arguments:
key:
- help: Settings key
+ help: The question or form key
+ nargs: '?'
-v:
full: --value
help: new value
- extra:
- required: True
+ -a:
+ full: --args
+ help: Serialized arguments for new configuration (i.e. "mail_in=0&mail_out=0")
### settings_reset_all()
reset-all:
@@ -1530,10 +1628,10 @@ tools:
category_help: Specific tools
actions:
- ### tools_adminpw()
- adminpw:
- action_help: Change password of admin and root users
- api: PUT /adminpw
+ ### tools_rootpw()
+ rootpw:
+ action_help: Change root password
+ api: PUT /rootpw
arguments:
-n:
full: --new-password
@@ -1568,6 +1666,20 @@ tools:
ask: ask_main_domain
pattern: *pattern_domain
required: True
+ -u:
+ full: --username
+ help: Username for the first (admin) user. For example 'camille'
+ extra:
+ ask: ask_admin_username
+ pattern: *pattern_username
+ required: True
+ -F:
+ full: --fullname
+ help: The full name for the first (admin) user. For example 'Camille Dupont'
+ extra:
+ ask: ask_admin_fullname
+ required: True
+ pattern: *pattern_fullname
-p:
full: --password
help: YunoHost admin password
@@ -1588,14 +1700,10 @@ tools:
extra:
pattern: *pattern_password
comment: dyndns_added_password
- --force-password:
- help: Use this if you really want to set a weak password
- action: store_true
--force-diskspace:
help: Use this if you really want to install YunoHost on a setup with less than 10 GB on the root filesystem
action: store_true
-
### tools_update()
update:
action_help: YunoHost update
@@ -1757,6 +1865,7 @@ hook:
### hook_info()
info:
+ hide_in_help: True
action_help: Get information about a given hook
arguments:
action:
@@ -1786,6 +1895,7 @@ hook:
### hook_callback()
callback:
+ hide_in_help: True
action_help: Execute all scripts binded to an action
arguments:
action:
@@ -1808,6 +1918,7 @@ hook:
### hook_exec()
exec:
+ hide_in_help: True
action_help: Execute hook from a file with arguments
arguments:
path:
diff --git a/share/config_domain.toml b/share/config_domain.toml
index ba0706749..0aae4df26 100644
--- a/share/config_domain.toml
+++ b/share/config_domain.toml
@@ -1,51 +1,37 @@
version = "1.0"
i18n = "domain_config"
-#
-# Other things we may want to implement in the future:
-#
-# - maindomain handling
-# - default app
-# - autoredirect www in nginx conf
-# - ?
-#
-
[feature]
+name = "Features"
+
[feature.app]
[feature.app.default_app]
type = "app"
filter = "is_webapp"
default = "_none"
-
- [feature.mail]
- #services = ['postfix', 'dovecot']
+ # FIXME: i18n
+ help = "People will automatically be redirected to this app when opening this domain. If no app is specified, people are redirected to the user portal login form."
- [feature.mail.features_disclaimer]
- type = "alert"
- style = "warning"
- icon = "warning"
+ [feature.mail]
[feature.mail.mail_out]
type = "boolean"
default = 1
-
+
[feature.mail.mail_in]
type = "boolean"
default = 1
-
- #[feature.mail.backup_mx]
- #type = "tags"
- #default = []
- #pattern.regexp = '^([^\W_A-Z]+([-]*[^\W_A-Z]+)*\.)+((xn--)?[^\W_]{2,})$'
- #pattern.error = "pattern_error"
-
+
[feature.xmpp]
[feature.xmpp.xmpp]
type = "boolean"
default = 0
+ # FIXME: i18n
+ help = "NB: some XMPP features will require that you update your DNS records and regenerate your Lets Encrypt certificate to be enabled"
[dns]
+name = "DNS"
[dns.zone]
@@ -55,13 +41,54 @@ i18n = "domain_config"
help = ""
[dns.registrar]
- optional = true
+ # This part is automatically generated in DomainConfigPanel
- # This part is automatically generated in DomainConfigPanel
+[cert]
+name = "Certificate"
-# [dns.advanced]
-#
-# [dns.advanced.ttl]
-# type = "number"
-# min = 0
-# default = 3600
+ [cert.cert]
+
+ [cert.cert.cert_summary]
+ type = "alert"
+ # Automatically filled by DomainConfigPanel
+
+ [cert.cert.cert_validity]
+ type = "number"
+ readonly = true
+ visible = "false"
+ # Automatically filled by DomainConfigPanel
+
+ [cert.cert.cert_issuer]
+ type = "string"
+ visible = false
+ # Automatically filled by DomainConfigPanel
+
+ [cert.cert.acme_eligible]
+ type = "boolean"
+ visible = false
+ # Automatically filled by DomainConfigPanel
+
+ [cert.cert.acme_eligible_explain]
+ type = "alert"
+ style = "warning"
+ visible = "acme_eligible == false || acme_elligible == null"
+
+ [cert.cert.cert_no_checks]
+ ask = "Ignore diagnosis checks"
+ type = "boolean"
+ default = false
+ visible = "acme_eligible == false || acme_elligible == null"
+
+ [cert.cert.cert_install]
+ type = "button"
+ icon = "star"
+ style = "success"
+ visible = "issuer != 'letsencrypt'"
+ enabled = "acme_eligible || cert_no_checks"
+
+ [cert.cert.cert_renew]
+ type = "button"
+ icon = "refresh"
+ style = "warning"
+ visible = "issuer == 'letsencrypt'"
+ enabled = "acme_eligible || cert_no_checks"
diff --git a/share/config_global.toml b/share/config_global.toml
new file mode 100644
index 000000000..1f3cc1b39
--- /dev/null
+++ b/share/config_global.toml
@@ -0,0 +1,162 @@
+version = "1.0"
+i18n = "global_settings_setting"
+
+[security]
+name = "Security"
+ [security.password]
+ name = "Passwords"
+
+ [security.password.admin_strength]
+ type = "select"
+ choices.1 = "Require at least 8 chars"
+ choices.2 = "ditto, but also require at least one digit, one lower and one upper char"
+ choices.3 = "ditto, but also require at least one special char"
+ choices.4 = "ditto, but also require at least 12 chars"
+ default = "1"
+
+ [security.password.user_strength]
+ type = "select"
+ choices.1 = "Require at least 8 chars"
+ choices.2 = "ditto, but also require at least one digit, one lower and one upper char"
+ choices.3 = "ditto, but also require at least one special char"
+ choices.4 = "ditto, but also require at least 12 chars"
+ default = "1"
+
+ [security.password.passwordless_sudo]
+ type = "boolean"
+ # The actual value is dynamically computed by checking the sudoOption of cn=admins,ou=sudo
+ default = false
+
+ [security.ssh]
+ name = "SSH"
+ [security.ssh.ssh_compatibility]
+ type = "select"
+ choices.intermediate = "Intermediate (compatible with older softwares)"
+ choices.modern = "Modern (recommended)"
+ default = "modern"
+
+ [security.ssh.ssh_port]
+ type = "number"
+ default = 22
+
+ [security.ssh.ssh_password_authentication]
+ type = "boolean"
+ default = true
+
+ [security.nginx]
+ name = "NGINX (web server)"
+ [security.nginx.nginx_redirect_to_https]
+ type = "boolean"
+ default = true
+
+ [security.nginx.nginx_compatibility]
+ type = "select"
+ choices.intermediate = "Intermediate (compatible with Firefox 27, Android 4.4.2, Chrome 31, Edge, IE 11, Opera 20, and Safari 9)"
+ choices.modern = "Modern (compatible with Firefox 63, Android 10.0, Chrome 70, Edge 75, Opera 57, and Safari 12.1)"
+ default = "intermediate"
+
+ [security.postfix]
+ name = "Postfix (SMTP email server)"
+ [security.postfix.postfix_compatibility]
+ type = "select"
+ choices.intermediate = "Intermediate (allows TLS 1.2)"
+ choices.modern = "Modern (TLS 1.3 only)"
+ default = "intermediate"
+
+ [security.webadmin]
+ name = "Webadmin"
+ [security.webadmin.webadmin_allowlist_enabled]
+ type = "boolean"
+ default = false
+
+ [security.webadmin.webadmin_allowlist]
+ type = "tags"
+ visible = "webadmin_allowlist_enabled"
+ optional = true
+ default = ""
+
+ [security.root_access]
+ name = "Change root password"
+
+ [security.root_access.root_access_explain]
+ type = "alert"
+ style = "info"
+ icon = "info"
+
+ [security.root_access.root_password]
+ type = "password"
+ optional = true
+ default = ""
+
+ [security.root_access.root_password_confirm]
+ type = "password"
+ optional = true
+ default = ""
+
+ [security.experimental]
+ name = "Experimental"
+ [security.experimental.security_experimental_enabled]
+ type = "boolean"
+ default = false
+
+
+[email]
+name = "Email"
+ [email.pop3]
+ name = "POP3"
+ [email.pop3.pop3_enabled]
+ type = "boolean"
+ default = false
+
+ [email.smtp]
+ name = "SMTP"
+ [email.smtp.smtp_allow_ipv6]
+ type = "boolean"
+ default = true
+
+ [email.smtp.smtp_relay_enabled]
+ type = "boolean"
+ default = false
+
+ [email.smtp.smtp_relay_host]
+ type = "string"
+ default = ""
+ optional = true
+ visible="smtp_relay_enabled"
+
+ [email.smtp.smtp_relay_port]
+ type = "number"
+ default = 587
+ visible="smtp_relay_enabled"
+
+ [email.smtp.smtp_relay_user]
+ type = "string"
+ default = ""
+ optional = true
+ visible="smtp_relay_enabled"
+
+ [email.smtp.smtp_relay_password]
+ type = "password"
+ default = ""
+ optional = true
+ visible="smtp_relay_enabled"
+ help = "" # This is empty string on purpose, otherwise the core automatically set the 'good_practice_admin_password' string here which is not relevant, because the admin is not actually "choosing" the password ...
+
+[misc]
+name = "Other"
+ [misc.portal]
+ name = "User portal"
+ [misc.portal.ssowat_panel_overlay_enabled]
+ type = "boolean"
+ default = true
+
+ [misc.portal.portal_theme]
+ type = "select"
+ # Choices are loaded dynamically in the python code
+ default = "default"
+
+ [misc.backup]
+ name = "Backup"
+ [misc.backup.backup_compress_tar_archives]
+ type = "boolean"
+ default = false
diff --git a/share/html/502.html b/share/html/502.html
new file mode 100644
index 000000000..bef0275df
--- /dev/null
+++ b/share/html/502.html
@@ -0,0 +1,20 @@
+
+
+
+502 Bad Gateway
+
+
+
+502 Bad Gateway
+If you see this page, your connection with the server is working but the internal service providing this path is not responding.
+Administrator, make sure that the service is running, and check its logs if it is not.
+The Services page is in your webadmin, under Tools > Services.
+Thank you for using YunoHost.
+
+
diff --git a/share/registrar_list.toml b/share/registrar_list.toml
index afb213aa1..01906becd 100644
--- a/share/registrar_list.toml
+++ b/share/registrar_list.toml
@@ -622,7 +622,14 @@
[vultr.auth_token]
type = "string"
redact = true
-
+
+[webgo]
+ [webgo.auth_username]
+ type = "string"
+
+ [webgo.auth_password]
+ type = "password"
+
[yandex]
[yandex.auth_token]
type = "string"
diff --git a/src/__init__.py b/src/__init__.py
index 608917185..af18e1fe4 100644
--- a/src/__init__.py
+++ b/src/__init__.py
@@ -1,5 +1,22 @@
#! /usr/bin/python
-# -*- coding: utf-8 -*-
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
import os
import sys
diff --git a/src/app.py b/src/app.py
index 3b60deb6c..ed1432685 100644
--- a/src/app.py
+++ b/src/app.py
@@ -1,28 +1,23 @@
-# -*- coding: utf-8 -*-
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
-""" License
-
- Copyright (C) 2013 YunoHost
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program; if not, see http://www.gnu.org/licenses
-
-"""
-
-""" yunohost_app.py
-
- Manage apps
-"""
+import glob
import os
import toml
import json
@@ -32,8 +27,10 @@ import time
import re
import subprocess
import tempfile
+import copy
from collections import OrderedDict
-from typing import List, Tuple, Dict, Any
+from typing import List, Tuple, Dict, Any, Iterator
+from packaging import version
from moulinette import Moulinette, m18n
from moulinette.utils.log import getActionLogger
@@ -51,7 +48,6 @@ from moulinette.utils.filesystem import (
chmod,
)
-from yunohost.utils import packages
from yunohost.utils.config import (
ConfigPanel,
ask_questions_and_parse_answers,
@@ -61,12 +57,21 @@ from yunohost.utils.config import (
)
from yunohost.utils.i18n import _value_for_locale
from yunohost.utils.error import YunohostError, YunohostValidationError
-from yunohost.utils.filesystem import free_space_in_directory
+from yunohost.utils.system import (
+ free_space_in_directory,
+ dpkg_is_broken,
+ get_ynh_package_version,
+ system_arch,
+ human_to_binary,
+ binary_to_human,
+ ram_available,
+)
from yunohost.log import is_unit_operation, OperationLogger
from yunohost.app_catalog import ( # noqa
app_catalog,
app_search,
_load_apps_catalog,
+ APPS_CATALOG_LOGOS,
)
logger = getActionLogger("yunohost.app")
@@ -147,6 +152,13 @@ def app_info(app, full=False, upgradable=False):
absolute_app_name, _ = _parse_app_instance_name(app)
from_catalog = _load_apps_catalog()["apps"].get(absolute_app_name, {})
+ # Check if $app.png exists in the app logo folder, this is a trick to be able to easily customize the logo
+ # of an app just by creating $app.png (instead of the hash.png) in the corresponding folder
+ ret["logo"] = (
+ app
+ if os.path.exists(f"{APPS_CATALOG_LOGOS}/{app}.png")
+ else from_catalog.get("logo_hash")
+ )
ret["upgradable"] = _app_upgradable({**ret, "from_catalog": from_catalog})
if ret["upgradable"] == "yes":
@@ -160,18 +172,42 @@ def app_info(app, full=False, upgradable=False):
ret["current_version"] = f" ({current_revision})"
ret["new_version"] = f" ({new_revision})"
+ ret["settings"] = settings
+
if not full:
return ret
ret["setting_path"] = setting_path
ret["manifest"] = local_manifest
- ret["manifest"]["arguments"] = _set_default_ask_questions(
- ret["manifest"].get("arguments", {})
+
+ # FIXME: maybe this is not needed ? default ask questions are
+ # already set during the _get_manifest_of_app earlier ?
+ ret["manifest"]["install"] = _set_default_ask_questions(
+ ret["manifest"].get("install", {})
)
- ret["settings"] = settings
ret["from_catalog"] = from_catalog
+ # Hydrate app notifications and doc
+ for pagename, content_per_lang in ret["manifest"]["doc"].items():
+ for lang, content in content_per_lang.items():
+ ret["manifest"]["doc"][pagename][lang] = _hydrate_app_template(
+ content, settings
+ )
+
+ # Filter dismissed notification
+ ret["manifest"]["notifications"] = {
+ k: v
+ for k, v in ret["manifest"]["notifications"].items()
+ if not _notification_is_dismissed(k, settings)
+ }
+
+ # Hydrate notifications (also filter uneeded post_upgrade notification based on version)
+ for step, notifications in ret["manifest"]["notifications"].items():
+ for name, content_per_lang in notifications.items():
+ for lang, content in content_per_lang.items():
+ notifications[name][lang] = _hydrate_app_template(content, settings)
+
ret["is_webapp"] = "domain" in settings and "path" in settings
if ret["is_webapp"]:
@@ -185,8 +221,8 @@ def app_info(app, full=False, upgradable=False):
ret["supports_backup_restore"] = os.path.exists(
os.path.join(setting_path, "scripts", "backup")
) and os.path.exists(os.path.join(setting_path, "scripts", "restore"))
- ret["supports_multi_instance"] = is_true(
- local_manifest.get("multi_instance", False)
+ ret["supports_multi_instance"] = local_manifest.get("integration", {}).get(
+ "multi_instance", False
)
ret["supports_config_panel"] = os.path.exists(
os.path.join(setting_path, "config_panel.toml")
@@ -202,7 +238,6 @@ def app_info(app, full=False, upgradable=False):
def _app_upgradable(app_infos):
- from packaging import version
# Determine upgradability
@@ -416,7 +451,9 @@ def app_change_url(operation_logger, app, domain, path):
tmp_workdir_for_app = _make_tmp_workdir_for_app(app=app)
# Prepare env. var. to pass to script
- env_dict = _make_environment_for_app_script(app, workdir=tmp_workdir_for_app)
+ env_dict = _make_environment_for_app_script(
+ app, workdir=tmp_workdir_for_app, action="change_url"
+ )
env_dict["YNH_APP_OLD_DOMAIN"] = old_domain
env_dict["YNH_APP_OLD_PATH"] = old_path
env_dict["YNH_APP_NEW_DOMAIN"] = domain
@@ -467,7 +504,6 @@ def app_upgrade(app=[], url=None, file=None, force=False, no_safety_backup=False
no_safety_backup -- Disable the safety backup during upgrade
"""
- from packaging import version
from yunohost.hook import (
hook_add,
hook_remove,
@@ -477,6 +513,12 @@ def app_upgrade(app=[], url=None, file=None, force=False, no_safety_backup=False
from yunohost.permission import permission_sync_to_user
from yunohost.regenconf import manually_modified_files
from yunohost.utils.legacy import _patch_legacy_php_versions, _patch_legacy_helpers
+ from yunohost.backup import (
+ backup_list,
+ backup_create,
+ backup_delete,
+ backup_restore,
+ )
apps = app
# Check if disk space available
@@ -502,6 +544,8 @@ def app_upgrade(app=[], url=None, file=None, force=False, no_safety_backup=False
if len(apps) > 1:
logger.info(m18n.n("app_upgrade_several_apps", apps=", ".join(apps)))
+ notifications = {}
+
for number, app_instance_name in enumerate(apps):
logger.info(m18n.n("app_upgrade_app_name", app=app_instance_name))
@@ -563,34 +607,99 @@ def app_upgrade(app=[], url=None, file=None, force=False, no_safety_backup=False
upgrade_type = "UPGRADE_FULL"
# Check requirements
- _check_manifest_requirements(manifest)
+ for name, passed, values, err in _check_manifest_requirements(
+ manifest, action="upgrade"
+ ):
+ if not passed:
+ if name == "ram":
+ # i18n: confirm_app_insufficient_ram
+ _ask_confirmation(
+ "confirm_app_insufficient_ram", params=values, force=force
+ )
+ else:
+ raise YunohostValidationError(err, **values)
+
+ # Display pre-upgrade notifications and ask for simple confirm
+ if (
+ manifest["notifications"]["PRE_UPGRADE"]
+ and Moulinette.interface.type == "cli"
+ ):
+ settings = _get_app_settings(app_instance_name)
+ notifications = _filter_and_hydrate_notifications(
+ manifest["notifications"]["PRE_UPGRADE"],
+ current_version=app_current_version,
+ data=settings,
+ )
+ _display_notifications(notifications, force=force)
+
+ if manifest["packaging_format"] >= 2:
+ if no_safety_backup:
+ # FIXME: i18n
+ logger.warning(
+ "Skipping the creation of a backup prior to the upgrade."
+ )
+ else:
+ # FIXME: i18n
+ logger.info("Creating a safety backup prior to the upgrade")
+
+ # Switch between pre-upgrade1 or pre-upgrade2
+ safety_backup_name = f"{app_instance_name}-pre-upgrade1"
+ other_safety_backup_name = f"{app_instance_name}-pre-upgrade2"
+ if safety_backup_name in backup_list()["archives"]:
+ safety_backup_name = f"{app_instance_name}-pre-upgrade2"
+ other_safety_backup_name = f"{app_instance_name}-pre-upgrade1"
+
+ backup_create(name=safety_backup_name, apps=[app_instance_name])
+
+ if safety_backup_name in backup_list()["archives"]:
+ # if the backup suceeded, delete old safety backup to save space
+ if other_safety_backup_name in backup_list()["archives"]:
+ backup_delete(other_safety_backup_name)
+ else:
+ # Is this needed ? Shouldn't backup_create report an expcetion if backup failed ?
+ raise YunohostError(
+ "Uhoh the safety backup failed ?! Aborting the upgrade process.",
+ raw_msg=True,
+ )
+
_assert_system_is_sane_for_app(manifest, "pre")
- app_setting_path = os.path.join(APPS_SETTING_PATH, app_instance_name)
-
- # Prepare env. var. to pass to script
- env_dict = _make_environment_for_app_script(
- app_instance_name, workdir=extracted_app_folder
- )
- env_dict["YNH_APP_UPGRADE_TYPE"] = upgrade_type
- env_dict["YNH_APP_MANIFEST_VERSION"] = str(app_new_version)
- env_dict["YNH_APP_CURRENT_VERSION"] = str(app_current_version)
- env_dict["NO_BACKUP_UPGRADE"] = "1" if no_safety_backup else "0"
-
# We'll check that the app didn't brutally edit some system configuration
manually_modified_files_before_install = manually_modified_files()
+ app_setting_path = os.path.join(APPS_SETTING_PATH, app_instance_name)
+
# Attempt to patch legacy helpers ...
_patch_legacy_helpers(extracted_app_folder)
# Apply dirty patch to make php5 apps compatible with php7
_patch_legacy_php_versions(extracted_app_folder)
+ # Prepare env. var. to pass to script
+ env_dict = _make_environment_for_app_script(
+ app_instance_name, workdir=extracted_app_folder, action="upgrade"
+ )
+ env_dict["YNH_APP_UPGRADE_TYPE"] = upgrade_type
+ env_dict["YNH_APP_MANIFEST_VERSION"] = str(app_new_version)
+ env_dict["YNH_APP_CURRENT_VERSION"] = str(app_current_version)
+ if manifest["packaging_format"] < 2:
+ env_dict["NO_BACKUP_UPGRADE"] = "1" if no_safety_backup else "0"
+
# Start register change on system
related_to = [("app", app_instance_name)]
operation_logger = OperationLogger("app_upgrade", related_to, env=env_dict)
operation_logger.start()
+ if manifest["packaging_format"] >= 2:
+ from yunohost.utils.resources import AppResourceManager
+
+ AppResourceManager(
+ app_instance_name, wanted=manifest, current=app_dict["manifest"]
+ ).apply(
+ rollback_and_raise_exception_if_failure=True,
+ operation_logger=operation_logger,
+ )
+
# Execute the app upgrade script
upgrade_failed = True
try:
@@ -607,6 +716,26 @@ def app_upgrade(app=[], url=None, file=None, force=False, no_safety_backup=False
),
)
finally:
+
+ # If upgrade failed, try to restore the safety backup
+ if (
+ upgrade_failed
+ and manifest["packaging_format"] >= 2
+ and not no_safety_backup
+ ):
+ logger.warning(
+ "Upgrade failed ... attempting to restore the satefy backup (Yunohost first need to remove the app for this) ..."
+ )
+
+ app_remove(app_instance_name)
+ backup_restore(
+ name=safety_backup_name, apps=[app_instance_name], force=True
+ )
+ if not _is_installed(app_instance_name):
+ logger.error(
+ "Uhoh ... Yunohost failed to restore the app to the way it was before the failed upgrade :|"
+ )
+
# Whatever happened (install success or failure) we check if it broke the system
# and warn the user about it
try:
@@ -684,6 +813,24 @@ def app_upgrade(app=[], url=None, file=None, force=False, no_safety_backup=False
# So much win
logger.success(m18n.n("app_upgraded", app=app_instance_name))
+ # Format post-upgrade notifications
+ if manifest["notifications"]["POST_UPGRADE"]:
+ # Get updated settings to hydrate notifications
+ settings = _get_app_settings(app_instance_name)
+ notifications = _filter_and_hydrate_notifications(
+ manifest["notifications"]["POST_UPGRADE"],
+ current_version=app_current_version,
+ data=settings,
+ )
+ if Moulinette.interface.type == "cli":
+ # ask for simple confirm
+ _display_notifications(notifications, force=force)
+
+ # Reset the dismiss flag for post upgrade notification
+ app_setting(
+ app_instance_name, "_dismiss_notification_post_upgrade", delete=True
+ )
+
hook_callback("post_app_upgrade", env=env_dict)
operation_logger.success()
@@ -691,19 +838,74 @@ def app_upgrade(app=[], url=None, file=None, force=False, no_safety_backup=False
logger.success(m18n.n("upgrade_complete"))
+ if Moulinette.interface.type == "api":
+ return {"notifications": {"POST_UPGRADE": notifications}}
-def app_manifest(app):
+
+def app_manifest(app, with_screenshot=False):
manifest, extracted_app_folder = _extract_app(app)
+ raw_questions = manifest.get("install", {}).values()
+ manifest["install"] = hydrate_questions_with_choices(raw_questions)
+
+ # Add a base64 image to be displayed in web-admin
+ if with_screenshot and Moulinette.interface.type == "api":
+ import base64
+
+ manifest["screenshot"] = None
+ screenshots_folder = os.path.join(extracted_app_folder, "doc", "screenshots")
+
+ if os.path.exists(screenshots_folder):
+ with os.scandir(screenshots_folder) as it:
+ for entry in it:
+ ext = os.path.splitext(entry.name)[1].replace(".", "").lower()
+ if entry.is_file() and ext in ("png", "jpg", "jpeg", "webp", "gif"):
+ with open(entry.path, "rb") as img_file:
+ data = base64.b64encode(img_file.read()).decode("utf-8")
+ manifest[
+ "screenshot"
+ ] = f"data:image/{ext};charset=utf-8;base64,{data}"
+ break
+
shutil.rmtree(extracted_app_folder)
- raw_questions = manifest.get("arguments", {}).get("install", [])
- manifest["arguments"]["install"] = hydrate_questions_with_choices(raw_questions)
+ manifest["requirements"] = {}
+ for name, passed, values, err in _check_manifest_requirements(
+ manifest, action="install"
+ ):
+ if Moulinette.interface.type == "api":
+ manifest["requirements"][name] = {
+ "pass": passed,
+ "values": values,
+ }
+ else:
+ manifest["requirements"][name] = "ok" if passed else m18n.n(err, **values)
return manifest
+def _confirm_app_install(app, force=False):
+
+ # Ignore if there's nothing for confirm (good quality app), if --force is used
+ # or if request on the API (confirm already implemented on the API side)
+ if force or Moulinette.interface.type == "api":
+ return
+
+ quality = _app_quality(app)
+ if quality == "success":
+ return
+
+ # i18n: confirm_app_install_warning
+ # i18n: confirm_app_install_danger
+ # i18n: confirm_app_install_thirdparty
+
+ if quality in ["danger", "thirdparty"]:
+ _ask_confirmation("confirm_app_install_" + quality, kind="hard")
+ else:
+ _ask_confirmation("confirm_app_install_" + quality, kind="soft")
+
+
@is_unit_operation()
def app_install(
operation_logger,
@@ -745,63 +947,50 @@ def app_install(
if free_space_in_directory("/") <= 512 * 1000 * 1000:
raise YunohostValidationError("disk_space_not_sufficient_install")
- def confirm_install(app):
-
- # Ignore if there's nothing for confirm (good quality app), if --force is used
- # or if request on the API (confirm already implemented on the API side)
- if force or Moulinette.interface.type == "api":
- return
-
- quality = _app_quality(app)
- if quality == "success":
- return
-
- # i18n: confirm_app_install_warning
- # i18n: confirm_app_install_danger
- # i18n: confirm_app_install_thirdparty
-
- if quality in ["danger", "thirdparty"]:
- answer = Moulinette.prompt(
- m18n.n("confirm_app_install_" + quality, answers="Yes, I understand"),
- color="red",
- )
- if answer != "Yes, I understand":
- raise YunohostError("aborting")
-
- else:
- answer = Moulinette.prompt(
- m18n.n("confirm_app_install_" + quality, answers="Y/N"), color="yellow"
- )
- if answer.upper() != "Y":
- raise YunohostError("aborting")
-
- confirm_install(app)
+ _confirm_app_install(app, force)
manifest, extracted_app_folder = _extract_app(app)
+ # Display pre_install notices in cli mode
+ if manifest["notifications"]["PRE_INSTALL"] and Moulinette.interface.type == "cli":
+ notifications = _filter_and_hydrate_notifications(
+ manifest["notifications"]["PRE_INSTALL"]
+ )
+ _display_notifications(notifications, force=force)
+
+ packaging_format = manifest["packaging_format"]
+
# Check ID
if "id" not in manifest or "__" in manifest["id"] or "." in manifest["id"]:
raise YunohostValidationError("app_id_invalid")
app_id = manifest["id"]
- label = label if label else manifest["name"]
# Check requirements
- _check_manifest_requirements(manifest)
+ for name, passed, values, err in _check_manifest_requirements(
+ manifest, action="install"
+ ):
+ if not passed:
+ if name == "ram":
+ _ask_confirmation(
+ "confirm_app_insufficient_ram", params=values, force=force
+ )
+ else:
+ raise YunohostValidationError(err, **values)
+
_assert_system_is_sane_for_app(manifest, "pre")
# Check if app can be forked
instance_number = _next_instance_number_for_app(app_id)
if instance_number > 1:
- if "multi_instance" not in manifest or not is_true(manifest["multi_instance"]):
- raise YunohostValidationError("app_already_installed", app=app_id)
-
# Change app_id to the forked app id
app_instance_name = app_id + "__" + str(instance_number)
else:
app_instance_name = app_id
+ app_setting_path = os.path.join(APPS_SETTING_PATH, app_instance_name)
+
# Retrieve arguments list for install script
- raw_questions = manifest.get("arguments", {}).get("install", {})
+ raw_questions = manifest["install"]
questions = ask_questions_and_parse_answers(raw_questions, prefilled_answers=args)
args = {
question.name: question.value
@@ -810,11 +999,13 @@ def app_install(
}
# Validate domain / path availability for webapps
+ # (ideally this should be handled by the resource system for manifest v >= 2
path_requirement = _guess_webapp_path_requirement(extracted_app_folder)
_validate_webpath_requirement(args, path_requirement)
- # Attempt to patch legacy helpers ...
- _patch_legacy_helpers(extracted_app_folder)
+ if packaging_format < 2:
+ # Attempt to patch legacy helpers ...
+ _patch_legacy_helpers(extracted_app_folder)
# Apply dirty patch to make php5 apps compatible with php7
_patch_legacy_php_versions(extracted_app_folder)
@@ -831,7 +1022,6 @@ def app_install(
logger.info(m18n.n("app_start_install", app=app_id))
# Create app directory
- app_setting_path = os.path.join(APPS_SETTING_PATH, app_instance_name)
if os.path.exists(app_setting_path):
shutil.rmtree(app_setting_path)
os.makedirs(app_setting_path)
@@ -842,6 +1032,17 @@ def app_install(
"install_time": int(time.time()),
"current_revision": manifest.get("remote", {}).get("revision", "?"),
}
+
+ # If packaging_format v2+, save all install questions as settings
+ if packaging_format >= 2:
+ for question in questions:
+
+ # Except user-provider passwords
+ if question.type == "password":
+ continue
+
+ app_settings[question.name] = question.value
+
_set_app_settings(app_instance_name, app_settings)
# Move scripts and manifest to the right place
@@ -853,21 +1054,35 @@ def app_install(
recursive=True,
)
- # Initialize the main permission for the app
- # The permission is initialized with no url associated, and with tile disabled
- # For web app, the root path of the app will be added as url and the tile
- # will be enabled during the app install. C.f. 'app_register_url()' below.
- permission_create(
- app_instance_name + ".main",
- allowed=["all_users"],
- label=label,
- show_tile=False,
- protected=False,
- )
+ # Override manifest name by given label
+ # This info is also later picked-up by the 'permission' resource initialization
+ if label:
+ manifest["name"] = label
+
+ if packaging_format >= 2:
+ from yunohost.utils.resources import AppResourceManager
+
+ AppResourceManager(app_instance_name, wanted=manifest, current={}).apply(
+ rollback_and_raise_exception_if_failure=True,
+ operation_logger=operation_logger,
+ )
+ else:
+ # Initialize the main permission for the app
+ # The permission is initialized with no url associated, and with tile disabled
+ # For web app, the root path of the app will be added as url and the tile
+ # will be enabled during the app install. C.f. 'app_register_url()' below
+ # or the webpath resource
+ permission_create(
+ app_instance_name + ".main",
+ allowed=["all_users"],
+ label=manifest["name"],
+ show_tile=False,
+ protected=False,
+ )
# Prepare env. var. to pass to script
env_dict = _make_environment_for_app_script(
- app_instance_name, args=args, workdir=extracted_app_folder
+ app_instance_name, args=args, workdir=extracted_app_folder, action="install"
)
env_dict_for_logging = env_dict.copy()
@@ -914,6 +1129,9 @@ def app_install(
"Packagers /!\\ This app manually modified some system configuration files! This should not happen! If you need to do so, you should implement a proper conf_regen hook. Those configuration were affected:\n - "
+ "\n -".join(manually_modified_files_by_app)
)
+ # Actually forbid this for app packaging >= 2
+ if packaging_format >= 2:
+ broke_the_system = True
# If the install failed or broke the system, we remove it
if install_failed or broke_the_system:
@@ -929,7 +1147,7 @@ def app_install(
# Setup environment for remove script
env_dict_remove = _make_environment_for_app_script(
- app_instance_name, workdir=extracted_app_folder
+ app_instance_name, workdir=extracted_app_folder, action="remove"
)
# Execute remove script
@@ -960,10 +1178,17 @@ def app_install(
m18n.n("unexpected_error", error="\n" + traceback.format_exc())
)
- # Remove all permission in LDAP
- for permission_name in user_permission_list()["permissions"].keys():
- if permission_name.startswith(app_instance_name + "."):
- permission_delete(permission_name, force=True, sync_perm=False)
+ if packaging_format >= 2:
+ from yunohost.utils.resources import AppResourceManager
+
+ AppResourceManager(
+ app_instance_name, wanted={}, current=manifest
+ ).apply(rollback_and_raise_exception_if_failure=False)
+ else:
+ # Remove all permission in LDAP
+ for permission_name in user_permission_list()["permissions"].keys():
+ if permission_name.startswith(app_instance_name + "."):
+ permission_delete(permission_name, force=True, sync_perm=False)
if remove_retcode != 0:
msg = m18n.n("app_not_properly_removed", app=app_instance_name)
@@ -999,8 +1224,23 @@ def app_install(
logger.success(m18n.n("installation_complete"))
+ # Get the generated settings to hydrate notifications
+ settings = _get_app_settings(app_instance_name)
+ notifications = _filter_and_hydrate_notifications(
+ manifest["notifications"]["POST_INSTALL"], data=settings
+ )
+
+ # Display post_install notices in cli mode
+ if notifications and Moulinette.interface.type == "cli":
+ _display_notifications(notifications, force=force)
+
+ # Call postinstall hook
hook_callback("post_app_install", env=env_dict)
+ # Return hydrated post install notif for API
+ if Moulinette.interface.type == "api":
+ return {"notifications": notifications}
+
@is_unit_operation()
def app_remove(operation_logger, app, purge=False):
@@ -1044,7 +1284,9 @@ def app_remove(operation_logger, app, purge=False):
remove_script = f"{tmp_workdir_for_app}/scripts/remove"
env_dict = {}
- env_dict = _make_environment_for_app_script(app, workdir=tmp_workdir_for_app)
+ env_dict = _make_environment_for_app_script(
+ app, workdir=tmp_workdir_for_app, action="remove"
+ )
env_dict["YNH_APP_PURGE"] = str(1 if purge else 0)
operation_logger.extra.update({"env": env_dict})
@@ -1064,15 +1306,17 @@ def app_remove(operation_logger, app, purge=False):
finally:
shutil.rmtree(tmp_workdir_for_app)
- if ret == 0:
- logger.success(m18n.n("app_removed", app=app))
- hook_callback("post_app_remove", env=env_dict)
- else:
- logger.warning(m18n.n("app_not_properly_removed", app=app))
+ packaging_format = manifest["packaging_format"]
+ if packaging_format >= 2:
+ from yunohost.utils.resources import AppResourceManager
- # Remove all permission in LDAP
- for permission_name in user_permission_list(apps=[app])["permissions"].keys():
- permission_delete(permission_name, force=True, sync_perm=False)
+ AppResourceManager(app, wanted={}, current=manifest).apply(
+ rollback_and_raise_exception_if_failure=False, purge_data_dir=purge
+ )
+ else:
+ # Remove all permission in LDAP
+ for permission_name in user_permission_list(apps=[app])["permissions"].keys():
+ permission_delete(permission_name, force=True, sync_perm=False)
if os.path.exists(app_setting_path):
shutil.rmtree(app_setting_path)
@@ -1083,6 +1327,12 @@ def app_remove(operation_logger, app, purge=False):
if domain_config_get(domain, "feature.app.default_app") == app:
domain_config_set(domain, "feature.app.default_app", "_none")
+ if ret == 0:
+ logger.success(m18n.n("app_removed", app=app))
+ hook_callback("post_app_remove", env=env_dict)
+ else:
+ logger.warning(m18n.n("app_not_properly_removed", app=app))
+
permission_sync_to_user()
_assert_system_is_sane_for_app(manifest, "post")
@@ -1291,7 +1541,7 @@ def app_register_url(app, domain, path):
raise YunohostValidationError("app_already_installed_cant_change_url")
# Check the url is available
- _assert_no_conflicting_apps(domain, path)
+ _assert_no_conflicting_apps(domain, path, ignore_app=app)
app_setting(app, "domain", value=domain)
app_setting(app, "path", value=path)
@@ -1315,6 +1565,7 @@ def app_ssowatconf():
"""
from yunohost.domain import domain_list, _get_maindomain, domain_config_get
from yunohost.permission import user_permission_list
+ from yunohost.settings import settings_get
main_domain = _get_maindomain()
domains = domain_list()["domains"]
@@ -1332,6 +1583,7 @@ def app_ssowatconf():
"uris": [domain + "/yunohost/admin" for domain in domains]
+ [domain + "/yunohost/api" for domain in domains]
+ [
+ "re:^[^/]/502%.html$",
"re:^[^/]*/%.well%-known/ynh%-diagnosis/.*$",
"re:^[^/]*/%.well%-known/acme%-challenge/.*$",
"re:^[^/]*/%.well%-known/autoconfig/mail/config%-v1%.1%.xml.*$",
@@ -1345,7 +1597,7 @@ def app_ssowatconf():
for app in _installed_apps():
- app_settings = read_yaml(APPS_SETTING_PATH + app + "/settings.yml")
+ app_settings = read_yaml(APPS_SETTING_PATH + app + "/settings.yml") or {}
# Redirected
redirected_urls.update(app_settings.get("redirected_urls", {}))
@@ -1393,6 +1645,7 @@ def app_ssowatconf():
}
conf_dict = {
+ "theme": settings_get("misc.portal.portal_theme"),
"portal_domain": main_domain,
"portal_path": "/yunohost/sso/",
"additional_headers": {
@@ -1429,90 +1682,16 @@ def app_change_label(app, new_label):
def app_action_list(app):
- logger.warning(m18n.n("experimental_feature"))
- # this will take care of checking if the app is installed
- app_info_dict = app_info(app)
-
- return {
- "app": app,
- "app_name": app_info_dict["name"],
- "actions": _get_app_actions(app),
- }
+ return AppConfigPanel(app).list_actions()
@is_unit_operation()
-def app_action_run(operation_logger, app, action, args=None):
- logger.warning(m18n.n("experimental_feature"))
+def app_action_run(operation_logger, app, action, args=None, args_file=None):
- from yunohost.hook import hook_exec
-
- # will raise if action doesn't exist
- actions = app_action_list(app)["actions"]
- actions = {x["id"]: x for x in actions}
-
- if action not in actions:
- available_actions = (", ".join(actions.keys()),)
- raise YunohostValidationError(
- f"action '{action}' not available for app '{app}', available actions are: {available_actions}",
- raw_msg=True,
- )
-
- operation_logger.start()
-
- action_declaration = actions[action]
-
- # Retrieve arguments list for install script
- raw_questions = actions[action].get("arguments", {})
- questions = ask_questions_and_parse_answers(raw_questions, prefilled_answers=args)
- args = {
- question.name: question.value
- for question in questions
- if question.value is not None
- }
-
- tmp_workdir_for_app = _make_tmp_workdir_for_app(app=app)
-
- env_dict = _make_environment_for_app_script(
- app, args=args, args_prefix="ACTION_", workdir=tmp_workdir_for_app
+ return AppConfigPanel(app).run_action(
+ action, args=args, args_file=args_file, operation_logger=operation_logger
)
- env_dict["YNH_ACTION"] = action
-
- _, action_script = tempfile.mkstemp(dir=tmp_workdir_for_app)
-
- with open(action_script, "w") as script:
- script.write(action_declaration["command"])
-
- if action_declaration.get("cwd"):
- cwd = action_declaration["cwd"].replace("$app", app)
- else:
- cwd = tmp_workdir_for_app
-
- try:
- retcode = hook_exec(
- action_script,
- env=env_dict,
- chdir=cwd,
- user=action_declaration.get("user", "root"),
- )[0]
- # Calling hook_exec could fail miserably, or get
- # manually interrupted (by mistake or because script was stuck)
- # In that case we still want to delete the tmp work dir
- except (KeyboardInterrupt, EOFError, Exception):
- retcode = -1
- import traceback
-
- logger.error(m18n.n("unexpected_error", error="\n" + traceback.format_exc()))
- finally:
- shutil.rmtree(tmp_workdir_for_app)
-
- if retcode not in action_declaration.get("accepted_return_codes", [0]):
- msg = f"Error while executing action '{action}' of app '{app}': return code {retcode}"
- operation_logger.error(msg)
- raise YunohostError(msg, raw_msg=True)
-
- operation_logger.success()
- return logger.success("Action successed!")
def app_config_get(app, key="", full=False, export=False):
@@ -1531,8 +1710,15 @@ def app_config_get(app, key="", full=False, export=False):
else:
mode = "classic"
- config_ = AppConfigPanel(app)
- return config_.get(key, mode)
+ try:
+ config_ = AppConfigPanel(app)
+ return config_.get(key, mode)
+ except YunohostValidationError as e:
+ if Moulinette.interface.type == "api" and e.key == "config_no_panel":
+ # Be more permissive when no config panel found
+ return {}
+ else:
+ raise
@is_unit_operation()
@@ -1556,6 +1742,10 @@ class AppConfigPanel(ConfigPanel):
def _load_current_values(self):
self.values = self._call_config_script("show")
+ def _run_action(self, action):
+ env = {key: str(value) for key, value in self.new_values.items()}
+ self._call_config_script(action, env=env)
+
def _apply(self):
env = {key: str(value) for key, value in self.new_values.items()}
return_content = self._call_config_script("apply", env=env)
@@ -1601,6 +1791,7 @@ ynh_app_config_run $1
"app": app,
"app_instance_nb": str(app_instance_nb),
"final_path": settings.get("final_path", ""),
+ "install_dir": settings.get("install_dir", ""),
"YNH_APP_BASEDIR": os.path.join(APPS_SETTING_PATH, app),
}
)
@@ -1609,8 +1800,10 @@ ynh_app_config_run $1
if ret != 0:
if action == "show":
raise YunohostError("app_config_unable_to_read")
- else:
+ elif action == "apply":
raise YunohostError("app_config_unable_to_apply")
+ else:
+ raise YunohostError("app_action_failed", action=action, app=app)
return values
@@ -1619,58 +1812,6 @@ def _get_app_actions(app_id):
actions_toml_path = os.path.join(APPS_SETTING_PATH, app_id, "actions.toml")
actions_json_path = os.path.join(APPS_SETTING_PATH, app_id, "actions.json")
- # sample data to get an idea of what is going on
- # this toml extract:
- #
-
- # [restart_service]
- # name = "Restart service"
- # command = "echo pouet $YNH_ACTION_SERVICE"
- # user = "root" # optional
- # cwd = "/" # optional
- # accepted_return_codes = [0, 1, 2, 3] # optional
- # description.en = "a dummy stupid exemple or restarting a service"
- #
- # [restart_service.arguments.service]
- # type = "string",
- # ask.en = "service to restart"
- # example = "nginx"
- #
- # will be parsed into this:
- #
- # OrderedDict([(u'restart_service',
- # OrderedDict([(u'name', u'Restart service'),
- # (u'command', u'echo pouet $YNH_ACTION_SERVICE'),
- # (u'user', u'root'),
- # (u'cwd', u'/'),
- # (u'accepted_return_codes', [0, 1, 2, 3]),
- # (u'description',
- # OrderedDict([(u'en',
- # u'a dummy stupid exemple or restarting a service')])),
- # (u'arguments',
- # OrderedDict([(u'service',
- # OrderedDict([(u'type', u'string'),
- # (u'ask',
- # OrderedDict([(u'en',
- # u'service to restart')])),
- # (u'example',
- # u'nginx')]))]))])),
- #
- #
- # and needs to be converted into this:
- #
- # [{u'accepted_return_codes': [0, 1, 2, 3],
- # u'arguments': [{u'ask': {u'en': u'service to restart'},
- # u'example': u'nginx',
- # u'name': u'service',
- # u'type': u'string'}],
- # u'command': u'echo pouet $YNH_ACTION_SERVICE',
- # u'cwd': u'/',
- # u'description': {u'en': u'a dummy stupid exemple or restarting a service'},
- # u'id': u'restart_service',
- # u'name': u'Restart service',
- # u'user': u'root'}]
-
if os.path.exists(actions_toml_path):
toml_actions = toml.load(open(actions_toml_path, "r"), _dict=OrderedDict)
@@ -1680,15 +1821,7 @@ def _get_app_actions(app_id):
for key, value in toml_actions.items():
action = dict(**value)
action["id"] = key
-
- arguments = []
- for argument_name, argument in value.get("arguments", {}).items():
- argument = dict(**argument)
- argument["name"] = argument_name
-
- arguments.append(argument)
-
- action["arguments"] = arguments
+ action["arguments"] = value.get("arguments", {})
actions.append(action)
return actions
@@ -1713,11 +1846,20 @@ def _get_app_settings(app):
)
try:
with open(os.path.join(APPS_SETTING_PATH, app, "settings.yml")) as f:
- settings = yaml.safe_load(f)
+ settings = yaml.safe_load(f) or {}
# If label contains unicode char, this may later trigger issues when building strings...
# FIXME: this should be propagated to read_yaml so that this fix applies everywhere I think...
settings = {k: v for k, v in settings.items()}
+ # App settings should never be empty, there should always be at least some standard, internal keys like id, install_time etc.
+ # Otherwise, this probably means that the app settings disappeared somehow...
+ if not settings:
+ logger.error(
+ f"It looks like settings.yml for {app} is empty ... This should not happen ..."
+ )
+ logger.error(m18n.n("app_not_correctly_installed", app=app))
+ return {}
+
# Stupid fix for legacy bullshit
# In the past, some setups did not have proper normalization for app domain/path
# Meaning some setups (as of January 2021) still have path=/foobar/ (with a trailing slash)
@@ -1859,21 +2001,7 @@ def _get_manifest_of_app(path):
# ¦ ¦ },
if os.path.exists(os.path.join(path, "manifest.toml")):
- manifest_toml = read_toml(os.path.join(path, "manifest.toml"))
-
- manifest = manifest_toml.copy()
-
- install_arguments = []
- for name, values in (
- manifest_toml.get("arguments", {}).get("install", {}).items()
- ):
- args = values.copy()
- args["name"] = name
-
- install_arguments.append(args)
-
- manifest["arguments"]["install"] = install_arguments
-
+ manifest = read_toml(os.path.join(path, "manifest.toml"))
elif os.path.exists(os.path.join(path, "manifest.json")):
manifest = read_json(os.path.join(path, "manifest.json"))
else:
@@ -1882,25 +2010,182 @@ def _get_manifest_of_app(path):
raw_msg=True,
)
- manifest["arguments"] = _set_default_ask_questions(manifest.get("arguments", {}))
+ manifest["packaging_format"] = float(
+ str(manifest.get("packaging_format", "")).strip() or "0"
+ )
+
+ if manifest["packaging_format"] < 2:
+ manifest = _convert_v1_manifest_to_v2(manifest)
+
+ manifest["install"] = _set_default_ask_questions(manifest.get("install", {}))
+ manifest["doc"], manifest["notifications"] = _parse_app_doc_and_notifications(path)
+
return manifest
-def _set_default_ask_questions(arguments):
+def _parse_app_doc_and_notifications(path):
+
+ doc = {}
+ notification_names = ["PRE_INSTALL", "POST_INSTALL", "PRE_UPGRADE", "POST_UPGRADE"]
+
+ for filepath in glob.glob(os.path.join(path, "doc") + "/*.md"):
+
+ # to be improved : [a-z]{2,3} is a clumsy way of parsing the
+ # lang code ... some lang code are more complex that this é_è
+ m = re.match("([A-Z]*)(_[a-z]{2,3})?.md", filepath.split("/")[-1])
+
+ if not m:
+ # FIXME: shall we display a warning ? idk
+ continue
+
+ pagename, lang = m.groups()
+
+ if pagename in notification_names:
+ continue
+
+ lang = lang.strip("_") if lang else "en"
+
+ if pagename not in doc:
+ doc[pagename] = {}
+ doc[pagename][lang] = read_file(filepath).strip()
+
+ notifications = {}
+
+ for step in notification_names:
+ notifications[step] = {}
+ for filepath in glob.glob(os.path.join(path, "doc", f"{step}*.md")):
+ m = re.match(step + "(_[a-z]{2,3})?.md", filepath.split("/")[-1])
+ if not m:
+ continue
+ pagename = "main"
+ lang = m.groups()[0].strip("_") if m.groups()[0] else "en"
+ if pagename not in notifications[step]:
+ notifications[step][pagename] = {}
+ notifications[step][pagename][lang] = read_file(filepath).strip()
+
+ for filepath in glob.glob(os.path.join(path, "doc", f"{step}.d") + "/*.md"):
+ m = re.match(
+ r"([A-Za-z0-9\.\~]*)(_[a-z]{2,3})?.md", filepath.split("/")[-1]
+ )
+ if not m:
+ continue
+ pagename, lang = m.groups()
+ lang = lang.strip("_") if lang else "en"
+ if pagename not in notifications[step]:
+ notifications[step][pagename] = {}
+ notifications[step][pagename][lang] = read_file(filepath).strip()
+
+ return doc, notifications
+
+
+def _hydrate_app_template(template, data):
+
+ stuff_to_replace = set(re.findall(r"__[A-Z0-9]+?[A-Z0-9_]*?[A-Z0-9]*?__", template))
+
+ for stuff in stuff_to_replace:
+
+ varname = stuff.strip("_").lower()
+
+ if varname in data:
+ template = template.replace(stuff, data[varname])
+
+ return template
+
+
+def _convert_v1_manifest_to_v2(manifest):
+
+ manifest = copy.deepcopy(manifest)
+
+ if "upstream" not in manifest:
+ manifest["upstream"] = {}
+
+ if "license" in manifest and "license" not in manifest["upstream"]:
+ manifest["upstream"]["license"] = manifest["license"]
+
+ if "url" in manifest and "website" not in manifest["upstream"]:
+ manifest["upstream"]["website"] = manifest["url"]
+
+ manifest["integration"] = {
+ "yunohost": manifest.get("requirements", {})
+ .get("yunohost", "")
+ .replace(">", "")
+ .replace("=", "")
+ .replace(" ", ""),
+ "architectures": "?",
+ "multi_instance": manifest.get("multi_instance", False),
+ "ldap": "?",
+ "sso": "?",
+ "disk": "?",
+ "ram": {"build": "?", "runtime": "?"},
+ }
+
+ maintainers = manifest.get("maintainer", {})
+ if isinstance(maintainers, list):
+ maintainers = [m["name"] for m in maintainers]
+ else:
+ maintainers = [maintainers["name"]] if maintainers.get("name") else []
+
+ manifest["maintainers"] = maintainers
+
+ install_questions = manifest["arguments"]["install"]
+
+ manifest["install"] = {}
+ for question in install_questions:
+ name = question.pop("name")
+ if "ask" in question and name in [
+ "domain",
+ "path",
+ "admin",
+ "is_public",
+ "password",
+ ]:
+ question.pop("ask")
+ if question.get("example") and question.get("type") in [
+ "domain",
+ "path",
+ "user",
+ "boolean",
+ "password",
+ ]:
+ question.pop("example")
+
+ manifest["install"][name] = question
+
+ manifest["resources"] = {"system_user": {}, "install_dir": {"alias": "final_path"}}
+
+ keys_to_keep = [
+ "packaging_format",
+ "id",
+ "name",
+ "description",
+ "version",
+ "maintainers",
+ "upstream",
+ "integration",
+ "install",
+ "resources",
+ ]
+
+ keys_to_del = [key for key in manifest.keys() if key not in keys_to_keep]
+ for key in keys_to_del:
+ del manifest[key]
+
+ return manifest
+
+
+def _set_default_ask_questions(questions, script_name="install"):
# arguments is something like
- # { "install": [
- # { "name": "domain",
+ # { "domain":
+ # {
# "type": "domain",
# ....
# },
- # { "name": "path",
- # "type": "path"
+ # "path": {
+ # "type": "path",
# ...
# },
# ...
- # ],
- # "upgrade": [ ... ]
# }
# We set a default for any question with these matching (type, name)
@@ -1912,39 +2197,38 @@ def _set_default_ask_questions(arguments):
("path", "path"), # i18n: app_manifest_install_ask_path
("password", "password"), # i18n: app_manifest_install_ask_password
("user", "admin"), # i18n: app_manifest_install_ask_admin
- ("boolean", "is_public"),
- ] # i18n: app_manifest_install_ask_is_public
+ ("boolean", "is_public"), # i18n: app_manifest_install_ask_is_public
+ (
+ "group",
+ "init_main_permission",
+ ), # i18n: app_manifest_install_ask_init_main_permission
+ (
+ "group",
+ "init_admin_permission",
+ ), # i18n: app_manifest_install_ask_init_admin_permission
+ ]
- for script_name, arg_list in arguments.items():
+ for question_name, question in questions.items():
+ question["name"] = question_name
- # We only support questions for install so far, and for other
- if script_name != "install":
- continue
-
- for arg in arg_list:
-
- # Do not override 'ask' field if provided by app ?... Or shall we ?
- # if "ask" in arg:
- # continue
-
- # If this arg corresponds to a question with default ask message...
- if any(
- (arg.get("type"), arg["name"]) == question
- for question in questions_with_default
- ):
- # The key is for example "app_manifest_install_ask_domain"
- arg_name = arg["name"]
- key = f"app_manifest_{script_name}_ask_{arg_name}"
- arg["ask"] = m18n.n(key)
+ # If this question corresponds to a question with default ask message...
+ if any(
+ (question.get("type"), question["name"]) == question_with_default
+ for question_with_default in questions_with_default
+ ):
+ # The key is for example "app_manifest_install_ask_domain"
+ question["ask"] = m18n.n(
+ f"app_manifest_{script_name}_ask_{question['name']}"
+ )
# Also it in fact doesn't make sense for any of those questions to have an example value nor a default value...
- if arg.get("type") in ["domain", "user", "password"]:
- if "example" in arg:
- del arg["example"]
- if "default" in arg:
- del arg["default"]
+ if question.get("type") in ["domain", "user", "password"]:
+ if "example" in question:
+ del question["example"]
+ if "default" in question:
+ del question["default"]
- return arguments
+ return questions
def _is_app_repo_url(string: str) -> bool:
@@ -2077,6 +2361,10 @@ def _extract_app_from_folder(path: str) -> Tuple[Dict, str]:
logger.debug(m18n.n("done"))
manifest["remote"] = {"type": "file", "path": path}
+ manifest["quality"] = {"level": -1, "state": "thirdparty"}
+ manifest["antifeatures"] = []
+ manifest["potential_alternative_to"] = []
+
return manifest, extracted_app_folder
@@ -2123,9 +2411,36 @@ def _extract_app_from_gitrepo(
manifest["remote"]["revision"] = revision
manifest["lastUpdate"] = app_info.get("lastUpdate")
+ manifest["quality"] = {
+ "level": app_info.get("level", -1),
+ "state": app_info.get("state", "thirdparty"),
+ }
+ manifest["antifeatures"] = app_info.get("antifeatures", [])
+ manifest["potential_alternative_to"] = app_info.get("potential_alternative_to", [])
+
return manifest, extracted_app_folder
+def _list_upgradable_apps():
+ upgradable_apps = list(app_list(upgradable=True)["apps"])
+
+ # Retrieve next manifest pre_upgrade notifications
+ for app in upgradable_apps:
+ absolute_app_name, _ = _parse_app_instance_name(app["id"])
+ manifest, extracted_app_folder = _extract_app(absolute_app_name)
+ app["notifications"] = {}
+ if manifest["notifications"]["PRE_UPGRADE"]:
+ app["notifications"]["PRE_UPGRADE"] = _filter_and_hydrate_notifications(
+ manifest["notifications"]["PRE_UPGRADE"],
+ app["current_version"],
+ app["settings"],
+ )
+ del app["settings"]
+ shutil.rmtree(extracted_app_folder)
+
+ return upgradable_apps
+
+
#
# ############################### #
# Small utilities #
@@ -2174,33 +2489,99 @@ def _get_all_installed_apps_id():
return all_apps_ids_formatted
-def _check_manifest_requirements(manifest: Dict):
+def _check_manifest_requirements(
+ manifest: Dict, action: str = ""
+) -> Iterator[Tuple[str, bool, object, str]]:
"""Check if required packages are met from the manifest"""
- packaging_format = int(manifest.get("packaging_format", 0))
- if packaging_format not in [0, 1]:
+ app_id = manifest["id"]
+ logger.debug(m18n.n("app_requirements_checking", app=app_id))
+
+ # Packaging format
+ if manifest["packaging_format"] not in [1, 2]:
raise YunohostValidationError("app_packaging_format_not_supported")
- requirements = manifest.get("requirements", dict())
+ # Yunohost version
+ required_yunohost_version = (
+ manifest["integration"].get("yunohost", "4.3").strip(">= ")
+ )
+ current_yunohost_version = get_ynh_package_version("yunohost")["version"]
- if not requirements:
- return
+ yield (
+ "required_yunohost_version",
+ version.parse(required_yunohost_version)
+ <= version.parse(current_yunohost_version),
+ {"current": current_yunohost_version, "required": required_yunohost_version},
+ "app_yunohost_version_not_supported", # i18n: app_yunohost_version_not_supported
+ )
- app = manifest.get("id", "?")
+ # Architectures
+ arch_requirement = manifest["integration"]["architectures"]
+ arch = system_arch()
- logger.debug(m18n.n("app_requirements_checking", app=app))
+ yield (
+ "arch",
+ arch_requirement in ["all", "?"] or arch in arch_requirement,
+ {"current": arch, "required": arch_requirement},
+ "app_arch_not_supported", # i18n: app_arch_not_supported
+ )
- # Iterate over requirements
- for pkgname, spec in requirements.items():
- if not packages.meets_version_specifier(pkgname, spec):
- version = packages.ynh_packages_version()[pkgname]["version"]
- raise YunohostValidationError(
- "app_requirements_unmeet",
- pkgname=pkgname,
- version=version,
- spec=spec,
- app=app,
+ # Multi-instance
+ if action == "install":
+ multi_instance = manifest["integration"]["multi_instance"] is True
+ if not multi_instance:
+ apps = _installed_apps()
+ sibling_apps = [
+ a for a in apps if a == app_id or a.startswith(f"{app_id}__")
+ ]
+ multi_instance = len(sibling_apps) == 0
+
+ yield (
+ "install",
+ multi_instance,
+ {"app": app_id},
+ "app_already_installed", # i18n: app_already_installed
+ )
+
+ # Disk
+ if action == "install":
+ root_free_space = free_space_in_directory("/")
+ var_free_space = free_space_in_directory("/var")
+ if manifest["integration"]["disk"] == "?":
+ has_enough_disk = True
+ else:
+ disk_req_bin = human_to_binary(manifest["integration"]["disk"])
+ has_enough_disk = (
+ root_free_space > disk_req_bin and var_free_space > disk_req_bin
)
+ free_space = binary_to_human(min(root_free_space, var_free_space))
+
+ yield (
+ "disk",
+ has_enough_disk,
+ {"current": free_space, "required": manifest["integration"]["disk"]},
+ "app_not_enough_disk", # i18n: app_not_enough_disk
+ )
+
+ # Ram
+ ram_requirement = manifest["integration"]["ram"]
+ ram, swap = ram_available()
+ # Is "include_swap" really useful ? We should probably decide wether to always include it or not instead
+ if ram_requirement.get("include_swap", False):
+ ram += swap
+ can_build = ram_requirement["build"] == "?" or ram > human_to_binary(
+ ram_requirement["build"]
+ )
+ can_run = ram_requirement["runtime"] == "?" or ram > human_to_binary(
+ ram_requirement["runtime"]
+ )
+
+ yield (
+ "ram",
+ can_build and can_run,
+ {"current": binary_to_human(ram), "required": ram_requirement["build"]},
+ "app_not_enough_ram", # i18n: app_not_enough_ram
+ )
def _guess_webapp_path_requirement(app_folder: str) -> str:
@@ -2209,13 +2590,17 @@ def _guess_webapp_path_requirement(app_folder: str) -> str:
# is an available url and normalize the path.
manifest = _get_manifest_of_app(app_folder)
- raw_questions = manifest.get("arguments", {}).get("install", {})
+ raw_questions = manifest["install"]
domain_questions = [
- question for question in raw_questions if question.get("type") == "domain"
+ question
+ for question in raw_questions.values()
+ if question.get("type") == "domain"
]
path_questions = [
- question for question in raw_questions if question.get("type") == "path"
+ question
+ for question in raw_questions.values()
+ if question.get("type") == "path"
]
if len(domain_questions) == 0 and len(path_questions) == 0:
@@ -2287,11 +2672,7 @@ def _get_conflicting_apps(domain, path, ignore_app=None):
for p, a in apps_map[domain].items():
if a["id"] == ignore_app:
continue
- if path == p:
- conflicts.append((p, a["id"], a["label"]))
- # We also don't want conflicts with other apps starting with
- # same name
- elif path.startswith(p) or p.startswith(path):
+ if path == p or path == "/" or p == "/":
conflicts.append((p, a["id"], a["label"]))
return conflicts
@@ -2315,7 +2696,7 @@ def _assert_no_conflicting_apps(domain, path, ignore_app=None, full_domain=False
def _make_environment_for_app_script(
- app, args={}, args_prefix="APP_ARG_", workdir=None
+ app, args={}, args_prefix="APP_ARG_", workdir=None, action=None
):
app_setting_path = os.path.join(APPS_SETTING_PATH, app)
@@ -2328,16 +2709,37 @@ def _make_environment_for_app_script(
"YNH_APP_INSTANCE_NAME": app,
"YNH_APP_INSTANCE_NUMBER": str(app_instance_nb),
"YNH_APP_MANIFEST_VERSION": manifest.get("version", "?"),
- "YNH_ARCH": check_output("dpkg --print-architecture"),
+ "YNH_APP_PACKAGING_FORMAT": str(manifest["packaging_format"]),
+ "YNH_ARCH": system_arch(),
}
if workdir:
env_dict["YNH_APP_BASEDIR"] = workdir
+ if action:
+ env_dict["YNH_APP_ACTION"] = action
+
for arg_name, arg_value in args.items():
arg_name_upper = arg_name.upper()
env_dict[f"YNH_{args_prefix}{arg_name_upper}"] = str(arg_value)
+ # If packaging format v2, load all settings
+ if manifest["packaging_format"] >= 2:
+ env_dict["app"] = app
+ for setting_name, setting_value in _get_app_settings(app).items():
+
+ # Ignore special internal settings like checksum__
+ # (not a huge deal to load them but idk...)
+ if setting_name.startswith("checksum__"):
+ continue
+
+ env_dict[setting_name] = str(setting_value)
+
+ # Special weird case for backward compatibility...
+ # 'path' was loaded into 'path_url' .....
+ if "path" in env_dict:
+ env_dict["path_url"] = env_dict["path"]
+
return env_dict
@@ -2417,30 +2819,10 @@ def _make_tmp_workdir_for_app(app=None):
return tmpdir
-def is_true(arg):
- """
- Convert a string into a boolean
-
- Keyword arguments:
- arg -- The string to convert
-
- Returns:
- Boolean
-
- """
- if isinstance(arg, bool):
- return arg
- elif isinstance(arg, str):
- return arg.lower() in ["yes", "true", "on"]
- else:
- logger.debug(f"arg should be a boolean or a string, got {arg}")
- return True if arg else False
-
-
def unstable_apps():
output = []
- deprecated_apps = ["mailman"]
+ deprecated_apps = ["mailman", "ffsync"]
for infos in app_list(full=True)["apps"]:
@@ -2514,8 +2896,116 @@ def _assert_system_is_sane_for_app(manifest, when):
"app_action_broke_system", services=", ".join(faulty_services)
)
- if packages.dpkg_is_broken():
+ if dpkg_is_broken():
if when == "pre":
raise YunohostValidationError("dpkg_is_broken")
elif when == "post":
raise YunohostError("this_action_broke_dpkg")
+
+
+def app_dismiss_notification(app, name):
+
+ assert isinstance(name, str)
+ name = name.lower()
+ assert name in ["post_install", "post_upgrade"]
+ _assert_is_installed(app)
+
+ app_setting(app, f"_dismiss_notification_{name}", value="1")
+
+
+def _notification_is_dismissed(name, settings):
+ # Check for _dismiss_notiication_$name setting and also auto-dismiss
+ # notifications after one week (otherwise people using mostly CLI would
+ # never really dismiss the notification and it would be displayed forever)
+
+ if name == "POST_INSTALL":
+ return (
+ settings.get("_dismiss_notification_post_install")
+ or (int(time.time()) - settings.get("install_time", 0)) / (24 * 3600) > 7
+ )
+ elif name == "POST_UPGRADE":
+ # Check on update_time also implicitly prevent the post_upgrade notification
+ # from being displayed after install, because update_time is only set during upgrade
+ return (
+ settings.get("_dismiss_notification_post_upgrade")
+ or (int(time.time()) - settings.get("update_time", 0)) / (24 * 3600) > 7
+ )
+ else:
+ return False
+
+
+def _filter_and_hydrate_notifications(notifications, current_version=None, data={}):
+ def is_version_more_recent_than_current_version(name):
+ # Boring code to handle the fact that "0.1 < 9999~ynh1" is False
+
+ if "~" in name:
+ return version.parse(name) > version.parse(current_version)
+ else:
+ return version.parse(name) > version.parse(current_version.split("~")[0])
+
+ return {
+ # Should we render the markdown maybe? idk
+ name: _hydrate_app_template(_value_for_locale(content_per_lang), data)
+ for name, content_per_lang in notifications.items()
+ if current_version is None
+ or name == "main"
+ or is_version_more_recent_than_current_version(name)
+ }
+
+
+def _display_notifications(notifications, force=False):
+ if not notifications:
+ return
+
+ for name, content in notifications.items():
+ print("==========")
+ print(content)
+ print("==========")
+
+ # i18n: confirm_notifications_read
+ _ask_confirmation("confirm_notifications_read", kind="simple", force=force)
+
+
+# FIXME: move this to Moulinette
+def _ask_confirmation(
+ question: str,
+ params: dict = {},
+ kind: str = "hard",
+ force: bool = False,
+):
+ """
+ Ask confirmation
+
+ Keyword argument:
+ question -- m18n key or string
+ params -- dict of values passed to the string formating
+ kind -- "hard": ask with "Yes, I understand", "soft": "Y/N", "simple": "press enter"
+ force -- Will not ask for confirmation
+
+ """
+ if force or Moulinette.interface.type == "api":
+ return
+
+ # If ran from the CLI in a non-interactive context,
+ # skip confirmation (except in hard mode)
+ if not os.isatty(1) and kind in ["simple", "soft"]:
+ return
+ if kind == "simple":
+ answer = Moulinette.prompt(
+ m18n.n(question, answers="Press enter to continue", **params),
+ color="yellow",
+ )
+ answer = True
+ elif kind == "soft":
+ answer = Moulinette.prompt(
+ m18n.n(question, answers="Y/N", **params), color="yellow"
+ )
+ answer = answer.upper() == "Y"
+ else:
+ answer = Moulinette.prompt(
+ m18n.n(question, answers="Yes, I understand", **params), color="red"
+ )
+ answer = answer == "Yes, I understand"
+
+ if not answer:
+ raise YunohostError("aborting")
diff --git a/src/app_catalog.py b/src/app_catalog.py
index 5ae8ef30b..5d4378544 100644
--- a/src/app_catalog.py
+++ b/src/app_catalog.py
@@ -1,5 +1,24 @@
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
import os
import re
+import hashlib
from moulinette import m18n
from moulinette.utils.log import getActionLogger
@@ -18,17 +37,18 @@ from yunohost.utils.error import YunohostError
logger = getActionLogger("yunohost.app_catalog")
APPS_CATALOG_CACHE = "/var/cache/yunohost/repo"
+APPS_CATALOG_LOGOS = "/usr/share/yunohost/applogos"
APPS_CATALOG_CONF = "/etc/yunohost/apps_catalog.yml"
-APPS_CATALOG_API_VERSION = 2
+APPS_CATALOG_API_VERSION = 3
APPS_CATALOG_DEFAULT_URL = "https://app.yunohost.org/default"
-def app_catalog(full=False, with_categories=False):
+def app_catalog(full=False, with_categories=False, with_antifeatures=False):
"""
Return a dict of apps available to installation from Yunohost's app catalog
"""
- from yunohost.app import _installed_apps, _set_default_ask_questions
+ from yunohost.app import _installed_apps
# Get app list from catalog cache
catalog = _load_apps_catalog()
@@ -47,28 +67,38 @@ def app_catalog(full=False, with_categories=False):
"description": infos["manifest"]["description"],
"level": infos["level"],
}
- else:
- infos["manifest"]["arguments"] = _set_default_ask_questions(
- infos["manifest"].get("arguments", {})
- )
- # Trim info for categories if not using --full
- for category in catalog["categories"]:
- category["title"] = _value_for_locale(category["title"])
- category["description"] = _value_for_locale(category["description"])
- for subtags in category.get("subtags", []):
- subtags["title"] = _value_for_locale(subtags["title"])
+ _catalog = {"apps": catalog["apps"]}
- if not full:
- catalog["categories"] = [
- {"id": c["id"], "description": c["description"]}
- for c in catalog["categories"]
- ]
+ if with_categories:
+ for category in catalog["categories"]:
+ category["title"] = _value_for_locale(category["title"])
+ category["description"] = _value_for_locale(category["description"])
+ for subtags in category.get("subtags", []):
+ subtags["title"] = _value_for_locale(subtags["title"])
- if not with_categories:
- return {"apps": catalog["apps"]}
- else:
- return {"apps": catalog["apps"], "categories": catalog["categories"]}
+ if not full:
+ catalog["categories"] = [
+ {"id": c["id"], "description": c["description"]}
+ for c in catalog["categories"]
+ ]
+
+ _catalog["categories"] = catalog["categories"]
+
+ if with_antifeatures:
+ for antifeature in catalog["antifeatures"]:
+ antifeature["title"] = _value_for_locale(antifeature["title"])
+ antifeature["description"] = _value_for_locale(antifeature["description"])
+
+ if not full:
+ catalog["antifeatures"] = [
+ {"id": a["id"], "description": a["description"]}
+ for a in catalog["antifeatures"]
+ ]
+
+ _catalog["antifeatures"] = catalog["antifeatures"]
+
+ return _catalog
def app_search(string):
@@ -154,7 +184,13 @@ def _update_apps_catalog():
logger.debug("Initialize folder for apps catalog cache")
mkdir(APPS_CATALOG_CACHE, mode=0o750, parents=True, uid="root")
+ if not os.path.exists(APPS_CATALOG_LOGOS):
+ mkdir(APPS_CATALOG_LOGOS, mode=0o755, parents=True, uid="root")
+
for apps_catalog in apps_catalog_list:
+ if apps_catalog["url"] is None:
+ continue
+
apps_catalog_id = apps_catalog["id"]
actual_api_url = _actual_apps_catalog_api_url(apps_catalog["url"])
@@ -181,6 +217,46 @@ def _update_apps_catalog():
raw_msg=True,
)
+ # Download missing app logos
+ logos_to_download = []
+ for app, infos in apps_catalog_content["apps"].items():
+ logo_hash = infos.get("logo_hash")
+ if not logo_hash or os.path.exists(f"{APPS_CATALOG_LOGOS}/{logo_hash}.png"):
+ continue
+ logos_to_download.append(logo_hash)
+
+ if len(logos_to_download) > 20:
+ logger.info(
+ f"(Will fetch {len(logos_to_download)} logos, this may take a couple minutes)"
+ )
+
+ import requests
+ from multiprocessing.pool import ThreadPool
+
+ def fetch_logo(logo_hash):
+ try:
+ r = requests.get(
+ f"{apps_catalog['url']}/v{APPS_CATALOG_API_VERSION}/logos/{logo_hash}.png",
+ timeout=10,
+ )
+ assert (
+ r.status_code == 200
+ ), f"Got status code {r.status_code}, expected 200"
+ if hashlib.sha256(r.content).hexdigest() != logo_hash:
+ raise Exception(
+ f"Found inconsistent hash while downloading logo {logo_hash}"
+ )
+ open(f"{APPS_CATALOG_LOGOS}/{logo_hash}.png", "wb").write(r.content)
+ return True
+ except Exception as e:
+ logger.debug(f"Failed to download logo {logo_hash} : {e}")
+ return False
+
+ results = ThreadPool(8).imap_unordered(fetch_logo, logos_to_download)
+ for result in results:
+ # Is this even needed to iterate on the results ?
+ pass
+
logger.success(m18n.n("apps_catalog_update_success"))
@@ -190,7 +266,7 @@ def _load_apps_catalog():
corresponding to all known apps and categories
"""
- merged_catalog = {"apps": {}, "categories": []}
+ merged_catalog = {"apps": {}, "categories": [], "antifeatures": []}
for apps_catalog_id in [L["id"] for L in _read_apps_catalog_list()]:
@@ -232,10 +308,17 @@ def _load_apps_catalog():
)
continue
+ if info.get("level") == "?":
+ info["level"] = -1
+
+ # FIXME: we may want to autoconvert all v0/v1 manifest to v2 here
+ # so that everything is consistent in terms of APIs, datastructure format etc
info["repository"] = apps_catalog_id
merged_catalog["apps"][app] = info
- # Annnnd categories
- merged_catalog["categories"] += apps_catalog_content["categories"]
+ # Annnnd categories + antifeatures
+ # (we use .get here, only because the dev catalog doesnt include the categories/antifeatures keys)
+ merged_catalog["categories"] += apps_catalog_content.get("categories", [])
+ merged_catalog["antifeatures"] += apps_catalog_content.get("antifeatures", [])
return merged_catalog
diff --git a/src/authenticators/ldap_admin.py b/src/authenticators/ldap_admin.py
index 872dd3c8d..22b796e23 100644
--- a/src/authenticators/ldap_admin.py
+++ b/src/authenticators/ldap_admin.py
@@ -1,5 +1,21 @@
-# -*- coding: utf-8 -*-
-
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
import os
import logging
import ldap
@@ -11,10 +27,14 @@ from moulinette.authentication import BaseAuthenticator
from moulinette.utils.text import random_ascii
from yunohost.utils.error import YunohostError, YunohostAuthenticationError
-
-logger = logging.getLogger("yunohost.authenticators.ldap_admin")
+from yunohost.utils.ldap import _get_ldap_interface
session_secret = random_ascii()
+logger = logging.getLogger("yunohost.authenticators.ldap_admin")
+
+LDAP_URI = "ldap://localhost:389"
+ADMIN_GROUP = "cn=admins,ou=groups"
+AUTH_DN = "uid={uid},ou=users,dc=yunohost,dc=org"
class Authenticator(BaseAuthenticator):
@@ -22,26 +42,59 @@ class Authenticator(BaseAuthenticator):
name = "ldap_admin"
def __init__(self, *args, **kwargs):
- self.uri = "ldap://localhost:389"
- self.basedn = "dc=yunohost,dc=org"
- self.admindn = "cn=admin,dc=yunohost,dc=org"
+ pass
def _authenticate_credentials(self, credentials=None):
- # TODO : change authentication format
- # to support another dn to support multi-admins
+ try:
+ admins = (
+ _get_ldap_interface()
+ .search(ADMIN_GROUP, attrs=["memberUid"])[0]
+ .get("memberUid", [])
+ )
+ except ldap.SERVER_DOWN:
+ # ldap is down, attempt to restart it before really failing
+ logger.warning(m18n.n("ldap_server_is_down_restart_it"))
+ os.system("systemctl restart slapd")
+ time.sleep(10) # waits 10 secondes so we are sure that slapd has restarted
+
+ # Force-reset existing LDAP interface
+ from yunohost.utils import ldap as ldaputils
+
+ ldaputils._ldap_interface = None
+
+ try:
+ admins = (
+ _get_ldap_interface()
+ .search(ADMIN_GROUP, attrs=["memberUid"])[0]
+ .get("memberUid", [])
+ )
+ except ldap.SERVER_DOWN:
+ raise YunohostError("ldap_server_down")
+
+ try:
+ uid, password = credentials.split(":", 1)
+ except ValueError:
+ raise YunohostError("invalid_credentials")
+
+ # Here we're explicitly using set() which are handled as hash tables
+ # and should prevent timing attacks to find out the admin usernames?
+ if uid not in set(admins):
+ raise YunohostError("invalid_credentials")
+
+ dn = AUTH_DN.format(uid=uid)
def _reconnect():
con = ldap.ldapobject.ReconnectLDAPObject(
- self.uri, retry_max=10, retry_delay=0.5
+ LDAP_URI, retry_max=10, retry_delay=0.5
)
- con.simple_bind_s(self.admindn, credentials)
+ con.simple_bind_s(dn, password)
return con
try:
con = _reconnect()
except ldap.INVALID_CREDENTIALS:
- raise YunohostError("invalid_password")
+ raise YunohostError("invalid_credentials")
except ldap.SERVER_DOWN:
# ldap is down, attempt to restart it before really failing
logger.warning(m18n.n("ldap_server_is_down_restart_it"))
@@ -61,9 +114,9 @@ class Authenticator(BaseAuthenticator):
logger.warning("Error during ldap authentication process: %s", e)
raise
else:
- if who != self.admindn:
+ if who != dn:
raise YunohostError(
- f"Not logged with the appropriate identity ? Found {who}, expected {self.admindn} !?",
+ f"Not logged with the appropriate identity ? Found {who}, expected {dn} !?",
raw_msg=True,
)
finally:
diff --git a/src/backup.py b/src/backup.py
index bba60b895..c3e47bddc 100644
--- a/src/backup.py
+++ b/src/backup.py
@@ -1,28 +1,21 @@
-# -*- coding: utf-8 -*-
-
-""" License
-
- Copyright (C) 2013 YunoHost
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program; if not, see http://www.gnu.org/licenses
-
-"""
-
-""" yunohost_backup.py
-
- Manage backups
-"""
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
import os
import re
import json
@@ -39,9 +32,16 @@ from functools import reduce
from packaging import version
from moulinette import Moulinette, m18n
-from moulinette.utils import filesystem
from moulinette.utils.log import getActionLogger
-from moulinette.utils.filesystem import read_file, mkdir, write_to_yaml, read_yaml
+from moulinette.utils.filesystem import (
+ read_file,
+ mkdir,
+ write_to_yaml,
+ read_yaml,
+ rm,
+ chown,
+ chmod,
+)
from moulinette.utils.process import check_output
import yunohost.domain
@@ -50,6 +50,7 @@ from yunohost.app import (
_is_installed,
_make_environment_for_app_script,
_make_tmp_workdir_for_app,
+ _get_manifest_of_app,
)
from yunohost.hook import (
hook_list,
@@ -67,8 +68,12 @@ from yunohost.tools import (
from yunohost.regenconf import regen_conf
from yunohost.log import OperationLogger, is_unit_operation
from yunohost.utils.error import YunohostError, YunohostValidationError
-from yunohost.utils.packages import ynh_packages_version
-from yunohost.utils.filesystem import free_space_in_directory
+from yunohost.utils.system import (
+ free_space_in_directory,
+ get_ynh_package_version,
+ binary_to_human,
+ space_used_by_directory,
+)
from yunohost.settings import settings_get
BACKUP_PATH = "/home/yunohost.backup"
@@ -312,7 +317,7 @@ class BackupManager:
"size_details": self.size_details,
"apps": self.apps_return,
"system": self.system_return,
- "from_yunohost_version": ynh_packages_version()["yunohost"]["version"],
+ "from_yunohost_version": get_ynh_package_version("yunohost")["version"],
}
@property
@@ -342,7 +347,7 @@ class BackupManager:
# FIXME replace isdir by exists ? manage better the case where the path
# exists
if not os.path.isdir(self.work_dir):
- filesystem.mkdir(self.work_dir, 0o750, parents=True, uid="admin")
+ mkdir(self.work_dir, 0o750, parents=True)
elif self.is_tmp_work_dir:
logger.debug(
@@ -357,8 +362,8 @@ class BackupManager:
# If umount succeeded, remove the directory (we checked that
# we're in /home/yunohost.backup/tmp so that should be okay...
# c.f. method clean() which also does this)
- filesystem.rm(self.work_dir, recursive=True, force=True)
- filesystem.mkdir(self.work_dir, 0o750, parents=True, uid="admin")
+ rm(self.work_dir, recursive=True, force=True)
+ mkdir(self.work_dir, 0o750, parents=True)
#
# Backup target management #
@@ -535,7 +540,7 @@ class BackupManager:
successfull_system = self.targets.list("system", include=["Success", "Warning"])
if not successfull_apps and not successfull_system:
- filesystem.rm(self.work_dir, True, True)
+ rm(self.work_dir, True, True)
raise YunohostError("backup_nothings_done")
# Add unlisted files from backup tmp dir
@@ -577,7 +582,7 @@ class BackupManager:
env_var["YNH_BACKUP_CSV"] = tmp_csv
if app is not None:
- env_var.update(_make_environment_for_app_script(app))
+ env_var.update(_make_environment_for_app_script(app, action="backup"))
env_var["YNH_APP_BACKUP_DIR"] = os.path.join(
self.work_dir, "apps", app, "backup"
)
@@ -647,7 +652,7 @@ class BackupManager:
restore_hooks_dir = os.path.join(self.work_dir, "hooks", "restore")
if not os.path.exists(restore_hooks_dir):
- filesystem.mkdir(restore_hooks_dir, mode=0o700, parents=True, uid="root")
+ mkdir(restore_hooks_dir, mode=0o700, parents=True, uid="root")
restore_hooks = hook_list("restore")["hooks"]
@@ -714,7 +719,7 @@ class BackupManager:
tmp_workdir_for_app = _make_tmp_workdir_for_app(app=app)
try:
# Prepare backup directory for the app
- filesystem.mkdir(tmp_app_bkp_dir, 0o700, True, uid="root")
+ mkdir(tmp_app_bkp_dir, 0o700, True, uid="root")
# Copy the app settings to be able to call _common.sh
shutil.copytree(app_setting_path, settings_dir)
@@ -753,7 +758,7 @@ class BackupManager:
# Remove tmp files in all situations
finally:
shutil.rmtree(tmp_workdir_for_app)
- filesystem.rm(env_dict["YNH_BACKUP_CSV"], force=True)
+ rm(env_dict["YNH_BACKUP_CSV"], force=True)
#
# Actual backup archive creation / method management #
@@ -796,7 +801,7 @@ class BackupManager:
if row["dest"] == "info.json":
continue
- size = disk_usage(row["source"])
+ size = space_used_by_directory(row["source"], follow_symlinks=False)
# Add size to apps details
splitted_dest = row["dest"].split("/")
@@ -949,7 +954,7 @@ class RestoreManager:
ret = subprocess.call(["umount", self.work_dir])
if ret != 0:
logger.warning(m18n.n("restore_cleaning_failed"))
- filesystem.rm(self.work_dir, recursive=True, force=True)
+ rm(self.work_dir, recursive=True, force=True)
#
# Restore target manangement #
@@ -979,7 +984,7 @@ class RestoreManager:
available_restore_system_hooks = hook_list("restore")["hooks"]
custom_restore_hook_folder = os.path.join(CUSTOM_HOOK_FOLDER, "restore")
- filesystem.mkdir(custom_restore_hook_folder, 755, parents=True, force=True)
+ mkdir(custom_restore_hook_folder, 755, parents=True, force=True)
for system_part in target_list:
# By default, we'll use the restore hooks on the current install
@@ -1084,7 +1089,7 @@ class RestoreManager:
else:
raise YunohostError("restore_removing_tmp_dir_failed")
- filesystem.mkdir(self.work_dir, parents=True)
+ mkdir(self.work_dir, parents=True)
self.method.mount()
@@ -1402,7 +1407,7 @@ class RestoreManager:
# Delete _common.sh file in backup
common_file = os.path.join(app_backup_in_archive, "_common.sh")
- filesystem.rm(common_file, force=True)
+ rm(common_file, force=True)
# Check if the app has a restore script
app_restore_script_in_archive = os.path.join(app_scripts_in_archive, "restore")
@@ -1418,14 +1423,14 @@ class RestoreManager:
)
app_scripts_new_path = os.path.join(app_settings_new_path, "scripts")
shutil.copytree(app_settings_in_archive, app_settings_new_path)
- filesystem.chmod(app_settings_new_path, 0o400, 0o400, True)
- filesystem.chown(app_scripts_new_path, "root", None, True)
+ chmod(app_settings_new_path, 0o400, 0o400, True)
+ chown(app_scripts_new_path, "root", None, True)
# Copy the app scripts to a writable temporary folder
tmp_workdir_for_app = _make_tmp_workdir_for_app()
copytree(app_scripts_in_archive, tmp_workdir_for_app)
- filesystem.chmod(tmp_workdir_for_app, 0o700, 0o700, True)
- filesystem.chown(tmp_workdir_for_app, "root", None, True)
+ chmod(tmp_workdir_for_app, 0o700, 0o700, True)
+ chown(tmp_workdir_for_app, "root", None, True)
restore_script = os.path.join(tmp_workdir_for_app, "restore")
# Restore permissions
@@ -1494,7 +1499,7 @@ class RestoreManager:
# FIXME : workdir should be a tmp workdir
app_workdir = os.path.join(self.work_dir, "apps", app_instance_name, "settings")
env_dict = _make_environment_for_app_script(
- app_instance_name, workdir=app_workdir
+ app_instance_name, workdir=app_workdir, action="restore"
)
env_dict.update(
{
@@ -1509,6 +1514,15 @@ class RestoreManager:
operation_logger.extra["env"] = env_dict
operation_logger.flush()
+ manifest = _get_manifest_of_app(app_settings_in_archive)
+ if manifest["packaging_format"] >= 2:
+ from yunohost.utils.resources import AppResourceManager
+
+ AppResourceManager(app_instance_name, wanted=manifest, current={}).apply(
+ rollback_and_raise_exception_if_failure=True,
+ operation_logger=operation_logger,
+ )
+
# Execute the app install script
restore_failed = True
try:
@@ -1727,7 +1741,7 @@ class BackupMethod:
raise YunohostError("backup_cleaning_failed")
if self.manager.is_tmp_work_dir:
- filesystem.rm(self.work_dir, True, True)
+ rm(self.work_dir, True, True)
def _check_is_enough_free_space(self):
"""
@@ -1775,11 +1789,11 @@ class BackupMethod:
# Be sure the parent dir of destination exists
if not os.path.isdir(dest_dir):
- filesystem.mkdir(dest_dir, parents=True)
+ mkdir(dest_dir, parents=True)
# For directory, attempt to mount bind
if os.path.isdir(src):
- filesystem.mkdir(dest, parents=True, force=True)
+ mkdir(dest, parents=True, force=True)
try:
subprocess.check_call(["mount", "--rbind", src, dest])
@@ -1832,7 +1846,10 @@ class BackupMethod:
# to mounting error
# Compute size to copy
- size = sum(disk_usage(path["source"]) for path in paths_needed_to_be_copied)
+ size = sum(
+ space_used_by_directory(path["source"], follow_symlinks=False)
+ for path in paths_needed_to_be_copied
+ )
size /= 1024 * 1024 # Convert bytes to megabytes
# Ask confirmation for copying
@@ -1884,7 +1901,7 @@ class CopyBackupMethod(BackupMethod):
dest_parent = os.path.dirname(dest)
if not os.path.exists(dest_parent):
- filesystem.mkdir(dest_parent, 0o700, True, uid="admin")
+ mkdir(dest_parent, 0o700, True)
if os.path.isdir(source):
shutil.copytree(source, dest)
@@ -1902,7 +1919,7 @@ class CopyBackupMethod(BackupMethod):
if not os.path.isdir(self.repo):
raise YunohostError("backup_no_uncompress_archive_dir")
- filesystem.mkdir(self.work_dir, parent=True)
+ mkdir(self.work_dir, parent=True)
ret = subprocess.call(["mount", "-r", "--rbind", self.repo, self.work_dir])
if ret == 0:
return
@@ -1928,7 +1945,7 @@ class TarBackupMethod(BackupMethod):
def _archive_file(self):
if isinstance(self.manager, BackupManager) and settings_get(
- "backup.compress_tar_archives"
+ "misc.backup.backup_compress_tar_archives"
):
return os.path.join(self.repo, self.name + ".tar.gz")
@@ -1946,7 +1963,7 @@ class TarBackupMethod(BackupMethod):
"""
if not os.path.exists(self.repo):
- filesystem.mkdir(self.repo, 0o750, parents=True, uid="admin")
+ mkdir(self.repo, 0o750, parents=True)
# Check free space in output
self._check_is_enough_free_space()
@@ -2628,9 +2645,9 @@ def _create_archive_dir():
if os.path.lexists(ARCHIVES_PATH):
raise YunohostError("backup_output_symlink_dir_broken", path=ARCHIVES_PATH)
- # Create the archive folder, with 'admin' as owner, such that
+ # Create the archive folder, with 'admins' as groupowner, such that
# people can scp archives out of the server
- mkdir(ARCHIVES_PATH, mode=0o750, parents=True, uid="admin", gid="root")
+ mkdir(ARCHIVES_PATH, mode=0o770, parents=True, gid="admins")
def _call_for_each_path(self, callback, csv_path=None):
@@ -2667,31 +2684,3 @@ def _recursive_umount(directory):
continue
return everything_went_fine
-
-
-def disk_usage(path):
- # We don't do this in python with os.stat because we don't want
- # to follow symlinks
-
- du_output = check_output(["du", "-sb", path], shell=False)
- return int(du_output.split()[0])
-
-
-def binary_to_human(n, customary=False):
- """
- Convert bytes or bits into human readable format with binary prefix
- Keyword argument:
- n -- Number to convert
- customary -- Use customary symbol instead of IEC standard
- """
- symbols = ("Ki", "Mi", "Gi", "Ti", "Pi", "Ei", "Zi", "Yi")
- if customary:
- symbols = ("K", "M", "G", "T", "P", "E", "Z", "Y")
- prefix = {}
- for i, s in enumerate(symbols):
- prefix[s] = 1 << (i + 1) * 10
- for s in reversed(symbols):
- if n >= prefix[s]:
- value = float(n) / prefix[s]
- return "{:.1f}{}".format(value, s)
- return "%s" % n
diff --git a/src/certificate.py b/src/certificate.py
index 2a9fb4ce9..928bea499 100644
--- a/src/certificate.py
+++ b/src/certificate.py
@@ -1,32 +1,24 @@
-# -*- coding: utf-8 -*-
-
-""" License
-
- Copyright (C) 2016 YUNOHOST.ORG
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program; if not, see http://www.gnu.org/licenses
-
- yunohost_certificate.py
-
- Manage certificates, in particular Let's encrypt
-"""
-
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
import os
import sys
import shutil
-import pwd
-import grp
import subprocess
import glob
@@ -34,7 +26,8 @@ from datetime import datetime
from moulinette import m18n
from moulinette.utils.log import getActionLogger
-from moulinette.utils.filesystem import read_file
+from moulinette.utils.filesystem import read_file, chown, chmod
+from moulinette.utils.process import check_output
from yunohost.vendor.acme_tiny.acme_tiny import get_crt as sign_certificate
from yunohost.utils.error import YunohostError, YunohostValidationError
@@ -95,15 +88,16 @@ def certificate_status(domains, full=False):
if not full:
del status["subject"]
del status["CA_name"]
- status["CA_type"] = status["CA_type"]["verbose"]
- status["summary"] = status["summary"]["verbose"]
if full:
try:
_check_domain_is_ready_for_ACME(domain)
status["ACME_eligible"] = True
- except Exception:
- status["ACME_eligible"] = False
+ except Exception as e:
+ if e.key == "certmanager_domain_not_diagnosed_yet":
+ status["ACME_eligible"] = None # = unknown status
+ else:
+ status["ACME_eligible"] = False
del status["domain"]
certificates[domain] = status
@@ -131,6 +125,7 @@ def certificate_install(domain_list, force=False, no_checks=False, self_signed=F
def _certificate_install_selfsigned(domain_list, force=False):
+ failed_cert_install = []
for domain in domain_list:
operation_logger = OperationLogger(
@@ -154,7 +149,7 @@ def _certificate_install_selfsigned(domain_list, force=False):
if not force and os.path.isfile(current_cert_file):
status = _get_status(domain)
- if status["summary"]["code"] in ("good", "great"):
+ if status["style"] == "success":
raise YunohostValidationError(
"certmanager_attempt_to_replace_valid_cert", domain=domain
)
@@ -214,20 +209,24 @@ def _certificate_install_selfsigned(domain_list, force=False):
# Check new status indicate a recently created self-signed certificate
status = _get_status(domain)
- if (
- status
- and status["CA_type"]["code"] == "self-signed"
- and status["validity"] > 3648
- ):
+ if status and status["CA_type"] == "selfsigned" and status["validity"] > 3648:
logger.success(
m18n.n("certmanager_cert_install_success_selfsigned", domain=domain)
)
operation_logger.success()
else:
msg = f"Installation of self-signed certificate installation for {domain} failed !"
+ failed_cert_install.append(domain)
logger.error(msg)
+ logger.error(status)
operation_logger.error(msg)
+ if failed_cert_install:
+ raise YunohostError(
+ "certmanager_cert_install_failed_selfsigned",
+ domains=",".join(failed_cert_install),
+ )
+
def _certificate_install_letsencrypt(domains, force=False, no_checks=False):
from yunohost.domain import domain_list, _assert_domain_exists
@@ -241,7 +240,7 @@ def _certificate_install_letsencrypt(domains, force=False, no_checks=False):
for domain in domain_list()["domains"]:
status = _get_status(domain)
- if status["CA_type"]["code"] != "self-signed":
+ if status["CA_type"] != "selfsigned":
continue
domains.append(domain)
@@ -253,12 +252,13 @@ def _certificate_install_letsencrypt(domains, force=False, no_checks=False):
# Is it self-signed?
status = _get_status(domain)
- if not force and status["CA_type"]["code"] != "self-signed":
+ if not force and status["CA_type"] != "selfsigned":
raise YunohostValidationError(
"certmanager_domain_cert_not_selfsigned", domain=domain
)
# Actual install steps
+ failed_cert_install = []
for domain in domains:
if not no_checks:
@@ -287,11 +287,17 @@ def _certificate_install_letsencrypt(domains, force=False, no_checks=False):
logger.error(
f"Please consider checking the 'DNS records' (basic) and 'Web' categories of the diagnosis to check for possible issues that may prevent installing a Let's Encrypt certificate on domain {domain}."
)
+ failed_cert_install.append(domain)
else:
logger.success(m18n.n("certmanager_cert_install_success", domain=domain))
operation_logger.success()
+ if failed_cert_install:
+ raise YunohostError(
+ "certmanager_cert_install_failed", domains=",".join(failed_cert_install)
+ )
+
def certificate_renew(domains, force=False, no_checks=False, email=False):
"""
@@ -314,7 +320,7 @@ def certificate_renew(domains, force=False, no_checks=False, email=False):
# Does it have a Let's Encrypt cert?
status = _get_status(domain)
- if status["CA_type"]["code"] != "lets-encrypt":
+ if status["CA_type"] != "letsencrypt":
continue
# Does it expire soon?
@@ -349,7 +355,7 @@ def certificate_renew(domains, force=False, no_checks=False, email=False):
)
# Does it have a Let's Encrypt cert?
- if status["CA_type"]["code"] != "lets-encrypt":
+ if status["CA_type"] != "letsencrypt":
raise YunohostValidationError(
"certmanager_attempt_to_renew_nonLE_cert", domain=domain
)
@@ -361,6 +367,7 @@ def certificate_renew(domains, force=False, no_checks=False, email=False):
)
# Actual renew steps
+ failed_cert_install = []
for domain in domains:
if not no_checks:
@@ -402,6 +409,8 @@ def certificate_renew(domains, force=False, no_checks=False, email=False):
logger.error(stack.getvalue())
logger.error(str(e))
+ failed_cert_install.append(domain)
+
if email:
logger.error("Sending email with details to root ...")
_email_renewing_failed(domain, msg + "\n" + str(e), stack.getvalue())
@@ -409,6 +418,11 @@ def certificate_renew(domains, force=False, no_checks=False, email=False):
logger.success(m18n.n("certmanager_cert_renew_success", domain=domain))
operation_logger.success()
+ if failed_cert_install:
+ raise YunohostError(
+ "certmanager_cert_renew_failed", domains=",".join(failed_cert_install)
+ )
+
#
# Back-end stuff #
@@ -441,11 +455,16 @@ investigate :
-- Certificate Manager
"""
- import smtplib
+ try:
+ import smtplib
- smtp = smtplib.SMTP("localhost")
- smtp.sendmail(from_, [to_], message.encode("utf-8"))
- smtp.quit()
+ smtp = smtplib.SMTP("localhost")
+ smtp.sendmail(from_, [to_], message.encode("utf-8"))
+ smtp.quit()
+ except Exception as e:
+ # Dont miserably crash the whole auto renew cert when one renewal fails ...
+ # cf boring cases like https://github.com/YunoHost/issues/issues/2102
+ logger.exception(f"Failed to send mail about cert renewal failure ... : {e}")
def _check_acme_challenge_configuration(domain):
@@ -537,9 +556,9 @@ def _fetch_and_enable_new_certificate(domain, no_checks=False):
_enable_certificate(domain, new_cert_folder)
# Check the status of the certificate is now good
- status_summary = _get_status(domain)["summary"]
+ status_style = _get_status(domain)["style"]
- if status_summary["code"] != "great":
+ if status_style != "success":
raise YunohostError(
"certmanager_certificate_fetching_or_enabling_failed", domain=domain
)
@@ -554,10 +573,11 @@ def _prepare_certificate_signing_request(domain, key_file, output_folder):
# Set the domain
csr.get_subject().CN = domain
- from yunohost.domain import domain_list
+ from yunohost.domain import domain_config_get
- # For "parent" domains, include xmpp-upload subdomain in subject alternate names
- if domain in domain_list(exclude_subdomains=True)["domains"]:
+ # If XMPP is enabled for this domain, add xmpp-upload and muc subdomains
+ # in subject alternate names
+ if domain_config_get(domain, key="feature.xmpp.xmpp") == 1:
subdomain = "xmpp-upload." + domain
xmpp_records = (
Diagnoser.get_cached_report(
@@ -565,24 +585,30 @@ def _prepare_certificate_signing_request(domain, key_file, output_folder):
).get("data")
or {}
)
- if xmpp_records.get("CNAME:xmpp-upload") == "OK":
+ sanlist = []
+ for sub in ("xmpp-upload", "muc"):
+ subdomain = sub + "." + domain
+ if xmpp_records.get("CNAME:" + sub) == "OK":
+ sanlist.append(("DNS:" + subdomain))
+ else:
+ logger.warning(
+ m18n.n(
+ "certmanager_warning_subdomain_dns_record",
+ subdomain=subdomain,
+ domain=domain,
+ )
+ )
+
+ if sanlist:
csr.add_extensions(
[
crypto.X509Extension(
b"subjectAltName",
False,
- ("DNS:" + subdomain).encode("utf8"),
+ (", ".join(sanlist)).encode("utf-8"),
)
]
)
- else:
- logger.warning(
- m18n.n(
- "certmanager_warning_subdomain_dns_record",
- subdomain=subdomain,
- domain=domain,
- )
- )
# Set the key
with open(key_file, "rt") as f:
@@ -603,8 +629,6 @@ def _prepare_certificate_signing_request(domain, key_file, output_folder):
def _get_status(domain):
- import yunohost.domain
-
cert_file = os.path.join(CERT_FOLDER, domain, "crt.pem")
if not os.path.isfile(cert_file):
@@ -633,59 +657,34 @@ def _get_status(domain):
)
days_remaining = (valid_up_to - datetime.utcnow()).days
- if cert_issuer in ["yunohost.org"] + yunohost.domain.domain_list()["domains"]:
- CA_type = {
- "code": "self-signed",
- "verbose": "Self-signed",
- }
-
+ # Identify that a domain's cert is self-signed if the cert dir
+ # is actually a symlink to a dir ending with -selfsigned
+ if os.path.realpath(os.path.join(CERT_FOLDER, domain)).endswith("-selfsigned"):
+ CA_type = "selfsigned"
elif organization_name == "Let's Encrypt":
- CA_type = {
- "code": "lets-encrypt",
- "verbose": "Let's Encrypt",
- }
-
+ CA_type = "letsencrypt"
else:
- CA_type = {
- "code": "other-unknown",
- "verbose": "Other / Unknown",
- }
+ CA_type = "other"
if days_remaining <= 0:
- status_summary = {
- "code": "critical",
- "verbose": "CRITICAL",
- }
-
- elif CA_type["code"] in ("self-signed", "fake-lets-encrypt"):
- status_summary = {
- "code": "warning",
- "verbose": "WARNING",
- }
-
+ style = "danger"
+ summary = "expired"
+ elif CA_type == "selfsigned":
+ style = "warning"
+ summary = "selfsigned"
elif days_remaining < VALIDITY_LIMIT:
- status_summary = {
- "code": "attention",
- "verbose": "About to expire",
- }
-
- elif CA_type["code"] == "other-unknown":
- status_summary = {
- "code": "good",
- "verbose": "Good",
- }
-
- elif CA_type["code"] == "lets-encrypt":
- status_summary = {
- "code": "great",
- "verbose": "Great!",
- }
-
+ style = "warning"
+ summary = "abouttoexpire"
+ elif CA_type == "other":
+ style = "success"
+ summary = "ok"
+ elif CA_type == "letsencrypt":
+ style = "success"
+ summary = "letsencrypt"
else:
- status_summary = {
- "code": "unknown",
- "verbose": "Unknown?",
- }
+ # shouldnt happen, because CA_type can be only selfsigned, letsencrypt, or other
+ style = ""
+ summary = "wat"
return {
"domain": domain,
@@ -693,7 +692,8 @@ def _get_status(domain):
"CA_name": cert_issuer,
"CA_type": CA_type,
"validity": days_remaining,
- "summary": status_summary,
+ "style": style,
+ "summary": summary,
}
@@ -719,11 +719,8 @@ def _generate_key(destination_path):
def _set_permissions(path, user, group, permissions):
- uid = pwd.getpwnam(user).pw_uid
- gid = grp.getgrnam(group).gr_gid
-
- os.chown(path, uid, gid)
- os.chmod(path, permissions)
+ chown(path, user, group)
+ chmod(path, permissions)
def _enable_certificate(domain, new_cert_folder):
@@ -746,7 +743,7 @@ def _enable_certificate(domain, new_cert_folder):
logger.debug("Restarting services...")
- for service in ("postfix", "dovecot", "metronome"):
+ for service in ("dovecot", "metronome"):
# Ugly trick to not restart metronome if it's not installed
if (
service == "metronome"
@@ -758,7 +755,8 @@ def _enable_certificate(domain, new_cert_folder):
if os.path.isfile("/etc/yunohost/installed"):
# regen nginx conf to be sure it integrates OCSP Stapling
# (We don't do this yet if postinstall is not finished yet)
- regen_conf(names=["nginx"])
+ # We also regenconf for postfix to propagate the SNI hash map thingy
+ regen_conf(names=["nginx", "postfix"])
_run_service_command("reload", "nginx")
@@ -791,7 +789,7 @@ def _check_domain_is_ready_for_ACME(domain):
or {}
)
- parent_domain = _get_parent_domain_of(domain)
+ parent_domain = _get_parent_domain_of(domain, return_self=True)
dnsrecords = (
Diagnoser.get_cached_report(
@@ -908,6 +906,4 @@ def _name_self_CA():
def _tail(n, file_path):
- from moulinette.utils.process import check_output
-
return check_output(f"tail -n {n} '{file_path}'")
diff --git a/src/diagnosers/00-basesystem.py b/src/diagnosers/00-basesystem.py
index a36394ce8..5793a00aa 100644
--- a/src/diagnosers/00-basesystem.py
+++ b/src/diagnosers/00-basesystem.py
@@ -1,5 +1,21 @@
-#!/usr/bin/env python
-
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
import os
import json
import subprocess
@@ -9,7 +25,11 @@ from moulinette.utils import log
from moulinette.utils.process import check_output
from moulinette.utils.filesystem import read_file, read_json, write_to_json
from yunohost.diagnosis import Diagnoser
-from yunohost.utils.packages import ynh_packages_version
+from yunohost.utils.system import (
+ ynh_packages_version,
+ system_virt,
+ system_arch,
+)
logger = log.getActionLogger("yunohost.diagnosis")
@@ -22,15 +42,12 @@ class MyDiagnoser(Diagnoser):
def run(self):
- # Detect virt technology (if not bare metal) and arch
- # Gotta have this "|| true" because it systemd-detect-virt return 'none'
- # with an error code on bare metal ~.~
- virt = check_output("systemd-detect-virt || true", shell=True)
+ virt = system_virt()
if virt.lower() == "none":
virt = "bare-metal"
# Detect arch
- arch = check_output("dpkg --print-architecture")
+ arch = system_arch()
hardware = dict(
meta={"test": "hardware"},
status="INFO",
@@ -137,6 +154,37 @@ class MyDiagnoser(Diagnoser):
summary="diagnosis_backports_in_sources_list",
)
+ # Using yunohost testing channel
+ if (
+ os.system(
+ "grep -q '^\\s*deb\\s*.*yunohost.org.*\\stesting' /etc/apt/sources.list /etc/apt/sources.list.d/*"
+ )
+ == 0
+ ):
+ yield dict(
+ meta={"test": "apt_yunohost_channel"},
+ status="WARNING",
+ summary="diagnosis_using_yunohost_testing",
+ details=["diagnosis_using_yunohost_testing_details"],
+ )
+
+ # Apt being mapped to 'stable' (instead of 'buster/bullseye/bookworm/trixie/...')
+ # will cause the machine to spontaenously upgrade everything as soon as next debian is released ...
+ # Note that we grep this from the policy for libc6, because it's hard to know exactly which apt repo
+ # is configured (it may not be simply debian.org)
+ if (
+ os.system(
+ "apt policy libc6 2>/dev/null | grep '^\\s*500' | awk '{print $3}' | tr '/' ' ' | awk '{print $1}' | grep -q 'stable'"
+ )
+ == 0
+ ):
+ yield dict(
+ meta={"test": "apt_debian_codename"},
+ status="WARNING",
+ summary="diagnosis_using_stable_codename",
+ details=["diagnosis_using_stable_codename_details"],
+ )
+
if self.number_of_recent_auth_failure() > 750:
yield dict(
meta={"test": "high_number_auth_failure"},
diff --git a/src/diagnosers/10-ip.py b/src/diagnosers/10-ip.py
index 247c486fc..b2bedc802 100644
--- a/src/diagnosers/10-ip.py
+++ b/src/diagnosers/10-ip.py
@@ -1,5 +1,21 @@
-#!/usr/bin/env python
-
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
import re
import os
import random
@@ -221,5 +237,5 @@ class MyDiagnoser(Diagnoser):
except Exception as e:
protocol = str(protocol)
e = str(e)
- self.logger_debug(f"Could not get public IPv{protocol} : {e}")
+ logger.debug(f"Could not get public IPv{protocol} : {e}")
return None
diff --git a/src/diagnosers/12-dnsrecords.py b/src/diagnosers/12-dnsrecords.py
index 4d30bb1a7..92d795ea9 100644
--- a/src/diagnosers/12-dnsrecords.py
+++ b/src/diagnosers/12-dnsrecords.py
@@ -1,5 +1,21 @@
-#!/usr/bin/env python
-
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
import os
import re
from typing import List
@@ -105,7 +121,7 @@ class MyDiagnoser(Diagnoser):
if r["value"] == "@":
r["value"] = domain + "."
elif r["type"] == "CNAME":
- r["value"] = r["value"] + f".{base_dns_zone}."
+ r["value"] = r["value"] # + f".{base_dns_zone}."
if self.current_record_match_expected(r):
results[id_] = "OK"
@@ -207,6 +223,11 @@ class MyDiagnoser(Diagnoser):
expected = r["value"].split()[-1]
current = r["current"].split()[-1]
return expected == current
+ elif r["type"] == "CAA":
+ # For CAA, check only the last item, ignore the 0 / 128 nightmare
+ expected = r["value"].split()[-1]
+ current = r["current"].split()[-1]
+ return expected == current
else:
return r["current"] == r["value"]
diff --git a/src/diagnosers/14-ports.py b/src/diagnosers/14-ports.py
index be172e524..5671211b5 100644
--- a/src/diagnosers/14-ports.py
+++ b/src/diagnosers/14-ports.py
@@ -1,5 +1,21 @@
-#!/usr/bin/env python
-
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
import os
from typing import List
diff --git a/src/diagnosers/21-web.py b/src/diagnosers/21-web.py
index 584505ad1..4a69895b2 100644
--- a/src/diagnosers/21-web.py
+++ b/src/diagnosers/21-web.py
@@ -1,11 +1,27 @@
-#!/usr/bin/env python
-
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
import os
import random
import requests
from typing import List
-from moulinette.utils.filesystem import read_file
+from moulinette.utils.filesystem import read_file, mkdir, rm
from yunohost.diagnosis import Diagnoser
from yunohost.domain import domain_list
@@ -46,8 +62,8 @@ class MyDiagnoser(Diagnoser):
domains_to_check.append(domain)
self.nonce = "".join(random.choice("0123456789abcedf") for i in range(16))
- os.system("rm -rf /tmp/.well-known/ynh-diagnosis/")
- os.system("mkdir -p /tmp/.well-known/ynh-diagnosis/")
+ rm("/tmp/.well-known/ynh-diagnosis/", recursive=True, force=True)
+ mkdir("/tmp/.well-known/ynh-diagnosis/", parents=True)
os.system("touch /tmp/.well-known/ynh-diagnosis/%s" % self.nonce)
if not domains_to_check:
diff --git a/src/diagnosers/24-mail.py b/src/diagnosers/24-mail.py
index 7fe7a08db..88d6a8259 100644
--- a/src/diagnosers/24-mail.py
+++ b/src/diagnosers/24-mail.py
@@ -1,5 +1,21 @@
-#!/usr/bin/env python
-
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
import os
import dns.resolver
import re
@@ -291,7 +307,7 @@ class MyDiagnoser(Diagnoser):
if global_ipv4:
outgoing_ips.append(global_ipv4)
- if settings_get("smtp.allow_ipv6"):
+ if settings_get("email.smtp.smtp_allow_ipv6"):
ipv6 = Diagnoser.get_cached_report("ip", {"test": "ipv6"}) or {}
if ipv6.get("status") == "SUCCESS":
outgoing_ipversions.append(6)
diff --git a/src/diagnosers/30-services.py b/src/diagnosers/30-services.py
index f09688911..7adfd7c01 100644
--- a/src/diagnosers/30-services.py
+++ b/src/diagnosers/30-services.py
@@ -1,5 +1,21 @@
-#!/usr/bin/env python
-
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
import os
from typing import List
diff --git a/src/diagnosers/50-systemresources.py b/src/diagnosers/50-systemresources.py
index 6ac7f0ec4..50933b9f9 100644
--- a/src/diagnosers/50-systemresources.py
+++ b/src/diagnosers/50-systemresources.py
@@ -1,4 +1,21 @@
-#!/usr/bin/env python
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
import os
import psutil
import datetime
diff --git a/src/diagnosers/70-regenconf.py b/src/diagnosers/70-regenconf.py
index 591f883a4..8c0bf74cc 100644
--- a/src/diagnosers/70-regenconf.py
+++ b/src/diagnosers/70-regenconf.py
@@ -1,5 +1,21 @@
-#!/usr/bin/env python
-
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
import os
import re
from typing import List
@@ -53,7 +69,7 @@ class MyDiagnoser(Diagnoser):
)
# Check consistency between actual ssh port in sshd_config vs. setting
- ssh_port_setting = settings_get("security.ssh.port")
+ ssh_port_setting = settings_get("security.ssh.ssh_port")
ssh_port_line = re.findall(
r"\bPort *([0-9]{2,5})\b", read_file("/etc/ssh/sshd_config")
)
diff --git a/src/diagnosers/80-apps.py b/src/diagnosers/80-apps.py
index 56e45f831..faff925e6 100644
--- a/src/diagnosers/80-apps.py
+++ b/src/diagnosers/80-apps.py
@@ -1,5 +1,21 @@
-#!/usr/bin/env python
-
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
import os
from typing import List
@@ -64,7 +80,9 @@ class MyDiagnoser(Diagnoser):
yunohost_version_req = (
app["manifest"].get("requirements", {}).get("yunohost", "").strip(">= ")
)
- if yunohost_version_req.startswith("2."):
+ if yunohost_version_req.startswith("2.") or yunohost_version_req.startswith(
+ "3."
+ ):
yield ("error", "diagnosis_apps_outdated_ynh_requirement")
deprecated_helpers = [
diff --git a/src/diagnosers/__init__.py b/src/diagnosers/__init__.py
index e69de29bb..5cad500fa 100644
--- a/src/diagnosers/__init__.py
+++ b/src/diagnosers/__init__.py
@@ -0,0 +1,18 @@
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
diff --git a/src/diagnosis.py b/src/diagnosis.py
index 007719dfc..2dff6a40d 100644
--- a/src/diagnosis.py
+++ b/src/diagnosis.py
@@ -1,29 +1,21 @@
-# -*- coding: utf-8 -*-
-
-""" License
-
- Copyright (C) 2018 YunoHost
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program; if not, see http://www.gnu.org/licenses
-
-"""
-
-""" diagnosis.py
-
- Look for possible issues on the server
-"""
-
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
import re
import os
import time
diff --git a/src/dns.py b/src/dns.py
index 44547d412..085f47471 100644
--- a/src/dns.py
+++ b/src/dns.py
@@ -1,28 +1,21 @@
-# -*- coding: utf-8 -*-
-
-""" License
-
- Copyright (C) 2013 YunoHost
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program; if not, see http://www.gnu.org/licenses
-
-"""
-
-""" yunohost_domain.py
-
- Manage domains
-"""
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
import os
import re
import time
@@ -35,12 +28,12 @@ from moulinette.utils.log import getActionLogger
from moulinette.utils.filesystem import read_file, write_to_file, read_toml, mkdir
from yunohost.domain import (
- domain_list,
_assert_domain_exists,
domain_config_get,
_get_domain_settings,
_set_domain_settings,
_list_subdomains_of,
+ _get_parent_domain_of,
)
from yunohost.utils.dns import dig, is_yunohost_dyndns_domain, is_special_use_tld
from yunohost.utils.error import YunohostValidationError, YunohostError
@@ -235,10 +228,10 @@ def _build_dns_conf(base_domain, include_empty_AAAA_if_no_ipv6=False):
"SRV",
f"0 5 5269 {domain}.",
],
- [f"muc{suffix}", ttl, "CNAME", basename],
- [f"pubsub{suffix}", ttl, "CNAME", basename],
- [f"vjud{suffix}", ttl, "CNAME", basename],
- [f"xmpp-upload{suffix}", ttl, "CNAME", basename],
+ [f"muc{suffix}", ttl, "CNAME", f"{domain}."],
+ [f"pubsub{suffix}", ttl, "CNAME", f"{domain}."],
+ [f"vjud{suffix}", ttl, "CNAME", f"{domain}."],
+ [f"xmpp-upload{suffix}", ttl, "CNAME", f"{domain}."],
]
#########
@@ -446,8 +439,8 @@ def _get_dns_zone_for_domain(domain):
# This is another strick to try to prevent this function from being
# a bottleneck on system with 1 main domain + 10ish subdomains
# when building the dns conf for the main domain (which will call domain_config_get, etc...)
- parent_domain = domain.split(".", 1)[1]
- if parent_domain in domain_list()["domains"]:
+ parent_domain = _get_parent_domain_of(domain)
+ if parent_domain:
parent_cache_file = f"{cache_folder}/{parent_domain}"
if (
os.path.exists(parent_cache_file)
@@ -512,17 +505,21 @@ def _get_registrar_config_section(domain):
from lexicon.providers.auto import _relevant_provider_for_domain
- registrar_infos = {}
+ registrar_infos = {
+ "name": m18n.n(
+ "registrar_infos"
+ ), # This is meant to name the config panel section, for proper display in the webadmin
+ }
dns_zone = _get_dns_zone_for_domain(domain)
# If parent domain exists in yunohost
- parent_domain = domain.split(".", 1)[1]
- if parent_domain in domain_list()["domains"]:
+ parent_domain = _get_parent_domain_of(domain, topest=True)
+ if parent_domain:
# Dirty hack to have a link on the webadmin
if Moulinette.interface.type == "api":
- parent_domain_link = f"[{parent_domain}](#/domains/{parent_domain}/config)"
+ parent_domain_link = f"[{parent_domain}](#/domains/{parent_domain}/dns)"
else:
parent_domain_link = parent_domain
@@ -532,7 +529,7 @@ def _get_registrar_config_section(domain):
"style": "info",
"ask": m18n.n(
"domain_dns_registrar_managed_in_parent_domain",
- parent_domain=domain,
+ parent_domain=parent_domain,
parent_domain_link=parent_domain_link,
),
"value": "parent_domain",
@@ -664,7 +661,7 @@ def domain_dns_push_unique(operation_logger, domain, dry_run=False, force=False,
return {}
if registrar == "parent_domain":
- parent_domain = domain.split(".", 1)[1]
+ parent_domain = _get_parent_domain_of(domain, topest=True)
registrar, registrar_credentials = _get_registar_settings(parent_domain)
if any(registrar_credentials.values()):
raise YunohostValidationError(
diff --git a/src/domain.py b/src/domain.py
index f6b99b5cb..67f39aa71 100644
--- a/src/domain.py
+++ b/src/domain.py
@@ -1,30 +1,25 @@
-# -*- coding: utf-8 -*-
-
-""" License
-
- Copyright (C) 2013 YunoHost
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program; if not, see http://www.gnu.org/licenses
-
-"""
-
-""" yunohost_domain.py
-
- Manage domains
-"""
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
import os
-from typing import Dict, Any
+import time
+from typing import List, Optional
+from collections import OrderedDict
from moulinette import m18n, Moulinette
from moulinette.core import MoulinetteError
@@ -45,71 +40,151 @@ from yunohost.log import is_unit_operation
logger = getActionLogger("yunohost.domain")
-DOMAIN_CONFIG_PATH = "/usr/share/yunohost/config_domain.toml"
DOMAIN_SETTINGS_DIR = "/etc/yunohost/domains"
# Lazy dev caching to avoid re-query ldap every time we need the domain list
-domain_list_cache: Dict[str, Any] = {}
+# The cache automatically expire every 15 seconds, to prevent desync between
+# yunohost CLI and API which run in different processes
+domain_list_cache: List[str] = []
+domain_list_cache_timestamp = 0
+main_domain_cache: Optional[str] = None
+main_domain_cache_timestamp = 0
+DOMAIN_CACHE_DURATION = 15
-def domain_list(exclude_subdomains=False, auto_push=False, full=False):
+def _get_maindomain():
+ global main_domain_cache
+ global main_domain_cache_timestamp
+ if (
+ not main_domain_cache
+ or abs(main_domain_cache_timestamp - time.time()) > DOMAIN_CACHE_DURATION
+ ):
+ with open("/etc/yunohost/current_host", "r") as f:
+ main_domain_cache = f.readline().rstrip()
+ main_domain_cache_timestamp = time.time()
+
+ return main_domain_cache
+
+
+def _get_domains(exclude_subdomains=False):
+ global domain_list_cache
+ global domain_list_cache_timestamp
+ if (
+ not domain_list_cache
+ or abs(domain_list_cache_timestamp - time.time()) > DOMAIN_CACHE_DURATION
+ ):
+ from yunohost.utils.ldap import _get_ldap_interface
+
+ ldap = _get_ldap_interface()
+ result = [
+ entry["virtualdomain"][0]
+ for entry in ldap.search("ou=domains", "virtualdomain=*", ["virtualdomain"])
+ ]
+
+ def cmp_domain(domain):
+ # Keep the main part of the domain and the extension together
+ # eg: this.is.an.example.com -> ['example.com', 'an', 'is', 'this']
+ domain = domain.split(".")
+ domain[-1] = domain[-2] + domain.pop()
+ return list(reversed(domain))
+
+ domain_list_cache = sorted(result, key=cmp_domain)
+ domain_list_cache_timestamp = time.time()
+
+ if exclude_subdomains:
+ return [
+ domain for domain in domain_list_cache if not _get_parent_domain_of(domain)
+ ]
+
+ return domain_list_cache
+
+
+def domain_list(exclude_subdomains=False, tree=False, features=[]):
"""
List domains
Keyword argument:
exclude_subdomains -- Filter out domains that are subdomains of other declared domains
+ tree -- Display domains as a hierarchy tree
"""
- global domain_list_cache
- if not (exclude_subdomains or full) and domain_list_cache:
- return domain_list_cache
- from yunohost.utils.ldap import _get_ldap_interface
+ domains = _get_domains(exclude_subdomains)
+ main = _get_maindomain()
- ldap = _get_ldap_interface()
- result = [
- entry["virtualdomain"][0]
- for entry in ldap.search("ou=domains", "virtualdomain=*", ["virtualdomain"])
- ]
+ if features:
+ domains_filtered = []
+ for domain in domains:
+ config = domain_config_get(domain, key="feature", export=True)
+ config += domain_config_get(domain, key="dns.zone", export=True)
+ if any(config.get(feature) == 1 for feature in features):
+ domains_filtered.append(domain)
+ domains = domains_filtered
- result_list = []
- for domain in result:
- if exclude_subdomains:
- parent_domain = domain.split(".", 1)[1]
- if parent_domain in result:
- continue
- if auto_push and not domain_config_get(domain, key="dns.zone.autopush"):
- continue
+ if not tree:
+ return {"domains": domains, "main": main}
- result_list.append(domain)
+ if tree and exclude_subdomains:
+ return {
+ "domains": OrderedDict({domain: {} for domain in domains}),
+ "main": main,
+ }
- def cmp_domain(domain):
- # Keep the main part of the domain and the extension together
- # eg: this.is.an.example.com -> ['example.com', 'an', 'is', 'this']
- domain = domain.split(".")
- domain[-1] = domain[-2] + domain.pop()
- domain = list(reversed(domain))
- return domain
+ def get_parent_dict(tree, child):
+ # If parent exists it should be the last added (see `_get_domains` ordering)
+ possible_parent = next(reversed(tree)) if tree else None
+ if possible_parent and child.endswith(f".{possible_parent}"):
+ return get_parent_dict(tree[possible_parent], child)
+ return tree
- result_list = sorted(result_list, key=cmp_domain)
+ result = OrderedDict()
+ for domain in domains:
+ parent = get_parent_dict(result, domain)
+ parent[domain] = OrderedDict()
- if full:
- for i in range(len(result_list)):
- domain = result_list[i]
- dyndns = is_yunohost_dyndns_domain(domain) and len(domain.split(".")) == 3
- result_list[i] = {'name': domain, 'isdyndns': dyndns}
+ return {"domains": result, "main": main}
- result = {"domains": result_list, "main": _get_maindomain()}
- # Cache answer only if not using exclude_subdomains or full
- if not (full or exclude_subdomains):
- domain_list_cache = result
+def domain_info(domain):
+ """
+ Print aggregate data for a specific domain
- return result
+ Keyword argument:
+ domain -- Domain to be checked
+ """
+
+ from yunohost.app import app_info
+ from yunohost.dns import _get_registar_settings
+
+ _assert_domain_exists(domain)
+
+ registrar, _ = _get_registar_settings(domain)
+ certificate = domain_cert_status([domain], full=True)["certificates"][domain]
+
+ apps = []
+ for app in _installed_apps():
+ settings = _get_app_settings(app)
+ if settings.get("domain") == domain:
+ apps.append(
+ {
+ "name": app_info(app)["name"],
+ "id": app,
+ "path": settings.get("path", ""),
+ }
+ )
+
+ return {
+ "certificate": certificate,
+ "registrar": registrar,
+ "apps": apps,
+ "main": _get_maindomain() == domain,
+ "topest_parent": _get_parent_domain_of(domain, topest=True),
+ # TODO : add parent / child domains ?
+ }
def _assert_domain_exists(domain):
- if domain not in domain_list()["domains"]:
+ if domain not in _get_domains():
raise YunohostValidationError("domain_unknown", domain=domain)
@@ -118,26 +193,24 @@ def _list_subdomains_of(parent_domain):
_assert_domain_exists(parent_domain)
out = []
- for domain in domain_list()["domains"]:
+ for domain in _get_domains():
if domain.endswith(f".{parent_domain}"):
out.append(domain)
return out
-def _get_parent_domain_of(domain):
+def _get_parent_domain_of(domain, return_self=False, topest=False):
- _assert_domain_exists(domain)
+ domains = _get_domains(exclude_subdomains=topest)
- if "." not in domain:
- return domain
+ domain_ = domain
+ while "." in domain_:
+ domain_ = domain_.split(".", 1)[1]
+ if domain_ in domains:
+ return domain_
- parent_domain = domain.split(".", 1)[-1]
- if parent_domain not in domain_list()["domains"]:
- return domain # Domain is its own parent
-
- else:
- return _get_parent_domain_of(parent_domain)
+ return domain if return_self else None
@is_unit_operation(exclude=["dyndns_password_recovery"])
@@ -163,6 +236,9 @@ def domain_add(operation_logger, domain, dyndns_password_recovery=None, no_subsc
if domain.startswith("xmpp-upload."):
raise YunohostValidationError("domain_cannot_add_xmpp_upload")
+ if domain.startswith("muc."):
+ raise YunohostError("domain_cannot_add_muc_upload")
+
ldap = _get_ldap_interface()
try:
@@ -222,7 +298,7 @@ def domain_add(operation_logger, domain, dyndns_password_recovery=None, no_subsc
raise YunohostError("domain_creation_failed", domain=domain, error=e)
finally:
global domain_list_cache
- domain_list_cache = {}
+ domain_list_cache = []
# Don't regen these conf if we're still in postinstall
if os.path.exists("/etc/yunohost/installed"):
@@ -283,7 +359,7 @@ def domain_remove(operation_logger, domain, remove_apps=False, force=False, dynd
# Check domain is not the main domain
if domain == _get_maindomain():
- other_domains = domain_list()["domains"]
+ other_domains = _get_domains()
other_domains.remove(domain)
if other_domains:
@@ -353,7 +429,7 @@ def domain_remove(operation_logger, domain, remove_apps=False, force=False, dynd
raise YunohostError("domain_deletion_failed", domain=domain, error=e)
finally:
global domain_list_cache
- domain_list_cache = {}
+ domain_list_cache = []
stuff_to_delete = [
f"/etc/yunohost/certs/{domain}",
@@ -449,6 +525,8 @@ def domain_main_domain(operation_logger, new_main_domain=None):
if not new_main_domain:
return {"current_main_domain": _get_maindomain()}
+ old_main_domain = _get_maindomain()
+
# Check domain exists
_assert_domain_exists(new_main_domain)
@@ -458,8 +536,8 @@ def domain_main_domain(operation_logger, new_main_domain=None):
# Apply changes to ssl certs
try:
write_to_file("/etc/yunohost/current_host", new_main_domain)
- global domain_list_cache
- domain_list_cache = {}
+ global main_domain_cache
+ main_domain_cache = new_main_domain
_set_hostname(new_main_domain)
except Exception as e:
logger.warning(str(e), exc_info=1)
@@ -472,6 +550,12 @@ def domain_main_domain(operation_logger, new_main_domain=None):
if os.path.exists("/etc/yunohost/installed"):
regen_conf()
+ from yunohost.user import _update_admins_group_aliases
+
+ _update_admins_group_aliases(
+ old_main_domain=old_main_domain, new_main_domain=new_main_domain
+ )
+
logger.success(m18n.n("main_domain_changed"))
@@ -487,12 +571,6 @@ def domain_url_available(domain, path):
return len(_get_conflicting_apps(domain, path)) == 0
-def _get_maindomain():
- with open("/etc/yunohost/current_host", "r") as f:
- maindomain = f.readline().rstrip()
- return maindomain
-
-
def domain_config_get(domain, key="", full=False, export=False):
"""
Display a domain configuration
@@ -538,7 +616,7 @@ class DomainConfigPanel(ConfigPanel):
):
from yunohost.app import app_ssowatconf, app_map
- if "/" in app_map(raw=True)[self.entity]:
+ if "/" in app_map(raw=True).get(self.entity, {}):
raise YunohostValidationError(
"app_make_default_location_already_used",
app=self.future_values["default_app"],
@@ -555,6 +633,30 @@ class DomainConfigPanel(ConfigPanel):
):
app_ssowatconf()
+ stuff_to_regen_conf = []
+ if (
+ "xmpp" in self.future_values
+ and self.future_values["xmpp"] != self.values["xmpp"]
+ ):
+ stuff_to_regen_conf.append("nginx")
+ stuff_to_regen_conf.append("metronome")
+
+ if (
+ "mail_in" in self.future_values
+ and self.future_values["mail_in"] != self.values["mail_in"]
+ ) or (
+ "mail_out" in self.future_values
+ and self.future_values["mail_out"] != self.values["mail_out"]
+ ):
+ if "nginx" not in stuff_to_regen_conf:
+ stuff_to_regen_conf.append("nginx")
+ stuff_to_regen_conf.append("postfix")
+ stuff_to_regen_conf.append("dovecot")
+ stuff_to_regen_conf.append("rspamd")
+
+ if stuff_to_regen_conf:
+ regen_conf(names=stuff_to_regen_conf)
+
def _get_toml(self):
toml = super()._get_toml()
@@ -576,6 +678,32 @@ class DomainConfigPanel(ConfigPanel):
self.registar_id = toml["dns"]["registrar"]["registrar"]["value"]
del toml["dns"]["registrar"]["registrar"]["value"]
+ # Cert stuff
+ if not filter_key or filter_key[0] == "cert":
+
+ from yunohost.certificate import certificate_status
+
+ status = certificate_status([self.entity], full=True)["certificates"][
+ self.entity
+ ]
+
+ toml["cert"]["cert"]["cert_summary"]["style"] = status["style"]
+
+ # i18n: domain_config_cert_summary_expired
+ # i18n: domain_config_cert_summary_selfsigned
+ # i18n: domain_config_cert_summary_abouttoexpire
+ # i18n: domain_config_cert_summary_ok
+ # i18n: domain_config_cert_summary_letsencrypt
+ toml["cert"]["cert"]["cert_summary"]["ask"] = m18n.n(
+ f"domain_config_cert_summary_{status['summary']}"
+ )
+
+ # Other specific strings used in config panels
+ # i18n: domain_config_cert_renew_help
+
+ # FIXME: Ugly hack to save the cert status and reinject it in _load_current_values ...
+ self.cert_status = status
+
return toml
def _load_current_values(self):
@@ -588,6 +716,28 @@ class DomainConfigPanel(ConfigPanel):
if not filter_key or filter_key[0] == "dns":
self.values["registrar"] = self.registar_id
+ # FIXME: Ugly hack to save the cert status and reinject it in _load_current_values ...
+ if not filter_key or filter_key[0] == "cert":
+ self.values["cert_validity"] = self.cert_status["validity"]
+ self.values["cert_issuer"] = self.cert_status["CA_type"]
+ self.values["acme_eligible"] = self.cert_status["ACME_eligible"]
+ self.values["summary"] = self.cert_status["summary"]
+
+
+def domain_action_run(domain, action, args=None):
+
+ import urllib.parse
+
+ if action == "cert.cert.cert_install":
+ from yunohost.certificate import certificate_install as action_func
+ elif action == "cert.cert.cert_renew":
+ from yunohost.certificate import certificate_renew as action_func
+
+ args = dict(urllib.parse.parse_qsl(args or "", keep_blank_values=True))
+ no_checks = args["cert_no_checks"] in ("y", "yes", "on", "1")
+
+ action_func([domain], force=True, no_checks=no_checks)
+
def _get_domain_settings(domain: str) -> dict:
diff --git a/src/dyndns.py b/src/dyndns.py
index 9fd25442c..d1049e756 100644
--- a/src/dyndns.py
+++ b/src/dyndns.py
@@ -1,28 +1,21 @@
-# -*- coding: utf-8 -*-
-
-""" License
-
- Copyright (C) 2013 YunoHost
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program; if not, see http://www.gnu.org/licenses
-
-"""
-
-""" yunohost_dyndns.py
-
- Subscribe and Update DynDNS Hosts
-"""
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
import os
import json
import glob
diff --git a/src/firewall.py b/src/firewall.py
index a1c0b187f..6cf68f1f7 100644
--- a/src/firewall.py
+++ b/src/firewall.py
@@ -1,28 +1,21 @@
-# -*- coding: utf-8 -*-
-
-""" License
-
- Copyright (C) 2013 YunoHost
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program; if not, see http://www.gnu.org/licenses
-
-"""
-
-""" yunohost_firewall.py
-
- Manage firewall rules
-"""
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
import os
import yaml
import miniupnpc
@@ -39,7 +32,13 @@ logger = getActionLogger("yunohost.firewall")
def firewall_allow(
- protocol, port, ipv4_only=False, ipv6_only=False, no_upnp=False, no_reload=False
+ protocol,
+ port,
+ ipv4_only=False,
+ ipv6_only=False,
+ no_upnp=False,
+ no_reload=False,
+ reload_only_if_change=False,
):
"""
Allow connections on a port
@@ -77,14 +76,20 @@ def firewall_allow(
"ipv6",
]
+ changed = False
+
for p in protocols:
# Iterate over IP versions to add port
for i in ipvs:
if port not in firewall[i][p]:
firewall[i][p].append(port)
+ changed = True
else:
ipv = "IPv%s" % i[3]
- logger.warning(m18n.n("port_already_opened", port=port, ip_version=ipv))
+ if not reload_only_if_change:
+ logger.warning(
+ m18n.n("port_already_opened", port=port, ip_version=ipv)
+ )
# Add port forwarding with UPnP
if not no_upnp and port not in firewall["uPnP"][p]:
firewall["uPnP"][p].append(port)
@@ -96,12 +101,18 @@ def firewall_allow(
# Update and reload firewall
_update_firewall_file(firewall)
- if not no_reload:
+ if not no_reload or (reload_only_if_change and changed):
return firewall_reload()
def firewall_disallow(
- protocol, port, ipv4_only=False, ipv6_only=False, upnp_only=False, no_reload=False
+ protocol,
+ port,
+ ipv4_only=False,
+ ipv6_only=False,
+ upnp_only=False,
+ no_reload=False,
+ reload_only_if_change=False,
):
"""
Disallow connections on a port
@@ -146,14 +157,20 @@ def firewall_disallow(
elif upnp_only:
ipvs = []
+ changed = False
+
for p in protocols:
# Iterate over IP versions to remove port
for i in ipvs:
if port in firewall[i][p]:
firewall[i][p].remove(port)
+ changed = True
else:
ipv = "IPv%s" % i[3]
- logger.warning(m18n.n("port_already_closed", port=port, ip_version=ipv))
+ if not reload_only_if_change:
+ logger.warning(
+ m18n.n("port_already_closed", port=port, ip_version=ipv)
+ )
# Remove port forwarding with UPnP
if upnp and port in firewall["uPnP"][p]:
firewall["uPnP"][p].remove(port)
@@ -163,7 +180,7 @@ def firewall_disallow(
# Update and reload firewall
_update_firewall_file(firewall)
- if not no_reload:
+ if not no_reload or (reload_only_if_change and changed):
return firewall_reload()
diff --git a/src/hook.py b/src/hook.py
index 70d3b281b..d985f5184 100644
--- a/src/hook.py
+++ b/src/hook.py
@@ -1,28 +1,21 @@
-# -*- coding: utf-8 -*-
-
-""" License
-
- Copyright (C) 2013 YunoHost
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program; if not, see http://www.gnu.org/licenses
-
-"""
-
-""" yunohost_hook.py
-
- Manage hooks
-"""
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
import os
import re
import sys
diff --git a/src/log.py b/src/log.py
index 9f9e0b753..6525b904d 100644
--- a/src/log.py
+++ b/src/log.py
@@ -1,29 +1,21 @@
-# -*- coding: utf-8 -*-
-
-""" License
-
- Copyright (C) 2018 YunoHost
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program; if not, see http://www.gnu.org/licenses
-
-"""
-
-""" yunohost_log.py
-
- Manage debug logs
-"""
-
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
import os
import re
import yaml
@@ -38,7 +30,7 @@ from io import IOBase
from moulinette import m18n, Moulinette
from moulinette.core import MoulinetteError
from yunohost.utils.error import YunohostError, YunohostValidationError
-from yunohost.utils.packages import get_ynh_package_version
+from yunohost.utils.system import get_ynh_package_version
from moulinette.utils.log import getActionLogger
from moulinette.utils.filesystem import read_file, read_yaml
diff --git a/src/migrations/0021_migrate_to_bullseye.py b/src/migrations/0021_migrate_to_bullseye.py
index 72dab1c4d..54917cf95 100644
--- a/src/migrations/0021_migrate_to_bullseye.py
+++ b/src/migrations/0021_migrate_to_bullseye.py
@@ -15,8 +15,8 @@ from yunohost.tools import (
)
from yunohost.app import unstable_apps
from yunohost.regenconf import manually_modified_files, _force_clear_hashes
-from yunohost.utils.filesystem import free_space_in_directory
-from yunohost.utils.packages import (
+from yunohost.utils.system import (
+ free_space_in_directory,
get_ynh_package_version,
_list_upgradable_apt_packages,
)
@@ -27,8 +27,48 @@ logger = getActionLogger("yunohost.migration")
N_CURRENT_DEBIAN = 10
N_CURRENT_YUNOHOST = 4
-N_NEXT_DEBAN = 11
-N_NEXT_YUNOHOST = 11
+VENV_REQUIREMENTS_SUFFIX = ".requirements_backup_for_bullseye_upgrade.txt"
+
+
+def _get_all_venvs(dir, level=0, maxlevel=3):
+ """
+ Returns the list of all python virtual env directories recursively
+
+ Arguments:
+ dir - the directory to scan in
+ maxlevel - the depth of the recursion
+ level - do not edit this, used as an iterator
+ """
+ if not os.path.exists(dir):
+ return []
+
+ result = []
+ # Using os functions instead of glob, because glob doesn't support hidden folders, and we need recursion with a fixed depth
+ for file in os.listdir(dir):
+ path = os.path.join(dir, file)
+ if os.path.isdir(path):
+ activatepath = os.path.join(path, "bin", "activate")
+ if os.path.isfile(activatepath):
+ content = read_file(activatepath)
+ if ("VIRTUAL_ENV" in content) and ("PYTHONHOME" in content):
+ result.append(path)
+ continue
+ if level < maxlevel:
+ result += _get_all_venvs(path, level=level + 1)
+ return result
+
+
+def _backup_pip_freeze_for_python_app_venvs():
+ """
+ Generate a requirements file for all python virtual env located inside /opt/ and /var/www/
+ """
+
+ venvs = _get_all_venvs("/opt/") + _get_all_venvs("/var/www/")
+ for venv in venvs:
+ # Generate a requirements file from venv
+ os.system(
+ f"{venv}/bin/pip freeze > {venv}{VENV_REQUIREMENTS_SUFFIX} 2>/dev/null"
+ )
class MyMigration(Migration):
@@ -56,6 +96,9 @@ class MyMigration(Migration):
logger.info(m18n.n("migration_0021_patching_sources_list"))
self.patch_apt_sources_list()
+ # Stupid OVH has some repo configured which dont work with bullseye and break apt ...
+ os.system("sudo rm -f /etc/apt/sources.list.d/ovh-*.list")
+
# Force add sury if it's not there yet
# This is to solve some weird issue with php-common breaking php7.3-common,
# hence breaking many php7.3-deps
@@ -66,9 +109,23 @@ class MyMigration(Migration):
open("/etc/apt/sources.list.d/extra_php_version.list", "w").write(
"deb https://packages.sury.org/php/ bullseye main"
)
- os.system(
- 'wget --timeout 900 --quiet "https://packages.sury.org/php/apt.gpg" --output-document=- | gpg --dearmor >"/etc/apt/trusted.gpg.d/extra_php_version.gpg"'
- )
+
+ # Add Sury key even if extra_php_version.list was already there,
+ # because some old system may be using an outdated key not valid for Bullseye
+ # and that'll block the migration
+ os.system(
+ 'wget --timeout 900 --quiet "https://packages.sury.org/php/apt.gpg" --output-document=- | gpg --dearmor >"/etc/apt/trusted.gpg.d/extra_php_version.gpg"'
+ )
+
+ # Remove legacy, duplicated sury entry if it exists
+ if os.path.exists("/etc/apt/sources.list.d/sury.list"):
+ os.system("rm -rf /etc/apt/sources.list.d/sury.list")
+
+ #
+ # Get requirements of the different venvs from python apps
+ #
+
+ _backup_pip_freeze_for_python_app_venvs()
#
# Run apt update
@@ -141,6 +198,47 @@ class MyMigration(Migration):
del services["postgresql"]
_save_services(services)
+ #
+ # Critical fix for RPI otherwise network is down after rebooting
+ # https://forum.yunohost.org/t/20652
+ #
+ if os.system("systemctl | grep -q dhcpcd") == 0:
+ logger.info("Applying fix for DHCPCD ...")
+ os.system("mkdir -p /etc/systemd/system/dhcpcd.service.d")
+ write_to_file(
+ "/etc/systemd/system/dhcpcd.service.d/wait.conf",
+ "[Service]\nExecStart=\nExecStart=/usr/sbin/dhcpcd -w",
+ )
+
+ #
+ # Another boring fix for the super annoying libc6-dev: Breaks libgcc-8-dev
+ # https://forum.yunohost.org/t/20617
+ #
+ if (
+ os.system("dpkg --list | grep '^ii' | grep -q ' libgcc-8-dev'") == 0
+ and os.system(
+ "LC_ALL=C apt policy libgcc-8-dev | grep Candidate | grep -q rpi"
+ )
+ == 0
+ ):
+ logger.info(
+ "Attempting to fix the build-essential / libc6-dev / libgcc-8-dev hell ..."
+ )
+ os.system("cp /var/lib/dpkg/status /root/dpkg_status.bkp")
+ # This removes the dependency to build-essential from $app-ynh-deps
+ os.system(
+ "perl -i~ -0777 -pe 's/(Package: .*-ynh-deps\\n(.+:.+\\n)+Depends:.*)(build-essential, ?)(.*)/$1$4/g' /var/lib/dpkg/status"
+ )
+ self.apt_install(
+ "build-essential-"
+ ) # Note the '-' suffix to mean that we actually want to remove the packages
+ os.system(
+ "LC_ALL=C DEBIAN_FRONTEND=noninteractive APT_LISTCHANGES_FRONTEND=none apt autoremove --assume-yes"
+ )
+ self.apt_install(
+ "gcc-8- libgcc-8-dev- equivs"
+ ) # Note the '-' suffix to mean that we actually want to remove the packages .. we also explicitly add 'equivs' to the list because sometimes apt is dumb and will derp about it
+
#
# Main upgrade
#
@@ -233,9 +331,19 @@ class MyMigration(Migration):
# Clean the mess
logger.info(m18n.n("migration_0021_cleaning_up"))
- os.system("apt autoremove --assume-yes")
+ os.system(
+ "LC_ALL=C DEBIAN_FRONTEND=noninteractive APT_LISTCHANGES_FRONTEND=none apt autoremove --assume-yes"
+ )
os.system("apt clean --assume-yes")
+ #
+ # Stupid hack for stupid dnsmasq not picking up its new init.d script then breaking everything ...
+ # https://forum.yunohost.org/t/20676
+ #
+ if os.path.exists("/etc/init.d/dnsmasq.dpkg-dist"):
+ logger.info("Copying new version for /etc/init.d/dnsmasq ...")
+ os.system("cp /etc/init.d/dnsmasq.dpkg-dist /etc/init.d/dnsmasq")
+
#
# Yunohost upgrade
#
@@ -290,16 +398,38 @@ class MyMigration(Migration):
not self.debian_major_version() == N_CURRENT_DEBIAN
and not self.yunohost_major_version() == N_CURRENT_YUNOHOST
):
- raise YunohostError("migration_0021_not_buster")
+ try:
+ # Here we try to find the previous migration log, which should be somewhat recent and be at least 10k (we keep the biggest one)
+ maybe_previous_migration_log_id = check_output(
+ "cd /var/log/yunohost/categories/operation && find -name '*migrate*.log' -size +10k -mtime -100 -exec ls -s {} \\; | sort -n | tr './' ' ' | awk '{print $2}' | tail -n 1"
+ )
+ if maybe_previous_migration_log_id:
+ logger.info(
+ f"NB: the previous migration log id seems to be {maybe_previous_migration_log_id}. You can share it with the support team with : sudo yunohost log share {maybe_previous_migration_log_id}"
+ )
+ except Exception:
+ # Yeah it's not that important ... it's to simplify support ...
+ pass
+
+ raise YunohostError("migration_0021_not_buster2")
# Have > 1 Go free space on /var/ ?
if free_space_in_directory("/var/") / (1024**3) < 1.0:
raise YunohostError("migration_0021_not_enough_free_space")
+ # Have > 70 MB free space on /var/ ?
+ if free_space_in_directory("/boot/") / (1024**2) < 70.0:
+ raise YunohostError(
+ "/boot/ has less than 70MB available. This will probably trigger a crash during the upgrade because a new kernel needs to be installed. Please look for advice on the forum on how to remove old, unused kernels to free up some space in /boot/.",
+ raw_msg=True,
+ )
+
# Check system is up to date
# (but we don't if 'bullseye' is already in the sources.list ...
# which means maybe a previous upgrade crashed and we're re-running it)
- if " bullseye " not in read_file("/etc/apt/sources.list"):
+ if os.path.exists("/etc/apt/sources.list") and " bullseye " not in read_file(
+ "/etc/apt/sources.list"
+ ):
tools_update(target="system")
upgradable_system_packages = list(_list_upgradable_apt_packages())
upgradable_system_packages = [
@@ -345,15 +475,10 @@ class MyMigration(Migration):
message = m18n.n("migration_0021_general_warning")
- # FIXME: update this message with updated topic link once we release the migration as stable
message = (
- "N.B.: **THIS MIGRATION IS STILL IN BETA-STAGE** ! If your server hosts critical services and if you are not too confident with debugging possible issues, we recommend you to wait a little bit more while we gather more feedback and polish things up. If on the other hand you are relatively confident with debugging small issues that may arise, you are encouraged to run this migration ;)! You can read and share feedbacks on this forum thread: https://forum.yunohost.org/t/18531\n\n"
+ "N.B.: This migration has been tested by the community over the last few months but has only been declared stable recently. If your server hosts critical services and if you are not too confident with debugging possible issues, we recommend you to wait a little bit more while we gather more feedback and polish things up. If on the other hand you are relatively confident with debugging small issues that may arise, you are encouraged to run this migration ;)! You can read about remaining known issues and feedback from the community here: https://forum.yunohost.org/t/20590\n\n"
+ message
)
- # message = (
- # "N.B.: This migration has been tested by the community over the last few months but has only been declared stable recently. If your server hosts critical services and if you are not too confident with debugging possible issues, we recommend you to wait a little bit more while we gather more feedback and polish things up. If on the other hand you are relatively confident with debugging small issues that may arise, you are encouraged to run this migration ;)! You can read about remaining known issues and feedback from the community here: https://forum.yunohost.org/t/12195\n\n"
- # + message
- # )
if problematic_apps:
message += "\n\n" + m18n.n(
@@ -371,7 +496,8 @@ class MyMigration(Migration):
def patch_apt_sources_list(self):
sources_list = glob.glob("/etc/apt/sources.list.d/*.list")
- sources_list.append("/etc/apt/sources.list")
+ if os.path.exists("/etc/apt/sources.list"):
+ sources_list.append("/etc/apt/sources.list")
# This :
# - replace single 'buster' occurence by 'bulleye'
diff --git a/src/migrations/0023_postgresql_11_to_13.py b/src/migrations/0023_postgresql_11_to_13.py
index 8f03f8c5f..f0128da0b 100644
--- a/src/migrations/0023_postgresql_11_to_13.py
+++ b/src/migrations/0023_postgresql_11_to_13.py
@@ -1,12 +1,13 @@
import subprocess
import time
+import os
from moulinette import m18n
from yunohost.utils.error import YunohostError, YunohostValidationError
from moulinette.utils.log import getActionLogger
from yunohost.tools import Migration
-from yunohost.utils.filesystem import free_space_in_directory, space_used_by_directory
+from yunohost.utils.system import free_space_in_directory, space_used_by_directory
logger = getActionLogger("yunohost.migration")
@@ -19,6 +20,15 @@ class MyMigration(Migration):
def run(self):
+ if (
+ os.system(
+ 'grep -A10 "ynh-deps" /var/lib/dpkg/status | grep -E "Package:|Depends:" | grep -B1 postgresql'
+ )
+ != 0
+ ):
+ logger.info("No YunoHost app seem to require postgresql... Skipping!")
+ return
+
if not self.package_is_installed("postgresql-11"):
logger.warning(m18n.n("migration_0023_postgresql_11_not_installed"))
return
diff --git a/src/migrations/0024_rebuild_python_venv.py b/src/migrations/0024_rebuild_python_venv.py
new file mode 100644
index 000000000..d5aa7fc10
--- /dev/null
+++ b/src/migrations/0024_rebuild_python_venv.py
@@ -0,0 +1,189 @@
+import os
+
+from moulinette import m18n
+from moulinette.utils.log import getActionLogger
+from moulinette.utils.process import call_async_output
+
+from yunohost.tools import Migration, tools_migrations_state
+from moulinette.utils.filesystem import rm
+
+
+logger = getActionLogger("yunohost.migration")
+
+VENV_REQUIREMENTS_SUFFIX = ".requirements_backup_for_bullseye_upgrade.txt"
+
+
+def extract_app_from_venv_path(venv_path):
+
+ venv_path = venv_path.replace("/var/www/", "")
+ venv_path = venv_path.replace("/opt/yunohost/", "")
+ venv_path = venv_path.replace("/opt/", "")
+ return venv_path.split("/")[0]
+
+
+def _get_all_venvs(dir, level=0, maxlevel=3):
+ """
+ Returns the list of all python virtual env directories recursively
+
+ Arguments:
+ dir - the directory to scan in
+ maxlevel - the depth of the recursion
+ level - do not edit this, used as an iterator
+ """
+ if not os.path.exists(dir):
+ return []
+
+ # Using os functions instead of glob, because glob doesn't support hidden
+ # folders, and we need recursion with a fixed depth
+ result = []
+ for file in os.listdir(dir):
+ path = os.path.join(dir, file)
+ if os.path.isdir(path):
+ activatepath = os.path.join(path, "bin", "activate")
+ if os.path.isfile(activatepath) and os.path.isfile(
+ path + VENV_REQUIREMENTS_SUFFIX
+ ):
+ result.append(path)
+ continue
+ if level < maxlevel:
+ result += _get_all_venvs(path, level=level + 1)
+ return result
+
+
+class MyMigration(Migration):
+ """
+ After the update, recreate a python virtual env based on the previously
+ generated requirements file
+ """
+
+ ignored_python_apps = [
+ "calibreweb",
+ "django-for-runners",
+ "ffsync",
+ "jupiterlab",
+ "librephotos",
+ "mautrix",
+ "mediadrop",
+ "mopidy",
+ "pgadmin",
+ "tracim",
+ "synapse",
+ "matrix-synapse",
+ "weblate",
+ ]
+
+ dependencies = ["migrate_to_bullseye"]
+ state = None
+
+ def is_pending(self):
+ if not self.state:
+ self.state = tools_migrations_state()["migrations"].get(
+ "0024_rebuild_python_venv", "pending"
+ )
+ return self.state == "pending"
+
+ @property
+ def mode(self):
+ if not self.is_pending():
+ return "auto"
+
+ if _get_all_venvs("/opt/") + _get_all_venvs("/var/www/"):
+ return "manual"
+ else:
+ return "auto"
+
+ @property
+ def disclaimer(self):
+ # Avoid having a super long disclaimer to generate if migrations has
+ # been done
+ if not self.is_pending():
+ return None
+
+ # Disclaimer should be empty if in auto, otherwise it excepts the --accept-disclaimer option during debian postinst
+ if self.mode == "auto":
+ return None
+
+ ignored_apps = []
+ rebuild_apps = []
+
+ venvs = _get_all_venvs("/opt/") + _get_all_venvs("/var/www/")
+ for venv in venvs:
+ if not os.path.isfile(venv + VENV_REQUIREMENTS_SUFFIX):
+ continue
+
+ app_corresponding_to_venv = extract_app_from_venv_path(venv)
+
+ # Search for ignore apps
+ if any(
+ app_corresponding_to_venv.startswith(app)
+ for app in self.ignored_python_apps
+ ):
+ ignored_apps.append(app_corresponding_to_venv)
+ else:
+ rebuild_apps.append(app_corresponding_to_venv)
+
+ msg = m18n.n("migration_0024_rebuild_python_venv_disclaimer_base")
+ if rebuild_apps:
+ msg += "\n\n" + m18n.n(
+ "migration_0024_rebuild_python_venv_disclaimer_rebuild",
+ rebuild_apps="\n - " + "\n - ".join(rebuild_apps),
+ )
+ if ignored_apps:
+ msg += "\n\n" + m18n.n(
+ "migration_0024_rebuild_python_venv_disclaimer_ignored",
+ ignored_apps="\n - " + "\n - ".join(ignored_apps),
+ )
+
+ return msg
+
+ def run(self):
+
+ if self.mode == "auto":
+ return
+
+ venvs = _get_all_venvs("/opt/") + _get_all_venvs("/var/www/")
+ for venv in venvs:
+
+ app_corresponding_to_venv = extract_app_from_venv_path(venv)
+
+ # Search for ignore apps
+ if any(
+ app_corresponding_to_venv.startswith(app)
+ for app in self.ignored_python_apps
+ ):
+ rm(venv + VENV_REQUIREMENTS_SUFFIX)
+ logger.info(
+ m18n.n(
+ "migration_0024_rebuild_python_venv_broken_app",
+ app=app_corresponding_to_venv,
+ )
+ )
+ continue
+
+ logger.info(
+ m18n.n(
+ "migration_0024_rebuild_python_venv_in_progress",
+ app=app_corresponding_to_venv,
+ )
+ )
+
+ # Recreate the venv
+ rm(venv, recursive=True)
+ callbacks = (
+ lambda l: logger.debug("+ " + l.rstrip() + "\r"),
+ lambda l: logger.warning(l.rstrip()),
+ )
+ call_async_output(["python", "-m", "venv", venv], callbacks)
+ status = call_async_output(
+ [f"{venv}/bin/pip", "install", "-r", venv + VENV_REQUIREMENTS_SUFFIX],
+ callbacks,
+ )
+ if status != 0:
+ logger.error(
+ m18n.n(
+ "migration_0024_rebuild_python_venv_failed",
+ app=app_corresponding_to_venv,
+ )
+ )
+ else:
+ rm(venv + VENV_REQUIREMENTS_SUFFIX)
diff --git a/src/migrations/0025_global_settings_to_configpanel.py b/src/migrations/0025_global_settings_to_configpanel.py
new file mode 100644
index 000000000..3a43ccb13
--- /dev/null
+++ b/src/migrations/0025_global_settings_to_configpanel.py
@@ -0,0 +1,43 @@
+import os
+
+from yunohost.utils.error import YunohostError
+from moulinette.utils.log import getActionLogger
+from moulinette.utils.filesystem import read_json, write_to_yaml
+
+from yunohost.tools import Migration
+from yunohost.utils.legacy import translate_legacy_settings_to_configpanel_settings
+
+logger = getActionLogger("yunohost.migration")
+
+SETTINGS_PATH = "/etc/yunohost/settings.yml"
+OLD_SETTINGS_PATH = "/etc/yunohost/settings.json"
+
+
+class MyMigration(Migration):
+
+ "Migrate old global settings to the new ConfigPanel global settings"
+
+ dependencies = ["migrate_to_bullseye"]
+
+ def run(self):
+ if not os.path.exists(OLD_SETTINGS_PATH):
+ return
+
+ try:
+ old_settings = read_json(OLD_SETTINGS_PATH)
+ except Exception as e:
+ raise YunohostError(f"Can't open setting file : {e}", raw_msg=True)
+
+ settings = {
+ translate_legacy_settings_to_configpanel_settings(k).split(".")[-1]: v[
+ "value"
+ ]
+ for k, v in old_settings.items()
+ }
+
+ if settings.get("smtp_relay_host"):
+ settings["smtp_relay_enabled"] = True
+
+ # Here we don't use settings_set() from settings.py to prevent
+ # Questions to be asked when one run the migration from CLI.
+ write_to_yaml(SETTINGS_PATH, settings)
diff --git a/src/migrations/0026_new_admins_group.py b/src/migrations/0026_new_admins_group.py
new file mode 100644
index 000000000..5d9167ae7
--- /dev/null
+++ b/src/migrations/0026_new_admins_group.py
@@ -0,0 +1,139 @@
+from moulinette.utils.log import getActionLogger
+
+from yunohost.tools import Migration
+
+logger = getActionLogger("yunohost.migration")
+
+###################################################
+# Tools used also for restoration
+###################################################
+
+
+class MyMigration(Migration):
+ """
+ Add new permissions around SSH/SFTP features
+ """
+
+ introduced_in_version = "11.1" # FIXME?
+ dependencies = []
+
+ ldap_migration_started = False
+
+ @Migration.ldap_migration
+ def run(self, *args):
+
+ from yunohost.user import (
+ user_list,
+ user_info,
+ user_group_update,
+ user_update,
+ user_group_add_mailalias,
+ ADMIN_ALIASES,
+ )
+ from yunohost.utils.ldap import _get_ldap_interface
+ from yunohost.permission import permission_sync_to_user
+ from yunohost.domain import _get_maindomain
+
+ main_domain = _get_maindomain()
+ ldap = _get_ldap_interface()
+
+ all_users = user_list()["users"].keys()
+ new_admin_user = None
+ for user in all_users:
+ if any(
+ alias.startswith("root@")
+ for alias in user_info(user).get("mail-aliases", [])
+ ):
+ new_admin_user = user
+ break
+
+ self.ldap_migration_started = True
+
+ if new_admin_user:
+ aliases = user_info(new_admin_user).get("mail-aliases", [])
+ old_admin_aliases_to_remove = [
+ alias
+ for alias in aliases
+ if any(
+ alias.startswith(a)
+ for a in [
+ "root@",
+ "admin@",
+ "admins@",
+ "webmaster@",
+ "postmaster@",
+ "abuse@",
+ ]
+ )
+ ]
+
+ user_update(new_admin_user, remove_mailalias=old_admin_aliases_to_remove)
+
+ admin_hashs = ldap.search("cn=admin", attrs={"userPassword"})[0]["userPassword"]
+
+ stuff_to_delete = [
+ "cn=admin,ou=sudo",
+ "cn=admin",
+ "cn=admins,ou=groups",
+ ]
+
+ for stuff in stuff_to_delete:
+ if ldap.search(stuff):
+ ldap.remove(stuff)
+
+ ldap.add(
+ "cn=admins,ou=sudo",
+ {
+ "cn": ["admins"],
+ "objectClass": ["top", "sudoRole"],
+ "sudoCommand": ["ALL"],
+ "sudoUser": ["%admins"],
+ "sudoHost": ["ALL"],
+ },
+ )
+
+ ldap.add(
+ "cn=admins,ou=groups",
+ {
+ "cn": ["admins"],
+ "objectClass": ["top", "posixGroup", "groupOfNamesYnh"],
+ "gidNumber": ["4001"],
+ },
+ )
+
+ user_group_add_mailalias(
+ "admins", [f"{alias}@{main_domain}" for alias in ADMIN_ALIASES]
+ )
+
+ permission_sync_to_user()
+
+ if new_admin_user:
+ user_group_update(groupname="admins", add=new_admin_user, sync_perm=True)
+
+ # Re-add admin as a regular user
+ attr_dict = {
+ "objectClass": [
+ "mailAccount",
+ "inetOrgPerson",
+ "posixAccount",
+ "userPermissionYnh",
+ ],
+ "givenName": ["Admin"],
+ "sn": ["Admin"],
+ "displayName": ["Admin"],
+ "cn": ["Admin"],
+ "uid": ["admin"],
+ "mail": "admin_legacy",
+ "maildrop": ["admin"],
+ "mailuserquota": ["0"],
+ "userPassword": admin_hashs,
+ "gidNumber": ["1007"],
+ "uidNumber": ["1007"],
+ "homeDirectory": ["/home/admin"],
+ "loginShell": ["/bin/bash"],
+ }
+ ldap.add("uid=admin,ou=users", attr_dict)
+ user_group_update(groupname="admins", add="admin", sync_perm=True)
+
+ def run_after_system_restore(self):
+ self.run()
diff --git a/src/permission.py b/src/permission.py
index 2a6f6d954..e451bb74c 100644
--- a/src/permission.py
+++ b/src/permission.py
@@ -1,29 +1,21 @@
-# -*- coding: utf-8 -*-
-
-""" License
-
- Copyright (C) 2014 YUNOHOST.ORG
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program; if not, see http://www.gnu.org/licenses
-
-"""
-
-""" yunohost_permission.py
-
- Manage permissions
-"""
-
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
import re
import copy
import grp
@@ -487,6 +479,7 @@ def permission_url(
url=None,
add_url=None,
remove_url=None,
+ set_url=None,
auth_header=None,
clear_urls=False,
sync_perm=True,
@@ -499,6 +492,7 @@ def permission_url(
url -- (optional) URL for which access will be allowed/forbidden.
add_url -- (optional) List of additional url to add for which access will be allowed/forbidden
remove_url -- (optional) List of additional url to remove for which access will be allowed/forbidden
+ set_url -- (optional) List of additional url to set/replace for which access will be allowed/forbidden
auth_header -- (optional) Define for the URL of this permission, if SSOwat pass the authentication header to the application
clear_urls -- (optional) Clean all urls (url and additional_urls)
"""
@@ -564,6 +558,9 @@ def permission_url(
new_additional_urls = [u for u in new_additional_urls if u not in remove_url]
+ if set_url:
+ new_additional_urls = set_url
+
if auth_header is None:
auth_header = existing_permission["auth_header"]
diff --git a/src/regenconf.py b/src/regenconf.py
index e513a1506..f1163e66a 100644
--- a/src/regenconf.py
+++ b/src/regenconf.py
@@ -1,24 +1,21 @@
-# -*- coding: utf-8 -*-
-
-""" License
-
- Copyright (C) 2019 YunoHost
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program; if not, see http://www.gnu.org/licenses
-
-"""
-
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
import os
import yaml
import shutil
diff --git a/src/service.py b/src/service.py
index 506d3223e..1f1c35c44 100644
--- a/src/service.py
+++ b/src/service.py
@@ -1,29 +1,21 @@
-# -*- coding: utf-8 -*-
-
-""" License
-
- Copyright (C) 2013 YunoHost
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program; if not, see http://www.gnu.org/licenses
-
-"""
-
-""" yunohost_service.py
-
- Manage services
-"""
-
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
import re
import os
import time
@@ -710,6 +702,10 @@ def _get_services():
)
php_fpm_versions = [v for v in php_fpm_versions.split("\n") if v.strip()]
for version in php_fpm_versions:
+ # Skip php 7.3 which is most likely dead after buster->bullseye migration
+ # because users get spooked
+ if version == "7.3":
+ continue
services[f"php{version}-fpm"] = {
"log": f"/var/log/php{version}-fpm.log",
"test_conf": f"php-fpm{version} --test", # ofc the service is phpx.y-fpm but the program is php-fpmx.y because why not ...
diff --git a/src/settings.py b/src/settings.py
index cec416550..d9ea600a4 100644
--- a/src/settings.py
+++ b/src/settings.py
@@ -1,129 +1,39 @@
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
import os
-import json
import subprocess
-from datetime import datetime
-from collections import OrderedDict
-
from moulinette import m18n
from yunohost.utils.error import YunohostError, YunohostValidationError
+from yunohost.utils.config import ConfigPanel, Question
from moulinette.utils.log import getActionLogger
from yunohost.regenconf import regen_conf
from yunohost.firewall import firewall_reload
+from yunohost.log import is_unit_operation
+from yunohost.utils.legacy import translate_legacy_settings_to_configpanel_settings
logger = getActionLogger("yunohost.settings")
-SETTINGS_PATH = "/etc/yunohost/settings.json"
-SETTINGS_PATH_OTHER_LOCATION = "/etc/yunohost/settings-%s.json"
+SETTINGS_PATH = "/etc/yunohost/settings.yml"
-def is_boolean(value):
- TRUE = ["true", "on", "yes", "y", "1"]
- FALSE = ["false", "off", "no", "n", "0"]
-
- """
- Ensure a string value is intended as a boolean
-
- Keyword arguments:
- arg -- The string to check
-
- Returns:
- (is_boolean, boolean_value)
-
- """
- if isinstance(value, bool):
- return True, value
- if value in [0, 1]:
- return True, bool(value)
- elif isinstance(value, str):
- if str(value).lower() in TRUE + FALSE:
- return True, str(value).lower() in TRUE
- else:
- return False, None
- else:
- return False, None
-
-
-# a settings entry is in the form of:
-# namespace.subnamespace.name: {type, value, default, description, [choices]}
-# choices is only for enum
-# the keyname can have as many subnamespace as needed but should have at least
-# one level of namespace
-
-# description is implied from the translated strings
-# the key is "global_settings_setting_%s" % key.replace(".", "_")
-
-# type can be:
-# * bool
-# * int
-# * string
-# * enum (in the form of a python list)
-
-DEFAULTS = OrderedDict(
- [
- # Password Validation
- # -1 disabled, 0 alert if listed, 1 8-letter, 2 normal, 3 strong, 4 strongest
- ("security.password.admin.strength", {"type": "int", "default": 1}),
- ("security.password.user.strength", {"type": "int", "default": 1}),
- (
- "service.ssh.allow_deprecated_dsa_hostkey",
- {"type": "bool", "default": False},
- ),
- (
- "security.ssh.compatibility",
- {
- "type": "enum",
- "default": "modern",
- "choices": ["intermediate", "modern"],
- },
- ),
- (
- "security.ssh.port",
- {"type": "int", "default": 22},
- ),
- (
- "security.ssh.password_authentication",
- {"type": "bool", "default": True},
- ),
- (
- "security.nginx.redirect_to_https",
- {
- "type": "bool",
- "default": True,
- },
- ),
- (
- "security.nginx.compatibility",
- {
- "type": "enum",
- "default": "intermediate",
- "choices": ["intermediate", "modern"],
- },
- ),
- (
- "security.postfix.compatibility",
- {
- "type": "enum",
- "default": "intermediate",
- "choices": ["intermediate", "modern"],
- },
- ),
- ("pop3.enabled", {"type": "bool", "default": False}),
- ("smtp.allow_ipv6", {"type": "bool", "default": True}),
- ("smtp.relay.host", {"type": "string", "default": ""}),
- ("smtp.relay.port", {"type": "int", "default": 587}),
- ("smtp.relay.user", {"type": "string", "default": ""}),
- ("smtp.relay.password", {"type": "string", "default": ""}),
- ("backup.compress_tar_archives", {"type": "bool", "default": False}),
- ("ssowat.panel_overlay.enabled", {"type": "bool", "default": True}),
- ("security.webadmin.allowlist.enabled", {"type": "bool", "default": False}),
- ("security.webadmin.allowlist", {"type": "string", "default": ""}),
- ("security.experimental.enabled", {"type": "bool", "default": False}),
- ]
-)
-
-
-def settings_get(key, full=False):
+def settings_get(key="", full=False, export=False):
"""
Get an entry value in the settings
@@ -131,28 +41,39 @@ def settings_get(key, full=False):
key -- Settings key
"""
- settings = _get_settings()
-
- if key not in settings:
+ if full and export:
raise YunohostValidationError(
- "global_settings_key_doesnt_exists", settings_key=key
+ "You can't use --full and --export together.", raw_msg=True
)
if full:
- return settings[key]
+ mode = "full"
+ elif export:
+ mode = "export"
+ else:
+ mode = "classic"
- return settings[key]["value"]
+ settings = SettingsConfigPanel()
+ key = translate_legacy_settings_to_configpanel_settings(key)
+ return settings.get(key, mode)
-def settings_list():
- """
- List all entries of the settings
+def settings_list(full=False):
- """
- return _get_settings()
+ settings = settings_get(full=full)
+
+ if full:
+ return settings
+ else:
+ return {
+ k: v
+ for k, v in settings.items()
+ if not k.startswith("security.root_access")
+ }
-def settings_set(key, value):
+@is_unit_operation()
+def settings_set(operation_logger, key=None, value=None, args=None, args_file=None):
"""
Set an entry value in the settings
@@ -161,78 +82,14 @@ def settings_set(key, value):
value -- New value
"""
- settings = _get_settings()
-
- if key not in settings:
- raise YunohostValidationError(
- "global_settings_key_doesnt_exists", settings_key=key
- )
-
- key_type = settings[key]["type"]
-
- if key_type == "bool":
- boolean_value = is_boolean(value)
- if boolean_value[0]:
- value = boolean_value[1]
- else:
- raise YunohostValidationError(
- "global_settings_bad_type_for_setting",
- setting=key,
- received_type=type(value).__name__,
- expected_type=key_type,
- )
- elif key_type == "int":
- if not isinstance(value, int) or isinstance(value, bool):
- if isinstance(value, str):
- try:
- value = int(value)
- except Exception:
- raise YunohostValidationError(
- "global_settings_bad_type_for_setting",
- setting=key,
- received_type=type(value).__name__,
- expected_type=key_type,
- )
- else:
- raise YunohostValidationError(
- "global_settings_bad_type_for_setting",
- setting=key,
- received_type=type(value).__name__,
- expected_type=key_type,
- )
- elif key_type == "string":
- if not isinstance(value, str):
- raise YunohostValidationError(
- "global_settings_bad_type_for_setting",
- setting=key,
- received_type=type(value).__name__,
- expected_type=key_type,
- )
- elif key_type == "enum":
- if value not in settings[key]["choices"]:
- raise YunohostValidationError(
- "global_settings_bad_choice_for_enum",
- setting=key,
- choice=str(value),
- available_choices=", ".join(settings[key]["choices"]),
- )
- else:
- raise YunohostValidationError(
- "global_settings_unknown_type", setting=key, unknown_type=key_type
- )
-
- old_value = settings[key].get("value")
- settings[key]["value"] = value
- _save_settings(settings)
-
- try:
- trigger_post_change_hook(key, old_value, value)
- except Exception as e:
- logger.error(f"Post-change hook for setting {key} failed : {e}")
- raise
+ Question.operation_logger = operation_logger
+ settings = SettingsConfigPanel()
+ key = translate_legacy_settings_to_configpanel_settings(key)
+ return settings.set(key, value, args, args_file, operation_logger=operation_logger)
-def settings_reset(key):
+@is_unit_operation()
+def settings_reset(operation_logger, key):
"""
Set an entry value to its default one
@@ -240,18 +97,14 @@ def settings_reset(key):
key -- Settings key
"""
- settings = _get_settings()
- if key not in settings:
- raise YunohostValidationError(
- "global_settings_key_doesnt_exists", settings_key=key
- )
-
- settings[key]["value"] = settings[key]["default"]
- _save_settings(settings)
+ settings = SettingsConfigPanel()
+ key = translate_legacy_settings_to_configpanel_settings(key)
+ return settings.reset(key, operation_logger=operation_logger)
-def settings_reset_all():
+@is_unit_operation()
+def settings_reset_all(operation_logger):
"""
Reset all settings to their default value
@@ -259,110 +112,155 @@ def settings_reset_all():
yes -- Yes I'm sure I want to do that
"""
- settings = _get_settings()
-
- # For now on, we backup the previous settings in case of but we don't have
- # any mecanism to take advantage of those backups. It could be a nice
- # addition but we'll see if this is a common need.
- # Another solution would be to use etckeeper and integrate those
- # modification inside of it and take advantage of its git history
- old_settings_backup_path = (
- SETTINGS_PATH_OTHER_LOCATION % datetime.utcnow().strftime("%F_%X")
- )
- _save_settings(settings, location=old_settings_backup_path)
-
- for value in settings.values():
- value["value"] = value["default"]
-
- _save_settings(settings)
-
- return {
- "old_settings_backup_path": old_settings_backup_path,
- "message": m18n.n(
- "global_settings_reset_success", path=old_settings_backup_path
- ),
- }
+ settings = SettingsConfigPanel()
+ return settings.reset(operation_logger=operation_logger)
-def _get_setting_description(key):
- return m18n.n(f"global_settings_setting_{key}".replace(".", "_"))
+class SettingsConfigPanel(ConfigPanel):
+ entity_type = "global"
+ save_path_tpl = SETTINGS_PATH
+ save_mode = "diff"
+ virtual_settings = ["root_password", "root_password_confirm", "passwordless_sudo"]
+ def __init__(self, config_path=None, save_path=None, creation=False):
+ super().__init__("settings")
-def _get_settings():
+ def _apply(self):
- settings = {}
+ root_password = self.new_values.pop("root_password", None)
+ root_password_confirm = self.new_values.pop("root_password_confirm", None)
+ passwordless_sudo = self.new_values.pop("passwordless_sudo", None)
- for key, value in DEFAULTS.copy().items():
- settings[key] = value
- settings[key]["value"] = value["default"]
- settings[key]["description"] = _get_setting_description(key)
+ self.values = {
+ k: v for k, v in self.values.items() if k not in self.virtual_settings
+ }
+ self.new_values = {
+ k: v for k, v in self.new_values.items() if k not in self.virtual_settings
+ }
- if not os.path.exists(SETTINGS_PATH):
- return settings
+ assert all(v not in self.future_values for v in self.virtual_settings)
- # we have a very strict policy on only allowing settings that we know in
- # the OrderedDict DEFAULTS
- # For various reason, while reading the local settings we might encounter
- # settings that aren't in DEFAULTS, those can come from settings key that
- # we have removed, errors or the user trying to modify
- # /etc/yunohost/settings.json
- # To avoid to simply overwrite them, we store them in
- # /etc/yunohost/settings-unknown.json in case of
- unknown_settings = {}
- unknown_settings_path = SETTINGS_PATH_OTHER_LOCATION % "unknown"
+ if root_password and root_password.strip():
- if os.path.exists(unknown_settings_path):
+ if root_password != root_password_confirm:
+ raise YunohostValidationError("password_confirmation_not_the_same")
+
+ from yunohost.tools import tools_rootpw
+
+ tools_rootpw(root_password, check_strength=True)
+
+ if passwordless_sudo is not None:
+ from yunohost.utils.ldap import _get_ldap_interface
+
+ ldap = _get_ldap_interface()
+ ldap.update(
+ "cn=admins,ou=sudo",
+ {"sudoOption": ["!authenticate"] if passwordless_sudo else []},
+ )
+
+ super()._apply()
+
+ settings = {
+ k: v for k, v in self.future_values.items() if self.values.get(k) != v
+ }
+ for setting_name, value in settings.items():
+ try:
+ trigger_post_change_hook(
+ setting_name, self.values.get(setting_name), value
+ )
+ except Exception as e:
+ logger.error(f"Post-change hook for setting failed : {e}")
+ raise
+
+ def _get_toml(self):
+
+ toml = super()._get_toml()
+
+ # Dynamic choice list for portal themes
+ THEMEDIR = "/usr/share/ssowat/portal/assets/themes/"
try:
- unknown_settings = json.load(open(unknown_settings_path, "r"))
- except Exception as e:
- logger.warning(f"Error while loading unknown settings {e}")
+ themes = [d for d in os.listdir(THEMEDIR) if os.path.isdir(THEMEDIR + d)]
+ except Exception:
+ themes = ["unsplash", "vapor", "light", "default", "clouds"]
+ toml["misc"]["portal"]["portal_theme"]["choices"] = themes
- try:
- with open(SETTINGS_PATH) as settings_fd:
- local_settings = json.load(settings_fd)
+ return toml
- for key, value in local_settings.items():
- if key in settings:
- settings[key] = value
- settings[key]["description"] = _get_setting_description(key)
- else:
- logger.warning(
- m18n.n(
- "global_settings_unknown_setting_from_settings_file",
- setting_key=key,
- )
+ def _load_current_values(self):
+
+ super()._load_current_values()
+
+ # Specific logic for those settings who are "virtual" settings
+ # and only meant to have a custom setter mapped to tools_rootpw
+ self.values["root_password"] = ""
+ self.values["root_password_confirm"] = ""
+
+ # Specific logic for virtual setting "passwordless_sudo"
+ try:
+ from yunohost.utils.ldap import _get_ldap_interface
+
+ ldap = _get_ldap_interface()
+ self.values["passwordless_sudo"] = "!authenticate" in ldap.search(
+ "ou=sudo", "cn=admins", ["sudoOption"]
+ )[0].get("sudoOption", [])
+ except:
+ self.values["passwordless_sudo"] = False
+
+ def get(self, key="", mode="classic"):
+
+ result = super().get(key=key, mode=mode)
+
+ if mode == "full":
+ for panel, section, option in self._iterate():
+ if m18n.key_exists(self.config["i18n"] + "_" + option["id"] + "_help"):
+ option["help"] = m18n.n(
+ self.config["i18n"] + "_" + option["id"] + "_help"
)
- unknown_settings[key] = value
- except Exception as e:
- raise YunohostValidationError("global_settings_cant_open_settings", reason=e)
+ return self.config
+
+ # Dirty hack to let settings_get() to work from a python script
+ if isinstance(result, str) and result in ["True", "False"]:
+ result = bool(result == "True")
+
+ return result
+
+ def reset(self, key="", operation_logger=None):
+ self.filter_key = key
+
+ # Read config panel toml
+ self._get_config_panel()
+
+ if not self.config:
+ raise YunohostValidationError("config_no_panel")
+
+ # Replace all values with default values
+ self.values = self._get_default_values()
+
+ Question.operation_logger = operation_logger
+
+ if operation_logger:
+ operation_logger.start()
- if unknown_settings:
try:
- _save_settings(unknown_settings, location=unknown_settings_path)
- _save_settings(settings)
- except Exception as e:
- logger.warning(f"Failed to save unknown settings (because {e}), aborting.")
+ self._apply()
+ except YunohostError:
+ raise
+ # Script got manually interrupted ...
+ # N.B. : KeyboardInterrupt does not inherit from Exception
+ except (KeyboardInterrupt, EOFError):
+ error = m18n.n("operation_interrupted")
+ logger.error(m18n.n("config_apply_failed", error=error))
+ raise
+ # Something wrong happened in Yunohost's code (most probably hook_exec)
+ except Exception:
+ import traceback
- return settings
+ error = m18n.n("unexpected_error", error="\n" + traceback.format_exc())
+ logger.error(m18n.n("config_apply_failed", error=error))
+ raise
-
-def _save_settings(settings, location=SETTINGS_PATH):
- settings_without_description = {}
- for key, value in settings.items():
- settings_without_description[key] = value
- if "description" in value:
- del settings_without_description[key]["description"]
-
- try:
- result = json.dumps(settings_without_description, indent=4)
- except Exception as e:
- raise YunohostError("global_settings_cant_serialize_settings", reason=e)
-
- try:
- with open(location, "w") as settings_fd:
- settings_fd.write(result)
- except Exception as e:
- raise YunohostError("global_settings_cant_write_settings", reason=e)
+ logger.success(m18n.n("global_settings_reset_success"))
+ operation_logger.success()
# Meant to be a dict of setting_name -> function to call
@@ -370,13 +268,8 @@ post_change_hooks = {}
def post_change_hook(setting_name):
+ # TODO: Check that setting_name exists
def decorator(func):
- assert (
- setting_name in DEFAULTS.keys()
- ), f"The setting {setting_name} does not exists"
- assert (
- setting_name not in post_change_hooks
- ), f"You can only register one post change hook per setting (in particular for {setting_name})"
post_change_hooks[setting_name] = func
return func
@@ -404,48 +297,56 @@ def trigger_post_change_hook(setting_name, old_value, new_value):
# ===========================================
-@post_change_hook("ssowat.panel_overlay.enabled")
-@post_change_hook("security.nginx.redirect_to_https")
-@post_change_hook("security.nginx.compatibility")
-@post_change_hook("security.webadmin.allowlist.enabled")
-@post_change_hook("security.webadmin.allowlist")
+@post_change_hook("portal_theme")
+def regen_ssowatconf(setting_name, old_value, new_value):
+ if old_value != new_value:
+ from yunohost.app import app_ssowatconf
+
+ app_ssowatconf()
+
+
+@post_change_hook("ssowat_panel_overlay_enabled")
+@post_change_hook("nginx_redirect_to_https")
+@post_change_hook("nginx_compatibility")
+@post_change_hook("webadmin_allowlist_enabled")
+@post_change_hook("webadmin_allowlist")
def reconfigure_nginx(setting_name, old_value, new_value):
if old_value != new_value:
regen_conf(names=["nginx"])
-@post_change_hook("security.experimental.enabled")
+@post_change_hook("security_experimental_enabled")
def reconfigure_nginx_and_yunohost(setting_name, old_value, new_value):
if old_value != new_value:
regen_conf(names=["nginx", "yunohost"])
-@post_change_hook("security.ssh.compatibility")
-@post_change_hook("security.ssh.password_authentication")
+@post_change_hook("ssh_compatibility")
+@post_change_hook("ssh_password_authentication")
def reconfigure_ssh(setting_name, old_value, new_value):
if old_value != new_value:
regen_conf(names=["ssh"])
-@post_change_hook("security.ssh.port")
+@post_change_hook("ssh_port")
def reconfigure_ssh_and_fail2ban(setting_name, old_value, new_value):
if old_value != new_value:
regen_conf(names=["ssh", "fail2ban"])
firewall_reload()
-@post_change_hook("smtp.allow_ipv6")
-@post_change_hook("smtp.relay.host")
-@post_change_hook("smtp.relay.port")
-@post_change_hook("smtp.relay.user")
-@post_change_hook("smtp.relay.password")
-@post_change_hook("security.postfix.compatibility")
+@post_change_hook("smtp_allow_ipv6")
+@post_change_hook("smtp_relay_host")
+@post_change_hook("smtp_relay_port")
+@post_change_hook("smtp_relay_user")
+@post_change_hook("smtp_relay_password")
+@post_change_hook("postfix_compatibility")
def reconfigure_postfix(setting_name, old_value, new_value):
if old_value != new_value:
regen_conf(names=["postfix"])
-@post_change_hook("pop3.enabled")
+@post_change_hook("pop3_enabled")
def reconfigure_dovecot(setting_name, old_value, new_value):
dovecot_package = "dovecot-pop3d"
diff --git a/src/ssh.py b/src/ssh.py
index b89dc6c8e..d5951cba5 100644
--- a/src/ssh.py
+++ b/src/ssh.py
@@ -1,4 +1,21 @@
-# encoding: utf-8
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
import re
import os
@@ -158,15 +175,6 @@ def _get_user_for_ssh(username, attrs=None):
"home_path": root_unix.pw_dir,
}
- if username == "admin":
- admin_unix = pwd.getpwnam("admin")
- return {
- "username": "admin",
- "fullname": "",
- "mail": "",
- "home_path": admin_unix.pw_dir,
- }
-
# TODO escape input using https://www.python-ldap.org/doc/html/ldap-filter.html
from yunohost.utils.ldap import _get_ldap_interface
diff --git a/src/tests/test_app_config.py b/src/tests/test_app_config.py
index d6cf8045d..b524a7a51 100644
--- a/src/tests/test_app_config.py
+++ b/src/tests/test_app_config.py
@@ -102,14 +102,14 @@ def config_app(request):
def test_app_config_get(config_app):
- user_create("alice", "Alice", "White", _get_maindomain(), "test123Ynh")
+ user_create("alice", _get_maindomain(), "test123Ynh", fullname="Alice White")
assert isinstance(app_config_get(config_app), dict)
assert isinstance(app_config_get(config_app, full=True), dict)
assert isinstance(app_config_get(config_app, export=True), dict)
assert isinstance(app_config_get(config_app, "main"), dict)
assert isinstance(app_config_get(config_app, "main.components"), dict)
- assert app_config_get(config_app, "main.components.boolean") == "0"
+ assert app_config_get(config_app, "main.components.boolean") == 0
user_delete("alice")
@@ -141,16 +141,16 @@ def test_app_config_get_nonexistentstuff(config_app):
def test_app_config_regular_setting(config_app):
- assert app_config_get(config_app, "main.components.boolean") == "0"
+ assert app_config_get(config_app, "main.components.boolean") == 0
app_config_set(config_app, "main.components.boolean", "no")
- assert app_config_get(config_app, "main.components.boolean") == "0"
+ assert app_config_get(config_app, "main.components.boolean") == 0
assert app_setting(config_app, "boolean") == "0"
app_config_set(config_app, "main.components.boolean", "yes")
- assert app_config_get(config_app, "main.components.boolean") == "1"
+ assert app_config_get(config_app, "main.components.boolean") == 1
assert app_setting(config_app, "boolean") == "1"
with pytest.raises(YunohostValidationError), patch.object(
@@ -173,14 +173,14 @@ def test_app_config_bind_on_file(config_app):
assert app_setting(config_app, "arg5") == "Foo Bar"
-def test_app_config_custom_get(config_app):
-
- assert app_setting(config_app, "arg9") is None
- assert (
- "Files in /var/www"
- in app_config_get(config_app, "bind.function.arg9")["ask"]["en"]
- )
- assert app_setting(config_app, "arg9") is None
+# def test_app_config_custom_get(config_app):
+#
+# assert app_setting(config_app, "arg9") is None
+# assert (
+# "Files in /var/www"
+# in app_config_get(config_app, "bind.function.arg9")["ask"]["en"]
+# )
+# assert app_setting(config_app, "arg9") is None
def test_app_config_custom_validator(config_app):
diff --git a/src/tests/test_app_resources.py b/src/tests/test_app_resources.py
new file mode 100644
index 000000000..879f6e29a
--- /dev/null
+++ b/src/tests/test_app_resources.py
@@ -0,0 +1,411 @@
+import os
+import pytest
+
+from moulinette.utils.process import check_output
+
+from yunohost.app import app_setting
+from yunohost.domain import _get_maindomain
+from yunohost.utils.resources import (
+ AppResource,
+ AppResourceManager,
+ AppResourceClassesByType,
+)
+from yunohost.permission import user_permission_list, permission_delete
+from yunohost.firewall import firewall_list
+
+dummyfile = "/tmp/dummyappresource-testapp"
+
+
+class DummyAppResource(AppResource):
+
+ type = "dummy"
+
+ default_properties = {
+ "file": "/tmp/dummyappresource-__APP__",
+ "content": "foo",
+ }
+
+ def provision_or_update(self, context):
+
+ open(self.file, "w").write(self.content)
+
+ if self.content == "forbiddenvalue":
+ raise Exception("Emeged you used the forbidden value!1!£&")
+
+ def deprovision(self, context):
+
+ os.system(f"rm -f {self.file}")
+
+
+AppResourceClassesByType["dummy"] = DummyAppResource
+
+
+def setup_function(function):
+
+ clean()
+
+ os.system("mkdir /etc/yunohost/apps/testapp")
+ os.system("echo 'id: testapp' > /etc/yunohost/apps/testapp/settings.yml")
+ os.system("echo 'packaging_format = 2' > /etc/yunohost/apps/testapp/manifest.toml")
+ os.system("echo 'id = \"testapp\"' >> /etc/yunohost/apps/testapp/manifest.toml")
+
+
+def teardown_function(function):
+
+ clean()
+
+
+def clean():
+
+ os.system(f"rm -f {dummyfile}")
+ os.system("rm -rf /etc/yunohost/apps/testapp")
+ os.system("rm -rf /var/www/testapp")
+ os.system("rm -rf /home/yunohost.app/testapp")
+ os.system("apt remove lolcat sl nyancat yarn >/dev/null 2>/dev/null")
+ os.system("userdel testapp 2>/dev/null")
+
+ for p in user_permission_list()["permissions"]:
+ if p.startswith("testapp."):
+ permission_delete(p, force=True, sync_perm=False)
+
+
+def test_provision_dummy():
+
+ current = {"resources": {}}
+ wanted = {"resources": {"dummy": {}}}
+
+ assert not os.path.exists(dummyfile)
+ AppResourceManager("testapp", current=current, wanted=wanted).apply(
+ rollback_and_raise_exception_if_failure=False
+ )
+ assert open(dummyfile).read().strip() == "foo"
+
+
+def test_deprovision_dummy():
+
+ current = {"resources": {"dummy": {}}}
+ wanted = {"resources": {}}
+
+ open(dummyfile, "w").write("foo")
+
+ assert open(dummyfile).read().strip() == "foo"
+ AppResourceManager("testapp", current=current, wanted=wanted).apply(
+ rollback_and_raise_exception_if_failure=False
+ )
+ assert not os.path.exists(dummyfile)
+
+
+def test_provision_dummy_nondefaultvalue():
+
+ current = {"resources": {}}
+ wanted = {"resources": {"dummy": {"content": "bar"}}}
+
+ assert not os.path.exists(dummyfile)
+ AppResourceManager("testapp", current=current, wanted=wanted).apply(
+ rollback_and_raise_exception_if_failure=False
+ )
+ assert open(dummyfile).read().strip() == "bar"
+
+
+def test_update_dummy():
+
+ current = {"resources": {"dummy": {}}}
+ wanted = {"resources": {"dummy": {"content": "bar"}}}
+
+ open(dummyfile, "w").write("foo")
+
+ assert open(dummyfile).read().strip() == "foo"
+ AppResourceManager("testapp", current=current, wanted=wanted).apply(
+ rollback_and_raise_exception_if_failure=False
+ )
+ assert open(dummyfile).read().strip() == "bar"
+
+
+def test_update_dummy_failwithrollback():
+
+ current = {"resources": {"dummy": {}}}
+ wanted = {"resources": {"dummy": {"content": "forbiddenvalue"}}}
+
+ open(dummyfile, "w").write("foo")
+
+ assert open(dummyfile).read().strip() == "foo"
+ with pytest.raises(Exception):
+ AppResourceManager("testapp", current=current, wanted=wanted).apply(
+ rollback_and_raise_exception_if_failure=True
+ )
+ assert open(dummyfile).read().strip() == "foo"
+
+
+def test_resource_system_user():
+
+ r = AppResourceClassesByType["system_user"]
+
+ conf = {}
+
+ assert os.system("getent passwd testapp 2>/dev/null") != 0
+
+ r(conf, "testapp").provision_or_update()
+
+ assert os.system("getent passwd testapp >/dev/null") == 0
+ assert os.system("groups testapp | grep -q 'sftp.app'") != 0
+
+ conf["allow_sftp"] = True
+ r(conf, "testapp").provision_or_update()
+
+ assert os.system("getent passwd testapp >/dev/null") == 0
+ assert os.system("groups testapp | grep -q 'sftp.app'") == 0
+
+ r(conf, "testapp").deprovision()
+
+ assert os.system("getent passwd testapp 2>/dev/null") != 0
+
+
+def test_resource_install_dir():
+
+ r = AppResourceClassesByType["install_dir"]
+ conf = {"owner": "nobody:rx", "group": "nogroup:rx"}
+
+ # FIXME: should also check settings ?
+ # FIXME: should also check automigrate from final_path
+ # FIXME: should also test changing the install folder location ?
+
+ assert not os.path.exists("/var/www/testapp")
+
+ r(conf, "testapp").provision_or_update()
+
+ assert os.path.exists("/var/www/testapp")
+ unixperms = check_output("ls -ld /var/www/testapp").split()
+ assert unixperms[0] == "dr-xr-x---"
+ assert unixperms[2] == "nobody"
+ assert unixperms[3] == "nogroup"
+
+ conf["owner"] = "nobody:rwx"
+ conf["group"] = "www-data:x"
+
+ r(conf, "testapp").provision_or_update()
+
+ assert os.path.exists("/var/www/testapp")
+ unixperms = check_output("ls -ld /var/www/testapp").split()
+ assert unixperms[0] == "drwx--x---"
+ assert unixperms[2] == "nobody"
+ assert unixperms[3] == "www-data"
+
+ r(conf, "testapp").deprovision()
+
+ assert not os.path.exists("/var/www/testapp")
+
+
+def test_resource_data_dir():
+
+ r = AppResourceClassesByType["data_dir"]
+ conf = {"owner": "nobody:rx", "group": "nogroup:rx"}
+
+ assert not os.path.exists("/home/yunohost.app/testapp")
+
+ r(conf, "testapp").provision_or_update()
+
+ assert os.path.exists("/home/yunohost.app/testapp")
+ unixperms = check_output("ls -ld /home/yunohost.app/testapp").split()
+ assert unixperms[0] == "dr-xr-x---"
+ assert unixperms[2] == "nobody"
+ assert unixperms[3] == "nogroup"
+
+ conf["owner"] = "nobody:rwx"
+ conf["group"] = "www-data:x"
+
+ r(conf, "testapp").provision_or_update()
+
+ assert os.path.exists("/home/yunohost.app/testapp")
+ unixperms = check_output("ls -ld /home/yunohost.app/testapp").split()
+ assert unixperms[0] == "drwx--x---"
+ assert unixperms[2] == "nobody"
+ assert unixperms[3] == "www-data"
+
+ r(conf, "testapp").deprovision()
+
+ # FIXME : implement and check purge option
+ # assert not os.path.exists("/home/yunohost.app/testapp")
+
+
+def test_resource_ports():
+
+ r = AppResourceClassesByType["ports"]
+ conf = {}
+
+ assert not app_setting("testapp", "port")
+
+ r(conf, "testapp").provision_or_update()
+
+ assert app_setting("testapp", "port")
+
+ r(conf, "testapp").deprovision()
+
+ assert not app_setting("testapp", "port")
+
+
+def test_resource_ports_several():
+
+ r = AppResourceClassesByType["ports"]
+ conf = {"main": {"default": 12345}, "foobar": {"default": 23456}}
+
+ assert not app_setting("testapp", "port")
+ assert not app_setting("testapp", "port_foobar")
+
+ r(conf, "testapp").provision_or_update()
+
+ assert app_setting("testapp", "port")
+ assert app_setting("testapp", "port_foobar")
+
+ r(conf, "testapp").deprovision()
+
+ assert not app_setting("testapp", "port")
+ assert not app_setting("testapp", "port_foobar")
+
+
+def test_resource_ports_firewall():
+
+ r = AppResourceClassesByType["ports"]
+ conf = {"main": {"default": 12345}}
+
+ r(conf, "testapp").provision_or_update()
+
+ assert 12345 not in firewall_list()["opened_ports"]
+
+ conf = {"main": {"default": 12345, "exposed": "TCP"}}
+
+ r(conf, "testapp").provision_or_update()
+
+ assert 12345 in firewall_list()["opened_ports"]
+
+ r(conf, "testapp").deprovision()
+
+ assert 12345 not in firewall_list()["opened_ports"]
+
+
+def test_resource_database():
+
+ r = AppResourceClassesByType["database"]
+ conf = {"type": "mysql"}
+
+ assert os.system("mysqlshow 'testapp' >/dev/null 2>/dev/null") != 0
+ assert not app_setting("testapp", "db_name")
+ assert not app_setting("testapp", "db_user")
+ assert not app_setting("testapp", "db_pwd")
+
+ r(conf, "testapp").provision_or_update()
+
+ assert os.system("mysqlshow 'testapp' >/dev/null 2>/dev/null") == 0
+ assert app_setting("testapp", "db_name")
+ assert app_setting("testapp", "db_user")
+ assert app_setting("testapp", "db_pwd")
+
+ r(conf, "testapp").deprovision()
+
+ assert os.system("mysqlshow 'testapp' >/dev/null 2>/dev/null") != 0
+ assert not app_setting("testapp", "db_name")
+ assert not app_setting("testapp", "db_user")
+ assert not app_setting("testapp", "db_pwd")
+
+
+def test_resource_apt():
+
+ r = AppResourceClassesByType["apt"]
+ conf = {
+ "packages": "nyancat, sl",
+ "extras": {
+ "yarn": {
+ "repo": "deb https://dl.yarnpkg.com/debian/ stable main",
+ "key": "https://dl.yarnpkg.com/debian/pubkey.gpg",
+ "packages": "yarn",
+ }
+ },
+ }
+
+ assert os.system("dpkg --list | grep -q 'ii *nyancat '") != 0
+ assert os.system("dpkg --list | grep -q 'ii *sl '") != 0
+ assert os.system("dpkg --list | grep -q 'ii *yarn '") != 0
+ assert os.system("dpkg --list | grep -q 'ii *lolcat '") != 0
+ assert os.system("dpkg --list | grep -q 'ii *testapp-ynh-deps '") != 0
+
+ r(conf, "testapp").provision_or_update()
+
+ assert os.system("dpkg --list | grep -q 'ii *nyancat '") == 0
+ assert os.system("dpkg --list | grep -q 'ii *sl '") == 0
+ assert os.system("dpkg --list | grep -q 'ii *yarn '") == 0
+ assert (
+ os.system("dpkg --list | grep -q 'ii *lolcat '") != 0
+ ) # Lolcat shouldnt be installed yet
+ assert os.system("dpkg --list | grep -q 'ii *testapp-ynh-deps '") == 0
+
+ conf["packages"] += ", lolcat"
+ r(conf, "testapp").provision_or_update()
+
+ assert os.system("dpkg --list | grep -q 'ii *nyancat '") == 0
+ assert os.system("dpkg --list | grep -q 'ii *sl '") == 0
+ assert os.system("dpkg --list | grep -q 'ii *yarn '") == 0
+ assert os.system("dpkg --list | grep -q 'ii *lolcat '") == 0
+ assert os.system("dpkg --list | grep -q 'ii *testapp-ynh-deps '") == 0
+
+ r(conf, "testapp").deprovision()
+
+ assert os.system("dpkg --list | grep -q 'ii *nyancat '") != 0
+ assert os.system("dpkg --list | grep -q 'ii *sl '") != 0
+ assert os.system("dpkg --list | grep -q 'ii *yarn '") != 0
+ assert os.system("dpkg --list | grep -q 'ii *lolcat '") != 0
+ assert os.system("dpkg --list | grep -q 'ii *testapp-ynh-deps '") != 0
+
+
+def test_resource_permissions():
+
+ maindomain = _get_maindomain()
+ os.system(f"echo 'domain: {maindomain}' >> /etc/yunohost/apps/testapp/settings.yml")
+ os.system("echo 'path: /testapp' >> /etc/yunohost/apps/testapp/settings.yml")
+
+ # A manager object is required to set the label of the app...
+ manager = AppResourceManager("testapp", current={}, wanted={"name": "Test App"})
+ r = AppResourceClassesByType["permissions"]
+ conf = {
+ "main": {
+ "url": "/",
+ "allowed": "visitors"
+ # TODO: test protected?
+ },
+ }
+
+ res = user_permission_list(full=True)["permissions"]
+ assert not any(key.startswith("testapp.") for key in res)
+
+ r(conf, "testapp", manager).provision_or_update()
+
+ res = user_permission_list(full=True)["permissions"]
+ assert "testapp.main" in res
+ assert "visitors" in res["testapp.main"]["allowed"]
+ assert res["testapp.main"]["url"] == "/"
+ assert "testapp.admin" not in res
+
+ conf["admin"] = {"url": "/admin", "allowed": ""}
+
+ r(conf, "testapp", manager).provision_or_update()
+
+ res = user_permission_list(full=True)["permissions"]
+
+ assert "testapp.main" in list(res.keys())
+ assert "visitors" in res["testapp.main"]["allowed"]
+ assert res["testapp.main"]["url"] == "/"
+
+ assert "testapp.admin" in res
+ assert not res["testapp.admin"]["allowed"]
+ assert res["testapp.admin"]["url"] == "/admin"
+
+ conf["admin"]["url"] = "/adminpanel"
+
+ r(conf, "testapp", manager).provision_or_update()
+
+ res = user_permission_list(full=True)["permissions"]
+
+ assert res["testapp.admin"]["url"] == "/adminpanel"
+
+ r(conf, "testapp").deprovision()
+
+ res = user_permission_list(full=True)["permissions"]
+ assert "testapp.main" not in res
diff --git a/src/tests/test_apps.py b/src/tests/test_apps.py
index 2a808b5bd..6efdaa0b0 100644
--- a/src/tests/test_apps.py
+++ b/src/tests/test_apps.py
@@ -15,6 +15,8 @@ from yunohost.app import (
_is_installed,
app_upgrade,
app_map,
+ app_manifest,
+ app_info,
)
from yunohost.domain import _get_maindomain, domain_add, domain_remove, domain_list
from yunohost.utils.error import YunohostError
@@ -45,6 +47,7 @@ def clean():
"break_yo_system",
"legacy_app",
"legacy_app__2",
+ "manifestv2_app",
"full_domain_app",
"my_webapp",
]
@@ -115,7 +118,10 @@ def app_expected_files(domain, app):
if app.startswith("legacy_app"):
yield "/var/www/%s/index.html" % app
yield "/etc/yunohost/apps/%s/settings.yml" % app
- yield "/etc/yunohost/apps/%s/manifest.json" % app
+ if "manifestv2" in app:
+ yield "/etc/yunohost/apps/%s/manifest.toml" % app
+ else:
+ yield "/etc/yunohost/apps/%s/manifest.json" % app
yield "/etc/yunohost/apps/%s/scripts/install" % app
yield "/etc/yunohost/apps/%s/scripts/remove" % app
@@ -157,6 +163,17 @@ def install_legacy_app(domain, path, public=True):
)
+def install_manifestv2_app(domain, path, public=True):
+
+ app_install(
+ os.path.join(get_test_apps_dir(), "manifestv2_app_ynh"),
+ args="domain={}&path={}&init_main_permission={}".format(
+ domain, path, "visitors" if public else "all_users"
+ ),
+ force=True,
+ )
+
+
def install_full_domain_app(domain):
app_install(
@@ -195,6 +212,139 @@ def test_legacy_app_install_main_domain():
assert app_is_not_installed(main_domain, "legacy_app")
+def test_legacy_app_manifest_preinstall():
+
+ m = app_manifest(os.path.join(get_test_apps_dir(), "legacy_app_ynh"))
+ # v1 manifesto are expected to have been autoconverted to v2
+
+ assert "id" in m
+ assert "description" in m
+ assert "integration" in m
+ assert "install" in m
+ assert m["doc"] == {}
+ assert m["notifications"] == {
+ "PRE_INSTALL": {},
+ "PRE_UPGRADE": {},
+ "POST_INSTALL": {},
+ "POST_UPGRADE": {},
+ }
+
+
+def test_manifestv2_app_manifest_preinstall():
+
+ m = app_manifest(os.path.join(get_test_apps_dir(), "manifestv2_app_ynh"))
+
+ assert "id" in m
+ assert "install" in m
+ assert "description" in m
+ assert "doc" in m
+ assert (
+ "This is a dummy description of this app features"
+ in m["doc"]["DESCRIPTION"]["en"]
+ )
+ assert (
+ "Ceci est une fausse description des fonctionalités de l'app"
+ in m["doc"]["DESCRIPTION"]["fr"]
+ )
+ assert "notifications" in m
+ assert (
+ "This is a dummy disclaimer to display prior to the install"
+ in m["notifications"]["PRE_INSTALL"]["main"]["en"]
+ )
+ assert (
+ "Ceci est un faux disclaimer à présenter avant l'installation"
+ in m["notifications"]["PRE_INSTALL"]["main"]["fr"]
+ )
+
+
+def test_manifestv2_app_install_main_domain():
+
+ main_domain = _get_maindomain()
+
+ install_manifestv2_app(main_domain, "/manifestv2")
+
+ app_map_ = app_map(raw=True)
+ assert main_domain in app_map_
+ assert "/manifestv2" in app_map_[main_domain]
+ assert "id" in app_map_[main_domain]["/manifestv2"]
+ assert app_map_[main_domain]["/manifestv2"]["id"] == "manifestv2_app"
+
+ assert app_is_installed(main_domain, "manifestv2_app")
+ assert app_is_exposed_on_http(main_domain, "/manifestv2", "Hextris")
+
+ app_remove("manifestv2_app")
+
+ assert app_is_not_installed(main_domain, "manifestv2_app")
+
+
+def test_manifestv2_app_info_postinstall():
+
+ main_domain = _get_maindomain()
+ install_manifestv2_app(main_domain, "/manifestv2")
+ m = app_info("manifestv2_app", full=True)["manifest"]
+
+ assert "id" in m
+ assert "install" in m
+ assert "description" in m
+ assert "doc" in m
+ assert "The app install dir is /var/www/manifestv2_app" in m["doc"]["ADMIN"]["en"]
+ assert (
+ "Le dossier d'install de l'app est /var/www/manifestv2_app"
+ in m["doc"]["ADMIN"]["fr"]
+ )
+ assert "notifications" in m
+ assert (
+ "The app install dir is /var/www/manifestv2_app"
+ in m["notifications"]["POST_INSTALL"]["main"]["en"]
+ )
+ assert (
+ "The app id is manifestv2_app"
+ in m["notifications"]["POST_INSTALL"]["main"]["en"]
+ )
+ assert (
+ f"The app url is {main_domain}/manifestv2"
+ in m["notifications"]["POST_INSTALL"]["main"]["en"]
+ )
+
+
+def test_manifestv2_app_info_preupgrade(monkeypatch):
+
+ manifest = app_manifest(os.path.join(get_test_apps_dir(), "manifestv2_app_ynh"))
+
+ from yunohost.app_catalog import _load_apps_catalog as original_load_apps_catalog
+
+ def custom_load_apps_catalog(*args, **kwargs):
+
+ res = original_load_apps_catalog(*args, **kwargs)
+ res["apps"]["manifestv2_app"] = {
+ "id": "manifestv2_app",
+ "level": 10,
+ "lastUpdate": 999999999,
+ "maintained": True,
+ "manifest": manifest,
+ "state": "working",
+ }
+ res["apps"]["manifestv2_app"]["manifest"]["version"] = "99999~ynh1"
+
+ return res
+
+ monkeypatch.setattr("yunohost.app._load_apps_catalog", custom_load_apps_catalog)
+
+ main_domain = _get_maindomain()
+ install_manifestv2_app(main_domain, "/manifestv2")
+ i = app_info("manifestv2_app", full=True)
+
+ assert i["upgradable"] == "yes"
+ assert i["new_version"] == "99999~ynh1"
+ # FIXME : as I write this test, I realize that this implies the catalog API
+ # does provide the notifications, which means the list builder script
+ # should parse the files in the original app repo, possibly with proper i18n etc
+ assert (
+ "This is a dummy disclaimer to display prior to any upgrade"
+ in i["from_catalog"]["manifest"]["notifications"]["PRE_UPGRADE"]["main"]["en"]
+ )
+
+
def test_app_from_catalog():
main_domain = _get_maindomain()
diff --git a/src/tests/test_backuprestore.py b/src/tests/test_backuprestore.py
index 03c3aa0c7..dc37d3497 100644
--- a/src/tests/test_backuprestore.py
+++ b/src/tests/test_backuprestore.py
@@ -77,7 +77,7 @@ def setup_function(function):
if "with_permission_app_installed" in markers:
assert not app_is_installed("permissions_app")
- user_create("alice", "Alice", "White", maindomain, "test123Ynh")
+ user_create("alice", maindomain, "test123Ynh", fullname="Alice White")
with patch.object(os, "isatty", return_value=False):
install_app("permissions_app_ynh", "/urlpermissionapp" "&admin=alice")
assert app_is_installed("permissions_app")
@@ -355,13 +355,15 @@ def test_backup_script_failure_handling(monkeypatch, mocker):
@pytest.mark.with_backup_recommended_app_installed
def test_backup_not_enough_free_space(monkeypatch, mocker):
- def custom_disk_usage(path):
+ def custom_space_used_by_directory(path, *args, **kwargs):
return 99999999999999999
def custom_free_space_in_directory(dirpath):
return 0
- monkeypatch.setattr("yunohost.backup.disk_usage", custom_disk_usage)
+ monkeypatch.setattr(
+ "yunohost.backup.space_used_by_directory", custom_space_used_by_directory
+ )
monkeypatch.setattr(
"yunohost.backup.free_space_in_directory", custom_free_space_in_directory
)
diff --git a/src/tests/test_ldapauth.py b/src/tests/test_ldapauth.py
index a95dea443..e8a48aa6d 100644
--- a/src/tests/test_ldapauth.py
+++ b/src/tests/test_ldapauth.py
@@ -2,7 +2,8 @@ import pytest
import os
from yunohost.authenticators.ldap_admin import Authenticator as LDAPAuth
-from yunohost.tools import tools_adminpw
+from yunohost.user import user_create, user_list, user_update, user_delete
+from yunohost.domain import _get_maindomain
from moulinette import m18n
from moulinette.core import MoulinetteError
@@ -10,50 +11,75 @@ from moulinette.core import MoulinetteError
def setup_function(function):
- if os.system("systemctl is-active slapd") != 0:
+ for u in user_list()["users"]:
+ user_delete(u, purge=True)
+
+ maindomain = _get_maindomain()
+
+ if os.system("systemctl is-active slapd >/dev/null") != 0:
os.system("systemctl start slapd && sleep 3")
- tools_adminpw("yunohost", check_strength=False)
+ user_create("alice", maindomain, "Yunohost", admin=True, fullname="Alice White")
+ user_create("bob", maindomain, "test123Ynh", fullname="Bob Snow")
+
+
+def teardown_function():
+
+ os.system("systemctl is-active slapd >/dev/null || systemctl start slapd; sleep 5")
+
+ for u in user_list()["users"]:
+ user_delete(u, purge=True)
def test_authenticate():
- LDAPAuth().authenticate_credentials(credentials="yunohost")
+ LDAPAuth().authenticate_credentials(credentials="alice:Yunohost")
+
+
+def test_authenticate_with_no_user():
+
+ with pytest.raises(MoulinetteError):
+ LDAPAuth().authenticate_credentials(credentials="Yunohost")
+
+ with pytest.raises(MoulinetteError):
+ LDAPAuth().authenticate_credentials(credentials=":Yunohost")
+
+
+def test_authenticate_with_user_who_is_not_admin():
+
+ with pytest.raises(MoulinetteError) as exception:
+ LDAPAuth().authenticate_credentials(credentials="bob:test123Ynh")
+
+ translation = m18n.n("invalid_credentials")
+ expected_msg = translation.format()
+ assert expected_msg in str(exception)
def test_authenticate_with_wrong_password():
with pytest.raises(MoulinetteError) as exception:
- LDAPAuth().authenticate_credentials(credentials="bad_password_lul")
+ LDAPAuth().authenticate_credentials(credentials="alice:bad_password_lul")
- translation = m18n.n("invalid_password")
+ translation = m18n.n("invalid_credentials")
expected_msg = translation.format()
assert expected_msg in str(exception)
def test_authenticate_server_down(mocker):
- os.system("systemctl stop slapd && sleep 3")
+ os.system("systemctl stop slapd && sleep 5")
- # Now if slapd is down, moulinette tries to restart it
- mocker.patch("os.system")
- mocker.patch("time.sleep")
- with pytest.raises(MoulinetteError) as exception:
- LDAPAuth().authenticate_credentials(credentials="yunohost")
-
- translation = m18n.n("ldap_server_down")
- expected_msg = translation.format()
- assert expected_msg in str(exception)
+ LDAPAuth().authenticate_credentials(credentials="alice:Yunohost")
def test_authenticate_change_password():
- LDAPAuth().authenticate_credentials(credentials="yunohost")
+ LDAPAuth().authenticate_credentials(credentials="alice:Yunohost")
- tools_adminpw("plopette", check_strength=False)
+ user_update("alice", change_password="plopette")
with pytest.raises(MoulinetteError) as exception:
- LDAPAuth().authenticate_credentials(credentials="yunohost")
+ LDAPAuth().authenticate_credentials(credentials="alice:Yunohost")
- translation = m18n.n("invalid_password")
+ translation = m18n.n("invalid_credentials")
expected_msg = translation.format()
assert expected_msg in str(exception)
- LDAPAuth().authenticate_credentials(credentials="plopette")
+ LDAPAuth().authenticate_credentials(credentials="alice:plopette")
diff --git a/src/tests/test_permission.py b/src/tests/test_permission.py
index 4e7f9f53d..acb3419c9 100644
--- a/src/tests/test_permission.py
+++ b/src/tests/test_permission.py
@@ -78,6 +78,7 @@ def _permission_create_with_dummy_app(
"name": app,
"id": app,
"description": {"en": "Dummy app to test permissions"},
+ "arguments": {"install": []},
},
f,
)
@@ -108,7 +109,7 @@ def clean_user_groups_permission():
user_delete(u)
for g in user_group_list()["groups"]:
- if g not in ["all_users", "visitors"]:
+ if g not in ["all_users", "visitors", "admins"]:
user_group_delete(g)
for p in user_permission_list()["permissions"]:
@@ -157,8 +158,8 @@ def setup_function(function):
socket.getaddrinfo = new_getaddrinfo
- user_create("alice", "Alice", "White", maindomain, dummy_password)
- user_create("bob", "Bob", "Snow", maindomain, dummy_password)
+ user_create("alice", maindomain, dummy_password, fullname="Alice White")
+ user_create("bob", maindomain, dummy_password, fullname="Bob Snow")
_permission_create_with_dummy_app(
permission="wiki.main",
url="/",
@@ -257,7 +258,7 @@ def check_LDAP_db_integrity():
for user in user_search:
user_dn = "uid=" + user["uid"][0] + ",ou=users,dc=yunohost,dc=org"
- group_list = [_ldap_path_extract(m, "cn") for m in user["memberOf"]]
+ group_list = [_ldap_path_extract(m, "cn") for m in user.get("memberOf", [])]
permission_list = [
_ldap_path_extract(m, "cn") for m in user.get("permission", [])
]
diff --git a/src/tests/test_questions.py b/src/tests/test_questions.py
index 5917d32d4..e49047469 100644
--- a/src/tests/test_questions.py
+++ b/src/tests/test_questions.py
@@ -23,37 +23,38 @@ from yunohost.utils.error import YunohostError, YunohostValidationError
"""
Argument default format:
{
- "name": "the_name",
- "type": "one_of_the_available_type", // "sting" is not specified
- "ask": {
- "en": "the question in english",
- "fr": "the question in french"
- },
- "help": {
- "en": "some help text in english",
- "fr": "some help text in french"
- },
- "example": "an example value", // optional
- "default", "some stuff", // optional, not available for all types
- "optional": true // optional, will skip if not answered
+ "the_name": {
+ "type": "one_of_the_available_type", // "sting" is not specified
+ "ask": {
+ "en": "the question in english",
+ "fr": "the question in french"
+ },
+ "help": {
+ "en": "some help text in english",
+ "fr": "some help text in french"
+ },
+ "example": "an example value", // optional
+ "default", "some stuff", // optional, not available for all types
+ "optional": true // optional, will skip if not answered
+ }
}
User answers:
-{"name": "value", ...}
+{"the_name": "value", ...}
"""
def test_question_empty():
- ask_questions_and_parse_answers([], {}) == []
+ ask_questions_and_parse_answers({}, {}) == []
def test_question_string():
- questions = [
- {
- "name": "some_string",
+
+ questions = {
+ "some_string": {
"type": "string",
}
- ]
+ }
answers = {"some_string": "some_value"}
out = ask_questions_and_parse_answers(questions, answers)[0]
@@ -65,12 +66,11 @@ def test_question_string():
def test_question_string_from_query_string():
- questions = [
- {
- "name": "some_string",
+ questions = {
+ "some_string": {
"type": "string",
}
- ]
+ }
answers = "foo=bar&some_string=some_value&lorem=ipsum"
out = ask_questions_and_parse_answers(questions, answers)[0]
@@ -81,11 +81,7 @@ def test_question_string_from_query_string():
def test_question_string_default_type():
- questions = [
- {
- "name": "some_string",
- }
- ]
+ questions = {"some_string": {}}
answers = {"some_string": "some_value"}
out = ask_questions_and_parse_answers(questions, answers)[0]
@@ -96,11 +92,7 @@ def test_question_string_default_type():
def test_question_string_no_input():
- questions = [
- {
- "name": "some_string",
- }
- ]
+ questions = {"some_string": {}}
answers = {}
with pytest.raises(YunohostError), patch.object(os, "isatty", return_value=False):
@@ -108,12 +100,11 @@ def test_question_string_no_input():
def test_question_string_input():
- questions = [
- {
- "name": "some_string",
+ questions = {
+ "some_string": {
"ask": "some question",
}
- ]
+ }
answers = {}
with patch.object(Moulinette, "prompt", return_value="some_value"), patch.object(
@@ -127,11 +118,7 @@ def test_question_string_input():
def test_question_string_input_no_ask():
- questions = [
- {
- "name": "some_string",
- }
- ]
+ questions = {"some_string": {}}
answers = {}
with patch.object(Moulinette, "prompt", return_value="some_value"), patch.object(
@@ -145,12 +132,7 @@ def test_question_string_input_no_ask():
def test_question_string_no_input_optional():
- questions = [
- {
- "name": "some_string",
- "optional": True,
- }
- ]
+ questions = {"some_string": {"optional": True}}
answers = {}
with patch.object(os, "isatty", return_value=False):
out = ask_questions_and_parse_answers(questions, answers)[0]
@@ -161,13 +143,12 @@ def test_question_string_no_input_optional():
def test_question_string_optional_with_input():
- questions = [
- {
- "name": "some_string",
+ questions = {
+ "some_string": {
"ask": "some question",
"optional": True,
}
- ]
+ }
answers = {}
with patch.object(Moulinette, "prompt", return_value="some_value"), patch.object(
@@ -181,13 +162,12 @@ def test_question_string_optional_with_input():
def test_question_string_optional_with_empty_input():
- questions = [
- {
- "name": "some_string",
+ questions = {
+ "some_string": {
"ask": "some question",
"optional": True,
}
- ]
+ }
answers = {}
with patch.object(Moulinette, "prompt", return_value=""), patch.object(
@@ -201,12 +181,11 @@ def test_question_string_optional_with_empty_input():
def test_question_string_optional_with_input_without_ask():
- questions = [
- {
- "name": "some_string",
+ questions = {
+ "some_string": {
"optional": True,
}
- ]
+ }
answers = {}
with patch.object(Moulinette, "prompt", return_value="some_value"), patch.object(
@@ -220,13 +199,12 @@ def test_question_string_optional_with_input_without_ask():
def test_question_string_no_input_default():
- questions = [
- {
- "name": "some_string",
+ questions = {
+ "some_string": {
"ask": "some question",
"default": "some_value",
}
- ]
+ }
answers = {}
with patch.object(os, "isatty", return_value=False):
out = ask_questions_and_parse_answers(questions, answers)[0]
@@ -238,12 +216,11 @@ def test_question_string_no_input_default():
def test_question_string_input_test_ask():
ask_text = "some question"
- questions = [
- {
- "name": "some_string",
+ questions = {
+ "some_string": {
"ask": ask_text,
}
- ]
+ }
answers = {}
with patch.object(
@@ -264,13 +241,12 @@ def test_question_string_input_test_ask():
def test_question_string_input_test_ask_with_default():
ask_text = "some question"
default_text = "some example"
- questions = [
- {
- "name": "some_string",
+ questions = {
+ "some_string": {
"ask": ask_text,
"default": default_text,
}
- ]
+ }
answers = {}
with patch.object(
@@ -292,13 +268,12 @@ def test_question_string_input_test_ask_with_default():
def test_question_string_input_test_ask_with_example():
ask_text = "some question"
example_text = "some example"
- questions = [
- {
- "name": "some_string",
+ questions = {
+ "some_string": {
"ask": ask_text,
"example": example_text,
}
- ]
+ }
answers = {}
with patch.object(
@@ -313,13 +288,12 @@ def test_question_string_input_test_ask_with_example():
def test_question_string_input_test_ask_with_help():
ask_text = "some question"
help_text = "some_help"
- questions = [
- {
- "name": "some_string",
+ questions = {
+ "some_string": {
"ask": ask_text,
"help": help_text,
}
- ]
+ }
answers = {}
with patch.object(
@@ -331,7 +305,7 @@ def test_question_string_input_test_ask_with_help():
def test_question_string_with_choice():
- questions = [{"name": "some_string", "type": "string", "choices": ["fr", "en"]}]
+ questions = {"some_string": {"type": "string", "choices": ["fr", "en"]}}
answers = {"some_string": "fr"}
out = ask_questions_and_parse_answers(questions, answers)[0]
@@ -341,7 +315,7 @@ def test_question_string_with_choice():
def test_question_string_with_choice_prompt():
- questions = [{"name": "some_string", "type": "string", "choices": ["fr", "en"]}]
+ questions = {"some_string": {"type": "string", "choices": ["fr", "en"]}}
answers = {"some_string": "fr"}
with patch.object(Moulinette, "prompt", return_value="fr"), patch.object(
os, "isatty", return_value=True
@@ -354,7 +328,7 @@ def test_question_string_with_choice_prompt():
def test_question_string_with_choice_bad():
- questions = [{"name": "some_string", "type": "string", "choices": ["fr", "en"]}]
+ questions = {"some_string": {"type": "string", "choices": ["fr", "en"]}}
answers = {"some_string": "bad"}
with pytest.raises(YunohostError), patch.object(os, "isatty", return_value=False):
@@ -364,13 +338,12 @@ def test_question_string_with_choice_bad():
def test_question_string_with_choice_ask():
ask_text = "some question"
choices = ["fr", "en", "es", "it", "ru"]
- questions = [
- {
- "name": "some_string",
+ questions = {
+ "some_string": {
"ask": ask_text,
"choices": choices,
}
- ]
+ }
answers = {}
with patch.object(Moulinette, "prompt", return_value="ru") as prompt, patch.object(
@@ -384,14 +357,13 @@ def test_question_string_with_choice_ask():
def test_question_string_with_choice_default():
- questions = [
- {
- "name": "some_string",
+ questions = {
+ "some_string": {
"type": "string",
"choices": ["fr", "en"],
"default": "en",
}
- ]
+ }
answers = {}
with patch.object(os, "isatty", return_value=False):
out = ask_questions_and_parse_answers(questions, answers)[0]
@@ -402,12 +374,11 @@ def test_question_string_with_choice_default():
def test_question_password():
- questions = [
- {
- "name": "some_password",
+ questions = {
+ "some_password": {
"type": "password",
}
- ]
+ }
answers = {"some_password": "some_value"}
out = ask_questions_and_parse_answers(questions, answers)[0]
@@ -417,12 +388,11 @@ def test_question_password():
def test_question_password_no_input():
- questions = [
- {
- "name": "some_password",
+ questions = {
+ "some_password": {
"type": "password",
}
- ]
+ }
answers = {}
with pytest.raises(YunohostError), patch.object(os, "isatty", return_value=False):
@@ -430,13 +400,12 @@ def test_question_password_no_input():
def test_question_password_input():
- questions = [
- {
- "name": "some_password",
+ questions = {
+ "some_password": {
"type": "password",
"ask": "some question",
}
- ]
+ }
answers = {}
with patch.object(Moulinette, "prompt", return_value="some_value"), patch.object(
@@ -450,12 +419,11 @@ def test_question_password_input():
def test_question_password_input_no_ask():
- questions = [
- {
- "name": "some_password",
+ questions = {
+ "some_password": {
"type": "password",
}
- ]
+ }
answers = {}
with patch.object(Moulinette, "prompt", return_value="some_value"), patch.object(
@@ -469,13 +437,12 @@ def test_question_password_input_no_ask():
def test_question_password_no_input_optional():
- questions = [
- {
- "name": "some_password",
+ questions = {
+ "some_password": {
"type": "password",
"optional": True,
}
- ]
+ }
answers = {}
with patch.object(os, "isatty", return_value=False):
@@ -485,9 +452,7 @@ def test_question_password_no_input_optional():
assert out.type == "password"
assert out.value == ""
- questions = [
- {"name": "some_password", "type": "password", "optional": True, "default": ""}
- ]
+ questions = {"some_password": {"type": "password", "optional": True, "default": ""}}
with patch.object(os, "isatty", return_value=False):
out = ask_questions_and_parse_answers(questions, answers)[0]
@@ -498,14 +463,13 @@ def test_question_password_no_input_optional():
def test_question_password_optional_with_input():
- questions = [
- {
- "name": "some_password",
+ questions = {
+ "some_password": {
"ask": "some question",
"type": "password",
"optional": True,
}
- ]
+ }
answers = {}
with patch.object(Moulinette, "prompt", return_value="some_value"), patch.object(
@@ -519,14 +483,13 @@ def test_question_password_optional_with_input():
def test_question_password_optional_with_empty_input():
- questions = [
- {
- "name": "some_password",
+ questions = {
+ "some_password": {
"ask": "some question",
"type": "password",
"optional": True,
}
- ]
+ }
answers = {}
with patch.object(Moulinette, "prompt", return_value=""), patch.object(
@@ -540,13 +503,12 @@ def test_question_password_optional_with_empty_input():
def test_question_password_optional_with_input_without_ask():
- questions = [
- {
- "name": "some_password",
+ questions = {
+ "some_password": {
"type": "password",
"optional": True,
}
- ]
+ }
answers = {}
with patch.object(Moulinette, "prompt", return_value="some_value"), patch.object(
@@ -560,14 +522,13 @@ def test_question_password_optional_with_input_without_ask():
def test_question_password_no_input_default():
- questions = [
- {
- "name": "some_password",
+ questions = {
+ "some_password": {
"type": "password",
"ask": "some question",
"default": "some_value",
}
- ]
+ }
answers = {}
# no default for password!
@@ -577,14 +538,13 @@ def test_question_password_no_input_default():
@pytest.mark.skip # this should raises
def test_question_password_no_input_example():
- questions = [
- {
- "name": "some_password",
+ questions = {
+ "some_password": {
"type": "password",
"ask": "some question",
"example": "some_value",
}
- ]
+ }
answers = {"some_password": "some_value"}
# no example for password!
@@ -594,13 +554,12 @@ def test_question_password_no_input_example():
def test_question_password_input_test_ask():
ask_text = "some question"
- questions = [
- {
- "name": "some_password",
+ questions = {
+ "some_password": {
"type": "password",
"ask": ask_text,
}
- ]
+ }
answers = {}
with patch.object(
@@ -622,14 +581,13 @@ def test_question_password_input_test_ask():
def test_question_password_input_test_ask_with_example():
ask_text = "some question"
example_text = "some example"
- questions = [
- {
- "name": "some_password",
+ questions = {
+ "some_password": {
"type": "password",
"ask": ask_text,
"example": example_text,
}
- ]
+ }
answers = {}
with patch.object(
@@ -644,14 +602,13 @@ def test_question_password_input_test_ask_with_example():
def test_question_password_input_test_ask_with_help():
ask_text = "some question"
help_text = "some_help"
- questions = [
- {
- "name": "some_password",
+ questions = {
+ "some_password": {
"type": "password",
"ask": ask_text,
"help": help_text,
}
- ]
+ }
answers = {}
with patch.object(
@@ -663,14 +620,13 @@ def test_question_password_input_test_ask_with_help():
def test_question_password_bad_chars():
- questions = [
- {
- "name": "some_password",
+ questions = {
+ "some_password": {
"type": "password",
"ask": "some question",
"example": "some_value",
}
- ]
+ }
for i in PasswordQuestion.forbidden_chars:
with pytest.raises(YunohostError), patch.object(
@@ -680,14 +636,13 @@ def test_question_password_bad_chars():
def test_question_password_strong_enough():
- questions = [
- {
- "name": "some_password",
+ questions = {
+ "some_password": {
"type": "password",
"ask": "some question",
"example": "some_value",
}
- ]
+ }
with pytest.raises(YunohostError), patch.object(os, "isatty", return_value=False):
# too short
@@ -698,14 +653,13 @@ def test_question_password_strong_enough():
def test_question_password_optional_strong_enough():
- questions = [
- {
- "name": "some_password",
+ questions = {
+ "some_password": {
"ask": "some question",
"type": "password",
"optional": True,
}
- ]
+ }
with pytest.raises(YunohostError), patch.object(os, "isatty", return_value=False):
# too short
@@ -716,12 +670,11 @@ def test_question_password_optional_strong_enough():
def test_question_path():
- questions = [
- {
- "name": "some_path",
+ questions = {
+ "some_path": {
"type": "path",
}
- ]
+ }
answers = {"some_path": "/some_value"}
out = ask_questions_and_parse_answers(questions, answers)[0]
@@ -731,12 +684,11 @@ def test_question_path():
def test_question_path_no_input():
- questions = [
- {
- "name": "some_path",
+ questions = {
+ "some_path": {
"type": "path",
}
- ]
+ }
answers = {}
with pytest.raises(YunohostError), patch.object(os, "isatty", return_value=False):
@@ -744,13 +696,12 @@ def test_question_path_no_input():
def test_question_path_input():
- questions = [
- {
- "name": "some_path",
+ questions = {
+ "some_path": {
"type": "path",
"ask": "some question",
}
- ]
+ }
answers = {}
with patch.object(Moulinette, "prompt", return_value="/some_value"), patch.object(
@@ -764,12 +715,11 @@ def test_question_path_input():
def test_question_path_input_no_ask():
- questions = [
- {
- "name": "some_path",
+ questions = {
+ "some_path": {
"type": "path",
}
- ]
+ }
answers = {}
with patch.object(Moulinette, "prompt", return_value="/some_value"), patch.object(
@@ -783,13 +733,12 @@ def test_question_path_input_no_ask():
def test_question_path_no_input_optional():
- questions = [
- {
- "name": "some_path",
+ questions = {
+ "some_path": {
"type": "path",
"optional": True,
}
- ]
+ }
answers = {}
with patch.object(os, "isatty", return_value=False):
out = ask_questions_and_parse_answers(questions, answers)[0]
@@ -800,14 +749,13 @@ def test_question_path_no_input_optional():
def test_question_path_optional_with_input():
- questions = [
- {
- "name": "some_path",
+ questions = {
+ "some_path": {
"ask": "some question",
"type": "path",
"optional": True,
}
- ]
+ }
answers = {}
with patch.object(Moulinette, "prompt", return_value="/some_value"), patch.object(
@@ -821,14 +769,13 @@ def test_question_path_optional_with_input():
def test_question_path_optional_with_empty_input():
- questions = [
- {
- "name": "some_path",
+ questions = {
+ "some_path": {
"ask": "some question",
"type": "path",
"optional": True,
}
- ]
+ }
answers = {}
with patch.object(Moulinette, "prompt", return_value=""), patch.object(
@@ -842,13 +789,12 @@ def test_question_path_optional_with_empty_input():
def test_question_path_optional_with_input_without_ask():
- questions = [
- {
- "name": "some_path",
+ questions = {
+ "some_path": {
"type": "path",
"optional": True,
}
- ]
+ }
answers = {}
with patch.object(Moulinette, "prompt", return_value="/some_value"), patch.object(
@@ -862,14 +808,13 @@ def test_question_path_optional_with_input_without_ask():
def test_question_path_no_input_default():
- questions = [
- {
- "name": "some_path",
+ questions = {
+ "some_path": {
"ask": "some question",
"type": "path",
"default": "some_value",
}
- ]
+ }
answers = {}
with patch.object(os, "isatty", return_value=False):
out = ask_questions_and_parse_answers(questions, answers)[0]
@@ -881,13 +826,12 @@ def test_question_path_no_input_default():
def test_question_path_input_test_ask():
ask_text = "some question"
- questions = [
- {
- "name": "some_path",
+ questions = {
+ "some_path": {
"type": "path",
"ask": ask_text,
}
- ]
+ }
answers = {}
with patch.object(
@@ -908,14 +852,13 @@ def test_question_path_input_test_ask():
def test_question_path_input_test_ask_with_default():
ask_text = "some question"
default_text = "someexample"
- questions = [
- {
- "name": "some_path",
+ questions = {
+ "some_path": {
"type": "path",
"ask": ask_text,
"default": default_text,
}
- ]
+ }
answers = {}
with patch.object(
@@ -937,14 +880,13 @@ def test_question_path_input_test_ask_with_default():
def test_question_path_input_test_ask_with_example():
ask_text = "some question"
example_text = "some example"
- questions = [
- {
- "name": "some_path",
+ questions = {
+ "some_path": {
"type": "path",
"ask": ask_text,
"example": example_text,
}
- ]
+ }
answers = {}
with patch.object(
@@ -959,14 +901,13 @@ def test_question_path_input_test_ask_with_example():
def test_question_path_input_test_ask_with_help():
ask_text = "some question"
help_text = "some_help"
- questions = [
- {
- "name": "some_path",
+ questions = {
+ "some_path": {
"type": "path",
"ask": ask_text,
"help": help_text,
}
- ]
+ }
answers = {}
with patch.object(
@@ -978,12 +919,11 @@ def test_question_path_input_test_ask_with_help():
def test_question_boolean():
- questions = [
- {
- "name": "some_boolean",
+ questions = {
+ "some_boolean": {
"type": "boolean",
}
- ]
+ }
answers = {"some_boolean": "y"}
out = ask_questions_and_parse_answers(questions, answers)[0]
@@ -993,12 +933,11 @@ def test_question_boolean():
def test_question_boolean_all_yes():
- questions = [
- {
- "name": "some_boolean",
+ questions = {
+ "some_boolean": {
"type": "boolean",
}
- ]
+ }
for value in ["Y", "yes", "Yes", "YES", "1", 1, True, "True", "TRUE", "true"]:
out = ask_questions_and_parse_answers(questions, {"some_boolean": value})[0]
@@ -1008,12 +947,11 @@ def test_question_boolean_all_yes():
def test_question_boolean_all_no():
- questions = [
- {
- "name": "some_boolean",
+ questions = {
+ "some_boolean": {
"type": "boolean",
}
- ]
+ }
for value in ["n", "N", "no", "No", "No", "0", 0, False, "False", "FALSE", "false"]:
out = ask_questions_and_parse_answers(questions, {"some_boolean": value})[0]
@@ -1024,12 +962,11 @@ def test_question_boolean_all_no():
# XXX apparently boolean are always False (0) by default, I'm not sure what to think about that
def test_question_boolean_no_input():
- questions = [
- {
- "name": "some_boolean",
+ questions = {
+ "some_boolean": {
"type": "boolean",
}
- ]
+ }
answers = {}
with patch.object(os, "isatty", return_value=False):
@@ -1039,12 +976,11 @@ def test_question_boolean_no_input():
def test_question_boolean_bad_input():
- questions = [
- {
- "name": "some_boolean",
+ questions = {
+ "some_boolean": {
"type": "boolean",
}
- ]
+ }
answers = {"some_boolean": "stuff"}
with pytest.raises(YunohostError), patch.object(os, "isatty", return_value=False):
@@ -1052,13 +988,12 @@ def test_question_boolean_bad_input():
def test_question_boolean_input():
- questions = [
- {
- "name": "some_boolean",
+ questions = {
+ "some_boolean": {
"type": "boolean",
"ask": "some question",
}
- ]
+ }
answers = {}
with patch.object(Moulinette, "prompt", return_value="y"), patch.object(
@@ -1075,12 +1010,11 @@ def test_question_boolean_input():
def test_question_boolean_input_no_ask():
- questions = [
- {
- "name": "some_boolean",
+ questions = {
+ "some_boolean": {
"type": "boolean",
}
- ]
+ }
answers = {}
with patch.object(Moulinette, "prompt", return_value="y"), patch.object(
@@ -1091,13 +1025,12 @@ def test_question_boolean_input_no_ask():
def test_question_boolean_no_input_optional():
- questions = [
- {
- "name": "some_boolean",
+ questions = {
+ "some_boolean": {
"type": "boolean",
"optional": True,
}
- ]
+ }
answers = {}
with patch.object(os, "isatty", return_value=False):
out = ask_questions_and_parse_answers(questions, answers)[0]
@@ -1105,14 +1038,13 @@ def test_question_boolean_no_input_optional():
def test_question_boolean_optional_with_input():
- questions = [
- {
- "name": "some_boolean",
+ questions = {
+ "some_boolean": {
"ask": "some question",
"type": "boolean",
"optional": True,
}
- ]
+ }
answers = {}
with patch.object(Moulinette, "prompt", return_value="y"), patch.object(
@@ -1123,14 +1055,13 @@ def test_question_boolean_optional_with_input():
def test_question_boolean_optional_with_empty_input():
- questions = [
- {
- "name": "some_boolean",
+ questions = {
+ "some_boolean": {
"ask": "some question",
"type": "boolean",
"optional": True,
}
- ]
+ }
answers = {}
with patch.object(Moulinette, "prompt", return_value=""), patch.object(
@@ -1142,13 +1073,12 @@ def test_question_boolean_optional_with_empty_input():
def test_question_boolean_optional_with_input_without_ask():
- questions = [
- {
- "name": "some_boolean",
+ questions = {
+ "some_boolean": {
"type": "boolean",
"optional": True,
}
- ]
+ }
answers = {}
with patch.object(Moulinette, "prompt", return_value="n"), patch.object(
@@ -1160,14 +1090,13 @@ def test_question_boolean_optional_with_input_without_ask():
def test_question_boolean_no_input_default():
- questions = [
- {
- "name": "some_boolean",
+ questions = {
+ "some_boolean": {
"ask": "some question",
"type": "boolean",
"default": 0,
}
- ]
+ }
answers = {}
with patch.object(os, "isatty", return_value=False):
@@ -1177,14 +1106,13 @@ def test_question_boolean_no_input_default():
def test_question_boolean_bad_default():
- questions = [
- {
- "name": "some_boolean",
+ questions = {
+ "some_boolean": {
"ask": "some question",
"type": "boolean",
"default": "bad default",
}
- ]
+ }
answers = {}
with pytest.raises(YunohostError):
ask_questions_and_parse_answers(questions, answers)
@@ -1192,13 +1120,12 @@ def test_question_boolean_bad_default():
def test_question_boolean_input_test_ask():
ask_text = "some question"
- questions = [
- {
- "name": "some_boolean",
+ questions = {
+ "some_boolean": {
"type": "boolean",
"ask": ask_text,
}
- ]
+ }
answers = {}
with patch.object(Moulinette, "prompt", return_value=0) as prompt, patch.object(
@@ -1219,14 +1146,13 @@ def test_question_boolean_input_test_ask():
def test_question_boolean_input_test_ask_with_default():
ask_text = "some question"
default_text = 1
- questions = [
- {
- "name": "some_boolean",
+ questions = {
+ "some_boolean": {
"type": "boolean",
"ask": ask_text,
"default": default_text,
}
- ]
+ }
answers = {}
with patch.object(Moulinette, "prompt", return_value=1) as prompt, patch.object(
@@ -1245,12 +1171,11 @@ def test_question_boolean_input_test_ask_with_default():
def test_question_domain_empty():
- questions = [
- {
- "name": "some_domain",
+ questions = {
+ "some_domain": {
"type": "domain",
}
- ]
+ }
main_domain = "my_main_domain.com"
answers = {}
@@ -1271,12 +1196,11 @@ def test_question_domain_empty():
def test_question_domain():
main_domain = "my_main_domain.com"
domains = [main_domain]
- questions = [
- {
- "name": "some_domain",
+ questions = {
+ "some_domain": {
"type": "domain",
}
- ]
+ }
answers = {"some_domain": main_domain}
@@ -1295,12 +1219,11 @@ def test_question_domain_two_domains():
other_domain = "some_other_domain.tld"
domains = [main_domain, other_domain]
- questions = [
- {
- "name": "some_domain",
+ questions = {
+ "some_domain": {
"type": "domain",
}
- ]
+ }
answers = {"some_domain": other_domain}
with patch.object(
@@ -1329,12 +1252,11 @@ def test_question_domain_two_domains_wrong_answer():
other_domain = "some_other_domain.tld"
domains = [main_domain, other_domain]
- questions = [
- {
- "name": "some_domain",
+ questions = {
+ "some_domain": {
"type": "domain",
}
- ]
+ }
answers = {"some_domain": "doesnt_exist.pouet"}
with patch.object(
@@ -1351,12 +1273,11 @@ def test_question_domain_two_domains_default_no_ask():
other_domain = "some_other_domain.tld"
domains = [main_domain, other_domain]
- questions = [
- {
- "name": "some_domain",
+ questions = {
+ "some_domain": {
"type": "domain",
}
- ]
+ }
answers = {}
with patch.object(
@@ -1378,7 +1299,7 @@ def test_question_domain_two_domains_default():
other_domain = "some_other_domain.tld"
domains = [main_domain, other_domain]
- questions = [{"name": "some_domain", "type": "domain", "ask": "choose a domain"}]
+ questions = {"some_domain": {"type": "domain", "ask": "choose a domain"}}
answers = {}
with patch.object(
@@ -1400,7 +1321,7 @@ def test_question_domain_two_domains_default_input():
other_domain = "some_other_domain.tld"
domains = [main_domain, other_domain]
- questions = [{"name": "some_domain", "type": "domain", "ask": "choose a domain"}]
+ questions = {"some_domain": {"type": "domain", "ask": "choose a domain"}}
answers = {}
with patch.object(
@@ -1436,12 +1357,11 @@ def test_question_user_empty():
}
}
- questions = [
- {
- "name": "some_user",
+ questions = {
+ "some_user": {
"type": "user",
}
- ]
+ }
answers = {}
with patch.object(user, "user_list", return_value={"users": users}):
@@ -1463,12 +1383,11 @@ def test_question_user():
}
}
- questions = [
- {
- "name": "some_user",
+ questions = {
+ "some_user": {
"type": "user",
}
- ]
+ }
answers = {"some_user": username}
with patch.object(user, "user_list", return_value={"users": users}), patch.object(
@@ -1501,12 +1420,11 @@ def test_question_user_two_users():
},
}
- questions = [
- {
- "name": "some_user",
+ questions = {
+ "some_user": {
"type": "user",
}
- ]
+ }
answers = {"some_user": other_user}
with patch.object(user, "user_list", return_value={"users": users}), patch.object(
@@ -1550,12 +1468,11 @@ def test_question_user_two_users_wrong_answer():
},
}
- questions = [
- {
- "name": "some_user",
+ questions = {
+ "some_user": {
"type": "user",
}
- ]
+ }
answers = {"some_user": "doesnt_exist.pouet"}
with patch.object(user, "user_list", return_value={"users": users}):
@@ -1585,7 +1502,7 @@ def test_question_user_two_users_no_default():
},
}
- questions = [{"name": "some_user", "type": "user", "ask": "choose a user"}]
+ questions = {"some_user": {"type": "user", "ask": "choose a user"}}
answers = {}
with patch.object(user, "user_list", return_value={"users": users}):
@@ -1615,7 +1532,7 @@ def test_question_user_two_users_default_input():
},
}
- questions = [{"name": "some_user", "type": "user", "ask": "choose a user"}]
+ questions = {"some_user": {"type": "user", "ask": "choose a user"}}
answers = {}
with patch.object(user, "user_list", return_value={"users": users}), patch.object(
@@ -1639,12 +1556,11 @@ def test_question_user_two_users_default_input():
def test_question_number():
- questions = [
- {
- "name": "some_number",
+ questions = {
+ "some_number": {
"type": "number",
}
- ]
+ }
answers = {"some_number": 1337}
out = ask_questions_and_parse_answers(questions, answers)[0]
@@ -1654,12 +1570,11 @@ def test_question_number():
def test_question_number_no_input():
- questions = [
- {
- "name": "some_number",
+ questions = {
+ "some_number": {
"type": "number",
}
- ]
+ }
answers = {}
with pytest.raises(YunohostError), patch.object(os, "isatty", return_value=False):
@@ -1667,12 +1582,11 @@ def test_question_number_no_input():
def test_question_number_bad_input():
- questions = [
- {
- "name": "some_number",
+ questions = {
+ "some_number": {
"type": "number",
}
- ]
+ }
answers = {"some_number": "stuff"}
with pytest.raises(YunohostError), patch.object(os, "isatty", return_value=False):
@@ -1684,13 +1598,12 @@ def test_question_number_bad_input():
def test_question_number_input():
- questions = [
- {
- "name": "some_number",
+ questions = {
+ "some_number": {
"type": "number",
"ask": "some question",
}
- ]
+ }
answers = {}
with patch.object(Moulinette, "prompt", return_value="1337"), patch.object(
@@ -1722,12 +1635,11 @@ def test_question_number_input():
def test_question_number_input_no_ask():
- questions = [
- {
- "name": "some_number",
+ questions = {
+ "some_number": {
"type": "number",
}
- ]
+ }
answers = {}
with patch.object(Moulinette, "prompt", return_value="1337"), patch.object(
@@ -1741,13 +1653,12 @@ def test_question_number_input_no_ask():
def test_question_number_no_input_optional():
- questions = [
- {
- "name": "some_number",
+ questions = {
+ "some_number": {
"type": "number",
"optional": True,
}
- ]
+ }
answers = {}
with patch.object(os, "isatty", return_value=False):
out = ask_questions_and_parse_answers(questions, answers)[0]
@@ -1758,14 +1669,13 @@ def test_question_number_no_input_optional():
def test_question_number_optional_with_input():
- questions = [
- {
- "name": "some_number",
+ questions = {
+ "some_number": {
"ask": "some question",
"type": "number",
"optional": True,
}
- ]
+ }
answers = {}
with patch.object(Moulinette, "prompt", return_value="1337"), patch.object(
@@ -1779,13 +1689,12 @@ def test_question_number_optional_with_input():
def test_question_number_optional_with_input_without_ask():
- questions = [
- {
- "name": "some_number",
+ questions = {
+ "some_number": {
"type": "number",
"optional": True,
}
- ]
+ }
answers = {}
with patch.object(Moulinette, "prompt", return_value="0"), patch.object(
@@ -1799,14 +1708,13 @@ def test_question_number_optional_with_input_without_ask():
def test_question_number_no_input_default():
- questions = [
- {
- "name": "some_number",
+ questions = {
+ "some_number": {
"ask": "some question",
"type": "number",
"default": 1337,
}
- ]
+ }
answers = {}
with patch.object(os, "isatty", return_value=False):
out = ask_questions_and_parse_answers(questions, answers)[0]
@@ -1817,14 +1725,13 @@ def test_question_number_no_input_default():
def test_question_number_bad_default():
- questions = [
- {
- "name": "some_number",
+ questions = {
+ "some_number": {
"ask": "some question",
"type": "number",
"default": "bad default",
}
- ]
+ }
answers = {}
with pytest.raises(YunohostError), patch.object(os, "isatty", return_value=False):
ask_questions_and_parse_answers(questions, answers)
@@ -1832,13 +1739,12 @@ def test_question_number_bad_default():
def test_question_number_input_test_ask():
ask_text = "some question"
- questions = [
- {
- "name": "some_number",
+ questions = {
+ "some_number": {
"type": "number",
"ask": ask_text,
}
- ]
+ }
answers = {}
with patch.object(
@@ -1859,14 +1765,13 @@ def test_question_number_input_test_ask():
def test_question_number_input_test_ask_with_default():
ask_text = "some question"
default_value = 1337
- questions = [
- {
- "name": "some_number",
+ questions = {
+ "some_number": {
"type": "number",
"ask": ask_text,
"default": default_value,
}
- ]
+ }
answers = {}
with patch.object(
@@ -1888,14 +1793,13 @@ def test_question_number_input_test_ask_with_default():
def test_question_number_input_test_ask_with_example():
ask_text = "some question"
example_value = 1337
- questions = [
- {
- "name": "some_number",
+ questions = {
+ "some_number": {
"type": "number",
"ask": ask_text,
"example": example_value,
}
- ]
+ }
answers = {}
with patch.object(
@@ -1910,14 +1814,13 @@ def test_question_number_input_test_ask_with_example():
def test_question_number_input_test_ask_with_help():
ask_text = "some question"
help_value = 1337
- questions = [
- {
- "name": "some_number",
+ questions = {
+ "some_number": {
"type": "number",
"ask": ask_text,
"help": help_value,
}
- ]
+ }
answers = {}
with patch.object(
@@ -1929,7 +1832,7 @@ def test_question_number_input_test_ask_with_help():
def test_question_display_text():
- questions = [{"name": "some_app", "type": "display_text", "ask": "foobar"}]
+ questions = {"some_app": {"type": "display_text", "ask": "foobar"}}
answers = {}
with patch.object(sys, "stdout", new_callable=StringIO) as stdout, patch.object(
@@ -1947,12 +1850,11 @@ def test_question_file_from_cli():
os.system(f"rm -f {filename}")
os.system(f"echo helloworld > {filename}")
- questions = [
- {
- "name": "some_file",
+ questions = {
+ "some_file": {
"type": "file",
}
- ]
+ }
answers = {"some_file": filename}
out = ask_questions_and_parse_answers(questions, answers)[0]
@@ -1978,12 +1880,11 @@ def test_question_file_from_api():
from base64 import b64encode
b64content = b64encode(b"helloworld")
- questions = [
- {
- "name": "some_file",
+ questions = {
+ "some_file": {
"type": "file",
}
- ]
+ }
answers = {"some_file": b64content}
interface_type_bkp = Moulinette.interface.type
diff --git a/src/tests/test_settings.py b/src/tests/test_settings.py
index 1a9063e56..2eaebba55 100644
--- a/src/tests/test_settings.py
+++ b/src/tests/test_settings.py
@@ -1,179 +1,231 @@
import os
-import json
-import glob
import pytest
+import yaml
+from mock import patch
-from yunohost.utils.error import YunohostError
-
-import yunohost.settings as settings
+import moulinette
+from yunohost.utils.error import YunohostError, YunohostValidationError
from yunohost.settings import (
settings_get,
settings_list,
- _get_settings,
settings_set,
settings_reset,
settings_reset_all,
- SETTINGS_PATH_OTHER_LOCATION,
SETTINGS_PATH,
- DEFAULTS,
)
-DEFAULTS["example.bool"] = {"type": "bool", "default": True}
-DEFAULTS["example.int"] = {"type": "int", "default": 42}
-DEFAULTS["example.string"] = {"type": "string", "default": "yolo swag"}
-DEFAULTS["example.enum"] = {"type": "enum", "default": "a", "choices": ["a", "b", "c"]}
+EXAMPLE_SETTINGS = """
+[example]
+ [example.example]
+ [example.example.boolean]
+ type = "boolean"
+ yes = "True"
+ no = "False"
+ default = "True"
+
+ [example.example.number]
+ type = "number"
+ default = 42
+
+ [example.example.string]
+ type = "string"
+ default = "yolo swag"
+
+ [example.example.select]
+ type = "select"
+ choices = ["a", "b", "c"]
+ default = "a"
+"""
def setup_function(function):
- os.system("mv /etc/yunohost/settings.json /etc/yunohost/settings.json.saved")
+ # Backup settings
+ if os.path.exists(SETTINGS_PATH):
+ os.system(f"mv {SETTINGS_PATH} {SETTINGS_PATH}.saved")
+ # Add example settings to config panel
+ os.system(
+ "cp /usr/share/yunohost/config_global.toml /usr/share/yunohost/config_global.toml.saved"
+ )
+ with open("/usr/share/yunohost/config_global.toml", "a") as file:
+ file.write(EXAMPLE_SETTINGS)
def teardown_function(function):
- os.system("mv /etc/yunohost/settings.json.saved /etc/yunohost/settings.json")
- for filename in glob.glob("/etc/yunohost/settings-*.json"):
- os.remove(filename)
+ if os.path.exists("/etc/yunohost/settings.yml.saved"):
+ os.system(f"mv {SETTINGS_PATH}.saved {SETTINGS_PATH}")
+ elif os.path.exists(SETTINGS_PATH):
+ os.remove(SETTINGS_PATH)
+ os.system(
+ "mv /usr/share/yunohost/config_global.toml.saved /usr/share/yunohost/config_global.toml"
+ )
-def monkey_get_setting_description(key):
- return "Dummy %s setting" % key.split(".")[-1]
+old_translate = moulinette.core.Translator.translate
-settings._get_setting_description = monkey_get_setting_description
+def _monkeypatch_translator(self, key, *args, **kwargs):
+
+ if key.startswith("global_settings_setting_"):
+ return f"Dummy translation for {key}"
+
+ return old_translate(self, key, *args, **kwargs)
+
+
+moulinette.core.Translator.translate = _monkeypatch_translator
+
+
+def _get_settings():
+ return yaml.load(open(SETTINGS_PATH, "r"))
def test_settings_get_bool():
- assert settings_get("example.bool")
+ assert settings_get("example.example.boolean")
-def test_settings_get_full_bool():
- assert settings_get("example.bool", True) == {
- "type": "bool",
- "value": True,
- "default": True,
- "description": "Dummy bool setting",
- }
+# FIXME : Testing this doesn't make sense ? This should be tested in test_config.py ?
+# def test_settings_get_full_bool():
+# assert settings_get("example.example.boolean", True) == {'version': '1.0',
+# 'i18n': 'global_settings_setting',
+# 'panels': [{'services': [],
+# 'actions': {'apply': {'en': 'Apply'}},
+# 'sections': [{'name': '',
+# 'services': [],
+# 'optional': True,
+# 'options': [{'type': 'boolean',
+# 'yes': 'True',
+# 'no': 'False',
+# 'default': 'True',
+# 'id': 'boolean',
+# 'name': 'boolean',
+# 'optional': True,
+# 'current_value': 'True',
+# 'ask': 'global_settings_setting_boolean',
+# 'choices': []}],
+# 'id': 'example'}],
+# 'id': 'example',
+# 'name': {'en': 'Example'}}]}
def test_settings_get_int():
- assert settings_get("example.int") == 42
+ assert settings_get("example.example.number") == 42
-def test_settings_get_full_int():
- assert settings_get("example.int", True) == {
- "type": "int",
- "value": 42,
- "default": 42,
- "description": "Dummy int setting",
- }
+# def test_settings_get_full_int():
+# assert settings_get("example.int", True) == {
+# "type": "int",
+# "value": 42,
+# "default": 42,
+# "description": "Dummy int setting",
+# }
def test_settings_get_string():
- assert settings_get("example.string") == "yolo swag"
+ assert settings_get("example.example.string") == "yolo swag"
-def test_settings_get_full_string():
- assert settings_get("example.string", True) == {
- "type": "string",
- "value": "yolo swag",
- "default": "yolo swag",
- "description": "Dummy string setting",
- }
+# def test_settings_get_full_string():
+# assert settings_get("example.example.string", True) == {
+# "type": "string",
+# "value": "yolo swag",
+# "default": "yolo swag",
+# "description": "Dummy string setting",
+# }
-def test_settings_get_enum():
- assert settings_get("example.enum") == "a"
+def test_settings_get_select():
+ assert settings_get("example.example.select") == "a"
-def test_settings_get_full_enum():
- assert settings_get("example.enum", True) == {
- "type": "enum",
- "value": "a",
- "default": "a",
- "description": "Dummy enum setting",
- "choices": ["a", "b", "c"],
- }
+# def test_settings_get_full_select():
+# option = settings_get("example.example.select", full=True).get('panels')[0].get('sections')[0].get('options')[0]
+# assert option.get('choices') == ["a", "b", "c"]
def test_settings_get_doesnt_exists():
- with pytest.raises(YunohostError):
+ with pytest.raises(YunohostValidationError):
settings_get("doesnt.exists")
-def test_settings_list():
- assert settings_list() == _get_settings()
+# def test_settings_list():
+# assert settings_list() == _get_settings()
def test_settings_set():
- settings_set("example.bool", False)
- assert settings_get("example.bool") is False
+ settings_set("example.example.boolean", False)
+ assert settings_get("example.example.boolean") == 0
- settings_set("example.bool", "on")
- assert settings_get("example.bool") is True
+ settings_set("example.example.boolean", "on")
+ assert settings_get("example.example.boolean") == 1
def test_settings_set_int():
- settings_set("example.int", 21)
- assert settings_get("example.int") == 21
+ settings_set("example.example.number", 21)
+ assert settings_get("example.example.number") == 21
-def test_settings_set_enum():
- settings_set("example.enum", "c")
- assert settings_get("example.enum") == "c"
+def test_settings_set_select():
+ settings_set("example.example.select", "c")
+ assert settings_get("example.example.select") == "c"
def test_settings_set_doesexit():
- with pytest.raises(YunohostError):
+ with pytest.raises(YunohostValidationError):
settings_set("doesnt.exist", True)
def test_settings_set_bad_type_bool():
- with pytest.raises(YunohostError):
- settings_set("example.bool", 42)
- with pytest.raises(YunohostError):
- settings_set("example.bool", "pouet")
+
+ with patch.object(os, "isatty", return_value=False):
+ with pytest.raises(YunohostError):
+ settings_set("example.example.boolean", 42)
+ with pytest.raises(YunohostError):
+ settings_set("example.example.boolean", "pouet")
def test_settings_set_bad_type_int():
- with pytest.raises(YunohostError):
- settings_set("example.int", True)
- with pytest.raises(YunohostError):
- settings_set("example.int", "pouet")
+ # with pytest.raises(YunohostError):
+ # settings_set("example.example.number", True)
+ with patch.object(os, "isatty", return_value=False):
+ with pytest.raises(YunohostError):
+ settings_set("example.example.number", "pouet")
-def test_settings_set_bad_type_string():
- with pytest.raises(YunohostError):
- settings_set("example.string", True)
- with pytest.raises(YunohostError):
- settings_set("example.string", 42)
+# def test_settings_set_bad_type_string():
+# with pytest.raises(YunohostError):
+# settings_set(eexample.example.string", True)
+# with pytest.raises(YunohostError):
+# settings_set("example.example.string", 42)
-def test_settings_set_bad_value_enum():
- with pytest.raises(YunohostError):
- settings_set("example.enum", True)
- with pytest.raises(YunohostError):
- settings_set("example.enum", "e")
- with pytest.raises(YunohostError):
- settings_set("example.enum", 42)
- with pytest.raises(YunohostError):
- settings_set("example.enum", "pouet")
+def test_settings_set_bad_value_select():
+ with patch.object(os, "isatty", return_value=False):
+ with pytest.raises(YunohostError):
+ settings_set("example.example.select", True)
+ with pytest.raises(YunohostError):
+ settings_set("example.example.select", "e")
+ with pytest.raises(YunohostError):
+ settings_set("example.example.select", 42)
+ with pytest.raises(YunohostError):
+ settings_set("example.example.select", "pouet")
def test_settings_list_modified():
- settings_set("example.int", 21)
- assert settings_list()["example.int"] == {
- "default": 42,
- "description": "Dummy int setting",
- "type": "int",
- "value": 21,
- }
+ settings_set("example.example.number", 21)
+ assert int(settings_list()["example.example.number"]["value"]) == 21
def test_reset():
- settings_set("example.int", 21)
- assert settings_get("example.int") == 21
- settings_reset("example.int")
- assert settings_get("example.int") == settings_get("example.int", True)["default"]
+ option = (
+ settings_get("example.example.number", full=True)
+ .get("panels")[0]
+ .get("sections")[0]
+ .get("options")[0]
+ )
+ settings_set("example.example.number", 21)
+ assert settings_get("example.example.number") == 21
+ settings_reset("example.example.number")
+ assert settings_get("example.example.number") == option["default"]
def test_settings_reset_doesexit():
@@ -183,10 +235,10 @@ def test_settings_reset_doesexit():
def test_reset_all():
settings_before = settings_list()
- settings_set("example.bool", False)
- settings_set("example.int", 21)
- settings_set("example.string", "pif paf pouf")
- settings_set("example.enum", "c")
+ settings_set("example.example.boolean", False)
+ settings_set("example.example.number", 21)
+ settings_set("example.example.string", "pif paf pouf")
+ settings_set("example.example.select", "c")
assert settings_before != settings_list()
settings_reset_all()
if settings_before != settings_list():
@@ -194,30 +246,30 @@ def test_reset_all():
assert settings_before[i] == settings_list()[i]
-def test_reset_all_backup():
- settings_before = settings_list()
- settings_set("example.bool", False)
- settings_set("example.int", 21)
- settings_set("example.string", "pif paf pouf")
- settings_set("example.enum", "c")
- settings_after_modification = settings_list()
- assert settings_before != settings_after_modification
- old_settings_backup_path = settings_reset_all()["old_settings_backup_path"]
-
- for i in settings_after_modification:
- del settings_after_modification[i]["description"]
-
- assert settings_after_modification == json.load(open(old_settings_backup_path, "r"))
+# def test_reset_all_backup():
+# settings_before = settings_list()
+# settings_set("example.bool", False)
+# settings_set("example.int", 21)
+# settings_set("example.string", "pif paf pouf")
+# settings_set("example.select", "c")
+# settings_after_modification = settings_list()
+# assert settings_before != settings_after_modification
+# old_settings_backup_path = settings_reset_all()["old_settings_backup_path"]
+#
+# for i in settings_after_modification:
+# del settings_after_modification[i]["description"]
+#
+# assert settings_after_modification == json.load(open(old_settings_backup_path, "r"))
-def test_unknown_keys():
- unknown_settings_path = SETTINGS_PATH_OTHER_LOCATION % "unknown"
- unknown_setting = {
- "unkown_key": {"value": 42, "default": 31, "type": "int"},
- }
- open(SETTINGS_PATH, "w").write(json.dumps(unknown_setting))
-
- # stimulate a write
- settings_reset_all()
-
- assert unknown_setting == json.load(open(unknown_settings_path, "r"))
+# def test_unknown_keys():
+# unknown_settings_path = SETTINGS_PATH_OTHER_LOCATION % "unknown"
+# unknown_setting = {
+# "unkown_key": {"value": 42, "default": 31, "type": "int"},
+# }
+# open(SETTINGS_PATH, "w").write(json.dumps(unknown_setting))
+#
+# # stimulate a write
+# settings_reset_all()
+#
+# assert unknown_setting == json.load(open(unknown_settings_path, "r"))
diff --git a/src/tests/test_user-group.py b/src/tests/test_user-group.py
index e561118e0..343431b69 100644
--- a/src/tests/test_user-group.py
+++ b/src/tests/test_user-group.py
@@ -11,7 +11,6 @@ from yunohost.user import (
user_import,
user_export,
FIELDS_FOR_IMPORT,
- FIRST_ALIASES,
user_group_list,
user_group_create,
user_group_delete,
@@ -29,7 +28,7 @@ def clean_user_groups():
user_delete(u, purge=True)
for g in user_group_list()["groups"]:
- if g not in ["all_users", "visitors"]:
+ if g not in ["all_users", "visitors", "admins"]:
user_group_delete(g)
@@ -39,9 +38,9 @@ def setup_function(function):
global maindomain
maindomain = _get_maindomain()
- user_create("alice", "Alice", "White", maindomain, "test123Ynh")
- user_create("bob", "Bob", "Snow", maindomain, "test123Ynh")
- user_create("jack", "Jack", "Black", maindomain, "test123Ynh")
+ user_create("alice", maindomain, "test123Ynh", admin=True, fullname="Alice White")
+ user_create("bob", maindomain, "test123Ynh", fullname="Bob Snow")
+ user_create("jack", maindomain, "test123Ynh", fullname="Jack Black")
user_group_create("dev")
user_group_create("apps")
@@ -80,6 +79,7 @@ def test_list_groups():
assert "alice" in res
assert "bob" in res
assert "jack" in res
+ assert "alice" in res["admins"]["members"]
for u in ["alice", "bob", "jack"]:
assert u in res
assert u in res[u]["members"]
@@ -94,7 +94,7 @@ def test_list_groups():
def test_create_user(mocker):
with message(mocker, "user_created"):
- user_create("albert", "Albert", "Good", maindomain, "test123Ynh")
+ user_create("albert", maindomain, "test123Ynh", fullname="Albert Good")
group_res = user_group_list()["groups"]
assert "albert" in user_list()["users"]
@@ -175,10 +175,9 @@ def test_import_user(mocker):
def test_export_user(mocker):
result = user_export()
- aliases = ",".join([alias + maindomain for alias in FIRST_ALIASES])
should_be = (
"username;firstname;lastname;password;mail;mail-alias;mail-forward;mailbox-quota;groups\r\n"
- f"alice;Alice;White;;alice@{maindomain};{aliases};;0;dev\r\n"
+ f"alice;Alice;White;;alice@{maindomain};;;0;admins,dev\r\n"
f"bob;Bob;Snow;;bob@{maindomain};;;0;apps\r\n"
f"jack;Jack;Black;;jack@{maindomain};;;0;"
)
@@ -212,17 +211,17 @@ def test_del_group(mocker):
def test_create_user_with_password_too_simple(mocker):
with raiseYunohostError(mocker, "password_listed"):
- user_create("other", "Alice", "White", maindomain, "12")
+ user_create("other", maindomain, "12", fullname="Alice White")
def test_create_user_already_exists(mocker):
with raiseYunohostError(mocker, "user_already_exists"):
- user_create("alice", "Alice", "White", maindomain, "test123Ynh")
+ user_create("alice", maindomain, "test123Ynh", fullname="Alice White")
def test_create_user_with_domain_that_doesnt_exists(mocker):
with raiseYunohostError(mocker, "domain_unknown"):
- user_create("alice", "Alice", "White", "doesnt.exists", "test123Ynh")
+ user_create("alice", "doesnt.exists", "test123Ynh", fullname="Alice White")
def test_update_user_with_mail_address_already_taken(mocker):
@@ -272,8 +271,13 @@ def test_update_user(mocker):
user_update("alice", firstname="NewName", lastname="NewLast")
info = user_info("alice")
- assert info["firstname"] == "NewName"
- assert info["lastname"] == "NewLast"
+ assert info["fullname"] == "NewName NewLast"
+
+ with message(mocker, "user_updated"):
+ user_update("alice", fullname="New2Name New2Last")
+
+ info = user_info("alice")
+ assert info["fullname"] == "New2Name New2Last"
def test_update_group_add_user(mocker):
diff --git a/src/tools.py b/src/tools.py
index 21262c64b..02b4f58d1 100644
--- a/src/tools.py
+++ b/src/tools.py
@@ -1,28 +1,21 @@
-# -*- coding: utf-8 -*-
-
-""" License
-
- Copyright (C) 2013 YunoHost
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program; if not, see http://www.gnu.org/licenses
-
-"""
-
-""" yunohost_tools.py
-
- Specific tools
-"""
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
import re
import os
import subprocess
@@ -34,9 +27,13 @@ from typing import List
from moulinette import Moulinette, m18n
from moulinette.utils.log import getActionLogger
from moulinette.utils.process import call_async_output
-from moulinette.utils.filesystem import read_yaml, write_to_yaml, cp, mkdir, rm
+from moulinette.utils.filesystem import read_yaml, write_to_yaml, cp, mkdir, rm, chown
-from yunohost.app import app_upgrade, app_list
+from yunohost.app import (
+ app_upgrade,
+ app_list,
+ _list_upgradable_apps,
+)
from yunohost.app_catalog import (
_initialize_apps_catalog_system,
_update_apps_catalog,
@@ -45,10 +42,12 @@ from yunohost.domain import domain_add
from yunohost.firewall import firewall_upnp
from yunohost.service import service_start, service_enable
from yunohost.regenconf import regen_conf
-from yunohost.utils.packages import (
+from yunohost.utils.system import (
_dump_sources_list,
_list_upgradable_apt_packages,
ynh_packages_version,
+ dpkg_is_broken,
+ dpkg_lock_available,
)
from yunohost.utils.error import YunohostError, YunohostValidationError
from yunohost.log import is_unit_operation, OperationLogger
@@ -62,63 +61,42 @@ def tools_versions():
return ynh_packages_version()
-def tools_adminpw(new_password, check_strength=True):
- """
- Change admin password
+def tools_rootpw(new_password, check_strength=True):
- Keyword argument:
- new_password
-
- """
from yunohost.user import _hash_user_password
- from yunohost.utils.password import assert_password_is_strong_enough
+ from yunohost.utils.password import (
+ assert_password_is_strong_enough,
+ assert_password_is_compatible,
+ )
import spwd
+ assert_password_is_compatible(new_password)
if check_strength:
assert_password_is_strong_enough("admin", new_password)
- # UNIX seems to not like password longer than 127 chars ...
- # e.g. SSH login gets broken (or even 'su admin' when entering the password)
- if len(new_password) >= 127:
- raise YunohostValidationError("admin_password_too_long")
-
new_hash = _hash_user_password(new_password)
- from yunohost.utils.ldap import _get_ldap_interface
-
- ldap = _get_ldap_interface()
-
+ # Write as root password
try:
- ldap.update(
- "cn=admin",
- {"userPassword": [new_hash]},
- )
- except Exception as e:
- logger.error(f"unable to change admin password : {e}")
- raise YunohostError("admin_password_change_failed")
- else:
- # Write as root password
- try:
- hash_root = spwd.getspnam("root").sp_pwd
+ hash_root = spwd.getspnam("root").sp_pwd
- with open("/etc/shadow", "r") as before_file:
- before = before_file.read()
+ with open("/etc/shadow", "r") as before_file:
+ before = before_file.read()
- with open("/etc/shadow", "w") as after_file:
- after_file.write(
- before.replace(
- "root:" + hash_root, "root:" + new_hash.replace("{CRYPT}", "")
- )
+ with open("/etc/shadow", "w") as after_file:
+ after_file.write(
+ before.replace(
+ "root:" + hash_root, "root:" + new_hash.replace("{CRYPT}", "")
)
- # An IOError may be thrown if for some reason we can't read/write /etc/passwd
- # A KeyError could also be thrown if 'root' is not in /etc/passwd in the first place (for example because no password defined ?)
- # (c.f. the line about getspnam)
- except (IOError, KeyError):
- logger.warning(m18n.n("root_password_desynchronized"))
- return
-
- logger.info(m18n.n("root_password_replaced_by_admin_password"))
- logger.success(m18n.n("admin_password_changed"))
+ )
+ # An IOError may be thrown if for some reason we can't read/write /etc/passwd
+ # A KeyError could also be thrown if 'root' is not in /etc/passwd in the first place (for example because no password defined ?)
+ # (c.f. the line about getspnam)
+ except (IOError, KeyError):
+ logger.warning(m18n.n("root_password_desynchronized"))
+ return
+ else:
+ logger.info(m18n.n("root_password_changed"))
def tools_maindomain(new_main_domain=None):
@@ -166,44 +144,26 @@ def _set_hostname(hostname, pretty_hostname=None):
logger.debug(out)
-def _detect_virt():
- """
- Returns the output of systemd-detect-virt (so e.g. 'none' or 'lxc' or ...)
- You can check the man of the command to have a list of possible outputs...
- """
-
- p = subprocess.Popen(
- "systemd-detect-virt".split(), stdout=subprocess.PIPE, stderr=subprocess.STDOUT
- )
-
- out, _ = p.communicate()
- return out.split()[0]
-
-
@is_unit_operation(exclude=["dyndns_password_recovery", "password"])
def tools_postinstall(
operation_logger,
domain,
+ username,
+ fullname,
password,
dyndns_password_recovery=None,
no_subscribe=False,
- force_password=False,
force_diskspace=False,
):
- """
- YunoHost post-install
- Keyword argument:
- domain -- YunoHost main domain
- ignore_dyndns -- Do not subscribe domain to a DynDNS service (only
- needed for nohost.me, noho.st domains)
- password -- YunoHost admin password
-
- """
from yunohost.dyndns import _dyndns_available
from yunohost.utils.dns import is_yunohost_dyndns_domain
- from yunohost.utils.password import assert_password_is_strong_enough
+ from yunohost.utils.password import (
+ assert_password_is_strong_enough,
+ assert_password_is_compatible,
+ )
from yunohost.domain import domain_main_domain
+ from yunohost.user import user_create
import psutil
# Do some checks at first
@@ -217,7 +177,9 @@ def tools_postinstall(
)
# Check there's at least 10 GB on the rootfs...
- disk_partitions = sorted(psutil.disk_partitions(), key=lambda k: k.mountpoint)
+ disk_partitions = sorted(
+ psutil.disk_partitions(all=True), key=lambda k: k.mountpoint
+ )
main_disk_partitions = [d for d in disk_partitions if d.mountpoint in ["/", "/var"]]
main_space = sum(
psutil.disk_usage(d.mountpoint).total for d in main_disk_partitions
@@ -227,8 +189,8 @@ def tools_postinstall(
raise YunohostValidationError("postinstall_low_rootfsspace")
# Check password
- if not force_password:
- assert_password_is_strong_enough("admin", password)
+ assert_password_is_compatible(password)
+ assert_password_is_strong_enough("admin", password)
# If this is a nohost.me/noho.st, actually check for availability
if is_yunohost_dyndns_domain(domain):
@@ -260,8 +222,10 @@ def tools_postinstall(
domain_add(domain, dyndns_password_recovery=dyndns_password_recovery, no_subscribe=no_subscribe)
domain_main_domain(domain)
+ user_create(username, domain, password, admin=True, fullname=fullname)
+
# Update LDAP admin and create home dir
- tools_adminpw(password, check_strength=not force_password)
+ tools_rootpw(password)
# Enable UPnP silently and reload firewall
firewall_upnp("enable", no_refresh=True)
@@ -311,6 +275,18 @@ def tools_postinstall(
def tools_regen_conf(
names=[], with_diff=False, force=False, dry_run=False, list_pending=False
):
+
+ # Make sure the settings are migrated before running the migration,
+ # which may otherwise fuck things up such as the ssh config ...
+ # We do this here because the regen-conf is called before the migration in debian/postinst
+ if os.path.exists("/etc/yunohost/settings.json") and not os.path.exists(
+ "/etc/yunohost/settings.yml"
+ ):
+ try:
+ tools_migrations_run(["0025_global_settings_to_configpanel"])
+ except Exception as e:
+ logger.error(e)
+
return regen_conf(names, with_diff, force, dry_run, list_pending)
@@ -333,7 +309,9 @@ def tools_update(target=None):
# Update APT cache
# LC_ALL=C is here to make sure the results are in english
- command = "LC_ALL=C apt-get update -o Acquire::Retries=3"
+ command = (
+ "LC_ALL=C apt-get update -o Acquire::Retries=3 --allow-releaseinfo-change"
+ )
# Filter boring message about "apt not having a stable CLI interface"
# Also keep track of wether or not we encountered a warning...
@@ -383,12 +361,34 @@ def tools_update(target=None):
except YunohostError as e:
logger.error(str(e))
- upgradable_apps = list(app_list(upgradable=True)["apps"])
+ upgradable_apps = _list_upgradable_apps()
if len(upgradable_apps) == 0 and len(upgradable_system_packages) == 0:
logger.info(m18n.n("already_up_to_date"))
- return {"system": upgradable_system_packages, "apps": upgradable_apps}
+ important_yunohost_upgrade = False
+ if upgradable_system_packages and any(
+ p["name"] == "yunohost" for p in upgradable_system_packages
+ ):
+ yunohost = [p for p in upgradable_system_packages if p["name"] == "yunohost"][0]
+ current_version = yunohost["current_version"].split(".")[:2]
+ new_version = yunohost["new_version"].split(".")[:2]
+ important_yunohost_upgrade = current_version != new_version
+
+ # Wrapping this in a try/except just in case for some reason we can't load
+ # the migrations, which would result in the update/upgrade process being blocked...
+ try:
+ pending_migrations = tools_migrations_list(pending=True)["migrations"]
+ except Exception as e:
+ logger.error(e)
+ pending_migrations = []
+
+ return {
+ "system": upgradable_system_packages,
+ "apps": upgradable_apps,
+ "important_yunohost_upgrade": important_yunohost_upgrade,
+ "pending_migrations": pending_migrations,
+ }
@is_unit_operation()
@@ -400,13 +400,12 @@ def tools_upgrade(operation_logger, target=None):
apps -- List of apps to upgrade (or [] to update all apps)
system -- True to upgrade system
"""
- from yunohost.utils import packages
- if packages.dpkg_is_broken():
+ if dpkg_is_broken():
raise YunohostValidationError("dpkg_is_broken")
# Check for obvious conflict with other dpkg/apt commands already running in parallel
- if not packages.dpkg_lock_available():
+ if not dpkg_lock_available():
raise YunohostValidationError("dpkg_lock_not_available")
if target not in ["apps", "system"]:
@@ -488,7 +487,10 @@ def tools_upgrade(operation_logger, target=None):
returncode = call_async_output(dist_upgrade, callbacks, shell=True)
# If yunohost is being upgraded from the webadmin
- if "yunohost" in upgradables and Moulinette.interface.type == "api":
+ if (
+ any(p["name"] == "yunohost" for p in upgradables)
+ and Moulinette.interface.type == "api"
+ ):
# Restart the API after 10 sec (at now doesn't support sub-minute times...)
# We do this so that the API / webadmin still gets the proper HTTP response
@@ -530,6 +532,8 @@ def _apt_log_line_is_relevant(line):
"==> Keeping old config file as default.",
"is a disabled or a static unit",
" update-rc.d: warning: start and stop actions are no longer supported; falling back to defaults",
+ "insserv: warning: current stop runlevel",
+ "insserv: warning: current start runlevel",
]
return line.rstrip() and all(i not in line.rstrip() for i in irrelevants)
@@ -972,7 +976,7 @@ class Migration:
def description(self):
return m18n.n(f"migration_description_{self.id}")
- def ldap_migration(self, run):
+ def ldap_migration(run):
def func(self):
# Backup LDAP before the migration
@@ -1000,22 +1004,28 @@ class Migration:
try:
run(self, backup_folder)
except Exception:
- logger.warning(
- m18n.n("migration_ldap_migration_failed_trying_to_rollback")
- )
- os.system("systemctl stop slapd")
- # To be sure that we don't keep some part of the old config
- rm("/etc/ldap/slapd.d", force=True, recursive=True)
- cp(f"{backup_folder}/ldap_config", "/etc/ldap", recursive=True)
- cp(f"{backup_folder}/ldap_db", "/var/lib/ldap", recursive=True)
- cp(
- f"{backup_folder}/apps_settings",
- "/etc/yunohost/apps",
- recursive=True,
- )
- os.system("systemctl start slapd")
- rm(backup_folder, force=True, recursive=True)
- logger.info(m18n.n("migration_ldap_rollback_success"))
+ if self.ldap_migration_started:
+ logger.warning(
+ m18n.n("migration_ldap_migration_failed_trying_to_rollback")
+ )
+ os.system("systemctl stop slapd")
+ # To be sure that we don't keep some part of the old config
+ rm("/etc/ldap", force=True, recursive=True)
+ cp(f"{backup_folder}/ldap_config", "/etc/ldap", recursive=True)
+ chown("/etc/ldap/schema/", "openldap", "openldap", recursive=True)
+ chown("/etc/ldap/slapd.d/", "openldap", "openldap", recursive=True)
+ rm("/var/lib/ldap", force=True, recursive=True)
+ cp(f"{backup_folder}/ldap_db", "/var/lib/ldap", recursive=True)
+ rm("/etc/yunohost/apps", force=True, recursive=True)
+ chown("/var/lib/ldap/", "openldap", recursive=True)
+ cp(
+ f"{backup_folder}/apps_settings",
+ "/etc/yunohost/apps",
+ recursive=True,
+ )
+ os.system("systemctl start slapd")
+ rm(backup_folder, force=True, recursive=True)
+ logger.info(m18n.n("migration_ldap_rollback_success"))
raise
else:
rm(backup_folder, force=True, recursive=True)
diff --git a/src/user.py b/src/user.py
index 7d023fd83..deaebba5b 100644
--- a/src/user.py
+++ b/src/user.py
@@ -1,28 +1,21 @@
-# -*- coding: utf-8 -*-
-
-""" License
-
- Copyright (C) 2014 YUNOHOST.ORG
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program; if not, see http://www.gnu.org/licenses
-
-"""
-
-""" yunohost_user.py
-
- Manage users
-"""
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
import os
import re
import pwd
@@ -40,6 +33,7 @@ from moulinette.utils.process import check_output
from yunohost.utils.error import YunohostError, YunohostValidationError
from yunohost.service import service_status
from yunohost.log import is_unit_operation
+from yunohost.utils.system import binary_to_human
logger = getActionLogger("yunohost.user")
@@ -55,7 +49,7 @@ FIELDS_FOR_IMPORT = {
"groups": r"^|([a-z0-9_]+(,?[a-z0-9_]+)*)$",
}
-FIRST_ALIASES = ["root@", "admin@", "webmaster@", "postmaster@", "abuse@"]
+ADMIN_ALIASES = ["root", "admin", "admins", "webmaster", "postmaster", "abuse"]
def user_list(fields=None):
@@ -133,21 +127,48 @@ def user_list(fields=None):
def user_create(
operation_logger,
username,
- firstname,
- lastname,
domain,
password,
+ fullname=None,
+ firstname=None,
+ lastname=None,
mailbox_quota="0",
+ admin=False,
from_import=False,
):
+ if firstname or lastname:
+ logger.warning(
+ "Options --firstname / --lastname of 'yunohost user create' are deprecated. We recommend using --fullname instead."
+ )
+
+ if not fullname or not fullname.strip():
+ if not firstname.strip():
+ raise YunohostValidationError(
+ "You should specify the fullname of the user using option -F"
+ )
+ lastname = (
+ lastname or " "
+ ) # Stupid hack because LDAP requires the sn/lastname attr, but it accepts a single whitespace...
+ fullname = f"{firstname} {lastname}".strip()
+ else:
+ fullname = fullname.strip()
+ firstname = fullname.split()[0]
+ lastname = (
+ " ".join(fullname.split()[1:]) or " "
+ ) # Stupid hack because LDAP requires the sn/lastname attr, but it accepts a single whitespace...
+
from yunohost.domain import domain_list, _get_maindomain, _assert_domain_exists
from yunohost.hook import hook_callback
- from yunohost.utils.password import assert_password_is_strong_enough
+ from yunohost.utils.password import (
+ assert_password_is_strong_enough,
+ assert_password_is_compatible,
+ )
from yunohost.utils.ldap import _get_ldap_interface
- # Ensure sufficiently complex password
- assert_password_is_strong_enough("user", password)
+ # Ensure compatibility and sufficiently complex password
+ assert_password_is_compatible(password)
+ assert_password_is_strong_enough("admin" if admin else "user", password)
# Validate domain used for email address/xmpp account
if domain is None:
@@ -188,10 +209,7 @@ def user_create(
if username in all_existing_usernames:
raise YunohostValidationError("system_username_exists")
- main_domain = _get_maindomain()
- aliases = [alias + main_domain for alias in FIRST_ALIASES]
-
- if mail in aliases:
+ if mail.split("@")[0] in ADMIN_ALIASES:
raise YunohostValidationError("mail_unavailable")
if not from_import:
@@ -201,15 +219,17 @@ def user_create(
all_uid = {str(x.pw_uid) for x in pwd.getpwall()}
all_gid = {str(x.gr_gid) for x in grp.getgrall()}
+ # Prevent users from obtaining uid 1007 which is the uid of the legacy admin,
+ # and there could be a edge case where a new user becomes owner of an old, removed admin user
+ all_uid.add("1007")
+ all_gid.add("1007")
+
uid_guid_found = False
while not uid_guid_found:
# LXC uid number is limited to 65536 by default
uid = str(random.randint(1001, 65000))
uid_guid_found = uid not in all_uid and uid not in all_gid
- # Adapt values for LDAP
- fullname = f"{firstname} {lastname}"
-
attr_dict = {
"objectClass": [
"mailAccount",
@@ -232,10 +252,6 @@ def user_create(
"loginShell": ["/bin/bash"],
}
- # If it is the first user, add some aliases
- if not ldap.search(base="ou=users", filter="uid=*"):
- attr_dict["mail"] = [attr_dict["mail"]] + aliases
-
try:
ldap.add(f"uid={username},ou=users", attr_dict)
except Exception as e:
@@ -261,6 +277,8 @@ def user_create(
# Create group for user and add to group 'all_users'
user_group_create(groupname=username, gid=uid, primary_group=True, sync_perm=False)
user_group_update(groupname="all_users", add=username, force=True, sync_perm=True)
+ if admin:
+ user_group_update(groupname="admins", add=username, sync_perm=True)
# Trigger post_user_create hooks
env_dict = {
@@ -282,14 +300,7 @@ def user_create(
@is_unit_operation([("username", "user")])
def user_delete(operation_logger, username, purge=False, from_import=False):
- """
- Delete user
- Keyword argument:
- username -- Username to delete
- purge
-
- """
from yunohost.hook import hook_callback
from yunohost.utils.ldap import _get_ldap_interface
@@ -347,25 +358,27 @@ def user_update(
remove_mailalias=None,
mailbox_quota=None,
from_import=False,
+ fullname=None,
):
- """
- Update user informations
- Keyword argument:
- lastname
- mail
- firstname
- add_mailalias -- Mail aliases to add
- remove_mailforward -- Mailforward addresses to remove
- username -- Username of user to update
- add_mailforward -- Mailforward addresses to add
- change_password -- New password to set
- remove_mailalias -- Mail aliases to remove
+ if firstname or lastname:
+ logger.warning(
+ "Options --firstname / --lastname of 'yunohost user create' are deprecated. We recommend using --fullname instead."
+ )
- """
- from yunohost.domain import domain_list, _get_maindomain
+ if fullname and fullname.strip():
+ fullname = fullname.strip()
+ firstname = fullname.split()[0]
+ lastname = (
+ " ".join(fullname.split()[1:]) or " "
+ ) # Stupid hack because LDAP requires the sn/lastname attr, but it accepts a single whitespace...
+
+ from yunohost.domain import domain_list
from yunohost.app import app_ssowatconf
- from yunohost.utils.password import assert_password_is_strong_enough
+ from yunohost.utils.password import (
+ assert_password_is_strong_enough,
+ assert_password_is_compatible,
+ )
from yunohost.utils.ldap import _get_ldap_interface
from yunohost.hook import hook_callback
@@ -373,7 +386,7 @@ def user_update(
# Populate user informations
ldap = _get_ldap_interface()
- attrs_to_fetch = ["givenName", "sn", "mail", "maildrop"]
+ attrs_to_fetch = ["givenName", "sn", "mail", "maildrop", "memberOf"]
result = ldap.search(
base="ou=users",
filter="uid=" + username,
@@ -389,20 +402,20 @@ def user_update(
if firstname:
new_attr_dict["givenName"] = [firstname] # TODO: Validate
new_attr_dict["cn"] = new_attr_dict["displayName"] = [
- firstname + " " + user["sn"][0]
+ (firstname + " " + user["sn"][0]).strip()
]
env_dict["YNH_USER_FIRSTNAME"] = firstname
if lastname:
new_attr_dict["sn"] = [lastname] # TODO: Validate
new_attr_dict["cn"] = new_attr_dict["displayName"] = [
- user["givenName"][0] + " " + lastname
+ (user["givenName"][0] + " " + lastname).strip()
]
env_dict["YNH_USER_LASTNAME"] = lastname
if lastname and firstname:
new_attr_dict["cn"] = new_attr_dict["displayName"] = [
- firstname + " " + lastname
+ (firstname + " " + lastname).strip()
]
# change_password is None if user_update is not called to change the password
@@ -414,16 +427,18 @@ def user_update(
change_password = Moulinette.prompt(
m18n.n("ask_password"), is_password=True, confirm=True
)
- # Ensure sufficiently complex password
- assert_password_is_strong_enough("user", change_password)
+
+ # Ensure compatibility and sufficiently complex password
+ assert_password_is_compatible(change_password)
+ is_admin = "cn=admins,ou=groups,dc=yunohost,dc=org" in user["memberOf"]
+ assert_password_is_strong_enough(
+ "admin" if is_admin else "user", change_password
+ )
new_attr_dict["userPassword"] = [_hash_user_password(change_password)]
env_dict["YNH_USER_PASSWORD"] = change_password
if mail:
- main_domain = _get_maindomain()
- aliases = [alias + main_domain for alias in FIRST_ALIASES]
-
# If the requested mail address is already as main address or as an alias by this user
if mail in user["mail"]:
user["mail"].remove(mail)
@@ -437,7 +452,8 @@ def user_update(
raise YunohostError(
"mail_domain_unknown", domain=mail[mail.find("@") + 1 :]
)
- if mail in aliases:
+
+ if mail.split("@")[0] in ADMIN_ALIASES:
raise YunohostValidationError("mail_unavailable")
new_attr_dict["mail"] = [mail] + user["mail"][1:]
@@ -446,6 +462,9 @@ def user_update(
if not isinstance(add_mailalias, list):
add_mailalias = [add_mailalias]
for mail in add_mailalias:
+ if mail.split("@")[0] in ADMIN_ALIASES:
+ raise YunohostValidationError("mail_unavailable")
+
# (c.f. similar stuff as before)
if mail in user["mail"]:
user["mail"].remove(mail)
@@ -529,7 +548,7 @@ def user_info(username):
ldap = _get_ldap_interface()
- user_attrs = ["cn", "mail", "uid", "maildrop", "givenName", "sn", "mailuserquota"]
+ user_attrs = ["cn", "mail", "uid", "maildrop", "mailuserquota"]
if len(username.split("@")) == 2:
filter = "mail=" + username
@@ -546,8 +565,6 @@ def user_info(username):
result_dict = {
"username": user["uid"][0],
"fullname": user["cn"][0],
- "firstname": user["givenName"][0],
- "lastname": user["sn"][0],
"mail": user["mail"][0],
"mail-aliases": [],
"mail-forward": [],
@@ -588,7 +605,7 @@ def user_info(username):
if has_value:
storage_use = int(has_value.group(1))
- storage_use = _convertSize(storage_use)
+ storage_use = binary_to_human(storage_use)
if is_limited:
has_percent = re.search(r"%=(\d+)", cmd_result)
@@ -841,10 +858,9 @@ def user_import(operation_logger, csvfile, update=False, delete=False):
user_update(
new_infos["username"],
- new_infos["firstname"],
- new_infos["lastname"],
- new_infos["mail"],
- new_infos["password"],
+ firstname=new_infos["firstname"],
+ lastname=new_infos["lastname"],
+ change_password=new_infos["password"],
mailbox_quota=new_infos["mailbox-quota"],
mail=new_infos["mail"],
add_mailalias=new_infos["mail-alias"],
@@ -884,12 +900,12 @@ def user_import(operation_logger, csvfile, update=False, delete=False):
try:
user_create(
user["username"],
- user["firstname"],
- user["lastname"],
user["domain"],
user["password"],
user["mailbox-quota"],
from_import=True,
+ firstname=user["firstname"],
+ lastname=user["lastname"],
)
update(user)
result["created"] += 1
@@ -1062,7 +1078,7 @@ def user_group_delete(operation_logger, groupname, force=False, sync_perm=True):
#
# We also can't delete "all_users" because that's a special group...
existing_users = list(user_list()["users"].keys())
- undeletable_groups = existing_users + ["all_users", "visitors"]
+ undeletable_groups = existing_users + ["all_users", "visitors", "admins"]
if groupname in undeletable_groups and not force:
raise YunohostValidationError("group_cannot_be_deleted", group=groupname)
@@ -1088,22 +1104,15 @@ def user_group_update(
groupname,
add=None,
remove=None,
+ add_mailalias=None,
+ remove_mailalias=None,
force=False,
sync_perm=True,
from_import=False,
):
- """
- Update user informations
-
- Keyword argument:
- groupname -- Groupname to update
- add -- User(s) to add in group
- remove -- User(s) to remove in group
-
- """
from yunohost.permission import permission_sync_to_user
- from yunohost.utils.ldap import _get_ldap_interface
+ from yunohost.utils.ldap import _get_ldap_interface, _ldap_path_extract
existing_users = list(user_list()["users"].keys())
@@ -1120,54 +1129,133 @@ def user_group_update(
"group_cannot_edit_primary_group", group=groupname
)
+ ldap = _get_ldap_interface()
+
+ # Fetch info for this group
+ result = ldap.search(
+ "ou=groups",
+ "cn=" + groupname,
+ ["cn", "member", "permission", "mail", "objectClass"],
+ )
+
+ if not result:
+ raise YunohostValidationError("group_unknown", group=groupname)
+
+ group = result[0]
+
# We extract the uid for each member of the group to keep a simple flat list of members
- current_group = user_group_info(groupname)["members"]
- new_group = copy.copy(current_group)
+ current_group_mail = group.get("mail", [])
+ new_group_mail = copy.copy(current_group_mail)
+ current_group_members = [
+ _ldap_path_extract(p, "uid") for p in group.get("member", [])
+ ]
+ new_group_members = copy.copy(current_group_members)
+ new_attr_dict = {}
if add:
+
users_to_add = [add] if not isinstance(add, list) else add
for user in users_to_add:
if user not in existing_users:
raise YunohostValidationError("user_unknown", user=user)
- if user in current_group:
+ if user in current_group_members:
logger.warning(
m18n.n("group_user_already_in_group", user=user, group=groupname)
)
else:
operation_logger.related_to.append(("user", user))
- new_group += users_to_add
+ new_group_members += users_to_add
if remove:
users_to_remove = [remove] if not isinstance(remove, list) else remove
for user in users_to_remove:
- if user not in current_group:
+ if user not in current_group_members:
logger.warning(
m18n.n("group_user_not_in_group", user=user, group=groupname)
)
else:
operation_logger.related_to.append(("user", user))
- # Remove users_to_remove from new_group
- # Kinda like a new_group -= users_to_remove
- new_group = [u for u in new_group if u not in users_to_remove]
+ # Remove users_to_remove from new_group_members
+ # Kinda like a new_group_members -= users_to_remove
+ new_group_members = [u for u in new_group_members if u not in users_to_remove]
- new_group_dns = [
- "uid=" + user + ",ou=users,dc=yunohost,dc=org" for user in new_group
- ]
+ # If something changed, we add this to the stuff to commit later in the code
+ if set(new_group_members) != set(current_group_members):
+ new_group_members_dns = [
+ "uid=" + user + ",ou=users,dc=yunohost,dc=org" for user in new_group_members
+ ]
+ new_attr_dict["member"] = set(new_group_members_dns)
+ new_attr_dict["memberUid"] = set(new_group_members)
- if set(new_group) != set(current_group):
+ # Check the whole alias situation
+ if add_mailalias:
+
+ from yunohost.domain import domain_list
+
+ domains = domain_list()["domains"]
+
+ if not isinstance(add_mailalias, list):
+ add_mailalias = [add_mailalias]
+ for mail in add_mailalias:
+ if mail.split("@")[0] in ADMIN_ALIASES and groupname != "admins":
+ raise YunohostValidationError("mail_unavailable")
+ if mail in current_group_mail:
+ continue
+ try:
+ ldap.validate_uniqueness({"mail": mail})
+ except Exception as e:
+ raise YunohostError("group_update_failed", group=groupname, error=e)
+ if mail[mail.find("@") + 1 :] not in domains:
+ raise YunohostError(
+ "mail_domain_unknown", domain=mail[mail.find("@") + 1 :]
+ )
+ new_group_mail.append(mail)
+
+ if remove_mailalias:
+ from yunohost.domain import _get_maindomain
+
+ if not isinstance(remove_mailalias, list):
+ remove_mailalias = [remove_mailalias]
+ for mail in remove_mailalias:
+ if (
+ "@" in mail
+ and mail.split("@")[0] in ADMIN_ALIASES
+ and groupname == "admins"
+ and mail.split("@")[1] == _get_maindomain()
+ ):
+ raise YunohostValidationError(
+ f"The alias {mail} can not be removed from the 'admins' group",
+ raw_msg=True,
+ )
+ if mail in new_group_mail:
+ new_group_mail.remove(mail)
+ else:
+ raise YunohostValidationError("mail_alias_remove_failed", mail=mail)
+
+ if set(new_group_mail) != set(current_group_mail):
+
+ logger.info(m18n.n("group_update_aliases", group=groupname))
+ new_attr_dict["mail"] = set(new_group_mail)
+
+ if new_attr_dict["mail"] and "mailGroup" not in group["objectClass"]:
+ new_attr_dict["objectClass"] = group["objectClass"] + ["mailGroup"]
+ if not new_attr_dict["mail"] and "mailGroup" in group["objectClass"]:
+ new_attr_dict["objectClass"] = [
+ c
+ for c in group["objectClass"]
+ if c != "mailGroup" and c != "mailAccount"
+ ]
+
+ if new_attr_dict:
if not from_import:
operation_logger.start()
- ldap = _get_ldap_interface()
try:
- ldap.update(
- f"cn={groupname},ou=groups",
- {"member": set(new_group_dns), "memberUid": set(new_group)},
- )
+ ldap.update(f"cn={groupname},ou=groups", new_attr_dict)
except Exception as e:
raise YunohostError("group_update_failed", group=groupname, error=e)
@@ -1176,7 +1264,10 @@ def user_group_update(
if not from_import:
if groupname != "all_users":
- logger.success(m18n.n("group_updated", group=groupname))
+ if not new_attr_dict:
+ logger.info(m18n.n("group_no_change", group=groupname))
+ else:
+ logger.success(m18n.n("group_updated", group=groupname))
else:
logger.debug(m18n.n("group_updated", group=groupname))
@@ -1200,7 +1291,7 @@ def user_group_info(groupname):
result = ldap.search(
"ou=groups",
"cn=" + groupname,
- ["cn", "member", "permission"],
+ ["cn", "member", "permission", "mail"],
)
if not result:
@@ -1215,6 +1306,7 @@ def user_group_info(groupname):
"permissions": [
_ldap_path_extract(p, "cn") for p in infos.get("permission", [])
],
+ "mail-aliases": [m for m in infos.get("mail", [])],
}
@@ -1244,6 +1336,14 @@ def user_group_remove(groupname, usernames, force=False, sync_perm=True):
)
+def user_group_add_mailalias(groupname, aliases):
+ return user_group_update(groupname, add_mailalias=aliases, sync_perm=False)
+
+
+def user_group_remove_mailalias(groupname, aliases):
+ return user_group_update(groupname, remove_mailalias=aliases, sync_perm=False)
+
+
#
# Permission subcategory
#
@@ -1316,14 +1416,6 @@ def user_ssh_remove_key(username, key):
#
-def _convertSize(num, suffix=""):
- for unit in ["K", "M", "G", "T", "P", "E", "Z"]:
- if abs(num) < 1024.0:
- return "{:3.1f}{}{}".format(num, unit, suffix)
- num /= 1024.0
- return "{:.1f}{}{}".format(num, "Yi", suffix)
-
-
def _hash_user_password(password):
"""
This function computes and return a salted hash for the password in input.
@@ -1351,3 +1443,21 @@ def _hash_user_password(password):
salt = "$6$" + salt + "$"
return "{CRYPT}" + crypt.crypt(str(password), salt)
+
+
+def _update_admins_group_aliases(old_main_domain, new_main_domain):
+
+ current_admin_aliases = user_group_info("admins")["mail-aliases"]
+
+ aliases_to_remove = [
+ a
+ for a in current_admin_aliases
+ if "@" in a
+ and a.split("@")[1] == old_main_domain
+ and a.split("@")[0] in ADMIN_ALIASES
+ ]
+ aliases_to_add = [f"{a}@{new_main_domain}" for a in ADMIN_ALIASES]
+
+ user_group_update(
+ "admins", add_mailalias=aliases_to_add, remove_mailalias=aliases_to_remove
+ )
diff --git a/src/utils/__init__.py b/src/utils/__init__.py
index e69de29bb..5cad500fa 100644
--- a/src/utils/__init__.py
+++ b/src/utils/__init__.py
@@ -0,0 +1,18 @@
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
diff --git a/src/utils/config.py b/src/utils/config.py
index c8f997a74..27e4b9509 100644
--- a/src/utils/config.py
+++ b/src/utils/config.py
@@ -1,24 +1,21 @@
-# -*- coding: utf-8 -*-
-
-""" License
-
- Copyright (C) 2018 YUNOHOST.ORG
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program; if not, see http://www.gnu.org/licenses
-
-"""
-
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
import glob
import os
import re
@@ -267,13 +264,26 @@ class ConfigPanel:
# In 'classic' mode, we display the current value if key refer to an option
if self.filter_key.count(".") == 2 and mode == "classic":
+
option = self.filter_key.split(".")[-1]
- return self.values.get(option, None)
+ value = self.values.get(option, None)
+
+ option_type = None
+ for _, _, option_ in self._iterate():
+ if option_["id"] == option:
+ option_type = ARGUMENTS_TYPE_PARSERS[option_["type"]]
+ break
+
+ return option_type.normalize(value) if option_type else value
# Format result in 'classic' or 'export' mode
logger.debug(f"Formating result in '{mode}' mode")
result = {}
for panel, section, option in self._iterate():
+
+ if section["is_action_section"] and mode != "full":
+ continue
+
key = f"{panel['id']}.{section['id']}.{option['id']}"
if mode == "export":
result[option["id"]] = option.get("current_value")
@@ -312,6 +322,80 @@ class ConfigPanel:
else:
return result
+ def list_actions(self):
+
+ actions = {}
+
+ # FIXME : meh, loading the entire config panel is again going to cause
+ # stupid issues for domain (e.g loading registrar stuff when willing to just list available actions ...)
+ self.filter_key = ""
+ self._get_config_panel()
+ for panel, section, option in self._iterate():
+ if option["type"] == "button":
+ key = f"{panel['id']}.{section['id']}.{option['id']}"
+ actions[key] = _value_for_locale(option["ask"])
+
+ return actions
+
+ def run_action(self, action=None, args=None, args_file=None, operation_logger=None):
+ #
+ # FIXME : this stuff looks a lot like set() ...
+ #
+
+ self.filter_key = ".".join(action.split(".")[:2])
+ action_id = action.split(".")[2]
+
+ # Read config panel toml
+ self._get_config_panel()
+
+ # FIXME: should also check that there's indeed a key called action
+ if not self.config:
+ raise YunohostValidationError(f"No action named {action}", raw_msg=True)
+
+ # Import and parse pre-answered options
+ logger.debug("Import and parse pre-answered options")
+ self._parse_pre_answered(args, None, args_file)
+
+ # Read or get values and hydrate the config
+ self._load_current_values()
+ self._hydrate()
+ Question.operation_logger = operation_logger
+ self._ask(action=action_id)
+
+ # FIXME: here, we could want to check constrains on
+ # the action's visibility / requirements wrt to the answer to questions ...
+
+ if operation_logger:
+ operation_logger.start()
+
+ try:
+ self._run_action(action_id)
+ except YunohostError:
+ raise
+ # Script got manually interrupted ...
+ # N.B. : KeyboardInterrupt does not inherit from Exception
+ except (KeyboardInterrupt, EOFError):
+ error = m18n.n("operation_interrupted")
+ logger.error(m18n.n("config_action_failed", action=action, error=error))
+ raise
+ # Something wrong happened in Yunohost's code (most probably hook_exec)
+ except Exception:
+ import traceback
+
+ error = m18n.n("unexpected_error", error="\n" + traceback.format_exc())
+ logger.error(m18n.n("config_action_failed", action=action, error=error))
+ raise
+ finally:
+ # Delete files uploaded from API
+ # FIXME : this is currently done in the context of config panels,
+ # but could also happen in the context of app install ... (or anywhere else
+ # where we may parse args etc...)
+ FileQuestion.clean_upload_dirs()
+
+ # FIXME: i18n
+ logger.success(f"Action {action_id} successful")
+ operation_logger.success()
+
def set(
self, key=None, value=None, args=None, args_file=None, operation_logger=None
):
@@ -418,6 +502,7 @@ class ConfigPanel:
"name": "",
"services": [],
"optional": True,
+ "is_action_section": False,
},
},
"options": {
@@ -444,6 +529,9 @@ class ConfigPanel:
"accept",
"redact",
"filter",
+ "readonly",
+ "enabled",
+ # "confirm", # TODO: to ask confirmation before running an action
],
"defaults": {},
},
@@ -486,6 +574,9 @@ class ConfigPanel:
elif level == "sections":
subnode["name"] = key # legacy
subnode.setdefault("optional", raw_infos.get("optional", True))
+ # If this section contains at least one button, it becomes an "action" section
+ if subnode["type"] == "button":
+ out["is_action_section"] = True
out.setdefault(sublevel, []).append(subnode)
# Key/value are a property
else:
@@ -526,19 +617,39 @@ class ConfigPanel:
"max_progression",
]
forbidden_keywords += format_description["sections"]
+ forbidden_readonly_types = ["password", "app", "domain", "user", "file"]
for _, _, option in self._iterate():
if option["id"] in forbidden_keywords:
raise YunohostError("config_forbidden_keyword", keyword=option["id"])
+ if (
+ option.get("readonly", False)
+ and option.get("type", "string") in forbidden_readonly_types
+ ):
+ raise YunohostError(
+ "config_forbidden_readonly_type",
+ type=option["type"],
+ id=option["id"],
+ )
+
return self.config
def _hydrate(self):
# Hydrating config panel with current value
- logger.debug("Hydrating config with current values")
- for _, _, option in self._iterate():
+ for _, section, option in self._iterate():
if option["id"] not in self.values:
- allowed_empty_types = ["alert", "display_text", "markdown", "file"]
- if (
+
+ allowed_empty_types = [
+ "alert",
+ "display_text",
+ "markdown",
+ "file",
+ "button",
+ ]
+
+ if section["is_action_section"] and option.get("default") is not None:
+ self.values[option["id"]] = option["default"]
+ elif (
option["type"] in allowed_empty_types
or option.get("bind") == "null"
):
@@ -549,20 +660,39 @@ class ConfigPanel:
raw_msg=True,
)
value = self.values[option["name"]]
+
+ # Allow to use value instead of current_value in app config script.
+ # e.g. apps may write `echo 'value: "foobar"'` in the config file (which is more intuitive that `echo 'current_value: "foobar"'`
+ # For example hotspot used it...
+ # See https://github.com/YunoHost/yunohost/pull/1546
+ if (
+ isinstance(value, dict)
+ and "value" in value
+ and "current_value" not in value
+ ):
+ value["current_value"] = value["value"]
+
# In general, the value is just a simple value.
# Sometimes it could be a dict used to overwrite the option itself
value = value if isinstance(value, dict) else {"current_value": value}
option.update(value)
+ self.values[option["id"]] = value.get("current_value")
+
return self.values
- def _ask(self):
+ def _ask(self, action=None):
logger.debug("Ask unanswered question and prevalidate data")
if "i18n" in self.config:
for panel, section, option in self._iterate():
if "ask" not in option:
option["ask"] = m18n.n(self.config["i18n"] + "_" + option["id"])
+ # auto add i18n help text if present in locales
+ if m18n.key_exists(self.config["i18n"] + "_" + option["id"] + "_help"):
+ option["help"] = m18n.n(
+ self.config["i18n"] + "_" + option["id"] + "_help"
+ )
def display_header(message):
"""CLI panel/section header display"""
@@ -570,20 +700,46 @@ class ConfigPanel:
Moulinette.display(colorize(message, "purple"))
for panel, section, obj in self._iterate(["panel", "section"]):
- if panel == obj:
- name = _value_for_locale(panel["name"])
- display_header(f"\n{'='*40}\n>>>> {name}\n{'='*40}")
+
+ if (
+ section
+ and section.get("visible")
+ and not evaluate_simple_js_expression(
+ section["visible"], context=self.future_values
+ )
+ ):
+ continue
+
+ # Ugly hack to skip action section ... except when when explicitly running actions
+ if not action:
+ if section and section["is_action_section"]:
+ continue
+
+ if panel == obj:
+ name = _value_for_locale(panel["name"])
+ display_header(f"\n{'='*40}\n>>>> {name}\n{'='*40}")
+ else:
+ name = _value_for_locale(section["name"])
+ if name:
+ display_header(f"\n# {name}")
+ elif section:
+ # filter action section options in case of multiple buttons
+ section["options"] = [
+ option
+ for option in section["options"]
+ if option.get("type", "string") != "button"
+ or option["id"] == action
+ ]
+
+ if panel == obj:
continue
- name = _value_for_locale(section["name"])
- if name:
- display_header(f"\n# {name}")
# Check and ask unanswered questions
prefilled_answers = self.args.copy()
prefilled_answers.update(self.new_values)
questions = ask_questions_and_parse_answers(
- section["options"],
+ {question["name"]: question for question in section["options"]},
prefilled_answers=prefilled_answers,
current_values=self.values,
hooks=self.hooks,
@@ -596,8 +752,6 @@ class ConfigPanel:
}
)
- self.errors = None
-
def _get_default_values(self):
return {
option["id"]: option["default"]
@@ -704,7 +858,9 @@ class Question:
self.default = question.get("default", None)
self.optional = question.get("optional", False)
self.visible = question.get("visible", None)
- self.choices = question.get("choices", [])
+ self.readonly = question.get("readonly", False)
+ # Don't restrict choices if there's none specified
+ self.choices = question.get("choices", None)
self.pattern = question.get("pattern", self.pattern)
self.ask = question.get("ask", {"en": self.name})
self.help = question.get("help")
@@ -743,7 +899,7 @@ class Question:
confirm=False,
prefill=prefill,
is_multiline=(self.type == "text"),
- autocomplete=self.choices,
+ autocomplete=self.choices or [],
help=_value_for_locale(self.help),
)
@@ -763,8 +919,10 @@ class Question:
# Display question if no value filled or if it's a readonly message
if Moulinette.interface.type == "cli" and os.isatty(1):
text_for_user_input_in_cli = self._format_text_for_user_input_in_cli()
- if getattr(self, "readonly", False):
+ if self.readonly:
Moulinette.display(text_for_user_input_in_cli)
+ self.value = self.values[self.name] = self.current_value
+ return self.values
elif self.value is None:
self._prompt(text_for_user_input_in_cli)
@@ -824,7 +982,14 @@ class Question:
text_for_user_input_in_cli = _value_for_locale(self.ask)
- if self.choices:
+ if self.readonly:
+ text_for_user_input_in_cli = colorize(text_for_user_input_in_cli, "purple")
+ if self.choices:
+ return (
+ text_for_user_input_in_cli + f" {self.choices[self.current_value]}"
+ )
+ return text_for_user_input_in_cli + f" {self.humanize(self.current_value)}"
+ elif self.choices:
# Prevent displaying a shitload of choices
# (e.g. 100+ available users when choosing an app admin...)
@@ -910,7 +1075,7 @@ class DateQuestion(StringQuestion):
class TimeQuestion(StringQuestion):
pattern = {
- "regexp": r"^(1[12]|0?\d):[0-5]\d$",
+ "regexp": r"^(?:\d|[01]\d|2[0-3]):[0-5]\d$",
"error": "config_validate_time", # i18n: config_validate_time
}
@@ -924,6 +1089,7 @@ class ColorQuestion(StringQuestion):
class TagsQuestion(Question):
argument_type = "tags"
+ default_value = ""
@staticmethod
def humanize(value, option={}):
@@ -1095,7 +1261,8 @@ class BooleanQuestion(Question):
def _format_text_for_user_input_in_cli(self):
text_for_user_input_in_cli = super()._format_text_for_user_input_in_cli()
- text_for_user_input_in_cli += " [yes | no]"
+ if not self.readonly:
+ text_for_user_input_in_cli += " [yes | no]"
return text_for_user_input_in_cli
@@ -1185,6 +1352,8 @@ class UserQuestion(Question):
)
if self.default is None:
+ # FIXME: this code is obsolete with the new admins group
+ # Should be replaced by something like "any first user we find in the admin group"
root_mail = "root@%s" % _get_maindomain()
for user in self.choices.keys():
if root_mail in user_info(user).get("mail-aliases", []):
@@ -1192,6 +1361,31 @@ class UserQuestion(Question):
break
+class GroupQuestion(Question):
+ argument_type = "group"
+
+ def __init__(
+ self, question, context: Mapping[str, Any] = {}, hooks: Dict[str, Callable] = {}
+ ):
+
+ from yunohost.user import user_group_list
+
+ super().__init__(question, context)
+
+ self.choices = list(user_group_list(short=True)["groups"])
+
+ def _human_readable_group(g):
+ # i18n: visitors
+ # i18n: all_users
+ # i18n: admins
+ return m18n.n(g) if g in ["visitors", "all_users", "admins"] else g
+
+ self.choices = {g: _human_readable_group(g) for g in self.choices}
+
+ if self.default is None:
+ self.default = "all_users"
+
+
class NumberQuestion(Question):
argument_type = "number"
default_value = None
@@ -1248,7 +1442,6 @@ class NumberQuestion(Question):
class DisplayTextQuestion(Question):
argument_type = "display_text"
- readonly = True
def __init__(
self, question, context: Mapping[str, Any] = {}, hooks: Dict[str, Callable] = {}
@@ -1256,6 +1449,7 @@ class DisplayTextQuestion(Question):
super().__init__(question, context, hooks)
self.optional = True
+ self.readonly = True
self.style = question.get(
"style", "info" if question["type"] == "alert" else ""
)
@@ -1335,6 +1529,17 @@ class FileQuestion(Question):
return self.value
+class ButtonQuestion(Question):
+ argument_type = "button"
+ enabled = None
+
+ def __init__(
+ self, question, context: Mapping[str, Any] = {}, hooks: Dict[str, Callable] = {}
+ ):
+ super().__init__(question, context, hooks)
+ self.enabled = question.get("enabled", None)
+
+
ARGUMENTS_TYPE_PARSERS = {
"string": StringQuestion,
"text": StringQuestion,
@@ -1350,6 +1555,7 @@ ARGUMENTS_TYPE_PARSERS = {
"boolean": BooleanQuestion,
"domain": DomainQuestion,
"user": UserQuestion,
+ "group": GroupQuestion,
"number": NumberQuestion,
"range": NumberQuestion,
"display_text": DisplayTextQuestion,
@@ -1357,6 +1563,7 @@ ARGUMENTS_TYPE_PARSERS = {
"markdown": DisplayTextQuestion,
"file": FileQuestion,
"app": AppQuestion,
+ "button": ButtonQuestion,
}
@@ -1394,10 +1601,23 @@ def ask_questions_and_parse_answers(
context = {**current_values, **answers}
out = []
- for raw_question in raw_questions:
+ for name, raw_question in raw_questions.items():
+ raw_question["name"] = name
question_class = ARGUMENTS_TYPE_PARSERS[raw_question.get("type", "string")]
- raw_question["value"] = answers.get(raw_question["name"])
+ raw_question["value"] = answers.get(name)
question = question_class(raw_question, context=context, hooks=hooks)
+ if question.type == "button":
+ if question.enabled is None or evaluate_simple_js_expression( # type: ignore
+ question.enabled, context=context # type: ignore
+ ): # type: ignore
+ continue
+ else:
+ raise YunohostValidationError(
+ "config_action_disabled",
+ action=question.name,
+ help=_value_for_locale(question.help),
+ )
+
new_values = question.ask_if_needed()
answers.update(new_values)
context.update(new_values)
diff --git a/src/utils/dns.py b/src/utils/dns.py
index ccb6c5406..091168615 100644
--- a/src/utils/dns.py
+++ b/src/utils/dns.py
@@ -1,23 +1,21 @@
-# -*- coding: utf-8 -*-
-
-""" License
-
- Copyright (C) 2018 YUNOHOST.ORG
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program; if not, see http://www.gnu.org/licenses
-
-"""
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
import dns.resolver
from typing import List
diff --git a/src/utils/error.py b/src/utils/error.py
index a92f3bd5a..e7046540d 100644
--- a/src/utils/error.py
+++ b/src/utils/error.py
@@ -1,24 +1,21 @@
-# -*- coding: utf-8 -*-
-
-""" License
-
- Copyright (C) 2018 YUNOHOST.ORG
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program; if not, see http://www.gnu.org/licenses
-
-"""
-
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
from moulinette.core import MoulinetteError, MoulinetteAuthenticationError
from moulinette import m18n
diff --git a/src/utils/filesystem.py b/src/utils/filesystem.py
deleted file mode 100644
index 04d7d3906..000000000
--- a/src/utils/filesystem.py
+++ /dev/null
@@ -1,31 +0,0 @@
-# -*- coding: utf-8 -*-
-
-""" License
-
- Copyright (C) 2018 YUNOHOST.ORG
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program; if not, see http://www.gnu.org/licenses
-
-"""
-import os
-
-
-def free_space_in_directory(dirpath):
- stat = os.statvfs(dirpath)
- return stat.f_frsize * stat.f_bavail
-
-
-def space_used_by_directory(dirpath):
- stat = os.statvfs(dirpath)
- return stat.f_frsize * stat.f_blocks
diff --git a/src/utils/i18n.py b/src/utils/i18n.py
index a0daf8181..ecbfe36e8 100644
--- a/src/utils/i18n.py
+++ b/src/utils/i18n.py
@@ -1,23 +1,21 @@
-# -*- coding: utf-8 -*-
-
-""" License
-
- Copyright (C) 2018 YUNOHOST.ORG
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program; if not, see http://www.gnu.org/licenses
-
-"""
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
from moulinette import m18n
diff --git a/src/utils/ldap.py b/src/utils/ldap.py
index 98c0fecf7..ee50d0b98 100644
--- a/src/utils/ldap.py
+++ b/src/utils/ldap.py
@@ -1,23 +1,21 @@
-# -*- coding: utf-8 -*-
-""" License
-
- Copyright (C) 2019 YunoHost
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program; if not, see http://www.gnu.org/licenses
-
-"""
-
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
import os
import atexit
import logging
@@ -84,7 +82,7 @@ class LDAPInterface:
def connect(self):
def _reconnect():
con = ldap.ldapobject.ReconnectLDAPObject(
- self.uri, retry_max=10, retry_delay=0.5
+ self.uri, retry_max=10, retry_delay=2
)
con.sasl_non_interactive_bind_s("EXTERNAL")
return con
@@ -145,6 +143,8 @@ class LDAPInterface:
try:
result = self.con.search_s(base, ldap.SCOPE_SUBTREE, filter, attrs)
+ except ldap.SERVER_DOWN as e:
+ raise e
except Exception as e:
raise MoulinetteError(
"error during LDAP search operation with: base='%s', "
diff --git a/src/utils/legacy.py b/src/utils/legacy.py
index 5e5d15fe8..3334632c2 100644
--- a/src/utils/legacy.py
+++ b/src/utils/legacy.py
@@ -1,3 +1,21 @@
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
import os
import re
import glob
@@ -62,6 +80,32 @@ LEGACY_PERMISSION_LABEL = {
): "api", # $excaped_domain$excaped_path/[%w-.]*/[%w-.]*/git%-receive%-pack,$excaped_domain$excaped_path/[%w-.]*/[%w-.]*/git%-upload%-pack,$excaped_domain$excaped_path/[%w-.]*/[%w-.]*/info/refs
}
+LEGACY_SETTINGS = {
+ "security.password.admin.strength": "security.password.admin_strength",
+ "security.password.user.strength": "security.password.user_strength",
+ "security.ssh.compatibility": "security.ssh.ssh_compatibility",
+ "security.ssh.port": "security.ssh.ssh_port",
+ "security.ssh.password_authentication": "security.ssh.ssh_password_authentication",
+ "security.nginx.redirect_to_https": "security.nginx.nginx_redirect_to_https",
+ "security.nginx.compatibility": "security.nginx.nginx_compatibility",
+ "security.postfix.compatibility": "security.postfix.postfix_compatibility",
+ "pop3.enabled": "email.pop3.pop3_enabled",
+ "smtp.allow_ipv6": "email.smtp.smtp_allow_ipv6",
+ "smtp.relay.host": "email.smtp.smtp_relay_host",
+ "smtp.relay.port": "email.smtp.smtp_relay_port",
+ "smtp.relay.user": "email.smtp.smtp_relay_user",
+ "smtp.relay.password": "email.smtp.smtp_relay_password",
+ "backup.compress_tar_archives": "misc.backup.backup_compress_tar_archives",
+ "ssowat.panel_overlay.enabled": "misc.portal.ssowat_panel_overlay_enabled",
+ "security.webadmin.allowlist.enabled": "security.webadmin.webadmin_allowlist_enabled",
+ "security.webadmin.allowlist": "security.webadmin.webadmin_allowlist",
+ "security.experimental.enabled": "security.experimental.security_experimental_enabled",
+}
+
+
+def translate_legacy_settings_to_configpanel_settings(settings):
+ return LEGACY_SETTINGS.get(settings, settings)
+
def legacy_permission_label(app, permission_type):
return LEGACY_PERMISSION_LABEL.get(
@@ -209,6 +253,11 @@ def _patch_legacy_helpers(app_folder):
"yunohost app checkport": {"important": True},
"yunohost tools port-available": {"important": True},
"yunohost app checkurl": {"important": True},
+ "yunohost user create": {
+ "pattern": r"yunohost user create (\S+) (-f|--firstname) (\S+) (-l|--lastname) \S+ (.*)",
+ "replace": r"yunohost user create \1 --fullname \3 \5",
+ "important": False,
+ },
# Remove
# Automatic diagnosis data from YunoHost
# __PRE_TAG1__$(yunohost tools diagnosis | ...)__PRE_TAG2__"
diff --git a/src/utils/network.py b/src/utils/network.py
index 28dcb204c..06dd3493d 100644
--- a/src/utils/network.py
+++ b/src/utils/network.py
@@ -1,23 +1,21 @@
-# -*- coding: utf-8 -*-
-
-""" License
-
- Copyright (C) 2017 YUNOHOST.ORG
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program; if not, see http://www.gnu.org/licenses
-
-"""
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
import os
import re
import logging
diff --git a/src/utils/password.py b/src/utils/password.py
index 5b8372962..3202e8055 100644
--- a/src/utils/password.py
+++ b/src/utils/password.py
@@ -1,29 +1,26 @@
-# -*- coding: utf-8 -*-
-
-""" License
-
- Copyright (C) 2018 YunoHost
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program; if not, see http://www.gnu.org/licenses
-
-"""
-
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
import sys
import os
-import json
import string
import subprocess
+import yaml
SMALL_PWD_LIST = [
"yunohost",
@@ -36,7 +33,14 @@ SMALL_PWD_LIST = [
"rpi",
]
-MOST_USED_PASSWORDS = "/usr/share/yunohost/100000-most-used-passwords.txt"
+#
+# 100k firsts "most used password" with length 8+
+#
+# List obtained with:
+# curl -L https://github.com/danielmiessler/SecLists/raw/master/Passwords/Common-Credentials/10-million-password-list-top-1000000.txt \
+# | grep -v -E "^[a-zA-Z0-9]{1,7}$" | head -n 100000 | gzip > 100000-most-used-passwords-length8plus.txt.gz
+#
+MOST_USED_PASSWORDS = "/usr/share/yunohost/100000-most-used-passwords-length8plus.txt"
# Length, digits, lowers, uppers, others
STRENGTH_LEVELS = [
@@ -47,7 +51,25 @@ STRENGTH_LEVELS = [
]
+def assert_password_is_compatible(password):
+ """
+ UNIX seems to not like password longer than 127 chars ...
+ e.g. SSH login gets broken (or even 'su admin' when entering the password)
+ """
+
+ if len(password) >= 127:
+
+ # Note that those imports are made here and can't be put
+ # on top (at least not the moulinette ones)
+ # because the moulinette needs to be correctly initialized
+ # as well as modules available in python's path.
+ from yunohost.utils.error import YunohostValidationError
+
+ raise YunohostValidationError("password_too_long")
+
+
def assert_password_is_strong_enough(profile, password):
+
PasswordValidator(profile).validate(password)
@@ -58,7 +80,7 @@ class PasswordValidator:
The profile shall be either "user" or "admin"
and will correspond to a validation strength
- defined via the setting "security.password..strength"
+ defined via the setting "security.password._strength"
"""
self.profile = profile
@@ -67,9 +89,9 @@ class PasswordValidator:
# from settings.py because this file is also meant to be
# use as a script by ssowat.
# (or at least that's my understanding -- Alex)
- settings = json.load(open("/etc/yunohost/settings.json", "r"))
- setting_key = "security.password." + profile + ".strength"
- self.validation_strength = int(settings[setting_key]["value"])
+ settings = yaml.safe_load(open("/etc/yunohost/settings.yml", "r"))
+ setting_key = profile + "_strength"
+ self.validation_strength = int(settings[setting_key])
except Exception:
# Fallback to default value if we can't fetch settings for some reason
self.validation_strength = 1
diff --git a/src/utils/resources.py b/src/utils/resources.py
new file mode 100644
index 000000000..7b500ad3f
--- /dev/null
+++ b/src/utils/resources.py
@@ -0,0 +1,1031 @@
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
+import os
+import copy
+import shutil
+import random
+from typing import Dict, Any, List
+
+from moulinette import m18n
+from moulinette.utils.process import check_output
+from moulinette.utils.log import getActionLogger
+from moulinette.utils.filesystem import mkdir, chown, chmod, write_to_file
+from moulinette.utils.filesystem import (
+ rm,
+)
+
+from yunohost.utils.error import YunohostError, YunohostValidationError
+
+logger = getActionLogger("yunohost.app_resources")
+
+
+class AppResourceManager:
+ def __init__(self, app: str, current: Dict, wanted: Dict):
+
+ self.app = app
+ self.current = current
+ self.wanted = wanted
+
+ if "resources" not in self.current:
+ self.current["resources"] = {}
+ if "resources" not in self.wanted:
+ self.wanted["resources"] = {}
+
+ def apply(
+ self, rollback_and_raise_exception_if_failure, operation_logger=None, **context
+ ):
+
+ todos = list(self.compute_todos())
+ completed = []
+ rollback = False
+ exception = None
+
+ for todo, name, old, new in todos:
+ try:
+ if todo == "deprovision":
+ # FIXME : i18n, better info strings
+ logger.info(f"Deprovisionning {name} ...")
+ old.deprovision(context=context)
+ elif todo == "provision":
+ logger.info(f"Provisionning {name} ...")
+ new.provision_or_update(context=context)
+ elif todo == "update":
+ logger.info(f"Updating {name} ...")
+ new.provision_or_update(context=context)
+ except (KeyboardInterrupt, Exception) as e:
+ exception = e
+ if isinstance(e, KeyboardInterrupt):
+ logger.error(m18n.n("operation_interrupted"))
+ else:
+ logger.warning(f"Failed to {todo} {name} : {e}")
+ if rollback_and_raise_exception_if_failure:
+ rollback = True
+ completed.append((todo, name, old, new))
+ break
+ else:
+ pass
+ else:
+ completed.append((todo, name, old, new))
+
+ if rollback:
+ for todo, name, old, new in completed:
+ try:
+ # (NB. here we want to undo the todo)
+ if todo == "deprovision":
+ # FIXME : i18n, better info strings
+ logger.info(f"Reprovisionning {name} ...")
+ old.provision_or_update(context=context)
+ elif todo == "provision":
+ logger.info(f"Deprovisionning {name} ...")
+ new.deprovision(context=context)
+ elif todo == "update":
+ logger.info(f"Reverting {name} ...")
+ old.provision_or_update(context=context)
+ except (KeyboardInterrupt, Exception) as e:
+ if isinstance(e, KeyboardInterrupt):
+ logger.error(m18n.n("operation_interrupted"))
+ else:
+ logger.error(f"Failed to rollback {name} : {e}")
+
+ if exception:
+ if rollback_and_raise_exception_if_failure:
+ logger.error(
+ m18n.n("app_resource_failed", app=self.app, error=exception)
+ )
+ if operation_logger:
+ failure_message_with_debug_instructions = operation_logger.error(
+ str(exception)
+ )
+ raise YunohostError(
+ failure_message_with_debug_instructions, raw_msg=True
+ )
+ else:
+ raise YunohostError(str(exception), raw_msg=True)
+ else:
+ logger.error(exception)
+
+ def compute_todos(self):
+
+ for name, infos in reversed(self.current["resources"].items()):
+ if name not in self.wanted["resources"].keys():
+ resource = AppResourceClassesByType[name](infos, self.app, self)
+ yield ("deprovision", name, resource, None)
+
+ for name, infos in self.wanted["resources"].items():
+ wanted_resource = AppResourceClassesByType[name](infos, self.app, self)
+ if name not in self.current["resources"].keys():
+ yield ("provision", name, None, wanted_resource)
+ else:
+ infos_ = self.current["resources"][name]
+ current_resource = AppResourceClassesByType[name](
+ infos_, self.app, self
+ )
+ yield ("update", name, current_resource, wanted_resource)
+
+
+class AppResource:
+
+ type: str = ""
+ default_properties: Dict[str, Any] = {}
+
+ def __init__(self, properties: Dict[str, Any], app: str, manager=None):
+
+ self.app = app
+ self.manager = manager
+
+ for key, value in self.default_properties.items():
+ if isinstance(value, str):
+ value = value.replace("__APP__", self.app)
+ setattr(self, key, value)
+
+ for key, value in properties.items():
+ if isinstance(value, str):
+ value = value.replace("__APP__", self.app)
+ setattr(self, key, value)
+
+ def get_setting(self, key):
+ from yunohost.app import app_setting
+
+ return app_setting(self.app, key)
+
+ def set_setting(self, key, value):
+ from yunohost.app import app_setting
+
+ app_setting(self.app, key, value=value)
+
+ def delete_setting(self, key):
+ from yunohost.app import app_setting
+
+ app_setting(self.app, key, delete=True)
+
+ def _run_script(self, action, script, env={}, user="root"):
+
+ from yunohost.app import (
+ _make_tmp_workdir_for_app,
+ _make_environment_for_app_script,
+ )
+ from yunohost.hook import hook_exec_with_script_debug_if_failure
+
+ tmpdir = _make_tmp_workdir_for_app(app=self.app)
+
+ env_ = _make_environment_for_app_script(
+ self.app, workdir=tmpdir, action=f"{action}_{self.type}"
+ )
+ env_.update(env)
+
+ script_path = f"{tmpdir}/{action}_{self.type}"
+ script = f"""
+source /usr/share/yunohost/helpers
+ynh_abort_if_errors
+
+{script}
+"""
+
+ write_to_file(script_path, script)
+
+ from yunohost.log import OperationLogger
+
+ if OperationLogger._instances:
+ # FIXME ? : this is an ugly hack :(
+ operation_logger = OperationLogger._instances[-1]
+ else:
+ operation_logger = OperationLogger(
+ "resource_snippet", [("app", self.app)], env=env_
+ )
+ operation_logger.start()
+
+ try:
+ (
+ call_failed,
+ failure_message_with_debug_instructions,
+ ) = hook_exec_with_script_debug_if_failure(
+ script_path,
+ env=env_,
+ operation_logger=operation_logger,
+ error_message_if_script_failed="An error occured inside the script snippet",
+ error_message_if_failed=lambda e: f"{action} failed for {self.type} : {e}",
+ )
+ finally:
+ if call_failed:
+ raise YunohostError(
+ failure_message_with_debug_instructions, raw_msg=True
+ )
+ else:
+ # FIXME: currently in app install code, we have
+ # more sophisticated code checking if this broke something on the system etc ...
+ # dunno if we want to do this here or manage it elsewhere
+ pass
+
+ # print(ret)
+
+
+class PermissionsResource(AppResource):
+ """
+ Configure the SSO permissions/tiles. Typically, webapps are expected to have a 'main' permission mapped to '/', meaning that a tile pointing to the `$domain/$path` will be available in the SSO for users allowed to access that app.
+
+ Additional permissions can be created, typically to have a specific tile and/or access rules for the admin part of a webapp.
+
+ The list of allowed user/groups may be initialized using the content of the `init_{perm}_permission` question from the manifest, hence `init_main_permission` replaces the `is_public` question and shall contain a group name (typically, `all_users` or `visitors`).
+
+ ##### Example:
+ ```toml
+ [resources.permissions]
+ main.url = "/"
+ # (these two previous lines should be enough in the majority of cases)
+
+ admin.url = "/admin"
+ admin.show_tile = false
+ admin.allowed = "admins" # Assuming the "admins" group exists (cf future developments ;))
+ ```
+
+ ##### Properties (for each perm name):
+ - `url`: The relative URI corresponding to this permission. Typically `/` or `/something`. This property may be omitted for non-web permissions.
+ - `show_tile`: (default: `true` if `url` is defined) Wether or not a tile should be displayed for that permission in the user portal
+ - `allowed`: (default: nobody) The group initially allowed to access this perm, if `init_{perm}_permission` is not defined in the manifest questions. Note that the admin may tweak who is allowed/unallowed on that permission later on, this is only meant to **initialize** the permission.
+ - `auth_header`: (default: `true`) Define for the URL of this permission, if SSOwat pass the authentication header to the application. Default is true
+ - `protected`: (default: `false`) Define if this permission is protected. If it is protected the administrator won't be able to add or remove the visitors group of this permission. Defaults to 'false'.
+ - `additional_urls`: (default: none) List of additional URL for which access will be allowed/forbidden
+
+ ##### Provision/Update:
+ - Delete any permissions that may exist and be related to this app yet is not declared anymore
+ - Loop over the declared permissions and create them if needed or update them with the new values
+
+ ##### Deprovision:
+ - Delete all permission related to this app
+
+ ##### Legacy management:
+ - Legacy `is_public` setting will be deleted if it exists
+ """
+
+ # Notes for future ?
+ # deep_clean -> delete permissions for any __APP__.foobar where app not in app list...
+ # backup -> handled elsewhere by the core, should be integrated in there (dump .ldif/yml?)
+ # restore -> handled by the core, should be integrated in there (restore .ldif/yml?)
+
+ type = "permissions"
+ priority = 80
+
+ default_properties: Dict[str, Any] = {}
+
+ default_perm_properties: Dict[str, Any] = {
+ "url": None,
+ "additional_urls": [],
+ "auth_header": True,
+ "allowed": None,
+ "show_tile": None, # To be automagically set to True by default if an url is defined and show_tile not provided
+ "protected": False,
+ }
+
+ permissions: Dict[str, Dict[str, Any]] = {}
+
+ def __init__(self, properties: Dict[str, Any], *args, **kwargs):
+
+ # FIXME : if url != None, we should check that there's indeed a domain/path defined ? ie that app is a webapp
+
+ for perm, infos in properties.items():
+ properties[perm] = copy.copy(self.default_perm_properties)
+ properties[perm].update(infos)
+ if properties[perm]["show_tile"] is None:
+ properties[perm]["show_tile"] = bool(properties[perm]["url"])
+
+ if (
+ isinstance(properties["main"]["url"], str)
+ and properties["main"]["url"] != "/"
+ ):
+ raise YunohostError(
+ "URL for the 'main' permission should be '/' for webapps (or undefined/None for non-webapps). Note that / refers to the install url of the app"
+ )
+
+ super().__init__({"permissions": properties}, *args, **kwargs)
+
+ def provision_or_update(self, context: Dict = {}):
+
+ from yunohost.permission import (
+ permission_create,
+ permission_url,
+ permission_delete,
+ user_permission_list,
+ user_permission_update,
+ permission_sync_to_user,
+ )
+
+ # Delete legacy is_public setting if not already done
+ self.delete_setting("is_public")
+
+ existing_perms = user_permission_list(short=True, apps=[self.app])[
+ "permissions"
+ ]
+ for perm in existing_perms:
+ if perm.split(".")[1] not in self.permissions.keys():
+ permission_delete(perm, force=True, sync_perm=False)
+
+ for perm, infos in self.permissions.items():
+ perm_id = f"{self.app}.{perm}"
+ if perm_id not in existing_perms:
+ # Use the 'allowed' key from the manifest,
+ # or use the 'init_{perm}_permission' from the install questions
+ # which is temporarily saved as a setting as an ugly hack to pass the info to this piece of code...
+ init_allowed = (
+ infos["allowed"]
+ or self.get_setting(f"init_{perm}_permission")
+ or []
+ )
+ permission_create(
+ perm_id,
+ allowed=init_allowed,
+ # This is why the ugly hack with self.manager exists >_>
+ label=self.manager.wanted["name"] if perm == "main" else perm,
+ url=infos["url"],
+ additional_urls=infos["additional_urls"],
+ auth_header=infos["auth_header"],
+ sync_perm=False,
+ )
+ self.delete_setting(f"init_{perm}_permission")
+
+ user_permission_update(
+ perm_id,
+ show_tile=infos["show_tile"],
+ protected=infos["protected"],
+ sync_perm=False,
+ )
+ permission_url(
+ perm_id,
+ url=infos["url"],
+ set_url=infos["additional_urls"],
+ auth_header=infos["auth_header"],
+ sync_perm=False,
+ )
+
+ permission_sync_to_user()
+
+ def deprovision(self, context: Dict = {}):
+
+ from yunohost.permission import (
+ permission_delete,
+ user_permission_list,
+ permission_sync_to_user,
+ )
+
+ existing_perms = user_permission_list(short=True, apps=[self.app])[
+ "permissions"
+ ]
+ for perm in existing_perms:
+ permission_delete(perm, force=True, sync_perm=False)
+
+ permission_sync_to_user()
+
+
+class SystemuserAppResource(AppResource):
+ """
+ Provision a system user to be used by the app. The username is exactly equal to the app id
+
+ ##### Example:
+ ```toml
+ [resources.system_user]
+ # (empty - defaults are usually okay)
+ ```
+
+ ##### Properties:
+ - `allow_ssh`: (default: False) Adds the user to the ssh.app group, allowing SSH connection via this user
+ - `allow_sftp`: (defalt: False) Adds the user to the sftp.app group, allowing SFTP connection via this user
+
+ ##### Provision/Update:
+ - will create the system user if it doesn't exists yet
+ - will add/remove the ssh/sftp.app groups
+
+ ##### Deprovision:
+ - deletes the user and group
+ """
+
+ # Notes for future?
+ #
+ # deep_clean -> uuuuh ? delete any user that could correspond to an app x_x ?
+ #
+ # backup -> nothing
+ # restore -> provision
+
+ type = "system_user"
+ priority = 20
+
+ default_properties: Dict[str, Any] = {"allow_ssh": False, "allow_sftp": False}
+
+ # FIXME : wat do regarding ssl-cert, multimedia
+ # FIXME : wat do about home dir
+
+ allow_ssh: bool = False
+ allow_sftp: bool = False
+
+ def provision_or_update(self, context: Dict = {}):
+
+ # FIXME : validate that no yunohost user exists with that name?
+ # and/or that no system user exists during install ?
+
+ if not check_output(f"getent passwd {self.app} &>/dev/null || true").strip():
+ # FIXME: improve logging ? os.system wont log stdout / stderr
+ cmd = f"useradd --system --user-group {self.app}"
+ ret = os.system(cmd)
+ assert ret == 0, f"useradd command failed with exit code {ret}"
+
+ if not check_output(f"getent passwd {self.app} &>/dev/null || true").strip():
+ raise YunohostError(
+ f"Failed to create system user for {self.app}", raw_msg=True
+ )
+
+ groups = set(check_output(f"groups {self.app}").strip().split()[2:])
+
+ if self.allow_ssh:
+ groups.add("ssh.app")
+ elif "ssh.app" in groups:
+ groups.remove("ssh.app")
+
+ if self.allow_sftp:
+ groups.add("sftp.app")
+ elif "sftp.app" in groups:
+ groups.remove("sftp.app")
+
+ os.system(f"usermod -G {','.join(groups)} {self.app}")
+
+ def deprovision(self, context: Dict = {}):
+
+ if check_output(f"getent passwd {self.app} &>/dev/null || true").strip():
+ os.system(f"deluser {self.app} >/dev/null")
+ if check_output(f"getent passwd {self.app} &>/dev/null || true").strip():
+ raise YunohostError(f"Failed to delete system user for {self.app}")
+
+ if check_output(f"getent group {self.app} &>/dev/null || true").strip():
+ os.system(f"delgroup {self.app} >/dev/null")
+ if check_output(f"getent group {self.app} &>/dev/null || true").strip():
+ raise YunohostError(f"Failed to delete system user for {self.app}")
+
+ # FIXME : better logging and error handling, add stdout/stderr from the deluser/delgroup commands...
+
+
+class InstalldirAppResource(AppResource):
+ """
+ Creates a directory to be used by the app as the installation directory, typically where the app sources and assets are located. The corresponding path is stored in the settings as `install_dir`
+
+ ##### Example:
+ ```toml
+ [resources.install_dir]
+ # (empty - defaults are usually okay)
+ ```
+
+ ##### Properties:
+ - `dir`: (default: `/var/www/__APP__`) The full path of the install dir
+ - `owner`: (default: `__APP__:rx`) The owner (and owner permissions) for the install dir
+ - `group`: (default: `__APP__:rx`) The group (and group permissions) for the install dir
+
+ ##### Provision/Update:
+ - during install, the folder will be deleted if it already exists (FIXME: is this what we want?)
+ - if the dir path changed and a folder exists at the old location, the folder will be `mv`'ed to the new location
+ - otherwise, creates the directory if it doesn't exists yet
+ - (re-)apply permissions (only on the folder itself, not recursively)
+ - save the value of `dir` as `install_dir` in the app's settings, which can be then used by the app scripts (`$install_dir`) and conf templates (`__INSTALL_DIR__`)
+
+ ##### Deprovision:
+ - recursively deletes the directory if it exists
+
+ ##### Legacy management:
+ - In the past, the setting was called `final_path`. The code will automatically rename it as `install_dir`.
+ - As explained in the 'Provision/Update' section, the folder will also be moved if the location changed
+
+ """
+
+ # Notes for future?
+ # deep_clean -> uuuuh ? delete any dir in /var/www/ that would not correspond to an app x_x ?
+ # backup -> cp install dir
+ # restore -> cp install dir
+
+ type = "install_dir"
+ priority = 30
+
+ default_properties: Dict[str, Any] = {
+ "dir": "/var/www/__APP__",
+ "owner": "__APP__:rx",
+ "group": "__APP__:rx",
+ }
+
+ dir: str = ""
+ owner: str = ""
+ group: str = ""
+
+ # FIXME: change default dir to /opt/stuff if app ain't a webapp ...
+
+ def provision_or_update(self, context: Dict = {}):
+
+ assert self.dir.strip() # Be paranoid about self.dir being empty...
+ assert self.owner.strip()
+ assert self.group.strip()
+
+ current_install_dir = self.get_setting("install_dir") or self.get_setting(
+ "final_path"
+ )
+
+ # If during install, /var/www/$app already exists, assume that it's okay to remove and recreate it
+ # FIXME : is this the right thing to do ?
+ if not current_install_dir and os.path.isdir(self.dir):
+ rm(self.dir, recursive=True)
+
+ # isdir will be True if the path is a symlink pointing to a dir
+ # This should cover cases where people moved the data dir to another place via a symlink (ie we dont enter the if)
+ if not os.path.isdir(self.dir):
+ # Handle case where install location changed, in which case we shall move the existing install dir
+ # FIXME: confirm that's what we wanna do
+ # Maybe a middle ground could be to compute the size, check that it's not too crazy (eg > 1G idk),
+ # and check for available space on the destination
+ if current_install_dir and os.path.isdir(current_install_dir):
+ logger.warning(
+ f"Moving {current_install_dir} to {self.dir} ... (this may take a while)"
+ )
+ shutil.move(current_install_dir, self.dir)
+ else:
+ mkdir(self.dir)
+
+ owner, owner_perm = self.owner.split(":")
+ group, group_perm = self.group.split(":")
+ owner_perm_octal = (
+ (4 if "r" in owner_perm else 0)
+ + (2 if "w" in owner_perm else 0)
+ + (1 if "x" in owner_perm else 0)
+ )
+ group_perm_octal = (
+ (4 if "r" in group_perm else 0)
+ + (2 if "w" in group_perm else 0)
+ + (1 if "x" in group_perm else 0)
+ )
+
+ perm_octal = 0o100 * owner_perm_octal + 0o010 * group_perm_octal
+
+ # NB: we use realpath here to cover cases where self.dir could actually be a symlink
+ # in which case we want to apply the perm to the pointed dir, not to the symlink
+ chmod(os.path.realpath(self.dir), perm_octal)
+ chown(os.path.realpath(self.dir), owner, group)
+ # FIXME: shall we apply permissions recursively ?
+
+ self.set_setting("install_dir", self.dir)
+ self.delete_setting("final_path") # Legacy
+
+ def deprovision(self, context: Dict = {}):
+
+ assert self.dir.strip() # Be paranoid about self.dir being empty...
+ assert self.owner.strip()
+ assert self.group.strip()
+
+ # FIXME : check that self.dir has a sensible value to prevent catastrophes
+ if os.path.isdir(self.dir):
+ rm(self.dir, recursive=True)
+ # FIXME : in fact we should delete settings to be consistent
+
+
+class DatadirAppResource(AppResource):
+ """
+ Creates a directory to be used by the app as the data store directory, typically where the app multimedia or large assets added by users are located. The corresponding path is stored in the settings as `data_dir`. This resource behaves very similarly to install_dir.
+
+ ##### Example:
+ ```toml
+ [resources.data_dir]
+ # (empty - defaults are usually okay)
+ ```
+
+ ##### Properties:
+ - `dir`: (default: `/home/yunohost.app/__APP__`) The full path of the data dir
+ - `owner`: (default: `__APP__:rx`) The owner (and owner permissions) for the data dir
+ - `group`: (default: `__APP__:rx`) The group (and group permissions) for the data dir
+
+ ##### Provision/Update:
+ - if the dir path changed and a folder exists at the old location, the folder will be `mv`'ed to the new location
+ - otherwise, creates the directory if it doesn't exists yet
+ - (re-)apply permissions (only on the folder itself, not recursively)
+ - save the value of `dir` as `data_dir` in the app's settings, which can be then used by the app scripts (`$data_dir`) and conf templates (`__DATA_DIR__`)
+
+ ##### Deprovision:
+ - (only if the purge option is chosen by the user) recursively deletes the directory if it exists
+ - also delete the corresponding setting
+
+ ##### Legacy management:
+ - In the past, the setting may have been called `datadir`. The code will automatically rename it as `data_dir`.
+ - As explained in the 'Provision/Update' section, the folder will also be moved if the location changed
+
+ """
+
+ # notes for future ?
+ # deep_clean -> zblerg idk nothing
+ # backup -> cp data dir ? (if not backup_core_only)
+ # restore -> cp data dir ? (if in backup)
+
+ type = "data_dir"
+ priority = 40
+
+ default_properties: Dict[str, Any] = {
+ "dir": "/home/yunohost.app/__APP__",
+ "owner": "__APP__:rx",
+ "group": "__APP__:rx",
+ }
+
+ dir: str = ""
+ owner: str = ""
+ group: str = ""
+
+ def provision_or_update(self, context: Dict = {}):
+
+ assert self.dir.strip() # Be paranoid about self.dir being empty...
+ assert self.owner.strip()
+ assert self.group.strip()
+
+ current_data_dir = self.get_setting("data_dir") or self.get_setting("datadir")
+
+ # isdir will be True if the path is a symlink pointing to a dir
+ # This should cover cases where people moved the data dir to another place via a symlink (ie we dont enter the if)
+ if not os.path.isdir(self.dir):
+ # Handle case where install location changed, in which case we shall move the existing install dir
+ # FIXME: same as install_dir, is this what we want ?
+ if current_data_dir and os.path.isdir(current_data_dir):
+ logger.warning(
+ f"Moving {current_data_dir} to {self.dir} ... (this may take a while)"
+ )
+ shutil.move(current_data_dir, self.dir)
+ else:
+ mkdir(self.dir)
+
+ owner, owner_perm = self.owner.split(":")
+ group, group_perm = self.group.split(":")
+ owner_perm_octal = (
+ (4 if "r" in owner_perm else 0)
+ + (2 if "w" in owner_perm else 0)
+ + (1 if "x" in owner_perm else 0)
+ )
+ group_perm_octal = (
+ (4 if "r" in group_perm else 0)
+ + (2 if "w" in group_perm else 0)
+ + (1 if "x" in group_perm else 0)
+ )
+ perm_octal = 0o100 * owner_perm_octal + 0o010 * group_perm_octal
+
+ # NB: we use realpath here to cover cases where self.dir could actually be a symlink
+ # in which case we want to apply the perm to the pointed dir, not to the symlink
+ chmod(os.path.realpath(self.dir), perm_octal)
+ chown(os.path.realpath(self.dir), owner, group)
+
+ self.set_setting("data_dir", self.dir)
+ self.delete_setting("datadir") # Legacy
+
+ def deprovision(self, context: Dict = {}):
+
+ assert self.dir.strip() # Be paranoid about self.dir being empty...
+ assert self.owner.strip()
+ assert self.group.strip()
+
+ if context.get("purge_data_dir", False) and os.path.isdir(self.dir):
+ rm(self.dir, recursive=True)
+
+ self.delete_setting("data_dir")
+
+
+class AptDependenciesAppResource(AppResource):
+ """
+ Create a virtual package in apt, depending on the list of specified packages that the app needs. The virtual packages is called `$app-ynh-deps` (with `_` being replaced by `-` in the app name, see `ynh_install_app_dependencies`)
+
+ ##### Example:
+ ```toml
+ [resources.apt]
+ packages = "nyancat, lolcat, sl"
+
+ # (this part is optional and corresponds to the legacy ynh_install_extra_app_dependencies helper)
+ extras.yarn.repo = "deb https://dl.yarnpkg.com/debian/ stable main"
+ extras.yarn.key = "https://dl.yarnpkg.com/debian/pubkey.gpg"
+ extras.yarn.packages = "yarn"
+ ```
+
+ ##### Properties:
+ - `packages`: Comma-separated list of packages to be installed via `apt`
+ - `extras`: A dict of (repo, key, packages) corresponding to "extra" repositories to fetch dependencies from
+
+ ##### Provision/Update:
+ - The code literally calls the bash helpers `ynh_install_app_dependencies` and `ynh_install_extra_app_dependencies`, similar to what happens in v1.
+
+ ##### Deprovision:
+ - The code literally calls the bash helper `ynh_remove_app_dependencies`
+ """
+
+ # Notes for future?
+ # deep_clean -> remove any __APP__-ynh-deps for app not in app list
+ # backup -> nothing
+ # restore = provision
+
+ type = "apt"
+ priority = 50
+
+ default_properties: Dict[str, Any] = {"packages": [], "extras": {}}
+
+ packages: List = []
+ extras: Dict[str, Dict[str, str]] = {}
+
+ def __init__(self, properties: Dict[str, Any], *args, **kwargs):
+
+ for key, values in properties.get("extras", {}).items():
+ if not all(
+ isinstance(values.get(k), str) for k in ["repo", "key", "packages"]
+ ):
+ raise YunohostError(
+ "In apt resource in the manifest: 'extras' repo should have the keys 'repo', 'key' and 'packages' defined and be strings"
+ )
+
+ super().__init__(properties, *args, **kwargs)
+
+ def provision_or_update(self, context: Dict = {}):
+
+ script = [f"ynh_install_app_dependencies {self.packages}"]
+ for repo, values in self.extras.items():
+ script += [
+ f"ynh_install_extra_app_dependencies --repo='{values['repo']}' --key='{values['key']}' --package='{values['packages']}'"
+ ]
+ # FIXME : we're feeding the raw value of values['packages'] to the helper .. if we want to be consistent, may they should be comma-separated, though in the majority of cases, only a single package is installed from an extra repo..
+
+ self._run_script("provision_or_update", "\n".join(script))
+
+ def deprovision(self, context: Dict = {}):
+
+ self._run_script("deprovision", "ynh_remove_app_dependencies")
+
+
+class PortsResource(AppResource):
+ """
+ Book port(s) to be used by the app, typically to be used to the internal reverse-proxy between nginx and the app process.
+
+ Note that because multiple ports can be booked, each properties is prefixed by the name of the port. `main` is a special name and will correspond to the setting `$port`, whereas for example `xmpp_client` will correspond to the setting `$port_xmpp_client`.
+
+ ##### Example:
+ ```toml
+ [resources.port]
+ # (empty should be fine for most apps ... though you can customize stuff if absolutely needed)
+
+ main.default = 12345 # if you really want to specify a prefered value .. but shouldnt matter in the majority of cases
+
+ xmpp_client.default = 5222 # if you need another port, pick a name for it (here, "xmpp_client")
+ xmpp_client.exposed = "TCP" # here, we're telling that the port needs to be publicly exposed on TCP on the firewall
+ ```
+
+ ##### Properties (for every port name):
+ - `default`: The prefered value for the port. If this port is already being used by another process right now, or is booked in another app's setting, the code will increment the value until it finds a free port and store that value as the setting. If no value is specified, a random value between 10000 and 60000 is used.
+ - `exposed`: (default: `false`) Wether this port should be opened on the firewall and be publicly reachable. This should be kept to `false` for the majority of apps than only need a port for internal reverse-proxying! Possible values: `false`, `true`(=`Both`), `Both`, `TCP`, `UDP`. This will result in the port being opened on the firewall, and the diagnosis checking that a program answers on that port.
+ - `fixed`: (default: `false`) Tells that the app absolutely needs the specific value provided in `default`, typically because it's needed for a specific protocol
+
+ ##### Provision/Update (for every port name):
+ - If not already booked, look for a free port, starting with the `default` value (or a random value between 10000 and 60000 if no `default` set)
+ - If `exposed` is not `false`, open the port in the firewall accordingly - otherwise make sure it's closed.
+ - The value of the port is stored in the `$port` setting for the `main` port, or `$port_NAME` for other `NAME`s
+
+ ##### Deprovision:
+ - Close the ports on the firewall if relevant
+ - Deletes all the port settings
+
+ ##### Legacy management:
+ - In the past, some settings may have been named `NAME_port` instead of `port_NAME`, in which case the code will automatically rename the old setting.
+ """
+
+ # Notes for future?
+ # deep_clean -> ?
+ # backup -> nothing (backup port setting)
+ # restore -> nothing (restore port setting)
+
+ type = "ports"
+ priority = 70
+
+ default_properties: Dict[str, Any] = {}
+
+ default_port_properties = {
+ "default": None,
+ "exposed": False, # or True(="Both"), "TCP", "UDP"
+ "fixed": False,
+ }
+
+ ports: Dict[str, Dict[str, Any]]
+
+ def __init__(self, properties: Dict[str, Any], *args, **kwargs):
+
+ if "main" not in properties:
+ properties["main"] = {}
+
+ for port, infos in properties.items():
+ properties[port] = copy.copy(self.default_port_properties)
+ properties[port].update(infos)
+
+ if properties[port]["default"] is None:
+ properties[port]["default"] = random.randint(10000, 60000)
+
+ super().__init__({"ports": properties}, *args, **kwargs)
+
+ def _port_is_used(self, port):
+
+ # FIXME : this could be less brutal than two os.system ...
+ cmd1 = (
+ "ss --numeric --listening --tcp --udp | awk '{print$5}' | grep --quiet --extended-regexp ':%s$'"
+ % port
+ )
+ # This second command is mean to cover (most) case where an app is using a port yet ain't currently using it for some reason (typically service ain't up)
+ cmd2 = f"grep --quiet \"port: '{port}'\" /etc/yunohost/apps/*/settings.yml"
+ return os.system(cmd1) == 0 and os.system(cmd2) == 0
+
+ def provision_or_update(self, context: Dict = {}):
+
+ from yunohost.firewall import firewall_allow, firewall_disallow
+
+ for name, infos in self.ports.items():
+
+ setting_name = f"port_{name}" if name != "main" else "port"
+ port_value = self.get_setting(setting_name)
+ if not port_value and name != "main":
+ # Automigrate from legacy setting foobar_port (instead of port_foobar)
+ legacy_setting_name = "{name}_port"
+ port_value = self.get_setting(legacy_setting_name)
+ if port_value:
+ self.set_setting(setting_name, port_value)
+ self.delete_setting(legacy_setting_name)
+ continue
+
+ if not port_value:
+ port_value = infos["default"]
+
+ if infos["fixed"]:
+ if self._port_is_used(port_value):
+ raise YunohostValidationError(
+ f"Port {port_value} is already used by another process or app."
+ )
+ else:
+ while self._port_is_used(port_value):
+ port_value += 1
+
+ self.set_setting(setting_name, port_value)
+
+ if infos["exposed"]:
+ firewall_allow(infos["exposed"], port_value, reload_only_if_change=True)
+ else:
+ firewall_disallow(
+ infos["exposed"], port_value, reload_only_if_change=True
+ )
+
+ def deprovision(self, context: Dict = {}):
+
+ from yunohost.firewall import firewall_disallow
+
+ for name, infos in self.ports.items():
+ setting_name = f"port_{name}" if name != "main" else "port"
+ value = self.get_setting(setting_name)
+ self.delete_setting(setting_name)
+ if value and str(value).strip():
+ firewall_disallow(
+ infos["exposed"], int(value), reload_only_if_change=True
+ )
+
+
+class DatabaseAppResource(AppResource):
+ """
+ Initialize a database, either using MySQL or Postgresql. Relevant DB infos are stored in settings `$db_name`, `$db_user` and `$db_pwd`.
+
+ NB: only one DB can be handled in such a way (is there really an app that would need two completely different DB ?...)
+
+ NB2: no automagic migration will happen in an suddenly change `type` from `mysql` to `postgresql` or viceversa in its life
+
+ ##### Example:
+ ```toml
+ [resources.database]
+ type = "mysql" # or : "postgresql". Only these two values are supported
+ ```
+
+ ##### Properties:
+ - `type`: The database type, either `mysql` or `postgresql`
+
+ ##### Provision/Update:
+ - (Re)set the `$db_name` and `$db_user` settings with the sanitized app name (replacing `-` and `.` with `_`)
+ - If `$db_pwd` doesn't already exists, pick a random database password and store it in that setting
+ - If the database doesn't exists yet, create the SQL user and DB using `ynh_mysql_create_db` or `ynh_psql_create_db`.
+
+ ##### Deprovision:
+ - Drop the DB using `ynh_mysql_remove_db` or `ynh_psql_remove_db`
+ - Deletes the `db_name`, `db_user` and `db_pwd` settings
+
+ ##### Legacy management:
+ - In the past, the sql passwords may have been named `mysqlpwd` or `psqlpwd`, in which case it will automatically be renamed as `db_pwd`
+ """
+
+ # Notes for future?
+ # deep_clean -> ... idk look into any db name that would not be related to any app ...
+ # backup -> dump db
+ # restore -> setup + inject db dump
+
+ type = "database"
+ priority = 90
+ dbtype: str = ""
+
+ default_properties: Dict[str, Any] = {
+ "dbtype": None,
+ }
+
+ def __init__(self, properties: Dict[str, Any], *args, **kwargs):
+
+ if "type" not in properties or properties["type"] not in [
+ "mysql",
+ "postgresql",
+ ]:
+ raise YunohostError(
+ "Specifying the type of db ('mysql' or 'postgresql') is mandatory for db resources",
+ raw_msg=True,
+ )
+
+ # Hack so that people can write type = "mysql/postgresql" in toml but it's loaded as dbtype
+ # to avoid conflicting with the generic self.type of the resource object ...
+ # dunno if that's really a good idea :|
+ properties = {"dbtype": properties["type"]}
+
+ super().__init__(properties, *args, **kwargs)
+
+ def db_exists(self, db_name):
+
+ if self.dbtype == "mysql":
+ return os.system(f"mysqlshow '{db_name}' >/dev/null 2>/dev/null") == 0
+ elif self.dbtype == "postgresql":
+ return (
+ os.system(
+ f"sudo --login --user=postgres psql -c '' '{db_name}' >/dev/null 2>/dev/null"
+ )
+ == 0
+ )
+ else:
+ return False
+
+ def provision_or_update(self, context: Dict = {}):
+
+ # This is equivalent to ynh_sanitize_dbid
+ db_name = self.app.replace("-", "_").replace(".", "_")
+ db_user = db_name
+ self.set_setting("db_name", db_name)
+ self.set_setting("db_user", db_user)
+
+ db_pwd = None
+ if self.get_setting("db_pwd"):
+ db_pwd = self.get_setting("db_pwd")
+ else:
+ # Legacy setting migration
+ legacypasswordsetting = (
+ "psqlpwd" if self.dbtype == "postgresql" else "mysqlpwd"
+ )
+ if self.get_setting(legacypasswordsetting):
+ db_pwd = self.get_setting(legacypasswordsetting)
+ self.delete_setting(legacypasswordsetting)
+ self.set_setting("db_pwd", db_pwd)
+
+ if not db_pwd:
+ from moulinette.utils.text import random_ascii
+
+ db_pwd = random_ascii(24)
+ self.set_setting("db_pwd", db_pwd)
+
+ if not self.db_exists(db_name):
+
+ if self.dbtype == "mysql":
+ self._run_script(
+ "provision",
+ f"ynh_mysql_create_db '{db_name}' '{db_user}' '{db_pwd}'",
+ )
+ elif self.dbtype == "postgresql":
+ self._run_script(
+ "provision",
+ f"ynh_psql_create_user '{db_user}' '{db_pwd}'; ynh_psql_create_db '{db_name}' '{db_user}'",
+ )
+
+ def deprovision(self, context: Dict = {}):
+
+ db_name = self.app.replace("-", "_").replace(".", "_")
+ db_user = db_name
+
+ if self.dbtype == "mysql":
+ self._run_script(
+ "deprovision", f"ynh_mysql_remove_db '{db_name}' '{db_user}'"
+ )
+ elif self.dbtype == "postgresql":
+ self._run_script(
+ "deprovision", f"ynh_psql_remove_db '{db_name}' '{db_user}'"
+ )
+
+ self.delete_setting("db_name")
+ self.delete_setting("db_user")
+ self.delete_setting("db_pwd")
+
+
+AppResourceClassesByType = {c.type: c for c in AppResource.__subclasses__()}
diff --git a/src/utils/packages.py b/src/utils/system.py
similarity index 52%
rename from src/utils/packages.py
rename to src/utils/system.py
index 3105bc4c7..8b0ed7092 100644
--- a/src/utils/packages.py
+++ b/src/utils/system.py
@@ -1,35 +1,110 @@
-# -*- coding: utf-8 -*-
-
-""" License
-
- Copyright (C) 2015 YUNOHOST.ORG
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU Affero General Public License as published
- by the Free Software Foundation, either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU Affero General Public License for more details.
-
- You should have received a copy of the GNU Affero General Public License
- along with this program; if not, see http://www.gnu.org/licenses
-
-"""
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
import re
import os
import logging
from moulinette.utils.process import check_output
-from packaging import version
+from yunohost.utils.error import YunohostError
logger = logging.getLogger("yunohost.utils.packages")
YUNOHOST_PACKAGES = ["yunohost", "yunohost-admin", "moulinette", "ssowat"]
+def system_arch():
+ return check_output("dpkg --print-architecture")
+
+
+def system_virt():
+ """
+ Returns the output of systemd-detect-virt (so e.g. 'none' or 'lxc' or ...)
+ You can check the man of the command to have a list of possible outputs...
+ """
+ # Detect virt technology (if not bare metal) and arch
+ # Gotta have this "|| true" because it systemd-detect-virt return 'none'
+ # with an error code on bare metal ~.~
+ return check_output("systemd-detect-virt || true")
+
+
+def free_space_in_directory(dirpath):
+ stat = os.statvfs(dirpath)
+ return stat.f_frsize * stat.f_bavail
+
+
+def space_used_by_directory(dirpath, follow_symlinks=True):
+
+ if not follow_symlinks:
+ du_output = check_output(["du", "-sb", dirpath], shell=False)
+ return int(du_output.split()[0])
+
+ stat = os.statvfs(dirpath)
+ return (
+ stat.f_frsize * stat.f_blocks
+ ) # FIXME : this doesnt do what the function name suggest this does ...
+
+
+def human_to_binary(size: str) -> int:
+
+ symbols = ("K", "M", "G", "T", "P", "E", "Z", "Y")
+ factor = {}
+ for i, s in enumerate(symbols):
+ factor[s] = 1 << (i + 1) * 10
+
+ suffix = size[-1]
+ size = size[:-1]
+
+ if suffix not in symbols:
+ raise YunohostError(
+ f"Invalid size suffix '{suffix}', expected one of {symbols}"
+ )
+
+ try:
+ size_ = float(size)
+ except Exception:
+ raise YunohostError(f"Failed to convert size {size} to float")
+
+ return int(size_ * factor[suffix])
+
+
+def binary_to_human(n: int) -> str:
+ """
+ Convert bytes or bits into human readable format with binary prefix
+ """
+ symbols = ("K", "M", "G", "T", "P", "E", "Z", "Y")
+ prefix = {}
+ for i, s in enumerate(symbols):
+ prefix[s] = 1 << (i + 1) * 10
+ for s in reversed(symbols):
+ if n >= prefix[s]:
+ value = float(n) / prefix[s]
+ return "%.1f%s" % (value, s)
+ return "%s" % n
+
+
+def ram_available():
+
+ import psutil
+
+ return (psutil.virtual_memory().available, psutil.swap_memory().free)
+
+
def get_ynh_package_version(package):
# Returns the installed version and release version ('stable' or 'testing'
@@ -40,7 +115,7 @@ def get_ynh_package_version(package):
# may handle changelog differently !
changelog = "/usr/share/doc/%s/changelog.gz" % package
- cmd = "gzip -cd %s 2>/dev/null | head -n1" % changelog
+ cmd = "gzip -cd %s 2>/dev/null | grep -v 'BASH_XTRACEFD' | head -n1" % changelog
if not os.path.exists(changelog):
return {"version": "?", "repo": "?"}
out = check_output(cmd).split()
@@ -48,43 +123,6 @@ def get_ynh_package_version(package):
return {"version": out[1].strip("()"), "repo": out[2].strip(";")}
-def meets_version_specifier(pkg_name, specifier):
- """
- Check if a package installed version meets specifier
-
- specifier is something like ">> 1.2.3"
- """
-
- # In practice, this function is only used to check the yunohost version
- # installed.
- # We'll trim any ~foobar in the current installed version because it's not
- # handled correctly by version.parse, but we don't care so much in that
- # context
- assert pkg_name in YUNOHOST_PACKAGES
- pkg_version = get_ynh_package_version(pkg_name)["version"]
- pkg_version = re.split(r"\~|\+|\-", pkg_version)[0]
- pkg_version = version.parse(pkg_version)
-
- # Extract operator and version specifier
- op, req_version = re.search(r"(<<|<=|=|>=|>>) *([\d\.]+)", specifier).groups()
- req_version = version.parse(req_version)
-
- # Python2 had a builtin that returns (-1, 0, 1) depending on comparison
- # c.f. https://stackoverflow.com/a/22490617
- def cmp(a, b):
- return (a > b) - (a < b)
-
- deb_operators = {
- "<<": lambda v1, v2: cmp(v1, v2) in [-1],
- "<=": lambda v1, v2: cmp(v1, v2) in [-1, 0],
- "=": lambda v1, v2: cmp(v1, v2) in [0],
- ">=": lambda v1, v2: cmp(v1, v2) in [0, 1],
- ">>": lambda v1, v2: cmp(v1, v2) in [1],
- }
-
- return deb_operators[op](pkg_version, req_version)
-
-
def ynh_packages_version(*args, **kwargs):
# from cli the received arguments are:
# (Namespace(_callbacks=deque([]), _tid='_global', _to_return={}), []) {}
diff --git a/src/utils/yunopaste.py b/src/utils/yunopaste.py
index 35e829991..0edcc721b 100644
--- a/src/utils/yunopaste.py
+++ b/src/utils/yunopaste.py
@@ -1,5 +1,21 @@
-# -*- coding: utf-8 -*-
-
+#
+# Copyright (c) 2022 YunoHost Contributors
+#
+# This file is part of YunoHost (see https://yunohost.org)
+#
+# This program is free software: you can redistribute it and/or modify
+# it under the terms of the GNU Affero General Public License as
+# published by the Free Software Foundation, either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU Affero General Public License for more details.
+#
+# You should have received a copy of the GNU Affero General Public License
+# along with this program. If not, see .
+#
import requests
import json
import logging
diff --git a/tests/test_helpers.d/ynhtest_setup_source.sh b/tests/test_helpers.d/ynhtest_setup_source.sh
index fe61e7401..6a74a587c 100644
--- a/tests/test_helpers.d/ynhtest_setup_source.sh
+++ b/tests/test_helpers.d/ynhtest_setup_source.sh
@@ -18,51 +18,51 @@ _make_dummy_src() {
}
ynhtest_setup_source_nominal() {
- final_path="$(mktemp -d -p $VAR_WWW)"
+ install_dir="$(mktemp -d -p $VAR_WWW)"
_make_dummy_src > ../conf/dummy.src
- ynh_setup_source --dest_dir="$final_path" --source_id="dummy"
+ ynh_setup_source --dest_dir="$install_dir" --source_id="dummy"
- test -e "$final_path"
- test -e "$final_path/index.html"
+ test -e "$install_dir"
+ test -e "$install_dir/index.html"
}
ynhtest_setup_source_nominal_upgrade() {
- final_path="$(mktemp -d -p $VAR_WWW)"
+ install_dir="$(mktemp -d -p $VAR_WWW)"
_make_dummy_src > ../conf/dummy.src
- ynh_setup_source --dest_dir="$final_path" --source_id="dummy"
+ ynh_setup_source --dest_dir="$install_dir" --source_id="dummy"
- test "$(cat $final_path/index.html)" == "Lorem Ipsum"
+ test "$(cat $install_dir/index.html)" == "Lorem Ipsum"
# Except index.html to get overwritten during next ynh_setup_source
- echo "IEditedYou!" > $final_path/index.html
- test "$(cat $final_path/index.html)" == "IEditedYou!"
+ echo "IEditedYou!" > $install_dir/index.html
+ test "$(cat $install_dir/index.html)" == "IEditedYou!"
- ynh_setup_source --dest_dir="$final_path" --source_id="dummy"
+ ynh_setup_source --dest_dir="$install_dir" --source_id="dummy"
- test "$(cat $final_path/index.html)" == "Lorem Ipsum"
+ test "$(cat $install_dir/index.html)" == "Lorem Ipsum"
}
ynhtest_setup_source_with_keep() {
- final_path="$(mktemp -d -p $VAR_WWW)"
+ install_dir="$(mktemp -d -p $VAR_WWW)"
_make_dummy_src > ../conf/dummy.src
- echo "IEditedYou!" > $final_path/index.html
- echo "IEditedYou!" > $final_path/test.txt
+ echo "IEditedYou!" > $install_dir/index.html
+ echo "IEditedYou!" > $install_dir/test.txt
- ynh_setup_source --dest_dir="$final_path" --source_id="dummy" --keep="index.html test.txt"
+ ynh_setup_source --dest_dir="$install_dir" --source_id="dummy" --keep="index.html test.txt"
- test -e "$final_path"
- test -e "$final_path/index.html"
- test -e "$final_path/test.txt"
- test "$(cat $final_path/index.html)" == "IEditedYou!"
- test "$(cat $final_path/test.txt)" == "IEditedYou!"
+ test -e "$install_dir"
+ test -e "$install_dir/index.html"
+ test -e "$install_dir/test.txt"
+ test "$(cat $install_dir/index.html)" == "IEditedYou!"
+ test "$(cat $install_dir/test.txt)" == "IEditedYou!"
}
ynhtest_setup_source_with_patch() {
- final_path="$(mktemp -d -p $VAR_WWW)"
+ install_dir="$(mktemp -d -p $VAR_WWW)"
_make_dummy_src > ../conf/dummy.src
mkdir -p ../sources/patches
@@ -74,7 +74,7 @@ ynhtest_setup_source_with_patch() {
+Lorem Ipsum dolor sit amet
EOF
- ynh_setup_source --dest_dir="$final_path" --source_id="dummy"
+ ynh_setup_source --dest_dir="$install_dir" --source_id="dummy"
- test "$(cat $final_path/index.html)" == "Lorem Ipsum dolor sit amet"
+ test "$(cat $install_dir/index.html)" == "Lorem Ipsum dolor sit amet"
}
+
+
+
+
+
+
+
+