Merge branch 'dev' into move-ldap-init-before-postinstall

2024-09-03 20:06:10 +02:00 · 2021-01-31 16:21:23 +01:00 · 2021-01-31 16:21:23 +01:00 · 29a3ad0484
commit 29a3ad0484
parent ed35915e7f f73c642795
41 changed files with 504 additions and 445 deletions
--- a/.gitlab/ci/install.gitlab-ci.yml
+++ b/.gitlab/ci/install.gitlab-ci.yml
@ -26,4 +26,4 @@ install-postinstall:
  script:
    - apt-get update -o Acquire::Retries=3
    - DEBIAN_FRONTEND=noninteractive SUDO_FORCE_REMOVE=yes apt --assume-yes -o Dpkg::Options::="--force-confold" --allow-downgrades install ./$YNH_BUILD_DIR/*.deb
-    - yunohost tools postinstall -d domain.tld -p the_password --ignore-dyndns
+    - yunohost tools postinstall -d domain.tld -p the_password --ignore-dyndns --force-diskspace
--- a/.gitlab/ci/lint.gitlab-ci.yml
+++ b/.gitlab/ci/lint.gitlab-ci.yml
@ -24,4 +24,24 @@ format-check:
  needs: []
  allow_failure: true
  script:
-    - tox -e py37-black
+    - tox -e py37-black-check
 format-run:
  stage: lint
  image: "before-install"
  needs: []
  before_script:
    - apt-get update -y && apt-get install git hub -y
    - git config --global user.email "yunohost@yunohost.org"
    - git config --global user.name "$GITHUB_USER"
    - hub clone --branch ${CI_COMMIT_REF_NAME} "https://$GITHUB_TOKEN:x-oauth-basic@github.com/YunoHost/yunohost.git" github_repo
    - cd github_repo
  script:
    # checkout or create and checkout the branch
    - hub checkout "ci-format-${CI_COMMIT_REF_NAME}" || hub checkout -b "ci-format-${CI_COMMIT_REF_NAME}"
    - tox -e py37-black-run
    - hub commit -am "[CI] Format code" || true
    - hub pull-request -m "[CI] Format code" -b Yunohost:dev -p || true # GITHUB_USER and GITHUB_TOKEN registered here https://gitlab.com/yunohost/yunohost/-/settings/ci_cd
  only:
      refs:
        - dev
--- a/.gitlab/ci/test.gitlab-ci.yml
+++ b/.gitlab/ci/test.gitlab-ci.yml
@ -34,7 +34,7 @@ full-tests:
    PYTEST_ADDOPTS: "--color=yes"
  before_script:
    - *install_debs
-    - yunohost tools postinstall -d domain.tld -p the_password --ignore-dyndns
+    - yunohost tools postinstall -d domain.tld -p the_password --ignore-dyndns --force-diskspace
  script:
    - python3 -m pytest --cov=yunohost tests/ src/yunohost/tests/ --junitxml=report.xml
  needs:
--- a/.travis.yml
+++ b/.travis.yml
@ -1,22 +0,0 @@
 language: python
 matrix:
  allow_failures:
    - env: TOXENV=py27-lint
    - env: TOXENV=py37-lint
    - env: TOXENV=py37-invalidcode
  include:
    - python: 2.7
      env: TOXENV=py27-lint
    - python: 2.7
      env: TOXENV=py27-invalidcode
    - python: 3.7
      env: TOXENV=py37-lint
    - python: 3.7
      env: TOXENV=py37-invalidcode
 install:
  - pip install tox
 script:
  - tox
--- a/bin/yunoprompt
+++ b/bin/yunoprompt
@ -43,22 +43,21 @@ LOGO_AND_FINGERPRINTS=$(cat << EOF
 $LOGO
- IP: ${local_ip}
+ Local IP: ${local_ip:-(no ip detected?)}
- X509 fingerprint: ${x509_fingerprint}
+ Local SSL CA X509 fingerprint:
   ${x509_fingerprint}
 SSH fingerprints:
 ${fingerprint[0]}
 ${fingerprint[1]}
 ${fingerprint[2]}
 ${fingerprint[3]}
 ${fingerprint[4]}
 EOF
 )
 if [[ -f /etc/yunohost/installed ]]
 then
 echo "$LOGO_AND_FINGERPRINTS" > /etc/issue
-else
+
 if [[ ! -f /etc/yunohost/installed ]]
 then
    chvt 2
    # Formatting
@ -73,7 +72,7 @@ be asked for :
  - the administration password.
 You can perform this step :
-  - from your web browser, by accessing : ${local_ip}
+  - from your web browser, by accessing : https://yunohost.local/ or ${local_ip}
  - or in this terminal by answering 'yes' to the following question
 If this is your first time with YunoHost, it is strongly recommended to take
--- a/data/actionsmap/yunohost.yml
+++ b/data/actionsmap/yunohost.yml
@ -582,6 +582,13 @@ app:
                    help: Also return a list of app categories
                    action: store_true
        ### app_search()
        search:
            action_help: Search installable apps
            arguments:
                string:
                    help: Return matching app name or description with "string"
        fetchlist:
            deprecated: true
@ -1416,6 +1423,10 @@ tools:
                --force-password:
                    help: Use this if you really want to set a weak password
                    action: store_true
                --force-diskspace:
                    help: Use this if you really want to install Yunohost on a setup with less than 10 GB on the root filesystem
                    action: store_true
        ### tools_update()
        update:
@ -1518,10 +1529,12 @@ tools:
                        help: list only migrations already performed
                        action: store_true
-              ### tools_migrations_migrate()
+              ### tools_migrations_run()
-              migrate:
+              run:
                  action_help: Run migrations
-                  api: POST /migrations/migrate
+                  api: POST /migrations/run
                  deprecated_alias:
                     - migrate
                  arguments:
                    targets:
                        help: Migrations to run (all pendings by default)
@ -1668,10 +1681,12 @@ log:
                    help: Include metadata about operations that are not the main operation but are sub-operations triggered by another ongoing operation... (e.g. initializing groups/permissions when installing an app)
                    action: store_true
-        ### log_display()
+        ### log_show()
-        display:
+        show:
            action_help: Display a log content
-            api: GET /logs/display
+            api: GET /logs/<path>
            deprecated_alias:
                - display
            arguments:
                path:
                    help: Log file which to display the content
@ -1681,7 +1696,7 @@ log:
                    default: 50
                    type: int
                --share:
-                    help: Share the full log using yunopaste
+                    help: (Deprecated, see yunohost log share) Share the full log using yunopaste
                    action: store_true
                -i:
                    full: --filter-irrelevant
@ -1692,6 +1707,14 @@ log:
                    help: Include metadata about sub-operations of this operation... (e.g. initializing groups/permissions when installing an app)
                    action: store_true
        ### log_share()
        share:
            action_help: Share the full log on yunopaste (alias to show --share)
            api: GET /logs/share
            arguments:
                path:
                    help: Log file to share
 #############################
 #          Diagnosis        #
--- a/data/helpers.d/apt
+++ b/data/helpers.d/apt
@ -32,7 +32,7 @@ ynh_wait_dpkg_free() {
                if echo "$dpkg_file" | grep --perl-regexp --quiet "^[[:digit:]]+$"
                then
                    # If so, that a remaining of dpkg.
-                    ynh_print_err "E: dpkg was interrupted, you must manually run 'sudo dpkg --configure -a' to correct the problem."
+                    ynh_print_err "dpkg was interrupted, you must manually run 'sudo dpkg --configure -a' to correct the problem."
                    set -o xtrace # set -x
                    return 1
                fi
--- a/data/helpers.d/fail2ban
+++ b/data/helpers.d/fail2ban
@ -16,11 +16,8 @@
 # |                           for example : 'var_1 var_2 ...'
 #
 # This will use a template in ../conf/f2b_jail.conf and ../conf/f2b_filter.conf
-#   __APP__      by  $app
+# See the documentation of ynh_add_config for a description of the template
-#
+# format and how placeholders are replaced with actual variables.
 #  You can dynamically replace others variables by example :
 #   __VAR_1__    by $var_1
 #   __VAR_2__    by $var_2
 #
 # Generally your template will look like that by example (for synapse):
 #
@ -64,73 +61,45 @@
 # Requires YunoHost version 3.5.0 or higher.
 ynh_add_fail2ban_config () {
    # Declare an array to define the options of this helper.
-    local legacy_args=lrmptv
+    local legacy_args=lrmpt
-    local -A args_array=( [l]=logpath= [r]=failregex= [m]=max_retry= [p]=ports= [t]=use_template [v]=others_var=)
+    local -A args_array=( [l]=logpath= [r]=failregex= [m]=max_retry= [p]=ports= [t]=use_template)
    local logpath
    local failregex
    local max_retry
    local ports
    local others_var
    local use_template
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"
    max_retry=${max_retry:-3}
    ports=${ports:-http,https}
    others_var=${others_var:-}
    use_template="${use_template:-0}"
-    finalfail2banjailconf="/etc/fail2ban/jail.d/$app.conf"
+    if [ $use_template -ne 1 ]
    finalfail2banfilterconf="/etc/fail2ban/filter.d/$app.conf"
    ynh_backup_if_checksum_is_different "$finalfail2banjailconf"
    ynh_backup_if_checksum_is_different "$finalfail2banfilterconf"
    if [ $use_template -eq 1 ]
    then
        # Usage 2, templates
        cp ../conf/f2b_jail.conf $finalfail2banjailconf
        cp ../conf/f2b_filter.conf $finalfail2banfilterconf
        if [ -n "${app:-}" ]
        then
            ynh_replace_string "__APP__" "$app" "$finalfail2banjailconf"
            ynh_replace_string "__APP__" "$app" "$finalfail2banfilterconf"
        fi
        # Replace all other variable given as arguments
        for var_to_replace in $others_var
        do
            # ${var_to_replace^^} make the content of the variable on upper-cases
            # ${!var_to_replace} get the content of the variable named $var_to_replace
            ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finalfail2banjailconf"
            ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finalfail2banfilterconf"
        done
    else
        # Usage 1, no template. Build a config file from scratch.
        test -n "$logpath" || ynh_die "ynh_add_fail2ban_config expects a logfile path as first argument and received nothing."
        test -n "$failregex" || ynh_die "ynh_add_fail2ban_config expects a failure regex as second argument and received nothing."
-        tee $finalfail2banjailconf <<EOF
+        echo "
-[$app]
+[__APP__]
 enabled = true
-port = $ports
+port = __PORTS__
-filter = $app
+filter = __APP__
-logpath = $logpath
+logpath = __LOGPATH__
-maxretry = $max_retry
+maxretry = __MAX_RETRY__
-EOF
+" > ../conf/f2b_jail.conf
-    tee $finalfail2banfilterconf <<EOF
+       echo "
 [INCLUDES]
 before = common.conf
 [Definition]
-failregex = $failregex
+failregex = __FAILREGEX__
 ignoreregex =
-EOF
+" > ../conf/f2b_filter.conf
    fi
-    # Common to usage 1 and 2.
+    ynh_add_config --template="../conf/f2b_jail.conf" --destination="/etc/fail2ban/jail.d/$app.conf"
-    ynh_store_file_checksum "$finalfail2banjailconf"
+    ynh_add_config --template="../conf/f2b_filter.conf" --destination="/etc/fail2ban/filter.d/$app.conf"
    ynh_store_file_checksum "$finalfail2banfilterconf"
    ynh_systemd_action --service_name=fail2ban --action=reload --line_match="(Started|Reloaded) Fail2Ban Service" --log_path=systemd
--- a/data/helpers.d/nginx
+++ b/data/helpers.d/nginx
@ -2,69 +2,33 @@
 # Create a dedicated nginx config
 #
-# usage: ynh_add_nginx_config "list of others variables to replace"
+# usage: ynh_add_nginx_config
 #
 # | arg: list - (Optional) list of others variables to replace separated by spaces. For example : 'path_2 port_2 ...'
 #
 # This will use a template in ../conf/nginx.conf
-#   __PATH__      by  $path_url
+# See the documentation of ynh_add_config for a description of the template
-#   __DOMAIN__    by  $domain
+# format and how placeholders are replaced with actual variables.
 #   __PORT__      by  $port
 #   __NAME__      by  $app
 #   __FINALPATH__ by  $final_path
 #   __PHPVERSION__ by  $YNH_PHP_VERSION ($YNH_PHP_VERSION is either the default php version or the version defined for the app)
 #
-#  And dynamic variables (from the last example) :
+# Additionally, ynh_add_nginx_config will replace:
-#   __PATH_2__    by $path_2
+# - #sub_path_only      by empty string if path_url is not '/'
-#   __PORT_2__    by $port_2
+# - #root_path_only     by empty string if path_url  *is*  '/'
 #
 # This allows to enable/disable specific behaviors dependenging on the install
 # location
 #
 # Requires YunoHost version 2.7.2 or higher.
 # Requires YunoHost version 2.7.13 or higher for dynamic variables
 ynh_add_nginx_config () {
    finalnginxconf="/etc/nginx/conf.d/$domain.d/$app.conf"
    local others_var=${1:-}
    ynh_backup_if_checksum_is_different --file="$finalnginxconf"
    cp ../conf/nginx.conf "$finalnginxconf"
-    # To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable.
+    local finalnginxconf="/etc/nginx/conf.d/$domain.d/$app.conf"
    # Substitute in a nginx config file only if the variable is not empty
    if test -n "${path_url:-}"
    then
        # path_url_slash_less is path_url, or a blank value if path_url is only '/'
        local path_url_slash_less=${path_url%/}
        ynh_replace_string --match_string="__PATH__/" --replace_string="$path_url_slash_less/" --target_file="$finalnginxconf"
        ynh_replace_string --match_string="__PATH__" --replace_string="$path_url" --target_file="$finalnginxconf"
    fi
    if test -n "${domain:-}"; then
        ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$finalnginxconf"
    fi
    if test -n "${port:-}"; then
        ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$finalnginxconf"
    fi
    if test -n "${app:-}"; then
        ynh_replace_string --match_string="__NAME__" --replace_string="$app" --target_file="$finalnginxconf"
    fi
    if test -n "${final_path:-}"; then
        ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="$finalnginxconf"
    fi
    ynh_replace_string --match_string="__PHPVERSION__" --replace_string="$YNH_PHP_VERSION" --target_file="$finalnginxconf"
    # Replace all other variable given as arguments
    for var_to_replace in $others_var
    do
        # ${var_to_replace^^} make the content of the variable on upper-cases
        # ${!var_to_replace} get the content of the variable named $var_to_replace 
        ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finalnginxconf"
    done
    if [ "${path_url:-}" != "/" ]
    then
-        ynh_replace_string --match_string="^#sub_path_only" --replace_string="" --target_file="$finalnginxconf"
+        ynh_replace_string --match_string="^#sub_path_only" --replace_string="" --target_file="../conf/nginx.conf"
    else
-        ynh_replace_string --match_string="^#root_path_only" --replace_string="" --target_file="$finalnginxconf"
+        ynh_replace_string --match_string="^#root_path_only" --replace_string="" --target_file="../conf/nginx.conf"
    fi
-    ynh_store_file_checksum --file="$finalnginxconf"
+    ynh_add_config --template="../conf/nginx.conf" --destination="$finalnginxconf"
    ynh_systemd_action --service_name=nginx --action=reload
 }
--- a/data/helpers.d/nodejs
+++ b/data/helpers.d/nodejs
@ -1,6 +1,6 @@
 #!/bin/bash
-n_version=6.7.0
+n_version=7.0.0
 n_install_dir="/opt/node_n"
 node_version_path="$n_install_dir/n/versions/node"
 # N_PREFIX is the directory of n, it needs to be loaded as a environment variable.
@ -18,7 +18,7 @@ ynh_install_n () {
    # Build an app.src for n
    mkdir --parents "../conf"
    echo "SOURCE_URL=https://github.com/tj/n/archive/v${n_version}.tar.gz
-SOURCE_SUM=92e00fa86d1c4e8dc6ca8df7e75fc93afe8f71949890ef67c40555df4efc4abe" > "../conf/n.src"
+SOURCE_SUM=2933855140f980fc6d1d6103ea07cd4d915b17dea5e17e43921330ea89978b5b" > "../conf/n.src"
    # Download and extract n
    ynh_setup_source --dest_dir="$n_install_dir/git" --source_id=n
    # Install n
--- a/data/helpers.d/php
+++ b/data/helpers.d/php
@ -132,7 +132,6 @@ ynh_add_fpm_config () {
    ynh_app_setting_set --app=$app --key=fpm_service --value="$fpm_service"
    ynh_app_setting_set --app=$app --key=fpm_dedicated_service --value="$dedicated_service"
    ynh_app_setting_set --app=$app --key=phpversion --value=$phpversion
    finalphpconf="$fpm_config_dir/pool.d/$app.conf"
    # Migrate from mutual PHP service to dedicated one.
    if [ $dedicated_service -eq 1 ]
@ -151,8 +150,6 @@ ynh_add_fpm_config () {
        fi
    fi
    ynh_backup_if_checksum_is_different --file="$finalphpconf"
    if [ $use_template -eq 1 ]
    then
        # Usage 1, use the template in conf/php-fpm.conf
@ -162,12 +159,6 @@ ynh_add_fpm_config () {
        fi
        # Make sure now that the template indeed exists
        [ -e "$phpfpm_path" ] || ynh_die --message="Unable to find template to configure PHP-FPM."
        cp "$phpfpm_path" "$finalphpconf"
        ynh_replace_string --match_string="__NAMETOCHANGE__" --replace_string="$app" --target_file="$finalphpconf"
        ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="$finalphpconf"
        ynh_replace_string --match_string="__USER__" --replace_string="$app" --target_file="$finalphpconf"
        ynh_replace_string --match_string="__PHPVERSION__" --replace_string="$phpversion" --target_file="$finalphpconf"
    else
        # Usage 2, generate a PHP-FPM config file with ynh_get_scalable_phpfpm
@ -178,82 +169,78 @@ ynh_add_fpm_config () {
        # Define the values to use for the configuration of PHP.
        ynh_get_scalable_phpfpm --usage=$usage --footprint=$footprint
-        # Copy the default file
+        local phpfpm_path="../conf/php-fpm.conf"
-        cp "/etc/php/$phpversion/fpm/pool.d/www.conf" "$finalphpconf"
+        echo "
 [__APP__]
-        # Replace standard variables into the default file
+user = __APP__
-        ynh_replace_string --match_string="^\[www\]" --replace_string="[$app]" --target_file="$finalphpconf"
+group = __APP__
-        ynh_replace_string --match_string=".*listen = .*" --replace_string="listen = /var/run/php/php$phpversion-fpm-$app.sock" --target_file="$finalphpconf"
+
-        ynh_replace_string --match_string="^user = .*" --replace_string="user = $app" --target_file="$finalphpconf"
+chdir = __FINALPATH__
-        ynh_replace_string --match_string="^group = .*" --replace_string="group = $app" --target_file="$finalphpconf"
+
-        ynh_replace_string --match_string=".*chdir = .*" --replace_string="chdir = $final_path" --target_file="$finalphpconf"
+listen = /var/run/php/php__PHPVERSION__-fpm-__APP__.sock
 listen.owner = www-data
 listen.group = www-data
 pm = __PHP_PM__
 pm.max_children = __PHP_MAX_CHILDREN__
 pm.max_requests = 500
 request_terminate_timeout = 1d
 " > $phpfpm_path
        # Configure FPM children
        ynh_replace_string --match_string=".*pm = .*" --replace_string="pm = $php_pm" --target_file="$finalphpconf"
        ynh_replace_string --match_string=".*pm.max_children = .*" --replace_string="pm.max_children = $php_max_children" --target_file="$finalphpconf"
        ynh_replace_string --match_string=".*pm.max_requests = .*" --replace_string="pm.max_requests = 500" --target_file="$finalphpconf"
        ynh_replace_string --match_string=".*request_terminate_timeout = .*" --replace_string="request_terminate_timeout = 1d" --target_file="$finalphpconf"
        if [ "$php_pm" = "dynamic" ]
        then
-            ynh_replace_string --match_string=".*pm.start_servers = .*" --replace_string="pm.start_servers = $php_start_servers" --target_file="$finalphpconf"
+            echo "
-            ynh_replace_string --match_string=".*pm.min_spare_servers = .*" --replace_string="pm.min_spare_servers = $php_min_spare_servers" --target_file="$finalphpconf"
+pm.start_servers = __PHP_START_SERVERS__
-            ynh_replace_string --match_string=".*pm.max_spare_servers = .*" --replace_string="pm.max_spare_servers = $php_max_spare_servers" --target_file="$finalphpconf"
+pm.min_spare_servers = __PHP_MIN_SPARE_SERVERS__
 pm.max_spare_servers = __PHP_MAX_SPARE_SERVERS__
 " >> $phpfpm_path
        elif [ "$php_pm" = "ondemand" ]
        then
-            ynh_replace_string --match_string=".*pm.process_idle_timeout = .*" --replace_string="pm.process_idle_timeout = 10s" --target_file="$finalphpconf"
+            echo "
-        fi
+pm.process_idle_timeout = 10s
-
+" >> $phpfpm_path
        # Comment unused parameters
        if [ "$php_pm" != "dynamic" ]
        then
            ynh_replace_string --match_string=".*\(pm.start_servers = .*\)" --replace_string=";\1" --target_file="$finalphpconf"
            ynh_replace_string --match_string=".*\(pm.min_spare_servers = .*\)" --replace_string=";\1" --target_file="$finalphpconf"
            ynh_replace_string --match_string=".*\(pm.max_spare_servers = .*\)" --replace_string=";\1" --target_file="$finalphpconf"
        fi
        if [ "$php_pm" != "ondemand" ]
        then
            ynh_replace_string --match_string=".*\(pm.process_idle_timeout = .*\)" --replace_string=";\1" --target_file="$finalphpconf"
        fi
        # Concatene the extra config.
        if [ -e ../conf/extra_php-fpm.conf ]; then
-            cat ../conf/extra_php-fpm.conf >> "$finalphpconf"
+            cat ../conf/extra_php-fpm.conf >> "$phpfpm_path"
        fi
    fi
-    chown root: "$finalphpconf"
+    local finalphpconf="$fpm_config_dir/pool.d/$app.conf"
-    ynh_store_file_checksum --file="$finalphpconf"
+    ynh_add_config --template="$phpfpm_path" --destination="$finalphpconf"
    if [ -e "../conf/php-fpm.ini" ]
    then
        ynh_print_warn --message="Packagers ! Please do not use a separate php ini file, merge your directives in the pool file instead."
-        finalphpini="$fpm_config_dir/conf.d/20-$app.ini"
+        ynh_add_config --template="../conf/php-fpm.ini" --destination="$fpm_config_dir/conf.d/20-$app.ini"
        ynh_backup_if_checksum_is_different "$finalphpini"
        cp ../conf/php-fpm.ini "$finalphpini"
        chown root: "$finalphpini"
        ynh_store_file_checksum "$finalphpini"
    fi
    if [ $dedicated_service -eq 1 ]
    then
        # Create a dedicated php-fpm.conf for the service
        local globalphpconf=$fpm_config_dir/php-fpm-$app.conf
        cp /etc/php/${phpversion}/fpm/php-fpm.conf $globalphpconf
-        ynh_replace_string --match_string="^[; ]*pid *=.*" --replace_string="pid = /run/php/php${phpversion}-fpm-$app.pid" --target_file="$globalphpconf"
+echo "[global]
-        ynh_replace_string --match_string="^[; ]*error_log *=.*" --replace_string="error_log = /var/log/php/fpm-php.$app.log" --target_file="$globalphpconf"
+pid = /run/php/php__PHPVERSION__-fpm-__APP__.pid
-        ynh_replace_string --match_string="^[; ]*syslog.ident *=.*" --replace_string="syslog.ident = php-fpm-$app" --target_file="$globalphpconf"
+error_log = /var/log/php/fpm-php.__APP__.log
-        ynh_replace_string --match_string="^[; ]*include *=.*" --replace_string="include = $finalphpconf" --target_file="$globalphpconf"
+syslog.ident = php-fpm-__APP__
 include = __FINALPHPCONF__
 " > ../conf/php-fpm-$app.conf
        ynh_add_config --template="../config/php-fpm-$app.conf" --destination="$globalphpconf"
        # Create a config for a dedicated PHP-FPM service for the app
        echo "[Unit]
-Description=PHP $phpversion FastCGI Process Manager for $app
+Description=PHP __PHPVERSION__ FastCGI Process Manager for __APP__
 After=network.target
 [Service]
 Type=notify
-PIDFile=/run/php/php${phpversion}-fpm-$app.pid
+PIDFile=/run/php/php__PHPVERSION__-fpm-__APP__.pid
-ExecStart=/usr/sbin/php-fpm$phpversion --nodaemonize --fpm-config $globalphpconf
+ExecStart=/usr/sbin/php-fpm__PHPVERSION__ --nodaemonize --fpm-config __GLOBALPHPCONF__
 ExecReload=/bin/kill -USR2 \$MAINPID
 [Install]
@ -573,3 +560,63 @@ ynh_get_scalable_phpfpm () {
        fi
    fi
 }
 readonly YNH_DEFAULT_COMPOSER_VERSION=1.10.17
 # Declare the actual composer version to use.
 # A packager willing to use another version of composer can override the variable into its _common.sh.
 YNH_COMPOSER_VERSION=${YNH_COMPOSER_VERSION:-$YNH_DEFAULT_COMPOSER_VERSION}
 # Execute a command with Composer
 #
 # usage: ynh_composer_exec [--phpversion=phpversion] [--workdir=$final_path] --commands="commands"
 # | arg: -v, --phpversion - PHP version to use with composer
 # | arg: -w, --workdir - The directory from where the command will be executed. Default $final_path.
 # | arg: -c, --commands - Commands to execute.
 ynh_composer_exec () {
    # Declare an array to define the options of this helper.
    local legacy_args=vwc
    declare -Ar args_array=( [v]=phpversion= [w]=workdir= [c]=commands= )
    local phpversion
    local workdir
    local commands
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"
    workdir="${workdir:-$final_path}"
    phpversion="${phpversion:-$YNH_PHP_VERSION}"
    COMPOSER_HOME="$workdir/.composer" \
        php${phpversion} "$workdir/composer.phar" $commands \
        -d "$workdir" --quiet --no-interaction
 }
 # Install and initialize Composer in the given directory
 #
 # usage: ynh_install_composer [--phpversion=phpversion] [--workdir=$final_path] [--install_args="--optimize-autoloader"] [--composerversion=composerversion]
 # | arg: -v, --phpversion - PHP version to use with composer
 # | arg: -w, --workdir - The directory from where the command will be executed. Default $final_path.
 # | arg: -a, --install_args - Additional arguments provided to the composer install. Argument --no-dev already include
 # | arg: -c, --composerversion - Composer version to install
 ynh_install_composer () {
    # Declare an array to define the options of this helper.
    local legacy_args=vwac
    declare -Ar args_array=( [v]=phpversion= [w]=workdir= [a]=install_args= [c]=composerversion=)
    local phpversion
    local workdir
    local install_args
    local composerversion
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"
    workdir="${workdir:-$final_path}"
    phpversion="${phpversion:-$YNH_PHP_VERSION}"
    install_args="${install_args:-}"
    composerversion="${composerversion:-$YNH_COMPOSER_VERSION}"
    curl -sS https://getcomposer.org/installer \
        | COMPOSER_HOME="$workdir/.composer" \
        php${phpversion} -- --quiet --install-dir="$workdir" --version=$composerversion \
        || ynh_die "Unable to install Composer."
    # install dependencies
    ynh_composer_exec --phpversion="${phpversion}" --workdir="$workdir" --commands="install --no-dev $install_args" \
        || ynh_die "Unable to install core dependencies with Composer."
 }
--- a/data/helpers.d/systemd
+++ b/data/helpers.d/systemd
@ -3,61 +3,27 @@
 # Create a dedicated systemd config
 #
 # usage: ynh_add_systemd_config [--service=service] [--template=template]
 # usage: ynh_add_systemd_config [--service=service] [--template=template]  [--others_var="list of others variables to replace"]
 # | arg: -s, --service=     - Service name (optionnal, $app by default)
 # | arg: -t, --template=    - Name of template file (optionnal, this is 'systemd' by default, meaning ./conf/systemd.service will be used as template)
 # | arg: -v, --others_var=  - List of others variables to replace separated by a space. For example: 'var_1 var_2 ...'
 #
 # This will use the template ../conf/<templatename>.service
-# to generate a systemd config, by replacing the following keywords
+# See the documentation of ynh_add_config for a description of the template
-# with global variables that should be defined before calling
+# format and how placeholders are replaced with actual variables.
 # this helper :
 #
 #   __APP__       by  $app
 #   __FINALPATH__ by  $final_path
 #
 # And dynamic variables (from the last example) :
 #   __VAR_1__    by $var_1
 #   __VAR_2__    by $var_2
 #
 # Requires YunoHost version 2.7.11 or higher.
 ynh_add_systemd_config () {
    # Declare an array to define the options of this helper.
-    local legacy_args=stv
+    local legacy_args=st
-    local -A args_array=( [s]=service= [t]=template= [v]=others_var= )
+    local -A args_array=( [s]=service= [t]=template=)
    local service
    local template
    local others_var
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"
    local service="${service:-$app}"
    local template="${template:-systemd.service}"
    others_var="${others_var:-}"
-    finalsystemdconf="/etc/systemd/system/$service.service"
+    ynh_add_config --template="../conf/$template" --destination="/etc/systemd/system/$service.service"
    ynh_backup_if_checksum_is_different --file="$finalsystemdconf"
    cp ../conf/$template "$finalsystemdconf"
    # To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable.
    # Substitute in a nginx config file only if the variable is not empty
    if [ -n "${final_path:-}" ]; then
        ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="$finalsystemdconf"
    fi
    if [ -n "${app:-}" ]; then
        ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$finalsystemdconf"
    fi
    # Replace all other variables given as arguments
    for var_to_replace in $others_var
    do
        # ${var_to_replace^^} make the content of the variable on upper-cases
        # ${!var_to_replace} get the content of the variable named $var_to_replace 
        ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finalsystemdconf"
    done
    ynh_store_file_checksum --file="$finalsystemdconf"
    chown root: "$finalsystemdconf"
    systemctl enable $service --quiet
    systemctl daemon-reload
 }
@ -149,11 +115,9 @@ ynh_systemd_action() {
        # If a log is specified for this service, show also the content of this log
        if [ -e "$log_path" ]
        then
            ynh_print_err --message="--"
            ynh_exec_err tail --lines=$length "$log_path"
        fi
-        # Fail the app script, since the service failed.
+        return 1
        ynh_die
    fi
    # Start the timeout and try to find line_match
--- a/data/helpers.d/user
+++ b/data/helpers.d/user
@ -163,3 +163,27 @@ ynh_system_user_delete () {
        delgroup $username
    fi
 }
 # Execute a command as another user
 #
 # usage: ynh_exec_as --user=USER --command=COMMAND [ARG ...]
 # | arg: -u, --user=        - the user that will execute the command
 # | arg: -n, --command=     - the command to be executed
 #
 # Requires YunoHost version 4.1.7 or higher.
 ynh_exec_as()
 {
    # Declare an array to define the options of this helper.
    local legacy_args=uc
    local -A args_array=( [u]=user= [c]=command= )
    local user
    local command
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"
    if [[ $user = $(whoami) ]]; then
        eval "$command"
    else
        sudo -u "$user" "$command"
    fi
 }
--- a/data/helpers.d/utils
+++ b/data/helpers.d/utils
@ -322,6 +322,7 @@ ynh_add_config () {
    ynh_backup_if_checksum_is_different --file="$destination"
    cp "$template_path" "$destination"
    chown root: "$destination"
    ynh_replace_vars --file="$destination"
--- a/data/hooks/conf_regen/01-yunohost
+++ b/data/hooks/conf_regen/01-yunohost
@ -27,6 +27,29 @@ do_init_regen() {
  # allow users to access /media directory
  [[ -d /etc/skel/media ]] \
    || (mkdir -p /media && ln -s /media /etc/skel/media)
  # Cert folders
  mkdir -p /etc/yunohost/certs
  chown -R root:ssl-cert /etc/yunohost/certs
  chmod 750 /etc/yunohost/certs
  # App folders
  mkdir -p /etc/yunohost/apps
  chmod 700 /etc/yunohost/apps
  mkdir -p /home/yunohost.app
  chmod 755 /home/yunohost.app
  # Backup folders
  mkdir -p /home/yunohost.backup/archives
  chmod 750 /home/yunohost.backup/archives
  chown root:root /home/yunohost.backup/archives # This is later changed to admin:root once admin user exists
  # Empty ssowat json persistent conf
  echo "{}" > '/etc/ssowat/conf.json.persistent'
  chmod 644 /etc/ssowat/conf.json.persistent
  chown root:root /etc/ssowat/conf.json.persistent
  mkdir -p /var/cache/yunohost/repo
 }
 do_pre_regen() {
@ -94,6 +117,8 @@ do_post_regen() {
  # Enfore permissions #
  ######################
  chown admin:root /home/yunohost.backup/archives
  # Certs
  # We do this with find because there could be a lot of them...
  chown -R root:ssl-cert /etc/yunohost/certs
--- a/data/hooks/conf_regen/02-ssl
+++ b/data/hooks/conf_regen/02-ssl
@ -3,71 +3,81 @@
 set -e
 ssl_dir="/usr/share/yunohost/yunohost-config/ssl/yunoCA"
 ynh_ca="/etc/yunohost/certs/yunohost.org/ca.pem"
 ynh_crt="/etc/yunohost/certs/yunohost.org/crt.pem"
 ynh_key="/etc/yunohost/certs/yunohost.org/key.pem"
 openssl_conf="/usr/share/yunohost/templates/ssl/openssl.cnf"
-do_init_regen() {
+regen_local_ca() {
  if [[ $EUID -ne 0 ]]; then
    echo "You must be root to run this script" 1>&2
    exit 1
  fi
-  LOGFILE="/tmp/yunohost-ssl-init"
+    domain="$1"
-  echo "Initializing a local SSL certification authority ..."
+    echo -e "\n# Creating local certification authority with domain=$domain\n"
  echo "(logs available in $LOGFILE)"
  rm -f $LOGFILE
  touch $LOGFILE
    # create certs and SSL directories
    mkdir -p "/etc/yunohost/certs/yunohost.org"
    mkdir -p "${ssl_dir}/"{ca,certs,crl,newcerts}
-  # initialize some files
+    pushd ${ssl_dir}
    # (Update the serial so that it's specific to this very instance)
    # N.B. : the weird RANDFILE thing comes from:
    # https://stackoverflow.com/questions/94445/using-openssl-what-does-unable-to-write-random-state-mean
-  [[ -f "${ssl_dir}/serial" ]] \
+    RANDFILE=.rnd openssl rand -hex 19 > serial
-    || RANDFILE=.rnd openssl rand -hex 19 > "${ssl_dir}/serial"
+    rm -f index.txt
-  [[ -f "${ssl_dir}/index.txt" ]] \
+    touch index.txt
-    || touch "${ssl_dir}/index.txt"
+    cp /usr/share/yunohost/templates/ssl/openssl.cnf openssl.ca.cnf
    sed -i s/yunohost.org/${domain}/g openssl.ca.cnf
    openssl req -x509 \
        -new \
        -config openssl.ca.cnf \
        -days 3650 \
        -out ca/cacert.pem \
        -keyout ca/cakey.pem \
        -nodes \
        -batch \
        -subj /CN=${domain}/O=${domain%.*} 2>&1
-  openssl_conf="/usr/share/yunohost/templates/ssl/openssl.cnf"
+    chmod 640 ca/cacert.pem
-  ynh_ca="/etc/yunohost/certs/yunohost.org/ca.pem"
+    chmod 640 ca/cakey.pem
-  ynh_crt="/etc/yunohost/certs/yunohost.org/crt.pem"
+
-  ynh_key="/etc/yunohost/certs/yunohost.org/key.pem"
+    cp ca/cacert.pem $ynh_ca
    ln -sf "$ynh_ca" /etc/ssl/certs/ca-yunohost_crt.pem
    update-ca-certificates
    popd
 }
 do_init_regen() {
  LOGFILE=/tmp/yunohost-ssl-init
  echo "" > $LOGFILE
  chown root:root $LOGFILE
  chmod 640 $LOGFILE
  # create default certificates
  if [[ ! -f "$ynh_ca" ]]; then
-      echo -e "\n# Creating the CA key (?)\n" >>$LOGFILE
+      regen_local_ca yunohost.org >>$LOGFILE
      openssl req -x509 \
        -new \
        -config "$openssl_conf" \
        -days 3650 \
        -out "${ssl_dir}/ca/cacert.pem" \
        -keyout "${ssl_dir}/ca/cakey.pem" \
        -nodes -batch >>$LOGFILE 2>&1
      cp "${ssl_dir}/ca/cacert.pem" "$ynh_ca"
      ln -sf "$ynh_ca" /etc/ssl/certs/ca-yunohost_crt.pem
      update-ca-certificates
  fi
  if [[ ! -f "$ynh_crt" ]]; then
-      echo -e "\n# Creating initial key and certificate (?)\n" >>$LOGFILE
+      echo -e "\n# Creating initial key and certificate \n" >>$LOGFILE
      openssl req -new \
        -config "$openssl_conf" \
        -days 730 \
        -out "${ssl_dir}/certs/yunohost_csr.pem" \
        -keyout "${ssl_dir}/certs/yunohost_key.pem" \
-        -nodes -batch >>$LOGFILE 2>&1
+        -nodes -batch &>>$LOGFILE
      openssl ca \
        -config "$openssl_conf" \
        -days 730 \
        -in "${ssl_dir}/certs/yunohost_csr.pem" \
        -out "${ssl_dir}/certs/yunohost_crt.pem" \
-        -batch >>$LOGFILE 2>&1
+        -batch &>>$LOGFILE
      chmod 640 "${ssl_dir}/certs/yunohost_key.pem"
      chmod 640 "${ssl_dir}/certs/yunohost_crt.pem"
@ -80,6 +90,8 @@ do_init_regen() {
  chown -R root:ssl-cert /etc/yunohost/certs/yunohost.org/
  chmod o-rwx /etc/yunohost/certs/yunohost.org/
  install -D -m 644 $openssl_conf "${ssl_dir}/openssl.cnf"
 }
 do_pre_regen() {
@ -93,22 +105,16 @@ do_pre_regen() {
 do_post_regen() {
  regen_conf_files=$1
-  # Ensure that index.txt exists
+  current_local_ca_domain=$(openssl x509 -in $ynh_ca -text | tr ',' '\n' | grep Issuer | awk '{print $4}')
-  index_txt=/usr/share/yunohost/yunohost-config/ssl/yunoCA/index.txt
+  main_domain=$(cat /etc/yunohost/current_host)
  [[ -f "${index_txt}" ]] || {
    if [[ -f "${index_txt}.saved" ]]; then
      # use saved database from 2.2
      cp "${index_txt}.saved" "${index_txt}"
    elif [[ -f "${index_txt}.old" ]]; then
      # ... or use the state-1 database
      cp "${index_txt}.old" "${index_txt}"
    else
      # ... or create an empty one
      touch "${index_txt}"
    fi
  }
-  # TODO: regenerate certificates if conf changed?
+  if [[ "$current_local_ca_domain" != "$main_domain" ]]
  then
      regen_local_ca $main_domain
      # Idk how useful this is, but this was in the previous python code (domain.main_domain())
      ln -sf /etc/yunohost/certs/$domain/crt.pem /etc/ssl/certs/yunohost_crt.pem
      ln -sf /etc/yunohost/certs/$domain/key.pem /etc/ssl/private/yunohost_key.pem
  fi
 }
 FORCE=${2:-0}
--- a/data/hooks/conf_regen/10-apt
+++ b/data/hooks/conf_regen/10-apt
@ -15,6 +15,39 @@ Package: $package
 Pin: origin \"packages.sury.org\" 
 Pin-Priority: -1" >> "${pending_dir}/etc/apt/preferences.d/extra_php_version"
    done
        echo "
 # Yes !
 # This is what's preventing you from installing apache2 !
 #
 # Maybe take two fucking minutes to realize that if you try to install
 # apache2, this will break nginx and break the entire YunoHost ecosystem.
 # on your server.
 #
 # So, *NO*
 # DO NOT do this.
 # DO NOT remove these lines.
 #
 # I warned you. I WARNED YOU! But did you listen to me?
 # Oooooh, noooo. You knew it all, didn't you?
 Package: apache2
 Pin: release *
 Pin-Priority: -1
 Package: apache2-bin
 Pin: release *
 Pin-Priority: -1
 # Also yes, bind9 will conflict with dnsmasq.
 # Same story than for apache2.
 # Don't fucking install it.
 Package: bind9
 Pin: release *
 Pin-Priority: -1
 " >> "${pending_dir}/etc/apt/preferences.d/ban_packages"
 }
 do_post_regen() {
--- a/data/hooks/diagnosis/50-systemresources.py
+++ b/data/hooks/diagnosis/50-systemresources.py
@ -103,6 +103,26 @@ class SystemResourcesDiagnoser(Diagnoser):
            yield item
        #
        # Check for minimal space on / + /var
        # because some stupid VPS provider only configure a stupidly
        # low amount of disk space for the root partition
        # which later causes issue when it gets full...
        #
        main_disk_partitions = [d for d in disk_partitions if d.mountpoint in ['/', '/var']]
        main_space = sum([psutil.disk_usage(d.mountpoint).total for d in main_disk_partitions])
        if main_space < 10 * GB:
            yield dict(meta={"test": "rootfstotalspace"},
                       data={"space": human_size(main_space)},
                       status="ERROR",
                       summary="diagnosis_rootfstotalspace_critical")
        if main_space < 14 * GB:
            yield dict(meta={"test": "rootfstotalspace"},
                       data={"space": human_size(main_space)},
                       status="WARNING",
                       summary="diagnosis_rootfstotalspace_warning")
        #
        # Recent kills by oom_reaper
        #
--- a/data/other/yunoprompt.service
+++ b/data/other/yunoprompt.service
@ -1,6 +1,7 @@
 [Unit]
 Description=YunoHost boot prompt
 After=getty@tty2.service
 After=network.target
 [Service]
 Type=simple
--- a/data/templates/nginx/plain/yunohost_admin.conf.inc
+++ b/data/templates/nginx/plain/yunohost_admin.conf.inc
@ -8,10 +8,4 @@ location /yunohost/admin/ {
    more_set_headers "Content-Security-Policy: upgrade-insecure-requests; default-src 'self'; connect-src 'self' https://raw.githubusercontent.com https://paste.yunohost.org wss://$host; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval'; object-src 'none';";
    more_set_headers "Content-Security-Policy-Report-Only:";
    # Short cache on handlebars templates
    location ~* \.(?:ms)$ {
      expires 5m;
      add_header Cache-Control "public";
    }
 }
--- a/data/templates/yunohost/firewall.yml
+++ b/data/templates/yunohost/firewall.yml
@ -2,6 +2,8 @@ uPnP:
    enabled: false
    TCP: [22, 25, 80, 443, 587, 993, 5222, 5269]
    UDP: []
    TCP_TO_CLOSE: []
    UDP_TO_CLOSE: []
 ipv4:
    TCP: [22, 25, 53, 80, 443, 587, 993, 5222, 5269]
    UDP: [53, 5353]
--- a/debian/postinst
+++ b/debian/postinst
@ -6,18 +6,25 @@ do_configure() {
  rm -rf /var/cache/moulinette/*
  if [ ! -f /etc/yunohost/installed ]; then
      # If apps/ is not empty, we're probably already installed in the past and
      # something funky happened ...
      if [ -d /etc/yunohost/apps/ ] && ls /etc/yunohost/apps/* >/dev/null 2>&1
      then
          echo "Sounds like /etc/yunohost/installed mysteriously disappeared ... You should probably contact the Yunohost support ..."
      else
          bash /usr/share/yunohost/hooks/conf_regen/01-yunohost init
          bash /usr/share/yunohost/hooks/conf_regen/02-ssl init
          bash /usr/share/yunohost/hooks/conf_regen/09-nslcd init
          bash /usr/share/yunohost/hooks/conf_regen/46-nsswitch init
          bash /usr/share/yunohost/hooks/conf_regen/06-slapd init
          bash /usr/share/yunohost/hooks/conf_regen/15-nginx init
      fi
  else
      echo "Regenerating configuration, this might take a while..."
      yunohost tools regen-conf --output-as none
      echo "Launching migrations..."
-      yunohost tools migrations migrate --auto
+      yunohost tools migrations run --auto
      echo "Re-diagnosing server health..."
      yunohost diagnosis run --force
--- a/locales/ca.json
+++ b/locales/ca.json
@ -199,9 +199,9 @@
    "log_corrupted_md_file": "El fitxer de metadades YAML associat amb els registres està malmès: « {md_file} »\nError: {error}",
    "log_category_404": "La categoria de registres « {category} » no existeix",
    "log_link_to_log": "El registre complet d'aquesta operació: «<a href=\"#/tools/logs/{name}\" style=\"text-decoration:underline\">{desc}</a>»",
-    "log_help_to_get_log": "Per veure el registre de l'operació « {desc} », utilitzeu l'ordre « yunohost log display {name} »",
+    "log_help_to_get_log": "Per veure el registre de l'operació « {desc} », utilitzeu l'ordre « yunohost log show {name}{name} »",
    "log_link_to_failed_log": "No s'ha pogut completar l'operació « {desc} ». Per obtenir ajuda, <a href=\"#/tools/logs/{name}\">proveïu el registre complete de l'operació clicant aquí</a>",
-    "log_help_to_get_failed_log": "No s'ha pogut completar l'operació « {desc} ». Per obtenir ajuda, compartiu el registre complete de l'operació utilitzant l'ordre « yunohost log display {name} --share »",
+    "log_help_to_get_failed_log": "No s'ha pogut completar l'operació « {desc} ». Per obtenir ajuda, compartiu el registre complete de l'operació utilitzant l'ordre « yunohost log share {name} »",
    "log_does_exists": "No hi ha cap registre per l'operació amb el nom« {log} », utilitzeu « yunohost log list » per veure tots els registre d'operació disponibles",
    "log_operation_unit_unclosed_properly": "L'operació no s'ha tancat de forma correcta",
    "log_app_change_url": "Canvia l'URL de l'aplicació « {} »",
@ -292,7 +292,7 @@
    "migrations_migration_has_failed": "La migració {id} ha fallat, cancel·lant. Error: {exception}",
    "migrations_no_migrations_to_run": "No hi ha cap migració a fer",
    "migrations_skip_migration": "Saltant migració {id}...",
-    "migrations_to_be_ran_manually": "La migració {id} s'ha de fer manualment. Aneu a Eines → Migracions a la interfície admin, o executeu «yunohost tools migrations migrate».",
+    "migrations_to_be_ran_manually": "La migració {id} s'ha de fer manualment. Aneu a Eines → Migracions a la interfície admin, o executeu «yunohost tools migrations run».",
    "migrations_need_to_accept_disclaimer": "Per fer la migració {id}, heu d'acceptar aquesta clàusula de no responsabilitat:\n---\n{disclaimer}\n---\nSi accepteu fer la migració, torneu a executar l'ordre amb l'opció «--accept-disclaimer».",
    "no_internet_connection": "El servidor no està connectat a Internet",
    "not_enough_disk_space": "No hi ha prou espai en «{path:s}»",
--- a/locales/de.json
+++ b/locales/de.json
@ -269,7 +269,7 @@
    "global_settings_unknown_setting_from_settings_file": "Unbekannter Schlüssel in den Einstellungen: '{setting_key:s}', verwerfen und speichern in /etc/yunohost/settings-unknown.json",
    "log_link_to_log": "Vollständiges Log dieser Operation: '<a href=\"#/tools/logs/{name}\" style=\"text-decoration:underline\">{desc}</a>'",
    "global_settings_setting_example_bool": "Beispiel einer booleschen Option",
-    "log_help_to_get_log": "Um das Protokoll der Operation '{desc}' anzuzeigen, verwende  den Befehl 'yunohost log display {name}'",
+    "log_help_to_get_log": "Um das Protokoll der Operation '{desc}' anzuzeigen, verwende  den Befehl 'yunohost log show {name}{name}'",
    "global_settings_setting_security_nginx_compatibility": "Kompatibilität vs. Sicherheitskompromiss für den Webserver NGINX. Beeinflusst die Chiffren (und andere sicherheitsrelevante Aspekte)",
    "backup_php5_to_php7_migration_may_fail": "Dein Archiv konnte nicht für PHP 7 konvertiert werden, Du kannst deine PHP-Anwendungen möglicherweise nicht wiederherstellen (Grund: {error:s})",
    "global_settings_setting_service_ssh_allow_deprecated_dsa_hostkey": "Erlaubt die Verwendung eines (veralteten) DSA-Hostkeys für die SSH-Daemon-Konfiguration",
@ -284,7 +284,7 @@
    "good_practices_about_admin_password": "Sie sind nun dabei, ein neues Administrationspasswort zu definieren. Das Passwort sollte mindestens 8 Zeichen lang sein - obwohl es sinnvoll ist, ein längeres Passwort (z.B. eine Passphrase) und/oder eine Variation von Zeichen (Groß- und Kleinschreibung, Ziffern und Sonderzeichen) zu verwenden.",
    "log_corrupted_md_file": "Die mit Protokollen verknüpfte YAML-Metadatendatei ist beschädigt: '{md_file}\nFehler: {error}''",
    "global_settings_cant_serialize_settings": "Einstellungsdaten konnten nicht serialisiert werden, Grund: {reason:s}",
-    "log_help_to_get_failed_log": "Der Vorgang'{desc}' konnte nicht abgeschlossen werden. Bitte teile das vollständige Protokoll dieser Operation mit dem Befehl 'yunohost log display {name} --share', um Hilfe zu erhalten",
+    "log_help_to_get_failed_log": "Der Vorgang'{desc}' konnte nicht abgeschlossen werden. Bitte teile das vollständige Protokoll dieser Operation mit dem Befehl 'yunohost log share {name}', um Hilfe zu erhalten",
    "backup_no_uncompress_archive_dir": "Dieses unkomprimierte Archivverzeichnis gibt es nicht",
    "log_app_change_url": "Ändere die URL der Anwendung '{}'",
    "global_settings_setting_security_password_user_strength": "Stärke des Benutzerpassworts",
--- a/locales/en.json
+++ b/locales/en.json
@ -232,6 +232,8 @@
    "diagnosis_regenconf_allgood": "All configurations files are in line with the recommended configuration!",
    "diagnosis_regenconf_manually_modified": "Configuration file <code>{file}</code> appears to have been manually modified.",
    "diagnosis_regenconf_manually_modified_details": "This is probably OK if you know what you're doing! YunoHost will stop updating this file automatically... But beware that YunoHost upgrades could contain important recommended changes. If you want to, you can inspect the differences with <cmd>yunohost tools regen-conf {category} --dry-run --with-diff</cmd> and force the reset to the recommended configuration with <cmd>yunohost tools regen-conf {category} --force</cmd>",
    "diagnosis_rootfstotalspace_warning": "The root filesystem only has a total of {space}. This may be okay, but be careful because ultimately you may run out of disk space quickly... It's recommended to have at least 16 GB for the root filesystem.",
    "diagnosis_rootfstotalspace_critical": "The root filesystem only has a total of {space} which is quite worrisome! You will likely run out of disk space very quickly! It's recommended to have at least 16 GB for the root filesystem.",
    "diagnosis_security_vulnerable_to_meltdown": "You appear vulnerable to the Meltdown criticial security vulnerability",
    "diagnosis_security_vulnerable_to_meltdown_details": "To fix this, you should upgrade your system and reboot to load the new linux kernel (or contact your server provider if this doesn't work). See https://meltdownattack.com/ for more infos.",
    "diagnosis_description_basesystem": "Base system",
@ -360,9 +362,9 @@
    "iptables_unavailable": "You cannot play with iptables here. You are either in a container or your kernel does not support it",
    "log_corrupted_md_file": "The YAML metadata file associated with logs is damaged: '{md_file}\nError: {error}'",
    "log_link_to_log": "Full log of this operation: '<a href=\"#/tools/logs/{name}\" style=\"text-decoration:underline\">{desc}</a>'",
-    "log_help_to_get_log": "To view the log of the operation '{desc}', use the command 'yunohost log display {name}'",
+    "log_help_to_get_log": "To view the log of the operation '{desc}', use the command 'yunohost log show {name}{name}'",
    "log_link_to_failed_log": "Could not complete the operation '{desc}'. Please provide the full log of this operation by <a href=\"#/tools/logs/{name}\">clicking here</a> to get help",
-    "log_help_to_get_failed_log": "The operation '{desc}' could not be completed. Please share the full log of this operation using the command 'yunohost log display {name} --share' to get help",
+    "log_help_to_get_failed_log": "The operation '{desc}' could not be completed. Please share the full log of this operation using the command 'yunohost log share {name}' to get help",
    "log_does_exists": "There is no operation log with the name '{log}', use 'yunohost log list' to see all available operation logs",
    "log_operation_unit_unclosed_properly": "Operation unit has not been closed properly",
    "log_app_change_url": "Change the URL of the '{}' app",
@ -467,7 +469,7 @@
    "migrations_running_forward": "Running migration {id}...",
    "migrations_skip_migration": "Skipping migration {id}...",
    "migrations_success_forward": "Migration {id} completed",
-    "migrations_to_be_ran_manually":  "Migration {id} has to be run manually. Please go to Tools → Migrations on the webadmin page, or run `yunohost tools migrations migrate`.",
+    "migrations_to_be_ran_manually":  "Migration {id} has to be run manually. Please go to Tools → Migrations on the webadmin page, or run `yunohost tools migrations run`.",
    "not_enough_disk_space": "Not enough free space on '{path:s}'",
    "invalid_number": "Must be a number",
    "operation_interrupted": "The operation was manually interrupted?",
@ -506,6 +508,7 @@
    "permission_require_account": "Permission {permission} only makes sense for users having an account, and therefore cannot be enabled for visitors.",
    "port_already_closed": "Port {port:d} is already closed for {ip_version:s} connections",
    "port_already_opened": "Port {port:d} is already opened for {ip_version:s} connections",
    "postinstall_low_rootfsspace": "The root filesystem has a total space less than 10 GB, which is quite worrisome! You will likely run out of disk space very quickly! It's recommended to have at least 16GB for the root filesystem. If you want to install YunoHost despite this warning, re-run the postinstall with --force-diskspace",
    "regenconf_file_backed_up": "Configuration file '{conf}' backed up to '{backup}'",
    "regenconf_file_copy_failed": "Could not copy the new configuration file '{new}' to '{conf}'",
    "regenconf_file_kept_back": "The configuration file '{conf}' is expected to be deleted by regen-conf (category {category}) but was kept back.",
@ -624,8 +627,6 @@
    "user_update_failed": "Could not update user {user}: {error}",
    "user_updated": "User info changed",
    "yunohost_already_installed": "YunoHost is already installed",
    "yunohost_ca_creation_failed": "Could not create certificate authority",
    "yunohost_ca_creation_success": "Local certification authority created.",
    "yunohost_configured": "YunoHost is now configured",
    "yunohost_installing": "Installing YunoHost...",
    "yunohost_not_installed": "YunoHost is not correctly installed. Please run 'yunohost tools postinstall'",
--- a/locales/eo.json
+++ b/locales/eo.json
@ -295,7 +295,7 @@
    "restore_extracting": "Eltirante bezonatajn dosierojn el la ar theivo…",
    "upnp_port_open_failed": "Ne povis malfermi havenon per UPnP",
    "log_app_upgrade": "Ĝisdatigu la aplikon '{}'",
-    "log_help_to_get_failed_log": "La operacio '{desc}' ne povis finiĝi. Bonvolu dividi la plenan ŝtipon de ĉi tiu operacio per la komando 'yunohost log display {name} --share' por akiri helpon",
+    "log_help_to_get_failed_log": "La operacio '{desc}' ne povis finiĝi. Bonvolu dividi la plenan ŝtipon de ĉi tiu operacio per la komando 'yunohost log share {name}' por akiri helpon",
    "migration_description_0002_migrate_to_tsig_sha256": "Plibonigu sekurecon de DynDNS TSIG-ĝisdatigoj per SHA-512 anstataŭ MD5",
    "port_already_closed": "Haveno {port:d} estas jam fermita por {ip_version:s} rilatoj",
    "hook_name_unknown": "Nekonata hoko-nomo '{name:s}'",
@ -358,7 +358,7 @@
    "dyndns_registration_failed": "Ne povis registri DynDNS-domajnon: {error:s}",
    "migration_0003_not_jessie": "La nuna Debian-distribuo ne estas Jessie!",
    "user_unknown": "Nekonata uzanto: {user:s}",
-    "migrations_to_be_ran_manually": "Migrado {id} devas funkcii permane. Bonvolu iri al Iloj → Migradoj en la retpaĝa paĝo, aŭ kuri `yunohost tools migrations migrate`.",
+    "migrations_to_be_ran_manually": "Migrado {id} devas funkcii permane. Bonvolu iri al Iloj → Migradoj en la retpaĝa paĝo, aŭ kuri `yunohost tools migrations run`.",
    "migration_0008_warning": "Se vi komprenas tiujn avertojn kaj volas ke YunoHost preterlasu vian nunan agordon, faru la migradon. Alie, vi ankaŭ povas salti la migradon, kvankam ĝi ne rekomendas.",
    "certmanager_cert_renew_success": "Ni Ĉifru atestilon renovigitan por la domajno '{domain:s}'",
    "global_settings_reset_success": "Antaŭaj agordoj nun estas rezervitaj al {path:s}",
@ -397,7 +397,7 @@
    "password_too_simple_4": "La pasvorto bezonas almenaŭ 12 signojn kaj enhavas ciferon, majuskle, pli malaltan kaj specialajn signojn",
    "migration_0003_main_upgrade": "Komencanta ĉefa ĝisdatigo …",
    "regenconf_file_updated": "Agordodosiero '{conf}' ĝisdatigita",
-    "log_help_to_get_log": "Por vidi la protokolon de la operacio '{desc}', uzu la komandon 'yunohost log display {name}'",
+    "log_help_to_get_log": "Por vidi la protokolon de la operacio '{desc}', uzu la komandon 'yunohost log show {name}{name}'",
    "global_settings_setting_security_nginx_compatibility": "Kongruo vs sekureca kompromiso por la TTT-servilo NGINX. Afektas la ĉifradojn (kaj aliajn aspektojn pri sekureco)",
    "no_internet_connection": "La servilo ne estas konektita al la interreto",
    "migration_0008_dsa": "• La DSA-ŝlosilo estos malŝaltita. Tial vi eble bezonos nuligi spuran averton de via SSH-kliento kaj revizii la fingrospuron de via servilo;",
--- a/locales/es.json
+++ b/locales/es.json
@ -303,7 +303,7 @@
    "permission_created": "Creado el permiso «{permission:s}»",
    "permission_already_exist": "El permiso «{permission}» ya existe",
    "pattern_password_app": "Las contraseñas no pueden incluir los siguientes caracteres: {forbidden_chars}",
-    "migrations_to_be_ran_manually": "La migración {id} hay que ejecutarla manualmente. Vaya a Herramientas → Migraciones en la página web de administración o ejecute `yunohost tools migrations migrate`.",
+    "migrations_to_be_ran_manually": "La migración {id} hay que ejecutarla manualmente. Vaya a Herramientas → Migraciones en la página web de administración o ejecute `yunohost tools migrations run`.",
    "migrations_success_forward": "Migración {id} completada",
    "migrations_skip_migration": "Omitiendo migración {id}…",
    "migrations_running_forward": "Ejecutando migración {id}…",
@ -408,9 +408,9 @@
    "log_app_change_url": "Cambiar el URL de la aplicación «{}»",
    "log_operation_unit_unclosed_properly": "La unidad de operación no se ha cerrado correctamente",
    "log_does_exists": "No existe ningún registro de actividades con el nombre '{log}', ejecute 'yunohost log list' para ver todos los registros de actividades disponibles",
-    "log_help_to_get_failed_log": "No se pudo completar la operación «{desc}». Para obtener ayuda, comparta el registro completo de esta operación ejecutando la orden «yunohost log display {name} --share»",
+    "log_help_to_get_failed_log": "No se pudo completar la operación «{desc}». Para obtener ayuda, comparta el registro completo de esta operación ejecutando la orden «yunohost log share {name}»",
    "log_link_to_failed_log": "No se pudo completar la operación «{desc}». Para obtener ayuda, proporcione el registro completo de esta operación <a href=\"#/tools/logs/{name}\">pulsando aquí</a>",
-    "log_help_to_get_log": "Para ver el registro de la operación «{desc}», ejecute la orden «yunohost log display {name}»",
+    "log_help_to_get_log": "Para ver el registro de la operación «{desc}», ejecute la orden «yunohost log show {name}{name}»",
    "log_link_to_log": "Registro completo de esta operación: «<a href=\"#/tools/logs/{name}\" style=\"text-decoration:underline\">{desc}</a>»",
    "log_category_404": "La categoría de registro «{category}» no existe",
    "log_corrupted_md_file": "El archivo de metadatos YAML asociado con el registro está dañado: «{md_file}\nError: {error}»",
--- a/locales/fr.json
+++ b/locales/fr.json
@ -256,7 +256,7 @@
    "app_upgrade_app_name": "Mise à jour de {app}...",
    "backup_output_symlink_dir_broken": "Votre répertoire d’archivage '{path:s}' est un lien symbolique brisé. Peut-être avez-vous oublié de re/monter ou de brancher le support de stockage sur lequel il pointe.",
    "migrations_list_conflict_pending_done": "Vous ne pouvez pas utiliser --previous et --done simultanément.",
-    "migrations_to_be_ran_manually": "La migration {id} doit être lancée manuellement. Veuillez aller dans Outils > Migrations dans l’interface admin, ou lancer `yunohost tools migrations migrate`.",
+    "migrations_to_be_ran_manually": "La migration {id} doit être lancée manuellement. Veuillez aller dans Outils > Migrations dans l’interface admin, ou lancer `yunohost tools migrations run`.",
    "migrations_need_to_accept_disclaimer": "Pour lancer la migration {id}, vous devez accepter cet avertissement :\n---\n{disclaimer}\n---\nSi vous acceptez de lancer la migration, veuillez relancer la commande avec l’option --accept-disclaimer.",
    "service_description_avahi-daemon": "Vous permet d’atteindre votre serveur en utilisant « yunohost.local » sur votre réseau local",
    "service_description_dnsmasq": "Gère la résolution des noms de domaine (DNS)",
@ -277,10 +277,10 @@
    "log_corrupted_md_file": "Le fichier YAML de métadonnées associé aux logs est corrompu : '{md_file}'\nErreur : {error}",
    "log_category_404": "Le journal de la catégorie '{category}' n’existe pas",
    "log_link_to_log": "Journal complet de cette opération : '<a href=\"#/tools/logs/{name}\" style=\"text-decoration:underline\"> {desc} </a>'",
-    "log_help_to_get_log": "Pour voir le journal de cette opération '{desc}', utilisez la commande 'yunohost log display {name}'",
+    "log_help_to_get_log": "Pour voir le journal de cette opération '{desc}', utilisez la commande 'yunohost log show {name}{name}'",
    "log_link_to_failed_log": "L’opération '{desc}' a échoué ! Pour obtenir de l’aide, merci de partager le journal de l’opération en <a href=\"#/tools/logs/{name}\">cliquant ici</a>",
    "backup_php5_to_php7_migration_may_fail": "Impossible de convertir votre archive pour prendre en charge PHP 7, vous pourriez ne plus pouvoir restaurer vos applications PHP (cause : {error:s})",
-    "log_help_to_get_failed_log": "L’opération '{desc}' a échoué ! Pour obtenir de l’aide, merci de partager le journal de l’opération en utilisant la commande 'yunohost log display {name} --share'",
+    "log_help_to_get_failed_log": "L’opération '{desc}' a échoué ! Pour obtenir de l’aide, merci de partager le journal de l’opération en utilisant la commande 'yunohost log share {name}'",
    "log_does_exists": "Il n’y a pas de journal des opérations avec le nom '{log}', utilisez 'yunohost log list' pour voir tous les journaux d’opérations disponibles",
    "log_operation_unit_unclosed_properly": "L’opération ne s’est pas terminée correctement",
    "log_app_change_url": "Changer l’URL de l’application '{}'",
--- a/locales/it.json
+++ b/locales/it.json
@ -278,10 +278,10 @@
    "log_corrupted_md_file": "Il file dei metadati YAML associato con i registri è danneggiato: '{md_file}'\nErrore: {error}",
    "log_category_404": "La categoria di registrazione '{category}' non esiste",
    "log_link_to_log": "Registro completo di questa operazione: '<a href=\"#/tools/logs/{name}\" style=\"text-decoration:underline\">{desc}</a>'",
-    "log_help_to_get_log": "Per vedere il registro dell'operazione '{desc}', usa il comando 'yunohost log display {name}'",
+    "log_help_to_get_log": "Per vedere il registro dell'operazione '{desc}', usa il comando 'yunohost log show {name}{name}'",
    "global_settings_setting_security_postfix_compatibility": "Bilanciamento tra compatibilità e sicurezza per il server Postfix. Riguarda gli algoritmi di cifratura (e altri aspetti legati alla sicurezza)",
    "log_link_to_failed_log": "Impossibile completare l'operazione '{desc}'! Per ricevere aiuto, per favore fornisci il registro completo dell'operazione <a href=\"#/tools/logs/{name}\">cliccando qui</a>",
-    "log_help_to_get_failed_log": "L'operazione '{desc}' non può essere completata. Per ottenere aiuto, per favore condividi il registro completo dell'operazione utilizzando il comando 'yunohost log display {name} --share'",
+    "log_help_to_get_failed_log": "L'operazione '{desc}' non può essere completata. Per ottenere aiuto, per favore condividi il registro completo dell'operazione utilizzando il comando 'yunohost log share {name}'",
    "log_does_exists": "Non esiste nessun registro delle operazioni chiamato '{log}', usa 'yunohost log list' per vedere tutti i registri delle operazioni disponibili",
    "log_app_change_url": "Cambia l'URL dell'app '{}'",
    "log_app_install": "Installa l'app '{}'",
@ -531,7 +531,7 @@
    "pattern_email_forward": "Dev'essere un indirizzo mail valido, simbolo '+' accettato (es: tizio+tag@example.com)",
    "operation_interrupted": "L'operazione è stata interrotta manualmente?",
    "invalid_number": "Dev'essere un numero",
-    "migrations_to_be_ran_manually": "Migrazione {id} dev'essere eseguita manualmente. Vai in Strumenti → Migrazioni nella pagina webadmin, o esegui `yunohost tools migrations migrate`.",
+    "migrations_to_be_ran_manually": "Migrazione {id} dev'essere eseguita manualmente. Vai in Strumenti → Migrazioni nella pagina webadmin, o esegui `yunohost tools migrations run`.",
    "migrations_success_forward": "Migrazione {id} completata",
    "migrations_skip_migration": "Salto migrazione {id}...",
    "migrations_running_forward": "Eseguo migrazione {id}...",
--- a/locales/nb_NO.json
+++ b/locales/nb_NO.json
@ -132,7 +132,7 @@
    "domain_dyndns_already_subscribed": "Du har allerede abonnement på et DynDNS-domene",
    "log_category_404": "Loggkategorien '{category}' finnes ikke",
    "log_link_to_log": "Full logg for denne operasjonen: '<a href=\"#/tools/logs/{name}\" style=\"text-decoration:underline\">{desc}</a>'",
-    "log_help_to_get_log": "For å vise loggen for operasjonen '{desc}', bruk kommandoen 'yunohost log display {name}'",
+    "log_help_to_get_log": "For å vise loggen for operasjonen '{desc}', bruk kommandoen 'yunohost log show {name}{name}'",
    "log_user_create": "Legg til '{}' bruker",
    "app_change_url_success": "{app:s} nettadressen er nå {domain:s}{path:s}",
    "app_install_failed": "Kunne ikke installere {app}: {error}"
--- a/locales/oc.json
+++ b/locales/oc.json
@ -281,7 +281,7 @@
    "migration_0003_problematic_apps_warning": "Notatz que las aplicacions seguentas, saique problematicas, son estadas desactivadas. Semblan d’aver estadas installadas d’una lista d’aplicacions o que son pas marcadas coma «working ».  En consequéncia, podèm pas assegurar que tendràn de foncionar aprèp la mesa a nivèl : {problematic_apps}",
    "migrations_migration_has_failed": "La migracion {id} a pas capitat, abandon. Error : {exception}",
    "migrations_skip_migration": "Passatge de la migracion {id}…",
-    "migrations_to_be_ran_manually": "La migracion {id} deu èsser lançada manualament. Mercés d’anar a Aisinas > Migracion dins l’interfàcia admin, o lançar « yunohost tools migrations migrate ».",
+    "migrations_to_be_ran_manually": "La migracion {id} deu èsser lançada manualament. Mercés d’anar a Aisinas > Migracion dins l’interfàcia admin, o lançar « yunohost tools migrations run ».",
    "migrations_need_to_accept_disclaimer": "Per lançar la migracion {id} , avètz d’acceptar aquesta clausa de non-responsabilitat :\n---\n{disclaimer}\n---\nS’acceptatz de lançar la migracion, mercés de tornar executar la comanda amb l’opcion accept-disclaimer.",
    "pattern_backup_archive_name": "Deu èsser un nom de fichièr valid compausat de 30 caractèrs alfanumerics al maximum e  « -_. »",
    "service_description_dovecot": "permet als clients de messatjariá d’accedir/recuperar los corrièls (via IMAP e POP3)",
@ -300,10 +300,10 @@
    "log_corrupted_md_file": "Lo fichièr YAML de metadonadas ligat als jornals d’audit es damatjat : « {md_file} »\nError : {error:s}",
    "log_category_404": "La categoria de jornals d’audit « {category} » existís pas",
    "log_link_to_log": "Jornal complèt d’aquesta operacion : <a href=\"#/tools/logs/{name}\" style=\"text-decoration:underline\">{desc}</a>",
-    "log_help_to_get_log": "Per veire lo jornal d’aquesta operacion « {desc} », utilizatz la comanda « yunohost log display {name} »",
+    "log_help_to_get_log": "Per veire lo jornal d’aquesta operacion « {desc} », utilizatz la comanda « yunohost log show {name}{name} »",
    "backup_php5_to_php7_migration_may_fail": "Impossible de convertir vòstre archiu per prendre en carga PHP 7, la restauracion de vòstras aplicacions PHP pòt reüssir pas a restaurar vòstras aplicacions PHP (rason : {error:s})",
    "log_link_to_failed_log": "L’operacion « {desc} » a pas capitat ! Per obténer d’ajuda, mercés <a href=\"#/tools/logs/{name}\"> de fornir lo jornal complèt de l’operacion</a>",
-    "log_help_to_get_failed_log": "L’operacion « {desc} » a pas reüssit ! Per obténer d’ajuda, mercés de partejar lo jornal d’audit complèt d’aquesta operacion en utilizant la comanda « yunohost log display {name} --share »",
+    "log_help_to_get_failed_log": "L’operacion « {desc} » a pas reüssit ! Per obténer d’ajuda, mercés de partejar lo jornal d’audit complèt d’aquesta operacion en utilizant la comanda « yunohost log share {name} »",
    "log_does_exists": "I a pas cap de jornal d’audit per l’operacion amb lo nom « {log} », utilizatz « yunohost log list » per veire totes los jornals d’operacion disponibles",
    "log_operation_unit_unclosed_properly": "L’operacion a pas acabat corrèctament",
    "log_app_change_url": "Cambiar l’URL de l’aplicacion « {} »",
--- a/src/yunohost/app.py
+++ b/src/yunohost/app.py
@ -106,6 +106,23 @@ def app_catalog(full=False, with_categories=False):
        return {"apps": catalog["apps"], "categories": catalog["categories"]}
 def app_search(string):
    """
    Return a dict of apps whose description or name match the search string
    """
    # Retrieve a simple dict listing all apps
    catalog_of_apps = app_catalog()
    # Selecting apps according to a match in app name or description
    for app in catalog_of_apps["apps"].items():
        if not (re.search(string, app[0], flags=re.IGNORECASE) or
                re.search(string, app[1]['description'], flags=re.IGNORECASE)):
            del catalog_of_apps["apps"][app[0]]
    return catalog_of_apps
 # Old legacy function...
 def app_fetchlist():
    logger.warning("'yunohost app fetchlist' is deprecated. Please use 'yunohost tools update --apps' instead")
@ -922,7 +939,7 @@ def app_install(operation_logger, app, label=None, args=None, no_remove_on_failu
            permission_sync_to_user()
-            raise YunohostError(failure_message_with_debug_instructions, raw_msg=True)
+            raise YunohostError(failure_message_with_debug_instructions, raw_msg=True, log_ref=operation_logger.name)
    # Clean hooks and add new ones
    hook_remove(app_instance_name)
--- a/src/yunohost/certificate.py
+++ b/src/yunohost/certificate.py
@ -598,7 +598,7 @@ def _prepare_certificate_signing_request(domain, key_file, output_folder):
        subdomain = "xmpp-upload." + domain
        xmpp_records = Diagnoser.get_cached_report("dnsrecords", item={"domain": domain, "category": "xmpp"}).get("data") or {}
        if xmpp_records.get("CNAME:xmpp-upload") == "OK":
-            csr.add_extensions([crypto.X509Extension("subjectAltName", False, "DNS:" + subdomain)])
+            csr.add_extensions([crypto.X509Extension("subjectAltName".encode('utf8'), False, ("DNS:" + subdomain).encode('utf8'))])
        else:
            logger.warning(m18n.n('certmanager_warning_subdomain_dns_record', subdomain=subdomain, domain=domain))
@ -615,7 +615,7 @@ def _prepare_certificate_signing_request(domain, key_file, output_folder):
    csr_file = output_folder + domain + ".csr"
    logger.debug("Saving to %s.", csr_file)
-    with open(csr_file, "w") as f:
+    with open(csr_file, "wb") as f:
        f.write(crypto.dump_certificate_request(crypto.FILETYPE_PEM, csr))
@ -726,10 +726,9 @@ def _generate_key(destination_path):
    k = crypto.PKey()
    k.generate_key(crypto.TYPE_RSA, KEY_SIZE)
-    with open(destination_path, "w") as f:
+    with open(destination_path, "wb") as f:
        f.write(crypto.dump_privatekey(crypto.FILETYPE_PEM, k))
 def _set_permissions(path, user, group, permissions):
    uid = pwd.getpwnam(user).pw_uid
    gid = grp.getgrnam(group).gr_gid
--- a/src/yunohost/domain.py
+++ b/src/yunohost/domain.py
@ -30,6 +30,7 @@ from moulinette import m18n, msettings
 from moulinette.core import MoulinetteError
 from yunohost.utils.error import YunohostError
 from moulinette.utils.log import getActionLogger
 from moulinette.utils.filesystem import write_to_file
 from yunohost.app import app_ssowatconf, _installed_apps, _get_app_settings, _get_conflicting_apps
 from yunohost.regenconf import regen_conf, _force_clear_hashes, _process_regen_conf
@ -318,36 +319,20 @@ def domain_main_domain(operation_logger, new_main_domain=None):
    operation_logger.start()
    # Apply changes to ssl certs
    ssl_key = "/etc/ssl/private/yunohost_key.pem"
    ssl_crt = "/etc/ssl/private/yunohost_crt.pem"
    new_ssl_key = "/etc/yunohost/certs/%s/key.pem" % new_main_domain
    new_ssl_crt = "/etc/yunohost/certs/%s/crt.pem" % new_main_domain
    try:
-        if os.path.exists(ssl_key) or os.path.lexists(ssl_key):
+        write_to_file('/etc/yunohost/current_host', new_main_domain)
            os.remove(ssl_key)
        if os.path.exists(ssl_crt) or os.path.lexists(ssl_crt):
            os.remove(ssl_crt)
-        os.symlink(new_ssl_key, ssl_key)
+        _set_hostname(new_main_domain)
        os.symlink(new_ssl_crt, ssl_crt)
        _set_maindomain(new_main_domain)
    except Exception as e:
        logger.warning("%s" % e, exc_info=1)
        raise YunohostError('main_domain_change_failed')
    _set_hostname(new_main_domain)
    # Generate SSOwat configuration file
    app_ssowatconf()
    # Regen configurations
-    try:
+    if os.path.exists('/etc/yunohost/installed'):
        with open('/etc/yunohost/installed', 'r'):
        regen_conf()
    except IOError:
        pass
    logger.success(m18n.n('main_domain_changed'))
@ -385,11 +370,6 @@ def _get_maindomain():
    return maindomain
 def _set_maindomain(domain):
    with open('/etc/yunohost/current_host', 'w') as f:
        f.write(domain)
 def _build_dns_conf(domain, ttl=3600, include_empty_AAAA_if_no_ipv6=False):
    """
    Internal function that will returns a data structure containing the needed
--- a/src/yunohost/firewall.py
+++ b/src/yunohost/firewall.py
@ -82,6 +82,8 @@ def firewall_allow(protocol, port, ipv4_only=False, ipv6_only=False,
        # Add port forwarding with UPnP
        if not no_upnp and port not in firewall['uPnP'][p]:
            firewall['uPnP'][p].append(port)
            if firewall['uPnP'][p + "_TO_CLOSE"] and port in firewall['uPnP'][p + "_TO_CLOSE"]:
                firewall['uPnP'][p + "_TO_CLOSE"].remove(port)
    # Update and reload firewall
    _update_firewall_file(firewall)
@ -139,6 +141,9 @@ def firewall_disallow(protocol, port, ipv4_only=False, ipv6_only=False,
        # Remove port forwarding with UPnP
        if upnp and port in firewall['uPnP'][p]:
            firewall['uPnP'][p].remove(port)
            if not firewall['uPnP'][p + "_TO_CLOSE"]:
                firewall['uPnP'][p + "_TO_CLOSE"] = []
            firewall['uPnP'][p + "_TO_CLOSE"].append(port)
    # Update and reload firewall
    _update_firewall_file(firewall)
@ -356,6 +361,16 @@ def firewall_upnp(action='status', no_refresh=False):
            else:
                # Iterate over ports
                for protocol in ['TCP', 'UDP']:
                    if firewall['uPnP'][protocol + "_TO_CLOSE"]:
                        for port in firewall['uPnP'][protocol + "_TO_CLOSE"]:
                            # Clean the mapping of this port
                            if upnpc.getspecificportmapping(port, protocol):
                                try:
                                    upnpc.deleteportmapping(port, protocol)
                                except:
                                    pass
                        firewall['uPnP'][protocol + "_TO_CLOSE"] = []
                    for port in firewall['uPnP'][protocol]:
                        # Clean the mapping of this port
                        if upnpc.getspecificportmapping(port, protocol):
@ -374,14 +389,13 @@ def firewall_upnp(action='status', no_refresh=False):
                                         port, exc_info=1)
                            enabled = False
                _update_firewall_file(firewall)
    if enabled != firewall['uPnP']['enabled']:
        firewall = firewall_list(raw=True)
        firewall['uPnP']['enabled'] = enabled
-        # Make a backup and update firewall file
+        _update_firewall_file(firewall)
        os.system("cp {0} {0}.old".format(FIREWALL_FILE))
        with open(FIREWALL_FILE, 'w') as f:
            yaml.safe_dump(firewall, f, default_flow_style=False)
        if not no_refresh:
            # Display success message if needed
--- a/src/yunohost/log.py
+++ b/src/yunohost/log.py
@ -130,7 +130,7 @@ def log_list(limit=None, with_details=False, with_suboperations=False):
    return {"operation": operations}
-def log_display(path, number=None, share=False, filter_irrelevant=False, with_suboperations=False):
+def log_show(path, number=None, share=False, filter_irrelevant=False, with_suboperations=False):
    """
    Display a log file enriched with metadata if any.
@ -282,6 +282,9 @@ def log_display(path, number=None, share=False, filter_irrelevant=False, with_su
    return infos
 def log_share(path):
    return log_show(path, share=True)
 def is_unit_operation(entities=['app', 'domain', 'group', 'service', 'user'],
                      exclude=['password'], operation_key=None):
--- a/src/yunohost/tools.py
+++ b/src/yunohost/tools.py
@ -33,7 +33,7 @@ from importlib import import_module
 from moulinette import msignals, m18n
 from moulinette.utils.log import getActionLogger
 from moulinette.utils.process import check_output, call_async_output
-from moulinette.utils.filesystem import write_to_json, read_yaml, write_to_yaml
+from moulinette.utils.filesystem import read_yaml, write_to_yaml
 from yunohost.app import _update_apps_catalog, app_info, app_upgrade, _initialize_apps_catalog_system
 from yunohost.domain import domain_add
@ -227,7 +227,7 @@ def _detect_virt():
@is_unit_operation()
 def tools_postinstall(operation_logger, domain, password, ignore_dyndns=False,
-                      force_password=False):
+                      force_password=False, force_diskspace=False):
    """
    YunoHost post-install
@ -240,6 +240,7 @@ def tools_postinstall(operation_logger, domain, password, ignore_dyndns=False,
    """
    from yunohost.utils.password import assert_password_is_strong_enough
    from yunohost.domain import domain_main_domain
    import psutil
    dyndns_provider = "dyndns.yunohost.org"
@ -247,6 +248,17 @@ def tools_postinstall(operation_logger, domain, password, ignore_dyndns=False,
    if os.path.isfile('/etc/yunohost/installed'):
        raise YunohostError('yunohost_already_installed')
    if os.path.isdir("/etc/yunohost/apps") and os.listdir("/etc/yunohost/apps") != []:
        raise YunohostError("It looks like you're trying to re-postinstall a system that was already working previously ... If you recently had some bug or issues with your installation, please first discuss with the team on how to fix the situation instead of savagely re-running the postinstall ...", raw_msg=True)
    # Check there's at least 10 GB on the rootfs...
    disk_partitions = sorted(psutil.disk_partitions(), key=lambda k: k.mountpoint)
    main_disk_partitions = [d for d in disk_partitions if d.mountpoint in ['/', '/var']]
    main_space = sum([psutil.disk_usage(d.mountpoint).total for d in main_disk_partitions])
    GB = 1024**3
    if not force_diskspace and main_space < 10 * GB:
        raise YunohostError("postinstall_low_rootfsspace")
    # Check password
    if not force_password:
        assert_password_is_strong_enough("admin", password)
@ -286,58 +298,7 @@ def tools_postinstall(operation_logger, domain, password, ignore_dyndns=False,
    operation_logger.start()
    logger.info(m18n.n('yunohost_installing'))
    # Create required folders
    folders_to_create = [
        '/etc/yunohost/apps',
        '/etc/yunohost/certs',
        '/var/cache/yunohost/repo',
        '/home/yunohost.backup',
        '/home/yunohost.app'
    ]
    for folder in [x for x in folders_to_create if not os.path.exists(x)]:
        os.makedirs(folder)
    # Change folders permissions
    os.system('chmod 755 /home/yunohost.app')
    # Init ssowat's conf.json.persistent
    if not os.path.exists('/etc/ssowat/conf.json.persistent'):
        write_to_json('/etc/ssowat/conf.json.persistent', {})
    os.system('chmod 644 /etc/ssowat/conf.json.persistent')
    # Create SSL CA
    regen_conf(['ssl'], force=True)
    ssl_dir = '/usr/share/yunohost/yunohost-config/ssl/yunoCA'
    # (Update the serial so that it's specific to this very instance)
    os.system("openssl rand -hex 19 > %s/serial" % ssl_dir)
    commands = [
        'rm %s/index.txt' % ssl_dir,
        'touch %s/index.txt' % ssl_dir,
        'cp %s/openssl.cnf %s/openssl.ca.cnf' % (ssl_dir, ssl_dir),
        'sed -i s/yunohost.org/%s/g %s/openssl.ca.cnf ' % (domain, ssl_dir),
        'openssl req -x509 -new -config %s/openssl.ca.cnf -days 3650 -out %s/ca/cacert.pem -keyout %s/ca/cakey.pem -nodes -batch -subj /CN=%s/O=%s' % (ssl_dir, ssl_dir, ssl_dir, domain, os.path.splitext(domain)[0]),
        'cp %s/ca/cacert.pem /etc/ssl/certs/ca-yunohost_crt.pem' % ssl_dir,
        'update-ca-certificates'
    ]
    for command in commands:
        p = subprocess.Popen(
            command.split(), stdout=subprocess.PIPE, stderr=subprocess.STDOUT)
        out, _ = p.communicate()
        if p.returncode != 0:
            logger.warning(out)
            raise YunohostError('yunohost_ca_creation_failed')
        else:
            logger.debug(out)
    logger.success(m18n.n('yunohost_ca_creation_success'))
    # New domain config
    regen_conf(['nsswitch'], force=True)
    domain_add(domain, dyndns)
    domain_main_domain(domain)
@ -358,12 +319,6 @@ def tools_postinstall(operation_logger, domain, password, ignore_dyndns=False,
    except Exception as e:
        logger.warning(str(e))
    # Create the archive directory (makes it easier for people to upload backup
    # archives, otherwise it's only created after running `yunohost backup
    # create` once.
    from yunohost.backup import _create_archive_dir
    _create_archive_dir()
    # Init migrations (skip them, no need to run them on a fresh system)
    _skip_all_migrations()
@ -633,7 +588,7 @@ def tools_upgrade(operation_logger, apps=None, system=False, allow_yunohost_upgr
            #
            # Here we use a dirty hack to run a command after the current
            # "yunohost tools upgrade", because the upgrade of yunohost
-            # will also trigger other yunohost commands (e.g. "yunohost tools migrations migrate")
+            # will also trigger other yunohost commands (e.g. "yunohost tools migrations run")
            # (also the upgrade of the package, if executed from the webadmin, is
            # likely to kill/restart the api which is in turn likely to kill this
            # command before it ends...)
@ -784,7 +739,7 @@ def tools_migrations_list(pending=False, done=False):
    return {"migrations": migrations}
-def tools_migrations_migrate(targets=[], skip=False, auto=False, force_rerun=False, accept_disclaimer=False):
+def tools_migrations_run(targets=[], skip=False, auto=False, force_rerun=False, accept_disclaimer=False):
    """
    Perform migrations
--- a/src/yunohost/user.py
+++ b/src/yunohost/user.py
@ -171,7 +171,7 @@ def user_create(operation_logger, username, firstname, lastname, domain, passwor
    uid_guid_found = False
    while not uid_guid_found:
        # LXC uid number is limited to 65536 by default
-        uid = str(random.randint(200, 65000))
+        uid = str(random.randint(1001, 65000))
        uid_guid_found = uid not in all_uid and uid not in all_gid
    # Adapt values for LDAP
--- a/src/yunohost/utils/error.py
+++ b/src/yunohost/utils/error.py
@ -32,11 +32,23 @@ class YunohostError(MoulinetteError):
    are translated via m18n.n (namespace) instead of m18n.g (global?)
    """
-    def __init__(self, key, raw_msg=False, *args, **kwargs):
+    def __init__(self, key, raw_msg=False, log_ref=None, *args, **kwargs):
        self.key = key  # Saving the key is useful for unit testing
        self.kwargs = kwargs  # Saving the key is useful for unit testing
        self.log_ref = log_ref
        if raw_msg:
            msg = key
        else:
            msg = m18n.n(key, *args, **kwargs)
        super(YunohostError, self).__init__(msg, raw_msg=True)
    def content(self):
        if not self.log_ref:
            return super(YunohostError, self).content()
        else:
            return {
                "error": self.strerror,
                "log_ref": self.log_ref
            }
--- a/tests/test_i18n_keys.py
+++ b/tests/test_i18n_keys.py
@ -24,9 +24,9 @@ def find_expected_string_keys():
    #    m18n.n(   "foo"
    #    YunohostError("foo"
    #    # i18n: foo
-    p1 = re.compile(r'm18n\.n\(\s*[\"\'](\w+)[\"\']')
+    p1 = re.compile(r"m18n\.n\(\n*\s*[\"\'](\w+)[\"\']")
-    p2 = re.compile(r'YunohostError\([\'\"](\w+)[\'\"]')
+    p2 = re.compile(r"YunohostError\(\n*\s*[\'\"](\w+)[\'\"]")
-    p3 = re.compile(r'# i18n: [\'\"]?(\w+)[\'\"]?')
+    p3 = re.compile(r"# i18n: [\'\"]?(\w+)[\'\"]?")
    python_files = glob.glob("src/yunohost/*.py")
    python_files.extend(glob.glob("src/yunohost/utils/*.py"))
@ -78,7 +78,7 @@ def find_expected_string_keys():
    for funcname in subprocess.check_output(cmd, shell=True).decode("utf-8").strip().split("\n"):
        yield "log_" + funcname
-    p4 = re.compile(r"OperationLogger\([\"\'](\w+)[\"\']")
+    p4 = re.compile(r"OperationLogger\(\n*\s*[\"\'](\w+)[\"\']")
    for python_file in python_files:
        content = open(python_file).read()
        for m in ("log_" + match for match in p4.findall(content)):
@ -86,7 +86,7 @@ def find_expected_string_keys():
    # Global settings descriptions
    # Will be on a line like : ("service.ssh.allow_deprecated_dsa_hostkey", {"type": "bool", ...
-    p5 = re.compile(r" \([\"\'](\w[\w\.]+)[\"\'],")
+    p5 = re.compile(r" \(\n*\s*[\"\'](\w[\w\.]+)[\"\'],")
    content = open("src/yunohost/settings.py").read()
    for m in ("global_settings_setting_" + s.replace(".", "_") for s in p5.findall(content)):
        yield m
--- a/tox.ini
+++ b/tox.ini
@ -1,12 +1,13 @@
 [tox]
-envlist = py37-{lint,invalidcode},py37-black
+envlist = py37-{lint,invalidcode},py37-black-{run,check}
 [testenv]
 skip_install=True
 deps =
  py37-{lint,invalidcode}: flake8
-  py37-black: black
+  py37-black-{run,check}: black
 commands =
        py37-lint: flake8 src doc data tests --ignore E402,E501 --exclude src/yunohost/vendor
        py37-invalidcode: flake8 src data --exclude src/yunohost/tests,src/yunohost/vendor --select F
-        py37-black: black --check --diff src doc data tests
+        py37-black-check: black --check --diff src doc data tests
        py37-black-run: black src doc data tests