From cb1d02243e10c31c4dd59d1391068a82bab663a5 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Wed, 14 Oct 2020 01:31:01 +0200 Subject: [PATCH 01/41] Do not advertise upgrades for bad-quality apps --- src/yunohost/app.py | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/src/yunohost/app.py b/src/yunohost/app.py index 7d5d36c4d..8039d5a7f 100644 --- a/src/yunohost/app.py +++ b/src/yunohost/app.py @@ -182,19 +182,29 @@ def _app_upgradable(app_infos): from packaging import version # Determine upgradability - # In case there is neither update_time nor install_time, we assume the app can/has to be upgraded - # Firstly use the version to know if an upgrade is available - app_is_in_catalog = bool(app_infos.get("from_catalog")) + app_in_catalog = app_infos.get("from_catalog") installed_version = version.parse(app_infos.get("version", "0~ynh0")) version_in_catalog = version.parse(app_infos.get("from_catalog", {}).get("manifest", {}).get("version", "0~ynh0")) - if app_is_in_catalog and '~ynh' in str(installed_version) and '~ynh' in str(version_in_catalog): + if not app_in_catalog: + return "url_required" + + # Do not advertise upgrades for bad-quality apps + if not app_in_catalog.get("level", -1) >= 5 or app_in_catalog.get("state") != "working": + return "bad_quality" + + # If the app uses the standard version scheme, use it to determine + # upgradability + if '~ynh' in str(installed_version) and '~ynh' in str(version_in_catalog): if installed_version < version_in_catalog: return "yes" + else: + return "no" - if not app_is_in_catalog: - return "url_required" + # Legacy stuff for app with old / non-standard version numbers... + + # In case there is neither update_time nor install_time, we assume the app can/has to be upgraded if not app_infos["from_catalog"].get("lastUpdate") or not app_infos["from_catalog"].get("git"): return "url_required" From a5b282e5c65d146eb678a3517838321123bb4901 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sat, 31 Oct 2020 19:14:33 +0100 Subject: [PATCH 02/41] Diagnosis: report usage of backports repository in apt's sources.list --- data/hooks/diagnosis/00-basesystem.py | 10 ++++++++++ locales/en.json | 1 + 2 files changed, 11 insertions(+) diff --git a/data/hooks/diagnosis/00-basesystem.py b/data/hooks/diagnosis/00-basesystem.py index d56faec98..00412cc74 100644 --- a/data/hooks/diagnosis/00-basesystem.py +++ b/data/hooks/diagnosis/00-basesystem.py @@ -92,6 +92,11 @@ class BaseSystemDiagnoser(Diagnoser): summary="diagnosis_package_installed_from_sury", details=["diagnosis_package_installed_from_sury_details"]) + if self.backports_in_sources_list(): + yield dict(meta={"test": "backports_in_sources_list"}, + status="WARNING", + summary="diagnosis_backports_in_sources_list") + def bad_sury_packages(self): packages_to_check = ["openssl", "libssl1.1", "libssl-dev"] @@ -105,6 +110,11 @@ class BaseSystemDiagnoser(Diagnoser): version_to_downgrade_to = check_output(cmd) yield (package, version_to_downgrade_to) + def backports_in_sources_list(self): + + cmd = "grep -q -nr '^ *deb .*-backports' /etc/apt/sources.list*" + return os.system(cmd) == 0 + def is_vulnerable_to_meltdown(self): # meltdown CVE: https://security-tracker.debian.org/tracker/CVE-2017-5754 diff --git a/locales/en.json b/locales/en.json index 221046382..e13c0d2b2 100644 --- a/locales/en.json +++ b/locales/en.json @@ -147,6 +147,7 @@ "diagnosis_basesystem_ynh_single_version": "{package} version: {version} ({repo})", "diagnosis_basesystem_ynh_main_version": "Server is running YunoHost {main_version} ({repo})", "diagnosis_basesystem_ynh_inconsistent_versions": "You are running inconsistent versions of the YunoHost packages... most probably because of a failed or partial upgrade.", + "diagnosis_backports_in_sources_list": "It looks like apt (the package manager) is configured to use the backports repository. Unless you really know what you are doing, we strongly discourage from installing packages from backports, because it's likely to create unstabilities or conflicts on your system.", "diagnosis_package_installed_from_sury": "Some system packages should be downgraded", "diagnosis_package_installed_from_sury_details": "Some packages were inadvertendly installed from a third-party repository called Sury. The Yunohost team improved the strategy that handle these packages, but it's expected that some setups that installed PHP7.3 apps while still on Stretch have some remaining inconsistencies. To fix this situation, you should try running the following command: {cmd_to_fix}", "diagnosis_display_tip": "To see the issues found, you can go to the Diagnosis section of the webadmin, or run 'yunohost diagnosis show --issues' from the command-line.", From 42f3ff6b009ec0bb98074381c484b49681ec1ec5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?L=C3=A9o=20Le=20Bouter?= Date: Mon, 21 Dec 2020 00:21:50 +0100 Subject: [PATCH 03/41] firewall: force source port for UPnP. miniupnpc uses a random source port by default, the issue is that the firewall rule to allow destination port 1900 incoming is unused because the UPnP server will use the random source port as destination port in the reply which iptables will block. Forcing the source port to be 1900 will ensure the UPnP server also uses that as destination port in the reply and pass the firewall. python-miniupnpc 2.0 or later is required for this change to have any effect, it is otherwise silently ignored. A debian package upgrade is in the works for official Yunohost repos. --- src/yunohost/firewall.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/yunohost/firewall.py b/src/yunohost/firewall.py index c17e958e7..dbf87a7b5 100644 --- a/src/yunohost/firewall.py +++ b/src/yunohost/firewall.py @@ -336,7 +336,7 @@ def firewall_upnp(action='status', no_refresh=False): # Refresh port mapping using UPnP if not no_refresh: - upnpc = miniupnpc.UPnP() + upnpc = miniupnpc.UPnP(localport=1) upnpc.discoverdelay = 3000 # Discover UPnP device(s) From 6419c2ac64ee1c2854001d3c9f1309a6552e9435 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Thu, 24 Dec 2020 15:38:39 +0100 Subject: [PATCH 04/41] Don't mess with Sury's pinning --- data/helpers.d/apt | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/data/helpers.d/apt b/data/helpers.d/apt index 59f233c60..7c6de912d 100644 --- a/data/helpers.d/apt +++ b/data/helpers.d/apt @@ -460,7 +460,8 @@ ynh_remove_extra_repo () { name="${name:-$app}" ynh_secure_remove "/etc/apt/sources.list.d/$name.list" - ynh_secure_remove "/etc/apt/preferences.d/$name" + # Sury pinning is managed by the regenconf in the core... + [[ "$name" == "extra_php_version" ]] || ynh_secure_remove "/etc/apt/preferences.d/$name" ynh_secure_remove "/etc/apt/trusted.gpg.d/$name.gpg" > /dev/null ynh_secure_remove "/etc/apt/trusted.gpg.d/$name.asc" > /dev/null @@ -548,6 +549,9 @@ ynh_pin_repo () { append="tee" fi + # Sury pinning is managed by the regenconf in the core... + [[ "$name" != "extra_php_version" ]] || return + mkdir --parents "/etc/apt/preferences.d" echo "Package: $package Pin: $pin From d6d75c528eaaa85c895fcaf7a3d3d025eaea77ab Mon Sep 17 00:00:00 2001 From: Kayou Date: Tue, 29 Dec 2020 22:37:59 +0100 Subject: [PATCH 05/41] fix legacy permission migration --- src/yunohost/utils/legacy.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/yunohost/utils/legacy.py b/src/yunohost/utils/legacy.py index 1cc0246f3..4aaf62179 100644 --- a/src/yunohost/utils/legacy.py +++ b/src/yunohost/utils/legacy.py @@ -104,7 +104,7 @@ class SetupGroupPermissions(): allowed = [user for user in permission.split(',') if user in known_users] else: allowed = ["all_users"] - permission_create(app + ".main", url=url, allowed=allowed, protected=False, sync_perm=False) + permission_create(app + ".main", url=url, allowed=allowed, show_tile=True, protected=False, sync_perm=False) app_setting(app, 'allowed_users', delete=True) @@ -185,12 +185,12 @@ def migrate_legacy_permission_settings(app=None): if unprotected_urls != []: permission_create(app + ".legacy_unprotected_uris", additional_urls=unprotected_urls, auth_header=True, label=legacy_permission_label(app, "unprotected"), - show_tile=False, allowed='visitors', protected=True, sync_perm=False) + show_tile=True, allowed='visitors', protected=False, sync_perm=False) if protected_urls != []: permission_create(app + ".legacy_protected_uris", additional_urls=protected_urls, auth_header=True, label=legacy_permission_label(app, "protected"), - show_tile=False, allowed=user_permission_list()['permissions'][app + ".main"]['allowed'], - protected=True, sync_perm=False) + show_tile=True, allowed=user_permission_list()['permissions'][app + ".main"]['allowed'], + protected=False, sync_perm=False) legacy_permission_settings = [ "skipped_uris", From e70f27b7ff2edcd39bdea40a9b620e6978a0b2e7 Mon Sep 17 00:00:00 2001 From: Kayou Date: Tue, 29 Dec 2020 22:48:10 +0100 Subject: [PATCH 06/41] Update legacy.py --- src/yunohost/utils/legacy.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/yunohost/utils/legacy.py b/src/yunohost/utils/legacy.py index 4aaf62179..434746a28 100644 --- a/src/yunohost/utils/legacy.py +++ b/src/yunohost/utils/legacy.py @@ -185,12 +185,12 @@ def migrate_legacy_permission_settings(app=None): if unprotected_urls != []: permission_create(app + ".legacy_unprotected_uris", additional_urls=unprotected_urls, auth_header=True, label=legacy_permission_label(app, "unprotected"), - show_tile=True, allowed='visitors', protected=False, sync_perm=False) + show_tile=False, allowed='visitors', protected=True, sync_perm=False) if protected_urls != []: permission_create(app + ".legacy_protected_uris", additional_urls=protected_urls, auth_header=True, label=legacy_permission_label(app, "protected"), - show_tile=True, allowed=user_permission_list()['permissions'][app + ".main"]['allowed'], - protected=False, sync_perm=False) + show_tile=False, allowed=user_permission_list()['permissions'][app + ".main"]['allowed'], + protected=True, sync_perm=False) legacy_permission_settings = [ "skipped_uris", From 2b80bac7696eb3909640f12ca4cb03b1215a5d74 Mon Sep 17 00:00:00 2001 From: Kayou Date: Tue, 29 Dec 2020 23:12:14 +0100 Subject: [PATCH 07/41] Fix restore permission --- src/yunohost/backup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/yunohost/backup.py b/src/yunohost/backup.py index c0f11eae8..7179430e0 100644 --- a/src/yunohost/backup.py +++ b/src/yunohost/backup.py @@ -1343,7 +1343,7 @@ class RestoreManager(): additional_urls=permission_infos.get("additional_urls"), auth_header=permission_infos.get("auth_header"), label=permission_infos.get('label') if perm_name == "main" else permission_infos.get("sublabel"), - show_tile=permission_infos.get("show_tile", None), + show_tile=permission_infos.get("show_tile", True), protected=permission_infos.get("protected", True), sync_perm=False) From 9e2e5ce55e5a378deddead113a883083632555e6 Mon Sep 17 00:00:00 2001 From: Kayou Date: Tue, 29 Dec 2020 23:59:13 +0100 Subject: [PATCH 08/41] not protected by default --- src/yunohost/backup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/yunohost/backup.py b/src/yunohost/backup.py index 7179430e0..242cd0bfd 100644 --- a/src/yunohost/backup.py +++ b/src/yunohost/backup.py @@ -1344,7 +1344,7 @@ class RestoreManager(): auth_header=permission_infos.get("auth_header"), label=permission_infos.get('label') if perm_name == "main" else permission_infos.get("sublabel"), show_tile=permission_infos.get("show_tile", True), - protected=permission_infos.get("protected", True), + protected=permission_infos.get("protected", False), sync_perm=False) permission_sync_to_user() From 7e096a8aebe96cafd1753a74946a800a757a2874 Mon Sep 17 00:00:00 2001 From: Laurent Peuch Date: Wed, 30 Dec 2020 11:25:54 +0100 Subject: [PATCH 09/41] [mod](user_create) only ask for one letter for first/last name --- data/actionsmap/yunohost.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/data/actionsmap/yunohost.yml b/data/actionsmap/yunohost.yml index fb569dcd0..31b86c7ae 100644 --- a/data/actionsmap/yunohost.yml +++ b/data/actionsmap/yunohost.yml @@ -87,7 +87,7 @@ user: ask: ask_firstname required: True pattern: &pattern_firstname - - !!str ^([^\W\d_]{2,30}[ ,.'-]{0,3})+$ + - !!str ^([^\W\d_]{1,30}[ ,.'-]{0,3})+$ - "pattern_firstname" -l: full: --lastname @@ -95,7 +95,7 @@ user: ask: ask_lastname required: True pattern: &pattern_lastname - - !!str ^([^\W\d_]{2,30}[ ,.'-]{0,3})+$ + - !!str ^([^\W\d_]{1,30}[ ,.'-]{0,3})+$ - "pattern_lastname" -m: full: --mail From 2e8aa6442e9cd4236859a2c2ac3278a2cad91e13 Mon Sep 17 00:00:00 2001 From: Christian Wehrli Date: Mon, 21 Dec 2020 15:49:52 +0000 Subject: [PATCH 10/41] Translated using Weblate (German) Currently translated at 57.6% (363 of 630 strings) Translation: YunoHost/core Translate-URL: https://translate.yunohost.org/projects/yunohost/core/de/ --- locales/de.json | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/locales/de.json b/locales/de.json index 9c8fa33c8..05b6b2a5e 100644 --- a/locales/de.json +++ b/locales/de.json @@ -464,12 +464,13 @@ "domain_cannot_add_xmpp_upload": "Eine hinzugefügte Domain darf nicht mit 'xmpp-upload.' beginnen. Dieser Name ist für das XMPP-Upload-Feature von YunoHost reserviert.", "group_cannot_be_deleted": "Die Gruppe {group} kann nicht manuell entfernt werden.", "group_cannot_edit_primary_group": "Die Gruppe '{group}' kann nicht manuell bearbeitet werden. Es ist die primäre Gruppe, welche dazu gedacht ist, nur einen spezifischen Benutzer zu enthalten.", - "diagnosis_processes_killed_by_oom_reaper": "Einige Prozesse wurden vom System beendet, weil nicht genügend Arbeitsspeicher vorhanden ist. Das passiert normalerweise, wenn das System nicht genügend Arbeitsspeicher zur Verfügung hat oder wenn ein Prozess zu viel Speicher verbraucht. Zusammenfassung der beendeten Prozesse: {kills_summary}", + "diagnosis_processes_killed_by_oom_reaper": "Das System hat einige Prozesse beendet, weil ihm der Arbeitsspeicher ausgegangen ist. Das passiert normalerweise, wenn das System ingesamt nicht genügend Arbeitsspeicher zur Verfügung hat oder wenn ein einzelner Prozess zu viel Speicher verbraucht. Zusammenfassung der beendeten Prozesse: \n{kills_summary}", "diagnosis_description_ports": "Offene Ports", "additional_urls_already_added": "Zusätzliche URL '{url:s}' bereits hinzugefügt in der zusätzlichen URL für Berechtigung '{permission:s}'", "additional_urls_already_removed": "Zusätzliche URL '{url:s}' bereits entfernt in der zusätzlichen URL für Berechtigung '{permission:s}'", "app_label_deprecated": "Dieser Befehl ist veraltet! Bitte nutzen Sie den neuen Befehl 'yunohost user permission update' um das Applabel zu verwalten.", "diagnosis_http_hairpinning_issue_details": "Das ist wahrscheinlich aufgrund Ihrer ISP Box / Router. Als Konsequenz können Personen von ausserhalb Ihres Netzwerkes aber nicht von innerhalb Ihres lokalen Netzwerkes (wie wahrscheinlich Sie selber?) wie gewohnt auf Ihren Server zugreifen, wenn Sie ihre Domäne oder Ihre öffentliche IP verwenden. Sie können die Situation wahrscheinlich verbessern, indem Sie ein einen Blick in https://yunohost.org/dns_local_network werfen", "diagnosis_http_nginx_conf_not_up_to_date": "Jemand hat anscheinend die Konfiguration von Nginx manuell geändert. Diese Änderung verhindert, dass Yunohost eine Diagnose durchführen kann, wenn er via HTTP erreichbar ist.", - "diagnosis_http_bad_status_code": "Anscheinend beantwortet ein anderes Gerät als Ihr Server die Anfrage (Vielleicht ihr Internetrouter).
1. Die häufigste Ursache ist, dass Port 80 (und 443) nicht richtig auf Ihren Server weitergeleitet wird.
2. Bei komplexeren Setups: Vergewissern Sie sich, dass keine Firewall und keine Reverse-Proxy interferieren." + "diagnosis_http_bad_status_code": "Anscheinend beantwortet ein anderes Gerät als Ihr Server die Anfrage (Vielleicht ihr Internetrouter).
1. Die häufigste Ursache ist, dass Port 80 (und 443) nicht richtig auf Ihren Server weitergeleitet wird.
2. Bei komplexeren Setups: Vergewissern Sie sich, dass keine Firewall und keine Reverse-Proxy interferieren.", + "diagnosis_never_ran_yet": "Sie haben kürzlich einen neuen Yunohost-Server installiert aber es gibt davon noch keinen Diagnosereport. Sie sollten eine Diagnose anstossen. Sie können das entweder vom Webadmin aus oder in der Kommandozeile machen. In der Kommandozeile verwenden Sie dafür den Befehl 'yunohost diagnosis run'." } From 28b9b672b3f0009c31ca09f04f66c181a98b1b20 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Thu, 31 Dec 2020 16:32:13 +0100 Subject: [PATCH 11/41] Update changelog for 4.1.2 --- debian/changelog | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/debian/changelog b/debian/changelog index 0996629f9..9b824d9de 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,18 @@ +yunohost (4.1.2) testing; urgency=low + + - [enh] diagnosis: Detect moar hardware name (b685a274) + - [fix] permissions: Handle regexes that may start with ^ or \ (bdff5937) + - [fix] permissions: Tile/protect status for legacy migration ([#1113](https://github.com/yunohost/yunohost/pull/1113)) + - [fix] domain: double return prevent new code from working (0c977d8c) + - [fix] settings: When encountering unknown setting, also save the regular setting so we don't re-encounter the unknown settings everytime (d77d5afb) + - [fix] users: only ask for one letter for first/last name ([#1114](https://github.com/yunohost/yunohost/pull/1114)) + - [fix] apt/sury: Tweak app helpers to not mess with Sury's pinning ([#1110](https://github.com/yunohost/yunohost/pull/1110)) + - [i18n] Translations updated for German + + Thanks to all contributors <3 ! (Bram, C. Wehrli, Kayou) + + -- Alexandre Aubin Thu, 31 Dec 2020 16:26:51 +0100 + yunohost (4.1.1) testing; urgency=low - [fix] Backup/restore DKIM keys ([#1098](https://github.com/yunohost/yunohost/pull/1098), [#1100](https://github.com/yunohost/yunohost/pull/1100)) From 78751ac655fd982fef0912f58cfde62693807d6c Mon Sep 17 00:00:00 2001 From: Kay0u Date: Thu, 31 Dec 2020 18:33:09 +0100 Subject: [PATCH 12/41] Move permissions helpers to a new file --- data/helpers.d/permission | 370 ++++++++++++++++++++++++++++++++++++++ data/helpers.d/setting | 369 ------------------------------------- 2 files changed, 370 insertions(+), 369 deletions(-) create mode 100644 data/helpers.d/permission diff --git a/data/helpers.d/permission b/data/helpers.d/permission new file mode 100644 index 000000000..46d703d7b --- /dev/null +++ b/data/helpers.d/permission @@ -0,0 +1,370 @@ +#!/bin/bash + +# Create a new permission for the app +# +# example 1: ynh_permission_create --permission=admin --url=/admin --additional_urls=domain.tld/admin /superadmin --allowed=alice bob \ +# --label="My app admin" --show_tile=true +# +# This example will create a new permission permission with this following effect: +# - A tile named "My app admin" in the SSO will be available for the users alice and bob. This tile will point to the relative url '/admin'. +# - Only the user alice and bob will have the access to theses following url: /admin, domain.tld/admin, /superadmin +# +# +# example 2: ynh_permission_create --permission=api --url=domain.tld/api --auth_header=false --allowed=visitors \ +# --label="MyApp API" --protected=true +# +# This example will create a new protected permission. So the admin won't be able to add/remove the visitors group of this permission. +# In case of an API with need to be always public it avoid that the admin break anything. +# With this permission all client will be allowed to access to the url 'domain.tld/api'. +# Note that in this case no tile will be show on the SSO. +# Note that the auth_header parameter is to 'false'. So no authentication header will be passed to the application. +# Generally the API is requested by an application and enabling the auth_header has no advantage and could bring some issues in some case. +# So in this case it's better to disable this option for all API. +# +# +# usage: ynh_permission_create --permission="permission" [--url="url"] [--additional_urls="second-url" [ "third-url" ]] [--auth_header=true|false] +# [--allowed=group1 [ group2 ]] [--label="label"] [--show_tile=true|false] +# [--protected=true|false] +# | arg: -p, permission= - the name for the permission (by default a permission named "main" already exist) +# | arg: -u, url= - (optional) URL for which access will be allowed/forbidden. +# | Not that if 'show_tile' is enabled, this URL will be the URL of the tile. +# | arg: -A, additional_urls= - (optional) List of additional URL for which access will be allowed/forbidden +# | arg: -h, auth_header= - (optional) Define for the URL of this permission, if SSOwat pass the authentication header to the application. Default is true +# | arg: -a, allowed= - (optional) A list of group/user to allow for the permission +# | arg: -l, label= - (optional) Define a name for the permission. This label will be shown on the SSO and in the admin. +# | Default is "APP_LABEL (permission name)". +# | arg: -t, show_tile= - (optional) Define if a tile will be shown in the SSO. If yes the name of the tile will be the 'label' parameter. +# | Default is false (for the permission different than 'main'). +# | arg: -P, protected= - (optional) Define if this permission is protected. If it is protected the administrator +# | won't be able to add or remove the visitors group of this permission. +# | By default it's 'false' +# +# If provided, 'url' or 'additional_urls' is assumed to be relative to the app domain/path if they +# start with '/'. For example: +# / -> domain.tld/app +# /admin -> domain.tld/app/admin +# domain.tld/app/api -> domain.tld/app/api +# +# 'url' or 'additional_urls' can be treated as a PCRE (not lua) regex if it starts with "re:". +# For example: +# re:/api/[A-Z]*$ -> domain.tld/app/api/[A-Z]*$ +# re:domain.tld/app/api/[A-Z]*$ -> domain.tld/app/api/[A-Z]*$ +# +# Note that globally the parameter 'url' and 'additional_urls' are same. The only difference is: +# - 'url' is only one url, 'additional_urls' can be a list of urls. There are no limitation of 'additional_urls' +# - 'url' is used for the url of tile in the SSO (if enabled with the 'show_tile' parameter) +# +# +# About the authentication header (auth_header parameter). +# The SSO pass (by default) to the application theses following HTTP header (linked to the authenticated user) to the application: +# - "Auth-User": username +# - "Remote-User": username +# - "Email": user email +# +# Generally this feature is usefull to authenticate automatically the user in the application but in some case the application don't work with theses header and theses header need to be disabled to have the application to work correctly. +# See https://github.com/YunoHost/issues/issues/1420 for more informations +# +# +# Requires YunoHost version 3.7.0 or higher. +ynh_permission_create() { + # Declare an array to define the options of this helper. + local legacy_args=puAhaltP + local -A args_array=( [p]=permission= [u]=url= [A]=additional_urls= [h]=auth_header= [a]=allowed= [l]=label= [t]=show_tile= [P]=protected= ) + local permission + local url + local additional_urls + local auth_header + local allowed + local label + local show_tile + local protected + ynh_handle_getopts_args "$@" + url=${url:-} + additional_urls=${additional_urls:-} + auth_header=${auth_header:-} + allowed=${allowed:-} + label=${label:-} + show_tile=${show_tile:-} + protected=${protected:-} + + if [[ -n $url ]] + then + url=",url='$url'" + fi + + if [[ -n $additional_urls ]] + then + # Convert a list from getopts to python list + # Note that getopts separate the args with ';' + # By example: + # --additional_urls /urlA /urlB + # will be: + # additional_urls=['/urlA', '/urlB'] + additional_urls=",additional_urls=['${additional_urls//;/\',\'}']" + fi + + if [[ -n $auth_header ]] + then + if [ $auth_header == "true" ] + then + auth_header=",auth_header=True" + else + auth_header=",auth_header=False" + fi + fi + + if [[ -n $allowed ]] + then + # Convert a list from getopts to python list + # Note that getopts separate the args with ';' + # By example: + # --allowed alice bob + # will be: + # allowed=['alice', 'bob'] + allowed=",allowed=['${allowed//;/\',\'}']" + fi + + if [[ -n ${label:-} ]]; then + label=",label='$label'" + else + label=",label='$permission'" + fi + + if [[ -n ${show_tile:-} ]] + then + if [ $show_tile == "true" ] + then + show_tile=",show_tile=True" + else + show_tile=",show_tile=False" + fi + fi + + if [[ -n ${protected:-} ]] + then + if [ $protected == "true" ] + then + protected=",protected=True" + else + protected=",protected=False" + fi + fi + + yunohost tools shell -c "from yunohost.permission import permission_create; permission_create('$app.$permission' $url $additional_urls $auth_header $allowed $label $show_tile $protected)" +} + +# Remove a permission for the app (note that when the app is removed all permission is automatically removed) +# +# example: ynh_permission_delete --permission=editors +# +# usage: ynh_permission_delete --permission="permission" +# | arg: -p, --permission= - the name for the permission (by default a permission named "main" is removed automatically when the app is removed) +# +# Requires YunoHost version 3.7.0 or higher. +ynh_permission_delete() { + # Declare an array to define the options of this helper. + local legacy_args=p + local -A args_array=( [p]=permission= ) + local permission + ynh_handle_getopts_args "$@" + + yunohost tools shell -c "from yunohost.permission import permission_delete; permission_delete('$app.$permission')" +} + +# Check if a permission exists +# +# usage: ynh_permission_exists --permission=permission +# | arg: -p, --permission= - the permission to check +# | exit: Return 1 if the permission doesn't exist, 0 otherwise +# +# Requires YunoHost version 3.7.0 or higher. +ynh_permission_exists() { + # Declare an array to define the options of this helper. + local legacy_args=p + local -A args_array=( [p]=permission= ) + local permission + ynh_handle_getopts_args "$@" + + yunohost user permission list --short | grep --word-regexp --quiet "$app.$permission" +} + +# Redefine the url associated to a permission +# +# usage: ynh_permission_url --permission "permission" [--url="url"] [--add_url="new-url" [ "other-new-url" ]] [--remove_url="old-url" [ "other-old-url" ]] +# [--auth_header=true|false] [--clear_urls] +# | arg: -p, permission= - the name for the permission (by default a permission named "main" is removed automatically when the app is removed) +# | arg: -u, url= - (optional) URL for which access will be allowed/forbidden. +# | Note that if you want to remove url you can pass an empty sting as arguments (""). +# | arg: -a, add_url= - (optional) List of additional url to add for which access will be allowed/forbidden. +# | arg: -r, remove_url= - (optional) List of additional url to remove for which access will be allowed/forbidden +# | arg: -h, auth_header= - (optional) Define for the URL of this permission, if SSOwat pass the authentication header to the application +# | arg: -c, clear_urls - (optional) Clean all urls (url and additional_urls) +# +# Requires YunoHost version 3.7.0 or higher. +ynh_permission_url() { + # Declare an array to define the options of this helper. + local legacy_args=puarhc + local -A args_array=( [p]=permission= [u]=url= [a]=add_url= [r]=remove_url= [h]=auth_header= [c]=clear_urls ) + local permission + local url + local add_url + local remove_url + local auth_header + local clear_urls + ynh_handle_getopts_args "$@" + url=${url:-} + add_url=${add_url:-} + remove_url=${remove_url:-} + auth_header=${auth_header:-} + clear_urls=${clear_urls:-} + + if [[ -n $url ]] + then + url=",url='$url'" + fi + + if [[ -n $add_url ]] + then + # Convert a list from getopts to python list + # Note that getopts separate the args with ';' + # For example: + # --add_url /urlA /urlB + # will be: + # add_url=['/urlA', '/urlB'] + add_url=",add_url=['${add_url//;/\',\'}']" + fi + + if [[ -n $remove_url ]] + then + # Convert a list from getopts to python list + # Note that getopts separate the args with ';' + # For example: + # --remove_url /urlA /urlB + # will be: + # remove_url=['/urlA', '/urlB'] + remove_url=",remove_url=['${remove_url//;/\',\'}']" + fi + + if [[ -n $auth_header ]] + then + if [ $auth_header == "true" ] + then + auth_header=",auth_header=True" + else + auth_header=",auth_header=False" + fi + fi + + if [[ -n $clear_urls ]] && [ $clear_urls -eq 1 ] + then + clear_urls=",clear_urls=True" + fi + + yunohost tools shell -c "from yunohost.permission import permission_url; permission_url('$app.$permission' $url $add_url $remove_url $auth_header $clear_urls)" +} + + +# Update a permission for the app +# +# usage: ynh_permission_update --permission "permission" [--add="group" ["group" ...]] [--remove="group" ["group" ...]] +# [--label="label"] [--show_tile=true|false] [--protected=true|false] +# | arg: -p, permission= - the name for the permission (by default a permission named "main" already exist) +# | arg: -a, add= - the list of group or users to enable add to the permission +# | arg: -r, remove= - the list of group or users to remove from the permission +# | arg: -l, label= - (optional) Define a name for the permission. This label will be shown on the SSO and in the admin. +# | arg: -t, show_tile= - (optional) Define if a tile will be shown in the SSO +# | arg: -P, protected= - (optional) Define if this permission is protected. If it is protected the administrator +# | won't be able to add or remove the visitors group of this permission. +# +# Requires YunoHost version 3.7.0 or higher. +ynh_permission_update() { + # Declare an array to define the options of this helper. + local legacy_args=parltP + local -A args_array=( [p]=permission= [a]=add= [r]=remove= [l]=label= [t]=show_tile= [P]=protected= ) + local permission + local add + local remove + local label + local show_tile + local protected + ynh_handle_getopts_args "$@" + add=${add:-} + remove=${remove:-} + label=${label:-} + show_tile=${show_tile:-} + protected=${protected:-} + + if [[ -n $add ]] + then + # Convert a list from getopts to python list + # Note that getopts separate the args with ';' + # For example: + # --add alice bob + # will be: + # add=['alice', 'bob'] + add=",add=['${add//';'/"','"}']" + fi + if [[ -n $remove ]] + then + # Convert a list from getopts to python list + # Note that getopts separate the args with ';' + # For example: + # --remove alice bob + # will be: + # remove=['alice', 'bob'] + remove=",remove=['${remove//';'/"','"}']" + fi + + if [[ -n $label ]] + then + label=",label='$label'" + fi + + if [[ -n $show_tile ]] + then + if [ $show_tile == "true" ] + then + show_tile=",show_tile=True" + else + show_tile=",show_tile=False" + fi + fi + + if [[ -n $protected ]]; then + if [ $protected == "true" ] + then + protected=",protected=True" + else + protected=",protected=False" + fi + fi + + yunohost tools shell -c "from yunohost.permission import user_permission_update; user_permission_update('$app.$permission' $add $remove $label $show_tile $protected , force=True)" +} + +# Check if a permission has an user +# +# example: ynh_permission_has_user --permission=main --user=visitors +# +# usage: ynh_permission_has_user --permission=permission --user=user +# | arg: -p, --permission= - the permission to check +# | arg: -u, --user= - the user seek in the permission +# | exit: Return 1 if the permission doesn't have that user or doesn't exist, 0 otherwise +# +# Requires YunoHost version 3.7.1 or higher. +ynh_permission_has_user() { + local legacy_args=pu + # Declare an array to define the options of this helper. + local -A args_array=( [p]=permission= [u]=user= ) + local permission + local user + # Manage arguments with getopts + ynh_handle_getopts_args "$@" + + if ! ynh_permission_exists --permission=$permission + then + return 1 + fi + + yunohost user permission info "$app.$permission" | grep --word-regexp --quiet "$user" +} diff --git a/data/helpers.d/setting b/data/helpers.d/setting index af52b8321..883bd9dfe 100644 --- a/data/helpers.d/setting +++ b/data/helpers.d/setting @@ -147,372 +147,3 @@ ynh_webpath_register () { yunohost app register-url $app $domain $path_url } - -# Create a new permission for the app -# -# example 1: ynh_permission_create --permission=admin --url=/admin --additional_urls=domain.tld/admin /superadmin --allowed=alice bob \ -# --label="My app admin" --show_tile=true -# -# This example will create a new permission permission with this following effect: -# - A tile named "My app admin" in the SSO will be available for the users alice and bob. This tile will point to the relative url '/admin'. -# - Only the user alice and bob will have the access to theses following url: /admin, domain.tld/admin, /superadmin -# -# -# example 2: ynh_permission_create --permission=api --url=domain.tld/api --auth_header=false --allowed=visitors \ -# --label="MyApp API" --protected=true -# -# This example will create a new protected permission. So the admin won't be able to add/remove the visitors group of this permission. -# In case of an API with need to be always public it avoid that the admin break anything. -# With this permission all client will be allowed to access to the url 'domain.tld/api'. -# Note that in this case no tile will be show on the SSO. -# Note that the auth_header parameter is to 'false'. So no authentication header will be passed to the application. -# Generally the API is requested by an application and enabling the auth_header has no advantage and could bring some issues in some case. -# So in this case it's better to disable this option for all API. -# -# -# usage: ynh_permission_create --permission="permission" [--url="url"] [--additional_urls="second-url" [ "third-url" ]] [--auth_header=true|false] -# [--allowed=group1 [ group2 ]] [--label="label"] [--show_tile=true|false] -# [--protected=true|false] -# | arg: -p, permission= - the name for the permission (by default a permission named "main" already exist) -# | arg: -u, url= - (optional) URL for which access will be allowed/forbidden. -# | Not that if 'show_tile' is enabled, this URL will be the URL of the tile. -# | arg: -A, additional_urls= - (optional) List of additional URL for which access will be allowed/forbidden -# | arg: -h, auth_header= - (optional) Define for the URL of this permission, if SSOwat pass the authentication header to the application. Default is true -# | arg: -a, allowed= - (optional) A list of group/user to allow for the permission -# | arg: -l, label= - (optional) Define a name for the permission. This label will be shown on the SSO and in the admin. -# | Default is "APP_LABEL (permission name)". -# | arg: -t, show_tile= - (optional) Define if a tile will be shown in the SSO. If yes the name of the tile will be the 'label' parameter. -# | Default is false (for the permission different than 'main'). -# | arg: -P, protected= - (optional) Define if this permission is protected. If it is protected the administrator -# | won't be able to add or remove the visitors group of this permission. -# | By default it's 'false' -# -# If provided, 'url' or 'additional_urls' is assumed to be relative to the app domain/path if they -# start with '/'. For example: -# / -> domain.tld/app -# /admin -> domain.tld/app/admin -# domain.tld/app/api -> domain.tld/app/api -# -# 'url' or 'additional_urls' can be treated as a PCRE (not lua) regex if it starts with "re:". -# For example: -# re:/api/[A-Z]*$ -> domain.tld/app/api/[A-Z]*$ -# re:domain.tld/app/api/[A-Z]*$ -> domain.tld/app/api/[A-Z]*$ -# -# Note that globally the parameter 'url' and 'additional_urls' are same. The only difference is: -# - 'url' is only one url, 'additional_urls' can be a list of urls. There are no limitation of 'additional_urls' -# - 'url' is used for the url of tile in the SSO (if enabled with the 'show_tile' parameter) -# -# -# About the authentication header (auth_header parameter). -# The SSO pass (by default) to the application theses following HTTP header (linked to the authenticated user) to the application: -# - "Auth-User": username -# - "Remote-User": username -# - "Email": user email -# -# Generally this feature is usefull to authenticate automatically the user in the application but in some case the application don't work with theses header and theses header need to be disabled to have the application to work correctly. -# See https://github.com/YunoHost/issues/issues/1420 for more informations -# -# -# Requires YunoHost version 3.7.0 or higher. -ynh_permission_create() { - # Declare an array to define the options of this helper. - local legacy_args=puAhaltP - local -A args_array=( [p]=permission= [u]=url= [A]=additional_urls= [h]=auth_header= [a]=allowed= [l]=label= [t]=show_tile= [P]=protected= ) - local permission - local url - local additional_urls - local auth_header - local allowed - local label - local show_tile - local protected - ynh_handle_getopts_args "$@" - url=${url:-} - additional_urls=${additional_urls:-} - auth_header=${auth_header:-} - allowed=${allowed:-} - label=${label:-} - show_tile=${show_tile:-} - protected=${protected:-} - - if [[ -n $url ]] - then - url=",url='$url'" - fi - - if [[ -n $additional_urls ]] - then - # Convert a list from getopts to python list - # Note that getopts separate the args with ';' - # By example: - # --additional_urls /urlA /urlB - # will be: - # additional_urls=['/urlA', '/urlB'] - additional_urls=",additional_urls=['${additional_urls//;/\',\'}']" - fi - - if [[ -n $auth_header ]] - then - if [ $auth_header == "true" ] - then - auth_header=",auth_header=True" - else - auth_header=",auth_header=False" - fi - fi - - if [[ -n $allowed ]] - then - # Convert a list from getopts to python list - # Note that getopts separate the args with ';' - # By example: - # --allowed alice bob - # will be: - # allowed=['alice', 'bob'] - allowed=",allowed=['${allowed//;/\',\'}']" - fi - - if [[ -n ${label:-} ]]; then - label=",label='$label'" - else - label=",label='$permission'" - fi - - if [[ -n ${show_tile:-} ]] - then - if [ $show_tile == "true" ] - then - show_tile=",show_tile=True" - else - show_tile=",show_tile=False" - fi - fi - - if [[ -n ${protected:-} ]] - then - if [ $protected == "true" ] - then - protected=",protected=True" - else - protected=",protected=False" - fi - fi - - yunohost tools shell -c "from yunohost.permission import permission_create; permission_create('$app.$permission' $url $additional_urls $auth_header $allowed $label $show_tile $protected)" -} - -# Remove a permission for the app (note that when the app is removed all permission is automatically removed) -# -# example: ynh_permission_delete --permission=editors -# -# usage: ynh_permission_delete --permission="permission" -# | arg: -p, --permission= - the name for the permission (by default a permission named "main" is removed automatically when the app is removed) -# -# Requires YunoHost version 3.7.0 or higher. -ynh_permission_delete() { - # Declare an array to define the options of this helper. - local legacy_args=p - local -A args_array=( [p]=permission= ) - local permission - ynh_handle_getopts_args "$@" - - yunohost tools shell -c "from yunohost.permission import permission_delete; permission_delete('$app.$permission')" -} - -# Check if a permission exists -# -# usage: ynh_permission_exists --permission=permission -# | arg: -p, --permission= - the permission to check -# | exit: Return 1 if the permission doesn't exist, 0 otherwise -# -# Requires YunoHost version 3.7.0 or higher. -ynh_permission_exists() { - # Declare an array to define the options of this helper. - local legacy_args=p - local -A args_array=( [p]=permission= ) - local permission - ynh_handle_getopts_args "$@" - - yunohost user permission list --short | grep --word-regexp --quiet "$app.$permission" -} - -# Redefine the url associated to a permission -# -# usage: ynh_permission_url --permission "permission" [--url="url"] [--add_url="new-url" [ "other-new-url" ]] [--remove_url="old-url" [ "other-old-url" ]] -# [--auth_header=true|false] [--clear_urls] -# | arg: -p, permission= - the name for the permission (by default a permission named "main" is removed automatically when the app is removed) -# | arg: -u, url= - (optional) URL for which access will be allowed/forbidden. -# | Note that if you want to remove url you can pass an empty sting as arguments (""). -# | arg: -a, add_url= - (optional) List of additional url to add for which access will be allowed/forbidden. -# | arg: -r, remove_url= - (optional) List of additional url to remove for which access will be allowed/forbidden -# | arg: -h, auth_header= - (optional) Define for the URL of this permission, if SSOwat pass the authentication header to the application -# | arg: -c, clear_urls - (optional) Clean all urls (url and additional_urls) -# -# Requires YunoHost version 3.7.0 or higher. -ynh_permission_url() { - # Declare an array to define the options of this helper. - local legacy_args=puarhc - local -A args_array=( [p]=permission= [u]=url= [a]=add_url= [r]=remove_url= [h]=auth_header= [c]=clear_urls ) - local permission - local url - local add_url - local remove_url - local auth_header - local clear_urls - ynh_handle_getopts_args "$@" - url=${url:-} - add_url=${add_url:-} - remove_url=${remove_url:-} - auth_header=${auth_header:-} - clear_urls=${clear_urls:-} - - if [[ -n $url ]] - then - url=",url='$url'" - fi - - if [[ -n $add_url ]] - then - # Convert a list from getopts to python list - # Note that getopts separate the args with ';' - # For example: - # --add_url /urlA /urlB - # will be: - # add_url=['/urlA', '/urlB'] - add_url=",add_url=['${add_url//;/\',\'}']" - fi - - if [[ -n $remove_url ]] - then - # Convert a list from getopts to python list - # Note that getopts separate the args with ';' - # For example: - # --remove_url /urlA /urlB - # will be: - # remove_url=['/urlA', '/urlB'] - remove_url=",remove_url=['${remove_url//;/\',\'}']" - fi - - if [[ -n $auth_header ]] - then - if [ $auth_header == "true" ] - then - auth_header=",auth_header=True" - else - auth_header=",auth_header=False" - fi - fi - - if [[ -n $clear_urls ]] && [ $clear_urls -eq 1 ] - then - clear_urls=",clear_urls=True" - fi - - yunohost tools shell -c "from yunohost.permission import permission_url; permission_url('$app.$permission' $url $add_url $remove_url $auth_header $clear_urls)" -} - - -# Update a permission for the app -# -# usage: ynh_permission_update --permission "permission" [--add="group" ["group" ...]] [--remove="group" ["group" ...]] -# [--label="label"] [--show_tile=true|false] [--protected=true|false] -# | arg: -p, permission= - the name for the permission (by default a permission named "main" already exist) -# | arg: -a, add= - the list of group or users to enable add to the permission -# | arg: -r, remove= - the list of group or users to remove from the permission -# | arg: -l, label= - (optional) Define a name for the permission. This label will be shown on the SSO and in the admin. -# | arg: -t, show_tile= - (optional) Define if a tile will be shown in the SSO -# | arg: -P, protected= - (optional) Define if this permission is protected. If it is protected the administrator -# | won't be able to add or remove the visitors group of this permission. -# -# Requires YunoHost version 3.7.0 or higher. -ynh_permission_update() { - # Declare an array to define the options of this helper. - local legacy_args=parltP - local -A args_array=( [p]=permission= [a]=add= [r]=remove= [l]=label= [t]=show_tile= [P]=protected= ) - local permission - local add - local remove - local label - local show_tile - local protected - ynh_handle_getopts_args "$@" - add=${add:-} - remove=${remove:-} - label=${label:-} - show_tile=${show_tile:-} - protected=${protected:-} - - if [[ -n $add ]] - then - # Convert a list from getopts to python list - # Note that getopts separate the args with ';' - # For example: - # --add alice bob - # will be: - # add=['alice', 'bob'] - add=",add=['${add//';'/"','"}']" - fi - if [[ -n $remove ]] - then - # Convert a list from getopts to python list - # Note that getopts separate the args with ';' - # For example: - # --remove alice bob - # will be: - # remove=['alice', 'bob'] - remove=",remove=['${remove//';'/"','"}']" - fi - - if [[ -n $label ]] - then - label=",label='$label'" - fi - - if [[ -n $show_tile ]] - then - if [ $show_tile == "true" ] - then - show_tile=",show_tile=True" - else - show_tile=",show_tile=False" - fi - fi - - if [[ -n $protected ]]; then - if [ $protected == "true" ] - then - protected=",protected=True" - else - protected=",protected=False" - fi - fi - - yunohost tools shell -c "from yunohost.permission import user_permission_update; user_permission_update('$app.$permission' $add $remove $label $show_tile $protected , force=True)" -} - -# Check if a permission has an user -# -# example: ynh_permission_has_user --permission=main --user=visitors -# -# usage: ynh_permission_has_user --permission=permission --user=user -# | arg: -p, --permission= - the permission to check -# | arg: -u, --user= - the user seek in the permission -# | exit: Return 1 if the permission doesn't have that user or doesn't exist, 0 otherwise -# -# Requires YunoHost version 3.7.1 or higher. -ynh_permission_has_user() { - local legacy_args=pu - # Declare an array to define the options of this helper. - local -A args_array=( [p]=permission= [u]=user= ) - local permission - local user - # Manage arguments with getopts - ynh_handle_getopts_args "$@" - - if ! ynh_permission_exists --permission=$permission - then - return 1 - fi - - yunohost user permission info "$app.$permission" | grep --word-regexp --quiet "$user" -} From 5c17ac5eeca711931b7c46ea8b94a8da1e62cd3f Mon Sep 17 00:00:00 2001 From: Kay0u Date: Thu, 31 Dec 2020 18:34:37 +0100 Subject: [PATCH 13/41] [wip] add legacy permissions management --- data/helpers.d/permission | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+) diff --git a/data/helpers.d/permission b/data/helpers.d/permission index 46d703d7b..fb0e8722b 100644 --- a/data/helpers.d/permission +++ b/data/helpers.d/permission @@ -368,3 +368,22 @@ ynh_permission_has_user() { yunohost user permission info "$app.$permission" | grep --word-regexp --quiet "$user" } + +ynh_legacy_permissions_exists () { + for permission in "skipped" "unprotected" "protected" + do + if ynh_permission_exists --permission="legacy_${permission}_uris"; then + return 0 + fi + done + return 1 +} + +ynh_legacy_permissions_delete_all () { + for permission in "skipped" "unprotected" "protected" + do + if ynh_permission_exists --permission="legacy_${permission}_uris"; then + ynh_permission_delete --permission="legacy_${permission}_uris" + fi + done +} From 9eb6fa1961c07c319bd6f4ab62f245d0a75f5626 Mon Sep 17 00:00:00 2001 From: Laurent Peuch Date: Fri, 1 Jan 2021 15:53:50 +0100 Subject: [PATCH 14/41] [enh] display domain_path of app on app list --- src/yunohost/app.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/yunohost/app.py b/src/yunohost/app.py index d32fb59a2..f5291e2ac 100644 --- a/src/yunohost/app.py +++ b/src/yunohost/app.py @@ -163,6 +163,9 @@ def app_info(app, full=False): 'version': local_manifest.get('version', '-'), } + if "domain" in settings and "path" in settings: + ret["domain_path"] = settings["domain"] + settings["path"] + if not full: return ret From 165d2b32259f03f7c9c7916dc64d9efea54e6fb2 Mon Sep 17 00:00:00 2001 From: Laurent Peuch Date: Fri, 1 Jan 2021 17:14:53 +0100 Subject: [PATCH 15/41] [mod] no catchall exceptions --- src/yunohost/domain.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/yunohost/domain.py b/src/yunohost/domain.py index 5d47aefe0..7dc4ee74d 100644 --- a/src/yunohost/domain.py +++ b/src/yunohost/domain.py @@ -162,7 +162,7 @@ def domain_add(operation_logger, domain, dyndns=False): # Force domain removal silently try: domain_remove(domain, True) - except: + except Exception: pass raise From f2dc7bacd115bd72a767bab825215f774b3ccb23 Mon Sep 17 00:00:00 2001 From: Laurent Peuch Date: Fri, 1 Jan 2021 17:28:08 +0100 Subject: [PATCH 16/41] [doc] tell users how to get all permissions --- data/actionsmap/yunohost.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/data/actionsmap/yunohost.yml b/data/actionsmap/yunohost.yml index 31b86c7ae..ff56c2ac8 100644 --- a/data/actionsmap/yunohost.yml +++ b/data/actionsmap/yunohost.yml @@ -307,7 +307,7 @@ user: api: GET /users/permissions/ arguments: permission: - help: Name of the permission to fetch info about + help: Name of the permission to fetch info about (use "yunohost user permission list" and "yunohost user permission -f" to see all the current permissions) ### user_permission_update() update: @@ -315,7 +315,7 @@ user: api: PUT /users/permissions/ arguments: permission: - help: Permission to manage (e.g. mail or nextcloud or wordpress.editors) + help: Permission to manage (e.g. mail or nextcloud or wordpress.editors) (use "yunohost user permission list" and "yunohost user permission -f" to see all the current permissions) -a: full: --add help: Group or usernames to grant this permission to @@ -346,7 +346,7 @@ user: api: DELETE /users/permissions/ arguments: permission: - help: Permission to manage (e.g. mail or nextcloud or wordpress.editors) + help: Permission to manage (e.g. mail or nextcloud or wordpress.editors) (use "yunohost user permission list" and "yunohost user permission -f" to see all the current permissions) ssh: subcategory_help: Manage ssh access From 2768def391ab580b011d954c880e7c5557d534bc Mon Sep 17 00:00:00 2001 From: Laurent Peuch Date: Fri, 1 Jan 2021 18:32:41 +0100 Subject: [PATCH 17/41] [mod] avoid calling app_list in user_permission_list --- src/yunohost/permission.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/yunohost/permission.py b/src/yunohost/permission.py index 547510323..d213ac61c 100644 --- a/src/yunohost/permission.py +++ b/src/yunohost/permission.py @@ -51,7 +51,7 @@ def user_permission_list(short=False, full=False, ignore_system_perms=False, abs """ # Fetch relevant informations - from yunohost.app import app_setting, app_list + from yunohost.app import app_setting, _installed_apps from yunohost.utils.ldap import _get_ldap_interface, _ldap_path_extract ldap = _get_ldap_interface() permissions_infos = ldap.search('ou=permission,dc=yunohost,dc=org', @@ -60,7 +60,7 @@ def user_permission_list(short=False, full=False, ignore_system_perms=False, abs 'URL', 'additionalUrls', 'authHeader', 'label', 'showTile', 'isProtected']) # Parse / organize information to be outputed - apps = [app["id"] for app in app_list()["apps"]] + apps = sorted(_installed_apps()) apps_base_path = {app: app_setting(app, 'domain') + app_setting(app, 'path') for app in apps if app_setting(app, 'domain') and app_setting(app, 'path')} From effc87da2698eb4aad12485cc076bad1c2be5c14 Mon Sep 17 00:00:00 2001 From: Laurent Peuch Date: Fri, 1 Jan 2021 18:19:42 +0100 Subject: [PATCH 18/41] [fix] key name of app label wasn't the real label --- src/yunohost/app.py | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/src/yunohost/app.py b/src/yunohost/app.py index f5291e2ac..89480d40d 100644 --- a/src/yunohost/app.py +++ b/src/yunohost/app.py @@ -154,12 +154,13 @@ def app_info(app, full=False): raise YunohostError('app_not_installed', app=app, all_apps=_get_all_installed_apps_id()) local_manifest = _get_manifest_of_app(os.path.join(APPS_SETTING_PATH, app)) + permissions = user_permission_list(full=True, absolute_urls=True)["permissions"] settings = _get_app_settings(app) ret = { 'description': _value_for_locale(local_manifest['description']), - 'name': local_manifest['name'], + 'name': permissions.get(app + ".main", {}).get("label", local_manifest['name']), 'version': local_manifest.get('version', '-'), } @@ -180,9 +181,10 @@ def app_info(app, full=False): ret['supports_backup_restore'] = (os.path.exists(os.path.join(APPS_SETTING_PATH, app, "scripts", "backup")) and os.path.exists(os.path.join(APPS_SETTING_PATH, app, "scripts", "restore"))) ret['supports_multi_instance'] = is_true(local_manifest.get("multi_instance", False)) - permissions = user_permission_list(full=True, absolute_urls=True)["permissions"] + ret['permissions'] = {p: i for p, i in permissions.items() if p.startswith(app + ".")} ret['label'] = permissions.get(app + ".main", {}).get("label") + if not ret['label']: logger.warning("Failed to get label for app %s ?" % app) return ret From c7d315c7e0f8d2e441f129f6a0c2529b2c6b1275 Mon Sep 17 00:00:00 2001 From: Laurent Peuch Date: Fri, 1 Jan 2021 17:44:07 +0100 Subject: [PATCH 19/41] [mod] also display app label on remove_domain with apps --- src/yunohost/domain.py | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/yunohost/domain.py b/src/yunohost/domain.py index 7dc4ee74d..2bd195f53 100644 --- a/src/yunohost/domain.py +++ b/src/yunohost/domain.py @@ -182,7 +182,7 @@ def domain_remove(operation_logger, domain, force=False): """ from yunohost.hook import hook_callback - from yunohost.app import app_ssowatconf + from yunohost.app import app_ssowatconf, app_info from yunohost.utils.ldap import _get_ldap_interface if not force and domain not in domain_list()['domains']: @@ -204,8 +204,9 @@ def domain_remove(operation_logger, domain, force=False): for app in _installed_apps(): settings = _get_app_settings(app) + label = app_info(app)["name"] if settings.get("domain") == domain: - apps_on_that_domain.append("%s (on https://%s%s)" % (app, domain, settings["path"]) if "path" in settings else app) + apps_on_that_domain.append("%s \"%s\" (on https://%s%s)" % (app, label, domain, settings["path"]) if "path" in settings else app) if apps_on_that_domain: raise YunohostError('domain_uninstall_app_first', apps=", ".join(apps_on_that_domain)) From e51a1b670e050c1a1842e44039e8e5fb64adae87 Mon Sep 17 00:00:00 2001 From: Laurent Peuch Date: Fri, 1 Jan 2021 19:13:43 +0100 Subject: [PATCH 20/41] [ux] add command instructions and suggest change-url for domain_uninstall_app_first --- locales/en.json | 2 +- src/yunohost/domain.py | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/locales/en.json b/locales/en.json index c24fc831c..f8f296a7b 100644 --- a/locales/en.json +++ b/locales/en.json @@ -277,7 +277,7 @@ "domain_dyndns_root_unknown": "Unknown DynDNS root domain", "domain_exists": "The domain already exists", "domain_hostname_failed": "Unable to set new hostname. This might cause an issue later (it might be fine).", - "domain_uninstall_app_first": "Those applications are still installed on your domain: {apps}. Please uninstall them before proceeding to domain removal", + "domain_uninstall_app_first": "Those applications are still installed on your domain:\n{apps}\n\nPlease uninstall them using 'yunohost app remove the_app_id' or move them to another domain using 'yunohost app change-url the_app_id' before proceeding to domain removal", "domain_name_unknown": "Domain '{domain}' unknown", "domain_unknown": "Unknown domain", "domains_available": "Available domains:", diff --git a/src/yunohost/domain.py b/src/yunohost/domain.py index 2bd195f53..d581b8426 100644 --- a/src/yunohost/domain.py +++ b/src/yunohost/domain.py @@ -206,10 +206,10 @@ def domain_remove(operation_logger, domain, force=False): settings = _get_app_settings(app) label = app_info(app)["name"] if settings.get("domain") == domain: - apps_on_that_domain.append("%s \"%s\" (on https://%s%s)" % (app, label, domain, settings["path"]) if "path" in settings else app) + apps_on_that_domain.append(" - %s \"%s\" on https://%s%s" % (app, label, domain, settings["path"]) if "path" in settings else app) if apps_on_that_domain: - raise YunohostError('domain_uninstall_app_first', apps=", ".join(apps_on_that_domain)) + raise YunohostError('domain_uninstall_app_first', apps="\n".join(apps_on_that_domain)) operation_logger.start() ldap = _get_ldap_interface() From c2a730f26ce8c029627b833a42013827a4674994 Mon Sep 17 00:00:00 2001 From: cricriiiiii Date: Tue, 17 Nov 2020 16:39:28 +0100 Subject: [PATCH 21/41] user update -p without argument allowed when not giving an argument (to avoid clear passwords in bash history) to "yunohost user update -p", now you are prompted for a password --- data/actionsmap/yunohost.yml | 3 +++ src/yunohost/user.py | 4 +++- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/data/actionsmap/yunohost.yml b/data/actionsmap/yunohost.yml index ff56c2ac8..8eee048f2 100644 --- a/data/actionsmap/yunohost.yml +++ b/data/actionsmap/yunohost.yml @@ -165,8 +165,11 @@ user: full: --change-password help: New password to set metavar: PASSWORD + nargs: "?" + const: 0 extra: pattern: *pattern_password + comment: good_practices_about_user_password --add-mailforward: help: Mailforward addresses to add nargs: "*" diff --git a/src/yunohost/user.py b/src/yunohost/user.py index 67fd43a03..6968744b3 100644 --- a/src/yunohost/user.py +++ b/src/yunohost/user.py @@ -325,7 +325,9 @@ def user_update(operation_logger, username, firstname=None, lastname=None, mail= if lastname and firstname: new_attr_dict['cn'] = new_attr_dict['displayName'] = [firstname + ' ' + lastname] - if change_password: + if change_password is not None: + if not change_password: + change_password = msignals.prompt(m18n.n("ask_password"), True, True) # Ensure sufficiently complex password assert_password_is_strong_enough("user", change_password) From 4c25f442c1c814e73c91b4259e3342b628fbb901 Mon Sep 17 00:00:00 2001 From: cricriiiiii Date: Fri, 11 Dec 2020 23:32:43 +0100 Subject: [PATCH 22/41] checking that we are in the cli interface --- src/yunohost/user.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/yunohost/user.py b/src/yunohost/user.py index 6968744b3..edb1c7c8f 100644 --- a/src/yunohost/user.py +++ b/src/yunohost/user.py @@ -325,8 +325,12 @@ def user_update(operation_logger, username, firstname=None, lastname=None, mail= if lastname and firstname: new_attr_dict['cn'] = new_attr_dict['displayName'] = [firstname + ' ' + lastname] + # change_password is None if user_update is not called to change the password if change_password is not None: - if not change_password: + # when in the cli interface if the option to change the password is called + # without a specified value, change_password will be set to the const 0. + # In this case we prompt for the new password. + if msettings.get('interface') == 'cli' and not change_password: change_password = msignals.prompt(m18n.n("ask_password"), True, True) # Ensure sufficiently complex password assert_password_is_strong_enough("user", change_password) From bb914db82e2aea2275af7885632aab1ce3caa667 Mon Sep 17 00:00:00 2001 From: "ljf (zamentur)" Date: Wed, 6 Jan 2021 01:12:27 +0100 Subject: [PATCH 23/41] [fix] Work around to avoid moulinette bug --- data/actionsmap/yunohost.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/data/actionsmap/yunohost.yml b/data/actionsmap/yunohost.yml index 8eee048f2..843ada746 100644 --- a/data/actionsmap/yunohost.yml +++ b/data/actionsmap/yunohost.yml @@ -169,7 +169,6 @@ user: const: 0 extra: pattern: *pattern_password - comment: good_practices_about_user_password --add-mailforward: help: Mailforward addresses to add nargs: "*" From 9d79bd8bee14f37f2ce0577a7b5a153da75a1980 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Wed, 6 Jan 2021 01:35:02 +0100 Subject: [PATCH 24/41] readd comment of https://github.com/YunoHost/yunohost/pull/1075/commits/aefdd424d8dcb3209dc51c381af62debf9914039 --- data/actionsmap/yunohost.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/data/actionsmap/yunohost.yml b/data/actionsmap/yunohost.yml index 843ada746..8eee048f2 100644 --- a/data/actionsmap/yunohost.yml +++ b/data/actionsmap/yunohost.yml @@ -169,6 +169,7 @@ user: const: 0 extra: pattern: *pattern_password + comment: good_practices_about_user_password --add-mailforward: help: Mailforward addresses to add nargs: "*" From 4a0526ec91ae4c196819ccd5cfe45774bf12208a Mon Sep 17 00:00:00 2001 From: Kay0u Date: Wed, 6 Jan 2021 12:04:09 +0100 Subject: [PATCH 25/41] Add doc --- data/helpers.d/permission | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/data/helpers.d/permission b/data/helpers.d/permission index fb0e8722b..1791425b5 100644 --- a/data/helpers.d/permission +++ b/data/helpers.d/permission @@ -369,6 +369,12 @@ ynh_permission_has_user() { yunohost user permission info "$app.$permission" | grep --word-regexp --quiet "$user" } +# Check if a legacy permissions exist +# +# usage: ynh_legacy_permissions_exists +# | exit: Return 1 if the permission doesn't exist, 0 otherwise +# +# Requires YunoHost version 4.1.2 or higher. ynh_legacy_permissions_exists () { for permission in "skipped" "unprotected" "protected" do @@ -379,6 +385,17 @@ ynh_legacy_permissions_exists () { return 1 } +# Remove all legacy permissions +# +# usage: ynh_legacy_permissions_delete_all +# +# example: +# if ynh_legacy_permissions_exists +# then +# ynh_legacy_permissions_delete_all +# # You can recreate the required permissions here with ynh_permission_create +# fi +# Requires YunoHost version 4.1.2 or higher. ynh_legacy_permissions_delete_all () { for permission in "skipped" "unprotected" "protected" do From 239dc539a198715073c4f5379980f7a43cd79eb3 Mon Sep 17 00:00:00 2001 From: Kay0u Date: Wed, 6 Jan 2021 16:34:55 +0100 Subject: [PATCH 26/41] use read_yaml for json because lol --- src/yunohost/utils/legacy.py | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/yunohost/utils/legacy.py b/src/yunohost/utils/legacy.py index 434746a28..f3269cce1 100644 --- a/src/yunohost/utils/legacy.py +++ b/src/yunohost/utils/legacy.py @@ -2,7 +2,7 @@ import os from moulinette import m18n from yunohost.utils.error import YunohostError from moulinette.utils.log import getActionLogger -from moulinette.utils.filesystem import read_json, write_to_json, read_yaml +from moulinette.utils.filesystem import write_to_json, read_yaml from yunohost.user import user_list, user_group_create, user_group_update from yunohost.app import app_setting, _installed_apps, _get_app_settings, _set_app_settings @@ -211,10 +211,12 @@ def migrate_legacy_permission_settings(app=None): def translate_legacy_rules_in_ssowant_conf_json_persistent(): - if not os.path.exists("/etc/ssowat/conf.json.persistent"): + persistent_file_name = "/etc/ssowat/conf.json.persistent" + if not os.path.exists(persistent_file_name): return - persistent = read_json("/etc/ssowat/conf.json.persistent") + # Ugly hack to try not to misarably fail migration + persistent = read_yaml(persistent_file_name) legacy_rules = [ "skipped_urls", @@ -271,6 +273,6 @@ def translate_legacy_rules_in_ssowant_conf_json_persistent(): "uris": protected_urls + persistent["permissions"].get("custom_protected", {}).get("uris", []), } - write_to_json("/etc/ssowat/conf.json.persistent", persistent, sort_keys=True, indent=4) + write_to_json(persistent_file_name, persistent, sort_keys=True, indent=4) logger.warning("Yunohost automatically translated some legacy rules in /etc/ssowat/conf.json.persistent to match the new permission system") From 121bcbcc486f36876cd9f6acce7b229af085c2cc Mon Sep 17 00:00:00 2001 From: ppr Date: Sat, 2 Jan 2021 16:39:43 +0000 Subject: [PATCH 27/41] Translated using Weblate (French) Currently translated at 99.6% (628 of 630 strings) Translation: YunoHost/core Translate-URL: https://translate.yunohost.org/projects/yunohost/core/fr/ --- locales/fr.json | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/locales/fr.json b/locales/fr.json index 90190c223..47706d038 100644 --- a/locales/fr.json +++ b/locales/fr.json @@ -54,7 +54,7 @@ "domain_dyndns_already_subscribed": "Vous avez déjà souscris à un domaine DynDNS", "domain_dyndns_root_unknown": "Domaine DynDNS principal inconnu", "domain_exists": "Le domaine existe déjà", - "domain_uninstall_app_first": "Ces applications sont toujours installées sur votre domaine: {apps}. Veuillez d’abord les désinstaller avant de supprimer ce domaine", + "domain_uninstall_app_first": "Ces applications sont toujours installées sur votre domaine '{domain}' :\n{apps}\n\nAfin de pouvoir procéder à la suppression du domaine '{domain}', vous devez préalablement :\n- soit désinstaller toutes ces applications avec la commande 'yunohost app remove nom-de-l-application' ;\n- soit déplacer toutes ces applications vers un autre domaine avec la commande 'yunohost app change-url nom-de-l-application'", "domain_unknown": "Domaine inconnu", "done": "Terminé", "downloading": "Téléchargement en cours …", @@ -690,5 +690,6 @@ "additional_urls_already_removed": "URL supplémentaire '{url:s}' déjà supprimée pour la permission '{permission:s}'", "migration_0019_rollback_success": "Retour à l'état antérieur du système.", "invalid_number": "Doit être un nombre", - "migration_description_0019_extend_permissions_features": "Étendre et retravailler le système de gestion des permissions applicatives" + "migration_description_0019_extend_permissions_features": "Étendre et retravailler le système de gestion des permissions applicatives", + "diagnosis_basesystem_hardware_model": "Le modèle ou l'architecture du serveur est '{model}'." } From 69f9ac4b86bd533ab9e57f0fbab05513cd62d587 Mon Sep 17 00:00:00 2001 From: Christian Wehrli Date: Mon, 4 Jan 2021 19:22:47 +0000 Subject: [PATCH 28/41] Translated using Weblate (German) Currently translated at 58.0% (366 of 631 strings) Translation: YunoHost/core Translate-URL: https://translate.yunohost.org/projects/yunohost/core/de/ --- locales/de.json | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/locales/de.json b/locales/de.json index 05b6b2a5e..7811d3677 100644 --- a/locales/de.json +++ b/locales/de.json @@ -181,7 +181,7 @@ "certmanager_cert_signing_failed": "Das neue Zertifikat konnte nicht signiert werden", "certmanager_no_cert_file": "Die Zertifikatsdatei für die Domain {domain:s} (Datei: {file:s}) konnte nicht gelesen werden", "certmanager_conflicting_nginx_file": "Die Domain konnte nicht für die ACME challenge vorbereitet werden: Die nginx Konfigurationsdatei {filepath:s} verursacht Probleme und sollte vorher entfernt werden", - "domain_cannot_remove_main": "Die primäre Domain konnten nicht entfernt werden. Lege zuerst einen neue primäre Domain fest", + "domain_cannot_remove_main": "Die primäre Domain konnten nicht entfernt werden. Lege zuerst einen neue primäre Domain Sie können die Domäne '{domain:s}' nicht entfernen, weil Sie die Hauptdomäne ist. Sie müssen zuerst eine andere Domäne als Hauptdomäne festlegen. Sie können das mit dem Befehl 'yunohost domain main-domain -n tun. Hier ist eine Liste der möglichen Domänen: {other_domains:s}", "certmanager_self_ca_conf_file_not_found": "Die Konfigurationsdatei der Zertifizierungsstelle für selbstsignierte Zertifikate wurde nicht gefunden (Datei {file:s})", "certmanager_acme_not_configured_for_domain": "Die ACME Challenge kann im Moment nicht für {domain} ausgeführt werden, weil in ihrer nginx conf das entsprechende Code-Snippet fehlt... Bitte stellen Sie sicher, dass Ihre nginx-Konfiguration mit 'yunohost tools regen-conf nginx --dry-run --with-diff' auf dem neuesten Stand ist.", "certmanager_unable_to_parse_self_CA_name": "Der Name der Zertifizierungsstelle für selbstsignierte Zertifikate konnte nicht aufgelöst werden (Datei: {file:s})", @@ -472,5 +472,8 @@ "diagnosis_http_hairpinning_issue_details": "Das ist wahrscheinlich aufgrund Ihrer ISP Box / Router. Als Konsequenz können Personen von ausserhalb Ihres Netzwerkes aber nicht von innerhalb Ihres lokalen Netzwerkes (wie wahrscheinlich Sie selber?) wie gewohnt auf Ihren Server zugreifen, wenn Sie ihre Domäne oder Ihre öffentliche IP verwenden. Sie können die Situation wahrscheinlich verbessern, indem Sie ein einen Blick in https://yunohost.org/dns_local_network werfen", "diagnosis_http_nginx_conf_not_up_to_date": "Jemand hat anscheinend die Konfiguration von Nginx manuell geändert. Diese Änderung verhindert, dass Yunohost eine Diagnose durchführen kann, wenn er via HTTP erreichbar ist.", "diagnosis_http_bad_status_code": "Anscheinend beantwortet ein anderes Gerät als Ihr Server die Anfrage (Vielleicht ihr Internetrouter).
1. Die häufigste Ursache ist, dass Port 80 (und 443) nicht richtig auf Ihren Server weitergeleitet wird.
2. Bei komplexeren Setups: Vergewissern Sie sich, dass keine Firewall und keine Reverse-Proxy interferieren.", - "diagnosis_never_ran_yet": "Sie haben kürzlich einen neuen Yunohost-Server installiert aber es gibt davon noch keinen Diagnosereport. Sie sollten eine Diagnose anstossen. Sie können das entweder vom Webadmin aus oder in der Kommandozeile machen. In der Kommandozeile verwenden Sie dafür den Befehl 'yunohost diagnosis run'." + "diagnosis_never_ran_yet": "Sie haben kürzlich einen neuen Yunohost-Server installiert aber es gibt davon noch keinen Diagnosereport. Sie sollten eine Diagnose anstossen. Sie können das entweder vom Webadmin aus oder in der Kommandozeile machen. In der Kommandozeile verwenden Sie dafür den Befehl 'yunohost diagnosis run'.", + "diagnosis_http_nginx_conf_not_up_to_date_details": "Um dieses Problem zu beheben, geben Sie in der Kommandozeile yunohost tools regen-conf nginx --dry-run --with-diff ein. Dieses Tool zeigt ihnen den Unterschied an. Wenn Sie damit einverstanden sind, können Sie mit yunohost tools regen-conf nginx --force die Änderungen übernehmen.", + "diagnosis_backports_in_sources_list": "Sie haben anscheinend apt (den Paketmanager) für das Backports-Repository konfiguriert. Wir raten strikte davon ab, Pakete aus dem Backports-Repository zu installieren. Diese würden wahrscheinlich zu Instabilitäten und Konflikten führen. Es sei denn, Sie wissen was Sie tun.", + "diagnosis_basesystem_hardware_model": "Das Servermodell ist {model}" } From 987f08dcd91de02bbfce66b370855e78c49902c5 Mon Sep 17 00:00:00 2001 From: ppr Date: Sun, 3 Jan 2021 22:07:11 +0000 Subject: [PATCH 29/41] Translated using Weblate (French) Currently translated at 99.5% (628 of 631 strings) Translation: YunoHost/core Translate-URL: https://translate.yunohost.org/projects/yunohost/core/fr/ --- locales/fr.json | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/locales/fr.json b/locales/fr.json index 47706d038..f50604539 100644 --- a/locales/fr.json +++ b/locales/fr.json @@ -691,5 +691,6 @@ "migration_0019_rollback_success": "Retour à l'état antérieur du système.", "invalid_number": "Doit être un nombre", "migration_description_0019_extend_permissions_features": "Étendre et retravailler le système de gestion des permissions applicatives", - "diagnosis_basesystem_hardware_model": "Le modèle ou l'architecture du serveur est '{model}'." + "diagnosis_basesystem_hardware_model": "Le modèle ou l'architecture du serveur est '{model}'.", + "diagnosis_backports_in_sources_list": "Il semble qu'apt (le gestionnaire de paquets) soit configuré pour utiliser le dépôt des rétroportages (backports). A moins que vous ne sachiez vraiment ce que vous faites, nous vous déconseillons fortement d'installer des paquets provenant des rétroportages, car cela risque de créer des instabilités ou des conflits sur votre système." } From 6705e707c55865fc1eeac3e61eb04e7f121ce6ba Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Wed, 6 Jan 2021 18:43:02 +0100 Subject: [PATCH 30/41] Fix translation --- locales/fr.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/locales/fr.json b/locales/fr.json index f50604539..91ec63a5d 100644 --- a/locales/fr.json +++ b/locales/fr.json @@ -691,6 +691,6 @@ "migration_0019_rollback_success": "Retour à l'état antérieur du système.", "invalid_number": "Doit être un nombre", "migration_description_0019_extend_permissions_features": "Étendre et retravailler le système de gestion des permissions applicatives", - "diagnosis_basesystem_hardware_model": "Le modèle ou l'architecture du serveur est '{model}'.", + "diagnosis_basesystem_hardware_model": "Le modèle du serveur est '{model}'.", "diagnosis_backports_in_sources_list": "Il semble qu'apt (le gestionnaire de paquets) soit configuré pour utiliser le dépôt des rétroportages (backports). A moins que vous ne sachiez vraiment ce que vous faites, nous vous déconseillons fortement d'installer des paquets provenant des rétroportages, car cela risque de créer des instabilités ou des conflits sur votre système." } From 2fd5f3886ab6d24b07fb49c41d1e957d38b8f9ea Mon Sep 17 00:00:00 2001 From: Kay0u Date: Wed, 6 Jan 2021 20:34:13 +0100 Subject: [PATCH 31/41] fix locale test --- locales/fr.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/locales/fr.json b/locales/fr.json index 91ec63a5d..83ad72612 100644 --- a/locales/fr.json +++ b/locales/fr.json @@ -54,7 +54,7 @@ "domain_dyndns_already_subscribed": "Vous avez déjà souscris à un domaine DynDNS", "domain_dyndns_root_unknown": "Domaine DynDNS principal inconnu", "domain_exists": "Le domaine existe déjà", - "domain_uninstall_app_first": "Ces applications sont toujours installées sur votre domaine '{domain}' :\n{apps}\n\nAfin de pouvoir procéder à la suppression du domaine '{domain}', vous devez préalablement :\n- soit désinstaller toutes ces applications avec la commande 'yunohost app remove nom-de-l-application' ;\n- soit déplacer toutes ces applications vers un autre domaine avec la commande 'yunohost app change-url nom-de-l-application'", + "domain_uninstall_app_first": "Ces applications sont toujours installées sur votre domaine :\n{apps}\n\nAfin de pouvoir procéder à la suppression du domaine, vous devez préalablement :\n- soit désinstaller toutes ces applications avec la commande 'yunohost app remove nom-de-l-application' ;\n- soit déplacer toutes ces applications vers un autre domaine avec la commande 'yunohost app change-url nom-de-l-application'", "domain_unknown": "Domaine inconnu", "done": "Terminé", "downloading": "Téléchargement en cours …", From 54fb87fa543ccb188c8b546d26f095abc945b2a4 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Thu, 7 Jan 2021 00:52:20 +0100 Subject: [PATCH 32/41] Update changelog for 4.1.3 --- debian/changelog | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/debian/changelog b/debian/changelog index 9b824d9de..c3eaed4ca 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,18 @@ +yunohost (4.1.3) testing; urgency=low + + - [enh] Do not advertise upgrades for bad-quality apps ([#1066](https://github.com/yunohost/yunohost/pull/1066)) + - [enh] Display domain_path of app in the output of app list ([#1120](https://github.com/yunohost/yunohost/pull/1120)) + - [enh] Diagnosis: report usage of backports repository in apt's sources.list ([#1069](https://github.com/yunohost/yunohost/pull/1069)) + - [mod] Code cleanup, misc fixes (165d2b32, [#1121](https://github.com/yunohost/yunohost/pull/1121), [#1122](https://github.com/yunohost/yunohost/pull/1122), [#1123](https://github.com/yunohost/yunohost/pull/1123), [#1131](https://github.com/yunohost/yunohost/pull/1131)) + - [mod] Also display app label on remove_domain with apps ([#1124](https://github.com/yunohost/yunohost/pull/1124)) + - [enh] Be able to change user password in CLI without writing it in clear ([#1075](https://github.com/YunoHost/yunohost/pull/1075)) + - [enh] New permissions helpers ([#1117](https://github.com/yunohost/yunohost/pull/1117)) + - [i18n] Translations updated for French, German + + Thanks to all contributors <3 ! (C. Wehrli, cricriiiiii, Kay0u, Bram, ljf, ppr) + + -- Alexandre Aubin Thu, 07 Jan 2021 00:46:09 +0100 + yunohost (4.1.2) testing; urgency=low - [enh] diagnosis: Detect moar hardware name (b685a274) From f56a00d4a7d344ffd1ca5de841171734f81508ab Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Fri, 8 Jan 2021 03:14:07 +0100 Subject: [PATCH 33/41] Update changelog for 4.1.4 --- debian/changelog | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/debian/changelog b/debian/changelog index c3eaed4ca..d1a1b3673 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,12 @@ +yunohost (4.1.4) stable; urgency=low + + - [fix] firewall: force source port for UPnP. ([#1109](https://github.com/yunohost/yunohost/pull/1109)) + - Stable release + + Thanks to all contributors <3 ! (Léo Le Bouter) + + -- Alexandre Aubin Fri, 08 Jan 2021 03:09:14 +0100 + yunohost (4.1.3) testing; urgency=low - [enh] Do not advertise upgrades for bad-quality apps ([#1066](https://github.com/yunohost/yunohost/pull/1066)) From b25cde0b672c62197880d1db67197684527ea4ee Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Fri, 8 Jan 2021 15:57:41 +0100 Subject: [PATCH 34/41] [fix] Make sure relay_user var exists in all cases (otherwise in the jinja template later, relay_user != "" is True if the var doesn't exists...) --- data/hooks/conf_regen/19-postfix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/data/hooks/conf_regen/19-postfix b/data/hooks/conf_regen/19-postfix index 29787576e..1af4f345f 100755 --- a/data/hooks/conf_regen/19-postfix +++ b/data/hooks/conf_regen/19-postfix @@ -26,11 +26,13 @@ do_pre_regen() { # Add possibility to specify a relay # Could be useful with some isp with no 25 port open or more complex setup + export relay_port="" + export relay_user="" export relay_host="$(yunohost settings get 'smtp.relay.host')" if [ -n "${relay_host}" ] then - export relay_port="$(yunohost settings get 'smtp.relay.port')" - export relay_user="$(yunohost settings get 'smtp.relay.user')" + relay_port="$(yunohost settings get 'smtp.relay.port')" + relay_user="$(yunohost settings get 'smtp.relay.user')" relay_password="$(yunohost settings get 'smtp.relay.password')" # Avoid to display "Relay account paswword" to other users From 48672b1ec0a5e2303a59292f8e2cb3356401307e Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Fri, 8 Jan 2021 16:21:25 +0100 Subject: [PATCH 35/41] Update changelog for 4.1.4.1 --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index d1a1b3673..82245665b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +yunohost (4.1.4.1) stable; urgency=low + + - [hotfix] Postfix conf always included the relay snippets (b25cde0b) + + -- Alexandre Aubin Fri, 08 Jan 2021 16:21:07 +0100 + yunohost (4.1.4) stable; urgency=low - [fix] firewall: force source port for UPnP. ([#1109](https://github.com/yunohost/yunohost/pull/1109)) From 8f1b05f3cf9cb3367e0fb8b882da981ca0c8d82a Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sat, 9 Jan 2021 18:08:23 +0100 Subject: [PATCH 36/41] [fix] Prevent info from being redacted (because of foobar_key=) by the logging system --- data/helpers.d/utils | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/data/helpers.d/utils b/data/helpers.d/utils index 3ab56747e..70643c64a 100644 --- a/data/helpers.d/utils +++ b/data/helpers.d/utils @@ -583,12 +583,12 @@ ynh_app_upstream_version () { if [[ "$manifest" != "" ]] && [[ -e "$manifest" ]]; then - version_key=$(ynh_read_manifest --manifest="$manifest" --manifest_key="version") + version_key_=$(ynh_read_manifest --manifest="$manifest" --manifest_key="version") else - version_key=$YNH_APP_MANIFEST_VERSION + version_key_=$YNH_APP_MANIFEST_VERSION fi - echo "${version_key/~ynh*/}" + echo "${version_key_/~ynh*/}" } # Read package version from the manifest @@ -611,8 +611,8 @@ ynh_app_package_version () { # Manage arguments with getopts ynh_handle_getopts_args "$@" - version_key=$YNH_APP_MANIFEST_VERSION - echo "${version_key/*~ynh/}" + version_key_=$YNH_APP_MANIFEST_VERSION + echo "${version_key_/*~ynh/}" } # Checks the app version to upgrade with the existing app version and returns: From 00508c96980eded5ba9b1e0b28b72c3056c43ffd Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sat, 9 Jan 2021 18:10:41 +0100 Subject: [PATCH 37/41] For some reason sometimes submetadata is None ... --- src/yunohost/log.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/yunohost/log.py b/src/yunohost/log.py index cf108b989..7e9ae18e6 100644 --- a/src/yunohost/log.py +++ b/src/yunohost/log.py @@ -257,7 +257,7 @@ def log_display(path, number=None, share=False, filter_irrelevant=False, with_su except Exception: continue - if submetadata.get("parent") == base_filename: + if submetadata and submetadata.get("parent") == base_filename: yield { "name": filename[:-len(METADATA_FILE_EXT)], "description": _get_description_from_name(filename[:-len(METADATA_FILE_EXT)]), From ac4b62cebc1214862767be564d199d62bc16e698 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sat, 9 Jan 2021 18:16:08 +0100 Subject: [PATCH 38/41] Reduce the noise in logs because of ynh_app_setting --- data/helpers.d/setting | 2 ++ 1 file changed, 2 insertions(+) diff --git a/data/helpers.d/setting b/data/helpers.d/setting index 883bd9dfe..e3c9c2f34 100644 --- a/data/helpers.d/setting +++ b/data/helpers.d/setting @@ -78,6 +78,7 @@ ynh_app_setting_delete() { # ynh_app_setting() { + set +o xtrace # set +x ACTION="$1" APP="$2" KEY="$3" VALUE="${4:-}" python2.7 - < Date: Sat, 9 Jan 2021 19:00:00 +0100 Subject: [PATCH 39/41] Update changelog for 4.1.4.2 --- debian/changelog | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/debian/changelog b/debian/changelog index 82245665b..d7abb6c92 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,11 @@ +yunohost (4.1.4.2) stable; urgency=low + + - [fix] Prevent info from being redacted (because of foobar_key=) by the logging system (8f1b05f3) + - [fix] For some reason sometimes submetadata is None ... (00508c96) + - [enh] Reduce the noise in logs because of ynh_app_setting (ac4b62ce) + + -- Alexandre Aubin Sat, 09 Jan 2021 18:59:01 +0100 + yunohost (4.1.4.1) stable; urgency=low - [hotfix] Postfix conf always included the relay snippets (b25cde0b) From 30dde208dc062e5a0477328145a8e1ddb9e67360 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sat, 9 Jan 2021 23:57:09 +0100 Subject: [PATCH 40/41] Fix ynh_replace_vars in case var is define but empty --- data/helpers.d/utils | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/data/helpers.d/utils b/data/helpers.d/utils index 70643c64a..62d7b0c0b 100644 --- a/data/helpers.d/utils +++ b/data/helpers.d/utils @@ -393,7 +393,8 @@ ynh_replace_vars () { for one_var in "${uniques_vars[@]}" do # Validate that one_var is indeed defined - test -n "${!one_var:-}" || ynh_die --message="\$$one_var wasn't initialized when trying to replace __${one_var^^}__ in $file" + # Explanation for the weird '+x' syntax: https://stackoverflow.com/a/13864829 + test -n "${one_var+x}" || ynh_die --message="Variable \$$one_var wasn't initialized when trying to replace __${one_var^^}__ in $file" # Escape delimiter in match/replace string match_string="__${one_var^^}__" From 807b577cf27b363bf6db6daade2d6ad836cdd08e Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sun, 10 Jan 2021 01:59:24 +0100 Subject: [PATCH 41/41] Update changelog for 4.1.4.3 --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index d7abb6c92..dfe5f65b7 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +yunohost (4.1.4.3) stable; urgency=low + + - [fix] ynh_replace_vars in case var is defined but empty (30dde208) + + -- Alexandre Aubin Sun, 10 Jan 2021 01:58:35 +0100 + yunohost (4.1.4.2) stable; urgency=low - [fix] Prevent info from being redacted (because of foobar_key=) by the logging system (8f1b05f3)