From 077e5c463c8c4d6befc28d9c0c79bdc21ed2b3cb Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Tue, 24 Sep 2019 23:18:05 +0200
Subject: [PATCH 1/8] Fucking ugly workaround for the goddamn dependency
 nighmare from sury djeezus kraiste

---
 data/helpers.d/apt | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/data/helpers.d/apt b/data/helpers.d/apt
index 9d5ad3ac2..fed585d95 100644
--- a/data/helpers.d/apt
+++ b/data/helpers.d/apt
@@ -218,6 +218,27 @@ ynh_install_app_dependencies () {
     fi
     local dep_app=${app//_/-}	# Replace all '_' by '-'
 
+    #
+    # Epic ugly hack to fix the goddamn dependency nightmare of sury
+    # Sponsored by the "Djeezusse Fokin Kraiste Why Do Adminsys Has To Be So Fucking Complicated I Should Go Grow Potatoes Instead Of This Shit" collective
+    # https://github.com/YunoHost/issues/issues/1407
+    # 
+    # If we require to install php dependency
+    if echo $dependencies | grep -q 'php';
+    then
+        # And we have packages from sury installed (7.0.33-10+weirdshiftafter instead of 7.0.33+1 on debian)
+        if dpkg --list | grep php | grep -q "7.0.33-10"
+        then
+            # And sury ain't already installed
+            if ! grep -nrq "sury" /etc/apt/sources.list*
+            then
+                # Re-add sury
+                echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/sury.list
+                wget -O /etc/apt/trusted.gpg.d/sury.gpg https://packages.sury.org/php/apt.gpg    
+            fi
+        fi
+    fi
+
     cat > /tmp/${dep_app}-ynh-deps.control << EOF	# Make a control file for equivs-build
 Section: misc
 Priority: optional

From 0e3a131095afe4893d10629271c1ce6c6b177624 Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Tue, 8 Oct 2019 18:30:18 +0200
Subject: [PATCH 2/8] More accurate greps to identify that sury packages are
 installed

---
 data/helpers.d/apt | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/data/helpers.d/apt b/data/helpers.d/apt
index fed585d95..d772c6855 100644
--- a/data/helpers.d/apt
+++ b/data/helpers.d/apt
@@ -226,8 +226,8 @@ ynh_install_app_dependencies () {
     # If we require to install php dependency
     if echo $dependencies | grep -q 'php';
     then
-        # And we have packages from sury installed (7.0.33-10+weirdshiftafter instead of 7.0.33+1 on debian)
-        if dpkg --list | grep php | grep -q "7.0.33-10"
+        # And we have packages from sury installed (7.0.33-10+weirdshiftafter instead of 7.0.33-0 on debian)
+        if dpkg --list | grep "php7.0" | grep -q -v "7.0.33-0+deb9u5"
         then
             # And sury ain't already installed
             if ! grep -nrq "sury" /etc/apt/sources.list*

From 1c5220f7cbe029b4cf03011cb451426d755697f8 Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Thu, 26 Sep 2019 14:23:01 +0200
Subject: [PATCH 3/8] Support logfiles not ending with .log in logrotate ...

---
 data/helpers.d/logrotate | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/data/helpers.d/logrotate b/data/helpers.d/logrotate
index 47ce46cf6..82cdee6a5 100644
--- a/data/helpers.d/logrotate
+++ b/data/helpers.d/logrotate
@@ -40,10 +40,13 @@ ynh_use_logrotate () {
 	fi
 
 	if [ $# -gt 0 ] && [ "$(echo ${1:0:1})" != "-" ]; then
-		if [ "$(echo ${1##*.})" == "log" ]; then	# Keep only the extension to check if it's a logfile
-			local logfile=$1	# In this case, focus logrotate on the logfile
+		# If the given logfile parameter already exists as a file, or if it ends up with ".log",
+		# we just want to manage a single file
+		if [ -f "$1" ] || [ "$(echo ${1##*.})" == "log" ]; then
+			local logfile=$1
+		# Otherwise we assume we want to manage a directory and all its .log file inside
 		else
-			local logfile=$1/*.log	# Else, uses the directory and all logfile into it.
+			local logfile=$1/*.log
 		fi
 	fi
 	# LEGACY CODE
@@ -54,7 +57,7 @@ ynh_use_logrotate () {
 	fi
 	if [ -n "$logfile" ]
 	then
-		if [ "$(echo ${logfile##*.})" != "log" ]; then	# Keep only the extension to check if it's a logfile
+		if [ ! -f "$1" ] && [ "$(echo ${logfile##*.})" != "log" ]; then	# Keep only the extension to check if it's a logfile
 			local logfile="$logfile/*.log"	# Else, uses the directory and all logfile into it.
 		fi
 	else

From 5623689a2728a875880dd41b614fffd818a0597d Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Mon, 16 Sep 2019 23:17:46 +0200
Subject: [PATCH 4/8] Detect and warn early about unavailable full domain
 requirement...

---
 locales/en.json     |  1 +
 src/yunohost/app.py | 37 +++++++++++++++++++++++++++++++------
 2 files changed, 32 insertions(+), 6 deletions(-)

diff --git a/locales/en.json b/locales/en.json
index d1203c757..55735d760 100644
--- a/locales/en.json
+++ b/locales/en.json
@@ -19,6 +19,7 @@
     "app_change_url_no_script": "This application '{app_name:s}' doesn't support url modification yet. Maybe you should upgrade the application.",
     "app_change_url_success": "Successfully changed {app:s} url to {domain:s}{path:s}",
     "app_extraction_failed": "Unable to extract installation files",
+    "app_full_domain_unavailable": "Sorry, this application requires a full domain to be installed on, but some other apps are already installed on {domain}. One possible solution is to add a subdomain dedicated to this application.",
     "app_id_invalid": "Invalid app id",
     "app_incompatible": "The app {app} is incompatible with your YunoHost version",
     "app_install_files_invalid": "Invalid installation files",
diff --git a/src/yunohost/app.py b/src/yunohost/app.py
index d9a349579..c982c3418 100644
--- a/src/yunohost/app.py
+++ b/src/yunohost/app.py
@@ -802,6 +802,9 @@ def app_install(operation_logger, app, label=None, args=None, no_remove_on_failu
     args_list = [ value[0] for value in args_odict.values() ]
     args_list.append(app_instance_name)
 
+    # Validate domain / path availability for webapps
+    _validate_and_normalize_webpath(manifest, args_odict, extracted_app_folder)
+
     # Prepare env. var. to pass to script
     env_dict = _make_environment_dict(args_odict)
     env_dict["YNH_APP_ID"] = app_id
@@ -2394,8 +2397,7 @@ def _parse_args_for_action(action, args={}):
 def _parse_args_in_yunohost_format(args, action_args):
     """Parse arguments store in either manifest.json or actions.json
     """
-    from yunohost.domain import (domain_list, _get_maindomain,
-                                 _get_conflicting_apps, _normalize_domain_path)
+    from yunohost.domain import domain_list, _get_maindomain
     from yunohost.user import user_info, user_list
 
     args_dict = OrderedDict()
@@ -2513,13 +2515,18 @@ def _parse_args_in_yunohost_format(args, action_args):
             assert_password_is_strong_enough('user', arg_value)
         args_dict[arg_name] = (arg_value, arg_type)
 
-    # END loop over action_args...
+    return args_dict
+
+
+def _validate_and_normalize_webpath(manifest, args_dict, app_folder):
+
+    from yunohost.domain import _get_conflicting_apps, _normalize_domain_path
 
     # If there's only one "domain" and "path", validate that domain/path
     # is an available url and normalize the path.
 
-    domain_args = [ (name, value[0]) for name, value in args_dict.items() if value[1] == "domain" ]
-    path_args = [ (name, value[0]) for name, value in args_dict.items() if value[1] == "path" ]
+    domain_args = [(name, value[0]) for name, value in args_dict.items() if value[1] == "domain"]
+    path_args = [(name, value[0]) for name, value in args_dict.items() if value[1] == "path"]
 
     if len(domain_args) == 1 and len(path_args) == 1:
 
@@ -2545,7 +2552,25 @@ def _parse_args_in_yunohost_format(args, action_args):
         # standard path format to deal with no matter what the user inputted)
         args_dict[path_args[0][0]] = (path, "path")
 
-    return args_dict
+    # This is likely to be a full-domain app...
+    elif len(domain_args) == 1 and len(path_args) == 0:
+
+        # Confirm that this is a full-domain app This should cover most cases
+        # ...  though anyway the proper solution is to implement some mechanism
+        # in the manifest for app to declare that they require a full domain
+        # (among other thing) so that we can dynamically check/display this
+        # requirement on the webadmin form and not miserably fail at submit time
+
+        # Full-domain apps typically declare something like path_url="/" or path=/
+        # and use ynh_webpath_register or yunohost_app_checkurl inside the install script
+        install_script_content = open(os.path.join(app_folder, 'scripts/install')).read()
+        if re.search(r"\npath(_url)?=[\"']?/[\"']?\n", install_script_content) \
+           and re.search(r"(ynh_webpath_register|yunohost app checkurl)"):
+
+            domain = domain_args[0][1]
+            conflicts = _get_conflicting_apps(domain, "/")
+
+            raise YunohostError('app_full_domain_unavailable', domain)
 
 
 def _make_environment_dict(args_dict, prefix="APP_ARG_"):

From 75742216ea93e45c6679310fa9a02724775dd838 Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Tue, 8 Oct 2019 18:18:27 +0200
Subject: [PATCH 5/8] Improve message

---
 locales/en.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/locales/en.json b/locales/en.json
index 55735d760..4bb049db3 100644
--- a/locales/en.json
+++ b/locales/en.json
@@ -19,7 +19,7 @@
     "app_change_url_no_script": "This application '{app_name:s}' doesn't support url modification yet. Maybe you should upgrade the application.",
     "app_change_url_success": "Successfully changed {app:s} url to {domain:s}{path:s}",
     "app_extraction_failed": "Unable to extract installation files",
-    "app_full_domain_unavailable": "Sorry, this application requires a full domain to be installed on, but some other apps are already installed on {domain}. One possible solution is to add a subdomain dedicated to this application.",
+    "app_full_domain_unavailable": "Sorry, this application requires a full domain to be installed on, but some other apps are already installed on domain '{domain}'. One possible solution is to add and use a subdomain dedicated to this application instead.",
     "app_id_invalid": "Invalid app id",
     "app_incompatible": "The app {app} is incompatible with your YunoHost version",
     "app_install_files_invalid": "Invalid installation files",

From 7ecefaf8dc78cc0d4ddb1f0fabc5eab6ff2bb176 Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Tue, 8 Oct 2019 18:21:04 +0200
Subject: [PATCH 6/8] Fixes following tests

---
 src/yunohost/app.py | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/yunohost/app.py b/src/yunohost/app.py
index c982c3418..421be9b60 100644
--- a/src/yunohost/app.py
+++ b/src/yunohost/app.py
@@ -2564,13 +2564,14 @@ def _validate_and_normalize_webpath(manifest, args_dict, app_folder):
         # Full-domain apps typically declare something like path_url="/" or path=/
         # and use ynh_webpath_register or yunohost_app_checkurl inside the install script
         install_script_content = open(os.path.join(app_folder, 'scripts/install')).read()
+
         if re.search(r"\npath(_url)?=[\"']?/[\"']?\n", install_script_content) \
-           and re.search(r"(ynh_webpath_register|yunohost app checkurl)"):
+           and re.search(r"(ynh_webpath_register|yunohost app checkurl)", install_script_content):
 
             domain = domain_args[0][1]
             conflicts = _get_conflicting_apps(domain, "/")
 
-            raise YunohostError('app_full_domain_unavailable', domain)
+            raise YunohostError('app_full_domain_unavailable', domain=domain)
 
 
 def _make_environment_dict(args_dict, prefix="APP_ARG_"):

From bf1ad164dafc996c0bf9d1a3b19de7dc2d089003 Mon Sep 17 00:00:00 2001
From: "J. Doe" <email@example.org>
Date: Thu, 19 Sep 2019 13:01:22 +0200
Subject: [PATCH 7/8] change maxretry of fail2ban from 6 to 10

---
 data/templates/fail2ban/yunohost-jails.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/data/templates/fail2ban/yunohost-jails.conf b/data/templates/fail2ban/yunohost-jails.conf
index bf3bcb6e3..fdbd7990b 100644
--- a/data/templates/fail2ban/yunohost-jails.conf
+++ b/data/templates/fail2ban/yunohost-jails.conf
@@ -29,4 +29,4 @@ protocol = tcp
 filter   = yunohost
 logpath  = /var/log/nginx/*error.log
            /var/log/nginx/*access.log
-maxretry = 6
+maxretry = 10

From 115513c6503de63a7f970d1f2dae216839b7f46d Mon Sep 17 00:00:00 2001
From: Alexandre Aubin <alex.aubin@mailoo.org>
Date: Tue, 8 Oct 2019 19:03:32 +0200
Subject: [PATCH 8/8] Update changelog for 3.6.5

---
 debian/changelog | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 3eb347456..4b8c26471 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
+yunohost (3.6.5) stable; urgency=low
+
+  - [enh] Detect and warn early about unavailable full domains... (#798)
+  - [mod] Change maxretry of fail2ban from 6 to 10 (#802)
+  - [fix] Epicly ugly workaround for the goddamn dependency nighmare about sury fucking up php7.0 dependencies (#809)
+  - [fix] Support logfiles not ending with .log in logrotate ... (#810)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Mon, 08 Oct 2019 19:00:00  +0000
+
 yunohost (3.6.4.6) stable; urgency=low
 
   - [fix] Hopefully fix the issue about corrupted logs metadata files (d507d447, 1cec9d78)