Merge branch 'stretch-unstable' into enh-email-rate-limit

2024-09-03 20:06:10 +02:00 · 2019-05-17 19:06:07 +02:00 · 2019-05-17 19:06:07 +02:00 · 53fa313c62
commit 53fa313c62
parent c077b8def3 f49b74f835
66 changed files with 3396 additions and 2253 deletions
--- a/data/actionsmap/yunohost.yml
+++ b/data/actionsmap/yunohost.yml
@ -1477,13 +1477,6 @@ tools:
    category_help: Specific tools
    actions:
        ### tools_ldapinit()
        ldapinit:
            action_help: YunoHost LDAP initialization
            api: POST /ldap
            configuration:
                authenticate: all
        ### tools_adminpw()
        adminpw:
            action_help: Change password of admin and root users
@ -1548,11 +1541,11 @@ tools:
            action_help: YunoHost update
            api: PUT /update
            arguments:
-                --ignore-apps:
+                --apps:
-                    help: Ignore apps cache update and changelog
+                    help: Fetch the application list to check which apps can be upgraded
                    action: store_true
-                --ignore-packages:
+                --system:
-                    help: Ignore APT cache update and changelog
+                    help: Fetch available system packages upgrades (equivalent to apt update)
                    action: store_true
        ### tools_upgrade()
@ -1563,11 +1556,11 @@ tools:
                authenticate: all
                authenticator: ldap-anonymous
            arguments:
-                --ignore-apps:
+                --apps:
-                    help: Ignore apps upgrade
+                    help: List of apps to upgrade (all by default)
-                    action: store_true
+                    nargs: "*"
-                --ignore-packages:
+                --system:
-                    help: Ignore APT packages upgrade
+                    help: Upgrade only the system packages
                    action: store_true
        ### tools_diagnosis()
@ -1623,6 +1616,32 @@ tools:
                    full: --force
                    action: store_true
        ### tools_regen_conf()
        regen-conf:
            action_help: Regenerate the configuration file(s)
            api: PUT /tools/regenconf
            arguments:
                names:
                    help: Categories to regenerate configuration of (all by default)
                    nargs: "*"
                    metavar: NAME
                -d:
                    full: --with-diff
                    help: Show differences in case of configuration changes
                    action: store_true
                -f:
                    full: --force
                    help: Override all manual modifications in configuration files
                    action: store_true
                -n:
                    full: --dry-run
                    help: Show what would have been regenerated
                    action: store_true
                -p:
                    full: --list-pending
                    help: List pending configuration files and exit
                    action: store_true
    subcategories:
      migrations:
@ -1783,6 +1802,10 @@ log:
                    full: --limit
                    help: Maximum number of logs
                    type: int
                -d:
                    full: --with-details
                    help: Show additional infos (e.g. operation success) but may significantly increase command time. Consider using --limit in combination with this.
                    action: store_true
        ### log_display()
        display:
--- a/data/actionsmap/yunohost_completion.py
+++ b/data/actionsmap/yunohost_completion.py
@ -0,0 +1,86 @@
 """
 Simple automated generation of a bash_completion file
 for yunohost command from the actionsmap.
 Generates a bash completion file assuming the structure
 `yunohost domain action`
 adds `--help` at the end if one presses [tab] again.
 author: Christophe Vuillot
 """
 import os
 import yaml
 THIS_SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__))
 ACTIONSMAP_FILE = THIS_SCRIPT_DIR + '/yunohost.yml'
 BASH_COMPLETION_FILE = THIS_SCRIPT_DIR + '/../bash-completion.d/yunohost'
 with open(ACTIONSMAP_FILE, 'r') as stream:
    # Getting the dictionary containning what actions are possible per domain
    OPTION_TREE = yaml.load(stream)
    DOMAINS = [str for str in OPTION_TREE.keys() if not str.startswith('_')]
    DOMAINS_STR = '"{}"'.format(' '.join(DOMAINS))
    ACTIONS_DICT = {}
    for domain in DOMAINS:
        ACTIONS = [str for str in OPTION_TREE[domain]['actions'].keys()
                   if not str.startswith('_')]
        ACTIONS_STR = '"{}"'.format(' '.join(ACTIONS))
        ACTIONS_DICT[domain] = ACTIONS_STR
    with open(BASH_COMPLETION_FILE, 'w') as generated_file:
        # header of the file
        generated_file.write('#\n')
        generated_file.write('# completion for yunohost\n')
        generated_file.write('# automatically generated from the actionsmap\n')
        generated_file.write('#\n\n')
        # Start of the completion function
        generated_file.write('_yunohost()\n')
        generated_file.write('{\n')
        # Defining local variable for previously and currently typed words
        generated_file.write('\tlocal cur prev opts narg\n')
        generated_file.write('\tCOMPREPLY=()\n\n')
        generated_file.write('\t# the number of words already typed\n')
        generated_file.write('\tnarg=${#COMP_WORDS[@]}\n\n')
        generated_file.write('\t# the current word being typed\n')
        generated_file.write('\tcur="${COMP_WORDS[COMP_CWORD]}"\n\n')
        generated_file.write('\t# the last typed word\n')
        generated_file.write('\tprev="${COMP_WORDS[COMP_CWORD-1]}"\n\n')
        # If one is currently typing a domain then match with the domain list
        generated_file.write('\t# If one is currently typing a domain,\n')
        generated_file.write('\t# match with domains\n')
        generated_file.write('\tif [[ $narg == 2 ]]; then\n')
        generated_file.write('\t\topts={}\n'.format(DOMAINS_STR))
        generated_file.write('\tfi\n\n')
        # If one is currently typing an action then match with the action list
        # of the previously typed domain
        generated_file.write('\t# If one already typed a domain,\n')
        generated_file.write('\t# match the actions of that domain\n')
        generated_file.write('\tif [[ $narg == 3 ]]; then\n')
        for domain in DOMAINS:
            generated_file.write('\t\tif [[ $prev == "{}" ]]; then\n'.format(domain))
            generated_file.write('\t\t\topts={}\n'.format(ACTIONS_DICT[domain]))
            generated_file.write('\t\tfi\n')
        generated_file.write('\tfi\n\n')
        # If both domain and action have been typed or the domain
        # was not recognized propose --help (only once)
        generated_file.write('\t# If no options were found propose --help\n')
        generated_file.write('\tif [ -z "$opts" ]; then\n')
        generated_file.write('\t\tif [[ $prev != "--help" ]]; then\n')
        generated_file.write('\t\t\topts=( --help )\n')
        generated_file.write('\t\tfi\n')
        generated_file.write('\tfi\n')
        # generate the completion list from the possible options
        generated_file.write('\tCOMPREPLY=( $(compgen -W "${opts}" -- ${cur}) )\n')
        generated_file.write('\treturn 0\n')
        generated_file.write('}\n\n')
        # Add the function to bash completion
        generated_file.write('complete -F _yunohost yunohost')
--- a/data/bash-completion.d/yunohost
+++ b/data/bash-completion.d/yunohost
@ -1,12 +1,3 @@
-#
+# This file is automatically generated
-# Bash completion for yunohost
+# during Debian's package build by the script
-#
+# data/actionsmap/yunohost_completion.py
 _python_argcomplete() {
    local IFS=''
    COMPREPLY=( $(IFS="$IFS"                   COMP_LINE="$COMP_LINE"                   COMP_POINT="$COMP_POINT"                   _ARGCOMPLETE_COMP_WORDBREAKS="$COMP_WORDBREAKS"                   _ARGCOMPLETE=1                   "$1" 8>&1 9>&2 1>/dev/null 2>/dev/null) )
    if [[ $? != 0 ]]; then
        unset COMPREPLY
    fi
 }
 complete -o nospace -o default -F _python_argcomplete "yunohost"
--- a/data/helpers.d/package
+++ b/data/helpers.d/package
@ -5,6 +5,8 @@
 # [internal]
 #
 # usage: ynh_wait_dpkg_free
 #
 # Requires YunoHost version 3.3.1 or higher.
 ynh_wait_dpkg_free() {
    local try
    # With seq 1 17, timeout will be almost 30 minutes
@ -44,6 +46,8 @@ ynh_wait_dpkg_free() {
 #
 # usage: ynh_package_is_installed --package=name
 # | arg: -p, --package - the package name to check
 #
 # Requires YunoHost version 2.2.4 or higher.
 ynh_package_is_installed() {
    # Declare an array to define the options of this helper.
    local legacy_args=p
@ -64,6 +68,8 @@ ynh_package_is_installed() {
 # usage: ynh_package_version --package=name
 # | arg: -p, --package - the package name to get version
 # | ret: the version or an empty string
 #
 # Requires YunoHost version 2.2.4 or higher.
 ynh_package_version() {
    # Declare an array to define the options of this helper.
    local legacy_args=p
@ -84,6 +90,8 @@ ynh_package_version() {
 # [internal]
 #
 # usage: ynh_apt update
 #
 # Requires YunoHost version 2.4.0.3 or higher.
 ynh_apt() {
    ynh_wait_dpkg_free
    DEBIAN_FRONTEND=noninteractive apt-get -y $@
@ -92,6 +100,8 @@ ynh_apt() {
 # Update package index files
 #
 # usage: ynh_package_update
 #
 # Requires YunoHost version 2.2.4 or higher.
 ynh_package_update() {
    ynh_apt update
 }
@ -100,6 +110,8 @@ ynh_package_update() {
 #
 # usage: ynh_package_install name [name [...]]
 # | arg: name - the package name to install
 #
 # Requires YunoHost version 2.2.4 or higher.
 ynh_package_install() {
    ynh_apt --no-remove -o Dpkg::Options::=--force-confdef \
            -o Dpkg::Options::=--force-confold install $@
@ -109,6 +121,8 @@ ynh_package_install() {
 #
 # usage: ynh_package_remove name [name [...]]
 # | arg: name - the package name to remove
 #
 # Requires YunoHost version 2.2.4 or higher.
 ynh_package_remove() {
    ynh_apt remove $@
 }
@ -117,6 +131,8 @@ ynh_package_remove() {
 #
 # usage: ynh_package_autoremove name [name [...]]
 # | arg: name - the package name to remove
 #
 # Requires YunoHost version 2.2.4 or higher.
 ynh_package_autoremove() {
    ynh_apt autoremove $@
 }
@ -125,6 +141,8 @@ ynh_package_autoremove() {
 #
 # usage: ynh_package_autopurge name [name [...]]
 # | arg: name - the package name to autoremove and purge
 #
 # Requires YunoHost version 2.7.2 or higher.
 ynh_package_autopurge() {
    ynh_apt autoremove --purge $@
 }
@ -139,6 +157,8 @@ ynh_package_autopurge() {
 #
 # usage: ynh_package_install_from_equivs controlfile
 # | arg: controlfile - path of the equivs control file
 #
 # Requires YunoHost version 2.2.4 or higher.
 ynh_package_install_from_equivs () {
    local controlfile=$1
@ -146,7 +166,7 @@ ynh_package_install_from_equivs () {
    local pkgname=$(grep '^Package: ' $controlfile | cut -d' ' -f 2)	# Retrieve the name of the debian package
    local pkgversion=$(grep '^Version: ' $controlfile | cut -d' ' -f 2)	# And its version number
    [[ -z "$pkgname" || -z "$pkgversion" ]] \
-        && echo "Invalid control file" && exit 1	# Check if this 2 variables aren't empty.
+        && ynh_die --message="Invalid control file"	# Check if this 2 variables aren't empty.
    # Update packages cache
    ynh_package_update
@ -181,6 +201,8 @@ ynh_package_install_from_equivs () {
 #   You can give a choice between some package with this syntax : "dep1|dep2"
 #   Example : ynh_install_app_dependencies dep1 dep2 "dep3|dep4|dep5"
 #   This mean in the dependence tree : dep1 & dep2 & (dep3 | dep4 | dep5)
 #
 # Requires YunoHost version 2.6.4 or higher.
 ynh_install_app_dependencies () {
    local dependencies=$@
    local dependencies=${dependencies// /, }
@ -217,6 +239,8 @@ EOF
 # Dependencies will removed only if no other package need them.
 #
 # usage: ynh_remove_app_dependencies
 #
 # Requires YunoHost version 2.6.4 or higher.
 ynh_remove_app_dependencies () {
    local dep_app=${app//_/-}	# Replace all '_' by '-'
    ynh_package_autopurge ${dep_app}-ynh-deps	# Remove the fake package and its dependencies if they not still used.
--- a/data/helpers.d/backend
+++ b/data/helpers.d/backend
@ -1,437 +0,0 @@
 #!/bin/bash
 # Use logrotate to manage the logfile
 #
 # usage: ynh_use_logrotate [--logfile=/log/file] [--nonappend] [--specific_user=user/group]
 # | arg: -l, --logfile= - absolute path of logfile
 # | arg: -n, --nonappend - (Option) Replace the config file instead of appending this new config.
 # | arg: -u, --specific_user : run logrotate as the specified user and group. If not specified logrotate is runned as root.
 #
 # If no argument provided, a standard directory will be use. /var/log/${app}
 # You can provide a path with the directory only or with the logfile.
 # /parentdir/logdir
 # /parentdir/logdir/logfile.log
 #
 # It's possible to use this helper several times, each config will be added to the same logrotate config file.
 # Unless you use the option --non-append
 ynh_use_logrotate () {
 	# Declare an array to define the options of this helper.
 	local legacy_args=lnuya
 	declare -Ar args_array=( [l]=logfile= [n]=nonappend [u]=specific_user= [y]=non [a]=append )
 	# [y]=non [a]=append are only for legacy purpose, to not fail on the old option '--non-append'
 	local logfile
 	local nonappend
 	local specific_user
 	# Manage arguments with getopts
 	ynh_handle_getopts_args "$@"
 	local logfile="${logfile:-}"
 	local nonappend="${nonappend:-0}"
 	local specific_user="${specific_user:-}"
 	# LEGACY CODE - PRE GETOPTS
 	if [ $# -gt 0 ] && [ "$1" == "--non-append" ]; then
 		nonappend=1
 		# Destroy this argument for the next command.
 		shift
 	elif [ $# -gt 1 ] && [ "$2" == "--non-append" ]; then
 		nonappend=1
 	fi
 	if [ $# -gt 0 ] && [ "$(echo ${1:0:1})" != "-" ]; then
 		if [ "$(echo ${1##*.})" == "log" ]; then	# Keep only the extension to check if it's a logfile
 			local logfile=$1	# In this case, focus logrotate on the logfile
 		else
 			local logfile=$1/*.log	# Else, uses the directory and all logfile into it.
 		fi
 	fi
 	# LEGACY CODE
 	local customtee="tee -a"
 	if [ "$nonappend" -eq 1 ]; then
 		customtee="tee"
 	fi
 	if [ -n "$logfile" ]
 	then
 		if [ "$(echo ${logfile##*.})" != "log" ]; then	# Keep only the extension to check if it's a logfile
 			local logfile="$1/*.log"	# Else, uses the directory and all logfile into it.
 		fi
 	else
 		logfile="/var/log/${app}/*.log" # Without argument, use a defaut directory in /var/log
 	fi
 	local su_directive=""
 	if [[ -n $specific_user ]]; then
 		su_directive="	# Run logorotate as specific user - group
 	su ${specific_user%/*} ${specific_user#*/}"
 	fi
 	cat > ./${app}-logrotate << EOF	# Build a config file for logrotate
 $logfile {
 		# Rotate if the logfile exceeds 100Mo
 	size 100M
 		# Keep 12 old log maximum
 	rotate 12
 		# Compress the logs with gzip
 	compress
 		# Compress the log at the next cycle. So keep always 2 non compressed logs
 	delaycompress
 		# Copy and truncate the log to allow to continue write on it. Instead of move the log.
 	copytruncate
 		# Do not do an error if the log is missing
 	missingok
 		# Not rotate if the log is empty
 	notifempty
 		# Keep old logs in the same dir
 	noolddir
 	$su_directive
 }
 EOF
 	sudo mkdir -p $(dirname "$logfile")	# Create the log directory, if not exist
 	cat ${app}-logrotate | sudo $customtee /etc/logrotate.d/$app > /dev/null	# Append this config to the existing config file, or replace the whole config file (depending on $customtee)
 }
 # Remove the app's logrotate config.
 #
 # usage: ynh_remove_logrotate
 ynh_remove_logrotate () {
 	if [ -e "/etc/logrotate.d/$app" ]; then
 		sudo rm "/etc/logrotate.d/$app"
 	fi
 }
 # Create a dedicated systemd config
 #
 # usage: ynh_add_systemd_config [--service=service] [--template=template]
 # | arg: -s, --service - Service name (optionnal, $app by default)
 # | arg: -t, --template - Name of template file (optionnal, this is 'systemd' by default, meaning ./conf/systemd.service will be used as template)
 #
 # This will use the template ../conf/<templatename>.service
 # to generate a systemd config, by replacing the following keywords
 # with global variables that should be defined before calling
 # this helper :
 #
 #   __APP__       by  $app
 #   __FINALPATH__ by  $final_path
 #
 ynh_add_systemd_config () {
 	# Declare an array to define the options of this helper.
 	local legacy_args=st
 	declare -Ar args_array=( [s]=service= [t]=template= )
 	local service
 	local template
 	# Manage arguments with getopts
 	ynh_handle_getopts_args "$@"
 	local service="${service:-$app}"
 	local template="${template:-systemd.service}"
 	finalsystemdconf="/etc/systemd/system/$service.service"
 	ynh_backup_if_checksum_is_different --file="$finalsystemdconf"
 	sudo cp ../conf/$template "$finalsystemdconf"
 	# To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable.
 	# Substitute in a nginx config file only if the variable is not empty
 	if test -n "${final_path:-}"; then
 		ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="$finalsystemdconf"
 	fi
 	if test -n "${app:-}"; then
 		ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$finalsystemdconf"
 	fi
 	ynh_store_file_checksum --file="$finalsystemdconf"
 	sudo chown root: "$finalsystemdconf"
 	sudo systemctl enable $service
 	sudo systemctl daemon-reload
 }
 # Remove the dedicated systemd config
 #
 # usage: ynh_remove_systemd_config [--service=service]
 # | arg: -s, --service - Service name (optionnal, $app by default)
 #
 ynh_remove_systemd_config () {
 	# Declare an array to define the options of this helper.
 	local legacy_args=s
 	declare -Ar args_array=( [s]=service= )
 	local service
 	# Manage arguments with getopts
 	ynh_handle_getopts_args "$@"
 	local service="${service:-$app}"
 	local finalsystemdconf="/etc/systemd/system/$service.service"
 	if [ -e "$finalsystemdconf" ]; then
 		ynh_systemd_action --service_name=$service --action=stop
 		systemctl disable $service
 		ynh_secure_remove --file="$finalsystemdconf"
 		systemctl daemon-reload
 	fi
 }
 # Create a dedicated nginx config
 #
 # usage: ynh_add_nginx_config "list of others variables to replace"
 #
 # | arg: list of others variables to replace separeted by a space
 # |      for example : 'path_2 port_2 ...'
 #
 # This will use a template in ../conf/nginx.conf
 #   __PATH__      by  $path_url
 #   __DOMAIN__    by  $domain
 #   __PORT__      by  $port
 #   __NAME__      by  $app
 #   __FINALPATH__ by  $final_path
 #
 #  And dynamic variables (from the last example) :
 #   __PATH_2__    by $path_2
 #   __PORT_2__    by $port_2
 #
 ynh_add_nginx_config () {
 	finalnginxconf="/etc/nginx/conf.d/$domain.d/$app.conf"
 	local others_var=${1:-}
 	ynh_backup_if_checksum_is_different --file="$finalnginxconf"
 	sudo cp ../conf/nginx.conf "$finalnginxconf"
 	# To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable.
 	# Substitute in a nginx config file only if the variable is not empty
 	if test -n "${path_url:-}"; then
 		# path_url_slash_less is path_url, or a blank value if path_url is only '/'
 		local path_url_slash_less=${path_url%/}
 		ynh_replace_string --match_string="__PATH__/" --replace_string="$path_url_slash_less/" --target_file="$finalnginxconf"
 		ynh_replace_string --match_string="__PATH__" --replace_string="$path_url" --target_file="$finalnginxconf"
 	fi
 	if test -n "${domain:-}"; then
 		ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$finalnginxconf"
 	fi
 	if test -n "${port:-}"; then
 		ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$finalnginxconf"
 	fi
 	if test -n "${app:-}"; then
 		ynh_replace_string --match_string="__NAME__" --replace_string="$app" --target_file="$finalnginxconf"
 	fi
 	if test -n "${final_path:-}"; then
 		ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="$finalnginxconf"
 	fi
 	# Replace all other variable given as arguments
 	for var_to_replace in $others_var
 	do
 		# ${var_to_replace^^} make the content of the variable on upper-cases
 		# ${!var_to_replace} get the content of the variable named $var_to_replace 
 		ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finalnginxconf"
 	done
 	if [ "${path_url:-}" != "/" ]
 	then
 		ynh_replace_string --match_string="^#sub_path_only" --replace_string="" --target_file="$finalnginxconf"
 	else
 		ynh_replace_string --match_string="^#root_path_only" --replace_string="" --target_file="$finalnginxconf"
 	fi
 	ynh_store_file_checksum --file="$finalnginxconf"
 	ynh_systemd_action --service_name=nginx --action=reload
 }
 # Remove the dedicated nginx config
 #
 # usage: ynh_remove_nginx_config
 ynh_remove_nginx_config () {
 	ynh_secure_remove --file="/etc/nginx/conf.d/$domain.d/$app.conf"
 	ynh_systemd_action --service_name=nginx --action=reload
 }
 # Create a dedicated php-fpm config
 #
 # usage: ynh_add_fpm_config
 ynh_add_fpm_config () {
 	# Configure PHP-FPM 7.0 by default
 	local fpm_config_dir="/etc/php/7.0/fpm"
 	local fpm_service="php7.0-fpm"
 	# Configure PHP-FPM 5 on Debian Jessie
 	if [ "$(ynh_get_debian_release)" == "jessie" ]; then
 		fpm_config_dir="/etc/php5/fpm"
 		fpm_service="php5-fpm"
 	fi
 	ynh_app_setting_set --app=$app --key=fpm_config_dir --value="$fpm_config_dir"
 	ynh_app_setting_set --app=$app --key=fpm_service --value="$fpm_service"
 	finalphpconf="$fpm_config_dir/pool.d/$app.conf"
 	ynh_backup_if_checksum_is_different --file="$finalphpconf"
 	sudo cp ../conf/php-fpm.conf "$finalphpconf"
 	ynh_replace_string --match_string="__NAMETOCHANGE__" --replace_string="$app" --target_file="$finalphpconf"
 	ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="$finalphpconf"
 	ynh_replace_string --match_string="__USER__" --replace_string="$app" --target_file="$finalphpconf"
 	sudo chown root: "$finalphpconf"
 	ynh_store_file_checksum --file="$finalphpconf"
 	if [ -e "../conf/php-fpm.ini" ]
 	then
 		echo "Packagers ! Please do not use a separate php ini file, merge your directives in the pool file instead." >&2
 		finalphpini="$fpm_config_dir/conf.d/20-$app.ini"
 		ynh_backup_if_checksum_is_different "$finalphpini"
 		sudo cp ../conf/php-fpm.ini "$finalphpini"
 		sudo chown root: "$finalphpini"
 		ynh_store_file_checksum "$finalphpini"
 	fi
 	ynh_systemd_action --service_name=$fpm_service --action=reload
 }
 # Remove the dedicated php-fpm config
 #
 # usage: ynh_remove_fpm_config
 ynh_remove_fpm_config () {
 	local fpm_config_dir=$(ynh_app_setting_get --app=$app --key=fpm_config_dir)
 	local fpm_service=$(ynh_app_setting_get --app=$app --key=fpm_service)
 	# Assume php version 7 if not set
 	if [ -z "$fpm_config_dir" ]; then
 		fpm_config_dir="/etc/php/7.0/fpm"
 		fpm_service="php7.0-fpm"
 	fi
 	ynh_secure_remove --file="$fpm_config_dir/pool.d/$app.conf"
 	ynh_secure_remove --file="$fpm_config_dir/conf.d/20-$app.ini" 2>&1
 	ynh_systemd_action --service_name=$fpm_service --action=reload
 }
 # Create a dedicated fail2ban config (jail and filter conf files)
 #
 # usage 1: ynh_add_fail2ban_config --logpath=log_file --failregex=filter [--max_retry=max_retry] [--ports=ports]
 # | arg: -l, --logpath=   - Log file to be checked by fail2ban
 # | arg: -r, --failregex= - Failregex to be looked for by fail2ban
 # | arg: -m, --max_retry= - Maximum number of retries allowed before banning IP address - default: 3
 # | arg: -p, --ports=     - Ports blocked for a banned IP address - default: http,https
 #
 # -----------------------------------------------------------------------------
 #
 # usage 2: ynh_add_fail2ban_config --use_template [--others_var="list of others variables to replace"]
 # | arg: -t, --use_template - Use this helper in template mode
 # | arg: -v, --others_var=  - List of others variables to replace separeted by a space
 # |                           for example : 'var_1 var_2 ...'
 #
 # This will use a template in ../conf/f2b_jail.conf and ../conf/f2b_filter.conf
 #   __APP__      by  $app
 #
 #  You can dynamically replace others variables by example :
 #   __VAR_1__    by $var_1
 #   __VAR_2__    by $var_2
 #
 # Generally your template will look like that by example (for synapse):
 #
 # f2b_jail.conf:
 #     [__APP__]
 #     enabled = true
 #     port = http,https
 #     filter = __APP__
 #     logpath = /var/log/__APP__/logfile.log
 #     maxretry = 3
 #
 # f2b_filter.conf:
 #     [INCLUDES]
 #     before = common.conf
 #     [Definition]
 #
 #     # Part of regex definition (just used to make more easy to make the global regex)
 #     __synapse_start_line = .? \- synapse\..+ \-
 #
 #    # Regex definition.
 #    failregex = ^%(__synapse_start_line)s INFO \- POST\-(\d+)\- <HOST> \- \d+ \- Received request\: POST /_matrix/client/r0/login\??<SKIPLINES>%(__synapse_start_line)s INFO \- POST\-\1\- Got login request with identifier: \{u'type': u'm.id.user', u'user'\: u'(.+?)'\}, medium\: None, address: None, user\: u'\5'<SKIPLINES>%(__synapse_start_line)s WARNING \- \- (Attempted to login as @\5\:.+ but they do not exist|Failed password login for user @\5\:.+)$
 #
 #     ignoreregex =
 #
 # -----------------------------------------------------------------------------
 #
 # Note about the "failregex" option:
 #          regex to match the password failure messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
 #          be used for standard IP/hostname matching and is only an alias for
 #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 #
 #          You can find some more explainations about how to make a regex here :
 #          https://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Filters
 #
 # Note that the logfile need to exist before to call this helper !!
 #
 # To validate your regex you can test with this command:
 # fail2ban-regex /var/log/YOUR_LOG_FILE_PATH /etc/fail2ban/filter.d/YOUR_APP.conf
 #
 ynh_add_fail2ban_config () {
  # Declare an array to define the options of this helper.
  local legacy_args=lrmptv
  declare -Ar args_array=( [l]=logpath= [r]=failregex= [m]=max_retry= [p]=ports= [t]=use_template [v]=others_var=)
  local logpath
  local failregex
  local max_retry
  local ports
  local others_var
  local use_template
  # Manage arguments with getopts
  ynh_handle_getopts_args "$@"
  use_template="${use_template:-0}"
  max_retry=${max_retry:-3}
  ports=${ports:-http,https}
  finalfail2banjailconf="/etc/fail2ban/jail.d/$app.conf"
  finalfail2banfilterconf="/etc/fail2ban/filter.d/$app.conf"
  ynh_backup_if_checksum_is_different "$finalfail2banjailconf"
  ynh_backup_if_checksum_is_different "$finalfail2banfilterconf"
  if [ $use_template -eq 1 ]
  then
    # Usage 2, templates
    cp ../conf/f2b_jail.conf $finalfail2banjailconf
    cp ../conf/f2b_filter.conf $finalfail2banfilterconf
    if [ -n "${app:-}" ]
    then
      ynh_replace_string "__APP__" "$app" "$finalfail2banjailconf"
      ynh_replace_string "__APP__" "$app" "$finalfail2banfilterconf"
    fi
    # Replace all other variable given as arguments
    for var_to_replace in ${others_var:-}; do
      # ${var_to_replace^^} make the content of the variable on upper-cases
      # ${!var_to_replace} get the content of the variable named $var_to_replace
      ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finalfail2banjailconf"
      ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finalfail2banfilterconf"
    done
  else
    # Usage 1, no template. Build a config file from scratch.
    test -n "$logpath" || ynh_die "ynh_add_fail2ban_config expects a logfile path as first argument and received nothing."
    test -n "$failregex" || ynh_die "ynh_add_fail2ban_config expects a failure regex as second argument and received nothing."
    tee $finalfail2banjailconf <<EOF
 [$app]
 enabled = true
 port = $ports
 filter = $app
 logpath = $logpath
 maxretry = $max_retry
 EOF
    tee $finalfail2banfilterconf <<EOF
 [INCLUDES]
 before = common.conf
 [Definition]
 failregex = $failregex
 ignoreregex =
 EOF
  fi
  # Common to usage 1 and 2.
  ynh_store_file_checksum "$finalfail2banjailconf"
  ynh_store_file_checksum "$finalfail2banfilterconf"
  systemctl try-reload-or-restart fail2ban
  local fail2ban_error="$(journalctl -u fail2ban | tail -n50 | grep "WARNING.*$app.*")"
  if [[ -n "$fail2ban_error" ]]; then
    ynh_print_err --message="Fail2ban failed to load the jail for $app"
    ynh_print_warn --message="${fail2ban_error#*WARNING}"
  fi
 }
 # Remove the dedicated fail2ban config (jail and filter conf files)
 #
 # usage: ynh_remove_fail2ban_config
 ynh_remove_fail2ban_config () {
  ynh_secure_remove "/etc/fail2ban/jail.d/$app.conf"
  ynh_secure_remove "/etc/fail2ban/filter.d/$app.conf"
  systemctl try-reload-or-restart fail2ban
 }
--- a/data/helpers.d/filesystem
+++ b/data/helpers.d/filesystem
@ -1,30 +1,25 @@
 #!/bin/bash
 source /usr/share/yunohost/helpers.d/getopts
 CAN_BIND=${CAN_BIND:-1}
 # Add a file or a directory to the list of paths to backup
-# 
+#
 # Note: this helper could be used in backup hook or in backup script inside an
 # app package
 #
 # Details: ynh_backup writes SRC and the relative DEST into a CSV file. And it
-# creates the parent destination directory 
+# creates the parent destination directory
-# 
+#
 # If DEST is ended by a slash it complete this path with the basename of SRC.
 #
 # usage: ynh_backup --src_path=src_path [--dest_path=dest_path] [--is_big] [--not_mandatory]
-# | arg: -s, --src_path - file or directory to bind or symlink or copy. it shouldn't be in
+# | arg: -s, --src_path - file or directory to bind or symlink or copy. it shouldn't be in the backup dir.
-# the backup dir. 
+# | arg: -d, --dest_path - destination file or directory inside the backup dir
 # | arg: -d, --dest_path - destination file or directory inside the
 # backup dir
 # | arg: -b, --is_big - Indicate data are big (mail, video, image ...)
 # | arg: -m, --not_mandatory - Indicate that if the file is missing, the backup can ignore it.
 # | arg: arg - Deprecated arg
 #
-# example:
+# Example in the context of a wordpress app
 # # Wordpress app context
 #
 # ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf"
 # # => This line will be added into CSV file
@ -35,7 +30,7 @@ CAN_BIND=${CAN_BIND:-1}
 #
 # ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" "conf/"
 # # => "/etc/nginx/conf.d/$domain.d/$app.conf","apps/wordpress/conf/$app.conf"
-# 
+#
 # ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" "conf"
 # # => "/etc/nginx/conf.d/$domain.d/$app.conf","apps/wordpress/conf"
 #
@ -46,6 +41,7 @@ CAN_BIND=${CAN_BIND:-1}
 # ynh_backup "/etc/nginx/conf.d/$domain.d/$app.conf" "/conf/"
 # # => "/etc/nginx/conf.d/$domain.d/$app.conf","apps/wordpress/conf/$app.conf"
 #
 # Requires YunoHost version 2.4.0 or higher.
 ynh_backup() {
    # TODO find a way to avoid injection by file strange naming !
@ -67,25 +63,23 @@ ynh_backup() {
    # If backing up core only (used by ynh_backup_before_upgrade),
    # don't backup big data items
    if [ "$is_big" == "1" ] && [ "$BACKUP_CORE_ONLY" == "1" ] ; then
-      echo "$src_path will not be saved, because backup_core_only is set." >&2
+      ynh_print_info --message="$src_path will not be saved, because backup_core_only is set."
      return 0
    fi
-    
+
    # ==============================================================================
    # Format correctly source and destination paths
    # ==============================================================================
    # Be sure the source path is not empty
    [[ -e "${src_path}" ]] || {
-        echo "Source path '${src_path}' does not exist" >&2
+        ynh_print_warn --message="Source path '${src_path}' does not exist"
        if [ "$not_mandatory" == "0" ]
        then
 		echo "Source path '${SRC_PATH}' does not exist" >&2
                # This is a temporary fix for fail2ban config files missing after the migration to stretch.
                if echo "${src_path}" | grep --quiet "/etc/fail2ban"
                then
                        touch "${src_path}"
-                        echo "The missing file will be replaced by a dummy one for the backup !!!" >&2
+                        ynh_print_info --message="The missing file will be replaced by a dummy one for the backup !!!"
                else
                        return 1
                fi
@ -129,7 +123,7 @@ ynh_backup() {
    # Check if dest_path already exists in tmp archive
    [[ ! -e "${dest_path}" ]] || {
-        echo "Destination path '${dest_path}' already exist" >&2
+        ynh_print_err --message="Destination path '${dest_path}' already exist"
        return 1
    }
@ -158,6 +152,7 @@ ynh_backup() {
 #
 # usage: ynh_restore
 #
 # Requires YunoHost version 2.6.4 or higher.
 ynh_restore () {
    # Deduce the relative path of $YNH_CWD
    local REL_DIR="${YNH_CWD#$YNH_BACKUP_DIR/}"
@ -193,32 +188,30 @@ with open(sys.argv[1], 'r') as backup_file:
    return $?
 }
-# Restore a file or a directory 
+# Restore a file or a directory
 #
 # Use the registered path in backup_list by ynh_backup to restore the file at
-# the good place.
+# the right place.
 #
 # usage: ynh_restore_file --origin_path=origin_path [--dest_path=dest_path] [--not_mandatory]
-# | arg: -o, --origin_path - Path where was located the file or the directory before
+# | arg: -o, --origin_path - Path where was located the file or the directory before to be backuped or relative path to $YNH_CWD where it is located in the backup archive
-# to be backuped or relative path to $YNH_CWD where it is located in the backup archive
+# | arg: -d, --dest_path - Path where restore the file or the dir, if unspecified, the destination will be ORIGIN_PATH or if the ORIGIN_PATH doesn't exist in the archive, the destination will be searched into backup.csv
 # | arg: -d, --dest_path - Path where restore the file or the dir, if unspecified,
 # the destination will be ORIGIN_PATH or if the ORIGIN_PATH doesn't exist in
 # the archive, the destination will be searched into backup.csv
 # | arg: -m, --not_mandatory - Indicate that if the file is missing, the restore process can ignore it.
 #
-# If DEST_PATH already exists and is lighter than 500 Mo, a backup will be made in 
+# examples:
 #     ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf"
 #     # You can also use relative paths:
 #     ynh_restore_file "conf/nginx.conf"
 #
 # If DEST_PATH already exists and is lighter than 500 Mo, a backup will be made in
 # /home/yunohost.conf/backup/. Otherwise, the existing file is removed.
 #
-# examples:
+# if apps/wordpress/etc/nginx/conf.d/$domain.d/$app.conf exists, restore it into
-# ynh_restore_file "/etc/nginx/conf.d/$domain.d/$app.conf"
+# /etc/nginx/conf.d/$domain.d/$app.conf
-# # if apps/wordpress/etc/nginx/conf.d/$domain.d/$app.conf exists, restore it into
+# if no, search for a match in the csv (eg: conf/nginx.conf) and restore it into
-# # /etc/nginx/conf.d/$domain.d/$app.conf
+# /etc/nginx/conf.d/$domain.d/$app.conf
 # # if no, search a correspondance in the csv (eg: conf/nginx.conf) and restore it into
 # # /etc/nginx/conf.d/$domain.d/$app.conf
 #
 # # DON'T GIVE THE ARCHIVE PATH:
 # ynh_restore_file "conf/nginx.conf"
 #
 # Requires YunoHost version 2.6.4 or higher.
 ynh_restore_file () {
    # Declare an array to define the options of this helper.
    local legacy_args=odm
@ -253,7 +246,7 @@ ynh_restore_file () {
        then
            local backup_file="/home/yunohost.conf/backup/${dest_path}.backup.$(date '+%Y%m%d.%H%M%S')"
            mkdir -p "$(dirname "$backup_file")"
-            mv "${dest_path}" "$backup_file"	# Move the current file or directory
+            mv "${dest_path}" "$backup_file"    # Move the current file or directory
        else
            ynh_secure_remove --file=${dest_path}
        fi
@ -283,91 +276,74 @@ ynh_bind_or_cp() {
    local AS_ROOT=${3:-0}
    local NO_ROOT=0
    [[ "${AS_ROOT}" = "1" ]] || NO_ROOT=1
-    echo "This helper is deprecated, you should use ynh_backup instead" >&2
+    ynh_print_warn --message="This helper is deprecated, you should use ynh_backup instead"
    ynh_backup "$1" "$2" 1
 }
 # Create a directory under /tmp
 #
 # [internal]
 #
 # Deprecated helper
 #
 # usage: ynh_mkdir_tmp
 # | ret: the created directory path
 ynh_mkdir_tmp() {
    echo "The helper ynh_mkdir_tmp is deprecated." >&2
    echo "You should use 'mktemp -d' instead and manage permissions \
 properly with chmod/chown." >&2
    local TMP_DIR=$(mktemp -d)
    # Give rights to other users could be a security risk.
    # But for retrocompatibility we need it. (This helpers is deprecated)
    chmod 755 $TMP_DIR
    echo $TMP_DIR
 }
 # Calculate and store a file checksum into the app settings
 #
 # $app should be defined when calling this helper
 #
 # usage: ynh_store_file_checksum --file=file
 # | arg: -f, --file - The file on which the checksum will performed, then stored.
 #
 # Requires YunoHost version 2.6.4 or higher.
 ynh_store_file_checksum () {
-	# Declare an array to define the options of this helper.
+    # Declare an array to define the options of this helper.
-	local legacy_args=f
+    local legacy_args=f
-	declare -Ar args_array=( [f]=file= )
+    declare -Ar args_array=( [f]=file= )
-	local file
+    local file
-	# Manage arguments with getopts
+    # Manage arguments with getopts
-	ynh_handle_getopts_args "$@"
+    ynh_handle_getopts_args "$@"
-	local checksum_setting_name=checksum_${file//[\/ ]/_}	# Replace all '/' and ' ' by '_'
+    local checksum_setting_name=checksum_${file//[\/ ]/_}    # Replace all '/' and ' ' by '_'
-	ynh_app_setting_set --app=$app --key=$checksum_setting_name --value=$(sudo md5sum "$file" | cut -d' ' -f1)
+    ynh_app_setting_set --app=$app --key=$checksum_setting_name --value=$(sudo md5sum "$file" | cut -d' ' -f1)
-	# If backup_file_checksum isn't empty, ynh_backup_if_checksum_is_different has made a backup
+    # If backup_file_checksum isn't empty, ynh_backup_if_checksum_is_different has made a backup
-	if [ -n "${backup_file_checksum-}" ]
+    if [ -n "${backup_file_checksum-}" ]
-	then
+    then
-		# Print the diff between the previous file and the new one.
+        # Print the diff between the previous file and the new one.
-		# diff return 1 if the files are different, so the || true
+        # diff return 1 if the files are different, so the || true
-		diff --report-identical-files --unified --color=always $backup_file_checksum $file >&2 || true
+        diff --report-identical-files --unified --color=always $backup_file_checksum $file >&2 || true
-	fi
+    fi
-	# Unset the variable, so it wouldn't trig a ynh_store_file_checksum without a ynh_backup_if_checksum_is_different before it.
+    # Unset the variable, so it wouldn't trig a ynh_store_file_checksum without a ynh_backup_if_checksum_is_different before it.
-	unset backup_file_checksum
+    unset backup_file_checksum
 }
 # Verify the checksum and backup the file if it's different
-# This helper is primarily meant to allow to easily backup personalised/manually 
+# This helper is primarily meant to allow to easily backup personalised/manually
 # modified config files.
 #
 # $app should be defined when calling this helper
 #
 # usage: ynh_backup_if_checksum_is_different --file=file
 # | arg: -f, --file - The file on which the checksum test will be perfomed.
 # | ret: the name of a backup file, or nothing
 #
-# | ret: Return the name a the backup file, or nothing
+# Requires YunoHost version 2.6.4 or higher.
 ynh_backup_if_checksum_is_different () {
-	# Declare an array to define the options of this helper.
+    # Declare an array to define the options of this helper.
-	local legacy_args=f
+    local legacy_args=f
-	declare -Ar args_array=( [f]=file= )
+    declare -Ar args_array=( [f]=file= )
-	local file
+    local file
-	# Manage arguments with getopts
+    # Manage arguments with getopts
-	ynh_handle_getopts_args "$@"
+    ynh_handle_getopts_args "$@"
-	local checksum_setting_name=checksum_${file//[\/ ]/_}	# Replace all '/' and ' ' by '_'
+    local checksum_setting_name=checksum_${file//[\/ ]/_}    # Replace all '/' and ' ' by '_'
-	local checksum_value=$(ynh_app_setting_get --app=$app --key=$checksum_setting_name)
+    local checksum_value=$(ynh_app_setting_get --app=$app --key=$checksum_setting_name)
-	# backup_file_checksum isn't declare as local, so it can be reuse by ynh_store_file_checksum
+    # backup_file_checksum isn't declare as local, so it can be reuse by ynh_store_file_checksum
-	backup_file_checksum=""
+    backup_file_checksum=""
-	if [ -n "$checksum_value" ]
+    if [ -n "$checksum_value" ]
-	then	# Proceed only if a value was stored into the app settings
+    then    # Proceed only if a value was stored into the app settings
-		if ! echo "$checksum_value $file" | sudo md5sum -c --status
+        if ! echo "$checksum_value $file" | sudo md5sum -c --status
-		then	# If the checksum is now different
+        then    # If the checksum is now different
-			backup_file_checksum="/home/yunohost.conf/backup/$file.backup.$(date '+%Y%m%d.%H%M%S')"
+            backup_file_checksum="/home/yunohost.conf/backup/$file.backup.$(date '+%Y%m%d.%H%M%S')"
-			sudo mkdir -p "$(dirname "$backup_file_checksum")"
+            sudo mkdir -p "$(dirname "$backup_file_checksum")"
-			sudo cp -a "$file" "$backup_file_checksum"	# Backup the current file
+            sudo cp -a "$file" "$backup_file_checksum"    # Backup the current file
-			ynh_print_warn "File $file has been manually modified since the installation or last upgrade. So it has been duplicated in $backup_file_checksum"
+            ynh_print_warn "File $file has been manually modified since the installation or last upgrade. So it has been duplicated in $backup_file_checksum"
-			echo "$backup_file_checksum"	# Return the name of the backup file
+            echo "$backup_file_checksum"    # Return the name of the backup file
-		fi
+        fi
-	fi
+    fi
 }
 # Delete a file checksum from the app settings
@ -376,53 +352,97 @@ ynh_backup_if_checksum_is_different () {
 #
 # usage: ynh_remove_file_checksum file
 # | arg: -f, --file= - The file for which the checksum will be deleted
 ynh_delete_file_checksum () {
 	# Declare an array to define the options of this helper.
 	local legacy_args=f
 	declare -Ar args_array=( [f]=file= )
 	local file
 	# Manage arguments with getopts
 	ynh_handle_getopts_args "$@"
 	local checksum_setting_name=checksum_${file//[\/ ]/_}	# Replace all '/' and ' ' by '_'
 	ynh_app_setting_delete --app=$app --key=$checksum_setting_name
 }
 # Remove a file or a directory securely
 #
-# usage: ynh_secure_remove --file=path_to_remove
+# Requires YunoHost version 3.3.1 or higher.
-# | arg: -f, --file - File or directory to remove
+ynh_delete_file_checksum () {
-ynh_secure_remove () {
+    # Declare an array to define the options of this helper.
-	# Declare an array to define the options of this helper.
+    local legacy_args=f
-	local legacy_args=f
+    declare -Ar args_array=( [f]=file= )
-	declare -Ar args_array=( [f]=file= )
+    local file
-	local file
+    # Manage arguments with getopts
-	# Manage arguments with getopts
+    ynh_handle_getopts_args "$@"
 	ynh_handle_getopts_args "$@"
-	local forbidden_path=" \
+    local checksum_setting_name=checksum_${file//[\/ ]/_}    # Replace all '/' and ' ' by '_'
-	/var/www \
+    ynh_app_setting_delete --app=$app --key=$checksum_setting_name
-	/home/yunohost.app"
+}
-
+
-	if [ $# -ge 2 ]
+# Make a backup in case of failed upgrade
-	then
+#
-		echo "/!\ Packager ! You provided more than one argument to ynh_secure_remove but it will be ignored... Use this helper with one argument at time." >&2
+# usage:
-	fi
+# ynh_backup_before_upgrade
-
+# ynh_clean_setup () {
-	if [[ "$forbidden_path" =~ "$file" \
+#     ynh_restore_upgradebackup
-		# Match all paths or subpaths in $forbidden_path
+# }
-		|| "$file" =~ ^/[[:alnum:]]+$ \
+# ynh_abort_if_errors
-		# Match all first level paths from / (Like /var, /root, etc...)
+#
-		|| "${file:${#file}-1}" = "/" ]]
+# Requires YunoHost version 2.7.2 or higher.
-		# Match if the path finishes by /. Because it seems there is an empty variable
+ynh_backup_before_upgrade () {
-	then
+    if [ ! -e "/etc/yunohost/apps/$app/scripts/backup" ]
-		echo "Avoid deleting $file." >&2
+    then
-	else
+        ynh_print_warn --message="This app doesn't have any backup script."
-		if [ -e "$file" ]
+        return
-		then
+    fi
-			sudo rm -R "$file"
+    backup_number=1
-		else
+    local old_backup_number=2
-			echo "$file wasn't deleted because it doesn't exist." >&2
+    local app_bck=${app//_/-}    # Replace all '_' by '-'
-		fi
+    NO_BACKUP_UPGRADE=${NO_BACKUP_UPGRADE:-0}
-	fi
+
    if [ "$NO_BACKUP_UPGRADE" -eq 0 ]
    then
        # Check if a backup already exists with the prefix 1
        if sudo yunohost backup list | grep -q $app_bck-pre-upgrade1
        then
            # Prefix becomes 2 to preserve the previous backup
            backup_number=2
            old_backup_number=1
        fi
        # Create backup
        sudo BACKUP_CORE_ONLY=1 yunohost backup create --apps $app --name $app_bck-pre-upgrade$backup_number --debug
        if [ "$?" -eq 0 ]
        then
            # If the backup succeeded, remove the previous backup
            if sudo yunohost backup list | grep -q $app_bck-pre-upgrade$old_backup_number
            then
                # Remove the previous backup only if it exists
                sudo yunohost backup delete $app_bck-pre-upgrade$old_backup_number > /dev/null
            fi
        else
            ynh_die --message="Backup failed, the upgrade process was aborted."
        fi
    else
        ynh_print_warn --message="\$NO_BACKUP_UPGRADE is set, backup will be avoided. Be careful, this upgrade is going to be operated without a security backup"
    fi
 }
 # Restore a previous backup if the upgrade process failed
 #
 # usage:
 # ynh_backup_before_upgrade
 # ynh_clean_setup () {
 #     ynh_restore_upgradebackup
 # }
 # ynh_abort_if_errors
 #
 # Requires YunoHost version 2.7.2 or higher.
 ynh_restore_upgradebackup () {
    ynh_print_err --message="Upgrade failed."
    local app_bck=${app//_/-}    # Replace all '_' by '-'
    NO_BACKUP_UPGRADE=${NO_BACKUP_UPGRADE:-0}
    if [ "$NO_BACKUP_UPGRADE" -eq 0 ]
    then
        # Check if an existing backup can be found before removing and restoring the application.
        if sudo yunohost backup list | grep -q $app_bck-pre-upgrade$backup_number
        then
            # Remove the application then restore it
            sudo yunohost app remove $app
            # Restore the backup
            sudo yunohost backup restore $app_bck-pre-upgrade$backup_number --apps $app --force --debug
            ynh_die --message="The app was restored to the way it was before the failed upgrade."
        fi
    else
        ynh_print_warn --message="\$NO_BACKUP_UPGRADE is set, that means there's no backup to restore. You have to fix this upgrade by yourself !"
    fi
 }
--- a/data/helpers.d/debug
+++ b/data/helpers.d/debug
@ -1,59 +0,0 @@
 #!/bin/bash
 # Debugger for app packagers
 #
 # usage: ynh_debug [--message=message] [--trace=1/0]
 # | arg: -m, --message= - The text to print
 # | arg: -t, --trace=   - Turn on or off the trace of the script. Usefull to trace nonly a small part of a script.
 ynh_debug () {
 	# Disable set xtrace for the helper itself, to not pollute the debug log
 	set +x
 	# Declare an array to define the options of this helper.
 	local legacy_args=mt
 	declare -Ar args_array=( [m]=message= [t]=trace= )
 	local message
 	local trace
 	# Manage arguments with getopts
 	ynh_handle_getopts_args "$@"
 	# Redisable xtrace, ynh_handle_getopts_args set it back
 	set +x
 	message=${message:-}
 	trace=${trace:-}
 	if [ -n "$message" ]
 	then
 		ynh_print_log "\e[34m\e[1m[DEBUG]\e[0m ${message}" >&2
 	fi
 	if [ "$trace" == "1" ]
 	then
 		ynh_debug --message="Enable debugging"
 		set +x
 		# Get the current file descriptor of xtrace
 		old_bash_xtracefd=$BASH_XTRACEFD
 		# Add the current file name and the line number of any command currently running while tracing.
 		PS4='$(basename ${BASH_SOURCE[0]})-L${LINENO}: '
 		# Force xtrace to stderr
 		BASH_XTRACEFD=2
 	fi
 	if [ "$trace" == "0" ]
 	then
 		ynh_debug --message="Disable debugging"
 		set +x
 		# Put xtrace back to its original fild descriptor
 		BASH_XTRACEFD=$old_bash_xtracefd
 	fi
 	# Renable set xtrace
 	set -x
 }
 # Execute a command and print the result as debug
 #
 # usage: ynh_debug_exec command to execute
 # usage: ynh_debug_exec "command to execute | following command"
 # In case of use of pipes, you have to use double quotes. Otherwise, this helper will be executed with the first command, then be sent to the next pipe.
 #
 # | arg: command - command to execute
 ynh_debug_exec () {
 	ynh_debug --message="$(eval $@)"
 }
--- a/data/helpers.d/fail2ban
+++ b/data/helpers.d/fail2ban
@ -0,0 +1,151 @@
 #!/bin/bash
 # Create a dedicated fail2ban config (jail and filter conf files)
 #
 # usage 1: ynh_add_fail2ban_config --logpath=log_file --failregex=filter [--max_retry=max_retry] [--ports=ports]
 # | arg: -l, --logpath=   - Log file to be checked by fail2ban
 # | arg: -r, --failregex= - Failregex to be looked for by fail2ban
 # | arg: -m, --max_retry= - Maximum number of retries allowed before banning IP address - default: 3
 # | arg: -p, --ports=     - Ports blocked for a banned IP address - default: http,https
 #
 # -----------------------------------------------------------------------------
 #
 # usage 2: ynh_add_fail2ban_config --use_template [--others_var="list of others variables to replace"]
 # | arg: -t, --use_template - Use this helper in template mode
 # | arg: -v, --others_var=  - List of others variables to replace separeted by a space
 # |                           for example : 'var_1 var_2 ...'
 #
 # This will use a template in ../conf/f2b_jail.conf and ../conf/f2b_filter.conf
 #   __APP__      by  $app
 #
 #  You can dynamically replace others variables by example :
 #   __VAR_1__    by $var_1
 #   __VAR_2__    by $var_2
 #
 # Generally your template will look like that by example (for synapse):
 #
 # f2b_jail.conf:
 #     [__APP__]
 #     enabled = true
 #     port = http,https
 #     filter = __APP__
 #     logpath = /var/log/__APP__/logfile.log
 #     maxretry = 3
 #
 # f2b_filter.conf:
 #     [INCLUDES]
 #     before = common.conf
 #     [Definition]
 #
 #     # Part of regex definition (just used to make more easy to make the global regex)
 #     __synapse_start_line = .? \- synapse\..+ \-
 #
 #    # Regex definition.
 #    failregex = ^%(__synapse_start_line)s INFO \- POST\-(\d+)\- <HOST> \- \d+ \- Received request\: POST /_matrix/client/r0/login\??<SKIPLINES>%(__synapse_start_line)s INFO \- POST\-\1\- Got login request with identifier: \{u'type': u'm.id.user', u'user'\: u'(.+?)'\}, medium\: None, address: None, user\: u'\5'<SKIPLINES>%(__synapse_start_line)s WARNING \- \- (Attempted to login as @\5\:.+ but they do not exist|Failed password login for user @\5\:.+)$
 #
 #     ignoreregex =
 #
 # -----------------------------------------------------------------------------
 #
 # Note about the "failregex" option:
 #          regex to match the password failure messages in the logfile. The
 #          host must be matched by a group named "host". The tag "<HOST>" can
 #          be used for standard IP/hostname matching and is only an alias for
 #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 #
 #          You can find some more explainations about how to make a regex here :
 #          https://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Filters
 #
 # Note that the logfile need to exist before to call this helper !!
 #
 # To validate your regex you can test with this command:
 # fail2ban-regex /var/log/YOUR_LOG_FILE_PATH /etc/fail2ban/filter.d/YOUR_APP.conf
 #
 # Requires YunoHost version 3.?.? or higher.
 ynh_add_fail2ban_config () {
  # Declare an array to define the options of this helper.
  local legacy_args=lrmptv
  declare -Ar args_array=( [l]=logpath= [r]=failregex= [m]=max_retry= [p]=ports= [t]=use_template [v]=others_var=)
  local logpath
  local failregex
  local max_retry
  local ports
  local others_var
  local use_template
  # Manage arguments with getopts
  ynh_handle_getopts_args "$@"
  use_template="${use_template:-0}"
  max_retry=${max_retry:-3}
  ports=${ports:-http,https}
  finalfail2banjailconf="/etc/fail2ban/jail.d/$app.conf"
  finalfail2banfilterconf="/etc/fail2ban/filter.d/$app.conf"
  ynh_backup_if_checksum_is_different "$finalfail2banjailconf"
  ynh_backup_if_checksum_is_different "$finalfail2banfilterconf"
  if [ $use_template -eq 1 ]
  then
    # Usage 2, templates
    cp ../conf/f2b_jail.conf $finalfail2banjailconf
    cp ../conf/f2b_filter.conf $finalfail2banfilterconf
    if [ -n "${app:-}" ]
    then
      ynh_replace_string "__APP__" "$app" "$finalfail2banjailconf"
      ynh_replace_string "__APP__" "$app" "$finalfail2banfilterconf"
    fi
    # Replace all other variable given as arguments
    for var_to_replace in ${others_var:-}; do
      # ${var_to_replace^^} make the content of the variable on upper-cases
      # ${!var_to_replace} get the content of the variable named $var_to_replace
      ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finalfail2banjailconf"
      ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finalfail2banfilterconf"
    done
  else
    # Usage 1, no template. Build a config file from scratch.
    test -n "$logpath" || ynh_die "ynh_add_fail2ban_config expects a logfile path as first argument and received nothing."
    test -n "$failregex" || ynh_die "ynh_add_fail2ban_config expects a failure regex as second argument and received nothing."
    tee $finalfail2banjailconf <<EOF
 [$app]
 enabled = true
 port = $ports
 filter = $app
 logpath = $logpath
 maxretry = $max_retry
 EOF
    tee $finalfail2banfilterconf <<EOF
 [INCLUDES]
 before = common.conf
 [Definition]
 failregex = $failregex
 ignoreregex =
 EOF
  fi
  # Common to usage 1 and 2.
  ynh_store_file_checksum "$finalfail2banjailconf"
  ynh_store_file_checksum "$finalfail2banfilterconf"
  ynh_systemd_action --service_name=fail2ban --action=reload
  local fail2ban_error="$(journalctl -u fail2ban | tail -n50 | grep "WARNING.*$app.*")"
  if [[ -n "$fail2ban_error" ]]; then
    ynh_print_err --message="Fail2ban failed to load the jail for $app"
    ynh_print_warn --message="${fail2ban_error#*WARNING}"
  fi
 }
 # Remove the dedicated fail2ban config (jail and filter conf files)
 #
 # usage: ynh_remove_fail2ban_config
 #
 # Requires YunoHost version 3.?.? or higher.
 ynh_remove_fail2ban_config () {
  ynh_secure_remove "/etc/fail2ban/jail.d/$app.conf"
  ynh_secure_remove "/etc/fail2ban/filter.d/$app.conf"
  ynh_systemd_action --service_name=fail2ban --action=reload
 }
--- a/data/helpers.d/getopts
+++ b/data/helpers.d/getopts
@ -43,6 +43,8 @@
 # To keep a retrocompatibility, a package can still call a helper, using getopts, with positional arguments.
 # The "legacy mode" will manage the positional arguments and fill the variable in the same order than they are given in $args_array.
 # e.g. for `my_helper "val1" val2`, arg1 will be filled with val1, and arg2 with val2.
 #
 # Requires YunoHost version 3.2.2 or higher.
 ynh_handle_getopts_args () {
 	# Manage arguments only if there's some provided
 	set +x
@ -150,10 +152,15 @@ ynh_handle_getopts_args () {
 									# If there's already another value for this option, add a ; before adding the new value
 									eval ${option_var}+="\;"
 								fi
 								# Escape double quote to prevent any interpretation during the eval
 								all_args[$i]="${all_args[$i]//\"/\\\"}"
-								eval ${option_var}+=\"${all_args[$i]}\"
+								# For the record.
 								# We're using eval here to get the content of the variable stored itself as simple text in $option_var...
 								# Other ways to get that content would be to use either ${!option_var} or declare -g ${option_var}
 								# But... ${!option_var} can't be used as left part of an assignation.
 								# declare -g ${option_var} will create a local variable (despite -g !) and will not be available for the helper itself.
 								# So... Stop fucking arguing each time that eval is evil... Go find an other working solution if you can find one!
 								eval ${option_var}+='"${all_args[$i]}"'
 								shift_value=$(( shift_value + 1 ))
 							fi
 						done
@ -191,12 +198,9 @@ ynh_handle_getopts_args () {
 				# The variable name will be stored in 'option_var'
 				local option_var="${args_array[$option_flag]%=}"
 				# Escape double quote to prevent any interpretation during the eval
 				arguments[$i]="${arguments[$i]//\"/\\\"}"
 				# Store each value given as argument in the corresponding variable
 				# The values will be stored in the same order than $args_array
-				eval ${option_var}+=\"${arguments[$i]}\"
+				eval ${option_var}+='"${arguments[$i]}"'
 			done
 			unset legacy_args
 		else
--- a/data/helpers.d/ip
+++ b/data/helpers.d/ip
@ -1,73 +0,0 @@
 #!/bin/bash
 # Validate an IP address
 #
 # usage: ynh_validate_ip --family=family --ip_address=ip_address
 # | ret: 0 for valid ip addresses, 1 otherwise
 #
 # example: ynh_validate_ip 4 111.222.333.444
 #
 ynh_validate_ip()
 {
  # http://stackoverflow.com/questions/319279/how-to-validate-ip-address-in-python#319298
  # Declare an array to define the options of this helper.
  local legacy_args=fi
  declare -Ar args_array=( [f]=family= [i]=ip_address= )
  local family
  local ip_address
  # Manage arguments with getopts
  ynh_handle_getopts_args "$@"
  [ "$family" == "4" ] || [ "$family" == "6" ] || return 1
  python /dev/stdin << EOF
 import socket
 import sys
 family = { "4" : socket.AF_INET, "6" : socket.AF_INET6 }
 try:
    socket.inet_pton(family["$family"], "$ip_address")
 except socket.error:
    sys.exit(1)
 sys.exit(0)
 EOF
 }
 # Validate an IPv4 address
 #
 # example: ynh_validate_ip4 111.222.333.444
 #
 # usage: ynh_validate_ip4 --ip_address=ip_address
 # | ret: 0 for valid ipv4 addresses, 1 otherwise
 #
 ynh_validate_ip4()
 {
  # Declare an array to define the options of this helper.
  local legacy_args=i
  declare -Ar args_array=( [i]=ip_address= )
  local ip_address
  # Manage arguments with getopts
  ynh_handle_getopts_args "$@"
  ynh_validate_ip 4 $ip_address
 }
 # Validate an IPv6 address
 #
 # example: ynh_validate_ip6 2000:dead:beef::1
 #
 # usage: ynh_validate_ip6 --ip_address=ip_address
 # | ret: 0 for valid ipv6 addresses, 1 otherwise
 #
 ynh_validate_ip6()
 {
  # Declare an array to define the options of this helper.
  local legacy_args=i
  declare -Ar args_array=( [i]=ip_address= )
  local ip_address
  # Manage arguments with getopts
  ynh_handle_getopts_args "$@"
  ynh_validate_ip 6 $ip_address
 }
--- a/data/helpers.d/logging
+++ b/data/helpers.d/logging
@ -2,6 +2,8 @@
 # Print a message to stderr and exit
 # usage: ynh_die --message=MSG [--ret_code=RETCODE]
 #
 # Requires YunoHost version 2.4.0 or higher.
 ynh_die() {
  # Declare an array to define the options of this helper.
  local legacy_args=mc
@ -18,6 +20,8 @@ ynh_die() {
 # Display a message in the 'INFO' logging category
 #
 # usage: ynh_print_info --message="Some message"
 #
 # Requires YunoHost version 3.2.0 or higher.
 ynh_print_info() {
    # Declare an array to define the options of this helper.
    local legacy_args=m
@ -37,6 +41,8 @@ ynh_print_info() {
 #
 # Simply duplicate the log, execute the yunohost command and replace the log without the result of this command
 # It's a very badly hack...
 #
 # Requires YunoHost version 2.6.4 or higher.
 ynh_no_log() {
  local ynh_cli_log=/var/log/yunohost/yunohost-cli.log
  sudo cp -a ${ynh_cli_log} ${ynh_cli_log}-move
@ -50,6 +56,7 @@ ynh_no_log() {
 #
 # [internal]
 #
 # Requires YunoHost version 3.2.0 or higher.
 ynh_print_log () {
  echo -e "${1}"
 }
@ -58,6 +65,8 @@ ynh_print_log () {
 #
 # usage: ynh_print_warn --message="Text to print"
 # | arg: -m, --message - The text to print
 #
 # Requires YunoHost version 3.2.0 or higher.
 ynh_print_warn () {
  # Declare an array to define the options of this helper.
  local legacy_args=m
@ -73,6 +82,8 @@ ynh_print_warn () {
 #
 # usage: ynh_print_err --message="Text to print"
 # | arg: -m, --message - The text to print
 #
 # Requires YunoHost version 3.2.0 or higher.
 ynh_print_err () {
  # Declare an array to define the options of this helper.
  local legacy_args=m
@ -92,6 +103,8 @@ ynh_print_err () {
 # If the command to execute uses double quotes, they have to be escaped or they will be interpreted and removed.
 #
 # | arg: command - command to execute
 #
 # Requires YunoHost version 3.2.0 or higher.
 ynh_exec_err () {
 	ynh_print_err "$(eval $@)"
 }
@ -104,6 +117,8 @@ ynh_exec_err () {
 # If the command to execute uses double quotes, they have to be escaped or they will be interpreted and removed.
 #
 # | arg: command - command to execute
 #
 # Requires YunoHost version 3.2.0 or higher.
 ynh_exec_warn () {
 	ynh_print_warn "$(eval $@)"
 }
@ -116,6 +131,8 @@ ynh_exec_warn () {
 # If the command to execute uses double quotes, they have to be escaped or they will be interpreted and removed.
 #
 # | arg: command - command to execute
 #
 # Requires YunoHost version 3.2.0 or higher.
 ynh_exec_warn_less () {
 	eval $@ 2>&1
 }
@ -128,6 +145,8 @@ ynh_exec_warn_less () {
 # If the command to execute uses double quotes, they have to be escaped or they will be interpreted and removed.
 #
 # | arg: command - command to execute
 #
 # Requires YunoHost version 3.2.0 or higher.
 ynh_exec_quiet () {
 	eval $@ > /dev/null
 }
@ -140,6 +159,8 @@ ynh_exec_quiet () {
 # If the command to execute uses double quotes, they have to be escaped or they will be interpreted and removed.
 #
 # | arg: command - command to execute
 #
 # Requires YunoHost version 3.2.0 or higher.
 ynh_exec_fully_quiet () {
 	eval $@ > /dev/null 2>&1
 }
@ -148,6 +169,8 @@ ynh_exec_fully_quiet () {
 #
 # usage: ynh_print_OFF
 # WARNING: You should be careful with this helper, and never forget to use ynh_print_ON as soon as possible to restore the logging.
 #
 # Requires YunoHost version 3.2.0 or higher.
 ynh_print_OFF () {
 	set +x
 }
@ -155,6 +178,8 @@ ynh_print_OFF () {
 # Restore the logging after ynh_print_OFF
 #
 # usage: ynh_print_ON
 #
 # Requires YunoHost version 3.2.0 or higher.
 ynh_print_ON () {
 	set -x
 	# Print an echo only for the log, to be able to know that ynh_print_ON has been called.
@ -167,13 +192,17 @@ ynh_print_ON () {
 # | arg: -m, --message= - The text to print
 # | arg: -w, --weight=  - The weight for this progression. This value is 1 by default. Use a bigger value for a longer part of the script.
 # | arg: -t, --time=    - Print the execution time since the last call to this helper. Especially usefull to define weights.
 # The execution time is given for the duration since the previous call. So the weight should be applied to this previous call.
 # | arg: -l, --last=    - Use for the last call of the helper, to fill te progression bar.
 #
 # Requires YunoHost version 3.?.? or higher.
 increment_progression=0
 previous_weight=0
 # Define base_time when the file is sourced
 base_time=$(date +%s)
 ynh_script_progression () {
 	# Declare an array to define the options of this helper.
 	local legacy_args=mwtl
 	declare -Ar args_array=( [m]=message= [w]=weight= [t]=time [l]=last )
 	local message
 	local weight
@ -195,9 +224,9 @@ ynh_script_progression () {
 	local weight_calls=$(grep --perl-regexp --count "^[^#]*ynh_script_progression.*(--weight|-w )" $0)
 	# Get the weight of each occurrences of 'ynh_script_progression' in the script using --weight
-	local weight_valuesA="$(grep --perl-regexp "^[^#]*ynh_script_progression.*--weight" $0 | sed 's/.*--weight[= ]\([[:digit:]].*\)/\1/g')"
+        local weight_valuesA="$(grep --perl-regexp "^[^#]*ynh_script_progression.*--weight" $0 | sed 's/.*--weight[= ]\([[:digit:]]*\).*/\1/g')"
-	# Get the weight of each occurrences of 'ynh_script_progression' in the script using -w
+        # Get the weight of each occurrences of 'ynh_script_progression' in the script using -w
-	local weight_valuesB="$(grep --perl-regexp "^[^#]*ynh_script_progression.*-w " $0 | sed 's/.*-w[= ]\([[:digit:]].*\)/\1/g')"
+        local weight_valuesB="$(grep --perl-regexp "^[^#]*ynh_script_progression.*-w " $0 | sed 's/.*-w[= ]\([[:digit:]]*\).*/\1/g')"
 	# Each value will be on a different line.
 	# Remove each 'end of line' and replace it by a '+' to sum the values.
 	local weight_values=$(( $(echo "$weight_valuesA" | tr '\n' '+') + $(echo "$weight_valuesB" | tr '\n' '+') 0 ))
@ -214,8 +243,9 @@ ynh_script_progression () {
 	# Set the scale of the progression bar
 	local scale=20
-	# progress_string(1,2) should have the size of the scale.
+	# progress_string(0,1,2) should have the size of the scale.
-	local progress_string1="####################"
+	local progress_string2="####################"
 	local progress_string1="++++++++++++++++++++"
 	local progress_string0="...................."
 	# Reduce $increment_progression to the size of the scale
@ -227,8 +257,17 @@ ynh_script_progression () {
 		local effective_progression=$scale
 	fi
-	# Build $progression_bar from progress_string(1,2) according to $effective_progression
+	# Build $progression_bar from progress_string(0,1,2) according to $effective_progression and the weight of the current task
-	local progression_bar="${progress_string1:0:$effective_progression}${progress_string0:0:$(( $scale - $effective_progression ))}"
+	# expected_progression is the progression expected after the current task
 	local expected_progression="$(( ( $increment_progression + $weight ) * $scale / $max_progression - $effective_progression ))"
 	if [ $last -eq 1 ]
 	then
 		expected_progression=0
 	fi
 	# left_progression is the progression not yet done
 	local left_progression="$(( $scale - $effective_progression - $expected_progression ))"
 	# Build the progression bar with $effective_progression, work done, $expected_progression, current work and $left_progression, work to be done.
 	local progression_bar="${progress_string2:0:$effective_progression}${progress_string1:0:$expected_progression}${progress_string0:0:$left_progression}"
 	local print_exec_time=""
 	if [ $time -eq 1 ]
@ -238,3 +277,69 @@ ynh_script_progression () {
 	ynh_print_info "[$progression_bar] > ${message}${print_exec_time}"
 }
 # Debugger for app packagers
 #
 # usage: ynh_debug [--message=message] [--trace=1/0]
 # | arg: -m, --message= - The text to print
 # | arg: -t, --trace=   - Turn on or off the trace of the script. Usefull to trace nonly a small part of a script.
 #
 # Requires YunoHost version 3.?.? or higher.
 ynh_debug () {
 	# Disable set xtrace for the helper itself, to not pollute the debug log
 	set +x
 	# Declare an array to define the options of this helper.
 	local legacy_args=mt
 	declare -Ar args_array=( [m]=message= [t]=trace= )
 	local message
 	local trace
 	# Manage arguments with getopts
 	ynh_handle_getopts_args "$@"
 	# Redisable xtrace, ynh_handle_getopts_args set it back
 	set +x
 	message=${message:-}
 	trace=${trace:-}
 	if [ -n "$message" ]
 	then
 		ynh_print_log "\e[34m\e[1m[DEBUG]\e[0m ${message}" >&2
 	fi
 	if [ "$trace" == "1" ]
 	then
 		ynh_debug --message="Enable debugging"
 		set +x
 		# Get the current file descriptor of xtrace
 		old_bash_xtracefd=$BASH_XTRACEFD
 		# Add the current file name and the line number of any command currently running while tracing.
 		PS4='$(basename ${BASH_SOURCE[0]})-L${LINENO}: '
 		# Force xtrace to stderr
 		BASH_XTRACEFD=2
 		# Force stdout to stderr
 		exec 1>&2
 	fi
 	if [ "$trace" == "0" ]
 	then
 		ynh_debug --message="Disable debugging"
 		set +x
 		# Put xtrace back to its original fild descriptor
 		BASH_XTRACEFD=$old_bash_xtracefd
 		# Restore stdout
 		exec 1>&1
 	fi
 	# Renable set xtrace
 	set -x
 }
 # Execute a command and print the result as debug
 #
 # usage: ynh_debug_exec command to execute
 # usage: ynh_debug_exec "command to execute | following command"
 # In case of use of pipes, you have to use double quotes. Otherwise, this helper will be executed with the first command, then be sent to the next pipe.
 #
 # | arg: command - command to execute
 #
 # Requires YunoHost version 3.?.? or higher.
 ynh_debug_exec () {
 	ynh_debug --message="$(eval $@)"
 }
--- a/data/helpers.d/logrotate
+++ b/data/helpers.d/logrotate
@ -0,0 +1,103 @@
 #!/bin/bash
 # Use logrotate to manage the logfile
 #
 # usage: ynh_use_logrotate [--logfile=/log/file] [--nonappend] [--specific_user=user/group]
 # | arg: -l, --logfile - absolute path of logfile
 # | arg: -n, --nonappend - (optional) Replace the config file instead of appending this new config.
 # | arg: -u, --specific_user : run logrotate as the specified user and group. If not specified logrotate is runned as root.
 #
 # If no --logfile is provided, /var/log/${app} will be used as default.
 # logfile can be just a directory, or a full path to a logfile :
 # /parentdir/logdir
 # /parentdir/logdir/logfile.log
 #
 # It's possible to use this helper multiple times, each config will be added to
 # the same logrotate config file.  Unless you use the option --non-append
 #
 # Requires YunoHost version 2.6.4 or higher.
 ynh_use_logrotate () {
 	# Declare an array to define the options of this helper.
 	local legacy_args=lnuya
 	declare -Ar args_array=( [l]=logfile= [n]=nonappend [u]=specific_user= [y]=non [a]=append )
 	# [y]=non [a]=append are only for legacy purpose, to not fail on the old option '--non-append'
 	local logfile
 	local nonappend
 	local specific_user
 	# Manage arguments with getopts
 	ynh_handle_getopts_args "$@"
 	local logfile="${logfile:-}"
 	local nonappend="${nonappend:-0}"
 	local specific_user="${specific_user:-}"
 	# LEGACY CODE - PRE GETOPTS
 	if [ $# -gt 0 ] && [ "$1" == "--non-append" ]; then
 		nonappend=1
 		# Destroy this argument for the next command.
 		shift
 	elif [ $# -gt 1 ] && [ "$2" == "--non-append" ]; then
 		nonappend=1
 	fi
 	if [ $# -gt 0 ] && [ "$(echo ${1:0:1})" != "-" ]; then
 		if [ "$(echo ${1##*.})" == "log" ]; then	# Keep only the extension to check if it's a logfile
 			local logfile=$1	# In this case, focus logrotate on the logfile
 		else
 			local logfile=$1/*.log	# Else, uses the directory and all logfile into it.
 		fi
 	fi
 	# LEGACY CODE
 	local customtee="tee -a"
 	if [ "$nonappend" -eq 1 ]; then
 		customtee="tee"
 	fi
 	if [ -n "$logfile" ]
 	then
 		if [ "$(echo ${logfile##*.})" != "log" ]; then	# Keep only the extension to check if it's a logfile
 			local logfile="$logfile/*.log"	# Else, uses the directory and all logfile into it.
 		fi
 	else
 		logfile="/var/log/${app}/*.log" # Without argument, use a defaut directory in /var/log
 	fi
 	local su_directive=""
 	if [[ -n $specific_user ]]; then
 		su_directive="	# Run logorotate as specific user - group
 	su ${specific_user%/*} ${specific_user#*/}"
 	fi
 	cat > ./${app}-logrotate << EOF	# Build a config file for logrotate
 $logfile {
 		# Rotate if the logfile exceeds 100Mo
 	size 100M
 		# Keep 12 old log maximum
 	rotate 12
 		# Compress the logs with gzip
 	compress
 		# Compress the log at the next cycle. So keep always 2 non compressed logs
 	delaycompress
 		# Copy and truncate the log to allow to continue write on it. Instead of move the log.
 	copytruncate
 		# Do not do an error if the log is missing
 	missingok
 		# Not rotate if the log is empty
 	notifempty
 		# Keep old logs in the same dir
 	noolddir
 	$su_directive
 }
 EOF
 	sudo mkdir -p $(dirname "$logfile")	# Create the log directory, if not exist
 	cat ${app}-logrotate | sudo $customtee /etc/logrotate.d/$app > /dev/null	# Append this config to the existing config file, or replace the whole config file (depending on $customtee)
 }
 # Remove the app's logrotate config.
 #
 # usage: ynh_remove_logrotate
 #
 # Requires YunoHost version 2.6.4 or higher.
 ynh_remove_logrotate () {
 	if [ -e "/etc/logrotate.d/$app" ]; then
 		sudo rm "/etc/logrotate.d/$app"
 	fi
 }
--- a/data/helpers.d/mysql
+++ b/data/helpers.d/mysql
@ -11,6 +11,8 @@ MYSQL_ROOT_PWD_FILE=/etc/yunohost/mysql
 # | arg: -u, --user - the user name to connect as
 # | arg: -p, --password - the user password
 # | arg: -d, --database - the database to connect to
 #
 # Requires YunoHost version 2.2.4 or higher.
 ynh_mysql_connect_as() {
    # Declare an array to define the options of this helper.
    local legacy_args=upd
@ -30,6 +32,8 @@ ynh_mysql_connect_as() {
 # usage: ynh_mysql_execute_as_root --sql=sql [--database=database]
 # | arg: -s, --sql - the SQL command to execute
 # | arg: -d, --database - the database to connect to
 #
 # Requires YunoHost version 2.2.4 or higher.
 ynh_mysql_execute_as_root() {
    # Declare an array to define the options of this helper.
    local legacy_args=sd
@ -49,6 +53,8 @@ ynh_mysql_execute_as_root() {
 # usage: ynh_mysql_execute_file_as_root --file=file [--database=database]
 # | arg: -f, --file - the file containing SQL commands
 # | arg: -d, --database - the database to connect to
 #
 # Requires YunoHost version 2.2.4 or higher.
 ynh_mysql_execute_file_as_root() {
    # Declare an array to define the options of this helper.
    local legacy_args=fd
@ -71,6 +77,8 @@ ynh_mysql_execute_file_as_root() {
 # | arg: db - the database name to create
 # | arg: user - the user to grant privilegies
 # | arg: pwd - the password to identify user by
 #
 # Requires YunoHost version 2.2.4 or higher.
 ynh_mysql_create_db() {
    local db=$1
@ -95,6 +103,8 @@ ynh_mysql_create_db() {
 #
 # usage: ynh_mysql_drop_db db
 # | arg: db - the database name to drop
 #
 # Requires YunoHost version 2.2.4 or higher.
 ynh_mysql_drop_db() {
    ynh_mysql_execute_as_root --sql="DROP DATABASE ${1};"
 }
@ -106,6 +116,8 @@ ynh_mysql_drop_db() {
 # usage: ynh_mysql_dump_db --database=database
 # | arg: -d, --database - the database name to dump
 # | ret: the mysqldump output
 #
 # Requires YunoHost version 2.2.4 or higher.
 ynh_mysql_dump_db() {
    # Declare an array to define the options of this helper.
    local legacy_args=d
@ -124,6 +136,8 @@ ynh_mysql_dump_db() {
 # usage: ynh_mysql_create_user user pwd [host]
 # | arg: user - the user name to create
 # | arg: pwd - the password to identify user by
 #
 # Requires YunoHost version 2.2.4 or higher.
 ynh_mysql_create_user() {
    ynh_mysql_execute_as_root \
        --sql="CREATE USER '${1}'@'localhost' IDENTIFIED BY '${2}';"
@ -133,6 +147,8 @@ ynh_mysql_create_user() {
 #
 # usage: ynh_mysql_user_exists --user=user
 # | arg: -u, --user - the user for which to check existence
 #
 # Requires YunoHost version 2.2.4 or higher.
 ynh_mysql_user_exists()
 {
   # Declare an array to define the options of this helper.
@ -156,6 +172,8 @@ ynh_mysql_user_exists()
 #
 # usage: ynh_mysql_drop_user user
 # | arg: user - the user name to drop
 #
 # Requires YunoHost version 2.2.4 or higher.
 ynh_mysql_drop_user() {
    ynh_mysql_execute_as_root --sql="DROP USER '${1}'@'localhost';"
 }
@ -168,7 +186,9 @@ ynh_mysql_drop_user() {
 # usage: ynh_mysql_setup_db --db_user=user --db_name=name [--db_pwd=pwd]
 # | arg: -u, --db_user - Owner of the database
 # | arg: -n, --db_name - Name of the database
-# | arg: -p, --db_pwd - Password of the database. If not given, a password will be generated
+# | arg: -p, --db_pwd - Password of the database. If not provided, a password will be generated
 #
 # Requires YunoHost version 2.6.4 or higher.
 ynh_mysql_setup_db () {
 	# Declare an array to define the options of this helper.
 	local legacy_args=unp
@ -180,7 +200,7 @@ ynh_mysql_setup_db () {
 	ynh_handle_getopts_args "$@"
 	local new_db_pwd=$(ynh_string_random)	# Generate a random password
-	# If $db_pwd is not given, use new_db_pwd instead for db_pwd
+	# If $db_pwd is not provided, use new_db_pwd instead for db_pwd
 	db_pwd="${db_pwd:-$new_db_pwd}"
 	ynh_mysql_create_db "$db_name" "$db_user" "$db_pwd"	# Create the database
@ -192,6 +212,8 @@ ynh_mysql_setup_db () {
 # usage: ynh_mysql_remove_db --db_user=user --db_name=name
 # | arg: -u, --db_user - Owner of the database
 # | arg: -n, --db_name - Name of the database
 #
 # Requires YunoHost version 2.6.4 or higher.
 ynh_mysql_remove_db () {
 	# Declare an array to define the options of this helper.
 	local legacy_args=un
@ -203,10 +225,10 @@ ynh_mysql_remove_db () {
 	local mysql_root_password=$(sudo cat $MYSQL_ROOT_PWD_FILE)
 	if mysqlshow -u root -p$mysql_root_password | grep -q "^| $db_name"; then	# Check if the database exists
-		echo "Removing database $db_name" >&2
+		ynh_print_info --message="Removing database $db_name"
 		ynh_mysql_drop_db $db_name	# Remove the database	
 	else
-		echo "Database $db_name not found" >&2
+		ynh_print_warn --message="Database $db_name not found"
 	fi
 	# Remove mysql user if it exists
@ -215,22 +237,3 @@ ynh_mysql_remove_db () {
 	fi
 }
 # Sanitize a string intended to be the name of a database
 # (More specifically : replace - and . by _)
 #
 # example: dbname=$(ynh_sanitize_dbid $app)
 #
 # usage: ynh_sanitize_dbid --db_name=name
 # | arg: -n, --db_name - name to correct/sanitize
 # | ret: the corrected name
 ynh_sanitize_dbid () {
 	# Declare an array to define the options of this helper.
 	local legacy_args=n
 	declare -Ar args_array=( [n]=db_name= )
 	local db_name
 	# Manage arguments with getopts
 	ynh_handle_getopts_args "$@"
 	# We should avoid having - and . in the name of databases. They are replaced by _
 	echo ${db_name//[-.]/_}
 }
--- a/data/helpers.d/network
+++ b/data/helpers.d/network
@ -1,41 +1,13 @@
 #!/bin/bash
 # Normalize the url path syntax
 # Handle the slash at the beginning of path and its absence at ending
 # Return a normalized url path
 #
 # example: url_path=$(ynh_normalize_url_path $url_path)
 #          ynh_normalize_url_path example -> /example
 #          ynh_normalize_url_path /example -> /example
 #          ynh_normalize_url_path /example/ -> /example
 #          ynh_normalize_url_path / -> /
 #
 # usage: ynh_normalize_url_path --path_url=path_to_normalize
 # | arg: -p, --path_url - URL path to normalize before using it
 ynh_normalize_url_path () {
 	# Declare an array to define the options of this helper.
 	local legacy_args=p
 	declare -Ar args_array=( [p]=path_url= )
 	local path_url
 	# Manage arguments with getopts
 	ynh_handle_getopts_args "$@"
 	test -n "$path_url" || ynh_die --message="ynh_normalize_url_path expect a URL path as first argument and received nothing."
 	if [ "${path_url:0:1}" != "/" ]; then    # If the first character is not a /
 		path_url="/$path_url"    # Add / at begin of path variable
 	fi
 	if [ "${path_url:${#path_url}-1}" == "/" ] && [ ${#path_url} -gt 1 ]; then    # If the last character is a / and that not the only character.
 		path_url="${path_url:0:${#path_url}-1}"	# Delete the last character
 	fi
 	echo $path_url
 }
 # Find a free port and return it
 #
 # example: port=$(ynh_find_port --port=8080)
 #
 # usage: ynh_find_port --port=begin_port
 # | arg: -p, --port - port to start to search
 #
 # Requires YunoHost version 2.6.4 or higher.
 ynh_find_port () {
 	# Declare an array to define the options of this helper.
 	local legacy_args=p
@ -52,42 +24,77 @@ ynh_find_port () {
 	echo $port
 }
-# Check availability of a web path
+# Validate an IP address
 #
-# example: ynh_webpath_available --domain=some.domain.tld --path_url=/coffee
+# usage: ynh_validate_ip --family=family --ip_address=ip_address
 # | ret: 0 for valid ip addresses, 1 otherwise
 #
-# usage: ynh_webpath_available --domain=domain --path_url=path
+# example: ynh_validate_ip 4 111.222.333.444
-# | arg: -d, --domain - the domain/host of the url
+#
-# | arg: -p, --path_url - the web path to check the availability of
+# Requires YunoHost version 2.2.4 or higher.
-ynh_webpath_available () {
+ynh_validate_ip()
-	# Declare an array to define the options of this helper.
+{
-	local legacy_args=dp
+  # http://stackoverflow.com/questions/319279/how-to-validate-ip-address-in-python#319298
 	declare -Ar args_array=( [d]=domain= [p]=path_url= )
 	local domain
 	local path_url
 	# Manage arguments with getopts
 	ynh_handle_getopts_args "$@"
-	sudo yunohost domain url-available $domain $path_url
+  # Declare an array to define the options of this helper.
  local legacy_args=fi
  declare -Ar args_array=( [f]=family= [i]=ip_address= )
  local family
  local ip_address
  # Manage arguments with getopts
  ynh_handle_getopts_args "$@"
  [ "$family" == "4" ] || [ "$family" == "6" ] || return 1
  python /dev/stdin << EOF
 import socket
 import sys
 family = { "4" : socket.AF_INET, "6" : socket.AF_INET6 }
 try:
    socket.inet_pton(family["$family"], "$ip_address")
 except socket.error:
    sys.exit(1)
 sys.exit(0)
 EOF
 }
-# Register/book a web path for an app
+# Validate an IPv4 address
 #
-# example: ynh_webpath_register --app=wordpress --domain=some.domain.tld --path_url=/coffee
+# example: ynh_validate_ip4 111.222.333.444
 #
-# usage: ynh_webpath_register --app=app --domain=domain --path_url=path
+# usage: ynh_validate_ip4 --ip_address=ip_address
-# | arg: -a, --app - the app for which the domain should be registered
+# | ret: 0 for valid ipv4 addresses, 1 otherwise
-# | arg: -d, --domain - the domain/host of the web path
+#
-# | arg: -p, --path_url - the web path to be registered
+# Requires YunoHost version 2.2.4 or higher.
-ynh_webpath_register () {
+ynh_validate_ip4()
-	# Declare an array to define the options of this helper.
+{
-	local legacy_args=adp
+  # Declare an array to define the options of this helper.
-	declare -Ar args_array=( [a]=app= [d]=domain= [p]=path_url= )
+  local legacy_args=i
-	local app
+  declare -Ar args_array=( [i]=ip_address= )
-	local domain
+  local ip_address
-	local path_url
+  # Manage arguments with getopts
-	# Manage arguments with getopts
+  ynh_handle_getopts_args "$@"
 	ynh_handle_getopts_args "$@"
-	sudo yunohost app register-url $app $domain $path_url
+  ynh_validate_ip 4 $ip_address
 }
 # Validate an IPv6 address
 #
 # example: ynh_validate_ip6 2000:dead:beef::1
 #
 # usage: ynh_validate_ip6 --ip_address=ip_address
 # | ret: 0 for valid ipv6 addresses, 1 otherwise
 #
 # Requires YunoHost version 2.2.4 or higher.
 ynh_validate_ip6()
 {
  # Declare an array to define the options of this helper.
  local legacy_args=i
  declare -Ar args_array=( [i]=ip_address= )
  local ip_address
  # Manage arguments with getopts
  ynh_handle_getopts_args "$@"
  ynh_validate_ip 6 $ip_address
 }
--- a/data/helpers.d/nginx
+++ b/data/helpers.d/nginx
@ -0,0 +1,76 @@
 #!/bin/bash
 # Create a dedicated nginx config
 #
 # usage: ynh_add_nginx_config "list of others variables to replace"
 #
 # | arg: list - (Optional) list of others variables to replace separated by spaces. For example : 'path_2 port_2 ...'
 #
 # This will use a template in ../conf/nginx.conf
 #   __PATH__      by  $path_url
 #   __DOMAIN__    by  $domain
 #   __PORT__      by  $port
 #   __NAME__      by  $app
 #   __FINALPATH__ by  $final_path
 #
 #  And dynamic variables (from the last example) :
 #   __PATH_2__    by $path_2
 #   __PORT_2__    by $port_2
 #
 # Requires YunoHost version 2.7.2 or higher.
 ynh_add_nginx_config () {
 	finalnginxconf="/etc/nginx/conf.d/$domain.d/$app.conf"
 	local others_var=${1:-}
 	ynh_backup_if_checksum_is_different --file="$finalnginxconf"
 	sudo cp ../conf/nginx.conf "$finalnginxconf"
 	# To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable.
 	# Substitute in a nginx config file only if the variable is not empty
 	if test -n "${path_url:-}"; then
 		# path_url_slash_less is path_url, or a blank value if path_url is only '/'
 		local path_url_slash_less=${path_url%/}
 		ynh_replace_string --match_string="__PATH__/" --replace_string="$path_url_slash_less/" --target_file="$finalnginxconf"
 		ynh_replace_string --match_string="__PATH__" --replace_string="$path_url" --target_file="$finalnginxconf"
 	fi
 	if test -n "${domain:-}"; then
 		ynh_replace_string --match_string="__DOMAIN__" --replace_string="$domain" --target_file="$finalnginxconf"
 	fi
 	if test -n "${port:-}"; then
 		ynh_replace_string --match_string="__PORT__" --replace_string="$port" --target_file="$finalnginxconf"
 	fi
 	if test -n "${app:-}"; then
 		ynh_replace_string --match_string="__NAME__" --replace_string="$app" --target_file="$finalnginxconf"
 	fi
 	if test -n "${final_path:-}"; then
 		ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="$finalnginxconf"
 	fi
 	# Replace all other variable given as arguments
 	for var_to_replace in $others_var
 	do
 		# ${var_to_replace^^} make the content of the variable on upper-cases
 		# ${!var_to_replace} get the content of the variable named $var_to_replace 
 		ynh_replace_string --match_string="__${var_to_replace^^}__" --replace_string="${!var_to_replace}" --target_file="$finalnginxconf"
 	done
 	if [ "${path_url:-}" != "/" ]
 	then
 		ynh_replace_string --match_string="^#sub_path_only" --replace_string="" --target_file="$finalnginxconf"
 	else
 		ynh_replace_string --match_string="^#root_path_only" --replace_string="" --target_file="$finalnginxconf"
 	fi
 	ynh_store_file_checksum --file="$finalnginxconf"
 	ynh_systemd_action --service_name=nginx --action=reload
 }
 # Remove the dedicated nginx config
 #
 # usage: ynh_remove_nginx_config
 #
 # Requires YunoHost version 2.7.2 or higher.
 ynh_remove_nginx_config () {
 	ynh_secure_remove --file="/etc/nginx/conf.d/$domain.d/$app.conf"
 	ynh_systemd_action --service_name=nginx --action=reload
 }
--- a/data/helpers.d/nodejs
+++ b/data/helpers.d/nodejs
@ -10,8 +10,10 @@ export N_PREFIX="$n_install_dir"
 # [internal]
 #
 # usage: ynh_install_n
 #
 # Requires YunoHost version 2.7.12 or higher.
 ynh_install_n () {
-	echo "Installation of N - Node.js version management" >&2
+	ynh_print_info --message="Installation of N - Node.js version management"
 	# Build an app.src for n
 	mkdir -p "../conf"
 	echo "SOURCE_URL=https://github.com/tj/n/archive/v2.1.7.tar.gz
@ -36,6 +38,8 @@ SOURCE_SUM=2ba3c9d4dd3c7e38885b37e02337906a1ee91febe6d5c9159d89a9050f2eea8f" > "
 #     That's means it has to be added to any systemd script.
 #
 # usage: ynh_use_nodejs
 #
 # Requires YunoHost version 2.7.12 or higher.
 ynh_use_nodejs () {
 	nodejs_version=$(ynh_app_setting_get --app=$app --key=nodejs_version)
@ -59,6 +63,8 @@ ynh_use_nodejs () {
 # | arg: -n, --nodejs_version - Version of node to install.
 #        If possible, prefer to use major version number (e.g. 8 instead of 8.10.0).
 #        The crontab will handle the update of minor versions when needed.
 #
 # Requires YunoHost version 2.7.12 or higher.
 ynh_install_nodejs () {
 	# Use n, https://github.com/tj/n to manage the nodejs versions
@ -117,7 +123,7 @@ ynh_install_nodejs () {
 	fi
 	# Store the ID of this app and the version of node requested for it
-	echo "$YNH_APP_ID:$nodejs_version" | tee --append "$n_install_dir/ynh_app_version"
+	echo "$YNH_APP_INSTANCE_NAME:$nodejs_version" | tee --append "$n_install_dir/ynh_app_version"
 	# Store nodejs_version into the config of this app
 	ynh_app_setting_set --app=$app --key=nodejs_version --value=$nodejs_version
@ -135,11 +141,13 @@ ynh_install_nodejs () {
 # If no other app uses node, n will be also removed.
 #
 # usage: ynh_remove_nodejs
 #
 # Requires YunoHost version 2.7.12 or higher.
 ynh_remove_nodejs () {
 	nodejs_version=$(ynh_app_setting_get --app=$app --key=nodejs_version)
 	# Remove the line for this app
-	sed --in-place "/$YNH_APP_ID:$nodejs_version/d" "$n_install_dir/ynh_app_version"
+	sed --in-place "/$YNH_APP_INSTANCE_NAME:$nodejs_version/d" "$n_install_dir/ynh_app_version"
 	# If no other app uses this version of nodejs, remove it.
 	if ! grep --quiet "$nodejs_version" "$n_install_dir/ynh_app_version"
@ -164,6 +172,8 @@ ynh_remove_nodejs () {
 # This cron will check and update all minor node versions used by your apps.
 #
 # usage: ynh_cron_upgrade_node
 #
 # Requires YunoHost version 2.7.12 or higher.
 ynh_cron_upgrade_node () {
 	# Build the update script
 	cat > "$n_install_dir/node_update.sh" << EOF
--- a/data/helpers.d/php
+++ b/data/helpers.d/php
@ -0,0 +1,67 @@
 #!/bin/bash
 # Create a dedicated php-fpm config
 #
 # usage: ynh_add_fpm_config [--phpversion=7.X]
 # | arg: -v, --phpversion - Version of php to use.
 #
 # Requires YunoHost version 2.7.2 or higher.
 ynh_add_fpm_config () {
 	# Declare an array to define the options of this helper.
 	local legacy_args=v
 	declare -Ar args_array=( [v]=phpversion= )
 	local phpversion
 	# Manage arguments with getopts
 	ynh_handle_getopts_args "$@"
 	# Configure PHP-FPM 7.0 by default
 	phpversion="${phpversion:-7.0}"
 	local fpm_config_dir="/etc/php/$phpversion/fpm"
 	local fpm_service="php${phpversion}-fpm"
 	# Configure PHP-FPM 5 on Debian Jessie
 	if [ "$(ynh_get_debian_release)" == "jessie" ]; then
 		fpm_config_dir="/etc/php5/fpm"
 		fpm_service="php5-fpm"
 	fi
 	ynh_app_setting_set --app=$app --key=fpm_config_dir --value="$fpm_config_dir"
 	ynh_app_setting_set --app=$app --key=fpm_service --value="$fpm_service"
 	finalphpconf="$fpm_config_dir/pool.d/$app.conf"
 	ynh_backup_if_checksum_is_different --file="$finalphpconf"
 	sudo cp ../conf/php-fpm.conf "$finalphpconf"
 	ynh_replace_string --match_string="__NAMETOCHANGE__" --replace_string="$app" --target_file="$finalphpconf"
 	ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="$finalphpconf"
 	ynh_replace_string --match_string="__USER__" --replace_string="$app" --target_file="$finalphpconf"
 	ynh_replace_string --match_string="__PHPVERSION__" --replace_string="$phpversion" --target_file="$finalphpconf"
 	sudo chown root: "$finalphpconf"
 	ynh_store_file_checksum --file="$finalphpconf"
 	if [ -e "../conf/php-fpm.ini" ]
 	then
 		echo "Packagers ! Please do not use a separate php ini file, merge your directives in the pool file instead." >&2
 		finalphpini="$fpm_config_dir/conf.d/20-$app.ini"
 		ynh_backup_if_checksum_is_different "$finalphpini"
 		sudo cp ../conf/php-fpm.ini "$finalphpini"
 		sudo chown root: "$finalphpini"
 		ynh_store_file_checksum "$finalphpini"
 	fi
 	ynh_systemd_action --service_name=$fpm_service --action=reload
 }
 # Remove the dedicated php-fpm config
 #
 # usage: ynh_remove_fpm_config
 #
 # Requires YunoHost version 2.7.2 or higher.
 ynh_remove_fpm_config () {
 	local fpm_config_dir=$(ynh_app_setting_get --app=$app --key=fpm_config_dir)
 	local fpm_service=$(ynh_app_setting_get --app=$app --key=fpm_service)
 	# Assume php version 7 if not set
 	if [ -z "$fpm_config_dir" ]; then
 		fpm_config_dir="/etc/php/7.0/fpm"
 		fpm_service="php7.0-fpm"
 	fi
 	ynh_secure_remove --file="$fpm_config_dir/pool.d/$app.conf"
 	ynh_secure_remove --file="$fpm_config_dir/conf.d/20-$app.ini" 2>&1
 	ynh_systemd_action --service_name=$fpm_service --action=reload
 }
--- a/data/helpers.d/postgresql
+++ b/data/helpers.d/postgresql
@ -11,6 +11,8 @@ PSQL_ROOT_PWD_FILE=/etc/yunohost/psql
 # | arg: -u, --user - the user name to connect as
 # | arg: -p, --password - the user password
 # | arg: -d, --database - the database to connect to
 #
 # Requires YunoHost version 3.?.? or higher.
 ynh_psql_connect_as() {
 	# Declare an array to define the options of this helper.
 	local legacy_args=upd
@ -30,6 +32,8 @@ ynh_psql_connect_as() {
 # usage: ynh_psql_execute_as_root --sql=sql [--database=database]
 # | arg: -s, --sql - the SQL command to execute
 # | arg: -d, --database - the database to connect to
 #
 # Requires YunoHost version 3.?.? or higher.
 ynh_psql_execute_as_root() {
 	# Declare an array to define the options of this helper.
 	local legacy_args=sd
@ -49,6 +53,8 @@ ynh_psql_execute_as_root() {
 # usage: ynh_psql_execute_file_as_root --file=file [--database=database]
 # | arg: -f, --file - the file containing SQL commands
 # | arg: -d, --database - the database to connect to
 #
 # Requires YunoHost version 3.?.? or higher.
 ynh_psql_execute_file_as_root() {
 	# Declare an array to define the options of this helper.
 	local legacy_args=fd
@ -70,6 +76,8 @@ ynh_psql_execute_file_as_root() {
 # usage: ynh_psql_create_db db [user]
 # | arg: db - the database name to create
 # | arg: user - the user to grant privilegies
 #
 # Requires YunoHost version 3.?.? or higher.
 ynh_psql_create_db() {
 	local db=$1
 	local user=${2:-}
@ -93,8 +101,14 @@ ynh_psql_create_db() {
 #
 # usage: ynh_psql_drop_db db
 # | arg: db - the database name to drop
 #
 # Requires YunoHost version 3.?.? or higher.
 ynh_psql_drop_db() {
 	local db=$1
 	# First, force disconnection of all clients connected to the database
 	# https://stackoverflow.com/questions/5408156/how-to-drop-a-postgresql-database-if-there-are-active-connections-to-it
 	# https://dba.stackexchange.com/questions/16426/how-to-drop-all-connections-to-a-specific-database-without-stopping-the-server
 	ynh_psql_execute_as_root --sql="SELECT pg_terminate_backend (pg_stat_activity.pid) FROM pg_stat_activity WHERE pg_stat_activity.datname = '$db';" --database="$db"
 	sudo --login --user=postgres dropdb $db
 }
@ -105,6 +119,8 @@ ynh_psql_drop_db() {
 # usage: ynh_psql_dump_db --database=database
 # | arg: -d, --database - the database name to dump
 # | ret: the psqldump output
 #
 # Requires YunoHost version 3.?.? or higher.
 ynh_psql_dump_db() {
 	# Declare an array to define the options of this helper.
 	local legacy_args=d
@ -123,6 +139,8 @@ ynh_psql_dump_db() {
 # usage: ynh_psql_create_user user pwd
 # | arg: user - the user name to create
 # | arg: pwd - the password to identify user by
 #
 # Requires YunoHost version 3.?.? or higher.
 ynh_psql_create_user() {
 	local user=$1
 	local pwd=$2
@ -160,7 +178,7 @@ ynh_psql_database_exists() {
 	# Manage arguments with getopts
 	ynh_handle_getopts_args "$@"
-	if ! sudo --login --user=postgres PGUSER="postgres" PGPASSWORD="$(sudo cat $PSQL_ROOT_PWD_FILE)" psql -tAc "SELECT datname FROM pg_database WHERE datname='$database';" | grep --quiet "$user"; then
+	if ! sudo --login --user=postgres PGUSER="postgres" PGPASSWORD="$(sudo cat $PSQL_ROOT_PWD_FILE)" psql -tAc "SELECT datname FROM pg_database WHERE datname='$database';" | grep --quiet "$database"; then
 		return 1
 	else
 		return 0
@ -173,6 +191,8 @@ ynh_psql_database_exists() {
 #
 # usage: ynh_psql_drop_user user
 # | arg: user - the user name to drop
 #
 # Requires YunoHost version 3.?.? or higher.
 ynh_psql_drop_user() {
 	ynh_psql_execute_as_root --sql="DROP USER ${1};"
 }
@ -224,18 +244,18 @@ ynh_psql_remove_db() {
 	local psql_root_password=$(sudo cat $PSQL_ROOT_PWD_FILE)
 	if ynh_psql_database_exists --database=$db_name; then # Check if the database exists
-		echo "Removing database $db_name" >&2
+		ynh_print_info --message="Removing database $db_name"
 		ynh_psql_drop_db $db_name # Remove the database
 	else
-		echo "Database $db_name not found" >&2
+		ynh_print_warn --message="Database $db_name not found"
 	fi
 	# Remove psql user if it exists
 	if ynh_psql_user_exists --user=$db_user; then
-		echo "Removing user $db_user" >&2
+		ynh_print_info --message="Removing user $db_user"
 		ynh_psql_drop_user $db_user
 	else
-		echo "User $db_user not found" >&2
+		ynh_print_warn --message="User $db_user not found"
 	fi
 }
@ -260,7 +280,8 @@ ynh_psql_test_if_first_run() {
 			ynh_die "postgresql shoud be 9.4 or 9.6"
 		fi
-		systemctl start postgresql
+		ynh_systemd_action --service_name=postgresql --action=start
 		sudo --login --user=postgres psql -c"ALTER user postgres WITH PASSWORD '$pgsql'" postgres
 		# force all user to connect to local database using passwords
@ -273,6 +294,6 @@ ynh_psql_test_if_first_run() {
 		yunohost service add postgresql --log "$logfile"
 		systemctl enable postgresql
-		systemctl reload postgresql
+		ynh_systemd_action --service_name=postgresql --action=reload
 	fi
 }
--- a/data/helpers.d/setting
+++ b/data/helpers.d/setting
@ -5,6 +5,8 @@
 # usage: ynh_app_setting_get --app=app --key=key
 # | arg: -a, --app - the application id
 # | arg: -k, --key - the setting to get
 #
 # Requires YunoHost version 2.2.4 or higher.
 ynh_app_setting_get() {
    # Declare an array to define the options of this helper.
    local legacy_args=ak
@ -23,6 +25,8 @@ ynh_app_setting_get() {
 # | arg: -a, --app - the application id
 # | arg: -k, --key - the setting name to set
 # | arg: -v, --value - the setting value to set
 #
 # Requires YunoHost version 2.2.4 or higher.
 ynh_app_setting_set() {
    # Declare an array to define the options of this helper.
    local legacy_args=akv
@ -41,6 +45,8 @@ ynh_app_setting_set() {
 # usage: ynh_app_setting_delete --app=app --key=key
 # | arg: -a, --app - the application id
 # | arg: -k, --key - the setting to delete
 #
 # Requires YunoHost version 2.2.4 or higher.
 ynh_app_setting_delete() {
    # Declare an array to define the options of this helper.
    local legacy_args=ak
@ -85,3 +91,47 @@ else:
        yaml.safe_dump(settings, f, default_flow_style=False)
 EOF
 }
 # Check availability of a web path
 #
 # example: ynh_webpath_available --domain=some.domain.tld --path_url=/coffee
 #
 # usage: ynh_webpath_available --domain=domain --path_url=path
 # | arg: -d, --domain - the domain/host of the url
 # | arg: -p, --path_url - the web path to check the availability of
 #
 # Requires YunoHost version 2.6.4 or higher.
 ynh_webpath_available () {
 	# Declare an array to define the options of this helper.
 	local legacy_args=dp
 	declare -Ar args_array=( [d]=domain= [p]=path_url= )
 	local domain
 	local path_url
 	# Manage arguments with getopts
 	ynh_handle_getopts_args "$@"
 	sudo yunohost domain url-available $domain $path_url
 }
 # Register/book a web path for an app
 #
 # example: ynh_webpath_register --app=wordpress --domain=some.domain.tld --path_url=/coffee
 #
 # usage: ynh_webpath_register --app=app --domain=domain --path_url=path
 # | arg: -a, --app - the app for which the domain should be registered
 # | arg: -d, --domain - the domain/host of the web path
 # | arg: -p, --path_url - the web path to be registered
 #
 # Requires YunoHost version 2.6.4 or higher.
 ynh_webpath_register () {
 	# Declare an array to define the options of this helper.
 	local legacy_args=adp
 	declare -Ar args_array=( [a]=app= [d]=domain= [p]=path_url= )
 	local app
 	local domain
 	local path_url
 	# Manage arguments with getopts
 	ynh_handle_getopts_args "$@"
 	sudo yunohost app register-url $app $domain $path_url
 }
--- a/data/helpers.d/string
+++ b/data/helpers.d/string
@ -6,6 +6,8 @@
 #
 # usage: ynh_string_random [--length=string_length]
 # | arg: -l, --length - the string length to generate (default: 24)
 #
 # Requires YunoHost version 2.2.4 or higher.
 ynh_string_random() {
    # Declare an array to define the options of this helper.
    local legacy_args=l
@ -30,6 +32,8 @@ ynh_string_random() {
 # As this helper is based on sed command, regular expressions and
 # references to sub-expressions can be used
 # (see sed manual page for more information)
 #
 # Requires YunoHost version 2.6.4 or higher.
 ynh_replace_string () {
 	# Declare an array to define the options of this helper.
 	local legacy_args=mrf
@ -57,6 +61,8 @@ ynh_replace_string () {
 #
 # This helper will use ynh_replace_string, but as you can use special
 # characters, you can't use some regular expressions and sub-expressions.
 #
 # Requires YunoHost version 2.7.7 or higher.
 ynh_replace_special_string () {
 	# Declare an array to define the options of this helper.
 	local legacy_args=mrf
@ -77,3 +83,59 @@ ynh_replace_special_string () {
 	ynh_replace_string --match_string="$match_string" --replace_string="$replace_string" --target_file="$target_file"
 }
 # Sanitize a string intended to be the name of a database
 # (More specifically : replace - and . by _)
 #
 # example: dbname=$(ynh_sanitize_dbid $app)
 #
 # usage: ynh_sanitize_dbid --db_name=name
 # | arg: -n, --db_name - name to correct/sanitize
 # | ret: the corrected name
 #
 # Requires YunoHost version 2.2.4 or higher.
 ynh_sanitize_dbid () {
 	# Declare an array to define the options of this helper.
 	local legacy_args=n
 	declare -Ar args_array=( [n]=db_name= )
 	local db_name
 	# Manage arguments with getopts
 	ynh_handle_getopts_args "$@"
 	# We should avoid having - and . in the name of databases. They are replaced by _
 	echo ${db_name//[-.]/_}
 }
 # Normalize the url path syntax
 #
 # Handle the slash at the beginning of path and its absence at ending
 # Return a normalized url path
 #
 # examples:
 #     url_path=$(ynh_normalize_url_path $url_path)
 #     ynh_normalize_url_path example    # -> /example
 #     ynh_normalize_url_path /example   # -> /example
 #     ynh_normalize_url_path /example/  # -> /example
 #     ynh_normalize_url_path /          # -> /
 #
 # usage: ynh_normalize_url_path --path_url=path_to_normalize
 # | arg: -p, --path_url - URL path to normalize before using it
 #
 # Requires YunoHost version 2.6.4 or higher.
 ynh_normalize_url_path () {
 	# Declare an array to define the options of this helper.
 	local legacy_args=p
 	declare -Ar args_array=( [p]=path_url= )
 	local path_url
 	# Manage arguments with getopts
 	ynh_handle_getopts_args "$@"
 	test -n "$path_url" || ynh_die --message="ynh_normalize_url_path expect a URL path as first argument and received nothing."
 	if [ "${path_url:0:1}" != "/" ]; then    # If the first character is not a /
 		path_url="/$path_url"    # Add / at begin of path variable
 	fi
 	if [ "${path_url:${#path_url}-1}" == "/" ] && [ ${#path_url} -gt 1 ]; then    # If the last character is a / and that not the only character.
 		path_url="${path_url:0:${#path_url}-1}"	# Delete the last character
 	fi
 	echo $path_url
 }
--- a/data/helpers.d/system
+++ b/data/helpers.d/system
@ -1,267 +0,0 @@
 #!/bin/bash
 # Manage a fail of the script
 #
 # [internal]
 #
 # usage: 
 # ynh_exit_properly is used only by the helper ynh_abort_if_errors.
 # You should not use it directly.
 # Instead, add to your script:
 # ynh_clean_setup () {
 #        instructions...
 # }
 #
 # This function provide a way to clean some residual of installation that not managed by remove script.
 #
 # It prints a warning to inform that the script was failed, and execute the ynh_clean_setup function if used in the app script
 #
 ynh_exit_properly () {
 	local exit_code=$?
 	if [ "$exit_code" -eq 0 ]; then
 			exit 0	# Exit without error if the script ended correctly
 	fi
 	trap '' EXIT	# Ignore new exit signals
 	set +eu	# Do not exit anymore if a command fail or if a variable is empty
 	echo -e "!!\n  $app's script has encountered an error. Its execution was cancelled.\n!!" >&2
 	if type -t ynh_clean_setup > /dev/null; then	# Check if the function exist in the app script.
 		ynh_clean_setup	# Call the function to do specific cleaning for the app.
 	fi
 	ynh_die	# Exit with error status
 }
 # Exits if an error occurs during the execution of the script.
 #
 # usage: ynh_abort_if_errors
 #
 # This configure the rest of the script execution such that, if an error occurs
 # or if an empty variable is used, the execution of the script stops
 # immediately and a call to `ynh_clean_setup` is triggered if it has been
 # defined by your script.
 #
 ynh_abort_if_errors () {
 	set -eu	# Exit if a command fail, and if a variable is used unset.
 	trap ynh_exit_properly EXIT	# Capturing exit signals on shell script
 }
 # Fetch the Debian release codename
 #
 # usage: ynh_get_debian_release
 # | ret: The Debian release codename (i.e. jessie, stretch, ...)
 ynh_get_debian_release () {
 	echo $(lsb_release --codename --short)
 }
 # Start (or other actions) a service,  print a log in case of failure and optionnaly wait until the service is completely started
 #
 # usage: ynh_systemd_action [-n service_name] [-a action] [ [-l "line to match"] [-p log_path] [-t timeout] [-e length] ]
 # | arg: -n, --service_name= - Name of the service to start. Default : $app
 # | arg: -a, --action=       - Action to perform with systemctl. Default: start
 # | arg: -l, --line_match=   - Line to match - The line to find in the log to attest the service have finished to boot.
 #                              If not defined it don't wait until the service is completely started.
 #                              WARNING: When using --line_match, you should always add `ynh_clean_check_starting` into your
 #                                `ynh_clean_setup` at the beginning of the script. Otherwise, tail will not stop in case of failure
 #                                of the script. The script will then hang forever.
 # | arg: -p, --log_path=     - Log file - Path to the log file. Default : /var/log/$app/$app.log
 # | arg: -t, --timeout=      - Timeout - The maximum time to wait before ending the watching. Default : 300 seconds.
 # | arg: -e, --length=       - Length of the error log : Default : 20
 ynh_systemd_action() {
    # Declare an array to define the options of this helper.
    declare -Ar args_array=( [n]=service_name= [a]=action= [l]=line_match= [p]=log_path= [t]=timeout= [e]=length= )
    local service_name
    local action
    local line_match
    local length
    local log_path
    local timeout
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"
    local service_name="${service_name:-$app}"
    local action=${action:-start}
    local log_path="${log_path:-/var/log/$service_name/$service_name.log}"
    local length=${length:-20}
    local timeout=${timeout:-300}
    # Start to read the log
    if [[ -n "${line_match:-}" ]]
    then
        local templog="$(mktemp)"
        # Following the starting of the app in its log
        if [ "$log_path" == "systemd" ] ; then
            # Read the systemd journal
            journalctl --unit=$service_name --follow --since=-0 --quiet > "$templog" &
            # Get the PID of the journalctl command
            local pid_tail=$!
        else
            # Read the specified log file
            tail -F -n0 "$log_path" > "$templog" 2>&1 &
            # Get the PID of the tail command
            local pid_tail=$!
        fi
    fi
    ynh_print_info --message="${action^} the service $service_name"
    # Use reload-or-restart instead of reload. So it wouldn't fail if the service isn't running.
    if [ "$action" == "reload" ]; then
        action="reload-or-restart"
    fi
    systemctl $action $service_name \
        || ( journalctl --no-pager --lines=$length -u $service_name >&2 \
        ; test -e "$log_path" && echo "--" >&2 && tail --lines=$length "$log_path" >&2 \
        ; false )
    # Start the timeout and try to find line_match
    if [[ -n "${line_match:-}" ]]
    then
        local i=0
        for i in $(seq 1 $timeout)
        do
            # Read the log until the sentence is found, that means the app finished to start. Or run until the timeout
            if grep --quiet "$line_match" "$templog"
            then
                ynh_print_info --message="The service $service_name has correctly started."
                break
            fi
            if [ $i -eq 3 ]; then
                echo -n "Please wait, the service $service_name is ${action}ing" >&2
            fi
            if [ $i -ge 3 ]; then
                echo -n "." >&2
            fi
            sleep 1
        done
        if [ $i -ge 3 ]; then
            echo "" >&2
        fi
        if [ $i -eq $timeout ]
        then
            ynh_print_warn --message="The service $service_name didn't fully started before the timeout."
            ynh_print_warn --message="Please find here an extract of the end of the log of the service $service_name:"
            journalctl --no-pager --lines=$length -u $service_name >&2
            test -e "$log_path" && echo "--" >&2 && tail --lines=$length "$log_path" >&2
        fi
        ynh_clean_check_starting
    fi
 }
 # Clean temporary process and file used by ynh_check_starting
 # (usually used in ynh_clean_setup scripts)
 #
 # usage: ynh_clean_check_starting
 ynh_clean_check_starting () {
 	# Stop the execution of tail.
 	kill -s 15 $pid_tail 2>&1
 	ynh_secure_remove "$templog" 2>&1
 }
 # Read the value of a key in a ynh manifest file
 #
 # usage: ynh_read_manifest manifest key
 # | arg: -m, --manifest= - Path of the manifest to read
 # | arg: -k, --key= - Name of the key to find
 ynh_read_manifest () {
 	# Declare an array to define the options of this helper.
        declare -Ar args_array=( [m]=manifest= [k]=manifest_key= )
        local manifest
        local manifest_key
 	# Manage arguments with getopts
 	ynh_handle_getopts_args "$@"
 	if [ ! -e "$manifest" ]; then
 		# If the manifest isn't found, try the common place for backup and restore script.
 		manifest="../settings/manifest.json"
 	fi
 	jq ".$manifest_key" "$manifest" --raw-output
 }
 # Read the upstream version from the manifest
 # The version number in the manifest is defined by <upstreamversion>~ynh<packageversion>
 # For example : 4.3-2~ynh3
 # This include the number before ~ynh
 # In the last example it return 4.3-2
 #
 # usage: ynh_app_upstream_version [-m manifest]
 # | arg: -m, --manifest= - Path of the manifest to read
 ynh_app_upstream_version () {
    declare -Ar args_array=( [m]=manifest= )
    local manifest
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"
    manifest="${manifest:-../manifest.json}"
    version_key=$(ynh_read_manifest --manifest="$manifest" --manifest_key="version")
    echo "${version_key/~ynh*/}"
 }
 # Read package version from the manifest
 # The version number in the manifest is defined by <upstreamversion>~ynh<packageversion>
 # For example : 4.3-2~ynh3
 # This include the number after ~ynh
 # In the last example it return 3
 #
 # usage: ynh_app_package_version [-m manifest]
 # | arg: -m, --manifest= - Path of the manifest to read
 ynh_app_package_version () {
    declare -Ar args_array=( [m]=manifest= )
    local manifest
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"
    manifest="${manifest:-../manifest.json}"
    version_key=$(ynh_read_manifest --manifest="$manifest" --manifest_key="version")
    echo "${version_key/*~ynh/}"
 }
 # Checks the app version to upgrade with the existing app version and returns:
 # - UPGRADE_APP if the upstream app version has changed
 # - UPGRADE_PACKAGE if only the YunoHost package has changed
 #
 ## It stops the current script without error if the package is up-to-date
 #
 # This helper should be used to avoid an upgrade of an app, or the upstream part
 # of it, when it's not needed
 #
 # To force an upgrade, even if the package is up to date,
 # you have to set the variable YNH_FORCE_UPGRADE before.
 # example: sudo YNH_FORCE_UPGRADE=1 yunohost app upgrade MyApp
 #
 # usage: ynh_check_app_version_changed
 ynh_check_app_version_changed () {
  local force_upgrade=${YNH_FORCE_UPGRADE:-0}
  local package_check=${PACKAGE_CHECK_EXEC:-0}
  # By default, upstream app version has changed
  local return_value="UPGRADE_APP"
  local current_version=$(ynh_read_manifest --manifest="/etc/yunohost/apps/$YNH_APP_INSTANCE_NAME/manifest.json" --manifest_key="version" || echo 1.0)
  local current_upstream_version="$(ynh_app_upstream_version --manifest="/etc/yunohost/apps/$YNH_APP_INSTANCE_NAME/manifest.json")"
  local update_version=$(ynh_read_manifest --manifest="../manifest.json" --manifest_key="version" || echo 1.0)
  local update_upstream_version="$(ynh_app_upstream_version)"
  if [ "$current_version" == "$update_version" ] ; then
      # Complete versions are the same
      if [ "$force_upgrade" != "0" ]
      then
        echo "Upgrade forced by YNH_FORCE_UPGRADE." >&2
        unset YNH_FORCE_UPGRADE
      elif [ "$package_check" != "0" ]
      then
        echo "Upgrade forced for package check." >&2
      else
        ynh_die "Up-to-date, nothing to do" 0
      fi
  elif [ "$current_upstream_version" == "$update_upstream_version" ] ; then
    # Upstream versions are the same, only YunoHost package versions differ
    return_value="UPGRADE_PACKAGE"
  fi
  echo $return_value
 }
--- a/data/helpers.d/systemd
+++ b/data/helpers.d/systemd
@ -0,0 +1,179 @@
 #!/bin/bash
 # Create a dedicated systemd config
 #
 # usage: ynh_add_systemd_config [--service=service] [--template=template]
 # | arg: -s, --service - Service name (optionnal, $app by default)
 # | arg: -t, --template - Name of template file (optionnal, this is 'systemd' by default, meaning ./conf/systemd.service will be used as template)
 #
 # This will use the template ../conf/<templatename>.service
 # to generate a systemd config, by replacing the following keywords
 # with global variables that should be defined before calling
 # this helper :
 #
 #   __APP__       by  $app
 #   __FINALPATH__ by  $final_path
 #
 # Requires YunoHost version 2.7.2 or higher.
 ynh_add_systemd_config () {
 	# Declare an array to define the options of this helper.
 	local legacy_args=st
 	declare -Ar args_array=( [s]=service= [t]=template= )
 	local service
 	local template
 	# Manage arguments with getopts
 	ynh_handle_getopts_args "$@"
 	local service="${service:-$app}"
 	local template="${template:-systemd.service}"
 	finalsystemdconf="/etc/systemd/system/$service.service"
 	ynh_backup_if_checksum_is_different --file="$finalsystemdconf"
 	sudo cp ../conf/$template "$finalsystemdconf"
 	# To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable.
 	# Substitute in a nginx config file only if the variable is not empty
 	if test -n "${final_path:-}"; then
 		ynh_replace_string --match_string="__FINALPATH__" --replace_string="$final_path" --target_file="$finalsystemdconf"
 	fi
 	if test -n "${app:-}"; then
 		ynh_replace_string --match_string="__APP__" --replace_string="$app" --target_file="$finalsystemdconf"
 	fi
 	ynh_store_file_checksum --file="$finalsystemdconf"
 	sudo chown root: "$finalsystemdconf"
 	sudo systemctl enable $service
 	sudo systemctl daemon-reload
 }
 # Remove the dedicated systemd config
 #
 # usage: ynh_remove_systemd_config [--service=service]
 # | arg: -s, --service - Service name (optionnal, $app by default)
 #
 # Requires YunoHost version 2.7.2 or higher.
 ynh_remove_systemd_config () {
 	# Declare an array to define the options of this helper.
 	local legacy_args=s
 	declare -Ar args_array=( [s]=service= )
 	local service
 	# Manage arguments with getopts
 	ynh_handle_getopts_args "$@"
 	local service="${service:-$app}"
 	local finalsystemdconf="/etc/systemd/system/$service.service"
 	if [ -e "$finalsystemdconf" ]; then
 		ynh_systemd_action --service_name=$service --action=stop
 		systemctl disable $service
 		ynh_secure_remove --file="$finalsystemdconf"
 		systemctl daemon-reload
 	fi
 }
 # Start (or other actions) a service,  print a log in case of failure and optionnaly wait until the service is completely started
 #
 # usage: ynh_systemd_action [-n service_name] [-a action] [ [-l "line to match"] [-p log_path] [-t timeout] [-e length] ]
 # | arg: -n, --service_name= - Name of the service to start. Default : $app
 # | arg: -a, --action=       - Action to perform with systemctl. Default: start
 # | arg: -l, --line_match=   - Line to match - The line to find in the log to attest the service have finished to boot.
 #                              If not defined it don't wait until the service is completely started.
 #                              WARNING: When using --line_match, you should always add `ynh_clean_check_starting` into your
 #                                `ynh_clean_setup` at the beginning of the script. Otherwise, tail will not stop in case of failure
 #                                of the script. The script will then hang forever.
 # | arg: -p, --log_path=     - Log file - Path to the log file. Default : /var/log/$app/$app.log
 # | arg: -t, --timeout=      - Timeout - The maximum time to wait before ending the watching. Default : 300 seconds.
 # | arg: -e, --length=       - Length of the error log : Default : 20
 ynh_systemd_action() {
    # Declare an array to define the options of this helper.
    local legacy_args=nalpte
    declare -Ar args_array=( [n]=service_name= [a]=action= [l]=line_match= [p]=log_path= [t]=timeout= [e]=length= )
    local service_name
    local action
    local line_match
    local length
    local log_path
    local timeout
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"
    local service_name="${service_name:-$app}"
    local action=${action:-start}
    local log_path="${log_path:-/var/log/$service_name/$service_name.log}"
    local length=${length:-20}
    local timeout=${timeout:-300}
    # Start to read the log
    if [[ -n "${line_match:-}" ]]
    then
        local templog="$(mktemp)"
        # Following the starting of the app in its log
        if [ "$log_path" == "systemd" ] ; then
            # Read the systemd journal
            journalctl --unit=$service_name --follow --since=-0 --quiet > "$templog" &
            # Get the PID of the journalctl command
            local pid_tail=$!
        else
            # Read the specified log file
            tail -F -n0 "$log_path" > "$templog" 2>&1 &
            # Get the PID of the tail command
            local pid_tail=$!
        fi
    fi
    ynh_print_info --message="${action^} the service $service_name"
    # Use reload-or-restart instead of reload. So it wouldn't fail if the service isn't running.
    if [ "$action" == "reload" ]; then
        action="reload-or-restart"
    fi
    systemctl $action $service_name \
        || ( journalctl --no-pager --lines=$length -u $service_name >&2 \
        ; test -e "$log_path" && echo "--" >&2 && tail --lines=$length "$log_path" >&2 \
        ; false )
    # Start the timeout and try to find line_match
    if [[ -n "${line_match:-}" ]]
    then
        local i=0
        for i in $(seq 1 $timeout)
        do
            # Read the log until the sentence is found, that means the app finished to start. Or run until the timeout
            if grep --quiet "$line_match" "$templog"
            then
                ynh_print_info --message="The service $service_name has correctly started."
                break
            fi
            if [ $i -eq 3 ]; then
                echo -n "Please wait, the service $service_name is ${action}ing" >&2
            fi
            if [ $i -ge 3 ]; then
                echo -n "." >&2
            fi
            sleep 1
        done
        if [ $i -ge 3 ]; then
            echo "" >&2
        fi
        if [ $i -eq $timeout ]
        then
            ynh_print_warn --message="The service $service_name didn't fully started before the timeout."
            ynh_print_warn --message="Please find here an extract of the end of the log of the service $service_name:"
            journalctl --no-pager --lines=$length -u $service_name >&2
            test -e "$log_path" && echo "--" >&2 && tail --lines=$length "$log_path" >&2
        fi
        ynh_clean_check_starting
    fi
 }
 # Clean temporary process and file used by ynh_check_starting
 # (usually used in ynh_clean_setup scripts)
 #
 # usage: ynh_clean_check_starting
 ynh_clean_check_starting () {
 	# Stop the execution of tail.
 	kill -s 15 $pid_tail 2>&1
 	ynh_secure_remove "$templog" 2>&1
 }
--- a/data/helpers.d/user
+++ b/data/helpers.d/user
@ -6,6 +6,8 @@
 #
 # usage: ynh_user_exists --username=username
 # | arg: -u, --username - the username to check
 #
 # Requires YunoHost version 2.2.4 or higher.
 ynh_user_exists() {
    # Declare an array to define the options of this helper.
    local legacy_args=u
@ -25,6 +27,8 @@ ynh_user_exists() {
 # | arg: -u, --username - the username to retrieve info from
 # | arg: -k, --key - the key to retrieve
 # | ret: string - the key's value
 #
 # Requires YunoHost version 2.2.4 or higher.
 ynh_user_get_info() {
    # Declare an array to define the options of this helper.
    local legacy_args=uk
@ -43,6 +47,8 @@ ynh_user_get_info() {
 #
 # usage: ynh_user_list
 # | ret: string - one username per line
 #
 # Requires YunoHost version 2.4.0 or higher.
 ynh_user_list() {
    sudo yunohost user list --output-as plain --quiet \
      | awk '/^##username$/{getline; print}'
@ -52,6 +58,8 @@ ynh_user_list() {
 #
 # usage: ynh_system_user_exists --username=username
 # | arg: -u, --username - the username to check
 #
 # Requires YunoHost version 2.2.4 or higher.
 ynh_system_user_exists() {
    # Declare an array to define the options of this helper.
    local legacy_args=u
@ -81,16 +89,17 @@ ynh_system_group_exists() {
 # Create a system user
 #
 # examples:
-#   - ynh_system_user_create --username=nextcloud -> creates a nextcloud user with
+#   # Create a nextcloud user with no home directory and /usr/sbin/nologin login shell (hence no login capability)
-#    no home directory and /usr/sbin/nologin login shell (hence no login capability)
+#   ynh_system_user_create --username=nextcloud
-#   - ynh_system_user_create --username=discourse --home_dir=/var/www/discourse --use_shell --> creates a
+#   # Create a discourse user using /var/www/discourse as home directory and the default login shell
-#    discourse user using /var/www/discourse as home directory and the default login shell
+#   ynh_system_user_create --username=discourse --home_dir=/var/www/discourse --use_shell 
 #
 # usage: ynh_system_user_create --username=user_name [--home_dir=home_dir] [--use_shell]
 # | arg: -u, --username - Name of the system user that will be create
 # | arg: -h, --home_dir - Path of the home dir for the user. Usually the final path of the app. If this argument is omitted, the user will be created without home
-# | arg: -s, --use_shell - Create a user using the default login shell if present.
+# | arg: -s, --use_shell - Create a user using the default login shell if present. If this argument is omitted, the user will be created with /usr/sbin/nologin shell
-# If this argument is omitted, the user will be created with /usr/sbin/nologin shell
+#
 # Requires YunoHost version 2.6.4 or higher.
 ynh_system_user_create () {
 	# Declare an array to define the options of this helper.
 	local legacy_args=uhs
@ -123,6 +132,8 @@ ynh_system_user_create () {
 #
 # usage: ynh_system_user_delete --username=user_name
 # | arg: -u, --username - Name of the system user that will be create
 #
 # Requires YunoHost version 2.6.4 or higher.
 ynh_system_user_delete () {
    # Declare an array to define the options of this helper.
    local legacy_args=u
@ -134,16 +145,16 @@ ynh_system_user_delete () {
    # Check if the user exists on the system
    if ynh_system_user_exists "$username"
    then
-		echo "Remove the user $username" >&2
+		ynh_print_info --message="Remove the user $username"
 		deluser $username
 	else
-		echo "The user $username was not found" >&2
+		ynh_print_warn --message="The user $username was not found"
    fi
    # Check if the group exists on the system
    if ynh_system_group_exists "$username"
    then
-		echo "Remove the group $username" >&2
+		ynh_print_info --message="Remove the group $username"
 		delgroup $username
    fi
 }
--- a/data/helpers.d/utils
+++ b/data/helpers.d/utils
@ -1,109 +1,53 @@
 #!/bin/bash
-# Extract a key from a plain command output
+# Manage a fail of the script
 #
-# example: yunohost user info tata --output-as plain | ynh_get_plain_key mail
+# [internal]
 #
 # usage: ynh_get_plain_key key [subkey [subsubkey ...]]
 # | ret: string - the key's value
 ynh_get_plain_key() {
    local prefix="#"
    local founded=0
    local key=$1
    shift
    while read line; do
        if [[ "$founded" == "1" ]] ; then
            [[ "$line" =~ ^${prefix}[^#] ]] && return
            echo $line
        elif [[ "$line" =~ ^${prefix}${key}$ ]]; then
            if [[ -n "${1:-}" ]]; then
                prefix+="#"
                key=$1
                shift
            else
                founded=1
            fi
        fi
    done
 }
 # Restore a previous backup if the upgrade process failed
 #
 # usage:
-# ynh_backup_before_upgrade
+# ynh_exit_properly is used only by the helper ynh_abort_if_errors.
 # You should not use it directly.
 # Instead, add to your script:
 # ynh_clean_setup () {
-# 	ynh_restore_upgradebackup
+#        instructions...
 # }
 # ynh_abort_if_errors
 #
-ynh_restore_upgradebackup () {
+# This function provide a way to clean some residual of installation that not managed by remove script.
 	echo "Upgrade failed." >&2
 	local app_bck=${app//_/-}	# Replace all '_' by '-'
  	NO_BACKUP_UPGRADE=${NO_BACKUP_UPGRADE:-0}
 	if [ "$NO_BACKUP_UPGRADE" -eq 0 ]
 	then	
 		# Check if an existing backup can be found before removing and restoring the application.
 		if sudo yunohost backup list | grep -q $app_bck-pre-upgrade$backup_number
 		then
 			# Remove the application then restore it
 			sudo yunohost app remove $app
 			# Restore the backup
 			sudo yunohost backup restore $app_bck-pre-upgrade$backup_number --apps $app --force --debug
 			ynh_die --message="The app was restored to the way it was before the failed upgrade."
 		fi
 	else
      		echo "\$NO_BACKUP_UPGRADE is set, that means there's no backup to restore. You have to fix this upgrade by yourself !" >&2
  	fi
 }
 # Make a backup in case of failed upgrade
 #
-# usage:
+# It prints a warning to inform that the script was failed, and execute the ynh_clean_setup function if used in the app script
 # ynh_backup_before_upgrade
 # ynh_clean_setup () {
 # 	ynh_restore_upgradebackup
 # }
 # ynh_abort_if_errors
 #
-ynh_backup_before_upgrade () {
+# Requires YunoHost version 2.6.4 or higher.
-	if [ ! -e "/etc/yunohost/apps/$app/scripts/backup" ]
+ynh_exit_properly () {
-	then
+	local exit_code=$?
-		echo "This app doesn't have any backup script." >&2
+	if [ "$exit_code" -eq 0 ]; then
-		return
+			exit 0	# Exit without error if the script ended correctly
 	fi
 	backup_number=1
 	local old_backup_number=2
 	local app_bck=${app//_/-}	# Replace all '_' by '-'
 	NO_BACKUP_UPGRADE=${NO_BACKUP_UPGRADE:-0}
-        if [ "$NO_BACKUP_UPGRADE" -eq 0 ]
+	trap '' EXIT	# Ignore new exit signals
-        then
+	set +eu	# Do not exit anymore if a command fail or if a variable is empty
 		# Check if a backup already exists with the prefix 1
 		if sudo yunohost backup list | grep -q $app_bck-pre-upgrade1
 		then
 			# Prefix becomes 2 to preserve the previous backup
 			backup_number=2
 			old_backup_number=1
 		fi
-		# Create backup
+	ynh_print_err --message="!!\n  $app's script has encountered an error. Its execution was cancelled.\n!!"
-		sudo BACKUP_CORE_ONLY=1 yunohost backup create --apps $app --name $app_bck-pre-upgrade$backup_number --debug
+
-		if [ "$?" -eq 0 ]
+	if type -t ynh_clean_setup > /dev/null; then	# Check if the function exist in the app script.
-		then
+		ynh_clean_setup	# Call the function to do specific cleaning for the app.
-			# If the backup succeeded, remove the previous backup
+	fi
-			if sudo yunohost backup list | grep -q $app_bck-pre-upgrade$old_backup_number
+
-			then
+	ynh_die	# Exit with error status
-				# Remove the previous backup only if it exists
+}
-				sudo yunohost backup delete $app_bck-pre-upgrade$old_backup_number > /dev/null
+
-			fi
+# Exits if an error occurs during the execution of the script.
-		else
+#
-			ynh_die --message="Backup failed, the upgrade process was aborted."
+# usage: ynh_abort_if_errors
-		fi
+#
-        else
+# This configure the rest of the script execution such that, if an error occurs
-                echo "\$NO_BACKUP_UPGRADE is set, backup will be avoided. Be careful, this upgrade is going to be operated without a security backup"
+# or if an empty variable is used, the execution of the script stops
-        fi
+# immediately and a call to `ynh_clean_setup` is triggered if it has been
 # defined by your script.
 #
 # Requires YunoHost version 2.6.4 or higher.
 ynh_abort_if_errors () {
 	set -eu	# Exit if a command fail, and if a variable is used unset.
 	trap ynh_exit_properly EXIT	# Capturing exit signals on shell script
 }
 # Download, check integrity, uncompress and patch the source from app.src
@ -125,7 +69,7 @@ ynh_backup_before_upgrade () {
 # SOURCE_IN_SUBDIR=false
 # # (Optionnal) Name of the local archive (offline setup support)
 # # default: ${src_id}.${src_format}
-# SOURCE_FILENAME=example.tar.gz 
+# SOURCE_FILENAME=example.tar.gz
 # # (Optional) If it set as false don't extract the source.
 # # (Useful to get a debian package or a python wheel.)
 # # default: true
@ -150,6 +94,8 @@ ynh_backup_before_upgrade () {
 # usage: ynh_setup_source --dest_dir=dest_dir [--source_id=source_id]
 # | arg: -d, --dest_dir  - Directory where to setup sources
 # | arg: -s, --source_id - Name of the app, if the package contains more than one app
 #
 # Requires YunoHost version 2.6.4 or higher.
 ynh_setup_source () {
    # Declare an array to define the options of this helper.
    local legacy_args=ds
@ -160,15 +106,22 @@ ynh_setup_source () {
    ynh_handle_getopts_args "$@"
    source_id="${source_id:-app}" # If the argument is not given, source_id equals "app"
    local src_file_path="$YNH_CWD/../conf/${source_id}.src"
    # In case of restore script the src file is in an other path.
    # So try to use the restore path if the general path point to no file.
    if [ ! -e "$src_file_path" ]; then
        src_file_path="$YNH_CWD/../settings/conf/${source_id}.src"
    fi
    # Load value from configuration file (see above for a small doc about this file
    # format)
-    local src_url=$(grep 'SOURCE_URL=' "$YNH_CWD/../conf/${source_id}.src" | cut -d= -f2-)
+    local src_url=$(grep 'SOURCE_URL=' "$src_file_path" | cut -d= -f2-)
-    local src_sum=$(grep 'SOURCE_SUM=' "$YNH_CWD/../conf/${source_id}.src" | cut -d= -f2-)
+    local src_sum=$(grep 'SOURCE_SUM=' "$src_file_path" | cut -d= -f2-)
-    local src_sumprg=$(grep 'SOURCE_SUM_PRG=' "$YNH_CWD/../conf/${source_id}.src" | cut -d= -f2-)
+    local src_sumprg=$(grep 'SOURCE_SUM_PRG=' "$src_file_path" | cut -d= -f2-)
-    local src_format=$(grep 'SOURCE_FORMAT=' "$YNH_CWD/../conf/${source_id}.src" | cut -d= -f2-)
+    local src_format=$(grep 'SOURCE_FORMAT=' "$src_file_path" | cut -d= -f2-)
-    local src_extract=$(grep 'SOURCE_EXTRACT=' "$YNH_CWD/../conf/${source_id}.src" | cut -d= -f2-)
+    local src_extract=$(grep 'SOURCE_EXTRACT=' "$src_file_path" | cut -d= -f2-)
-    local src_in_subdir=$(grep 'SOURCE_IN_SUBDIR=' "$YNH_CWD/../conf/${source_id}.src" | cut -d= -f2-)
+    local src_in_subdir=$(grep 'SOURCE_IN_SUBDIR=' "$src_file_path" | cut -d= -f2-)
-    local src_filename=$(grep 'SOURCE_FILENAME=' "$YNH_CWD/../conf/${source_id}.src" | cut -d= -f2-)
+    local src_filename=$(grep 'SOURCE_FILENAME=' "$src_file_path" | cut -d= -f2-)
    # Default value
    src_sumprg=${src_sumprg:-sha256sum}
@ -199,7 +152,7 @@ ynh_setup_source () {
    then
        mv $src_filename $dest_dir
    elif [ "$src_format" = "zip" ]
-    then 
+    then
        # Zip format
        # Using of a temp directory, because unzip doesn't manage --strip-components
        if $src_in_subdir ; then
@ -249,45 +202,47 @@ ynh_setup_source () {
 # $domain and $path_url should be defined externally (and correspond to the domain.tld and the /path (of the app?))
 #
 # example: ynh_local_curl "/install.php?installButton" "foo=$var1" "bar=$var2"
-# 
+#
 # usage: ynh_local_curl "page_uri" "key1=value1" "key2=value2" ...
 # | arg: page_uri    - Path (relative to $path_url) of the page where POST data will be sent
 # | arg: key1=value1 - (Optionnal) POST key and corresponding value
 # | arg: key2=value2 - (Optionnal) Another POST key and corresponding value
 # | arg: ...         - (Optionnal) More POST keys and values
 #
 # Requires YunoHost version 2.6.4 or higher.
 ynh_local_curl () {
-	# Define url of page to curl
+    # Define url of page to curl
-	local local_page=$(ynh_normalize_url_path $1)
+    local local_page=$(ynh_normalize_url_path $1)
-	local full_path=$path_url$local_page
+    local full_path=$path_url$local_page
 	if [ "${path_url}" == "/" ]; then 
 		full_path=$local_page
 	fi
 	local full_page_url=https://localhost$full_path
-	# Concatenate all other arguments with '&' to prepare POST data
+    if [ "${path_url}" == "/" ]; then
-	local POST_data=""
+        full_path=$local_page
-	local arg=""
+    fi
 	for arg in "${@:2}"
 	do
 		POST_data="${POST_data}${arg}&"
 	done
 	if [ -n "$POST_data" ]
 	then
 		# Add --data arg and remove the last character, which is an unecessary '&'
 		POST_data="--data ${POST_data::-1}"
 	fi
 	# Wait untils nginx has fully reloaded (avoid curl fail with http2)
 	sleep 2
-	# Curl the URL
+    local full_page_url=https://localhost$full_path
-	curl --silent --show-error -kL -H "Host: $domain" --resolve $domain:443:127.0.0.1 $POST_data "$full_page_url"
+
    # Concatenate all other arguments with '&' to prepare POST data
    local POST_data=""
    local arg=""
    for arg in "${@:2}"
    do
        POST_data="${POST_data}${arg}&"
    done
    if [ -n "$POST_data" ]
    then
        # Add --data arg and remove the last character, which is an unecessary '&'
        POST_data="--data ${POST_data::-1}"
    fi
    # Wait untils nginx has fully reloaded (avoid curl fail with http2)
    sleep 2
    # Curl the URL
    curl --silent --show-error -kL -H "Host: $domain" --resolve $domain:443:127.0.0.1 $POST_data "$full_page_url"
 }
 # Render templates with Jinja2
-# 
+#
 # Attention : Variables should be exported before calling this helper to be
 # accessible inside templates.
 #
@ -303,3 +258,220 @@ ynh_render_template() {
                    jinja2.Template(sys.stdin.read()
                 ).render(os.environ));' < $template_path > $output_path
 }
 # Fetch the Debian release codename
 #
 # usage: ynh_get_debian_release
 # | ret: The Debian release codename (i.e. jessie, stretch, ...)
 #
 # Requires YunoHost version 2.7.12 or higher.
 ynh_get_debian_release () {
 	echo $(lsb_release --codename --short)
 }
 # Create a directory under /tmp
 #
 # [internal]
 #
 # Deprecated helper
 #
 # usage: ynh_mkdir_tmp
 # | ret: the created directory path
 ynh_mkdir_tmp() {
    ynh_print_warn --message="The helper ynh_mkdir_tmp is deprecated."
    ynh_print_warn --message="You should use 'mktemp -d' instead and manage permissions \
 properly with chmod/chown."
    local TMP_DIR=$(mktemp -d)
    # Give rights to other users could be a security risk.
    # But for retrocompatibility we need it. (This helpers is deprecated)
    chmod 755 $TMP_DIR
    echo $TMP_DIR
 }
 # Remove a file or a directory securely
 #
 # usage: ynh_secure_remove --file=path_to_remove
 # | arg: -f, --file - File or directory to remove
 #
 # Requires YunoHost version 2.6.4 or higher.
 ynh_secure_remove () {
    # Declare an array to define the options of this helper.
    local legacy_args=f
    declare -Ar args_array=( [f]=file= )
    local file
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"
    local forbidden_path=" \
    /var/www \
    /home/yunohost.app"
    if [ $# -ge 2 ]
    then
        ynh_print_warn --message="/!\ Packager ! You provided more than one argument to ynh_secure_remove but it will be ignored... Use this helper with one argument at time."
    fi
    if [[ "$forbidden_path" =~ "$file" \
        # Match all paths or subpaths in $forbidden_path
        || "$file" =~ ^/[[:alnum:]]+$ \
        # Match all first level paths from / (Like /var, /root, etc...)
        || "${file:${#file}-1}" = "/" ]]
        # Match if the path finishes by /. Because it seems there is an empty variable
    then
        ynh_print_warn --message="Avoid deleting $file."
    else
        if [ -e "$file" ]
        then
            sudo rm -R "$file"
        else
            ynh_print_info --message="$file wasn't deleted because it doesn't exist."
        fi
    fi
 }
 # Extract a key from a plain command output
 #
 # example: yunohost user info tata --output-as plain | ynh_get_plain_key mail
 #
 # usage: ynh_get_plain_key key [subkey [subsubkey ...]]
 # | ret: string - the key's value
 #
 # Requires YunoHost version 2.2.4 or higher.
 ynh_get_plain_key() {
    local prefix="#"
    local founded=0
    local key=$1
    shift
    while read line; do
        if [[ "$founded" == "1" ]] ; then
            [[ "$line" =~ ^${prefix}[^#] ]] && return
            echo $line
        elif [[ "$line" =~ ^${prefix}${key}$ ]]; then
            if [[ -n "${1:-}" ]]; then
                prefix+="#"
                key=$1
                shift
            else
                founded=1
            fi
        fi
    done
 }
 # Read the value of a key in a ynh manifest file
 #
 # usage: ynh_read_manifest manifest key
 # | arg: -m, --manifest= - Path of the manifest to read
 # | arg: -k, --key= - Name of the key to find
 #
 # Requires YunoHost version 3.?.? or higher.
 ynh_read_manifest () {
 	# Declare an array to define the options of this helper.
        local legacy_args=mk
        declare -Ar args_array=( [m]=manifest= [k]=manifest_key= )
        local manifest
        local manifest_key
 	# Manage arguments with getopts
 	ynh_handle_getopts_args "$@"
 	if [ ! -e "$manifest" ]; then
 		# If the manifest isn't found, try the common place for backup and restore script.
 		manifest="../settings/manifest.json"
 	fi
 	jq ".$manifest_key" "$manifest" --raw-output
 }
 # Read the upstream version from the manifest
 # The version number in the manifest is defined by <upstreamversion>~ynh<packageversion>
 # For example : 4.3-2~ynh3
 # This include the number before ~ynh
 # In the last example it return 4.3-2
 #
 # usage: ynh_app_upstream_version [-m manifest]
 # | arg: -m, --manifest= - Path of the manifest to read
 #
 # Requires YunoHost version 3.?.? or higher.
 ynh_app_upstream_version () {
    # Declare an array to define the options of this helper.
    local legacy_args=m
    declare -Ar args_array=( [m]=manifest= )
    local manifest
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"
    manifest="${manifest:-../manifest.json}"
    version_key=$(ynh_read_manifest --manifest="$manifest" --manifest_key="version")
    echo "${version_key/~ynh*/}"
 }
 # Read package version from the manifest
 # The version number in the manifest is defined by <upstreamversion>~ynh<packageversion>
 # For example : 4.3-2~ynh3
 # This include the number after ~ynh
 # In the last example it return 3
 #
 # usage: ynh_app_package_version [-m manifest]
 # | arg: -m, --manifest= - Path of the manifest to read
 #
 # Requires YunoHost version 3.?.? or higher.
 ynh_app_package_version () {
    # Declare an array to define the options of this helper.
    local legacy_args=m
    declare -Ar args_array=( [m]=manifest= )
    local manifest
    # Manage arguments with getopts
    ynh_handle_getopts_args "$@"
    manifest="${manifest:-../manifest.json}"
    version_key=$(ynh_read_manifest --manifest="$manifest" --manifest_key="version")
    echo "${version_key/*~ynh/}"
 }
 # Checks the app version to upgrade with the existing app version and returns:
 # - UPGRADE_APP if the upstream app version has changed
 # - UPGRADE_PACKAGE if only the YunoHost package has changed
 #
 # It stops the current script without error if the package is up-to-date
 #
 # This helper should be used to avoid an upgrade of an app, or the upstream part
 # of it, when it's not needed
 #
 # To force an upgrade, even if the package is up to date,
 # you have to set the variable YNH_FORCE_UPGRADE before.
 # example: sudo YNH_FORCE_UPGRADE=1 yunohost app upgrade MyApp
 #
 # usage: ynh_check_app_version_changed
 #
 # Requires YunoHost version 3.?.? or higher.
 ynh_check_app_version_changed () {
  local force_upgrade=${YNH_FORCE_UPGRADE:-0}
  local package_check=${PACKAGE_CHECK_EXEC:-0}
  # By default, upstream app version has changed
  local return_value="UPGRADE_APP"
  local current_version=$(ynh_read_manifest --manifest="/etc/yunohost/apps/$YNH_APP_INSTANCE_NAME/manifest.json" --manifest_key="version" || echo 1.0)
  local current_upstream_version="$(ynh_app_upstream_version --manifest="/etc/yunohost/apps/$YNH_APP_INSTANCE_NAME/manifest.json")"
  local update_version=$(ynh_read_manifest --manifest="../manifest.json" --manifest_key="version" || echo 1.0)
  local update_upstream_version="$(ynh_app_upstream_version)"
  if [ "$current_version" == "$update_version" ] ; then
      # Complete versions are the same
      if [ "$force_upgrade" != "0" ]
      then
        ynh_print_info --message="Upgrade forced by YNH_FORCE_UPGRADE."
        unset YNH_FORCE_UPGRADE
      elif [ "$package_check" != "0" ]
      then
        ynh_print_info --message="Upgrade forced for package check."
      else
        ynh_die "Up-to-date, nothing to do" 0
      fi
  elif [ "$current_upstream_version" == "$update_upstream_version" ] ; then
    # Upstream versions are the same, only YunoHost package versions differ
    return_value="UPGRADE_PACKAGE"
  fi
  echo $return_value
 }
--- a/data/hooks/backup/32-conf_cron
+++ b/data/hooks/backup/32-conf_cron
@ -10,6 +10,6 @@ source /usr/share/yunohost/helpers
 backup_dir="${1}/conf/cron"
 # Backup the configuration
-for f in $(ls -1B /etc/cron.d/yunohost*); do
+for f in $(ls -1B /etc/cron.d/yunohost* 2> /dev/null); do
  ynh_backup "$f" "${backup_dir}/${f##*/}"
 done
--- a/data/hooks/conf_regen/03-ssh
+++ b/data/hooks/conf_regen/03-ssh
@ -12,7 +12,7 @@ do_pre_regen() {
    [[ ! -f /etc/yunohost/from_script ]] || return 0
    cd /usr/share/yunohost/templates/ssh
-    
+
    # do not listen to IPv6 if unavailable
    [[ -f /proc/net/if_inet6 ]] && ipv6_enabled=true || ipv6_enabled=false
@ -23,6 +23,9 @@ do_pre_regen() {
        ssh_keys="$ssh_keys $(ls /etc/ssh/ssh_host_dsa_key 2>/dev/null || true)"
    fi
    # Support different strategy for security configurations
    export compatibility="$(yunohost settings get 'security.ssh.compatibility')"
    export ssh_keys
    export ipv6_enabled
    ynh_render_template "sshd_config" "${pending_dir}/etc/ssh/sshd_config"
--- a/data/hooks/conf_regen/15-nginx
+++ b/data/hooks/conf_regen/15-nginx
@ -10,7 +10,25 @@ do_init_regen() {
    exit 1
  fi
-  do_pre_regen ""
+  cd /usr/share/yunohost/templates/nginx
  nginx_dir="/etc/nginx"
  nginx_conf_dir="${nginx_dir}/conf.d"
  mkdir -p "$nginx_conf_dir"
  # install plain conf files
  cp plain/* "$nginx_conf_dir"
  # probably run with init: just disable default site, restart NGINX and exit
  rm -f "${nginx_dir}/sites-enabled/default"
  export compatibility="intermediate"
  ynh_render_template "yunohost_admin.conf" "${nginx_conf_dir}/yunohost_admin.conf"
  # Restart nginx if conf looks good, otherwise display error and exit unhappy
  nginx -t 2>/dev/null && service nginx restart || (nginx -t && exit 1)
  exit 0
 }
 do_pre_regen() {
@ -22,20 +40,16 @@ do_pre_regen() {
  nginx_conf_dir="${nginx_dir}/conf.d"
  mkdir -p "$nginx_conf_dir"
-  # install plain conf files
+  # install / update plain conf files
  cp plain/* "$nginx_conf_dir"
  # probably run with init: just disable default site, restart NGINX and exit
  if [[ -z "$pending_dir" ]]; then
    rm -f "${nginx_dir}/sites-enabled/default"
    service nginx restart
    exit 0
  fi
  # retrieve variables
  main_domain=$(cat /etc/yunohost/current_host)
  domain_list=$(sudo yunohost domain list --output-as plain --quiet)
  # Support different strategy for security configurations
  export compatibility="$(yunohost settings get 'security.nginx.compatibility')"
  # add domain conf files
  for domain in $domain_list; do
    domain_conf_dir="${nginx_conf_dir}/${domain}.d"
@ -58,6 +72,8 @@ do_pre_regen() {
  done
  ynh_render_template "yunohost_admin.conf" "${nginx_conf_dir}/yunohost_admin.conf"
  # remove old domain conf files
  conf_files=$(ls -1 /etc/nginx/conf.d \
                 | awk '/^[^\.]+\.[^\.]+.*\.conf$/ { print $1 }')
--- a/data/hooks/conf_regen/19-postfix
+++ b/data/hooks/conf_regen/19-postfix
@ -2,6 +2,8 @@
 set -e
 . /usr/share/yunohost/helpers
 do_pre_regen() {
  pending_dir=$1
@ -20,9 +22,12 @@ do_pre_regen() {
  main_domain=$(cat /etc/yunohost/current_host)
  domain_list=$(sudo yunohost domain list --output-as plain --quiet | tr '\n' ' ')
-  cat main.cf \
+  # Support different strategy for security configurations
-    | sed "s/{{ main_domain }}/${main_domain}/g" \
+  export compatibility="$(yunohost settings get 'security.postfix.compatibility')"
-    > "${postfix_dir}/main.cf"
+
  export main_domain
  export domain_list
  ynh_render_template "main.cf" "${postfix_dir}/main.cf"
  cat postsrsd \
    | sed "s/{{ main_domain }}/${main_domain}/g" \
--- a/data/templates/nginx/plain/yunohost_panel.conf.inc
+++ b/data/templates/nginx/plain/yunohost_panel.conf.inc
@ -1,8 +1,8 @@
-# Insert YunoHost panel
+# Insert YunoHost button + portal overlay
-sub_filter </head> '<script type="text/javascript" src="/ynhpanel.js"></script></head>';
+sub_filter </head> '<script type="text/javascript" src="/ynh_portal.js"></script><link type="text/css" rel="stylesheet" href="/ynh_overlay.css"></link><script type="text/javascript" src="/ynhtheme/custom_portal.js"></script><link type="text/css" rel="stylesheet" href="/ynhtheme/custom_overlay.css"></link></head>';
 sub_filter_once on;
 # Apply to other mime types than text/html
 sub_filter_types application/xhtml+xml;
 # Prevent YunoHost panel files from being blocked by specific app rules
-location ~ ynhpanel\.(js|json|css) {
+location ~ (ynh_portal.js|ynh_overlay.css|ynh_userinfo.json) {
 }
--- a/data/templates/nginx/server.tpl.conf
+++ b/data/templates/nginx/server.tpl.conf
@ -1,3 +1,8 @@
 map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
 }
 server {
    listen 80;
    listen [::]:80;
@ -29,6 +34,14 @@ server {
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:50m;
    {% if compatibility == "modern" %}
    # Ciphers with modern compatibility
    # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.6.2&openssl=1.0.1t&hsts=yes&profile=modern
    # The following configuration use modern ciphers, but remove compatibility with some old clients (android < 5.0, Internet Explorer < 10, ...)
    ssl_protocols TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    ssl_prefer_server_ciphers on;
    {% else %}
    # As suggested by Mozilla : https://wiki.mozilla.org/Security/Server_Side_TLS and https://en.wikipedia.org/wiki/Curve25519
    ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
    ssl_prefer_server_ciphers on;
@ -38,15 +51,10 @@ server {
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
    # Ciphers with modern compatibility
    # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.6.2&openssl=1.0.1t&hsts=yes&profile=modern
    # Uncomment the following to use modern ciphers, but remove compatibility with some old clients (android < 5.0, Internet Explorer < 10, ...)
    #ssl_protocols TLSv1.2;
    #ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    # Uncomment the following directive after DH generation
    # > openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048
    #ssl_dhparam /etc/ssl/private/dh2048.pem;
    {% endif %}
    # Follows the Web Security Directives from the Mozilla Dev Lab and the Mozilla Obervatory + Partners
    # https://wiki.mozilla.org/Security/Guidelines/Web_Security
--- a/data/templates/nginx/plain/yunohost_admin.conf
+++ b/data/templates/nginx/plain/yunohost_admin.conf
@ -20,6 +20,14 @@ server {
    ssl_session_timeout 5m;
    ssl_session_cache shared:SSL:50m;
    {% if compatibility == "modern" %}
    # Ciphers with modern compatibility
    # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.6.2&openssl=1.0.1t&hsts=yes&profile=modern
    # Uncomment the following to use modern ciphers, but remove compatibility with some old clients (android < 5.0, Internet Explorer < 10, ...)
    ssl_protocols TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    ssl_prefer_server_ciphers on;
    {% else %}
    # As suggested by Mozilla : https://wiki.mozilla.org/Security/Server_Side_TLS and https://en.wikipedia.org/wiki/Curve25519
    ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
    ssl_prefer_server_ciphers on;
@ -29,20 +37,15 @@ server {
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
    # Ciphers with modern compatibility
    # https://mozilla.github.io/server-side-tls/ssl-config-generator/?server=nginx-1.6.2&openssl=1.0.1t&hsts=yes&profile=modern
    # Uncomment the following to use modern ciphers, but remove compatibility with some old clients (android < 5.0, Internet Explorer < 10, ...)
    #ssl_protocols TLSv1.2;
    #ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    # Uncomment the following directive after DH generation
    # > openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048
    #ssl_dhparam /etc/ssl/private/dh2048.pem;
-    
+    {% endif %}
    # Follows the Web Security Directives from the Mozilla Dev Lab and the Mozilla Obervatory + Partners
    # https://wiki.mozilla.org/Security/Guidelines/Web_Security
-    # https://observatory.mozilla.org/ 
+    # https://observatory.mozilla.org/
-    more_set_headers "Strict-Transport-Security : max-age=63072000; includeSubDomains; preload"; 
+    more_set_headers "Strict-Transport-Security : max-age=63072000; includeSubDomains; preload";
    more_set_headers "Referrer-Policy : 'same-origin'";
    more_set_headers "Content-Security-Policy : upgrade-insecure-requests; object-src 'none'; script-src https: 'unsafe-eval'";
    more_set_headers "X-Content-Type-Options : nosniff";
--- a/data/templates/postfix/main.cf
+++ b/data/templates/postfix/main.cf
@ -33,7 +33,11 @@ smtpd_tls_key_file = /etc/yunohost/certs/{{ main_domain }}/key.pem
 smtpd_tls_exclude_ciphers = aNULL, MD5, DES, ADH, RC4, 3DES
 smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
 smtpd_tls_loglevel=1
 {% if compatibility == "intermediate" %}
 smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3
 {% else %}
 smtpd_tls_mandatory_protocols=!SSLv2,!SSLv3,!TLSv1,!TLSv1.1
 {% endif %}
 smtpd_tls_mandatory_ciphers=high
 smtpd_tls_eecdh_grade = ultra
@ -58,7 +62,7 @@ alias_maps = hash:/etc/aliases
 alias_database = hash:/etc/aliases
 mydomain = {{ main_domain }}
 mydestination = localhost
-relayhost = 
+relayhost =
 mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
 mailbox_command = procmail -a "$EXTENSION"
 mailbox_size_limit = 0
@ -68,71 +72,71 @@ inet_interfaces = all
 #### Fit to the maximum message size to 30mb, more than allowed by GMail or Yahoo ####
 message_size_limit = 31457280
-# Virtual Domains Control 
+# Virtual Domains Control
-virtual_mailbox_domains = ldap:/etc/postfix/ldap-domains.cf 
+virtual_mailbox_domains = ldap:/etc/postfix/ldap-domains.cf
-virtual_mailbox_maps = ldap:/etc/postfix/ldap-accounts.cf 
+virtual_mailbox_maps = ldap:/etc/postfix/ldap-accounts.cf
-virtual_mailbox_base = 
+virtual_mailbox_base =
-virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf 
+virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf
-virtual_alias_domains = 
+virtual_alias_domains =
-virtual_minimum_uid = 100 
+virtual_minimum_uid = 100
-virtual_uid_maps = static:vmail 
+virtual_uid_maps = static:vmail
 virtual_gid_maps = static:mail
 smtpd_sender_login_maps= ldap:/etc/postfix/ldap-accounts.cf
-# Dovecot LDA 
+# Dovecot LDA
-virtual_transport = dovecot 
+virtual_transport = dovecot
 dovecot_destination_recipient_limit = 1
-# Enable SASL authentication for the smtpd daemon 
+# Enable SASL authentication for the smtpd daemon
-smtpd_sasl_auth_enable = yes 
+smtpd_sasl_auth_enable = yes
-smtpd_sasl_type = dovecot 
+smtpd_sasl_type = dovecot
-smtpd_sasl_path = private/auth 
+smtpd_sasl_path = private/auth
-# Fix some outlook's bugs 
+# Fix some outlook's bugs
-broken_sasl_auth_clients = yes 
+broken_sasl_auth_clients = yes
-# Reject anonymous connections 
+# Reject anonymous connections
-smtpd_sasl_security_options = noanonymous 
+smtpd_sasl_security_options = noanonymous
 smtpd_sasl_local_domain =
-# Wait until the RCPT TO command before evaluating restrictions 
+# Wait until the RCPT TO command before evaluating restrictions
-smtpd_delay_reject = yes 
+smtpd_delay_reject = yes
- 
+
-# Basics Restrictions 
+# Basics Restrictions
-smtpd_helo_required = yes 
+smtpd_helo_required = yes
-strict_rfc821_envelopes = yes 
+strict_rfc821_envelopes = yes
- 
+
-# Requirements for the connecting server 
+# Requirements for the connecting server
-smtpd_client_restrictions = 
+smtpd_client_restrictions =
-    permit_mynetworks, 
+    permit_mynetworks,
-    permit_sasl_authenticated, 
+    permit_sasl_authenticated,
-    reject_rbl_client bl.spamcop.net, 
+    reject_rbl_client bl.spamcop.net,
-    reject_rbl_client cbl.abuseat.org, 
+    reject_rbl_client cbl.abuseat.org,
-    reject_rbl_client zen.spamhaus.org, 
+    reject_rbl_client zen.spamhaus.org,
-    permit 
+    permit
- 
+
-# Requirements for the HELO statement 
+# Requirements for the HELO statement
-smtpd_helo_restrictions = 
+smtpd_helo_restrictions =
-    permit_mynetworks, 
+    permit_mynetworks,
-    permit_sasl_authenticated, 
+    permit_sasl_authenticated,
-    reject_non_fqdn_hostname, 
+    reject_non_fqdn_hostname,
-    reject_invalid_hostname, 
+    reject_invalid_hostname,
-    permit 
+    permit
- 
+
-# Requirements for the sender address 
+# Requirements for the sender address
 smtpd_sender_restrictions =
-    reject_sender_login_mismatch, 
+    reject_sender_login_mismatch,
-    permit_mynetworks, 
+    permit_mynetworks,
-    permit_sasl_authenticated, 
+    permit_sasl_authenticated,
-    reject_non_fqdn_sender, 
+    reject_non_fqdn_sender,
    reject_unknown_sender_domain,
-    permit 
+    permit
- 
+
-# Requirement for the recipient address 
+# Requirement for the recipient address
-smtpd_recipient_restrictions = 
+smtpd_recipient_restrictions =
-    permit_mynetworks, 
+    permit_mynetworks,
-    permit_sasl_authenticated, 
+    permit_sasl_authenticated,
-    reject_non_fqdn_recipient, 
+    reject_non_fqdn_recipient,
-    reject_unknown_recipient_domain, 
+    reject_unknown_recipient_domain,
    reject_unauth_destination,
    permit
@ -155,6 +159,12 @@ smtpd_milters = inet:localhost:11332
 # Skip email without checking if milter has died
 milter_default_action = accept
-# Avoid to send simultaneously too much emails
+# Avoid to send simultaneously too many emails
 smtp_destination_concurrency_limit = 1
 default_destination_rate_delay = 5s
 # Avoid email adress scanning
 # By default it's possible to detect if the email adress exist
 # So it's easly possible to scan a server to know which email adress is valid
 # and after to send spam
 disable_vrfy_command = yes
--- a/data/templates/postfix/plain/master.cf
+++ b/data/templates/postfix/plain/master.cf
@ -122,6 +122,6 @@ mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}
-# Dovecot LDA 
+# Dovecot LDA
-dovecot    unix  -       n       n       -       -       pipe 
+dovecot    unix  -       n       n       -       -       pipe
-    flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -m ${extension}
+    flags=DRhu user=vmail:mail argv=/usr/lib/dovecot/deliver -f ${sender} -d ${user}@${nexthop} -m ${extension} -a ${recipient}
--- a/data/templates/slapd/slapd.default
+++ b/data/templates/slapd/slapd.default
@ -21,7 +21,7 @@ SLAPD_PIDFILE=
 # sockets.
 # Example usage:
 # SLAPD_SERVICES="ldap://127.0.0.1:389/ ldaps:/// ldapi:///"
-SLAPD_SERVICES="ldap:/// ldapi:///"
+SLAPD_SERVICES="ldap://127.0.0.1:389/ ldap://[::1]:389/ ldapi:///"
 # If SLAPD_NO_START is set, the init script will not start or restart
 # slapd (but stop will still work).  Uncomment this if you are
--- a/data/templates/ssh/sshd_config
+++ b/data/templates/ssh/sshd_config
@ -15,10 +15,17 @@ HostKey {{ key }}{% endfor %}
 # https://infosec.mozilla.org/guidelines/openssh
 # ##############################################
-# Keys, ciphers and MACS
+{% if compatibility == "intermediate" %}
-KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
+  KexAlgorithms diffie-hellman-group-exchange-sha256
-Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
+  Ciphers aes256-ctr,aes192-ctr,aes128-ctr
-MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
+  MACs hmac-sha2-512,hmac-sha2-256
 {% else %}
  # By default use "modern" Mozilla configuration
  # Keys, ciphers and MACS
  KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256
  Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr
  MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com
 {% endif %}
 # Use kernel sandbox mechanisms where possible in unprivileged processes
 UsePrivilegeSeparation sandbox
--- a/data/templates/yunohost/services.yml
+++ b/data/templates/yunohost/services.yml
@ -20,8 +20,6 @@ mysql:
 glances: {}
 ssh:
  log: /var/log/auth.log
 ssl:
  status: null
 metronome:
  log: [/var/log/metronome/metronome.log,/var/log/metronome/metronome.err]
 slapd:
@ -34,10 +32,9 @@ yunohost-firewall:
  need_lock: true
 nslcd:
  log: /var/log/syslog
-nsswitch:
+nsswitch: null
-  status: null
+ssl: null
-yunohost:
+yunohost: null
  status: null
 bind9: null
 tahoe-lafs: null
 memcached: null
--- a/debian/changelog
+++ b/debian/changelog
@ -1,3 +1,53 @@
 yunohost (3.5.2.2) stable; urgency=low
  - Hotfix for ynh_psql_remove_db (from ljf)
 -- Alexandre Aubin <alex.aubin@mailoo.org>  Thu, 18 Apr 2019 17:32:00  +0000
 yunohost (3.5.2.1) stable; urgency=low
  - [fix] Fresh install was broken because of yunohost_admin.conf initialization
 -- Alexandre Aubin <alex.aubin@mailoo.org>  Thu, 11 Apr 2019 14:38:00  +0000
 yunohost (3.5.2) stable; urgency=low
  - Release as stable !
  - [doc] Update script to automatically generate helper doc
  - [i18n] Update translations for Catalan, Arabic, Italian
  Thanks to all contributors: Aleks, xaloc, BoF, silkevicious ! <3
 -- Alexandre Aubin <alex.aubin@mailoo.org>  Wed, 10 Apr 2019 01:53:00  +0000
 yunohost (3.5.1.1) testing; urgency=low
  - [fix] enabled/disabled status for sysv services
  - [fix] Nodejs helpers : use YNH_APP_INSTANCE_NAME instead of YNH_APP_ID (#700)
  - [fix] nginx diagnosis when there's an error throwing a huge useless traceback. Use Popen instead to display the real error
  - [fix] service_status returns different type of data if you ask for one or multiple services
 -- Alexandre Aubin <alex.aubin@mailoo.org>  Wed, 03 Apr 2019 17:28:00  +0000
 yunohost (3.5.1) testing; urgency=low
  - [fix] Fix the dbus interface to get info for services (#698)
  - [mod] Use ask key for display_text instead and support i18n (#697)
  - [fix] Rework tools update (#695)
  - [enh] Nginx conf tweaks for theme (#689)
  - [fix] Fix argument escaping in getopts (#685, #683)
  - [enh] Support php versions in ynh_add_fpm_config (#674)
  - [enh] Check that required services are up before running app install and upgrade (#670)
  - [doc] Add min version for all helpers (#664)
  - [enh] Add a setting to control compatibility/security tradeoff for nginx and ssh configurations (#640)
  - [enh] Hooks to allow apps to extend the recommended DNS configuration (#517)
  - Misc technical fixes / improvements (0bd781b, fad3edf, 1268872, 847ceca, 26e77b7, b6cff68)
  - [i18n] Update translation for French, Catalan, Esperanto, Occitan
  Thanks to all contributors: Aleks, Bram, Gabriel Corona, Jibec, Josue, Maniack C, Mélanie C., Quentí, Romuald du Song, ljf, ppr, Xaloc ! <3
 -- Alexandre Aubin <alex.aubin@mailoo.org>  Wed, 03 Apr 2019 02:13:00  +0000
 yunohost (3.5.0.2) testing; urgency=low
  - [fix] Make sure that `ynh_system_user_delete` also deletes the group (#680)
--- a/debian/control
+++ b/debian/control
@ -8,6 +8,7 @@ X-Python-Version: >= 2.7
 Homepage: https://yunohost.org/
 Package: yunohost
 Essential: yes
 Architecture: all
 Depends: ${python:Depends}, ${misc:Depends}
 , moulinette (>= 2.7.1), ssowat (>= 2.7.1)
--- a/debian/postinst
+++ b/debian/postinst
@ -12,7 +12,7 @@ do_configure() {
      bash /usr/share/yunohost/hooks/conf_regen/15-nginx init
  else
      echo "Regenerating configuration, this might take a while..."
-      yunohost service regen-conf --output-as none
+      yunohost tools regen-conf --output-as none
      echo "Launching migrations.."
      yunohost tools migrations migrate --auto
--- a/debian/rules
+++ b/debian/rules
@ -7,6 +7,10 @@
 %:
 	dh ${@} --with=python2,systemd
 override_dh_auto_build:
 	# Generate bash completion file
 	python data/actionsmap/yunohost_completion.py
 override_dh_installinit:
 	dh_installinit -pyunohost --name=yunohost-api --restart-after-upgrade
 	dh_installinit -pyunohost --name=yunohost-firewall --noscripts
--- a/doc/generate_helper_doc.py
+++ b/doc/generate_helper_doc.py
@ -4,7 +4,12 @@ import os
 import glob
 import datetime
-def render(data):
+def render(helpers):
    data = { "helpers": helpers,
             "date": datetime.datetime.now().strftime("%m/%d/%Y"),
             "version": open("../debian/changelog").readlines()[0].split()[1].strip("()")
           }
    from jinja2 import Template
    from ansi2html import Ansi2HTMLConverter
@ -43,7 +48,7 @@ class Parser():
                          "code": [] }
        for i, line in enumerate(self.file):
- 
+
            if line.startswith("#!/bin/bash"):
               continue
@ -103,7 +108,6 @@ class Parser():
        b["usage"] = ""
        b["args"] = []
        b["ret"] = ""
        b["example"] = ""
        subblocks = '\n'.join(b["comments"]).split("\n\n")
@ -114,17 +118,29 @@ class Parser():
                b["brief"] = subblock
                continue
-            elif subblock.startswith("example"):
+            elif subblock.startswith("example:"):
                b["example"] = " ".join(subblock.split()[1:])
                continue
            elif subblock.startswith("examples:"):
                b["examples"] = subblock.split("\n")[1:]
                continue
            elif subblock.startswith("usage"):
                for line in subblock.split("\n"):
                    if line.startswith("| arg"):
-                        argname = line.split()[2]
+                        linesplit = line.split()
-                        argdescr = " ".join(line.split()[4:])
+                        argname = linesplit[2]
-                        b["args"].append((argname, argdescr))
+                        # Detect that there's a long argument version (-f, --foo - Some description)
                        if argname.endswith(",") and linesplit[3].startswith("--"):
                            argname = argname.strip(",")
                            arglongname = linesplit[3]
                            argdescr = " ".join(linesplit[5:])
                            b["args"].append((argname, arglongname, argdescr))
                        else:
                            argdescr = " ".join(linesplit[4:])
                            b["args"].append((argname, argdescr))
                    elif line.startswith("| ret"):
                        b["ret"] = " ".join(line.split()[2:])
                    else:
@ -136,9 +152,17 @@ class Parser():
            elif subblock.startswith("| arg"):
                for line in subblock.split("\n"):
                    if line.startswith("| arg"):
-                        argname = line.split()[2]
+                        linesplit = line.split()
-                        argdescr = line.split()[4:]
+                        argname = linesplit[2]
-                        b["args"].append((argname, argdescr))
+                        # Detect that there's a long argument version (-f, --foo - Some description)
                        if argname.endswith(",") and linesplit[3].startswith("--"):
                            argname = argname.strip(",")
                            arglongname = linesplit[3]
                            argdescr = " ".join(linesplit[5:])
                            b["args"].append((argname, arglongname, argdescr))
                        else:
                            argdescr = " ".join(linesplit[4:])
                            b["args"].append((argname, argdescr))
                continue
            else:
--- a/doc/helper_doc_template.html
+++ b/doc/helper_doc_template.html
@ -2,7 +2,7 @@
 <h1>App helpers</h1>
-{% for category, helpers in data %}
+{% for category, helpers in data.helpers %}
 <h3 style="text-transform: uppercase; font-weight: bold">{{ category }}</h3>
@ -27,8 +27,12 @@
    <p>
        <strong>Arguments</strong>:
        <ul>
-            {% for name, descr in h.args %}
+            {% for infos in h.args %}
-            <li><code>{{ name }}</code> : {{ descr }}</li>
+            {% if infos|length == 2 %}
            <li><code>{{ infos[0] }}</code> : {{ infos[1] }}</li>
            {% else %}
            <li><code>{{ infos[0] }}</code>, <code>{{ infos[1] }}</code> : {{ infos[2] }}</li>
            {% endif %}
            {% endfor %}
        </ul>
    </p>
@ -38,11 +42,25 @@
        <strong>Returns</strong>: {{ h.ret }}
    </p>
    {% endif %}
-    {% if h.example %}
+    {% if "example" in h.keys() %}
    <p>
        <strong>Example</strong>: <code class="helper-code">{{ h.example }}</code>
    </p>
    {% endif %}
    {% if "examples" in h.keys() %}
    <p>
    <strong>Examples</strong>:<ul>
        {% for example in h.examples %}
            {% if not example.strip().startswith("# ") %}
            <code class="helper-code">{{ example }}</code>
            {% else %}
            {{ example.strip("# ") }}
            {% endif %}
            <br>
        {% endfor %}
        </ul>
    </p>
    {% endif %}
    {% if h.details %}
    <p>
        <strong>Details</strong>:
@ -63,6 +81,8 @@
 {% endfor %}
 {% endfor %}
 <p>Generated by <a href="https://github.com/YunoHost/yunohost/blob/stretch-unstable/doc/generate_helper_doc.py">this script</a> on {{data.date}} (Yunohost version {{data.version}})</p>
 <style>
 /*=================================================
--- a/locales/ar.json
+++ b/locales/ar.json
@ -29,13 +29,13 @@
    "app_not_properly_removed": "لم يتم حذف تطبيق {app:s} بشكلٍ جيّد",
    "app_package_need_update": "The app {app} package needs to be updated to follow YunoHost changes",
    "app_removed": "تمت إزالة تطبيق {app:s}",
-    "app_requirements_checking": "جار فحص الحزم اللازمة لـ {app} ...",
+    "app_requirements_checking": "جار فحص الحزم اللازمة لـ {app}…",
    "app_requirements_failed": "Unable to meet requirements for {app}: {error}",
    "app_requirements_unmeet": "Requirements are not met for {app}, the package {pkgname} ({version}) must be {spec}",
    "app_sources_fetch_failed": "تعذرت عملية جلب مصادر الملفات",
    "app_unknown": "برنامج مجهول",
    "app_unsupported_remote_type": "Unsupported remote type used for the app",
-    "app_upgrade_app_name": "جارٍ تحديث برنامج {app}...",
+    "app_upgrade_app_name": "جارٍ تحديث تطبيق {app}…",
    "app_upgrade_failed": "تعذرت عملية ترقية {app:s}",
    "app_upgrade_some_app_failed": "تعذرت عملية ترقية بعض البرمجيات",
    "app_upgraded": "تم تحديث التطبيق {app:s}",
@ -413,5 +413,18 @@
    "service_description_mysql": "يقوم بتخزين بيانات التطبيقات (قواعد بيانات SQL)",
    "service_description_rspamd": "يقوم بتصفية البريد المزعج و إدارة ميزات أخرى للبريد",
    "service_description_yunohost-firewall": "يريد فتح و غلق منافذ الإتصال إلى الخدمات",
-    "users_available": "المستخدمون المتوفرون:"
+    "users_available": "المستخدمون المتوفرون:",
    "aborting": "إلغاء.",
    "admin_password_too_long": "يرجى اختيار كلمة سرية أقصر مِن 127 حرف",
    "app_not_upgraded": "لم يتم تحديث التطبيقات التالية: {apps}",
    "app_start_install": "جارٍ تثبيت التطبيق {app}…",
    "app_start_remove": "جارٍ حذف التطبيق {app}…",
    "app_start_restore": "جارٍ استرجاع التطبيق {app}…",
    "app_upgrade_several_apps": "سوف يتم تحديث التطبيقات التالية: {apps}",
    "ask_new_domain": "نطاق جديد",
    "ask_new_path": "مسار جديد",
    "global_settings_setting_security_password_admin_strength": "قوة الكلمة السرية الإدارية",
    "global_settings_setting_security_password_user_strength": "قوة الكلمة السرية للمستخدم",
    "log_app_addaccess": "إضافة ترخيص بالنفاذ إلى '{}'",
    "password_too_simple_1": "يجب أن يكون طول الكلمة السرية على الأقل 8 حروف"
 }
--- a/locales/bn_BD.json
+++ b/locales/bn_BD.json
@ -0,0 +1 @@
 {}
--- a/locales/ca.json
+++ b/locales/ca.json
@ -29,20 +29,20 @@
    "app_not_properly_removed": "{app:s} no s'ha pogut suprimir correctament",
    "app_package_need_update": "El paquet de l'aplicació {app} ha de ser actualitzat per poder seguir els canvis de YunoHost",
    "app_removed": "{app:s} ha estat suprimida",
-    "app_requirements_checking": "Verificació dels paquets requerits per {app}",
+    "app_requirements_checking": "Verificació dels paquets requerits per {app}…",
    "app_requirements_failed": "No es poden satisfer els requeriments per {app}: {error}",
    "app_requirements_unmeet": "No es compleixen els requeriments per {app}, el paquet {pkgname} ({version}) ha de ser {spec}",
    "app_sources_fetch_failed": "No s'han pogut carregar els fitxers font",
    "app_unknown": "Aplicació desconeguda",
    "app_unsupported_remote_type": "El tipus remot utilitzat per l'aplicació no està suportat",
-    "app_upgrade_app_name": "Actualitzant l'aplicació {app}...",
+    "app_upgrade_app_name": "Actualitzant l'aplicació {app}…",
    "app_upgrade_failed": "No s'ha pogut actualitzar {app:s}",
    "app_upgrade_some_app_failed": "No s'han pogut actualitzar algunes aplicacions",
    "app_upgraded": "{app:s} ha estat actualitzada",
    "appslist_corrupted_json": "No s'han pogut carregar les llistes d'aplicacions. Sembla que {filename:s} està danyat.",
    "appslist_could_not_migrate": "No s'ha pogut migrar la llista d'aplicacions {appslist:s}! No s'ha pogut analitzar la URL... L'antic cronjob s'ha guardat a {bkp_file:s}.",
    "appslist_fetched": "S'ha descarregat la llista d'aplicacions {appslist:s} correctament",
-    "appslist_migrating": "Migrant la llista d'aplicacions {appslist:s} ...",
+    "appslist_migrating": "Migrant la llista d'aplicacions {appslist:s}…",
    "appslist_name_already_tracked": "Ja hi ha una llista d'aplicacions registrada amb el nom {name:s}.",
    "appslist_removed": "S'ha eliminat la llista d'aplicacions {appslist:s}",
    "appslist_retrieve_bad_format": "L'arxiu obtingut per la llista d'aplicacions {appslist:s} no és vàlid",
@ -61,10 +61,10 @@
    "backup_abstract_method": "Encara no s'ha implementat aquest mètode de copia de seguretat",
    "backup_action_required": "S'ha d'especificar què s'ha de guardar",
    "backup_app_failed": "No s'ha pogut fer la còpia de seguretat de l'aplicació \"{app:s}\"",
-    "backup_applying_method_borg": "Enviant tots els fitxers de la còpia de seguretat al repositori borg-backup...",
+    "backup_applying_method_borg": "Enviant tots els fitxers de la còpia de seguretat al repositori borg-backup…",
-    "backup_applying_method_copy": "Còpia de tots els fitxers a la còpia de seguretat...",
+    "backup_applying_method_copy": "Còpia de tots els fitxers a la còpia de seguretat…",
-    "backup_applying_method_custom": "Crida del mètode de còpia de seguretat personalitzat \"{method:s}\"...",
+    "backup_applying_method_custom": "Crida del mètode de còpia de seguretat personalitzat \"{method:s}\"…",
-    "backup_applying_method_tar": "Creació de l'arxiu tar de la còpia de seguretat...",
+    "backup_applying_method_tar": "Creació de l'arxiu tar de la còpia de seguretat…",
    "backup_archive_app_not_found": "L'aplicació \"{app:s}\" no es troba dins l'arxiu de la còpia de seguretat",
    "backup_archive_broken_link": "No s'ha pogut accedir a l'arxiu de la còpia de seguretat (enllaç invàlid cap a {path:s})",
    "backup_archive_mount_failed": "No s'ha pogut carregar l'arxiu de la còpia de seguretat",
@ -80,5 +80,134 @@
    "backup_copying_to_organize_the_archive": "Copiant {size:s}MB per organitzar l'arxiu",
    "backup_couldnt_bind": "No es pot lligar {src:s} amb {dest:s}.",
    "backup_created": "S'ha creat la còpia de seguretat",
-    "backup_creating_archive": "Creant l'arxiu de la còpia de seguretat"
+    "backup_creating_archive": "Creant l'arxiu de la còpia de seguretat…",
    "aborting": "Avortant.",
    "app_not_upgraded": "Les següents aplicacions no s'han actualitzat: {apps}",
    "app_start_install": "instal·lant l'aplicació {app}…",
    "app_start_remove": "Eliminant l'aplicació {app}…",
    "app_start_backup": "Recuperant els fitxers pels que s'ha de fer una còpia de seguretat per {app}…",
    "app_start_restore": "Recuperant l'aplicació {app}…",
    "app_upgrade_several_apps": "S'actualitzaran les següents aplicacions: {apps}",
    "ask_new_domain": "Nou domini",
    "ask_new_path": "Nou camí",
    "backup_actually_backuping": "S'està creant un arxiu de còpia de seguretat a partir dels fitxers recuperats…",
    "backup_creation_failed": "Ha fallat la creació de la còpia de seguretat",
    "backup_csv_addition_failed": "No s'han pogut afegir fitxers per a fer-ne la còpia de seguretat al fitxer CSV",
    "backup_csv_creation_failed": "No s'ha pogut crear el fitxer CSV necessari per a futures operacions de recuperació",
    "backup_custom_backup_error": "El mètode de còpia de seguretat personalitzat ha fallat a l'etapa \"backup\"",
    "backup_custom_mount_error": "El mètode de còpia de seguretat personalitzat ha fallat a l'etapa \"mount\"",
    "backup_custom_need_mount_error": "El mètode de còpia de seguretat personalitzat ha fallat a l'etapa \"need_mount\"",
    "backup_delete_error": "No s'ha pogut suprimir \"{path:s}\"",
    "backup_deleted": "S'ha suprimit la còpia de seguretat",
    "backup_extracting_archive": "Extraient l'arxiu de la còpia de seguretat…",
    "backup_hook_unknown": "Script de còpia de seguretat \"{hook:s}\" desconegut",
    "backup_invalid_archive": "Arxiu de còpia de seguretat no vàlid",
    "backup_method_borg_finished": "La còpia de seguretat a borg ha acabat",
    "backup_method_copy_finished": "La còpia de la còpia de seguretat ha acabat",
    "backup_method_custom_finished": "El mètode de còpia de seguretat personalitzat \"{method:s}\" ha acabat",
    "backup_method_tar_finished": "S'ha creat l'arxiu de còpia de seguretat tar",
    "backup_mount_archive_for_restore": "Preparant l'arxiu per la restauració…",
    "good_practices_about_user_password": "Esteu a punt de definir una nova contrasenya d'usuari. La contrasenya ha de tenir un mínim de 8 caràcters ; tot i que és de bona pràctica utilitzar una contrasenya més llarga (és a dir una frase de contrasenya) i/o utilitzar diferents tipus de caràcters (majúscules, minúscules, dígits i caràcters especials).",
    "password_listed": "Aquesta contrasenya és una de les més utilitzades en el món. Si us plau utilitzeu-ne una més única.",
    "password_too_simple_1": "La contrasenya ha de tenir un mínim de 8 caràcters",
    "password_too_simple_2": "La contrasenya ha de tenir un mínim de 8 caràcters i ha de contenir dígits, majúscules i minúscules",
    "password_too_simple_3": "La contrasenya ha de tenir un mínim de 8 caràcters i tenir dígits, majúscules, minúscules i caràcters especials",
    "password_too_simple_4": "La contrasenya ha de tenir un mínim de 12 caràcters i tenir dígits, majúscules, minúscules i caràcters especials",
    "backup_no_uncompress_archive_dir": "El directori de l'arxiu descomprimit no existeix",
    "backup_nothings_done": "No hi ha res a guardar",
    "backup_output_directory_forbidden": "Directori de sortida no permès. Les còpies de seguretat no es poden crear ni dins els directoris /bin, /boot, /dev, /etc, /lib, /root, /run, /sbin, /sys, /usr, /var ni dins els subdirectoris /home/yunohost.backup/archives",
    "backup_output_directory_not_empty": "El directori de sortida no està buit",
    "backup_output_directory_required": "Heu d'especificar un directori de sortida per la còpia de seguretat",
    "backup_output_symlink_dir_broken": "Teniu un enllaç simbòlic trencat en lloc del directori dels arxius '{path:s}'. Pot ser teniu una configuració per la còpia de seguretat específica en un altre sistema de fitxers, si és el cas segurament heu oblidat muntar o connectar el disc dur o la clau USB.",
    "backup_php5_to_php7_migration_may_fail": "No s'ha pogut convertir l'arxiu per suportar php7, la restauració de les vostres aplicacions pot fallar (raó: {error:s})",
    "backup_running_hooks": "Executant els scripts de la còpia de seguretat…",
    "backup_system_part_failed": "No s'ha pogut fer la còpia de seguretat de la part \"{part:s}\" del sistema",
    "backup_unable_to_organize_files": "No s'han pogut organitzar els fitxers dins de l'arxiu amb el mètode ràpid",
    "backup_with_no_backup_script_for_app": "L'aplicació {app:s} no té un script de còpia de seguretat. Serà ignorat.",
    "backup_with_no_restore_script_for_app": "L'aplicació {app:s} no té un script de restauració, no podreu restaurar automàticament la còpia de seguretat d'aquesta aplicació.",
    "certmanager_acme_not_configured_for_domain": "El certificat pel domini {domain:s} sembla que no està instal·lat correctament. Si us plau executeu primer cert-install per aquest domini.",
    "certmanager_attempt_to_renew_nonLE_cert": "El certificat pel domini {domain:s} no ha estat emès per Let's Encrypt. No es pot renovar automàticament!",
    "certmanager_attempt_to_renew_valid_cert": "El certificat pel domini {domain:s} està a punt de caducar! Utilitzeu --force per ometre",
    "certmanager_attempt_to_replace_valid_cert": "Esteu intentant sobreescriure un certificat correcte i vàlid pel domini {domain:s}! (Utilitzeu --force per ometre)",
    "certmanager_cannot_read_cert": "S'ha produït un error al intentar obrir el certificat actual pel domini {domain:s} (arxiu: {file:s}), raó: {reason:s}",
    "certmanager_cert_install_success": "S'ha instal·lat correctament un certificat Let's Encrypt pel domini {domain:s}!",
    "certmanager_cert_install_success_selfsigned": "S'ha instal·lat correctament un certificat auto-signat pel domini {domain:s}!",
    "certmanager_cert_renew_success": "S'ha renovat correctament el certificat Let's Encrypt pel domini {domain:s}!",
    "certmanager_cert_signing_failed": "No s'ha pogut firmar el nou certificat",
    "certmanager_certificate_fetching_or_enabling_failed": "Sembla que l'activació del nou certificat per {domain:s} ha fallat…",
    "certmanager_conflicting_nginx_file": "No s'ha pogut preparar el domini per al desafiament ACME: l'arxiu de configuració nginx {filepath:s} entra en conflicte i s'ha d'eliminar primer",
    "certmanager_couldnt_fetch_intermediate_cert": "S'ha exhaurit el temps d'esperar al intentar recollir el certificat intermedi des de Let's Encrypt. La instal·lació/renovació del certificat s'ha cancel·lat - torneu a intentar-ho més tard.",
    "certmanager_domain_cert_not_selfsigned": "El certificat pel domini {domain:s} no és auto-signat Esteu segur de voler canviar-lo? (Utilitzeu --force per fer-ho)",
    "certmanager_domain_dns_ip_differs_from_public_ip": "El registre DNS \"A\" pel domini {domain:s} és diferent a l'adreça IP d'aquest servidor. Si heu modificat recentment el registre A, si us plau espereu a que es propagui (hi ha eines per verificar la propagació disponibles a internet). (Si sabeu el que esteu fent, podeu utilitzar --no-checks per desactivar aquestes comprovacions.)",
    "certmanager_domain_http_not_working": "Sembla que el domini {domain:s} no és accessible via HTTP. Si us plau verifiqueu que les configuracions DNS i nginx siguin correctes",
    "certmanager_domain_not_resolved_locally": "El domini {domain:s} no es pot resoldre dins del vostre servidor YunoHost. Això pot passar si heu modificat recentment el registre DNS. Si és així, si us plau espereu unes hores per a que es propagui. Si el problema continua, considereu afegir {domain:s} a /etc/hosts. (Si sabeu el que esteu fent, podeu utilitzar --no-checks per desactivar aquestes comprovacions.)",
    "certmanager_domain_unknown": "Domini desconegut {domain:s}",
    "certmanager_error_no_A_record": "No s'ha trobat cap registre DNS \"A\" per {domain:s}. Heu de fer que el vostre nom de domini apunti cap a la vostra màquina per tal de poder instal·lar un certificat Let's Encrypt! (Si sabeu el que esteu fent, podeu utilitzar --no-checks per desactivar aquestes comprovacions.)",
    "certmanager_hit_rate_limit": "S'han emès massa certificats recentment per aquest mateix conjunt de dominis {domain:s}. Si us plau torneu-ho a intentar més tard. Consulteu https://letsencrypt.org/docs/rate-limits/ per obtenir més detalls",
    "certmanager_http_check_timeout": "S'ha exhaurit el temps d'espera quan el servidor ha intentat contactar amb ell mateix via HTTP utilitzant la seva adreça IP pública (domini domain:s} amb IP {ip:s}).  Pot ser degut a hairpinning o a que el talla focs/router al que està connectat el servidor estan mal configurats.",
    "certmanager_no_cert_file": "No s'ha pogut llegir l'arxiu del certificat pel domini  {domain:s} (fitxer: {file:s})",
    "certmanager_self_ca_conf_file_not_found": "No s'ha trobat el fitxer de configuració per l'autoritat del certificat auto-signat (fitxer: {file:s})",
    "certmanager_unable_to_parse_self_CA_name": "No s'ha pogut analitzar el nom de l'autoritat del certificat auto-signat (fitxer: {file:s})",
    "confirm_app_install_warning": "Atenció: aquesta aplicació funciona però no està ben integrada amb YunoHost. Algunes característiques com la autenticació única i la còpia de seguretat/restauració poden no estar disponibles. Voleu instal·lar-la de totes maneres? [{answers:s}] ",
    "confirm_app_install_danger": "ATENCIÓ! Aquesta aplicació encara és experimental (si no és que no funciona directament) i és probable que trenqui el sistema! No hauríeu d'instal·lar-la a no ser que sapigueu el que feu. Esteu segurs de voler córrer aquest risc? [{answers:s}] ",
    "confirm_app_install_thirdparty": "ATENCIÓ! La instal·lació d'aplicacions de terceres parts pot comprometre la integritat i seguretat del seu sistema. Faci-ho sota la seva responsabilitat.No hauríeu d'instal·lar-ne a no ser que sapigueu el que feu. Esteu segurs de voler córrer aquest risc? [{answers:s}] ",
    "custom_app_url_required": "Heu de especificar una URL per actualitzar la vostra aplicació personalitzada {app:s}",
    "custom_appslist_name_required": "Heu d'especificar un nom per la vostra llista d'aplicacions personalitzada",
    "diagnosis_debian_version_error": "No s'ha pogut obtenir la versió Debian: {error}",
    "diagnosis_kernel_version_error": "No s'ha pogut obtenir la versió del nucli: {error}",
    "diagnosis_monitor_disk_error": "No es poden monitorar els discs: {error}",
    "diagnosis_monitor_network_error": "No es pot monitorar la xarxa: {error}",
    "diagnosis_monitor_system_error": "No es pot monitorar el sistema: {error}",
    "diagnosis_no_apps": "No hi ha cap aplicació instal·lada",
    "admin_password_too_long": "Trieu una contrasenya de menys de 127 caràcters",
    "dpkg_is_broken": "No es pot fer això en aquest instant perquè dpkg/apt (els gestors de paquets del sistema) sembla estar mal configurat... Podeu intentar solucionar-ho connectant-vos per ssh i executant \"sudo dpkg --configure -a\".",
    "dnsmasq_isnt_installed": "sembla que dnsmasq no està instal·lat, executeu \"apt-get remove bind9 && apt-get install dnsmasq\"",
    "domain_cannot_remove_main": "No es pot eliminar el domini principal. S'ha d'establir un nou domini primer",
    "domain_cert_gen_failed": "No s'ha pogut generar el certificat",
    "domain_created": "S'ha creat el domini",
    "domain_creation_failed": "No s'ha pogut crear el domini",
    "domain_deleted": "S'ha eliminat el domini",
    "domain_deletion_failed": "No s'ha pogut eliminar el domini",
    "domain_exists": "El domini ja existeix",
    "app_action_cannot_be_ran_because_required_services_down": "Aquesta aplicació necessita serveis que estan aturats. Abans de continuar, hauríeu d'intentar arrancar de nou els serveis següents (i també investigar perquè estan aturats) : {services}",
    "domain_dns_conf_is_just_a_recommendation": "Aquesta ordre mostra la configuració *recomanada*. En cap cas fa la configuració del DNS. És la vostra responsabilitat configurar la zona DNS en el vostre registrar en acord amb aquesta recomanació.",
    "domain_dyndns_already_subscribed": "Ja us heu subscrit a un domini DynDNS",
    "domain_dyndns_dynette_is_unreachable": "No s'ha pogut abastar la dynette YunoHost, o bé YunoHost no està connectat a internet correctament o bé el servidor dynette està caigut. Error: {error}",
    "domain_dyndns_invalid": "Domini no vàlid per utilitzar amb DynDNS",
    "domain_dyndns_root_unknown": "Domini DynDNS principal desconegut",
    "domain_hostname_failed": "No s'ha pogut establir un nou nom d'amfitrió",
    "domain_uninstall_app_first": "Hi ha una o més aplicacions instal·lades en aquest domini. Desinstal·leu les abans d'eliminar el domini",
    "domain_unknown": "Domini desconegut",
    "domain_zone_exists": "El fitxer de zona DNS ja existeix",
    "domain_zone_not_found": "No s'ha trobat el fitxer de zona DNS pel domini {:s}",
    "domains_available": "Dominis disponibles:",
    "done": "Fet",
    "downloading": "Descarregant…",
    "dyndns_could_not_check_provide": "No s'ha pogut verificar si {provider:s} pot oferir {domain:s}.",
    "dyndns_could_not_check_available": "No s'ha pogut verificar la disponibilitat de {domain:s} a {provider:s}.",
    "dyndns_ip_update_failed": "No s'ha pogut actualitzar l'adreça IP al DynDNS",
    "dyndns_ip_updated": "S'ha actualitzat l'adreça IP al DynDNS",
    "dyndns_key_generating": "S'està generant la clau DNS, això pot trigar una estona…",
    "dyndns_key_not_found": "No s'ha trobat la clau DNS pel domini",
    "dyndns_no_domain_registered": "No hi ha cap domini registrat amb DynDNS",
    "dyndns_registered": "S'ha registrat el domini DynDNS",
    "dyndns_registration_failed": "No s'ha pogut registrar el domini DynDNS: {error:s}",
    "dyndns_domain_not_provided": "El proveïdor {provider:s} no pot oferir el domini {domain:s}.",
    "dyndns_unavailable": "El domini {domain:s} no està disponible.",
    "executing_command": "Execució de l'ordre « {command:s} »…",
    "executing_script": "Execució de l'script « {script:s} »…",
    "extracting": "Extracció en curs…",
    "dyndns_cron_installed": "S'ha instal·lat la tasca cron pel DynDNS",
    "dyndns_cron_remove_failed": "No s'ha pogut eliminar la tasca cron pel DynDNS",
    "dyndns_cron_removed": "S'ha eliminat la tasca cron pel DynDNS",
    "experimental_feature": "Atenció: aquesta funcionalitat és experimental i no es considera estable, no s'ha d'utilitzar a excepció de saber el que esteu fent.",
    "field_invalid": "Camp incorrecte « {:s} »",
    "file_does_not_exist": "El camí {path:s} no existeix.",
    "firewall_reload_failed": "No s'ha pogut tornar a carregar el tallafoc",
    "firewall_reloaded": "S'ha tornat a carregar el tallafoc",
    "firewall_rules_cmd_failed": "No s'han pogut aplicar algunes regles del tallafoc. Mireu el registre per a més informació.",
    "format_datetime_short": "%d/%m/%Y %H:%M",
    "global_settings_bad_choice_for_enum": "Opció pel paràmetre {setting:s} incorrecta, s'ha rebut «{choice:s}» però les opcions disponibles són: {available_choices:s}",
    "global_settings_bad_type_for_setting": "El tipus del paràmetre {setting:s} és incorrecte. S'ha rebut {received_type:s}, però s'esperava {expected_type:s}",
    "global_settings_cant_open_settings": "No s'ha pogut obrir el fitxer de configuració, raó:  {reason:s}"
 }
--- a/locales/en.json
+++ b/locales/en.json
@ -4,6 +4,9 @@
    "admin_password": "Administration password",
    "admin_password_change_failed": "Unable to change password",
    "admin_password_changed": "The administration password has been changed",
    "admin_password_too_long": "Please choose a password shorter than 127 characters",
    "already_up_to_date": "Nothing to do! Everything is already up to date!",
    "app_action_cannot_be_ran_because_required_services_down": "This app requires some services which are currently down. Before continuing, you should try to restart the following services (and possibly investigate why they are down) : {services}",
    "app_already_installed": "{app:s} is already installed",
    "app_already_installed_cant_change_url": "This app is already installed. The url cannot be changed just by this function. Look into `app changeurl` if it's available.",
    "app_already_up_to_date": "{app:s} is already up to date",
@ -199,7 +202,7 @@
    "firewall_reloaded": "The firewall has been reloaded",
    "firewall_rules_cmd_failed": "Some firewall rules commands have failed. For more information, see the log.",
    "format_datetime_short": "%m/%d/%Y %I:%M %p",
-    "global_settings_bad_choice_for_enum": "Bad value for setting {setting:s}, received {received_type:s}, except {expected_type:s}",
+    "global_settings_bad_choice_for_enum": "Bad choice for setting {setting:s}, received '{choice:s}' but available choices are : {available_choices:s}",
    "global_settings_bad_type_for_setting": "Bad type for setting {setting:s}, received {received_type:s}, except {expected_type:s}",
    "global_settings_cant_open_settings": "Failed to open settings file, reason: {reason:s}",
    "global_settings_cant_serialize_settings": "Failed to serialize settings data, reason: {reason:s}",
@ -210,9 +213,12 @@
    "global_settings_setting_example_enum": "Example enum option",
    "global_settings_setting_example_int": "Example int option",
    "global_settings_setting_example_string": "Example string option",
    "global_settings_setting_security_nginx_compatibility": "Compatibility vs. security tradeoff for the web server nginx. Affects the ciphers (and other security-related aspects)",
    "global_settings_setting_security_password_admin_strength": "Admin password strength",
    "global_settings_setting_security_password_user_strength": "User password strength",
-    "global_settings_unknown_setting_from_settings_file": "Unknown key in settings: '{setting_key:s}', discarding it and save it in /etc/yunohost/unkown_settings.json",
+    "global_settings_setting_security_ssh_compatibility": "Compatibility vs. security tradeoff for the SSH server. Affects the ciphers (and other security-related aspects)",
    "global_settings_setting_security_postfix_compatibility": "Compatibility vs. security tradeoff for the Postfix server. Affects the ciphers (and other security-related aspects)",
    "global_settings_unknown_setting_from_settings_file": "Unknown key in settings: '{setting_key:s}', discarding it and save it in /etc/yunohost/settings-unknown.json",
    "global_settings_setting_service_ssh_allow_deprecated_dsa_hostkey": "Allow the use of (deprecated) DSA hostkey for the SSH daemon configuration",
    "global_settings_unknown_type": "Unexpected situation, the setting {setting:s} appears to have the type {unknown_type:s} but it's not a type supported by the system.",
    "good_practices_about_admin_password": "You are now about to define a new administration password. The password should be at least 8 characters - though it is good practice to use longer password (i.e. a passphrase) and/or to use various kind of characters (uppercase, lowercase, digits and special characters).",
@ -258,7 +264,7 @@
    "log_selfsigned_cert_install": "Install self signed certificate on '{}' domain",
    "log_letsencrypt_cert_renew": "Renew '{}' Let's encrypt certificate",
    "log_service_enable": "Enable '{}' service",
-    "log_service_regen_conf": "Regenerate system configurations '{}'",
+    "log_regen_conf": "Regenerate system configurations '{}'",
    "log_user_create": "Add '{}' user",
    "log_user_delete": "Delete '{}' user",
    "log_user_update": "Update information of '{}' user",
@ -266,7 +272,7 @@
    "log_tools_migrations_migrate_forward": "Migrate forward",
    "log_tools_migrations_migrate_backward": "Migrate backward",
    "log_tools_postinstall": "Postinstall your YunoHost server",
-    "log_tools_upgrade": "Upgrade debian packages",
+    "log_tools_upgrade": "Upgrade system packages",
    "log_tools_shutdown": "Shutdown your server",
    "log_tools_reboot": "Reboot your server",
    "ldap_init_failed_to_create_admin": "LDAP initialization failed to create admin user",
@ -295,6 +301,8 @@
    "migration_description_0006_sync_admin_and_root_passwords": "Synchronize admin and root passwords",
    "migration_description_0007_ssh_conf_managed_by_yunohost_step1": "Let the SSH configuration be managed by YunoHost (step 1, automatic)",
    "migration_description_0008_ssh_conf_managed_by_yunohost_step2": "Let the SSH configuration be managed by YunoHost (step 2, manual)",
    "migration_description_0009_decouple_regenconf_from_services": "Decouple the regen-conf mechanism from services",
    "migration_description_0010_migrate_to_apps_json": "Remove deprecated appslists and use the new unified 'apps.json' list instead",
    "migration_0003_backward_impossible": "The stretch migration cannot be reverted.",
    "migration_0003_start": "Starting migration to Stretch. The logs will be available in {logfile}.",
    "migration_0003_patching_sources_list": "Patching the sources.lists…",
@ -320,6 +328,7 @@
    "migration_0008_dsa": " - the DSA key will be disabled. Hence, you might need to invalidate a spooky warning from your SSH client, and recheck the fingerprint of your server;",
    "migration_0008_warning": "If you understand those warnings and agree to let YunoHost override your current configuration, run the migration. Otherwise, you can also skip the migration - though it is not recommended.",
    "migration_0008_no_warning": "No major risk has been indentified about overriding your SSH configuration - but we can't be absolutely sure ;)! If you agree to let YunoHost override your current configuration, run the migration. Otherwise, you can also skip the migration - though it is not recommended.",
    "migration_0009_not_needed": "This migration already happened somehow ? Skipping.",
    "migrations_backward": "Migrating backward.",
    "migrations_bad_value_for_target": "Invalid number for target argument, available migrations numbers are 0 or {}",
    "migrations_cant_reach_migration_file": "Can't access migrations files at path %s",
@ -360,7 +369,6 @@
    "package_not_installed": "Package '{pkgname}' is not installed",
    "package_unexpected_error": "An unexpected error occurred processing the package '{pkgname}'",
    "package_unknown": "Unknown package '{pkgname}'",
    "packages_no_upgrade": "There is no package to upgrade",
    "packages_upgrade_critical_later": "Critical packages ({packages:s}) will be upgraded later",
    "packages_upgrade_failed": "Unable to upgrade all of the packages",
    "password_listed": "This password is among the most used password in the world. Please choose something a bit more unique.",
@ -387,6 +395,21 @@
    "port_available": "Port {port:d} is available",
    "port_unavailable": "Port {port:d} is not available",
    "recommend_to_add_first_user": "The post-install is finished but YunoHost needs at least one user to work correctly, you should add one using 'yunohost user create' or the admin interface.",
    "regenconf_file_backed_up": "The configuration file '{conf}' has been backed up to '{backup}'",
    "regenconf_file_copy_failed": "Unable to copy the new configuration file '{new}' to '{conf}'",
    "regenconf_file_kept_back": "The configuration file '{conf}' is expected to be deleted by regen-conf (category {category}) but has been kept back.",
    "regenconf_file_manually_modified": "The configuration file '{conf}' has been manually modified and will not be updated",
    "regenconf_file_manually_removed": "The configuration file '{conf}' has been manually removed and will not be created",
    "regenconf_file_remove_failed": "Unable to remove the configuration file '{conf}'",
    "regenconf_file_removed": "The configuration file '{conf}' has been removed",
    "regenconf_file_updated": "The configuration file '{conf}' has been updated",
    "regenconf_now_managed_by_yunohost": "The configuration file '{conf}' is now managed by YunoHost (category {category}).",
    "regenconf_up_to_date": "The configuration is already up-to-date for category '{category}'",
    "regenconf_updated": "The configuration has been updated for category '{category}'",
    "regenconf_would_be_updated": "The configuration would have been updated for category '{category}'",
    "regenconf_dry_pending_applying": "Checking pending configuration which would have been applied for category '{category}'…",
    "regenconf_failed": "Unable to regenerate the configuration for category(s): {categories}",
    "regenconf_pending_applying": "Applying pending configuration for category '{category}'…",
    "restore_action_required": "You must specify something to restore",
    "restore_already_installed_app": "An app is already installed with the id '{app:s}'",
    "restore_app_failed": "Unable to restore the app '{app:s}'",
@ -415,18 +438,6 @@
    "service_already_started": "Service '{service:s}' has already been started",
    "service_already_stopped": "Service '{service:s}' has already been stopped",
    "service_cmd_exec_failed": "Unable to execute command '{command:s}'",
    "service_conf_file_backed_up": "The configuration file '{conf}' has been backed up to '{backup}'",
    "service_conf_file_copy_failed": "Unable to copy the new configuration file '{new}' to '{conf}'",
    "service_conf_file_kept_back": "The configuration file '{conf}' is expected to be deleted by service {service} but has been kept back.",
    "service_conf_file_manually_modified": "The configuration file '{conf}' has been manually modified and will not be updated",
    "service_conf_file_manually_removed": "The configuration file '{conf}' has been manually removed and will not be created",
    "service_conf_file_remove_failed": "Unable to remove the configuration file '{conf}'",
    "service_conf_file_removed": "The configuration file '{conf}' has been removed",
    "service_conf_file_updated": "The configuration file '{conf}' has been updated",
    "service_conf_now_managed_by_yunohost": "The configuration file '{conf}' is now managed by YunoHost.",
    "service_conf_up_to_date": "The configuration is already up-to-date for service '{service}'",
    "service_conf_updated": "The configuration has been updated for service '{service}'",
    "service_conf_would_be_updated": "The configuration would have been updated for service '{service}'",
    "service_description_avahi-daemon": "allows to reach your server using yunohost.local on your local network",
    "service_description_dnsmasq": "handles domain name resolution (DNS)",
    "service_description_dovecot": "allows e-mail client to access/fetch email (via IMAP and POP3)",
@ -450,9 +461,7 @@
    "service_enable_failed": "Unable to enable service '{service:s}'\n\nRecent service logs:{logs:s}",
    "service_enabled": "The service '{service:s}' has been enabled",
    "service_no_log": "No log to display for service '{service:s}'",
-    "service_regenconf_dry_pending_applying": "Checking pending configuration which would have been applied for service '{service}'…",
+    "service_regen_conf_is_deprecated": "'yunohost service regen-conf' is deprecated! Please use 'yunohost tools regen-conf' instead.",
    "service_regenconf_failed": "Unable to regenerate the configuration for service(s): {services}",
    "service_regenconf_pending_applying": "Applying pending configuration for service '{service}'…",
    "service_remove_failed": "Unable to remove service '{service:s}'",
    "service_removed": "The service '{service:s}' has been removed",
    "service_reload_failed": "Unable to reload service '{service:s}'\n\nRecent service logs:{logs:s}",
@ -474,13 +483,24 @@
    "system_upgraded": "The system has been upgraded",
    "system_username_exists": "Username already exists in the system users",
    "this_action_broke_dpkg": "This action broke dpkg/apt (the system package managers)... You can try to solve this issue by connecting through SSH and running `sudo dpkg --configure -a`.",
    "tools_upgrade_at_least_one": "Please specify --apps OR --system",
    "tools_upgrade_cant_both": "Cannot upgrade both system and apps at the same time",
    "tools_upgrade_cant_hold_critical_packages": "Unable to hold critical packages ...",
    "tools_upgrade_cant_unhold_critical_packages": "Unable to unhold critical packages ...",
    "tools_upgrade_regular_packages": "Now upgrading 'regular' (non-yunohost-related) packages ...",
    "tools_upgrade_regular_packages_failed": "Unable to upgrade packages: {packages_list}",
    "tools_upgrade_special_packages": "Now upgrading 'special' (yunohost-related) packages ...",
    "tools_upgrade_special_packages_explanation": "This action will end but the actual special upgrade will continue in background. Please don't start any other action on your server in the next ~10 minutes (depending on your hardware speed). Once it's done, you may have to re-log on the webadmin. The upgrade log will be available in Tools > Log (in the webadmin) or through 'yunohost log list' (in command line).",
    "tools_upgrade_special_packages_completed": "YunoHost package upgrade completed !\nPress [Enter] to get the command line back",
    "unbackup_app": "App '{app:s}' will not be saved",
    "unexpected_error": "An unexpected error occured: {error}",
    "unit_unknown": "Unknown unit '{unit:s}'",
    "unlimit": "No quota",
    "unrestore_app": "App '{app:s}' will not be restored",
-    "update_cache_failed": "Unable to update APT cache",
+    "update_apt_cache_failed": "Unable to update the cache of APT (Debian's package manager). Here is a dump of the sources.list lines which might help to identify problematic lines : \n{sourceslist}",
    "update_apt_cache_warning": "Some errors happened while updating the cache of APT (Debian's package manager). Here is a dump of the sources.list lines which might help to identify problematic lines : \n{sourceslist}",
    "updating_apt_cache": "Fetching available upgrades for system packages…",
    "updating_app_lists": "Fetching available upgrades for applications…",
    "upgrade_complete": "Upgrade complete",
    "upgrading_packages": "Upgrading packages…",
    "upnp_dev_not_found": "No UPnP device found",
--- a/locales/eo.json
+++ b/locales/eo.json
@ -16,7 +16,7 @@
    "yunohost_already_installed": "YunoHost estas jam instalita",
    "yunohost_ca_creation_failed": "Ne eblas krei atestan aŭtoritaton",
    "yunohost_ca_creation_success": "Loka atesta aŭtoritato estas kreita.",
-    "yunohost_installing": "Instalata YunoHost...",
+    "yunohost_installing": "Instalante YunoHost…",
    "service_description_glances": "monitoras sisteminformojn de via servilo",
    "service_description_metronome": "mastrumas XMPP tujmesaĝilon kontojn",
    "service_description_mysql": "stokas aplikaĵojn datojn (SQL datumbazo)",
--- a/locales/fr.json
+++ b/locales/fr.json
@ -1,13 +1,13 @@
 {
-    "action_invalid": "Action « {action:s} » incorrecte",
+    "action_invalid": "Action '{action:s}' incorrecte",
    "admin_password": "Mot de passe d’administration",
    "admin_password_change_failed": "Impossible de changer le mot de passe",
    "admin_password_changed": "Le mot de passe d’administration a été modifié",
    "app_already_installed": "{app:s} est déjà installé",
-    "app_argument_choice_invalid": "Choix invalide pour le paramètre « {name:s} », il doit être l’un de {choices:s}",
+    "app_argument_choice_invalid": "Choix invalide pour le paramètre '{name:s}', il doit être l’un de {choices:s}",
-    "app_argument_invalid": "Valeur invalide pour le paramètre `{name:s}` : {error:s}",
+    "app_argument_invalid": "Valeur invalide pour le paramètre '{name:s}' : {error:s}",
    "app_argument_missing": "Paramètre manquant « {:s} »",
-    "app_argument_required": "Le paramètre `{name:s}` est requis",
+    "app_argument_required": "Le paramètre '{name:s}' est requis",
    "app_extraction_failed": "Impossible d’extraire les fichiers d’installation",
    "app_id_invalid": "Identifiant d’application invalide",
    "app_incompatible": "L’application {app} est incompatible avec votre version de YunoHost",
@ -35,7 +35,7 @@
    "appslist_retrieve_error": "Impossible de récupérer la liste d’applications distante {appslist:s} : {error:s}",
    "appslist_unknown": "La liste d’applications {appslist:s} est inconnue.",
    "ask_current_admin_password": "Mot de passe d’administration actuel",
-    "ask_email": "Adresse courriel",
+    "ask_email": "Adresse de courriel",
    "ask_firstname": "Prénom",
    "ask_lastname": "Nom",
    "ask_list_to_remove": "Liste à supprimer",
@ -43,7 +43,7 @@
    "ask_new_admin_password": "Nouveau mot de passe d’administration",
    "ask_password": "Mot de passe",
    "backup_action_required": "Vous devez préciser ce qui est à sauvegarder",
-    "backup_app_failed": "Impossible de sauvegarder l’application « {app:s} »",
+    "backup_app_failed": "Impossible de sauvegarder l’application '{app:s}'",
    "backup_archive_app_not_found": "L’application '{app:s}' n’a pas été trouvée dans l’archive de la sauvegarde",
    "backup_archive_hook_not_exec": "Le script « {hook:s} » n'a pas été exécuté dans cette sauvegarde",
    "backup_archive_name_exists": "Une archive de sauvegarde avec ce nom existe déjà",
@ -60,8 +60,8 @@
    "backup_invalid_archive": "Archive de sauvegarde invalide",
    "backup_nothings_done": "Il n’y a rien à sauvegarder",
    "backup_output_directory_forbidden": "Dossier de destination interdit. Les sauvegardes ne peuvent être créées dans les sous-dossiers /bin, /boot, /dev, /etc, /lib, /root, /run, /sbin, /sys, /usr, /var ou /home/yunohost.backup/archives",
-    "backup_output_directory_not_empty": "Le dossier de sortie n’est pas vide",
+    "backup_output_directory_not_empty": "Le répertoire de destination n'est pas vide",
-    "backup_output_directory_required": "Vous devez spécifier un dossier de sortie pour la sauvegarde",
+    "backup_output_directory_required": "Vous devez spécifier un dossier de destination pour la sauvegarde",
    "backup_running_app_script": "Lancement du script de sauvegarde de l’application « {app:s} »...",
    "backup_running_hooks": "Exécution des scripts de sauvegarde …",
    "custom_app_url_required": "Vous devez spécifier une URL pour mettre à jour votre application personnalisée {app:s}",
@ -111,7 +111,7 @@
    "hook_choice_invalid": "Choix incorrect : '{:s}'",
    "hook_exec_failed": "Échec de l’exécution du script : {path:s}",
    "hook_exec_not_terminated": "L’exécution du script {path:s} ne s’est pas terminée correctement",
-    "hook_list_by_invalid": "La propriété de tri des actions est invalide",
+    "hook_list_by_invalid": "Propriété invalide pour lister les actions par",
    "hook_name_unknown": "Nom de l'action '{name:s}' inconnu",
    "installation_complete": "Installation terminée",
    "installation_failed": "Échec de l’installation",
@ -119,8 +119,8 @@
    "iptables_unavailable": "Vous ne pouvez pas jouer avec iptables ici. Vous êtes soit dans un conteneur, soit votre noyau ne le prend pas en charge",
    "ldap_initialized": "L’annuaire LDAP a été initialisé",
    "license_undefined": "indéfinie",
-    "mail_alias_remove_failed": "Impossible de supprimer l’alias courriel '{mail:s}'",
+    "mail_alias_remove_failed": "Impossible de supprimer l’alias de courriel '{mail:s}'",
-    "mail_domain_unknown": "Le domaine '{domain:s}' du courriel est inconnu",
+    "mail_domain_unknown": "Le domaine « {domain:s} » du courriel est inconnu",
    "mail_forward_remove_failed": "Impossible de supprimer le courriel de transfert '{mail:s}'",
    "maindomain_change_failed": "Impossible de modifier le domaine principal",
    "maindomain_changed": "Le domaine principal a été modifié",
@ -136,126 +136,126 @@
    "mysql_db_creation_failed": "Impossible de créer la base de données MySQL",
    "mysql_db_init_failed": "Impossible d’initialiser la base de données MySQL",
    "mysql_db_initialized": "La base de données MySQL a été initialisée",
-    "network_check_mx_ko": "L’enregistrement DNS MX n’est pas précisé",
+    "network_check_mx_ko": "L’enregistrement DNS MX n’est pas défini",
    "network_check_smtp_ko": "Le trafic courriel sortant (port 25 SMTP) semble bloqué par votre réseau",
    "network_check_smtp_ok": "Le trafic courriel sortant (port 25 SMTP) n’est pas bloqué",
    "new_domain_required": "Vous devez spécifier le nouveau domaine principal",
    "no_appslist_found": "Aucune liste d’applications n’a été trouvée",
    "no_internet_connection": "Le serveur n’est pas connecté à Internet",
    "no_ipv6_connectivity": "La connectivité IPv6 n’est pas disponible",
-    "no_restore_script": "Le script de sauvegarde n’a pas été trouvé pour l’application « {app:s} »",
+    "no_restore_script": "Le script de sauvegarde n’a pas été trouvé pour l’application '{app:s}'",
    "no_such_conf_file": "Le fichier {file:s} n’existe pas, il ne peut pas être copié",
-    "not_enough_disk_space": "L’espace disque est insuffisant sur « {path:s} »",
+    "not_enough_disk_space": "L’espace disque est insuffisant sur '{path:s}'",
-    "package_not_installed": "Le paquet « {pkgname} » n’est pas installé",
+    "package_not_installed": "Le paquet '{pkgname}' n’est pas installé",
-    "package_unexpected_error": "Une erreur inattendue est survenue avec le paquet « {pkgname} »",
+    "package_unexpected_error": "Une erreur inattendue s'est produite lors du traitement du paquet '{pkgname}'",
-    "package_unknown": "Paquet « {pkgname} » inconnu",
+    "package_unknown": "Le paquet '{pkgname}' est inconnu",
    "packages_no_upgrade": "Il n’y a aucun paquet à mettre à jour",
    "packages_upgrade_critical_later": "Les paquets critiques ({packages:s}) seront mis à jour ultérieurement",
    "packages_upgrade_failed": "Impossible de mettre à jour tous les paquets",
    "path_removal_failed": "Impossible de supprimer le chemin {:s}",
-    "pattern_backup_archive_name": "Doit être un nom de fichier valide avec un maximum de 30 caractères, et composé uniquement de caractères alphanumériques et de tirets tels que - et _",
+    "pattern_backup_archive_name": "Doit être un nom de fichier valide avec un maximum de 30 caractères, et composé de caractères alphanumériques et -_. uniquement",
-    "pattern_domain": "Doit être un nom de domaine valide (ex : mon-domaine.org)",
+    "pattern_domain": "Doit être un nom de domaine valide (ex : mon-domaine.fr)",
-    "pattern_email": "Doit être une adresse courriel valide (ex. : pseudo@domain.org)",
+    "pattern_email": "Doit être une adresse de courriel valide (ex. : pseudo@domaine.fr)",
    "pattern_firstname": "Doit être un prénom valide",
    "pattern_lastname": "Doit être un nom valide",
-    "pattern_listname": "Doit être composé uniquement de caractères alphanumériques et de tirets bas",
+    "pattern_listname": "Doit être composé uniquement de caractères alphanumériques et de tirets bas (aussi appelé tiret du 8 ou underscore)",
-    "pattern_mailbox_quota": "Doit être une taille avec le suffixe b/k/M/G/T ou 0 pour désactiver le quota",
+    "pattern_mailbox_quota": "Doit avoir une taille suffixée avec b/k/M/G/T ou 0 pour désactiver le quota",
    "pattern_password": "Doit être composé d’au moins 3 caractères",
-    "pattern_port": "Doit être un numéro de port valide (ex. : 0-65535)",
+    "pattern_port": "Doit être un numéro de port valide compris entre 0 et 65535",
-    "pattern_port_or_range": "Doit être un numéro de port valide (ex. : 0-65535) ou une gamme de ports (ex. : 100:200)",
+    "pattern_port_or_range": "Doit être un numéro de port valide compris entre 0 et 65535, ou une gamme de ports (exemple : 100:200)",
    "pattern_positive_number": "Doit être un nombre positif",
-    "pattern_username": "Doit être composé uniquement de caractères alphanumériques minuscules et de tirets bas",
+    "pattern_username": "Doit être composé uniquement de caractères alphanumériques minuscules et de tirets bas (aussi appelé tiret du 8 ou underscore)",
    "port_already_closed": "Le port {port:d} est déjà fermé pour les connexions {ip_version:s}",
    "port_already_opened": "Le port {port:d} est déjà ouvert pour les connexions {ip_version:s}",
    "port_available": "Le port {port:d} est disponible",
    "port_unavailable": "Le port {port:d} n’est pas disponible",
    "restore_action_required": "Vous devez préciser ce qui est à restaurer",
-    "restore_already_installed_app": "Une application est déjà installée avec l’id « {app:s} »",
+    "restore_already_installed_app": "Une application est déjà installée avec l’identifiant '{app:s}'",
-    "restore_app_failed": "Impossible de restaurer l’application « {app:s} »",
+    "restore_app_failed": "Impossible de restaurer l’application '{app:s}'",
    "restore_cleaning_failed": "Impossible de nettoyer le dossier temporaire de restauration",
    "restore_complete": "Restauration terminée",
    "restore_confirm_yunohost_installed": "Voulez-vous vraiment restaurer un système déjà installé ? [{answers:s}]",
    "restore_failed": "Impossible de restaurer le système",
-    "restore_hook_unavailable": "Le script de restauration « {part:s} » n’est pas disponible sur votre système, et n’est pas non plus dans l’archive",
+    "restore_hook_unavailable": "Le script de restauration '{part:s}' n’est pas disponible sur votre système, et ne l'est pas non plus dans l’archive",
    "restore_nothings_done": "Rien n’a été restauré",
    "restore_running_app_script": "Exécution du script de restauration de l'application '{app:s}' .…",
    "restore_running_hooks": "Exécution des scripts de restauration …",
    "service_add_configuration": "Ajout du fichier de configuration {file:s}",
-    "service_add_failed": "Impossible d’ajouter le service « {service:s} »",
+    "service_add_failed": "Impossible d’ajouter le service '{service:s}'",
-    "service_added": "Le service « {service:s} » a été ajouté",
+    "service_added": "Le service '{service:s}' a été ajouté",
-    "service_already_started": "Le service « {service:s} » est déjà démarré",
+    "service_already_started": "Le service '{service:s}' est déjà démarré",
-    "service_already_stopped": "Le service « {service:s} » est déjà arrêté",
+    "service_already_stopped": "Le service '{service:s}' est déjà arrêté",
-    "service_cmd_exec_failed": "Impossible d’exécuter la commande « {command:s} »",
+    "service_cmd_exec_failed": "Impossible d’exécuter la commande '{command:s}'",
-    "service_conf_file_backed_up": "Le fichier de configuration « {conf} » a été sauvegardé dans « {backup} »",
+    "service_conf_file_backed_up": "Le fichier de configuration '{conf}' a été sauvegardé dans '{backup}'",
-    "service_conf_file_copy_failed": "Impossible de copier le nouveau fichier de configuration « {new} » vers « {conf} »",
+    "service_conf_file_copy_failed": "Impossible de copier le nouveau fichier de configuration '{new}' vers '{conf}'",
-    "service_conf_file_manually_modified": "Le fichier de configuration « {conf} » a été modifié manuellement et ne sera pas mis à jour",
+    "service_conf_file_manually_modified": "Le fichier de configuration '{conf}' a été modifié manuellement et ne sera pas mis à jour",
-    "service_conf_file_manually_removed": "Le fichier de configuration « {conf} » a été supprimé manuellement et ne sera pas créé",
+    "service_conf_file_manually_removed": "Le fichier de configuration '{conf}' a été supprimé manuellement et ne sera pas créé",
    "service_conf_file_not_managed": "Le fichier de configuration « {conf} » n'est pas géré pour l'instant et ne sera pas mis à jour",
-    "service_conf_file_remove_failed": "Impossible de supprimer le fichier de configuration « {conf} »",
+    "service_conf_file_remove_failed": "Impossible de supprimer le fichier de configuration '{conf}'",
-    "service_conf_file_removed": "Le fichier de configuration « {conf} » a été supprimé",
+    "service_conf_file_removed": "Le fichier de configuration '{conf}' a été supprimé",
-    "service_conf_file_updated": "Le fichier de configuration « {conf} » a été mis à jour",
+    "service_conf_file_updated": "Le fichier de configuration '{conf}' a été mis à jour",
-    "service_conf_up_to_date": "La configuration du service « {service} » est déjà à jour",
+    "service_conf_up_to_date": "La configuration du service '{service}' est déjà à jour",
-    "service_conf_updated": "La configuration a été mise à jour pour le service « {service} »",
+    "service_conf_updated": "La configuration a été mise à jour pour le service '{service}'",
-    "service_conf_would_be_updated": "La configuration du service « {service} » aurait été mise à jour",
+    "service_conf_would_be_updated": "La configuration du service '{service}' aurait été mise à jour",
    "service_configuration_conflict": "Le fichier {file:s} a été modifié depuis sa dernière génération. Veuillez y appliquer les modifications manuellement ou utiliser l’option --force (ce qui écrasera toutes les modifications effectuées sur le fichier).",
    "service_configured": "La configuration du service « {service:s} » a été générée avec succès",
    "service_configured_all": "La configuration de tous les services a été générée avec succès",
-    "service_disable_failed": "Impossible de désactiver le service « {service:s} »\n\nJournaux récents : {logs:s}",
+    "service_disable_failed": "Impossible de désactiver le service '{service:s}'\n\nJournaux historisés récents : {logs:s}",
-    "service_disabled": "Le service « {service:s} » a été désactivé",
+    "service_disabled": "Le service '{service:s}' a été désactivé",
-    "service_enable_failed": "Impossible d’activer le service « {service:s} »\n\nJournaux récents : {logs:s}",
+    "service_enable_failed": "Impossible d’activer le service '{service:s}'\n\nJournaux historisés récents : {logs:s}",
-    "service_enabled": "Le service « {service:s} » a été activé",
+    "service_enabled": "Le service '{service:s}' a été activé",
-    "service_no_log": "Aucun journal à afficher pour le service « {service:s} »",
+    "service_no_log": "Aucun journal historisé à afficher pour le service '{service:s}'",
-    "service_regenconf_dry_pending_applying": "Vérification des configurations en attentes qui pourraient être appliquées pour le service « {service} »…",
+    "service_regenconf_dry_pending_applying": "Vérification des configurations en attentes qui pourraient être appliquées au le service '{service}' …",
    "service_regenconf_failed": "Impossible de régénérer la configuration pour les services : {services}",
-    "service_regenconf_pending_applying": "Application des configurations en attentes pour le service « {service} »…",
+    "service_regenconf_pending_applying": "Application des configurations en attentes pour le service '{service}' …",
-    "service_remove_failed": "Impossible d’enlever le service « {service:s} »",
+    "service_remove_failed": "Impossible de supprimer le service '{service:s}'",
-    "service_removed": "Le service « {service:s} » a été enlevé",
+    "service_removed": "Le service '{service:s}' a été supprimé",
-    "service_start_failed": "Impossible de démarrer le service « {service:s} »\n\nJournaux récents : {logs:s}",
+    "service_start_failed": "Impossible de démarrer le service '{service:s}'\n\nJournaux historisés récents : {logs:s}",
-    "service_started": "Le service « {service:s} » a été démarré",
+    "service_started": "Le service '{service:s}' a été démarré",
-    "service_status_failed": "Impossible de déterminer le statut du service « {service:s} »",
+    "service_status_failed": "Impossible de déterminer le statut du service '{service:s}'",
-    "service_stop_failed": "Impossible d’arrêter le service « {service:s} »\n\nJournaux récents : {logs:s}",
+    "service_stop_failed": "Impossible d’arrêter le service '{service:s}'\n\nJournaux historisés récents : {logs:s}",
-    "service_stopped": "Le service « {service:s} » a été arrêté",
+    "service_stopped": "Le service '{service:s}' a été arrêté",
-    "service_unknown": "Service « {service:s} » inconnu",
+    "service_unknown": "Le service '{service:s}' est inconnu",
    "services_configured": "La configuration a été générée avec succès",
    "show_diff": "Voici les différences :\n{diff:s}",
    "ssowat_conf_generated": "La configuration de SSOwat a été générée",
    "ssowat_conf_updated": "La configuration de SSOwat a été mise à jour",
    "system_upgraded": "Le système a été mis à jour",
-    "system_username_exists": "Le nom d’utilisateur existe déjà dans les utilisateurs système",
+    "system_username_exists": "Ce nom d’utilisateur existe déjà dans les utilisateurs système",
-    "unbackup_app": "L’application « {app:s} » ne sera pas sauvegardée",
+    "unbackup_app": "L’application '{app:s}' ne sera pas sauvegardée",
-    "unexpected_error": "Une erreur inattendue est survenue",
+    "unexpected_error": "Une erreur inattendue est survenue : {error}",
-    "unit_unknown": "Unité « {unit:s} » inconnue",
+    "unit_unknown": "L'unité '{unit:s}' est inconnue",
    "unlimit": "Pas de quota",
-    "unrestore_app": "L’application « {app:s} » ne sera pas restaurée",
+    "unrestore_app": "L’application '{app:s}' ne sera pas restaurée",
-    "update_cache_failed": "Impossible de mettre à jour le cache de l’APT",
+    "update_cache_failed": "Impossible de mettre à jour le cache de l'outil de gestion avancée des paquets (APT)",
-    "updating_apt_cache": "Récupération des mises à jour disponibles pour les paquets du système .…",
+    "updating_apt_cache": "Récupération des mises à jour disponibles pour les paquets du système …",
    "upgrade_complete": "Mise à jour terminée",
    "upgrading_packages": "Mise à jour des paquets en cours …",
    "upnp_dev_not_found": "Aucun périphérique compatible UPnP n’a été trouvé",
    "upnp_disabled": "UPnP a été désactivé",
    "upnp_enabled": "UPnP a été activé",
-    "upnp_port_open_failed": "Impossible d’ouvrir les ports avec UPnP",
+    "upnp_port_open_failed": "Impossible d’ouvrir les ports UPnP",
    "user_created": "L’utilisateur a été créé",
    "user_creation_failed": "Impossible de créer l’utilisateur",
    "user_deleted": "L’utilisateur a été supprimé",
    "user_deletion_failed": "Impossible de supprimer l’utilisateur",
    "user_home_creation_failed": "Impossible de créer le dossier personnel de l’utilisateur",
    "user_info_failed": "Impossible de récupérer les informations de l’utilisateur",
-    "user_unknown": "Utilisateur « {user:s} » inconnu",
+    "user_unknown": "L'utilisateur {user:s} est inconnu",
    "user_update_failed": "Impossible de modifier l’utilisateur",
    "user_updated": "L’utilisateur a été modifié",
    "yunohost_already_installed": "YunoHost est déjà installé",
    "yunohost_ca_creation_failed": "Impossible de créer l’autorité de certification",
    "yunohost_configured": "YunoHost a été configuré",
-    "yunohost_installing": "Installation de YunoHost en cours …",
+    "yunohost_installing": "L'installation de YunoHost est en cours …",
-    "yunohost_not_installed": "YunoHost n’est pas ou pas correctement installé. Veuillez exécuter « yunohost tools postinstall »",
+    "yunohost_not_installed": "YunoHost n’est pas ou pas correctement installé. Veuillez exécuter 'yunohost tools postinstall'",
    "certmanager_attempt_to_replace_valid_cert": "Vous êtes en train de vouloir remplacer un certificat correct et valide pour le domaine {domain:s} ! (Utilisez --force pour contourner cela)",
    "certmanager_domain_unknown": "Domaine {domain:s} inconnu",
    "certmanager_domain_cert_not_selfsigned": "Le certificat du domaine {domain:s} n’est pas auto-signé. Voulez-vous vraiment le remplacer ? (Utilisez --force pour cela)",
    "certmanager_certificate_fetching_or_enabling_failed": "Il semble que l’activation du nouveau certificat pour {domain:s} a échoué …",
    "certmanager_attempt_to_renew_nonLE_cert": "Le certificat pour le domaine {domain:s} n’est pas émis par Let’s Encrypt. Impossible de le renouveler automatiquement !",
    "certmanager_attempt_to_renew_valid_cert": "Le certificat pour le domaine {domain:s} est sur le point d’expirer ! Utilisez --force pour contourner cela",
-    "certmanager_domain_http_not_working": "Il semble que le domaine {domain:s} n’est pas accessible via HTTP. Veuillez vérifier que vos configuration DNS et Nginx sont correctes",
+    "certmanager_domain_http_not_working": "Il semble que le domaine {domain:s} ne soit pas accessible via HTTP. Veuillez vérifier que vos configuration DNS et Nginx sont correctes",
    "certmanager_error_no_A_record": "Aucun enregistrement DNS 'A' n’a été trouvé pour {domain:s}. Vous devez faire pointer votre nom de domaine vers votre machine pour être en mesure d’installer un certificat Let’s Encrypt ! (Si vous savez ce que vous faites, utilisez --no-checks pour désactiver ces contrôles)",
    "certmanager_domain_dns_ip_differs_from_public_ip": "L’enregistrement DNS 'A' du domaine {domain:s} est différent de l’adresse IP de ce serveur. Si vous avez récemment modifié votre enregistrement 'A', veuillez attendre sa propagation (quelques vérificateur de propagation DNS sont disponibles en ligne). (Si vous savez ce que vous faites, utilisez --no-checks pour désactiver ces contrôles)",
    "certmanager_cannot_read_cert": "Quelque chose s’est mal passé lors de la tentative d’ouverture du certificat actuel pour le domaine {domain:s} (fichier : {file:s}), la cause est : {reason:s}",
@ -264,22 +264,22 @@
    "certmanager_cert_renew_success": "Renouvellement avec succès d’un certificat Let’s Encrypt pour le domaine {domain:s} !",
    "certmanager_old_letsencrypt_app_detected": "\nYunoHost a détecté que l’application « letsencrypt » est installé, ce qui est en conflit avec les nouvelles fonctionnalités de gestion intégrée de certificats dans YunoHost. Si vous souhaitez utiliser ces nouvelles fonctionnalités intégrées, veuillez lancer les commandes suivantes pour migrer votre installation :\n\n    yunohost app remove letsencrypt\n    yunohost domain cert-install\n\nN.B. : cela tentera de réinstaller les certificats de tous les domaines avec un certificat Let's Encrypt ou ceux auto-signés",
    "certmanager_cert_signing_failed": "La signature du nouveau certificat a échoué",
-    "certmanager_no_cert_file": "Impossible de lire le fichier de certificat pour le domaine {domain:s} (fichier : {file:s})",
+    "certmanager_no_cert_file": "Impossible de lire le fichier du certificat pour le domaine {domain:s} (fichier : {file:s})",
    "certmanager_conflicting_nginx_file": "Impossible de préparer le domaine pour le défi ACME : le fichier de configuration Nginx  {filepath:s} est en conflit et doit être préalablement retiré",
    "certmanager_hit_rate_limit": "Trop de certificats ont déjà été émis récemment pour ce même ensemble de domaines {domain:s}. Veuillez réessayer plus tard. Lisez https://letsencrypt.org/docs/rate-limits/ pour obtenir plus de détails sur les ratios et limitations",
-    "ldap_init_failed_to_create_admin": "L’initialisation de LDAP n’a pas réussi à créer l’utilisateur admin",
+    "ldap_init_failed_to_create_admin": "L’initialisation de l'annuaire LDAP n’a pas réussi à créer l’utilisateur admin",
    "ssowat_persistent_conf_read_error": "Erreur lors de la lecture de la configuration persistante de SSOwat : {error:s}. Modifiez le fichier /etc/ssowat/conf.json.persistent pour réparer la syntaxe JSON",
    "ssowat_persistent_conf_write_error": "Erreur lors de la sauvegarde de la configuration persistante de SSOwat : {error:s}. Modifiez le fichier /etc/ssowat/conf.json.persistent pour réparer la syntaxe JSON",
-    "domain_cannot_remove_main": "Impossible de supprimer le domaine principal. Commencez par définir un nouveau domaine principal",
+    "domain_cannot_remove_main": "Impossible de supprimer le domaine principal. Définissez d'abord un nouveau domaine principal",
    "certmanager_self_ca_conf_file_not_found": "Le fichier de configuration pour l’autorité du certificat auto-signé est introuvable (fichier : {file:s})",
    "certmanager_unable_to_parse_self_CA_name": "Impossible d’analyser le nom de l’autorité du certificat auto-signé (fichier : {file:s})",
-    "mailbox_used_space_dovecot_down": "Le service mail Dovecot doit être démarré, si vous souhaitez voir l’espace disque occupé par la messagerie",
+    "mailbox_used_space_dovecot_down": "Le service de courriel Dovecot doit être démarré, si vous souhaitez voir l’espace disque occupé par la messagerie",
    "domains_available": "Domaines disponibles :",
    "backup_archive_broken_link": "Impossible d’accéder à l’archive de sauvegarde (lien invalide vers {path:s})",
    "certmanager_acme_not_configured_for_domain": "Le certificat du domaine {domain:s} ne semble pas être correctement installé. Veuillez d'abord exécuter cert-install.",
    "certmanager_domain_not_resolved_locally": "Le domaine {domain:s} ne peut être résolu depuis votre serveur YunoHost. Cela peut se produire si vous avez récemment modifié votre enregistrement DNS. Si c'est le cas, merci d’attendre quelques heures qu’il se propage. Si le problème persiste, envisager d’ajouter {domain:s} au fichier /etc/hosts. (Si vous savez ce que vous faites, utilisez --no-checks pour désactiver ces vérifications.)",
    "certmanager_http_check_timeout": "Expiration du délai lorsque le serveur a essayé de se contacter lui-même via HTTP en utilisant l'adresse IP public {ip:s} du domaine {domain:s}. Vous rencontrez peut-être un problème d’hairpinning ou alors le pare-feu/routeur en amont de votre serveur est mal configuré.",
-    "certmanager_couldnt_fetch_intermediate_cert": "Expiration du délai lors de la tentative de récupération du certificat intermédiaire depuis Let’s Encrypt. L’installation ou le renouvellement du certificat a été annulé - veuillez réessayer plus tard.",
+    "certmanager_couldnt_fetch_intermediate_cert": "Expiration du délai lors de la tentative de récupération du certificat intermédiaire depuis Let’s Encrypt. L’installation ou le renouvellement du certificat a été annulé. Veuillez réessayer plus tard.",
    "appslist_retrieve_bad_format": "Le fichier récupéré pour la liste d’applications {appslist:s} n’est pas valide",
    "domain_hostname_failed": "Échec de la création d’un nouveau nom d’hôte",
    "yunohost_ca_creation_success": "L’autorité de certification locale a été créée.",
@ -288,39 +288,39 @@
    "appslist_migrating": "Migration de la liste d’applications {appslist:s} …",
    "appslist_could_not_migrate": "Impossible de migrer la liste {appslist:s} ! Impossible d’exploiter l’URL. L’ancienne tâche programmée a été conservée dans {bkp_file:s}.",
    "appslist_corrupted_json": "Impossible de charger la liste d’applications. Il semble que {filename:s} soit corrompu.",
-    "app_already_installed_cant_change_url": "Cette application est déjà installée. L’URL ne peut pas être changé simplement par cette fonction. Regardez avec `app changeurl` si c’est disponible.",
+    "app_already_installed_cant_change_url": "Cette application est déjà installée. L’URL ne peut pas être changé simplement par cette fonction. Regardez si cela est disponible avec `app changeurl`.",
    "app_change_no_change_url_script": "L’application {app_name:s} ne prend pas encore en charge le changement d’URL, vous pourriez avoir besoin de la mettre à jour.",
-    "app_change_url_failed_nginx_reload": "Le redémarrage de nginx a échoué. Voici la sortie de `nginx -t` :\n{nginx_errors:s}",
+    "app_change_url_failed_nginx_reload": "Le redémarrage de Nginx a échoué. Voici la sortie de 'nginx -t' :\n{nginx_errors:s}",
-    "app_change_url_identical_domains": "L’ancien et le nouveau couple domaine/chemin_de_l'URL sont identiques pour (`{domain:s}{path:s}`), rien à faire.",
+    "app_change_url_identical_domains": "L’ancien et le nouveau couple domaine/chemin_de_l'URL sont identiques pour ('{domain:s}{path:s}'), rien à faire.",
-    "app_change_url_no_script": "L’application `{app_name:s}` ne prend pas encore en charge le changement d’URL. Vous devriez peut-être la mettre à jour.",
+    "app_change_url_no_script": "L’application '{app_name:s}' ne prend pas encore en charge le changement d’URL. Vous devriez peut-être la mettre à jour.",
    "app_change_url_success": "L’URL de l’application {app:s} a été changée en {domain:s}{path:s}",
-    "app_location_unavailable": "Cette URL n’est pas disponible ou est en conflit avec une application existante\n{apps:s}",
+    "app_location_unavailable": "Cette URL n’est pas disponible ou est en conflit avec une application existante :\n{apps:s}",
    "app_already_up_to_date": "{app:s} est déjà à jour",
    "invalid_url_format": "Format d’URL non valide",
-    "global_settings_bad_choice_for_enum": "La valeur du paramètre {setting:s} est incorrecte. Reçu : {received_type:s} mais attendu : {expected_type:s}",
+    "global_settings_bad_choice_for_enum": "Valeur du paramètre {setting:s} incorrecte. Reçu : {received_type:s}, mais les valeurs possibles sont : {expected_type:s}",
-    "global_settings_bad_type_for_setting": "Le type du paramètre {setting:s} est incorrect. Reçu : {received_type:s} mais attendu : {expected_type:s}",
+    "global_settings_bad_type_for_setting": "Le type du paramètre {setting:s} est incorrect. Reçu {received_type:s} alors que {expected_type:s} était attendu",
    "global_settings_cant_open_settings": "Échec de l’ouverture du ficher de configurations car : {reason:s}",
    "global_settings_cant_serialize_setings": "Échec de sérialisation des données de configurations, cause : {reason:s}",
    "global_settings_cant_write_settings": "Échec d’écriture du fichier de configurations car : {reason:s}",
    "global_settings_key_doesnt_exists": "La clef '{settings_key:s}' n’existe pas dans les configurations générales, vous pouvez voir toutes les clefs disponibles en saisissant 'yunohost settings list'",
-    "global_settings_reset_success": "Réussite ! Vos configurations précédentes ont été sauvegardées dans {path:s}",
+    "global_settings_reset_success": "Super ! Vos configurations précédentes ont été sauvegardées dans {path:s}",
    "global_settings_setting_example_bool": "Exemple d’option booléenne",
    "global_settings_setting_example_int": "Exemple d’option de type entier",
    "global_settings_setting_example_string": "Exemple d’option de type chaîne",
    "global_settings_setting_example_enum": "Exemple d’option de type énumération",
-    "global_settings_unknown_type": "Situation inattendue, la configuration {setting:s} semble avoir le type {unknown_type:s} mais celui-ci n'est pas pris en charge par le système.",
+    "global_settings_unknown_type": "Situation inattendue : la configuration {setting:s} semble avoir le type {unknown_type:s} mais celui-ci n'est pas pris en charge par le système.",
-    "global_settings_unknown_setting_from_settings_file": "Clef inconnue dans les paramètres : '{setting_key:s}', rejet de cette clef et sauvegarde de celle-ci dans /etc/yunohost/unkown_settings.json",
+    "global_settings_unknown_setting_from_settings_file": "Clé inconnue dans les paramètres : '{setting_key:s}', rejet de cette clé et sauvegarde de celle-ci dans /etc/yunohost/unkown_settings.json",
    "service_conf_new_managed_file": "Le fichier de configuration « {conf} » est désormais géré par le service {service}.",
-    "service_conf_file_kept_back": "Le fichier de configuration « {conf} » devrait être supprimé par le service {service} mais a été conservé.",
+    "service_conf_file_kept_back": "Le fichier de configuration '{conf}' devait être supprimé par le service {service} mais a été conservé.",
    "backup_abstract_method": "Cette méthode de sauvegarde n’a pas encore été implémentée",
    "backup_applying_method_tar": "Création de l’archive tar de la sauvegarde …",
    "backup_applying_method_copy": "Copie de tous les fichiers à sauvegarder …",
-    "backup_applying_method_borg": "Envoi de tous les fichiers à sauvegarder dans de référentiel borg-backup …",
+    "backup_applying_method_borg": "Envoi de tous les fichiers à sauvegarder dans le répertoire borg-backup…",
    "backup_applying_method_custom": "Appel de la méthode de sauvegarde personnalisée '{method:s}' …",
    "backup_archive_system_part_not_available": "La partie '{part:s}' du système n’est pas disponible dans cette sauvegarde",
    "backup_archive_mount_failed": "Le montage de l’archive de sauvegarde a échoué",
    "backup_archive_writing_error": "Impossible d'ajouter des fichiers '{source:s}' (nommés dans l'archive : '{dest:s}') à sauvegarder dans l'archive compressée '{archive:s}'",
-    "backup_ask_for_copying_if_needed": "Certains fichiers n’ont pas pu être préparés pour être sauvegardés en utilisant la méthode qui évite temporairement de gaspiller de l’espace sur le système. Pour mener la sauvegarde, {size:s} Mo doivent être temporairement utilisés. Acceptez-vous ?",
+    "backup_ask_for_copying_if_needed": "Certains fichiers n’ont pas pu être préparés pour être sauvegardés en utilisant la méthode qui évite temporairement de gaspiller de l’espace sur le système. Pour réaliser la sauvegarde, {size:s} Mo doivent être temporairement utilisés. Acceptez-vous ?",
    "backup_borg_not_implemented": "La méthode de sauvegarde Borg n’est pas encore implémentée",
    "backup_cant_mount_uncompress_archive": "Impossible de monter en lecture seule le dossier de l’archive décompressée",
    "backup_copying_to_organize_the_archive": "Copie de {size:s} Mo pour organiser l’archive",
@ -340,67 +340,67 @@
    "backup_with_no_restore_script_for_app": "L’application {app:s} n’a pas de script de restauration, vous ne pourrez pas restaurer automatiquement la sauvegarde de cette application.",
    "global_settings_cant_serialize_settings": "Échec de la sérialisation des données de paramétrage car : {reason:s}",
    "restore_removing_tmp_dir_failed": "Impossible de sauvegarder un ancien dossier temporaire",
-    "restore_extracting": "Extraction des fichiers nécessaires depuis l’archive…",
+    "restore_extracting": "Extraction des fichiers nécessaires depuis l’archive …",
-    "restore_mounting_archive": "Montage de l’archive dans « {path:s} »",
+    "restore_mounting_archive": "Montage de l’archive dans '{path:s}'",
-    "restore_may_be_not_enough_disk_space": "Votre système semble ne pas avoir suffisamment d’espace disponible (libre : {free_space:d} octets, nécessaire : {needed_space:d} octets, marge de sécurité : {margin:d} octets)",
+    "restore_may_be_not_enough_disk_space": "Votre système semble ne pas avoir suffisamment d’espace disponible (L'espace libre est de {free_space:d} octets. Le besoin d'espace nécessaire est de {needed_space:d} octets. En appliquant une marge de sécurité, la quantité d'espace nécessaire est de {margin:d} octets)",
-    "restore_not_enough_disk_space": "Espace disponible insuffisant (libre : {free_space:d} octets, nécessaire : {needed_space:d} octets, marge de sécurité : {margin:d} octets)",
+    "restore_not_enough_disk_space": "Espace disponible insuffisant (L'espace libre est de {free_space:d} octets. Le besoin d'espace nécessaire est de {needed_space:d} octets. En appliquant une marge de sécurité, la quantité d'espace nécessaire est de {margin:d} octets)",
-    "restore_system_part_failed": "Impossible de restaurer la partie « {part:s} » du système",
+    "restore_system_part_failed": "Impossible de restaurer la partie '{part:s}' du système",
    "backup_couldnt_bind": "Impossible de lier {src:s} avec {dest:s}.",
-    "domain_dns_conf_is_just_a_recommendation": "Cette page montre la configuration *recommandée*. Elle ne configure *pas* le DNS pour vous. Il est de votre responsabilité que de configurer votre zone DNS chez votre registrar DNS avec cette recommandation.",
+    "domain_dns_conf_is_just_a_recommendation": "Cette page montre la configuration *recommandée*. Elle ne configure *pas* le DNS pour vous. Il est de votre responsabilité que de configurer votre zone DNS chez votre fournisseur/registrar DNS avec cette recommandation.",
-    "domain_dyndns_dynette_is_unreachable": "Impossible de contacter la dynette YunoHost, soit YunoHost n’est pas correctement connecté à internet ou alors le serveur de dynette est arrêté. Erreur : {error}",
+    "domain_dyndns_dynette_is_unreachable": "Impossible de contacter la dynette YunoHost. Soit YunoHost n’est pas correctement connecté à internet, soit le serveur de dynette est en panne. Erreur : {error}",
    "migrations_backward": "Migration en arrière.",
-    "migrations_bad_value_for_target": "Nombre invalide pour le paramètre « target », les numéros de migration sont ou {}",
+    "migrations_bad_value_for_target": "Nombre invalide pour le paramètre target, les numéros de migration sont 0 ou {}",
    "migrations_cant_reach_migration_file": "Impossible d’accéder aux fichiers de migrations avec le chemin %s",
    "migrations_current_target": "La cible de migration est {}",
    "migrations_error_failed_to_load_migration": "ERREUR : échec du chargement de migration {number} {name}",
    "migrations_forward": "Migration en avant",
-    "migrations_loading_migration": "Chargement de la migration {number} {name}…",
+    "migrations_loading_migration": "Chargement de la migration {number} {name} …",
-    "migrations_migration_has_failed": "La migration {number} {name} a échoué avec l’exception {exception}, annulation",
+    "migrations_migration_has_failed": "La migration {number} {name} a échoué avec l’exception {exception} : annulation",
    "migrations_no_migrations_to_run": "Aucune migration à lancer",
-    "migrations_show_currently_running_migration": "Application de la migration {number} {name}…",
+    "migrations_show_currently_running_migration": "Application de la migration {number} {name} …",
    "migrations_show_last_migration": "La dernière migration appliquée est {}",
-    "migrations_skip_migration": "Omission de la migration {number} {name}…",
+    "migrations_skip_migration": "Ignorer et passer la migration {number} {name}…",
-    "server_shutdown": "Le serveur sera éteint",
+    "server_shutdown": "Le serveur va éteindre",
-    "server_shutdown_confirm": "Le serveur immédiatement être éteint, le voulez-vous vraiment ? [{answers:s}]",
+    "server_shutdown_confirm": "Le serveur va être éteint immédiatement, le voulez-vous vraiment ? [{answers:s}]",
    "server_reboot": "Le serveur va redémarrer",
    "server_reboot_confirm": "Le serveur va redémarrer immédiatement, le voulez-vous vraiment ? [{answers:s}]",
    "app_upgrade_some_app_failed": "Impossible de mettre à jour certaines applications",
    "ask_path": "Chemin",
    "dyndns_could_not_check_provide": "Impossible de vérifier si {provider:s} peut fournir {domain:s}.",
    "dyndns_domain_not_provided": "Le fournisseur DynDNS {provider:s} ne peut pas fournir le domaine {domain:s}.",
-    "app_make_default_location_already_used": "Impossible de configurer l’application '{app}' par défaut pour le domaine {domain} car déjà utilisé par l'application '{other_app}'",
+    "app_make_default_location_already_used": "Impossible de configurer l’application '{app}' par défaut pour le domaine {domain} car il est déjà utilisé par l'application '{other_app}'",
    "app_upgrade_app_name": "Mise à jour de l’application {app} …",
-    "backup_output_symlink_dir_broken": "Vous avez un lien symbolique cassé à la place de votre dossier d’archives '{path:s}'. Vous pourriez avoir une configuration personnalisée pour sauvegarder vos données sur un autre système de fichiers, dans ce cas, vous avez probablement oublié de monter ou de connecter votre disque dur ou votre clef USB.",
+    "backup_output_symlink_dir_broken": "Vous avez un lien symbolique cassé à la place de votre dossier d’archives « {path:s} ». Vous pourriez avoir une configuration personnalisée pour sauvegarder vos données sur un autre système de fichiers, dans ce cas, vous avez probablement oublié de monter ou de connecter votre disque dur ou votre clé USB.",
    "migrate_tsig_end": "La migration à hmac-sha512 est terminée",
-    "migrate_tsig_failed": "La migration du domaine DynDNS {domain} à hmac-sha512 a échoué, annulation des modifications. Erreur : {error_code} - {error}",
+    "migrate_tsig_failed": "La migration du domaine DynDNS {domain} à hmac-sha512 a échoué. Annulation des modifications. Erreur : {error_code} - {error}",
-    "migrate_tsig_start": "L’algorithme de génération des clefs n’est pas suffisamment sécurisé pour la signature TSIG du domaine « {domain} », lancement de la migration vers hmac-sha512 qui est plus sécurisé",
+    "migrate_tsig_start": "L’algorithme de génération des clefs n’est pas suffisamment sécurisé pour la signature TSIG du domaine '{domain}', lancement de la migration vers hmac-sha512 qui est plus sécurisé",
    "migrate_tsig_wait": "Attendre 3 minutes pour que le serveur DynDNS prenne en compte la nouvelle clef …",
    "migrate_tsig_wait_2": "2 minutes …",
    "migrate_tsig_wait_3": "1 minute …",
    "migrate_tsig_wait_4": "30 secondes  …",
    "migrate_tsig_not_needed": "Il ne semble pas que vous utilisez un domaine DynDNS, donc aucune migration n’est nécessaire !",
    "app_checkurl_is_deprecated": "Packagers /!\\  'app checkurl' est obsolète ! Utilisez 'app register-url' en remplacement !",
-    "migration_description_0001_change_cert_group_to_sslcert": "Change les permissions de groupe des certificats de 'metronome' à 'ssl-cert'",
+    "migration_description_0001_change_cert_group_to_sslcert": "Changement des permissions de groupe des certificats de « metronome » à « ssl-cert »",
-    "migration_description_0002_migrate_to_tsig_sha256": "Améliore la sécurité de DynDNS TSIG en utilisant SHA512 au lieu de MD5",
+    "migration_description_0002_migrate_to_tsig_sha256": "Amélioration de la sécurité de DynDNS TSIG en utilisant SHA512 au lieu de MD5",
    "migration_description_0003_migrate_to_stretch": "Mise à niveau du système vers Debian Stretch et YunoHost 3.0",
    "migration_0003_backward_impossible": "La migration Stretch n’est pas réversible.",
    "migration_0003_start": "Démarrage de la migration vers Stretch. Les journaux seront disponibles dans {logfile}.",
-    "migration_0003_patching_sources_list": "Modification de sources.lists …",
+    "migration_0003_patching_sources_list": "Modification du fichier sources.lists …",
    "migration_0003_main_upgrade": "Démarrage de la mise à niveau principale …",
    "migration_0003_fail2ban_upgrade": "Démarrage de la mise à niveau de fail2ban …",
    "migration_0003_restoring_origin_nginx_conf": "Votre fichier /etc/nginx/nginx.conf a été modifié d’une manière ou d’une autre. La migration va d’abords le réinitialiser à son état initial. Le fichier précédent sera disponible en tant que {backup_dest}.",
-    "migration_0003_yunohost_upgrade": "Démarrage de la mise à niveau du paquet YunoHost. La migration se terminera, mais la mise à jour réelle aura lieu immédiatement après. Après cette opération terminée, vous pourriez avoir à vous reconnecter à l’administration via le panel web.",
+    "migration_0003_yunohost_upgrade": "Démarrage de la mise à niveau du paquet YunoHost. La migration se terminera, mais la mise à jour réelle aura lieu immédiatement après. Une fois cette opération terminée, vous pourriez avoir à vous reconnecter à l’administration via le panel web.",
    "migration_0003_not_jessie": "La distribution Debian actuelle n’est pas Jessie !",
    "migration_0003_system_not_fully_up_to_date": "Votre système n’est pas complètement à jour. Veuillez mener une mise à jour classique avant de lancer à migration à Stretch.",
-    "migration_0003_still_on_jessie_after_main_upgrade": "Quelque chose s’est ma passé pendant la mise à niveau principale : le système est toujours sur Jessie ?!? Pour investiguer le problème, veuillez regarder les journaux {log} 🙁…",
+    "migration_0003_still_on_jessie_after_main_upgrade": "Quelque chose s’est mal passé pendant la mise à niveau principale : le système est toujours sur Jessie !? Pour investiguer sur problème, veuillez regarder les journaux {log}:s…",
-    "migration_0003_general_warning": "Veuillez noter que cette migration est une opération délicate. Si l’équipe YunoHost a fait de son mieux pour la relire et la tester, la migration pourrait tout de même casser des parties de votre système ou de vos applications.\n\nEn conséquence, nous vous recommandons :\n    - de lancer une sauvegarde de vos données ou applications critiques. Plus d’informations sur https://yunohost.org/backup ;\n    - d’être patient après avoir lancé la migration : selon votre connexion internet et matériel, cela pourrait prendre jusqu’à quelques heures pour que tout soit à niveau.\n\nDe plus, le port SMTP utilisé par les clients de messagerie externes comme (Thunderbird ou K9-Mail) a été changé de 465 (SSL/TLS) à 587 (STARTTLS). L’ancien port 465 sera automatiquement fermé et le nouveau port 587 sera ouvert dans le pare-feu. Vous et vos utilisateurs *devront* adapter la configuration de vos clients de messagerie en conséquence !",
+    "migration_0003_general_warning": "Veuillez noter que cette migration est une opération délicate. Si l’équipe YunoHost a fait de son mieux pour la relire et la tester, la migration pourrait tout de même casser des parties de votre système ou de vos applications.\n\nEn conséquence, nous vous recommandons :\n    - de lancer une sauvegarde de vos données ou applications critiques. Plus d’informations sur https://yunohost.org/backup ;\n    - d’être patient après avoir lancé la migration : selon votre connexion internet et matériel, cela pourrait prendre jusqu’à quelques heures pour que tout soit à niveau.\n\nEn outre, le port SMTP utilisé par les clients de messagerie externes comme (Thunderbird ou K9-Mail) a été changé de 465 (SSL/TLS) à 587 (STARTTLS). L’ancien port 465 sera automatiquement fermé et le nouveau port 587 sera ouvert dans le pare-feu. Vous et vos utilisateurs *devront* adapter la configuration de vos clients de messagerie en conséquence !",
-    "migration_0003_problematic_apps_warning": "Veuillez noter que les applications suivantes, éventuellement problématiques, ont été détectées. Il semble qu’elles n’aient pas été installées depuis une liste d’application ou qu’elles ne soit pas marquées «working ». En conséquence, nous ne pouvons pas garantir qu’elles fonctionneront après la mise à niveau : {problematic_apps}",
+    "migration_0003_problematic_apps_warning": "Veuillez noter que des applications possiblement problématiques ont été détectées. Il semble qu’elles n’aient pas été installées depuis une liste d’application ou qu’elles ne soit pas marquées comme « fonctionnelles ». En conséquence, nous ne pouvons pas garantir qu’elles fonctionneront après la mise à niveau : {problematic_apps}",
    "migration_0003_modified_files": "Veuillez noter que les fichiers suivants ont été détectés comme modifiés manuellement et pourraient être écrasés à la fin de la mise à niveau : {manually_modified_files}",
    "migrations_list_conflict_pending_done": "Vous ne pouvez pas utiliser --previous et --done simultanément.",
-    "migrations_to_be_ran_manually": "La migration {number} {name} doit être lancée manuellement. Veuillez aller dans Outils > Migration dans l’interface admin, ou lancer `yunohost tools migrations migrate`.",
+    "migrations_to_be_ran_manually": "La migration {number} {name} doit être lancée manuellement. Veuillez aller dans Outils > Migrations dans l’interface admin, ou lancer `yunohost tools migrations migrate`.",
    "migrations_need_to_accept_disclaimer": "Pour lancer la migration {number} {name}, vous devez accepter cette clause de non-responsabilité :\n---\n{disclaimer}\n---\nSi vous acceptez de lancer la migration, veuillez relancer la commande avec l’option --accept-disclaimer.",
    "service_description_avahi-daemon": "permet d’atteindre votre serveur via yunohost.local sur votre réseau local",
-    "service_description_dnsmasq": "assure la résolution des noms de domaine (DNS)",
+    "service_description_dnsmasq": "gère la résolution des noms de domaine (DNS)",
    "service_description_dovecot": "permet aux clients de messagerie d’accéder/récupérer les courriels (via IMAP et POP3)",
    "service_description_fail2ban": "protège contre les attaques brute-force et autres types d’attaques venant d’Internet",
    "service_description_glances": "surveille les informations système de votre serveur",
@ -410,43 +410,43 @@
    "service_description_nslcd": "gère la connexion en ligne de commande des utilisateurs YunoHost",
    "service_description_php5-fpm": "exécute des applications écrites en PHP avec nginx",
    "service_description_postfix": "utilisé pour envoyer et recevoir des courriels",
-    "service_description_redis-server": "une base de donnée spécialisée utilisée pour l’accès rapide aux données, les files d’attentes et la communication inter-programmes",
+    "service_description_redis-server": "une base de données spécialisée utilisée pour l’accès rapide aux données, les files d’attentes et la communication entre les programmes",
    "service_description_rmilter": "vérifie divers paramètres dans les courriels",
    "service_description_rspamd": "filtre le pourriel, et d’autres fonctionnalités liées au courriel",
    "service_description_slapd": "stocke les utilisateurs, domaines et leurs informations liées",
    "service_description_ssh": "vous permet de vous connecter à distance à votre serveur via un terminal (protocole SSH)",
    "service_description_yunohost-api": "permet les interactions entre l’interface web de YunoHost et le système",
-    "service_description_yunohost-firewall": "gère les ports de connexion ouverts et fermés aux services",
+    "service_description_yunohost-firewall": "gère l'ouverture et la fermeture des ports de connexion aux services",
    "experimental_feature": "Attention : cette fonctionnalité est expérimentale et ne doit pas être considérée comme stable, vous ne devriez pas l’utiliser à moins que vous ne sachiez ce que vous faites.",
-    "log_corrupted_md_file": "Le fichier yaml de metadata associé aux logs est corrompu : {md_file}",
+    "log_corrupted_md_file": "Le fichier yaml de metadata associé aux logs est corrompu : '{md_file}'",
    "log_category_404": "Le journal de la catégorie '{category}' n’existe pas",
-    "log_link_to_log": "Log complet de cette opération : '<a href=\"#/tools/logs/{name}\" style=\"text-decoration:underline\"> {desc} </a>'",
+    "log_link_to_log": "Journal historisé complet de cette opération : '<a href=\"#/tools/logs/{name}\" style=\"text-decoration:underline\"> {desc} </a>'",
-    "log_help_to_get_log": "Pour voir le log de cette opération '{desc}', utiliser la commande 'yunohost log display {name}'",
+    "log_help_to_get_log": "Pour voir le journal historisé de cette opération '{desc}', utilisez la commande 'yunohost log display {name}'",
-    "log_link_to_failed_log": "L’opération  '{desc}' a échouée ! Pour avoir de l’aide, merci <a href=\"#/tools/logs/{name}\"> de fournir le log complet de l’opération en cliquant ici</a>",
+    "log_link_to_failed_log": "L’opération '{desc}' a échouée ! Pour avoir de l’aide, merci <a href=\"#/tools/logs/{name}\"> de fournir le journal historisé complet de l’opération en cliquant ici</a>",
    "backup_php5_to_php7_migration_may_fail": "Impossible de convertir votre archive pour prendre en charge php7, vos applications php pourraient ne pas être restaurées (reason: {error:s})",
-    "log_help_to_get_failed_log": "L’opération '{desc}' a échouée ! Pour avoir de l’aide, merci de partager le log de cette opération en utilisant la commande 'yunohost log display {name} --share'",
+    "log_help_to_get_failed_log": "L’opération '{desc}' a échouée ! Pour avoir de l’aide, merci de partager le journal historisé de cette opération en utilisant la commande 'yunohost log display {name} --share'",
-    "log_does_exists": "Il n’existe pas de log de l’opération ayant pour nom  '{log}', utiliser 'yunohost log list pour voir tous les fichiers de logs disponibles'",
+    "log_does_exists": "Il n’existe pas de journal historisé de l’opération ayant pour nom '{log}', utiliser 'yunohost log list pour voir tous les fichiers de journaux historisés disponibles'",
    "log_operation_unit_unclosed_properly": "L’opération ne s’est pas terminée correctement",
-    "log_app_addaccess": "Ajouter l’accès à  '{}'",
+    "log_app_addaccess": "Ajouter l’accès à '{}'",
-    "log_app_removeaccess": "Enlever l’accès à  '{}'",
+    "log_app_removeaccess": "Enlever l’accès à '{}'",
    "log_app_clearaccess": "Retirer tous les accès à '{}'",
    "log_app_fetchlist": "Ajouter une liste d’application",
    "log_app_removelist": "Enlever une liste d’application",
-    "log_app_change_url": "Changer l’url de l’application '{}'",
+    "log_app_change_url": "Changer l’URL de l’application '{}'",
    "log_app_install": "Installer l’application '{}'",
    "log_app_remove": "Enlever l’application '{}'",
    "log_app_upgrade": "Mettre à jour l’application '{}'",
-    "log_app_makedefault": "Faire de '{}'  l’application par défaut",
+    "log_app_makedefault": "Faire de '{}' l’application par défaut",
-    "log_available_on_yunopaste": "Le log est désormais disponible via {url}",
+    "log_available_on_yunopaste": "Le journal historisé est désormais disponible via {url}",
    "log_backup_restore_system": "Restaurer le système depuis une archive de sauvegarde",
    "log_backup_restore_app": "Restaurer '{}' depuis une sauvegarde",
-    "log_remove_on_failed_restore": "Retirer '{}' après la restauration depuis une sauvegarde qui a échouée",
+    "log_remove_on_failed_restore": "Retirer '{}' après un échec de restauration depuis une archive de sauvegarde",
    "log_remove_on_failed_install": "Enlever '{}' après une installation échouée",
    "log_domain_add": "Ajouter le domaine '{}' dans la configuration du système",
    "log_domain_remove": "Enlever le domaine '{}' de la configuration du système",
    "log_dyndns_subscribe": "Souscrire au sous-domaine YunoHost '{}'",
    "log_dyndns_update": "Mettre à jour l’adresse IP associée à votre sous-domaine YunoHost '{}'",
-    "log_letsencrypt_cert_install": "Installer le certificat Let’s  Encrypt sur le domaine '{}'",
+    "log_letsencrypt_cert_install": "Installer le certificat Let’s Encrypt sur le domaine '{}'",
    "log_selfsigned_cert_install": "Installer le certificat auto-signé sur le domaine '{}'",
    "log_letsencrypt_cert_renew": "Renouveler le certificat Let’s Encrypt de '{}'",
    "log_service_enable": "Activer le service '{}'",
@ -461,27 +461,27 @@
    "log_tools_upgrade": "Mise à jour des paquets Debian",
    "log_tools_shutdown": "Éteindre votre serveur",
    "log_tools_reboot": "Redémarrer votre serveur",
-    "mail_unavailable": "Cette adresse mail est réservée et doit être automatiquement attribuée au tout premier utilisateur",
+    "mail_unavailable": "Cette adresse de courriel est réservée et doit être automatiquement attribuée au tout premier utilisateur",
-    "migration_description_0004_php5_to_php7_pools": "Reconfigurez le pool PHP pour utiliser PHP 7 au lieu de 5",
+    "migration_description_0004_php5_to_php7_pools": "Reconfiguration des pools PHP pour utiliser PHP 7 au lieu de PHP 5",
-    "migration_description_0005_postgresql_9p4_to_9p6": "Migration des bases de données de postgresql 9.4 vers 9.6",
+    "migration_description_0005_postgresql_9p4_to_9p6": "Migration des bases de données de PostgreSQL 9.4 vers PostgreSQL 9.6",
-    "migration_0005_postgresql_94_not_installed": "Postgresql n’a pas été installé sur votre système. Rien à faire !",
+    "migration_0005_postgresql_94_not_installed": "PostgreSQL n’a pas été installé sur votre système. Rien à faire !",
-    "migration_0005_postgresql_96_not_installed": "Postgresql 9.4 a été trouvé et installé, mais pas Postgresql 9.6 !? Quelque chose d’étrange a dû arriver à votre système :( …",
+    "migration_0005_postgresql_96_not_installed": "PostgreSQL 9.4 a été trouvé et installé, mais pas PostgreSQL 9.6 !? Quelque chose d’étrange a dû arriver à votre système :( …",
    "migration_0005_not_enough_space": "Il n’y a pas assez d’espace libre de disponible sur {path} pour lancer maintenant la migration :(.",
-    "recommend_to_add_first_user": "La post-installation est terminée, mais YunoHost a besoin d’au moins un utilisateur pour fonctionner correctement. Vous devez en ajouter un en utilisant « yunohost user create » ou l’interface d’administration.",
+    "recommend_to_add_first_user": "La post-installation est terminée. YunoHost a besoin d’au moins un utilisateur pour fonctionner correctement. Vous devez en ajouter un en utilisant 'yunohost user create' ou bien via l’interface d’administration web.",
-    "service_description_php7.0-fpm": "exécute des applications écrites en PHP avec nginx",
+    "service_description_php7.0-fpm": "exécute des applications écrites en PHP avec Nginx",
    "users_available": "Liste des utilisateurs disponibles :",
-    "good_practices_about_admin_password": "Vous êtes maintenant sur le point de définir un nouveau mot de passe d’administration. Le mot de passe doit comporter au moins 8 caractères – bien qu’il soit recommandé d’utiliser un mot de passe plus long (c’est-à-dire une phrase de chiffrement) et/ou d’utiliser différents types de caractères (majuscules, minuscules, chiffres et caractères spéciaux).",
+    "good_practices_about_admin_password": "Vous êtes maintenant sur le point de définir un nouveau mot de passe d’administration. Le mot de passe doit comporter au moins 8 caractères – bien qu’il soit recommandé d’utiliser un mot de passe plus long (c’est-à-dire une phrase secrète) et/ou d’utiliser différents types de caractères (majuscules, minuscules, chiffres et caractères spéciaux).",
-    "good_practices_about_user_password": "Vous êtes maintenant sur le point de définir un nouveau mot de passe utilisateur. Le mot de passe doit comporter au moins 8 caractères - bien qu'il soit recommandé d'utiliser un mot de passe plus long (c'est-à-dire une phrase secrète) et/ou d'utiliser différents types de caractères (majuscules, minuscules, chiffres et caractères spéciaux).",
+    "good_practices_about_user_password": "Vous êtes maintenant sur le point de définir un nouveau mot de passe utilisateur. Le mot de passe doit comporter au moins 8 caractères — bien qu’il soit recommandé d’utiliser un mot de passe plus long (c’est-à-dire une phrase secrète) et/ou d’utiliser différents types de caractères (majuscules, minuscules, chiffres et caractères spéciaux).",
    "migration_description_0006_sync_admin_and_root_passwords": "Synchroniser les mots de passe admin et root",
-    "migration_0006_disclaimer": "Yunohost s’attend maintenant à ce que les mots de passe admin et root soient synchronisés. En exécutant cette migration, votre mot de passe root sera remplacé par le mot de passe administrateur.",
+    "migration_0006_disclaimer": "YunoHost s’attendra désormais à ce que les mots de passe admin et root soient synchronisés. En exécutant cette migration, votre mot de passe root sera remplacé par le mot de passe administrateur.",
    "migration_0006_done": "Votre mot de passe root a été remplacé par celui de votre adminitrateur.",
-    "password_listed": "Ce mot de passe est l'un des mots de passe les plus utilisés dans le monde. Veuillez choisir quelque chose d'un peu plus unique.",
+    "password_listed": "Ce mot de passe est l'un des mots de passe les plus utilisés dans le monde. Veuillez choisir quelque chose d'un peu plus singulier.",
    "password_too_simple_1": "Le mot de passe doit comporter au moins 8 caractères",
    "password_too_simple_2": "Le mot de passe doit comporter au moins 8 caractères et contenir des chiffres, des majuscules et des minuscules",
    "password_too_simple_3": "Le mot de passe doit comporter au moins 8 caractères et contenir des chiffres, des majuscules, des minuscules et des caractères spéciaux",
    "password_too_simple_4": "Le mot de passe doit comporter au moins 12 caractères et contenir des chiffres, des majuscules, des minuscules et des caractères spéciaux",
-    "root_password_desynchronized": "Le mot de passe administrateur a été changé, mais YunoHost n’a pas pu le propager sur le mot de passe root !",
+    "root_password_desynchronized": "Le mot de passe administrateur a été changé, mais YunoHost n’a pas pu le propager au mot de passe root !",
-    "aborting": "Interruption de la procédure.",
+    "aborting": "Interruption.",
    "app_not_upgraded": "Les applications suivantes n'ont pas été mises à jour : {apps}",
    "app_start_install": "Installation de l'application {app} …",
    "app_start_remove": "Suppression de l'application {app} …",
@ -492,9 +492,9 @@
    "ask_new_path": "Nouveau chemin",
    "backup_actually_backuping": "Création d'une archive de sauvegarde à partir des fichiers collectés …",
    "backup_mount_archive_for_restore": "Préparation de l'archive pour restauration …",
-    "confirm_app_install_warning": "Avertissement : cette application peut fonctionner mais n'est pas bien intégrée dans YunoHost. Certaines fonctionnalités telles que l'authentification unique et la sauvegarde/restauration peuvent ne pas être disponibles. L'installer quand même ? [{réponses:s}] ",
+    "confirm_app_install_warning": "Avertissement : cette application peut fonctionner mais n'est pas bien intégrée dans YunoHost. Certaines fonctionnalités telles que l'authentification unique et la sauvegarde/restauration peuvent ne pas être disponibles. L'installer quand même ? [{answers:s}] ",
    "confirm_app_install_danger": "AVERTISSEMENT ! Cette application est encore expérimentale (explicitement, elle ne fonctionne pas) et risque de casser votre système ! Vous ne devriez probablement PAS l'installer sans savoir ce que vous faites. Êtes-vous prêt à prendre ce risque ? [{answers:s}] ",
-    "confirm_app_install_thirdparty": "AVERTISSEMENT ! L'installation d'applications tierces peut compromettre l'intégrité et la sécurité de votre système. Vous ne devriez probablement PAS l'installer si vous ne savez pas ce que vous faites. Êtes-vous prêt à prendre ce risque ? [{réponses:s}] ",
+    "confirm_app_install_thirdparty": "AVERTISSEMENT ! L'installation d'applications tierces peut compromettre l'intégrité et la sécurité de votre système. Vous ne devriez probablement PAS l'installer si vous ne savez pas ce que vous faites. Êtes-vous prêt à prendre ce risque ? [{answers:s}] ",
    "dpkg_is_broken": "Vous ne pouvez pas faire ça maintenant car dpkg/apt (le gestionnaire de paquets du système) semble avoir laissé des choses non configurées. Vous pouvez essayer de résoudre ce problème en vous connectant via SSH et en exécutant `sudo dpkg --configure -a'.",
    "dyndns_could_not_check_available": "Impossible de vérifier si {domain:s} est disponible chez {provider:s}.",
    "file_does_not_exist": "Le fichier dont le chemin est {path:s} n'existe pas.",
@ -516,11 +516,11 @@
    "pattern_password_app": "Désolé, les mots de passe ne doivent pas contenir les caractères suivants : {forbidden_chars}",
    "root_password_replaced_by_admin_password": "Votre mot de passe root a été remplacé par votre mot de passe administrateur.",
    "service_conf_now_managed_by_yunohost": "Le fichier de configuration '{conf}' est maintenant géré par YunoHost.",
-    "service_reload_failed": "Impossible de recharger le service '{service:s}'.\n\nJournaux récents de ce service : {logs:s}",
+    "service_reload_failed": "Impossible de recharger le service '{service:s}'.\n\nJournaux historisés récents de ce service : {logs:s}",
    "service_reloaded": "Le service '{service:s}' a été rechargé",
-    "service_restart_failed": "Impossible de redémarrer le service '{service:s}'\n\nJournaux récents de ce service : {logs:s}",
+    "service_restart_failed": "Impossible de redémarrer le service '{service:s}'\n\nJournaux historisés récents de ce service : {logs:s}",
    "service_restarted": "Le service '{service:s}' a été redémarré",
-    "service_reload_or_restart_failed": "Impossible de recharger ou de redémarrer le service '{service:s}'\n\nJournaux récents de ce service : {logs:s}",
+    "service_reload_or_restart_failed": "Impossible de recharger ou de redémarrer le service '{service:s}'\n\nJournaux historisés récents de ce service : {logs:s}",
    "service_reloaded_or_restarted": "Le service '{service:s}' a été rechargé ou redémarré",
-    "this_action_broke_dpkg": "Cette action a laissé des paquets non configurés par dpkg/apt (les gestionnaires de paquets système). Vous pouvez essayer de résoudre ce problème en vous connectant via SSH et en exécutant `sudo dpkg --configure -a'."
+    "this_action_broke_dpkg": "Cette action a laissé des paquets non configurés par dpkg/apt (les gestionnaires de paquets système). Vous pouvez essayer de résoudre ce problème en vous connectant via SSH et en exécutant `sudo dpkg --configure -a`."
 }
--- a/locales/it.json
+++ b/locales/it.json
@ -26,7 +26,7 @@
    "service_stop_failed": "Impossibile fermare il servizio '{service:s}'\n\nRegistri di servizio recenti:{logs:s}",
    "system_username_exists": "il nome utente esiste già negli utenti del sistema",
    "unrestore_app": "L'applicazione '{app:s}' non verrà ripristinata",
-    "upgrading_packages": "Aggiornamento dei pacchetti...",
+    "upgrading_packages": "Aggiornamento dei pacchetti…",
    "user_deleted": "L'utente è stato cancellato",
    "admin_password": "Password dell'amministrazione",
    "admin_password_change_failed": "Impossibile cambiare la password",
@ -47,7 +47,7 @@
    "appslist_fetched": "La lista delle applicazioni {appslist:s} è stata recuperata",
    "appslist_removed": "La lista delle applicazioni {appslist:s} è stata rimossa",
    "app_package_need_update": "Il pacchetto dell'applicazione {app} deve essere aggiornato per seguire i cambiamenti di YunoHost",
-    "app_requirements_checking": "Controllo i pacchetti richiesti per {app}...",
+    "app_requirements_checking": "Controllo i pacchetti richiesti per {app}…",
    "app_requirements_failed": "Impossibile soddisfare i requisiti per {app}: {error}",
    "app_requirements_unmeet": "Requisiti non soddisfatti per {app}, il pacchetto {pkgname} ({version}) deve essere {spec}",
    "appslist_unknown": "Lista di applicazioni {appslist:s} sconosciuta.",
@ -72,16 +72,16 @@
    "backup_archive_name_unknown": "Archivio di backup locale chiamato '{name:s}' sconosciuto",
    "backup_archive_open_failed": "Non è possibile aprire l'archivio di backup",
    "backup_cleaning_failed": "Non è possibile pulire la directory temporanea di backup",
-    "backup_creating_archive": "Creazione del archivio di backup...",
+    "backup_creating_archive": "Creazione del archivio di backup…",
    "backup_creation_failed": "La creazione del backup è fallita",
    "backup_delete_error": "Impossibile cancellare '{path:s}'",
    "backup_deleted": "Il backup è stato cancellato",
-    "backup_extracting_archive": "Estrazione del archivio di backup...",
+    "backup_extracting_archive": "Estrazione del archivio di backup…",
    "backup_hook_unknown": "Hook di backup '{hook:s}' sconosciuto",
    "backup_nothings_done": "Non c'è niente da salvare",
    "backup_output_directory_forbidden": "Directory di output vietata. I backup non possono esser creati nelle sotto-cartelle /bin, /boot, /dev, /etc, /lib, /root, /run, /sbin, /sys, /usr, /var o /home/yunohost.backup/archives",
    "backup_output_directory_required": "Devi fornire una directory di output per il backup",
-    "backup_running_hooks": "Esecuzione dei hook di backup...",
+    "backup_running_hooks": "Esecuzione degli hook di backup…",
    "custom_app_url_required": "Devi fornire un URL per essere in grado di aggiornare l'applicazione personalizzata {app:s}",
    "custom_appslist_name_required": "Devi fornire un nome per la lista di applicazioni personalizzata",
    "diagnosis_debian_version_error": "Impossibile riportare la versione di Debian: {error}",
@ -103,21 +103,21 @@
    "domain_zone_not_found": "Il file di zona DNS non è stato trovato per il dominio {:s}",
    "done": "Terminato",
    "domains_available": "Domini disponibili:",
-    "downloading": "Scaricamento...",
+    "downloading": "Scaricamento…",
    "dyndns_cron_installed": "Il cronjob DynDNS è stato installato",
    "dyndns_cron_remove_failed": "Impossibile rimuovere il cronjob DynDNS",
    "dyndns_cron_removed": "Il cronjob DynDNS è stato rimosso",
    "dyndns_ip_update_failed": "Impossibile aggiornare l'indirizzo IP in DynDNS",
    "dyndns_ip_updated": "Il tuo indirizzo IP è stato aggiornato in DynDNS",
-    "dyndns_key_generating": "La chiave DNS sta generando, potrebbe richiedere del tempo...",
+    "dyndns_key_generating": "Si sta generando la chiave DNS, potrebbe richiedere del tempo…",
    "dyndns_key_not_found": "La chiave DNS non è stata trovata per il dominio",
    "dyndns_no_domain_registered": "Nessuno dominio è stato registrato con DynDNS",
    "dyndns_registered": "Il dominio DynDNS è stato registrato",
    "dyndns_registration_failed": "Non è possibile registrare il dominio DynDNS: {error:s}",
    "dyndns_unavailable": "Dominio {domain:s} non disponibile.",
-    "executing_command": "Esecuzione del comando '{command:s}'...",
+    "executing_command": "Esecuzione del comando '{command:s}'…",
-    "executing_script": "Esecuzione dello script '{script:s}'...",
+    "executing_script": "Esecuzione dello script '{script:s}'…",
-    "extracting": "Estrazione...",
+    "extracting": "Estrazione…",
    "field_invalid": "Campo '{:s}' non valido",
    "firewall_reload_failed": "Impossibile ricaricare il firewall",
    "firewall_reloaded": "Il firewall è stato ricaricato",
@ -187,8 +187,8 @@
    "package_unexpected_error": "Un'errore inaspettata si è verificata durante il trattamento del pacchetto '{pkgname}'",
    "restore_hook_unavailable": "Lo script di ripristino per '{part:s}' non è disponibile per il tuo sistema e non è nemmeno nell'archivio",
    "restore_nothings_done": "Non è stato ripristinato nulla",
-    "restore_running_app_script": "Esecuzione dello script di ripristino dell'applcicazione '{app:s}'...",
+    "restore_running_app_script": "Esecuzione dello script di ripristino dell'applicazione '{app:s}'…",
-    "restore_running_hooks": "Esecuzione dei hook di ripristino...",
+    "restore_running_hooks": "Esecuzione degli hook di ripristino…",
    "service_added": "Il servizio '{service:s}' è stato aggiunto",
    "service_already_started": "Il servizio '{service:s}' è già stato avviato",
    "service_already_stopped": "Il servizio '{service:s}' è già stato fermato",
@ -207,9 +207,9 @@
    "service_enable_failed": "Impossibile abilitare il servizio '{service:s}'\n\nRegistri di servizio recenti:{logs:s}",
    "service_enabled": "Il servizio '{service:s}' è stato attivato",
    "service_no_log": "Nessuno registro da visualizzare per il servizio '{service:s}'",
-    "service_regenconf_dry_pending_applying": "Verificazione della configurazione in attesa che sarebbe stata applicata per il servizio '{service}'...",
+    "service_regenconf_dry_pending_applying": "Verifica della configurazione in sospeso che sarebbe stata applicata per il servizio '{service}'…",
    "service_regenconf_failed": "Impossibile rigenerare la configurazione per il/i servizio/i: {services}",
-    "service_regenconf_pending_applying": "Applicazione della configurazione in attesa per il servizio '{service}'...",
+    "service_regenconf_pending_applying": "Applicazione della configurazione in sospeso per il servizio '{service}'…",
    "service_start_failed": "Impossibile eseguire il servizio '{service:s}'\n\nRegistri di servizio recenti:{logs:s}",
    "service_started": "Il servizio '{service:s}' è stato avviato",
    "service_status_failed": "Impossibile determinare lo stato del servizio '{service:s}'",
@ -225,7 +225,7 @@
    "unit_unknown": "Unità '{unit:s}' sconosciuta",
    "unlimit": "Nessuna quota",
    "update_cache_failed": "Impossibile aggiornare la cache APT",
-    "updating_apt_cache": "Aggiornamento della lista dei pacchetti disponibili...",
+    "updating_apt_cache": "Recupero degli aggiornamenti disponibili per i pacchietti di sistema…",
    "upgrade_complete": "Aggiornamento completo",
    "upnp_dev_not_found": "Nessuno supporto UPnP trovato",
    "upnp_disabled": "UPnP è stato disattivato",
@ -241,13 +241,13 @@
    "yunohost_already_installed": "YunoHost è già installato",
    "yunohost_ca_creation_failed": "Impossibile creare una certificate authority",
    "yunohost_configured": "YunoHost è stato configurato",
-    "yunohost_installing": "Installazione di YunoHost...",
+    "yunohost_installing": "Installazione di YunoHost…",
    "yunohost_not_installed": "YunoHost non è o non corretamente installato. Esegui 'yunohost tools postinstall'",
    "domain_cert_gen_failed": "Impossibile generare il certificato",
    "certmanager_attempt_to_replace_valid_cert": "Stai provando a sovrascrivere un certificato buono e valido per il dominio {domain:s}! (Usa --force per ignorare)",
    "certmanager_domain_unknown": "Dominio {domain:s} sconosciuto",
    "certmanager_domain_cert_not_selfsigned": "Il ceritifcato per il dominio {domain:s} non è auto-firmato. Sei sicuro di volere sostituirlo? (Usa --force)",
-    "certmanager_certificate_fetching_or_enabling_failed": "L'attivazione del nuovo certificato per {domain:s} sembra fallita in qualche modo...",
+    "certmanager_certificate_fetching_or_enabling_failed": "L'attivazione del nuovo certificato per {domain:s} sembra fallita per qualche motivo…",
    "certmanager_attempt_to_renew_nonLE_cert": "Il certificato per il dominio {domain:s} non è emesso da Let's Encrypt. Impossibile rinnovarlo automaticamente!",
    "certmanager_attempt_to_renew_valid_cert": "Il certificato per il dominio {domain:s} non è a scadere! Usa --force per ignorare",
    "certmanager_domain_http_not_working": "Sembra che non sia possibile accedere al dominio {domain:s} attraverso HTTP. Verifica la configurazione del DNS e di nginx",
@ -260,19 +260,19 @@
    "app_change_url_success": "URL dell'applicazione {app:s} cambiato con successo in {domain:s}{path:s}",
    "app_make_default_location_already_used": "Impostazione dell'applicazione '{app}' come predefinita del dominio {domain} non riuscita perchè è già stata impostata per l'altra applicazione '{other_app}'",
    "app_location_unavailable": "Questo URL non è disponibile o va in conflitto con la/le applicazione/i già installata/e:\n{apps:s}",
-    "app_upgrade_app_name": "Aggiornando l'applicazione {app}...",
+    "app_upgrade_app_name": "Aggiornando l'applicazione {app}…",
    "app_upgrade_some_app_failed": "Impossibile aggiornare alcune applicazioni",
    "appslist_corrupted_json": "Caricamento della lista delle applicazioni non riuscita. Sembra che {filename:s} sia corrotto.",
    "appslist_could_not_migrate": "Migrazione della lista delle applicazioni {appslist:s} non riuscita! Impossibile analizzare l'URL... La vecchia operazione pianificata è stata tenuta in {bkp_file:s}.",
-    "appslist_migrating": "Migrando la lista di applicazioni {appslist:s} ...",
+    "appslist_migrating": "Migrando la lista di applicazioni {appslist:s}…",
    "appslist_name_already_tracked": "C'è già una lista di applicazioni registrata con il nome {name:s}.",
    "appslist_url_already_tracked": "C'è già una lista di applicazioni registrata con URL {url:s}.",
    "ask_path": "Percorso",
    "backup_abstract_method": "Questo metodo di backup non è ancora stato implementato",
-    "backup_applying_method_borg": "Inviando tutti i file da salvare nel backup nel deposito borg-backup...",
+    "backup_applying_method_borg": "Inviando tutti i file da salvare nel backup nel deposito borg-backup…",
-    "backup_applying_method_copy": "Copiando tutti i files nel backup...",
+    "backup_applying_method_copy": "Copiando tutti i files nel backup…",
-    "backup_applying_method_custom": "Chiamando il metodo di backup personalizzato '{method:s}'...",
+    "backup_applying_method_custom": "Chiamando il metodo di backup personalizzato '{method:s}'…",
-    "backup_applying_method_tar": "Creando l'archivio tar del backup...",
+    "backup_applying_method_tar": "Creando l'archivio tar del backup…",
    "backup_archive_mount_failed": "Montaggio dell'archivio del backup non riuscito",
    "backup_archive_system_part_not_available": "La parte di sistema '{part:s}' non è disponibile in questo backup",
    "backup_archive_writing_error": "Impossibile aggiungere i file al backup nell'archivio compresso",
@ -298,5 +298,28 @@
    "backup_with_no_restore_script_for_app": "L'app {app:s} non ha script di ripristino, non sarai in grado di ripristinarla automaticamente dal backup di questa app.",
    "certmanager_acme_not_configured_for_domain": "Il certificato per il dominio {domain:s} non sembra essere correttamente installato. Per favore esegui cert-install per questo dominio prima.",
    "certmanager_cannot_read_cert": "Qualcosa è andato storto nel tentativo di aprire il certificato attuale per il dominio {domain:s} (file: {file:s}), motivo: {reason:s}",
-    "certmanager_cert_install_success": "Certificato Let's Encrypt per il dominio {domain:s} installato con successo!"
+    "certmanager_cert_install_success": "Certificato Let's Encrypt per il dominio {domain:s} installato con successo!",
    "aborting": "Annullamento.",
    "admin_password_too_long": "Per favore scegli una password più corta di 127 caratteri",
    "app_not_upgraded": "Le seguenti app non sono state aggiornate: {apps}",
    "app_start_install": "Installando l'applicazione {app}…",
    "app_start_remove": "Rimuovendo l'applicazione {app}…",
    "app_start_backup": "Raccogliendo file da salvare nel backup per {app}…",
    "app_start_restore": "Ripristinando l'applicazione {app}…",
    "app_upgrade_several_apps": "Le seguenti app saranno aggiornate : {apps}",
    "ask_new_domain": "Nuovo dominio",
    "ask_new_path": "Nuovo percorso",
    "backup_actually_backuping": "Creando un archivio di backup con i file raccolti…",
    "backup_mount_archive_for_restore": "Preparando l'archivio per il ripristino…",
    "certmanager_cert_install_success_selfsigned": "Certificato autofirmato installato con successo per il dominio {domain:s}!",
    "certmanager_cert_renew_success": "Certificato di Let's Encrypt rinnovato con successo per il dominio {domain:s}!",
    "certmanager_cert_signing_failed": "Firma del nuovo certificato fallita",
    "good_practices_about_user_password": "Ora stai per impostare una nuova password utente. La password dovrebbe essere di almeno 8 caratteri - anche se è buona pratica utilizzare password più lunghe (es. una sequenza di parole) e/o utilizzare vari tipi di caratteri (maiuscole, minuscole, numeri e simboli).",
    "password_listed": "Questa password è una tra le più utilizzate al mondo. Per favore scegline una più unica.",
    "password_too_simple_1": "La password deve essere lunga almeno 8 caratteri",
    "password_too_simple_2": "La password deve essere lunga almeno 8 caratteri e contenere numeri, maiuscole e minuscole",
    "password_too_simple_3": "La password deve essere lunga almeno 8 caratteri e contenere numeri, maiuscole e minuscole e simboli",
    "password_too_simple_4": "La password deve essere lunga almeno 12 caratteri e contenere numeri, maiuscole e minuscole",
    "users_available": "Utenti disponibili:",
    "yunohost_ca_creation_success": "L'autorità di certificazione locale è stata creata."
 }
--- a/locales/oc.json
+++ b/locales/oc.json
@ -13,7 +13,7 @@
    "app_not_properly_removed": "{app:s} es pas estat corrèctament suprimit",
    "app_removed": "{app:s} es estat suprimit",
    "app_unknown": "Aplicacion desconeguda",
-    "app_upgrade_app_name": "Mesa a jorn de l’aplicacion {app}...",
+    "app_upgrade_app_name": "Mesa a jorn de l’aplicacion {app}…",
    "app_upgrade_failed": "Impossible de metre a jorn {app:s}",
    "app_upgrade_some_app_failed": "D’aplicacions se pòdon pas metre a jorn",
    "app_upgraded": "{app:s} es estat mes a jorn",
@ -52,7 +52,7 @@
    "app_location_already_used": "L’aplicacion « {app} » es ja installada a aqueste emplaçament ({path})",
    "app_manifest_invalid": "Manifest d’aplicacion incorrècte : {error}",
    "app_package_need_update": "Lo paquet de l’aplicacion {app} deu èsser mes a jorn per seguir los cambiaments de YunoHost",
-    "app_requirements_checking": "Verificacion dels paquets requesida per {app}...",
+    "app_requirements_checking": "Verificacion dels paquets requesits per {app}…",
    "app_sources_fetch_failed": "Recuperacion dels fichièrs fonts impossibla",
    "app_unsupported_remote_type": "Lo tipe alonhat utilizat per l’aplicacion es pas suportat",
    "appslist_retrieve_error": "Impossible de recuperar la lista d’aplicacions alonhadas {appslist:s} : {error:s}",
@ -64,7 +64,7 @@
    "backup_cleaning_failed": "Impossible de netejar lo repertòri temporari de salvagarda",
    "backup_copying_to_organize_the_archive": "Còpia de {size:s} Mio per organizar l’archiu",
    "backup_created": "Salvagarda acabada",
-    "backup_creating_archive": "Creacion de l’archiu de salvagarda...",
+    "backup_creating_archive": "Creacion de l’archiu de salvagarda…",
    "backup_creation_failed": "Impossible de crear la salvagarda",
    "app_already_installed_cant_change_url": "Aquesta aplicacion es ja installada. Aquesta foncion pòt pas simplament cambiar l’URL. Agachatz « app changeurl » s’es disponible.",
    "app_change_no_change_url_script": "L’aplicacion {app_name:s} pren pas en compte lo cambiament d’URL, poiretz aver de la metre a jorn.",
@ -83,7 +83,7 @@
    "backup_output_directory_not_empty": "Lo dorsièr de sortida es pas void",
    "backup_output_directory_required": "Vos cal especificar un dorsièr de sortida per la salvagarda",
    "backup_running_app_script": "Lançament de l’escript de salvagarda de l’aplicacion « {app:s} »...",
-    "backup_running_hooks": "Execucion dels scripts de salvagarda...",
+    "backup_running_hooks": "Execucion dels scripts de salvagarda…",
    "backup_system_part_failed": "Impossible de salvagardar la part « {part:s} » del sistèma",
    "app_requirements_failed": "Impossible de complir las condicions requesidas per {app} : {error}",
    "app_requirements_unmeet": "Las condicions requesidas per {app} son pas complidas, lo paquet {pkgname} ({version}) deu èsser {spec}",
@ -112,7 +112,7 @@
    "upnp_port_open_failed": "Impossible de dobrir los pòrts amb UPnP",
    "yunohost_already_installed": "YunoHost es ja installat",
    "yunohost_configured": "YunoHost es estat configurat",
-    "yunohost_installing": "Installacion de YunoHost...",
+    "yunohost_installing": "Installacion de YunoHost…",
    "backup_applying_method_borg": "Mandadís de totes los fichièrs a la salvagarda dins lo repertòri borg-backup…",
    "backup_csv_creation_failed": "Creacion impossibla del fichièr CSV necessari a las operacions futuras de restauracion",
    "backup_extracting_archive": "Extraccion de l’archiu de salvagarda…",
@ -161,7 +161,7 @@
    "dyndns_cron_removed": "La tasca cron pel domeni DynDNS es levada",
    "dyndns_ip_update_failed": "Impossible d’actualizar l’adreça IP sul domeni DynDNS",
    "dyndns_ip_updated": "Vòstra adreça IP es estada actualizada pel domeni DynDNS",
-    "dyndns_key_generating": "La clau DNS es a se generar, pòt trigar una estona...",
+    "dyndns_key_generating": "La clau DNS es a se generar, pòt trigar una estona…",
    "dyndns_key_not_found": "Clau DNS introbabla pel domeni",
    "dyndns_no_domain_registered": "Cap de domeni pas enregistrat amb DynDNS",
    "dyndns_registered": "Lo domeni DynDNS es enregistrat",
@ -313,7 +313,7 @@
    "service_conf_would_be_updated": "La configuracion del servici « {service} » seriá estada actualizada",
    "service_description_avahi-daemon": "permet d’aténher vòstre servidor via yunohost.local sus vòstre ret local",
    "service_description_dnsmasq": "gerís la resolucion dels noms de domeni (DNS)",
-    "updating_apt_cache": "Actualizacion de la lista dels paquets disponibles...",
+    "updating_apt_cache": "Actualizacion de la lista dels paquets disponibles…",
    "service_conf_file_backed_up": "Lo fichièr de configuracion « {conf} » es salvagardat dins « {backup} »",
    "service_conf_file_copy_failed": "Còpia impossibla del nòu fichièr de configuracion « {new} » cap a « {conf} »",
    "server_reboot_confirm": "Lo servidor es per reaviar sul pic, o volètz vertadièrament ? {answers:s}",
@ -372,7 +372,7 @@
    "migrate_tsig_start": "L’algorisme de generacion de claus es pas pro securizat per la signatura TSIG del domeni « {domain} », lançament de la migracion cap a hmac-sha512 que’s mai securizat",
    "migration_description_0001_change_cert_group_to_sslcert": "Càmbia las permissions de grop dels certificats de « metronome » per « ssl-cert »",
    "migration_0003_restoring_origin_nginx_conf": "Vòstre fichièr /etc/nginx/nginx.conf es estat modificat manualament. La migracion reïnicializarà d’en primièr son estat origina… Lo fichièr precedent serà disponible coma {backup_dest}.",
-    "migration_0003_still_on_jessie_after_main_upgrade": "Quicòm a trucat pendent la mesa a nivèl màger : lo sistèma es encara jos Jessie ?!? Per trobar lo problèma, agachatz {log} …",
+    "migration_0003_still_on_jessie_after_main_upgrade": "Quicòm a trucat pendent la mesa a nivèl màger : lo sistèma es encara jos Jessie ?!? Per trobar lo problèma, agachatz {log}…",
    "migration_0003_general_warning": "Notatz qu’aquesta migracion es una operacion delicata. Encara que la còla YunoHost aguèsse fach çò melhor per la tornar legir e provar, la migracion poiriá copar de parts del sistèma o de las aplicacions.\n\nEn consequéncia, vos recomandam :\n· · · · -  de lançar una salvagarda de vòstras donadas o aplicacions criticas. Mai d’informacions a https://yunohost.org/backup ;\n· · · · - d’èsser pacient aprèp aver lançat la migracion : segon vòstra connexion Internet e material, pòt trigar qualques oras per que tot siá mes al nivèl.\n\nEn mai, lo pòrt per SMTP, utilizat pels clients de corrièls extèrns (coma Thunderbird o K9-Mail per exemple) foguèt cambiat de 465 (SSL/TLS) per 587 (STARTTLS). L’ancian pòrt 465 serà automaticament tampat e lo nòu pòrt 587 serà dobèrt dins lo parafuòc. Vosautres e vòstres utilizaires *auretz* d’adaptar la configuracion de vòstre client de corrièl segon aqueles cambiaments !",
    "migration_0003_problematic_apps_warning": "Notatz que las aplicacions seguentas, saique problematicas, son estadas desactivadas. Semblan d’aver estadas installadas d’una lista d’aplicacions o que son pas marcadas coma «working ».  En consequéncia, podèm pas assegurar que tendràn de foncionar aprèp la mesa a nivèl : {problematic_apps}",
    "migrations_bad_value_for_target": "Nombre invalid pel paramètre « target », los numèros de migracion son 0 o {}",
@ -457,14 +457,34 @@
    "service_description_php7.0-fpm": "executa d’aplicacions escrichas en PHP amb nginx",
    "users_available": "Lista dels utilizaires disponibles :",
    "good_practices_about_admin_password": "Sètz per definir un nòu senhal per l’administracion. Lo senhal deu almens conténer 8 caractèrs - encara que siá de bon far d’utilizar un senhal mai long qu’aquò (ex. una passafrasa) e/o d’utilizar mantun tipes de caractèrs (majuscula, minuscula, nombre e caractèrs especials).",
-    "good_practices_about_user_password": "Sètz per definir un nòu senhal d’utilizaire. Lo senhal deu almens conténer 8 caractèrs - encara que siá de bon far d’utilizar un senhal mai long qu’aquò (ex. una passafrasa) e/o d’utilizar mantun tipes de caractèrs (majuscula, minuscula, nombre e caractèrs especials).",
+    "good_practices_about_user_password": "Sètz a mand de definir un nòu senhal d’utilizaire. Lo nòu senhal deu conténer almens 8 caractèrs, es de bon far d’utilizar un senhal mai long (es a dire una frasa de senhal) e/o utilizar mantuns tipes de caractèrs (majusculas, minusculas, nombres e caractèrs especials).",
    "migration_description_0006_sync_admin_and_root_passwords": "Sincronizar los senhals admin e root",
    "migration_0006_disclaimer": "Ara YunoHost s’espèra que los senhals admin e root sián sincronizats. En lançant aquesta migracion, vòstre senhal root serà remplaçat pel senhal admin.",
    "migration_0006_done": "Lo senhal root es estat remplaçat pel senhal admin.",
-    "password_listed": "Aqueste senhal fa part dels senhals mai utilizats del monde. Volgatz ben ne causir un mai unic.",
+    "password_listed": "Aqueste senhal es un dels mai utilizats al monde. Se vos plai utilizatz-ne un mai unic.",
    "password_too_simple_1": "Lo senhal deu conténer almens 8 caractèrs",
-    "password_too_simple_2": "Lo senhal deu conténer almens 8 caractèrs amb de nombres, de majusculas e de minusculas",
+    "password_too_simple_2": "Lo senhal deu conténer almens 8 caractèrs e numbres, majusculas e minusculas",
-    "password_too_simple_3": "Lo senhal deu conténer almens 8 caractèrs amb de nombres, de majusculas, de minusculas e de caractèrs especials",
+    "password_too_simple_3": "Lo senhal deu conténer almens 8 caractèrs e nombres, majusculas e minusculas e caractèrs especials",
-    "password_too_simple_4": "Lo senhal deu conténer almens 12 caractèrs amb de nombres, de majusculas, de minusculas e de caractèrs especials",
+    "password_too_simple_4": "Lo senhal deu conténer almens 12 caractèrs, de nombre, majusculas, minisculas e caractèrs specials",
-    "root_password_desynchronized": "Lo senhal de l’administrator es estat cambiat, mas YunoHost a pas pogut l’espandir al senhal root !"
+    "root_password_desynchronized": "Lo senhal de l’administrator es estat cambiat, mas YunoHost a pas pogut l’espandir al senhal root !",
    "aborting": "Interrupcion.",
    "app_not_upgraded": "Las aplicacions seguentas son pas estadas actualizadas : {apps}",
    "app_start_install": "Installacion de l’aplicacion {app}…",
    "app_start_remove": "Supression de l’aplicacion {app}…",
    "app_start_backup": "Recuperacion dels fichièrs de salvagardar per {app}…",
    "app_start_restore": "Restauracion de l’aplicacion {app}…",
    "app_upgrade_several_apps": "Las aplicacions seguentas seràn mesas a jorn : {apps}",
    "ask_new_domain": "Nòu domeni",
    "ask_new_path": "Nòu camin",
    "backup_actually_backuping": "Creacion d’un archiu de seguretat a partir dels fichièrs recuperats…",
    "backup_mount_archive_for_restore": "Preparacion de l’archiu per restauracion…",
    "dyndns_could_not_check_available": "Verificacion impossibla de la disponibilitat de {domain:s} sus {provider:s}.",
    "file_does_not_exist": "Lo camin {path:s} existís pas.",
    "global_settings_setting_security_password_admin_strength": "Fòrça del senhal administrator",
    "global_settings_setting_security_password_user_strength": "Fòrça del senhal utilizaire",
    "migration_description_0007_ssh_conf_managed_by_yunohost_step1": "La configuracion SSH serà gerada per YunoHost (etapa 1, automatica)",
    "migration_description_0008_ssh_conf_managed_by_yunohost_step2": "Daissar YunoHost gerir la configuracion SSH (etapa 2, manuala)",
    "migration_0007_cancelled": "YunoHost a pas reüssit a melhorar lo biais de gerir la configuracion SSH.",
    "root_password_replaced_by_admin_password": "Lo senhal root es estat remplaçat pel senhal administrator.",
    "service_restarted": "Lo servici '{service:s}' es estat reaviat"
 }
--- a/src/yunohost/app.py
+++ b/src/yunohost/app.py
@ -42,7 +42,7 @@ from yunohost.utils.error import YunohostError
 from moulinette.utils.log import getActionLogger
 from moulinette.utils.filesystem import read_json
-from yunohost.service import service_log, _run_service_command
+from yunohost.service import service_log, service_status, _run_service_command
 from yunohost.utils import packages
 from yunohost.log import is_unit_operation, OperationLogger
@ -623,6 +623,7 @@ def app_upgrade(auth, app=[], url=None, file=None):
        # Check requirements
        _check_manifest_requirements(manifest, app_instance_name=app_instance_name)
        _check_services_status_for_app(manifest.get("services", []))
        app_setting_path = APPS_SETTING_PATH + '/' + app_instance_name
@ -696,10 +697,6 @@ def app_upgrade(auth, app=[], url=None, file=None):
    logger.success(m18n.n('upgrade_complete'))
    # Return API logs if it is an API call
    if is_api:
        return {"log": service_log('yunohost-api', number="100").values()[0]}
@is_unit_operation()
 def app_install(operation_logger, auth, app, label=None, args=None, no_remove_on_failure=False, force=False):
@ -778,6 +775,7 @@ def app_install(operation_logger, auth, app, label=None, args=None, no_remove_on
    # Check requirements
    _check_manifest_requirements(manifest, app_id)
    _check_services_status_for_app(manifest.get("services", []))
    # Check if app can be forked
    instance_number = _installed_instance_number(app_id, last=True) + 1
@ -1627,7 +1625,7 @@ def app_config_show_panel(app):
                            args=["show"],
                            env=env,
                            stdout_callback=parse_stdout,
-                            )
+                            )[0]
    if return_code != 0:
        raise Exception("script/config show return value code: %s (considered as an error)", return_code)
@ -1713,7 +1711,7 @@ def app_config_apply(app, args):
    return_code = hook_exec(config_script,
                            args=["apply"],
                            env=env,
-                            )
+                            )[0]
    if return_code != 0:
        raise Exception("'script/config apply' return value code: %s (considered as an error)", return_code)
@ -1771,12 +1769,18 @@ def _get_app_status(app_id, format_date=False):
        raise YunohostError('app_unknown')
    status = {}
    regen_status = True
    try:
        with open(app_setting_path + '/status.json') as f:
            status = json.loads(str(f.read()))
        regen_status = False
    except IOError:
        logger.debug("status file not found for '%s'", app_id,
                     exc_info=1)
    except Exception as e:
        logger.warning("could not open or decode %s : %s ... regenerating.", app_setting_path + '/status.json', str(e))
    if regen_status:
        # Create app status
        status = {
            'installed_at': app_setting(app_id, 'install_time'),
@ -2204,7 +2208,7 @@ def _parse_action_args_in_yunohost_format(args, action_args, auth=None):
        # do not print for webadmin
        if arg_type == 'display_text' and msettings.get('interface') != 'api':
-            print(arg["text"])
+            print(_value_for_locale(arg['ask']))
            continue
        # Attempt to retrieve argument value
@ -2257,13 +2261,17 @@ def _parse_action_args_in_yunohost_format(args, action_args, auth=None):
            elif arg_default is not None:
                arg_value = arg_default
-        # Validate argument value
+        # If the value is empty (none or '')
-        if (arg_value is None or arg_value == '') \
+        # then check if arg is optional or not
-                and not arg.get('optional', False):
+        if arg_value is None or arg_value == '':
-            raise YunohostError('app_argument_required', name=arg_name)
+            if arg.get("optional", False):
-        elif arg_value is None:
+                # Argument is optional, keep an empty value
-            args_dict[arg_name] = ''
+                # and that's all for this arg !
-            continue
+                args_dict[arg_name] = ''
                continue
            else:
                # The argument is required !
                raise YunohostError('app_argument_required', name=arg_name)
        # Validate argument choice
        if arg_choices and arg_value not in arg_choices:
@ -2582,6 +2590,31 @@ def unstable_apps():
    return output
 def _check_services_status_for_app(services):
    logger.debug("Checking that required services are up and running...")
    # Some apps use php-fpm or php5-fpm which is now php7.0-fpm
    def replace_alias(service):
        if service in ["php-fpm", "php5-fpm"]:
            return "php7.0-fpm"
        else:
            return service
    services = [replace_alias(s) for s in services]
    # We only check those, mostly to ignore "custom" services
    # (added by apps) and because those are the most popular
    # services
    service_filter = ["nginx", "php7.0-fpm", "mysql", "postfix"]
    services = [str(s) for s in services if s in service_filter]
    # List services currently down and raise an exception if any are found
    faulty_services = [s for s in services if service_status(s)["active"] != "active"]
    if faulty_services:
        raise YunohostError('app_action_cannot_be_ran_because_required_services_down',
                            services=', '.join(faulty_services))
 def _patch_php5(app_folder):
    files_to_patch = []
--- a/src/yunohost/backup.py
+++ b/src/yunohost/backup.py
@ -50,7 +50,7 @@ from yunohost.hook import (
 )
 from yunohost.monitor import binary_to_human
 from yunohost.tools import tools_postinstall
-from yunohost.service import service_regen_conf
+from yunohost.regenconf import regen_conf
 from yunohost.log import OperationLogger
 from functools import reduce
@ -1212,7 +1212,7 @@ class RestoreManager():
        else:
            operation_logger.success()
-        service_regen_conf()
+        regen_conf()
    def _restore_apps(self):
        """Restore all apps targeted"""
@ -2272,6 +2272,18 @@ def backup_info(name, with_details=False, human_readable=False):
        if "hooks" in info.keys():
            system_key = "hooks"
        if "size_details" in info.keys():
            for category in ["apps", "system"]:
                for name, key_info in info[category].items():
                    if name in info["size_details"][category].keys():
                        key_info["size"] = info["size_details"][category][name]
                        if human_readable:
                            key_info["size"] = binary_to_human(key_info["size"]) + 'B'
                    else:
                        key_info["size"] = -1
                        if human_readable:
                            key_info["size"] = "?"
        result["apps"] = info["apps"]
        result["system"] = info[system_key]
    return result
--- a/src/yunohost/certificate.py
+++ b/src/yunohost/certificate.py
@ -43,7 +43,8 @@ from yunohost.utils.network import get_public_ip
 from moulinette import m18n
 from yunohost.app import app_ssowatconf
-from yunohost.service import _run_service_command, service_regen_conf
+from yunohost.service import _run_service_command
 from yunohost.regenconf import regen_conf
 from yunohost.log import OperationLogger
 logger = getActionLogger('yunohost.certmanager')
@ -806,7 +807,7 @@ def _enable_certificate(domain, new_cert_folder):
    if os.path.isfile('/etc/yunohost/installed'):
        # regen nginx conf to be sure it integrates OCSP Stapling
        # (We don't do this yet if postinstall is not finished yet)
-        service_regen_conf(names=['nginx'])
+        regen_conf(names=['nginx'])
    _run_service_command("reload", "nginx")
@ -924,7 +925,7 @@ def _regen_dnsmasq_if_needed():
            break
    if do_regen:
-        service_regen_conf(["dnsmasq"])
+        regen_conf(["dnsmasq"])
 def _name_self_CA():
--- a/src/yunohost/data_migrations/0003_migrate_to_stretch.py
+++ b/src/yunohost/data_migrations/0003_migrate_to_stretch.py
@ -10,9 +10,9 @@ from moulinette.utils.filesystem import read_file
 from yunohost.tools import Migration
 from yunohost.app import unstable_apps
-from yunohost.service import (_run_service_command,
+from yunohost.service import _run_service_command
-                              manually_modified_files,
+from yunohost.regenconf import (manually_modified_files,
-                              manually_modified_files_compared_to_debian_default)
+                                manually_modified_files_compared_to_debian_default)
 from yunohost.utils.filesystem import free_space_in_directory
 from yunohost.utils.packages import get_installed_version
 from yunohost.utils.network import get_network_interfaces
--- a/src/yunohost/data_migrations/0007_ssh_conf_managed_by_yunohost_step1.py
+++ b/src/yunohost/data_migrations/0007_ssh_conf_managed_by_yunohost_step1.py
@ -3,15 +3,12 @@ import re
 from shutil import copyfile
 from moulinette import m18n
 from moulinette.utils.log import getActionLogger
 from moulinette.utils.filesystem import mkdir, rm
 from yunohost.tools import Migration
-from yunohost.service import service_regen_conf, \
+from yunohost.service import _run_service_command
-                             _get_conf_hashes, \
+from yunohost.regenconf import regen_conf
                             _calculate_hash, \
                             _run_service_command
 from yunohost.settings import settings_set
 from yunohost.utils.error import YunohostError
@ -60,7 +57,7 @@ class MyMigration(Migration):
        if os.path.exists('/etc/yunohost/from_script'):
            rm('/etc/yunohost/from_script')
            copyfile(SSHD_CONF, '/etc/ssh/sshd_config.bkp')
-            service_regen_conf(names=['ssh'], force=True)
+            regen_conf(names=['ssh'], force=True)
            copyfile('/etc/ssh/sshd_config.bkp', SSHD_CONF)
        # Restart ssh and backward if it fail
--- a/src/yunohost/data_migrations/0008_ssh_conf_managed_by_yunohost_step2.py
+++ b/src/yunohost/data_migrations/0008_ssh_conf_managed_by_yunohost_step2.py
@ -6,9 +6,8 @@ from moulinette.utils.log import getActionLogger
 from moulinette.utils.filesystem import chown
 from yunohost.tools import Migration
-from yunohost.service import service_regen_conf, \
+from yunohost.regenconf import _get_conf_hashes, _calculate_hash
-                             _get_conf_hashes, \
+from yunohost.regenconf import regen_conf
                             _calculate_hash
 from yunohost.settings import settings_set, settings_get
 from yunohost.utils.error import YunohostError
 from yunohost.backup import ARCHIVES_PATH
@ -36,7 +35,7 @@ class MyMigration(Migration):
    def migrate(self):
        settings_set("service.ssh.allow_deprecated_dsa_hostkey", False)
-        service_regen_conf(names=['ssh'], force=True)
+        regen_conf(names=['ssh'], force=True)
        # Update local archives folder permissions, so that
        # admin can scp archives out of the server
--- a/src/yunohost/data_migrations/0009_decouple_regenconf_from_services.py
+++ b/src/yunohost/data_migrations/0009_decouple_regenconf_from_services.py
@ -0,0 +1,42 @@
 import os
 from moulinette import m18n
 from moulinette.utils.log import getActionLogger
 from moulinette.utils.filesystem import read_file
 from yunohost.service import _get_services, _save_services
 from yunohost.regenconf import _update_conf_hashes, REGEN_CONF_FILE
 from yunohost.tools import Migration
 logger = getActionLogger('yunohost.migration')
 class MyMigration(Migration):
    """
    Decouple the regen conf mechanism from the concept of services
    """
    def migrate(self):
        if "conffiles" not in read_file("/etc/yunohost/services.yml") \
           or os.path.exists(REGEN_CONF_FILE):
            logger.warning(m18n.n("migration_0009_not_needed"))
            return
        # For all services
        services = _get_services()
        for service, infos in services.items():
            # If there are some conffiles (file hashes)
            if "conffiles" in infos.keys():
                # Save them using the new regen conf thingy
                _update_conf_hashes(service, infos["conffiles"])
                # And delete the old conffile key from the service infos
                del services[service]["conffiles"]
        # (Actually save the modification of services)
        _save_services(services)
    def backward(self):
        pass
--- a/src/yunohost/data_migrations/0010_migrate_to_apps_json.py
+++ b/src/yunohost/data_migrations/0010_migrate_to_apps_json.py
@ -0,0 +1,42 @@
 import os
 from moulinette.utils.log import getActionLogger
 from yunohost.app import app_fetchlist, app_removelist, _read_appslist_list, APPSLISTS_JSON
 from yunohost.tools import Migration
 logger = getActionLogger('yunohost.migration')
 BASE_CONF_PATH = '/home/yunohost.conf'
 BACKUP_CONF_DIR = os.path.join(BASE_CONF_PATH, 'backup')
 APPSLISTS_BACKUP = os.path.join(BACKUP_CONF_DIR, "appslist_before_migration_to_unified_list.json")
 class MyMigration(Migration):
    "Migrate from official.json to apps.json"
    def migrate(self):
        # Backup current app list json
        os.system("cp %s %s" % (APPSLISTS_JSON, APPSLISTS_BACKUP))
        # Remove all the deprecated lists
        lists_to_remove = [
            "https://app.yunohost.org/official.json",
            "https://app.yunohost.org/community.json",
            "https://labriqueinter.net/apps/labriqueinternet.json"
        ]
        appslists = _read_appslist_list()
        for appslist, infos in appslists.items():
            if infos["url"] in lists_to_remove:
                app_removelist(name=appslist)
        # Replace by apps.json list
        app_fetchlist(name="yunohost",
                      url="https://app.yunohost.org/apps.json")
    def backward(self):
        if os.path.exists(APPSLISTS_BACKUP):
            os.system("cp %s %s" % (APPSLISTS_BACKUP, APPSLISTS_JSON))
--- a/src/yunohost/domain.py
+++ b/src/yunohost/domain.py
@ -34,9 +34,10 @@ from moulinette.utils.log import getActionLogger
 import yunohost.certificate
-from yunohost.service import service_regen_conf
+from yunohost.regenconf import regen_conf
 from yunohost.utils.network import get_public_ip
 from yunohost.log import is_unit_operation
 from yunohost.hook import hook_callback
 logger = getActionLogger('yunohost.domain')
@ -111,7 +112,7 @@ def domain_add(operation_logger, auth, domain, dyndns=False):
        # Don't regen these conf if we're still in postinstall
        if os.path.exists('/etc/yunohost/installed'):
-            service_regen_conf(names=['nginx', 'metronome', 'dnsmasq', 'postfix', 'rspamd'])
+            regen_conf(names=['nginx', 'metronome', 'dnsmasq', 'postfix', 'rspamd'])
            app_ssowatconf(auth)
    except Exception:
@ -164,7 +165,7 @@ def domain_remove(operation_logger, auth, domain, force=False):
    else:
        raise YunohostError('domain_deletion_failed')
-    service_regen_conf(names=['nginx', 'metronome', 'dnsmasq', 'postfix'])
+    regen_conf(names=['nginx', 'metronome', 'dnsmasq', 'postfix'])
    app_ssowatconf(auth)
    hook_callback('post_domain_remove', args=[domain])
@ -201,12 +202,19 @@ def domain_dns_conf(domain, ttl=None):
    result += "; Mail"
    for record in dns_conf["mail"]:
        result += "\n{name} {ttl} IN {type} {value}".format(**record)
    result += "\n\n"
    result += "; Extra"
    for record in dns_conf["extra"]:
        result += "\n{name} {ttl} IN {type} {value}".format(**record)
    for name, record_list in dns_conf.items():
        if name not in ("basic", "xmpp", "mail", "extra") and record_list:
            result += "\n\n"
            result += "; " + name
            for record in record_list:
                result += "\n{name} {ttl} IN {type} {value}".format(**record)
    is_cli = True if msettings.get('interface') == 'cli' else False
    if is_cli:
        logger.info(m18n.n("domain_dns_conf_is_just_a_recommendation"))
@ -338,6 +346,9 @@ def _build_dns_conf(domain, ttl=3600):
        "extra": [
            {"type": "CAA", "name": "@", "value": "128 issue \"letsencrypt.org\"", "ttl": 3600},
        ],
        "example_of_a_custom_rule": [
            {"type": "SRV", "name": "_matrix", "value": "domain.tld.", "ttl": 3600}
        ],
    }
    """
@ -396,13 +407,49 @@ def _build_dns_conf(domain, ttl=3600):
        ["@", ttl, "CAA", '128 issue "letsencrypt.org"']
    ]
-    return {
+    # Official record
    records = {
        "basic": [{"name": name, "ttl": ttl, "type": type_, "value": value} for name, ttl, type_, value in basic],
        "xmpp": [{"name": name, "ttl": ttl, "type": type_, "value": value} for name, ttl, type_, value in xmpp],
        "mail": [{"name": name, "ttl": ttl, "type": type_, "value": value} for name, ttl, type_, value in mail],
        "extra": [{"name": name, "ttl": ttl, "type": type_, "value": value} for name, ttl, type_, value in extra],
    }
    # Custom records
    hook_results = hook_callback('custom_dns_rules', args=[domain])
    for hook_name, results in hook_results.items():
        #
        # There can be multiple results per hook name, so results look like
        # {'/some/path/to/hook1':
        #       { 'state': 'succeed',
        #         'stdreturn': [{'type': 'SRV',
        #                        'name': 'stuff.foo.bar.',
        #                        'value': 'yoloswag',
        #                        'ttl': 3600}]
        #       },
        #  '/some/path/to/hook2':
        #       { ... },
        #  [...]
        #
        # Loop over the sub-results
        custom_records = [v['stdreturn'] for v in results.values()
                          if v and v['stdreturn']]
        records[hook_name] = []
        for record_list in custom_records:
            # Check that record_list is indeed a list of dict
            # with the required keys
            if not isinstance(record_list, list) \
               or any(not isinstance(record, dict) for record in record_list) \
               or any(key not in record for record in record_list for key in ["name", "ttl", "type", "value"]):
                # Display an error, mainly for app packagers trying to implement a hook
                logger.warning("Ignored custom record from hook '%s' because the data is not a *list* of dict with keys name, ttl, type and value. Raw data : %s" % (hook_name, record_list))
                continue
            records[hook_name].extend(record_list)
    return records
 def _get_DKIM(domain):
    DKIM_file = '/etc/dkim/{domain}.mail.txt'.format(domain=domain)
--- a/src/yunohost/hook.py
+++ b/src/yunohost/hook.py
@ -370,7 +370,7 @@ def hook_exec(path, args=None, raise_on_error=False, no_trace=False,
    # Define output callbacks and call command
    callbacks = (
-        stdout_callback if stdout_callback else lambda l: logger.debug(l.rstrip()),
+        stdout_callback if stdout_callback else lambda l: logger.debug(l.rstrip()+"\r"),
        stderr_callback if stderr_callback else lambda l: logger.warning(l.rstrip()),
    )
--- a/src/yunohost/log.py
+++ b/src/yunohost/log.py
@ -47,12 +47,13 @@ RELATED_CATEGORIES = ['app', 'domain', 'service', 'user']
 logger = getActionLogger('yunohost.log')
-def log_list(category=[], limit=None):
+def log_list(category=[], limit=None, with_details=False):
    """
    List available logs
    Keyword argument:
        limit -- Maximum number of logs
        with_details -- Include details (e.g. if the operation was a success). Likely to increase the command time as it needs to open and parse the metadata file for each log... So try to use this in combination with --limit.
    """
    categories = category
@ -69,12 +70,11 @@ def log_list(category=[], limit=None):
        category_path = os.path.join(CATEGORIES_PATH, category)
        if not os.path.exists(category_path):
            logger.debug(m18n.n('log_category_404', category=category))
            continue
        logs = filter(lambda x: x.endswith(METADATA_FILE_EXT),
                      os.listdir(category_path))
-        logs = reversed(sorted(logs))
+        logs = list(reversed(sorted(logs)))
        if limit is not None:
            logs = logs[:limit]
@ -100,6 +100,15 @@ def log_list(category=[], limit=None):
            else:
                entry["started_at"] = log_datetime
            if with_details:
                with open(md_path, "r") as md_file:
                    try:
                        metadata = yaml.safe_load(md_file)
                    except yaml.YAMLError:
                        logger.warning(m18n.n('log_corrupted_md_file', file=md_path))
                    entry["success"] = metadata.get("success", "?")
            result[category].append(entry)
    # Reverse the order of log when in cli, more comfortable to read (avoid
@ -318,14 +327,27 @@ class OperationLogger(object):
            self.flush()
            self._register_log()
    @property
    def md_path(self):
        """
        Metadata path file
        """
        return os.path.join(self.path, self.name + METADATA_FILE_EXT)
    @property
    def log_path(self):
        """
        Log path file
        """
        return os.path.join(self.path, self.name + LOG_FILE_EXT)
    def _register_log(self):
        """
        Register log with a handler connected on log system
        """
        # TODO add a way to not save password on app installation
-        filename = os.path.join(self.path, self.name + LOG_FILE_EXT)
+        self.file_handler = FileHandler(self.log_path)
        self.file_handler = FileHandler(filename)
        self.file_handler.formatter = Formatter('%(asctime)s: %(levelname)s - %(message)s')
        # Listen to the root logger
@ -337,8 +359,7 @@ class OperationLogger(object):
        Write or rewrite the metadata file with all metadata known
        """
-        filename = os.path.join(self.path, self.name + METADATA_FILE_EXT)
+        with open(self.md_path, 'w') as outfile:
        with open(filename, 'w') as outfile:
            yaml.safe_dump(self.metadata, outfile, default_flow_style=False)
    @property
--- a/src/yunohost/regenconf.py
+++ b/src/yunohost/regenconf.py
@ -0,0 +1,555 @@
 # -*- coding: utf-8 -*-
 """ License
    Copyright (C) 2019 YunoHost
    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU Affero General Public License as published
    by the Free Software Foundation, either version 3 of the License, or
    (at your option) any later version.
    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU Affero General Public License for more details.
    You should have received a copy of the GNU Affero General Public License
    along with this program; if not, see http://www.gnu.org/licenses
 """
 import os
 import yaml
 import json
 import subprocess
 import shutil
 import hashlib
 from difflib import unified_diff
 from datetime import datetime
 from moulinette import m18n
 from moulinette.utils import log, filesystem
 from moulinette.utils.filesystem import read_file
 from yunohost.utils.error import YunohostError
 from yunohost.log import is_unit_operation
 from yunohost.hook import hook_callback, hook_list
 BASE_CONF_PATH = '/home/yunohost.conf'
 BACKUP_CONF_DIR = os.path.join(BASE_CONF_PATH, 'backup')
 PENDING_CONF_DIR = os.path.join(BASE_CONF_PATH, 'pending')
 REGEN_CONF_FILE = '/etc/yunohost/regenconf.yml'
 logger = log.getActionLogger('yunohost.regenconf')
 # FIXME : those ain't just services anymore ... what are we supposed to do with this ...
 # FIXME : check for all reference of 'service' close to operation_logger stuff
@is_unit_operation([('names', 'configuration')])
 def regen_conf(operation_logger, names=[], with_diff=False, force=False, dry_run=False,
                       list_pending=False):
    """
    Regenerate the configuration file(s)
    Keyword argument:
        names -- Categories to regenerate configuration of
        with_diff -- Show differences in case of configuration changes
        force -- Override all manual modifications in configuration files
        dry_run -- Show what would have been regenerated
        list_pending -- List pending configuration files and exit
    """
    # Legacy code to automatically run the migration
    # This is required because regen_conf is called before the migration call
    # in debian's postinst script
    if os.path.exists("/etc/yunohost/installed") \
       and ("conffiles" in read_file("/etc/yunohost/services.yml") \
            or not os.path.exists(REGEN_CONF_FILE)):
        from yunohost.tools import _get_migration_by_name
        migration = _get_migration_by_name("decouple_regenconf_from_services")
        migration.migrate()
    result = {}
    # Return the list of pending conf
    if list_pending:
        pending_conf = _get_pending_conf(names)
        if not with_diff:
            return pending_conf
        for category, conf_files in pending_conf.items():
            for system_path, pending_path in conf_files.items():
                pending_conf[category][system_path] = {
                    'pending_conf': pending_path,
                    'diff': _get_files_diff(
                        system_path, pending_path, True),
                }
        return pending_conf
    if not dry_run:
        operation_logger.related_to = [('configuration', x) for x in names]
        if not names:
            operation_logger.name_parameter_override = 'all'
        elif len(names) != 1:
            operation_logger.name_parameter_override = str(len(operation_logger.related_to)) + '_categories'
        operation_logger.start()
    # Clean pending conf directory
    if os.path.isdir(PENDING_CONF_DIR):
        if not names:
            shutil.rmtree(PENDING_CONF_DIR, ignore_errors=True)
        else:
            for name in names:
                shutil.rmtree(os.path.join(PENDING_CONF_DIR, name),
                              ignore_errors=True)
    else:
        filesystem.mkdir(PENDING_CONF_DIR, 0o755, True)
    # Format common hooks arguments
    common_args = [1 if force else 0, 1 if dry_run else 0]
    # Execute hooks for pre-regen
    pre_args = ['pre', ] + common_args
    def _pre_call(name, priority, path, args):
        # create the pending conf directory for the category
        category_pending_path = os.path.join(PENDING_CONF_DIR, name)
        filesystem.mkdir(category_pending_path, 0o755, True, uid='root')
        # return the arguments to pass to the script
        return pre_args + [category_pending_path, ]
    # Don't regen SSH if not specifically specified
    if not names:
        names = hook_list('conf_regen', list_by='name',
                          show_info=False)['hooks']
        names.remove('ssh')
    pre_result = hook_callback('conf_regen', names, pre_callback=_pre_call)
    # Keep only the hook names with at least one success
    names = [hook for hook, infos in pre_result.items()
             if any(result["state"] == "succeed" for result in infos.values())]
    # FIXME : what do in case of partial success/failure ...
    if not names:
        ret_failed = [hook for hook, infos in pre_result.items()
                      if any(result["state"] == "failed" for result in infos.values())]
        raise YunohostError('regenconf_failed',
                            categories=', '.join(ret_failed))
    # Set the processing method
    _regen = _process_regen_conf if not dry_run else lambda *a, **k: True
    operation_logger.related_to = []
    # Iterate over categories and process pending conf
    for category, conf_files in _get_pending_conf(names).items():
        if not dry_run:
            operation_logger.related_to.append(('configuration', category))
        logger.debug(m18n.n(
            'regenconf_pending_applying' if not dry_run else
            'regenconf_dry_pending_applying',
            category=category))
        conf_hashes = _get_conf_hashes(category)
        succeed_regen = {}
        failed_regen = {}
        for system_path, pending_path in conf_files.items():
            logger.debug("processing pending conf '%s' to system conf '%s'",
                         pending_path, system_path)
            conf_status = None
            regenerated = False
            # Get the diff between files
            conf_diff = _get_files_diff(
                system_path, pending_path, True) if with_diff else None
            # Check if the conf must be removed
            to_remove = True if os.path.getsize(pending_path) == 0 else False
            # Retrieve and calculate hashes
            system_hash = _calculate_hash(system_path)
            saved_hash = conf_hashes.get(system_path, None)
            new_hash = None if to_remove else _calculate_hash(pending_path)
            # -> system conf does not exists
            if not system_hash:
                if to_remove:
                    logger.debug("> system conf is already removed")
                    os.remove(pending_path)
                    continue
                if not saved_hash or force:
                    if force:
                        logger.debug("> system conf has been manually removed")
                        conf_status = 'force-created'
                    else:
                        logger.debug("> system conf does not exist yet")
                        conf_status = 'created'
                    regenerated = _regen(
                        system_path, pending_path, save=False)
                else:
                    logger.info(m18n.n(
                        'regenconf_file_manually_removed',
                        conf=system_path))
                    conf_status = 'removed'
            # -> system conf is not managed yet
            elif not saved_hash:
                logger.debug("> system conf is not managed yet")
                if system_hash == new_hash:
                    logger.debug("> no changes to system conf has been made")
                    conf_status = 'managed'
                    regenerated = True
                elif not to_remove:
                    # If the conf exist but is not managed yet, and is not to be removed,
                    # we assume that it is safe to regen it, since the file is backuped
                    # anyway (by default in _regen), as long as we warn the user
                    # appropriately.
                    logger.info(m18n.n('regenconf_now_managed_by_yunohost',
                                       conf=system_path, category=category))
                    regenerated = _regen(system_path, pending_path)
                    conf_status = 'new'
                elif force:
                    regenerated = _regen(system_path)
                    conf_status = 'force-removed'
                else:
                    logger.info(m18n.n('regenconf_file_kept_back',
                                       conf=system_path, category=category))
                    conf_status = 'unmanaged'
            # -> system conf has not been manually modified
            elif system_hash == saved_hash:
                if to_remove:
                    regenerated = _regen(system_path)
                    conf_status = 'removed'
                elif system_hash != new_hash:
                    regenerated = _regen(system_path, pending_path)
                    conf_status = 'updated'
                else:
                    logger.debug("> system conf is already up-to-date")
                    os.remove(pending_path)
                    continue
            else:
                logger.debug("> system conf has been manually modified")
                if system_hash == new_hash:
                    logger.debug("> new conf is as current system conf")
                    conf_status = 'managed'
                    regenerated = True
                elif force:
                    regenerated = _regen(system_path, pending_path)
                    conf_status = 'force-updated'
                else:
                    logger.warning(m18n.n(
                        'regenconf_file_manually_modified',
                        conf=system_path))
                    conf_status = 'modified'
            # Store the result
            conf_result = {'status': conf_status}
            if conf_diff is not None:
                conf_result['diff'] = conf_diff
            if regenerated:
                succeed_regen[system_path] = conf_result
                conf_hashes[system_path] = new_hash
                if os.path.isfile(pending_path):
                    os.remove(pending_path)
            else:
                failed_regen[system_path] = conf_result
        # Check for category conf changes
        if not succeed_regen and not failed_regen:
            logger.debug(m18n.n('regenconf_up_to_date', category=category))
            continue
        elif not failed_regen:
            logger.success(m18n.n(
                'regenconf_updated' if not dry_run else
                'regenconf_would_be_updated',
                category=category))
        if succeed_regen and not dry_run:
            _update_conf_hashes(category, conf_hashes)
        # Append the category results
        result[category] = {
            'applied': succeed_regen,
            'pending': failed_regen
        }
    # Return in case of dry run
    if dry_run:
        return result
    # Execute hooks for post-regen
    post_args = ['post', ] + common_args
    def _pre_call(name, priority, path, args):
        # append coma-separated applied changes for the category
        if name in result and result[name]['applied']:
            regen_conf_files = ','.join(result[name]['applied'].keys())
        else:
            regen_conf_files = ''
        return post_args + [regen_conf_files, ]
    hook_callback('conf_regen', names, pre_callback=_pre_call)
    operation_logger.success()
    return result
 def _get_regenconf_infos():
    """
    Get a dict of regen conf informations
    """
    try:
        with open(REGEN_CONF_FILE, 'r') as f:
            return yaml.load(f)
    except:
        return {}
 def _save_regenconf_infos(infos):
    """
    Save the regen conf informations
    Keyword argument:
        categories -- A dict containing the regenconf infos
    """
    try:
        with open(REGEN_CONF_FILE, 'w') as f:
            yaml.safe_dump(infos, f, default_flow_style=False)
    except Exception as e:
        logger.warning('Error while saving regenconf infos, exception: %s', e, exc_info=1)
        raise
 def _get_files_diff(orig_file, new_file, as_string=False, skip_header=True):
    """Compare two files and return the differences
    Read and compare two files. The differences are returned either as a delta
    in unified diff format or a formatted string if as_string is True. The
    header can also be removed if skip_header is True.
    """
    if os.path.exists(orig_file):
        with open(orig_file, 'r') as orig_file:
            orig_file = orig_file.readlines()
    else:
        orig_file = []
    if os.path.exists(new_file):
        with open(new_file, 'r') as new_file:
            new_file = new_file.readlines()
    else:
        new_file = []
    # Compare files and format output
    diff = unified_diff(orig_file, new_file)
    if skip_header:
        try:
            next(diff)
            next(diff)
        except:
            pass
    if as_string:
        return ''.join(diff).rstrip()
    return diff
 def _calculate_hash(path):
    """Calculate the MD5 hash of a file"""
    if not os.path.exists(path):
        return None
    hasher = hashlib.md5()
    try:
        with open(path, 'rb') as f:
            hasher.update(f.read())
        return hasher.hexdigest()
    except IOError as e:
        logger.warning("Error while calculating file '%s' hash: %s", path, e, exc_info=1)
        return None
 def _get_pending_conf(categories=[]):
    """Get pending configuration for categories
    Iterate over the pending configuration directory for given categories - or
    all if empty - and look for files inside. Each file is considered as a
    pending configuration file and therefore must be in the same directory
    tree than the system file that it replaces.
    The result is returned as a dict of categories with pending configuration as
    key and a dict of `system_conf_path` => `pending_conf_path` as value.
    """
    result = {}
    if not os.path.isdir(PENDING_CONF_DIR):
        return result
    if not categories:
        categories = os.listdir(PENDING_CONF_DIR)
    for name in categories:
        category_pending_path = os.path.join(PENDING_CONF_DIR, name)
        if not os.path.isdir(category_pending_path):
            continue
        path_index = len(category_pending_path)
        category_conf = {}
        for root, dirs, files in os.walk(category_pending_path):
            for filename in files:
                pending_path = os.path.join(root, filename)
                category_conf[pending_path[path_index:]] = pending_path
        if category_conf:
            result[name] = category_conf
        else:
            # remove empty directory
            shutil.rmtree(category_pending_path, ignore_errors=True)
    return result
 def _get_conf_hashes(category):
    """Get the registered conf hashes for a category"""
    categories = _get_regenconf_infos()
    if category not in categories:
        logger.debug("category %s is not in categories.yml yet.", category)
        return {}
    elif categories[category] is None or 'conffiles' not in categories[category]:
        logger.debug("No configuration files for category %s.", category)
        return {}
    else:
        return categories[category]['conffiles']
 def _update_conf_hashes(category, hashes):
    """Update the registered conf hashes for a category"""
    logger.debug("updating conf hashes for '%s' with: %s",
                 category, hashes)
    categories = _get_regenconf_infos()
    category_conf = categories.get(category, {})
    # Handle the case where categories[category] is set to null in the yaml
    if category_conf is None:
        category_conf = {}
    category_conf['conffiles'] = hashes
    categories[category] = category_conf
    _save_regenconf_infos(categories)
 def _process_regen_conf(system_conf, new_conf=None, save=True):
    """Regenerate a given system configuration file
    Replace a given system configuration file by a new one or delete it if
    new_conf is None. A backup of the file - keeping its directory tree - will
    be done in the backup conf directory before any operation if save is True.
    """
    if save:
        backup_path = os.path.join(BACKUP_CONF_DIR, '{0}-{1}'.format(
            system_conf.lstrip('/'), datetime.utcnow().strftime("%Y%m%d.%H%M%S")))
        backup_dir = os.path.dirname(backup_path)
        if not os.path.isdir(backup_dir):
            filesystem.mkdir(backup_dir, 0o755, True)
        shutil.copy2(system_conf, backup_path)
        logger.debug(m18n.n('regenconf_file_backed_up',
                            conf=system_conf, backup=backup_path))
    try:
        if not new_conf:
            os.remove(system_conf)
            logger.debug(m18n.n('regenconf_file_removed',
                                conf=system_conf))
        else:
            system_dir = os.path.dirname(system_conf)
            if not os.path.isdir(system_dir):
                filesystem.mkdir(system_dir, 0o755, True)
            shutil.copyfile(new_conf, system_conf)
            logger.debug(m18n.n('regenconf_file_updated',
                                conf=system_conf))
    except Exception as e:
        logger.warning("Exception while trying to regenerate conf '%s': %s", system_conf, e, exc_info=1)
        if not new_conf and os.path.exists(system_conf):
            logger.warning(m18n.n('regenconf_file_remove_failed',
                                  conf=system_conf),
                           exc_info=1)
            return False
        elif new_conf:
            try:
                # From documentation:
                # Raise an exception if an os.stat() call on either pathname fails.
                # (os.stats returns a series of information from a file like type, size...)
                copy_succeed = os.path.samefile(system_conf, new_conf)
            except:
                copy_succeed = False
            finally:
                if not copy_succeed:
                    logger.warning(m18n.n('regenconf_file_copy_failed',
                                          conf=system_conf, new=new_conf),
                                   exc_info=1)
                    return False
    return True
 def manually_modified_files():
    # We do this to have --quiet, i.e. don't throw a whole bunch of logs
    # just to fetch this...
    # Might be able to optimize this by looking at what the regen conf does
    # and only do the part that checks file hashes...
    cmd = "yunohost tools regen-conf --dry-run --output-as json --quiet"
    j = json.loads(subprocess.check_output(cmd.split()))
    # j is something like :
    # {"postfix": {"applied": {}, "pending": {"/etc/postfix/main.cf": {"status": "modified"}}}
    output = []
    for app, actions in j.items():
        for action, files in actions.items():
            for filename, infos in files.items():
                if infos["status"] == "modified":
                    output.append(filename)
    return output
 def manually_modified_files_compared_to_debian_default():
    # from https://serverfault.com/a/90401
    r = subprocess.check_output("dpkg-query -W -f='${Conffiles}\n' '*' \
                                | awk 'OFS=\"  \"{print $2,$1}' \
                                | md5sum -c 2>/dev/null \
                                | awk -F': ' '$2 !~ /OK/{print $1}'", shell=True)
    return r.strip().split("\n")
--- a/src/yunohost/service.py
+++ b/src/yunohost/service.py
@ -26,12 +26,9 @@
 import os
 import time
 import yaml
 import json
 import subprocess
 import shutil
 import hashlib
-from difflib import unified_diff
+from glob import glob
 from datetime import datetime
 from moulinette import m18n
@ -39,11 +36,7 @@ from yunohost.utils.error import YunohostError
 from moulinette.utils import log, filesystem
 from yunohost.log import is_unit_operation
 from yunohost.hook import hook_callback, hook_list
 BASE_CONF_PATH = '/home/yunohost.conf'
 BACKUP_CONF_DIR = os.path.join(BASE_CONF_PATH, 'backup')
 PENDING_CONF_DIR = os.path.join(BASE_CONF_PATH, 'pending')
 MOULINETTE_LOCK = "/var/run/moulinette_yunohost.lock"
 logger = log.getActionLogger('yunohost.service')
@ -325,11 +318,17 @@ def service_status(names=[]):
            result[name] = {
                'status': str(status.get("SubState", "unknown")),
-                'loaded': "enabled" if str(status.get("LoadState", "unknown")) == "loaded" else str(status.get("LoadState", "unknown")),
+                'loaded': str(status.get("UnitFileState", "unknown")),
                'active': str(status.get("ActiveState", "unknown")),
                'description': description,
                'service_file_path': str(status.get("FragmentPath", "unknown")),
            }
            # Fun stuff™ : to obtain the enabled/disabled status for sysv services,
            # gotta do this ... cf code of /lib/systemd/systemd-sysv-install
            if result[name]["loaded"] == "generated":
                result[name]["loaded"] = "enabled" if glob("/etc/rc[S5].d/S??"+name) else "disabled"
            if "ActiveEnterTimestamp" in status:
                result[name]['active_at'] = datetime.utcfromtimestamp(status["ActiveEnterTimestamp"] / 1000000)
            else:
@ -343,26 +342,25 @@ def service_status(names=[]):
 def _get_service_information_from_systemd(service):
    "this is the equivalent of 'systemctl status $service'"
    import dbus
    from dbus.exceptions import DBusException
    d = dbus.SystemBus()
    systemd = d.get_object('org.freedesktop.systemd1', '/org/freedesktop/systemd1')
    manager = dbus.Interface(systemd, 'org.freedesktop.systemd1.Manager')
-    try:
+    # c.f. https://zignar.net/2014/09/08/getting-started-with-dbus-python-systemd/
-        service_path = manager.GetUnit(service + ".service")
+    # Very interface, much intuitive, wow
-    except DBusException as exception:
+    service_unit = manager.LoadUnit(service + '.service')
-        if exception.get_dbus_name() == 'org.freedesktop.systemd1.NoSuchUnit':
+    service_proxy = d.get_object('org.freedesktop.systemd1', str(service_unit))
            return None
        raise
    service_proxy = d.get_object('org.freedesktop.systemd1', service_path)
    # unit_proxy = dbus.Interface(service_proxy, 'org.freedesktop.systemd1.Unit',)
    properties_interface = dbus.Interface(service_proxy, 'org.freedesktop.DBus.Properties')
-    return properties_interface.GetAll('org.freedesktop.systemd1.Unit')
+    properties = properties_interface.GetAll('org.freedesktop.systemd1.Unit')
    if properties.get("LoadState", "not-found") == "not-found":
        # Service doesn't really exist
        return None
    else:
        return properties
 def service_log(name, number=50):
@ -418,253 +416,25 @@ def service_log(name, number=50):
    return result
-@is_unit_operation([('names', 'service')])
+def service_regen_conf(names=[], with_diff=False, force=False, dry_run=False,
 def service_regen_conf(operation_logger, names=[], with_diff=False, force=False, dry_run=False,
                       list_pending=False):
    """
    Regenerate the configuration file(s) for a service
-    Keyword argument:
+    services = _get_services()
        names -- Services name to regenerate configuration of
        with_diff -- Show differences in case of configuration changes
        force -- Override all manual modifications in configuration files
        dry_run -- Show what would have been regenerated
        list_pending -- List pending configuration files and exit
-    """
+    if isinstance(names, str):
-    result = {}
+        names = [names]
-    # Return the list of pending conf
+    for name in names:
-    if list_pending:
+        if name not in services.keys():
-        pending_conf = _get_pending_conf(names)
+            raise YunohostError('service_unknown', service=name)
-        if not with_diff:
+    if names is []:
-            return pending_conf
+        names = services.keys()
-        for service, conf_files in pending_conf.items():
+    logger.warning(m18n.n("service_regen_conf_is_deprecated"))
            for system_path, pending_path in conf_files.items():
-                pending_conf[service][system_path] = {
+    from yunohost.regenconf import regen_conf
-                    'pending_conf': pending_path,
+    return regen_conf(names, with_diff, force, dry_run, list_pending)
                    'diff': _get_files_diff(
                        system_path, pending_path, True),
                }
        return pending_conf
    if not dry_run:
        operation_logger.related_to = [('service', x) for x in names]
        if not names:
            operation_logger.name_parameter_override = 'all'
        elif len(names) != 1:
            operation_logger.name_parameter_override = str(len(operation_logger.related_to)) + '_services'
        operation_logger.start()
    # Clean pending conf directory
    if os.path.isdir(PENDING_CONF_DIR):
        if not names:
            shutil.rmtree(PENDING_CONF_DIR, ignore_errors=True)
        else:
            for name in names:
                shutil.rmtree(os.path.join(PENDING_CONF_DIR, name),
                              ignore_errors=True)
    else:
        filesystem.mkdir(PENDING_CONF_DIR, 0o755, True)
    # Format common hooks arguments
    common_args = [1 if force else 0, 1 if dry_run else 0]
    # Execute hooks for pre-regen
    pre_args = ['pre', ] + common_args
    def _pre_call(name, priority, path, args):
        # create the pending conf directory for the service
        service_pending_path = os.path.join(PENDING_CONF_DIR, name)
        filesystem.mkdir(service_pending_path, 0o755, True, uid='root')
        # return the arguments to pass to the script
        return pre_args + [service_pending_path, ]
    # Don't regen SSH if not specifically specified
    if not names:
        names = hook_list('conf_regen', list_by='name',
                          show_info=False)['hooks']
        names.remove('ssh')
    pre_result = hook_callback('conf_regen', names, pre_callback=_pre_call)
    # Keep only the hook names with at least one success
    names = [hook for hook, infos in pre_result.items()
             if any(result["state"] == "succeed" for result in infos.values())]
    # FIXME : what do in case of partial success/failure ...
    if not names:
        ret_failed = [hook for hook, infos in pre_result.items()
                      if any(result["state"] == "failed" for result in infos.values())]
        raise YunohostError('service_regenconf_failed',
                            services=', '.join(ret_failed))
    # Set the processing method
    _regen = _process_regen_conf if not dry_run else lambda *a, **k: True
    operation_logger.related_to = []
    # Iterate over services and process pending conf
    for service, conf_files in _get_pending_conf(names).items():
        if not dry_run:
            operation_logger.related_to.append(('service', service))
        logger.debug(m18n.n(
            'service_regenconf_pending_applying' if not dry_run else
            'service_regenconf_dry_pending_applying',
            service=service))
        conf_hashes = _get_conf_hashes(service)
        succeed_regen = {}
        failed_regen = {}
        for system_path, pending_path in conf_files.items():
            logger.debug("processing pending conf '%s' to system conf '%s'",
                         pending_path, system_path)
            conf_status = None
            regenerated = False
            # Get the diff between files
            conf_diff = _get_files_diff(
                system_path, pending_path, True) if with_diff else None
            # Check if the conf must be removed
            to_remove = True if os.path.getsize(pending_path) == 0 else False
            # Retrieve and calculate hashes
            system_hash = _calculate_hash(system_path)
            saved_hash = conf_hashes.get(system_path, None)
            new_hash = None if to_remove else _calculate_hash(pending_path)
            # -> system conf does not exists
            if not system_hash:
                if to_remove:
                    logger.debug("> system conf is already removed")
                    os.remove(pending_path)
                    continue
                if not saved_hash or force:
                    if force:
                        logger.debug("> system conf has been manually removed")
                        conf_status = 'force-created'
                    else:
                        logger.debug("> system conf does not exist yet")
                        conf_status = 'created'
                    regenerated = _regen(
                        system_path, pending_path, save=False)
                else:
                    logger.info(m18n.n(
                        'service_conf_file_manually_removed',
                        conf=system_path))
                    conf_status = 'removed'
            # -> system conf is not managed yet
            elif not saved_hash:
                logger.debug("> system conf is not managed yet")
                if system_hash == new_hash:
                    logger.debug("> no changes to system conf has been made")
                    conf_status = 'managed'
                    regenerated = True
                elif not to_remove:
                    # If the conf exist but is not managed yet, and is not to be removed,
                    # we assume that it is safe to regen it, since the file is backuped
                    # anyway (by default in _regen), as long as we warn the user
                    # appropriately.
                    logger.info(m18n.n('service_conf_now_managed_by_yunohost',
                                       conf=system_path))
                    regenerated = _regen(system_path, pending_path)
                    conf_status = 'new'
                elif force:
                    regenerated = _regen(system_path)
                    conf_status = 'force-removed'
                else:
                    logger.info(m18n.n('service_conf_file_kept_back',
                                       conf=system_path, service=service))
                    conf_status = 'unmanaged'
            # -> system conf has not been manually modified
            elif system_hash == saved_hash:
                if to_remove:
                    regenerated = _regen(system_path)
                    conf_status = 'removed'
                elif system_hash != new_hash:
                    regenerated = _regen(system_path, pending_path)
                    conf_status = 'updated'
                else:
                    logger.debug("> system conf is already up-to-date")
                    os.remove(pending_path)
                    continue
            else:
                logger.debug("> system conf has been manually modified")
                if system_hash == new_hash:
                    logger.debug("> new conf is as current system conf")
                    conf_status = 'managed'
                    regenerated = True
                elif force:
                    regenerated = _regen(system_path, pending_path)
                    conf_status = 'force-updated'
                else:
                    logger.warning(m18n.n(
                        'service_conf_file_manually_modified',
                        conf=system_path))
                    conf_status = 'modified'
            # Store the result
            conf_result = {'status': conf_status}
            if conf_diff is not None:
                conf_result['diff'] = conf_diff
            if regenerated:
                succeed_regen[system_path] = conf_result
                conf_hashes[system_path] = new_hash
                if os.path.isfile(pending_path):
                    os.remove(pending_path)
            else:
                failed_regen[system_path] = conf_result
        # Check for service conf changes
        if not succeed_regen and not failed_regen:
            logger.debug(m18n.n('service_conf_up_to_date', service=service))
            continue
        elif not failed_regen:
            logger.success(m18n.n(
                'service_conf_updated' if not dry_run else
                'service_conf_would_be_updated',
                service=service))
        if succeed_regen and not dry_run:
            _update_conf_hashes(service, conf_hashes)
        # Append the service results
        result[service] = {
            'applied': succeed_regen,
            'pending': failed_regen
        }
    # Return in case of dry run
    if dry_run:
        return result
    # Execute hooks for post-regen
    post_args = ['post', ] + common_args
    def _pre_call(name, priority, path, args):
        # append coma-separated applied changes for the service
        if name in result and result[name]['applied']:
            regen_conf_files = ','.join(result[name]['applied'].keys())
        else:
            regen_conf_files = ''
        return post_args + [regen_conf_files, ]
    hook_callback('conf_regen', names, pre_callback=_pre_call)
    operation_logger.success()
    return result
 def _run_service_command(action, service):
@ -864,231 +634,9 @@ def _find_previous_log_file(file):
    return None
 def _get_files_diff(orig_file, new_file, as_string=False, skip_header=True):
    """Compare two files and return the differences
    Read and compare two files. The differences are returned either as a delta
    in unified diff format or a formatted string if as_string is True. The
    header can also be removed if skip_header is True.
    """
    if os.path.exists(orig_file):
        with open(orig_file, 'r') as orig_file:
            orig_file = orig_file.readlines()
    else:
        orig_file = []
    if os.path.exists(new_file):
        with open(new_file, 'r') as new_file:
            new_file = new_file.readlines()
    else:
        new_file = []
    # Compare files and format output
    diff = unified_diff(orig_file, new_file)
    if skip_header:
        try:
            next(diff)
            next(diff)
        except:
            pass
    if as_string:
        return ''.join(diff).rstrip()
    return diff
 def _calculate_hash(path):
    """Calculate the MD5 hash of a file"""
    if not os.path.exists(path):
        return None
    hasher = hashlib.md5()
    try:
        with open(path, 'rb') as f:
            hasher.update(f.read())
        return hasher.hexdigest()
    except IOError as e:
        logger.warning("Error while calculating file '%s' hash: %s", path, e, exc_info=1)
        return None
 def _get_pending_conf(services=[]):
    """Get pending configuration for service(s)
    Iterate over the pending configuration directory for given service(s) - or
    all if empty - and look for files inside. Each file is considered as a
    pending configuration file and therefore must be in the same directory
    tree than the system file that it replaces.
    The result is returned as a dict of services with pending configuration as
    key and a dict of `system_conf_path` => `pending_conf_path` as value.
    """
    result = {}
    if not os.path.isdir(PENDING_CONF_DIR):
        return result
    if not services:
        services = os.listdir(PENDING_CONF_DIR)
    for name in services:
        service_pending_path = os.path.join(PENDING_CONF_DIR, name)
        if not os.path.isdir(service_pending_path):
            continue
        path_index = len(service_pending_path)
        service_conf = {}
        for root, dirs, files in os.walk(service_pending_path):
            for filename in files:
                pending_path = os.path.join(root, filename)
                service_conf[pending_path[path_index:]] = pending_path
        if service_conf:
            result[name] = service_conf
        else:
            # remove empty directory
            shutil.rmtree(service_pending_path, ignore_errors=True)
    return result
 def _get_conf_hashes(service):
    """Get the registered conf hashes for a service"""
    services = _get_services()
    if service not in services:
        logger.debug("Service %s is not in services.yml yet.", service)
        return {}
    elif services[service] is None or 'conffiles' not in services[service]:
        logger.debug("No configuration files for service %s.", service)
        return {}
    else:
        return services[service]['conffiles']
 def _update_conf_hashes(service, hashes):
    """Update the registered conf hashes for a service"""
    logger.debug("updating conf hashes for '%s' with: %s",
                 service, hashes)
    services = _get_services()
    service_conf = services.get(service, {})
    # Handle the case where services[service] is set to null in the yaml
    if service_conf is None:
        service_conf = {}
    service_conf['conffiles'] = hashes
    services[service] = service_conf
    _save_services(services)
 def _process_regen_conf(system_conf, new_conf=None, save=True):
    """Regenerate a given system configuration file
    Replace a given system configuration file by a new one or delete it if
    new_conf is None. A backup of the file - keeping its directory tree - will
    be done in the backup conf directory before any operation if save is True.
    """
    if save:
        backup_path = os.path.join(BACKUP_CONF_DIR, '{0}-{1}'.format(
            system_conf.lstrip('/'), datetime.utcnow().strftime("%Y%m%d.%H%M%S")))
        backup_dir = os.path.dirname(backup_path)
        if not os.path.isdir(backup_dir):
            filesystem.mkdir(backup_dir, 0o755, True)
        shutil.copy2(system_conf, backup_path)
        logger.debug(m18n.n('service_conf_file_backed_up',
                            conf=system_conf, backup=backup_path))
    try:
        if not new_conf:
            os.remove(system_conf)
            logger.debug(m18n.n('service_conf_file_removed',
                                conf=system_conf))
        else:
            system_dir = os.path.dirname(system_conf)
            if not os.path.isdir(system_dir):
                filesystem.mkdir(system_dir, 0o755, True)
            shutil.copyfile(new_conf, system_conf)
            logger.debug(m18n.n('service_conf_file_updated',
                                conf=system_conf))
    except Exception as e:
        logger.warning("Exception while trying to regenerate conf '%s': %s", system_conf, e, exc_info=1)
        if not new_conf and os.path.exists(system_conf):
            logger.warning(m18n.n('service_conf_file_remove_failed',
                                  conf=system_conf),
                           exc_info=1)
            return False
        elif new_conf:
            try:
                # From documentation:
                # Raise an exception if an os.stat() call on either pathname fails.
                # (os.stats returns a series of information from a file like type, size...)
                copy_succeed = os.path.samefile(system_conf, new_conf)
            except:
                copy_succeed = False
            finally:
                if not copy_succeed:
                    logger.warning(m18n.n('service_conf_file_copy_failed',
                                          conf=system_conf, new=new_conf),
                                   exc_info=1)
                    return False
    return True
 def manually_modified_files():
    # We do this to have --quiet, i.e. don't throw a whole bunch of logs
    # just to fetch this...
    # Might be able to optimize this by looking at what service_regenconf does
    # and only do the part that checks file hashes...
    cmd = "yunohost service regen-conf --dry-run --output-as json --quiet"
    j = json.loads(subprocess.check_output(cmd.split()))
    # j is something like :
    # {"postfix": {"applied": {}, "pending": {"/etc/postfix/main.cf": {"status": "modified"}}}
    output = []
    for app, actions in j.items():
        for action, files in actions.items():
            for filename, infos in files.items():
                if infos["status"] == "modified":
                    output.append(filename)
    return output
 def _get_journalctl_logs(service, number="all"):
    try:
        return subprocess.check_output("journalctl -xn -u {0} -n{1}".format(service, number), shell=True)
    except:
        import traceback
        return "error while get services logs from journalctl:\n%s" % traceback.format_exc()
 def manually_modified_files_compared_to_debian_default():
    # from https://serverfault.com/a/90401
    r = subprocess.check_output("dpkg-query -W -f='${Conffiles}\n' '*' \
                                | awk 'OFS=\"  \"{print $2,$1}' \
                                | md5sum -c 2>/dev/null \
                                | awk -F': ' '$2 !~ /OK/{print $1}'", shell=True)
    return r.strip().split("\n")
--- a/src/yunohost/settings.py
+++ b/src/yunohost/settings.py
@ -7,6 +7,7 @@ from collections import OrderedDict
 from moulinette import m18n
 from yunohost.utils.error import YunohostError
 from moulinette.utils.log import getActionLogger
 from yunohost.service import service_regen_conf
 logger = getActionLogger('yunohost.settings')
@ -39,6 +40,12 @@ DEFAULTS = OrderedDict([
    ("security.password.admin.strength", {"type": "int", "default": 1}),
    ("security.password.user.strength", {"type": "int", "default": 1}),
    ("service.ssh.allow_deprecated_dsa_hostkey", {"type": "bool", "default": False}),
    ("security.ssh.compatibility", {"type": "enum", "default": "modern",
        "choices": ["intermediate", "modern"]}),
    ("security.nginx.compatibility", {"type": "enum", "default": "intermediate",
        "choices": ["intermediate", "modern"]}),
    ("security.postfix.compatibility", {"type": "enum", "default": "intermediate",
        "choices": ["intermediate", "modern"]}),
 ])
@ -109,8 +116,8 @@ def settings_set(key, value):
    elif key_type == "enum":
        if value not in settings[key]["choices"]:
            raise YunohostError('global_settings_bad_choice_for_enum', setting=key,
-                                received_type=type(value).__name__,
+                                choice=str(value),
-                                expected_type=", ".join(settings[key]["choices"]))
+                                available_choices=", ".join(settings[key]["choices"]))
    else:
        raise YunohostError('global_settings_unknown_type', setting=key,
                            unknown_type=key_type)
@ -278,10 +285,17 @@ def trigger_post_change_hook(setting_name, old_value, new_value):
 #
 # ===========================================
@post_change_hook("security.nginx.compatibility")
 def reconfigure_nginx(setting_name, old_value, new_value):
    if old_value != new_value:
        service_regen_conf(names=['nginx'])
-#@post_change_hook("example.int")
+@post_change_hook("security.ssh.compatibility")
-#def myfunc(setting_name, old_value, new_value):
+def reconfigure_ssh(setting_name, old_value, new_value):
-#    print("In hook")
+    if old_value != new_value:
-#    print(setting_name)
+        service_regen_conf(names=['ssh'])
-#    print(old_value)
+
-#    print(new_value)
+@post_change_hook("security.postfix.compatibility")
 def reconfigure_ssh(setting_name, old_value, new_value):
    if old_value != new_value:
        service_regen_conf(names=['postfix'])
--- a/src/yunohost/tools.py
+++ b/src/yunohost/tools.py
@ -34,22 +34,20 @@ from xmlrpclib import Fault
 from importlib import import_module
 from collections import OrderedDict
-import apt
+from moulinette import msignals, m18n
 import apt.progress
 from moulinette import msettings, msignals, m18n
 from moulinette.core import init_authenticator
 from yunohost.utils.error import YunohostError
 from moulinette.utils.log import getActionLogger
-from moulinette.utils.process import check_output
+from moulinette.utils.process import check_output, call_async_output
 from moulinette.utils.filesystem import read_json, write_to_json
 from yunohost.app import app_fetchlist, app_info, app_upgrade, app_ssowatconf, app_list, _install_appslist_fetch_cron
 from yunohost.domain import domain_add, domain_list, _get_maindomain, _set_maindomain
 from yunohost.dyndns import _dyndns_available, _dyndns_provides
 from yunohost.firewall import firewall_upnp
-from yunohost.service import service_status, service_regen_conf, service_log, service_start, service_enable
+from yunohost.service import service_status, service_start, service_enable
 from yunohost.regenconf import regen_conf
 from yunohost.monitor import monitor_disk, monitor_system
-from yunohost.utils.packages import ynh_packages_version
+from yunohost.utils.packages import ynh_packages_version, _dump_sources_list, _list_upgradable_apt_packages
 from yunohost.utils.network import get_public_ip
 from yunohost.log import is_unit_operation, OperationLogger
@ -132,6 +130,11 @@ def tools_adminpw(auth, new_password, check_strength=True):
    if check_strength:
        assert_password_is_strong_enough("admin", new_password)
    # UNIX seems to not like password longer than 127 chars ...
    # e.g. SSH login gets broken (or even 'su admin' when entering the password)
    if len(new_password) >= 127:
        raise YunohostError('admin_password_too_long')
    new_hash = _hash_user_password(new_password)
    try:
@ -207,7 +210,7 @@ def tools_maindomain(operation_logger, auth, new_domain=None):
    # Regen configurations
    try:
        with open('/etc/yunohost/installed', 'r'):
-            service_regen_conf()
+            regen_conf()
    except IOError:
        pass
@ -325,7 +328,7 @@ def tools_postinstall(operation_logger, domain, password, ignore_dyndns=False,
    operation_logger.start()
    logger.info(m18n.n('yunohost_installing'))
-    service_regen_conf(['nslcd', 'nsswitch'], force=True)
+    regen_conf(['nslcd', 'nsswitch'], force=True)
    # Initialize LDAP for YunoHost
    # TODO: Improve this part by integrate ldapinit into conf_regen hook
@ -340,11 +343,8 @@ def tools_postinstall(operation_logger, domain, password, ignore_dyndns=False,
        '/home/yunohost.app'
    ]
-    for folder in folders_to_create:
+    for folder in filter(lambda x: not os.path.exists(x), folders_to_create):
-        try:
+        os.makedirs(folder)
            os.listdir(folder)
        except OSError:
            os.makedirs(folder)
    # Change folders permissions
    os.system('chmod 755 /home/yunohost.app')
@ -376,7 +376,7 @@ def tools_postinstall(operation_logger, domain, password, ignore_dyndns=False,
    os.system('chmod 644 /etc/ssowat/conf.json.persistent')
    # Create SSL CA
-    service_regen_conf(['ssl'], force=True)
+    regen_conf(['ssl'], force=True)
    ssl_dir = '/usr/share/yunohost/yunohost-config/ssl/yunoCA'
    # (Update the serial so that it's specific to this very instance)
    os.system("openssl rand -hex 19 > %s/serial" % ssl_dir)
@ -405,7 +405,7 @@ def tools_postinstall(operation_logger, domain, password, ignore_dyndns=False,
    logger.success(m18n.n('yunohost_ca_creation_success'))
    # New domain config
-    service_regen_conf(['nsswitch'], force=True)
+    regen_conf(['nsswitch'], force=True)
    domain_add(auth, domain, dyndns)
    tools_maindomain(auth, domain)
@ -415,10 +415,10 @@ def tools_postinstall(operation_logger, domain, password, ignore_dyndns=False,
    # Enable UPnP silently and reload firewall
    firewall_upnp('enable', no_refresh=True)
-    # Setup the default official app list with cron job
+    # Setup the default apps list with cron job
    try:
        app_fetchlist(name="yunohost",
-                      url="https://app.yunohost.org/official.json")
+                      url="https://app.yunohost.org/apps.json")
    except Exception as e:
        logger.warning(str(e))
@ -433,7 +433,7 @@ def tools_postinstall(operation_logger, domain, password, ignore_dyndns=False,
    service_enable("yunohost-firewall")
    service_start("yunohost-firewall")
-    service_regen_conf(force=True)
+    regen_conf(force=True)
    # Restore original ssh conf, as chosen by the
    # admin during the initial install
@ -450,155 +450,260 @@ def tools_postinstall(operation_logger, domain, password, ignore_dyndns=False,
    else:
        # We need to explicitly ask the regen conf to regen ssh
        # (by default, i.e. first argument = None, it won't because it's too touchy)
-        service_regen_conf(names=["ssh"], force=True)
+        regen_conf(names=["ssh"], force=True)
    logger.success(m18n.n('yunohost_configured'))
    logger.warning(m18n.n('recommend_to_add_first_user'))
-def tools_update(ignore_apps=False, ignore_packages=False):
+def tools_regen_conf(names=[], with_diff=False, force=False, dry_run=False,
                     list_pending=False):
    return regen_conf(names, with_diff, force, dry_run, list_pending)
 def tools_update(apps=False, system=False):
    """
-    Update apps & package cache, then display changelog
+    Update apps & system package cache
    Keyword arguments:
-        ignore_apps -- Ignore app list update and changelog
+        system -- Fetch available system packages upgrades (equivalent to apt update)
-        ignore_packages -- Ignore apt cache update and changelog
+        apps -- Fetch the application list to check which apps can be upgraded
    """
-    # "packages" will list upgradable packages
+
-    packages = []
+    # If neither --apps nor --system specified, do both
-    if not ignore_packages:
+    if not apps and not system:
-        cache = apt.Cache()
+        apps = True
        system = True
    upgradable_system_packages = []
    if system:
        # Update APT cache
        # LC_ALL=C is here to make sure the results are in english
        command = "LC_ALL=C apt update"
        # Filter boring message about "apt not having a stable CLI interface"
        # Also keep track of wether or not we encountered a warning...
        warnings = []
        def is_legit_warning(m):
            legit_warning = m.rstrip() and "apt does not have a stable CLI interface" not in m.rstrip()
            if legit_warning:
                warnings.append(m)
            return legit_warning
        callbacks = (
            # stdout goes to debug
            lambda l: logger.debug(l.rstrip()),
            # stderr goes to warning except for the boring apt messages
            lambda l: logger.warning(l.rstrip()) if is_legit_warning(l) else logger.debug(l.rstrip())
        )
        logger.info(m18n.n('updating_apt_cache'))
        if not cache.update():
            raise YunohostError('update_cache_failed')
-        cache.open(None)
+        returncode = call_async_output(command, callbacks, shell=True)
        cache.upgrade(True)
-        # Add changelogs to the result
+        if returncode != 0:
-        for pkg in cache.get_changes():
+            raise YunohostError('update_apt_cache_failed', sourceslist='\n'.join(_dump_sources_list()))
-            packages.append({
+        elif warnings:
-                'name': pkg.name,
+            logger.error(m18n.n('update_apt_cache_warning', sourceslist='\n'.join(_dump_sources_list())))
-                'fullname': pkg.fullname,
+
-                'changelog': pkg.get_changelog()
+        upgradable_system_packages = list(_list_upgradable_apt_packages())
            })
        logger.debug(m18n.n('done'))
-    # "apps" will list upgradable packages
+    upgradable_apps = []
-    apps = []
+    if apps:
-    if not ignore_apps:
+        logger.info(m18n.n('updating_app_lists'))
        try:
            app_fetchlist()
        except YunohostError:
            # FIXME : silent exception !?
            pass
-        app_list_installed = os.listdir(APPS_SETTING_PATH)
+        upgradable_apps = list(_list_upgradable_apps())
        for app_id in app_list_installed:
-            app_dict = app_info(app_id, raw=True)
+    if len(upgradable_apps) == 0 and len(upgradable_system_packages) == 0:
        logger.info(m18n.n('already_up_to_date'))
-            if app_dict["upgradable"] == "yes":
+    return {'system': upgradable_system_packages, 'apps': upgradable_apps}
                apps.append({
                    'id': app_id,
                    'label': app_dict['settings']['label']
                })
    if len(apps) == 0 and len(packages) == 0:
        logger.info(m18n.n('packages_no_upgrade'))
-    return {'packages': packages, 'apps': apps}
+def _list_upgradable_apps():
    app_list_installed = os.listdir(APPS_SETTING_PATH)
    for app_id in app_list_installed:
        app_dict = app_info(app_id, raw=True)
        if app_dict["upgradable"] == "yes":
            yield {
                'id': app_id,
                'label': app_dict['settings']['label']
            }
@is_unit_operation()
-def tools_upgrade(operation_logger, auth, ignore_apps=False, ignore_packages=False):
+def tools_upgrade(operation_logger, auth, apps=None, system=False):
    """
    Update apps & package cache, then display changelog
    Keyword arguments:
-        ignore_apps -- Ignore apps upgrade
+       apps -- List of apps to upgrade (or [] to update all apps)
-        ignore_packages -- Ignore APT packages upgrade
+       system -- True to upgrade system
    """
    from yunohost.utils import packages
    if packages.dpkg_is_broken():
        raise YunohostError("dpkg_is_broken")
-    failure = False
+    if system is not False and apps is not None:
        raise YunohostError("tools_upgrade_cant_both")
-    # Retrieve interface
+    if system is False and apps is None:
-    is_api = True if msettings.get('interface') == 'api' else False
+        raise YunohostError("tools_upgrade_at_least_one")
-    if not ignore_packages:
+    #
    # Apps
    # This is basically just an alias to yunohost app upgrade ...
    #
-        apt.apt_pkg.init()
+    if apps is not None:
        apt.apt_pkg.config.set("DPkg::Options::", "--force-confdef")
        apt.apt_pkg.config.set("DPkg::Options::", "--force-confold")
-        cache = apt.Cache()
+        # Make sure there's actually something to upgrade
        cache.open(None)
        cache.upgrade(True)
-        # If API call
+        upgradable_apps = [app["id"] for app in _list_upgradable_apps()]
        if is_api:
            critical_packages = ("moulinette", "yunohost",
                                 "yunohost-admin", "ssowat", "python")
            critical_upgrades = set()
-            for pkg in cache.get_changes():
+        if not upgradable_apps:
-                if pkg.name in critical_packages:
+            logger.info(m18n.n("app_no_upgrade"))
-                    critical_upgrades.add(pkg.name)
+            return
-                    # Temporarily keep package ...
+        elif len(apps) and all(app not in upgradable_apps for app in apps):
-                    pkg.mark_keep()
+            logger.info(m18n.n("apps_already_up_to_date"))
            return
-            # ... and set a hourly cron up to upgrade critical packages
+        # Actually start the upgrades
            if critical_upgrades:
                logger.info(m18n.n('packages_upgrade_critical_later',
                                   packages=', '.join(critical_upgrades)))
                with open('/etc/cron.d/yunohost-upgrade', 'w+') as f:
                    f.write('00 * * * * root PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin apt-get install %s -y && rm -f /etc/cron.d/yunohost-upgrade\n' % ' '.join(critical_upgrades))
        if cache.get_changes():
            logger.info(m18n.n('upgrading_packages'))
            operation_logger.start()
            try:
                os.environ["DEBIAN_FRONTEND"] = "noninteractive"
                # Apply APT changes
                # TODO: Logs output for the API
                cache.commit(apt.progress.text.AcquireProgress(),
                             apt.progress.base.InstallProgress())
            except Exception as e:
                failure = True
                logger.warning('unable to upgrade packages: %s' % str(e))
                logger.error(m18n.n('packages_upgrade_failed'))
                operation_logger.error(m18n.n('packages_upgrade_failed'))
            else:
                logger.info(m18n.n('done'))
                operation_logger.success()
            finally:
                del os.environ["DEBIAN_FRONTEND"]
        else:
            logger.info(m18n.n('packages_no_upgrade'))
    if not ignore_apps:
        try:
-            app_upgrade(auth)
+            app_upgrade(auth, app=apps)
        except Exception as e:
            failure = True
            logger.warning('unable to upgrade apps: %s' % str(e))
            logger.error(m18n.n('app_upgrade_some_app_failed'))
-    if not failure:
+        return
        logger.success(m18n.n('system_upgraded'))
-    # Return API logs if it is an API call
+    #
-    if is_api:
+    # System
-        return {"log": service_log('yunohost-api', number="100").values()[0]}
+    #
    if system is True:
        # Check that there's indeed some packages to upgrade
        upgradables = list(_list_upgradable_apt_packages())
        if not upgradables:
            logger.info(m18n.n('already_up_to_date'))
        logger.info(m18n.n('upgrading_packages'))
        operation_logger.start()
        # Critical packages are packages that we can't just upgrade
        # randomly from yunohost itself... upgrading them is likely to
        critical_packages = ("moulinette", "yunohost", "yunohost-admin", "ssowat", "python")
        critical_packages_upgradable = [p for p in upgradables if p["name"] in critical_packages]
        noncritical_packages_upgradable = [p for p in upgradables if p["name"] not in critical_packages]
        # Prepare dist-upgrade command
        dist_upgrade = "DEBIAN_FRONTEND=noninteractive"
        dist_upgrade += " APT_LISTCHANGES_FRONTEND=none"
        dist_upgrade += " apt-get"
        dist_upgrade += " --fix-broken --show-upgraded --assume-yes"
        for conf_flag in ["old", "miss", "def"]:
            dist_upgrade += ' -o Dpkg::Options::="--force-conf{}"'.format(conf_flag)
        dist_upgrade += " dist-upgrade"
        #
        # "Regular" packages upgrade
        #
        if noncritical_packages_upgradable:
            logger.info(m18n.n("tools_upgrade_regular_packages"))
            # Mark all critical packages as held
            for package in critical_packages:
                check_output("apt-mark hold %s" % package)
            # Doublecheck with apt-mark showhold that packages are indeed held ...
            held_packages = check_output("apt-mark showhold").split("\n")
            if any(p not in held_packages for p in critical_packages):
                logger.warning(m18n.n("tools_upgrade_cant_hold_critical_packages"))
                operation_logger.error(m18n.n('packages_upgrade_failed'))
                raise YunohostError(m18n.n('packages_upgrade_failed'))
            logger.debug("Running apt command :\n{}".format(dist_upgrade))
            callbacks = (
                lambda l: logger.info(l.rstrip() + "\r"),
                lambda l: logger.warning(l.rstrip()),
            )
            returncode = call_async_output(dist_upgrade, callbacks, shell=True)
            if returncode != 0:
                logger.warning('tools_upgrade_regular_packages_failed',
                               packages_list=', '.join(noncritical_packages_upgradable))
                operation_logger.error(m18n.n('packages_upgrade_failed'))
                raise YunohostError(m18n.n('packages_upgrade_failed'))
        #
        # Critical packages upgrade
        #
        if critical_packages_upgradable:
            logger.info(m18n.n("tools_upgrade_special_packages"))
            # Mark all critical packages as unheld
            for package in critical_packages:
                check_output("apt-mark unhold %s" % package)
            # Doublecheck with apt-mark showhold that packages are indeed unheld ...
            held_packages = check_output("apt-mark showhold").split("\n")
            if any(p in held_packages for p in critical_packages):
                logger.warning(m18n.n("tools_upgrade_cant_unhold_critical_packages"))
                operation_logger.error(m18n.n('packages_upgrade_failed'))
                raise YunohostError(m18n.n('packages_upgrade_failed'))
            #
            # Here we use a dirty hack to run a command after the current
            # "yunohost tools upgrade", because the upgrade of yunohost
            # will also trigger other yunohost commands (e.g. "yunohost tools migrations migrate")
            # (also the upgrade of the package, if executed from the webadmin, is
            # likely to kill/restart the api which is in turn likely to kill this
            # command before it ends...)
            #
            logfile = operation_logger.log_path
            command = dist_upgrade + " 2>&1 | tee -a {}".format(logfile)
            MOULINETTE_LOCK = "/var/run/moulinette_yunohost.lock"
            wait_until_end_of_yunohost_command = "(while [ -f {} ]; do sleep 2; done)".format(MOULINETTE_LOCK)
            mark_success = "(echo 'Done!' | tee -a {} && echo 'success: true' >> {})".format(logfile, operation_logger.md_path)
            mark_failure = "(echo 'Failed :(' | tee -a {} && echo 'success: false' >> {})".format(logfile, operation_logger.md_path)
            update_log_metadata = "sed -i \"s/ended_at: .*$/ended_at: $(date -u +'%Y-%m-%d %H:%M:%S.%N')/\" {}"
            update_log_metadata = update_log_metadata.format(operation_logger.md_path)
            upgrade_completed = "\n" + m18n.n("tools_upgrade_special_packages_completed")
            command = "(({wait} && {cmd}) && {mark_success} || {mark_failure}; {update_metadata}; echo '{done}') &".format(
                      wait=wait_until_end_of_yunohost_command,
                      cmd=command,
                      mark_success=mark_success,
                      mark_failure=mark_failure,
                      update_metadata=update_log_metadata,
                      done=upgrade_completed)
            logger.warning(m18n.n("tools_upgrade_special_packages_explanation"))
            logger.debug("Running command :\n{}".format(command))
            os.system(command)
            return
        else:
            logger.success(m18n.n('system_upgraded'))
            operation_logger.success()
 def tools_diagnosis(auth, private=False):
@ -660,12 +765,13 @@ def tools_diagnosis(auth, private=False):
        }
    # nginx -t
-    try:
+    p = subprocess.Popen("nginx -t".split(),
-        diagnosis['nginx'] = check_output("nginx -t").strip().split("\n")
+                         stdout=subprocess.PIPE,
-    except Exception as e:
+                         stderr=subprocess.STDOUT)
-        import traceback
+    out, _ = p.communicate()
-        traceback.print_exc()
+    diagnosis["nginx"] = out.strip().split("\n")
-        logger.warning("Unable to check 'nginx -t', exception: %s" % e)
+    if p.returncode != 0:
        logger.error(out)
    # Services status
    services = service_status()
@ -697,7 +803,7 @@ def tools_diagnosis(auth, private=False):
        # Domains
        diagnosis['private']['domains'] = domain_list(auth)['domains']
-        diagnosis['private']['regen_conf'] = service_regen_conf(with_diff=True, dry_run=True)
+        diagnosis['private']['regen_conf'] = regen_conf(with_diff=True, dry_run=True)
    try:
        diagnosis['security'] = {
--- a/src/yunohost/utils/packages.py
+++ b/src/yunohost/utils/packages.py
@ -481,3 +481,46 @@ def dpkg_is_broken():
        return False
    return any(re.match("^[0-9]+$", f)
               for f in os.listdir("/var/lib/dpkg/updates/"))
 def _list_upgradable_apt_packages():
    from moulinette.utils.process import check_output
    # List upgradable packages
    # LC_ALL=C is here to make sure the results are in english
    upgradable_raw = check_output("LC_ALL=C apt list --upgradable")
    # Dirty parsing of the output
    upgradable_raw = [l.strip() for l in upgradable_raw.split("\n") if l.strip()]
    for line in upgradable_raw:
        # Remove stupid warning and verbose messages >.>
        if "apt does not have a stable CLI interface" in line or "Listing..." in line:
            continue
        # line should look like :
        # yunohost/stable 3.5.0.2+201903211853 all [upgradable from: 3.4.2.4+201903080053]
        line = line.split()
        if len(line) != 6:
            logger.warning("Failed to parse this line : %s" % ' '.join(line))
            continue
        yield {
            "name": line[0].split("/")[0],
            "new_version": line[1],
            "current_version": line[5].strip("]"),
        }
 def _dump_sources_list():
    from glob import glob
    filenames = glob("/etc/apt/sources.list") + glob("/etc/apt/sources.list.d/*")
    for filename in filenames:
        with open(filename, "r") as f:
            for line in f.readlines():
                if line.startswith("#") or not line.strip():
                    continue
                yield filename.replace("/etc/apt/", "") + ":" + line.strip()