Merge branch 'dev' into cron-legacy

.gitlab/ci/test.gitlab-ci.yml

@@ -53,6 +53,12 @@ root-tests:
   script:
     - python3 -m pytest tests
 
+test-helpers:
+  extends: .test-stage
+  script:
+    - cd tests
+    - bash test_helpers.sh
+
 test-apps:
   extends: .test-stage
   script:

data/helpers.d/apt

@@ -47,10 +47,11 @@ ynh_wait_dpkg_free() {
 
 # Check either a package is installed or not
 #
-# example: ynh_package_is_installed --package=yunohost && echo "ok"
+# example: ynh_package_is_installed --package=yunohost && echo "installed"
 #
 # usage: ynh_package_is_installed --package=name
 # | arg: -p, --package=     - the package name to check
+# | ret: 0 if the package is installed, 1 else.
 #
 # Requires YunoHost version 2.2.4 or higher.
 ynh_package_is_installed() {
@@ -216,7 +217,8 @@ ynh_package_install_from_equivs () {
 # example : ynh_install_app_dependencies dep1 dep2 "dep3|dep4|dep5"
 #
 # usage: ynh_install_app_dependencies dep [dep [...]]
-# | arg: dep - the package name to install in dependence. Writing "dep3|dep4|dep5" can be used to specify alternatives. For example : dep1 dep2 "dep3|dep4|dep5" will require to install dep1 and dep 2 and (dep3 or dep4 or dep5).
+# | arg: dep - the package name to install in dependence.
+# | arg: "dep1|dep2|…" - You can specify alternatives. It will require to install (dep1 or dep2, etc).
 #
 # Requires YunoHost version 2.6.4 or higher.
 ynh_install_app_dependencies () {
@@ -224,13 +226,10 @@ ynh_install_app_dependencies () {
     # Add a comma for each space between packages. But not add a comma if the space separate a version specification. (See  below)
     dependencies="$(echo "$dependencies" | sed 's/\([^\<=\>]\)\ \([^(]\)/\1, \2/g')"
     local dependencies=${dependencies//|/ | }
-    local manifest_path="../manifest.json"
+    local manifest_path="$YNH_APP_BASEDIR/manifest.json"
-    if [ ! -e "$manifest_path" ]; then
-        manifest_path="../settings/manifest.json"	# Into the restore script, the manifest is not at the same place
-    fi
 
-    local version=$(grep '\"version\": ' "$manifest_path" | cut --delimiter='"' --fields=4)	# Retrieve the version number in the manifest file.
+    local version=$(jq -r '.version' "$manifest_path")
-    if [ ${#version} -eq 0 ]; then
+    if [ -z "${version}" ] || [ "$version" == "null" ]; then
         version="1.0"
     fi
     local dep_app=${app//_/-}	# Replace all '_' by '-'

data/helpers.d/backup

@@ -13,13 +13,13 @@ CAN_BIND=${CAN_BIND:-1}
 #
 # This helper can be used both in a system backup hook, and in an app backup script
 #
-# Details: ynh_backup writes SRC and the relative DEST into a CSV file. And it
+# `ynh_backup` writes `src_path` and the relative `dest_path` into a CSV file, and it
 # creates the parent destination directory
 #
-# If DEST is ended by a slash it complete this path with the basename of SRC.
+# If `dest_path` is ended by a slash it complete this path with the basename of `src_path`.
-#
-# Example in the context of a wordpress app
 #
+# Example in the context of a wordpress app :
+# ```
 # ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf"
 # # => This line will be added into CSV file
 # # "/etc/nginx/conf.d/$domain.d/$app.conf","apps/wordpress/etc/nginx/conf.d/$domain.d/$app.conf"
@@ -40,26 +40,28 @@ CAN_BIND=${CAN_BIND:-1}
 # ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" "/conf/"
 # # => "/etc/nginx/conf.d/$domain.d/$app.conf","apps/wordpress/conf/$app.conf"
 #
+# ```
 #
-# How to use --is_big:
+# How to use `--is_big`:
-# --is_big is used to specify that this part of the backup can be quite huge.
+#
+# `--is_big` is used to specify that this part of the backup can be quite huge.
 # So, you don't want that your package does backup that part during ynh_backup_before_upgrade.
 # In the same way, an user may doesn't want to backup this big part of the app for
 # each of his backup. And so handle that part differently.
 #
 # As this part of your backup may not be done, your restore script has to handle it.
-# In your restore script, use --not_mandatory with ynh_restore_file
+# In your restore script, use `--not_mandatory` with `ynh_restore_file`
 # As well in your remove script, you should not remove those data ! Or an user may end up with
 # a failed upgrade restoring an app without data anymore !
 #
-# To have the benefit of --is_big while doing a backup, you can whether set the environement
+# To have the benefit of `--is_big` while doing a backup, you can whether set the environement
-#   variable BACKUP_CORE_ONLY to 1 (BACKUP_CORE_ONLY=1) before the backup command. It will affect
+# variable `BACKUP_CORE_ONLY` to 1 (`BACKUP_CORE_ONLY=1`) before the backup command. It will affect
 # only that backup command.
-# Or set the config do_not_backup_data to 1 into the settings.yml of the app. This will affect
+# Or set the config `do_not_backup_data` to 1 into the `settings.yml` of the app. This will affect
 # all backups for this app until the setting is removed.
 #
 # Requires YunoHost version 2.4.0 or higher.
-# Requires YunoHost version 3.5.0 or higher for the argument --not_mandatory
+# Requires YunoHost version 3.5.0 or higher for the argument `--not_mandatory`
 ynh_backup() {
     # TODO find a way to avoid injection by file strange naming !
 
@@ -221,26 +223,25 @@ with open(sys.argv[1], 'r') as backup_file:
 
 # Restore a file or a directory
 #
-# Use the registered path in backup_list by ynh_backup to restore the file at
-# the right place.
-#
 # usage: ynh_restore_file --origin_path=origin_path [--dest_path=dest_path] [--not_mandatory]
 # | arg: -o, --origin_path=     - Path where was located the file or the directory before to be backuped or relative path to $YNH_CWD where it is located in the backup archive
-# | arg: -d, --dest_path=       - Path where restore the file or the dir, if unspecified, the destination will be ORIGIN_PATH or if the ORIGIN_PATH doesn't exist in the archive, the destination will be searched into backup.csv
+# | arg: -d, --dest_path=       - Path where restore the file or the dir. If unspecified, the destination will be `ORIGIN_PATH` or if the `ORIGIN_PATH` doesn't exist in the archive, the destination will be searched into `backup.csv`
 # | arg: -m, --not_mandatory    - Indicate that if the file is missing, the restore process can ignore it.
 #
+# Use the registered path in backup_list by ynh_backup to restore the file at the right place.
+#
 # examples:
-#     ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf"
+#     ynh_restore_file -o "/etc/nginx/conf.d/$domain.d/$app.conf"
 #     # You can also use relative paths:
-#     ynh_restore_file "conf/nginx.conf"
+#     ynh_restore_file -o "conf/nginx.conf"
 #
-# If DEST_PATH already exists and is lighter than 500 Mo, a backup will be made in
+# If `DEST_PATH` already exists and is lighter than 500 Mo, a backup will be made in
-# /home/yunohost.conf/backup/. Otherwise, the existing file is removed.
+# `/home/yunohost.conf/backup/`. Otherwise, the existing file is removed.
 #
-# if apps/wordpress/etc/nginx/conf.d/$domain.d/$app.conf exists, restore it into
+# if `apps/$app/etc/nginx/conf.d/$domain.d/$app.conf` exists, restore it into
-# /etc/nginx/conf.d/$domain.d/$app.conf
+# `/etc/nginx/conf.d/$domain.d/$app.conf`
 # if no, search for a match in the csv (eg: conf/nginx.conf) and restore it into
-# /etc/nginx/conf.d/$domain.d/$app.conf
+# `/etc/nginx/conf.d/$domain.d/$app.conf`
 #
 # Requires YunoHost version 2.6.4 or higher.
 # Requires YunoHost version 3.5.0 or higher for the argument --not_mandatory
@@ -346,13 +347,13 @@ ynh_store_file_checksum () {
 
 # Verify the checksum and backup the file if it's different
 #
-# This helper is primarily meant to allow to easily backup personalised/manually
-# modified config files.
-#
 # usage: ynh_backup_if_checksum_is_different --file=file
 # | arg: -f, --file=    - The file on which the checksum test will be perfomed.
 # | ret: the name of a backup file, or nothing
 #
+# This helper is primarily meant to allow to easily backup personalised/manually
+# modified config files.
+#
 # Requires YunoHost version 2.6.4 or higher.
 ynh_backup_if_checksum_is_different () {
     # Declare an array to define the options of this helper.
@@ -410,12 +411,16 @@ ynh_backup_archive_exists () {
 
 # Make a backup in case of failed upgrade
 #
-# usage:
+# usage: ynh_backup_before_upgrade
+#
+# Usage in a package script:
+# ```
 #   ynh_backup_before_upgrade
 #   ynh_clean_setup () {
 #       ynh_restore_upgradebackup
 #   }
 #   ynh_abort_if_errors
+# ```
 #
 # Requires YunoHost version 2.7.2 or higher.
 ynh_backup_before_upgrade () {
@@ -459,12 +464,16 @@ ynh_backup_before_upgrade () {
 
 # Restore a previous backup if the upgrade process failed
 #
-# usage:
+# usage: ynh_restore_upgradebackup
+#
+# Usage in a package script:
+# ```
 #   ynh_backup_before_upgrade
 #   ynh_clean_setup () {
 #       ynh_restore_upgradebackup
 #   }
 #   ynh_abort_if_errors
+# ```
 #
 # Requires YunoHost version 2.7.2 or higher.
 ynh_restore_upgradebackup () {

data/helpers.d/fail2ban

@@ -12,15 +12,14 @@
 #
 # usage 2: ynh_add_fail2ban_config --use_template [--others_var="list of others variables to replace"]
 # | arg: -t, --use_template - Use this helper in template mode
-# | arg: -v, --others_var=  - List of others variables to replace separeted by a space
+# | arg: -v, --others_var=  - List of others variables to replace separeted by a space for example : 'var_1 var_2 ...'
-# |                           for example : 'var_1 var_2 ...'
 #
-# This will use a template in ../conf/f2b_jail.conf and ../conf/f2b_filter.conf
+# This will use a template in `../conf/f2b_jail.conf` and `../conf/f2b_filter.conf`
-# See the documentation of ynh_add_config for a description of the template
+# See the documentation of `ynh_add_config` for a description of the template
 # format and how placeholders are replaced with actual variables.
 #
 # Generally your template will look like that by example (for synapse):
-#
+# ```
 # f2b_jail.conf:
 #     [__APP__]
 #     enabled = true
@@ -28,7 +27,8 @@
 #     filter = __APP__
 #     logpath = /var/log/__APP__/logfile.log
 #     maxretry = 3
-#
+# ```
+# ```
 # f2b_filter.conf:
 #     [INCLUDES]
 #     before = common.conf
@@ -41,14 +41,15 @@
 #    failregex = ^%(__synapse_start_line)s INFO \- POST\-(\d+)\- <HOST> \- \d+ \- Received request\: POST /_matrix/client/r0/login\??<SKIPLINES>%(__synapse_start_line)s INFO \- POST\-\1\- Got login request with identifier: \{u'type': u'm.id.user', u'user'\: u'(.+?)'\}, medium\: None, address: None, user\: u'\5'<SKIPLINES>%(__synapse_start_line)s WARNING \- \- (Attempted to login as @\5\:.+ but they do not exist|Failed password login for user @\5\:.+)$
 #
 #     ignoreregex =
+# ```
 #
 # -----------------------------------------------------------------------------
 #
 # Note about the "failregex" option:
-#          regex to match the password failure messages in the logfile. The
+#
-#          host must be matched by a group named "host". The tag "<HOST>" can
+# regex to match the password failure messages in the logfile. The host must be
-#          be used for standard IP/hostname matching and is only an alias for
+# matched by a group named "`host`". The tag "`<HOST>`" can be used for standard
-#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
+# IP/hostname matching and is only an alias for `(?:::f{4,6}:)?(?P<host>[\w\-.^_]+)`
 #
 # You can find some more explainations about how to make a regex here :
 # https://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Filters
@@ -56,7 +57,9 @@
 # Note that the logfile need to exist before to call this helper !!
 #
 # To validate your regex you can test with this command:
+# ```
 # fail2ban-regex /var/log/YOUR_LOG_FILE_PATH /etc/fail2ban/filter.d/YOUR_APP.conf
+# ```
 #
 # Requires YunoHost version 3.5.0 or higher.
 ynh_add_fail2ban_config () {

data/helpers.d/hardware

@@ -7,7 +7,7 @@
 # | arg: -t, --total        - Count total RAM+swap
 # | arg: -s, --ignore_swap  - Ignore swap, consider only real RAM
 # | arg: -o, --only_swap    - Ignore real RAM, consider only swap
-# | ret: the amount of free ram
+# | ret: the amount of free ram, in MB (MegaBytes)
 #
 # Requires YunoHost version 3.8.1 or higher.
 ynh_get_ram () {
@@ -70,13 +70,13 @@ ynh_get_ram () {
 
 # Return 0 or 1 depending if the system has a given amount of RAM+swap free or total
 #
-# usage: ynh_require_ram --required=RAM required in Mb [--free|--total] [--ignore_swap|--only_swap]
+# usage: ynh_require_ram --required=RAM [--free|--total] [--ignore_swap|--only_swap]
-# | arg: -r, --required=    - The amount to require, in Mb
+# | arg: -r, --required=    - The amount to require, in MB
 # | arg: -f, --free         - Count free RAM+swap
 # | arg: -t, --total        - Count total RAM+swap
 # | arg: -s, --ignore_swap  - Ignore swap, consider only real RAM
 # | arg: -o, --only_swap    - Ignore real RAM, consider only swap
-# | exit: Return 1 if the ram is under the requirement, 0 otherwise.
+# | ret: 1 if the ram is under the requirement, 0 otherwise.
 #
 # Requires YunoHost version 3.8.1 or higher.
 ynh_require_ram () {

data/helpers.d/logging

@@ -102,8 +102,7 @@ ynh_print_err () {
 
 # Execute a command and print the result as an error
 #
-# usage: ynh_exec_err your_command
+# usage: ynh_exec_err "your_command [ | other_command ]"
-# usage: ynh_exec_err "your_command | other_command"
 # | arg: command - command to execute
 #
 # When using pipes, double quotes are required - otherwise, this helper will run the first command, and the whole output will be sent through the next pipe.
@@ -117,8 +116,7 @@ ynh_exec_err () {
 
 # Execute a command and print the result as a warning
 #
-# usage: ynh_exec_warn your_command
+# usage: ynh_exec_warn "your_command [ | other_command ]"
-# usage: ynh_exec_warn "your_command | other_command"
 # | arg: command - command to execute
 #
 # When using pipes, double quotes are required - otherwise, this helper will run the first command, and the whole output will be sent through the next pipe.
@@ -132,8 +130,7 @@ ynh_exec_warn () {
 
 # Execute a command and force the result to be printed on stdout
 #
-# usage: ynh_exec_warn_less your_command
+# usage: ynh_exec_warn_less "your_command [ | other_command ]"
-# usage: ynh_exec_warn_less "your_command | other_command"
 # | arg: command - command to execute
 #
 # When using pipes, double quotes are required - otherwise, this helper will run the first command, and the whole output will be sent through the next pipe.
@@ -147,8 +144,7 @@ ynh_exec_warn_less () {
 
 # Execute a command and redirect stdout in /dev/null
 #
-# usage: ynh_exec_quiet your_command
+# usage: ynh_exec_quiet "your_command [ | other_command ]"
-# usage: ynh_exec_quiet "your_command | other_command"
 # | arg: command - command to execute
 #
 # When using pipes, double quotes are required - otherwise, this helper will run the first command, and the whole output will be sent through the next pipe.
@@ -162,8 +158,7 @@ ynh_exec_quiet () {
 
 # Execute a command and redirect stdout and stderr in /dev/null
 #
-# usage: ynh_exec_fully_quiet your_command
+# usage: ynh_exec_fully_quiet "your_command [ | other_command ]"
-# usage: ynh_exec_fully_quiet "your_command | other_command"
 # | arg: command - command to execute
 #
 # When using pipes, double quotes are required - otherwise, this helper will run the first command, and the whole output will be sent through the next pipe.
@@ -363,8 +358,7 @@ ynh_debug () {
 
 # Execute a command and print the result as debug
 #
-# usage: ynh_debug_exec your_command
+# usage: ynh_debug_exec "your_command [ | other_command ]"
-# usage: ynh_debug_exec "your_command | other_command"
 # | arg: command - command to execute
 #
 # When using pipes, double quotes are required - otherwise, this helper will run the first command, and the whole output will be sent through the next pipe.

data/helpers.d/logrotate

@@ -7,16 +7,14 @@
 # | arg: -n, --nonappend        - (optional) Replace the config file instead of appending this new config.
 # | arg: -u, --specific_user=   - run logrotate as the specified user and group. If not specified logrotate is runned as root.
 #
-# If no --logfile is provided, /var/log/${app} will be used as default.
+# If no `--logfile` is provided, `/var/log/$app` will be used as default.
-# logfile can be just a directory, or a full path to a logfile :
+# `logfile` can point to a directory or a file.
-# /parentdir/logdir
-# /parentdir/logdir/logfile.log
 #
 # It's possible to use this helper multiple times, each config will be added to
-# the same logrotate config file.  Unless you use the option --non-append
+# the same logrotate config file. Unless you use the option `--non-append`
 #
 # Requires YunoHost version 2.6.4 or higher.
-# Requires YunoHost version 3.2.0 or higher for the argument --specific_user
+# Requires YunoHost version 3.2.0 or higher for the argument `--specific_user`
 ynh_use_logrotate () {
     # Declare an array to define the options of this helper.
     local legacy_args=lnuya

data/helpers.d/multimedia

@@ -47,12 +47,14 @@ ynh_multimedia_build_main_dir() {
 }
 
 # Add a directory in yunohost.multimedia
-# This "directory" will be a symbolic link to a existing directory.
 #
-# usage: ynh_multimedia_addfolder "Source directory" "Destination directory"
+# usage: ynh_multimedia_addfolder --source_dir="source_dir" --dest_dir="dest_dir"
 #
 # | arg: -s, --source_dir= - Source directory - The real directory which contains your medias.
 # | arg: -d, --dest_dir= - Destination directory - The name and the place of the symbolic link, relative to "/home/yunohost.multimedia"
+#
+# This "directory" will be a symbolic link to a existing directory.
+#
 ynh_multimedia_addfolder() {
 
     # Declare an array to define the options of this helper.
@@ -80,6 +82,7 @@ ynh_multimedia_addfolder() {
 # usage: ynh_multimedia_addaccess user_name
 #
 # | arg: -u, --user_name= - The name of the user which gain this access.
+#
 ynh_multimedia_addaccess () {
 	# Declare an array to define the options of this helper.
     local legacy_args=u

data/helpers.d/mysql

@@ -2,14 +2,15 @@
 
 # Open a connection as a user
 #
-# example: ynh_mysql_connect_as --user="user" --password="pass" <<< "UPDATE ...;"
-# example: ynh_mysql_connect_as --user="user" --password="pass" < /path/to/file.sql
-#
 # usage: ynh_mysql_connect_as --user=user --password=password [--database=database]
 # | arg: -u, --user=        - the user name to connect as
 # | arg: -p, --password=    - the user password
 # | arg: -d, --database=    - the database to connect to
 #
+# examples:
+#    ynh_mysql_connect_as --user="user" --password="pass" <<< "UPDATE ...;"
+#    ynh_mysql_connect_as --user="user" --password="pass" < /path/to/file.sql
+#
 # Requires YunoHost version 2.2.4 or higher.
 ynh_mysql_connect_as() {
     # Declare an array to define the options of this helper.
@@ -120,11 +121,11 @@ ynh_mysql_drop_db() {
 
 # Dump a database
 #
-# example: ynh_mysql_dump_db --database=roundcube > ./dump.sql
-#
 # usage: ynh_mysql_dump_db --database=database
 # | arg: -d, --database=    - the database name to dump
-# | ret: the mysqldump output
+# | ret: The mysqldump output
+#
+# example: ynh_mysql_dump_db --database=roundcube > ./dump.sql
 #
 # Requires YunoHost version 2.2.4 or higher.
 ynh_mysql_dump_db() {
@@ -156,7 +157,7 @@ ynh_mysql_create_user() {
 #
 # usage: ynh_mysql_user_exists --user=user
 # | arg: -u, --user=    - the user for which to check existence
-# | exit: Return 1 if the user doesn't exist, 0 otherwise.
+# | ret: 0 if the user exists, 1 otherwise.
 #
 # Requires YunoHost version 2.2.4 or higher.
 ynh_mysql_user_exists()
@@ -195,8 +196,8 @@ ynh_mysql_drop_user() {
 # | arg: -n, --db_name=     - Name of the database
 # | arg: -p, --db_pwd=      - Password of the database. If not provided, a password will be generated
 #
-# After executing this helper, the password of the created database will be available in $db_pwd
+# After executing this helper, the password of the created database will be available in `$db_pwd`
-# It will also be stored as "mysqlpwd" into the app settings.
+# It will also be stored as "`mysqlpwd`" into the app settings.
 #
 # Requires YunoHost version 2.6.4 or higher.
 ynh_mysql_setup_db () {

data/helpers.d/network

@@ -2,12 +2,12 @@
 
 # Find a free port and return it
 #
-# example: port=$(ynh_find_port --port=8080)
-#
 # usage: ynh_find_port --port=begin_port
 # | arg: -p, --port=    - port to start to search
 # | ret: the port number
 #
+# example: port=$(ynh_find_port --port=8080)
+#
 # Requires YunoHost version 2.6.4 or higher.
 ynh_find_port () {
     # Declare an array to define the options of this helper.
@@ -27,11 +27,11 @@ ynh_find_port () {
 
 # Test if a port is available
 #
-# example: ynh_port_available --port=1234 || ynh_die --message="Port 1234 is needs to be available for this app"
-#
 # usage: ynh_find_port --port=XYZ
 # | arg: -p, --port=    - port to check
-# | exit: Return 1 if the port is already used by another process.
+# | ret: 0 if the port is available, 1 if it is already used by another process.
+#
+# example: ynh_port_available --port=1234 || ynh_die --message="Port 1234 is needs to be available for this app"
 #
 # Requires YunoHost version 3.8.0 or higher.
 ynh_port_available () {
@@ -89,12 +89,12 @@ EOF
 
 # Validate an IPv4 address
 #
-# example: ynh_validate_ip4 111.222.333.444
-#
 # usage: ynh_validate_ip4 --ip_address=ip_address
 # | arg: -i, --ip_address=     - the ipv4 address to check
 # | ret: 0 for valid ipv4 addresses, 1 otherwise
 #
+# example: ynh_validate_ip4 111.222.333.444
+#
 # Requires YunoHost version 2.2.4 or higher.
 ynh_validate_ip4()
 {
@@ -111,12 +111,12 @@ ynh_validate_ip4()
 
 # Validate an IPv6 address
 #
-# example: ynh_validate_ip6 2000:dead:beef::1
-#
 # usage: ynh_validate_ip6 --ip_address=ip_address
 # | arg: -i, --ip_address=  - the ipv6 address to check
 # | ret: 0 for valid ipv6 addresses, 1 otherwise
 #
+# example: ynh_validate_ip6 2000:dead:beef::1
+#
 # Requires YunoHost version 2.2.4 or higher.
 ynh_validate_ip6()
 {

data/helpers.d/nginx

@@ -4,13 +4,13 @@
 #
 # usage: ynh_add_nginx_config
 #
-# This will use a template in ../conf/nginx.conf
+# This will use a template in `../conf/nginx.conf`
-# See the documentation of ynh_add_config for a description of the template
+# See the documentation of `ynh_add_config` for a description of the template
 # format and how placeholders are replaced with actual variables.
 #
 # Additionally, ynh_add_nginx_config will replace:
-# - #sub_path_only      by empty string if path_url is not '/'
+# - `#sub_path_only`      by empty string if `path_url` is not `'/'`
-# - #root_path_only     by empty string if path_url  *is*  '/'
+# - `#root_path_only`     by empty string if `path_url`  *is*  `'/'`
 #
 # This allows to enable/disable specific behaviors dependenging on the install
 # location

data/helpers.d/nodejs

@@ -27,11 +27,14 @@ SOURCE_SUM=fa80a8685f0fb1b4187fc0a1228b44f0ea2f244e063fe8f443b8913ea595af89" > "
 
 # Load the version of node for an app, and set variables.
 #
-# ynh_use_nodejs has to be used in any app scripts before using node for the first time.
+# usage: ynh_use_nodejs
+#
+# `ynh_use_nodejs` has to be used in any app scripts before using node for the first time.
 # This helper will provide alias and variables to use in your scripts.
 #
-# To use npm or node, use the alias `ynh_npm` and `ynh_node`
+# To use npm or node, use the alias `ynh_npm` and `ynh_node`.
-# Those alias will use the correct version installed for the app
+#
+# Those alias will use the correct version installed for the app.
 # For example: use `ynh_npm install` instead of `npm install`
 #
 # With `sudo` or `ynh_exec_as`, use instead the fallback variables `$ynh_npm` and `$ynh_node`
@@ -39,7 +42,7 @@ SOURCE_SUM=fa80a8685f0fb1b4187fc0a1228b44f0ea2f244e063fe8f443b8913ea595af89" > "
 # Exemple: `ynh_exec_as $app $ynh_node_load_PATH $ynh_npm install`
 #
 # $PATH contains the path of the requested version of node.
-# However, $PATH is duplicated into $node_PATH to outlast any manipulation of $PATH
+# However, $PATH is duplicated into $node_PATH to outlast any manipulation of `$PATH`
 # You can use the variable `$ynh_node_load_PATH` to quickly load your node version
 # in $PATH for an usage into a separate script.
 # Exemple: $ynh_node_load_PATH $final_path/script_that_use_npm.sh`
@@ -47,13 +50,17 @@ SOURCE_SUM=fa80a8685f0fb1b4187fc0a1228b44f0ea2f244e063fe8f443b8913ea595af89" > "
 #
 # Finally, to start a nodejs service with the correct version, 2 solutions
 #  Either the app is dependent of node or npm, but does not called it directly.
-#  In such situation, you need to load PATH
+#  In such situation, you need to load PATH :
-#    `Environment="__NODE_ENV_PATH__"`
+# ```
-#    `ExecStart=__FINALPATH__/my_app`
+# Environment="__NODE_ENV_PATH__"
-#     You will replace __NODE_ENV_PATH__ with $ynh_node_load_PATH
+# ExecStart=__FINALPATH__/my_app
+# ```
+# You will replace __NODE_ENV_PATH__ with $ynh_node_load_PATH.
 #
 #  Or node start the app directly, then you don't need to load the PATH variable
-#    `ExecStart=__YNH_NODE__ my_app run`
+# ```
+# ExecStart=__YNH_NODE__ my_app run
+# ```
 # You will replace __YNH_NODE__ with $ynh_node
 #
 #
@@ -61,8 +68,6 @@ SOURCE_SUM=fa80a8685f0fb1b4187fc0a1228b44f0ea2f244e063fe8f443b8913ea595af89" > "
 #   - $nodejs_path: The absolute path to node binaries for the chosen version.
 #   - $nodejs_version: Just the version number of node for this app. Stored as 'nodejs_version' in settings.yml.
 #
-# usage: ynh_use_nodejs
-#
 # Requires YunoHost version 2.7.12 or higher.
 ynh_use_nodejs () {
     nodejs_version=$(ynh_app_setting_get --app=$app --key=nodejs_version)
@@ -96,10 +101,10 @@ ynh_use_nodejs () {
 # usage: ynh_install_nodejs --nodejs_version=nodejs_version
 # | arg: -n, --nodejs_version=      - Version of node to install. When possible, your should prefer to use major version number (e.g. 8 instead of 8.10.0). The crontab will then handle the update of minor versions when needed.
 #
-# n (Node version management) uses the PATH variable to store the path of the version of node it is going to use.
+# `n` (Node version management) uses the `PATH` variable to store the path of the version of node it is going to use.
 # That's how it changes the version
 #
-# Refer to ynh_use_nodejs for more information about available commands and variables
+# Refer to `ynh_use_nodejs` for more information about available commands and variables
 #
 # Requires YunoHost version 2.7.12 or higher.
 ynh_install_nodejs () {
@@ -176,12 +181,12 @@ ynh_install_nodejs () {
 
 # Remove the version of node used by the app.
 #
-# This helper will check if another app uses the same version of node,
-# if not, this version of node will be removed.
-# If no other app uses node, n will be also removed.
-#
 # usage: ynh_remove_nodejs
 #
+# This helper will check if another app uses the same version of node.
+# - If not, this version of node will be removed.
+# - If no other app uses node, n will be also removed.
+#
 # Requires YunoHost version 2.7.12 or higher.
 ynh_remove_nodejs () {
     nodejs_version=$(ynh_app_setting_get --app=$app --key=nodejs_version)

data/helpers.d/permission

@@ -2,15 +2,17 @@
 
 # Create a new permission for the app
 #
-# example 1: ynh_permission_create --permission=admin --url=/admin --additional_urls=domain.tld/admin /superadmin --allowed=alice bob \
+# Example 1: `ynh_permission_create --permission=admin --url=/admin --additional_urls=domain.tld/admin /superadmin --allowed=alice bob \
-#                                  --label="My app admin" --show_tile=true
+#                                  --label="My app admin" --show_tile=true`
 #
 # This example will create a new permission permission with this following effect:
 # - A tile named "My app admin" in the SSO will be available for the users alice and bob. This tile will point to the relative url '/admin'.
 # - Only the user alice and bob will have the access to theses following url: /admin, domain.tld/admin, /superadmin
 #
 #
-# example 2: ynh_permission_create --permission=api --url=domain.tld/api --auth_header=false --allowed=visitors \
+# Example 2:
+#
+#     ynh_permission_create --permission=api --url=domain.tld/api --auth_header=false --allowed=visitors \
 #                                  --label="MyApp API" --protected=true
 #
 # This example will create a new protected permission. So the admin won't be able to add/remove the visitors group of this permission.

data/helpers.d/php

@@ -569,6 +569,7 @@ YNH_COMPOSER_VERSION=${YNH_COMPOSER_VERSION:-$YNH_DEFAULT_COMPOSER_VERSION}
 # | arg: -v, --phpversion - PHP version to use with composer
 # | arg: -w, --workdir - The directory from where the command will be executed. Default $final_path.
 # | arg: -c, --commands - Commands to execute.
+#
 ynh_composer_exec () {
     # Declare an array to define the options of this helper.
     local legacy_args=vwc
@@ -593,6 +594,7 @@ ynh_composer_exec () {
 # | arg: -w, --workdir - The directory from where the command will be executed. Default $final_path.
 # | arg: -a, --install_args - Additional arguments provided to the composer install. Argument --no-dev already include
 # | arg: -c, --composerversion - Composer version to install
+#
 ynh_install_composer () {
     # Declare an array to define the options of this helper.
     local legacy_args=vwac

data/helpers.d/postgresql

@@ -5,15 +5,15 @@ PSQL_VERSION=11
 
 # Open a connection as a user
 #
-# examples: 
-#    ynh_psql_connect_as 'user' 'pass' <<< "UPDATE ...;"
-#    ynh_psql_connect_as 'user' 'pass' < /path/to/file.sql
-#
 # usage: ynh_psql_connect_as --user=user --password=password [--database=database]
 # | arg: -u, --user=        - the user name to connect as
 # | arg: -p, --password=    - the user password
 # | arg: -d, --database=    - the database to connect to
 #
+# examples:
+#    ynh_psql_connect_as 'user' 'pass' <<< "UPDATE ...;"
+#    ynh_psql_connect_as 'user' 'pass' < /path/to/file.sql
+#
 # Requires YunoHost version 3.5.0 or higher.
 ynh_psql_connect_as() {
     # Declare an array to define the options of this helper.
@@ -127,12 +127,12 @@ ynh_psql_drop_db() {
 
 # Dump a database
 #
-# example: ynh_psql_dump_db 'roundcube' > ./dump.sql
-#
 # usage: ynh_psql_dump_db --database=database
 # | arg: -d, --database=    - the database name to dump
 # | ret: the psqldump output
 #
+# example: ynh_psql_dump_db 'roundcube' > ./dump.sql
+#
 # Requires YunoHost version 3.5.0 or higher.
 ynh_psql_dump_db() {
     # Declare an array to define the options of this helper.
@@ -286,11 +286,12 @@ ynh_psql_remove_db() {
 }
 
 # Create a master password and set up global settings
-# It also make sure that postgresql is installed and running
-# Please always call this script in install and restore scripts
 #
 # usage: ynh_psql_test_if_first_run
 #
+# It also make sure that postgresql is installed and running
+# Please always call this script in install and restore scripts
+#
 # Requires YunoHost version 2.7.13 or higher.
 ynh_psql_test_if_first_run() {
 

data/helpers.d/setting

@@ -108,12 +108,12 @@ EOF
 
 # Check availability of a web path
 #
-# example: ynh_webpath_available --domain=some.domain.tld --path_url=/coffee
-#
 # usage: ynh_webpath_available --domain=domain --path_url=path
 # | arg: -d, --domain=      - the domain/host of the url
 # | arg: -p, --path_url=    - the web path to check the availability of
 #
+# example: ynh_webpath_available --domain=some.domain.tld --path_url=/coffee
+#
 # Requires YunoHost version 2.6.4 or higher.
 ynh_webpath_available () {
     # Declare an array to define the options of this helper.
@@ -129,13 +129,13 @@ ynh_webpath_available () {
 
 # Register/book a web path for an app
 #
-# example: ynh_webpath_register --app=wordpress --domain=some.domain.tld --path_url=/coffee
-#
 # usage: ynh_webpath_register --app=app --domain=domain --path_url=path
 # | arg: -a, --app=         - the app for which the domain should be registered
 # | arg: -d, --domain=      - the domain/host of the web path
 # | arg: -p, --path_url=    - the web path to be registered
 #
+# example: ynh_webpath_register --app=wordpress --domain=some.domain.tld --path_url=/coffee
+#
 # Requires YunoHost version 2.6.4 or higher.
 ynh_webpath_register () {
     # Declare an array to define the options of this helper.

data/helpers.d/string

@@ -2,12 +2,12 @@
 
 # Generate a random string
 #
-# example: pwd=$(ynh_string_random --length=8)
-#
 # usage: ynh_string_random [--length=string_length]
 # | arg: -l, --length=  - the string length to generate (default: 24)
 # | ret: the generated string
 #
+# example: pwd=$(ynh_string_random --length=8)
+#
 # Requires YunoHost version 2.2.4 or higher.
 ynh_string_random() {
     # Declare an array to define the options of this helper.
@@ -30,9 +30,8 @@ ynh_string_random() {
 # | arg: -r, --replace_string=  - String that will replace matches
 # | arg: -f, --target_file=     - File in which the string will be replaced.
 #
-# As this helper is based on sed command, regular expressions and
+# As this helper is based on sed command, regular expressions and references to
-# references to sub-expressions can be used
+# sub-expressions can be used (see sed manual page for more information)
-# (see sed manual page for more information)
 #
 # Requires YunoHost version 2.6.4 or higher.
 ynh_replace_string () {
@@ -86,14 +85,15 @@ ynh_replace_special_string () {
 }
 
 # Sanitize a string intended to be the name of a database
-# (More specifically : replace - and . by _)
-#
-# example: dbname=$(ynh_sanitize_dbid $app)
 #
 # usage: ynh_sanitize_dbid --db_name=name
 # | arg: -n, --db_name=     - name to correct/sanitize
 # | ret: the corrected name
 #
+# example: dbname=$(ynh_sanitize_dbid $app)
+#
+# Underscorify the string (replace - and . by _)
+#
 # Requires YunoHost version 2.2.4 or higher.
 ynh_sanitize_dbid () {
     # Declare an array to define the options of this helper.

data/helpers.d/systemd

@@ -3,11 +3,12 @@
 # Create a dedicated systemd config
 #
 # usage: ynh_add_systemd_config [--service=service] [--template=template]
-# | arg: -s, --service=     - Service name (optionnal, $app by default)
+# | arg: -s, --service=     - Service name (optionnal, `$app` by default)
-# | arg: -t, --template=    - Name of template file (optionnal, this is 'systemd' by default, meaning ./conf/systemd.service will be used as template)
+# | arg: -t, --template=    - Name of template file (optionnal, this is 'systemd' by default, meaning `../conf/systemd.service` will be used as template)
 #
-# This will use the template ../conf/<templatename>.service
+# This will use the template `../conf/<templatename>.service`.
-# See the documentation of ynh_add_config for a description of the template
+#
+# See the documentation of `ynh_add_config` for a description of the template
 # format and how placeholders are replaced with actual variables.
 #
 # Requires YunoHost version 2.7.11 or higher.
@@ -60,10 +61,10 @@ ynh_remove_systemd_config () {
 # Start (or other actions) a service,  print a log in case of failure and optionnaly wait until the service is completely started
 #
 # usage: ynh_systemd_action [--service_name=service_name] [--action=action] [ [--line_match="line to match"] [--log_path=log_path] [--timeout=300] [--length=20] ]
-# | arg: -n, --service_name= - Name of the service to start. Default : $app
+# | arg: -n, --service_name= - Name of the service to start. Default : `$app`
 # | arg: -a, --action=       - Action to perform with systemctl. Default: start
 # | arg: -l, --line_match=   - Line to match - The line to find in the log to attest the service have finished to boot. If not defined it don't wait until the service is completely started.
-# | arg: -p, --log_path=     - Log file - Path to the log file. Default : /var/log/$app/$app.log
+# | arg: -p, --log_path=     - Log file - Path to the log file. Default : `/var/log/$app/$app.log`
 # | arg: -t, --timeout=      - Timeout - The maximum time to wait before ending the watching. Default : 300 seconds.
 # | arg: -e, --length=       - Length of the error log : Default : 20
 #
@@ -171,14 +172,13 @@ ynh_systemd_action() {
 #
 # Requires YunoHost version 3.5.0 or higher.
 ynh_clean_check_starting () {
-    if [ -n "$pid_tail" ]
+    if [ -n "${pid_tail:-}" ]
     then
         # Stop the execution of tail.
         kill -SIGTERM $pid_tail 2>&1
     fi
-    if [ -n "$templog" ]
+    if [ -n "${templog:-}" ]
     then
         ynh_secure_remove --file="$templog" 2>&1
     fi
 }
-

data/helpers.d/user

@@ -2,11 +2,11 @@
 
 # Check if a YunoHost user exists
 #
-# example: ynh_user_exists 'toto' || exit 1
-#
 # usage: ynh_user_exists --username=username
 # | arg: -u, --username=    - the username to check
-# | exit: Return 1 if the user doesn't exist, 0 otherwise
+# | ret: 0 if the user exists, 1 otherwise.
+#
+# example: ynh_user_exists 'toto' || echo "User does not exist"
 #
 # Requires YunoHost version 2.2.4 or higher.
 ynh_user_exists() {
@@ -22,12 +22,12 @@ ynh_user_exists() {
 
 # Retrieve a YunoHost user information
 #
-# example: mail=$(ynh_user_get_info 'toto' 'mail')
-#
 # usage: ynh_user_get_info --username=username --key=key
 # | arg: -u, --username=    - the username to retrieve info from
 # | arg: -k, --key=         - the key to retrieve
-# | ret: string - the key's value
+# | ret: the value associate to that key
+#
+# example: mail=$(ynh_user_get_info 'toto' 'mail')
 #
 # Requires YunoHost version 2.2.4 or higher.
 ynh_user_get_info() {
@@ -44,10 +44,10 @@ ynh_user_get_info() {
 
 # Get the list of YunoHost users
 #
-# example: for u in $(ynh_user_list); do ...
-#
 # usage: ynh_user_list
-# | ret: string - one username per line
+# | ret: one username per line as strings
+#
+# example: for u in $(ynh_user_list); do ... ; done
 #
 # Requires YunoHost version 2.4.0 or higher.
 ynh_user_list() {
@@ -58,7 +58,7 @@ ynh_user_list() {
 #
 # usage: ynh_system_user_exists --username=username
 # | arg: -u, --username=    - the username to check
-# | exit: Return 1 if the user doesn't exist, 0 otherwise
+# | ret: 0 if the user exists, 1 otherwise.
 #
 # Requires YunoHost version 2.2.4 or higher.
 ynh_system_user_exists() {
@@ -76,7 +76,7 @@ ynh_system_user_exists() {
 #
 # usage: ynh_system_group_exists --group=group
 # | arg: -g, --group=   - the group to check
-# | exit: Return 1 if the group doesn't exist, 0 otherwise
+# | ret: 0 if the group exists, 1 otherwise.
 #
 # Requires YunoHost version 3.5.0.2 or higher.
 ynh_system_group_exists() {
@@ -92,17 +92,20 @@ ynh_system_group_exists() {
 
 # Create a system user
 #
-# examples:
-#   # Create a nextcloud user with no home directory and /usr/sbin/nologin login shell (hence no login capability)
-#   ynh_system_user_create --username=nextcloud
-#   # Create a discourse user using /var/www/discourse as home directory and the default login shell
-#   ynh_system_user_create --username=discourse --home_dir=/var/www/discourse --use_shell 
-#
 # usage: ynh_system_user_create --username=user_name [--home_dir=home_dir] [--use_shell]
 # | arg: -u, --username=    - Name of the system user that will be create
 # | arg: -h, --home_dir=    - Path of the home dir for the user. Usually the final path of the app. If this argument is omitted, the user will be created without home
 # | arg: -s, --use_shell    - Create a user using the default login shell if present. If this argument is omitted, the user will be created with /usr/sbin/nologin shell
 #
+# Create a nextcloud user with no home directory and /usr/sbin/nologin login shell (hence no login capability) :
+# ```
+# ynh_system_user_create --username=nextcloud
+# ```
+# Create a discourse user using /var/www/discourse as home directory and the default login shell :
+# ```
+# ynh_system_user_create --username=discourse --home_dir=/var/www/discourse --use_shell
+# ```
+#
 # Requires YunoHost version 2.6.4 or higher.
 ynh_system_user_create () {
     # Declare an array to define the options of this helper.

data/helpers.d/utils

@@ -21,6 +21,9 @@ YNH_APP_BASEDIR=$([[ "$(basename $0)" =~ ^backup|restore$ ]] && echo '../setting
 # Requires YunoHost version 2.6.4 or higher.
 ynh_exit_properly () {
     local exit_code=$?
+
+    rm -rf "/var/cache/yunohost/download/"
+
     if [ "$exit_code" -eq 0 ]; then
         exit 0	# Exit without error if the script ended correctly
     fi
@@ -48,9 +51,8 @@ ynh_exit_properly () {
 # usage: ynh_abort_if_errors
 #
 # This configure the rest of the script execution such that, if an error occurs
-# or if an empty variable is used, the execution of the script stops
+# or if an empty variable is used, the execution of the script stops immediately
-# immediately and a call to `ynh_clean_setup` is triggered if it has been
+# and a call to `ynh_clean_setup` is triggered if it has been defined by your script.
-# defined by your script.
 #
 # Requires YunoHost version 2.6.4 or higher.
 ynh_abort_if_errors () {
@@ -61,58 +63,53 @@ ynh_abort_if_errors () {
 
 # Download, check integrity, uncompress and patch the source from app.src
 #
-# usage: ynh_setup_source --dest_dir=dest_dir [--source_id=source_id]
+# usage: ynh_setup_source --dest_dir=dest_dir [--source_id=source_id] [--keep="file1 file2"]
 # | arg: -d, --dest_dir=    - Directory where to setup sources
-# | arg: -s, --source_id=   - Name of the app, if the package contains more than one app
+# | arg: -s, --source_id=   - Name of the source, defaults to `app`
+# | arg: -k, --keep=        - Space-separated list of files/folders that will be backup/restored in $dest_dir, such as a config file you don't want to overwrite. For example 'conf.json secrets.json logs/'
 #
-# The file conf/app.src need to contains:
+# This helper will read `conf/${source_id}.src`, download and install the sources.
 #
+# The src file need to contains:
+# ```
 # SOURCE_URL=Address to download the app archive
 # SOURCE_SUM=Control sum
-# # (Optional) Program to check the integrity (sha256sum, md5sum...)
+# # (Optional) Program to check the integrity (sha256sum, md5sum...). Default: sha256
-# # default: sha256
 # SOURCE_SUM_PRG=sha256
-# # (Optional) Archive format
+# # (Optional) Archive format. Default: tar.gz
-# # default: tar.gz
 # SOURCE_FORMAT=tar.gz
-# # (Optional) Put false if sources are directly in the archive root
+# # (Optional) Put false if sources are directly in the archive root. Default: true
-# # default: true
+# # Instead of true, SOURCE_IN_SUBDIR could be the number of sub directories to remove.
-# # Instead of true, SOURCE_IN_SUBDIR could be the number of sub directories
-# # to remove.
 # SOURCE_IN_SUBDIR=false
-# # (Optionnal) Name of the local archive (offline setup support)
+# # (Optionnal) Name of the local archive (offline setup support). Default: ${src_id}.${src_format}
-# # default: ${src_id}.${src_format}
 # SOURCE_FILENAME=example.tar.gz
-# # (Optional) If it set as false don't extract the source.
+# # (Optional) If it set as false don't extract the source. Default: true
 # # (Useful to get a debian package or a python wheel.)
-# # default: true
 # SOURCE_EXTRACT=(true|false)
+# ```
 #
-# Details:
+# The helper will:
-# This helper downloads sources from SOURCE_URL if there is no local source
+# - Check if there is a local source archive in `/opt/yunohost-apps-src/$APP_ID/$SOURCE_FILENAME`
-# archive in /opt/yunohost-apps-src/APP_ID/SOURCE_FILENAME
+# - Download `$SOURCE_URL` if there is no local archive
-#
+# - Check the integrity with `$SOURCE_SUM_PRG -c --status`
-# Next, it checks the integrity with "SOURCE_SUM_PRG -c --status" command.
+# - Uncompress the archive to `$dest_dir`.
-#
+#   - If `$SOURCE_IN_SUBDIR` is true, the first level directory of the archive will be removed.
-# If it's ok, the source archive will be uncompressed in $dest_dir. If the
+#   - If `$SOURCE_IN_SUBDIR` is a numeric value, the N first level directories will be removed.
-# SOURCE_IN_SUBDIR is true, the first level directory of the archive will be
+# - Patches named `sources/patches/${src_id}-*.patch` will be applied to `$dest_dir`
-# removed.
+# - Extra files in `sources/extra_files/$src_id` will be copied to dest_dir
-# If SOURCE_IN_SUBDIR is a numeric value, 2 for example, the 2 first level
-# directories will be removed
-#
-# Finally, patches named sources/patches/${src_id}-*.patch and extra files in
-# sources/extra_files/$src_id will be applied to dest_dir
 #
 # Requires YunoHost version 2.6.4 or higher.
 ynh_setup_source () {
     # Declare an array to define the options of this helper.
-    local legacy_args=ds
+    local legacy_args=dsk
-    local -A args_array=( [d]=dest_dir= [s]=source_id= )
+    local -A args_array=( [d]=dest_dir= [s]=source_id= [k]=keep= )
     local dest_dir
     local source_id
+    local keep
     # Manage arguments with getopts
     ynh_handle_getopts_args "$@"
-    source_id="${source_id:-app}" # If the argument is not given, source_id equals "app"
+    source_id="${source_id:-app}"
+    keep="${keep:-}"
 
     local src_file_path="$YNH_APP_BASEDIR/conf/${source_id}.src"
 
@@ -136,8 +133,13 @@ ynh_setup_source () {
         src_filename="${source_id}.${src_format}"
     fi
 
+
     # (Unused?) mecanism where one can have the file in a special local cache to not have to download it...
     local local_src="/opt/yunohost-apps-src/${YNH_APP_ID}/${src_filename}"
+
+    mkdir -p /var/cache/yunohost/download/${YNH_APP_ID}/
+    src_filename="/var/cache/yunohost/download/${YNH_APP_ID}/${src_filename}"
+
     if test -e "$local_src"
     then
         cp $local_src $src_filename
@@ -157,6 +159,24 @@ ynh_setup_source () {
     echo "${src_sum} ${src_filename}" | ${src_sumprg} --check --status \
         || ynh_die --message="Corrupt source"
 
+    # Keep files to be backup/restored at the end of the helper
+    # Assuming $dest_dir already exists
+    rm -rf /var/cache/yunohost/files_to_keep_during_setup_source/
+    if [ -n "$keep" ] && [ -e "$dest_dir" ]
+    then
+        local keep_dir=/var/cache/yunohost/files_to_keep_during_setup_source/${YNH_APP_ID}
+        mkdir -p $keep_dir
+        local stuff_to_keep
+        for stuff_to_keep in $keep
+        do
+            if [ -e "$dest_dir/$stuff_to_keep" ]
+            then
+                mkdir --parents "$(dirname "$keep_dir/$stuff_to_keep")"
+                cp --archive "$dest_dir/$stuff_to_keep" "$keep_dir/$stuff_to_keep"
+            fi
+        done
+    fi
+
     # Extract source into the app dir
     mkdir --parents "$dest_dir"
 
@@ -197,34 +217,53 @@ ynh_setup_source () {
     fi
 
     # Apply patches
-    if (( $(find $YNH_CWD/../sources/patches/ -type f -name "${source_id}-*.patch" 2> /dev/null | wc --lines) > "0" ))
+    local patches_folder=$(realpath $YNH_APP_BASEDIR/sources/patches/)
+    if (( $(find $patches_folder -type f -name "${source_id}-*.patch" 2> /dev/null | wc --lines) > "0" ))
     then
         (cd "$dest_dir"
-        for p in $YNH_CWD/../sources/patches/${source_id}-*.patch
+        for p in $patches_folder/${source_id}-*.patch
         do
+            echo $p
             patch --strip=1 < $p
         done) || ynh_die --message="Unable to apply patches"
     fi
 
     # Add supplementary files
-    if test -e "$YNH_CWD/../sources/extra_files/${source_id}"; then
+    if test -e "$YNH_APP_BASEDIR/sources/extra_files/${source_id}"; then
-        cp --archive $YNH_CWD/../sources/extra_files/$source_id/. "$dest_dir"
+        cp --archive $YNH_APP_BASEDIR/sources/extra_files/$source_id/. "$dest_dir"
     fi
+
+    # Keep files to be backup/restored at the end of the helper
+    # Assuming $dest_dir already exists
+    if [ -n "$keep" ]
+    then
+        local keep_dir=/var/cache/yunohost/files_to_keep_during_setup_source/${YNH_APP_ID}
+        local stuff_to_keep
+        for stuff_to_keep in $keep
+        do
+            if [ -e "$keep_dir/$stuff_to_keep" ]
+            then
+                mkdir --parents "$(dirname "$dest_dir/$stuff_to_keep")"
+                cp --archive "$keep_dir/$stuff_to_keep" "$dest_dir/$stuff_to_keep"
+            fi
+        done
+    fi
+    rm -rf /var/cache/yunohost/files_to_keep_during_setup_source/
 }
 
 # Curl abstraction to help with POST requests to local pages (such as installation forms)
 #
-# example: ynh_local_curl "/install.php?installButton" "foo=$var1" "bar=$var2"
-#
 # usage: ynh_local_curl "page_uri" "key1=value1" "key2=value2" ...
-# | arg: page_uri    - Path (relative to $path_url) of the page where POST data will be sent
+# | arg: page_uri    - Path (relative to `$path_url`) of the page where POST data will be sent
 # | arg: key1=value1 - (Optionnal) POST key and corresponding value
 # | arg: key2=value2 - (Optionnal) Another POST key and corresponding value
 # | arg: ...         - (Optionnal) More POST keys and values
 #
+# example: ynh_local_curl "/install.php?installButton" "foo=$var1" "bar=$var2"
+#
 # For multiple calls, cookies are persisted between each call for the same app
 #
-# $domain and $path_url should be defined externally (and correspond to the domain.tld and the /path (of the app?))
+# `$domain` and `$path_url` should be defined externally (and correspond to the domain.tld and the /path (of the app?))
 #
 # Requires YunoHost version 2.6.4 or higher.
 ynh_local_curl () {
@@ -265,20 +304,22 @@ ynh_local_curl () {
 
 # Create a dedicated config file from a template
 #
+# usage: ynh_add_config --template="template" --destination="destination"
+# | arg: -t, --template=     - Template config file to use
+# | arg: -d, --destination=    - Destination of the config file
+#
 # examples:
 #    ynh_add_config --template=".env" --destination="$final_path/.env"
 #    ynh_add_config --template="../conf/.env" --destination="$final_path/.env"
 #    ynh_add_config --template="/etc/nginx/sites-available/default" --destination="etc/nginx/sites-available/mydomain.conf"
 #
-# usage: ynh_add_config --template="template" --destination="destination"
-# | arg: -t, --template=     - Template config file to use
-# | arg: -d, --destination=    - Destination of the config file
-#
 # The template can be by default the name of a file in the conf directory
-# of a YunoHost Package, a relative path or an absolute path
+# of a YunoHost Package, a relative path or an absolute path.
-# The helper will use the template $template to generate a config file
+#
-# $destination by replacing the following keywords with global variables
+# The helper will use the template `template` to generate a config file
+# `destination` by replacing the following keywords with global variables
 # that should be defined before calling this helper :
+# ```
 #   __PATH__                by $path_url
 #   __NAME__                by $app
 #   __NAMETOCHANGE__        by $app
@@ -286,15 +327,18 @@ ynh_local_curl () {
 #   __FINALPATH__           by $final_path
 #   __PHPVERSION__          by $YNH_PHP_VERSION
 #   __YNH_NODE_LOAD_PATH__  by $ynh_node_load_PATH
-#
+# ```
 # And any dynamic variables that should be defined before calling this helper like:
+# ```
 #   __DOMAIN__   by $domain
 #   __APP__      by $app
 #   __VAR_1__    by $var_1
 #   __VAR_2__    by $var_2
+# ```
 #
 # The helper will verify the checksum and backup the destination file
 # if it's different before applying the new template.
+#
 # And it will calculate and store the destination file checksum
 # into the app settings when configuration is done.
 #
@@ -553,22 +597,23 @@ ynh_read_manifest () {
 
     if [ ! -e "$manifest" ]; then
         # If the manifest isn't found, try the common place for backup and restore script.
-        manifest="../settings/manifest.json"
+        manifest="$YNH_APP_BASEDIR/manifest.json"
     fi
 
     jq ".$manifest_key" "$manifest" --raw-output
 }
 
-# Read the upstream version from the manifest, or from the env variable $YNH_APP_MANIFEST_VERSION if not given
+# Read the upstream version from the manifest or `$YNH_APP_MANIFEST_VERSION`
 #
 # usage: ynh_app_upstream_version [--manifest="manifest.json"]
 # | arg: -m, --manifest=    - Path of the manifest to read
 # | ret: the version number of the upstream app
 #
-# The version number in the manifest is defined by <upstreamversion>~ynh<packageversion>
+# If the `manifest` is not specified, the envvar `$YNH_APP_MANIFEST_VERSION` will be used.
-# For example : 4.3-2~ynh3
+#
-# This include the number before ~ynh
+# The version number in the manifest is defined by `<upstreamversion>~ynh<packageversion>`.
-# In the last example it return 4.3-2
+#
+# For example, if the manifest contains `4.3-2~ynh3` the function will return `4.3-2`
 #
 # Requires YunoHost version 3.5.0 or higher.
 ynh_app_upstream_version () {
@@ -596,10 +641,9 @@ ynh_app_upstream_version () {
 # | arg: -m, --manifest=    - Path of the manifest to read
 # | ret: the version number of the package
 #
-# The version number in the manifest is defined by <upstreamversion>~ynh<packageversion>
+# The version number in the manifest is defined by `<upstreamversion>~ynh<packageversion>`.
-# For example : 4.3-2~ynh3
+#
-# This include the number after ~ynh
+# For example, if the manifest contains `4.3-2~ynh3` the function will return `3`
-# In the last example it return 3
 #
 # Requires YunoHost version 3.5.0 or higher.
 ynh_app_package_version () {
@@ -616,18 +660,16 @@ ynh_app_package_version () {
 
 # Checks the app version to upgrade with the existing app version and returns:
 #
-# - UPGRADE_PACKAGE if only the YunoHost package has changed
+# usage: ynh_check_app_version_changed
-# - UPGRADE_APP otherwise
+# | ret: `UPGRADE_APP` if the upstream version changed, `UPGRADE_PACKAGE` otherwise.
 #
 # This helper should be used to avoid an upgrade of an app, or the upstream part
 # of it, when it's not needed
 #
-# To force an upgrade, even if the package is up to date,
+# You can force an upgrade, even if the package is up to date, with the `--force` (or `-F`) argument :
-# you have to use the parameter --force (or -F).
+# ```
-# example: sudo yunohost app upgrade MyApp --force
+# sudo yunohost app upgrade <appname> --force
-#
+# ```
-# usage: ynh_check_app_version_changed
-#
 # Requires YunoHost version 3.5.0 or higher.
 ynh_check_app_version_changed () {
     local return_value=${YNH_APP_UPGRADE_TYPE}
@@ -641,24 +683,23 @@ ynh_check_app_version_changed () {
 }
 
 # Compare the current package version against another version given as an argument.
-# This is really useful when we need to do some actions only for some old package versions.
+#
+# usage: ynh_compare_current_package_version --comparison (lt|le|eq|ne|ge|gt) --version <X~ynhY>
+# | arg: --comparison - Comparison type. Could be : `lt` (lower than), `le` (lower or equal), `eq` (equal), `ne` (not equal), `ge` (greater or equal), `gt` (greater than)
+# | arg: --version - The version to compare. Need to be a version in the yunohost package version type (like `2.3.1~ynh4`)
+# | ret: 0 if the evaluation is true, 1 if false.
 #
 # example: ynh_compare_current_package_version --comparison lt --version 2.3.2~ynh1
-# This example will check if the installed version is lower than (lt) the version 2.3.2~ynh1
 #
-# Generally you might probably use it as follow in the upgrade script
+# This helper is usually used when we need to do some actions only for some old package versions.
 #
+# Generally you might probably use it as follow in the upgrade script :
+# ```
 # if ynh_compare_current_package_version --comparison lt --version 2.3.2~ynh1
 # then
 #     # Do something that is needed for the package version older than 2.3.2~ynh1
 # fi
-#
+# ```
-# usage: ynh_compare_current_package_version --comparison lt|le|eq|ne|ge|gt
-# | arg: --comparison - Comparison type. Could be : lt (lower than), le (lower or equal),
-# | eq (equal), ne (not equal), ge (greater or equal), gt (greater than)
-# | arg: --version - The version to compare. Need to be a version in the yunohost package version type (like 2.3.1~ynh4)
-#
-# Return 0 if the evaluation is true. 1 if false.
 #
 # Requires YunoHost version 3.8.0 or higher.
 ynh_compare_current_package_version() {
@@ -679,7 +720,7 @@ ynh_compare_current_package_version() {
 
     # Check validity of the comparator
     if [[ ! $comparison =~ (lt|le|eq|ne|ge|gt) ]]; then
-        ynh_die --message="Invialid comparator must be : lt, le, eq, ne, ge, gt"
+        ynh_die --message="Invalid comparator must be : lt, le, eq, ne, ge, gt"
     fi
 
     # Return the return value of dpkg --compare-versions

data/hooks/conf_regen/01-yunohost

@@ -50,6 +50,8 @@ do_init_regen() {
   chown root:root /etc/ssowat/conf.json.persistent
 
   mkdir -p /var/cache/yunohost/repo
+  chown root:root /var/cache/yunohost
+  chmod 700 /var/cache/yunohost
 }
 
 do_pre_regen() {
@@ -142,6 +144,11 @@ do_post_regen() {
   # Enfore permissions #
   ######################
 
+  chmod 750 /home/yunohost.conf
+  chmod 750 /home/yunohost.backup
+  chmod 750 /home/yunohost.backup/archives
+  chown root:root /home/yunohost.conf
+  chown admin:root /home/yunohost.backup
   chown admin:root /home/yunohost.backup/archives
 
   # Certs
@@ -155,6 +162,10 @@ do_post_regen() {
   find /etc/cron.d/yunohost-* -type f -exec chmod 644 {} \;
   find /etc/cron.*/yunohost-* -type f -exec chown root:root {} \;
 
+  chown root:root /var/cache/yunohost
+  chmod 700 /var/cache/yunohost
+
+
   # Misc configuration / state files
   chown root:root $(ls /etc/yunohost/{*.yml,*.yaml,*.json,mysql,psql} 2>/dev/null)
   chmod 600 $(ls /etc/yunohost/{*.yml,*.yaml,*.json,mysql,psql} 2>/dev/null)

data/hooks/diagnosis/14-ports.py

@@ -43,7 +43,7 @@ class PortsDiagnoser(Diagnoser):
         for ipversion in ipversions:
             try:
                 r = Diagnoser.remote_diagnosis(
-                    "check-ports", data={"ports": ports.keys()}, ipversion=ipversion
+                    "check-ports", data={"ports": list(ports)}, ipversion=ipversion
                 )
                 results[ipversion] = r["ports"]
             except Exception as e:

data/hooks/diagnosis/50-systemresources.py

@@ -77,7 +77,7 @@ class SystemResourcesDiagnoser(Diagnoser):
 
         # Ignore /dev/loop stuff which are ~virtual partitions ? (e.g. mounted to /snap/)
         disk_partitions = [
-            d for d in disk_partitions if not d.device.startswith("/dev/loop")
+            d for d in disk_partitions if d.mountpoint in ["/", "/var"] or not d.device.startswith("/dev/loop")
         ]
 
         for disk_partition in disk_partitions:
@@ -139,7 +139,7 @@ class SystemResourcesDiagnoser(Diagnoser):
                 status="ERROR",
                 summary="diagnosis_rootfstotalspace_critical",
             )
-        if main_space < 14 * GB:
+        elif main_space < 14 * GB:
             yield dict(
                 meta={"test": "rootfstotalspace"},
                 data={"space": human_size(main_space)},

debian/changelog

@@ -1,8 +1,45 @@
-yunohost (4.2) unstable; urgency=low
+yunohost (4.2.0) testing; urgency=low
 
-  - Placeholder for 4.2 to satisfy CI / debian build during dev
+  - [mod] Python2 -> Python3 ([#1116](https://github.com/yunohost/yunohost/pull/1116), a97a9df3, 1387dff4, b53859db, f5ab4443, f9478b93, dc6033c3)
+  - [mod] refactoring: Drop legacy-way of passing arguments in hook_exec, prevent exposing secrets in command line args ([#1096](https://github.com/yunohost/yunohost/pull/1096))
+  - [mod] refactoring: use regen_conf instead of service_regen_conf in settings.py (9c11fd58)
+  - [mod] refactoring: More consistent local CA management for simpler postinstall ([#1062](https://github.com/yunohost/yunohost/pull/1062))
+  - [mod] refactoring: init folders during .deb install instead of regen conf ([#1063](https://github.com/yunohost/yunohost/pull/1063))
+  - [mod] refactoring: init ldap before the postinstall ([#1064](https://github.com/yunohost/yunohost/pull/1064))
+  - [mod] refactoring: simpler and more consistent logging initialization ([#1119](https://github.com/yunohost/yunohost/pull/1119), 0884a0c1)
+  - [mod] code-quality: add CI job to auto-format code, fix linter errors ([#1142](https://github.com/yunohost/yunohost/pull/1142), [#1161](https://github.com/yunohost/yunohost/pull/1161), 97f26015, [#1162](https://github.com/yunohost/yunohost/pull/1162))
+  - [mod] misc: Prevent the installation of apache2 ... ([#1148](https://github.com/yunohost/yunohost/pull/1148))
+  - [mod] misc: Drop old cache rules for .ms files, not relevant anymore ([#1150](https://github.com/yunohost/yunohost/pull/1150))
+  - [fix] misc: Abort postinstall if /etc/yunohost/apps ain't empty ([#1147](https://github.com/yunohost/yunohost/pull/1147))
+  - [mod] misc: No need for mysql root password anymore ([#912](https://github.com/YunoHost/yunohost/pull/912))
+  - [fix] app operations: wait for services to finish reloading (4a19a60b)
+  - [enh] ux: Improve error semantic such that the webadmin can autoredirect to the proper log view ([#1077](https://github.com/yunohost/yunohost/pull/1077), [#1187](https://github.com/YunoHost/yunohost/pull/1187))
+  - [mod] cli/api: Misc command and routes renaming / aliasing ([#1146](https://github.com/yunohost/yunohost/pull/1146))
+  - [enh] cli: Add a new "yunohost app search" command ([#1070](https://github.com/yunohost/yunohost/pull/1070))
+  - [enh] cli: Add '--remove-apps' (and '--force') options to "yunohost domain remove" ([#1125](https://github.com/yunohost/yunohost/pull/1125))
+  - [enh] diagnosis: Report low total space for rootfs ([#1145](https://github.com/yunohost/yunohost/pull/1145))
+  - [fix] upnp: Handle port closing ([#1154](https://github.com/yunohost/yunohost/pull/1154))
+  - [fix] dyndns: clean old madness, improve update strategy, improve cron management, delete dyndns key upon domain removal ([#1149](https://github.com/yunohost/yunohost/pull/1149))
+  - [enh] helpers: Adding composer helper ([#1090](https://github.com/yunohost/yunohost/pull/1090))
+  - [enh] helpers: Upgrade n to v7.0.2 ([#1178](https://github.com/yunohost/yunohost/pull/1178))
+  - [enh] helpers: Add multimedia helpers and hooks ([#1129](https://github.com/yunohost/yunohost/pull/1129), 47420c62)
+  - [enh] helpers: Normalize conf template handling for nginx, php-fpm, systemd and fail2ban using ynh_add_config ([#1118](https://github.com/yunohost/yunohost/pull/1118))
+  - [fix] helpers, doc: Update template for the new doc (grav) ([#1167](https://github.com/yunohost/yunohost/pull/1167), [#1168](https://github.com/yunohost/yunohost/pull/1168), 59d3e387)
+  - [enh] helpers: Define YNH_APP_BASEDIR to be able to properly point to conf folder depending on the app script we're running ([#1172](https://github.com/yunohost/yunohost/pull/1172))
+  - [enh] helpers: Use jq / output-as json to get info from yunohost commands instead of scraping with grep ([#1160](https://github.com/yunohost/yunohost/pull/1160))
+  - [fix] helpers: Misc fixes/enh (b85d959d, db93b82b, ce04570b, 07f8d6d7)
+  - [fix] helpers: download ynh_setup_source stuff in /var/cache/yunohost to prevent situations where it ends up in /etc/yunohost/apps/ (d98ec6ce)
+  - [i18n] Translations updated for Catalan, Chinese (Simplified), Czech, Dutch, French, German, Italian, Occitan, Polish
 
- -- Alexandre Aubin <alex.aubin@mailoo.org>  Wed, 20 Jan 2021 05:19:58 +0100
+  Thanks to all contributors <3 ! (Bram, Christian W., Daniel, Dave, Éric G., Félix P., Flavio C., Kay0u, Krzysztof N., ljf, Mathieu M., Miloš K., MrMorals, Nils V.Z., penguin321, ppr, Quentí, Radek S, Scapharnaum, Sébastien M., xaloc33, yalh76, Yifei D.)
+ 
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Thu, 25 Mar 2021 01:00:00 +0100
+
+yunohost (4.1.7.4) stable; urgency=low
+
+  - [fix] sec: Enforce permissions for /home/yunohost.backup and .conf (41b5a123)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Thu, 11 Mar 2021 03:08:10 +0100
 
 yunohost (4.1.7.3) stable; urgency=low
 

locales/cs.json

@@ -1,3 +1,13 @@
 {
-    "password_too_simple_1": "Heslo musí být aspoň 8 znaků dlouhé"
+    "password_too_simple_1": "Heslo musí být aspoň 8 znaků dlouhé",
+    "app_already_installed": "{app:s} je již nainstalován/a",
+    "already_up_to_date": "Neprovedena žádná akce. Vše je již aktuální.",
+    "admin_password_too_long": "Zvolte prosím heslo kratší než 127 znaků",
+    "admin_password_changed": "Heslo správce bylo změněno",
+    "admin_password_change_failed": "Nebylo možné změnit heslo",
+    "admin_password": "Heslo správce",
+    "additional_urls_already_removed": "Dotatečný odkaz '{url:s}' byl již odebrán u oprávnění '{permission:s}'",
+    "additional_urls_already_added": "Dotatečný odkaz '{url:s}' byl již přidán v dodatečných odkazech pro oprávnění '{permission:s}'",
+    "action_invalid": "Nesprávné akce '{action:s}'",
+    "aborting": "Přerušení."
 }

locales/de.json

@@ -79,7 +79,7 @@
     "ldap_initialized": "LDAP wurde initialisiert",
     "mail_alias_remove_failed": "E-Mail Alias '{mail:s}' konnte nicht entfernt werden",
     "mail_domain_unknown": "Die Domäne '{domain:s}' dieser E-Mail-Adresse ist ungültig. Wähle bitte eine Domäne, welche durch diesen Server verwaltet wird.",
-    "mail_forward_remove_failed": "Mailweiterleitung '{mail:s}' konnte nicht entfernt werden",
+    "mail_forward_remove_failed": "Die Weiterleitungs-E-Mail '{mail:s}' konnte nicht gelöscht werden",
     "main_domain_change_failed": "Die Hauptdomain konnte nicht geändert werden",
     "main_domain_changed": "Die Hauptdomain wurde geändert",
     "no_internet_connection": "Der Server ist nicht mit dem Internet verbunden",
@@ -176,7 +176,7 @@
     "certmanager_cannot_read_cert": "Es ist ein Fehler aufgetreten, als es versucht wurde das aktuelle Zertifikat für die Domain {domain:s} zu öffnen (Datei: {file:s}), Grund: {reason:s}",
     "certmanager_cert_install_success_selfsigned": "Ein selbstsigniertes Zertifikat für die Domain {domain:s} wurde erfolgreich installiert",
     "certmanager_cert_install_success": "Für die Domain {domain:s} wurde erfolgreich ein Let's Encrypt Zertifikat installiert.",
-    "certmanager_cert_renew_success": "Das Let's Encrypt Zertifikat für die Domain {domain:s} wurde erfolgreich erneuert.",
+    "certmanager_cert_renew_success": "Das Let's Encrypt Zertifikat für die Domain {domain:s} wurde erfolgreich erneuert",
     "certmanager_hit_rate_limit": "Es wurden innerhalb kurzer Zeit zu viele Zertifikate für dieselbe Domain {domain:s} ausgestellt. Bitte versuchen Sie es später nochmal. Besuchen Sie https://letsencrypt.org/docs/rate-limits/ für mehr Informationen",
     "certmanager_cert_signing_failed": "Das neue Zertifikat konnte nicht signiert werden",
     "certmanager_no_cert_file": "Die Zertifikatsdatei für die Domain {domain:s} (Datei: {file:s}) konnte nicht gelesen werden",
@@ -337,7 +337,7 @@
     "diagnosis_found_errors": "Habe {errors} erhebliche(s) Problem(e) in Verbindung mit {category} gefunden!",
     "diagnosis_found_warnings": "Habe {warnings} Ding(e) gefunden, die verbessert werden könnten für {category}.",
     "diagnosis_ip_dnsresolution_working": "Domänen-Namens-Auflösung funktioniert!",
-    "diagnosis_ip_weird_resolvconf": "DNS Auflösung scheint zu funktionieren, aber seien Sie vorsichtig wenn Sie eine eigene <code>/etc/resolv.conf</code> verwendest.",
+    "diagnosis_ip_weird_resolvconf": "DNS Auflösung scheint zu funktionieren, aber seien Sie vorsichtig wenn Sie Ihren eigenen <code>/etc/resolv.conf</code> verwenden.",
     "diagnosis_display_tip": "Um die gefundenen Probleme zu sehen, können Sie zum Diagnose-Bereich des webadmin gehen, oder 'yunohost diagnosis show --issues' in der Kommandozeile ausführen.",
     "backup_archive_corrupted": "Das Backup-Archiv '{archive}' scheint beschädigt: {error}",
     "backup_archive_cant_retrieve_info_json": "Die Informationen für das Archiv '{archive}' konnten nicht geladen werden... Die Datei info.json wurde nicht gefunden (oder ist kein gültiges json).",
@@ -359,7 +359,7 @@
     "diagnosis_domain_expiration_error": "Einige Domänen werden SEHR BALD ablaufen!",
     "diagnosis_domain_expiration_success": "Deine Domänen sind registriert und werden in nächster Zeit nicht ablaufen.",
     "diagnosis_domain_not_found_details": "Die Domäne {domain} existiert nicht in der WHOIS-Datenbank oder sie ist abgelaufen!",
-    "diagnosis_domain_expiration_not_found": "Konnte die Ablaufdaten für einige Domänen nicht überprüfen.",
+    "diagnosis_domain_expiration_not_found": "Das Ablaufdatum einiger Domains kann nicht überprüft werden",
     "diagnosis_dns_try_dyndns_update_force": "Die DNS-Konfiguration dieser Domäne sollte automatisch von Yunohost verwaltet werden. Andernfalls können Sie mittels <cmd>yunohost dyndns update --force</cmd> ein Update erzwingen.",
     "diagnosis_dns_point_to_doc": "Bitte schauen Sie in die Dokumentation unter <a href='https://yunohost.org/dns_config'>https://yunohost.org/dns_config</a> wenn Sie Hilfe bei der Konfiguration der DNS-Einträge brauchen.",
     "diagnosis_dns_discrepancy": "Der folgende DNS-Eintrag scheint nicht den empfohlenen Einstellungen zu entsprechen: <br>Typ: <code>{type}</code><br>Name: <code>{name}</code><br> Aktueller Wert: <code>{current}</code><br> Erwarteter Wert: <code>{value}</code>",
@@ -574,5 +574,47 @@
     "password_listed": "Dieses Passwort gehört zu den meistverwendeten der Welt. Bitte nehmen Sie etwas einzigartigeres.",
     "operation_interrupted": "Wurde die Operation manuell unterbrochen?",
     "invalid_number": "Muss eine Zahl sein",
-    "migrations_to_be_ran_manually": "Die Migration {id} muss manuell durchgeführt werden. Bitte gehen Sie zu Werkzeuge → Migrationen auf der Webadmin-Seite oder führen Sie 'yunohost tools migrations run' aus."
+    "migrations_to_be_ran_manually": "Die Migration {id} muss manuell durchgeführt werden. Bitte gehen Sie zu Werkzeuge → Migrationen auf der Webadmin-Seite oder führen Sie 'yunohost tools migrations run' aus.",
+    "permission_already_up_to_date": "Die Berechtigung wurde nicht aktualisiert, weil die Anfragen für Hinzufügen/Entfernen stimmen mit dem aktuellen Status bereits überein",
+    "permission_already_exist": "Berechtigung '{permission}' existiert bereits",
+    "permission_already_disallowed": "Für die Gruppe '{group}' wurde die Berechtigung '{permission}' deaktiviert",
+    "permission_already_allowed": "Die Gruppe '{group}' hat die Berechtigung '{permission}' bereits erhalten",
+    "pattern_password_app": "Entschuldigen Sie bitte! Passwörter dürfen folgende Zeichen nicht enthalten: {forbidden_chars}",
+    "pattern_email_forward": "Es muss sich um eine gültige E-Mail-Adresse handeln. Das Symbol '+' wird akzeptiert (zum Beispiel : maxmuster@beispiel.com oder maxmuster+yunohost@beispiel.com)",
+    "password_too_simple_4": "Dass Passwort muss mindestens 12 Zeichen lang sein und Zahlen, Klein- und Grossbuchstaben und Sonderzeichen enthalten",
+    "password_too_simple_3": "Das Passwort muss mindestens 8 Zeichen lang sein und Zahlen, Klein- und Grossbuchstaben und Sonderzeichen enthalten",
+    "regenconf_file_manually_removed": "Die Konfigurationsdatei '{conf}' wurde manuell gelöscht und wird nicht erstellt",
+    "regenconf_file_manually_modified": "Die Konfigurationsdatei '{conf}' wurde manuell bearbeitet und wird nicht aktualisiert",
+    "regenconf_file_kept_back": "Die Konfigurationsdatei '{conf}' sollte von \"regen-conf\" (Kategorie {category}) gelöscht werden, wurde aber beibehalten.",
+    "regenconf_file_copy_failed": "Die neue Konfigurationsdatei '{new}' kann nicht nach '{conf}' kopiert werden",
+    "regenconf_file_backed_up": "Die Konfigurationsdatei '{conf}' wurde unter '{backup}' gespeichert",
+    "permission_require_account": "Berechtigung {permission} ist nur für Benutzer mit einem Konto sinnvoll und kann daher nicht für Besucher aktiviert werden.",
+    "permission_protected": "Die Berechtigung ist geschützt. Sie können die Besuchergruppe nicht zu dieser Berechtigung hinzufügen oder daraus entfernen.",
+    "permission_updated": "Berechtigung '{permission:s}' aktualisiert",
+    "permission_update_failed": "Die Berechtigung '{permission}' kann nicht aktualisiert werden : {error}",
+    "permission_not_found": "Berechtigung nicht gefunden",
+    "permission_deletion_failed": "Entfernung der Berechtigung nicht möglich '{permission}': {error}",
+    "permission_deleted": "Berechtigung gelöscht",
+    "permission_currently_allowed_for_all_users": "Diese Berechtigung wird derzeit allen Benutzern zusätzlich zu anderen Gruppen erteilt. Möglicherweise möchten Sie entweder die Berechtigung 'all_users' entfernen oder die anderen Gruppen entfernen, für die sie derzeit zulässig sind.",
+    "permission_creation_failed": "Berechtigungserstellung nicht möglich '{permission}' : {error}",
+    "permission_created": "Berechtigung '{permission: s}' erstellt",
+    "permission_cannot_remove_main": "Entfernung einer Hauptberechtigung nicht genehmigt",
+    "regenconf_file_updated": "Konfigurationsdatei '{conf}' aktualisiert",
+    "regenconf_file_removed": "Konfigurationsdatei '{conf}' entfernt",
+    "regenconf_file_remove_failed": "Konnte die Konfigurationsdatei '{conf}' nicht entfernen",
+    "postinstall_low_rootfsspace": "Das Root-Filesystem hat insgesamt weniger als 10GB freien Speicherplatz zur Verfügung, was ziemlich besorgniserregend ist! Sie werden sehr bald keinen freien Speicherplatz mehr haben! Für das Root-Filesystem werden mindestens 16GB empfohlen. Wenn Sie YunoHost trotz dieser Warnung installieren wollen, wiederholen Sie den Befehl mit --force-diskspace",
+    "regenconf_up_to_date": "Die Konfiguration ist bereits aktuell für die Kategorie '{category}'",
+    "regenconf_now_managed_by_yunohost": "Die Konfigurationsdatei '{conf}' wird jetzt von YunoHost (Kategorie {category}) verwaltet.",
+    "regenconf_updated": "Konfiguration aktualisiert für '{category}'",
+    "regenconf_pending_applying": "Wende die anstehende Konfiguration für die Kategorie {category} an...",
+    "regenconf_failed": "Konnte die Konfiguration für die Kategorie(n) {categories} nicht neu erstellen",
+    "regenconf_dry_pending_applying": "Überprüfe die anstehende Konfiguration, welche für die Kategorie {category}' aktualisiert worden wäre…",
+    "regenconf_would_be_updated": "Die Konfiguration wäre für die Kategorie '{category}' aktualisiert worden",
+    "restore_system_part_failed": "Die Systemteile '{part:s}' konnten nicht wiederhergestellt werden",
+    "restore_removing_tmp_dir_failed": "Ein altes, temporäres Directory konnte nicht entfernt werden",
+    "restore_not_enough_disk_space": "Nicht genug Speicher (Speicher: {free_space:d} B, benötigter Speicher: {needed_space:d} B, Sicherheitspuffer: {margin:d} B)",
+    "restore_may_be_not_enough_disk_space": "Dein System scheint nicht genug Speicherplatz zu haben (frei: {free_space:d} B, benötigter Platz: {needed_space:d} B, Sicherheitspuffer: {margin:d} B)",
+    "restore_extracting": "Packe die benötigten Dateien aus dem Archiv aus…",
+    "restore_already_installed_apps": "Folgende Apps können nicht wiederhergestellt werden, weil sie schon installiert sind: {apps}",
+    "regex_with_only_domain": "Du kannst regex nicht als Domain verwenden, sondern nur als Pfad"
 }

locales/it.json

@@ -674,5 +674,9 @@
     "diagnosis_mail_blacklist_reason": "Il motivo della blacklist è: {reason}",
     "diagnosis_mail_blacklist_listed_by": "Il tuo IP o dominio <code>{item}</code> è nella blacklist {blacklist_name}",
     "diagnosis_backports_in_sources_list": "Sembra che apt (il package manager) sia configurato per utilizzare le backport del repository. A meno che tu non sappia quello che stai facendo, scoraggiamo fortemente di installare pacchetti tramite esse, perché ci sono alte probabilità di creare conflitti con il tuo sistema.",
-    "diagnosis_basesystem_hardware_model": "Modello server: {model}"
+    "diagnosis_basesystem_hardware_model": "Modello server: {model}",
+    "postinstall_low_rootfsspace": "La radice del filesystem ha uno spazio totale inferiore ai 10 GB, ed è piuttosto preoccupante! Consumerai tutta la memoria molto velocemente! Raccomandiamo di avere almeno 16 GB per la radice del filesystem. Se vuoi installare YunoHost ignorando questo avviso, esegui nuovamente il postinstall con l'argomento --force-diskspace",
+    "domain_remove_confirm_apps_removal": "Rimuovere questo dominio rimuoverà anche le seguenti applicazioni:\n{apps}\n\nSei sicuro di voler continuare? [{answers}]",
+    "diagnosis_rootfstotalspace_critical": "La radice del filesystem ha un totale di solo {space}, ed è piuttosto preoccupante! Probabilmente consumerai tutta la memoria molto velocemente! Raccomandiamo di avere almeno 16 GB per la radice del filesystem.",
+    "diagnosis_rootfstotalspace_warning": "La radice del filesystem ha un totale di solo {space}. Potrebbe non essere un problema, ma stai attento perché potresti consumare tutta la memoria velocemente... Raccomandiamo di avere almeno 16 GB per la radice del filesystem."
 }

locales/oc.json

@@ -327,7 +327,7 @@
     "log_user_delete": "Levar l’utilizaire « {} »",
     "log_user_update": "Actualizar las informacions de l’utilizaire « {} »",
     "log_domain_main_domain": "Far venir « {} » lo domeni màger",
-    "log_tools_migrations_migrate_forward": "Migrar",
+    "log_tools_migrations_migrate_forward": "Executar las migracions",
     "log_tools_postinstall": "Realizar la post installacion del servidor YunoHost",
     "log_tools_upgrade": "Actualizacion dels paquets sistèma",
     "log_tools_shutdown": "Atudar lo servidor",
@@ -340,8 +340,8 @@
     "migration_0005_not_enough_space": "I a pas pro d’espaci disponible sus {path} per lançar la migracion d’aquela passa :(.",
     "service_description_php7.0-fpm": "executa d’aplicacions escrichas en PHP amb nginx",
     "users_available": "Lista dels utilizaires disponibles :",
-    "good_practices_about_admin_password": "Sètz per definir un nòu senhal per l’administracion. Lo senhal deu almens conténer 8 caractèrs - encara que siá de bon far d’utilizar un senhal mai long qu’aquò (ex. una passafrasa) e/o d’utilizar mantun tipes de caractèrs (majuscula, minuscula, nombre e caractèrs especials).",
+    "good_practices_about_admin_password": "Sètz per definir un nòu senhal per l’administracion. Lo senhal deu almens conténer 8 caractèrs - encara que siá de bon far d’utilizar un senhal mai long qu’aquò (ex. una passafrasa) e/o d’utilizar mantun tipe de caractèrs (majuscula, minuscula, nombre e caractèrs especials).",
-    "good_practices_about_user_password": "Sètz a mand de definir un nòu senhal d’utilizaire. Lo nòu senhal deu conténer almens 8 caractèrs, es de bon far d’utilizar un senhal mai long (es a dire una frasa de senhal) e/o utilizar mantuns tipes de caractèrs (majusculas, minusculas, nombres e caractèrs especials).",
+    "good_practices_about_user_password": "Sètz a mand de definir un nòu senhal d’utilizaire. Lo nòu senhal deu conténer almens 8 caractèrs, es de bon far d’utilizar un senhal mai long (es a dire una frasa de senhal) e/o utilizar mantun tipe de caractèrs (majusculas, minusculas, nombres e caractèrs especials).",
     "migration_description_0006_sync_admin_and_root_passwords": "Sincronizar los senhals admin e root",
     "migration_0006_disclaimer": "Ara YunoHost s’espèra que los senhals admin e root sián sincronizats. En lançant aquesta migracion, vòstre senhal root serà remplaçat pel senhal admin.",
     "password_listed": "Aqueste senhal es un dels mai utilizats al monde. Se vos plai utilizatz-ne un mai unic.",
@@ -593,5 +593,19 @@
     "app_argument_password_no_default": "Error pendent l’analisi de l’argument del senhal « {name} » : l’argument de senhal pòt pas aver de valor per defaut per de rason de seguretat",
     "app_label_deprecated": "Aquesta comanda es estada renduda obsolèta. Mercés d'utilizar lo nòva \"yunohost user permission update\" per gerir letiquetada de l'aplication",
     "additional_urls_already_removed": "URL addicionala {url:s} es ja estada elimida per la permission «#permission:s»",
-    "additional_urls_already_added": "URL addicionadal «{url:s}'» es ja estada aponduda per la permission «{permission:s}»"
+    "additional_urls_already_added": "URL addicionadal «{url:s}'» es ja estada aponduda per la permission «{permission:s}»",
+    "migration_0015_yunohost_upgrade": "Aviada de la mesa a jorn de YunoHost...",
+    "migration_0015_main_upgrade": "Aviada de la mesa a nivèl generala...",
+    "migration_0015_patching_sources_list": "Mesa a jorn del fichièr sources.lists...",
+    "migration_0015_start": "Aviar la migracion cap a Buster",
+    "migration_description_0017_postgresql_9p6_to_11": "Migrar las basas de donadas de PostgreSQL 9.6 cap a 11",
+    "migration_description_0016_php70_to_php73_pools": "Migrar los fichièrs de configuracion php7.0 cap a php7.3",
+    "migration_description_0015_migrate_to_buster": "Mesa a nivèl dels sistèmas Debian Buster e YunoHost 4.x",
+    "migrating_legacy_permission_settings": "Migracion dels paramètres de permission ancians...",
+    "log_app_config_apply": "Aplicar la configuracion a l’aplicacion « {} »",
+    "log_app_config_show_panel": "Mostrar lo panèl de configuracion de l’aplicacion « {} »",
+    "log_app_action_run": "Executar l’accion de l’aplicacion « {} »",
+    "diagnosis_basesystem_hardware_model": "Lo modèl del servidor es {model}",
+    "backup_archive_cant_retrieve_info_json": "Obtencion impossibla de las informacions de l’archiu « {archive} »... Se pòt pas recuperar lo fichièr info.json (o es pas un fichièr json valid).",
+    "app_packaging_format_not_supported": "Se pòt pas installar aquesta aplicacion pr’amor que son format es pas pres en carga per vòstra version de YunoHost. Deuriatz considerar actualizar lo sistèma."
 }

locales/pl.json

@@ -1,3 +1,12 @@
 {
-    "password_too_simple_1": "Hasło musi mieć co najmniej 8 znaków"
+    "password_too_simple_1": "Hasło musi mieć co najmniej 8 znaków",
+    "app_already_up_to_date": "{app:s} jest obecnie aktualna",
+    "app_already_installed": "{app:s} jest już zainstalowane",
+    "already_up_to_date": "Nic do zrobienia. Wszystko jest obecnie aktualne.",
+    "admin_password_too_long": "Proszę wybrać hasło krótsze niż 127 znaków",
+    "admin_password_changed": "Hasło administratora zostało zmienione",
+    "admin_password_change_failed": "Nie można zmienić hasła",
+    "admin_password": "Hasło administratora",
+    "action_invalid": "Nieprawidłowa operacja '{action:s}'",
+    "aborting": "Przerywanie."
 }

src/yunohost/app.py

@@ -52,7 +52,7 @@ from moulinette.utils.filesystem import (
 
 from yunohost.service import service_status, _run_service_command
 from yunohost.utils import packages
-from yunohost.utils.error import YunohostError
+from yunohost.utils.error import YunohostError, YunohostValidationError
 from yunohost.log import is_unit_operation, OperationLogger
 
 logger = getActionLogger("yunohost.app")
@@ -189,7 +189,7 @@ def app_info(app, full=False):
     from yunohost.permission import user_permission_list
 
     if not _is_installed(app):
-        raise YunohostError(
+        raise YunohostValidationError(
             "app_not_installed", app=app, all_apps=_get_all_installed_apps_id()
         )
 
@@ -254,8 +254,9 @@ def _app_upgradable(app_infos):
         return "url_required"
 
     # Do not advertise upgrades for bad-quality apps
+    level = app_in_catalog.get("level", -1)
     if (
-        not app_in_catalog.get("level", -1) >= 5
+        not (isinstance(level, int) and level >= 5)
         or app_in_catalog.get("state") != "working"
     ):
         return "bad_quality"
@@ -318,7 +319,7 @@ def app_map(app=None, raw=False, user=None):
 
     if app is not None:
         if not _is_installed(app):
-            raise YunohostError(
+            raise YunohostValidationError(
                 "app_not_installed", app=app, all_apps=_get_all_installed_apps_id()
             )
         apps = [
@@ -418,14 +419,14 @@ def app_change_url(operation_logger, app, domain, path):
 
     installed = _is_installed(app)
     if not installed:
-        raise YunohostError(
+        raise YunohostValidationError(
             "app_not_installed", app=app, all_apps=_get_all_installed_apps_id()
         )
 
     if not os.path.exists(
         os.path.join(APPS_SETTING_PATH, app, "scripts", "change_url")
     ):
-        raise YunohostError("app_change_url_no_script", app_name=app)
+        raise YunohostValidationError("app_change_url_no_script", app_name=app)
 
     old_domain = app_setting(app, "domain")
     old_path = app_setting(app, "path")
@@ -435,7 +436,7 @@ def app_change_url(operation_logger, app, domain, path):
     domain, path = _normalize_domain_path(domain, path)
 
     if (domain, path) == (old_domain, old_path):
-        raise YunohostError(
+        raise YunohostValidationError(
             "app_change_url_identical_domains", domain=domain, path=path
         )
 
@@ -548,12 +549,12 @@ def app_upgrade(app=[], url=None, file=None, force=False):
 
     # Abort if any of those app is in fact not installed..
     for app in [app_ for app_ in apps if not _is_installed(app_)]:
-        raise YunohostError(
+        raise YunohostValidationError(
             "app_not_installed", app=app, all_apps=_get_all_installed_apps_id()
         )
 
     if len(apps) == 0:
-        raise YunohostError("apps_already_up_to_date")
+        raise YunohostValidationError("apps_already_up_to_date")
     if len(apps) > 1:
         logger.info(m18n.n("app_upgrade_several_apps", apps=", ".join(apps)))
 
@@ -877,11 +878,11 @@ def app_install(
         confirm_install("thirdparty")
         manifest, extracted_app_folder = _extract_app_from_file(app)
     else:
-        raise YunohostError("app_unknown")
+        raise YunohostValidationError("app_unknown")
 
     # Check ID
     if "id" not in manifest or "__" in manifest["id"]:
-        raise YunohostError("app_id_invalid")
+        raise YunohostValidationError("app_id_invalid")
 
     app_id = manifest["id"]
     label = label if label else manifest["name"]
@@ -894,7 +895,7 @@ def app_install(
     instance_number = _installed_instance_number(app_id, last=True) + 1
     if instance_number > 1:
         if "multi_instance" not in manifest or not is_true(manifest["multi_instance"]):
-            raise YunohostError("app_already_installed", app=app_id)
+            raise YunohostValidationError("app_already_installed", app=app_id)
 
         # Change app_id to the forked app id
         app_instance_name = app_id + "__" + str(instance_number)
@@ -1066,7 +1067,7 @@ def app_install(
             env_dict_remove["YNH_APP_ID"] = app_id
             env_dict_remove["YNH_APP_INSTANCE_NAME"] = app_instance_name
             env_dict_remove["YNH_APP_INSTANCE_NUMBER"] = str(instance_number)
-            env_dict["YNH_APP_MANIFEST_VERSION"] = manifest.get("version", "?")
+            env_dict_remove["YNH_APP_MANIFEST_VERSION"] = manifest.get("version", "?")
 
             # Execute remove script
             operation_logger_remove = OperationLogger(
@@ -1121,8 +1122,7 @@ def app_install(
 
             raise YunohostError(
                 failure_message_with_debug_instructions,
-                raw_msg=True,
+                raw_msg=True
-                log_ref=operation_logger.name,
             )
 
     # Clean hooks and add new ones
@@ -1206,7 +1206,7 @@ def app_remove(operation_logger, app):
     )
 
     if not _is_installed(app):
-        raise YunohostError(
+        raise YunohostValidationError(
             "app_not_installed", app=app, all_apps=_get_all_installed_apps_id()
         )
 
@@ -1369,10 +1369,10 @@ def app_makedefault(operation_logger, app, domain=None):
         domain = app_domain
         operation_logger.related_to.append(("domain", domain))
     elif domain not in domain_list()["domains"]:
-        raise YunohostError("domain_name_unknown", domain=domain)
+        raise YunohostValidationError("domain_name_unknown", domain=domain)
 
     if "/" in app_map(raw=True)[domain]:
-        raise YunohostError(
+        raise YunohostValidationError(
             "app_make_default_location_already_used",
             app=app,
             domain=app_domain,
@@ -1575,7 +1575,7 @@ def app_register_url(app, domain, path):
     if _is_installed(app):
         settings = _get_app_settings(app)
         if "path" in settings.keys() and "domain" in settings.keys():
-            raise YunohostError("app_already_installed_cant_change_url")
+            raise YunohostValidationError("app_already_installed_cant_change_url")
 
     # Check the url is available
     _assert_no_conflicting_apps(domain, path)
@@ -1691,7 +1691,7 @@ def app_change_label(app, new_label):
 
     installed = _is_installed(app)
     if not installed:
-        raise YunohostError(
+        raise YunohostValidationError(
             "app_not_installed", app=app, all_apps=_get_all_installed_apps_id()
         )
     logger.warning(m18n.n("app_label_deprecated"))
@@ -1727,7 +1727,7 @@ def app_action_run(operation_logger, app, action, args=None):
     actions = {x["id"]: x for x in actions}
 
     if action not in actions:
-        raise YunohostError(
+        raise YunohostValidationError(
             "action '%s' not available for app '%s', available actions are: %s"
             % (action, app, ", ".join(actions.keys())),
             raw_msg=True,
@@ -1881,7 +1881,7 @@ def app_config_apply(operation_logger, app, args):
 
     installed = _is_installed(app)
     if not installed:
-        raise YunohostError(
+        raise YunohostValidationError(
             "app_not_installed", app=app, all_apps=_get_all_installed_apps_id()
         )
 
@@ -2196,7 +2196,7 @@ def _get_app_settings(app_id):
 
     """
     if not _is_installed(app_id):
-        raise YunohostError(
+        raise YunohostValidationError(
             "app_not_installed", app=app_id, all_apps=_get_all_installed_apps_id()
         )
     try:
@@ -2543,9 +2543,9 @@ def _fetch_app_from_git(app):
         app_id, _ = _parse_app_instance_name(app)
 
         if app_id not in app_dict:
-            raise YunohostError("app_unknown")
+            raise YunohostValidationError("app_unknown")
         elif "git" not in app_dict[app_id]:
-            raise YunohostError("app_unsupported_remote_type")
+            raise YunohostValidationError("app_unsupported_remote_type")
 
         app_info = app_dict[app_id]
         url = app_info["git"]["url"]
@@ -2681,7 +2681,7 @@ def _check_manifest_requirements(manifest, app_instance_name):
 
     packaging_format = int(manifest.get("packaging_format", 0))
     if packaging_format not in [0, 1]:
-        raise YunohostError("app_packaging_format_not_supported")
+        raise YunohostValidationError("app_packaging_format_not_supported")
 
     requirements = manifest.get("requirements", dict())
 
@@ -2694,7 +2694,7 @@ def _check_manifest_requirements(manifest, app_instance_name):
     for pkgname, spec in requirements.items():
         if not packages.meets_version_specifier(pkgname, spec):
             version = packages.ynh_packages_version()[pkgname]["version"]
-            raise YunohostError(
+            raise YunohostValidationError(
                 "app_requirements_unmeet",
                 pkgname=pkgname,
                 version=version,
@@ -2793,7 +2793,7 @@ class YunoHostArgumentFormatParser(object):
         # we don't have an answer, check optional and default_value
         if question.value is None or question.value == "":
             if not question.optional and question.default is None:
-                raise YunohostError("app_argument_required", name=question.name)
+                raise YunohostValidationError("app_argument_required", name=question.name)
             else:
                 question.value = (
                     getattr(self, "default_value", None)
@@ -2813,7 +2813,7 @@ class YunoHostArgumentFormatParser(object):
         return (question.value, self.argument_type)
 
     def _raise_invalid_answer(self, question):
-        raise YunohostError(
+        raise YunohostValidationError(
             "app_argument_choice_invalid",
             name=question.name,
             choices=", ".join(question.choices),
@@ -2851,13 +2851,13 @@ class PasswordArgumentParser(YunoHostArgumentFormatParser):
         )
 
         if question.default is not None:
-            raise YunohostError("app_argument_password_no_default", name=question.name)
+            raise YunohostValidationError("app_argument_password_no_default", name=question.name)
 
         return question
 
     def _post_parse_value(self, question):
         if any(char in question.value for char in self.forbidden_chars):
-            raise YunohostError(
+            raise YunohostValidationError(
                 "pattern_password_app", forbidden_chars=self.forbidden_chars
             )
 
@@ -2910,7 +2910,7 @@ class BooleanArgumentParser(YunoHostArgumentFormatParser):
         if str(question.value).lower() in ["0", "no", "n", "false"]:
             return 0
 
-        raise YunohostError(
+        raise YunohostValidationError(
             "app_argument_choice_invalid",
             name=question.name,
             choices="yes, no, y, n, 1, 0",
@@ -2935,7 +2935,7 @@ class DomainArgumentParser(YunoHostArgumentFormatParser):
         return question
 
     def _raise_invalid_answer(self, question):
-        raise YunohostError(
+        raise YunohostValidationError(
             "app_argument_invalid", name=question.name, error=m18n.n("domain_unknown")
         )
 
@@ -2961,7 +2961,7 @@ class UserArgumentParser(YunoHostArgumentFormatParser):
         return question
 
     def _raise_invalid_answer(self, question):
-        raise YunohostError(
+        raise YunohostValidationError(
             "app_argument_invalid",
             name=question.name,
             error=m18n.n("user_unknown", user=question.value),
@@ -2989,7 +2989,7 @@ class NumberArgumentParser(YunoHostArgumentFormatParser):
         if isinstance(question.value, str) and question.value.isdigit():
             return int(question.value)
 
-        raise YunohostError(
+        raise YunohostValidationError(
             "app_argument_invalid", name=question.name, error=m18n.n("invalid_number")
         )
 
@@ -3120,7 +3120,7 @@ def _get_conflicting_apps(domain, path, ignore_app=None):
 
     # Abort if domain is unknown
     if domain not in domain_list()["domains"]:
-        raise YunohostError("domain_name_unknown", domain=domain)
+        raise YunohostValidationError("domain_name_unknown", domain=domain)
 
     # Fetch apps map
     apps_map = app_map(raw=True)
@@ -3159,9 +3159,9 @@ def _assert_no_conflicting_apps(domain, path, ignore_app=None, full_domain=False
             )
 
         if full_domain:
-            raise YunohostError("app_full_domain_unavailable", domain=domain)
+            raise YunohostValidationError("app_full_domain_unavailable", domain=domain)
         else:
-            raise YunohostError("app_location_unavailable", apps="\n".join(apps))
+            raise YunohostValidationError("app_location_unavailable", apps="\n".join(apps))
 
 
 def _make_environment_for_app_script(app, args={}, args_prefix="APP_ARG_"):
@@ -3449,11 +3449,19 @@ def _assert_system_is_sane_for_app(manifest, when):
     if "fail2ban" not in services:
         services.append("fail2ban")
 
+    # Wait if a service is reloading
+    test_nb = 0
+    while test_nb < 10:
+        if not any(s for s in services if service_status(s)["status"] == "reloading"):
+            break
+        time.sleep(0.5)
+        test_nb+=1
+
     # List services currently down and raise an exception if any are found
     faulty_services = [s for s in services if service_status(s)["status"] != "running"]
     if faulty_services:
         if when == "pre":
-            raise YunohostError(
+            raise YunohostValidationError(
                 "app_action_cannot_be_ran_because_required_services_down",
                 services=", ".join(faulty_services),
             )
@@ -3464,7 +3472,7 @@ def _assert_system_is_sane_for_app(manifest, when):
 
     if packages.dpkg_is_broken():
         if when == "pre":
-            raise YunohostError("dpkg_is_broken")
+            raise YunohostValidationError("dpkg_is_broken")
         elif when == "post":
             raise YunohostError("this_action_broke_dpkg")
 
@@ -3643,7 +3651,7 @@ def _patch_legacy_helpers(app_folder):
             # couldn't patch the deprecated helper in the previous lines.  In
             # that case, abort the install or whichever step is performed
             if helper in content and infos["important"]:
-                raise YunohostError(
+                raise YunohostValidationError(
                     "This app is likely pretty old and uses deprecated / outdated helpers that can't be migrated easily. It can't be installed anymore.",
                     raw_msg=True,
                 )

src/yunohost/backup.py

@@ -63,7 +63,7 @@ from yunohost.hook import (
 from yunohost.tools import tools_postinstall
 from yunohost.regenconf import regen_conf
 from yunohost.log import OperationLogger
-from yunohost.utils.error import YunohostError
+from yunohost.utils.error import YunohostError, YunohostValidationError
 from yunohost.utils.packages import ynh_packages_version
 from yunohost.settings import settings_get
 
@@ -348,7 +348,7 @@ class BackupManager:
 
             # Try to recursively unmount stuff (from a previously failed backup ?)
             if not _recursive_umount(self.work_dir):
-                raise YunohostError("backup_output_directory_not_empty")
+                raise YunohostValidationError("backup_output_directory_not_empty")
             else:
                 # If umount succeeded, remove the directory (we checked that
                 # we're in /home/yunohost.backup/tmp so that should be okay...
@@ -1027,7 +1027,7 @@ class RestoreManager:
         already_installed = [app for app in to_be_restored if _is_installed(app)]
         if already_installed != []:
             if already_installed == to_be_restored:
-                raise YunohostError(
+                raise YunohostValidationError(
                     "restore_already_installed_apps", apps=", ".join(already_installed)
                 )
             else:
@@ -1133,14 +1133,14 @@ class RestoreManager:
             return True
         elif free_space > needed_space:
             # TODO Add --force options to avoid the error raising
-            raise YunohostError(
+            raise YunohostValidationError(
                 "restore_may_be_not_enough_disk_space",
                 free_space=free_space,
                 needed_space=needed_space,
                 margin=margin,
             )
         else:
-            raise YunohostError(
+            raise YunohostValidationError(
                 "restore_not_enough_disk_space",
                 free_space=free_space,
                 needed_space=needed_space,
@@ -1729,7 +1729,7 @@ class BackupMethod(object):
                 free_space,
                 backup_size,
             )
-            raise YunohostError("not_enough_disk_space", path=self.repo)
+            raise YunohostValidationError("not_enough_disk_space", path=self.repo)
 
     def _organize_files(self):
         """
@@ -2186,7 +2186,7 @@ def backup_create(
 
     # Validate there is no archive with the same name
     if name and name in backup_list()["archives"]:
-        raise YunohostError("backup_archive_name_exists")
+        raise YunohostValidationError("backup_archive_name_exists")
 
     # By default we backup using the tar method
     if not methods:
@@ -2201,14 +2201,14 @@ def backup_create(
             r"^/(|(bin|boot|dev|etc|lib|root|run|sbin|sys|usr|var)(|/.*))$",
             output_directory,
         ):
-            raise YunohostError("backup_output_directory_forbidden")
+            raise YunohostValidationError("backup_output_directory_forbidden")
 
     if "copy" in methods:
         if not output_directory:
-            raise YunohostError("backup_output_directory_required")
+            raise YunohostValidationError("backup_output_directory_required")
         # Check that output directory is empty
         elif os.path.isdir(output_directory) and os.listdir(output_directory):
-            raise YunohostError("backup_output_directory_not_empty")
+            raise YunohostValidationError("backup_output_directory_not_empty")
 
     # If no --system or --apps given, backup everything
     if system is None and apps is None:
@@ -2277,6 +2277,11 @@ def backup_restore(name, system=[], apps=[], force=False):
     # Initialize                                                            #
     #
 
+    if name.endswith(".tar.gz"):
+        name = name[:-len(".tar.gz")]
+    elif name.endswith(".tar"):
+        name = name[:-len(".tar")]
+
     restore_manager = RestoreManager(name)
 
     restore_manager.set_system_targets(system)
@@ -2381,7 +2386,7 @@ def backup_download(name):
     if not os.path.lexists(archive_file):
         archive_file += ".gz"
         if not os.path.lexists(archive_file):
-            raise YunohostError("backup_archive_name_unknown", name=name)
+            raise YunohostValidationError("backup_archive_name_unknown", name=name)
 
     # If symlink, retrieve the real path
     if os.path.islink(archive_file):
@@ -2389,7 +2394,7 @@ def backup_download(name):
 
         # Raise exception if link is broken (e.g. on unmounted external storage)
         if not os.path.exists(archive_file):
-            raise YunohostError("backup_archive_broken_link", path=archive_file)
+            raise YunohostValidationError("backup_archive_broken_link", path=archive_file)
 
     # We return a raw bottle HTTPresponse (instead of serializable data like
     # list/dict, ...), which is gonna be picked and used directly by moulinette
@@ -2409,13 +2414,19 @@ def backup_info(name, with_details=False, human_readable=False):
         human_readable -- Print sizes in human readable format
 
     """
+
+    if name.endswith(".tar.gz"):
+        name = name[:-len(".tar.gz")]
+    elif name.endswith(".tar"):
+        name = name[:-len(".tar")]
+
     archive_file = "%s/%s.tar" % (ARCHIVES_PATH, name)
 
     # Check file exist (even if it's a broken symlink)
     if not os.path.lexists(archive_file):
         archive_file += ".gz"
         if not os.path.lexists(archive_file):
-            raise YunohostError("backup_archive_name_unknown", name=name)
+            raise YunohostValidationError("backup_archive_name_unknown", name=name)
 
     # If symlink, retrieve the real path
     if os.path.islink(archive_file):
@@ -2423,7 +2434,7 @@ def backup_info(name, with_details=False, human_readable=False):
 
         # Raise exception if link is broken (e.g. on unmounted external storage)
         if not os.path.exists(archive_file):
-            raise YunohostError("backup_archive_broken_link", path=archive_file)
+            raise YunohostValidationError("backup_archive_broken_link", path=archive_file)
 
     info_file = "%s/%s.info.json" % (ARCHIVES_PATH, name)
 
@@ -2531,7 +2542,7 @@ def backup_delete(name):
 
     """
     if name not in backup_list()["archives"]:
-        raise YunohostError("backup_archive_name_unknown", name=name)
+        raise YunohostValidationError("backup_archive_name_unknown", name=name)
 
     hook_callback("pre_backup_delete", args=[name])
 

src/yunohost/certificate.py

@@ -37,7 +37,7 @@ from moulinette.utils.log import getActionLogger
 from moulinette.utils.filesystem import read_file
 
 from yunohost.vendor.acme_tiny.acme_tiny import get_crt as sign_certificate
-from yunohost.utils.error import YunohostError
+from yunohost.utils.error import YunohostError, YunohostValidationError
 from yunohost.utils.network import get_public_ip
 
 from yunohost.diagnosis import Diagnoser
@@ -90,7 +90,7 @@ def certificate_status(domain_list, full=False):
         for domain in domain_list:
             # Is it in Yunohost domain list?
             if domain not in yunohost_domains_list:
-                raise YunohostError("domain_name_unknown", domain=domain)
+                raise YunohostValidationError("domain_name_unknown", domain=domain)
 
     certificates = {}
 
@@ -166,7 +166,7 @@ def _certificate_install_selfsigned(domain_list, force=False):
             status = _get_status(domain)
 
             if status["summary"]["code"] in ("good", "great"):
-                raise YunohostError(
+                raise YunohostValidationError(
                     "certmanager_attempt_to_replace_valid_cert", domain=domain
                 )
 
@@ -197,6 +197,8 @@ def _certificate_install_selfsigned(domain_list, force=False):
 
             out, _ = p.communicate()
 
+            out = out.decode("utf-8")
+
             if p.returncode != 0:
                 logger.warning(out)
                 raise YunohostError("domain_cert_gen_failed")
@@ -267,12 +269,12 @@ def _certificate_install_letsencrypt(
         for domain in domain_list:
             yunohost_domains_list = yunohost.domain.domain_list()["domains"]
             if domain not in yunohost_domains_list:
-                raise YunohostError("domain_name_unknown", domain=domain)
+                raise YunohostValidationError("domain_name_unknown", domain=domain)
 
             # Is it self-signed?
             status = _get_status(domain)
             if not force and status["CA_type"]["code"] != "self-signed":
-                raise YunohostError(
+                raise YunohostValidationError(
                     "certmanager_domain_cert_not_selfsigned", domain=domain
                 )
 
@@ -368,25 +370,25 @@ def certificate_renew(
 
             # Is it in Yunohost dmomain list?
             if domain not in yunohost.domain.domain_list()["domains"]:
-                raise YunohostError("domain_name_unknown", domain=domain)
+                raise YunohostValidationError("domain_name_unknown", domain=domain)
 
             status = _get_status(domain)
 
             # Does it expire soon?
             if status["validity"] > VALIDITY_LIMIT and not force:
-                raise YunohostError(
+                raise YunohostValidationError(
                     "certmanager_attempt_to_renew_valid_cert", domain=domain
                 )
 
             # Does it have a Let's Encrypt cert?
             if status["CA_type"]["code"] != "lets-encrypt":
-                raise YunohostError(
+                raise YunohostValidationError(
                     "certmanager_attempt_to_renew_nonLE_cert", domain=domain
                 )
 
             # Check ACME challenge configured for given domain
             if not _check_acme_challenge_configuration(domain):
-                raise YunohostError(
+                raise YunohostValidationError(
                     "certmanager_acme_not_configured_for_domain", domain=domain
                 )
 
@@ -870,20 +872,20 @@ def _check_domain_is_ready_for_ACME(domain):
     )
 
     if not dnsrecords or not httpreachable:
-        raise YunohostError("certmanager_domain_not_diagnosed_yet", domain=domain)
+        raise YunohostValidationError("certmanager_domain_not_diagnosed_yet", domain=domain)
 
     # Check if IP from DNS matches public IP
     if not dnsrecords.get("status") in [
         "SUCCESS",
         "WARNING",
     ]:  # Warning is for missing IPv6 record which ain't critical for ACME
-        raise YunohostError(
+        raise YunohostValidationError(
             "certmanager_domain_dns_ip_differs_from_public_ip", domain=domain
         )
 
     # Check if domain seems to be accessible through HTTP?
     if not httpreachable.get("status") == "SUCCESS":
-        raise YunohostError("certmanager_domain_http_not_working", domain=domain)
+        raise YunohostValidationError("certmanager_domain_http_not_working", domain=domain)
 
 
 # FIXME / TODO : ideally this should not be needed. There should be a proper

src/yunohost/data_migrations/0017_postgresql_9p6_to_11.py

@@ -1,7 +1,7 @@
 import subprocess
 
 from moulinette import m18n
-from yunohost.utils.error import YunohostError
+from yunohost.utils.error import YunohostError, YunohostValidationError
 from moulinette.utils.log import getActionLogger
 
 from yunohost.tools import Migration
@@ -23,7 +23,7 @@ class MyMigration(Migration):
             return
 
         if not self.package_is_installed("postgresql-11"):
-            raise YunohostError("migration_0017_postgresql_11_not_installed")
+            raise YunohostValidationError("migration_0017_postgresql_11_not_installed")
 
         # Make sure there's a 9.6 cluster
         try:
@@ -37,7 +37,7 @@ class MyMigration(Migration):
         if not space_used_by_directory(
             "/var/lib/postgresql/9.6"
         ) > free_space_in_directory("/var/lib/postgresql"):
-            raise YunohostError(
+            raise YunohostValidationError(
                 "migration_0017_not_enough_space", path="/var/lib/postgresql/"
             )
 

src/yunohost/diagnosis.py

@@ -37,7 +37,7 @@ from moulinette.utils.filesystem import (
     write_to_yaml,
 )
 
-from yunohost.utils.error import YunohostError
+from yunohost.utils.error import YunohostError, YunohostValidationError
 from yunohost.hook import hook_list, hook_exec
 
 logger = log.getActionLogger("yunohost.diagnosis")
@@ -59,11 +59,11 @@ def diagnosis_get(category, item):
     all_categories_names = [c for c, _ in all_categories]
 
     if category not in all_categories_names:
-        raise YunohostError("diagnosis_unknown_categories", categories=category)
+        raise YunohostValidationError("diagnosis_unknown_categories", categories=category)
 
     if isinstance(item, list):
         if any("=" not in criteria for criteria in item):
-            raise YunohostError(
+            raise YunohostValidationError(
                 "Criterias should be of the form key=value (e.g. domain=yolo.test)"
             )
 
@@ -91,7 +91,7 @@ def diagnosis_show(
     else:
         unknown_categories = [c for c in categories if c not in all_categories_names]
         if unknown_categories:
-            raise YunohostError(
+            raise YunohostValidationError(
                 "diagnosis_unknown_categories", categories=", ".join(unknown_categories)
             )
 
@@ -181,7 +181,7 @@ def diagnosis_run(
     else:
         unknown_categories = [c for c in categories if c not in all_categories_names]
         if unknown_categories:
-            raise YunohostError(
+            raise YunohostValidationError(
                 "diagnosis_unknown_categories", categories=", ".join(unknown_categories)
             )
 
@@ -270,14 +270,14 @@ def diagnosis_ignore(add_filter=None, remove_filter=None, list=False):
 
         # Sanity checks for the provided arguments
         if len(filter_) == 0:
-            raise YunohostError(
+            raise YunohostValidationError(
                 "You should provide at least one criteria being the diagnosis category to ignore"
             )
         category = filter_[0]
         if category not in all_categories_names:
-            raise YunohostError("%s is not a diagnosis category" % category)
+            raise YunohostValidationError("%s is not a diagnosis category" % category)
         if any("=" not in criteria for criteria in filter_[1:]):
-            raise YunohostError(
+            raise YunohostValidationError(
                 "Criterias should be of the form key=value (e.g. domain=yolo.test)"
             )
 
@@ -331,7 +331,7 @@ def diagnosis_ignore(add_filter=None, remove_filter=None, list=False):
             configuration["ignore_filters"][category] = []
 
         if criterias not in configuration["ignore_filters"][category]:
-            raise YunohostError("This filter does not exists.")
+            raise YunohostValidationError("This filter does not exists.")
 
         configuration["ignore_filters"][category].remove(criterias)
         _diagnosis_write_configuration(configuration)

src/yunohost/domain.py

@@ -28,7 +28,7 @@ import re
 
 from moulinette import m18n, msettings, msignals
 from moulinette.core import MoulinetteError
-from yunohost.utils.error import YunohostError
+from yunohost.utils.error import YunohostError, YunohostValidationError
 from moulinette.utils.log import getActionLogger
 from moulinette.utils.filesystem import write_to_file
 
@@ -101,16 +101,14 @@ def domain_add(operation_logger, domain, dyndns=False):
     from yunohost.utils.ldap import _get_ldap_interface
 
     if domain.startswith("xmpp-upload."):
-        raise YunohostError("domain_cannot_add_xmpp_upload")
+        raise YunohostValidationError("domain_cannot_add_xmpp_upload")
 
     ldap = _get_ldap_interface()
 
     try:
         ldap.validate_uniqueness({"virtualdomain": domain})
     except MoulinetteError:
-        raise YunohostError("domain_exists")
+        raise YunohostValidationError("domain_exists")
-
-    operation_logger.start()
 
     # Lower domain to avoid some edge cases issues
     # See: https://forum.yunohost.org/t/invalid-domain-causes-diagnosis-web-to-fail-fr-on-demand/11765
@@ -119,17 +117,21 @@ def domain_add(operation_logger, domain, dyndns=False):
     # DynDNS domain
     if dyndns:
 
-        from yunohost.dyndns import dyndns_subscribe, _dyndns_provides, _guess_current_dyndns_domain
+        from yunohost.dyndns import _dyndns_provides, _guess_current_dyndns_domain
 
         # Do not allow to subscribe to multiple dyndns domains...
         if _guess_current_dyndns_domain("dyndns.yunohost.org") != (None, None):
-            raise YunohostError('domain_dyndns_already_subscribed')
+            raise YunohostValidationError('domain_dyndns_already_subscribed')
 
         # Check that this domain can effectively be provided by
         # dyndns.yunohost.org. (i.e. is it a nohost.me / noho.st)
         if not _dyndns_provides("dyndns.yunohost.org", domain):
-            raise YunohostError("domain_dyndns_root_unknown")
+            raise YunohostValidationError("domain_dyndns_root_unknown")
 
+    operation_logger.start()
+
+    if dyndns:
+        from yunohost.dyndns import dyndns_subscribe
         # Actually subscribe
         dyndns_subscribe(domain=domain)
 
@@ -197,7 +199,7 @@ def domain_remove(operation_logger, domain, remove_apps=False, force=False):
     # we don't want to check the domain exists because the ldap add may have
     # failed
     if not force and domain not in domain_list()['domains']:
-        raise YunohostError('domain_name_unknown', domain=domain)
+        raise YunohostValidationError('domain_name_unknown', domain=domain)
 
     # Check domain is not the main domain
     if domain == _get_maindomain():
@@ -205,13 +207,13 @@ def domain_remove(operation_logger, domain, remove_apps=False, force=False):
         other_domains.remove(domain)
 
         if other_domains:
-            raise YunohostError(
+            raise YunohostValidationError(
                 "domain_cannot_remove_main",
                 domain=domain,
                 other_domains="\n * " + ("\n * ".join(other_domains)),
             )
         else:
-            raise YunohostError("domain_cannot_remove_main_add_new_one", domain=domain)
+            raise YunohostValidationError("domain_cannot_remove_main_add_new_one", domain=domain)
 
     # Check if apps are installed on the domain
     apps_on_that_domain = []
@@ -234,9 +236,10 @@ def domain_remove(operation_logger, domain, remove_apps=False, force=False):
             for app, _ in apps_on_that_domain:
                 app_remove(app)
         else:
-            raise YunohostError('domain_uninstall_app_first', apps="\n".join([x[1] for x in apps_on_that_domain]))
+            raise YunohostValidationError('domain_uninstall_app_first', apps="\n".join([x[1] for x in apps_on_that_domain]))
 
     operation_logger.start()
+
     ldap = _get_ldap_interface()
     try:
         ldap.remove("virtualdomain=" + domain + ",ou=domains")
@@ -288,7 +291,7 @@ def domain_dns_conf(domain, ttl=None):
     """
 
     if domain not in domain_list()["domains"]:
-        raise YunohostError("domain_name_unknown", domain=domain)
+        raise YunohostValidationError("domain_name_unknown", domain=domain)
 
     ttl = 3600 if ttl is None else ttl
 
@@ -345,7 +348,7 @@ def domain_main_domain(operation_logger, new_main_domain=None):
 
     # Check domain exists
     if new_main_domain not in domain_list()["domains"]:
-        raise YunohostError("domain_name_unknown", domain=new_main_domain)
+        raise YunohostValidationError("domain_name_unknown", domain=new_main_domain)
 
     operation_logger.related_to.append(("domain", new_main_domain))
     operation_logger.start()

src/yunohost/dyndns.py

@@ -36,7 +36,7 @@ from moulinette.utils.log import getActionLogger
 from moulinette.utils.filesystem import write_to_file, read_file
 from moulinette.utils.network import download_json
 
-from yunohost.utils.error import YunohostError
+from yunohost.utils.error import YunohostError, YunohostValidationError
 from yunohost.domain import _get_maindomain, _build_dns_conf
 from yunohost.utils.network import get_public_ip, dig
 from yunohost.log import is_unit_operation
@@ -124,7 +124,7 @@ def dyndns_subscribe(
     """
 
     if _guess_current_dyndns_domain(subscribe_host) != (None, None):
-        raise YunohostError('domain_dyndns_already_subscribed')
+        raise YunohostValidationError('domain_dyndns_already_subscribed')
 
     if domain is None:
         domain = _get_maindomain()
@@ -132,13 +132,13 @@ def dyndns_subscribe(
 
     # Verify if domain is provided by subscribe_host
     if not _dyndns_provides(subscribe_host, domain):
-        raise YunohostError(
+        raise YunohostValidationError(
             "dyndns_domain_not_provided", domain=domain, provider=subscribe_host
         )
 
     # Verify if domain is available
     if not _dyndns_available(subscribe_host, domain):
-        raise YunohostError("dyndns_unavailable", domain=domain)
+        raise YunohostValidationError("dyndns_unavailable", domain=domain)
 
     operation_logger.start()
 
@@ -231,7 +231,7 @@ def dyndns_update(
         (domain, key) = _guess_current_dyndns_domain(dyn_host)
 
     if domain is None:
-        raise YunohostError('dyndns_no_domain_registered')
+        raise YunohostValidationError('dyndns_no_domain_registered')
 
     # If key is not given, pick the first file we find with the domain given
     else:
@@ -239,7 +239,7 @@ def dyndns_update(
             keys = glob.glob("/etc/yunohost/dyndns/K{0}.+*.private".format(domain))
 
             if not keys:
-                raise YunohostError("dyndns_key_not_found")
+                raise YunohostValidationError("dyndns_key_not_found")
 
             key = keys[0]
 

src/yunohost/firewall.py

@@ -28,7 +28,7 @@ import yaml
 import miniupnpc
 
 from moulinette import m18n
-from yunohost.utils.error import YunohostError
+from yunohost.utils.error import YunohostError, YunohostValidationError
 from moulinette.utils import process
 from moulinette.utils.log import getActionLogger
 from moulinette.utils.text import prependlines
@@ -366,7 +366,7 @@ def firewall_upnp(action="status", no_refresh=False):
         if action == "status":
             no_refresh = True
     else:
-        raise YunohostError("action_invalid", action=action)
+        raise YunohostValidationError("action_invalid", action=action)
 
     # Refresh port mapping using UPnP
     if not no_refresh:

src/yunohost/hook.py

@@ -32,7 +32,7 @@ from glob import iglob
 from importlib import import_module
 
 from moulinette import m18n, msettings
-from yunohost.utils.error import YunohostError
+from yunohost.utils.error import YunohostError, YunohostValidationError
 from moulinette.utils import log
 from moulinette.utils.filesystem import read_json
 
@@ -117,7 +117,7 @@ def hook_info(action, name):
             )
 
     if not hooks:
-        raise YunohostError("hook_name_unknown", name=name)
+        raise YunohostValidationError("hook_name_unknown", name=name)
     return {
         "action": action,
         "name": name,
@@ -186,7 +186,7 @@ def hook_list(action, list_by="name", show_info=False):
                 d.add(name)
 
     else:
-        raise YunohostError("hook_list_by_invalid")
+        raise YunohostValidationError("hook_list_by_invalid")
 
     def _append_folder(d, folder):
         # Iterate over and add hook from a folder
@@ -273,7 +273,7 @@ def hook_callback(
             try:
                 hl = hooks_names[n]
             except KeyError:
-                raise YunohostError("hook_name_unknown", n)
+                raise YunohostValidationError("hook_name_unknown", n)
             # Iterate over hooks with this name
             for h in hl:
                 # Update hooks dict

src/yunohost/log.py

@@ -35,7 +35,7 @@ from logging import FileHandler, getLogger, Formatter
 
 from moulinette import m18n, msettings
 from moulinette.core import MoulinetteError
-from yunohost.utils.error import YunohostError
+from yunohost.utils.error import YunohostError, YunohostValidationError
 from yunohost.utils.packages import get_ynh_package_version
 from moulinette.utils.log import getActionLogger
 from moulinette.utils.filesystem import read_file, read_yaml
@@ -191,7 +191,7 @@ def log_show(
         log_path = base_path + LOG_FILE_EXT
 
     if not os.path.exists(md_path) and not os.path.exists(log_path):
-        raise YunohostError("log_does_exists", log=path)
+        raise YunohostValidationError("log_does_exists", log=path)
 
     infos = {}
 
@@ -631,10 +631,19 @@ class OperationLogger(object):
         """
         Close properly the unit operation
         """
+
+        # When the error happen's in the is_unit_operation try/except,
+        # we want to inject the log ref in the exception, such that it may be
+        # transmitted to the webadmin which can then redirect to the appropriate
+        # log page
+        if self.started_at and isinstance(error, Exception) and not isinstance(error, YunohostValidationError):
+            error.log_ref = self.name
+
         if self.ended_at is not None or self.started_at is None:
             return
         if error is not None and not isinstance(error, str):
             error = str(error)
+
         self.ended_at = datetime.utcnow()
         self._error = error
         self._success = error is None

src/yunohost/permission.py

@@ -31,7 +31,7 @@ import random
 
 from moulinette import m18n
 from moulinette.utils.log import getActionLogger
-from yunohost.utils.error import YunohostError
+from yunohost.utils.error import YunohostError, YunohostValidationError
 from yunohost.log import is_unit_operation
 
 logger = getActionLogger("yunohost.user")
@@ -175,14 +175,14 @@ def user_permission_update(
 
     # Refuse to add "visitors" to mail, xmpp ... they require an account to make sense.
     if add and "visitors" in add and permission.split(".")[0] in SYSTEM_PERMS:
-        raise YunohostError("permission_require_account", permission=permission)
+        raise YunohostValidationError("permission_require_account", permission=permission)
 
     # Refuse to add "visitors" to protected permission
     if (
         (add and "visitors" in add and existing_permission["protected"])
         or (remove and "visitors" in remove and existing_permission["protected"])
     ) and not force:
-        raise YunohostError("permission_protected", permission=permission)
+        raise YunohostValidationError("permission_protected", permission=permission)
 
     # Fetch currently allowed groups for this permission
 
@@ -198,7 +198,7 @@ def user_permission_update(
         groups_to_add = [add] if not isinstance(add, list) else add
         for group in groups_to_add:
             if group not in all_existing_groups:
-                raise YunohostError("group_unknown", group=group)
+                raise YunohostValidationError("group_unknown", group=group)
             if group in current_allowed_groups:
                 logger.warning(
                     m18n.n(
@@ -326,7 +326,7 @@ def user_permission_info(permission):
         permission, None
     )
     if existing_permission is None:
-        raise YunohostError("permission_not_found", permission=permission)
+        raise YunohostValidationError("permission_not_found", permission=permission)
 
     return existing_permission
 
@@ -391,7 +391,7 @@ def permission_create(
     if ldap.get_conflict(
         {"cn": permission}, base_dn="ou=permission,dc=yunohost,dc=org"
     ):
-        raise YunohostError("permission_already_exist", permission=permission)
+        raise YunohostValidationError("permission_already_exist", permission=permission)
 
     # Get random GID
     all_gid = {x.gr_gid for x in grp.getgrall()}
@@ -427,7 +427,7 @@ def permission_create(
     all_existing_groups = user_group_list()["groups"].keys()
     for group in allowed or []:
         if group not in all_existing_groups:
-            raise YunohostError("group_unknown", group=group)
+            raise YunohostValidationError("group_unknown", group=group)
 
     operation_logger.related_to.append(("app", permission.split(".")[0]))
     operation_logger.start()
@@ -594,7 +594,7 @@ def permission_delete(operation_logger, permission, force=False, sync_perm=True)
         permission = permission + ".main"
 
     if permission.endswith(".main") and not force:
-        raise YunohostError("permission_cannot_remove_main")
+        raise YunohostValidationError("permission_cannot_remove_main")
 
     from yunohost.utils.ldap import _get_ldap_interface
 
@@ -861,7 +861,7 @@ def _validate_and_sanitize_permission_url(url, app_base_path, app):
         try:
             re.compile(regex)
         except Exception:
-            raise YunohostError("invalid_regex", regex=regex)
+            raise YunohostValidationError("invalid_regex", regex=regex)
 
     if url.startswith("re:"):
 
@@ -874,12 +874,12 @@ def _validate_and_sanitize_permission_url(url, app_base_path, app):
         # regex with domain
 
         if "/" not in url:
-            raise YunohostError("regex_with_only_domain")
+            raise YunohostValidationError("regex_with_only_domain")
         domain, path = url[3:].split("/", 1)
         path = "/" + path
 
         if domain.replace("%", "").replace("\\", "") not in domains:
-            raise YunohostError("domain_name_unknown", domain=domain)
+            raise YunohostValidationError("domain_name_unknown", domain=domain)
 
         validate_regex(path)
 
@@ -914,7 +914,7 @@ def _validate_and_sanitize_permission_url(url, app_base_path, app):
         sanitized_url = domain + path
 
         if domain not in domains:
-            raise YunohostError("domain_name_unknown", domain=domain)
+            raise YunohostValidationError("domain_name_unknown", domain=domain)
 
     _assert_no_conflicting_apps(domain, path, ignore_app=app)
 

src/yunohost/service.py

@@ -34,7 +34,7 @@ from glob import glob
 from datetime import datetime
 
 from moulinette import m18n
-from yunohost.utils.error import YunohostError
+from yunohost.utils.error import YunohostError, YunohostValidationError
 from moulinette.utils.process import check_output
 from moulinette.utils.log import getActionLogger
 from moulinette.utils.filesystem import read_file, append_to_file, write_to_file
@@ -145,7 +145,7 @@ def service_remove(name):
     services = _get_services()
 
     if name not in services:
-        raise YunohostError("service_unknown", service=name)
+        raise YunohostValidationError("service_unknown", service=name)
 
     del services[name]
     try:
@@ -325,7 +325,7 @@ def service_status(names=[]):
         # Validate service names requested
         for name in names:
             if name not in services.keys():
-                raise YunohostError("service_unknown", service=name)
+                raise YunohostValidationError("service_unknown", service=name)
 
         # Filter only requested servivces
         services = {k: v for k, v in services.items() if k in names}
@@ -400,7 +400,7 @@ def _get_and_format_service_status(service, infos):
 
         translation_key = "service_description_%s" % service
         if m18n.key_exists(translation_key):
-            description = m18n.key_exists(translation_key)
+            description = m18n.n(translation_key)
         else:
             description = str(raw_status.get("Description", ""))
 
@@ -465,6 +465,7 @@ def _get_and_format_service_status(service, infos):
         if p.returncode == 0:
             output["configuration"] = "valid"
         else:
+            out = out.decode()
             output["configuration"] = "broken"
             output["configuration-details"] = out.strip().split("\n")
 
@@ -484,7 +485,7 @@ def service_log(name, number=50):
     number = int(number)
 
     if name not in services.keys():
-        raise YunohostError("service_unknown", service=name)
+        raise YunohostValidationError("service_unknown", service=name)
 
     log_list = services[name].get("log", [])
 
@@ -545,7 +546,7 @@ def service_regen_conf(
 
     for name in names:
         if name not in services.keys():
-            raise YunohostError("service_unknown", service=name)
+            raise YunohostValidationError("service_unknown", service=name)
 
     if names is []:
         names = list(services.keys())
@@ -568,7 +569,7 @@ def _run_service_command(action, service):
     """
     services = _get_services()
     if service not in services.keys():
-        raise YunohostError("service_unknown", service=service)
+        raise YunohostValidationError("service_unknown", service=service)
 
     possible_actions = [
         "start",

src/yunohost/settings.py

@@ -6,7 +6,7 @@ from datetime import datetime
 from collections import OrderedDict
 
 from moulinette import m18n
-from yunohost.utils.error import YunohostError
+from yunohost.utils.error import YunohostError, YunohostValidationError
 from moulinette.utils.log import getActionLogger
 from yunohost.regenconf import regen_conf
 
@@ -109,7 +109,7 @@ def settings_get(key, full=False):
     settings = _get_settings()
 
     if key not in settings:
-        raise YunohostError("global_settings_key_doesnt_exists", settings_key=key)
+        raise YunohostValidationError("global_settings_key_doesnt_exists", settings_key=key)
 
     if full:
         return settings[key]
@@ -137,7 +137,7 @@ def settings_set(key, value):
     settings = _get_settings()
 
     if key not in settings:
-        raise YunohostError("global_settings_key_doesnt_exists", settings_key=key)
+        raise YunohostValidationError("global_settings_key_doesnt_exists", settings_key=key)
 
     key_type = settings[key]["type"]
 
@@ -146,7 +146,7 @@ def settings_set(key, value):
         if boolean_value[0]:
             value = boolean_value[1]
         else:
-            raise YunohostError(
+            raise YunohostValidationError(
                 "global_settings_bad_type_for_setting",
                 setting=key,
                 received_type=type(value).__name__,
@@ -158,14 +158,14 @@ def settings_set(key, value):
                 try:
                     value = int(value)
                 except Exception:
-                    raise YunohostError(
+                    raise YunohostValidationError(
                         "global_settings_bad_type_for_setting",
                         setting=key,
                         received_type=type(value).__name__,
                         expected_type=key_type,
                     )
             else:
-                raise YunohostError(
+                raise YunohostValidationError(
                     "global_settings_bad_type_for_setting",
                     setting=key,
                     received_type=type(value).__name__,
@@ -173,7 +173,7 @@ def settings_set(key, value):
                 )
     elif key_type == "string":
         if not isinstance(value, str):
-            raise YunohostError(
+            raise YunohostValidationError(
                 "global_settings_bad_type_for_setting",
                 setting=key,
                 received_type=type(value).__name__,
@@ -181,14 +181,14 @@ def settings_set(key, value):
             )
     elif key_type == "enum":
         if value not in settings[key]["choices"]:
-            raise YunohostError(
+            raise YunohostValidationError(
                 "global_settings_bad_choice_for_enum",
                 setting=key,
                 choice=str(value),
                 available_choices=", ".join(settings[key]["choices"]),
             )
     else:
-        raise YunohostError(
+        raise YunohostValidationError(
             "global_settings_unknown_type", setting=key, unknown_type=key_type
         )
 
@@ -214,7 +214,7 @@ def settings_reset(key):
     settings = _get_settings()
 
     if key not in settings:
-        raise YunohostError("global_settings_key_doesnt_exists", settings_key=key)
+        raise YunohostValidationError("global_settings_key_doesnt_exists", settings_key=key)
 
     settings[key]["value"] = settings[key]["default"]
     _save_settings(settings)
@@ -304,7 +304,7 @@ def _get_settings():
                     )
                     unknown_settings[key] = value
     except Exception as e:
-        raise YunohostError("global_settings_cant_open_settings", reason=e)
+        raise YunohostValidationError("global_settings_cant_open_settings", reason=e)
 
     if unknown_settings:
         try:

src/yunohost/ssh.py

@@ -5,7 +5,7 @@ import os
 import pwd
 import subprocess
 
-from yunohost.utils.error import YunohostError
+from yunohost.utils.error import YunohostValidationError
 from moulinette.utils.filesystem import read_file, write_to_file, chown, chmod, mkdir
 
 SSHD_CONFIG_PATH = "/etc/ssh/sshd_config"
@@ -21,7 +21,7 @@ def user_ssh_allow(username):
     # TODO it would be good to support different kind of shells
 
     if not _get_user_for_ssh(username):
-        raise YunohostError("user_unknown", user=username)
+        raise YunohostValidationError("user_unknown", user=username)
 
     from yunohost.utils.ldap import _get_ldap_interface
 
@@ -43,7 +43,7 @@ def user_ssh_disallow(username):
     # TODO it would be good to support different kind of shells
 
     if not _get_user_for_ssh(username):
-        raise YunohostError("user_unknown", user=username)
+        raise YunohostValidationError("user_unknown", user=username)
 
     from yunohost.utils.ldap import _get_ldap_interface
 

src/yunohost/tools.py

@@ -51,7 +51,7 @@ from yunohost.utils.packages import (
     _list_upgradable_apt_packages,
     ynh_packages_version,
 )
-from yunohost.utils.error import YunohostError
+from yunohost.utils.error import YunohostError, YunohostValidationError
 from yunohost.log import is_unit_operation, OperationLogger
 
 # FIXME this is a duplicate from apps.py
@@ -156,7 +156,7 @@ def tools_adminpw(new_password, check_strength=True):
     # UNIX seems to not like password longer than 127 chars ...
     # e.g. SSH login gets broken (or even 'su admin' when entering the password)
     if len(new_password) >= 127:
-        raise YunohostError("admin_password_too_long")
+        raise YunohostValidationError("admin_password_too_long")
 
     new_hash = _hash_user_password(new_password)
 
@@ -285,10 +285,10 @@ def tools_postinstall(
 
     # Do some checks at first
     if os.path.isfile("/etc/yunohost/installed"):
-        raise YunohostError("yunohost_already_installed")
+        raise YunohostValidationError("yunohost_already_installed")
 
     if os.path.isdir("/etc/yunohost/apps") and os.listdir("/etc/yunohost/apps") != []:
-        raise YunohostError(
+        raise YunohostValidationError(
             "It looks like you're trying to re-postinstall a system that was already working previously ... If you recently had some bug or issues with your installation, please first discuss with the team on how to fix the situation instead of savagely re-running the postinstall ...",
             raw_msg=True,
         )
@@ -301,7 +301,7 @@ def tools_postinstall(
     )
     GB = 1024 ** 3
     if not force_diskspace and main_space < 10 * GB:
-        raise YunohostError("postinstall_low_rootfsspace")
+        raise YunohostValidationError("postinstall_low_rootfsspace")
 
     # Check password
     if not force_password:
@@ -331,14 +331,14 @@ def tools_postinstall(
                 dyndns = True
             # If not, abort the postinstall
             else:
-                raise YunohostError("dyndns_unavailable", domain=domain)
+                raise YunohostValidationError("dyndns_unavailable", domain=domain)
         else:
             dyndns = False
     else:
         dyndns = False
 
     if os.system("iptables -V >/dev/null 2>/dev/null") != 0:
-        raise YunohostError(
+        raise YunohostValidationError(
             "iptables/nftables does not seems to be working on your setup. You may be in a container or your kernel does have the proper modules loaded. Sometimes, rebooting the machine may solve the issue.",
             raw_msg=True,
         )
@@ -530,17 +530,17 @@ def tools_upgrade(
     from yunohost.utils import packages
 
     if packages.dpkg_is_broken():
-        raise YunohostError("dpkg_is_broken")
+        raise YunohostValidationError("dpkg_is_broken")
 
     # Check for obvious conflict with other dpkg/apt commands already running in parallel
     if not packages.dpkg_lock_available():
-        raise YunohostError("dpkg_lock_not_available")
+        raise YunohostValidationError("dpkg_lock_not_available")
 
     if system is not False and apps is not None:
-        raise YunohostError("tools_upgrade_cant_both")
+        raise YunohostValidationError("tools_upgrade_cant_both")
 
     if system is False and apps is None:
-        raise YunohostError("tools_upgrade_at_least_one")
+        raise YunohostValidationError("tools_upgrade_at_least_one")
 
     #
     # Apps
@@ -825,7 +825,7 @@ def tools_migrations_list(pending=False, done=False):
 
     # Check for option conflict
     if pending and done:
-        raise YunohostError("migrations_list_conflict_pending_done")
+        raise YunohostValidationError("migrations_list_conflict_pending_done")
 
     # Get all migrations
     migrations = _get_migrations_list()
@@ -875,17 +875,17 @@ def tools_migrations_run(
             if m.id == target or m.name == target or m.id.split("_")[0] == target:
                 return m
 
-        raise YunohostError("migrations_no_such_migration", id=target)
+        raise YunohostValidationError("migrations_no_such_migration", id=target)
 
     # auto, skip and force are exclusive options
     if auto + skip + force_rerun > 1:
-        raise YunohostError("migrations_exclusive_options")
+        raise YunohostValidationError("migrations_exclusive_options")
 
     # If no target specified
     if not targets:
         # skip, revert or force require explicit targets
         if skip or force_rerun:
-            raise YunohostError("migrations_must_provide_explicit_targets")
+            raise YunohostValidationError("migrations_must_provide_explicit_targets")
 
         # Otherwise, targets are all pending migrations
         targets = [m for m in all_migrations if m.state == "pending"]
@@ -897,11 +897,11 @@ def tools_migrations_run(
         pending = [t.id for t in targets if t.state == "pending"]
 
         if skip and done:
-            raise YunohostError("migrations_not_pending_cant_skip", ids=", ".join(done))
+            raise YunohostValidationError("migrations_not_pending_cant_skip", ids=", ".join(done))
         if force_rerun and pending:
-            raise YunohostError("migrations_pending_cant_rerun", ids=", ".join(pending))
+            raise YunohostValidationError("migrations_pending_cant_rerun", ids=", ".join(pending))
         if not (skip or force_rerun) and done:
-            raise YunohostError("migrations_already_ran", ids=", ".join(done))
+            raise YunohostValidationError("migrations_already_ran", ids=", ".join(done))
 
     # So, is there actually something to do ?
     if not targets:

src/yunohost/user.py

@@ -37,7 +37,7 @@ from moulinette import msignals, msettings, m18n
 from moulinette.utils.log import getActionLogger
 from moulinette.utils.process import check_output
 
-from yunohost.utils.error import YunohostError
+from yunohost.utils.error import YunohostError, YunohostValidationError
 from yunohost.service import service_status
 from yunohost.log import is_unit_operation
 
@@ -125,7 +125,7 @@ def user_create(
     # Validate domain used for email address/xmpp account
     if domain is None:
         if msettings.get("interface") == "api":
-            raise YunohostError("Invalide usage, specify domain argument")
+            raise YunohostValidationError("Invalid usage, you should specify a domain argument")
         else:
             # On affiche les differents domaines possibles
             msignals.display(m18n.n("domains_available"))
@@ -141,24 +141,24 @@ def user_create(
 
     # Check that the domain exists
     if domain not in domain_list()["domains"]:
-        raise YunohostError("domain_name_unknown", domain=domain)
+        raise YunohostValidationError("domain_name_unknown", domain=domain)
 
     mail = username + "@" + domain
     ldap = _get_ldap_interface()
 
     if username in user_list()["users"]:
-        raise YunohostError("user_already_exists", user=username)
+        raise YunohostValidationError("user_already_exists", user=username)
 
     # Validate uniqueness of username and mail in LDAP
     try:
         ldap.validate_uniqueness({"uid": username, "mail": mail, "cn": username})
     except Exception as e:
-        raise YunohostError("user_creation_failed", user=username, error=e)
+        raise YunohostValidationError("user_creation_failed", user=username, error=e)
 
     # Validate uniqueness of username in system users
     all_existing_usernames = {x.pw_name for x in pwd.getpwall()}
     if username in all_existing_usernames:
-        raise YunohostError("system_username_exists")
+        raise YunohostValidationError("system_username_exists")
 
     main_domain = _get_maindomain()
     aliases = [
@@ -170,7 +170,7 @@ def user_create(
     ]
 
     if mail in aliases:
-        raise YunohostError("mail_unavailable")
+        raise YunohostValidationError("mail_unavailable")
 
     operation_logger.start()
 
@@ -264,7 +264,7 @@ def user_delete(operation_logger, username, purge=False):
     from yunohost.utils.ldap import _get_ldap_interface
 
     if username not in user_list()["users"]:
-        raise YunohostError("user_unknown", user=username)
+        raise YunohostValidationError("user_unknown", user=username)
 
     operation_logger.start()
 
@@ -347,7 +347,7 @@ def user_update(
         attrs=attrs_to_fetch,
     )
     if not result:
-        raise YunohostError("user_unknown", user=username)
+        raise YunohostValidationError("user_unknown", user=username)
     user = result[0]
     env_dict = {"YNH_USER_USERNAME": username}
 
@@ -396,13 +396,13 @@ def user_update(
         try:
             ldap.validate_uniqueness({"mail": mail})
         except Exception as e:
-            raise YunohostError("user_update_failed", user=username, error=e)
+            raise YunohostValidationError("user_update_failed", user=username, error=e)
         if mail[mail.find("@") + 1 :] not in domains:
-            raise YunohostError(
+            raise YunohostValidationError(
                 "mail_domain_unknown", domain=mail[mail.find("@") + 1 :]
             )
         if mail in aliases:
-            raise YunohostError("mail_unavailable")
+            raise YunohostValidationError("mail_unavailable")
 
         del user["mail"][0]
         new_attr_dict["mail"] = [mail] + user["mail"]
@@ -414,9 +414,9 @@ def user_update(
             try:
                 ldap.validate_uniqueness({"mail": mail})
             except Exception as e:
-                raise YunohostError("user_update_failed", user=username, error=e)
+                raise YunohostValidationError("user_update_failed", user=username, error=e)
             if mail[mail.find("@") + 1 :] not in domains:
-                raise YunohostError(
+                raise YunohostValidationError(
                     "mail_domain_unknown", domain=mail[mail.find("@") + 1 :]
                 )
             user["mail"].append(mail)
@@ -429,7 +429,7 @@ def user_update(
             if len(user["mail"]) > 1 and mail in user["mail"][1:]:
                 user["mail"].remove(mail)
             else:
-                raise YunohostError("mail_alias_remove_failed", mail=mail)
+                raise YunohostValidationError("mail_alias_remove_failed", mail=mail)
         new_attr_dict["mail"] = user["mail"]
 
     if "mail" in new_attr_dict:
@@ -451,7 +451,7 @@ def user_update(
             if len(user["maildrop"]) > 1 and mail in user["maildrop"][1:]:
                 user["maildrop"].remove(mail)
             else:
-                raise YunohostError("mail_forward_remove_failed", mail=mail)
+                raise YunohostValidationError("mail_forward_remove_failed", mail=mail)
         new_attr_dict["maildrop"] = user["maildrop"]
 
     if "maildrop" in new_attr_dict:
@@ -500,7 +500,7 @@ def user_info(username):
     if result:
         user = result[0]
     else:
-        raise YunohostError("user_unknown", user=username)
+        raise YunohostValidationError("user_unknown", user=username)
 
     result_dict = {
         "username": user["uid"][0],
@@ -638,7 +638,7 @@ def user_group_create(
         {"cn": groupname}, base_dn="ou=groups,dc=yunohost,dc=org"
     )
     if conflict:
-        raise YunohostError("group_already_exist", group=groupname)
+        raise YunohostValidationError("group_already_exist", group=groupname)
 
     # Validate uniqueness of groupname in system group
     all_existing_groupnames = {x.gr_name for x in grp.getgrall()}
@@ -651,7 +651,7 @@ def user_group_create(
                 "sed --in-place '/^%s:/d' /etc/group" % groupname, shell=True
             )
         else:
-            raise YunohostError("group_already_exist_on_system", group=groupname)
+            raise YunohostValidationError("group_already_exist_on_system", group=groupname)
 
     if not gid:
         # Get random GID
@@ -705,7 +705,7 @@ def user_group_delete(operation_logger, groupname, force=False, sync_perm=True):
 
     existing_groups = list(user_group_list()["groups"].keys())
     if groupname not in existing_groups:
-        raise YunohostError("group_unknown", group=groupname)
+        raise YunohostValidationError("group_unknown", group=groupname)
 
     # Refuse to delete primary groups of a user (e.g. group 'sam' related to user 'sam')
     # without the force option...
@@ -714,7 +714,7 @@ def user_group_delete(operation_logger, groupname, force=False, sync_perm=True):
     existing_users = list(user_list()["users"].keys())
     undeletable_groups = existing_users + ["all_users", "visitors"]
     if groupname in undeletable_groups and not force:
-        raise YunohostError("group_cannot_be_deleted", group=groupname)
+        raise YunohostValidationError("group_cannot_be_deleted", group=groupname)
 
     operation_logger.start()
     ldap = _get_ldap_interface()
@@ -756,11 +756,11 @@ def user_group_update(
     # We also can't edit "all_users" without the force option because that's a special group...
     if not force:
         if groupname == "all_users":
-            raise YunohostError("group_cannot_edit_all_users")
+            raise YunohostValidationError("group_cannot_edit_all_users")
         elif groupname == "visitors":
-            raise YunohostError("group_cannot_edit_visitors")
+            raise YunohostValidationError("group_cannot_edit_visitors")
         elif groupname in existing_users:
-            raise YunohostError("group_cannot_edit_primary_group", group=groupname)
+            raise YunohostValidationError("group_cannot_edit_primary_group", group=groupname)
 
     # We extract the uid for each member of the group to keep a simple flat list of members
     current_group = user_group_info(groupname)["members"]
@@ -771,7 +771,7 @@ def user_group_update(
 
         for user in users_to_add:
             if user not in existing_users:
-                raise YunohostError("user_unknown", user=user)
+                raise YunohostValidationError("user_unknown", user=user)
 
             if user in current_group:
                 logger.warning(
@@ -843,7 +843,7 @@ def user_group_info(groupname):
     )
 
     if not result:
-        raise YunohostError("group_unknown", group=groupname)
+        raise YunohostValidationError("group_unknown", group=groupname)
 
     infos = result[0]
 

src/yunohost/utils/error.py

@@ -25,6 +25,8 @@ from moulinette import m18n
 
 class YunohostError(MoulinetteError):
 
+    http_code = 500
+
     """
     Yunohost base exception
 
@@ -49,3 +51,8 @@ class YunohostError(MoulinetteError):
             return super(YunohostError, self).content()
         else:
             return {"error": self.strerror, "log_ref": self.log_ref}
+
+
+class YunohostValidationError(YunohostError):
+
+    http_code = 400

src/yunohost/utils/password.py

@@ -90,11 +90,11 @@ class PasswordValidator(object):
         # on top (at least not the moulinette ones)
         # because the moulinette needs to be correctly initialized
         # as well as modules available in python's path.
-        from yunohost.utils.error import YunohostError
+        from yunohost.utils.error import YunohostValidationError
 
         status, msg = self.validation_summary(password)
         if status == "error":
-            raise YunohostError(msg)
+            raise YunohostValidationError(msg)
 
     def validation_summary(self, password):
         """

tests/test_helpers.d/ynhtest_setup_source.sh

@@ -0,0 +1,81 @@
+_make_dummy_src() {
+echo "test coucou"
+    if [ ! -e $HTTPSERVER_DIR/dummy.tar.gz ]
+    then
+        pushd "$HTTPSERVER_DIR"
+            mkdir dummy
+            pushd dummy
+            echo "Lorem Ipsum" > index.html
+            echo '{"foo": "bar"}' > conf.json
+            mkdir assets
+            echo '.some.css { }' > assets/main.css
+            echo 'var some="js";' > assets/main.js
+            popd
+            tar -czf dummy.tar.gz dummy
+        popd
+    fi
+    echo "SOURCE_URL=http://127.0.0.1:$HTTPSERVER_PORT/dummy.tar.gz"
+    echo "SOURCE_SUM=$(sha256sum $HTTPSERVER_DIR/dummy.tar.gz | awk '{print $1}')"
+}
+
+ynhtest_setup_source_nominal() {
+    final_path="$(mktemp -d -p $VAR_WWW)"
+    _make_dummy_src > ../conf/dummy.src
+    
+    ynh_setup_source --dest_dir="$final_path" --source_id="dummy"
+
+    test -e "$final_path"
+    test -e "$final_path/index.html"
+}
+
+ynhtest_setup_source_nominal_upgrade() {
+    final_path="$(mktemp -d -p $VAR_WWW)"
+    _make_dummy_src > ../conf/dummy.src
+
+    ynh_setup_source --dest_dir="$final_path" --source_id="dummy"
+
+    test "$(cat $final_path/index.html)" == "Lorem Ipsum"
+    
+    # Except index.html to get overwritten during next ynh_setup_source
+    echo "IEditedYou!" > $final_path/index.html
+    test "$(cat $final_path/index.html)" == "IEditedYou!"
+
+    ynh_setup_source --dest_dir="$final_path" --source_id="dummy"
+
+    test "$(cat $final_path/index.html)" == "Lorem Ipsum"
+}
+
+
+ynhtest_setup_source_with_keep() {
+    final_path="$(mktemp -d -p $VAR_WWW)"
+    _make_dummy_src > ../conf/dummy.src
+
+    echo "IEditedYou!" > $final_path/index.html
+    echo "IEditedYou!" > $final_path/test.txt
+
+    ynh_setup_source --dest_dir="$final_path" --source_id="dummy" --keep="index.html test.txt"
+
+    test -e "$final_path"
+    test -e "$final_path/index.html"
+    test -e "$final_path/test.txt"
+    test "$(cat $final_path/index.html)" == "IEditedYou!"
+    test "$(cat $final_path/test.txt)" == "IEditedYou!"
+}
+
+ynhtest_setup_source_with_patch() {
+    final_path="$(mktemp -d -p $VAR_WWW)"
+    _make_dummy_src > ../conf/dummy.src
+
+    mkdir -p ../sources/patches
+    cat > ../sources/patches/dummy-index.html.patch << EOF
+--- a/index.html
++++ b/index.html
+@@ -1 +1,1 @@
+-Lorem Ipsum
++Lorem Ipsum dolor sit amet
+EOF
+
+    ynh_setup_source --dest_dir="$final_path" --source_id="dummy"
+
+    test "$(cat $final_path/index.html)" == "Lorem Ipsum dolor sit amet"
+}

tests/test_helpers.sh

@@ -0,0 +1,78 @@
+#!/bin/bash
+
+readonly NORMAL=$(printf '\033[0m')
+readonly BOLD=$(printf '\033[1m')
+readonly RED=$(printf '\033[31m')
+readonly GREEN=$(printf '\033[32m')
+readonly ORANGE=$(printf '\033[33m')
+
+function log_test()
+{
+    echo -n "${BOLD}$1${NORMAL} ... "
+}
+
+function log_passed()
+{
+    echo "${BOLD}${GREEN}✔ Passed${NORMAL}"
+}
+
+function log_failed()
+{
+    echo "${BOLD}${RED}✘ Failed${NORMAL}"
+}
+
+function cleanup()
+{
+    [ -n "$HTTPSERVER" ] && kill "$HTTPSERVER"
+    [ -d "$HTTPSERVER_DIR" ] && rm -rf "$HTTPSERVER_DIR"
+    [ -d "$VAR_WWW" ] && rm -rf "$VAR_WWW"
+}
+trap cleanup EXIT SIGINT
+
+# =========================================================
+
+# Dummy http server, to serve archives for ynh_setup_source
+HTTPSERVER_DIR=$(mktemp -d)
+HTTPSERVER_PORT=1312
+pushd "$HTTPSERVER_DIR" >/dev/null
+python -m SimpleHTTPServer $HTTPSERVER_PORT &>/dev/null &
+HTTPSERVER="$!"
+popd >/dev/null
+
+VAR_WWW=$(mktemp -d)/var/www
+mkdir -p $VAR_WWW
+# =========================================================
+
+source /usr/share/yunohost/helpers
+for TEST_SUITE in $(ls test_helpers.d/*)
+do
+    source $TEST_SUITE
+done
+
+# Hack to list all known function, keep only those starting by ynhtest_
+TESTS=$(declare -F | grep ' ynhtest_' | awk '{print $3}')
+
+global_result=0
+
+for TEST in $TESTS
+do
+    log_test $TEST
+    cd $(mktemp -d)
+    (app=ynhtest
+     YNH_APP_ID=$app
+     mkdir conf
+     mkdir scripts
+     cd scripts
+     set -eux
+     $TEST
+    ) > ./test.log 2>&1
+
+    if [[ $? == 0 ]]
+    then
+        set +x; log_passed;
+    else
+        set +x; echo -e "\n----------"; cat ./test.log; echo -e "----------"; log_failed; global_result=1;
+    fi
+done
+
+exit $global_result

tests/test_i18n_keys.py

@@ -25,10 +25,12 @@ def find_expected_string_keys():
     # Try to find :
     #    m18n.n(   "foo"
     #    YunohostError("foo"
+    #    YunohostValidationError("foo"
     #    # i18n: foo
     p1 = re.compile(r"m18n\.n\(\n*\s*[\"\'](\w+)[\"\']")
     p2 = re.compile(r"YunohostError\(\n*\s*[\'\"](\w+)[\'\"]")
-    p3 = re.compile(r"# i18n: [\'\"]?(\w+)[\'\"]?")
+    p3 = re.compile(r"YunohostValidationError\(\n*\s*[\'\"](\w+)[\'\"]")
+    p4 = re.compile(r"# i18n: [\'\"]?(\w+)[\'\"]?")
 
     python_files = glob.glob("src/yunohost/*.py")
     python_files.extend(glob.glob("src/yunohost/utils/*.py"))
@@ -47,6 +49,10 @@ def find_expected_string_keys():
                 continue
             yield m
         for m in p3.findall(content):
+            if m.endswith("_"):
+                continue
+            yield m
+        for m in p4.findall(content):
             yield m
 
     # For each diagnosis, try to find strings like "diagnosis_stuff_foo" (c.f. diagnosis summaries)