Merge branch 'dev' into diagnose-suspicious-auth-failure

bin/yunomdns

@@ -0,0 +1,173 @@
+#!/usr/bin/env python3
+
+"""
+Pythonic declaration of mDNS .local domains for YunoHost
+"""
+
+import subprocess
+import re
+import sys
+import yaml
+
+import socket
+from time import sleep
+from typing import List, Dict
+
+from zeroconf import Zeroconf, ServiceInfo
+
+# Helper command taken from Moulinette
+def check_output(args, stderr=subprocess.STDOUT, shell=True, **kwargs):
+    """Run command with arguments and return its output as a byte string
+    Overwrite some of the arguments to capture standard error in the result
+    and use shell by default before calling subprocess.check_output.
+    """
+    return (
+        subprocess.check_output(args, stderr=stderr, shell=shell, **kwargs)
+        .decode("utf-8")
+        .strip()
+    )
+
+# Helper command taken from Moulinette
+def _extract_inet(string, skip_netmask=False, skip_loopback=True):
+    """
+    Extract IP addresses (v4 and/or v6) from a string limited to one
+    address by protocol
+
+    Keyword argument:
+        string -- String to search in
+        skip_netmask -- True to skip subnet mask extraction
+        skip_loopback -- False to include addresses reserved for the
+            loopback interface
+
+    Returns:
+        A dict of {protocol: address} with protocol one of 'ipv4' or 'ipv6'
+
+    """
+    ip4_pattern = (
+        r"((25[0-5]|2[0-4]\d|[0-1]?\d?\d)(\.(25[0-5]|2[0-4]\d|[0-1]?\d?\d)){3}"
+    )
+    ip6_pattern = r"(((?:[0-9A-Fa-f]{1,4}(?::[0-9A-Fa-f]{1,4})*)?)::?((?:[0-9A-Fa-f]{1,4}(?::[0-9A-Fa-f]{1,4})*)?)"
+    ip4_pattern += r"/[0-9]{1,2})" if not skip_netmask else ")"
+    ip6_pattern += r"/[0-9]{1,3})" if not skip_netmask else ")"
+    result = {}
+
+    for m in re.finditer(ip4_pattern, string):
+        addr = m.group(1)
+        if skip_loopback and addr.startswith("127."):
+            continue
+
+        # Limit to only one result
+        result["ipv4"] = addr
+        break
+
+    for m in re.finditer(ip6_pattern, string):
+        addr = m.group(1)
+        if skip_loopback and addr == "::1":
+            continue
+
+        # Limit to only one result
+        result["ipv6"] = addr
+        break
+
+    return result
+
+# Helper command taken from Moulinette
+def get_network_interfaces():
+
+    # Get network devices and their addresses (raw infos from 'ip addr')
+    devices_raw = {}
+    output = check_output("ip --brief a").split("\n")
+    for line in output:
+        line = line.split()
+        iname = line[0]
+        ips = ' '.join(line[2:])
+
+        devices_raw[iname] = ips
+
+    # Parse relevant informations for each of them
+    devices = {
+        name: _extract_inet(addrs)
+        for name, addrs in devices_raw.items()
+        if name != "lo"
+    }
+
+    return devices
+
+if __name__ == '__main__':
+
+    ###
+    #  CONFIG
+    ###
+
+    with open('/etc/yunohost/mdns.yml', 'r') as f:
+        config = yaml.safe_load(f) or {}
+    updated = False
+
+    required_fields = ["interfaces", "domains"]
+    missing_fields = [field for field in required_fields if field not in config]
+
+    if missing_fields:
+        print("The fields %s are required" % ', '.join(missing_fields))
+
+    if config['interfaces'] is None:
+        print('No interface listed for broadcast.')
+        sys.exit(0)
+
+    if 'yunohost.local' not in config['domains']:
+        config['domains'].append('yunohost.local')
+
+    zcs = {}
+    interfaces = get_network_interfaces()
+    for interface in config['interfaces']:
+        infos = [] # List of ServiceInfo objects, to feed Zeroconf
+        ips = [] # Human-readable IPs
+        b_ips = [] # Binary-convered IPs
+
+        ipv4 = interfaces[interface]['ipv4'].split('/')[0]
+        if ipv4:
+            ips.append(ipv4)
+            b_ips.append(socket.inet_pton(socket.AF_INET, ipv4))
+
+        ipv6 = interfaces[interface]['ipv6'].split('/')[0]
+        if ipv6:
+            ips.append(ipv6)
+            b_ips.append(socket.inet_pton(socket.AF_INET6, ipv6))
+
+        # If at least one IP is listed
+        if ips:
+            # Create a Zeroconf object, and store the ServiceInfos
+            zc = Zeroconf(interfaces=ips)
+            zcs[zc]=[]
+            for d in config['domains']:
+                d_domain=d.replace('.local','')
+                if '.' in d_domain:
+                    print(d_domain+'.local: subdomains are not supported.')
+                else:
+                    # Create a ServiceInfo object for each .local domain
+                    zcs[zc].append(ServiceInfo(
+                                   type_='_device-info._tcp.local.',
+                                   name=interface+': '+d_domain+'._device-info._tcp.local.',
+                                   addresses=b_ips,
+                                   port=80,
+                                   server=d+'.',
+                              ))
+                    print('Adding '+d+' with addresses '+str(ips)+' on interface '+interface)
+
+    # Run registration
+    print("Registering...")
+    for zc, infos in zcs.items():
+        for info in infos:
+            zc.register_service(info)
+
+    try:
+        print("Registered. Press Ctrl+C or stop service to stop.")
+        while True:
+            sleep(1)
+    except KeyboardInterrupt:
+        pass
+    finally:
+        print("Unregistering...")
+        for zc, infos in zcs.items():
+            for info in infos:
+                zc.unregister_service(info)
+            zc.close()

data/hooks/conf_regen/37-avahi-daemon

@@ -1,37 +0,0 @@
-#!/bin/bash
-
-set -e
-
-do_pre_regen() {
-  pending_dir=$1
-
-  cd /usr/share/yunohost/templates/avahi-daemon
-
-  install -D -m 644 avahi-daemon.conf \
-    "${pending_dir}/etc/avahi/avahi-daemon.conf"
-}
-
-do_post_regen() {
-  regen_conf_files=$1
-
-  [[ -z "$regen_conf_files" ]] \
-    || systemctl restart avahi-daemon
-}
-
-FORCE=${2:-0}
-DRY_RUN=${3:-0}
-
-case "$1" in
-  pre)
-    do_pre_regen $4
-    ;;
-  post)
-    do_post_regen $4
-    ;;
-  *)
-    echo "hook called with unknown argument \`$1'" >&2
-    exit 1
-    ;;
-esac
-
-exit 0

data/hooks/conf_regen/37-mdns

@@ -0,0 +1,83 @@
+#!/bin/bash
+
+set -e
+
+_generate_config() {
+  echo "domains:"
+  echo "    - yunohost.local"
+  for domain in $YNH_DOMAINS
+  do
+      # Only keep .local domains (don't keep
+      [[ "$domain" =~ [^.]+\.[^.]+\.local$ ]] && echo "Subdomain $domain cannot be handled by Bonjour/Zeroconf/mDNS" >&2
+      [[ "$domain" =~ ^[^.]+\.local$ ]] || continue
+      echo "    - $domain"
+  done
+
+  echo "interfaces:"
+  local_network_interfaces="$(ip --brief a | grep ' 10\.\| 192\.168\.' | awk '{print $1}')"
+  for interface in $local_network_interfaces
+  do
+      echo "    - $interface"
+  done
+}
+
+do_init_regen() {
+   do_pre_regen
+   do_post_regen /etc/systemd/system/yunomdns.service
+   systemctl enable yunomdns
+}
+
+do_pre_regen() {
+  pending_dir="$1"
+
+  cd /usr/share/yunohost/templates/mdns
+  mkdir -p ${pending_dir}/etc/systemd/system/
+  cp yunomdns.service ${pending_dir}/etc/systemd/system/
+
+  getent passwd mdns &>/dev/null || useradd --no-create-home --shell /usr/sbin/nologin --system --user-group mdns
+
+  mkdir -p ${pending_dir}/etc/yunohost
+  _generate_config > ${pending_dir}/etc/yunohost/mdns.yml
+}
+
+do_post_regen() {
+  regen_conf_files="$1"
+
+  chown mdns:mdns /etc/yunohost/mdns.yml
+
+  # If we changed the systemd ynh-override conf
+  if echo "$regen_conf_files" | sed 's/,/\n/g' | grep -q "^/etc/systemd/system/yunomdns.service$"
+  then
+      systemctl daemon-reload
+  fi
+
+  # Legacy stuff to enable the new yunomdns service on legacy systems
+  if [[ -e /etc/avahi/avahi-daemon.conf ]] && grep -q 'yunohost' /etc/avahi/avahi-daemon.conf
+  then
+      systemctl enable yunomdns
+  fi
+
+  [[ -z "$regen_conf_files" ]] \
+    || systemctl restart yunomdns
+}
+
+FORCE=${2:-0}
+DRY_RUN=${3:-0}
+
+case "$1" in
+  pre)
+    do_pre_regen $4
+    ;;
+  post)
+    do_post_regen $4
+    ;;
+  init)
+    do_init_regen
+    ;;
+  *)
+    echo "hook called with unknown argument \`$1'" >&2
+    exit 1
+    ;;
+esac
+
+exit 0

data/hooks/diagnosis/12-dnsrecords.py

@@ -13,6 +13,7 @@ from yunohost.diagnosis import Diagnoser
 from yunohost.domain import domain_list, _build_dns_conf, _get_maindomain
 
 YNH_DYNDNS_DOMAINS = ["nohost.me", "noho.st", "ynh.fr"]
+SPECIAL_USE_TLDS = ["local", "localhost", "onion", "test"]
 
 
 class DNSRecordsDiagnoser(Diagnoser):
@@ -29,8 +30,9 @@ class DNSRecordsDiagnoser(Diagnoser):
         for domain in all_domains:
             self.logger_debug("Diagnosing DNS conf for %s" % domain)
             is_subdomain = domain.split(".", 1)[1] in all_domains
+            is_specialusedomain = any(domain.endswith("." + tld) for tld in SPECIAL_USE_TLDS)
             for report in self.check_domain(
-                domain, domain == main_domain, is_subdomain=is_subdomain
+                domain, domain == main_domain, is_subdomain=is_subdomain, is_specialusedomain=is_specialusedomain
             ):
                 yield report
 
@@ -48,7 +50,7 @@ class DNSRecordsDiagnoser(Diagnoser):
         for report in self.check_expiration_date(domains_from_registrar):
             yield report
 
-    def check_domain(self, domain, is_main_domain, is_subdomain):
+    def check_domain(self, domain, is_main_domain, is_subdomain, is_specialusedomain):
 
         expected_configuration = _build_dns_conf(
             domain, include_empty_AAAA_if_no_ipv6=True
@@ -59,6 +61,16 @@ class DNSRecordsDiagnoser(Diagnoser):
         if is_subdomain:
             categories = ["basic"]
 
+        if is_specialusedomain:
+            categories = []
+            yield dict(
+                meta={"domain": domain},
+                data={},
+                status="INFO",
+                summary="diagnosis_dns_specialusedomain",
+            )
+
+
         for category in categories:
 
             records = expected_configuration[category]

data/hooks/diagnosis/21-web.py

@@ -34,6 +34,12 @@ class WebDiagnoser(Diagnoser):
                     summary="diagnosis_http_nginx_conf_not_up_to_date",
                     details=["diagnosis_http_nginx_conf_not_up_to_date_details"],
                 )
+            elif domain.endswith('.local'):
+                yield dict(
+                    meta={"domain": domain},
+                    status="INFO",
+                    summary="diagnosis_http_localdomain",
+                )
             else:
                 domains_to_check.append(domain)
 

data/templates/avahi-daemon/avahi-daemon.conf

@@ -1,68 +0,0 @@
-# This file is part of avahi.
-#
-# avahi is free software; you can redistribute it and/or modify it
-# under the terms of the GNU Lesser General Public License as
-# published by the Free Software Foundation; either version 2 of the
-# License, or (at your option) any later version.
-#
-# avahi is distributed in the hope that it will be useful, but WITHOUT
-# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY
-# or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public
-# License for more details.
-#
-# You should have received a copy of the GNU Lesser General Public
-# License along with avahi; if not, write to the Free Software
-# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
-# USA.
-
-# See avahi-daemon.conf(5) for more information on this configuration
-# file!
-
-[server]
-host-name=yunohost
-domain-name=local
-#browse-domains=0pointer.de, zeroconf.org
-use-ipv4=yes
-use-ipv6=yes
-#allow-interfaces=eth0
-#deny-interfaces=eth1
-#check-response-ttl=no
-#use-iff-running=no
-#enable-dbus=yes
-#disallow-other-stacks=no
-#allow-point-to-point=no
-#cache-entries-max=4096
-#clients-max=4096
-#objects-per-client-max=1024
-#entries-per-entry-group-max=32
-ratelimit-interval-usec=1000000
-ratelimit-burst=1000
-
-[wide-area]
-enable-wide-area=yes
-
-[publish]
-#disable-publishing=no
-#disable-user-service-publishing=no
-#add-service-cookie=no
-#publish-addresses=yes
-#publish-hinfo=yes
-#publish-workstation=yes
-#publish-domain=yes
-#publish-dns-servers=192.168.50.1, 192.168.50.2
-#publish-resolv-conf-dns-servers=yes
-#publish-aaaa-on-ipv4=yes
-#publish-a-on-ipv6=no
-
-[reflector]
-#enable-reflector=no
-#reflect-ipv=no
-
-[rlimits]
-#rlimit-as=
-rlimit-core=0
-rlimit-data=4194304
-rlimit-fsize=0
-rlimit-nofile=768
-rlimit-stack=4194304
-rlimit-nproc=3

data/templates/mdns/yunomdns.service

@@ -0,0 +1,13 @@
+[Unit]
+Description=YunoHost mDNS service
+After=network.target
+
+[Service]
+User=mdns
+Group=mdns
+Type=simple
+ExecStart=/usr/bin/yunomdns
+StandardOutput=syslog
+
+[Install]
+WantedBy=default.target

data/templates/yunohost/services.yml

@@ -1,4 +1,3 @@
-avahi-daemon: {}
 dnsmasq:
   test_conf: dnsmasq --test
 dovecot:
@@ -52,6 +51,8 @@ yunohost-firewall:
   need_lock: true
   test_status: iptables -S | grep "^-A INPUT" | grep " --dport" | grep -q ACCEPT
   category: security
+yunomdns:
+  category: mdns
 glances: null
 nsswitch: null
 ssl: null
@@ -68,3 +69,4 @@ rmilter: null
 php5-fpm: null
 php7.0-fpm: null
 nslcd: null
+avahi-daemon: null

debian/changelog

@@ -1,3 +1,16 @@
+yunohost (4.2.8) stable; urgency=low
+
+  - [fix] ynh_permission_has_user not behaving properly when checking if a group is allowed (f0590907)
+  - [enh] use yaml safeloader everywhere ([#1287](https://github.com/YunoHost/yunohost/pull/1287))
+  - [enh] Add --no-safety-backup option to "yunohost app upgrade" ([#1286](https://github.com/YunoHost/yunohost/pull/1286))
+  - [enh] Add --purge option to "yunohost app remove" ([#1285](https://github.com/YunoHost/yunohost/pull/1285))
+  - [enh] Multimedia helper: check that home folder exists ([#1255](https://github.com/YunoHost/yunohost/pull/1255))
+  - [i18n] Translations updated for French, Galician, German, Portuguese
+
+  Thanks to all contributors <3 ! (José M, Kay0u, Krakinou, ljf, Luca, mifegui, ppr, sagessylu)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Thu, 19 Aug 2021 19:11:19 +0200
+
 yunohost (4.2.7) stable; urgency=low
 
   Notable changes:

debian/control

@@ -13,14 +13,15 @@ Depends: ${python3:Depends}, ${misc:Depends}
  , moulinette (>= 4.2), ssowat (>= 4.0)
  , python3-psutil, python3-requests, python3-dnspython, python3-openssl
  , python3-miniupnpc, python3-dbus, python3-jinja2
- , python3-toml, python3-packaging, python3-publicsuffix
+ , python3-toml, python3-packaging, python3-publicsuffix,
+ , python3-zeroconf,
  , apt, apt-transport-https, apt-utils, dirmngr
  , php7.3-common, php7.3-fpm, php7.3-ldap, php7.3-intl
  , mariadb-server, php7.3-mysql
  , openssh-server, iptables, fail2ban, dnsutils, bind9utils
  , openssl, ca-certificates, netcat-openbsd, iproute2
  , slapd, ldap-utils, sudo-ldap, libnss-ldapd, unscd, libpam-ldapd
- , dnsmasq, avahi-daemon, libnss-mdns, resolvconf, libnss-myhostname
+ , dnsmasq, resolvconf, libnss-myhostname
  , postfix, postfix-ldap, postfix-policyd-spf-perl, postfix-pcre
  , dovecot-core, dovecot-ldap, dovecot-lmtpd, dovecot-managesieved, dovecot-antispam
  , rspamd, opendkim-tools, postsrsd, procmail, mailutils

debian/postinst

@@ -18,6 +18,7 @@ do_configure() {
           bash /usr/share/yunohost/hooks/conf_regen/46-nsswitch init
           bash /usr/share/yunohost/hooks/conf_regen/06-slapd init
           bash /usr/share/yunohost/hooks/conf_regen/15-nginx init
+          bash /usr/share/yunohost/hooks/conf_regen/37-mdns init
       fi
   else
       echo "Regenerating configuration, this might take a while..."

locales/ar.json

@@ -83,7 +83,7 @@
     "yunohost_installing": "عملية تنصيب يونوهوست جارية …",
     "yunohost_not_installed": "إنَّ واي يونوهوست ليس مُنَصَّب أو هو مثبت حاليا بشكل خاطئ. قم بتنفيذ الأمر 'yunohost tools postinstall'",
     "migrations_list_conflict_pending_done": "لا يمكنك استخدام --previous و --done معًا على نفس سطر الأوامر.",
-    "service_description_avahi-daemon": "يسمح لك بالنفاذ إلى خادومك عبر الشبكة المحلية باستخدام yunohost.local",
+    "service_description_mdns": "يسمح لك بالنفاذ إلى خادومك عبر الشبكة المحلية باستخدام yunohost.local",
     "service_description_metronome": "يُدير حسابات الدردشة الفورية XMPP",
     "service_description_nginx": "يقوم بتوفير النفاذ و السماح بالوصول إلى كافة مواقع الويب المستضافة على خادومك",
     "service_description_postfix": "يقوم بإرسال و تلقي الرسائل البريدية الإلكترونية",

locales/ca.json

@@ -283,7 +283,7 @@
     "service_already_started": "El servei «{service}» ja està funcionant",
     "service_already_stopped": "Ja s'ha aturat el servei «{service}»",
     "service_cmd_exec_failed": "No s'ha pogut executar l'ordre «{command}»",
-    "service_description_avahi-daemon": "Permet accedir al servidor via «yunohost.local» en la xarxa local",
+    "service_description_mdns": "Permet accedir al servidor via «yunohost.local» en la xarxa local",
     "service_description_dnsmasq": "Gestiona la resolució del nom de domini (DNS)",
     "service_description_dovecot": "Permet als clients de correu accedir/recuperar correus (via IMAP i POP3)",
     "service_description_fail2ban": "Protegeix contra els atacs de força bruta i a altres atacs provinents d'Internet",

locales/de.json

@@ -597,7 +597,7 @@
     "service_description_fail2ban": "Schützt gegen Brute-Force-Angriffe und andere Angriffe aus dem Internet",
     "service_description_dovecot": "Ermöglicht es E-Mail-Clients auf Konten zuzugreifen (IMAP und POP3)",
     "service_description_dnsmasq": "Verarbeitet die Auflösung des Domainnamens (DNS)",
-    "service_description_avahi-daemon": "Erlaubt, den Server im lokalen Netz über 'yunohost.local' zu erreichen",
+    "service_description_mdns": "Erlaubt, den Server im lokalen Netz über 'yunohost.local' zu erreichen",
     "restore_backup_too_old": "Dieses Backup kann nicht wieder hergestellt werden, weil es von einer zu alten YunoHost Version stammt.",
     "service_description_slapd": "Speichert Benutzer, Domains und verbundene Informationen",
     "service_description_rspamd": "Spamfilter und andere E-Mail-Merkmale",

locales/en.json

@@ -32,7 +32,7 @@
     "app_location_unavailable": "This URL is either unavailable, or conflicts with the already installed app(s):\n{apps}",
     "app_manifest_invalid": "Something is wrong with the app manifest: {error}",
     "app_manifest_install_ask_domain": "Choose the domain where this app should be installed",
-    "app_manifest_install_ask_path": "Choose the path where this app should be installed",
+    "app_manifest_install_ask_path": "Choose the url path (after the domain) where this app should be installed",
     "app_manifest_install_ask_password": "Choose an administration password for this app",
     "app_manifest_install_ask_admin": "Choose an administrator user for this app",
     "app_manifest_install_ask_is_public": "Should this app be exposed to anonymous visitors?",
@@ -183,6 +183,7 @@
     "diagnosis_dns_discrepancy": "The following DNS record does not seem to follow the recommended configuration:<br>Type: <code>{type}</code><br>Name: <code>{name}</code><br>Current value: <code>{current}</code><br>Expected value: <code>{value}</code>",
     "diagnosis_dns_point_to_doc": "Please check the documentation at <a href='https://yunohost.org/dns_config'>https://yunohost.org/dns_config</a> if you need help about configuring DNS records.",
     "diagnosis_dns_try_dyndns_update_force": "This domain's DNS configuration should automatically be managed by YunoHost. If that's not the case, you can try to force an update using <cmd>yunohost dyndns update --force</cmd>.",
+    "diagnosis_dns_specialusedomain": "Domain {domain} is based on a special-use top-level domain (TLD) and is therefore not expected to have actual DNS records.",
     "diagnosis_domain_expiration_not_found": "Unable to check the expiration date for some domains",
     "diagnosis_domain_not_found_details": "The domain {domain} doesn't exist in WHOIS database or is expired!",
     "diagnosis_domain_expiration_not_found_details": "The WHOIS information for domain {domain} doesn't seem to contain the information about the expiration date?",
@@ -260,6 +261,7 @@
     "diagnosis_http_hairpinning_issue_details": "This is probably because of your ISP box / router. As a result, people from outside your local network will be able to access your server as expected, but not people from inside the local network (like you, probably?) when using the domain name or global IP. You may be able to improve the situation by having a look at <a href='https://yunohost.org/dns_local_network'>https://yunohost.org/dns_local_network</a>",
     "diagnosis_http_could_not_diagnose": "Could not diagnose if domains are reachable from outside in IPv{ipversion}.",
     "diagnosis_http_could_not_diagnose_details": "Error: {error}",
+    "diagnosis_http_localdomain": "Domain {domain}, with a .local TLD, is not expected to be reached from outside the local network.",
     "diagnosis_http_ok": "Domain {domain} is reachable through HTTP from outside the local network.",
     "diagnosis_http_timeout": "Timed-out while trying to contact your server from outside. It appears to be unreachable.<br>1. The most common cause for this issue is that port 80 (and 443) <a href='https://yunohost.org/isp_box_config'>are not correctly forwarded to your server</a>.<br>2. You should also make sure that the service nginx is running<br>3. On more complex setups: make sure that no firewall or reverse-proxy is interfering.",
     "diagnosis_http_connection_error": "Connection error: could not connect to the requested domain, it's very likely unreachable.",
@@ -560,7 +562,7 @@
     "service_already_started": "The service '{service}' is running already",
     "service_already_stopped": "The service '{service}' has already been stopped",
     "service_cmd_exec_failed": "Could not execute the command '{command}'",
-    "service_description_avahi-daemon": "Allows you to reach your server using 'yunohost.local' in your local network",
+    "service_description_yunomdns": "Allows you to reach your server using 'yunohost.local' in your local network",
     "service_description_dnsmasq": "Handles domain name resolution (DNS)",
     "service_description_dovecot": "Allows e-mail clients to access/fetch email (via IMAP and POP3)",
     "service_description_fail2ban": "Protects against brute-force and other kinds of attacks from the Internet",

locales/eo.json

@@ -332,7 +332,7 @@
     "hook_exec_failed": "Ne povis funkcii skripto: {path}",
     "global_settings_cant_open_settings": "Ne eblis malfermi agordojn, tial: {reason}",
     "user_created": "Uzanto kreita",
-    "service_description_avahi-daemon": "Permesas al vi atingi vian servilon uzante 'yunohost.local' en via loka reto",
+    "service_description_mdns": "Permesas al vi atingi vian servilon uzante 'yunohost.local' en via loka reto",
     "certmanager_attempt_to_replace_valid_cert": "Vi provas anstataŭigi bonan kaj validan atestilon por domajno {domain}! (Uzu --forte pretervidi)",
     "regenconf_updated": "Agordo ĝisdatigita por '{category}'",
     "update_apt_cache_warning": "Io iris malbone dum la ĝisdatigo de la kaŝmemoro de APT (paka administranto de Debian). Jen rubujo de la sources.list-linioj, kiuj povus helpi identigi problemajn liniojn:\n{sourceslist}",

locales/es.json

@@ -238,7 +238,7 @@
     "service_description_fail2ban": "Protege contra ataques de fuerza bruta y otras clases de ataques desde Internet",
     "service_description_dovecot": "Permite a los clientes de correo acceder/obtener correo (vía IMAP y POP3)",
     "service_description_dnsmasq": "Maneja la resolución de nombres de dominio (DNS)",
-    "service_description_avahi-daemon": "Permite acceder a su servidor usando «yunohost.local» en su red local",
+    "service_description_mdns": "Permite acceder a su servidor usando «yunohost.local» en su red local",
     "server_reboot_confirm": "El servidor se reiniciará inmediatamente ¿está seguro? [{answers}]",
     "server_reboot": "El servidor se reiniciará",
     "server_shutdown_confirm": "El servidor se apagará inmediatamente ¿está seguro? [{answers}]",

locales/fr.json

@@ -234,7 +234,7 @@
     "migrations_list_conflict_pending_done": "Vous ne pouvez pas utiliser --previous et --done simultanément.",
     "migrations_to_be_ran_manually": "La migration {id} doit être lancée manuellement. Veuillez aller dans Outils > Migrations dans l’interface admin, ou lancer `yunohost tools migrations run`.",
     "migrations_need_to_accept_disclaimer": "Pour lancer la migration {id}, vous devez accepter cet avertissement :\n---\n{disclaimer}\n---\nSi vous acceptez de lancer la migration, veuillez relancer la commande avec l’option --accept-disclaimer.",
-    "service_description_avahi-daemon": "Vous permet d’atteindre votre serveur en utilisant « yunohost.local » sur votre réseau local",
+    "service_description_yunomdns": "Vous permet d’atteindre votre serveur en utilisant « yunohost.local » sur votre réseau local",
     "service_description_dnsmasq": "Gère la résolution des noms de domaine (DNS)",
     "service_description_dovecot": "Permet aux clients de messagerie d’accéder/récupérer les courriels (via IMAP et POP3)",
     "service_description_fail2ban": "Protège contre les attaques brute-force et autres types d’attaques venant d’Internet",

locales/it.json

@@ -428,7 +428,7 @@
     "service_description_fail2ban": "Ti protegge dal brute-force e altri tipi di attacchi da Internet",
     "service_description_dovecot": "Consente ai client mail di accedere/recuperare le email (via IMAP e POP3)",
     "service_description_dnsmasq": "Gestisce la risoluzione dei domini (DNS)",
-    "service_description_avahi-daemon": "Consente di raggiungere il tuo server eseguendo 'yunohost.local' sulla tua LAN",
+    "service_description_mdns": "Consente di raggiungere il tuo server eseguendo 'yunohost.local' sulla tua LAN",
     "server_reboot_confirm": "Il server si riavvierà immediatamente, sei sicuro? [{answers}]",
     "server_reboot": "Il server si riavvierà",
     "server_shutdown_confirm": "Il server si spegnerà immediatamente, sei sicuro? [{answers}]",

locales/oc.json

@@ -193,7 +193,7 @@
     "user_unknown": "Utilizaire « {user} » desconegut",
     "user_update_failed": "Modificacion impossibla de l’utilizaire",
     "user_updated": "L’utilizaire es estat modificat",
-    "service_description_avahi-daemon": "permet d’aténher vòstre servidor via yunohost.local sus vòstre ret local",
+    "service_description_mdns": "permet d’aténher vòstre servidor via yunohost.local sus vòstre ret local",
     "service_description_dnsmasq": "gerís la resolucion dels noms de domeni (DNS)",
     "updating_apt_cache": "Actualizacion de la lista dels paquets disponibles…",
     "server_reboot_confirm": "Lo servidor es per reaviar sul pic, o volètz vertadièrament ? {answers}",

locales/zh_Hans.json

@@ -226,7 +226,7 @@
     "service_description_fail2ban": "防止来自互联网的暴力攻击和其他类型的攻击",
     "service_description_dovecot": "允许电子邮件客户端访问/获取电子邮件（通过IMAP和POP3）",
     "service_description_dnsmasq": "处理域名解析（DNS）",
-    "service_description_avahi-daemon": "允许您使用本地网络中的“ yunohost.local”访问服务器",
+    "service_description_mdns": "允许您使用本地网络中的“ yunohost.local”访问服务器",
     "service_started": "服务 '{service}' 已启动",
     "service_start_failed": "无法启动服务 '{service}'\n\n最近的服务日志:{logs}",
     "service_reloaded_or_restarted": "服务'{service}'已重新加载或重新启动",

src/yunohost/app.py

@@ -619,7 +619,7 @@ def app_upgrade(app=[], url=None, file=None, force=False, no_safety_backup=False
         env_dict["YNH_APP_UPGRADE_TYPE"] = upgrade_type
         env_dict["YNH_APP_MANIFEST_VERSION"] = str(app_new_version)
         env_dict["YNH_APP_CURRENT_VERSION"] = str(app_current_version)
-        env_dict["NO_BACKUP_UPGRADE"] = no_safety_backup
+        env_dict["NO_BACKUP_UPGRADE"] = "1" if no_safety_backup else "0"
 
         # We'll check that the app didn't brutally edit some system configuration
         manually_modified_files_before_install = manually_modified_files()
@@ -1233,7 +1233,7 @@ def app_remove(operation_logger, app, purge=False):
     env_dict["YNH_APP_INSTANCE_NAME"] = app
     env_dict["YNH_APP_INSTANCE_NUMBER"] = str(app_instance_nb)
     env_dict["YNH_APP_MANIFEST_VERSION"] = manifest.get("version", "?")
-    env_dict["YNH_APP_PURGE"] = purge
+    env_dict["YNH_APP_PURGE"] = str(purge)
     operation_logger.extra.update({"env": env_dict})
     operation_logger.flush()
 

src/yunohost/domain.py

@@ -166,7 +166,7 @@ def domain_add(operation_logger, domain, dyndns=False):
             # because it's one of the major service, but in the long term we
             # should identify the root of this bug...
             _force_clear_hashes(["/etc/nginx/conf.d/%s.conf" % domain])
-            regen_conf(names=["nginx", "metronome", "dnsmasq", "postfix", "rspamd"])
+            regen_conf(names=["nginx", "metronome", "dnsmasq", "postfix", "rspamd", "mdns"])
             app_ssowatconf()
 
     except Exception as e:
@@ -293,7 +293,7 @@ def domain_remove(operation_logger, domain, remove_apps=False, force=False):
             "/etc/nginx/conf.d/%s.conf" % domain, new_conf=None, save=True
         )
 
-    regen_conf(names=["nginx", "metronome", "dnsmasq", "postfix"])
+    regen_conf(names=["nginx", "metronome", "dnsmasq", "postfix", "rspamd", "mdns"])
     app_ssowatconf()
 
     hook_callback("post_domain_remove", args=[domain])