YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'dev' into 4.1

Browse source
This commit is contained in:
Alexandre Aubin 2020-08-27 16:52:47 +02:00
commit 4286523653
13 changed files with 168 additions and 151 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
.gitlab/ci/build.gitlab-ci.yml
View file

@ -38,7 +38,7 @@ build-ssowat:
variables: variables:
PACKAGE: "ssowat" PACKAGE: "ssowat"
script: script:
- git clone $YNH_SOURCE/$PACKAGE -b $CI_COMMIT_REF_NAME $YNH_BUILD_DIR/$PACKAGE || git clone $YNH_SOURCE/$PACKAGE $YNH_BUILD_DIR/$PACKAGE - git clone $YNH_SOURCE/$PACKAGE -b $CI_COMMIT_REF_NAME $YNH_BUILD_DIR/$PACKAGE --depth 1 || git clone $YNH_SOURCE/$PACKAGE $YNH_BUILD_DIR/$PACKAGE --depth 1
- DEBIAN_FRONTEND=noninteractive apt --assume-yes -o Dpkg::Options::="--force-confold" build-dep $(pwd)/$YNH_BUILD_DIR/$PACKAGE - DEBIAN_FRONTEND=noninteractive apt --assume-yes -o Dpkg::Options::="--force-confold" build-dep $(pwd)/$YNH_BUILD_DIR/$PACKAGE
- *build_script - *build_script
@ -47,6 +47,6 @@ build-moulinette:
variables: variables:
PACKAGE: "moulinette" PACKAGE: "moulinette"
script: script:
- git clone $YNH_SOURCE/$PACKAGE -b $CI_COMMIT_REF_NAME $YNH_BUILD_DIR/$PACKAGE || git clone $YNH_SOURCE/$PACKAGE $YNH_BUILD_DIR/$PACKAGE - git clone $YNH_SOURCE/$PACKAGE -b $CI_COMMIT_REF_NAME $YNH_BUILD_DIR/$PACKAGE --depth 1 || git clone $YNH_SOURCE/$PACKAGE $YNH_BUILD_DIR/$PACKAGE --depth 1
- DEBIAN_FRONTEND=noninteractive apt --assume-yes -o Dpkg::Options::="--force-confold" build-dep $(pwd)/$YNH_BUILD_DIR/$PACKAGE - DEBIAN_FRONTEND=noninteractive apt --assume-yes -o Dpkg::Options::="--force-confold" build-dep $(pwd)/$YNH_BUILD_DIR/$PACKAGE
- *build_script - *build_script

8
.gitlab/ci/install.gitlab-ci.yml
View file

@ -26,12 +26,4 @@ install-postinstall:
script: script:
- apt-get update -o Acquire::Retries=3 - apt-get update -o Acquire::Retries=3
- DEBIAN_FRONTEND=noninteractive SUDO_FORCE_REMOVE=yes apt --assume-yes -o Dpkg::Options::="--force-confold" --allow-downgrades install ./$YNH_BUILD_DIR/*.deb - DEBIAN_FRONTEND=noninteractive SUDO_FORCE_REMOVE=yes apt --assume-yes -o Dpkg::Options::="--force-confold" --allow-downgrades install ./$YNH_BUILD_DIR/*.deb
- systemctl -q stop apt-daily.timer
- systemctl -q stop apt-daily-upgrade.timer
- systemctl -q stop apt-daily.service
- systemctl -q stop apt-daily-upgrade.service
- systemctl -q disable apt-daily.timer
- systemctl -q disable apt-daily-upgrade.timer
- systemctl -q disable apt-daily.service
- systemctl -q disable apt-daily-upgrade.service
- yunohost tools postinstall -d domain.tld -p the_password --ignore-dyndns - yunohost tools postinstall -d domain.tld -p the_password --ignore-dyndns

37
.gitlab/ci/lint.gitlab-ci.yml
View file

@ -1,24 +1,43 @@
######################################## ########################################
# LINTER # LINTER
######################################## ########################################
# later we must fix lint and format-check jobs and remove "allow_failure"
lint: lint27:
stage: lint stage: lint
image: "before-install" image: "before-install"
needs: [] needs: []
allow_failure: true allow_failure: true
script: script:
- tox -e lint - tox -e py27-lint
invalidcode: lint37:
stage: lint
image: "before-install"
needs: []
allow_failure: true
script:
- tox -e py37-lint
invalidcode27:
stage: lint stage: lint
image: "before-install" image: "before-install"
needs: [] needs: []
script: script:
- tox -e invalidcode - tox -e py27-invalidcode
# Disabled, waiting for buster invalidcode37:
#format-check: stage: lint
# extends: .lint-stage image: "before-install"
# script: allow_failure: true
# - black --check --diff needs: []
script:
- tox -e py37-invalidcode
format-check:
stage: lint
image: "before-install"
needs: []
allow_failure: true
script:
- tox -e py37-black

34
.gitlab/ci/test.gitlab-ci.yml
View file

@ -1,12 +1,4 @@
.install_debs: &install_debs .install_debs: &install_debs
- systemctl -q stop apt-daily.timer
- systemctl -q stop apt-daily-upgrade.timer
- systemctl -q stop apt-daily.service
- systemctl -q stop apt-daily-upgrade.service
- systemctl -q disable apt-daily.timer
- systemctl -q disable apt-daily-upgrade.timer
- systemctl -q disable apt-daily.service
- systemctl -q disable apt-daily-upgrade.service
- apt-get update -o Acquire::Retries=3 - apt-get update -o Acquire::Retries=3
- DEBIAN_FRONTEND=noninteractive SUDO_FORCE_REMOVE=yes apt --assume-yes -o Dpkg::Options::="--force-confold" --allow-downgrades install ./$YNH_BUILD_DIR/*.deb - DEBIAN_FRONTEND=noninteractive SUDO_FORCE_REMOVE=yes apt --assume-yes -o Dpkg::Options::="--force-confold" --allow-downgrades install ./$YNH_BUILD_DIR/*.deb
@ -44,7 +36,7 @@ full-tests:
- *install_debs - *install_debs
- yunohost tools postinstall -d domain.tld -p the_password --ignore-dyndns - yunohost tools postinstall -d domain.tld -p the_password --ignore-dyndns
script: script:
- pytest --cov=yunohost tests/ src/yunohost/tests/ --junitxml=report.xml - python -m pytest --cov=yunohost tests/ src/yunohost/tests/ --junitxml=report.xml
needs: needs:
- job: build-yunohost - job: build-yunohost
artifacts: true artifacts: true
@ -59,70 +51,70 @@ full-tests:
root-tests: root-tests:
extends: .test-stage extends: .test-stage
script: script:
- py.test tests - python -m pytest tests
test-apps: test-apps:
extends: .test-stage extends: .test-stage
script: script:
- cd src/yunohost - cd src/yunohost
- py.test tests/test_apps.py - python -m pytest tests/test_apps.py
test-appscatalog: test-appscatalog:
extends: .test-stage extends: .test-stage
script: script:
- cd src/yunohost - cd src/yunohost
- py.test tests/test_appscatalog.py - python -m pytest tests/test_appscatalog.py
test-appurl: test-appurl:
extends: .test-stage extends: .test-stage
script: script:
- cd src/yunohost - cd src/yunohost
- py.test tests/test_appurl.py - python -m pytest tests/test_appurl.py
test-apps-arguments-parsing: test-apps-arguments-parsing:
extends: .test-stage extends: .test-stage
script: script:
- cd src/yunohost - cd src/yunohost
- py.test tests/test_apps_arguments_parsing.py - python -m pytest tests/test_apps_arguments_parsing.py
test-backuprestore: test-backuprestore:
extends: .test-stage extends: .test-stage
script: script:
- cd src/yunohost - cd src/yunohost
- py.test tests/test_backuprestore.py - python -m pytest tests/test_backuprestore.py
test-changeurl: test-changeurl:
extends: .test-stage extends: .test-stage
script: script:
- cd src/yunohost - cd src/yunohost
- py.test tests/test_changeurl.py - python -m pytest tests/test_changeurl.py
test-permission: test-permission:
extends: .test-stage extends: .test-stage
script: script:
- cd src/yunohost - cd src/yunohost
- py.test tests/test_permission.py - python -m pytest tests/test_permission.py
test-settings: test-settings:
extends: .test-stage extends: .test-stage
script: script:
- cd src/yunohost - cd src/yunohost
- py.test tests/test_settings.py - python -m pytest tests/test_settings.py
test-user-group: test-user-group:
extends: .test-stage extends: .test-stage
script: script:
- cd src/yunohost - cd src/yunohost
- py.test tests/test_user-group.py - python -m pytest tests/test_user-group.py
test-regenconf: test-regenconf:
extends: .test-stage extends: .test-stage
script: script:
- cd src/yunohost - cd src/yunohost
- py.test tests/test_regenconf.py - python -m pytest tests/test_regenconf.py
test-service: test-service:
extends: .test-stage extends: .test-stage
script: script:
- cd src/yunohost - cd src/yunohost
- py.test tests/test_service.py - python -m pytest tests/test_service.py

12
.travis.yml
View file

@ -2,12 +2,18 @@ language: python
matrix: matrix:
allow_failures: allow_failures:
- env: TOXENV=lint - env: TOXENV=py27-lint
- env: TOXENV=py37-lint
- env: TOXENV=py37-invalidcode
include: include:
- python: 2.7 - python: 2.7
env: TOXENV=py27 env: TOXENV=py27-lint
- python: 2.7 - python: 2.7
env: TOXENV=lint env: TOXENV=py27-invalidcode
- python: 3.7
env: TOXENV=py37-lint
- python: 3.7
env: TOXENV=py37-invalidcode
install: install:
- pip install tox - pip install tox

106
data/helpers.d/php
View file

@ -1,37 +1,37 @@
#!/bin/bash #!/bin/bash
readonly YNH_DEFAULT_PHP_VERSION=7.3 readonly YNH_DEFAULT_PHP_VERSION=7.3
# Declare the actual php version to use. # Declare the actual PHP version to use.
# A packager willing to use another version of php can override the variable into its _common.sh. # A packager willing to use another version of PHP can override the variable into its _common.sh.
YNH_PHP_VERSION=${YNH_PHP_VERSION:-$YNH_DEFAULT_PHP_VERSION} YNH_PHP_VERSION=${YNH_PHP_VERSION:-$YNH_DEFAULT_PHP_VERSION}
# Create a dedicated php-fpm config # Create a dedicated PHP-FPM config
# #
# usage 1: ynh_add_fpm_config [--phpversion=7.X] [--use_template] [--package=packages] [--dedicated_service] # usage 1: ynh_add_fpm_config [--phpversion=7.X] [--use_template] [--package=packages] [--dedicated_service]
# | arg: -v, --phpversion= - Version of php to use. # | arg: -v, --phpversion= - Version of PHP to use.
# | arg: -t, --use_template - Use this helper in template mode. # | arg: -t, --use_template - Use this helper in template mode.
# | arg: -p, --package= - Additionnal php packages to install # | arg: -p, --package= - Additionnal PHP packages to install
# | arg: -d, --dedicated_service - Use a dedicated php-fpm service instead of the common one. # | arg: -d, --dedicated_service - Use a dedicated PHP-FPM service instead of the common one.
# #
# ----------------------------------------------------------------------------- # -----------------------------------------------------------------------------
# #
# usage 2: ynh_add_fpm_config [--phpversion=7.X] --usage=usage --footprint=footprint [--package=packages] [--dedicated_service] # usage 2: ynh_add_fpm_config [--phpversion=7.X] --usage=usage --footprint=footprint [--package=packages] [--dedicated_service]
# | arg: -v, --phpversion= - Version of php to use. # | arg: -v, --phpversion= - Version of PHP to use.
# | arg: -f, --footprint= - Memory footprint of the service (low/medium/high). # | arg: -f, --footprint= - Memory footprint of the service (low/medium/high).
# low - Less than 20Mb of ram by pool. # low - Less than 20 MB of RAM by pool.
# medium - Between 20Mb and 40Mb of ram by pool. # medium - Between 20 MB and 40 MB of RAM by pool.
# high - More than 40Mb of ram by pool. # high - More than 40 MB of RAM by pool.
# Or specify exactly the footprint, the load of the service as Mb by pool instead of having a standard value. # Or specify exactly the footprint, the load of the service as MB by pool instead of having a standard value.
# To have this value, use the following command and stress the service. # To have this value, use the following command and stress the service.
# watch -n0.5 ps -o user,cmd,%cpu,rss -u APP # watch -n0.5 ps -o user,cmd,%cpu,rss -u APP
# #
# | arg: -u, --usage= - Expected usage of the service (low/medium/high). # | arg: -u, --usage= - Expected usage of the service (low/medium/high).
# low - Personal usage, behind the sso. # low - Personal usage, behind the SSO.
# medium - Low usage, few people or/and publicly accessible. # medium - Low usage, few people or/and publicly accessible.
# high - High usage, frequently visited website. # high - High usage, frequently visited website.
# #
# | arg: -p, --package= - Additionnal php packages to install for a specific version of php # | arg: -p, --package= - Additionnal PHP packages to install for a specific version of PHP
# | arg: -d, --dedicated_service - Use a dedicated php-fpm service instead of the common one. # | arg: -d, --dedicated_service - Use a dedicated PHP-FPM service instead of the common one.
# #
# #
# The footprint of the service will be used to defined the maximum footprint we can allow, which is half the maximum RAM. # The footprint of the service will be used to defined the maximum footprint we can allow, which is half the maximum RAM.
@ -85,7 +85,7 @@ ynh_add_fpm_config () {
# Set the default PHP-FPM version by default # Set the default PHP-FPM version by default
phpversion="${phpversion:-$YNH_PHP_VERSION}" phpversion="${phpversion:-$YNH_PHP_VERSION}"
# If the requested php version is not the default version for YunoHost # If the requested PHP version is not the default version for YunoHost
if [ "$phpversion" != "$YNH_DEFAULT_PHP_VERSION" ] if [ "$phpversion" != "$YNH_DEFAULT_PHP_VERSION" ]
then then
# If the argument --package is used, add the packages to ynh_install_php to install them from sury # If the argument --package is used, add the packages to ynh_install_php to install them from sury
@ -95,7 +95,7 @@ ynh_add_fpm_config () {
else else
local additionnal_packages="" local additionnal_packages=""
fi fi
# Install this specific version of php. # Install this specific version of PHP.
ynh_install_php --phpversion="$phpversion" "$additionnal_packages" ynh_install_php --phpversion="$phpversion" "$additionnal_packages"
elif [ -n "$package" ] elif [ -n "$package" ]
then then
@ -118,7 +118,7 @@ ynh_add_fpm_config () {
fpm_service="php5-fpm" fpm_service="php5-fpm"
fi fi
# Create the directory for fpm pools # Create the directory for FPM pools
mkdir --parents "$fpm_config_dir/pool.d" mkdir --parents "$fpm_config_dir/pool.d"
ynh_app_setting_set --app=$app --key=fpm_config_dir --value="$fpm_config_dir" ynh_app_setting_set --app=$app --key=fpm_config_dir --value="$fpm_config_dir"
@ -127,7 +127,7 @@ ynh_add_fpm_config () {
ynh_app_setting_set --app=$app --key=phpversion --value=$phpversion ynh_app_setting_set --app=$app --key=phpversion --value=$phpversion
finalphpconf="$fpm_config_dir/pool.d/$app.conf" finalphpconf="$fpm_config_dir/pool.d/$app.conf"
# Migrate from mutual php service to dedicated one. # Migrate from mutual PHP service to dedicated one.
if [ $dedicated_service -eq 1 ] if [ $dedicated_service -eq 1 ]
then then
local old_fpm_config_dir="/etc/php/$phpversion/fpm" local old_fpm_config_dir="/etc/php/$phpversion/fpm"
@ -137,9 +137,9 @@ ynh_add_fpm_config () {
ynh_print_info --message="Migrate to a dedicated php-fpm service for $app." ynh_print_info --message="Migrate to a dedicated php-fpm service for $app."
# Create a backup of the old file before migration # Create a backup of the old file before migration
ynh_backup_if_checksum_is_different --file="$old_fpm_config_dir/pool.d/$app.conf" ynh_backup_if_checksum_is_different --file="$old_fpm_config_dir/pool.d/$app.conf"
# Remove the old php config file # Remove the old PHP config file
ynh_secure_remove --file="$old_fpm_config_dir/pool.d/$app.conf" ynh_secure_remove --file="$old_fpm_config_dir/pool.d/$app.conf"
# Reload php to release the socket and allow the dedicated service to use it # Reload PHP to release the socket and allow the dedicated service to use it
ynh_systemd_action --service_name=php${phpversion}-fpm --action=reload ynh_systemd_action --service_name=php${phpversion}-fpm --action=reload
fi fi
fi fi
@ -151,10 +151,10 @@ ynh_add_fpm_config () {
# Usage 1, use the template in conf/php-fpm.conf # Usage 1, use the template in conf/php-fpm.conf
local phpfpm_path="../conf/php-fpm.conf" local phpfpm_path="../conf/php-fpm.conf"
if [ ! -e "$phpfpm_path" ]; then if [ ! -e "$phpfpm_path" ]; then
phpfpm_path="../settings/conf/php-fpm.conf" # Into the restore script, the php-fpm template is not at the same place phpfpm_path="../settings/conf/php-fpm.conf" # Into the restore script, the PHP-FPM template is not at the same place
fi fi
# Make sure now that the template indeed exists # Make sure now that the template indeed exists
[ -e "$phpfpm_path" ] || ynh_die --message="Unable to find template to configure php-fpm." [ -e "$phpfpm_path" ] || ynh_die --message="Unable to find template to configure PHP-FPM."
cp "$phpfpm_path" "$finalphpconf" cp "$phpfpm_path" "$finalphpconf"
ynh_replace_string --match_string="__NAMETOCHANGE__" --replace_string="$app" --target_file="$finalphpconf" ynh_replace_string --match_string="__NAMETOCHANGE__" --replace_string="$app" --target_file="$finalphpconf"
ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="$finalphpconf" ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="$finalphpconf"
@ -162,13 +162,13 @@ ynh_add_fpm_config () {
ynh_replace_string --match_string="__PHPVERSION__" --replace_string="$phpversion" --target_file="$finalphpconf" ynh_replace_string --match_string="__PHPVERSION__" --replace_string="$phpversion" --target_file="$finalphpconf"
else else
# Usage 2, generate a php-fpm config file with ynh_get_scalable_phpfpm # Usage 2, generate a PHP-FPM config file with ynh_get_scalable_phpfpm
# Store settings # Store settings
ynh_app_setting_set --app=$app --key=fpm_footprint --value=$footprint ynh_app_setting_set --app=$app --key=fpm_footprint --value=$footprint
ynh_app_setting_set --app=$app --key=fpm_usage --value=$usage ynh_app_setting_set --app=$app --key=fpm_usage --value=$usage
# Define the values to use for the configuration of php. # Define the values to use for the configuration of PHP.
ynh_get_scalable_phpfpm --usage=$usage --footprint=$footprint ynh_get_scalable_phpfpm --usage=$usage --footprint=$footprint
# Copy the default file # Copy the default file
@ -181,7 +181,7 @@ ynh_add_fpm_config () {
ynh_replace_string --match_string="^group = .*" --replace_string="group = $app" --target_file="$finalphpconf" ynh_replace_string --match_string="^group = .*" --replace_string="group = $app" --target_file="$finalphpconf"
ynh_replace_string --match_string=".*chdir = .*" --replace_string="chdir = $final_path" --target_file="$finalphpconf" ynh_replace_string --match_string=".*chdir = .*" --replace_string="chdir = $final_path" --target_file="$finalphpconf"
# Configure fpm children # Configure FPM children
ynh_replace_string --match_string=".*pm = .*" --replace_string="pm = $php_pm" --target_file="$finalphpconf" ynh_replace_string --match_string=".*pm = .*" --replace_string="pm = $php_pm" --target_file="$finalphpconf"
ynh_replace_string --match_string=".*pm.max_children = .*" --replace_string="pm.max_children = $php_max_children" --target_file="$finalphpconf" ynh_replace_string --match_string=".*pm.max_children = .*" --replace_string="pm.max_children = $php_max_children" --target_file="$finalphpconf"
ynh_replace_string --match_string=".*pm.max_requests = .*" --replace_string="pm.max_requests = 500" --target_file="$finalphpconf" ynh_replace_string --match_string=".*pm.max_requests = .*" --replace_string="pm.max_requests = 500" --target_file="$finalphpconf"
@ -238,7 +238,7 @@ ynh_add_fpm_config () {
ynh_replace_string --match_string="^[; ]*syslog.ident *=.*" --replace_string="syslog.ident = php-fpm-$app" --target_file="$globalphpconf" ynh_replace_string --match_string="^[; ]*syslog.ident *=.*" --replace_string="syslog.ident = php-fpm-$app" --target_file="$globalphpconf"
ynh_replace_string --match_string="^[; ]*include *=.*" --replace_string="include = $finalphpconf" --target_file="$globalphpconf" ynh_replace_string --match_string="^[; ]*include *=.*" --replace_string="include = $finalphpconf" --target_file="$globalphpconf"
# Create a config for a dedicated php-fpm service for the app # Create a config for a dedicated PHP-FPM service for the app
echo "[Unit] echo "[Unit]
Description=PHP $phpversion FastCGI Process Manager for $app Description=PHP $phpversion FastCGI Process Manager for $app
After=network.target After=network.target
@ -253,7 +253,7 @@ ExecReload=/bin/kill -USR2 \$MAINPID
WantedBy=multi-user.target WantedBy=multi-user.target
" > ../conf/$fpm_service " > ../conf/$fpm_service
# Create this dedicated php-fpm service # Create this dedicated PHP-FPM service
ynh_add_systemd_config --service=$fpm_service --template=$fpm_service ynh_add_systemd_config --service=$fpm_service --template=$fpm_service
# Integrate the service in YunoHost admin panel # Integrate the service in YunoHost admin panel
yunohost service add $fpm_service --log /var/log/php/fpm-php.$app.log --log_type file --description "Php-fpm dedicated to $app" yunohost service add $fpm_service --log /var/log/php/fpm-php.$app.log --log_type file --description "Php-fpm dedicated to $app"
@ -262,12 +262,12 @@ WantedBy=multi-user.target
# Restart the service, as this service is either stopped or only for this app # Restart the service, as this service is either stopped or only for this app
ynh_systemd_action --service_name=$fpm_service --action=restart ynh_systemd_action --service_name=$fpm_service --action=restart
else else
# Reload php, to not impact other parts of the system using php # Reload PHP, to not impact other parts of the system using PHP
ynh_systemd_action --service_name=$fpm_service --action=reload ynh_systemd_action --service_name=$fpm_service --action=reload
fi fi
} }
# Remove the dedicated php-fpm config # Remove the dedicated PHP-FPM config
# #
# usage: ynh_remove_fpm_config # usage: ynh_remove_fpm_config
# #
@ -277,13 +277,13 @@ ynh_remove_fpm_config () {
local fpm_service=$(ynh_app_setting_get --app=$app --key=fpm_service) local fpm_service=$(ynh_app_setting_get --app=$app --key=fpm_service)
local dedicated_service=$(ynh_app_setting_get --app=$app --key=fpm_dedicated_service) local dedicated_service=$(ynh_app_setting_get --app=$app --key=fpm_dedicated_service)
dedicated_service=${dedicated_service:-0} dedicated_service=${dedicated_service:-0}
# Get the version of php used by this app # Get the version of PHP used by this app
local phpversion=$(ynh_app_setting_get $app phpversion) local phpversion=$(ynh_app_setting_get $app phpversion)
# Assume default PHP-FPM version by default # Assume default PHP-FPM version by default
phpversion="${phpversion:-$YNH_DEFAULT_PHP_VERSION}" phpversion="${phpversion:-$YNH_DEFAULT_PHP_VERSION}"
# Assume default php files if not set # Assume default PHP files if not set
if [ -z "$fpm_config_dir" ] if [ -z "$fpm_config_dir" ]
then then
fpm_config_dir="/etc/php/$YNH_DEFAULT_PHP_VERSION/fpm" fpm_config_dir="/etc/php/$YNH_DEFAULT_PHP_VERSION/fpm"
@ -292,11 +292,11 @@ ynh_remove_fpm_config () {
if [ $dedicated_service -eq 1 ] if [ $dedicated_service -eq 1 ]
then then
# Remove the dedicated service php-fpm service for the app # Remove the dedicated service PHP-FPM service for the app
ynh_remove_systemd_config --service=$fpm_service ynh_remove_systemd_config --service=$fpm_service
# Remove the global php-fpm conf # Remove the global PHP-FPM conf
ynh_secure_remove --file="$fpm_config_dir/php-fpm-$app.conf" ynh_secure_remove --file="$fpm_config_dir/php-fpm-$app.conf"
# Remove the service from the list of services known by Yunohost # Remove the service from the list of services known by YunoHost
yunohost service remove $fpm_service yunohost service remove $fpm_service
elif ynh_package_is_installed --package="php${phpversion}-fpm"; then elif ynh_package_is_installed --package="php${phpversion}-fpm"; then
ynh_systemd_action --service_name=$fpm_service --action=reload ynh_systemd_action --service_name=$fpm_service --action=reload
@ -308,21 +308,21 @@ ynh_remove_fpm_config () {
ynh_secure_remove --file="$fpm_config_dir/conf.d/20-$app.ini" ynh_secure_remove --file="$fpm_config_dir/conf.d/20-$app.ini"
fi fi
# If the php version used is not the default version for YunoHost # If the PHP version used is not the default version for YunoHost
if [ "$phpversion" != "$YNH_DEFAULT_PHP_VERSION" ] if [ "$phpversion" != "$YNH_DEFAULT_PHP_VERSION" ]
then then
# Remove this specific version of php # Remove this specific version of PHP
ynh_remove_php ynh_remove_php
fi fi
} }
# Install another version of php. # Install another version of PHP.
# #
# [internal] # [internal]
# #
# usage: ynh_install_php --phpversion=phpversion [--package=packages] # usage: ynh_install_php --phpversion=phpversion [--package=packages]
# | arg: -v, --phpversion= - Version of php to install. # | arg: -v, --phpversion= - Version of PHP to install.
# | arg: -p, --package= - Additionnal php packages to install # | arg: -p, --package= - Additionnal PHP packages to install
# #
# Requires YunoHost version 3.8.1 or higher. # Requires YunoHost version 3.8.1 or higher.
ynh_install_php () { ynh_install_php () {
@ -349,7 +349,7 @@ ynh_install_php () {
# Do not add twice the same line # Do not add twice the same line
if ! grep --quiet "$YNH_APP_INSTANCE_NAME:" "/etc/php/ynh_app_version" if ! grep --quiet "$YNH_APP_INSTANCE_NAME:" "/etc/php/ynh_app_version"
then then
# Store the ID of this app and the version of php requested for it # Store the ID of this app and the version of PHP requested for it
echo "$YNH_APP_INSTANCE_NAME:$phpversion" | tee --append "/etc/php/ynh_app_version" echo "$YNH_APP_INSTANCE_NAME:$phpversion" | tee --append "/etc/php/ynh_app_version"
fi fi
@ -357,11 +357,11 @@ ynh_install_php () {
ynh_install_extra_repo --repo="https://packages.sury.org/php/ $(ynh_get_debian_release) main" --key="https://packages.sury.org/php/apt.gpg" --priority=995 --name=extra_php_version --priority=600 ynh_install_extra_repo --repo="https://packages.sury.org/php/ $(ynh_get_debian_release) main" --key="https://packages.sury.org/php/apt.gpg" --priority=995 --name=extra_php_version --priority=600
# Install requested dependencies from this extra repository. # Install requested dependencies from this extra repository.
# Install php-fpm first, otherwise php will install apache as a dependency. # Install PHP-FPM first, otherwise PHP will install apache as a dependency.
ynh_add_app_dependencies --package="php${phpversion}-fpm" ynh_add_app_dependencies --package="php${phpversion}-fpm"
ynh_add_app_dependencies --package="php$phpversion php${phpversion}-common $package" ynh_add_app_dependencies --package="php$phpversion php${phpversion}-common $package"
# Set the default php version back as the default version for php-cli. # Set the default PHP version back as the default version for php-cli.
update-alternatives --set php /usr/bin/php$YNH_DEFAULT_PHP_VERSION update-alternatives --set php /usr/bin/php$YNH_DEFAULT_PHP_VERSION
# Pin this extra repository after packages are installed to prevent sury of doing shit # Pin this extra repository after packages are installed to prevent sury of doing shit
@ -374,7 +374,7 @@ ynh_install_php () {
yunohost service add php${phpversion}-fpm --log "/var/log/php${phpversion}-fpm.log" yunohost service add php${phpversion}-fpm --log "/var/log/php${phpversion}-fpm.log"
} }
# Remove the specific version of php used by the app. # Remove the specific version of PHP used by the app.
# #
# [internal] # [internal]
# #
@ -382,7 +382,7 @@ ynh_install_php () {
# #
# Requires YunoHost version 3.8.1 or higher. # Requires YunoHost version 3.8.1 or higher.
ynh_remove_php () { ynh_remove_php () {
# Get the version of php used by this app # Get the version of PHP used by this app
local phpversion=$(ynh_app_setting_get $app phpversion) local phpversion=$(ynh_app_setting_get $app phpversion)
if [ "$phpversion" == "$YNH_DEFAULT_PHP_VERSION" ] || [ -z "$phpversion" ] if [ "$phpversion" == "$YNH_DEFAULT_PHP_VERSION" ] || [ -z "$phpversion" ]
@ -400,7 +400,7 @@ ynh_remove_php () {
# Remove the line for this app # Remove the line for this app
sed --in-place "/$YNH_APP_INSTANCE_NAME:$phpversion/d" "/etc/php/ynh_app_version" sed --in-place "/$YNH_APP_INSTANCE_NAME:$phpversion/d" "/etc/php/ynh_app_version"
# If no other app uses this version of php, remove it. # If no other app uses this version of PHP, remove it.
if ! grep --quiet "$phpversion" "/etc/php/ynh_app_version" if ! grep --quiet "$phpversion" "/etc/php/ynh_app_version"
then then
# Remove the service from the admin panel # Remove the service from the admin panel
@ -408,26 +408,26 @@ ynh_remove_php () {
yunohost service remove php${phpversion}-fpm yunohost service remove php${phpversion}-fpm
fi fi
# Purge php dependencies for this version. # Purge PHP dependencies for this version.
ynh_package_autopurge "php$phpversion php${phpversion}-fpm php${phpversion}-common" ynh_package_autopurge "php$phpversion php${phpversion}-fpm php${phpversion}-common"
fi fi
} }
# Define the values to configure php-fpm # Define the values to configure PHP-FPM
# #
# [internal] # [internal]
# #
# usage: ynh_get_scalable_phpfpm --usage=usage --footprint=footprint [--print] # usage: ynh_get_scalable_phpfpm --usage=usage --footprint=footprint [--print]
# | arg: -f, --footprint= - Memory footprint of the service (low/medium/high). # | arg: -f, --footprint= - Memory footprint of the service (low/medium/high).
# low - Less than 20Mb of ram by pool. # low - Less than 20 MB of RAM by pool.
# medium - Between 20Mb and 40Mb of ram by pool. # medium - Between 20 MB and 40 MB of RAM by pool.
# high - More than 40Mb of ram by pool. # high - More than 40 MB of RAM by pool.
# Or specify exactly the footprint, the load of the service as Mb by pool instead of having a standard value. # Or specify exactly the footprint, the load of the service as MB by pool instead of having a standard value.
# To have this value, use the following command and stress the service. # To have this value, use the following command and stress the service.
# watch -n0.5 ps -o user,cmd,%cpu,rss -u APP # watch -n0.5 ps -o user,cmd,%cpu,rss -u APP
# #
# | arg: -u, --usage= - Expected usage of the service (low/medium/high). # | arg: -u, --usage= - Expected usage of the service (low/medium/high).
# low - Personal usage, behind the sso. # low - Personal usage, behind the SSO.
# medium - Low usage, few people or/and publicly accessible. # medium - Low usage, few people or/and publicly accessible.
# high - High usage, frequently visited website. # high - High usage, frequently visited website.
# #
@ -498,7 +498,7 @@ ynh_get_scalable_phpfpm () {
# Define pm.max_children # Define pm.max_children
# The value of pm.max_children is the total amount of ram divide by 2 and divide again by the footprint of a pool for this app. # The value of pm.max_children is the total amount of ram divide by 2 and divide again by the footprint of a pool for this app.
# So if php-fpm start the maximum of children, it won't exceed half of the ram. # So if PHP-FPM start the maximum of children, it won't exceed half of the ram.
php_max_children=$(( $max_ram / 2 / $footprint )) php_max_children=$(( $max_ram / 2 / $footprint ))
# If process manager is set as static, use half less children. # If process manager is set as static, use half less children.
# Used as static, there's always as many children as the value of pm.max_children # Used as static, there's always as many children as the value of pm.max_children

2
data/hooks/conf_regen/31-rspamd
View file

@ -42,7 +42,7 @@ do_post_regen() {
chown _rspamd /etc/dkim/*.mail.key chown _rspamd /etc/dkim/*.mail.key
chmod 400 /etc/dkim/*.mail.key chmod 400 /etc/dkim/*.mail.key
[ ! -e /var/log/rspamd ] || chown _rspamd:_rspamd /var/log/rspamd [ ! -e /var/log/rspamd ] || chown -R _rspamd:_rspamd /var/log/rspamd
regen_conf_files=$1 regen_conf_files=$1
[ -z "$regen_conf_files" ] && exit 0 [ -z "$regen_conf_files" ] && exit 0

7
data/templates/dovecot/dovecot.conf
View file

@ -14,14 +14,17 @@ mail_plugins = $mail_plugins quota
############################################################################### ###############################################################################
# generated 2020-05-02, Mozilla Guideline v5.4, Dovecot 2.3.4.1, OpenSSL 1.1.1d, intermediate configuration # generated 2020-08-18, Mozilla Guideline v5.6, Dovecot 2.3.4, OpenSSL 1.1.1d, intermediate configuration
# https://ssl-config.mozilla.org/#server=dovecot&version=2.3.4.1&config=intermediate&openssl=1.1.1d&guideline=5.4 # https://ssl-config.mozilla.org/#server=dovecot&version=2.3.4&config=intermediate&openssl=1.1.1d&guideline=5.6
ssl = required ssl = required
ssl_cert = </etc/yunohost/certs/{{ main_domain }}/crt.pem ssl_cert = </etc/yunohost/certs/{{ main_domain }}/crt.pem
ssl_key = </etc/yunohost/certs/{{ main_domain }}/key.pem ssl_key = </etc/yunohost/certs/{{ main_domain }}/key.pem
# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
ssl_dh = /usr/share/yunohost/other/ffdhe2048.pem;
# intermediate configuration # intermediate configuration
ssl_min_protocol = TLSv1.2 ssl_min_protocol = TLSv1.2
ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 ssl_cipher_list = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384

31
data/templates/postfix/main.cf
View file

@ -19,34 +19,35 @@ readme_directory = no
# -- TLS for incoming connections # -- TLS for incoming connections
############################################################################### ###############################################################################
# generated 2020-04-03, Mozilla Guideline v5.4, Postfix 3.1.14, OpenSSL 1.1.0l, intermediate configuration
# https://ssl-config.mozilla.org/#server=postfix&version=3.1.14&config=intermediate&openssl=1.1.0l&guideline=5.4
# (No modern conf support until we're on buster...)
# {% if compatibility == "intermediate" %} {% else %} {% endif %}
smtpd_use_tls = yes smtpd_use_tls = yes
smtpd_tls_security_level = may smtpd_tls_security_level = may
smtpd_tls_auth_only = yes smtpd_tls_auth_only = yes
smtpd_tls_cert_file = /etc/yunohost/certs/{{ main_domain }}/crt.pem smtpd_tls_cert_file = /etc/yunohost/certs/{{ main_domain }}/crt.pem
smtpd_tls_key_file = /etc/yunohost/certs/{{ main_domain }}/key.pem smtpd_tls_key_file = /etc/yunohost/certs/{{ main_domain }}/key.pem
{% if compatibility == "intermediate" %}
# generated 2020-08-18, Mozilla Guideline v5.6, Postfix 3.4.14, OpenSSL 1.1.1d, intermediate configuration
# https://ssl-config.mozilla.org/#server=postfix&version=3.4.14&config=intermediate&openssl=1.1.1d&guideline=5.6
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1 smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
# smtpd_tls_mandatory_ciphers = medium # (c.f. below) smtpd_tls_mandatory_ciphers = medium
# curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam.pem # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam.pem
# not actually 1024 bits, this applies to all DHE >= 1024 bits # not actually 1024 bits, this applies to all DHE >= 1024 bits
# smtpd_tls_dh1024_param_file = /path/to/dhparam.pem smtpd_tls_dh1024_param_file = /usr/share/yunohost/other/ffdhe2048.pem;
tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
{% else %}
# generated 2020-08-18, Mozilla Guideline v5.6, Postfix 3.4.14, OpenSSL 1.1.1d, modern configuration
# https://ssl-config.mozilla.org/#server=postfix&version=3.4.14&config=modern&openssl=1.1.1d&guideline=5.6
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1, !TLSv1.2
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1, !TLSv1.2
{% endif %}
# This custom medium cipherlist recommendation only works if we have a DH ... which we don't, c.f. https://github.com/YunoHost/issues/issues/93
# On the other hand, the postfix doc strongly discourage tweaking this list ... So whatever, let's keep the mandatory_ciphers to high like we did before applying the Mozilla recommendation ...
#tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
tls_preempt_cipherlist = no tls_preempt_cipherlist = no
# Custom Yunohost stuff ... because we can't use the recommendation about medium cipher list ...
smtpd_tls_mandatory_ciphers=high
smtpd_tls_eecdh_grade = ultra
############################################################################### ###############################################################################
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_loglevel=1 smtpd_tls_loglevel=1

13
debian/changelog vendored
View file

@ -1,3 +1,16 @@
yunohost (4.0.5) testing; urgency=low
- [enh] Update postfix, dovecot, nginx configuration according to Mozilla guidelines (Buster + DH params) (f3a4334a, 89bcf1ba, 2d661737)
- [enh] Update acme_tiny to 4.1.0 (#1037)
- [fix] ref to variable in i18n string (c.f. issue 1647) (7b1f02e0)
- [fix] Recursively enforce ownership for rspamd (8454f2ec)
- [fix] Stupid encoding issue when fetching service description (6ec0e7b6)
- [fix] Misc fixes for CI (ca0a42f2, 485c65a9, #1038, a891d20a)
Thanks to all contributors <3 ! (Eric G., Kay0u)
-- Alexandre Aubin <alex.aubin@mailoo.org> Tue, 25 Aug 2020 19:32:27 +0200
yunohost (4.0.4) stable; urgency=low yunohost (4.0.4) stable; urgency=low
- Debugging and robustness improvements for postgresql 9.6 -> 11 and xtables->nftables migrations (accc2da4, 59bd7d66, 4cb6f7fd, 4b14402c) - Debugging and robustness improvements for postgresql 9.6 -> 11 and xtables->nftables migrations (accc2da4, 59bd7d66, 4cb6f7fd, 4b14402c)

16
src/yunohost/service.py
View file

@ -346,16 +346,20 @@ def _get_and_format_service_status(service, infos):
'configuration': "unknown", 'configuration': "unknown",
} }
translation_key = "service_description_%s" % service # Try to get description directly from services.yml
description = infos.get("description") description = infos.get("description")
# If no description was there, try to get it from the .json locales
if not description: if not description:
translation_key = "service_description_%s" % service
description = m18n.n(translation_key) description = m18n.n(translation_key)
# that mean that we don't have a translation for this string # If descrption is still equal to the translation key,
# that's the only way to test for that for now # that mean that we don't have a translation for this string
# if we don't have it, uses the one provided by systemd # that's the only way to test for that for now
if description.decode('utf-8') == translation_key: # if we don't have it, uses the one provided by systemd
description = str(raw_status.get("Description", "")) if description.decode('utf-8') == translation_key:
description = str(raw_status.get("Description", ""))
output = { output = {
'status': str(raw_status.get("SubState", "unknown")), 'status': str(raw_status.get("SubState", "unknown")),

24
src/yunohost/vendor/acme_tiny/acme_tiny.py vendored
View file

@ -48,7 +48,7 @@ def get_crt(account_key, csr, acme_dir, log=LOGGER, CA=DEFAULT_CA, disable_check
# helper function - make signed requests # helper function - make signed requests
def _send_signed_request(url, payload, err_msg, depth=0): def _send_signed_request(url, payload, err_msg, depth=0):
payload64 = _b64(json.dumps(payload).encode('utf8')) payload64 = "" if payload is None else _b64(json.dumps(payload).encode('utf8'))
new_nonce = _do_request(directory['newNonce'])[2]['Replay-Nonce'] new_nonce = _do_request(directory['newNonce'])[2]['Replay-Nonce']
protected = {"url": url, "alg": alg, "nonce": new_nonce} protected = {"url": url, "alg": alg, "nonce": new_nonce}
protected.update({"jwk": jwk} if acct_headers is None else {"kid": acct_headers['Location']}) protected.update({"jwk": jwk} if acct_headers is None else {"kid": acct_headers['Location']})
@ -63,12 +63,12 @@ def get_crt(account_key, csr, acme_dir, log=LOGGER, CA=DEFAULT_CA, disable_check
# helper function - poll until complete # helper function - poll until complete
def _poll_until_not(url, pending_statuses, err_msg): def _poll_until_not(url, pending_statuses, err_msg):
while True: result, t0 = None, time.time()
result, _, _ = _do_request(url, err_msg=err_msg) while result is None or result['status'] in pending_statuses:
if result['status'] in pending_statuses: assert (time.time() - t0 < 3600), "Polling timeout" # 1 hour timeout
time.sleep(2) time.sleep(0 if result is None else 2)
continue result, _, _ = _send_signed_request(url, None, err_msg)
return result return result
# parse account key to get public key # parse account key to get public key
log.info("Parsing account key...") log.info("Parsing account key...")
@ -93,7 +93,7 @@ def get_crt(account_key, csr, acme_dir, log=LOGGER, CA=DEFAULT_CA, disable_check
common_name = re.search(r"Subject:.*? CN\s?=\s?([^\s,;/]+)", out.decode('utf8')) common_name = re.search(r"Subject:.*? CN\s?=\s?([^\s,;/]+)", out.decode('utf8'))
if common_name is not None: if common_name is not None:
domains.add(common_name.group(1)) domains.add(common_name.group(1))
subject_alt_names = re.search(r"X509v3 Subject Alternative Name: \n +([^\n]+)\n", out.decode('utf8'), re.MULTILINE|re.DOTALL) subject_alt_names = re.search(r"X509v3 Subject Alternative Name: (?:critical)?\n +([^\n]+)\n", out.decode('utf8'), re.MULTILINE|re.DOTALL)
if subject_alt_names is not None: if subject_alt_names is not None:
for san in subject_alt_names.group(1).split(", "): for san in subject_alt_names.group(1).split(", "):
if san.startswith("DNS:"): if san.startswith("DNS:"):
@ -123,7 +123,7 @@ def get_crt(account_key, csr, acme_dir, log=LOGGER, CA=DEFAULT_CA, disable_check
# get the authorizations that need to be completed # get the authorizations that need to be completed
for auth_url in order['authorizations']: for auth_url in order['authorizations']:
authorization, _, _ = _do_request(auth_url, err_msg="Error getting challenges") authorization, _, _ = _send_signed_request(auth_url, None, "Error getting challenges")
domain = authorization['identifier']['value'] domain = authorization['identifier']['value']
log.info("Verifying {0}...".format(domain)) log.info("Verifying {0}...".format(domain))
@ -138,9 +138,8 @@ def get_crt(account_key, csr, acme_dir, log=LOGGER, CA=DEFAULT_CA, disable_check
# check that the file is in place # check that the file is in place
try: try:
wellknown_url = "http://{0}/.well-known/acme-challenge/{1}".format(domain, token) wellknown_url = "http://{0}/.well-known/acme-challenge/{1}".format(domain, token)
assert(disable_check or _do_request(wellknown_url)[0] == keyauthorization) assert (disable_check or _do_request(wellknown_url)[0] == keyauthorization)
except (AssertionError, ValueError) as e: except (AssertionError, ValueError) as e:
os.remove(wellknown_path)
raise ValueError("Wrote file to {0}, but couldn't download {1}: {2}".format(wellknown_path, wellknown_url, e)) raise ValueError("Wrote file to {0}, but couldn't download {1}: {2}".format(wellknown_path, wellknown_url, e))
# say the challenge is done # say the challenge is done
@ -148,6 +147,7 @@ def get_crt(account_key, csr, acme_dir, log=LOGGER, CA=DEFAULT_CA, disable_check
authorization = _poll_until_not(auth_url, ["pending"], "Error checking challenge status for {0}".format(domain)) authorization = _poll_until_not(auth_url, ["pending"], "Error checking challenge status for {0}".format(domain))
if authorization['status'] != "valid": if authorization['status'] != "valid":
raise ValueError("Challenge did not pass for {0}: {1}".format(domain, authorization)) raise ValueError("Challenge did not pass for {0}: {1}".format(domain, authorization))
os.remove(wellknown_path)
log.info("{0} verified!".format(domain)) log.info("{0} verified!".format(domain))
# finalize the order with the csr # finalize the order with the csr
@ -161,7 +161,7 @@ def get_crt(account_key, csr, acme_dir, log=LOGGER, CA=DEFAULT_CA, disable_check
raise ValueError("Order failed: {0}".format(order)) raise ValueError("Order failed: {0}".format(order))
# download the certificate # download the certificate
certificate_pem, _, _ = _do_request(order['certificate'], err_msg="Certificate download failed") certificate_pem, _, _ = _send_signed_request(order['certificate'], None, "Certificate download failed")
log.info("Certificate signed!") log.info("Certificate signed!")
return certificate_pem return certificate_pem

25
tox.ini
View file

@ -1,25 +1,12 @@
[tox] [tox]
envlist = envlist = py{27,37}-{lint,invalidcode},py37-black
py27
lint
skipdist = True
[testenv] [testenv]
skip_install=True skip_install=True
deps = deps =
pytest >= 4.6.3, < 5.0 py{27,37}-{lint,invalidcode}: flake8
pyyaml >= 5.1.2, < 6.0 py37-black: black
flake8 >= 3.7.9, < 3.8
urllib3
commands = commands =
pytest {posargs} py{27,37}-lint: flake8 src doc data tests
py{27,37}-invalidcode: flake8 src data --exclude src/yunohost/tests --select F --ignore F401,F841
[testenv:lint] py37-black: black --check --diff src doc data tests
skip_install=True
commands = flake8 src doc data tests
deps = flake8
[testenv:invalidcode]
skip_install=True
commands = flake8 src data --exclude src/yunohost/tests --select F --ignore F401,F841
deps = flake8