From 29bd3c4a26c3d77c2a09f126c9720867678b0300 Mon Sep 17 00:00:00 2001 From: "ljf (zamentur)" Date: Thu, 11 Feb 2021 18:35:35 +0100 Subject: [PATCH 1/4] [fix] Avoid admin part of apps to be reachable from visitors --- src/yunohost/utils/legacy.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/yunohost/utils/legacy.py b/src/yunohost/utils/legacy.py index f3269cce1..ebc7b65de 100644 --- a/src/yunohost/utils/legacy.py +++ b/src/yunohost/utils/legacy.py @@ -189,7 +189,7 @@ def migrate_legacy_permission_settings(app=None): if protected_urls != []: permission_create(app + ".legacy_protected_uris", additional_urls=protected_urls, auth_header=True, label=legacy_permission_label(app, "protected"), - show_tile=False, allowed=user_permission_list()['permissions'][app + ".main"]['allowed'], + show_tile=False, allowed=[], protected=True, sync_perm=False) legacy_permission_settings = [ From cd4fdb2b61a64d99c270a370bb33cdebd1cd07c9 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sun, 21 Feb 2021 05:03:07 +0100 Subject: [PATCH 2/4] Mysql is a fucking joke (... trying to fix the mysql issue on RPi ...) --- data/hooks/conf_regen/34-mysql | 63 ++++++++++++++-------------------- 1 file changed, 25 insertions(+), 38 deletions(-) diff --git a/data/hooks/conf_regen/34-mysql b/data/hooks/conf_regen/34-mysql index ac2395f34..d9374bbf5 100755 --- a/data/hooks/conf_regen/34-mysql +++ b/data/hooks/conf_regen/34-mysql @@ -15,6 +15,31 @@ do_pre_regen() { do_post_regen() { regen_conf_files=$1 + if [[ ! -d /var/lib/mysql/mysql ]] + then + # dpkg-reconfigure will initialize mysql (if it ain't already) + # It enabled auth_socket for root, so no need to define any root password... + # c.f. : cat /var/lib/dpkg/info/mariadb-server-10.3.postinst | grep install_db -C3 + dpkg-reconfigure -freadline -u "$MYSQL_PKG" 2>&1 + + systemctl -q is-active mariadb.service \ + || systemctl start mariadb + + sleep 5 + + echo "" | mysql && echo "Can't connect to mysql using unix_socket auth ... something went wrong during initial configuration of mysql !?" + fi + + if [ ! -e /etc/yunohost/mysql ] + then + # Dummy password that's not actually used nor meaningful ... + # (because mysql is supposed to be configured to use unix_socket on new setups) + # but keeping it for legacy + # until we merge https://github.com/YunoHost/yunohost/pull/912 ... + ynh_string_random 10 > /etc/yunohost/mysql + chmod 400 /etc/yunohost/mysql + fi + # mysql is supposed to be an alias to mariadb... but in some weird case is not # c.f. https://forum.yunohost.org/t/mysql-ne-fonctionne-pas/11661 # Playing with enable/disable allows to recreate the proper symlinks. @@ -27,44 +52,6 @@ do_post_regen() { systemctl is-active mariadb -q || systemctl start mariadb fi - if [ ! -f /etc/yunohost/mysql ]; then - - # ensure that mysql is running - systemctl -q is-active mysql.service \ - || service mysql start - - # generate and set new root password - mysql_password=$(ynh_string_random 10) - mysqladmin -s -u root -pyunohost password "$mysql_password" || { - if [ $FORCE -eq 1 ]; then - echo "It seems that you have already configured MySQL." \ - "YunoHost needs to have a root access to MySQL to runs its" \ - "applications, and is going to reset the MySQL root password." \ - "You can find this new password in /etc/yunohost/mysql." >&2 - - # set new password with debconf - debconf-set-selections << EOF -$MYSQL_PKG mysql-server/root_password password $mysql_password -$MYSQL_PKG mysql-server/root_password_again password $mysql_password -EOF - - # reconfigure Debian package - dpkg-reconfigure -freadline -u "$MYSQL_PKG" 2>&1 - else - echo "It seems that you have already configured MySQL." \ - "YunoHost needs to have a root access to MySQL to runs its" \ - "applications, but the MySQL root password is unknown." \ - "You must either pass --force to reset the password or" \ - "put the current one into the file /etc/yunohost/mysql." >&2 - exit 1 - fi - } - - # store new root password - echo "$mysql_password" | tee /etc/yunohost/mysql - chmod 400 /etc/yunohost/mysql - fi - [[ -z "$regen_conf_files" ]] \ || service mysql restart } From f398f463f4ef2e72a9f7fddac91a3c9118f4ff43 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sun, 21 Feb 2021 05:12:38 +0100 Subject: [PATCH 3/4] Replace \t in conf.json.persistent... --- src/yunohost/utils/legacy.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/yunohost/utils/legacy.py b/src/yunohost/utils/legacy.py index ebc7b65de..c3f7ab5a9 100644 --- a/src/yunohost/utils/legacy.py +++ b/src/yunohost/utils/legacy.py @@ -215,6 +215,9 @@ def translate_legacy_rules_in_ssowant_conf_json_persistent(): if not os.path.exists(persistent_file_name): return + # Ugly hack because for some reason so many people have tabs in their conf.json.persistent ... + os.system(r"sed -i 's/\t/ /g' /etc/ssowat/conf.json.persistent") + # Ugly hack to try not to misarably fail migration persistent = read_yaml(persistent_file_name) From 1846c3a07b314d25f7a58e1fa79a92a1c8c12d99 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sun, 21 Feb 2021 05:28:30 +0100 Subject: [PATCH 4/4] Update changelog for 4.1.7.2 --- debian/changelog | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/debian/changelog b/debian/changelog index 4e893dee0..95cca2eb8 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,13 @@ +yunohost (4.1.7.2) testing; urgency=low + + - [fix] When migration legacy protected permissions, all users were allowed on the new perm (29bd3c4a) + - [fix] Mysql is a fucking joke (... trying to fix the mysql issue on RPi ...) (cd4fdb2b) + - [fix] Replace \t when converting legacy conf.json.persistent... (f398f463) + + Thanks to all contributors <3 ! (ljf) + + -- Alexandre Aubin Sun, 21 Feb 2021 05:25:49 +0100 + yunohost (4.1.7.1) stable; urgency=low - [enh] helpers: Fix ynh_exec_as regression (ac38e53a7)