From f541edbb2a3062d6462addcde5b665add4c2d6f9 Mon Sep 17 00:00:00 2001 From: ariasuni Date: Sat, 26 Aug 2017 20:24:38 +0200 Subject: [PATCH 01/42] [enh] enable gzip compression for common text mimetypes in Nginx --- data/templates/nginx/plain/global.conf | 1 + 1 file changed, 1 insertion(+) diff --git a/data/templates/nginx/plain/global.conf b/data/templates/nginx/plain/global.conf index b3a5f356a..a3096d009 100644 --- a/data/templates/nginx/plain/global.conf +++ b/data/templates/nginx/plain/global.conf @@ -1 +1,2 @@ server_tokens off; +gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; From e1b5eead3f24535e4825ac080edf65f5157c7623 Mon Sep 17 00:00:00 2001 From: ariasuni Date: Mon, 28 Aug 2017 16:40:50 +0200 Subject: [PATCH 02/42] [fix] disable gzip compression for json to avoid BREACH attack --- data/templates/nginx/plain/global.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/templates/nginx/plain/global.conf b/data/templates/nginx/plain/global.conf index a3096d009..341f08620 100644 --- a/data/templates/nginx/plain/global.conf +++ b/data/templates/nginx/plain/global.conf @@ -1,2 +1,2 @@ server_tokens off; -gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; +gzip_types text/plain text/css application/javascript text/xml application/xml application/xml+rss text/javascript; From 75d80848524c00cf85323ada62fb627ee6c93a31 Mon Sep 17 00:00:00 2001 From: ljf Date: Mon, 28 Aug 2017 21:08:45 +0200 Subject: [PATCH 03/42] [enh] Add hooks on app management operations --- src/yunohost/app.py | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/src/yunohost/app.py b/src/yunohost/app.py index 476723000..5560fabaf 100644 --- a/src/yunohost/app.py +++ b/src/yunohost/app.py @@ -430,7 +430,7 @@ def app_change_url(auth, app, domain, path): path -- New path at which the application will be move """ - from yunohost.hook import hook_exec + from yunohost.hook import hook_exec, hook_callback installed = _is_installed(app) if not installed: @@ -518,6 +518,8 @@ def app_change_url(auth, app, domain, path): logger.success(m18n.n("app_change_url_success", app=app, domain=domain, path=path)) + hook_callback('post_app_change_url', args=args_list, env=env_dict) + def app_upgrade(auth, app=[], url=None, file=None): """ @@ -529,7 +531,8 @@ def app_upgrade(auth, app=[], url=None, file=None): url -- Git url to fetch for upgrade """ - from yunohost.hook import hook_add, hook_remove, hook_exec + from yunohost.hook import hook_add, hook_remove, hook_exec, hook_callback + # Retrieve interface is_api = msettings.get('interface') == 'api' @@ -628,6 +631,9 @@ def app_upgrade(auth, app=[], url=None, file=None): upgraded_apps.append(app_instance_name) logger.success(m18n.n('app_upgraded', app=app_instance_name)) + hook_callback('post_app_upgrade', args=args_list, env=env_dict) + + if not upgraded_apps: raise MoulinetteError(errno.ENODATA, m18n.n('app_no_upgrade')) @@ -651,7 +657,7 @@ def app_install(auth, app, label=None, args=None, no_remove_on_failure=False): no_remove_on_failure -- Debug option to avoid removing the app on a failed installation """ - from yunohost.hook import hook_add, hook_remove, hook_exec + from yunohost.hook import hook_add, hook_remove, hook_exec, hook_callback # Fetch or extract sources try: @@ -790,6 +796,8 @@ def app_install(auth, app, label=None, args=None, no_remove_on_failure=False): logger.success(m18n.n('installation_complete')) + hook_callback('post_app_install', args=args_list, env=env_dict) + def app_remove(auth, app): """ @@ -799,7 +807,7 @@ def app_remove(auth, app): app -- App(s) to delete """ - from yunohost.hook import hook_exec, hook_remove + from yunohost.hook import hook_exec, hook_remove, hook_callback if not _is_installed(app): raise MoulinetteError(errno.EINVAL, @@ -828,6 +836,8 @@ def app_remove(auth, app): if hook_exec('/tmp/yunohost_remove/scripts/remove', args=args_list, env=env_dict, user="root") == 0: logger.success(m18n.n('app_removed', app=app)) + hook_callback('post_app_remove', args=args_list, env=env_dict) + if os.path.exists(app_setting_path): shutil.rmtree(app_setting_path) shutil.rmtree('/tmp/yunohost_remove') From 8590d6b5c6112581c021f81a21c45bfe7e140610 Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Sat, 23 Sep 2017 18:45:59 +0200 Subject: [PATCH 04/42] Update php-fpm helpers to handle stretch/php7 and a smooth migration --- data/helpers.d/backend | 31 ++++++++++++++++++++++++------- 1 file changed, 24 insertions(+), 7 deletions(-) diff --git a/data/helpers.d/backend b/data/helpers.d/backend index c54e82754..e64b67795 100644 --- a/data/helpers.d/backend +++ b/data/helpers.d/backend @@ -154,7 +154,18 @@ ynh_remove_nginx_config () { # # usage: ynh_add_fpm_config ynh_add_fpm_config () { - finalphpconf="/etc/php5/fpm/pool.d/$app.conf" + local debian_release=$(lsb_release --codename --short) + # Configure PHP-FPM 7.0 by default + local fpm_config_dir="/etc/php/7.0/fpm" + local fpm_service="php7.0-fpm" + # Configure PHP-FPM 5 on Debian Jessie + if [ "$debian_release" == "jessie" ]; then + fpm_config_dir="/etc/php5/fpm" + fpm_service="php5-fpm" + fi + ynh_app_setting_set $app fpm_config_dir "$fpm_config_dir" + ynh_app_setting_set $app fpm_service "$fpm_service" + finalphpconf="$fpm_config_dir/pool.d/$app.conf" ynh_backup_if_checksum_is_different "$finalphpconf" sudo cp ../conf/php-fpm.conf "$finalphpconf" ynh_replace_string "__NAMETOCHANGE__" "$app" "$finalphpconf" @@ -165,21 +176,27 @@ ynh_add_fpm_config () { if [ -e "../conf/php-fpm.ini" ] then - finalphpini="/etc/php5/fpm/conf.d/20-$app.ini" + finalphpini="$fpm_config_dir/conf.d/20-$app.ini" ynh_backup_if_checksum_is_different "$finalphpini" sudo cp ../conf/php-fpm.ini "$finalphpini" sudo chown root: "$finalphpini" ynh_store_file_checksum "$finalphpini" fi - - sudo systemctl reload php5-fpm + sudo systemctl reload $fpm_service } # Remove the dedicated php-fpm config # # usage: ynh_remove_fpm_config ynh_remove_fpm_config () { - ynh_secure_remove "/etc/php5/fpm/pool.d/$app.conf" - ynh_secure_remove "/etc/php5/fpm/conf.d/20-$app.ini" 2>&1 - sudo systemctl reload php5-fpm + local fpm_config_dir=$(ynh_app_setting_get $app fpm_config_dir) + local fpm_service=$(ynh_app_setting_get $app fpm_service) + # Assume php version 5 if not set + if [ -z "$fpm_config_dir" ]; then + fpm_config_dir="/etc/php5/fpm" + fpm_service="php5-fpm" + fi + ynh_secure_remove "$fpm_config_dir/pool.d/$app.conf" + ynh_secure_remove "$fpm_config_dir/conf.d/20-$app.ini" 2>&1 + sudo systemctl reload $fpm_service } From 330a6fb9a72a54f7b5636e1659dfd5d56177ed0d Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Mon, 25 Sep 2017 21:59:55 +0200 Subject: [PATCH 05/42] Add and use ynh_get_debian_release --- data/helpers.d/backend | 3 +-- data/helpers.d/system | 7 +++++++ 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/data/helpers.d/backend b/data/helpers.d/backend index e64b67795..60c9c94de 100644 --- a/data/helpers.d/backend +++ b/data/helpers.d/backend @@ -154,12 +154,11 @@ ynh_remove_nginx_config () { # # usage: ynh_add_fpm_config ynh_add_fpm_config () { - local debian_release=$(lsb_release --codename --short) # Configure PHP-FPM 7.0 by default local fpm_config_dir="/etc/php/7.0/fpm" local fpm_service="php7.0-fpm" # Configure PHP-FPM 5 on Debian Jessie - if [ "$debian_release" == "jessie" ]; then + if [ "$(ynh_get_debian_release)" == "jessie" ]; then fpm_config_dir="/etc/php5/fpm" fpm_service="php5-fpm" fi diff --git a/data/helpers.d/system b/data/helpers.d/system index 5f2ad385b..d70129c9a 100644 --- a/data/helpers.d/system +++ b/data/helpers.d/system @@ -41,3 +41,10 @@ ynh_abort_if_errors () { set -eu # Exit if a command fail, and if a variable is used unset. trap ynh_exit_properly EXIT # Capturing exit signals on shell script } + +# Return the Debian release codename (i.e. jessie, stretch, etc.) +# +# usage: ynh_get_debian_release +ynh_get_debian_release () { + echo $(lsb_release --codename --short) +} \ No newline at end of file From e696caa31fc2c6f3613ab11568fc0d2392a047af Mon Sep 17 00:00:00 2001 From: frju365 Date: Fri, 29 Dec 2017 16:00:29 +0100 Subject: [PATCH 06/42] [Fix] Nginx headers --- data/templates/nginx/server.tpl.conf | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/data/templates/nginx/server.tpl.conf b/data/templates/nginx/server.tpl.conf index 685ae01b8..90a258433 100644 --- a/data/templates/nginx/server.tpl.conf +++ b/data/templates/nginx/server.tpl.conf @@ -42,7 +42,12 @@ server { # > openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 #ssl_dhparam /etc/ssl/private/dh2048.pem; - add_header Strict-Transport-Security "max-age=31536000;"; + add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"; + add_header 'Referrer-Policy' 'no-referrer'; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Permitted-Cross-Domain-Policies none; + add_header X-Frame-Options "SAMEORIGIN"; access_by_lua_file /usr/share/ssowat/access.lua; From 9e19e5316ccbeeb1c6d3dd16dc70278eee18c648 Mon Sep 17 00:00:00 2001 From: frju365 Date: Fri, 29 Dec 2017 16:07:15 +0100 Subject: [PATCH 07/42] [Fix] Nginx headers --- data/templates/nginx/server.tpl.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/templates/nginx/server.tpl.conf b/data/templates/nginx/server.tpl.conf index 90a258433..dee667939 100644 --- a/data/templates/nginx/server.tpl.conf +++ b/data/templates/nginx/server.tpl.conf @@ -42,7 +42,7 @@ server { # > openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 #ssl_dhparam /etc/ssl/private/dh2048.pem; - add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"; + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; add_header 'Referrer-Policy' 'no-referrer'; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; From 5cd30e584d4225a3c82ca54709189aa4f9bc9ba9 Mon Sep 17 00:00:00 2001 From: frju365 Date: Fri, 29 Dec 2017 16:16:37 +0100 Subject: [PATCH 08/42] [Fix] Nginx headers in Admin conf --- data/templates/nginx/plain/yunohost_admin.conf | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/data/templates/nginx/plain/yunohost_admin.conf b/data/templates/nginx/plain/yunohost_admin.conf index a9d26d151..349be9177 100644 --- a/data/templates/nginx/plain/yunohost_admin.conf +++ b/data/templates/nginx/plain/yunohost_admin.conf @@ -36,8 +36,14 @@ server { # Uncomment the following directive after DH generation # > openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 #ssl_dhparam /etc/ssl/private/dh2048.pem; - - add_header Strict-Transport-Security "max-age=31536000;"; + + add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; + add_header 'Referrer-Policy' 'no-referrer'; + add_header X-Content-Type-Options nosniff; + add_header X-XSS-Protection "1; mode=block"; + add_header X-Download-Options noopen; + add_header X-Permitted-Cross-Domain-Policies none; + add_header X-Frame-Options "SAMEORIGIN"; location / { return 302 https://$http_host/yunohost/admin; From 95835118bd8e0c308dec2c3659719760cd17570f Mon Sep 17 00:00:00 2001 From: frju365 Date: Fri, 29 Dec 2017 17:59:12 +0100 Subject: [PATCH 09/42] [Fix] CSP Standart. --- data/templates/nginx/server.tpl.conf | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/data/templates/nginx/server.tpl.conf b/data/templates/nginx/server.tpl.conf index dee667939..6f49d68c3 100644 --- a/data/templates/nginx/server.tpl.conf +++ b/data/templates/nginx/server.tpl.conf @@ -43,9 +43,11 @@ server { #ssl_dhparam /etc/ssl/private/dh2048.pem; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; - add_header 'Referrer-Policy' 'no-referrer'; + add_header 'Referrer-Policy' 'origin-when-cross-origin'; + add_header Content-Security-Policy "upgrade-insecure-requests; object-src 'none'; script-src https: 'unsafe-eval';report-uri /csp-violation-report-endpoint/"; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; + add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; add_header X-Frame-Options "SAMEORIGIN"; From 804d0b29c35aa450608487ae12ad4deefb1e8537 Mon Sep 17 00:00:00 2001 From: frju365 Date: Fri, 29 Dec 2017 18:25:17 +0100 Subject: [PATCH 10/42] [Fix] Add CSP in Admin conf --- data/templates/nginx/plain/yunohost_admin.conf | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/data/templates/nginx/plain/yunohost_admin.conf b/data/templates/nginx/plain/yunohost_admin.conf index 349be9177..9bdbb0f26 100644 --- a/data/templates/nginx/plain/yunohost_admin.conf +++ b/data/templates/nginx/plain/yunohost_admin.conf @@ -38,7 +38,8 @@ server { #ssl_dhparam /etc/ssl/private/dh2048.pem; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; - add_header 'Referrer-Policy' 'no-referrer'; + add_header 'Referrer-Policy' 'origin-when-cross-origin'; + add_header Content-Security-Policy "upgrade-insecure-requests; object-src 'none'; script-src https: 'unsafe-eval';report-uri /csp-violation-report-endpoint/"; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Download-Options noopen; From b655229cbd8c00cf57838f848b1988ff8d02d1d2 Mon Sep 17 00:00:00 2001 From: frju365 Date: Sat, 30 Dec 2017 11:18:17 +0100 Subject: [PATCH 11/42] [Fix] Referrer --- data/templates/nginx/server.tpl.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/templates/nginx/server.tpl.conf b/data/templates/nginx/server.tpl.conf index 6f49d68c3..11f503c98 100644 --- a/data/templates/nginx/server.tpl.conf +++ b/data/templates/nginx/server.tpl.conf @@ -43,7 +43,7 @@ server { #ssl_dhparam /etc/ssl/private/dh2048.pem; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; - add_header 'Referrer-Policy' 'origin-when-cross-origin'; + add_header 'Referrer-Policy' 'same-origin'; add_header Content-Security-Policy "upgrade-insecure-requests; object-src 'none'; script-src https: 'unsafe-eval';report-uri /csp-violation-report-endpoint/"; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; From bd2f459e8663c401506faa2ac5503e74aa8e50b8 Mon Sep 17 00:00:00 2001 From: frju365 Date: Sat, 30 Dec 2017 11:18:58 +0100 Subject: [PATCH 12/42] [Fix] Referrer --- data/templates/nginx/plain/yunohost_admin.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/templates/nginx/plain/yunohost_admin.conf b/data/templates/nginx/plain/yunohost_admin.conf index 9bdbb0f26..eedbd61b3 100644 --- a/data/templates/nginx/plain/yunohost_admin.conf +++ b/data/templates/nginx/plain/yunohost_admin.conf @@ -38,7 +38,7 @@ server { #ssl_dhparam /etc/ssl/private/dh2048.pem; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; - add_header 'Referrer-Policy' 'origin-when-cross-origin'; + add_header 'Referrer-Policy' 'same-origin'; add_header Content-Security-Policy "upgrade-insecure-requests; object-src 'none'; script-src https: 'unsafe-eval';report-uri /csp-violation-report-endpoint/"; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; From ab282e88a75d80bafd4eaa1c3b0d9b566177aaa0 Mon Sep 17 00:00:00 2001 From: Laurent Peuch Date: Thu, 4 Jan 2018 22:04:15 +0100 Subject: [PATCH 13/42] [enh] add commands to allow user to have access in ssh --- data/actionsmap/yunohost.yml | 24 ++++++++++++++++ src/yunohost/user.py | 56 ++++++++++++++++++++++++++++++++++++ 2 files changed, 80 insertions(+) diff --git a/data/actionsmap/yunohost.yml b/data/actionsmap/yunohost.yml index 966de21df..c4e95e748 100644 --- a/data/actionsmap/yunohost.yml +++ b/data/actionsmap/yunohost.yml @@ -203,6 +203,30 @@ user: extra: pattern: *pattern_mailbox_quota + ### ssh_user_enable_ssh() + allow-ssh: + action_help: Allow the user to uses ssh + api: POST /ssh/user/enable-ssh + configuration: + authenticate: all + arguments: + username: + help: Username of the user + extra: + pattern: *pattern_username + + ### ssh_user_disable_ssh() + disallow-ssh: + action_help: Disallow the user to uses ssh + api: POST /ssh/user/disable-ssh + configuration: + authenticate: all + arguments: + username: + help: Username of the user + extra: + pattern: *pattern_username + ### user_info() info: action_help: Get user information diff --git a/src/yunohost/user.py b/src/yunohost/user.py index 11f61d807..123438da3 100644 --- a/src/yunohost/user.py +++ b/src/yunohost/user.py @@ -25,6 +25,7 @@ """ import os import re +import pwd import json import errno import crypt @@ -435,6 +436,36 @@ def user_info(auth, username): raise MoulinetteError(167, m18n.n('user_info_failed')) +def user_allow_ssh(auth, username): + """ + Allow YunoHost user connect as ssh. + + Keyword argument: + username -- User username + """ + # TODO it would be good to support different kind of shells + + if not _get_user_for_ssh(auth, username): + raise MoulinetteError(errno.EINVAL, m18n.n('user_unknown', user=username)) + + auth.update('uid=%s,ou=users' % username, {'loginShell': '/bin/bash'}) + + +def user_disallow_ssh(auth, username): + """ + Disallow YunoHost user connect as ssh. + + Keyword argument: + username -- User username + """ + # TODO it would be good to support different kind of shells + + if not _get_user_for_ssh(auth, username) : + raise MoulinetteError(errno.EINVAL, m18n.n('user_unknown', user=username)) + + auth.update('uid=%s,ou=users' % username, {'loginShell': '/bin/false'}) + + def _convertSize(num, suffix=''): for unit in ['K', 'M', 'G', 'T', 'P', 'E', 'Z']: if abs(num) < 1024.0: @@ -470,3 +501,28 @@ def _hash_user_password(password): salt = '$6$' + salt + '$' return '{CRYPT}' + crypt.crypt(str(password), salt) + + +def _get_user_for_ssh(auth, username, attrs=None): + if username == "admin": + admin_unix = pwd.getpwnam("admin") + return { + 'username': 'admin', + 'fullname': '', + 'mail': '', + 'ssh_allowed': admin_unix.pw_shell.strip() != "/bin/false", + 'shell': admin_unix.pw_shell, + 'home_path': admin_unix.pw_dir, + } + + # TODO escape input using https://www.python-ldap.org/doc/html/ldap-filter.html + user = auth.search('ou=users,dc=yunohost,dc=org', + '(&(objectclass=person)(uid=%s))' % username, + attrs) + + assert len(user) in (0, 1) + + if not user: + return None + + return user[0] From 3deb11cf8a57cec5cbf5131de603c135698d354e Mon Sep 17 00:00:00 2001 From: Laurent Peuch Date: Thu, 4 Jan 2018 22:10:36 +0100 Subject: [PATCH 14/42] [enh] add ssh information in userlist for admin UI --- src/yunohost/user.py | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/src/yunohost/user.py b/src/yunohost/user.py index 123438da3..3cb848582 100644 --- a/src/yunohost/user.py +++ b/src/yunohost/user.py @@ -57,6 +57,7 @@ def user_list(auth, fields=None): 'cn': 'fullname', 'mail': 'mail', 'maildrop': 'mail-forward', + 'loginShell': 'shell', 'mailuserquota': 'mailbox-quota' } @@ -72,7 +73,7 @@ def user_list(auth, fields=None): raise MoulinetteError(errno.EINVAL, m18n.n('field_invalid', attr)) else: - attrs = ['uid', 'cn', 'mail', 'mailuserquota'] + attrs = ['uid', 'cn', 'mail', 'mailuserquota', 'loginShell'] result = auth.search('ou=users,dc=yunohost,dc=org', '(&(objectclass=person)(!(uid=root))(!(uid=nobody)))', @@ -82,6 +83,12 @@ def user_list(auth, fields=None): entry = {} for attr, values in user.items(): if values: + if attr == "loginShell": + if values[0].strip() == "/bin/false": + entry["ssh_allowed"] = False + else: + entry["ssh_allowed"] = True + entry[user_attrs[attr]] = values[0] uid = entry[user_attrs['uid']] From c55b8cec16ded23162c1cf34bbddaa7fb5b70942 Mon Sep 17 00:00:00 2001 From: Laurent Peuch Date: Thu, 4 Jan 2018 22:31:13 +0100 Subject: [PATCH 15/42] [enh] add commands to manage authorized-keys of users --- data/actionsmap/yunohost.yml | 68 +++++++++++++++++++++++ src/yunohost/ssh.py | 102 +++++++++++++++++++++++++++++++++++ 2 files changed, 170 insertions(+) create mode 100644 src/yunohost/ssh.py diff --git a/data/actionsmap/yunohost.yml b/data/actionsmap/yunohost.yml index c4e95e748..e47d0b04a 100644 --- a/data/actionsmap/yunohost.yml +++ b/data/actionsmap/yunohost.yml @@ -1336,6 +1336,74 @@ dyndns: api: DELETE /dyndns/cron +############################# +# SSH # +############################# +ssh: + category_help: Manage ssh keys and access + actions: {} + subcategories: + authorized-keys: + subcategory_help: Manage user's authorized ssh keys + + actions: + ### ssh_authorized_keys_list() + list: + action_help: Show user's authorized ssh keys + api: GET /ssh/authorized-keys + configuration: + authenticate: all + arguments: + username: + help: Username of the user + extra: + pattern: *pattern_username + + ### ssh_authorized_keys_add() + add: + action_help: Add a new authorized ssh key for this user + api: POST /ssh/authorized-keys + configuration: + authenticate: all + arguments: + username: + help: Username of the user + extra: + pattern: *pattern_username + -u: + full: --public + help: Public key + extra: + required: True + -i: + full: --private + help: Private key + extra: + required: True + -n: + full: --name + help: Key name + extra: + required: True + + ### ssh_authorized_keys_remove() + remove: + action_help: Remove an authorized ssh key for this user + api: DELETE /ssh/authorized-keys + configuration: + authenticate: all + arguments: + username: + help: Username of the user + extra: + pattern: *pattern_username + -k: + full: --key + help: Key as a string + extra: + required: True + + ############################# # Tools # ############################# diff --git a/src/yunohost/ssh.py b/src/yunohost/ssh.py new file mode 100644 index 000000000..5f1f33b55 --- /dev/null +++ b/src/yunohost/ssh.py @@ -0,0 +1,102 @@ +# encoding: utf-8 + +import os + +from moulinette.utils.filesystem import read_file, write_to_file, chown, chmod, mkdir + +from yunohost.user import _get_user_for_ssh + + +def ssh_authorized_keys_list(auth, username): + user = _get_user_for_ssh(auth, username, ["homeDirectory"]) + if not user: + raise Exception("User with username '%s' doesn't exists" % username) + + authorized_keys_file = os.path.join(user["homeDirectory"][0], ".ssh", "authorized_keys") + + if not os.path.exists(authorized_keys_file): + return [] + + keys = [] + last_comment = "" + for line in read_file(authorized_keys_file).split("\n"): + # empty line + if not line.strip(): + continue + + if line.lstrip().startswith("#"): + last_comment = line.lstrip().lstrip("#").strip() + continue + + # assuming a key per non empty line + key = line.strip() + keys.append({ + "key": key, + "name": last_comment, + }) + + last_comment = "" + + return {"keys": keys} + + +def ssh_authorized_keys_add(auth, username, key, comment): + user = _get_user_for_ssh(auth, username, ["homeDirectory", "uid"]) + if not user: + raise Exception("User with username '%s' doesn't exists" % username) + + authorized_keys_file = os.path.join(user["homeDirectory"][0], ".ssh", "authorized_keys") + + if not os.path.exists(authorized_keys_file): + # ensure ".ssh" exists + mkdir(os.path.join(user["homeDirectory"][0], ".ssh"), + force=True, parents=True, uid=user["uid"][0]) + + # create empty file to set good permissions + write_to_file(authorized_keys_file, "") + chown(authorized_keys_file, uid=user["uid"][0]) + chmod(authorized_keys_file, 0600) + + authorized_keys_content = read_file(authorized_keys_file) + + authorized_keys_content += "\n" + authorized_keys_content += "\n" + + if comment and comment.strip(): + if not comment.lstrip().startswith("#"): + comment = "# " + comment + authorized_keys_content += comment.replace("\n", " ").strip() + authorized_keys_content += "\n" + + authorized_keys_content += key.strip() + authorized_keys_content += "\n" + + write_to_file(authorized_keys_file, authorized_keys_content) + + +def ssh_authorized_keys_remove(auth, username, key): + user = _get_user(auth, username, ["homeDirectory", "uid"]) + if not user: + raise Exception("User with username '%s' doesn't exists" % username) + + authorized_keys_file = os.path.join(user["homeDirectory"][0], ".ssh", "authorized_keys") + + if not os.path.exists(authorized_keys_file): + raise Exception("this key doesn't exists ({} dosesn't exists)".format(authorized_keys_file)) + + authorized_keys_content = read_file(authorized_keys_file) + + if key not in authorized_keys_content: + raise Exception("Key '{}' is not present in authorized_keys".format(key)) + + # don't delete the previous comment because we can't verify if it's legit + + # this regex approach failed for some reasons and I don't know why :( + # authorized_keys_content = re.sub("{} *\n?".format(key), + # "", + # authorized_keys_content, + # flags=re.MULTILINE) + + authorized_keys_content = authorized_keys_content.replace(key, "") + + write_to_file(authorized_keys_file, authorized_keys_content) From 1e5323eb08c6e268feffc4a107ff4a86e69b96a4 Mon Sep 17 00:00:00 2001 From: Laurent Peuch Date: Fri, 5 Jan 2018 00:13:26 +0100 Subject: [PATCH 16/42] [enh] handle root user for being allowed to work on his authorized keys --- src/yunohost/user.py | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/src/yunohost/user.py b/src/yunohost/user.py index 3cb848582..793ccaf7a 100644 --- a/src/yunohost/user.py +++ b/src/yunohost/user.py @@ -36,10 +36,13 @@ import subprocess from moulinette import m18n from moulinette.core import MoulinetteError from moulinette.utils.log import getActionLogger +from moulinette.utils.filesystem import read_file from yunohost.service import service_status logger = getActionLogger('yunohost.user') +SSHD_CONFIG_PATH = "/etc/ssh/sshd_config" + def user_list(auth, fields=None): """ @@ -58,6 +61,7 @@ def user_list(auth, fields=None): 'mail': 'mail', 'maildrop': 'mail-forward', 'loginShell': 'shell', + 'homeDirectory': 'home_path', 'mailuserquota': 'mailbox-quota' } @@ -511,6 +515,34 @@ def _hash_user_password(password): def _get_user_for_ssh(auth, username, attrs=None): + def ssh_root_login_status(auth): + # XXX temporary placed here for when the ssh_root commands are integrated + # extracted from https://github.com/YunoHost/yunohost/pull/345 + # XXX should we support all the options? + # this is the content of "man sshd_config" + # PermitRootLogin + # Specifies whether root can log in using ssh(1). The argument must be + # “yes”, “without-password”, “forced-commands-only”, or “no”. The + # default is “yes”. + sshd_config_content = read_file(SSHD_CONFIG_PATH) + + if re.search("^ *PermitRootLogin +(no|forced-commands-only) *$", + sshd_config_content, re.MULTILINE): + return {"PermitRootLogin": False} + + return {"PermitRootLogin": True} + + if username == "root": + root_unix = pwd.getpwnam("root") + return { + 'username': 'root', + 'fullname': '', + 'mail': '', + 'ssh_allowed': ssh_root_login_status(auth)["PermitRootLogin"], + 'shell': root_unix.pw_shell, + 'home_path': root_unix.pw_dir, + } + if username == "admin": admin_unix = pwd.getpwnam("admin") return { From 4eeeb783af42ce41bbf65949d8ed24fe9d5fa8cd Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sun, 14 Jan 2018 02:11:11 +0100 Subject: [PATCH 17/42] Keep only css and javascript for gzip types. --- data/templates/nginx/plain/global.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/templates/nginx/plain/global.conf b/data/templates/nginx/plain/global.conf index 341f08620..ca8721afb 100644 --- a/data/templates/nginx/plain/global.conf +++ b/data/templates/nginx/plain/global.conf @@ -1,2 +1,2 @@ server_tokens off; -gzip_types text/plain text/css application/javascript text/xml application/xml application/xml+rss text/javascript; +gzip_types text/css text/javascript application/javascript; From b23bc434f8d0beaa1e624b502783c1596a3b8ee8 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Tue, 16 Jan 2018 18:49:31 +0100 Subject: [PATCH 18/42] Bigger depreciation / more explicit depreciation warning about checkurl... --- locales/en.json | 1 + src/yunohost/app.py | 3 +++ 2 files changed, 4 insertions(+) diff --git a/locales/en.json b/locales/en.json index 8f83b709c..ca03fbb17 100644 --- a/locales/en.json +++ b/locales/en.json @@ -14,6 +14,7 @@ "app_change_url_identical_domains": "The old and new domain/url_path are identical ('{domain:s}{path:s}'), nothing to do.", "app_change_url_no_script": "This application '{app_name:s}' doesn't support url modification yet. Maybe you should upgrade the application.", "app_change_url_success": "Successfully changed {app:s} url to {domain:s}{path:s}", + "app_checkurl_is_deprecated": "Packagers /!\ 'app checkurl' is deprecated ! Please use 'app register-url' instead !", "app_extraction_failed": "Unable to extract installation files", "app_id_invalid": "Invalid app id", "app_incompatible": "The app {app} is incompatible with your YunoHost version", diff --git a/src/yunohost/app.py b/src/yunohost/app.py index 9ccc0886d..0ee0dd7d3 100644 --- a/src/yunohost/app.py +++ b/src/yunohost/app.py @@ -1149,6 +1149,9 @@ def app_checkurl(auth, url, app=None): app -- Write domain & path to app settings for further checks """ + + logger.warning(m18n.n("app_checkurl_is_deprecated")) + from yunohost.domain import domain_list if "https://" == url[:8]: From 8a2434eb44514b3fa2bf2d5e069471960cda8414 Mon Sep 17 00:00:00 2001 From: ljf Date: Wed, 17 Jan 2018 17:19:06 +0100 Subject: [PATCH 19/42] [fix] Nginx traversal issue --- data/templates/nginx/plain/yunohost_admin.conf.inc | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/data/templates/nginx/plain/yunohost_admin.conf.inc b/data/templates/nginx/plain/yunohost_admin.conf.inc index b0ab4cef6..92e1e0ccf 100644 --- a/data/templates/nginx/plain/yunohost_admin.conf.inc +++ b/data/templates/nginx/plain/yunohost_admin.conf.inc @@ -1,4 +1,6 @@ -location /yunohost/admin { +# Fix the nginx traversal weak ( #1034 ) +rewrite ^/yunohost/admin$ /yunohost/admin/ permanent; +location /yunohost/admin/ { alias /usr/share/yunohost/admin/; default_type text/html; index index.html; From 5cf6895ba20a34268b7d51a8bb2177549bd5809b Mon Sep 17 00:00:00 2001 From: ljf Date: Wed, 17 Jan 2018 17:22:13 +0100 Subject: [PATCH 20/42] [fix] Bad issue number in a comment --- data/templates/nginx/plain/yunohost_admin.conf.inc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/templates/nginx/plain/yunohost_admin.conf.inc b/data/templates/nginx/plain/yunohost_admin.conf.inc index 92e1e0ccf..f516a9d4b 100644 --- a/data/templates/nginx/plain/yunohost_admin.conf.inc +++ b/data/templates/nginx/plain/yunohost_admin.conf.inc @@ -1,4 +1,4 @@ -# Fix the nginx traversal weak ( #1034 ) +# Fix the nginx traversal weak ( #1037 ) rewrite ^/yunohost/admin$ /yunohost/admin/ permanent; location /yunohost/admin/ { alias /usr/share/yunohost/admin/; From fcd587392730ad7e3e9b834ee332aafc74f40381 Mon Sep 17 00:00:00 2001 From: ljf Date: Wed, 17 Jan 2018 18:17:38 +0100 Subject: [PATCH 21/42] [fix] Cron issue during custom backup --- src/yunohost/backup.py | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/src/yunohost/backup.py b/src/yunohost/backup.py index 0c957db7e..15c793802 100644 --- a/src/yunohost/backup.py +++ b/src/yunohost/backup.py @@ -1543,9 +1543,13 @@ class BackupMethod(object): # Can create a hard link only if files are on the same fs # (i.e. we can't if it's on a different fs) if os.stat(src).st_dev == os.stat(dest_dir).st_dev: - os.link(src, dest) - # Success, go to next file to organize - continue + # Don't hardlink /etc/cron.d files to avoid cron bug + # 'NUMBER OF HARD LINKS > 1' see #1043 + cron_path = os.path.abspath('/etc/cron') + '.' + if not os.path.abspath(src).startswith(cron_path): + os.link(src, dest) + # Success, go to next file to organize + continue # If mountbind or hardlink couldnt be created, # prepare a list of files that need to be copied From 6f2acb7eb6a9ebb54837bac017eecd512d49a32d Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Thu, 18 Jan 2018 21:10:08 +0100 Subject: [PATCH 22/42] Wording --- data/templates/nginx/plain/yunohost_admin.conf.inc | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/data/templates/nginx/plain/yunohost_admin.conf.inc b/data/templates/nginx/plain/yunohost_admin.conf.inc index f516a9d4b..2ab72293d 100644 --- a/data/templates/nginx/plain/yunohost_admin.conf.inc +++ b/data/templates/nginx/plain/yunohost_admin.conf.inc @@ -1,5 +1,6 @@ -# Fix the nginx traversal weak ( #1037 ) +# Avoid the nginx path/alias traversal weakness ( #1037 ) rewrite ^/yunohost/admin$ /yunohost/admin/ permanent; + location /yunohost/admin/ { alias /usr/share/yunohost/admin/; default_type text/html; From 4dfb1ee77703d579bc6070381b31b5fad601ece5 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Fri, 26 Jan 2018 03:19:22 +0100 Subject: [PATCH 23/42] Move get_public_ip to an 'util' file --- src/yunohost/domain.py | 38 --------------------------- src/yunohost/utils/network.py | 48 +++++++++++++++++++++++++++++++++++ 2 files changed, 48 insertions(+), 38 deletions(-) create mode 100644 src/yunohost/utils/network.py diff --git a/src/yunohost/domain.py b/src/yunohost/domain.py index 727a63df3..19a5e55a7 100644 --- a/src/yunohost/domain.py +++ b/src/yunohost/domain.py @@ -30,8 +30,6 @@ import yaml import errno import requests -from urllib import urlopen - from moulinette import m18n, msettings from moulinette.core import MoulinetteError from moulinette.utils.log import getActionLogger @@ -260,42 +258,6 @@ def domain_url_available(auth, domain, path): return available -def get_public_ip(protocol=4): - """Retrieve the public IP address from ip.yunohost.org""" - if protocol == 4: - url = 'https://ip.yunohost.org' - elif protocol == 6: - url = 'https://ip6.yunohost.org' - else: - raise ValueError("invalid protocol version") - - try: - return urlopen(url).read().strip() - except IOError: - logger.debug('cannot retrieve public IPv%d' % protocol, exc_info=1) - raise MoulinetteError(errno.ENETUNREACH, - m18n.n('no_internet_connection')) - -def get_public_ips(): - """ - Retrieve the public IPv4 and v6 from ip. and ip6.yunohost.org - - Returns a 2-tuple (ipv4, ipv6). ipv4 or ipv6 can be None if they were not - found. - """ - - try: - ipv4 = get_public_ip() - except: - ipv4 = None - try: - ipv6 = get_public_ip(6) - except: - ipv6 = None - - return (ipv4, ipv6) - - def _get_maindomain(): with open('/etc/yunohost/current_host', 'r') as f: maindomain = f.readline().rstrip() diff --git a/src/yunohost/utils/network.py b/src/yunohost/utils/network.py new file mode 100644 index 000000000..902d99278 --- /dev/null +++ b/src/yunohost/utils/network.py @@ -0,0 +1,48 @@ +# -*- coding: utf-8 -*- + +""" License + + Copyright (C) 2015 YUNOHOST.ORG + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published + by the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program; if not, see http://www.gnu.org/licenses + +""" +import logging +from urllib import urlopen + +logger = logging.getLogger('yunohost.utils.network') + +def get_public_ip(protocol=4): + """Retrieve the public IP address from ip.yunohost.org""" + + if protocol == 4: + url = 'https://ip.yunohost.org' + elif protocol == 6: + url = 'https://ip6.yunohost.org' + else: + raise ValueError("invalid protocol version") + + try: + return urlopen(url).read().strip() + except IOError: + return None + + +def get_public_ips(): + + ipv4 = get_public_ip() + ipv6 = get_public_ip(6) + + return (ipv4, ipv6) + From e80f3a5a55044346b1cdd352752c5f6d77105ca3 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Fri, 26 Jan 2018 03:39:35 +0100 Subject: [PATCH 24/42] Fix imports and get_public_ip usage --- src/yunohost/certificate.py | 14 +++++--------- src/yunohost/domain.py | 12 +++--------- src/yunohost/dyndns.py | 3 ++- src/yunohost/monitor.py | 8 +++----- src/yunohost/tools.py | 14 +++++--------- 5 files changed, 18 insertions(+), 33 deletions(-) diff --git a/src/yunohost/certificate.py b/src/yunohost/certificate.py index b6fb0e275..310c5d131 100644 --- a/src/yunohost/certificate.py +++ b/src/yunohost/certificate.py @@ -44,6 +44,7 @@ from moulinette.core import MoulinetteError from moulinette.utils.log import getActionLogger import yunohost.domain +from yunohost.utils.network import get_public_ip from moulinette import m18n from yunohost.app import app_ssowatconf @@ -809,7 +810,7 @@ def _backup_current_cert(domain): def _check_domain_is_ready_for_ACME(domain): - public_ip = yunohost.domain.get_public_ip() + public_ip = get_public_ip() # Check if IP from DNS matches public IP if not _dns_ip_match_public_ip(public_ip, domain): @@ -856,14 +857,9 @@ def _regen_dnsmasq_if_needed(): """ Update the dnsmasq conf if some IPs are not up to date... """ - try: - ipv4 = yunohost.domain.get_public_ip() - except: - ipv4 = None - try: - ipv6 = yunohost.domain.get_public_ip(6) - except: - ipv6 = None + + ipv4 = get_public_ip() + ipv6 = get_public_ip(6) do_regen = False diff --git a/src/yunohost/domain.py b/src/yunohost/domain.py index 19a5e55a7..026c4da36 100644 --- a/src/yunohost/domain.py +++ b/src/yunohost/domain.py @@ -37,6 +37,7 @@ from moulinette.utils.log import getActionLogger import yunohost.certificate from yunohost.service import service_regen_conf +from yunohost.utils.network import get_public_ip logger = getActionLogger('yunohost.domain') @@ -318,15 +319,8 @@ def _build_dns_conf(domain, ttl=3600): } """ - try: - ipv4 = get_public_ip() - except: - ipv4 = None - - try: - ipv6 = get_public_ip(6) - except: - ipv6 = None + ipv4 = get_public_ip() + ipv6 = get_public_ip(6) basic = [] diff --git a/src/yunohost/dyndns.py b/src/yunohost/dyndns.py index 851d04f45..8c4efd777 100644 --- a/src/yunohost/dyndns.py +++ b/src/yunohost/dyndns.py @@ -39,7 +39,8 @@ from moulinette.utils.log import getActionLogger from moulinette.utils.filesystem import read_file, write_to_file, rm from moulinette.utils.network import download_json -from yunohost.domain import get_public_ips, _get_maindomain, _build_dns_conf +from yunohost.domain import _get_maindomain, _build_dns_conf +from yunohost.utils.network import get_public_ips logger = getActionLogger('yunohost.dyndns') diff --git a/src/yunohost/monitor.py b/src/yunohost/monitor.py index d99ac1688..ed13d532d 100644 --- a/src/yunohost/monitor.py +++ b/src/yunohost/monitor.py @@ -41,7 +41,8 @@ from moulinette import m18n from moulinette.core import MoulinetteError from moulinette.utils.log import getActionLogger -from yunohost.domain import get_public_ip, _get_maindomain +from yunohost.utils.network import get_public_ip +from yunohost.domain import _get_maindomain logger = getActionLogger('yunohost.monitor') @@ -210,10 +211,7 @@ def monitor_network(units=None, human_readable=False): else: logger.debug('interface name %s was not found', iname) elif u == 'infos': - try: - p_ipv4 = get_public_ip() - except: - p_ipv4 = 'unknown' + p_ipv4 = get_public_ip() or 'unknown' l_ip = 'unknown' for name, addrs in devices.items(): diff --git a/src/yunohost/tools.py b/src/yunohost/tools.py index b997961be..381cd07e0 100644 --- a/src/yunohost/tools.py +++ b/src/yunohost/tools.py @@ -45,12 +45,13 @@ from moulinette.utils.log import getActionLogger from moulinette.utils.process import check_output from moulinette.utils.filesystem import read_json, write_to_json from yunohost.app import app_fetchlist, app_info, app_upgrade, app_ssowatconf, app_list, _install_appslist_fetch_cron -from yunohost.domain import domain_add, domain_list, get_public_ip, _get_maindomain, _set_maindomain +from yunohost.domain import domain_add, domain_list, _get_maindomain, _set_maindomain from yunohost.dyndns import _dyndns_available, _dyndns_provides from yunohost.firewall import firewall_upnp from yunohost.service import service_status, service_regen_conf, service_log, service_start, service_enable from yunohost.monitor import monitor_disk, monitor_system from yunohost.utils.packages import ynh_packages_version +from yunohost.utils.network import get_public_ip # FIXME this is a duplicate from apps.py APPS_SETTING_PATH = '/etc/yunohost/apps/' @@ -621,16 +622,11 @@ def tools_diagnosis(auth, private=False): # Private data if private: diagnosis['private'] = OrderedDict() + # Public IP diagnosis['private']['public_ip'] = {} - try: - diagnosis['private']['public_ip']['IPv4'] = get_public_ip(4) - except MoulinetteError as e: - pass - try: - diagnosis['private']['public_ip']['IPv6'] = get_public_ip(6) - except MoulinetteError as e: - pass + diagnosis['private']['public_ip']['IPv4'] = get_public_ip(4) + diagnosis['private']['public_ip']['IPv6'] = get_public_ip(6) # Domains diagnosis['private']['domains'] = domain_list(auth)['domains'] From f5b5edb3bb598ff401a58714a48a1c8647b4ef9c Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Fri, 26 Jan 2018 03:41:34 +0100 Subject: [PATCH 25/42] This get_public_ips isn't really relevant anymore --- src/yunohost/dyndns.py | 5 +++-- src/yunohost/utils/network.py | 8 -------- 2 files changed, 3 insertions(+), 10 deletions(-) diff --git a/src/yunohost/dyndns.py b/src/yunohost/dyndns.py index 8c4efd777..ec3bf88c8 100644 --- a/src/yunohost/dyndns.py +++ b/src/yunohost/dyndns.py @@ -40,7 +40,7 @@ from moulinette.utils.filesystem import read_file, write_to_file, rm from moulinette.utils.network import download_json from yunohost.domain import _get_maindomain, _build_dns_conf -from yunohost.utils.network import get_public_ips +from yunohost.utils.network import get_public_ip logger = getActionLogger('yunohost.dyndns') @@ -194,7 +194,8 @@ def dyndns_update(dyn_host="dyndns.yunohost.org", domain=None, key=None, old_ipv6 = read_file(OLD_IPV6_FILE).rstrip() # Get current IPv4 and IPv6 - (ipv4_, ipv6_) = get_public_ips() + ipv4_ = get_public_ip() + ipv6_ = get_public_ip(6) if ipv4 is None: ipv4 = ipv4_ diff --git a/src/yunohost/utils/network.py b/src/yunohost/utils/network.py index 902d99278..9cdbc676c 100644 --- a/src/yunohost/utils/network.py +++ b/src/yunohost/utils/network.py @@ -38,11 +38,3 @@ def get_public_ip(protocol=4): except IOError: return None - -def get_public_ips(): - - ipv4 = get_public_ip() - ipv6 = get_public_ip(6) - - return (ipv4, ipv6) - From 9c4ddcca39d9d6d92bd5f9a23978337e48d0a4e1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Josu=C3=A9=20Tille?= Date: Fri, 26 Jan 2018 21:17:18 +0100 Subject: [PATCH 26/42] Add service name as arg (optionnal) --- data/helpers.d/backend | 24 ++++++++++++++++++------ 1 file changed, 18 insertions(+), 6 deletions(-) diff --git a/data/helpers.d/backend b/data/helpers.d/backend index 8fef412cf..c04f2230b 100644 --- a/data/helpers.d/backend +++ b/data/helpers.d/backend @@ -64,6 +64,10 @@ ynh_remove_logrotate () { # Create a dedicated systemd config # +# usage: ynh_add_systemd_config [Service name] [Source file] +# | arg: Service name +# | arg: Systemd source file (for example appname.service) +# # This will use a template in ../conf/systemd.service # and will replace the following keywords with # global variables that should be defined before calling @@ -74,9 +78,11 @@ ynh_remove_logrotate () { # # usage: ynh_add_systemd_config ynh_add_systemd_config () { - finalsystemdconf="/etc/systemd/system/$app.service" + local service_name="${1:-$app}" + + finalsystemdconf="/etc/systemd/system/$service_name.service" ynh_backup_if_checksum_is_different "$finalsystemdconf" - sudo cp ../conf/systemd.service "$finalsystemdconf" + sudo cp ../conf/${2:-systemd.service} "$finalsystemdconf" # To avoid a break by set -u, use a void substitution ${var:-}. If the variable is not set, it's simply set with an empty variable. # Substitute in a nginx config file only if the variable is not empty @@ -89,19 +95,25 @@ ynh_add_systemd_config () { ynh_store_file_checksum "$finalsystemdconf" sudo chown root: "$finalsystemdconf" - sudo systemctl enable $app + sudo systemctl enable $service_name sudo systemctl daemon-reload } # Remove the dedicated systemd config # +# usage: ynh_remove_systemd_config [Service name] +# | arg: Service name +# # usage: ynh_remove_systemd_config ynh_remove_systemd_config () { - local finalsystemdconf="/etc/systemd/system/$app.service" + local service_name="${1:-$app}" + + local finalsystemdconf="/etc/systemd/system/$service_name.service" if [ -e "$finalsystemdconf" ]; then - sudo systemctl stop $app - sudo systemctl disable $app + sudo systemctl stop $service_name + sudo systemctl disable $service_name ynh_secure_remove "$finalsystemdconf" + sudo systemctl daemon-reload fi } From a975e5e6843c97dbacdc7401fa38d4d1a72922e7 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Fri, 26 Jan 2018 22:21:14 +0100 Subject: [PATCH 27/42] Improve comment / helper description --- data/helpers.d/backend | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/data/helpers.d/backend b/data/helpers.d/backend index c04f2230b..33d87db2c 100644 --- a/data/helpers.d/backend +++ b/data/helpers.d/backend @@ -64,13 +64,13 @@ ynh_remove_logrotate () { # Create a dedicated systemd config # -# usage: ynh_add_systemd_config [Service name] [Source file] -# | arg: Service name -# | arg: Systemd source file (for example appname.service) +# usage: ynh_add_systemd_config [Service name] [Template name] +# | arg: Service name (optionnal, $app by default) +# | arg: Name of template file (optionnal, this is 'systemd' by default, meaning ./conf/systemd.service will be used as template) # -# This will use a template in ../conf/systemd.service -# and will replace the following keywords with -# global variables that should be defined before calling +# This will use the template ../conf/.service +# to generate a systemd config, by replacing the following keywords +# with global variables that should be defined before calling # this helper : # # __APP__ by $app @@ -102,7 +102,7 @@ ynh_add_systemd_config () { # Remove the dedicated systemd config # # usage: ynh_remove_systemd_config [Service name] -# | arg: Service name +# | arg: Service name (optionnal, $app by default) # # usage: ynh_remove_systemd_config ynh_remove_systemd_config () { From a1831ce0f8f0e18d0b1b831509c9727895f87e08 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Fri, 26 Jan 2018 22:40:33 +0100 Subject: [PATCH 28/42] Manage etckeeper.conf to make etckeeper quiet --- data/hooks/conf_regen/01-yunohost | 3 ++ data/templates/yunohost/etckeeper.conf | 43 ++++++++++++++++++++++++++ 2 files changed, 46 insertions(+) create mode 100644 data/templates/yunohost/etckeeper.conf diff --git a/data/hooks/conf_regen/01-yunohost b/data/hooks/conf_regen/01-yunohost index f8bef0614..e1daa7c3d 100755 --- a/data/hooks/conf_regen/01-yunohost +++ b/data/hooks/conf_regen/01-yunohost @@ -53,6 +53,9 @@ do_pre_regen() { else sudo cp services.yml /etc/yunohost/services.yml fi + + mkdir -p "$pending_dir"/etc/etckeeper/ + cp etckeeper.conf "$pending_dir"/etc/etckeeper/ } _update_services() { diff --git a/data/templates/yunohost/etckeeper.conf b/data/templates/yunohost/etckeeper.conf new file mode 100644 index 000000000..2d11c3dc6 --- /dev/null +++ b/data/templates/yunohost/etckeeper.conf @@ -0,0 +1,43 @@ +# The VCS to use. +#VCS="hg" +VCS="git" +#VCS="bzr" +#VCS="darcs" + +# Options passed to git commit when run by etckeeper. +GIT_COMMIT_OPTIONS="--quiet" + +# Options passed to hg commit when run by etckeeper. +HG_COMMIT_OPTIONS="" + +# Options passed to bzr commit when run by etckeeper. +BZR_COMMIT_OPTIONS="" + +# Options passed to darcs record when run by etckeeper. +DARCS_COMMIT_OPTIONS="-a" + +# Uncomment to avoid etckeeper committing existing changes +# to /etc automatically once per day. +#AVOID_DAILY_AUTOCOMMITS=1 + +# Uncomment the following to avoid special file warning +# (the option is enabled automatically by cronjob regardless). +#AVOID_SPECIAL_FILE_WARNING=1 + +# Uncomment to avoid etckeeper committing existing changes to +# /etc before installation. It will cancel the installation, +# so you can commit the changes by hand. +#AVOID_COMMIT_BEFORE_INSTALL=1 + +# The high-level package manager that's being used. +# (apt, pacman-g2, yum, zypper etc) +HIGHLEVEL_PACKAGE_MANAGER=apt + +# The low-level package manager that's being used. +# (dpkg, rpm, pacman, pacman-g2, etc) +LOWLEVEL_PACKAGE_MANAGER=dpkg + +# To push each commit to a remote, put the name of the remote here. +# (eg, "origin" for git). Space-separated lists of multiple remotes +# also work (eg, "origin gitlab github" for git). +PUSH_REMOTE="" From 9511e01f5a8f577fed65c867b5dfe7c40eddb4c2 Mon Sep 17 00:00:00 2001 From: Jimmy Monin Date: Sat, 27 Jan 2018 16:16:42 +0100 Subject: [PATCH 29/42] Add access to conf folder when executing change_url script --- src/yunohost/app.py | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/yunohost/app.py b/src/yunohost/app.py index 9ccc0886d..58c397542 100644 --- a/src/yunohost/app.py +++ b/src/yunohost/app.py @@ -485,6 +485,12 @@ def app_change_url(auth, app, domain, path): shutil.copytree(os.path.join(APPS_SETTING_PATH, app, "scripts"), os.path.join(APP_TMP_FOLDER, "scripts")) + if os.path.exists(os.path.join(APP_TMP_FOLDER, "conf")): + shutil.rmtree(os.path.join(APP_TMP_FOLDER, "conf")) + + shutil.copytree(os.path.join(APPS_SETTING_PATH, app, "conf"), + os.path.join(APP_TMP_FOLDER, "conf")) + # Execute App change_url script os.system('chown -R admin: %s' % INSTALL_TMP) os.system('chmod +x %s' % os.path.join(os.path.join(APP_TMP_FOLDER, "scripts"))) From 8e92bb832867abcd3ebd6d5872bb99c2f8653835 Mon Sep 17 00:00:00 2001 From: Maniack Crudelis Date: Sun, 4 Feb 2018 19:26:49 +0100 Subject: [PATCH 30/42] [enh] --verbose for backup during upgrade --- data/helpers.d/utils | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/helpers.d/utils b/data/helpers.d/utils index 3dc0c9bfc..288ac393c 100644 --- a/data/helpers.d/utils +++ b/data/helpers.d/utils @@ -44,7 +44,7 @@ ynh_restore_upgradebackup () { # Remove the application then restore it sudo yunohost app remove $app # Restore the backup - sudo yunohost backup restore --ignore-system $app_bck-pre-upgrade$backup_number --apps $app --force + sudo yunohost backup restore --ignore-system $app_bck-pre-upgrade$backup_number --apps $app --force --verbose ynh_die "The app was restored to the way it was before the failed upgrade." fi } @@ -77,7 +77,7 @@ ynh_backup_before_upgrade () { fi # Create backup - sudo yunohost backup create --ignore-system --apps $app --name $app_bck-pre-upgrade$backup_number + sudo yunohost backup create --ignore-system --apps $app --name $app_bck-pre-upgrade$backup_number --verbose if [ "$?" -eq 0 ] then # If the backup succeeded, remove the previous backup From e5a41be5182d87c5e9ab6bcf3ddd3d34dc4426f7 Mon Sep 17 00:00:00 2001 From: Laurent Peuch Date: Wed, 7 Feb 2018 21:42:27 +0100 Subject: [PATCH 31/42] [fix] backslash needs to be double escaped --- locales/en.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/locales/en.json b/locales/en.json index 8f995c9bf..66fa93f45 100644 --- a/locales/en.json +++ b/locales/en.json @@ -14,7 +14,7 @@ "app_change_url_identical_domains": "The old and new domain/url_path are identical ('{domain:s}{path:s}'), nothing to do.", "app_change_url_no_script": "This application '{app_name:s}' doesn't support url modification yet. Maybe you should upgrade the application.", "app_change_url_success": "Successfully changed {app:s} url to {domain:s}{path:s}", - "app_checkurl_is_deprecated": "Packagers /!\ 'app checkurl' is deprecated ! Please use 'app register-url' instead !", + "app_checkurl_is_deprecated": "Packagers /!\\ 'app checkurl' is deprecated ! Please use 'app register-url' instead !", "app_extraction_failed": "Unable to extract installation files", "app_id_invalid": "Invalid app id", "app_incompatible": "The app {app} is incompatible with your YunoHost version", From 52a54c5ab1ce096005f086739efe600eef545d32 Mon Sep 17 00:00:00 2001 From: Laurent Peuch Date: Wed, 7 Feb 2018 21:46:38 +0100 Subject: [PATCH 32/42] [mod] we are in 2017 --- src/yunohost/utils/network.py | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/yunohost/utils/network.py b/src/yunohost/utils/network.py index 9cdbc676c..e22d1644d 100644 --- a/src/yunohost/utils/network.py +++ b/src/yunohost/utils/network.py @@ -2,7 +2,7 @@ """ License - Copyright (C) 2015 YUNOHOST.ORG + Copyright (C) 2017 YUNOHOST.ORG This program is free software; you can redistribute it and/or modify it under the terms of the GNU Affero General Public License as published @@ -37,4 +37,3 @@ def get_public_ip(protocol=4): return urlopen(url).read().strip() except IOError: return None - From 89848a9b57a8ae76810132df6db28ccab7ec6f36 Mon Sep 17 00:00:00 2001 From: ButterflyOfFire Date: Wed, 7 Feb 2018 20:33:49 +0000 Subject: [PATCH 33/42] Added translation using Weblate (Arabic) --- locales/ar.json | 369 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 369 insertions(+) create mode 100644 locales/ar.json diff --git a/locales/ar.json b/locales/ar.json new file mode 100644 index 000000000..8f995c9bf --- /dev/null +++ b/locales/ar.json @@ -0,0 +1,369 @@ +{ + "action_invalid": "Invalid action '{action:s}'", + "admin_password": "Administration password", + "admin_password_change_failed": "Unable to change password", + "admin_password_changed": "The administration password has been changed", + "app_already_installed": "{app:s} is already installed", + "app_already_installed_cant_change_url": "This app is already installed. The url cannot be changed just by this function. Look into `app changeurl` if it's available.", + "app_already_up_to_date": "{app:s} is already up to date", + "app_argument_choice_invalid": "Invalid choice for argument '{name:s}', it must be one of {choices:s}", + "app_argument_invalid": "Invalid value for argument '{name:s}': {error:s}", + "app_argument_required": "Argument '{name:s}' is required", + "app_change_no_change_url_script": "The application {app_name:s} doesn't support changing it's URL yet, you might need to upgrade it.", + "app_change_url_failed_nginx_reload": "Failed to reload nginx. Here is the output of 'nginx -t':\n{nginx_errors:s}", + "app_change_url_identical_domains": "The old and new domain/url_path are identical ('{domain:s}{path:s}'), nothing to do.", + "app_change_url_no_script": "This application '{app_name:s}' doesn't support url modification yet. Maybe you should upgrade the application.", + "app_change_url_success": "Successfully changed {app:s} url to {domain:s}{path:s}", + "app_checkurl_is_deprecated": "Packagers /!\ 'app checkurl' is deprecated ! Please use 'app register-url' instead !", + "app_extraction_failed": "Unable to extract installation files", + "app_id_invalid": "Invalid app id", + "app_incompatible": "The app {app} is incompatible with your YunoHost version", + "app_install_files_invalid": "Invalid installation files", + "app_location_already_used": "The app '{app}' is already installed on that location ({path})", + "app_make_default_location_already_used": "Can't make the app '{app}' the default on the domain {domain} is already used by the other app '{other_app}'", + "app_location_install_failed": "Unable to install the app in this location because it conflit with the app '{other_app}' already installed on '{other_path}'", + "app_location_unavailable": "This url is not available or conflicts with an already installed app", + "app_manifest_invalid": "Invalid app manifest: {error}", + "app_no_upgrade": "No app to upgrade", + "app_not_correctly_installed": "{app:s} seems to be incorrectly installed", + "app_not_installed": "{app:s} is not installed", + "app_not_properly_removed": "{app:s} has not been properly removed", + "app_package_need_update": "The app {app} package needs to be updated to follow YunoHost changes", + "app_removed": "{app:s} has been removed", + "app_requirements_checking": "Checking required packages for {app}...", + "app_requirements_failed": "Unable to meet requirements for {app}: {error}", + "app_requirements_unmeet": "Requirements are not met for {app}, the package {pkgname} ({version}) must be {spec}", + "app_sources_fetch_failed": "Unable to fetch sources files", + "app_unknown": "Unknown app", + "app_unsupported_remote_type": "Unsupported remote type used for the app", + "app_upgrade_app_name": "Upgrading app {app}...", + "app_upgrade_failed": "Unable to upgrade {app:s}", + "app_upgrade_some_app_failed": "Unable to upgrade some applications", + "app_upgraded": "{app:s} has been upgraded", + "appslist_corrupted_json": "Could not load the application lists. It looks like {filename:s} is corrupted.", + "appslist_could_not_migrate": "Could not migrate app list {appslist:s} ! Unable to parse the url... The old cron job has been kept in {bkp_file:s}.", + "appslist_fetched": "The application list {appslist:s} has been fetched", + "appslist_migrating": "Migrating application list {appslist:s} ...", + "appslist_name_already_tracked": "There is already a registered application list with name {name:s}.", + "appslist_removed": "The application list {appslist:s} has been removed", + "appslist_retrieve_bad_format": "Retrieved file for application list {appslist:s} is not valid", + "appslist_retrieve_error": "Unable to retrieve the remote application list {appslist:s}: {error:s}", + "appslist_unknown": "Application list {appslist:s} unknown.", + "appslist_url_already_tracked": "There is already a registered application list with url {url:s}.", + "ask_current_admin_password": "Current administration password", + "ask_email": "Email address", + "ask_firstname": "First name", + "ask_lastname": "Last name", + "ask_list_to_remove": "List to remove", + "ask_main_domain": "Main domain", + "ask_new_admin_password": "New administration password", + "ask_password": "Password", + "ask_path": "Path", + "backup_abstract_method": "This backup method hasn't yet been implemented", + "backup_action_required": "You must specify something to save", + "backup_app_failed": "Unable to back up the app '{app:s}'", + "backup_applying_method_borg": "Sending all files to backup into borg-backup repository...", + "backup_applying_method_copy": "Copying all files to backup...", + "backup_applying_method_custom": "Calling the custom backup method '{method:s}'...", + "backup_applying_method_tar": "Creating the backup tar archive...", + "backup_archive_app_not_found": "App '{app:s}' not found in the backup archive", + "backup_archive_broken_link": "Unable to access backup archive (broken link to {path:s})", + "backup_archive_mount_failed": "Mounting the backup archive failed", + "backup_archive_name_exists": "The backup's archive name already exists", + "backup_archive_name_unknown": "Unknown local backup archive named '{name:s}'", + "backup_archive_open_failed": "Unable to open the backup archive", + "backup_archive_system_part_not_available": "System part '{part:s}' not available in this backup", + "backup_archive_writing_error": "Unable to add files to backup into the compressed archive", + "backup_ask_for_copying_if_needed": "Some files couldn't be prepared to be backuped using the method that avoid to temporarily waste space on the system. To perform the backup, {size:s}MB should be used temporarily. Do you agree?", + "backup_borg_not_implemented": "Borg backup method is not yet implemented", + "backup_cant_mount_uncompress_archive": "Unable to mount in readonly mode the uncompress archive directory", + "backup_cleaning_failed": "Unable to clean-up the temporary backup directory", + "backup_copying_to_organize_the_archive": "Copying {size:s}MB to organize the archive", + "backup_couldnt_bind": "Couldn't bind {src:s} to {dest:s}.", + "backup_created": "Backup created", + "backup_creating_archive": "Creating the backup archive...", + "backup_creation_failed": "Backup creation failed", + "backup_csv_addition_failed": "Unable to add files to backup into the CSV file", + "backup_csv_creation_failed": "Unable to create the CSV file needed for future restore operations", + "backup_custom_backup_error": "Custom backup method failure on 'backup' step", + "backup_custom_mount_error": "Custom backup method failure on 'mount' step", + "backup_custom_need_mount_error": "Custom backup method failure on 'need_mount' step", + "backup_delete_error": "Unable to delete '{path:s}'", + "backup_deleted": "The backup has been deleted", + "backup_extracting_archive": "Extracting the backup archive...", + "backup_hook_unknown": "Backup hook '{hook:s}' unknown", + "backup_invalid_archive": "Invalid backup archive", + "backup_method_borg_finished": "Backup into borg finished", + "backup_method_copy_finished": "Backup copy finished", + "backup_method_custom_finished": "Custom backup method '{method:s}' finished", + "backup_method_tar_finished": "Backup tar archive created", + "backup_no_uncompress_archive_dir": "Uncompress archive directory doesn't exist", + "backup_nothings_done": "There is nothing to save", + "backup_output_directory_forbidden": "Forbidden output directory. Backups can't be created in /bin, /boot, /dev, /etc, /lib, /root, /run, /sbin, /sys, /usr, /var or /home/yunohost.backup/archives sub-folders", + "backup_output_directory_not_empty": "The output directory is not empty", + "backup_output_directory_required": "You must provide an output directory for the backup", + "backup_output_symlink_dir_broken": "You have a broken symlink instead of your archives directory '{path:s}'. You may have a specific setup to backup your data on an other filesystem, in this case you probably forgot to remount or plug your hard dirve or usb key.", + "backup_running_app_script": "Running backup script of app '{app:s}'...", + "backup_running_hooks": "Running backup hooks...", + "backup_system_part_failed": "Unable to backup the '{part:s}' system part", + "backup_unable_to_organize_files": "Unable to organize files in the archive with the quick method", + "backup_with_no_backup_script_for_app": "App {app:s} has no backup script. Ignoring.", + "backup_with_no_restore_script_for_app": "App {app:s} has no restore script, you won't be able to automatically restore the backup of this app.", + "certmanager_acme_not_configured_for_domain": "Certificate for domain {domain:s} does not appear to be correctly installed. Please run cert-install for this domain first.", + "certmanager_attempt_to_renew_nonLE_cert": "The certificate for domain {domain:s} is not issued by Let's Encrypt. Cannot renew it automatically!", + "certmanager_attempt_to_renew_valid_cert": "The certificate for domain {domain:s} is not about to expire! Use --force to bypass", + "certmanager_attempt_to_replace_valid_cert": "You are attempting to overwrite a good and valid certificate for domain {domain:s}! (Use --force to bypass)", + "certmanager_cannot_read_cert": "Something wrong happened when trying to open current certificate for domain {domain:s} (file: {file:s}), reason: {reason:s}", + "certmanager_cert_install_success": "Successfully installed Let's Encrypt certificate for domain {domain:s}!", + "certmanager_cert_install_success_selfsigned": "Successfully installed a self-signed certificate for domain {domain:s}!", + "certmanager_cert_renew_success": "Successfully renewed Let's Encrypt certificate for domain {domain:s}!", + "certmanager_cert_signing_failed": "Signing the new certificate failed", + "certmanager_certificate_fetching_or_enabling_failed": "Sounds like enabling the new certificate for {domain:s} failed somehow...", + "certmanager_conflicting_nginx_file": "Unable to prepare domain for ACME challenge: the nginx configuration file {filepath:s} is conflicting and should be removed first", + "certmanager_couldnt_fetch_intermediate_cert": "Timed out when trying to fetch intermediate certificate from Let's Encrypt. Certificate installation/renewal aborted - please try again later.", + "certmanager_domain_cert_not_selfsigned": "The certificate for domain {domain:s} is not self-signed. Are you sure you want to replace it? (Use --force)", + "certmanager_domain_dns_ip_differs_from_public_ip": "The DNS 'A' record for domain {domain:s} is different from this server IP. If you recently modified your A record, please wait for it to propagate (some DNS propagation checkers are available online). (If you know what you are doing, use --no-checks to disable those checks.)", + "certmanager_domain_http_not_working": "It seems that the domain {domain:s} cannot be accessed through HTTP. Please check your DNS and nginx configuration is okay", + "certmanager_domain_not_resolved_locally": "The domain {domain:s} cannot be resolved from inside your Yunohost server. This might happen if you recently modified your DNS record. If so, please wait a few hours for it to propagate. If the issue persists, consider adding {domain:s} to /etc/hosts. (If you know what you are doing, use --no-checks to disable those checks.)", + "certmanager_domain_unknown": "Unknown domain {domain:s}", + "certmanager_error_no_A_record": "No DNS 'A' record found for {domain:s}. You need to make your domain name point to your machine to be able to install a Let's Encrypt certificate! (If you know what you are doing, use --no-checks to disable those checks.)", + "certmanager_hit_rate_limit": "Too many certificates already issued for exact set of domains {domain:s} recently. Please try again later. See https://letsencrypt.org/docs/rate-limits/ for more details", + "certmanager_http_check_timeout": "Timed out when server tried to contact itself through HTTP using public IP address (domain {domain:s} with ip {ip:s}). You may be experiencing hairpinning issue or the firewall/router ahead of your server is misconfigured.", + "certmanager_no_cert_file": "Unable to read certificate file for domain {domain:s} (file: {file:s})", + "certmanager_old_letsencrypt_app_detected": "\nYunohost detected that the 'letsencrypt' app is installed, which conflits with the new built-in certificate management features in Yunohost. If you wish to use the new built-in features, please run the following commands to migrate your installation:\n\n yunohost app remove letsencrypt\n yunohost domain cert-install\n\nN.B.: this will attempt to re-install certificates for all domains with a Let's Encrypt certificate or self-signed certificate", + "certmanager_self_ca_conf_file_not_found": "Configuration file not found for self-signing authority (file: {file:s})", + "certmanager_unable_to_parse_self_CA_name": "Unable to parse name of self-signing authority (file: {file:s})", + "custom_app_url_required": "You must provide a URL to upgrade your custom app {app:s}", + "custom_appslist_name_required": "You must provide a name for your custom app list", + "diagnosis_debian_version_error": "Can't retrieve the Debian version: {error}", + "diagnosis_kernel_version_error": "Can't retrieve kernel version: {error}", + "diagnosis_monitor_disk_error": "Can't monitor disks: {error}", + "diagnosis_monitor_network_error": "Can't monitor network: {error}", + "diagnosis_monitor_system_error": "Can't monitor system: {error}", + "diagnosis_no_apps": "No installed application", + "dnsmasq_isnt_installed": "dnsmasq does not seem to be installed, please run 'apt-get remove bind9 && apt-get install dnsmasq'", + "domain_cannot_remove_main": "Cannot remove main domain. Set a new main domain first", + "domain_cert_gen_failed": "Unable to generate certificate", + "domain_created": "The domain has been created", + "domain_creation_failed": "Unable to create domain", + "domain_deleted": "The domain has been deleted", + "domain_deletion_failed": "Unable to delete domain", + "domain_dns_conf_is_just_a_recommendation": "This command shows you what is the *recommended* configuration. It does not actually set up the DNS configuration for you. It is your responsability to configure your DNS zone in your registrar according to this recommendation.", + "domain_dyndns_already_subscribed": "You've already subscribed to a DynDNS domain", + "domain_dyndns_dynette_is_unreachable": "Unable to reach YunoHost dynette, either your YunoHost is not correctly connected to the internet or the dynette server is down. Error: {error}", + "domain_dyndns_invalid": "Invalid domain to use with DynDNS", + "domain_dyndns_root_unknown": "Unknown DynDNS root domain", + "domain_exists": "Domain already exists", + "domain_hostname_failed": "Failed to set new hostname", + "domain_uninstall_app_first": "One or more apps are installed on this domain. Please uninstall them before proceeding to domain removal", + "domain_unknown": "Unknown domain", + "domain_zone_exists": "DNS zone file already exists", + "domain_zone_not_found": "DNS zone file not found for domain {:s}", + "domains_available": "Available domains:", + "done": "Done", + "downloading": "Downloading...", + "dyndns_could_not_check_provide": "Could not check if {provider:s} can provide {domain:s}.", + "dyndns_cron_installed": "The DynDNS cron job has been installed", + "dyndns_cron_remove_failed": "Unable to remove the DynDNS cron job", + "dyndns_cron_removed": "The DynDNS cron job has been removed", + "dyndns_ip_update_failed": "Unable to update IP address on DynDNS", + "dyndns_ip_updated": "Your IP address has been updated on DynDNS", + "dyndns_key_generating": "DNS key is being generated, it may take a while...", + "dyndns_key_not_found": "DNS key not found for the domain", + "dyndns_no_domain_registered": "No domain has been registered with DynDNS", + "dyndns_registered": "The DynDNS domain has been registered", + "dyndns_registration_failed": "Unable to register DynDNS domain: {error:s}", + "dyndns_domain_not_provided": "Dyndns provider {provider:s} cannot provide domain {domain:s}.", + "dyndns_unavailable": "Domain {domain:s} is not available.", + "executing_command": "Executing command '{command:s}'...", + "executing_script": "Executing script '{script:s}'...", + "extracting": "Extracting...", + "field_invalid": "Invalid field '{:s}'", + "firewall_reload_failed": "Unable to reload the firewall", + "firewall_reloaded": "The firewall has been reloaded", + "firewall_rules_cmd_failed": "Some firewall rules commands have failed. For more information, see the log.", + "format_datetime_short": "%m/%d/%Y %I:%M %p", + "global_settings_bad_choice_for_enum": "Bad value for setting {setting:s}, received {received_type:s}, except {expected_type:s}", + "global_settings_bad_type_for_setting": "Bad type for setting {setting:s}, received {received_type:s}, except {expected_type:s}", + "global_settings_cant_open_settings": "Failed to open settings file, reason: {reason:s}", + "global_settings_cant_serialize_settings": "Failed to serialize settings data, reason: {reason:s}", + "global_settings_cant_write_settings": "Failed to write settings file, reason: {reason:s}", + "global_settings_key_doesnt_exists": "The key '{settings_key:s}' doesn't exists in the global settings, you can see all the available keys by doing 'yunohost settings list'", + "global_settings_reset_success": "Success. Your previous settings have been backuped in {path:s}", + "global_settings_setting_example_bool": "Example boolean option", + "global_settings_setting_example_enum": "Example enum option", + "global_settings_setting_example_int": "Example int option", + "global_settings_setting_example_string": "Example string option", + "global_settings_unknown_setting_from_settings_file": "Unknown key in settings: '{setting_key:s}', discarding it and save it in /etc/yunohost/unkown_settings.json", + "global_settings_unknown_type": "Unexpected situation, the setting {setting:s} appears to have the type {unknown_type:s} but it's not a type supported by the system.", + "hook_exec_failed": "Script execution failed: {path:s}", + "hook_exec_not_terminated": "Script execution hasn\u2019t terminated: {path:s}", + "hook_list_by_invalid": "Invalid property to list hook by", + "hook_name_unknown": "Unknown hook name '{name:s}'", + "installation_complete": "Installation complete", + "installation_failed": "Installation failed", + "invalid_url_format": "Invalid URL format", + "ip6tables_unavailable": "You cannot play with ip6tables here. You are either in a container or your kernel does not support it", + "iptables_unavailable": "You cannot play with iptables here. You are either in a container or your kernel does not support it", + "ldap_init_failed_to_create_admin": "LDAP initialization failed to create admin user", + "ldap_initialized": "LDAP has been initialized", + "license_undefined": "undefined", + "mail_alias_remove_failed": "Unable to remove mail alias '{mail:s}'", + "mail_domain_unknown": "Unknown mail address domain '{domain:s}'", + "mail_forward_remove_failed": "Unable to remove mail forward '{mail:s}'", + "mailbox_used_space_dovecot_down": "Dovecot mailbox service need to be up, if you want to get mailbox used space", + "maindomain_change_failed": "Unable to change the main domain", + "maindomain_changed": "The main domain has been changed", + "migrate_tsig_end": "Migration to hmac-sha512 finished", + "migrate_tsig_failed": "Migrating the dyndns domain {domain} to hmac-sha512 failed, rolling back. Error: {error_code} - {error}", + "migrate_tsig_start": "Not secure enough key algorithm detected for TSIG signature of domain '{domain}', initiating migration to the more secure one hmac-sha512", + "migrate_tsig_wait": "Let's wait 3min for the dyndns server to take the new key into account...", + "migrate_tsig_wait_2": "2min...", + "migrate_tsig_wait_3": "1min...", + "migrate_tsig_wait_4": "30 secondes...", + "migrate_tsig_not_needed": "You do not appear to use a dyndns domain, so no migration is needed !", + "migrations_backward": "Migrating backward.", + "migrations_bad_value_for_target": "Invalide number for target argument, available migrations numbers are 0 or {}", + "migrations_cant_reach_migration_file": "Can't access migrations files at path %s", + "migrations_current_target": "Migration target is {}", + "migrations_error_failed_to_load_migration": "ERROR: failed to load migration {number} {name}", + "migrations_forward": "Migrating forward", + "migrations_loading_migration": "Loading migration {number} {name}...", + "migrations_migration_has_failed": "Migration {number} {name} has failed with exception {exception}, aborting", + "migrations_no_migrations_to_run": "No migrations to run", + "migrations_show_currently_running_migration": "Running migration {number} {name}...", + "migrations_show_last_migration": "Last ran migration is {}", + "migrations_skip_migration": "Skipping migration {number} {name}...", + "monitor_disabled": "The server monitoring has been disabled", + "monitor_enabled": "The server monitoring has been enabled", + "monitor_glances_con_failed": "Unable to connect to Glances server", + "monitor_not_enabled": "Server monitoring is not enabled", + "monitor_period_invalid": "Invalid time period", + "monitor_stats_file_not_found": "Statistics file not found", + "monitor_stats_no_update": "No monitoring statistics to update", + "monitor_stats_period_unavailable": "No available statistics for the period", + "mountpoint_unknown": "Unknown mountpoint", + "mysql_db_creation_failed": "MySQL database creation failed", + "mysql_db_init_failed": "MySQL database init failed", + "mysql_db_initialized": "The MySQL database has been initialized", + "network_check_mx_ko": "DNS MX record is not set", + "network_check_smtp_ko": "Outbound mail (SMTP port 25) seems to be blocked by your network", + "network_check_smtp_ok": "Outbound mail (SMTP port 25) is not blocked", + "new_domain_required": "You must provide the new main domain", + "no_appslist_found": "No app list found", + "no_internet_connection": "Server is not connected to the Internet", + "no_ipv6_connectivity": "IPv6 connectivity is not available", + "no_restore_script": "No restore script found for the app '{app:s}'", + "not_enough_disk_space": "Not enough free disk space on '{path:s}'", + "package_not_installed": "Package '{pkgname}' is not installed", + "package_unexpected_error": "An unexpected error occurred processing the package '{pkgname}'", + "package_unknown": "Unknown package '{pkgname}'", + "packages_no_upgrade": "There is no package to upgrade", + "packages_upgrade_critical_later": "Critical packages ({packages:s}) will be upgraded later", + "packages_upgrade_failed": "Unable to upgrade all of the packages", + "path_removal_failed": "Unable to remove path {:s}", + "pattern_backup_archive_name": "Must be a valid filename with max 30 characters, and alphanumeric and -_. characters only", + "pattern_domain": "Must be a valid domain name (e.g. my-domain.org)", + "pattern_email": "Must be a valid email address (e.g. someone@domain.org)", + "pattern_firstname": "Must be a valid first name", + "pattern_lastname": "Must be a valid last name", + "pattern_listname": "Must be alphanumeric and underscore characters only", + "pattern_mailbox_quota": "Must be a size with b/k/M/G/T suffix or 0 to disable the quota", + "pattern_password": "Must be at least 3 characters long", + "pattern_port": "Must be a valid port number (i.e. 0-65535)", + "pattern_port_or_range": "Must be a valid port number (i.e. 0-65535) or range of ports (e.g. 100:200)", + "pattern_positive_number": "Must be a positive number", + "pattern_username": "Must be lower-case alphanumeric and underscore characters only", + "port_already_closed": "Port {port:d} is already closed for {ip_version:s} connections", + "port_already_opened": "Port {port:d} is already opened for {ip_version:s} connections", + "port_available": "Port {port:d} is available", + "port_unavailable": "Port {port:d} is not available", + "restore_action_required": "You must specify something to restore", + "restore_already_installed_app": "An app is already installed with the id '{app:s}'", + "restore_app_failed": "Unable to restore the app '{app:s}'", + "restore_cleaning_failed": "Unable to clean-up the temporary restoration directory", + "restore_complete": "Restore complete", + "restore_confirm_yunohost_installed": "Do you really want to restore an already installed system? [{answers:s}]", + "restore_extracting": "Extracting needed files from the archive...", + "restore_failed": "Unable to restore the system", + "restore_hook_unavailable": "Restoration script for '{part:s}' not available on your system and not in the archive either", + "restore_may_be_not_enough_disk_space": "Your system seems not to have enough disk space (freespace: {free_space:d} B, needed space: {needed_space:d} B, security margin: {margin:d} B)", + "restore_mounting_archive": "Mounting archive into '{path:s}'", + "restore_not_enough_disk_space": "Not enough disk space (freespace: {free_space:d} B, needed space: {needed_space:d} B, security margin: {margin:d} B)", + "restore_nothings_done": "Nothing has been restored", + "restore_removing_tmp_dir_failed": "Unable to remove an old temporary directory", + "restore_running_app_script": "Running restore script of app '{app:s}'...", + "restore_running_hooks": "Running restoration hooks...", + "restore_system_part_failed": "Unable to restore the '{part:s}' system part", + "server_shutdown": "The server will shutdown", + "server_shutdown_confirm": "The server will shutdown immediatly, are you sure? [{answers:s}]", + "server_reboot": "The server will reboot", + "server_reboot_confirm": "The server will reboot immediatly, are you sure? [{answers:s}]", + "service_add_failed": "Unable to add service '{service:s}'", + "service_added": "The service '{service:s}' has been added", + "service_already_started": "Service '{service:s}' has already been started", + "service_already_stopped": "Service '{service:s}' has already been stopped", + "service_cmd_exec_failed": "Unable to execute command '{command:s}'", + "service_conf_file_backed_up": "The configuration file '{conf}' has been backed up to '{backup}'", + "service_conf_file_copy_failed": "Unable to copy the new configuration file '{new}' to '{conf}'", + "service_conf_file_kept_back": "The configuration file '{conf}' is expected to be deleted by service {service} but has been kept back.", + "service_conf_file_manually_modified": "The configuration file '{conf}' has been manually modified and will not be updated", + "service_conf_file_manually_removed": "The configuration file '{conf}' has been manually removed and will not be created", + "service_conf_file_remove_failed": "Unable to remove the configuration file '{conf}'", + "service_conf_file_removed": "The configuration file '{conf}' has been removed", + "service_conf_file_updated": "The configuration file '{conf}' has been updated", + "service_conf_new_managed_file": "The configuration file '{conf}' is now managed by the service {service}.", + "service_conf_up_to_date": "The configuration is already up-to-date for service '{service}'", + "service_conf_updated": "The configuration has been updated for service '{service}'", + "service_conf_would_be_updated": "The configuration would have been updated for service '{service}'", + "service_disable_failed": "Unable to disable service '{service:s}'", + "service_disabled": "The service '{service:s}' has been disabled", + "service_enable_failed": "Unable to enable service '{service:s}'", + "service_enabled": "The service '{service:s}' has been enabled", + "service_no_log": "No log to display for service '{service:s}'", + "service_regenconf_dry_pending_applying": "Checking pending configuration which would have been applied for service '{service}'...", + "service_regenconf_failed": "Unable to regenerate the configuration for service(s): {services}", + "service_regenconf_pending_applying": "Applying pending configuration for service '{service}'...", + "service_remove_failed": "Unable to remove service '{service:s}'", + "service_removed": "The service '{service:s}' has been removed", + "service_start_failed": "Unable to start service '{service:s}'", + "service_started": "The service '{service:s}' has been started", + "service_status_failed": "Unable to determine status of service '{service:s}'", + "service_stop_failed": "Unable to stop service '{service:s}'", + "service_stopped": "The service '{service:s}' has been stopped", + "service_unknown": "Unknown service '{service:s}'", + "ssowat_conf_generated": "The SSOwat configuration has been generated", + "ssowat_conf_updated": "The SSOwat configuration has been updated", + "ssowat_persistent_conf_read_error": "Error while reading SSOwat persistent configuration: {error:s}. Edit /etc/ssowat/conf.json.persistent file to fix the JSON syntax", + "ssowat_persistent_conf_write_error": "Error while saving SSOwat persistent configuration: {error:s}. Edit /etc/ssowat/conf.json.persistent file to fix the JSON syntax", + "system_upgraded": "The system has been upgraded", + "system_username_exists": "Username already exists in the system users", + "unbackup_app": "App '{app:s}' will not be saved", + "unexpected_error": "An unexpected error occured", + "unit_unknown": "Unknown unit '{unit:s}'", + "unlimit": "No quota", + "unrestore_app": "App '{app:s}' will not be restored", + "update_cache_failed": "Unable to update APT cache", + "updating_apt_cache": "Updating the list of available packages...", + "upgrade_complete": "Upgrade complete", + "upgrading_packages": "Upgrading packages...", + "upnp_dev_not_found": "No UPnP device found", + "upnp_disabled": "UPnP has been disabled", + "upnp_enabled": "UPnP has been enabled", + "upnp_port_open_failed": "Unable to open UPnP ports", + "user_created": "The user has been created", + "user_creation_failed": "Unable to create user", + "user_deleted": "The user has been deleted", + "user_deletion_failed": "Unable to delete user", + "user_home_creation_failed": "Unable to create user home folder", + "user_info_failed": "Unable to retrieve user information", + "user_unknown": "Unknown user: {user:s}", + "user_update_failed": "Unable to update user", + "user_updated": "The user has been updated", + "yunohost_already_installed": "YunoHost is already installed", + "yunohost_ca_creation_failed": "Unable to create certificate authority", + "yunohost_ca_creation_success": "The local certification authority has been created.", + "yunohost_configured": "YunoHost has been configured", + "yunohost_installing": "Installing YunoHost...", + "yunohost_not_installed": "YunoHost is not or not correctly installed. Please execute 'yunohost tools postinstall'" +} From d6311b62fe29667b957f71892299cf0331d8ffb0 Mon Sep 17 00:00:00 2001 From: Laurent Peuch Date: Wed, 7 Feb 2018 22:04:35 +0100 Subject: [PATCH 34/42] [fix] double backslash again --- locales/ar.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/locales/ar.json b/locales/ar.json index 8f995c9bf..66fa93f45 100644 --- a/locales/ar.json +++ b/locales/ar.json @@ -14,7 +14,7 @@ "app_change_url_identical_domains": "The old and new domain/url_path are identical ('{domain:s}{path:s}'), nothing to do.", "app_change_url_no_script": "This application '{app_name:s}' doesn't support url modification yet. Maybe you should upgrade the application.", "app_change_url_success": "Successfully changed {app:s} url to {domain:s}{path:s}", - "app_checkurl_is_deprecated": "Packagers /!\ 'app checkurl' is deprecated ! Please use 'app register-url' instead !", + "app_checkurl_is_deprecated": "Packagers /!\\ 'app checkurl' is deprecated ! Please use 'app register-url' instead !", "app_extraction_failed": "Unable to extract installation files", "app_id_invalid": "Invalid app id", "app_incompatible": "The app {app} is incompatible with your YunoHost version", From 78b87a6288bdf43442f80376a39623a9396bb1af Mon Sep 17 00:00:00 2001 From: Jean-Baptiste Date: Wed, 7 Feb 2018 22:09:41 +0100 Subject: [PATCH 35/42] reset file --- locales/ar.json | 367 ------------------------------------------------ 1 file changed, 367 deletions(-) diff --git a/locales/ar.json b/locales/ar.json index 66fa93f45..2c63c0851 100644 --- a/locales/ar.json +++ b/locales/ar.json @@ -1,369 +1,2 @@ { - "action_invalid": "Invalid action '{action:s}'", - "admin_password": "Administration password", - "admin_password_change_failed": "Unable to change password", - "admin_password_changed": "The administration password has been changed", - "app_already_installed": "{app:s} is already installed", - "app_already_installed_cant_change_url": "This app is already installed. The url cannot be changed just by this function. Look into `app changeurl` if it's available.", - "app_already_up_to_date": "{app:s} is already up to date", - "app_argument_choice_invalid": "Invalid choice for argument '{name:s}', it must be one of {choices:s}", - "app_argument_invalid": "Invalid value for argument '{name:s}': {error:s}", - "app_argument_required": "Argument '{name:s}' is required", - "app_change_no_change_url_script": "The application {app_name:s} doesn't support changing it's URL yet, you might need to upgrade it.", - "app_change_url_failed_nginx_reload": "Failed to reload nginx. Here is the output of 'nginx -t':\n{nginx_errors:s}", - "app_change_url_identical_domains": "The old and new domain/url_path are identical ('{domain:s}{path:s}'), nothing to do.", - "app_change_url_no_script": "This application '{app_name:s}' doesn't support url modification yet. Maybe you should upgrade the application.", - "app_change_url_success": "Successfully changed {app:s} url to {domain:s}{path:s}", - "app_checkurl_is_deprecated": "Packagers /!\\ 'app checkurl' is deprecated ! Please use 'app register-url' instead !", - "app_extraction_failed": "Unable to extract installation files", - "app_id_invalid": "Invalid app id", - "app_incompatible": "The app {app} is incompatible with your YunoHost version", - "app_install_files_invalid": "Invalid installation files", - "app_location_already_used": "The app '{app}' is already installed on that location ({path})", - "app_make_default_location_already_used": "Can't make the app '{app}' the default on the domain {domain} is already used by the other app '{other_app}'", - "app_location_install_failed": "Unable to install the app in this location because it conflit with the app '{other_app}' already installed on '{other_path}'", - "app_location_unavailable": "This url is not available or conflicts with an already installed app", - "app_manifest_invalid": "Invalid app manifest: {error}", - "app_no_upgrade": "No app to upgrade", - "app_not_correctly_installed": "{app:s} seems to be incorrectly installed", - "app_not_installed": "{app:s} is not installed", - "app_not_properly_removed": "{app:s} has not been properly removed", - "app_package_need_update": "The app {app} package needs to be updated to follow YunoHost changes", - "app_removed": "{app:s} has been removed", - "app_requirements_checking": "Checking required packages for {app}...", - "app_requirements_failed": "Unable to meet requirements for {app}: {error}", - "app_requirements_unmeet": "Requirements are not met for {app}, the package {pkgname} ({version}) must be {spec}", - "app_sources_fetch_failed": "Unable to fetch sources files", - "app_unknown": "Unknown app", - "app_unsupported_remote_type": "Unsupported remote type used for the app", - "app_upgrade_app_name": "Upgrading app {app}...", - "app_upgrade_failed": "Unable to upgrade {app:s}", - "app_upgrade_some_app_failed": "Unable to upgrade some applications", - "app_upgraded": "{app:s} has been upgraded", - "appslist_corrupted_json": "Could not load the application lists. It looks like {filename:s} is corrupted.", - "appslist_could_not_migrate": "Could not migrate app list {appslist:s} ! Unable to parse the url... The old cron job has been kept in {bkp_file:s}.", - "appslist_fetched": "The application list {appslist:s} has been fetched", - "appslist_migrating": "Migrating application list {appslist:s} ...", - "appslist_name_already_tracked": "There is already a registered application list with name {name:s}.", - "appslist_removed": "The application list {appslist:s} has been removed", - "appslist_retrieve_bad_format": "Retrieved file for application list {appslist:s} is not valid", - "appslist_retrieve_error": "Unable to retrieve the remote application list {appslist:s}: {error:s}", - "appslist_unknown": "Application list {appslist:s} unknown.", - "appslist_url_already_tracked": "There is already a registered application list with url {url:s}.", - "ask_current_admin_password": "Current administration password", - "ask_email": "Email address", - "ask_firstname": "First name", - "ask_lastname": "Last name", - "ask_list_to_remove": "List to remove", - "ask_main_domain": "Main domain", - "ask_new_admin_password": "New administration password", - "ask_password": "Password", - "ask_path": "Path", - "backup_abstract_method": "This backup method hasn't yet been implemented", - "backup_action_required": "You must specify something to save", - "backup_app_failed": "Unable to back up the app '{app:s}'", - "backup_applying_method_borg": "Sending all files to backup into borg-backup repository...", - "backup_applying_method_copy": "Copying all files to backup...", - "backup_applying_method_custom": "Calling the custom backup method '{method:s}'...", - "backup_applying_method_tar": "Creating the backup tar archive...", - "backup_archive_app_not_found": "App '{app:s}' not found in the backup archive", - "backup_archive_broken_link": "Unable to access backup archive (broken link to {path:s})", - "backup_archive_mount_failed": "Mounting the backup archive failed", - "backup_archive_name_exists": "The backup's archive name already exists", - "backup_archive_name_unknown": "Unknown local backup archive named '{name:s}'", - "backup_archive_open_failed": "Unable to open the backup archive", - "backup_archive_system_part_not_available": "System part '{part:s}' not available in this backup", - "backup_archive_writing_error": "Unable to add files to backup into the compressed archive", - "backup_ask_for_copying_if_needed": "Some files couldn't be prepared to be backuped using the method that avoid to temporarily waste space on the system. To perform the backup, {size:s}MB should be used temporarily. Do you agree?", - "backup_borg_not_implemented": "Borg backup method is not yet implemented", - "backup_cant_mount_uncompress_archive": "Unable to mount in readonly mode the uncompress archive directory", - "backup_cleaning_failed": "Unable to clean-up the temporary backup directory", - "backup_copying_to_organize_the_archive": "Copying {size:s}MB to organize the archive", - "backup_couldnt_bind": "Couldn't bind {src:s} to {dest:s}.", - "backup_created": "Backup created", - "backup_creating_archive": "Creating the backup archive...", - "backup_creation_failed": "Backup creation failed", - "backup_csv_addition_failed": "Unable to add files to backup into the CSV file", - "backup_csv_creation_failed": "Unable to create the CSV file needed for future restore operations", - "backup_custom_backup_error": "Custom backup method failure on 'backup' step", - "backup_custom_mount_error": "Custom backup method failure on 'mount' step", - "backup_custom_need_mount_error": "Custom backup method failure on 'need_mount' step", - "backup_delete_error": "Unable to delete '{path:s}'", - "backup_deleted": "The backup has been deleted", - "backup_extracting_archive": "Extracting the backup archive...", - "backup_hook_unknown": "Backup hook '{hook:s}' unknown", - "backup_invalid_archive": "Invalid backup archive", - "backup_method_borg_finished": "Backup into borg finished", - "backup_method_copy_finished": "Backup copy finished", - "backup_method_custom_finished": "Custom backup method '{method:s}' finished", - "backup_method_tar_finished": "Backup tar archive created", - "backup_no_uncompress_archive_dir": "Uncompress archive directory doesn't exist", - "backup_nothings_done": "There is nothing to save", - "backup_output_directory_forbidden": "Forbidden output directory. Backups can't be created in /bin, /boot, /dev, /etc, /lib, /root, /run, /sbin, /sys, /usr, /var or /home/yunohost.backup/archives sub-folders", - "backup_output_directory_not_empty": "The output directory is not empty", - "backup_output_directory_required": "You must provide an output directory for the backup", - "backup_output_symlink_dir_broken": "You have a broken symlink instead of your archives directory '{path:s}'. You may have a specific setup to backup your data on an other filesystem, in this case you probably forgot to remount or plug your hard dirve or usb key.", - "backup_running_app_script": "Running backup script of app '{app:s}'...", - "backup_running_hooks": "Running backup hooks...", - "backup_system_part_failed": "Unable to backup the '{part:s}' system part", - "backup_unable_to_organize_files": "Unable to organize files in the archive with the quick method", - "backup_with_no_backup_script_for_app": "App {app:s} has no backup script. Ignoring.", - "backup_with_no_restore_script_for_app": "App {app:s} has no restore script, you won't be able to automatically restore the backup of this app.", - "certmanager_acme_not_configured_for_domain": "Certificate for domain {domain:s} does not appear to be correctly installed. Please run cert-install for this domain first.", - "certmanager_attempt_to_renew_nonLE_cert": "The certificate for domain {domain:s} is not issued by Let's Encrypt. Cannot renew it automatically!", - "certmanager_attempt_to_renew_valid_cert": "The certificate for domain {domain:s} is not about to expire! Use --force to bypass", - "certmanager_attempt_to_replace_valid_cert": "You are attempting to overwrite a good and valid certificate for domain {domain:s}! (Use --force to bypass)", - "certmanager_cannot_read_cert": "Something wrong happened when trying to open current certificate for domain {domain:s} (file: {file:s}), reason: {reason:s}", - "certmanager_cert_install_success": "Successfully installed Let's Encrypt certificate for domain {domain:s}!", - "certmanager_cert_install_success_selfsigned": "Successfully installed a self-signed certificate for domain {domain:s}!", - "certmanager_cert_renew_success": "Successfully renewed Let's Encrypt certificate for domain {domain:s}!", - "certmanager_cert_signing_failed": "Signing the new certificate failed", - "certmanager_certificate_fetching_or_enabling_failed": "Sounds like enabling the new certificate for {domain:s} failed somehow...", - "certmanager_conflicting_nginx_file": "Unable to prepare domain for ACME challenge: the nginx configuration file {filepath:s} is conflicting and should be removed first", - "certmanager_couldnt_fetch_intermediate_cert": "Timed out when trying to fetch intermediate certificate from Let's Encrypt. Certificate installation/renewal aborted - please try again later.", - "certmanager_domain_cert_not_selfsigned": "The certificate for domain {domain:s} is not self-signed. Are you sure you want to replace it? (Use --force)", - "certmanager_domain_dns_ip_differs_from_public_ip": "The DNS 'A' record for domain {domain:s} is different from this server IP. If you recently modified your A record, please wait for it to propagate (some DNS propagation checkers are available online). (If you know what you are doing, use --no-checks to disable those checks.)", - "certmanager_domain_http_not_working": "It seems that the domain {domain:s} cannot be accessed through HTTP. Please check your DNS and nginx configuration is okay", - "certmanager_domain_not_resolved_locally": "The domain {domain:s} cannot be resolved from inside your Yunohost server. This might happen if you recently modified your DNS record. If so, please wait a few hours for it to propagate. If the issue persists, consider adding {domain:s} to /etc/hosts. (If you know what you are doing, use --no-checks to disable those checks.)", - "certmanager_domain_unknown": "Unknown domain {domain:s}", - "certmanager_error_no_A_record": "No DNS 'A' record found for {domain:s}. You need to make your domain name point to your machine to be able to install a Let's Encrypt certificate! (If you know what you are doing, use --no-checks to disable those checks.)", - "certmanager_hit_rate_limit": "Too many certificates already issued for exact set of domains {domain:s} recently. Please try again later. See https://letsencrypt.org/docs/rate-limits/ for more details", - "certmanager_http_check_timeout": "Timed out when server tried to contact itself through HTTP using public IP address (domain {domain:s} with ip {ip:s}). You may be experiencing hairpinning issue or the firewall/router ahead of your server is misconfigured.", - "certmanager_no_cert_file": "Unable to read certificate file for domain {domain:s} (file: {file:s})", - "certmanager_old_letsencrypt_app_detected": "\nYunohost detected that the 'letsencrypt' app is installed, which conflits with the new built-in certificate management features in Yunohost. If you wish to use the new built-in features, please run the following commands to migrate your installation:\n\n yunohost app remove letsencrypt\n yunohost domain cert-install\n\nN.B.: this will attempt to re-install certificates for all domains with a Let's Encrypt certificate or self-signed certificate", - "certmanager_self_ca_conf_file_not_found": "Configuration file not found for self-signing authority (file: {file:s})", - "certmanager_unable_to_parse_self_CA_name": "Unable to parse name of self-signing authority (file: {file:s})", - "custom_app_url_required": "You must provide a URL to upgrade your custom app {app:s}", - "custom_appslist_name_required": "You must provide a name for your custom app list", - "diagnosis_debian_version_error": "Can't retrieve the Debian version: {error}", - "diagnosis_kernel_version_error": "Can't retrieve kernel version: {error}", - "diagnosis_monitor_disk_error": "Can't monitor disks: {error}", - "diagnosis_monitor_network_error": "Can't monitor network: {error}", - "diagnosis_monitor_system_error": "Can't monitor system: {error}", - "diagnosis_no_apps": "No installed application", - "dnsmasq_isnt_installed": "dnsmasq does not seem to be installed, please run 'apt-get remove bind9 && apt-get install dnsmasq'", - "domain_cannot_remove_main": "Cannot remove main domain. Set a new main domain first", - "domain_cert_gen_failed": "Unable to generate certificate", - "domain_created": "The domain has been created", - "domain_creation_failed": "Unable to create domain", - "domain_deleted": "The domain has been deleted", - "domain_deletion_failed": "Unable to delete domain", - "domain_dns_conf_is_just_a_recommendation": "This command shows you what is the *recommended* configuration. It does not actually set up the DNS configuration for you. It is your responsability to configure your DNS zone in your registrar according to this recommendation.", - "domain_dyndns_already_subscribed": "You've already subscribed to a DynDNS domain", - "domain_dyndns_dynette_is_unreachable": "Unable to reach YunoHost dynette, either your YunoHost is not correctly connected to the internet or the dynette server is down. Error: {error}", - "domain_dyndns_invalid": "Invalid domain to use with DynDNS", - "domain_dyndns_root_unknown": "Unknown DynDNS root domain", - "domain_exists": "Domain already exists", - "domain_hostname_failed": "Failed to set new hostname", - "domain_uninstall_app_first": "One or more apps are installed on this domain. Please uninstall them before proceeding to domain removal", - "domain_unknown": "Unknown domain", - "domain_zone_exists": "DNS zone file already exists", - "domain_zone_not_found": "DNS zone file not found for domain {:s}", - "domains_available": "Available domains:", - "done": "Done", - "downloading": "Downloading...", - "dyndns_could_not_check_provide": "Could not check if {provider:s} can provide {domain:s}.", - "dyndns_cron_installed": "The DynDNS cron job has been installed", - "dyndns_cron_remove_failed": "Unable to remove the DynDNS cron job", - "dyndns_cron_removed": "The DynDNS cron job has been removed", - "dyndns_ip_update_failed": "Unable to update IP address on DynDNS", - "dyndns_ip_updated": "Your IP address has been updated on DynDNS", - "dyndns_key_generating": "DNS key is being generated, it may take a while...", - "dyndns_key_not_found": "DNS key not found for the domain", - "dyndns_no_domain_registered": "No domain has been registered with DynDNS", - "dyndns_registered": "The DynDNS domain has been registered", - "dyndns_registration_failed": "Unable to register DynDNS domain: {error:s}", - "dyndns_domain_not_provided": "Dyndns provider {provider:s} cannot provide domain {domain:s}.", - "dyndns_unavailable": "Domain {domain:s} is not available.", - "executing_command": "Executing command '{command:s}'...", - "executing_script": "Executing script '{script:s}'...", - "extracting": "Extracting...", - "field_invalid": "Invalid field '{:s}'", - "firewall_reload_failed": "Unable to reload the firewall", - "firewall_reloaded": "The firewall has been reloaded", - "firewall_rules_cmd_failed": "Some firewall rules commands have failed. For more information, see the log.", - "format_datetime_short": "%m/%d/%Y %I:%M %p", - "global_settings_bad_choice_for_enum": "Bad value for setting {setting:s}, received {received_type:s}, except {expected_type:s}", - "global_settings_bad_type_for_setting": "Bad type for setting {setting:s}, received {received_type:s}, except {expected_type:s}", - "global_settings_cant_open_settings": "Failed to open settings file, reason: {reason:s}", - "global_settings_cant_serialize_settings": "Failed to serialize settings data, reason: {reason:s}", - "global_settings_cant_write_settings": "Failed to write settings file, reason: {reason:s}", - "global_settings_key_doesnt_exists": "The key '{settings_key:s}' doesn't exists in the global settings, you can see all the available keys by doing 'yunohost settings list'", - "global_settings_reset_success": "Success. Your previous settings have been backuped in {path:s}", - "global_settings_setting_example_bool": "Example boolean option", - "global_settings_setting_example_enum": "Example enum option", - "global_settings_setting_example_int": "Example int option", - "global_settings_setting_example_string": "Example string option", - "global_settings_unknown_setting_from_settings_file": "Unknown key in settings: '{setting_key:s}', discarding it and save it in /etc/yunohost/unkown_settings.json", - "global_settings_unknown_type": "Unexpected situation, the setting {setting:s} appears to have the type {unknown_type:s} but it's not a type supported by the system.", - "hook_exec_failed": "Script execution failed: {path:s}", - "hook_exec_not_terminated": "Script execution hasn\u2019t terminated: {path:s}", - "hook_list_by_invalid": "Invalid property to list hook by", - "hook_name_unknown": "Unknown hook name '{name:s}'", - "installation_complete": "Installation complete", - "installation_failed": "Installation failed", - "invalid_url_format": "Invalid URL format", - "ip6tables_unavailable": "You cannot play with ip6tables here. You are either in a container or your kernel does not support it", - "iptables_unavailable": "You cannot play with iptables here. You are either in a container or your kernel does not support it", - "ldap_init_failed_to_create_admin": "LDAP initialization failed to create admin user", - "ldap_initialized": "LDAP has been initialized", - "license_undefined": "undefined", - "mail_alias_remove_failed": "Unable to remove mail alias '{mail:s}'", - "mail_domain_unknown": "Unknown mail address domain '{domain:s}'", - "mail_forward_remove_failed": "Unable to remove mail forward '{mail:s}'", - "mailbox_used_space_dovecot_down": "Dovecot mailbox service need to be up, if you want to get mailbox used space", - "maindomain_change_failed": "Unable to change the main domain", - "maindomain_changed": "The main domain has been changed", - "migrate_tsig_end": "Migration to hmac-sha512 finished", - "migrate_tsig_failed": "Migrating the dyndns domain {domain} to hmac-sha512 failed, rolling back. Error: {error_code} - {error}", - "migrate_tsig_start": "Not secure enough key algorithm detected for TSIG signature of domain '{domain}', initiating migration to the more secure one hmac-sha512", - "migrate_tsig_wait": "Let's wait 3min for the dyndns server to take the new key into account...", - "migrate_tsig_wait_2": "2min...", - "migrate_tsig_wait_3": "1min...", - "migrate_tsig_wait_4": "30 secondes...", - "migrate_tsig_not_needed": "You do not appear to use a dyndns domain, so no migration is needed !", - "migrations_backward": "Migrating backward.", - "migrations_bad_value_for_target": "Invalide number for target argument, available migrations numbers are 0 or {}", - "migrations_cant_reach_migration_file": "Can't access migrations files at path %s", - "migrations_current_target": "Migration target is {}", - "migrations_error_failed_to_load_migration": "ERROR: failed to load migration {number} {name}", - "migrations_forward": "Migrating forward", - "migrations_loading_migration": "Loading migration {number} {name}...", - "migrations_migration_has_failed": "Migration {number} {name} has failed with exception {exception}, aborting", - "migrations_no_migrations_to_run": "No migrations to run", - "migrations_show_currently_running_migration": "Running migration {number} {name}...", - "migrations_show_last_migration": "Last ran migration is {}", - "migrations_skip_migration": "Skipping migration {number} {name}...", - "monitor_disabled": "The server monitoring has been disabled", - "monitor_enabled": "The server monitoring has been enabled", - "monitor_glances_con_failed": "Unable to connect to Glances server", - "monitor_not_enabled": "Server monitoring is not enabled", - "monitor_period_invalid": "Invalid time period", - "monitor_stats_file_not_found": "Statistics file not found", - "monitor_stats_no_update": "No monitoring statistics to update", - "monitor_stats_period_unavailable": "No available statistics for the period", - "mountpoint_unknown": "Unknown mountpoint", - "mysql_db_creation_failed": "MySQL database creation failed", - "mysql_db_init_failed": "MySQL database init failed", - "mysql_db_initialized": "The MySQL database has been initialized", - "network_check_mx_ko": "DNS MX record is not set", - "network_check_smtp_ko": "Outbound mail (SMTP port 25) seems to be blocked by your network", - "network_check_smtp_ok": "Outbound mail (SMTP port 25) is not blocked", - "new_domain_required": "You must provide the new main domain", - "no_appslist_found": "No app list found", - "no_internet_connection": "Server is not connected to the Internet", - "no_ipv6_connectivity": "IPv6 connectivity is not available", - "no_restore_script": "No restore script found for the app '{app:s}'", - "not_enough_disk_space": "Not enough free disk space on '{path:s}'", - "package_not_installed": "Package '{pkgname}' is not installed", - "package_unexpected_error": "An unexpected error occurred processing the package '{pkgname}'", - "package_unknown": "Unknown package '{pkgname}'", - "packages_no_upgrade": "There is no package to upgrade", - "packages_upgrade_critical_later": "Critical packages ({packages:s}) will be upgraded later", - "packages_upgrade_failed": "Unable to upgrade all of the packages", - "path_removal_failed": "Unable to remove path {:s}", - "pattern_backup_archive_name": "Must be a valid filename with max 30 characters, and alphanumeric and -_. characters only", - "pattern_domain": "Must be a valid domain name (e.g. my-domain.org)", - "pattern_email": "Must be a valid email address (e.g. someone@domain.org)", - "pattern_firstname": "Must be a valid first name", - "pattern_lastname": "Must be a valid last name", - "pattern_listname": "Must be alphanumeric and underscore characters only", - "pattern_mailbox_quota": "Must be a size with b/k/M/G/T suffix or 0 to disable the quota", - "pattern_password": "Must be at least 3 characters long", - "pattern_port": "Must be a valid port number (i.e. 0-65535)", - "pattern_port_or_range": "Must be a valid port number (i.e. 0-65535) or range of ports (e.g. 100:200)", - "pattern_positive_number": "Must be a positive number", - "pattern_username": "Must be lower-case alphanumeric and underscore characters only", - "port_already_closed": "Port {port:d} is already closed for {ip_version:s} connections", - "port_already_opened": "Port {port:d} is already opened for {ip_version:s} connections", - "port_available": "Port {port:d} is available", - "port_unavailable": "Port {port:d} is not available", - "restore_action_required": "You must specify something to restore", - "restore_already_installed_app": "An app is already installed with the id '{app:s}'", - "restore_app_failed": "Unable to restore the app '{app:s}'", - "restore_cleaning_failed": "Unable to clean-up the temporary restoration directory", - "restore_complete": "Restore complete", - "restore_confirm_yunohost_installed": "Do you really want to restore an already installed system? [{answers:s}]", - "restore_extracting": "Extracting needed files from the archive...", - "restore_failed": "Unable to restore the system", - "restore_hook_unavailable": "Restoration script for '{part:s}' not available on your system and not in the archive either", - "restore_may_be_not_enough_disk_space": "Your system seems not to have enough disk space (freespace: {free_space:d} B, needed space: {needed_space:d} B, security margin: {margin:d} B)", - "restore_mounting_archive": "Mounting archive into '{path:s}'", - "restore_not_enough_disk_space": "Not enough disk space (freespace: {free_space:d} B, needed space: {needed_space:d} B, security margin: {margin:d} B)", - "restore_nothings_done": "Nothing has been restored", - "restore_removing_tmp_dir_failed": "Unable to remove an old temporary directory", - "restore_running_app_script": "Running restore script of app '{app:s}'...", - "restore_running_hooks": "Running restoration hooks...", - "restore_system_part_failed": "Unable to restore the '{part:s}' system part", - "server_shutdown": "The server will shutdown", - "server_shutdown_confirm": "The server will shutdown immediatly, are you sure? [{answers:s}]", - "server_reboot": "The server will reboot", - "server_reboot_confirm": "The server will reboot immediatly, are you sure? [{answers:s}]", - "service_add_failed": "Unable to add service '{service:s}'", - "service_added": "The service '{service:s}' has been added", - "service_already_started": "Service '{service:s}' has already been started", - "service_already_stopped": "Service '{service:s}' has already been stopped", - "service_cmd_exec_failed": "Unable to execute command '{command:s}'", - "service_conf_file_backed_up": "The configuration file '{conf}' has been backed up to '{backup}'", - "service_conf_file_copy_failed": "Unable to copy the new configuration file '{new}' to '{conf}'", - "service_conf_file_kept_back": "The configuration file '{conf}' is expected to be deleted by service {service} but has been kept back.", - "service_conf_file_manually_modified": "The configuration file '{conf}' has been manually modified and will not be updated", - "service_conf_file_manually_removed": "The configuration file '{conf}' has been manually removed and will not be created", - "service_conf_file_remove_failed": "Unable to remove the configuration file '{conf}'", - "service_conf_file_removed": "The configuration file '{conf}' has been removed", - "service_conf_file_updated": "The configuration file '{conf}' has been updated", - "service_conf_new_managed_file": "The configuration file '{conf}' is now managed by the service {service}.", - "service_conf_up_to_date": "The configuration is already up-to-date for service '{service}'", - "service_conf_updated": "The configuration has been updated for service '{service}'", - "service_conf_would_be_updated": "The configuration would have been updated for service '{service}'", - "service_disable_failed": "Unable to disable service '{service:s}'", - "service_disabled": "The service '{service:s}' has been disabled", - "service_enable_failed": "Unable to enable service '{service:s}'", - "service_enabled": "The service '{service:s}' has been enabled", - "service_no_log": "No log to display for service '{service:s}'", - "service_regenconf_dry_pending_applying": "Checking pending configuration which would have been applied for service '{service}'...", - "service_regenconf_failed": "Unable to regenerate the configuration for service(s): {services}", - "service_regenconf_pending_applying": "Applying pending configuration for service '{service}'...", - "service_remove_failed": "Unable to remove service '{service:s}'", - "service_removed": "The service '{service:s}' has been removed", - "service_start_failed": "Unable to start service '{service:s}'", - "service_started": "The service '{service:s}' has been started", - "service_status_failed": "Unable to determine status of service '{service:s}'", - "service_stop_failed": "Unable to stop service '{service:s}'", - "service_stopped": "The service '{service:s}' has been stopped", - "service_unknown": "Unknown service '{service:s}'", - "ssowat_conf_generated": "The SSOwat configuration has been generated", - "ssowat_conf_updated": "The SSOwat configuration has been updated", - "ssowat_persistent_conf_read_error": "Error while reading SSOwat persistent configuration: {error:s}. Edit /etc/ssowat/conf.json.persistent file to fix the JSON syntax", - "ssowat_persistent_conf_write_error": "Error while saving SSOwat persistent configuration: {error:s}. Edit /etc/ssowat/conf.json.persistent file to fix the JSON syntax", - "system_upgraded": "The system has been upgraded", - "system_username_exists": "Username already exists in the system users", - "unbackup_app": "App '{app:s}' will not be saved", - "unexpected_error": "An unexpected error occured", - "unit_unknown": "Unknown unit '{unit:s}'", - "unlimit": "No quota", - "unrestore_app": "App '{app:s}' will not be restored", - "update_cache_failed": "Unable to update APT cache", - "updating_apt_cache": "Updating the list of available packages...", - "upgrade_complete": "Upgrade complete", - "upgrading_packages": "Upgrading packages...", - "upnp_dev_not_found": "No UPnP device found", - "upnp_disabled": "UPnP has been disabled", - "upnp_enabled": "UPnP has been enabled", - "upnp_port_open_failed": "Unable to open UPnP ports", - "user_created": "The user has been created", - "user_creation_failed": "Unable to create user", - "user_deleted": "The user has been deleted", - "user_deletion_failed": "Unable to delete user", - "user_home_creation_failed": "Unable to create user home folder", - "user_info_failed": "Unable to retrieve user information", - "user_unknown": "Unknown user: {user:s}", - "user_update_failed": "Unable to update user", - "user_updated": "The user has been updated", - "yunohost_already_installed": "YunoHost is already installed", - "yunohost_ca_creation_failed": "Unable to create certificate authority", - "yunohost_ca_creation_success": "The local certification authority has been created.", - "yunohost_configured": "YunoHost has been configured", - "yunohost_installing": "Installing YunoHost...", - "yunohost_not_installed": "YunoHost is not or not correctly installed. Please execute 'yunohost tools postinstall'" } From c824f403a421e63ede69922c4bb931dad599c1fa Mon Sep 17 00:00:00 2001 From: frju365 Date: Fri, 9 Feb 2018 16:10:31 +0100 Subject: [PATCH 36/42] [Fix] Referrer, CSP bad conf. cf. Another pr. --- data/templates/nginx/server.tpl.conf | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/data/templates/nginx/server.tpl.conf b/data/templates/nginx/server.tpl.conf index 11f503c98..20301b2c1 100644 --- a/data/templates/nginx/server.tpl.conf +++ b/data/templates/nginx/server.tpl.conf @@ -43,8 +43,7 @@ server { #ssl_dhparam /etc/ssl/private/dh2048.pem; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; - add_header 'Referrer-Policy' 'same-origin'; - add_header Content-Security-Policy "upgrade-insecure-requests; object-src 'none'; script-src https: 'unsafe-eval';report-uri /csp-violation-report-endpoint/"; + add_header Content-Security-Policy "upgrade-insecure-requests; object-src 'none'; script-src https: 'unsafe-eval';"; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Download-Options noopen; From 4f616fe8c7a0d2de9f40b80b541a6cbd2b11eea2 Mon Sep 17 00:00:00 2001 From: frju365 Date: Fri, 9 Feb 2018 16:11:41 +0100 Subject: [PATCH 37/42] [Fix] CSP cf. another PR. --- data/templates/nginx/plain/yunohost_admin.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/templates/nginx/plain/yunohost_admin.conf b/data/templates/nginx/plain/yunohost_admin.conf index eedbd61b3..51424f289 100644 --- a/data/templates/nginx/plain/yunohost_admin.conf +++ b/data/templates/nginx/plain/yunohost_admin.conf @@ -39,7 +39,7 @@ server { add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; add_header 'Referrer-Policy' 'same-origin'; - add_header Content-Security-Policy "upgrade-insecure-requests; object-src 'none'; script-src https: 'unsafe-eval';report-uri /csp-violation-report-endpoint/"; + add_header Content-Security-Policy "upgrade-insecure-requests; object-src 'none'; script-src https: 'unsafe-eval'"; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Download-Options noopen; From 03273e3b946a74972185ad429fd9fe7ea49da474 Mon Sep 17 00:00:00 2001 From: frju365 Date: Fri, 9 Feb 2018 16:20:29 +0100 Subject: [PATCH 38/42] [fix] typo --- data/templates/nginx/server.tpl.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/data/templates/nginx/server.tpl.conf b/data/templates/nginx/server.tpl.conf index 20301b2c1..d5356fd6a 100644 --- a/data/templates/nginx/server.tpl.conf +++ b/data/templates/nginx/server.tpl.conf @@ -43,7 +43,7 @@ server { #ssl_dhparam /etc/ssl/private/dh2048.pem; add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; - add_header Content-Security-Policy "upgrade-insecure-requests; object-src 'none'; script-src https: 'unsafe-eval';"; + add_header Content-Security-Policy "upgrade-insecure-requests; object-src 'none'; script-src https: 'unsafe-eval'"; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; add_header X-Download-Options noopen; From 4276a187a05c01378cd4574f7a09bcff30a9f00f Mon Sep 17 00:00:00 2001 From: frju365 Date: Fri, 9 Feb 2018 16:24:16 +0100 Subject: [PATCH 39/42] [enh] Comment with the URL of the Mozilla Directives --- data/templates/nginx/server.tpl.conf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/data/templates/nginx/server.tpl.conf b/data/templates/nginx/server.tpl.conf index d5356fd6a..ac2ff8486 100644 --- a/data/templates/nginx/server.tpl.conf +++ b/data/templates/nginx/server.tpl.conf @@ -42,6 +42,9 @@ server { # > openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 #ssl_dhparam /etc/ssl/private/dh2048.pem; + # Follows the Web Security Directives from the Mozilla Dev Lab and the Mozilla Obervatory + Partners + # https://wiki.mozilla.org/Security/Guidelines/Web_Security + # https://observatory.mozilla.org/ add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; add_header Content-Security-Policy "upgrade-insecure-requests; object-src 'none'; script-src https: 'unsafe-eval'"; add_header X-Content-Type-Options nosniff; From 6ab29260cf7669da78aa25fa088735b7f5f69846 Mon Sep 17 00:00:00 2001 From: frju365 Date: Fri, 9 Feb 2018 16:25:09 +0100 Subject: [PATCH 40/42] [enh] Mozilla directives. --- data/templates/nginx/plain/yunohost_admin.conf | 3 +++ 1 file changed, 3 insertions(+) diff --git a/data/templates/nginx/plain/yunohost_admin.conf b/data/templates/nginx/plain/yunohost_admin.conf index 51424f289..156d61bd6 100644 --- a/data/templates/nginx/plain/yunohost_admin.conf +++ b/data/templates/nginx/plain/yunohost_admin.conf @@ -37,6 +37,9 @@ server { # > openssl dhparam -out /etc/ssl/private/dh2048.pem -outform PEM -2 2048 #ssl_dhparam /etc/ssl/private/dh2048.pem; + # Follows the Web Security Directives from the Mozilla Dev Lab and the Mozilla Obervatory + Partners + # https://wiki.mozilla.org/Security/Guidelines/Web_Security + # https://observatory.mozilla.org/ add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"; add_header 'Referrer-Policy' 'same-origin'; add_header Content-Security-Policy "upgrade-insecure-requests; object-src 'none'; script-src https: 'unsafe-eval'"; From f70949b35019f51be47bd4a7e3a9b106bc2ee3fe Mon Sep 17 00:00:00 2001 From: Laurent Peuch Date: Sun, 11 Feb 2018 05:39:31 +0100 Subject: [PATCH 41/42] [fix] handle uncatched exception --- src/yunohost/tools.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/yunohost/tools.py b/src/yunohost/tools.py index 381cd07e0..f98d48fc5 100644 --- a/src/yunohost/tools.py +++ b/src/yunohost/tools.py @@ -33,8 +33,9 @@ import logging import subprocess import pwd import socket -from collections import OrderedDict +from xmlrpclib import Fault from importlib import import_module +from collections import OrderedDict import apt import apt.progress @@ -569,7 +570,7 @@ def tools_diagnosis(auth, private=False): diagnosis['system'] = OrderedDict() try: disks = monitor_disk(units=['filesystem'], human_readable=True) - except MoulinetteError as e: + except (MoulinetteError, Fault) as e: logger.warning(m18n.n('diagnosis_monitor_disk_error', error=format(e)), exc_info=1) else: diagnosis['system']['disks'] = {} From 88d7a31bda1780b9cc81ff073092fc41629d58b3 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sun, 11 Feb 2018 22:23:40 +0100 Subject: [PATCH 42/42] [fix] Microdecision : add mailutils as a dependency --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index dcdd0dd9a..c15c5eec5 100644 --- a/debian/control +++ b/debian/control @@ -18,7 +18,7 @@ Depends: ${python:Depends}, ${misc:Depends} , ca-certificates, netcat-openbsd, iproute , mariadb-server | mysql-server, php5-mysql | php5-mysqlnd , slapd, ldap-utils, sudo-ldap, libnss-ldapd, nscd - , postfix-ldap, postfix-policyd-spf-perl, postfix-pcre, procmail + , postfix-ldap, postfix-policyd-spf-perl, postfix-pcre, procmail, mailutils , dovecot-ldap, dovecot-lmtpd, dovecot-managesieved , dovecot-antispam, fail2ban , nginx-extras (>=1.6.2), php5-fpm, php5-ldap, php5-intl