-yunohost_crt.pem - update-ca-certificates + regen_local_ca yunohost.org >>$LOGFILE fi if [[ ! -f "$ynh_crt" ]]; then - echo -e "\n# Creating initial key and certificate (?)\n" >>$LOGFILE + echo -e "\n# Creating initial key and certificate \n" >>$LOGFILE openssl req -new \ -config "$openssl_conf" \ -days 730 \ -out "${ssl_dir}/certs/yunohost_csr.pem" \ -keyout "${ssl_dir}/certs/yunohost_key.pem" \ - -nodes -batch >>$LOGFILE 2>&1 + -nodes -batch &>>$LOGFILE openssl ca \ -config "$openssl_conf" \ -days 730 \ -in "${ssl_dir}/certs/yunohost_csr.pem" \ -out "${ssl_dir}/certs/yunohost_crt.pem" \ - -batch >>$LOGFILE 2>&1 + -batch &>>$LOGFILE chmod 640 "${ssl_dir}/certs/yunohost_key.pem" chmod 640 "${ssl_dir}/certs/yunohost_crt.pem" @@ -93,22 +103,16 @@ do_pre_regen() { do_post_regen() { regen_conf_files=$1 - # Ensure that index.txt exists - index_txt=/usr/share/yunohost/yunohost-config/ssl/yunoCA/index.txt - [[ -f "${index_txt}" ]] || { - if [[ -f "${index_txt}.saved" ]]; then - # use saved database from 2.2 - cp "${index_txt}.saved" "${index_txt}" - elif [[ -f "${index_txt}.old" ]]; then - # ... or use the state-1 database - cp "${index_txt}.old" "${index_txt}" - else - # ... or create an empty one - touch "${index_txt}" - fi - } + current_local_ca_domain=$(openssl x509 -in $ynh_ca -text | tr ',' '\n' | grep Issuer | awk '{print $4}') + main_domain=$(cat /etc/yunohost/current_host) - # TODO: regenerate certificates if conf changed? + if [[ "$current_local_ca_domain" != "$main_domain" ]] + then + regen_local_ca $main_domain + # Idk how useful this is, but this was in the previous python code (domain.main_domain()) + ln -sf /etc/yunohost/certs/$domain/crt.pem /etc/ssl/certs/yunohost_crt.pem + ln -sf /etc/yunohost/certs/$domain/key.pem /etc/ssl/private/yunohost_key.pem + fi } FORCE=${2:-0} diff --git a/src/yunohost/domain.py b/src/yunohost/domain.py index af45d8757..6477b3943 100644 --- a/src/yunohost/domain.py +++ b/src/yunohost/domain.py @@ -30,6 +30,7 @@ from moulinette import m18n, msettings from moulinette.core import MoulinetteError from yunohost.utils.error import YunohostError from moulinette.utils.log import getActionLogger +from moulinette.utils.filesystem import write_to_file from yunohost.app import app_ssowatconf, _installed_apps, _get_app_settings, _get_conflicting_apps from yunohost.regenconf import regen_conf, _force_clear_hashes, _process_regen_conf @@ -318,36 +319,20 @@ def domain_main_domain(operation_logger, new_main_domain=None): operation_logger.start() # Apply changes to ssl certs - ssl_key = "/etc/ssl/private/yunohost_key.pem" - ssl_crt = "/etc/ssl/private/yunohost_crt.pem" - new_ssl_key = "/etc/yunohost/certs/%s/key.pem" % new_main_domain - new_ssl_crt = "/etc/yunohost/certs/%s/crt.pem" % new_main_domain - try: - if os.path.exists(ssl_key) or os.path.lexists(ssl_key): - os.remove(ssl_key) - if os.path.exists(ssl_crt) or os.path.lexists(ssl_crt): - os.remove(ssl_crt) + write_to_file('/etc/yunohost/current_host', new_main_domain) - os.symlink(new_ssl_key, ssl_key) - os.symlink(new_ssl_crt, ssl_crt) - - _set_maindomain(new_main_domain) + _set_hostname(new_main_domain) except Exception as e: logger.warning("%s" % e, exc_info=1) raise YunohostError('main_domain_change_failed') - _set_hostname(new_main_domain) - # Generate SSOwat configuration file app_ssowatconf() # Regen configurations - try: - with open('/etc/yunohost/installed', 'r'): - regen_conf() - except IOError: - pass + if os.path.exists('/etc/yunohost/installed'): + regen_conf() logger.success(m18n.n('main_domain_changed')) @@ -385,11 +370,6 @@ def _get_maindomain(): return maindomain -def _set_maindomain(domain): - with open('/etc/yunohost/current_host', 'w') as f: - f.write(domain) - - def _build_dns_conf(domain, ttl=3600, include_empty_AAAA_if_no_ipv6=False): """ Internal function that will returns a data structure containing the needed diff --git a/src/yunohost/tools.py b/src/yunohost/tools.py index f01f6adb8..126158606 100644 --- a/src/yunohost/tools.py +++ b/src/yunohost/tools.py @@ -315,37 +315,7 @@ def tools_postinstall(operation_logger, domain, password, ignore_dyndns=False, os.system('chmod 644 /etc/ssowat/conf.json.persistent') - # Create SSL CA - regen_conf(['ssl'], force=True) - ssl_dir = '/usr/share/yunohost/yunohost-config/ssl/yunoCA' - # (Update the serial so that it's specific to this very instance) - os.system("openssl rand -hex 19 > %s/serial" % ssl_dir) - commands = [ - 'rm %s/index.txt' % ssl_dir, - 'touch %s/index.txt' % ssl_dir, - 'cp %s/openssl.cnf %s/openssl.ca.cnf' % (ssl_dir, ssl_dir), - 'sed -i s/yunohost.org/%s/g %s/openssl.ca.cnf ' % (domain, ssl_dir), - 'openssl req -x509 -new -config %s/openssl.ca.cnf -days 3650 -out %s/ca/cacert.pem -keyout %s/ca/cakey.pem -nodes -batch -subj /CN=%s/O=%s' % (ssl_dir, ssl_dir, ssl_dir, domain, os.path.splitext(domain)[0]), - 'cp %s/ca/cacert.pem /etc/ssl/certs/ca-yunohost_crt.pem' % ssl_dir, - 'update-ca-certificates' - ] - - for command in commands: - p = subprocess.Popen( - command.split(), stdout=subprocess.PIPE, stderr=subprocess.STDOUT) - - out, _ = p.communicate() - - if p.returncode != 0: - logger.warning(out) - raise YunohostError('yunohost_ca_creation_failed') - else: - logger.debug(out) - - logger.success(m18n.n('yunohost_ca_creation_success')) - # New domain config - regen_conf(['nsswitch'], force=True) domain_add(domain, dyndns) domain_main_domain(domain) From f755259790d878805a8536bb3bc9c2e17c0a0f1e Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Fri, 9 Oct 2020 18:18:44 +0200 Subject: [PATCH 17/36] Initialize folders during .deb install instead of regen conf --- data/hooks/conf_regen/01-yunohost | 29 +++++++++++++++++++++++++++-- src/yunohost/tools.py | 27 --------------------------- 2 files changed, 27 insertions(+), 29 deletions(-) diff --git a/data/hooks/conf_regen/01-yunohost b/data/hooks/conf_regen/01-yunohost index 6ac61d07a..9da2d91ca 100755 --- a/data/hooks/conf_regen/01-yunohost +++ b/data/hooks/conf_regen/01-yunohost @@ -27,6 +27,29 @@ do_init_regen() { # allow users to access /media directory [[ -d /etc/skel/media ]] \ || (mkdir -p /media && ln -s /media /etc/skel/media) + + # Cert folders + mkdir -p /etc/yunohost/certs + chown -R root:ssl-cert /etc/yunohost/certs + chmod 750 /etc/yunohost/certs + + # App folders + mkdir -p /etc/yunohost/apps + chmod 700 /etc/yunohost/apps + mkdir -p /home/yunohost.app + chmod 755 /home/yunohost.app + + # Backup folders + mkdir -p /home/yunohost.backup/archives + chmod 750 /home/yunohost.backup/archives + chown root:root /home/yunohost.backup/archives # This is later changed to admin:root once admin user exists + + # Empty ssowat json persistent conf + echo "{}" > '/etc/ssowat/conf.json.persistent' + chmod 644 /etc/ssowat/conf.json.persistent + chown root:root /etc/ssowat/conf.json.persistent + + mkdir -p /var/cache/yunohost/repo } do_pre_regen() { @@ -67,7 +90,7 @@ EOF # (this make sure that the hash is null / file is flagged as to-delete) mkdir -p $pending_dir/etc/etckeeper touch $pending_dir/etc/etckeeper/etckeeper.conf - + # Skip ntp if inside a container (inspired from the conf of systemd-timesyncd) mkdir -p ${pending_dir}/etc/systemd/system/ntp.service.d/ echo " @@ -75,7 +98,7 @@ EOF ConditionCapability=CAP_SYS_TIME ConditionVirtualization=!container " > ${pending_dir}/etc/systemd/system/ntp.service.d/ynh-override.conf - + # Make nftable conflict with yunohost-firewall mkdir -p ${pending_dir}/etc/systemd/system/nftables.service.d/ cat > ${pending_dir}/etc/systemd/system/nftables.service.d/ynh-override.conf << EOF @@ -94,6 +117,8 @@ do_post_regen() { # Enfore permissions # ###################### + chown admin:root /home/yunohost.backup/archives + # Certs # We do this with find because there could be a lot of them... chown -R root:ssl-cert /etc/yunohost/certs diff --git a/src/yunohost/tools.py b/src/yunohost/tools.py index f01f6adb8..348266ccb 100644 --- a/src/yunohost/tools.py +++ b/src/yunohost/tools.py @@ -294,27 +294,6 @@ def tools_postinstall(operation_logger, domain, password, ignore_dyndns=False, # TODO: Improve this part by integrate ldapinit into conf_regen hook tools_ldapinit() - # Create required folders - folders_to_create = [ - '/etc/yunohost/apps', - '/etc/yunohost/certs', - '/var/cache/yunohost/repo', - '/home/yunohost.backup', - '/home/yunohost.app' - ] - - for folder in [x for x in folders_to_create if not os.path.exists(x)]: - os.makedirs(folder) - - # Change folders permissions - os.system('chmod 755 /home/yunohost.app') - - # Init ssowat's conf.json.persistent - if not os.path.exists('/etc/ssowat/conf.json.persistent'): - write_to_json('/etc/ssowat/conf.json.persistent', {}) - - os.system('chmod 644 /etc/ssowat/conf.json.persistent') - # Create SSL CA regen_conf(['ssl'], force=True) ssl_dir = '/usr/share/yunohost/yunohost-config/ssl/yunoCA' @@ -366,12 +345,6 @@ def tools_postinstall(operation_logger, domain, password, ignore_dyndns=False, except Exception as e: logger.warning(str(e)) - # Create the archive directory (makes it easier for people to upload backup - # archives, otherwise it's only created after running `yunohost backup - # create` once. - from yunohost.backup import _create_archive_dir - _create_archive_dir() - # Init migrations (skip them, no need to run them on a fresh system) _skip_all_migrations() From 0606df529b78296d004908f22e842eb70259575e Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sat, 23 Jan 2021 00:08:50 +0100 Subject: [PATCH 18/36] Also add a check on debian/postinst because we're about to move a bunch of init step to debian/postinst instead of 'yunohost tools postintall' --- debian/postinst | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/debian/postinst b/debian/postinst index 4b43b2506..fd2a24b9e 100644 --- a/debian/postinst +++ b/debian/postinst @@ -6,10 +6,18 @@ do_configure() { rm -rf /var/cache/moulinette/* if [ ! -f /etc/yunohost/installed ]; then - bash /usr/share/yunohost/hooks/conf_regen/01-yunohost init - bash /usr/share/yunohost/hooks/conf_regen/02-ssl init - bash /usr/share/yunohost/hooks/conf_regen/06-slapd init - bash /usr/share/yunohost/hooks/conf_regen/15-nginx init + + # If apps/ is not empty, we're probably already installed in the past and + # something funky happened ... + if [ -d /etc/yunohost/apps/ ] && ls /etc/yunohost/apps/* 2>/dev/null + then + echo "Sounds like /etc/yunohost/installed mysteriously disappeared ... You should probably contact the Yunohost support ..." + else + bash /usr/share/yunohost/hooks/conf_regen/01-yunohost init + bash /usr/share/yunohost/hooks/conf_regen/02-ssl init + bash /usr/share/yunohost/hooks/conf_regen/06-slapd init + bash /usr/share/yunohost/hooks/conf_regen/15-nginx init + fi else echo "Regenerating configuration, this might take a while..." yunohost tools regen-conf --output-as none From 4a302dc7865fb44c6fb77d80c5054b8cc10d1871 Mon Sep 17 00:00:00 2001 From: Kayou Date: Sat, 23 Jan 2021 00:21:02 +0100 Subject: [PATCH 19/36] add auto-format-code (#1142) * add auto-format-code * add github remote * add GITHUB_TOKEN to the remove url * select Yunohost:dev * force push as it's only a code format * pull before running black * working on a clean directory * pull before push? /o\ * do not clone single branch * a last one? * only on dev branch --- .gitlab/ci/lint.gitlab-ci.yml | 22 +++++++++++++++++++++- tox.ini | 7 ++++--- 2 files changed, 25 insertions(+), 4 deletions(-) diff --git a/.gitlab/ci/lint.gitlab-ci.yml b/.gitlab/ci/lint.gitlab-ci.yml index dabe33d62..94be52f7d 100644 --- a/.gitlab/ci/lint.gitlab-ci.yml +++ b/.gitlab/ci/lint.gitlab-ci.yml @@ -24,4 +24,24 @@ format-check: needs: [] allow_failure: true script: - - tox -e py37-black + - tox -e py37-black-check + +format-run: + stage: lint + image: "before-install" + needs: [] + before_script: + - apt-get update -y && apt-get install git hub -y + - git config --global user.email "yunohost@yunohost.org" + - git config --global user.name "$GITHUB_USER" + - hub clone --branch ${CI_COMMIT_REF_NAME} "https://$GITHUB_TOKEN:x-oauth-basic@github.com/YunoHost/yunohost.git" github_repo + - cd github_repo + script: + # checkout or create and checkout the branch + - hub checkout "ci-format-${CI_COMMIT_REF_NAME}" || hub checkout -b "ci-format-${CI_COMMIT_REF_NAME}" + - tox -e py37-black-run + - hub commit -am "[CI] Format code" || true + - hub pull-request -m "[CI] Format code" -b Yunohost:dev -p || true # GITHUB_USER and GITHUB_TOKEN registered here https://gitlab.com/yunohost/yunohost/-/settings/ci_cd + only: + refs: + - dev \ No newline at end of file diff --git a/tox.ini b/tox.ini index 36134e85a..7607c4a41 100644 --- a/tox.ini +++ b/tox.ini @@ -1,12 +1,13 @@ [tox] -envlist = py37-{lint,invalidcode},py37-black +envlist = py37-{lint,invalidcode},py37-black-{run,check} [testenv] skip_install=True deps = py37-{lint,invalidcode}: flake8 - py37-black: black + py37-black-{run,check}: black commands = py37-lint: flake8 src doc data tests --ignore E402,E501 --exclude src/yunohost/vendor py37-invalidcode: flake8 src data --exclude src/yunohost/tests,src/yunohost/vendor --select F - py37-black: black --check --diff src doc data tests + py37-black-check: black --check --diff src doc data tests + py37-black-run: black src doc data tests From 46138e9e730f2bc201a76d669921da0cda261a19 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sat, 23 Jan 2021 01:27:14 +0100 Subject: [PATCH 20/36] We need that file for the first domain_add during postinstall --- data/hooks/conf_regen/02-ssl | 2 ++ 1 file changed, 2 insertions(+) diff --git a/data/hooks/conf_regen/02-ssl b/data/hooks/conf_regen/02-ssl index ac740f6ea..0cb38df7b 100755 --- a/data/hooks/conf_regen/02-ssl +++ b/data/hooks/conf_regen/02-ssl @@ -90,6 +90,8 @@ do_init_regen() { chown -R root:ssl-cert /etc/yunohost/certs/yunohost.org/ chmod o-rwx /etc/yunohost/certs/yunohost.org/ + + install -D -m 644 $openssl_conf "${ssl_dir}/openssl.cnf" } do_pre_regen() { From 68cc952a895d174d2b3d964eeb0e89a287c34b33 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sat, 23 Jan 2021 01:30:20 +0100 Subject: [PATCH 21/36] Remove stale strings --- locales/en.json | 2 -- 1 file changed, 2 deletions(-) diff --git a/locales/en.json b/locales/en.json index dbaee0bdf..9275b87e2 100644 --- a/locales/en.json +++ b/locales/en.json @@ -624,8 +624,6 @@ "user_update_failed": "Could not update user {user}: {error}", "user_updated": "User info changed", "yunohost_already_installed": "YunoHost is already installed", - "yunohost_ca_creation_failed": "Could not create certificate authority", - "yunohost_ca_creation_success": "Local certification authority created.", "yunohost_configured": "YunoHost is now configured", "yunohost_installing": "Installing YunoHost...", "yunohost_not_installed": "YunoHost is not correctly installed. Please run 'yunohost tools postinstall'", From c023b177fefa6aa5d1b508bee6490e10b1e84b67 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Thu, 31 Dec 2020 19:16:44 +0100 Subject: [PATCH 22/36] Normalize conf template handling for nginx, php-fpm, systemd and fail2ban using ynh_add_config --- data/helpers.d/fail2ban | 65 ++++++++------------------- data/helpers.d/nginx | 59 +++++-------------------- data/helpers.d/php | 97 ++++++++++++++++++----------------------- data/helpers.d/systemd | 44 +++---------------- data/helpers.d/utils | 1 + 5 files changed, 76 insertions(+), 190 deletions(-) diff --git a/data/helpers.d/fail2ban b/data/helpers.d/fail2ban index f9bdd89b2..da090d2f9 100644 --- a/data/helpers.d/fail2ban +++ b/data/helpers.d/fail2ban @@ -16,11 +16,8 @@ # | for example : 'var_1 var_2 ...' # # This will use a template in ../conf/f2b_jail.conf and ../conf/f2b_filter.conf -# __APP__ by $app -# -# You can dynamically replace others variables by example : -# __VAR_1__ by $var_1 -# __VAR_2__ by $var_2 +# See the documentation of ynh_add_config for a description of the template +# format and how placeholders are replaced with actual variables. # # Generally your template will look like that by example (for synapse): # @@ -64,73 +61,45 @@ # Requires YunoHost version 3.5.0 or higher. ynh_add_fail2ban_config () { # Declare an array to define the options of this helper. - local legacy_args=lrmptv - local -A args_array=( [l]=logpath= [r]=failregex= [m]=max_retry= [p]=ports= [t]=use_template [v]=others_var=) + local legacy_args=lrmpt + local -A args_array=( [l]=logpath= [r]=failregex= [m]=max_retry= [p]=ports= [t]=use_template) local logpath local failregex local max_retry local ports - local others_var local use_template # Manage arguments with getopts ynh_handle_getopts_args "$@" max_retry=${max_retry:-3} ports=${ports:-http,https} - others_var=${others_var:-} use_template="${use_template:-0}" - finalfail2banjailconf="/etc/fail2ban/jail.d/$app.conf" - finalfail2banfilterconf="/etc/fail2ban/filter.d/$app.conf" - ynh_backup_if_checksum_is_different "$finalfail2banjailconf" - ynh_backup_if_checksum_is_different "$finalfail2banfilterconf" - - if [ $use_template -eq 1 ] + if [ $use_template -ne 1 ] then - # Usage 2, templates - cp ../conf/f2b_jail.conf $finalfail2banjailconf - cp ../conf/f2b_filter.conf $finalfail2banfilterconf - - if [ -n "${app:-}" ] - then - ynh_replace_string "__APP__" "$app" "$finalfail2banjailconf" - ynh_replace_string "__APP__" "$app" "$finalfail2banfilterconf" - fi - - # Replace all other variable given as arguments - for var_to_replace in $others_var - do - # ${var_to_replace^^} make the content of the variable on upper-cases - # ${!var_to_replace} get the content of the variable named $var_to_replace - ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finalfail2banjailconf" - ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finalfail2banfilterconf" - done - - else # Usage 1, no template. Build a config file from scratch. test -n "$logpath" || ynh_die "ynh_add_fail2ban_config expects a logfile path as first argument and received nothing." test -n "$failregex" || ynh_die "ynh_add_fail2ban_config expects a failure regex as second argument and received nothing." - tee $finalfail2banjailconf < ../conf/f2b_jail.conf - tee $finalfail2banfilterconf < ../conf/f2b_filter.conf fi - # Common to usage 1 and 2. - ynh_store_file_checksum "$finalfail2banjailconf" - ynh_store_file_checksum "$finalfail2banfilterconf" + ynh_add_config --template="../conf/f2b_jail.conf" --destination="/etc/fail2ban/jail.d/$app.conf" + ynh_add_config --template="../conf/f2b_filter.conf" --destination="/etc/fail2ban/filter.d/$app.conf" ynh_systemd_action --service_name=fail2ban --action=reload --line_match="(Started|Reloaded) Fail2Ban Service" --log_path=systemd diff --git a/data/helpers.d/nginx b/data/helpers.d/nginx index cd4380f16..050a24117 100644 --- a/data/helpers.d/nginx +++ b/data/helpers.d/nginx @@ -2,60 +2,25 @@ # Create a dedicated nginx config # -# usage: ynh_add_nginx_config "list of others variables to replace" -# -# | arg: list - (Optional) list of others variables to replace separated by spaces. For example : 'path_2 port_2 ...' +# usage: ynh_add_nginx_config # # This will use a template in ../conf/nginx.conf -# __PATH__ by $path_url -# __DOMAIN__ by $domain -# __PORT__ by $port -# __NAME__ by $app -# __FINALPATH__ by $final_path -# __PHPVERSION__ by $YNH_PHP_VERSION ($YNH_PHP_VERSION is either the default php version or the version defined for the app) +# See the documentation of ynh_add_config for a description of the template +# format and how placeholders are replaced with actual variables. # -# And dynamic variables (from the last example) : -# __PATH_2__ by $path_2 -# __PORT_2__ by $port_2 +# Additionally, ynh_add_nginx_config will replace: +# - #sub_path_only by empty string if path_url is not '/' +# - #root_path_only by empty string if path_url *is* '/' +# +# This allows to enable/disable specific behaviors dependenging on the install +# location # # Requires YunoHost version 2.7.2 or higher. -# Requires YunoHost version 2.7.13 or higher for dynamic variables ynh_add_nginx_config () { - finalnginxconf="/etc/nginx/conf.d/$domain.d/$app.conf" - local others_var=${1:-} - ynh_backup_if_checksum_is_different --file="$finalnginxconf" - cp ../conf/nginx.conf "$finalnginxconf" - # To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable. - # Substitute in a nginx config file only if the variable is not empty - if test -n "${path_url:-}" - then - # path_url_slash_less is path_url, or a blank value if path_url is only '/' - local path_url_slash_less=${path_url%/} - ynh_replace_string --match_string="__PATH__/" --replace_string="$path_url_slash_less/" --target_file="$finalnginxconf" - ynh_replace_string --match_string="__PATH__" --replace_string="$path_url" --target_file="$finalnginxconf" - fi - if test -n "${domain:-}"; then - ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$finalnginxconf" - fi - if test -n "${port:-}"; then - ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$finalnginxconf" - fi - if test -n "${app:-}"; then - ynh_replace_string --match_string="__NAME__" --replace_string="$app" --target_file="$finalnginxconf" - fi - if test -n "${final_path:-}"; then - ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="$finalnginxconf" - fi - ynh_replace_string --match_string="__PHPVERSION__" --replace_string="$YNH_PHP_VERSION" --target_file="$finalnginxconf" + local finalnginxconf="/etc/nginx/conf.d/$domain.d/$app.conf" - # Replace all other variable given as arguments - for var_to_replace in $others_var - do - # ${var_to_replace^^} make the content of the variable on upper-cases - # ${!var_to_replace} get the content of the variable named $var_to_replace - ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finalnginxconf" - done + ynh_add_config --template="../conf/nginx.conf" --destination="$finalnginxconf" if [ "${path_url:-}" != "/" ] then @@ -64,8 +29,6 @@ ynh_add_nginx_config () { ynh_replace_string --match_string="^#root_path_only" --replace_string="" --target_file="$finalnginxconf" fi - ynh_store_file_checksum --file="$finalnginxconf" - ynh_systemd_action --service_name=nginx --action=reload } diff --git a/data/helpers.d/php b/data/helpers.d/php index 0dd589956..95151b45b 100644 --- a/data/helpers.d/php +++ b/data/helpers.d/php @@ -132,7 +132,6 @@ ynh_add_fpm_config () { ynh_app_setting_set --app=$app --key=fpm_service --value="$fpm_service" ynh_app_setting_set --app=$app --key=fpm_dedicated_service --value="$dedicated_service" ynh_app_setting_set --app=$app --key=phpversion --value=$phpversion - finalphpconf="$fpm_config_dir/pool.d/$app.conf" # Migrate from mutual PHP service to dedicated one. if [ $dedicated_service -eq 1 ] @@ -151,8 +150,6 @@ ynh_add_fpm_config () { fi fi - ynh_backup_if_checksum_is_different --file="$finalphpconf" - if [ $use_template -eq 1 ] then # Usage 1, use the template in conf/php-fpm.conf @@ -162,12 +159,6 @@ ynh_add_fpm_config () { fi # Make sure now that the template indeed exists [ -e "$phpfpm_path" ] || ynh_die --message="Unable to find template to configure PHP-FPM." - cp "$phpfpm_path" "$finalphpconf" - ynh_replace_string --match_string="__NAMETOCHANGE__" --replace_string="$app" --target_file="$finalphpconf" - ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="$finalphpconf" - ynh_replace_string --match_string="__USER__" --replace_string="$app" --target_file="$finalphpconf" - ynh_replace_string --match_string="__PHPVERSION__" --replace_string="$phpversion" --target_file="$finalphpconf" - else # Usage 2, generate a PHP-FPM config file with ynh_get_scalable_phpfpm @@ -178,82 +169,78 @@ ynh_add_fpm_config () { # Define the values to use for the configuration of PHP. ynh_get_scalable_phpfpm --usage=$usage --footprint=$footprint - # Copy the default file - cp "/etc/php/$phpversion/fpm/pool.d/www.conf" "$finalphpconf" + local phpfpm_path="../conf/php-fpm.conf" + echo " +[__APP__] - # Replace standard variables into the default file - ynh_replace_string --match_string="^\[www\]" --replace_string="[$app]" --target_file="$finalphpconf" - ynh_replace_string --match_string=".*listen = .*" --replace_string="listen = /var/run/php/php$phpversion-fpm-$app.sock" --target_file="$finalphpconf" - ynh_replace_string --match_string="^user = .*" --replace_string="user = $app" --target_file="$finalphpconf" - ynh_replace_string --match_string="^group = .*" --replace_string="group = $app" --target_file="$finalphpconf" - ynh_replace_string --match_string=".*chdir = .*" --replace_string="chdir = $final_path" --target_file="$finalphpconf" +user = __APP__ +group = __APP__ + +chdir = __FINALPATH__ + +listen = /var/run/php/php__PHPVERSION__-fpm-__APP__.sock +listen.owner = www-data +listen.group = www-data + +pm = __PHP_PM__ +pm.max_children = __PHP_MAX_CHILDREN__ +pm.max_requests = 500 +request_terminate_timeout = 1d +" > $phpfpm_path - # Configure FPM children - ynh_replace_string --match_string=".*pm = .*" --replace_string="pm = $php_pm" --target_file="$finalphpconf" - ynh_replace_string --match_string=".*pm.max_children = .*" --replace_string="pm.max_children = $php_max_children" --target_file="$finalphpconf" - ynh_replace_string --match_string=".*pm.max_requests = .*" --replace_string="pm.max_requests = 500" --target_file="$finalphpconf" - ynh_replace_string --match_string=".*request_terminate_timeout = .*" --replace_string="request_terminate_timeout = 1d" --target_file="$finalphpconf" if [ "$php_pm" = "dynamic" ] then - ynh_replace_string --match_string=".*pm.start_servers = .*" --replace_string="pm.start_servers = $php_start_servers" --target_file="$finalphpconf" - ynh_replace_string --match_string=".*pm.min_spare_servers = .*" --replace_string="pm.min_spare_servers = $php_min_spare_servers" --target_file="$finalphpconf" - ynh_replace_string --match_string=".*pm.max_spare_servers = .*" --replace_string="pm.max_spare_servers = $php_max_spare_servers" --target_file="$finalphpconf" + echo " +pm.start_servers = __PHP_START_SERVERS__ +pm.min_spare_servers = __PHP_MIN_SPARE_SERVERS__ +pm.max_spare_servers = __PHP_MAX_SPARE_SERVERS__ +" >> $phpfpm_path + elif [ "$php_pm" = "ondemand" ] then - ynh_replace_string --match_string=".*pm.process_idle_timeout = .*" --replace_string="pm.process_idle_timeout = 10s" --target_file="$finalphpconf" - fi - - # Comment unused parameters - if [ "$php_pm" != "dynamic" ] - then - ynh_replace_string --match_string=".*\(pm.start_servers = .*\)" --replace_string=";\1" --target_file="$finalphpconf" - ynh_replace_string --match_string=".*\(pm.min_spare_servers = .*\)" --replace_string=";\1" --target_file="$finalphpconf" - ynh_replace_string --match_string=".*\(pm.max_spare_servers = .*\)" --replace_string=";\1" --target_file="$finalphpconf" - fi - if [ "$php_pm" != "ondemand" ] - then - ynh_replace_string --match_string=".*\(pm.process_idle_timeout = .*\)" --replace_string=";\1" --target_file="$finalphpconf" + echo " +pm.process_idle_timeout = 10s +" >> $phpfpm_path fi # Concatene the extra config. if [ -e ../conf/extra_php-fpm.conf ]; then - cat ../conf/extra_php-fpm.conf >> "$finalphpconf" + cat ../conf/extra_php-fpm.conf >> "$phpfpm_path" fi fi - chown root: "$finalphpconf" - ynh_store_file_checksum --file="$finalphpconf" + local finalphpconf="$fpm_config_dir/pool.d/$app.conf" + ynh_add_config --template="$phpfpm_path" --destination="$finalphpconf" if [ -e "../conf/php-fpm.ini" ] then ynh_print_warn --message="Packagers ! Please do not use a separate php ini file, merge your directives in the pool file instead." - finalphpini="$fpm_config_dir/conf.d/20-$app.ini" - ynh_backup_if_checksum_is_different "$finalphpini" - cp ../conf/php-fpm.ini "$finalphpini" - chown root: "$finalphpini" - ynh_store_file_checksum "$finalphpini" + ynh_add_config --template="../conf/php-fpm.ini" --destination="$fpm_config_dir/conf.d/20-$app.ini" fi if [ $dedicated_service -eq 1 ] then # Create a dedicated php-fpm.conf for the service local globalphpconf=$fpm_config_dir/php-fpm-$app.conf - cp /etc/php/${phpversion}/fpm/php-fpm.conf $globalphpconf - ynh_replace_string --match_string="^[; ]*pid *=.*" --replace_string="pid = /run/php/php${phpversion}-fpm-$app.pid" --target_file="$globalphpconf" - ynh_replace_string --match_string="^[; ]*error_log *=.*" --replace_string="error_log = /var/log/php/fpm-php.$app.log" --target_file="$globalphpconf" - ynh_replace_string --match_string="^[; ]*syslog.ident *=.*" --replace_string="syslog.ident = php-fpm-$app" --target_file="$globalphpconf" - ynh_replace_string --match_string="^[; ]*include *=.*" --replace_string="include = $finalphpconf" --target_file="$globalphpconf" +echo "[global] +pid = /run/php/php__PHPVERSION__-fpm-__APP__.pid +error_log = /var/log/php/fpm-php.__APP__.log +syslog.ident = php-fpm-__APP__ +include = __FINALPHPCONF__ +" > ../conf/php-fpm-$app.conf + + ynh_add_config --template="../config/php-fpm-$app.conf" --destination="$globalphpconf" # Create a config for a dedicated PHP-FPM service for the app echo "[Unit] -Description=PHP $phpversion FastCGI Process Manager for $app +Description=PHP __PHPVERSION__ FastCGI Process Manager for __APP__ After=network.target -[Service] +[Service] Type=notify -PIDFile=/run/php/php${phpversion}-fpm-$app.pid -ExecStart=/usr/sbin/php-fpm$phpversion --nodaemonize --fpm-config $globalphpconf +PIDFile=/run/php/php__PHPVERSION__-fpm-__APP__.pid +ExecStart=/usr/sbin/php-fpm__PHPVERSION__ --nodaemonize --fpm-config __GLOBALPHPCONF__ ExecReload=/bin/kill -USR2 \$MAINPID [Install] diff --git a/data/helpers.d/systemd b/data/helpers.d/systemd index ff1b9587c..ad5ab95fb 100644 --- a/data/helpers.d/systemd +++ b/data/helpers.d/systemd @@ -3,61 +3,27 @@ # Create a dedicated systemd config # # usage: ynh_add_systemd_config [--service=service] [--template=template] -# usage: ynh_add_systemd_config [--service=service] [--template=template] [--others_var="list of others variables to replace"] # | arg: -s, --service= - Service name (optionnal, $app by default) # | arg: -t, --template= - Name of template file (optionnal, this is 'systemd' by default, meaning ./conf/systemd.service will be used as template) -# | arg: -v, --others_var= - List of others variables to replace separated by a space. For example: 'var_1 var_2 ...' # # This will use the template ../conf/.service -# to generate a systemd config, by replacing the following keywords -# with global variables that should be defined before calling -# this helper : -# -# __APP__ by $app -# __FINALPATH__ by $final_path -# -# And dynamic variables (from the last example) : -# __VAR_1__ by $var_1 -# __VAR_2__ by $var_2 +# See the documentation of ynh_add_config for a description of the template +# format and how placeholders are replaced with actual variables. # # Requires YunoHost version 2.7.11 or higher. ynh_add_systemd_config () { # Declare an array to define the options of this helper. - local legacy_args=stv - local -A args_array=( [s]=service= [t]=template= [v]=others_var= ) + local legacy_args=st + local -A args_array=( [s]=service= [t]=template=) local service local template - local others_var # Manage arguments with getopts ynh_handle_getopts_args "$@" local service="${service:-$app}" local template="${template:-systemd.service}" - others_var="${others_var:-}" - finalsystemdconf="/etc/systemd/system/$service.service" - ynh_backup_if_checksum_is_different --file="$finalsystemdconf" - cp ../conf/$template "$finalsystemdconf" + ynh_add_config --template="../conf/$template" --destination="/etc/systemd/system/$service.service" - # To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable. - # Substitute in a nginx config file only if the variable is not empty - if [ -n "${final_path:-}" ]; then - ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="$finalsystemdconf" - fi - if [ -n "${app:-}" ]; then - ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$finalsystemdconf" - fi - - # Replace all other variables given as arguments - for var_to_replace in $others_var - do - # ${var_to_replace^^} make the content of the variable on upper-cases - # ${!var_to_replace} get the content of the variable named $var_to_replace - ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finalsystemdconf" - done - - ynh_store_file_checksum --file="$finalsystemdconf" - - chown root: "$finalsystemdconf" systemctl enable $service --quiet systemctl daemon-reload } diff --git a/data/helpers.d/utils b/data/helpers.d/utils index 78b54f19e..13f84424e 100644 --- a/data/helpers.d/utils +++ b/data/helpers.d/utils @@ -322,6 +322,7 @@ ynh_add_config () { ynh_backup_if_checksum_is_different --file="$destination" cp "$template_path" "$destination" + chown root: "$destination" ynh_replace_vars --file="$destination" From 72822ce9873cf713f451a8f123e9f9ee9e6c4af0 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sat, 23 Jan 2021 00:15:35 +0100 Subject: [PATCH 23/36] Replace #sub_path_only and #root_path_only in the template *before* calling ynh_add_config, otherwise the it ain't in the checksum computation --- data/helpers.d/nginx | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/data/helpers.d/nginx b/data/helpers.d/nginx index 050a24117..f7157cd8d 100644 --- a/data/helpers.d/nginx +++ b/data/helpers.d/nginx @@ -20,15 +20,16 @@ ynh_add_nginx_config () { local finalnginxconf="/etc/nginx/conf.d/$domain.d/$app.conf" - ynh_add_config --template="../conf/nginx.conf" --destination="$finalnginxconf" - if [ "${path_url:-}" != "/" ] then - ynh_replace_string --match_string="^#sub_path_only" --replace_string="" --target_file="$finalnginxconf" + ynh_replace_string --match_string="^#sub_path_only" --replace_string="" --target_file="../conf/nginx.conf" else - ynh_replace_string --match_string="^#root_path_only" --replace_string="" --target_file="$finalnginxconf" + ynh_replace_string --match_string="^#root_path_only" --replace_string="" --target_file="../conf/nginx.conf" fi + ynh_add_config --template="../conf/nginx.conf" --destination="$finalnginxconf" + + ynh_systemd_action --service_name=nginx --action=reload } From 2c73c50cce2b046cb6a62846b60d933de788750c Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sun, 24 Jan 2021 05:05:28 +0100 Subject: [PATCH 24/36] Unused import --- src/yunohost/tools.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/yunohost/tools.py b/src/yunohost/tools.py index 348266ccb..ad0f9b060 100644 --- a/src/yunohost/tools.py +++ b/src/yunohost/tools.py @@ -33,7 +33,7 @@ from importlib import import_module from moulinette import msignals, m18n from moulinette.utils.log import getActionLogger from moulinette.utils.process import check_output, call_async_output -from moulinette.utils.filesystem import write_to_json, read_yaml, write_to_yaml +from moulinette.utils.filesystem import read_yaml, write_to_yaml from yunohost.app import _update_apps_catalog, app_info, app_upgrade, _initialize_apps_catalog_system from yunohost.domain import domain_add From 8430e4f1971ce9e7f22ed7c230fd637e27b68b06 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Mon, 25 Jan 2021 03:57:51 +0100 Subject: [PATCH 25/36] Misc issues with yunoprompt --- bin/yunoprompt | 15 +++++++-------- data/other/yunoprompt.service | 1 + 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/bin/yunoprompt b/bin/yunoprompt index 252e5a1a4..645dd4ab1 100755 --- a/bin/yunoprompt +++ b/bin/yunoprompt @@ -6,7 +6,7 @@ x509_fingerprint=$(openssl x509 -in /etc/yunohost/certs/yunohost.org/crt.pem -n # Fetch SSH fingerprints i=0 -for key in $(ls /etc/ssh/ssh_host_{ed25519,rsa,ecdsa}_key.pub 2> /dev/null) ; do +for key in $(ls /etc/ssh/ssh_host_{ed25519,rsa,ecdsa}_key.pub 2> /dev/null) ; do output=$(ssh-keygen -l -f $key) fingerprint[$i]=" - $(echo $output | cut -d' ' -f2) $(echo $output| cut -d' ' -f4)" i=$(($i + 1)) @@ -43,22 +43,21 @@ LOGO_AND_FINGERPRINTS=$(cat << EOF $LOGO - IP: ${local_ip} - X509 fingerprint: ${x509_fingerprint} + Local IP: ${local_ip:-(no ip detected?)} + Local SSL CA X509 fingerprint: + ${x509_fingerprint} SSH fingerprints: ${fingerprint[0]} ${fingerprint[1]} ${fingerprint[2]} - ${fingerprint[3]} - ${fingerprint[4]} EOF ) -if [[ -f /etc/yunohost/installed ]] +echo "$LOGO_AND_FINGERPRINTS" > /etc/issue + +if [[ ! -f /etc/yunohost/installed ]] then - echo "$LOGO_AND_FINGERPRINTS" > /etc/issue -else chvt 2 # Formatting diff --git a/data/other/yunoprompt.service b/data/other/yunoprompt.service index 3c4df50f9..effb69590 100644 --- a/data/other/yunoprompt.service +++ b/data/other/yunoprompt.service @@ -1,6 +1,7 @@ [Unit] Description=YunoHost boot prompt After=getty@tty2.service +After=network.target [Service] Type=simple From 903d4d188139b7764a9fd3f4a7b56c981c49799e Mon Sep 17 00:00:00 2001 From: ljf Date: Mon, 21 Dec 2020 05:00:45 +0100 Subject: [PATCH 26/36] [fix] If uid is less than 1000 nsswitch ignore it --- src/yunohost/user.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/yunohost/user.py b/src/yunohost/user.py index 9fe8c3176..d00f1f0f2 100644 --- a/src/yunohost/user.py +++ b/src/yunohost/user.py @@ -171,7 +171,7 @@ def user_create(operation_logger, username, firstname, lastname, domain, passwor uid_guid_found = False while not uid_guid_found: # LXC uid number is limited to 65536 by default - uid = str(random.randint(200, 65000)) + uid = str(random.randint(1000, 65000)) uid_guid_found = uid not in all_uid and uid not in all_gid # Adapt values for LDAP From dccc3526e42f59385dfb9497cca7adb34b3cc5c6 Mon Sep 17 00:00:00 2001 From: ljf Date: Mon, 21 Dec 2020 05:02:22 +0100 Subject: [PATCH 27/36] [fix] If uid is less than 1001 nsswitch ignore it --- src/yunohost/user.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/yunohost/user.py b/src/yunohost/user.py index d00f1f0f2..3234ece32 100644 --- a/src/yunohost/user.py +++ b/src/yunohost/user.py @@ -171,7 +171,7 @@ def user_create(operation_logger, username, firstname, lastname, domain, passwor uid_guid_found = False while not uid_guid_found: # LXC uid number is limited to 65536 by default - uid = str(random.randint(1000, 65000)) + uid = str(random.randint(1001, 65000)) uid_guid_found = uid not in all_uid and uid not in all_gid # Adapt values for LDAP From ba3705bbc66e186460c08d06618ed7a0d1831e91 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Mon, 25 Jan 2021 17:51:17 +0100 Subject: [PATCH 28/36] Recommend yunohost.local in yunoprompt --- bin/yunoprompt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/yunoprompt b/bin/yunoprompt index 645dd4ab1..be46fc9ab 100755 --- a/bin/yunoprompt +++ b/bin/yunoprompt @@ -72,7 +72,7 @@ be asked for : - the administration password. You can perform this step : - - from your web browser, by accessing : ${local_ip} + - from your web browser, by accessing : https://yunohost.local/ or ${local_ip} - or in this terminal by answering 'yes' to the following question If this is your first time with YunoHost, it is strongly recommended to take From a3f3f891e48a3dbf02bca891a6ef5425ebc9040c Mon Sep 17 00:00:00 2001 From: Kay0u Date: Tue, 26 Jan 2021 20:05:37 +0100 Subject: [PATCH 29/36] fix upnp closing port --- data/templates/yunohost/firewall.yml | 2 ++ src/yunohost/firewall.py | 22 ++++++++++++++++++---- 2 files changed, 20 insertions(+), 4 deletions(-) diff --git a/data/templates/yunohost/firewall.yml b/data/templates/yunohost/firewall.yml index 835a82519..64c6b9326 100644 --- a/data/templates/yunohost/firewall.yml +++ b/data/templates/yunohost/firewall.yml @@ -2,6 +2,8 @@ uPnP: enabled: false TCP: [22, 25, 80, 443, 587, 993, 5222, 5269] UDP: [] + TCP_TO_CLOSE: [] + UDP_TO_CLOSE: [] ipv4: TCP: [22, 25, 53, 80, 443, 587, 993, 5222, 5269] UDP: [53, 5353] diff --git a/src/yunohost/firewall.py b/src/yunohost/firewall.py index dbf87a7b5..8c5272b69 100644 --- a/src/yunohost/firewall.py +++ b/src/yunohost/firewall.py @@ -82,6 +82,8 @@ def firewall_allow(protocol, port, ipv4_only=False, ipv6_only=False, # Add port forwarding with UPnP if not no_upnp and port not in firewall['uPnP'][p]: firewall['uPnP'][p].append(port) + if firewall['uPnP'][p + "_TO_CLOSE"] and port in firewall['uPnP'][p + "_TO_CLOSE"]: + firewall['uPnP'][p + "_TO_CLOSE"].remove(port) # Update and reload firewall _update_firewall_file(firewall) @@ -139,6 +141,9 @@ def firewall_disallow(protocol, port, ipv4_only=False, ipv6_only=False, # Remove port forwarding with UPnP if upnp and port in firewall['uPnP'][p]: firewall['uPnP'][p].remove(port) + if not firewall['uPnP'][p + "_TO_CLOSE"]: + firewall['uPnP'][p + "_TO_CLOSE"] = [] + firewall['uPnP'][p + "_TO_CLOSE"].append(port) # Update and reload firewall _update_firewall_file(firewall) @@ -356,6 +361,16 @@ def firewall_upnp(action='status', no_refresh=False): else: # Iterate over ports for protocol in ['TCP', 'UDP']: + if firewall['uPnP'][protocol + "_TO_CLOSE"]: + for port in firewall['uPnP'][protocol + "_TO_CLOSE"]: + # Clean the mapping of this port + if upnpc.getspecificportmapping(port, protocol): + try: + upnpc.deleteportmapping(port, protocol) + except: + pass + firewall['uPnP'][protocol + "_TO_CLOSE"] = [] + for port in firewall['uPnP'][protocol]: # Clean the mapping of this port if upnpc.getspecificportmapping(port, protocol): @@ -373,15 +388,14 @@ def firewall_upnp(action='status', no_refresh=False): logger.debug('unable to add port %d using UPnP', port, exc_info=1) enabled = False + + _update_firewall_file(firewall) if enabled != firewall['uPnP']['enabled']: firewall = firewall_list(raw=True) firewall['uPnP']['enabled'] = enabled - # Make a backup and update firewall file - os.system("cp {0} {0}.old".format(FIREWALL_FILE)) - with open(FIREWALL_FILE, 'w') as f: - yaml.safe_dump(firewall, f, default_flow_style=False) + _update_firewall_file(firewall) if not no_refresh: # Display success message if needed From 0c382420d377ec5532a0007b5aaf8846f81de506 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Tue, 26 Jan 2021 22:03:44 +0100 Subject: [PATCH 30/36] fix i18n test after format --- tests/test_i18n_keys.py | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/tests/test_i18n_keys.py b/tests/test_i18n_keys.py index b41e8cd78..f7455bc8e 100644 --- a/tests/test_i18n_keys.py +++ b/tests/test_i18n_keys.py @@ -24,9 +24,9 @@ def find_expected_string_keys(): # m18n.n( "foo" # YunohostError("foo" # # i18n: foo - p1 = re.compile(r'm18n\.n\(\s*[\"\'](\w+)[\"\']') - p2 = re.compile(r'YunohostError\([\'\"](\w+)[\'\"]') - p3 = re.compile(r'# i18n: [\'\"]?(\w+)[\'\"]?') + p1 = re.compile(r"m18n\.n\(\n*\s*[\"\'](\w+)[\"\']") + p2 = re.compile(r"YunohostError\(\n*\s*[\'\"](\w+)[\'\"]") + p3 = re.compile(r"# i18n: [\'\"]?(\w+)[\'\"]?") python_files = glob.glob("src/yunohost/*.py") python_files.extend(glob.glob("src/yunohost/utils/*.py")) @@ -78,7 +78,7 @@ def find_expected_string_keys(): for funcname in subprocess.check_output(cmd, shell=True).decode("utf-8").strip().split("\n"): yield "log_" + funcname - p4 = re.compile(r"OperationLogger\([\"\'](\w+)[\"\']") + p4 = re.compile(r"OperationLogger\(\n*\s*[\"\'](\w+)[\"\']") for python_file in python_files: content = open(python_file).read() for m in ("log_" + match for match in p4.findall(content)): @@ -86,7 +86,7 @@ def find_expected_string_keys(): # Global settings descriptions # Will be on a line like : ("service.ssh.allow_deprecated_dsa_hostkey", {"type": "bool", ... - p5 = re.compile(r" \([\"\'](\w[\w\.]+)[\"\'],") + p5 = re.compile(r" \(\n*\s*[\"\'](\w[\w\.]+)[\"\'],") content = open("src/yunohost/settings.py").read() for m in ("global_settings_setting_" + s.replace(".", "_") for s in p5.findall(content)): yield m From 535fe5aebfe946fc2360c337101aef318a48b928 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Tue, 26 Jan 2021 22:21:58 +0100 Subject: [PATCH 31/36] remove travis --- .travis.yml | 22 ---------------------- 1 file changed, 22 deletions(-) delete mode 100644 .travis.yml diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 9a0f40674..000000000 --- a/.travis.yml +++ /dev/null @@ -1,22 +0,0 @@ -language: python - -matrix: - allow_failures: - - env: TOXENV=py27-lint - - env: TOXENV=py37-lint - - env: TOXENV=py37-invalidcode - include: - - python: 2.7 - env: TOXENV=py27-lint - - python: 2.7 - env: TOXENV=py27-invalidcode - - python: 3.7 - env: TOXENV=py37-lint - - python: 3.7 - env: TOXENV=py37-invalidcode - -install: - - pip install tox - -script: - - tox From f9478b93cd507a9924782e8a3a26cdd391007971 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Mennetrier?= Date: Wed, 27 Jan 2021 10:46:03 +0100 Subject: [PATCH 32/36] Fix let's encrypt certificat generation --- src/yunohost/certificate.py | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/yunohost/certificate.py b/src/yunohost/certificate.py index 7c633de4f..3b941ed62 100644 --- a/src/yunohost/certificate.py +++ b/src/yunohost/certificate.py @@ -598,7 +598,7 @@ def _prepare_certificate_signing_request(domain, key_file, output_folder): subdomain = "xmpp-upload." + domain xmpp_records = Diagnoser.get_cached_report("dnsrecords", item={"domain": domain, "category": "xmpp"}).get("data") or {} if xmpp_records.get("CNAME:xmpp-upload") == "OK": - csr.add_extensions([crypto.X509Extension("subjectAltName", False, "DNS:" + subdomain)]) + csr.add_extensions([crypto.X509Extension("subjectAltName".encode('utf8'), False, ("DNS:" + subdomain).encode('utf8'))]) else: logger.warning(m18n.n('certmanager_warning_subdomain_dns_record', subdomain=subdomain, domain=domain)) @@ -615,7 +615,7 @@ def _prepare_certificate_signing_request(domain, key_file, output_folder): csr_file = output_folder + domain + ".csr" logger.debug("Saving to %s.", csr_file) - with open(csr_file, "w") as f: + with open(csr_file, "wb") as f: f.write(crypto.dump_certificate_request(crypto.FILETYPE_PEM, csr)) @@ -726,10 +726,9 @@ def _generate_key(destination_path): k = crypto.PKey() k.generate_key(crypto.TYPE_RSA, KEY_SIZE) - with open(destination_path, "w") as f: + with open(destination_path, "wb") as f: f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, k)) - def _set_permissions(path, user, group, permissions): uid = pwd.getpwnam(user).pw_uid gid = grp.getgrnam(group).gr_gid From fea1ad474bd546231c02cb7f7503d75e7772acf5 Mon Sep 17 00:00:00 2001 From: Kayou Date: Thu, 28 Jan 2021 00:03:38 +0100 Subject: [PATCH 33/36] remove cache --- data/templates/nginx/plain/yunohost_admin.conf.inc | 6 ------ 1 file changed, 6 deletions(-) diff --git a/data/templates/nginx/plain/yunohost_admin.conf.inc b/data/templates/nginx/plain/yunohost_admin.conf.inc index ab6d270c7..26f348dea 100644 --- a/data/templates/nginx/plain/yunohost_admin.conf.inc +++ b/data/templates/nginx/plain/yunohost_admin.conf.inc @@ -8,10 +8,4 @@ location /yunohost/admin/ { more_set_headers "Content-Security-Policy: upgrade-insecure-requests; default-src 'self'; connect-src 'self' https://raw.githubusercontent.com https://paste.yunohost.org wss://$host; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval'; object-src 'none';"; more_set_headers "Content-Security-Policy-Report-Only:"; - - # Short cache on handlebars templates - location ~* \.(js|css|png|jpg|jpeg|gif|ico|json|woff|woff2|ttf|eot)$ { - expires 5m; - add_header Cache-Control "public"; - } } From b6b33d99dee501baf912e653e30438b58ecb2586 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Thu, 28 Jan 2021 00:29:38 +0100 Subject: [PATCH 34/36] We don't want any output of ls, just the return code Co-authored-by: Kayou --- debian/postinst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/postinst b/debian/postinst index fd2a24b9e..8fdb288bc 100644 --- a/debian/postinst +++ b/debian/postinst @@ -9,7 +9,7 @@ do_configure() { # If apps/ is not empty, we're probably already installed in the past and # something funky happened ... - if [ -d /etc/yunohost/apps/ ] && ls /etc/yunohost/apps/* 2>/dev/null + if [ -d /etc/yunohost/apps/ ] && ls /etc/yunohost/apps/* >/dev/null 2>&1 then echo "Sounds like /etc/yunohost/installed mysteriously disappeared ... You should probably contact the Yunohost support ..." else From 43f121baede5d56f6811bcad731ab0533a30a738 Mon Sep 17 00:00:00 2001 From: ericgaspar Date: Thu, 28 Jan 2021 08:07:53 +0100 Subject: [PATCH 35/36] Move ynh_exec_as helper to user section --- data/helpers.d/logging | 24 ------------------------ data/helpers.d/user | 24 ++++++++++++++++++++++++ 2 files changed, 24 insertions(+), 24 deletions(-) diff --git a/data/helpers.d/logging b/data/helpers.d/logging index e5d208a0f..dc32ecba9 100644 --- a/data/helpers.d/logging +++ b/data/helpers.d/logging @@ -100,30 +100,6 @@ ynh_print_err () { ynh_print_log "[Error] ${message}" >&2 } -# Execute a command as another user -# -# usage: ynh_exec_as --user=USER --command=COMMAND [ARG ...] -# | arg: -u, --user= - the user that will execute the command -# | arg: -n, --command= - the command to be executed -# -# Requires YunoHost version 4.1.7 or higher. -ynh_exec_as() -{ - # Declare an array to define the options of this helper. - local legacy_args=uc - local -A args_array=( [u]=user= [c]=command= ) - local user - local command - # Manage arguments with getopts - ynh_handle_getopts_args "$@" - - if [[ $user = $(whoami) ]]; then - eval "$command" - else - sudo -u "$user" "$command" - fi -} - # Execute a command and print the result as an error # # usage: ynh_exec_err your_command diff --git a/data/helpers.d/user b/data/helpers.d/user index aeac3a9c5..f5d4b1680 100644 --- a/data/helpers.d/user +++ b/data/helpers.d/user @@ -163,3 +163,27 @@ ynh_system_user_delete () { delgroup $username fi } + +# Execute a command as another user +# +# usage: ynh_exec_as --user=USER --command=COMMAND [ARG ...] +# | arg: -u, --user= - the user that will execute the command +# | arg: -n, --command= - the command to be executed +# +# Requires YunoHost version 4.1.7 or higher. +ynh_exec_as() +{ + # Declare an array to define the options of this helper. + local legacy_args=uc + local -A args_array=( [u]=user= [c]=command= ) + local user + local command + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + if [[ $user = $(whoami) ]]; then + eval "$command" + else + sudo -u "$user" "$command" + fi +} From 9d0bda548ae7e34f07ccbf2c96c04f3471f19608 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sun, 31 Jan 2021 11:57:34 +0100 Subject: [PATCH 36/36] Do not ynh_die if systemctl action fails, because we don't want to exit in the middle of a remove script ... instead, return a non-zero code which should trigger script failure only if set -eu is enabled --- data/helpers.d/apt | 2 +- data/helpers.d/systemd | 4 +--- 2 files changed, 2 insertions(+), 4 deletions(-) diff --git a/data/helpers.d/apt b/data/helpers.d/apt index 1998c80f0..6abaf20a2 100644 --- a/data/helpers.d/apt +++ b/data/helpers.d/apt @@ -32,7 +32,7 @@ ynh_wait_dpkg_free() { if echo "$dpkg_file" | grep --perl-regexp --quiet "^[[:digit:]]+$" then # If so, that a remaining of dpkg. - ynh_print_err "E: dpkg was interrupted, you must manually run 'sudo dpkg --configure -a' to correct the problem." + ynh_print_err "dpkg was interrupted, you must manually run 'sudo dpkg --configure -a' to correct the problem." set -o xtrace # set -x return 1 fi diff --git a/data/helpers.d/systemd b/data/helpers.d/systemd index ff1b9587c..b0e175d4d 100644 --- a/data/helpers.d/systemd +++ b/data/helpers.d/systemd @@ -149,11 +149,9 @@ ynh_systemd_action() { # If a log is specified for this service, show also the content of this log if [ -e "$log_path" ] then - ynh_print_err --message="--" ynh_exec_err tail --lines=$length "$log_path" fi - # Fail the app script, since the service failed. - ynh_die + return 1 fi # Start the timeout and try to find line_match