Merge branch 'dev' into enh-backup-repo

.codeclimate.yml

@@ -0,0 +1,24 @@
+---
+version: "2"
+plugins:
+  duplication:
+    enabled: true
+    config:
+      languages:
+        python:
+          python_version: 3
+  shellcheck:
+    enabled: true
+  pep8:
+    enabled: true
+  fixme:
+    enabled: true
+  sonar-python:
+    enabled: true
+    config:
+      tests_patterns:
+        - bin/*
+        - data/**
+        - doc/*
+        - src/**
+        - tests/**

.coveragerc

@@ -1,2 +1,2 @@
 [report]
-omit=src/yunohost/tests/*,src/yunohost/vendor/*,/usr/lib/moulinette/yunohost/*
+omit=src/tests/*,src/vendor/*,/usr/lib/moulinette/yunohost/*

.github/workflows/n_updater.sh

@@ -0,0 +1,78 @@
+#!/bin/bash
+
+#=================================================
+# N UPDATING HELPER
+#=================================================
+
+# This script is meant to be run by GitHub Actions.
+# It is derived from the Updater script from the YunoHost-Apps organization.
+# It aims to automate the update of `n`, the Node version management system.
+
+#=================================================
+# FETCHING LATEST RELEASE AND ITS ASSETS
+#=================================================
+
+# Fetching information
+source helpers/nodejs
+current_version="$n_version"
+repo="tj/n"
+# Some jq magic is needed, because the latest upstream release is not always the latest version (e.g. security patches for older versions)
+version=$(curl --silent "https://api.github.com/repos/$repo/releases" | jq -r '.[] | select( .prerelease != true ) | .tag_name' | sort -V | tail -1)
+
+# Later down the script, we assume the version has only digits and dots
+# Sometimes the release name starts with a "v", so let's filter it out.
+if [[ ${version:0:1} == "v" || ${version:0:1} == "V" ]]; then
+    version=${version:1}
+fi
+
+# Setting up the environment variables
+echo "Current version: $current_version"
+echo "Latest release from upstream: $version"
+echo "VERSION=$version" >> $GITHUB_ENV
+# For the time being, let's assume the script will fail
+echo "PROCEED=false" >> $GITHUB_ENV
+
+# Proceed only if the retrieved version is greater than the current one
+if ! dpkg --compare-versions "$current_version" "lt" "$version" ; then
+    echo "::warning ::No new version available"
+    exit 0
+# Proceed only if a PR for this new version does not already exist
+elif git ls-remote -q --exit-code --heads https://github.com/${GITHUB_REPOSITORY:-YunoHost/yunohost}.git ci-auto-update-n-v$version ; then
+    echo "::warning ::A branch already exists for this update"
+    exit 0
+fi
+
+#=================================================
+# UPDATE SOURCE FILES
+#=================================================
+
+asset_url="https://github.com/tj/n/archive/v${version}.tar.gz"
+
+echo "Handling asset at $asset_url"
+
+# Create the temporary directory
+tempdir="$(mktemp -d)"
+
+# Download sources and calculate checksum
+filename=${asset_url##*/}
+curl --silent -4 -L $asset_url -o "$tempdir/$filename"
+checksum=$(sha256sum "$tempdir/$filename" | head -c 64)
+
+# Delete temporary directory
+rm -rf $tempdir
+
+echo "Calculated checksum for n v${version} is $checksum"
+
+#=================================================
+# GENERIC FINALIZATION
+#=================================================
+
+# Replace new version in helper
+sed -i -E "s/^n_version=.*$/n_version=$version/" helpers/nodejs
+
+# Replace checksum in helper
+sed -i -E "s/^n_checksum=.*$/n_checksum=$checksum/" helpers/nodejs
+
+# The Action will proceed only if the PROCEED environment variable is set to true
+echo "PROCEED=true" >> $GITHUB_ENV
+exit 0

.github/workflows/n_updater.yml

@@ -0,0 +1,46 @@
+# This workflow allows GitHub Actions to automagically update YunoHost NodeJS helper whenever a new release of n is detected.
+name: Check for new n releases
+on:
+  # Allow to manually trigger the workflow
+  workflow_dispatch:
+  # Run it every day at 5:00 UTC
+  schedule:
+    - cron:  '0 5 * * *'
+jobs:
+  updater:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Fetch the source code
+        uses: actions/checkout@v2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+      - name: Run the updater script
+        id: run_updater
+        run: |
+          # Setting up Git user
+          git config --global user.name 'yunohost-bot'
+          git config --global user.email 'yunohost-bot@users.noreply.github.com'
+          # Run the updater script
+          /bin/bash .github/workflows/n_updater.sh
+      - name: Commit changes
+        id: commit
+        if: ${{ env.PROCEED == 'true' }}
+        run: |
+          git commit -am "Upgrade n to v$VERSION"
+      - name: Create Pull Request
+        id: cpr
+        if: ${{ env.PROCEED == 'true' }}
+        uses: peter-evans/create-pull-request@v3
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }}
+          commit-message: Update n to version ${{ env.VERSION }}
+          committer: 'yunohost-bot <yunohost-bot@users.noreply.github.com>'
+          author: 'yunohost-bot <yunohost-bot@users.noreply.github.com>'
+          signoff: false
+          base: dev
+          branch: ci-auto-update-n-v${{ env.VERSION }}
+          delete-branch: true
+          title: 'Upgrade n to version ${{ env.VERSION }}'
+          body: |
+            Upgrade `n` to v${{ env.VERSION }}
+          draft: false

.gitignore

@@ -31,7 +31,7 @@ pip-log.txt
 .mr.developer.cfg
 
 # moulinette lib
-src/yunohost/locales
+src/locales
 
 # Test
-src/yunohost/tests/apps
+src/tests/apps

.gitlab-ci.yml

@@ -2,7 +2,7 @@
 stages:
   - build
   - install
-  - tests
+  - test
   - lint
   - doc
   - translation
@@ -13,12 +13,25 @@ default:
   # All jobs are interruptible by default
   interruptible: true
 
+code_quality:
+  tags:
+    - docker
+
+code_quality_html:
+  extends: code_quality
+  variables:
+    REPORT_FORMAT: html
+  artifacts:
+    paths: [gl-code-quality-report.html]
+
 # see: https://docs.gitlab.com/ee/ci/yaml/#switch-between-branch-pipelines-and-merge-request-pipelines
 workflow:
   rules:
     - if: $CI_PIPELINE_SOURCE == "merge_request_event" # If we move to gitlab one day
     - if: $CI_PIPELINE_SOURCE == "external_pull_request_event" # For github PR
     - if: $CI_COMMIT_TAG # For tags
+    - if: $CI_COMMIT_REF_NAME == "ci-format-$CI_DEFAULT_BRANCH"  # Ignore black formatting branch created by the CI
+      when: never
     - if: $CI_COMMIT_REF_NAME != $CI_DEFAULT_BRANCH  && $CI_PIPELINE_SOURCE == "push" # If it's not the default branch and if it's a push, then do not trigger a build
       when: never
     - when: always
@@ -27,4 +40,5 @@ variables:
   YNH_BUILD_DIR: "ynh-build"
 
 include:
+  - template: Code-Quality.gitlab-ci.yml
   - local: .gitlab/ci/*.gitlab-ci.yml

.gitlab/ci/build.gitlab-ci.yml

@@ -5,11 +5,13 @@
     YNH_SOURCE: "https://github.com/yunohost"
   before_script:
     - mkdir -p $YNH_BUILD_DIR
+    - DEBIAN_FRONTEND=noninteractive apt update
   artifacts:
     paths:
       - $YNH_BUILD_DIR/*.deb
 
 .build_script: &build_script
+  - DEBIAN_FRONTEND=noninteractive apt --assume-yes -o Dpkg::Options::="--force-confold" install devscripts --no-install-recommends
   - cd $YNH_BUILD_DIR/$PACKAGE
   - VERSION=$(dpkg-parsechangelog -S Version 2>/dev/null)
   - VERSION_NIGHTLY="${VERSION}+$(date +%Y%m%d%H%M)"

.gitlab/ci/doc.gitlab-ci.yml

@@ -14,7 +14,7 @@ generate-helpers-doc:
     - cd doc
     - python3 generate_helper_doc.py
     - hub clone https://$GITHUB_TOKEN:x-oauth-basic@github.com/YunoHost/doc.git doc_repo
-    - cp helpers.md doc_repo/pages/04.contribute/04.packaging_apps/11.helpers/packaging_apps_helpers.md
+    - cp helpers.md doc_repo/pages/06.contribute/10.packaging_apps/11.helpers/packaging_apps_helpers.md
     - cd doc_repo
     # replace ${CI_COMMIT_REF_NAME} with ${CI_COMMIT_TAG} ?
     - hub checkout -b "${CI_COMMIT_REF_NAME}"

.gitlab/ci/lint.gitlab-ci.yml

@@ -3,28 +3,27 @@
 ########################################
 # later we must fix lint and format-check jobs and remove "allow_failure"
 
----
+lint39:
-lint37:
   stage: lint
   image: "before-install"
   needs: []
   allow_failure: true
   script:
-    - tox -e py37-lint
+    - tox -e py39-lint
 
-invalidcode37:
+invalidcode39:
   stage: lint
   image: "before-install"
   needs: []
   script:
-    - tox -e py37-invalidcode
+    - tox -e py39-invalidcode
 
 mypy:
   stage: lint
   image: "before-install"
   needs: []
   script:
-    - tox -e py37-mypy
+    - tox -e py39-mypy
 
 black:
   stage: lint
@@ -39,11 +38,11 @@ black:
   script:
     # create a local branch that will overwrite distant one
     - git checkout -b "ci-format-${CI_COMMIT_REF_NAME}" --no-track
-    - tox -e py37-black-run
+    - tox -e py39-black-run
     - '[ $(git diff | wc -l) != 0 ] || exit 0'  # stop if there is nothing to commit
     - git commit -am "[CI] Format code with Black" || true
     - git push -f origin "ci-format-${CI_COMMIT_REF_NAME}":"ci-format-${CI_COMMIT_REF_NAME}"
-    - hub pull-request -m "[CI] Format code with Black" -b Yunohost:dev -p || true # GITHUB_USER and GITHUB_TOKEN registered here https://gitlab.com/yunohost/yunohost/-/settings/ci_cd
+    - hub pull-request -m "[CI] Format code with Black" -b Yunohost:$CI_COMMIT_REF_NAME -p || true # GITHUB_USER and GITHUB_TOKEN registered here https://gitlab.com/yunohost/yunohost/-/settings/ci_cd
   only:
-    refs:
+    variables:
-      - dev
+      - $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH

.gitlab/ci/test.gitlab-ci.yml

@@ -1,9 +1,10 @@
 .install_debs: &install_debs
     - apt-get update -o Acquire::Retries=3
     - DEBIAN_FRONTEND=noninteractive SUDO_FORCE_REMOVE=yes apt --assume-yes -o Dpkg::Options::="--force-confold" --allow-downgrades install ./$YNH_BUILD_DIR/*.deb
+    - pip3 install -U mock pip pytest pytest-cov pytest-mock pytest-sugar requests-mock tox ansi2html black jinja2
 
 .test-stage:
-  stage: tests
+  stage: test
   image: "after-install"
   variables:
     PYTEST_ADDOPTS: "--color=yes"
@@ -11,7 +12,7 @@
     - *install_debs
   cache:
     paths: 
-      - src/yunohost/tests/apps
+      - src/tests/apps
     key: "$CI_JOB_STAGE-$CI_COMMIT_REF_SLUG"
   needs:
       - job: build-yunohost
@@ -22,13 +23,12 @@
         artifacts: true
       - job: upgrade
 
-
 ########################################
 # TESTS
 ########################################
 
 full-tests:
-  stage: tests
+  stage: test
   image: "before-install"
   variables:
     PYTEST_ADDOPTS: "--color=yes"
@@ -36,7 +36,7 @@ full-tests:
     - *install_debs
     - yunohost tools postinstall -d domain.tld -p the_password --ignore-dyndns --force-diskspace
   script:
-    - python3 -m pytest --cov=yunohost tests/ src/yunohost/tests/ data/hooks/diagnosis/ --junitxml=report.xml
+    - python3 -m pytest --cov=yunohost tests/ src/tests/ src/diagnosers/ --junitxml=report.xml
     - cd tests
     - bash test_helpers.sh
   needs:
@@ -50,31 +50,13 @@ full-tests:
     reports:
       junit: report.xml
 
-test-i18n-keys:
-  extends: .test-stage
-  script:
-    - python3 -m pytest tests/test_i18n_keys.py
-  only:
-    changes:
-      - locales/en.json
-      - src/yunohost/*.py
-      - data/hooks/diagnosis/*.py
-
-test-translation-format-consistency:
-  extends: .test-stage
-  script:
-    - python3 -m pytest tests/test_translation_format_consistency.py
-  only:
-    changes:
-      - locales/*
-
 test-actionmap:
   extends: .test-stage
   script:
     - python3 -m pytest tests/test_actionmap.py
   only:
     changes:
-      - data/actionsmap/*.yml
+      - share/actionsmap.yml
 
 test-helpers:
   extends: .test-stage
@@ -83,126 +65,126 @@ test-helpers:
     - bash test_helpers.sh
   only:
     changes:
-      - data/helpers.d/*
+      - helpers/*
 
 test-domains:
   extends: .test-stage
   script:
-    - python3 -m pytest src/yunohost/tests/test_domains.py
+    - python3 -m pytest src/tests/test_domains.py
   only:
     changes:
-      - src/yunohost/domain.py
+      - src/domain.py
 
 test-dns:
   extends: .test-stage
   script:
-    - python3 -m pytest src/yunohost/tests/test_dns.py
+    - python3 -m pytest src/tests/test_dns.py
   only:
     changes:
-      - src/yunohost/dns.py
+      - src/dns.py
-      - src/yunohost/utils/dns.py
+      - src/utils/dns.py
 
 test-apps:
   extends: .test-stage
   script:
-    - python3 -m pytest src/yunohost/tests/test_apps.py
+    - python3 -m pytest src/tests/test_apps.py
   only:
     changes:
-      - src/yunohost/app.py
+      - src/app.py
 
 test-appscatalog:
   extends: .test-stage
   script:
-    - python3 -m pytest src/yunohost/tests/test_app_catalog.py
+    - python3 -m pytest src/tests/test_app_catalog.py
   only:
     changes:
-      - src/yunohost/app_calalog.py
+      - src/app_calalog.py
 
 test-appurl:
   extends: .test-stage
   script:
-    - python3 -m pytest src/yunohost/tests/test_appurl.py
+    - python3 -m pytest src/tests/test_appurl.py
   only:
     changes:
-      - src/yunohost/app.py
+      - src/app.py
 
 test-questions:
   extends: .test-stage
   script:
-    - python3 -m pytest src/yunohost/tests/test_questions.py
+    - python3 -m pytest src/tests/test_questions.py
   only:
     changes:
-      - src/yunohost/utils/config.py
+      - src/utils/config.py
 
 test-app-config:
   extends: .test-stage
   script:
-    - python3 -m pytest src/yunohost/tests/test_app_config.py
+    - python3 -m pytest src/tests/test_app_config.py
   only:
     changes:
-      - src/yunohost/app.py
+      - src/app.py
-      - src/yunohost/utils/config.py
+      - src/utils/config.py
 
 test-changeurl:
   extends: .test-stage
   script:
-    - python3 -m pytest src/yunohost/tests/test_changeurl.py
+    - python3 -m pytest src/tests/test_changeurl.py
   only:
     changes:
-      - src/yunohost/app.py
+      - src/app.py
 
 test-backuprestore:
   extends: .test-stage
   script:
-    - python3 -m pytest src/yunohost/tests/test_backuprestore.py
+    - python3 -m pytest src/tests/test_backuprestore.py
   only:
     changes:
-      - src/yunohost/backup.py
+      - src/backup.py
 
 test-permission:
   extends: .test-stage
   script:
-    - python3 -m pytest src/yunohost/tests/test_permission.py
+    - python3 -m pytest src/tests/test_permission.py
   only:
     changes:
-      - src/yunohost/permission.py
+      - src/permission.py
 
 test-settings:
   extends: .test-stage
   script:
-    - python3 -m pytest src/yunohost/tests/test_settings.py
+    - python3 -m pytest src/tests/test_settings.py
   only:
     changes:
-      - src/yunohost/settings.py
+      - src/settings.py
 
 test-user-group:
   extends: .test-stage
   script:
-    - python3 -m pytest src/yunohost/tests/test_user-group.py
+    - python3 -m pytest src/tests/test_user-group.py
   only:
     changes:
-      - src/yunohost/user.py
+      - src/user.py
 
 test-regenconf:
   extends: .test-stage
   script:
-    - python3 -m pytest src/yunohost/tests/test_regenconf.py
+    - python3 -m pytest src/tests/test_regenconf.py
   only:
     changes:
-      - src/yunohost/regenconf.py
+      - src/regenconf.py
 
 test-service:
   extends: .test-stage
   script:
-    - python3 -m pytest src/yunohost/tests/test_service.py
+    - python3 -m pytest src/tests/test_service.py
   only:
     changes:
-      - src/yunohost/service.py
+      - src/service.py
 
 test-ldapauth:
   extends: .test-stage
   script:
-    - python3 -m pytest src/yunohost/tests/test_ldapauth.py
+    - python3 -m pytest src/tests/test_ldapauth.py
   only:
     changes:
-      - src/yunohost/authenticators/*.py
+      - src/authenticators/*.py

.gitlab/ci/translation.gitlab-ci.yml

@@ -1,6 +1,15 @@
 ########################################
 # TRANSLATION
 ########################################
+test-i18n-keys:
+  stage: translation
+  script:
+    - python3 maintenance/missing_i18n_keys.py --check
+  only:
+    changes:
+      - locales/en.json
+      - src/*.py
+      - src/diagnosers/*.py
 
 autofix-translated-strings:
   stage: translation
@@ -10,18 +19,17 @@ autofix-translated-strings:
     - apt-get update -y && apt-get install git hub -y
     - git config --global user.email "yunohost@yunohost.org"
     - git config --global user.name "$GITHUB_USER"
-    - git remote set-url origin https://$GITHUB_TOKEN:x-oauth-basic@github.com/YunoHost/yunohost.git
+    - hub clone --branch ${CI_COMMIT_REF_NAME} "https://$GITHUB_TOKEN:x-oauth-basic@github.com/YunoHost/yunohost.git" github_repo
+    - cd github_repo
   script:
-    - cd tests # Maybe move this script location to another folder?
     # create a local branch that will overwrite distant one
     - git checkout -b "ci-autofix-translated-strings-${CI_COMMIT_REF_NAME}" --no-track
-    - python3 remove_stale_translated_strings.py
+    - python3 maintenance/missing_i18n_keys.py --fix
-    - python3 autofix_locale_format.py
+    - python3 maintenance/autofix_locale_format.py
-    - python3 reformat_locales.py
+    - '[ $(git diff | wc -l) != 0 ] || exit 0'  # stop if there is nothing to commit
-    - '[ $(git diff -w | wc -l) != 0 ] || exit 0'  # stop if there is nothing to commit
     - git commit -am "[CI] Reformat / remove stale translated strings" || true
-    - git push -f origin "HEAD":"ci-remove-stale-translated-strings-${CI_COMMIT_REF_NAME}"
+    - git push -f origin "ci-autofix-translated-strings-${CI_COMMIT_REF_NAME}":"ci-remove-stale-translated-strings-${CI_COMMIT_REF_NAME}"
-    - hub pull-request -m "[CI] Reformat / remove stale translated strings" -b Yunohost:dev -p || true # GITHUB_USER and GITHUB_TOKEN registered here https://gitlab.com/yunohost/yunohost/-/settings/ci_cd
+    - hub pull-request -m "[CI] Reformat / remove stale translated strings" -b Yunohost:$CI_COMMIT_REF_NAME -p || true # GITHUB_USER and GITHUB_TOKEN registered here https://gitlab.com/yunohost/yunohost/-/settings/ci_cd
   only:
     variables:
       - $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH

.lgtm.yml

@@ -0,0 +1,4 @@
+extraction:
+  python:
+    python_setup:
+      version: "3"

README.md

@@ -9,6 +9,7 @@
 ![Version](https://img.shields.io/github/v/tag/yunohost/yunohost?label=version&sort=semver)
 [![Build status](https://shields.io/gitlab/pipeline/yunohost/yunohost/dev)](https://gitlab.com/yunohost/yunohost/-/pipelines)
 ![Test coverage](https://img.shields.io/gitlab/coverage/yunohost/yunohost/dev)
+[![Language grade: Python](https://img.shields.io/lgtm/grade/python/g/YunoHost/yunohost.svg?logo=lgtm&logoWidth=18)](https://lgtm.com/projects/g/YunoHost/yunohost/context:python)
 [![GitHub license](https://img.shields.io/github/license/YunoHost/yunohost)](https://github.com/YunoHost/yunohost/blob/dev/LICENSE)
 [![Mastodon Follow](https://img.shields.io/mastodon/follow/28084)](https://mastodon.social/@yunohost)
 

bin/yunohost

@@ -4,45 +4,48 @@
 import os
 import sys
 import argparse
-
-sys.path.insert(0, "/usr/lib/moulinette/")
 import yunohost
 
 
 def _parse_cli_args():
     """Parse additional arguments for the cli"""
     parser = argparse.ArgumentParser(add_help=False)
-    parser.add_argument('--output-as',
+    parser.add_argument(
-        choices=['json', 'plain', 'none'], default=None,
+        "--output-as",
-        help="Output result in another format"
+        choices=["json", "plain", "none"],
+        default=None,
+        help="Output result in another format",
     )
-    parser.add_argument('--debug',
+    parser.add_argument(
-        action='store_true', default=False,
+        "--debug",
-        help="Log and print debug messages"
+        action="store_true",
+        default=False,
+        help="Log and print debug messages",
     )
-    parser.add_argument('--quiet',
+    parser.add_argument(
-        action='store_true', default=False,
+        "--quiet", action="store_true", default=False, help="Don't produce any output"
-        help="Don't produce any output"
     )
-    parser.add_argument('--timeout',
+    parser.add_argument(
-        type=int, default=None,
+        "--timeout",
-        help="Number of seconds before this command will timeout because it can't acquire the lock (meaning that another command is currently running), by default there is no timeout and the command will wait until it can get the lock"
+        type=int,
+        default=None,
+        help="Number of seconds before this command will timeout because it can't acquire the lock (meaning that another command is currently running), by default there is no timeout and the command will wait until it can get the lock",
     )
     # deprecated arguments
-    parser.add_argument('--plain',
+    parser.add_argument(
-        action='store_true', default=False, help=argparse.SUPPRESS
+        "--plain", action="store_true", default=False, help=argparse.SUPPRESS
     )
-    parser.add_argument('--json',
+    parser.add_argument(
-        action='store_true', default=False, help=argparse.SUPPRESS
+        "--json", action="store_true", default=False, help=argparse.SUPPRESS
     )
 
     opts, args = parser.parse_known_args()
 
     # output compatibility
     if opts.plain:
-        opts.output_as = 'plain'
+        opts.output_as = "plain"
     elif opts.json:
-        opts.output_as = 'json'
+        opts.output_as = "json"
 
     return (parser, opts, args)
 
@@ -54,10 +57,12 @@ if os.environ["PATH"] != default_path:
 
 # Main action ----------------------------------------------------------
 
-if __name__ == '__main__':
+if __name__ == "__main__":
     if os.geteuid() != 0:
-        sys.stderr.write("\033[1;31mError:\033[0m yunohost command must be "
+        sys.stderr.write(
-                         "run as root or with sudo.\n")
+            "\033[1;31mError:\033[0m yunohost command must be "
+            "run as root or with sudo.\n"
+        )
         sys.exit(1)
 
     parser, opts, args = _parse_cli_args()
@@ -69,5 +74,5 @@ if __name__ == '__main__':
         output_as=opts.output_as,
         timeout=opts.timeout,
         args=args,
-        parser=parser
+        parser=parser,
     )

bin/yunohost-api

@@ -1,44 +1,53 @@
 #! /usr/bin/python3
 # -*- coding: utf-8 -*-
 
-import sys
 import argparse
-
-sys.path.insert(0, "/usr/lib/moulinette/")
 import yunohost
 
 # Default server configuration
-DEFAULT_HOST = 'localhost'
+DEFAULT_HOST = "localhost"
 DEFAULT_PORT = 6787
 
 
 def _parse_api_args():
     """Parse main arguments for the api"""
-    parser = argparse.ArgumentParser(add_help=False,
+    parser = argparse.ArgumentParser(
+        add_help=False,
         description="Run the YunoHost API to manage your server.",
     )
-    srv_group = parser.add_argument_group('server configuration')
+    srv_group = parser.add_argument_group("server configuration")
-    srv_group.add_argument('-h', '--host',
+    srv_group.add_argument(
-        action='store', default=DEFAULT_HOST,
+        "-h",
+        "--host",
+        action="store",
+        default=DEFAULT_HOST,
         help="Host to listen on (default: %s)" % DEFAULT_HOST,
     )
-    srv_group.add_argument('-p', '--port',
+    srv_group.add_argument(
-        action='store', default=DEFAULT_PORT, type=int,
+        "-p",
+        "--port",
+        action="store",
+        default=DEFAULT_PORT,
+        type=int,
         help="Port to listen on (default: %d)" % DEFAULT_PORT,
     )
-    glob_group = parser.add_argument_group('global arguments')
+    glob_group = parser.add_argument_group("global arguments")
-    glob_group.add_argument('--debug',
+    glob_group.add_argument(
-        action='store_true', default=False,
+        "--debug",
+        action="store_true",
+        default=False,
         help="Set log level to DEBUG",
     )
-    glob_group.add_argument('--help',
+    glob_group.add_argument(
-        action='help', help="Show this help message and exit",
+        "--help",
+        action="help",
+        help="Show this help message and exit",
     )
 
     return parser.parse_args()
 
 
-if __name__ == '__main__':
+if __name__ == "__main__":
     opts = _parse_api_args()
     # Run the server
     yunohost.api(debug=opts.debug, host=opts.host, port=opts.port)

bin/yunomdns

@@ -21,8 +21,20 @@ def get_network_local_interfaces() -> Dict[str, Dict[str, List[str]]]:
 
     interfaces = {
         adapter.name: {
-            "ipv4": [ip.ip for ip in adapter.ips if ip.is_IPv4 and ip_address(ip.ip).is_private],
+            "ipv4": [
-            "ipv6": [ip.ip[0] for ip in adapter.ips if ip.is_IPv6 and ip_address(ip.ip[0]).is_private and not ip_address(ip.ip[0]).is_link_local],
+                ip.ip
+                for ip in adapter.ips
+                if ip.is_IPv4
+                and ip_address(ip.ip).is_private
+                and not ip_address(ip.ip).is_link_local
+            ],
+            "ipv6": [
+                ip.ip[0]
+                for ip in adapter.ips
+                if ip.is_IPv6
+                and ip_address(ip.ip[0]).is_private
+                and not ip_address(ip.ip[0]).is_link_local
+            ],
         }
         for adapter in ifaddr.get_adapters()
         if adapter.name != "lo"
@@ -33,7 +45,6 @@ def get_network_local_interfaces() -> Dict[str, Dict[str, List[str]]]:
 # Listener class, to detect duplicates on the network
 # Stores the list of servers in its list property
 class Listener:
-
     def __init__(self):
         self.list = []
 
@@ -66,14 +77,18 @@ def main() -> bool:
         return False
 
     if "interfaces" not in config:
-        config["interfaces"] = [interface
+        config["interfaces"] = [
-                                for interface, local_ips in interfaces.items()
+            interface
-                                if local_ips["ipv4"]]
+            for interface, local_ips in interfaces.items()
+            if local_ips["ipv4"]
+        ]
 
     if "ban_interfaces" in config:
-        config["interfaces"] = [interface
+        config["interfaces"] = [
-                                for interface in config["interfaces"]
+            interface
-                                if interface not in config["ban_interfaces"]]
+            for interface in config["interfaces"]
+            if interface not in config["ban_interfaces"]
+        ]
 
     # Let's discover currently published .local domains accross the network
     zc = Zeroconf()
@@ -103,14 +118,18 @@ def main() -> bool:
 
         return domain_i
 
-    config['domains'] = [find_domain_not_already_published(domain) for domain in config['domains']]
+    config["domains"] = [
+        find_domain_not_already_published(domain) for domain in config["domains"]
+    ]
 
     zcs: Dict[Zeroconf, List[ServiceInfo]] = {}
 
     for interface in config["interfaces"]:
 
         if interface not in interfaces:
-            print(f"Interface {interface} listed in config file is not present on system.")
+            print(
+                f"Interface {interface} listed in config file is not present on system."
+            )
             continue
 
         # Only broadcast IPv4 because IPv6 is buggy ... because we ain't using python3-ifaddr >= 0.1.7
@@ -149,7 +168,9 @@ def main() -> bool:
     print("Registering...")
     for zc, infos in zcs.items():
         for info in infos:
-            zc.register_service(info, allow_name_change=True, cooperating_responders=True)
+            zc.register_service(
+                info, allow_name_change=True, cooperating_responders=True
+            )
 
     try:
         print("Registered. Press Ctrl+C or stop service to stop.")

conf/dnsmasq/dnsmasq.conf.tpl

@@ -0,0 +1,10 @@
+domain-needed
+expand-hosts
+localise-queries
+
+{% set interfaces = wireless_interfaces.strip().split(' ') %}
+{% for interface in interfaces %}
+interface={{ interface }}
+{% endfor %}
+resolv-file=/etc/resolv.dnsmasq.conf
+cache-size=256

conf/dnsmasq/domain.tpl

@@ -1,5 +1,8 @@
-host-record={{ domain }},{{ ipv4 }}
+{% set interfaces_list = interfaces.split(' ') %}
-host-record=xmpp-upload.{{ domain }},{{ ipv4 }}
+{% for interface in interfaces_list %}
+interface-name={{ domain }},{{ interface }}
+interface-name=xmpp-upload.{{ domain }},{{ interface }}
+{% endfor %}
 {% if ipv6 %}
 host-record={{ domain }},{{ ipv6 }}
 host-record=xmpp-upload.{{ domain }},{{ ipv6 }}

conf/dovecot/dovecot.conf

@@ -21,9 +21,14 @@ ssl = required
 
 ssl_cert = </etc/yunohost/certs/{{ main_domain }}/crt.pem
 ssl_key = </etc/yunohost/certs/{{ main_domain }}/key.pem
+{% for domain in domain_list.split() %}{% if domain != main_domain %}
+local_name {{ domain }} {
+  ssl_cert = </etc/yunohost/certs/{{ domain }}/crt.pem
+  ssl_key = </etc/yunohost/certs/{{ domain }}/key.pem
+}{% endif %}{% endfor %}
 
 # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
-ssl_dh = </usr/share/yunohost/other/ffdhe2048.pem
+ssl_dh = </usr/share/yunohost/ffdhe2048.pem
 
 # intermediate configuration
 ssl_min_protocol = TLSv1.2

conf/mdns/yunomdns.service

@@ -1,6 +1,7 @@
 [Unit]
 Description=YunoHost mDNS service
-After=network.target
+Wants=network-online.target
+After=network-online.target
 
 [Service]
 User=mdns
@@ -8,7 +9,7 @@ Group=mdns
 Type=simple
 Environment=PYTHONUNBUFFERED=1
 ExecStart=/usr/bin/yunomdns
-StandardOutput=syslog
+StandardOutput=journal
 
 [Install]
 WantedBy=default.target

conf/nginx/security.conf.inc

@@ -18,7 +18,7 @@ ssl_prefer_server_ciphers off;
 # Pre-defined FFDHE group (RFC 7919)
 # From https://ssl-config.mozilla.org/ffdhe2048.txt
 # https://security.stackexchange.com/a/149818
-ssl_dhparam /usr/share/yunohost/other/ffdhe2048.pem;
+ssl_dhparam /usr/share/yunohost/ffdhe2048.pem;
 {% endif %}
 
 
@@ -26,11 +26,10 @@ ssl_dhparam /usr/share/yunohost/other/ffdhe2048.pem;
 # https://wiki.mozilla.org/Security/Guidelines/Web_Security
 # https://observatory.mozilla.org/
 {% if experimental == "True" %}
-more_set_headers "Content-Security-Policy : upgrade-insecure-requests; default-src https: data:";
+more_set_headers "Content-Security-Policy : upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'";
 {% else %}
 more_set_headers "Content-Security-Policy : upgrade-insecure-requests";
 {% endif %}
-more_set_headers "Content-Security-Policy-Report-Only : default-src https: data: 'unsafe-inline' 'unsafe-eval'  ";
 more_set_headers "X-Content-Type-Options : nosniff";
 more_set_headers "X-XSS-Protection : 1; mode=block";
 more_set_headers "X-Download-Options : noopen";

conf/nginx/yunohost_admin.conf.inc

@@ -13,6 +13,12 @@ location /yunohost/admin/ {
     deny all;
     {% endif %}
 
+    location = /yunohost/admin/index.html {
+        etag off;
+        expires off;
+        more_set_headers "Cache-Control: no-store, no-cache, must-revalidate";
+    }
+
     more_set_headers "Content-Security-Policy: upgrade-insecure-requests; default-src 'self'; connect-src 'self' https://paste.yunohost.org wss://$host; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval'; object-src 'none'; img-src 'self' data:;";
     more_set_headers "Content-Security-Policy-Report-Only:";
 }

conf/postfix/main.cf

@@ -23,8 +23,11 @@ smtpd_use_tls = yes
 
 smtpd_tls_security_level = may
 smtpd_tls_auth_only = yes
-smtpd_tls_cert_file = /etc/yunohost/certs/{{ main_domain }}/crt.pem
+smtpd_tls_chain_files =
-smtpd_tls_key_file = /etc/yunohost/certs/{{ main_domain }}/key.pem
+    /etc/yunohost/certs/{{ main_domain }}/key.pem,
+    /etc/yunohost/certs/{{ main_domain }}/crt.pem
+
+tls_server_sni_maps = hash:/etc/postfix/sni
 
 {% if compatibility == "intermediate" %}
 # generated 2020-08-18, Mozilla Guideline v5.6, Postfix 3.4.14, OpenSSL 1.1.1d, intermediate configuration
@@ -36,7 +39,7 @@ smtpd_tls_mandatory_ciphers = medium
 
 # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam.pem
 # not actually 1024 bits, this applies to all DHE >= 1024 bits
-smtpd_tls_dh1024_param_file = /usr/share/yunohost/other/ffdhe2048.pem
+smtpd_tls_dh1024_param_file = /usr/share/yunohost/ffdhe2048.pem
 
 tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
 {% else %}

conf/postfix/sni

@@ -0,0 +1,2 @@
+{% for domain in domain_list.split() %}{{ domain }} /etc/yunohost/certs/{{ domain }}/key.pem /etc/yunohost/certs/{{ domain }}/crt.pem
+{% endfor %}

conf/ssh/sshd_config

@@ -2,6 +2,8 @@
 # by YunoHost
 
 Protocol 2
+# PLEASE: if you wish to change the ssh port properly in YunoHost, use this command:
+# yunohost settings set security.ssh.port -v <port>
 Port {{ port }}
 
 {% if ipv6_enabled == "true" %}ListenAddress ::{% endif %}
@@ -53,9 +55,13 @@ PermitEmptyPasswords no
 ChallengeResponseAuthentication no
 UsePAM yes
 
-# Change to no to disable tunnelled clear text passwords
+# PLEASE: if you wish to force everybody to authenticate using ssh keys, run this command:
-# (i.e. everybody will need to authenticate using ssh keys)
+# yunohost settings set security.ssh.password_authentication -v no
+{% if password_authentication == "False" %}
+PasswordAuthentication no
+{% else %}
 #PasswordAuthentication yes
+{% endif %}
 
 # Post-login stuff
 Banner /etc/issue.net

conf/ssl/openssl.cnf

@@ -5,7 +5,7 @@
 
 # This definition stops the following lines choking if HOME isn't
 # defined.
-HOME			= /usr/share/yunohost/yunohost-config/ssl
+HOME			= /usr/share/yunohost/ssl
 RANDFILE		= $ENV::HOME/.rnd
 
 # Extra OBJECT IDENTIFIER info:
@@ -34,7 +34,7 @@ default_ca	= Yunohost		# The default ca section
 ####################################################################
 [ Yunohost ]
 
-dir		= /usr/share/yunohost/yunohost-config/ssl/yunoCA		# Where everything is kept
+dir		= /usr/share/yunohost/ssl		# Where everything is kept
 certs		= $dir/certs		# Where the issued certs are kept
 crl_dir		= $dir/crl		# Where the issued crl are kept
 database	= $dir/index.txt	# database index file.

conf/yunohost/services.yml

@@ -12,24 +12,31 @@ metronome:
   log: [/var/log/metronome/metronome.log,/var/log/metronome/metronome.err]
   needs_exposed_ports: [5222, 5269]
   category: xmpp
+  ignore_if_package_is_not_installed: metronome
 mysql:
   log: [/var/log/mysql.log,/var/log/mysql.err,/var/log/mysql/error.log]
   actual_systemd_service: mariadb
   category: database
+  ignore_if_package_is_not_installed: mariadb-server
 nginx:
   log: /var/log/nginx
   test_conf: nginx -t
   needs_exposed_ports: [80, 443]
   category: web
-php7.3-fpm:
+# Yunohost will dynamically add installed php-fpm services (7.3, 7.4, 8.0, ...) in services.py
-  log: /var/log/php7.3-fpm.log
+#php7.4-fpm:
-  test_conf: php-fpm7.3 --test
+#  log: /var/log/php7.4-fpm.log
-  category: web
+#  test_conf: php-fpm7.4 --test
+#  category: web
 postfix:
   log: [/var/log/mail.log,/var/log/mail.err]
   actual_systemd_service: postfix@-
   needs_exposed_ports: [25, 587]
   category: email
+postgresql:
+  actual_systemd_service: 'postgresql@13-main'
+  category: database
+  ignore_if_package_is_not_installed: postgresql-13
 redis-server:
   log: /var/log/redis/redis-server.log
   category: database
@@ -68,5 +75,6 @@ spamassassin: null
 rmilter: null
 php5-fpm: null
 php7.0-fpm: null
+php7.3-fpm: null
 nslcd: null
 avahi-daemon: null

conf/yunohost/yunohost-api.service

@@ -4,9 +4,7 @@ After=network.target
 
 [Service]
 Type=simple
-Environment=DAEMON_OPTS=
+ExecStart=/usr/bin/yunohost-api
-EnvironmentFile=-/etc/default/yunohost-api
-ExecStart=/usr/bin/yunohost-api $DAEMON_OPTS
 Restart=always
 RestartSec=5
 TimeoutStopSec=30

data/hooks/restore/18-data_multimedia

@@ -1,9 +0,0 @@
-#!/bin/bash
-
-# Exit hook on subcommand error or unset variable
-set -eu
-
-# Source YNH helpers
-source /usr/share/yunohost/helpers
-
-ynh_restore_file --origin_path="/home/yunohost.multimedia" --not_mandatory

data/templates/dnsmasq/plain/dnsmasq.conf

@@ -1,6 +0,0 @@
-domain-needed
-expand-hosts
-
-listen-address=127.0.0.1
-resolv-file=/etc/resolv.dnsmasq.conf
-cache-size=256

data/templates/mysql/my.cnf

@@ -1,92 +0,0 @@
-# Example MySQL config file for small systems.
-#
-# This is for a system with little memory (<= 64M) where MySQL is only used
-# from time to time and it's important that the mysqld daemon
-# doesn't use much resources.
-#
-# MySQL programs look for option files in a set of
-# locations which depend on the deployment platform.
-# You can copy this option file to one of those
-# locations. For information about these locations, see:
-# http://dev.mysql.com/doc/mysql/en/option-files.html
-#
-# In this file, you can use all long options that a program supports.
-# If you want to know which options a program supports, run the program
-# with the "--help" option.
-
-# The following options will be passed to all MySQL clients
-[client]
-#password       = your_password
-port            = 3306
-socket          = /var/run/mysqld/mysqld.sock
-
-# Here follows entries for some specific programs
-
-# The MySQL server
-[mysqld]
-port            = 3306
-socket          = /var/run/mysqld/mysqld.sock
-skip-external-locking
-key_buffer_size = 16K
-max_allowed_packet = 16M
-table_open_cache = 4
-sort_buffer_size = 4M
-read_buffer_size = 256K
-read_rnd_buffer_size = 256K
-net_buffer_length = 2K
-thread_stack = 128K
-
-# to avoid corruption on powerfailure
-default-storage-engine=innodb
-
-# Don't listen on a TCP/IP port at all. This can be a security enhancement,
-# if all processes that need to connect to mysqld run on the same host.
-# All interaction with mysqld must be made via Unix sockets or named pipes.
-# Note that using this option without enabling named pipes on Windows
-# (using the "enable-named-pipe" option) will render mysqld useless!
-# 
-#skip-networking
-server-id       = 1
-
-# Uncomment the following if you want to log updates
-#log-bin=mysql-bin
-
-# binary logging format - mixed recommended
-#binlog_format=mixed
-
-# Causes updates to non-transactional engines using statement format to be
-# written directly to binary log. Before using this option make sure that
-# there are no dependencies between transactional and non-transactional
-# tables such as in the statement INSERT INTO t_myisam SELECT * FROM
-# t_innodb; otherwise, slaves may diverge from the master.
-#binlog_direct_non_transactional_updates=TRUE
-
-# Uncomment the following if you are using InnoDB tables
-#innodb_data_home_dir = /var/lib/mysql
-#innodb_data_file_path = ibdata1:10M:autoextend
-#innodb_log_group_home_dir = /var/lib/mysql
-# You can set .._buffer_pool_size up to 50 - 80 %
-# of RAM but beware of setting memory usage too high
-#innodb_buffer_pool_size = 16M
-#innodb_additional_mem_pool_size = 2M
-# Set .._log_file_size to 25 % of buffer pool size
-#innodb_log_file_size = 5M
-#innodb_log_buffer_size = 8M
-#innodb_flush_log_at_trx_commit = 1
-#innodb_lock_wait_timeout = 50
-
-[mysqldump]
-quick
-max_allowed_packet = 16M
-
-[mysql]
-no-auto-rehash
-# Remove the next comment character if you are not familiar with SQL
-#safe-updates
-
-[myisamchk]
-key_buffer_size = 8M
-sort_buffer_size = 8M
-
-[mysqlhotcopy]
-interactive-timeout

debian/changelog

@@ -1,3 +1,473 @@
+yunohost (11.0.9.14) stable; urgency=low
+
+  - [fix] dns: confusion on XMPP CNAME records for nohost.me & co domains (f6057d25)
+  - [fix] helper ynh_get_ram: LANG= isn't enough to get en_US output, gotta use LC_ALL (e51cdd98)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Wed, 07 Sep 2022 13:08:31 +0200
+
+yunohost (11.0.9.13) stable; urgency=low
+
+  - [fix] defaultapp: domain may not exist in app_map dict output (efe0e601)
+  - [fix] regenconf: fix a stupid issue with slapcat displaying an error message because grep -q breaks the pipe (503b9031)
+  - [fix] regenconf: add a timeout to curl inside dnsmasq regenconf to prevent being stuck too long when no network on the machine (b77e8114)
+  - [fix] ynh_delete_file_checksum with non-existing option in helpers/config ([#1501](https://github.com/YunoHost/yunohost/pull/1501))
+  - [i18n] Translations updated for Basque, Galician, Slovak
+
+  Thanks to all contributors <3 ! (José M, Jose Riha, tituspijean, xabirequejo)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Sat, 03 Sep 2022 23:27:56 +0200
+
+yunohost (11.0.9.12) stable; urgency=low
+
+  - [fix] postinstall: check all partitions (not only physical ones) ([#1497](https://github.com/YunoHost/yunohost/pull/1497))
+  - [i18n] Translations updated for Basque, French, Indonesian, Italian, Slovak
+
+  Thanks to all contributors <3 ! (Salamandar)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Sun, 28 Aug 2022 14:50:38 +0200
+
+yunohost (11.0.9.11) stable; urgency=low
+
+  = Merge with Buster branch
+  - [fix] diagnosis: fix inaccurate message (ae92a0b8)
+  - [fix] logrotate helpers: getopts miserably explodes if 'legacy_args' is inconsistent with 'args_array' ... (530bf04a)
+  - [i18n] Translations updated for Basque, French, Indonesian, Italian, Slovak
+
+  Thanks to all contributors <3 ! (Jose Riha, Leandro Noferini, liimee, Stephan Klein, xabirequejo)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Fri, 26 Aug 2022 16:32:19 +0200
+
+yunohost (11.0.9.9) stable; urgency=low
+
+  - Sync with Buster branch
+  - [fix] php7.3->7.4: autopatch nginx configs during restore (18e041c4)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Fri, 19 Aug 2022 20:50:52 +0200
+
+yunohost (11.0.9.7) stable; urgency=low
+
+  - [fix] logorate helper: was broken because wrong index é_è (efa80304)
+  - [i18n] Translations updated for French, Galician, Ukrainian
+
+  Thanks to all contributors <3 ! (Éric Gaspar, José M, Tymofii-Lytvynenko)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Wed, 17 Aug 2022 19:24:11 +0200
+
+yunohost (11.0.9.6) stable; urgency=low
+
+  - Sync with Buster branch
+  - [fix] helpers: logrotate shitty inconsistent handling of 'supposedly legacy' --non-append option ... (8d1c75e7)
+  - [fix] apps: Better handling of super shitty edge case where an app settings.yml is empty for some unexpected mystic reason ... (9eb123f8)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Wed, 17 Aug 2022 01:26:28 +0200
+
+yunohost (11.0.9.5) stable; urgency=low
+
+  - Propagate fixes in buster->bullseye migration
+  - [fix] venv rebuild: synapse's folder is named matrix-synapse (c8031ace)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Sun, 14 Aug 2022 18:22:30 +0200
+
+yunohost (11.0.9.3) stable; urgency=low
+
+  - [fix] postgresql 11->13: Epic typo / missing import (3cb1a41a)
+  - [i18n] Translations updated for Basque, French, Galician
+
+  Thanks to all contributors <3 ! (Éric Gaspar, José M, Kay0u, punkrockgirl)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Sat, 13 Aug 2022 22:37:05 +0200
+
+yunohost (11.0.9.2) stable; urgency=low
+
+  - [fix] venv rebuild: fix yunohost app force upgrade command (5d90971b)
+  - [fix] apt helpers: simplify ynh_remove_app_dependencies, we don't need to care about removing php-fpm services from yunohost, because 'yunohost service' now dynamically check what relevant phpX.Y-fpm service exist on the system (64e35815)
+  - [enh] diagnosis: add complains if some app installed are still requiring only yunohost 3.x (31aacb33)
+  - [fix] venv rebuild: migration should have an empty disclaimer when in auto mode (d2a6dcd4)
+  - [fix] postgresql 11->13 migration: skip if no yunohost app depend on postgresql (d161da03)
+
+  Thanks to all contributors <3 ! (Éric Gaspar, ljf)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Sat, 13 Aug 2022 20:08:27 +0200
+
+yunohost (11.0.9.1) stable; urgency=low
+
+  - [fix] venv rebuild: /opt may not exist ...
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Thu, 11 Aug 2022 16:00:40 +0200
+
+yunohost (11.0.9) stable; urgency=low
+
+  - [fix] services: Skip php 7.3 which is most likely dead after buster->bullseye migration because users get spooked (51804925)
+  - [enh] bullseye: add a migration process to automatically attempt to rebuild venvs (3b8e49dc)
+  - [i18n] Translations updated for French
+
+  Thanks to all contributors <3 ! (Éric Gaspar, Kayou, ljf, theo-is-taken)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Sun, 07 Aug 2022 23:27:41 +0200
+
+yunohost (11.0.8.1) testing; urgency=low
+
+  - Fix tests é_è (7fa67b2b)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Sun, 07 Aug 2022 12:41:28 +0200
+
+yunohost (11.0.8) testing; urgency=low
+
+  - [fix] helpers: escape username in ynh_user_exists ([#1469](https://github.com/YunoHost/yunohost/pull/1469))
+  - [fix] helpers: in nginx helpers, do not change the nginx template conf, replace #sub_path_only and #root_path_only after ynh_add_config, otherwise it breaks the change_url script (30e926f9)
+  - [fix] helpers: fix arg parsing in ynh_install_apps ([#1480](https://github.com/YunoHost/yunohost/pull/1480))
+  - [fix] postinstall: be able to redo postinstall when the 128+ chars
+  password error is raised ([#1476](https://github.com/YunoHost/yunohost/pull/1476))
+  - [fix] regenconf dhclient/resolvconf: fix weird typo, probably meant 'search' (like in our rpi-image tweaking) (9d39a2c0)
+  - [fix] configpanels: remove debug message because it floods the regenconf logs (f6cd35d9)
+  - [fix] configpanels: don't restrict choices if there's no choices specified ([#1478](https://github.com/YunoHost/yunohost/pull/1478)
+  - [i18n] Translations updated for Arabic, German, Slovak, Telugu
+
+  Thanks to all contributors <3 ! (Alice Kile, ButterflyOfFire, Éric Gaspar, Gregor, Jose Riha, Kay0u, ljf, Meta Meta, tituspijean, Valentin von Guttenberg, yalh76)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Sun, 07 Aug 2022 11:26:54 +0200
+
+yunohost (11.0.7) testing; urgency=low
+
+  - [fix] Allow lime2 to upgrade even if kernel is hold ([#1452](https://github.com/YunoHost/yunohost/pull/1452))
+  - [fix] Some DNS suggestions for specific domains are incorrect  ([#1460](https://github.com/YunoHost/yunohost/pull/1460))
+  - [enh] Reorganize PHP-specific code in apt helper (5ca18c5)
+  - [enh] Implement install and removal of YunoHost apps ([#1445](https://github.com/YunoHost/yunohost/pull/1445))
+  - [enh] Add n auto-updater ([#1437](https://github.com/YunoHost/yunohost/pull/1437))
+  - [enh] nodejs: Upgrade n to v8.2.0 ([#1456](https://github.com/YunoHost/yunohost/pull/1456))
+  - [enh] Improve ynh_string_random to output various ranges of characters ([#1455](https://github.com/YunoHost/yunohost/pull/1455))
+  - [enh] Avoid alert for Content Security Policies Report-Only and Websockets ((#1464)[https://github.com/YunoHost/yunohost/pull/1464])
+  - [doc] Improve ynh_add_config template doc ([#1463](https://github.com/YunoHost/yunohost/pull/1463))
+  - [i18n] Translations updated for Russian and French
+
+  Thanks to all contributors <3 ! (DiesDasJenes, ljf, kayou, yalh, aleks, tituspijean, keomabrun, pp-r, cheredin)
+
+ -- tituspijean <titus+yunohost@pijean.ovh>  Tue, 17 May 2022 23:20:00 +0200
+
+yunohost (11.0.6) testing; urgency=low
+
+  - [fix] configpanel: the config panel was not modifying the configuration of the correct app in certain situations ([#1449](http://github.com/YunoHost/yunohost/pull/1449))
+  - [fix] debian package: fix for openssl conflict (ec41b697)
+  - [i18n] Translations updated for Arabic, Basque, Finnish, French, Galician, German, Kabyle, Polish
+
+  Thanks to all contributors <3 ! (3ole, Alexandre Aubin, Baloo, Bartłomiej Garbiec, José M, Kayou, ljf, Mico Hauataluoma, punkrockgirl, Selyan Slimane Amiri, Tagada)
+
+ -- Kay0u <pierre@kayou.io>  Tue, 29 Mar 2022 14:13:40 +0200
+
+yunohost (11.0.5) testing; urgency=low
+
+  - [mod] configpanel: improve 'filter' mechanism in AppQuestion ([#1429](https://github.com/YunoHost/yunohost/pull/1429))
+  - [fix] postinstall: migrate_to_bullseye should be skipped on bullseye (de684425)
+  - [enh] security: Enable proc-hidepid by default ([#1433](https://github.com/YunoHost/yunohost/pull/1433))
+  - [enh] nodejs: Update n to 8.0.2 ([#1435](https://github.com/YunoHost/yunohost/pull/1435))
+  - [fix] postfix: sni tls_server_chain_sni_maps -> tls_server_sni_maps ([#1438](https://github.com/YunoHost/yunohost/pull/1438))
+  - [fix] ynh_get_ram: Avoid grep issue with vmstat command ([#1440](https://github.com/YunoHost/yunohost/pull/1440))
+  - [fix] ynh_exec_*: ensure the arg message is used ([#1442](https://github.com/YunoHost/yunohost/pull/1442))
+  - [enh] helpers: Always activate --time when running inside CI tests ([#1444](https://github.com/YunoHost/yunohost/pull/1444))
+  - [fix] helpers: unbound variable in ynh_script_progression (676973a1)
+  - [mod] quality: Several FIXME fix ([#1441](https://github.com/YunoHost/yunohost/pull/1441))
+
+  Thanks to all contributors <3 ! (ericgaspar, ewilly, Kayou, Melchisedech, Tagadda)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Tue, 08 Mar 2022 13:01:06 +0100
+
+yunohost (11.0.4) testing; urgency=low
+
+  - [mod] certificate: drop unused 'staging' LE mode (4b78e8e3)
+  - [fix] cli: bash_completion was broken ([#1423](https://github.com/YunoHost/yunohost/pull/1423))
+  - [enh] mdns: Wait for network to be fully up to start the service ([#1425](https://github.com/YunoHost/yunohost/pull/1425))
+  - [fix] regenconf: make some systemctl enable/disable quiet (bccff1b4, 345e50ae)
+  - [fix] configpanels: Compute choices for the yunohost admin when installing an app ([#1427](https://github.com/YunoHost/yunohost/pull/1427))
+  - [fix] configpanels: optimize _get_toml for domains to not load the whole DNS section stuff when just getting a simple info from another section (bf6252ac)
+  - [fix] configpanel: oopsies, could only change the default app for domain configs :P (0a59f863)
+  - [fix] php73_to_php74: another search&replace for synapse (f0a01ba2)
+  - [fix] php73_to_php74: stopping php7.3 before starting 7.4 should be more robust in case confs are conflicting (9ae7ec59)
+  - [i18n] Translations updated for French, Ukrainian
+
+  Thanks to all contributors <3 ! (Éric Gaspar, Kay0u, Tagadda, tituspijean, Tymofii-Lytvynenko)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Sat, 29 Jan 2022 19:19:44 +0100
+
+yunohost (11.0.3) testing; urgency=low
+
+  - [enh] mail: Add SNI support for postfix and dovecot ([#1413](https://github.com/YunoHost/yunohost/pull/1413))
+  - [fix] services: fix a couple edge cases (4571c5b2)
+  - [fix] services: Do not save php-fpm services in services.yml (5d0f8021)
+  - [fix] diagnosis: diagnosers were run in a funky order ([#1418](https://github.com/YunoHost/yunohost/pull/1418))
+  - [fix] configpanels: config_get should return possible choices for domain, user questions (and other dynamic-choices questions) ([#1420](https://github.com/YunoHost/yunohost/pull/1420))
+  - [enh] apps/domain: Clarify the default app mecanism, handle it fron domain config panel ([#1406](https://github.com/YunoHost/yunohost/pull/1406))
+  - [fix] apps: When no main app permission found, fallback to default label instead of having a 'None' label to prevent the webadmin from displaying an empty app list (07396b8b)
+  - [i18n] Translations updated for Galician
+
+  Thanks to all contributors <3 ! (José M, Kay0u, Tagadda, tituspijean)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Tue, 25 Jan 2022 13:06:10 +0100
+
+yunohost (11.0.2) testing; urgency=low
+
+  - [mod] Various tweaks for Python 3.9, PHP 7.4, PostgreSQL 13, and other changes related to Buster->Bullseye ecosystem
+  - [mod] debian: Moved mysql, php, and metronome from Depends to Recommends ([#1369](https://github.com/YunoHost/yunohost/pull/1369))
+  - [mod] apt: **Add sury by default** ([#1369](https://github.com/YunoHost/yunohost/pull/1369))
+  - [enh] mysql: **Drop super old mysql config, now rely on Debian default** ([44c972f...144126f](https://github.com/YunoHost/yunohost/compare/44c972f2dd65...144126f56a3d))
+  - [enh] regenconf/helpers: Better integration for postgresql ([#1369](https://github.com/YunoHost/yunohost/pull/1369))
+  - [mod] quality: **Rework repository code architecture** ([#1377](https://github.com/YunoHost/yunohost/pull/1377))
+  - [mod] quality: **Rework where yunohost files are deployed** (yunohost now a much closer to a python lib with files in /usr/lib/python3/dist-packages/yunohost/, and other "common" files are in /usr/share/yunohost) ([#1377](https://github.com/YunoHost/yunohost/pull/1377))
+  - [enh] upgrade: Try to implement **a smarter self-upgrade mechanism to prevent/limit API downtime and related UX issues** ([#1374](https://github.com/YunoHost/yunohost/pull/1374))
+  - [mod] regenconf: store tmp files in /var/cache/yunohost/ instead of the misleading /home/yunohost.conf folder (00d535a6)
+  - [mod] dyndns: rewrite tsig keygen + nsupdate using full python, now that dnssec-keygen doesnt support hmacsha512 anymore (63a84f53)
+  - [mod] app: During app scripts (and all stuff run in hook_exec), do not inject the HOME variable if it exists. This aims to prevent inconsistencies between CLI (where HOME usually is defined) and API (where HOME doesnt exists) (f43e567b)
+  - [mod] quality: **Drop legacy commands or arguments** listed below
+        - Drop `--other_vars` options in ynh_add_fail2ban_config and systemd_config helpers
+        - Drop deprecated/superold `ynh_bind_or_cp`, `ynh_mkdir_tmp`, `ynh_get_plain_key` helpers
+        - Drop obsolete `yunohost-reset-ldap-password` command
+        - Drop obsolete `yunohost dyndns installcron` and `removecron` commands
+        - Drop deprecated `yunohost service regen-conf` command (see `tools regen-conf` instead)
+        - Drop deprecated `yunohost app fetchlist` command
+        - Drop obsolete `yunohost app add/remove/clearaccess` commands
+        - Drop deprecated `--installed` and `--filter` options in `yunohost app list`
+        - Drop deprecated `--apps` and `--system` options in `yunohost tools update/upgrade` (no double dashes anymore)
+        - Drop deprecated `--status` and `--log_type` options in `yunohost service add`
+        - Drop deprecated `--mail` option in `yunohost user create`
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Wed, 19 Jan 2022 20:52:39 +0100
+
+yunohost (4.4.2.14) stable; urgency=low
+
+  - bullseye migration: remove derpy OVH repo... (76014920)
+  - bullseye migration: improve autofix procedure for the libc6 hell (02b3a138)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Sat, 03 Sep 2022 23:19:08 +0200
+
+yunohost (4.4.2.13) stable; urgency=low
+
+  - [fix] bullseye migration: a few annoying issues related to Sury (b5fabc87)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Mon, 29 Aug 2022 15:40:03 +0200
+
+yunohost (4.4.2.12) stable; urgency=low
+
+  - bullseye migration: add trick to automagically find the likely log of a previously failed migration to ease support (f5d94509)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Fri, 26 Aug 2022 19:22:30 +0200
+
+yunohost (4.4.2.10) stable; urgency=low
+
+  - bullseye migration: add proper explanations and advices after the damn 'The distribution is not Buster' message ... (6a594d0e)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Mon, 22 Aug 2022 10:28:50 +0200
+
+yunohost (4.4.2.9) stable; urgency=low
+
+  - apt helper: fix edge case with equivs package being flagged hold because of buster->bullseye migration (b306df2c)
+  - bullseye migration: fix check about free space in /boot/ ... (a2d4abc1)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Thu, 18 Aug 2022 19:24:47 +0200
+
+yunohost (4.4.2.7) stable; urgency=low
+
+  - upgrades: ignore boring insserv warnings during apt commands (87f0eff9)
+  - bullseye migration: higher treshold for low space detection in /boot/ because some people still experience the issue on 4.4.2.6 (d283c900)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Wed, 17 Aug 2022 01:21:36 +0200
+
+yunohost (4.4.2.6) stable; urgency=low
+
+  - [fix] bullseye migration: trash pip freeze stderr because it's confusing users ... (e68fc821)
+  - [fix] bullseye migration: add a check that there's at least 70MB available in /boot ... (02fcbd97)
+  - [fix] bullseye migration: better detection mechanism for the libc6 / libgcc hell issue (633a1fbf)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Sun, 14 Aug 2022 18:18:13 +0200
+
+yunohost (4.4.2.3) stable; urgency=low
+
+  - [fix] bullseye migration: add fix for stupid dnsmasq not picking new init script  (origin/dev, origin/HEAD, dev)
+  - [fix] bullseye migration: add the patch for the build-essential / libc6-dev / libgcc-8-dev hell ...
+  - [fix] bullseye migration: add critical fix for RPi failing to get network on reboot
+  - [fix] bullseye migration: add ffsync to deprecated apps (77c2f5dc)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Sat, 13 Aug 2022 20:06:00 +0200
+
+yunohost (4.4.2.1) stable; urgency=low
+
+  - [fix] bullseye migration: /opt may not exist ... (5fd74577)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Thu, 11 Aug 2022 15:56:16 +0200
+
+yunohost (4.4.2) stable; urgency=low
+
+  - Release as stable
+  - [fix] bullseye migration: /etc/apt/sources.list may not exist (b928dd12)
+  - [fix] bullseye migration: Allow lime2 to upgrade even if kernel is hold (#1452)
+  - [fix] bullseye migration: Save python apps venv in a requirements file, in order to regenerate it in a follow-up migration ([#1479](https://github.com/YunoHost/yunohost/pull/1479))
+  - [fix] bullseye migration: tweak message to prepare for stable release (80015a72)
+
+  Thanks to all contributors <3 ! (ljf, theo-is-taken)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Tue, 09 Aug 2022 16:59:15 +0200
+
+yunohost (4.4.1) testing; urgency=low
+
+  - [fix] php helpers: prevent epic catastrophies when the app changes php version (31d3719b)
+
+  Thanks to all contributors <3 ! (Alexandre Aubin)
+
+ -- Kay0u <pierre@kayou.io>  Tue, 29 Mar 2022 14:03:52 +0200
+
+yunohost (4.4.0) testing; urgency=low
+
+  - [enh] Add buster->bullseye migration
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Wed, 19 Jan 2022 20:45:22 +0100
+
+yunohost (4.3.6.3) stable; urgency=low
+
+  - [fix] debian package: backport fix for openssl conflict (1693c831)
+
+  Thanks to all contributors <3 ! (Kay0u)
+
+ -- Kay0u <pierre@kayou.io>  Tue, 29 Mar 2022 13:52:58 +0200
+
+yunohost (4.3.6.2) stable; urgency=low
+
+  - [fix] apt helpers: fix bug when var is empty... (7920cc62)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Wed, 19 Jan 2022 20:30:25 +0100
+
+yunohost (4.3.6.1) stable; urgency=low
+
+  - [fix] dnsmasq: ensure interface is up ([#1410](https://github.com/YunoHost/yunohost/pull/1410))
+  - [fix] apt helpers: fix ynh_install_app_dependencies when an app change his default phpversion (6ea32728)
+  - [fix] certificates: fix edge case where None is returned, triggering 'NoneType has no attribute get' (019839db)
+  - [i18n] Translations updated for German
+
+  Thanks to all contributors <3 ! (Gregor, Kay0u)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Wed, 19 Jan 2022 20:05:13 +0100
+
+yunohost (4.3.6) stable; urgency=low
+
+  - [enh] ssh: add a new setting to manage PasswordAuthentication in sshd_config ([#1388](https://github.com/YunoHost/yunohost/pull/1388))
+  - [enh] upgrades: filter more boring apt messages (3cc1a0a5)
+  - [fix] ynh_add_config: crons should be owned by root, otherwise they probably don't run? (0973301b)
+  - [fix] domains: force cert install during domain_add ([#1404](https://github.com/YunoHost/yunohost/pull/1404))
+  - [fix] logs: remove 'args' for metadata, may contain unredacted secrets in edge cases
+  - [fix] helpers, apt: upgrade apt dependencies from extra repos ([#1407](https://github.com/YunoHost/yunohost/pull/1407))
+  - [fix] diagnosis: incorrect dns check (relative vs absolute) for CNAME on subdomain (d81b85a4)
+  - [i18n] Translations updated for Dutch, French, Galician, German, Spanish, Ukrainian
+
+  Thanks to all contributors <3 ! (Boudewijn, Christian Wehrli, Éric Gaspar, Germain Edy, José M, Kay0u, Kayou, ljf, Tagada, Tymofii-Lytvynenko)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Fri, 14 Jan 2022 01:29:58 +0100
+
+yunohost (4.3.5) stable; urgency=low
+
+  - [fix] backup: bug in backup_delete when compress_tar_archives is True ([#1381](https://github.com/YunoHost/yunohost/pull/1381))
+  - [fix] helpers logrorate: remove permission tweak .. code was not working as expected. To be re-addressed some day ... (0fc209ac)
+  - [fix] i18n: consistency for deprecation for --apps in 'yunohost tools update/upgrade' ([#1392](https://github.com/YunoHost/yunohost/pull/1392))
+  - [fix] apps: typo when deleting superfluous question keys ([#1393](https://github.com/YunoHost/yunohost/pull/1393))
+  - [fix] diagnosis: typo in dns record diagnoser (a615528c)
+  - [fix] diagnosis: tweak treshold for suspiciously high number of auth failure because too many people getting report about it idk (76abbf03)
+  - [enh] quality: apply pyupgrade ([#1395](https://github.com/YunoHost/yunohost/pull/1395))
+  - [enh] quality: add lgtm/code quality badge ([#1396](https://github.com/YunoHost/yunohost/pull/1396))
+  - [i18n] Translations updated for Dutch, French, Galician, German, Indonesian, Russian, Spanish, Ukrainian
+
+  Thanks to all contributors <3 ! (Boudewijn, Bram, Christian Wehrli, Colin Wawrik, Éric Gaspar, Ilya, José M, Juan Alberto González, Kay0u, liimee, Moutonjr Geoff, tituspijean, Tymofii Lytvynenko, Valentin von Guttenberg)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Wed, 29 Dec 2021 01:01:33 +0100
+
+yunohost (4.3.4.2) stable; urgency=low
+
+  - [fix] yunomdns: Ignore ipv4 link-local addresses (6854f23c)
+  - [fix] backup: Fix path for multimedia restore ([#1386](https://github.com/YunoHost/yunohost/pull/1386))
+  - [fix] helpers apt/php: typo in extra php-fpm yunohost service integration (47f3c00d)
+  - [enh] helpers: Update n to 8.0.1 (d1ab1f67)
+
+  Thanks to all contributors <3 ! (ericgaspar, Kayou)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Wed, 08 Dec 2021 22:04:04 +0100
+
+yunohost (4.3.4.1) stable; urgency=low
+
+  - [fix] regenconf: Force permission on /etc/resolv.dnsmasq.conf to fix an issue on some setup with umask=027 (5881938c)
+  - [fix] regenconf: Typo in custom mdns alias regen conf (b3df36dd)
+  - [fix] regenconf: Try to fix the return line bug in dnsmasq conf ([#1385](https://github.com/YunoHost/yunohost/pull/1385))
+
+  Thanks to all contributors <3 ! (ljf)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Sat, 27 Nov 2021 21:15:29 +0100
+
+yunohost (4.3.4) stable; urgency=low
+
+  - [fix] apps: Allow tilde in username/organization for repo URLs ([#1382](https://github.com/YunoHost/yunohost/pull/1382))
+  - [fix] misc: /etc/yunohost permissions broken on some setups (6488b4f6)
+  - [fix] mdns: Don't add yunohost.local in config if it's already among the yunohost domains (c4962834)
+  - [enh] dnsmasq: Tweak conf for better support of some stuff like the hotspot app ([#1383](https://github.com/YunoHost/yunohost/pull/1383))
+
+  Thanks to all contributors <3 ! (ljf, tituspijean)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Sat, 27 Nov 2021 00:53:16 +0100
+
+yunohost (4.3.3) stable; urgency=low
+
+  - [fix] log: fix dump_script_log_extract_for_debugging displaying wrong log snippet during failed upgrade ([#1376](https://github.com/YunoHost/yunohost/pull/1376))
+  - [fix] certificate: fix stupid certificate/diagnosis issue with subdomains of ynh domains (7c569d16)
+  - [fix] diagnosis: Read DNS Blacklist answer and compare it against list of non-BL codes ([#1375](https://github.com/YunoHost/yunohost/pull/1375))
+  - [enh] helpers: Update n to 8.0.0 ([#1372](https://github.com/YunoHost/yunohost/pull/1372))
+  - [fix] helpers: Make ynh_add_fpm_config more robust to some edge cases (51d5dca0)
+  - [fix] backup: conf_ynh_settings backup/restore hook, /etc/yunohost/domains may not exist (38f5352f)
+  - [i18n] Translations updated for Basque, Chinese (Simplified), Indonesian, Italian, Ukrainian
+
+  Thanks to all contributors <3 ! (dagangtie, ericgaspar, Félix Piédallu, Flavio Cristoforetti, liimee, punkrockgirl, Romain Thouvenin, Tommi, Tymofii-Lytvynenko)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Sun, 14 Nov 2021 22:55:16 +0100
+
+yunohost (4.3.2.2) stable; urgency=low
+
+  - [fix] nginx: Try to fix again the webadmin cache hell (74e2a51e)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Sat, 06 Nov 2021 17:39:58 +0100
+
+yunohost (4.3.2.1) stable; urgency=low
+
+  - [enh] mdns: Add possibility to manually add .local aliases via /etc/yunohost/mdns.aliases (meant for internetcube) (3da2df6e)
+  - [fix] debian: Fix conflict with redis-server (6558b23d)
+  - [fix] nginx: Refine experimental CSP header (in the end still gotta enable unsafe-inline and unsafe-eval for a bunch of things, but better than no policy at all...) (1cc3e440)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Sat, 06 Nov 2021 16:58:07 +0100
+
+yunohost (4.3.2) stable; urgency=low
+
+  - Release as stable
+  - [i18n] Translations updated for Basque, Occitan
+
+  Thanks to all contributors <3 ! (punkrockgirl, Quentí)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Fri, 05 Nov 2021 02:32:56 +0100
+
+yunohost (4.3.1.8) testing; urgency=low
+
+  - [enh] dyndns: Drop some YAGNI + improve IPv6-only support + resilience w.r.t. ns0 / ns1 being down (a61d0231, [#1367](https://github.com/YunoHost/yunohost/pull/1367))
+  - [fix] helpers: improve composer debug when it can't install dependencies (4ebcaf8d)
+  - [enh] helpers: allow to get/set/delete app settings without explicitly passing app id everytime... (fcd2ef9d)
+  - [fix] helpers: Don't say the 'app was restored' when restore failed after failed upgrade (019d207c)
+  - [enh] helpers: temporarily auto-add visitors during ynh_local_curl if needed ([#1370](https://github.com/YunoHost/yunohost/pull/1370))
+  - [enh] apps: Add YNH_ARCH to app script env for easier debugging and arch check in script (85eb43a7)
+  - [mod] misc fixes/enh (2687121f, 146fba7d, 86a9cb37, 4e917b5e, 974ea71f, edc5295d, ba489bfc)
+  - [i18n] Translations updated for Basque, French, Spanish
+
+  Thanks to all contributors <3 ! (ljf, Page Asgardius, ppr, punkrockgirl)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Wed, 03 Nov 2021 18:35:18 +0100
+
+yunohost (4.3.1.7) testing; urgency=low
+
+  - [fix] configpanel: Misc technical fixes ... (341059d0, 9c22329e)
+  - [i18n] Translations updated for Basque, French
+
+  Thanks to all contributors <3 ! (ljf, ppr, punkrockgirl)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Tue, 19 Oct 2021 15:30:50 +0200
+
 yunohost (4.3.1.6) testing; urgency=low
 
   - [fix] configpanel: Various technical fixes (07c1ddce, eae826b2, ff69067d)

debian/compat

@@ -1 +0,0 @@
-9

debian/control

@@ -2,7 +2,7 @@ Source: yunohost
 Section: utils
 Priority: extra
 Maintainer: YunoHost Contributors <contrib@yunohost.org>
-Build-Depends: debhelper (>=9), dh-systemd, dh-python, python3-all (>= 3.7), python3-yaml, python3-jinja2
+Build-Depends: debhelper (>=9), debhelper-compat (= 13), dh-python, python3-all (>= 3.7), python3-yaml, python3-jinja2
 Standards-Version: 3.9.6
 Homepage: https://yunohost.org/
 
@@ -10,15 +10,15 @@ Package: yunohost
 Essential: yes
 Architecture: all
 Depends: ${python3:Depends}, ${misc:Depends}
- , moulinette (>= 4.3), ssowat (>= 4.3)
+ , moulinette (>= 11.0), ssowat (>= 11.0)
  , python3-psutil, python3-requests, python3-dnspython, python3-openssl
  , python3-miniupnpc, python3-dbus, python3-jinja2
- , python3-toml, python3-packaging, python3-publicsuffix,
+ , python3-toml, python3-packaging, python3-publicsuffix2
- , python3-ldap, python3-zeroconf, python3-lexicon,
+ , python3-ldap, python3-zeroconf (>= 0.36), python3-lexicon,
+ , python-is-python3
+ , nginx, nginx-extras (>=1.18)
  , apt, apt-transport-https, apt-utils, dirmngr
- , php7.3-common, php7.3-fpm, php7.3-ldap, php7.3-intl
+ , openssh-server, iptables, fail2ban, bind9-dnsutils
- , mariadb-server, php7.3-mysql
- , openssh-server, iptables, fail2ban, dnsutils, bind9utils
  , openssl, ca-certificates, netcat-openbsd, iproute2
  , slapd, ldap-utils, sudo-ldap, libnss-ldapd, unscd, libpam-ldapd
  , dnsmasq, resolvconf, libnss-myhostname
@@ -26,28 +26,29 @@ Depends: ${python3:Depends}, ${misc:Depends}
  , dovecot-core, dovecot-ldap, dovecot-lmtpd, dovecot-managesieved, dovecot-antispam
  , rspamd, opendkim-tools, postsrsd, procmail, mailutils
  , redis-server
- , metronome (>=3.14.0)
  , acl
  , git, curl, wget, cron, unzip, jq, bc, at
  , lsb-release, haveged, fake-hwclock, equivs, lsof, whois
 Recommends: yunohost-admin
  , ntp, inetutils-ping | iputils-ping
  , bash-completion, rsyslog
- , php7.3-gd, php7.3-curl, php-gettext
+ , php7.4-common, php7.4-fpm, php7.4-ldap, php7.4-intl
+ , mariadb-server, php7.4-mysql
+ , php7.4-gd, php7.4-curl, php-php-gettext
  , python3-pip
  , unattended-upgrades
  , libdbd-ldap-perl, libnet-dns-perl
-Suggests: htop, vim, rsync, acpi-support-base, udisks2
+ , metronome (>=3.14.0)
 Conflicts: iptables-persistent
  , apache2
  , bind9
- , nginx-extras (>= 1.16)
+ , nginx-extras (>= 1.19)
- , openssl (>= 1.1.1g)
+ , openssl (>= 1.1.1o-0)
- , slapd (>= 2.4.49)
+ , slapd (>= 2.4.58)
- , dovecot-core (>= 1:2.3.7)
+ , dovecot-core (>= 1:2.3.14)
- , redis-server (>= 5:5.0.7)
+ , redis-server (>= 5:6.1)
- , fail2ban (>= 0.11)
+ , fail2ban (>= 0.11.3)
- , iptables (>= 1.8.3)
+ , iptables (>= 1.8.8)
 Description: manageable and configured self-hosting server
  YunoHost aims to make self-hosting accessible to everyone. It configures
  an email, Web and IM server alongside a LDAP base. It also provides

debian/install

@@ -1,8 +1,10 @@
 bin/* /usr/bin/
-sbin/* /usr/sbin/
+share/* /usr/share/yunohost/
-data/* /usr/share/yunohost/
+hooks/* /usr/share/yunohost/hooks/
-data/bash-completion.d/yunohost /etc/bash_completion.d/
+helpers/* /usr/share/yunohost/helpers.d/
+conf/* /usr/share/yunohost/conf/
+locales/* /usr/share/yunohost/locales/
 doc/yunohost.8.gz /usr/share/man/man8/
-lib/metronome/modules/* /usr/lib/metronome/modules/
+doc/bash_completion.d/* /etc/bash_completion.d/
-locales/* /usr/lib/moulinette/yunohost/locales/
+conf/metronome/modules/* /usr/lib/metronome/modules/
-src/yunohost /usr/lib/moulinette
+src/* /usr/lib/python3/dist-packages/yunohost/

debian/postinst

@@ -3,10 +3,6 @@
 set -e
 
 do_configure() {
-    rm -rf /var/cache/moulinette/*
-
-    mkdir -p /usr/share/moulinette/actionsmap/
-    ln -sf /usr/share/yunohost/actionsmap/yunohost.yml /usr/share/moulinette/actionsmap/yunohost.yml
 
     if [ ! -f /etc/yunohost/installed ]; then
         # If apps/ is not empty, we're probably already installed in the past and
@@ -33,6 +29,17 @@ do_configure() {
         yunohost diagnosis run --force
     fi
 
+    # Trick to let yunohost handle the restart of the API,
+    # to prevent the webadmin from cutting the branch it's sitting on
+    if systemctl is-enabled yunohost-api --quiet
+    then
+        if [[ "${YUNOHOST_API_RESTART_WILL_BE_HANDLED_BY_YUNOHOST:-}" != "yes" ]];
+        then
+            systemctl restart yunohost-api
+        else
+            echo "(Delaying the restart of yunohost-api, this should automatically happen after the end of this upgrade)"
+        fi
+    fi
 }
 
 # summary of how this script can be called:

debian/rules

@@ -1,26 +1,10 @@
 #!/usr/bin/make -f
 # -*- makefile -*-
 
-# Uncomment this to turn on verbose mode.
-#export DH_VERBOSE=1
-
 %:
-	dh ${@} --with=python3,systemd
+	dh ${@} --with python3
 
 override_dh_auto_build:
 	# Generate bash completion file
-	python3 data/actionsmap/yunohost_completion.py
+	python3 doc/generate_bash_completion.py
 	python3 doc/generate_manpages.py --gzip --output doc/yunohost.8.gz
-
-override_dh_installinit:
-	dh_installinit -pyunohost --name=yunohost-api --restart-after-upgrade
-	dh_installinit -pyunohost --name=yunohost-firewall --noscripts
-
-override_dh_systemd_enable:
-	dh_systemd_enable --name=yunohost-api \
-	    yunohost-api.service
-	dh_systemd_enable --name=yunohost-firewall --no-enable \
-	    yunohost-firewall.service
-
-#override_dh_systemd_start:
-#	dh_systemd_start --restart-after-upgrade yunohost-api.service

debian/yunohost-api.default

@@ -1,4 +0,0 @@
-# Override yunohost-api options.
-#  Example to log debug: DAEMON_OPTS="--debug"
-#
-#DAEMON_OPTS=""

doc/generate_bash_completion.py

@@ -12,9 +12,9 @@ import os
 import yaml
 
 THIS_SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__))
-ACTIONSMAP_FILE = THIS_SCRIPT_DIR + "/yunohost.yml"
+ACTIONSMAP_FILE = THIS_SCRIPT_DIR + "/../share/actionsmap.yml"
-os.system(f"mkdir {THIS_SCRIPT_DIR}/../bash-completion.d")
+BASH_COMPLETION_FOLDER = THIS_SCRIPT_DIR + "/bash_completion.d"
-BASH_COMPLETION_FILE = THIS_SCRIPT_DIR + "/../bash-completion.d/yunohost"
+BASH_COMPLETION_FILE = BASH_COMPLETION_FOLDER + "/yunohost"
 
 
 def get_dict_actions(OPTION_SUBTREE, category):
@@ -62,6 +62,8 @@ with open(ACTIONSMAP_FILE, "r") as stream:
                     OPTION_TREE[category]["subcategories"], subcategory
                 )
 
+    os.makedirs(BASH_COMPLETION_FOLDER, exist_ok=True)
+
     with open(BASH_COMPLETION_FILE, "w") as generated_file:
 
         # header of the file

doc/generate_helper_doc.py

@@ -107,7 +107,7 @@ class Parser:
                 else:
                     # We're getting out of a comment bloc, we should find
                     # the name of the function
-                    assert len(line.split()) >= 1, "Malformed line %s in %s" % (
+                    assert len(line.split()) >= 1, "Malformed line {} in {}".format(
                         i,
                         self.filename,
                     )
@@ -217,7 +217,7 @@ def malformed_error(line_number):
 
 def main():
 
-    helper_files = sorted(glob.glob("../data/helpers.d/*"))
+    helper_files = sorted(glob.glob("../helpers/*"))
     helpers = []
 
     for helper_file in helper_files:

doc/generate_manpages.py

@@ -22,7 +22,7 @@ template = Template(open(os.path.join(base_path, "manpage.template")).read())
 
 
 THIS_SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__))
-ACTIONSMAP_FILE = os.path.join(THIS_SCRIPT_DIR, "../data/actionsmap/yunohost.yml")
+ACTIONSMAP_FILE = os.path.join(THIS_SCRIPT_DIR, "../share/actionsmap.yml")
 
 
 def ordered_yaml_load(stream):

doc/helper_doc_template.md

@@ -52,7 +52,7 @@ Doc auto-generated by [this script](https://github.com/YunoHost/yunohost/blob/{{
 {{ h.details }}
 {%- endif %}
 
-[Dude, show me the code!](https://github.com/YunoHost/yunohost/blob/{{ current_commit }}/data/helpers.d/{{ category }}#L{{ h.line + 1 }})
+[Dude, show me the code!](https://github.com/YunoHost/yunohost/blob/{{ current_commit }}/helpers/{{ category }}#L{{ h.line + 1 }})
 [/details]
 ----------------
 {% endfor %}

helpers/apps

@@ -0,0 +1,113 @@
+#!/bin/bash
+
+# Install others YunoHost apps
+#
+# usage: ynh_install_apps --apps="appfoo?domain=domain.foo&path=/foo appbar?domain=domain.bar&path=/bar&admin=USER&language=fr&is_public=1&pass?word=pass&port=666"
+# | arg: -a, --apps=     - apps to install
+#
+# Requires YunoHost version *.*.* or higher.
+ynh_install_apps() {
+	# Declare an array to define the options of this helper.
+	local legacy_args=a
+	local -A args_array=([a]=apps=)
+	local apps
+	# Manage arguments with getopts
+	ynh_handle_getopts_args "$@"
+
+	# Split the list of apps in an array
+	local apps_list=($(echo $apps | tr " " "\n"))
+	local apps_dependencies=""
+	
+	# For each app
+	for one_app_and_its_args in "${apps_list[@]}"
+	do
+		# Retrieve the name of the app (part before ?)
+		local one_app=$(cut -d "?" -f1 <<< "$one_app_and_its_args")
+		[ -z "$one_app" ] && ynh_die --message="You didn't provided a YunoHost app to install"
+
+		yunohost tools update apps
+		
+		# Installing or upgrading the app depending if it's installed or not
+		if ! yunohost app list --output-as json --quiet | jq -e --arg id $one_app '.apps[] | select(.id == $id)' >/dev/null
+		then
+			# Retrieve the arguments of the app (part after ?)
+			local one_argument=""
+			if [[ "$one_app_and_its_args" == *"?"* ]]; then
+				one_argument=$(cut -d "?" -f2- <<< "$one_app_and_its_args")
+				one_argument="--args $one_argument"
+			fi
+			
+			# Install the app with its arguments
+			yunohost app install $one_app $one_argument
+		else
+			# Upgrade the app
+			yunohost app upgrade $one_app
+		fi
+
+		if [ ! -z "$apps_dependencies" ]
+		then
+			apps_dependencies="$apps_dependencies, $one_app"
+		else
+			apps_dependencies="$one_app"
+		fi
+	done
+
+	ynh_app_setting_set --app=$app --key=apps_dependencies --value="$apps_dependencies"
+}
+
+# Remove other YunoHost apps
+#
+# Other YunoHost apps will be removed only if no other apps need them.
+#
+# usage: ynh_remove_apps
+#
+# Requires YunoHost version *.*.* or higher.
+ynh_remove_apps() {
+	# Retrieve the apps dependencies of the app
+	local apps_dependencies=$(ynh_app_setting_get --app=$app --key=apps_dependencies)
+	ynh_app_setting_delete --app=$app --key=apps_dependencies
+
+	if [ ! -z "$apps_dependencies" ]
+	then
+		# Split the list of apps dependencies in an array
+		local apps_dependencies_list=($(echo $apps_dependencies | tr ", " "\n"))
+		
+		# For each apps dependencies
+		for one_app in "${apps_dependencies_list[@]}"
+		do
+			# Retrieve the list of installed apps
+			local installed_apps_list=$(yunohost app list --output-as json --quiet | jq -r .apps[].id)
+			local required_by=""
+			local installed_app_required_by=""
+
+			# For each other installed app
+			for one_installed_app in $installed_apps_list
+			do
+				# Retrieve the other apps dependencies
+				one_installed_apps_dependencies=$(ynh_app_setting_get --app=$one_installed_app --key=apps_dependencies)
+				if [ ! -z "$one_installed_apps_dependencies" ]
+				then
+					one_installed_apps_dependencies_list=($(echo $one_installed_apps_dependencies | tr ", " "\n"))
+
+					# For each dependency of the other apps
+					for one_installed_app_dependency in "${one_installed_apps_dependencies_list[@]}"
+					do
+						if [[ $one_installed_app_dependency == $one_app ]]; then
+							required_by="$required_by $one_installed_app"
+						fi
+					done
+				fi
+			done
+
+			# If $one_app is no more required
+			if [[ -z "$required_by" ]]
+			then
+				# Remove $one_app
+				ynh_print_info --message="Removing of $one_app"
+				yunohost app remove $one_app --purge
+			else
+				ynh_print_info --message="$one_app was not removed because it's still required by${required_by}"
+			fi
+		done
+	fi
+}

helpers/apt

@@ -176,8 +176,9 @@ ynh_package_install_from_equivs() {
     # Build and install the package
     local TMPDIR=$(mktemp --directory)
 
-    # Force the compatibility level at 10, levels below are deprecated
+    # Make sure to delete the legacy compat file
-    echo 10 >/usr/share/equivs/template/debian/compat
+    # It's now handle somewhat magically through the control file
+    rm -f /usr/share/equivs/template/debian/compat
 
     # Note that the cd executes into a sub shell
     # Create a fake deb package with equivs-build and the given control file
@@ -187,7 +188,7 @@ ynh_package_install_from_equivs() {
     cp "$controlfile" "${TMPDIR}/control"
     (
         cd "$TMPDIR"
-        LC_ALL=C equivs-build ./control 1>/dev/null
+        LC_ALL=C equivs-build ./control 2>&1
         LC_ALL=C dpkg --force-depends --install "./${pkgname}_${pkgversion}_all.deb" 2>&1 | tee ./dpkg_log
     )
 
@@ -252,9 +253,6 @@ ynh_install_app_dependencies() {
     # The (?<=php) syntax corresponds to lookbehind ;)
     local specific_php_version=$(echo $dependencies | grep -oP '(?<=php)[0-9.]+(?=-|\>)' | sort -u)
 
-    # Ignore case where the php version found is the one available in debian vanilla
-    [[ "$specific_php_version" != "$YNH_DEFAULT_PHP_VERSION" ]] || specific_php_version=""
-
     if [[ -n "$specific_php_version" ]]
     then
         # Cover a small edge case where a packager could have specified "php7.4-pwet php5-gni" which is confusing
@@ -263,9 +261,29 @@ ynh_install_app_dependencies() {
 
         dependencies+=", php${specific_php_version}, php${specific_php_version}-fpm, php${specific_php_version}-common"
 
-        ynh_add_sury
+        local old_phpversion=$(ynh_app_setting_get --app=$app --key=phpversion)
+
+        # If the PHP version changed, remove the old fpm conf
+        if [ -n "$old_phpversion" ] && [ "$old_phpversion" != "$specific_php_version" ]; then
+            local old_php_fpm_config_dir=$(ynh_app_setting_get --app=$app --key=fpm_config_dir)
+            local old_php_finalphpconf="$old_php_fpm_config_dir/pool.d/$app.conf"
+
+            if [[ -f "$old_php_finalphpconf" ]]
+            then
+                ynh_backup_if_checksum_is_different --file="$old_php_finalphpconf"
+                ynh_remove_fpm_config
+            fi
+        fi
+        # Store phpversion into the config of this app
+        ynh_app_setting_set --app=$app --key=phpversion --value=$specific_php_version
+
+        # Set the default php version back as the default version for php-cli.
+        update-alternatives --set php /usr/bin/php$YNH_DEFAULT_PHP_VERSION
+    elif grep --quiet 'php' <<< "$dependencies"; then
+        ynh_app_setting_set --app=$app --key=phpversion --value=$YNH_DEFAULT_PHP_VERSION
     fi
 
+    local psql_installed="$(ynh_package_is_installed "postgresql-$PSQL_VERSION" && echo yes || echo no)"
 
     # The first time we run ynh_install_app_dependencies, we will replace the
     # entire control file (This is in particular meant to cover the case of
@@ -285,23 +303,6 @@ ynh_install_app_dependencies() {
         dependencies="$current_dependencies, $dependencies"
     fi
 
-    #
-    # Epic ugly hack to fix the goddamn dependency nightmare of sury
-    # Sponsored by the "Djeezusse Fokin Kraiste Why Do Adminsys Has To Be So Fucking Complicated I Should Go Grow Potatoes Instead Of This Shit" collective
-    # https://github.com/YunoHost/issues/issues/1407
-    #
-    # If we require to install php dependency
-    if grep --quiet 'php' <<< "$dependencies"; then
-        # And we have packages from sury installed (7.0.33-10+weirdshiftafter instead of 7.0.33-0 on debian)
-        if dpkg --list | grep "php7.0" | grep --quiet --invert-match "7.0.33-0+deb9"; then
-            # And sury ain't already in sources.lists
-            if ! grep --recursive --quiet "^ *deb.*sury" /etc/apt/sources.list*; then
-                # Re-add sury
-                ynh_add_sury
-            fi
-        fi
-    fi
-
     cat >/tmp/${dep_app}-ynh-deps.control <<EOF # Make a control file for equivs-build
 Section: misc
 Priority: optional
@@ -312,42 +313,20 @@ Architecture: all
 Description: Fake package for ${app} (YunoHost app) dependencies
  This meta-package is only responsible of installing its dependencies.
 EOF
+
     ynh_package_install_from_equivs /tmp/${dep_app}-ynh-deps.control \
         || ynh_die --message="Unable to install dependencies" # Install the fake package and its dependencies
     rm /tmp/${dep_app}-ynh-deps.control
 
-    ynh_app_setting_set --app=$app --key=apt_dependencies --value="$dependencies"
+    # Trigger postgresql regenconf if we may have just installed postgresql
-
+    local psql_installed2="$(ynh_package_is_installed "postgresql-$PSQL_VERSION" && echo yes || echo no)"
-    if [[ -n "$specific_php_version" ]]
+    if [[ "$psql_installed" != "$psql_installed2" ]]
     then
-        # Set the default php version back as the default version for php-cli.
+        yunohost tools regen-conf postgresql
-        update-alternatives --set php /usr/bin/php$YNH_DEFAULT_PHP_VERSION
-
-        # Store phpversion into the config of this app
-        ynh_app_setting_set --app=$app --key=phpversion --value=$specific_php_version
-
-        # Integrate new php-fpm service in yunohost
-        yunohost service add php${specific_php_version}-fpm --log "/var/log/php${phpversion}-fpm.log"
-    elif grep --quiet 'php' <<< "$dependencies"; then
-        # Store phpversion into the config of this app
-        ynh_app_setting_set --app=$app --key=phpversion --value=$YNH_DEFAULT_PHP_VERSION
     fi
-}
-
-# Add sury repository with adequate pin strategy
-#
-# [internal]
-#
-# usage: ynh_add_sury
-#
-ynh_add_sury() {
-
-    # Add an extra repository for those packages
-    ynh_install_extra_repo --repo="https://packages.sury.org/php/ $(ynh_get_debian_release) main" --key="https://packages.sury.org/php/apt.gpg" --name=extra_php_version --priority=600
 
 }
 
-
 # Add dependencies to install with ynh_install_app_dependencies
 #
 # usage: ynh_add_app_dependencies --package=phpversion [--replace]
@@ -382,17 +361,14 @@ ynh_remove_app_dependencies() {
         current_dependencies=${current_dependencies// | /|}
     fi
 
-    ynh_package_autopurge ${dep_app}-ynh-deps	# Remove the fake package and its dependencies if they not still used.
+    # Edge case where the app dep may be on hold,
-
+    # cf https://forum.yunohost.org/t/migration-error-cause-of-ffsync/20675/4
-    # Check if this app used a specific php version ... in which case we check
+    if apt-mark showhold | grep -q -w ${dep_app}-ynh-deps
-    # if the corresponding php-fpm is still there. Otherwise, we remove the
+    then
-    # service from yunohost as well
+        apt-mark unhold ${dep_app}-ynh-deps
-
-    local specific_php_version=$(echo $current_dependencies | tr '-' ' ' | grep -o -E "\<php[0-9.]+\>" | sed 's/php//g' | sort | uniq)
-    [[ "$specific_php_version" != "$YNH_DEFAULT_PHP_VERSION" ]] || specific_php_version=""
-    if [[ -n "$specific_php_version" ]] && ! ynh_package_is_installed --package="php${specific_php_version}-fpm"; then
-        yunohost service remove php${specific_php_version}-fpm
     fi
+
+    ynh_package_autopurge ${dep_app}-ynh-deps	# Remove the fake package and its dependencies if they not still used.
 }
 
 # Install packages from an extra repository properly.
@@ -427,6 +403,12 @@ ynh_install_extra_app_dependencies() {
     # Install requested dependencies from this extra repository.
     ynh_install_app_dependencies "$package"
 
+    # Force to upgrade to the last version...
+    # Without doing apt install, an already installed dep is not upgraded
+    local apps_auto_installed="$(apt-mark showauto $package)"
+    ynh_package_install "$package"
+    [ -z "$apps_auto_installed" ] || apt-mark auto $apps_auto_installed
+
     # Remove this extra repository after packages are installed
     ynh_remove_extra_repo --name=$app
 }
@@ -524,8 +506,14 @@ ynh_remove_extra_repo() {
     ynh_secure_remove --file="/etc/apt/sources.list.d/$name.list"
     # Sury pinning is managed by the regenconf in the core...
     [[ "$name" == "extra_php_version" ]] || ynh_secure_remove "/etc/apt/preferences.d/$name"
-    ynh_secure_remove --file="/etc/apt/trusted.gpg.d/$name.gpg" >/dev/null
+    if [ -e /etc/apt/trusted.gpg.d/$name.gpg ]; then
-    ynh_secure_remove --file="/etc/apt/trusted.gpg.d/$name.asc" >/dev/null
+        ynh_secure_remove --file="/etc/apt/trusted.gpg.d/$name.gpg"
+    fi
+
+    # (Do we even create a .asc file anywhere ...?)
+    if [ -e /etc/apt/trusted.gpg.d/$name.asc ]; then
+        ynh_secure_remove --file="/etc/apt/trusted.gpg.d/$name.asc"
+    fi
 
     # Update the list of package to exclude the old repo
     ynh_package_update

helpers/backup

@@ -9,7 +9,6 @@ CAN_BIND=${CAN_BIND:-1}
 # | arg: -d, --dest_path=       - destination file or directory inside the backup dir
 # | arg: -b, --is_big           - Indicate data are big (mail, video, image ...)
 # | arg: -m, --not_mandatory    - Indicate that if the file is missing, the backup can ignore it.
-# | arg: arg - Deprecated arg
 #
 # This helper can be used both in a system backup hook, and in an app backup script
 #
@@ -227,7 +226,7 @@ with open(sys.argv[1], 'r') as backup_file:
 #     ynh_restore_file -o "conf/nginx.conf"
 #
 # If `DEST_PATH` already exists and is lighter than 500 Mo, a backup will be made in
-# `/home/yunohost.conf/backup/`. Otherwise, the existing file is removed.
+# `/var/cache/yunohost/appconfbackup/`. Otherwise, the existing file is removed.
 #
 # if `apps/$app/etc/nginx/conf.d/$domain.d/$app.conf` exists, restore it into
 # `/etc/nginx/conf.d/$domain.d/$app.conf`
@@ -264,7 +263,7 @@ ynh_restore_file() {
     if [[ -e "${dest_path}" ]]; then
         # Check if the file/dir size is less than 500 Mo
         if [[ $(du --summarize --bytes ${dest_path} | cut --delimiter="/" --fields=1) -le "500000000" ]]; then
-            local backup_file="/home/yunohost.conf/backup/${dest_path}.backup.$(date '+%Y%m%d.%H%M%S')"
+            local backup_file="/var/cache/yunohost/appconfbackup/${dest_path}.backup.$(date '+%Y%m%d.%H%M%S')"
             mkdir --parents "$(dirname "$backup_file")"
             mv "${dest_path}" "$backup_file" # Move the current file or directory
         else
@@ -286,18 +285,14 @@ ynh_restore_file() {
     else
         mv "$archive_path" "${dest_path}"
     fi
-}
 
-# Deprecated helper since it's a dangerous one!
+    # Boring hack for nginx conf file mapped to php7.3
-#
+    # Note that there's no need to patch the fpm config because most php apps
-# [internal]
+    # will call "ynh_add_fpm_config" during restore, effectively recreating the file from scratch
-#
+    if [[ "${dest_path}" == "/etc/nginx/conf.d/"* ]] && grep 'php7.3.*sock' "${dest_path}"
-ynh_bind_or_cp() {
+    then
-    local AS_ROOT=${3:-0}
+        sed -i 's/php7.3/php7.4/g' "${dest_path}"
-    local NO_ROOT=0
+    fi
-    [[ "${AS_ROOT}" = "1" ]] || NO_ROOT=1
-    ynh_print_warn --message="This helper is deprecated, you should use ynh_backup instead"
-    ynh_backup "$1" "$2" 1
 }
 
 # Calculate and store a file checksum into the app settings
@@ -366,7 +361,7 @@ ynh_backup_if_checksum_is_different() {
     backup_file_checksum=""
     if [ -n "$checksum_value" ]; then                                                     # Proceed only if a value was stored into the app settings
         if [ -e $file ] && ! echo "$checksum_value $file" | md5sum --check --status; then # If the checksum is now different
-            backup_file_checksum="/home/yunohost.conf/backup/$file.backup.$(date '+%Y%m%d.%H%M%S')"
+            backup_file_checksum="/var/cache/yunohost/appconfbackup/$file.backup.$(date '+%Y%m%d.%H%M%S')"
             mkdir --parents "$(dirname "$backup_file_checksum")"
             cp --archive "$file" "$backup_file_checksum" # Backup the current file
             ynh_print_warn "File $file has been manually modified since the installation or last upgrade. So it has been duplicated in $backup_file_checksum"
@@ -479,7 +474,12 @@ ynh_restore_upgradebackup() {
             yunohost app remove $app
             # Restore the backup
             yunohost backup restore $app_bck-pre-upgrade$backup_number --apps $app --force --debug
-            ynh_die --message="The app was restored to the way it was before the failed upgrade."
+            if [[ -d /etc/yunohost/apps/$app ]]
+            then
+                ynh_die --message="The app was restored to the way it was before the failed upgrade."
+            else
+                ynh_die --message="Uhoh ... Yunohost failed to restore the app to the way it was before the failed upgrade :|"
+            fi
         fi
     else
         ynh_print_warn --message="\$NO_BACKUP_UPGRADE is set, that means there's no backup to restore. You have to fix this upgrade by yourself !"

helpers/config

@@ -77,7 +77,7 @@ _ynh_app_config_apply_one() {
             if [[ "${!short_setting}" == "" ]]; then
                 ynh_backup_if_checksum_is_different --file="$bind_file"
                 ynh_secure_remove --file="$bind_file"
-                ynh_delete_file_checksum --file="$bind_file" --update_only
+                ynh_delete_file_checksum --file="$bind_file"
                 ynh_print_info --message="File '$bind_file' removed"
             else
                 ynh_backup_if_checksum_is_different --file="$bind_file"

helpers/fail2ban

@@ -10,9 +10,8 @@
 #
 # -----------------------------------------------------------------------------
 #
-# usage 2: ynh_add_fail2ban_config --use_template [--others_var="list of others variables to replace"]
+# usage 2: ynh_add_fail2ban_config --use_template
 # | arg: -t, --use_template - Use this helper in template mode
-# | arg: -v, --others_var=  - List of others variables to replace separeted by a space for example : 'var_1 var_2 ...'
 #
 # This will use a template in `../conf/f2b_jail.conf` and `../conf/f2b_filter.conf`
 # See the documentation of `ynh_add_config` for a description of the template
@@ -65,22 +64,18 @@
 ynh_add_fail2ban_config() {
     # Declare an array to define the options of this helper.
     local legacy_args=lrmptv
-    local -A args_array=([l]=logpath= [r]=failregex= [m]=max_retry= [p]=ports= [t]=use_template [v]=others_var=)
+    local -A args_array=([l]=logpath= [r]=failregex= [m]=max_retry= [p]=ports= [t]=use_template)
     local logpath
     local failregex
     local max_retry
     local ports
-    local others_var
     local use_template
     # Manage arguments with getopts
     ynh_handle_getopts_args "$@"
     max_retry=${max_retry:-3}
     ports=${ports:-http,https}
-    others_var="${others_var:-}"
     use_template="${use_template:-0}"
 
-    [[ -z "$others_var" ]] || ynh_print_warn --message="Packagers: using --others_var is unecessary since YunoHost 4.2"
-
     if [ $use_template -ne 1 ]; then
         # Usage 1, no template. Build a config file from scratch.
         test -n "$logpath" || ynh_die --message="ynh_add_fail2ban_config expects a logfile path as first argument and received nothing."