Merge branch 'stretch-unstable' of https://github.com/YunoHost/yunohost into stretch-unstable

data/helpers.d/apt

@@ -10,6 +10,7 @@
 # Requires YunoHost version 3.3.1 or higher.
 ynh_wait_dpkg_free() {
     local try
+    set +o xtrace # set +x
     # With seq 1 17, timeout will be almost 30 minutes
     for try in `seq 1 17`
     do
@@ -32,13 +33,16 @@ ynh_wait_dpkg_free() {
                 then
                     # If so, that a remaining of dpkg.
                     ynh_print_err "E: dpkg was interrupted, you must manually run 'sudo dpkg --configure -a' to correct the problem."
+                    set -o xtrace # set -x
                     return 1
                 fi
             done 9<<< "$(ls -1 $dpkg_dir)"
+            set -o xtrace # set -x
             return 0
         fi
     done
     echo "apt still used, but timeout reached !"
+    set -o xtrace # set -x
 }
 
 # Check either a package is installed or not
@@ -189,17 +193,37 @@ ynh_package_install_from_equivs () {
     LC_ALL=C equivs-build ./control 1> /dev/null
     dpkg --force-depends --install "./${pkgname}_${pkgversion}_all.deb" 2>&1)
 
-    ynh_package_install --fix-broken || \
+    # Let's try to see if install will work using dry-run. It it fails,
+    # it could be because the pinning of sury is blocking some package install
+    # c.f. for example: https://github.com/YunoHost/issues/issues/1563#issuecomment-623406509
+    # ... In that case, we use an ugly hack were we'll use a tweaked
+    # preferences.d directory with looser contrains for sury...
+    if ! ynh_package_install --fix-broken --dry-run >/dev/null 2>&1 && [ -e /etc/apt/preferences.d/extra_php_version ]
+    then
+        cp -r /etc/apt/preferences.d/ /etc/apt/preferences.d.tmp/
+        sed 's/^Pin-Priority: .*/Pin-Priority: 600/g' -i /etc/apt/preferences.d.tmp/extra_php_version
+        local apt_tweaks='--option Dir::Etc::preferencesparts=preferences.d.tmp'
+        # Try a dry-run again to see if that fixes the issue ...
+        # If it did not, then that's probably not related to sury.
+        ynh_package_install $apt_tweaks --fix-broken --dry-run >/dev/null 2>&1 || apt_tweaks=""
+    else
+        local apt_tweaks=""
+    fi
+
+    # Try to install for real
+    ynh_package_install $apt_tweaks --fix-broken || \
         { # If the installation failed 
         # (the following is ran inside { } to not start a subshell otherwise ynh_die wouldnt exit the original process)
+        rm --recursive --force /etc/apt/preferences.d.tmp/
         # Get the list of dependencies from the deb
         local dependencies="$(dpkg --info "$TMPDIR/${pkgname}_${pkgversion}_all.deb" | grep Depends | \
             sed 's/^ Depends: //' | sed 's/,//g')"
         # Fake an install of those dependencies to see the errors
         # The sed command here is, Print only from '--fix-broken' to the end.
-        ynh_package_install $dependencies --dry-run | sed --quiet '/--fix-broken/,$p' >&2
+        ynh_package_install $apt_tweaks $dependencies --dry-run | sed --quiet '/--fix-broken/,$p' >&2
         ynh_die --message="Unable to install dependencies"; }
     [[ -n "$TMPDIR" ]] && rm --recursive --force $TMPDIR	# Remove the temp dir.
+    rm --recursive --force /etc/apt/preferences.d.tmp/
 
     # check if the package is actually installed
     ynh_package_is_installed "$pkgname"
@@ -329,8 +353,6 @@ ynh_remove_app_dependencies () {
     ynh_package_autopurge ${dep_app}-ynh-deps	# Remove the fake package and its dependencies if they not still used.
 }
 
-#=================================================
-
 # Install packages from an extra repository properly.
 #
 # usage: ynh_install_extra_app_dependencies --repo="repo" --package="dep1 dep2" [--key=key_url] [--name=name]

data/helpers.d/fail2ban

@@ -134,7 +134,7 @@ EOF
 
     ynh_systemd_action --service_name=fail2ban --action=reload --line_match="(Started|Reloaded) Fail2Ban Service" --log_path=systemd
 
-    local fail2ban_error="$(journalctl --unit=fail2ban | tail --lines=50 | grep "WARNING.*$app.*")"
+    local fail2ban_error="$(journalctl --no-hostname --unit=fail2ban | tail --lines=50 | grep "WARNING.*$app.*")"
     if [[ -n "$fail2ban_error" ]]
     then
         ynh_print_err --message="Fail2ban failed to load the jail for $app"

data/helpers.d/logging

@@ -80,7 +80,7 @@ ynh_print_warn () {
     # Manage arguments with getopts
     ynh_handle_getopts_args "$@"
 
-    ynh_print_log "\e[93m\e[1m[WARN]\e[0m ${message}" >&2
+    ynh_print_log "${message}" >&2
 }
 
 # Print an error on stderr
@@ -97,7 +97,7 @@ ynh_print_err () {
     # Manage arguments with getopts
     ynh_handle_getopts_args "$@"
 
-    ynh_print_log "\e[91m\e[1m[ERR]\e[0m ${message}" >&2
+    ynh_print_log "[Error] ${message}" >&2
 }
 
 # Execute a command and print the result as an error
@@ -332,7 +332,7 @@ ynh_debug () {
 
     if [ -n "$message" ]
     then
-        ynh_print_log "\e[34m\e[1m[DEBUG]\e[0m ${message}" >&2
+        ynh_print_log "[Debug] ${message}" >&2
     fi
 
     if [ "$trace" == "1" ]

data/helpers.d/php

@@ -297,7 +297,10 @@ ynh_remove_fpm_config () {
     fi
 
     ynh_secure_remove --file="$fpm_config_dir/pool.d/$app.conf"
-    ynh_exec_warn_less ynh_secure_remove --file="$fpm_config_dir/conf.d/20-$app.ini"
+    if [ -e $fpm_config_dir/conf.d/20-$app.ini ]
+    then
+        ynh_secure_remove --file="$fpm_config_dir/conf.d/20-$app.ini"
+    fi
 
     # If the php version used is not the default version for YunoHost
     if [ "$phpversion" != "$YNH_DEFAULT_PHP_VERSION" ]

data/helpers.d/postgresql

@@ -1,6 +1,7 @@
 #!/bin/bash
 
 PSQL_ROOT_PWD_FILE=/etc/yunohost/psql
+PSQL_VERSION=9.6
 
 # Open a connection as a user
 #
@@ -228,12 +229,14 @@ ynh_psql_setup_db() {
     # Manage arguments with getopts
     ynh_handle_getopts_args "$@"
 
-    local new_db_pwd=$(ynh_string_random) # Generate a random password
-    # If $db_pwd is not given, use new_db_pwd instead for db_pwd
-    db_pwd="${db_pwd:-$new_db_pwd}"
-
     if ! ynh_psql_user_exists --user=$db_user; then
+        local new_db_pwd=$(ynh_string_random) # Generate a random password
+        # If $db_pwd is not given, use new_db_pwd instead for db_pwd
+        db_pwd="${db_pwd:-$new_db_pwd}"
+        
         ynh_psql_create_user "$db_user" "$db_pwd"
+    elif [ -z $db_pwd ]; then
+        ynh_die --message="The user $db_user exists, please provide his password"
     fi
 
     ynh_psql_create_db "$db_name" "$db_user"                     # Create the database
@@ -273,6 +276,7 @@ ynh_psql_remove_db() {
 }
 
 # Create a master password and set up global settings
+# It also make sure that postgresql is installed and running
 # Please always call this script in install and restore scripts
 #
 # usage: ynh_psql_test_if_first_run
@@ -280,45 +284,38 @@ ynh_psql_remove_db() {
 # Requires YunoHost version 2.7.13 or higher.
 ynh_psql_test_if_first_run() {
 
-    if [ -f "$PSQL_ROOT_PWD_FILE" ]
+    # Make sure postgresql is indeed installed
+    dpkg --list | grep -q "ii  postgresql-$PSQL_VERSION" || ynh_die "postgresql-$PSQL_VERSION is not installed !?"
+
+    # Check for some weird issue where postgresql could be installed but etc folder would not exist ...
+    [ -e "/etc/postgresql/$PSQL_VERSION" ] || ynh_die "It looks like postgresql was not properly configured ? /etc/postgresql/$PSQL_VERSION is missing ... Could be due to a locale issue, c.f.https://serverfault.com/questions/426989/postgresql-etc-postgresql-doesnt-exist"
+
+    # Make sure postgresql is started and enabled
+    # (N.B. : to check the active state, we check the cluster state because
+    # postgresql could be flagged as active even though the cluster is in
+    # failed state because of how the service is configured..)
+    systemctl is-active postgresql@$PSQL_VERSION-main -q || ynh_systemd_action --service_name=postgresql --action=restart
+    systemctl is-enabled postgresql -q || systemctl enable postgresql
+
+    # If this is the very first time, we define the root password
+    # and configure a few things
+    if [ ! -f "$PSQL_ROOT_PWD_FILE" ]
     then
-        ynh_print_info --message="PostgreSQL is already installed, no need to create master password"
-        return
+        local pg_hba=/etc/postgresql/$PSQL_VERSION/main/pg_hba.conf
+
+        local psql_root_password="$(ynh_string_random)"
+        echo "$psql_root_password" >$PSQL_ROOT_PWD_FILE
+        sudo --login --user=postgres psql -c"ALTER user postgres WITH PASSWORD '$psql_root_password'" postgres
+
+        # force all user to connect to local databases using hashed passwords
+        # https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html#EXAMPLE-PG-HBA.CONF
+        # Note: we can't use peer since YunoHost create users with nologin
+        #  See: https://github.com/YunoHost/yunohost/blob/unstable/data/helpers.d/user
+        ynh_replace_string --match_string="local\(\s*\)all\(\s*\)all\(\s*\)peer" --replace_string="local\1all\2all\3md5" --target_file="$pg_hba"
+
+        # Integrate postgresql service in yunohost
+        yunohost service add postgresql --log "/var/log/postgresql/"
+
+        ynh_systemd_action --service_name=postgresql --action=reload
     fi
-
-    local psql_root_password="$(ynh_string_random)"
-    echo "$psql_root_password" >$PSQL_ROOT_PWD_FILE
-
-    if [ -e /etc/postgresql/9.4/ ]
-    then
-        local pg_hba=/etc/postgresql/9.4/main/pg_hba.conf
-        local logfile=/var/log/postgresql/postgresql-9.4-main.log
-    elif [ -e /etc/postgresql/9.6/ ]
-    then
-        local pg_hba=/etc/postgresql/9.6/main/pg_hba.conf
-        local logfile=/var/log/postgresql/postgresql-9.6-main.log
-    else
-        if dpkg --list | grep -q "ii  postgresql-9."
-        then
-            ynh_die "It looks like postgresql was not properly configured ? /etc/postgresql/9.* is missing ... Could be due to a locale issue, c.f.https://serverfault.com/questions/426989/postgresql-etc-postgresql-doesnt-exist"
-        else
-            ynh_die "postgresql shoud be 9.4 or 9.6"
-        fi
-    fi
-
-    ynh_systemd_action --service_name=postgresql --action=start
-
-    sudo --login --user=postgres psql -c"ALTER user postgres WITH PASSWORD '$psql_root_password'" postgres
-
-    # force all user to connect to local databases using hashed passwords
-    # https://www.postgresql.org/docs/current/static/auth-pg-hba-conf.html#EXAMPLE-PG-HBA.CONF
-    # Note: we can't use peer since YunoHost create users with nologin
-    #  See: https://github.com/YunoHost/yunohost/blob/unstable/data/helpers.d/user
-    ynh_replace_string --match_string="local\(\s*\)all\(\s*\)all\(\s*\)peer" --replace_string="local\1all\2all\3md5" --target_file="$pg_hba"
-
-    # Advertise service in admin panel
-    yunohost service add postgresql --log "$logfile"
-
-    systemctl enable postgresql
-    ynh_systemd_action --service_name=postgresql --action=reload
 }

data/helpers.d/systemd

@@ -145,7 +145,7 @@ ynh_systemd_action() {
     if ! systemctl $action $service_name
     then
         # Show syslog for this service
-        ynh_exec_err journalctl --no-pager --lines=$length --unit=$service_name
+        ynh_exec_err journalctl --quiet --no-hostname --no-pager --lines=$length --unit=$service_name
         # If a log is specified for this service, show also the content of this log
         if [ -e "$log_path" ]
         then
@@ -183,7 +183,7 @@ ynh_systemd_action() {
         then
             ynh_print_warn --message="The service $service_name didn't fully executed the action ${action} before the timeout."
             ynh_print_warn --message="Please find here an extract of the end of the log of the service $service_name:"
-            ynh_exec_warn journalctl --no-pager --lines=$length --unit=$service_name
+            ynh_exec_warn journalctl --quiet --no-hostname --no-pager --lines=$length --unit=$service_name
             if [ -e "$log_path" ]
             then
                 ynh_print_warn --message="\-\-\-"

data/hooks/diagnosis/10-ip.py

@@ -108,7 +108,7 @@ class IPDiagnoser(Diagnoser):
             return False
 
         # If we are indeed connected in ipv4 or ipv6, we should find a default route
-        routes = check_output("ip -%s route" % protocol).split("\n")
+        routes = check_output("ip -%s route show table all" % protocol).split("\n")
 
         def is_default_route(r):
             # Typically the default route starts with "default"

data/hooks/diagnosis/14-ports.py

@@ -87,7 +87,7 @@ class PortsDiagnoser(Diagnoser):
                 # If any AAAA record is set, IPv6 is important...
                 def ipv6_is_important():
                     dnsrecords = Diagnoser.get_cached_report("dnsrecords") or {}
-                    return any(record["data"]["AAAA:@"] in ["OK", "WRONG"] for record in dnsrecords.get("items", []))
+                    return any(record["data"].get("AAAA:@") in ["OK", "WRONG"] for record in dnsrecords.get("items", []))
 
                 if failed == 4 or ipv6_is_important():
                     yield dict(meta={"port": port},

debian/changelog

@@ -1,3 +1,30 @@
+yunohost (3.8.4.3) stable; urgency=low
+
+  - [fix] Workaround for the sury pinning issues when installing dependencies
+  - [i18n] Translations updated for Catalan, French, Occitan
+
+  Thanks to all contributors <3 ! (Aleks, clecle226, Kay0u, ppr, Quenti)
+
+ -- Kay0u <pierre@kayou.io>  Wed, 20 May 2020 18:41:49 +0000
+
+yunohost (3.8.4.2) testing; urgency=low
+
+  - [enh] During failed upgrades: Only mention packages that couldn't be upgraded (26fcfed7)
+  - [enh] Also run dpkg --audit to check if dpkg is in a broken state (09d8500f, 97199d19)
+  - [enh] Improve logs readability (c6f18496, 9cbd368d, 5850bf61, 413778d2, 5c8c07b8, f73c34bf, 94ea8265)
+  - [enh] Crash early about apps already installed when attempting to restore (f9e4c96c)
+  - [fix] Add the damn short hostname to /etc/hosts automagically (c.f. rabbitmq-server) (e67dc791)
+  - [fix] Don't miserably crash if doveadm fails to run (c9b22138)
+  - [fix] Diagnosis: Try to not have weird warnings if no diagnosis ran yet... (65c87d55)
+  - [fix] Diagnosis: Change logic of --email to avoid sending empty mail if some issues are found but ignored (4cd4938e)
+  - [enh] Diagnosis/services: Report the service status as warning/unknown if service type is oneshot and status exited (dd09758f, 1cd7ffea)
+  - [fix] Rework ynh_psql_test_if_first_run ([#993](https://github.com/yunohost/yunohost/pull/993))
+  - [tests] Tests for args parsing ([#989](https://github.com/yunohost/yunohost/pull/989), 108a3ca4)
+
+  Thanks to all contributors <3 ! (Bram, Kayou)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Tue, 19 May 2020 20:08:47 +0200
+
 yunohost (3.8.4.1) testing; urgency=low
 
   - [mod] Tweak diagnosis threshold for swap warning (429df8c4)

doc/helper_doc_template.html

@@ -2,6 +2,8 @@
 
 <h1>App helpers</h1>
 
+<p>Doc auto-generated by <a href="https://github.com/YunoHost/yunohost/blob/stretch-unstable/doc/generate_helper_doc.py">this script</a> on {{data.date}} (Yunohost version {{data.version}})</p>
+
 {% for category, helpers in data.helpers %}
 
 <h3 style="text-transform: uppercase; font-weight: bold">{{ category }}</h3>
@@ -70,7 +72,7 @@
     </p>
     {% endif %}
     <p>
-        <a href="https://github.com/YunoHost/yunohost/blob/stretch-unstable/data/helpers.d/{{ category }}#L{{ h.line + 1 }}">Dude, show me the code !</a>
+        <a href="https://github.com/YunoHost/yunohost/blob/stretch-stable/data/helpers.d/{{ category }}#L{{ h.line + 1 }}">Dude, show me the code !</a>
     </p>
 
   </div>
@@ -81,9 +83,6 @@
 {% endfor %}
 {% endfor %}
 
-<p>Generated by <a href="https://github.com/YunoHost/yunohost/blob/stretch-unstable/doc/generate_helper_doc.py">this script</a> on {{data.date}} (Yunohost version {{data.version}})</p>
-
-
 <style>
 /*=================================================
  Helper card

locales/ca.json

@@ -100,7 +100,7 @@
     "backup_unable_to_organize_files": "No s'ha pogut utilitzar el mètode ràpid per organitzar els fitxers dins de l'arxiu",
     "backup_with_no_backup_script_for_app": "L'aplicació «{app:s}» no té un script de còpia de seguretat. Serà ignorat.",
     "backup_with_no_restore_script_for_app": "L'aplicació «{app:s}» no té un script de restauració, no podreu restaurar automàticament la còpia de seguretat d'aquesta aplicació.",
-    "certmanager_acme_not_configured_for_domain": "El certificat pel domini «{domain:s}» sembla que no està instal·lat correctament. Si us plau executeu primer «cert-install» per aquest domini.",
+    "certmanager_acme_not_configured_for_domain": "No s'ha pogut executar el ACME challenge pel domini {domain} en aquests moments ja que a la seva configuració de nginx li manca el codi corresponent… Assegureu-vos que la configuració nginx està actualitzada utilitzant «yunohost tools regen-conf nginx --dry-run --with-diff».",
     "certmanager_attempt_to_renew_nonLE_cert": "El certificat pel domini «{domain:s}» no ha estat emès per Let's Encrypt. No es pot renovar automàticament!",
     "certmanager_attempt_to_renew_valid_cert": "El certificat pel domini «{domain:s}» està a punt de caducar! (Utilitzeu --force si sabeu el que esteu fent)",
     "certmanager_attempt_to_replace_valid_cert": "Esteu intentant sobreescriure un certificat correcte i vàlid pel domini {domain:s}! (Utilitzeu --force per ometre)",
@@ -113,8 +113,8 @@
     "certmanager_conflicting_nginx_file": "No s'ha pogut preparar el domini per al desafiament ACME: l'arxiu de configuració NGINX {filepath:s} entra en conflicte i s'ha d'eliminar primer",
     "certmanager_couldnt_fetch_intermediate_cert": "S'ha exhaurit el temps d'esperar al intentar recollir el certificat intermedi des de Let's Encrypt. La instal·lació/renovació del certificat s'ha cancel·lat - torneu a intentar-ho més tard.",
     "certmanager_domain_cert_not_selfsigned": "El certificat pel domini {domain:s} no és auto-signat Esteu segur de voler canviar-lo? (Utilitzeu «--force» per fer-ho)",
-    "certmanager_domain_dns_ip_differs_from_public_ip": "El registre DNS \"A\" pel domini «{domain:s}» és diferent a l'adreça IP d'aquest servidor. Si heu modificat recentment el registre A, si us plau espereu a que es propagui (hi ha eines per verificar la propagació disponibles a internet). (Si sabeu el que esteu fent, podeu utilitzar «--no-checks» per desactivar aquestes comprovacions.)",
-    "certmanager_domain_http_not_working": "Sembla que el domini {domain:s} no és accessible via HTTP. Verifiqueu que les configuracions DNS i NGINX siguin correctes",
+    "certmanager_domain_dns_ip_differs_from_public_ip": "Els registres DNS pel domini «{domain:s}» són diferents a l'adreça IP d'aquest servidor. Mireu la categoria «registres DNS» (bàsic) al diagnòstic per a més informació. Si heu modificat recentment el registre A, si us plau espereu a que es propagui (hi ha eines per verificar la propagació disponibles a internet). (Si sabeu el que esteu fent, podeu utilitzar «--no-checks» per desactivar aquestes comprovacions.)",
+    "certmanager_domain_http_not_working": "El domini {domain:s} sembla que no és accessible via HTTP. Verifiqueu la categoria «Web» en el diagnòstic per a més informació. (Si sabeu el que esteu fent, utilitzeu «--no-checks» per deshabilitar les comprovacions.)",
     "certmanager_domain_unknown": "Domini desconegut «{domain:s}»",
     "certmanager_error_no_A_record": "No s'ha trobat cap registre DNS «A» per «{domain:s}». Heu de fer que el vostre nom de domini apunti cap a la vostra màquina per tal de poder instal·lar un certificat Let's Encrypt. (Si sabeu el que esteu fent, podeu utilitzar «--no-checks» per desactivar aquestes comprovacions.)",
     "certmanager_hit_rate_limit": "S'han emès massa certificats recentment per aquest mateix conjunt de dominis {domain:s}. Si us plau torneu-ho a intentar més tard. Consulteu https://letsencrypt.org/docs/rate-limits/ per obtenir més detalls",
@@ -140,7 +140,7 @@
     "domain_dyndns_already_subscribed": "Ja us heu subscrit a un domini DynDNS",
     "domain_dyndns_root_unknown": "Domini DynDNS principal desconegut",
     "domain_hostname_failed": "No s'ha pogut establir un nou nom d'amfitrió. Això podria causar problemes més tard (podria no passar res).",
-    "domain_uninstall_app_first": "Hi ha una o més aplicacions instal·lades en aquest domini. Desinstal·leu les abans d'eliminar el domini",
+    "domain_uninstall_app_first": "Aquestes aplicacions encara estan instal·lades en el vostre domini: {apps}. Desinstal·leu les abans d'eliminar el domini",
     "domain_unknown": "Domini desconegut",
     "domains_available": "Dominis disponibles:",
     "done": "Fet",
@@ -634,9 +634,19 @@
     "diagnosis_ports_partially_unreachable": "El port {port} no és accessible des de l'exterior amb IPv{failed}.",
     "diagnosis_http_partially_unreachable": "El domini {domain} sembla que no és accessible utilitzant HTTP des de l'exterior de la xarxa local amb IPv{failed}, tot i que funciona amb IPv{passed}.",
     "diagnosis_mail_fcrdns_nok_details": "Hauríeu d'intentar configurar primer el DNS invers amb <code>{ehlo_domain}</code> en la interfície del router o en la interfície del vostre allotjador. (Alguns allotjadors requereixen que obris un informe de suport per això).",
-    "diagnosis_mail_fcrdns_nok_alternatives_4": "Alguns proveïdors no permeten configurar el DNS invers (o aquesta funció pot no funcionar…). Si teniu problemes a causa d'això, considereu les solucions següents:<br> - Alguns proveïdors d'accés a internet (ISP) donen l'alternativa de <a href='https://yunohost.org/#/smtp_relay'> utilitzar un relay de servidor de correu electrònic</a> tot i que implica que el relay podrà espiar el trànsit de correus electrònics.<br>- Una alternativa respectuosa amb la privacitat és utilitzar una VPN *amb una IP pública dedicada* per sobrepassar aquest tipus de limitacions. Mireu <a href='https://yunohost.org/#/vpn_advantage'>https://yunohost.org/#/vpn_advantage</a><br>- Finalment, també es pot <a href='https://yunohost.org/#/isp'>canviar de proveïdor</a>",
+    "diagnosis_mail_fcrdns_nok_alternatives_4": "Alguns proveïdors no permeten configurar el DNS invers (o aquesta funció pot no funcionar…). Si teniu problemes a causa d'això, considereu les solucions següents:<br> - Alguns proveïdors d'accés a internet (ISP) donen l'alternativa de <a href='https://yunohost.org/#/smtp_relay'> utilitzar un relay de servidor de correu electrònic</a> tot i que implica que el relay podrà espiar el trànsit de correus electrònics.<br>- Una alternativa respectuosa amb la privacitat és utilitzar una VPN *amb una IP pública dedicada* per sobrepassar aquest tipus de limitacions. Mireu <a href='https://yunohost.org/#/vpn_advantage'>https://yunohost.org/#/vpn_advantage</a><br>- O es pot <a href='https://yunohost.org/#/isp'>canviar a un proveïdor diferent</a>",
     "diagnosis_mail_fcrdns_nok_alternatives_6": "Alguns proveïdors no permeten configurar el vostre DNS invers (o la funció no els hi funciona…). Si el vostre DNS invers està correctament configurat per IPv4, podeu intentar deshabilitar l'ús de IPv6 per a enviar correus electrònics utilitzant <cmd>yunohost settings set smtp.allow_ipv6 -v off</cmd>. Nota: aquesta última solució implica que no podreu enviar o rebre correus electrònics cap a els pocs servidors que hi ha que només tenen IPv-6.",
     "diagnosis_http_hairpinning_issue_details": "Això és probablement a causa del router del vostre proveïdor d'accés a internet. El que fa, que gent de fora de la xarxa local pugui accedir al servidor sense problemes, però no la gent de dins la xarxa local (com vostè probablement) quan s'utilitza el nom de domini o la IP global. Podreu segurament millorar la situació fent una ullada a <a href='https://yunohost.org/dns_local_network'>https://yunohost.org/dns_local_network</a>",
     "backup_archive_cant_retrieve_info_json": "No s'ha pogut carregar la informació de l'arxiu «{archive}»… No s'ha pogut obtenir el fitxer info.json (o no és un fitxer json vàlid).",
-    "backup_archive_corrupted": "Sembla que l'arxiu de la còpia de seguretat «{archive}» està corromput : {error}"
+    "backup_archive_corrupted": "Sembla que l'arxiu de la còpia de seguretat «{archive}» està corromput : {error}",
+    "certmanager_domain_not_diagnosed_yet": "Encara no hi ha cap resultat de diagnòstic per al domini %s. Torneu a executar el diagnòstic per a les categories «Registres DNS» i «Web» en la secció de diagnòstic per comprovar que el domini està preparat per a Let's Encrypt. (O si sabeu el que esteu fent, utilitzant «--no-checks» per deshabilitar les comprovacions.)",
+    "diagnosis_ip_no_ipv6_tip": "Utilitzar una IPv6 no és obligatori per a que funcioni el servidor, però és millor per la salut d'Internet en conjunt. La IPv6 hauria d'estar configurada automàticament pel sistema o pel proveïdor si està disponible. Si no és el cas, pot ser necessari configurar alguns paràmetres més de forma manual tal i com s'explica en la documentació disponible aquí: <a href='https://yunohost.org/#/ipv6'>https://yunohost.org/#/ipv6</a>. Si no podeu habilitar IPv6 o us sembla massa tècnic, podeu ignorar aquest avís sense problemes.",
+    "diagnosis_domain_expiration_not_found": "No s'ha pogut comprovar la data d'expiració d'alguns dominis",
+    "diagnosis_domain_not_found_details": "El domini {domain} no existeix en la base de dades WHOIS o ha expirat!",
+    "diagnosis_domain_expiration_not_found_details": "La informació WHOIS pel domini {domain} sembla que no conté informació sobre la data d'expiració?",
+    "diagnosis_domain_expiration_success": "Els vostres dominis estan registrats i no expiraran properament.",
+    "diagnosis_domain_expiration_warning": "Alguns dominis expiraran properament!",
+    "diagnosis_domain_expiration_error": "Alguns dominis expiraran EN BREUS!",
+    "diagnosis_domain_expires_in": "{domain} expirarà en {days} dies.",
+    "diagnosis_swap_tip": "Vigileu i tingueu en compte que els servidor està allotjant memòria d'intercanvi en una targeta SD o en l'emmagatzematge SSD, això pot reduir dràsticament l'esperança de vida del dispositiu."
 }

locales/en.json

@@ -48,6 +48,7 @@
     "app_upgrade_script_failed": "An error occurred inside the app upgrade script",
     "app_upgrade_some_app_failed": "Some apps could not be upgraded",
     "app_upgraded": "{app:s} upgraded",
+    "app_packaging_format_not_supported": "This app cannot be installed because its packaging format is not supported by your Yunohost version. You should probably consider upgrading your system.",
     "apps_already_up_to_date": "All apps are already up-to-date",
     "apps_catalog_init_success": "App catalog system initialized!",
     "apps_catalog_updating": "Updating application catalog…",
@@ -534,6 +535,7 @@
     "regenconf_failed": "Could not regenerate the configuration for category(s): {categories}",
     "regenconf_pending_applying": "Applying pending configuration for category '{category}'…",
     "restore_already_installed_app": "An app with the ID '{app:s}' is already installed",
+    "restore_already_installed_apps": "The following apps can't be restored because they are already installed: {apps}",
     "restore_app_failed": "Could not restore the app '{app:s}'",
     "restore_cleaning_failed": "Could not clean up the temporary restoration directory",
     "restore_complete": "Restored",

locales/fr.json

@@ -166,7 +166,7 @@
     "certmanager_certificate_fetching_or_enabling_failed": "Il semble que l’activation du nouveau certificat pour {domain:s} a échoué …",
     "certmanager_attempt_to_renew_nonLE_cert": "Le certificat pour le domaine {domain:s} n’est pas émis par Let’s Encrypt. Impossible de le renouveler automatiquement !",
     "certmanager_attempt_to_renew_valid_cert": "Le certificat pour le domaine {domain:s} n’est pas sur le point d’expirer ! (Vous pouvez utiliser --force si vous savez ce que vous faites)",
-    "certmanager_domain_http_not_working": "Il semble que le domaine {domain:s} ne soit pas accessible via HTTP. Veuillez vérifier que vos configuration DNS et Nginx sont correctes",
+    "certmanager_domain_http_not_working": "Le domaine {domain:s} ne semble pas être accessible via HTTP. Merci de vérifier la catégorie 'Web' dans le diagnostic pour plus d'informations. (Ou si vous savez ce que vous faites, utilisez '--no-checks' pour désactiver la vérification.)",
     "certmanager_error_no_A_record": "Aucun enregistrement DNS 'A' n’a été trouvé pour {domain:s}. Vous devez faire pointer votre nom de domaine vers votre machine pour être en mesure d’installer un certificat Let’s Encrypt ! (Si vous savez ce que vous faites, utilisez --no-checks pour désactiver ces contrôles)",
     "certmanager_domain_dns_ip_differs_from_public_ip": "L’enregistrement DNS 'A' du domaine {domain:s} est différent de l’adresse IP de ce serveur. Si vous avez récemment modifié votre enregistrement 'A', veuillez attendre sa propagation (des vérificateurs de propagation DNS sont disponibles en ligne). (Si vous savez ce que vous faites, utilisez --no-checks pour désactiver ces contrôles)",
     "certmanager_cannot_read_cert": "Quelque chose s’est mal passé lors de la tentative d’ouverture du certificat actuel pour le domaine {domain:s} (fichier : {file:s}), la cause est : {reason:s}",
@@ -333,7 +333,7 @@
     "log_tools_shutdown": "Éteindre votre serveur",
     "log_tools_reboot": "Redémarrer votre serveur",
     "mail_unavailable": "Cette adresse de courriel est réservée et doit être automatiquement attribuée au tout premier utilisateur",
-    "migration_description_0004_php5_to_php7_pools": "Reconfigurer les espaces utilisateurs PHP pour utiliser PHP 7 au lieu de PHP 5",
+    "migration_description_0004_php5_to_php7_pools": "Reconfigurer l'ensemble PHP pour utiliser PHP 7 au lieu de PHP 5",
     "migration_description_0005_postgresql_9p4_to_9p6": "Migration des bases de données de PostgreSQL 9.4 vers PostgreSQL 9.6",
     "migration_0005_postgresql_94_not_installed": "PostgreSQL n’a pas été installé sur votre système. Rien à faire !",
     "migration_0005_postgresql_96_not_installed": "PostgreSQL 9.4 est installé, mais pas PostgreSQL 9.6 ‽ Quelque chose de bizarre aurait pu se produire sur votre système :(…",
@@ -647,5 +647,7 @@
     "diagnosis_domain_expiration_success": "Vos domaines sont enregistrés et ne vont pas expirer prochainement.",
     "diagnosis_domain_expiration_warning": "Certains domaines vont expirer prochainement !",
     "diagnosis_domain_expiration_error": "Certains domaines vont expirer TRÈS PROCHAINEMENT !",
-    "diagnosis_domain_expires_in": "Le {domain} expire dans {days} jours."
+    "diagnosis_domain_expires_in": "{domain} expire dans {days} jours.",
+    "certmanager_domain_not_diagnosed_yet": "Il n'y a pas encore de résultat de diagnostic pour le domaine %s. Merci de relancer un diagnostic pour les catégories 'Enregistrements DNS' et 'Web' dans la section Diagnostique pour vérifier si le domaine est prêt pour Let's Encrypt. (Ou si vous savez ce que vous faites, utilisez '--no-checks' pour désactiver la vérification.)",
+    "diagnosis_swap_tip": "Merci d'être prudent et conscient que si vous hébergez une partition SWAP sur une carte SD ou un disque SSD, cela risque de réduire drastiquement l’espérance de vie du périphérique."
 }

locales/oc.json

@@ -578,5 +578,7 @@
     "diagnosis_mail_ehlo_could_not_diagnose_details": "Error : {error}",
     "diagnosis_mail_queue_unavailable_details": "Error : {error}",
     "diagnosis_basesystem_hardware": "L’arquitectura del servidor es {virt} {arch}",
-    "diagnosis_basesystem_hardware_board": "Lo modèl de carta del servidor es {model}"
+    "diagnosis_basesystem_hardware_board": "Lo modèl de carta del servidor es {model}",
+    "backup_archive_corrupted": "Sembla que l’archiu de la salvagarda « {archive} » es corromput : {error}",
+    "diagnosis_domain_expires_in": "{domain} expiraà d’aquí {days} jorns."
 }

src/yunohost/app.py

@@ -35,14 +35,13 @@ import subprocess
 import glob
 import urllib
 from collections import OrderedDict
-from datetime import datetime
 
 from moulinette import msignals, m18n, msettings
 from moulinette.utils.log import getActionLogger
 from moulinette.utils.network import download_json
 from moulinette.utils.filesystem import read_file, read_json, read_toml, read_yaml, write_to_file, write_to_json, write_to_yaml, chmod, chown, mkdir
 
-from yunohost.service import service_log, service_status, _run_service_command
+from yunohost.service import service_status, _run_service_command
 from yunohost.utils import packages
 from yunohost.utils.error import YunohostError
 from yunohost.log import is_unit_operation, OperationLogger
@@ -2323,6 +2322,11 @@ def _encode_string(value):
 
 def _check_manifest_requirements(manifest, app_instance_name):
     """Check if required packages are met from the manifest"""
+
+    packaging_format = int(manifest.get('packaging_format', 0))
+    if packaging_format not in [0, 1]:
+        raise YunohostError("app_packaging_format_not_supported")
+
     requirements = manifest.get('requirements', dict())
 
     if not requirements:
@@ -2797,21 +2801,6 @@ def is_true(arg):
         return True if arg else False
 
 
-def random_password(length=8):
-    """
-    Generate a random string
-
-    Keyword arguments:
-        length -- The string length to generate
-
-    """
-    import string
-    import random
-
-    char_set = string.ascii_uppercase + string.digits + string.ascii_lowercase
-    return ''.join([random.SystemRandom().choice(char_set) for x in range(length)])
-
-
 def unstable_apps():
 
     output = []

src/yunohost/backup.py

@@ -1004,10 +1004,20 @@ class RestoreManager():
             logger.error(m18n.n('backup_archive_app_not_found',
                                 app=app))
 
-        self.targets.set_wanted("apps",
-                                apps,
-                                self.info['apps'].keys(),
-                                unknown_error)
+        to_be_restored = self.targets.set_wanted("apps",
+                                                 apps,
+                                                 self.info['apps'].keys(),
+                                                 unknown_error)
+
+        # If all apps to restore are already installed, stop right here.
+        # Otherwise, if at least one app can be restored, we keep going on
+        # because those which can be restored will indeed be restored
+        already_installed = [app for app in to_be_restored if _is_installed(app)]
+        if already_installed != []:
+            if already_installed == to_be_restored:
+                raise YunohostError("restore_already_installed_apps", apps=', '.join(already_installed))
+            else:
+                logger.warning(m18n.n("restore_already_installed_apps", apps=', '.join(already_installed)))
 
     #
     # Archive mounting                                                      #
@@ -1301,13 +1311,6 @@ class RestoreManager():
                 else:
                     shutil.copy2(s, d)
 
-        # Start register change on system
-        related_to = [('app', app_instance_name)]
-        operation_logger = OperationLogger('backup_restore_app', related_to)
-        operation_logger.start()
-
-        logger.info(m18n.n("app_start_restore", app=app_instance_name))
-
         # Check if the app is not already installed
         if _is_installed(app_instance_name):
             logger.error(m18n.n('restore_already_installed_app',
@@ -1315,6 +1318,13 @@ class RestoreManager():
             self.targets.set_result("apps", app_instance_name, "Error")
             return
 
+        # Start register change on system
+        related_to = [('app', app_instance_name)]
+        operation_logger = OperationLogger('backup_restore_app', related_to)
+        operation_logger.start()
+
+        logger.info(m18n.n("app_start_restore", app=app_instance_name))
+
         app_dir_in_archive = os.path.join(self.work_dir, 'apps', app_instance_name)
         app_backup_in_archive = os.path.join(app_dir_in_archive, 'backup')
         app_settings_in_archive = os.path.join(app_dir_in_archive, 'settings')

src/yunohost/service.py

@@ -78,7 +78,7 @@ def service_add(name, description=None, log=None, log_type=None, test_status=Non
     if not description:
         # Try to get the description from systemd service
         unit, _ = _get_service_information_from_systemd(name)
-        description = unit.get("Description", "") if unit is not None else ""
+        description = str(unit.get("Description", "")) if unit is not None else ""
         # If the service does not yet exists or if the description is empty,
         # systemd will anyway return foo.service as default value, so we wanna
         # make sure there's actually something here.
@@ -515,6 +515,9 @@ def _run_service_command(action, service):
     need_lock = services[service].get('need_lock', False) \
         and action in ['start', 'stop', 'restart', 'reload', 'reload-or-restart']
 
+    if action in ["enable", "disable"]:
+        cmd += " --quiet"
+
     try:
         # Launch the command
         logger.debug("Running '%s'" % cmd)

src/yunohost/tests/test_backuprestore.py

@@ -475,10 +475,9 @@ def test_restore_app_already_installed(mocker):
 
     assert _is_installed("wordpress")
 
-    with message(mocker, 'restore_already_installed_app', app="wordpress"):
-        with raiseYunohostError(mocker, 'restore_nothings_done'):
-            backup_restore(system=None, name=backup_list()["archives"][0],
-                           apps=["wordpress"])
+    with raiseYunohostError(mocker, 'restore_already_installed_apps'):
+        backup_restore(system=None, name=backup_list()["archives"][0],
+                       apps=["wordpress"])
 
     assert _is_installed("wordpress")
 

src/yunohost/tests/test_service.py

@@ -25,7 +25,11 @@ def clean():
 
     if "dummyservice" in services:
         del services["dummyservice"]
-        _save_services(services)
+
+    if "networking" in services:
+        del services["networking"]
+
+    _save_services(services)
 
 
 def test_service_status_all():
@@ -60,6 +64,10 @@ def test_service_add():
     service_add("dummyservice", description="A dummy service to run tests")
     assert "dummyservice" in service_status().keys()
 
+def test_service_add_real_service():
+
+    service_add("networking")
+    assert "networking" in service_status().keys()
 
 def test_service_remove():
 

src/yunohost/utils/network.py

@@ -57,7 +57,7 @@ def get_public_ip_from_remote_server(protocol=4):
         return None
 
     # If we are indeed connected in ipv4 or ipv6, we should find a default route
-    routes = check_output("ip -%s route" % protocol).split("\n")
+    routes = check_output("ip -%s route show table all" % protocol).split("\n")
     def is_default_route(r):
         # Typically the default route starts with "default"
         # But of course IPv6 is more complex ... e.g. on internet cube there's