Merge branch 'bullseye' into manifestv2

.coveragerc

@@ -1,2 +1,2 @@
 [report]
-omit=src/yunohost/tests/*,src/yunohost/vendor/*,/usr/lib/moulinette/yunohost/*
+omit=src/tests/*,src/vendor/*,/usr/lib/moulinette/yunohost/*

.gitignore

@@ -31,7 +31,7 @@ pip-log.txt
 .mr.developer.cfg
 
 # moulinette lib
-src/yunohost/locales
+src/locales
 
 # Test
-src/yunohost/tests/apps
+src/tests/apps

.gitlab-ci.yml

@@ -19,6 +19,8 @@ workflow:
     - if: $CI_PIPELINE_SOURCE == "merge_request_event" # If we move to gitlab one day
     - if: $CI_PIPELINE_SOURCE == "external_pull_request_event" # For github PR
     - if: $CI_COMMIT_TAG # For tags
+    - if: $CI_COMMIT_REF_NAME == "ci-format-dev"  # Ignore black formatting branch created by the CI
+      when: never
     - if: $CI_COMMIT_REF_NAME != $CI_DEFAULT_BRANCH  && $CI_PIPELINE_SOURCE == "push" # If it's not the default branch and if it's a push, then do not trigger a build
       when: never
     - when: always

.gitlab/ci/build.gitlab-ci.yml

@@ -5,11 +5,13 @@
     YNH_SOURCE: "https://github.com/yunohost"
   before_script:
     - mkdir -p $YNH_BUILD_DIR
+    - DEBIAN_FRONTEND=noninteractive apt update
   artifacts:
     paths:
       - $YNH_BUILD_DIR/*.deb
 
 .build_script: &build_script
+  - DEBIAN_FRONTEND=noninteractive apt --assume-yes -o Dpkg::Options::="--force-confold" install devscripts --no-install-recommends
   - cd $YNH_BUILD_DIR/$PACKAGE
   - VERSION=$(dpkg-parsechangelog -S Version 2>/dev/null)
   - VERSION_NIGHTLY="${VERSION}+$(date +%Y%m%d%H%M)"

.gitlab/ci/lint.gitlab-ci.yml

@@ -3,28 +3,27 @@
 ########################################
 # later we must fix lint and format-check jobs and remove "allow_failure"
 
----
-lint37:
+lint39:
   stage: lint
   image: "before-install"
   needs: []
   allow_failure: true
   script:
-    - tox -e py37-lint
+    - tox -e py39-lint
 
-invalidcode37:
+invalidcode39:
   stage: lint
   image: "before-install"
   needs: []
   script:
-    - tox -e py37-invalidcode
+    - tox -e py39-invalidcode
 
 mypy:
   stage: lint
   image: "before-install"
   needs: []
   script:
-    - tox -e py37-mypy
+    - tox -e py39-mypy
 
 black:
   stage: lint
@@ -39,7 +38,7 @@ black:
   script:
     # create a local branch that will overwrite distant one
     - git checkout -b "ci-format-${CI_COMMIT_REF_NAME}" --no-track
-    - tox -e py37-black-run
+    - tox -e py39-black-run
     - '[ $(git diff | wc -l) != 0 ] || exit 0'  # stop if there is nothing to commit
     - git commit -am "[CI] Format code with Black" || true
     - git push -f origin "ci-format-${CI_COMMIT_REF_NAME}":"ci-format-${CI_COMMIT_REF_NAME}"

.gitlab/ci/test.gitlab-ci.yml

@@ -1,6 +1,7 @@
 .install_debs: &install_debs
     - apt-get update -o Acquire::Retries=3
     - DEBIAN_FRONTEND=noninteractive SUDO_FORCE_REMOVE=yes apt --assume-yes -o Dpkg::Options::="--force-confold" --allow-downgrades install ./$YNH_BUILD_DIR/*.deb
+    - pip3 install -U mock pip pytest pytest-cov pytest-mock pytest-sugar requests-mock tox ansi2html black jinja2
 
 .test-stage:
   stage: tests
@@ -11,7 +12,7 @@
     - *install_debs
   cache:
     paths: 
-      - src/yunohost/tests/apps
+      - src/tests/apps
     key: "$CI_JOB_STAGE-$CI_COMMIT_REF_SLUG"
   needs:
       - job: build-yunohost
@@ -22,7 +23,6 @@
         artifacts: true
       - job: upgrade
 
-
 ########################################
 # TESTS
 ########################################
@@ -36,7 +36,7 @@ full-tests:
     - *install_debs
     - yunohost tools postinstall -d domain.tld -p the_password --ignore-dyndns --force-diskspace
   script:
-    - python3 -m pytest --cov=yunohost tests/ src/yunohost/tests/ data/hooks/diagnosis/ --junitxml=report.xml
+    - python3 -m pytest --cov=yunohost tests/ src/tests/ src/diagnosers/ --junitxml=report.xml
     - cd tests
     - bash test_helpers.sh
   needs:
@@ -50,31 +50,13 @@ full-tests:
     reports:
       junit: report.xml
 
-test-i18n-keys:
-  extends: .test-stage
-  script:
-    - python3 -m pytest tests/test_i18n_keys.py
-  only:
-    changes:
-      - locales/en.json
-      - src/yunohost/*.py
-      - data/hooks/diagnosis/*.py
-
-test-translation-format-consistency:
-  extends: .test-stage
-  script:
-    - python3 -m pytest tests/test_translation_format_consistency.py
-  only:
-    changes:
-      - locales/*
-
 test-actionmap:
   extends: .test-stage
   script:
     - python3 -m pytest tests/test_actionmap.py
   only:
     changes:
-      - data/actionsmap/*.yml
+      - share/actionsmap.yml
 
 test-helpers:
   extends: .test-stage
@@ -83,126 +65,126 @@ test-helpers:
     - bash test_helpers.sh
   only:
     changes:
-      - data/helpers.d/*
+      - helpers/*
 
 test-domains:
   extends: .test-stage
   script:
-    - python3 -m pytest src/yunohost/tests/test_domains.py
+    - python3 -m pytest src/tests/test_domains.py
   only:
     changes:
-      - src/yunohost/domain.py
+      - src/domain.py
 
 test-dns:
   extends: .test-stage
   script:
-    - python3 -m pytest src/yunohost/tests/test_dns.py
+    - python3 -m pytest src/tests/test_dns.py
   only:
     changes:
-      - src/yunohost/dns.py
-      - src/yunohost/utils/dns.py
+      - src/dns.py
+      - src/utils/dns.py
 
 test-apps:
   extends: .test-stage
   script:
-    - python3 -m pytest src/yunohost/tests/test_apps.py
+    - python3 -m pytest src/tests/test_apps.py
   only:
     changes:
-      - src/yunohost/app.py
+      - src/app.py
 
 test-appscatalog:
   extends: .test-stage
   script:
-    - python3 -m pytest src/yunohost/tests/test_app_catalog.py
+    - python3 -m pytest src/tests/test_app_catalog.py
   only:
     changes:
-      - src/yunohost/app_calalog.py
+      - src/app_calalog.py
 
 test-appurl:
   extends: .test-stage
   script:
-    - python3 -m pytest src/yunohost/tests/test_appurl.py
+    - python3 -m pytest src/tests/test_appurl.py
   only:
     changes:
-      - src/yunohost/app.py
+      - src/app.py
 
 test-questions:
   extends: .test-stage
   script:
-    - python3 -m pytest src/yunohost/tests/test_questions.py
+    - python3 -m pytest src/tests/test_questions.py
   only:
     changes:
-      - src/yunohost/utils/config.py
+      - src/utils/config.py
 
 test-app-config:
   extends: .test-stage
   script:
-    - python3 -m pytest src/yunohost/tests/test_app_config.py
+    - python3 -m pytest src/tests/test_app_config.py
   only:
     changes:
-      - src/yunohost/app.py
-      - src/yunohost/utils/config.py
+      - src/app.py
+      - src/utils/config.py
 
 test-changeurl:
   extends: .test-stage
   script:
-    - python3 -m pytest src/yunohost/tests/test_changeurl.py
+    - python3 -m pytest src/tests/test_changeurl.py
   only:
     changes:
-      - src/yunohost/app.py
+      - src/app.py
 
 test-backuprestore:
   extends: .test-stage
   script:
-    - python3 -m pytest src/yunohost/tests/test_backuprestore.py
+    - python3 -m pytest src/tests/test_backuprestore.py
   only:
     changes:
-      - src/yunohost/backup.py
+      - src/backup.py
 
 test-permission:
   extends: .test-stage
   script:
-    - python3 -m pytest src/yunohost/tests/test_permission.py
+    - python3 -m pytest src/tests/test_permission.py
   only:
     changes:
-      - src/yunohost/permission.py
+      - src/permission.py
 
 test-settings:
   extends: .test-stage
   script:
-    - python3 -m pytest src/yunohost/tests/test_settings.py
+    - python3 -m pytest src/tests/test_settings.py
   only:
     changes:
-      - src/yunohost/settings.py
+      - src/settings.py
 
 test-user-group:
   extends: .test-stage
   script:
-    - python3 -m pytest src/yunohost/tests/test_user-group.py
+    - python3 -m pytest src/tests/test_user-group.py
   only:
     changes:
-      - src/yunohost/user.py
+      - src/user.py
 
 test-regenconf:
   extends: .test-stage
   script:
-    - python3 -m pytest src/yunohost/tests/test_regenconf.py
+    - python3 -m pytest src/tests/test_regenconf.py
   only:
     changes:
-      - src/yunohost/regenconf.py
+      - src/regenconf.py
 
 test-service:
   extends: .test-stage
   script:
-    - python3 -m pytest src/yunohost/tests/test_service.py
+    - python3 -m pytest src/tests/test_service.py
   only:
     changes:
-      - src/yunohost/service.py
+      - src/service.py
 
 test-ldapauth:
   extends: .test-stage
   script:
-    - python3 -m pytest src/yunohost/tests/test_ldapauth.py
+    - python3 -m pytest src/tests/test_ldapauth.py
   only:
     changes:
-      - src/yunohost/authenticators/*.py
+      - src/authenticators/*.py

.gitlab/ci/translation.gitlab-ci.yml

@@ -1,6 +1,15 @@
 ########################################
 # TRANSLATION
 ########################################
+test-i18n-keys:
+  stage: translation
+  script:
+    - python3 maintenance/missing_i18n_keys --check
+  only:
+    changes:
+      - locales/en.json
+      - src/*.py
+      - src/diagnosers/*.py
 
 autofix-translated-strings:
   stage: translation
@@ -12,12 +21,10 @@ autofix-translated-strings:
     - git config --global user.name "$GITHUB_USER"
     - git remote set-url origin https://$GITHUB_TOKEN:x-oauth-basic@github.com/YunoHost/yunohost.git
   script:
-    - cd tests # Maybe move this script location to another folder?
     # create a local branch that will overwrite distant one
     - git checkout -b "ci-autofix-translated-strings-${CI_COMMIT_REF_NAME}" --no-track
-    - python3 remove_stale_translated_strings.py
-    - python3 autofix_locale_format.py
-    - python3 reformat_locales.py
+    - python3 maintenance/missing_i18n_keys --fix
+    - python3 maintenanceautofix_locale_format.py
     - '[ $(git diff -w | wc -l) != 0 ] || exit 0'  # stop if there is nothing to commit
     - git commit -am "[CI] Reformat / remove stale translated strings" || true
     - git push -f origin "HEAD":"ci-remove-stale-translated-strings-${CI_COMMIT_REF_NAME}"

bin/yunohost

@@ -4,45 +4,48 @@
 import os
 import sys
 import argparse
-
-sys.path.insert(0, "/usr/lib/moulinette/")
 import yunohost
 
 
 def _parse_cli_args():
     """Parse additional arguments for the cli"""
     parser = argparse.ArgumentParser(add_help=False)
-    parser.add_argument('--output-as',
-        choices=['json', 'plain', 'none'], default=None,
-        help="Output result in another format"
+    parser.add_argument(
+        "--output-as",
+        choices=["json", "plain", "none"],
+        default=None,
+        help="Output result in another format",
     )
-    parser.add_argument('--debug',
-        action='store_true', default=False,
-        help="Log and print debug messages"
+    parser.add_argument(
+        "--debug",
+        action="store_true",
+        default=False,
+        help="Log and print debug messages",
     )
-    parser.add_argument('--quiet',
-        action='store_true', default=False,
-        help="Don't produce any output"
+    parser.add_argument(
+        "--quiet", action="store_true", default=False, help="Don't produce any output"
     )
-    parser.add_argument('--timeout',
-        type=int, default=None,
-        help="Number of seconds before this command will timeout because it can't acquire the lock (meaning that another command is currently running), by default there is no timeout and the command will wait until it can get the lock"
+    parser.add_argument(
+        "--timeout",
+        type=int,
+        default=None,
+        help="Number of seconds before this command will timeout because it can't acquire the lock (meaning that another command is currently running), by default there is no timeout and the command will wait until it can get the lock",
     )
     # deprecated arguments
-    parser.add_argument('--plain',
-        action='store_true', default=False, help=argparse.SUPPRESS
+    parser.add_argument(
+        "--plain", action="store_true", default=False, help=argparse.SUPPRESS
     )
-    parser.add_argument('--json',
-        action='store_true', default=False, help=argparse.SUPPRESS
+    parser.add_argument(
+        "--json", action="store_true", default=False, help=argparse.SUPPRESS
     )
 
     opts, args = parser.parse_known_args()
 
     # output compatibility
     if opts.plain:
-        opts.output_as = 'plain'
+        opts.output_as = "plain"
     elif opts.json:
-        opts.output_as = 'json'
+        opts.output_as = "json"
 
     return (parser, opts, args)
 
@@ -54,10 +57,12 @@ if os.environ["PATH"] != default_path:
 
 # Main action ----------------------------------------------------------
 
-if __name__ == '__main__':
+if __name__ == "__main__":
     if os.geteuid() != 0:
-        sys.stderr.write("\033[1;31mError:\033[0m yunohost command must be "
-                         "run as root or with sudo.\n")
+        sys.stderr.write(
+            "\033[1;31mError:\033[0m yunohost command must be "
+            "run as root or with sudo.\n"
+        )
         sys.exit(1)
 
     parser, opts, args = _parse_cli_args()
@@ -69,5 +74,5 @@ if __name__ == '__main__':
         output_as=opts.output_as,
         timeout=opts.timeout,
         args=args,
-        parser=parser
+        parser=parser,
     )

bin/yunohost-api

@@ -1,44 +1,53 @@
 #! /usr/bin/python3
 # -*- coding: utf-8 -*-
 
-import sys
 import argparse
-
-sys.path.insert(0, "/usr/lib/moulinette/")
 import yunohost
 
 # Default server configuration
-DEFAULT_HOST = 'localhost'
+DEFAULT_HOST = "localhost"
 DEFAULT_PORT = 6787
 
 
 def _parse_api_args():
     """Parse main arguments for the api"""
-    parser = argparse.ArgumentParser(add_help=False,
+    parser = argparse.ArgumentParser(
+        add_help=False,
         description="Run the YunoHost API to manage your server.",
     )
-    srv_group = parser.add_argument_group('server configuration')
-    srv_group.add_argument('-h', '--host',
-        action='store', default=DEFAULT_HOST,
+    srv_group = parser.add_argument_group("server configuration")
+    srv_group.add_argument(
+        "-h",
+        "--host",
+        action="store",
+        default=DEFAULT_HOST,
         help="Host to listen on (default: %s)" % DEFAULT_HOST,
     )
-    srv_group.add_argument('-p', '--port',
-        action='store', default=DEFAULT_PORT, type=int,
+    srv_group.add_argument(
+        "-p",
+        "--port",
+        action="store",
+        default=DEFAULT_PORT,
+        type=int,
         help="Port to listen on (default: %d)" % DEFAULT_PORT,
     )
-    glob_group = parser.add_argument_group('global arguments')
-    glob_group.add_argument('--debug',
-        action='store_true', default=False,
+    glob_group = parser.add_argument_group("global arguments")
+    glob_group.add_argument(
+        "--debug",
+        action="store_true",
+        default=False,
         help="Set log level to DEBUG",
     )
-    glob_group.add_argument('--help',
-        action='help', help="Show this help message and exit",
+    glob_group.add_argument(
+        "--help",
+        action="help",
+        help="Show this help message and exit",
     )
 
     return parser.parse_args()
 
 
-if __name__ == '__main__':
+if __name__ == "__main__":
     opts = _parse_api_args()
     # Run the server
     yunohost.api(debug=opts.debug, host=opts.host, port=opts.port)

bin/yunomdns

@@ -21,8 +21,20 @@ def get_network_local_interfaces() -> Dict[str, Dict[str, List[str]]]:
 
     interfaces = {
         adapter.name: {
-            "ipv4": [ip.ip for ip in adapter.ips if ip.is_IPv4 and ip_address(ip.ip).is_private],
-            "ipv6": [ip.ip[0] for ip in adapter.ips if ip.is_IPv6 and ip_address(ip.ip[0]).is_private and not ip_address(ip.ip[0]).is_link_local],
+            "ipv4": [
+                ip.ip
+                for ip in adapter.ips
+                if ip.is_IPv4
+                and ip_address(ip.ip).is_private
+                and not ip_address(ip.ip).is_link_local
+            ],
+            "ipv6": [
+                ip.ip[0]
+                for ip in adapter.ips
+                if ip.is_IPv6
+                and ip_address(ip.ip[0]).is_private
+                and not ip_address(ip.ip[0]).is_link_local
+            ],
         }
         for adapter in ifaddr.get_adapters()
         if adapter.name != "lo"
@@ -33,7 +45,6 @@ def get_network_local_interfaces() -> Dict[str, Dict[str, List[str]]]:
 # Listener class, to detect duplicates on the network
 # Stores the list of servers in its list property
 class Listener:
-
     def __init__(self):
         self.list = []
 
@@ -66,14 +77,18 @@ def main() -> bool:
         return False
 
     if "interfaces" not in config:
-        config["interfaces"] = [interface
+        config["interfaces"] = [
+            interface
             for interface, local_ips in interfaces.items()
-                                if local_ips["ipv4"]]
+            if local_ips["ipv4"]
+        ]
 
     if "ban_interfaces" in config:
-        config["interfaces"] = [interface
+        config["interfaces"] = [
+            interface
             for interface in config["interfaces"]
-                                if interface not in config["ban_interfaces"]]
+            if interface not in config["ban_interfaces"]
+        ]
 
     # Let's discover currently published .local domains accross the network
     zc = Zeroconf()
@@ -103,14 +118,18 @@ def main() -> bool:
 
         return domain_i
 
-    config['domains'] = [find_domain_not_already_published(domain) for domain in config['domains']]
+    config["domains"] = [
+        find_domain_not_already_published(domain) for domain in config["domains"]
+    ]
 
     zcs: Dict[Zeroconf, List[ServiceInfo]] = {}
 
     for interface in config["interfaces"]:
 
         if interface not in interfaces:
-            print(f"Interface {interface} listed in config file is not present on system.")
+            print(
+                f"Interface {interface} listed in config file is not present on system."
+            )
             continue
 
         # Only broadcast IPv4 because IPv6 is buggy ... because we ain't using python3-ifaddr >= 0.1.7
@@ -149,7 +168,9 @@ def main() -> bool:
     print("Registering...")
     for zc, infos in zcs.items():
         for info in infos:
-            zc.register_service(info, allow_name_change=True, cooperating_responders=True)
+            zc.register_service(
+                info, allow_name_change=True, cooperating_responders=True
+            )
 
     try:
         print("Registered. Press Ctrl+C or stop service to stop.")

conf/dnsmasq/dnsmasq.conf.tpl

@@ -0,0 +1,10 @@
+domain-needed
+expand-hosts
+localise-queries
+
+{% set interfaces = wireless_interfaces.strip().split(' ') %}
+{% for interface in interfaces %}
+interface={{ interface }}
+{% endfor %}
+resolv-file=/etc/resolv.dnsmasq.conf
+cache-size=256

conf/dnsmasq/domain.tpl

@@ -1,5 +1,8 @@
-host-record={{ domain }},{{ ipv4 }}
-host-record=xmpp-upload.{{ domain }},{{ ipv4 }}
+{% set interfaces_list = interfaces.split(' ') %}
+{% for interface in interfaces_list %}
+interface-name={{ domain }},{{ interface }}
+interface-name=xmpp-upload.{{ domain }},{{ interface }}
+{% endfor %}
 {% if ipv6 %}
 host-record={{ domain }},{{ ipv6 }}
 host-record=xmpp-upload.{{ domain }},{{ ipv6 }}

conf/dovecot/dovecot.conf

@@ -23,7 +23,7 @@ ssl_cert = </etc/yunohost/certs/{{ main_domain }}/crt.pem
 ssl_key = </etc/yunohost/certs/{{ main_domain }}/key.pem
 
 # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
-ssl_dh = </usr/share/yunohost/other/ffdhe2048.pem
+ssl_dh = </usr/share/yunohost/ffdhe2048.pem
 
 # intermediate configuration
 ssl_min_protocol = TLSv1.2

conf/nginx/security.conf.inc

@@ -18,7 +18,7 @@ ssl_prefer_server_ciphers off;
 # Pre-defined FFDHE group (RFC 7919)
 # From https://ssl-config.mozilla.org/ffdhe2048.txt
 # https://security.stackexchange.com/a/149818
-ssl_dhparam /usr/share/yunohost/other/ffdhe2048.pem;
+ssl_dhparam /usr/share/yunohost/ffdhe2048.pem;
 {% endif %}
 
 
@@ -26,11 +26,11 @@ ssl_dhparam /usr/share/yunohost/other/ffdhe2048.pem;
 # https://wiki.mozilla.org/Security/Guidelines/Web_Security
 # https://observatory.mozilla.org/
 {% if experimental == "True" %}
-more_set_headers "Content-Security-Policy : upgrade-insecure-requests; default-src https: data:";
+more_set_headers "Content-Security-Policy : upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'";
 {% else %}
 more_set_headers "Content-Security-Policy : upgrade-insecure-requests";
+more_set_headers "Content-Security-Policy-Report-Only : default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'";
 {% endif %}
-more_set_headers "Content-Security-Policy-Report-Only : default-src https: data: 'unsafe-inline' 'unsafe-eval'  ";
 more_set_headers "X-Content-Type-Options : nosniff";
 more_set_headers "X-XSS-Protection : 1; mode=block";
 more_set_headers "X-Download-Options : noopen";

conf/nginx/yunohost_admin.conf.inc

@@ -13,6 +13,12 @@ location /yunohost/admin/ {
     deny all;
     {% endif %}
 
+    location = /yunohost/admin/index.html {
+        etag off;
+        expires off;
+        more_set_headers "Cache-Control: no-store, no-cache, must-revalidate";
+    }
+
     more_set_headers "Content-Security-Policy: upgrade-insecure-requests; default-src 'self'; connect-src 'self' https://paste.yunohost.org wss://$host; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval'; object-src 'none'; img-src 'self' data:;";
     more_set_headers "Content-Security-Policy-Report-Only:";
 }

conf/postfix/main.cf

@@ -36,7 +36,7 @@ smtpd_tls_mandatory_ciphers = medium
 
 # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam.pem
 # not actually 1024 bits, this applies to all DHE >= 1024 bits
-smtpd_tls_dh1024_param_file = /usr/share/yunohost/other/ffdhe2048.pem
+smtpd_tls_dh1024_param_file = /usr/share/yunohost/ffdhe2048.pem
 
 tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384
 {% else %}

conf/ssl/openssl.cnf

@@ -5,7 +5,7 @@
 
 # This definition stops the following lines choking if HOME isn't
 # defined.
-HOME			= /usr/share/yunohost/yunohost-config/ssl
+HOME			= /usr/share/yunohost/ssl
 RANDFILE		= $ENV::HOME/.rnd
 
 # Extra OBJECT IDENTIFIER info:
@@ -34,7 +34,7 @@ default_ca	= Yunohost		# The default ca section
 ####################################################################
 [ Yunohost ]
 
-dir		= /usr/share/yunohost/yunohost-config/ssl/yunoCA		# Where everything is kept
+dir		= /usr/share/yunohost/ssl		# Where everything is kept
 certs		= $dir/certs		# Where the issued certs are kept
 crl_dir		= $dir/crl		# Where the issued crl are kept
 database	= $dir/index.txt	# database index file.

conf/yunohost/services.yml

@@ -12,24 +12,31 @@ metronome:
   log: [/var/log/metronome/metronome.log,/var/log/metronome/metronome.err]
   needs_exposed_ports: [5222, 5269]
   category: xmpp
+  ignore_if_package_is_not_installed: metronome
 mysql:
   log: [/var/log/mysql.log,/var/log/mysql.err,/var/log/mysql/error.log]
   actual_systemd_service: mariadb
   category: database
+  ignore_if_package_is_not_installed: mariadb-server
 nginx:
   log: /var/log/nginx
   test_conf: nginx -t
   needs_exposed_ports: [80, 443]
   category: web
-php7.3-fpm:
-  log: /var/log/php7.3-fpm.log
-  test_conf: php-fpm7.3 --test
-  category: web
+# Yunohost will dynamically add installed php-fpm services (7.3, 7.4, 8.0, ...) in services.py
+#php7.4-fpm:
+#  log: /var/log/php7.4-fpm.log
+#  test_conf: php-fpm7.4 --test
+#  category: web
 postfix:
   log: [/var/log/mail.log,/var/log/mail.err]
   actual_systemd_service: postfix@-
   needs_exposed_ports: [25, 587]
   category: email
+postgresql:
+  actual_systemd_service: 'postgresql@13-main'
+  category: database
+  ignore_if_package_is_not_installed: postgresql-13
 redis-server:
   log: /var/log/redis/redis-server.log
   category: database
@@ -68,5 +75,6 @@ spamassassin: null
 rmilter: null
 php5-fpm: null
 php7.0-fpm: null
+php7.3-fpm: null
 nslcd: null
 avahi-daemon: null

conf/yunohost/yunohost-api.service

@@ -4,9 +4,7 @@ After=network.target
 
 [Service]
 Type=simple
-Environment=DAEMON_OPTS=
-EnvironmentFile=-/etc/default/yunohost-api
-ExecStart=/usr/bin/yunohost-api $DAEMON_OPTS
+ExecStart=/usr/bin/yunohost-api
 Restart=always
 RestartSec=5
 TimeoutStopSec=30

data/templates/dnsmasq/plain/dnsmasq.conf

@@ -1,6 +0,0 @@
-domain-needed
-expand-hosts
-
-listen-address=127.0.0.1
-resolv-file=/etc/resolv.dnsmasq.conf
-cache-size=256

data/templates/mysql/my.cnf

@@ -1,92 +0,0 @@
-# Example MySQL config file for small systems.
-#
-# This is for a system with little memory (<= 64M) where MySQL is only used
-# from time to time and it's important that the mysqld daemon
-# doesn't use much resources.
-#
-# MySQL programs look for option files in a set of
-# locations which depend on the deployment platform.
-# You can copy this option file to one of those
-# locations. For information about these locations, see:
-# http://dev.mysql.com/doc/mysql/en/option-files.html
-#
-# In this file, you can use all long options that a program supports.
-# If you want to know which options a program supports, run the program
-# with the "--help" option.
-
-# The following options will be passed to all MySQL clients
-[client]
-#password       = your_password
-port            = 3306
-socket          = /var/run/mysqld/mysqld.sock
-
-# Here follows entries for some specific programs
-
-# The MySQL server
-[mysqld]
-port            = 3306
-socket          = /var/run/mysqld/mysqld.sock
-skip-external-locking
-key_buffer_size = 16K
-max_allowed_packet = 16M
-table_open_cache = 4
-sort_buffer_size = 4M
-read_buffer_size = 256K
-read_rnd_buffer_size = 256K
-net_buffer_length = 2K
-thread_stack = 128K
-
-# to avoid corruption on powerfailure
-default-storage-engine=innodb
-
-# Don't listen on a TCP/IP port at all. This can be a security enhancement,
-# if all processes that need to connect to mysqld run on the same host.
-# All interaction with mysqld must be made via Unix sockets or named pipes.
-# Note that using this option without enabling named pipes on Windows
-# (using the "enable-named-pipe" option) will render mysqld useless!
-# 
-#skip-networking
-server-id       = 1
-
-# Uncomment the following if you want to log updates
-#log-bin=mysql-bin
-
-# binary logging format - mixed recommended
-#binlog_format=mixed
-
-# Causes updates to non-transactional engines using statement format to be
-# written directly to binary log. Before using this option make sure that
-# there are no dependencies between transactional and non-transactional
-# tables such as in the statement INSERT INTO t_myisam SELECT * FROM
-# t_innodb; otherwise, slaves may diverge from the master.
-#binlog_direct_non_transactional_updates=TRUE
-
-# Uncomment the following if you are using InnoDB tables
-#innodb_data_home_dir = /var/lib/mysql
-#innodb_data_file_path = ibdata1:10M:autoextend
-#innodb_log_group_home_dir = /var/lib/mysql
-# You can set .._buffer_pool_size up to 50 - 80 %
-# of RAM but beware of setting memory usage too high
-#innodb_buffer_pool_size = 16M
-#innodb_additional_mem_pool_size = 2M
-# Set .._log_file_size to 25 % of buffer pool size
-#innodb_log_file_size = 5M
-#innodb_log_buffer_size = 8M
-#innodb_flush_log_at_trx_commit = 1
-#innodb_lock_wait_timeout = 50
-
-[mysqldump]
-quick
-max_allowed_packet = 16M
-
-[mysql]
-no-auto-rehash
-# Remove the next comment character if you are not familiar with SQL
-#safe-updates
-
-[myisamchk]
-key_buffer_size = 8M
-sort_buffer_size = 8M
-
-[mysqlhotcopy]
-interactive-timeout

debian/changelog

@@ -1,3 +1,102 @@
+yunohost (11.0.1~alpha) unstable; urgency=low
+
+  - [mod] Various tweaks for Python 3.9, PHP 7.4, and other changes related to Buster->Bullseye ecosystem
+  - [mod] quality: Rework repository code architecture ([#1377](https://github.com/YunoHost/yunohost/pull/1377))
+  - [mod] quality: Rework where yunohost files are deployed (yunohost now a proper python lib with files in /usr/lib/python3/dist-packages/yunohost/, and other files are in /usr/share/yunohost) ([#1377](https://github.com/YunoHost/yunohost/pull/1377))
+  - [mod] debian: Moved mysql, php, and metronome from Depends to Recommends ([#1369](https://github.com/YunoHost/yunohost/pull/1369))
+  - [mod] apt: Add sury by default ([#1369](https://github.com/YunoHost/yunohost/pull/1369))
+  - [enh] regenconf/helpers: Better integration for postgresql ([#1369](https://github.com/YunoHost/yunohost/pull/1369))
+  - [enh] mysql: Drop super old mysql config, now rely on Debian default's one ([44c972f...144126f](https://github.com/YunoHost/yunohost/compare/44c972f2dd65...144126f56a3d))
+  - [enh] upgrade: Try to implement a smarter self-upgrade mechanism to prevent/limit API downtime and related UX issues ([#1374](https://github.com/YunoHost/yunohost/pull/1374))
+  - [mod] app: During app scripts (and all stuff run in hook_exec), do not inject the HOME variable if it exists. This aims to prevent inconsistencies between CLI (where HOME usually is defined) and API (where HOME doesnt exists) (f43e567b)
+  - [mod] quality: Cleanup legacy stuff
+        - Drop `--other_vars` options in ynh_add_fail2ban_config and systemd_config helpers
+        - Drop deprecated/superold `ynh_bind_or_cp`, `ynh_mkdir_tmp`, `ynh_get_plain_key` helpers
+        - Drop obsolete `yunohost-reset-ldap-password` command
+        - Drop obsolete `yunohost dyndns installcron` and `removecron` commands
+        - Drop deprecated `yunohost service regen-conf` command (see `tools regen-conf` instead)
+        - Drop deprecated `yunohost app fetchlist` command
+        - Drop obsolete `yunohost app add/remove/clearaccess` commands
+        - Drop depcreated `--list` and `--filter` options in `yunohost app list`
+        - Drop deprecated `--apps` and `--system` options in `yunohost tools update/upgrade` (no double dashes anymore)
+        - Drop deprecated `--status` and `--log_type` options in `yunohost service add`
+        - Drop deprecated `--mail` option in `yunohost user create`
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Fri, 05 Feb 2021 00:02:38 +0100
+
+yunohost (4.3.4.1) stable; urgency=low
+
+  - [fix] regenconf: Force permission on /etc/resolv.dnsmasq.conf to fix an issue on some setup with umask=027 (5881938c)
+  - [fix] regenconf: Typo in custom mdns alias regen conf (b3df36dd)
+  - [fix] regenconf: Try to fix the return line bug in dnsmasq conf ([#1385](https://github.com/YunoHost/yunohost/pull/1385))
+
+  Thanks to all contributors <3 ! (ljf)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Sat, 27 Nov 2021 21:15:29 +0100
+
+yunohost (4.3.4) stable; urgency=low
+
+  - [fix] apps: Allow tilde in username/organization for repo URLs ([#1382](https://github.com/YunoHost/yunohost/pull/1382))
+  - [fix] misc: /etc/yunohost permissions broken on some setups (6488b4f6)
+  - [fix] mdns: Don't add yunohost.local in config if it's already among the yunohost domains (c4962834)
+  - [enh] dnsmasq: Tweak conf for better support of some stuff like the hotspot app ([#1383](https://github.com/YunoHost/yunohost/pull/1383))
+
+  Thanks to all contributors <3 ! (ljf, tituspijean)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Sat, 27 Nov 2021 00:53:16 +0100
+
+yunohost (4.3.3) stable; urgency=low
+
+  - [fix] log: fix dump_script_log_extract_for_debugging displaying wrong log snippet during failed upgrade ([#1376](https://github.com/YunoHost/yunohost/pull/1376))
+  - [fix] certificate: fix stupid certificate/diagnosis issue with subdomains of ynh domains (7c569d16)
+  - [fix] diagnosis: Read DNS Blacklist answer and compare it against list of non-BL codes ([#1375](https://github.com/YunoHost/yunohost/pull/1375))
+  - [enh] helpers: Update n to 8.0.0 ([#1372](https://github.com/YunoHost/yunohost/pull/1372))
+  - [fix] helpers: Make ynh_add_fpm_config more robust to some edge cases (51d5dca0)
+  - [fix] backup: conf_ynh_settings backup/restore hook, /etc/yunohost/domains may not exist (38f5352f)
+  - [i18n] Translations updated for Basque, Chinese (Simplified), Indonesian, Italian, Ukrainian
+
+  Thanks to all contributors <3 ! (dagangtie, ericgaspar, Félix Piédallu, Flavio Cristoforetti, liimee, punkrockgirl, Romain Thouvenin, Tommi, Tymofii-Lytvynenko)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Sun, 14 Nov 2021 22:55:16 +0100
+
+yunohost (4.3.2.2) stable; urgency=low
+
+  - [fix] nginx: Try to fix again the webadmin cache hell (74e2a51e)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Sat, 06 Nov 2021 17:39:58 +0100
+
+yunohost (4.3.2.1) stable; urgency=low
+
+  - [enh] mdns: Add possibility to manually add .local aliases via /etc/yunohost/mdns.aliases (meant for internetcube) (3da2df6e)
+  - [fix] debian: Fix conflict with redis-server (6558b23d)
+  - [fix] nginx: Refine experimental CSP header (in the end still gotta enable unsafe-inline and unsafe-eval for a bunch of things, but better than no policy at all...) (1cc3e440)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Sat, 06 Nov 2021 16:58:07 +0100
+
+yunohost (4.3.2) stable; urgency=low
+
+  - Release as stable
+  - [i18n] Translations updated for Basque, Occitan
+
+  Thanks to all contributors <3 ! (punkrockgirl, Quentí)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Fri, 05 Nov 2021 02:32:56 +0100
+
+yunohost (4.3.1.8) testing; urgency=low
+
+  - [enh] dyndns: Drop some YAGNI + improve IPv6-only support + resilience w.r.t. ns0 / ns1 being down (a61d0231, [#1367](https://github.com/YunoHost/yunohost/pull/1367))
+  - [fix] helpers: improve composer debug when it can't install dependencies (4ebcaf8d)
+  - [enh] helpers: allow to get/set/delete app settings without explicitly passing app id everytime... (fcd2ef9d)
+  - [fix] helpers: Don't say the 'app was restored' when restore failed after failed upgrade (019d207c)
+  - [enh] helpers: temporarily auto-add visitors during ynh_local_curl if needed ([#1370](https://github.com/YunoHost/yunohost/pull/1370))
+  - [enh] apps: Add YNH_ARCH to app script env for easier debugging and arch check in script (85eb43a7)
+  - [mod] misc fixes/enh (2687121f, 146fba7d, 86a9cb37, 4e917b5e, 974ea71f, edc5295d, ba489bfc)
+  - [i18n] Translations updated for Basque, French, Spanish
+
+  Thanks to all contributors <3 ! (ljf, Page Asgardius, ppr, punkrockgirl)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Wed, 03 Nov 2021 18:35:18 +0100
+
 yunohost (4.3.1.7) testing; urgency=low
 
   - [fix] configpanel: Misc technical fixes ... (341059d0, 9c22329e)

debian/compat

@@ -1 +0,0 @@
-9

debian/control

@@ -2,7 +2,7 @@ Source: yunohost
 Section: utils
 Priority: extra
 Maintainer: YunoHost Contributors <contrib@yunohost.org>
-Build-Depends: debhelper (>=9), dh-systemd, dh-python, python3-all (>= 3.7), python3-yaml, python3-jinja2
+Build-Depends: debhelper (>=9), debhelper-compat (= 13), dh-python, python3-all (>= 3.7), python3-yaml, python3-jinja2
 Standards-Version: 3.9.6
 Homepage: https://yunohost.org/
 
@@ -10,14 +10,14 @@ Package: yunohost
 Essential: yes
 Architecture: all
 Depends: ${python3:Depends}, ${misc:Depends}
- , moulinette (>= 4.3), ssowat (>= 4.3)
+ , moulinette (>= 11.0), ssowat (>= 11.0)
  , python3-psutil, python3-requests, python3-dnspython, python3-openssl
  , python3-miniupnpc, python3-dbus, python3-jinja2
- , python3-toml, python3-packaging, python3-publicsuffix,
+ , python3-toml, python3-packaging, python3-publicsuffix2
  , python3-ldap, python3-zeroconf, python3-lexicon,
+ , python-is-python3
+ , nginx, nginx-extras (>=1.18)
  , apt, apt-transport-https, apt-utils, dirmngr
- , php7.3-common, php7.3-fpm, php7.3-ldap, php7.3-intl
- , mariadb-server, php7.3-mysql
  , openssh-server, iptables, fail2ban, dnsutils, bind9utils
  , openssl, ca-certificates, netcat-openbsd, iproute2
  , slapd, ldap-utils, sudo-ldap, libnss-ldapd, unscd, libpam-ldapd
@@ -26,28 +26,29 @@ Depends: ${python3:Depends}, ${misc:Depends}
  , dovecot-core, dovecot-ldap, dovecot-lmtpd, dovecot-managesieved, dovecot-antispam
  , rspamd, opendkim-tools, postsrsd, procmail, mailutils
  , redis-server
- , metronome (>=3.14.0)
  , acl
  , git, curl, wget, cron, unzip, jq, bc, at
  , lsb-release, haveged, fake-hwclock, equivs, lsof, whois
 Recommends: yunohost-admin
  , ntp, inetutils-ping | iputils-ping
  , bash-completion, rsyslog
- , php7.3-gd, php7.3-curl, php-gettext
+ , php7.4-common, php7.4-fpm, php7.4-ldap, php7.4-intl
+ , mariadb-server, php7.4-mysql
+ , php7.4-gd, php7.4-curl, php-php-gettext
  , python3-pip
  , unattended-upgrades
  , libdbd-ldap-perl, libnet-dns-perl
-Suggests: htop, vim, rsync, acpi-support-base, udisks2
+ , metronome (>=3.14.0)
 Conflicts: iptables-persistent
  , apache2
  , bind9
- , nginx-extras (>= 1.16)
- , openssl (>= 1.1.1g)
- , slapd (>= 2.4.49)
- , dovecot-core (>= 1:2.3.7)
- , redis-server (>= 5:5.0.7)
- , fail2ban (>= 0.11)
- , iptables (>= 1.8.3)
+ , nginx-extras (>= 1.19)
+ , openssl (>= 1.1.1l-1)
+ , slapd (>= 2.4.58)
+ , dovecot-core (>= 1:2.3.14)
+ , redis-server (>= 5:6.1)
+ , fail2ban (>= 0.11.3)
+ , iptables (>= 1.8.8)
 Description: manageable and configured self-hosting server
  YunoHost aims to make self-hosting accessible to everyone. It configures
  an email, Web and IM server alongside a LDAP base. It also provides

debian/install

@@ -1,8 +1,10 @@
 bin/* /usr/bin/
-sbin/* /usr/sbin/
-data/* /usr/share/yunohost/
-data/bash-completion.d/yunohost /etc/bash_completion.d/
+share/* /usr/share/yunohost/
+hooks/* /usr/share/yunohost/hooks/
+helpers/* /usr/share/yunohost/helpers.d/
+conf/* /usr/share/yunohost/conf/
+locales/* /usr/share/yunohost/locales/
 doc/yunohost.8.gz /usr/share/man/man8/
-lib/metronome/modules/* /usr/lib/metronome/modules/
-locales/* /usr/lib/moulinette/yunohost/locales/
-src/yunohost /usr/lib/moulinette
+doc/bash-completion.sh /etc/bash_completion.d/yunohost
+conf/metronome/modules/* /usr/lib/metronome/modules/
+src/* /usr/lib/python3/dist-packages/yunohost/

debian/postinst

@@ -3,10 +3,6 @@
 set -e
 
 do_configure() {
-    rm -rf /var/cache/moulinette/*
-
-    mkdir -p /usr/share/moulinette/actionsmap/
-    ln -sf /usr/share/yunohost/actionsmap/yunohost.yml /usr/share/moulinette/actionsmap/yunohost.yml
 
     if [ ! -f /etc/yunohost/installed ]; then
         # If apps/ is not empty, we're probably already installed in the past and
@@ -33,6 +29,17 @@ do_configure() {
         yunohost diagnosis run --force
     fi
 
+    # Trick to let yunohost handle the restart of the API,
+    # to prevent the webadmin from cutting the branch it's sitting on
+    if systemctl is-enabled yunohost-api --quiet
+    then
+        if [[ "${YUNOHOST_API_RESTART_WILL_BE_HANDLED_BY_YUNOHOST:-}" != "yes" ]];
+        then
+            systemctl restart yunohost-api
+        else
+            echo "(Delaying the restart of yunohost-api, this should automatically happen after the end of this upgrade)"
+        fi
+    fi
 }
 
 # summary of how this script can be called:

debian/rules

@@ -1,26 +1,10 @@
 #!/usr/bin/make -f
 # -*- makefile -*-
 
-# Uncomment this to turn on verbose mode.
-#export DH_VERBOSE=1
-
 %:
-	dh ${@} --with=python3,systemd
+	dh ${@} --with python3
 
 override_dh_auto_build:
 	# Generate bash completion file
-	python3 data/actionsmap/yunohost_completion.py
+	python3 doc/generate_bash_completion.py
 	python3 doc/generate_manpages.py --gzip --output doc/yunohost.8.gz
-
-override_dh_installinit:
-	dh_installinit -pyunohost --name=yunohost-api --restart-after-upgrade
-	dh_installinit -pyunohost --name=yunohost-firewall --noscripts
-
-override_dh_systemd_enable:
-	dh_systemd_enable --name=yunohost-api \
-	    yunohost-api.service
-	dh_systemd_enable --name=yunohost-firewall --no-enable \
-	    yunohost-firewall.service
-
-#override_dh_systemd_start:
-#	dh_systemd_start --restart-after-upgrade yunohost-api.service

debian/yunohost-api.default

@@ -1,4 +0,0 @@
-# Override yunohost-api options.
-#  Example to log debug: DAEMON_OPTS="--debug"
-#
-#DAEMON_OPTS=""

doc/generate_bash_completion.py

@@ -12,9 +12,8 @@ import os
 import yaml
 
 THIS_SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__))
-ACTIONSMAP_FILE = THIS_SCRIPT_DIR + "/yunohost.yml"
-os.system(f"mkdir {THIS_SCRIPT_DIR}/../bash-completion.d")
-BASH_COMPLETION_FILE = THIS_SCRIPT_DIR + "/../bash-completion.d/yunohost"
+ACTIONSMAP_FILE = THIS_SCRIPT_DIR + "/../share/actionsmap.yml"
+BASH_COMPLETION_FILE = THIS_SCRIPT_DIR + "/bash-completion.sh"
 
 
 def get_dict_actions(OPTION_SUBTREE, category):

doc/generate_helper_doc.py

@@ -217,7 +217,7 @@ def malformed_error(line_number):
 
 def main():
 
-    helper_files = sorted(glob.glob("../data/helpers.d/*"))
+    helper_files = sorted(glob.glob("../helpers/*"))
     helpers = []
 
     for helper_file in helper_files:

doc/generate_manpages.py

@@ -22,7 +22,7 @@ template = Template(open(os.path.join(base_path, "manpage.template")).read())
 
 
 THIS_SCRIPT_DIR = os.path.dirname(os.path.abspath(__file__))
-ACTIONSMAP_FILE = os.path.join(THIS_SCRIPT_DIR, "../data/actionsmap/yunohost.yml")
+ACTIONSMAP_FILE = os.path.join(THIS_SCRIPT_DIR, "../share/actionsmap.yml")
 
 
 def ordered_yaml_load(stream):

doc/helper_doc_template.md

@@ -52,7 +52,7 @@ Doc auto-generated by [this script](https://github.com/YunoHost/yunohost/blob/{{
 {{ h.details }}
 {%- endif %}
 
-[Dude, show me the code!](https://github.com/YunoHost/yunohost/blob/{{ current_commit }}/data/helpers.d/{{ category }}#L{{ h.line + 1 }})
+[Dude, show me the code!](https://github.com/YunoHost/yunohost/blob/{{ current_commit }}/helpers/{{ category }}#L{{ h.line + 1 }})
 [/details]
 ----------------
 {% endfor %}

helpers/apt

@@ -176,8 +176,9 @@ ynh_package_install_from_equivs() {
     # Build and install the package
     local TMPDIR=$(mktemp --directory)
 
-    # Force the compatibility level at 10, levels below are deprecated
-    echo 10 >/usr/share/equivs/template/debian/compat
+    # Make sure to delete the legacy compat file
+    # It's now handle somewhat magically through the control file
+    rm -f /usr/share/equivs/template/debian/compat
 
     # Note that the cd executes into a sub shell
     # Create a fake deb package with equivs-build and the given control file
@@ -187,7 +188,7 @@ ynh_package_install_from_equivs() {
     cp "$controlfile" "${TMPDIR}/control"
     (
         cd "$TMPDIR"
-        LC_ALL=C equivs-build ./control 1>/dev/null
+        LC_ALL=C equivs-build ./control 2>&1
         LC_ALL=C dpkg --force-depends --install "./${pkgname}_${pkgversion}_all.deb" 2>&1 | tee ./dpkg_log
     )
 
@@ -252,9 +253,6 @@ ynh_install_app_dependencies() {
     # The (?<=php) syntax corresponds to lookbehind ;)
     local specific_php_version=$(echo $dependencies | grep -oP '(?<=php)[0-9.]+(?=-|\>)' | sort -u)
 
-    # Ignore case where the php version found is the one available in debian vanilla
-    [[ "$specific_php_version" != "$YNH_DEFAULT_PHP_VERSION" ]] || specific_php_version=""
-
     if [[ -n "$specific_php_version" ]]
     then
         # Cover a small edge case where a packager could have specified "php7.4-pwet php5-gni" which is confusing
@@ -262,10 +260,9 @@ ynh_install_app_dependencies() {
             || ynh_die --message="Inconsistent php versions in dependencies ... found : $specific_php_version"
 
         dependencies+=", php${specific_php_version}, php${specific_php_version}-fpm, php${specific_php_version}-common"
-
-        ynh_add_sury
     fi
 
+    local psql_installed="$(ynh_package_is_installed "postgresql-$PSQL_VERSION" && echo yes || echo no)"
 
     # The first time we run ynh_install_app_dependencies, we will replace the
     # entire control file (This is in particular meant to cover the case of
@@ -285,23 +282,6 @@ ynh_install_app_dependencies() {
         dependencies="$current_dependencies, $dependencies"
     fi
 
-    #
-    # Epic ugly hack to fix the goddamn dependency nightmare of sury
-    # Sponsored by the "Djeezusse Fokin Kraiste Why Do Adminsys Has To Be So Fucking Complicated I Should Go Grow Potatoes Instead Of This Shit" collective
-    # https://github.com/YunoHost/issues/issues/1407
-    #
-    # If we require to install php dependency
-    if grep --quiet 'php' <<< "$dependencies"; then
-        # And we have packages from sury installed (7.0.33-10+weirdshiftafter instead of 7.0.33-0 on debian)
-        if dpkg --list | grep "php7.0" | grep --quiet --invert-match "7.0.33-0+deb9"; then
-            # And sury ain't already in sources.lists
-            if ! grep --recursive --quiet "^ *deb.*sury" /etc/apt/sources.list*; then
-                # Re-add sury
-                ynh_add_sury
-            fi
-        fi
-    fi
-
     cat >/tmp/${dep_app}-ynh-deps.control <<EOF # Make a control file for equivs-build
 Section: misc
 Priority: optional
@@ -318,34 +298,21 @@ EOF
 
     if [[ -n "$specific_php_version" ]]
     then
-        # Set the default php version back as the default version for php-cli.
-        update-alternatives --set php /usr/bin/php$YNH_DEFAULT_PHP_VERSION
-
-        # Store phpversion into the config of this app
         ynh_app_setting_set --app=$app --key=phpversion --value=$specific_php_version
 
-        # Integrate new php-fpm service in yunohost
-        yunohost service add php${specific_php_version}-fpm --log "/var/log/php${phpversion}-fpm.log"
-    elif grep --quiet 'php' <<< "$dependencies"; then
-        # Store phpversion into the config of this app
-        ynh_app_setting_set --app=$app --key=phpversion --value=$YNH_DEFAULT_PHP_VERSION
+        # Set the default php version back as the default version for php-cli.
+        update-alternatives --set php /usr/bin/php$YNH_DEFAULT_PHP_VERSION
     fi
-}
 
-# Add sury repository with adequate pin strategy
-#
-# [internal]
-#
-# usage: ynh_add_sury
-#
-ynh_add_sury() {
-
-    # Add an extra repository for those packages
-    ynh_install_extra_repo --repo="https://packages.sury.org/php/ $(ynh_get_debian_release) main" --key="https://packages.sury.org/php/apt.gpg" --name=extra_php_version --priority=600
+    # Trigger postgresql regenconf if we may have just installed postgresql
+    local psql_installed2="$(ynh_package_is_installed "postgresql-$PSQL_VERSION" && echo yes || echo no)"
+    if [[ "$psql_installed" != "$psql_installed2" ]]
+    then
+        yunohost tools regen-conf postgresql
+    fi
 
 }
 
-
 # Add dependencies to install with ynh_install_app_dependencies
 #
 # usage: ynh_add_app_dependencies --package=phpversion [--replace]

helpers/backup

@@ -9,7 +9,6 @@ CAN_BIND=${CAN_BIND:-1}
 # | arg: -d, --dest_path=       - destination file or directory inside the backup dir
 # | arg: -b, --is_big           - Indicate data are big (mail, video, image ...)
 # | arg: -m, --not_mandatory    - Indicate that if the file is missing, the backup can ignore it.
-# | arg: arg - Deprecated arg
 #
 # This helper can be used both in a system backup hook, and in an app backup script
 #
@@ -288,18 +287,6 @@ ynh_restore_file() {
     fi
 }
 
-# Deprecated helper since it's a dangerous one!
-#
-# [internal]
-#
-ynh_bind_or_cp() {
-    local AS_ROOT=${3:-0}
-    local NO_ROOT=0
-    [[ "${AS_ROOT}" = "1" ]] || NO_ROOT=1
-    ynh_print_warn --message="This helper is deprecated, you should use ynh_backup instead"
-    ynh_backup "$1" "$2" 1
-}
-
 # Calculate and store a file checksum into the app settings
 #
 # usage: ynh_store_file_checksum --file=file

helpers/fail2ban

@@ -10,9 +10,8 @@
 #
 # -----------------------------------------------------------------------------
 #
-# usage 2: ynh_add_fail2ban_config --use_template [--others_var="list of others variables to replace"]
+# usage 2: ynh_add_fail2ban_config --use_template
 # | arg: -t, --use_template - Use this helper in template mode
-# | arg: -v, --others_var=  - List of others variables to replace separeted by a space for example : 'var_1 var_2 ...'
 #
 # This will use a template in `../conf/f2b_jail.conf` and `../conf/f2b_filter.conf`
 # See the documentation of `ynh_add_config` for a description of the template
@@ -65,22 +64,18 @@
 ynh_add_fail2ban_config() {
     # Declare an array to define the options of this helper.
     local legacy_args=lrmptv
-    local -A args_array=([l]=logpath= [r]=failregex= [m]=max_retry= [p]=ports= [t]=use_template [v]=others_var=)
+    local -A args_array=([l]=logpath= [r]=failregex= [m]=max_retry= [p]=ports= [t]=use_template)
     local logpath
     local failregex
     local max_retry
     local ports
-    local others_var
     local use_template
     # Manage arguments with getopts
     ynh_handle_getopts_args "$@"
     max_retry=${max_retry:-3}
     ports=${ports:-http,https}
-    others_var="${others_var:-}"
     use_template="${use_template:-0}"
 
-    [[ -z "$others_var" ]] || ynh_print_warn --message="Packagers: using --others_var is unecessary since YunoHost 4.2"
-
     if [ $use_template -ne 1 ]; then
         # Usage 1, no template. Build a config file from scratch.
         test -n "$logpath" || ynh_die --message="ynh_add_fail2ban_config expects a logfile path as first argument and received nothing."

helpers/nodejs

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-n_version=7.5.0
+n_version=8.0.0
 n_install_dir="/opt/node_n"
 node_version_path="$n_install_dir/n/versions/node"
 # N_PREFIX is the directory of n, it needs to be loaded as a environment variable.
@@ -16,7 +16,7 @@ export N_PREFIX="$n_install_dir"
 ynh_install_n() {
     # Build an app.src for n
     echo "SOURCE_URL=https://github.com/tj/n/archive/v${n_version}.tar.gz
-SOURCE_SUM=d4da7ea91f680de0c9b5876e097e2a793e8234fcd0f7ca87a0599b925be087a3" >"$YNH_APP_BASEDIR/conf/n.src"
+SOURCE_SUM=9e8879dc4f1c4c0fe4e08a108ed6c23046419b6865fe922ca5176ff7998ae6ff" >"$YNH_APP_BASEDIR/conf/n.src"
     # Download and extract n
     ynh_setup_source --dest_dir="$n_install_dir/git" --source_id=n
     # Install n