Merge branch 'bullseye' into modules-sortof

.gitlab-ci.yml

@@ -19,6 +19,8 @@ workflow:
     - if: $CI_PIPELINE_SOURCE == "merge_request_event" # If we move to gitlab one day
     - if: $CI_PIPELINE_SOURCE == "external_pull_request_event" # For github PR
     - if: $CI_COMMIT_TAG # For tags
+    - if: $CI_COMMIT_REF_NAME == "ci-format-dev"  # Ignore black formatting branch created by the CI
+      when: never
     - if: $CI_COMMIT_REF_NAME != $CI_DEFAULT_BRANCH  && $CI_PIPELINE_SOURCE == "push" # If it's not the default branch and if it's a push, then do not trigger a build
       when: never
     - when: always

.gitlab/ci/build.gitlab-ci.yml

@@ -5,11 +5,13 @@
     YNH_SOURCE: "https://github.com/yunohost"
   before_script:
     - mkdir -p $YNH_BUILD_DIR
+    - DEBIAN_FRONTEND=noninteractive apt update
   artifacts:
     paths:
       - $YNH_BUILD_DIR/*.deb
 
 .build_script: &build_script
+  - DEBIAN_FRONTEND=noninteractive apt --assume-yes -o Dpkg::Options::="--force-confold" install devscripts --no-install-recommends
   - cd $YNH_BUILD_DIR/$PACKAGE
   - VERSION=$(dpkg-parsechangelog -S Version 2>/dev/null)
   - VERSION_NIGHTLY="${VERSION}+$(date +%Y%m%d%H%M)"

.gitlab/ci/lint.gitlab-ci.yml

@@ -3,28 +3,27 @@
 ########################################
 # later we must fix lint and format-check jobs and remove "allow_failure"
 
----
-lint37:
+lint39:
   stage: lint
   image: "before-install"
   needs: []
   allow_failure: true
   script:
-    - tox -e py37-lint
+    - tox -e py39-lint
 
-invalidcode37:
+invalidcode39:
   stage: lint
   image: "before-install"
   needs: []
   script:
-    - tox -e py37-invalidcode
+    - tox -e py39-invalidcode
 
 mypy:
   stage: lint
   image: "before-install"
   needs: []
   script:
-    - tox -e py37-mypy
+    - tox -e py39-mypy
 
 black:
   stage: lint
@@ -39,7 +38,7 @@ black:
   script:
     # create a local branch that will overwrite distant one
     - git checkout -b "ci-format-${CI_COMMIT_REF_NAME}" --no-track
-    - tox -e py37-black-run
+    - tox -e py39-black-run
     - '[ $(git diff | wc -l) != 0 ] || exit 0'  # stop if there is nothing to commit
     - git commit -am "[CI] Format code with Black" || true
     - git push -f origin "ci-format-${CI_COMMIT_REF_NAME}":"ci-format-${CI_COMMIT_REF_NAME}"

.gitlab/ci/test.gitlab-ci.yml

@@ -1,6 +1,7 @@
 .install_debs: &install_debs
     - apt-get update -o Acquire::Retries=3
     - DEBIAN_FRONTEND=noninteractive SUDO_FORCE_REMOVE=yes apt --assume-yes -o Dpkg::Options::="--force-confold" --allow-downgrades install ./$YNH_BUILD_DIR/*.deb
+    - pip3 install -U mock pip pytest pytest-cov pytest-mock pytest-sugar requests-mock tox ansi2html black jinja2
 
 .test-stage:
   stage: tests

data/actionsmap/yunohost.yml

@@ -89,9 +89,6 @@ user:
                         pattern: &pattern_lastname
                             - !!str ^([^\W\d_]{1,30}[ ,.'-]{0,3})+$
                             - "pattern_lastname"
-                -m:
-                    full: --mail
-                    help: (Deprecated, see --domain) Main unique email address
                 -p:
                     full: --password
                     help: User password
@@ -741,9 +738,6 @@ app:
                 app:
                     help: Name, local path or git URL of the app to fetch the manifest of
 
-        fetchlist:
-            deprecated: true
-
         ### app_list()
         list:
             action_help: List installed apps
@@ -753,12 +747,6 @@ app:
                     full: --full
                     help: Display all details, including the app manifest and various other infos
                     action: store_true
-                -i:
-                    full: --installed
-                    help: Dummy argument, does nothing anymore (still there only for backward compatibility)
-                    action: store_true
-                filter:
-                    nargs: '?'
 
         ### app_info()
         info:
@@ -923,36 +911,6 @@ app:
                 new_label:
                     help: New app label
 
-        ### app_addaccess() TODO: Write help
-        addaccess:
-            action_help: Grant access right to users (everyone by default)
-            deprecated: true
-            arguments:
-                apps:
-                    nargs: "+"
-                -u:
-                    full: --users
-                    nargs: "*"
-
-        ### app_removeaccess() TODO: Write help
-        removeaccess:
-            action_help: Revoke access right to users (everyone by default)
-            deprecated: true
-            arguments:
-                apps:
-                    nargs: "+"
-                -u:
-                    full: --users
-                    nargs: "*"
-
-        ### app_clearaccess()
-        clearaccess:
-            action_help: Reset access rights for the app
-            deprecated: true
-            arguments:
-                apps:
-                    nargs: "+"
-
     subcategories:
 
       action:
@@ -1197,13 +1155,6 @@ service:
                     full: --log
                     help: Absolute path to log file to display
                     nargs: "+"
-                -t:
-                    full: --log_type
-                    help: Type of the log (file or systemd)
-                    nargs: "+"
-                    choices:
-                        - file
-                        - systemd
                 --test_status:
                     help: Specify a custom bash command to check the status of the service. Note that it only makes sense to specify this if the corresponding systemd service does not return the proper information already.
                 --test_conf:
@@ -1217,9 +1168,6 @@ service:
                     full: --need_lock
                     help: Use this option to prevent deadlocks if the service does invoke yunohost commands.
                     action: store_true
-                -s:
-                    full: --status
-                    help: Deprecated, old option. Does nothing anymore. Possibly check the --test_status option.
 
         ### service_remove()
         remove:
@@ -1321,35 +1269,6 @@ service:
                     default: 50
                     type: int
 
-        ### service_regen_conf()
-        regen-conf:
-            action_help: Regenerate the configuration file(s) for a service
-            deprecated_alias:
-                - regenconf
-            arguments:
-                names:
-                    help: Services name to regenerate configuration of
-                    nargs: "*"
-                    metavar: NAME
-                -d:
-                    full: --with-diff
-                    help: Show differences in case of configuration changes
-                    action: store_true
-                -f:
-                    full: --force
-                    help: >
-                        Override all manual modifications in configuration
-                        files
-                    action: store_true
-                -n:
-                    full: --dry-run
-                    help: Show what would have been regenerated
-                    action: store_true
-                -p:
-                    full: --list-pending
-                    help: List pending configuration files and exit
-                    action: store_true
-
 #############################
 #         Firewall          #
 #############################
@@ -1510,14 +1429,6 @@ dyndns:
                     help: Only display the generated zone
                     action: store_true
 
-        ### dyndns_installcron()
-        installcron:
-            deprecated: true
-
-        ### dyndns_removecron()
-        removecron:
-            deprecated: true
-
 
 #############################
 #           Tools           #
@@ -1597,12 +1508,6 @@ tools:
                     nargs: "?"
                     metavar: TARGET
                     default: all
-                --apps:
-                    help: (Deprecated, see first positional arg) Fetch the application list to check which apps can be upgraded
-                    action: store_true
-                --system:
-                    help: (Deprecated, see first positional arg) Fetch available system packages upgrades (equivalent to apt update)
-                    action: store_true
 
         ### tools_upgrade()
         upgrade:
@@ -1615,12 +1520,6 @@ tools:
                         - apps
                         - system
                     nargs: "?"
-                --apps:
-                    help: (Deprecated, see first positional arg) Upgrade all applications
-                    action: store_true
-                --system:
-                    help: (Deprecated, see first positional arg) Upgrade only the system packages
-                    action: store_true
 
         ### tools_shell()
         shell:

data/helpers.d/apt

@@ -176,8 +176,9 @@ ynh_package_install_from_equivs() {
     # Build and install the package
     local TMPDIR=$(mktemp --directory)
 
-    # Force the compatibility level at 10, levels below are deprecated
-    echo 10 >/usr/share/equivs/template/debian/compat
+    # Make sure to delete the legacy compat file
+    # It's now handle somewhat magically through the control file
+    rm -f /usr/share/equivs/template/debian/compat
 
     # Note that the cd executes into a sub shell
     # Create a fake deb package with equivs-build and the given control file
@@ -187,7 +188,7 @@ ynh_package_install_from_equivs() {
     cp "$controlfile" "${TMPDIR}/control"
     (
         cd "$TMPDIR"
-        LC_ALL=C equivs-build ./control 1>/dev/null
+        LC_ALL=C equivs-build ./control 2>&1
         LC_ALL=C dpkg --force-depends --install "./${pkgname}_${pkgversion}_all.deb" 2>&1 | tee ./dpkg_log
     )
 
@@ -295,8 +296,6 @@ EOF
         || ynh_die --message="Unable to install dependencies" # Install the fake package and its dependencies
     rm /tmp/${dep_app}-ynh-deps.control
 
-    ynh_app_setting_set --app=$app --key=apt_dependencies --value="$dependencies"
-
     if [[ -n "$specific_php_version" ]]
     then
         ynh_app_setting_set --app=$app --key=phpversion --value=$specific_php_version

data/helpers.d/backup

@@ -9,7 +9,6 @@ CAN_BIND=${CAN_BIND:-1}
 # | arg: -d, --dest_path=       - destination file or directory inside the backup dir
 # | arg: -b, --is_big           - Indicate data are big (mail, video, image ...)
 # | arg: -m, --not_mandatory    - Indicate that if the file is missing, the backup can ignore it.
-# | arg: arg - Deprecated arg
 #
 # This helper can be used both in a system backup hook, and in an app backup script
 #
@@ -288,18 +287,6 @@ ynh_restore_file() {
     fi
 }
 
-# Deprecated helper since it's a dangerous one!
-#
-# [internal]
-#
-ynh_bind_or_cp() {
-    local AS_ROOT=${3:-0}
-    local NO_ROOT=0
-    [[ "${AS_ROOT}" = "1" ]] || NO_ROOT=1
-    ynh_print_warn --message="This helper is deprecated, you should use ynh_backup instead"
-    ynh_backup "$1" "$2" 1
-}
-
 # Calculate and store a file checksum into the app settings
 #
 # usage: ynh_store_file_checksum --file=file
@@ -479,7 +466,12 @@ ynh_restore_upgradebackup() {
             yunohost app remove $app
             # Restore the backup
             yunohost backup restore $app_bck-pre-upgrade$backup_number --apps $app --force --debug
-            ynh_die --message="The app was restored to the way it was before the failed upgrade."
+            if [[ -d /etc/yunohost/apps/$app ]]
+            then
+                ynh_die --message="The app was restored to the way it was before the failed upgrade."
+            else
+                ynh_die --message="Uhoh ... Yunohost failed to restore the app to the way it was before the failed upgrade :|"
+            fi
         fi
     else
         ynh_print_warn --message="\$NO_BACKUP_UPGRADE is set, that means there's no backup to restore. You have to fix this upgrade by yourself !"

data/helpers.d/fail2ban

@@ -10,9 +10,8 @@
 #
 # -----------------------------------------------------------------------------
 #
-# usage 2: ynh_add_fail2ban_config --use_template [--others_var="list of others variables to replace"]
+# usage 2: ynh_add_fail2ban_config --use_template
 # | arg: -t, --use_template - Use this helper in template mode
-# | arg: -v, --others_var=  - List of others variables to replace separeted by a space for example : 'var_1 var_2 ...'
 #
 # This will use a template in `../conf/f2b_jail.conf` and `../conf/f2b_filter.conf`
 # See the documentation of `ynh_add_config` for a description of the template
@@ -65,22 +64,18 @@
 ynh_add_fail2ban_config() {
     # Declare an array to define the options of this helper.
     local legacy_args=lrmptv
-    local -A args_array=([l]=logpath= [r]=failregex= [m]=max_retry= [p]=ports= [t]=use_template [v]=others_var=)
+    local -A args_array=([l]=logpath= [r]=failregex= [m]=max_retry= [p]=ports= [t]=use_template)
     local logpath
     local failregex
     local max_retry
     local ports
-    local others_var
     local use_template
     # Manage arguments with getopts
     ynh_handle_getopts_args "$@"
     max_retry=${max_retry:-3}
     ports=${ports:-http,https}
-    others_var="${others_var:-}"
     use_template="${use_template:-0}"
 
-    [[ -z "$others_var" ]] || ynh_print_warn --message="Packagers: using --others_var is unecessary since YunoHost 4.2"
-
     if [ $use_template -ne 1 ]; then
         # Usage 1, no template. Build a config file from scratch.
         test -n "$logpath" || ynh_die --message="ynh_add_fail2ban_config expects a logfile path as first argument and received nothing."

data/helpers.d/nodejs

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-n_version=7.5.0
+n_version=8.0.0
 n_install_dir="/opt/node_n"
 node_version_path="$n_install_dir/n/versions/node"
 # N_PREFIX is the directory of n, it needs to be loaded as a environment variable.
@@ -14,10 +14,9 @@ export N_PREFIX="$n_install_dir"
 #
 # Requires YunoHost version 2.7.12 or higher.
 ynh_install_n() {
-    ynh_print_info --message="Installation of N - Node.js version management"
     # Build an app.src for n
     echo "SOURCE_URL=https://github.com/tj/n/archive/v${n_version}.tar.gz
-SOURCE_SUM=d4da7ea91f680de0c9b5876e097e2a793e8234fcd0f7ca87a0599b925be087a3" >"$YNH_APP_BASEDIR/conf/n.src"
+SOURCE_SUM=9e8879dc4f1c4c0fe4e08a108ed6c23046419b6865fe922ca5176ff7998ae6ff" >"$YNH_APP_BASEDIR/conf/n.src"
     # Download and extract n
     ynh_setup_source --dest_dir="$n_install_dir/git" --source_id=n
     # Install n

data/helpers.d/php

@@ -1,6 +1,6 @@
 #!/bin/bash
 
-readonly YNH_DEFAULT_PHP_VERSION=7.3
+readonly YNH_DEFAULT_PHP_VERSION=7.4
 # Declare the actual PHP version to use.
 # A packager willing to use another version of PHP can override the variable into its _common.sh.
 YNH_PHP_VERSION=${YNH_PHP_VERSION:-$YNH_DEFAULT_PHP_VERSION}
@@ -90,9 +90,11 @@ ynh_add_fpm_config() {
         local old_php_fpm_config_dir=$(ynh_app_setting_get --app=$app --key=fpm_config_dir)
         local old_php_finalphpconf="$old_php_fpm_config_dir/pool.d/$app.conf"
 
-        ynh_backup_if_checksum_is_different --file="$old_php_finalphpconf"
-
-        ynh_remove_fpm_config
+        if [[ -f "$old_php_finalphpconf" ]]
+        then
+            ynh_backup_if_checksum_is_different --file="$old_php_finalphpconf"
+            ynh_remove_fpm_config
+        fi
     fi
 
     # Legacy args (packager should just list their php dependency as regular apt dependencies...

data/helpers.d/postgresql

@@ -1,7 +1,7 @@
 #!/bin/bash
 
 PSQL_ROOT_PWD_FILE=/etc/yunohost/psql
-PSQL_VERSION=11
+PSQL_VERSION=13
 
 # Open a connection as a user
 #

data/helpers.d/systemd

@@ -15,17 +15,13 @@
 ynh_add_systemd_config() {
     # Declare an array to define the options of this helper.
     local legacy_args=stv
-    local -A args_array=([s]=service= [t]=template= [v]=others_var=)
+    local -A args_array=([s]=service= [t]=template=)
     local service
     local template
-    local others_var
     # Manage arguments with getopts
     ynh_handle_getopts_args "$@"
     service="${service:-$app}"
     template="${template:-systemd.service}"
-    others_var="${others_var:-}"
-
-    [[ -z "$others_var" ]] || ynh_print_warn --message="Packagers: using --others_var is unecessary since YunoHost 4.2"
 
     ynh_add_config --template="$YNH_APP_BASEDIR/conf/$template" --destination="/etc/systemd/system/$service.service"
 

data/helpers.d/utils

@@ -290,8 +290,18 @@ ynh_local_curl() {
     chown root $cookiefile
     chmod 700 $cookiefile
 
+    # Temporarily enable visitors if needed...
+    local visitors_enabled=$(ynh_permission_has_user "main" "visitors" && echo yes || echo no)
+    if [[ $visitors_enabled == "no" ]]; then
+        ynh_permission_update --permission "main" --add "visitors"
+    fi
+
     # Curl the URL
     curl --silent --show-error --insecure --location --header "Host: $domain" --resolve $domain:443:127.0.0.1 $POST_data "$full_page_url" --cookie-jar $cookiefile --cookie $cookiefile
+
+    if [[ $visitors_enabled == "no" ]]; then
+        ynh_permission_update --permission "main" --remove "visitors"
+    fi
 }
 
 # Create a dedicated config file from a template
@@ -679,26 +689,6 @@ ynh_get_debian_release() {
     echo $(lsb_release --codename --short)
 }
 
-# Create a directory under /tmp
-#
-# [internal]
-#
-# Deprecated helper
-#
-# usage: ynh_mkdir_tmp
-# | ret: the created directory path
-ynh_mkdir_tmp() {
-    ynh_print_warn --message="The helper ynh_mkdir_tmp is deprecated."
-    ynh_print_warn --message="You should use 'mktemp -d' instead and manage permissions \
-properly with chmod/chown."
-    local TMP_DIR=$(mktemp --directory)
-
-    # Give rights to other users could be a security risk.
-    # But for retrocompatibility we need it. (This helpers is deprecated)
-    chmod 755 $TMP_DIR
-    echo $TMP_DIR
-}
-
 _acceptable_path_to_delete() {
     local file=$1
 
@@ -720,7 +710,6 @@ _acceptable_path_to_delete() {
     fi
 }
 
-
 # Remove a file or a directory securely
 #
 # usage: ynh_secure_remove --file=path_to_remove
@@ -753,34 +742,6 @@ ynh_secure_remove() {
     set -o xtrace # set -x
 }
 
-# Extract a key from a plain command output
-#
-# [internal]
-#
-# (Deprecated, use --output-as json and jq instead)
-ynh_get_plain_key() {
-    local prefix="#"
-    local found=0
-    # We call this key_ so that it's not caught as
-    # an info to be redacted by the core
-    local key_=$1
-    shift
-    while read line; do
-        if [[ "$found" == "1" ]]; then
-            [[ "$line" =~ ^${prefix}[^#] ]] && return
-            echo $line
-        elif [[ "$line" =~ ^${prefix}${key_}$ ]]; then
-            if [[ -n "${1:-}" ]]; then
-                prefix+="#"
-                key_=$1
-                shift
-            else
-                found=1
-            fi
-        fi
-    done
-}
-
 # Read the value of a key in a ynh manifest file
 #
 # usage: ynh_read_manifest --manifest="manifest.json" --key="key"

data/hooks/backup/20-conf_ynh_settings

@@ -12,7 +12,7 @@ backup_dir="${1}/conf/ynh"
 # Backup the configuration
 ynh_backup "/etc/yunohost/firewall.yml" "${backup_dir}/firewall.yml"
 ynh_backup "/etc/yunohost/current_host" "${backup_dir}/current_host"
-ynh_backup "/etc/yunohost/domains" "${backup_dir}/domains"
+[ ! -d "/etc/yunohost/domains" ] || ynh_backup "/etc/yunohost/domains" "${backup_dir}/domains"
 [ ! -e "/etc/yunohost/settings.json" ] || ynh_backup "/etc/yunohost/settings.json" "${backup_dir}/settings.json"
 [ ! -d "/etc/yunohost/dyndns" ] || ynh_backup "/etc/yunohost/dyndns" "${backup_dir}/dyndns"
 [ ! -d "/etc/dkim" ] || ynh_backup "/etc/dkim" "${backup_dir}/dkim"

data/hooks/conf_regen/01-yunohost

@@ -73,10 +73,6 @@ do_pre_regen() {
 
     cd /usr/share/yunohost/templates/yunohost
 
-    # Legacy code that can be removed once on bullseye
-    touch /etc/yunohost/services.yml
-    yunohost tools shell -c "from yunohost.service import _get_services, _save_services; _save_services(_get_services())"
-
     mkdir -p $pending_dir/etc/systemd/system
     mkdir -p $pending_dir/etc/cron.d/
     mkdir -p $pending_dir/etc/cron.daily/
@@ -119,18 +115,13 @@ EOF
         touch $pending_dir/etc/cron.d/yunohost-dyndns
     fi
 
-    # legacy stuff to avoid yunohost reporting etckeeper as manually modified
-    # (this make sure that the hash is null / file is flagged as to-delete)
-    mkdir -p $pending_dir/etc/etckeeper
-    touch $pending_dir/etc/etckeeper/etckeeper.conf
-
     # Skip ntp if inside a container (inspired from the conf of systemd-timesyncd)
     mkdir -p ${pending_dir}/etc/systemd/system/ntp.service.d/
-    echo "
+    cat >${pending_dir}/etc/systemd/system/ntp.service.d/ynh-override.conf <<EOF
 [Unit]
 ConditionCapability=CAP_SYS_TIME
 ConditionVirtualization=!container
-" >${pending_dir}/etc/systemd/system/ntp.service.d/ynh-override.conf
+EOF
 
     # Make nftable conflict with yunohost-firewall
     mkdir -p ${pending_dir}/etc/systemd/system/nftables.service.d/

data/hooks/conf_regen/03-ssh

@@ -7,10 +7,6 @@ set -e
 do_pre_regen() {
     pending_dir=$1
 
-    # If the (legacy) 'from_script' flag is here,
-    # we won't touch anything in the ssh config.
-    [[ ! -f /etc/yunohost/from_script ]] || return 0
-
     cd /usr/share/yunohost/templates/ssh
 
     # do not listen to IPv6 if unavailable
@@ -34,10 +30,6 @@ do_pre_regen() {
 do_post_regen() {
     regen_conf_files=$1
 
-    # If the (legacy) 'from_script' flag is here,
-    # we won't touch anything in the ssh config.
-    [[ ! -f /etc/yunohost/from_script ]] || return 0
-
     # If no file changed, there's nothing to do
     [[ -n "$regen_conf_files" ]] || return 0
 

data/hooks/conf_regen/06-slapd

@@ -109,11 +109,6 @@ do_pre_regen() {
     schema_dir="${ldap_dir}/schema"
     mkdir -p "$ldap_dir" "$schema_dir"
 
-    # remove legacy configuration file
-    [ ! -f /etc/ldap/slapd-yuno.conf ] || touch "${ldap_dir}/slapd-yuno.conf"
-    [ ! -f /etc/ldap/slapd.conf ] || touch "${ldap_dir}/slapd.conf"
-    [ ! -f /etc/ldap/schema/yunohost.schema ] || touch "${schema_dir}/yunohost.schema"
-
     cd /usr/share/yunohost/templates/slapd
 
     # copy configuration files

data/hooks/conf_regen/10-apt

@@ -63,8 +63,8 @@ do_post_regen() {
         wget --timeout 900 --quiet "https://packages.sury.org/php/apt.gpg" --output-document=- | gpg --dearmor >"/etc/apt/trusted.gpg.d/extra_php_version.gpg"
     fi
 
-    # Make sure php7.3 is the default version when using php in cli
-    update-alternatives --set php /usr/bin/php7.3
+    # Make sure php7.4 is the default version when using php in cli
+    update-alternatives --set php /usr/bin/php7.4
 }
 
 do_$1_regen ${@:2}

data/hooks/conf_regen/15-nginx

@@ -134,18 +134,6 @@ do_post_regen() {
         mkdir -p "/etc/nginx/conf.d/${domain}.d"
     done
 
-    # Get rid of legacy lets encrypt snippets
-    for domain in $YNH_DOMAINS; do
-        # If the legacy letsencrypt / acme-challenge domain-specific snippet is still there
-        if [ -e /etc/nginx/conf.d/${domain}.d/000-acmechallenge.conf ]; then
-            # And if we're effectively including the new domain-independant snippet now
-            if grep -q "include /etc/nginx/conf.d/acme-challenge.conf.inc;" /etc/nginx/conf.d/${domain}.conf; then
-                # Delete the old domain-specific snippet
-                rm /etc/nginx/conf.d/${domain}.d/000-acmechallenge.conf
-            fi
-        fi
-    done
-
     # Reload nginx if conf looks good, otherwise display error and exit unhappy
     nginx -t 2>/dev/null || {
         nginx -t

data/hooks/conf_regen/34-mysql

@@ -12,9 +12,9 @@ fi
 do_pre_regen() {
     pending_dir=$1
 
-    cd /usr/share/yunohost/templates/mysql
+    #cd /usr/share/yunohost/templates/mysql
 
-    install -D -m 644 my.cnf "${pending_dir}/etc/mysql/my.cnf"
+    # Nothing to do
 }
 
 do_post_regen() {
@@ -35,27 +35,6 @@ do_post_regen() {
         echo "" | mysql && echo "Can't connect to mysql using unix_socket auth ... something went wrong during initial configuration of mysql !?" >&2
     fi
 
-    # Legacy code to get rid of /etc/yunohost/mysql ...
-    # Nowadays, we can simply run mysql while being run as root of unix_socket/auth_socket is enabled...
-    if [ -f /etc/yunohost/mysql ]; then
-
-        # This is a trick to check if we're able to use mysql without password
-        # Expect instances installed in stretch to already have unix_socket
-        #configured, but not old instances from the jessie/wheezy era
-        if ! echo "" | mysql 2>/dev/null; then
-            password="$(cat /etc/yunohost/mysql)"
-            # Enable plugin unix_socket for root on localhost
-            mysql -u root -p"$password" <<<"GRANT ALL PRIVILEGES ON *.* TO 'root'@'localhost' IDENTIFIED WITH unix_socket WITH GRANT OPTION;"
-        fi
-
-        # If now we're able to login without password, drop the mysql password
-        if echo "" | mysql 2>/dev/null; then
-            rm /etc/yunohost/mysql
-        else
-            echo "Can't connect to mysql using unix_socket auth ... something went wrong while trying to get rid of mysql password !?" >&2
-        fi
-    fi
-
     # mysql is supposed to be an alias to mariadb... but in some weird case is not
     # c.f. https://forum.yunohost.org/t/mysql-ne-fonctionne-pas/11661
     # Playing with enable/disable allows to recreate the proper symlinks.

data/hooks/conf_regen/37-mdns

@@ -11,6 +11,13 @@ _generate_config() {
         [[ "$domain" =~ ^[^.]+\.local$ ]] || continue
         echo "    - $domain"
     done
+    if [[ -e /etc/yunohot/mdns.aliases ]]
+    then
+        for localalias in $(cat /etc/yunohost/mdns.aliases | grep -v "^ *$")
+        do
+            echo "    - $localalias.local"
+        done
+    fi
 }
 
 do_init_regen() {

data/hooks/diagnosis/12-dnsrecords.py

@@ -4,7 +4,7 @@ import os
 import re
 
 from datetime import datetime, timedelta
-from publicsuffix import PublicSuffixList
+from publicsuffix2 import PublicSuffixList
 
 from moulinette.utils.process import check_output
 

data/hooks/diagnosis/24-mail.py

@@ -209,8 +209,11 @@ class MailDiagnoser(Diagnoser):
                 query = subdomain + "." + blacklist["dns_server"]
 
                 # Do the DNS Query
-                status, _ = dig(query, "A")
-                if status != "ok":
+                status, answers = dig(query, "A")
+                if status != "ok" or (
+                    answers
+                    and set(answers) <= set(blacklist["non_blacklisted_return_code"])
+                ):
                     continue
 
                 # Try to get the reason

data/hooks/restore/20-conf_ynh_settings

@@ -2,7 +2,7 @@ backup_dir="$1/conf/ynh"
 
 cp -a "${backup_dir}/current_host" /etc/yunohost/current_host
 cp -a "${backup_dir}/firewall.yml" /etc/yunohost/firewall.yml
-cp -a "${backup_dir}/domains" /etc/yunohost/domains
+[ ! -d "${backup_dir}/domains" ] || cp -a "${backup_dir}/domains" /etc/yunohost/domains
 [ ! -e "${backup_dir}/settings.json" ] || cp -a "${backup_dir}/settings.json" "/etc/yunohost/settings.json"
 [ ! -d "${backup_dir}/dyndns" ] || cp -raT "${backup_dir}/dyndns" "/etc/yunohost/dyndns"
 [ ! -d "${backup_dir}/dkim" ] || cp -raT "${backup_dir}/dkim" "/etc/dkim"

data/other/dnsbl_list.yml

@@ -5,138 +5,161 @@
   ipv4: true
   ipv6: true
   domain: false
+  non_blacklisted_return_code: []
 - name: Barracuda Reputation Block List
   dns_server: b.barracudacentral.org
   website: https://barracudacentral.org/rbl/
   ipv4: true
   ipv6: false
   domain: false
+  non_blacklisted_return_code: []
 - name: Hostkarma
   dns_server: hostkarma.junkemailfilter.com
   website: https://ipadmin.junkemailfilter.com/remove.php
   ipv4: true
   ipv6: false
   domain: false
+  non_blacklisted_return_code: ['127.0.0.1', '127.0.0.5']
 - name: ImproWare IP based spamlist
   dns_server: spamrbl.imp.ch
   website: https://antispam.imp.ch/
   ipv4: true
   ipv6: false
   domain: false
+  non_blacklisted_return_code: []
 - name: ImproWare IP based wormlist
   dns_server: wormrbl.imp.ch
   website: https://antispam.imp.ch/
   ipv4: true
   ipv6: false
   domain: false
+  non_blacklisted_return_code: []
 - name: Backscatterer.org 
   dns_server: ips.backscatterer.org 
   website: http://www.backscatterer.org/ 
   ipv4: true
   ipv6: false
   domain: false
+  non_blacklisted_return_code: []
 - name: inps.de
   dns_server: dnsbl.inps.de
   website: http://dnsbl.inps.de/ 
   ipv4: true
   ipv6: false
   domain: false
+  non_blacklisted_return_code: []
 - name: LASHBACK 
   dns_server: ubl.unsubscore.com
   website: https://blacklist.lashback.com/
   ipv4: true
   ipv6: false
   domain: false
+  non_blacklisted_return_code: []
 - name: Mailspike.org
   dns_server: bl.mailspike.net 
   website: http://www.mailspike.net/
   ipv4: true
   ipv6: false
   domain: false
+  non_blacklisted_return_code: []
 - name: NiX Spam 
   dns_server: ix.dnsbl.manitu.net
   website: http://www.dnsbl.manitu.net/ 
   ipv4: true
   ipv6: false
   domain: false
+  non_blacklisted_return_code: []
 - name: REDHAWK 
   dns_server: access.redhawk.org
   website: https://www.redhawk.org/SpamHawk/query.php 
   ipv4: true
   ipv6: false
   domain: false
+  non_blacklisted_return_code: []
 - name: SORBS Open SMTP relays 
   dns_server: smtp.dnsbl.sorbs.net
   website: http://www.sorbs.net/ 
   ipv4: true
   ipv6: false
   domain: false
+  non_blacklisted_return_code: []
 - name: SORBS Spamhost (last 28 days) 
   dns_server: recent.spam.dnsbl.sorbs.net
   website: http://www.sorbs.net/ 
   ipv4: true
   ipv6: false
   domain: false
+  non_blacklisted_return_code: []
 - name: SORBS Spamhost (last 48 hours) 
   dns_server: new.spam.dnsbl.sorbs.net 
   website: http://www.sorbs.net/
   ipv4: true
   ipv6: false
   domain: false
+  non_blacklisted_return_code: []
 - name: SpamCop Blocking List 
   dns_server: bl.spamcop.net 
   website: https://www.spamcop.net/bl.shtml 
   ipv4: true
   ipv6: false
   domain: false
+  non_blacklisted_return_code: []
 - name: Spam Eating Monkey SEM-BACKSCATTER 
   dns_server: backscatter.spameatingmonkey.net
   website: https://spameatingmonkey.com/services 
   ipv4: true
   ipv6: false
   domain: false
+  non_blacklisted_return_code: []
 - name: Spam Eating Monkey SEM-BLACK
   dns_server: bl.spameatingmonkey.net
   website: https://spameatingmonkey.com/services
   ipv4: true
   ipv6: false
   domain: false
+  non_blacklisted_return_code: []
 - name: Spam Eating Monkey SEM-IPV6BL 
   dns_server: bl.ipv6.spameatingmonkey.net 
   website: https://spameatingmonkey.com/services 
   ipv4: false
   ipv6: true
   domain: false
+  non_blacklisted_return_code: []
 - name: SpamRATS! all 
   dns_server: all.spamrats.com 
   website: http://www.spamrats.com/ 
   ipv4: true
   ipv6: false
   domain: false
+  non_blacklisted_return_code: []
 - name: PSBL (Passive Spam Block List) 
   dns_server: psbl.surriel.com
   website: http://psbl.surriel.com/
   ipv4: true
   ipv6: false
   domain: false
+  non_blacklisted_return_code: []
 - name: SWINOG 
   dns_server: dnsrbl.swinog.ch
   website: https://antispam.imp.ch/ 
   ipv4: true
   ipv6: false
   domain: false
+  non_blacklisted_return_code: []
 - name: GBUdb Truncate
   dns_server: truncate.gbudb.net
   website: http://www.gbudb.com/truncate/index.jsp
   ipv4: true
   ipv6: false
   domain: false
+  non_blacklisted_return_code: []
 - name: Weighted Private Block List 
   dns_server: db.wpbl.info 
   website: http://www.wpbl.info/ 
   ipv4: true
   ipv6: false
   domain: false
+  non_blacklisted_return_code: []
 # Used by GAFAM
 - name: Composite Blocking List 
   dns_server: cbl.abuseat.org
@@ -144,6 +167,7 @@
   ipv4: true
   ipv6: false
   domain: false
+  non_blacklisted_return_code: []
 # Used by GAFAM
 - name: SenderScore Blacklist 
   dns_server: bl.score.senderscore.com
@@ -152,18 +176,21 @@
   ipv6: false
   domain: false
 # Added cause it supports IPv6
+  non_blacklisted_return_code: []
 - name: AntiCaptcha.NET IPv6
   dns_server: dnsbl6.anticaptcha.net
   website: http://anticaptcha.net/ 
   ipv4: false
   ipv6: true
   domain: false
+  non_blacklisted_return_code: []
 - name: Suomispam Blacklist 
   dns_server: bl.suomispam.net 
   website: http://suomispam.net/ 
   ipv4: true
   ipv6: true
   domain: false
+  non_blacklisted_return_code: []
 - name: NordSpam 
   dns_server: bl.nordspam.com
   website: https://www.nordspam.com/ 

data/templates/mysql/my.cnf

@@ -1,92 +0,0 @@
-# Example MySQL config file for small systems.
-#
-# This is for a system with little memory (<= 64M) where MySQL is only used
-# from time to time and it's important that the mysqld daemon
-# doesn't use much resources.
-#
-# MySQL programs look for option files in a set of
-# locations which depend on the deployment platform.
-# You can copy this option file to one of those
-# locations. For information about these locations, see:
-# http://dev.mysql.com/doc/mysql/en/option-files.html
-#
-# In this file, you can use all long options that a program supports.
-# If you want to know which options a program supports, run the program
-# with the "--help" option.
-
-# The following options will be passed to all MySQL clients
-[client]
-#password       = your_password
-port            = 3306
-socket          = /var/run/mysqld/mysqld.sock
-
-# Here follows entries for some specific programs
-
-# The MySQL server
-[mysqld]
-port            = 3306
-socket          = /var/run/mysqld/mysqld.sock
-skip-external-locking
-key_buffer_size = 16K
-max_allowed_packet = 16M
-table_open_cache = 4
-sort_buffer_size = 4M
-read_buffer_size = 256K
-read_rnd_buffer_size = 256K
-net_buffer_length = 2K
-thread_stack = 128K
-
-# to avoid corruption on powerfailure
-default-storage-engine=innodb
-
-# Don't listen on a TCP/IP port at all. This can be a security enhancement,
-# if all processes that need to connect to mysqld run on the same host.
-# All interaction with mysqld must be made via Unix sockets or named pipes.
-# Note that using this option without enabling named pipes on Windows
-# (using the "enable-named-pipe" option) will render mysqld useless!
-# 
-#skip-networking
-server-id       = 1
-
-# Uncomment the following if you want to log updates
-#log-bin=mysql-bin
-
-# binary logging format - mixed recommended
-#binlog_format=mixed
-
-# Causes updates to non-transactional engines using statement format to be
-# written directly to binary log. Before using this option make sure that
-# there are no dependencies between transactional and non-transactional
-# tables such as in the statement INSERT INTO t_myisam SELECT * FROM
-# t_innodb; otherwise, slaves may diverge from the master.
-#binlog_direct_non_transactional_updates=TRUE
-
-# Uncomment the following if you are using InnoDB tables
-#innodb_data_home_dir = /var/lib/mysql
-#innodb_data_file_path = ibdata1:10M:autoextend
-#innodb_log_group_home_dir = /var/lib/mysql
-# You can set .._buffer_pool_size up to 50 - 80 %
-# of RAM but beware of setting memory usage too high
-#innodb_buffer_pool_size = 16M
-#innodb_additional_mem_pool_size = 2M
-# Set .._log_file_size to 25 % of buffer pool size
-#innodb_log_file_size = 5M
-#innodb_log_buffer_size = 8M
-#innodb_flush_log_at_trx_commit = 1
-#innodb_lock_wait_timeout = 50
-
-[mysqldump]
-quick
-max_allowed_packet = 16M
-
-[mysql]
-no-auto-rehash
-# Remove the next comment character if you are not familiar with SQL
-#safe-updates
-
-[myisamchk]
-key_buffer_size = 8M
-sort_buffer_size = 8M
-
-[mysqlhotcopy]
-interactive-timeout

data/templates/nginx/security.conf.inc

@@ -26,11 +26,11 @@ ssl_dhparam /usr/share/yunohost/other/ffdhe2048.pem;
 # https://wiki.mozilla.org/Security/Guidelines/Web_Security
 # https://observatory.mozilla.org/
 {% if experimental == "True" %}
-more_set_headers "Content-Security-Policy : upgrade-insecure-requests; default-src https: data:";
+more_set_headers "Content-Security-Policy : upgrade-insecure-requests; default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'";
 {% else %}
 more_set_headers "Content-Security-Policy : upgrade-insecure-requests";
+more_set_headers "Content-Security-Policy-Report-Only : default-src https: data: blob: ; object-src https: data: 'unsafe-inline'; style-src https: data: 'unsafe-inline' ; script-src https: data: 'unsafe-inline' 'unsafe-eval'";
 {% endif %}
-more_set_headers "Content-Security-Policy-Report-Only : default-src https: data: 'unsafe-inline' 'unsafe-eval'  ";
 more_set_headers "X-Content-Type-Options : nosniff";
 more_set_headers "X-XSS-Protection : 1; mode=block";
 more_set_headers "X-Download-Options : noopen";

data/templates/nginx/yunohost_admin.conf.inc

@@ -13,6 +13,12 @@ location /yunohost/admin/ {
     deny all;
     {% endif %}
 
+    location = /yunohost/admin/index.html {
+        etag off;
+        expires off;
+        more_set_headers "Cache-Control: no-store, no-cache, must-revalidate";
+    }
+
     more_set_headers "Content-Security-Policy: upgrade-insecure-requests; default-src 'self'; connect-src 'self' https://paste.yunohost.org wss://$host; style-src 'self' 'unsafe-inline'; script-src 'self' 'unsafe-eval'; object-src 'none'; img-src 'self' data:;";
     more_set_headers "Content-Security-Policy-Report-Only:";
 }

data/templates/yunohost/services.yml

@@ -24,9 +24,9 @@ nginx:
   needs_exposed_ports: [80, 443]
   category: web
 # Yunohost will dynamically add installed php-fpm services (7.3, 7.4, 8.0, ...) in services.py
-#php7.3-fpm:
-#  log: /var/log/php7.3-fpm.log
-#  test_conf: php-fpm7.3 --test
+#php7.4-fpm:
+#  log: /var/log/php7.4-fpm.log
+#  test_conf: php-fpm7.4 --test
 #  category: web
 postfix:
   log: [/var/log/mail.log,/var/log/mail.err]
@@ -34,9 +34,9 @@ postfix:
   needs_exposed_ports: [25, 587]
   category: email
 postgresql:
-  actual_systemd_service: 'postgresql@11-main'
+  actual_systemd_service: 'postgresql@13-main'
   category: database
-  ignore_if_package_is_not_installed: postgresql-11
+  ignore_if_package_is_not_installed: postgresql-13
 redis-server:
   log: /var/log/redis/redis-server.log
   category: database
@@ -75,5 +75,6 @@ spamassassin: null
 rmilter: null
 php5-fpm: null
 php7.0-fpm: null
+php7.3-fpm:
 nslcd: null
 avahi-daemon: null

debian/changelog

@@ -1,3 +1,47 @@
+yunohost (11.0.0~alpha) unstable; urgency=low
+
+  - Placeholder for 11.0
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Fri, 05 Feb 2021 00:02:38 +0100
+
+yunohost (4.3.2.2) stable; urgency=low
+
+  - [fix] nginx: Try to fix again the webadmin cache hell (74e2a51e)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Sat, 06 Nov 2021 17:39:58 +0100
+
+yunohost (4.3.2.1) stable; urgency=low
+
+  - [enh] mdns: Add possibility to manually add .local aliases via /etc/yunohost/mdns.aliases (meant for internetcube) (3da2df6e)
+  - [fix] debian: Fix conflict with redis-server (6558b23d)
+  - [fix] nginx: Refine experimental CSP header (in the end still gotta enable unsafe-inline and unsafe-eval for a bunch of things, but better than no policy at all...) (1cc3e440)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Sat, 06 Nov 2021 16:58:07 +0100
+
+yunohost (4.3.2) stable; urgency=low
+
+  - Release as stable
+  - [i18n] Translations updated for Basque, Occitan
+
+  Thanks to all contributors <3 ! (punkrockgirl, Quentí)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Fri, 05 Nov 2021 02:32:56 +0100
+
+yunohost (4.3.1.8) testing; urgency=low
+
+  - [enh] dyndns: Drop some YAGNI + improve IPv6-only support + resilience w.r.t. ns0 / ns1 being down (a61d0231, [#1367](https://github.com/YunoHost/yunohost/pull/1367))
+  - [fix] helpers: improve composer debug when it can't install dependencies (4ebcaf8d)
+  - [enh] helpers: allow to get/set/delete app settings without explicitly passing app id everytime... (fcd2ef9d)
+  - [fix] helpers: Don't say the 'app was restored' when restore failed after failed upgrade (019d207c)
+  - [enh] helpers: temporarily auto-add visitors during ynh_local_curl if needed ([#1370](https://github.com/YunoHost/yunohost/pull/1370))
+  - [enh] apps: Add YNH_ARCH to app script env for easier debugging and arch check in script (85eb43a7)
+  - [mod] misc fixes/enh (2687121f, 146fba7d, 86a9cb37, 4e917b5e, 974ea71f, edc5295d, ba489bfc)
+  - [i18n] Translations updated for Basque, French, Spanish
+
+  Thanks to all contributors <3 ! (ljf, Page Asgardius, ppr, punkrockgirl)
+
+ -- Alexandre Aubin <alex.aubin@mailoo.org>  Wed, 03 Nov 2021 18:35:18 +0100
+
 yunohost (4.3.1.7) testing; urgency=low
 
   - [fix] configpanel: Misc technical fixes ... (341059d0, 9c22329e)

debian/compat

@@ -1 +0,0 @@
-9

debian/control

@@ -2,7 +2,7 @@ Source: yunohost
 Section: utils
 Priority: extra
 Maintainer: YunoHost Contributors <contrib@yunohost.org>
-Build-Depends: debhelper (>=9), dh-systemd, dh-python, python3-all (>= 3.7), python3-yaml, python3-jinja2
+Build-Depends: debhelper (>=9), debhelper-compat (= 13), dh-python, python3-all (>= 3.7), python3-yaml, python3-jinja2
 Standards-Version: 3.9.6
 Homepage: https://yunohost.org/
 
@@ -13,8 +13,10 @@ Depends: ${python3:Depends}, ${misc:Depends}
  , moulinette (>= 4.3), ssowat (>= 4.3)
  , python3-psutil, python3-requests, python3-dnspython, python3-openssl
  , python3-miniupnpc, python3-dbus, python3-jinja2
- , python3-toml, python3-packaging, python3-publicsuffix,
+ , python3-toml, python3-packaging, python3-publicsuffix2
  , python3-ldap, python3-zeroconf, python3-lexicon,
+ , python-is-python3
+ , nginx, nginx-extras (>=1.18)
  , apt, apt-transport-https, apt-utils, dirmngr
  , openssh-server, iptables, fail2ban, dnsutils, bind9utils
  , openssl, ca-certificates, netcat-openbsd, iproute2
@@ -30,24 +32,23 @@ Depends: ${python3:Depends}, ${misc:Depends}
 Recommends: yunohost-admin
  , ntp, inetutils-ping | iputils-ping
  , bash-completion, rsyslog
- , php7.3-common, php7.3-fpm, php7.3-ldap, php7.3-intl
- , mariadb-server, php7.3-mysql
- , php7.3-gd, php7.3-curl, php-gettext
+ , php7.4-common, php7.4-fpm, php7.4-ldap, php7.4-intl
+ , mariadb-server, php7.4-mysql
+ , php7.4-gd, php7.4-curl, php-php-gettext
  , python3-pip
  , unattended-upgrades
  , libdbd-ldap-perl, libnet-dns-perl
  , metronome (>=3.14.0)
-Suggests: htop, vim, rsync, acpi-support-base, udisks2
 Conflicts: iptables-persistent
  , apache2
  , bind9
- , nginx-extras (>= 1.16)
- , openssl (>= 1.1.1g)
- , slapd (>= 2.4.49)
- , dovecot-core (>= 1:2.3.7)
- , redis-server (>= 5:5.0.7)
- , fail2ban (>= 0.11)
- , iptables (>= 1.8.3)
+ , nginx-extras (>= 1.19)
+ , openssl (>= 1.1.1l-1)
+ , slapd (>= 2.4.58)
+ , dovecot-core (>= 1:2.3.14)
+ , redis-server (>= 5:6.1)
+ , fail2ban (>= 0.11.3)
+ , iptables (>= 1.8.8)
 Description: manageable and configured self-hosting server
  YunoHost aims to make self-hosting accessible to everyone. It configures
  an email, Web and IM server alongside a LDAP base. It also provides

debian/install

@@ -1,5 +1,4 @@
 bin/* /usr/bin/
-sbin/* /usr/sbin/
 data/* /usr/share/yunohost/
 data/bash-completion.d/yunohost /etc/bash_completion.d/
 doc/yunohost.8.gz /usr/share/man/man8/

debian/rules

@@ -1,11 +1,8 @@
 #!/usr/bin/make -f
 # -*- makefile -*-
 
-# Uncomment this to turn on verbose mode.
-#export DH_VERBOSE=1
-
 %:
-	dh ${@} --with=python3,systemd
+	dh ${@} --with python3
 
 override_dh_auto_build:
 	# Generate bash completion file
@@ -13,14 +10,5 @@ override_dh_auto_build:
 	python3 doc/generate_manpages.py --gzip --output doc/yunohost.8.gz
 
 override_dh_installinit:
-	dh_installinit -pyunohost --name=yunohost-api --restart-after-upgrade
-	dh_installinit -pyunohost --name=yunohost-firewall --noscripts
-
-override_dh_systemd_enable:
-	dh_systemd_enable --name=yunohost-api \
-	    yunohost-api.service
-	dh_systemd_enable --name=yunohost-firewall --no-enable \
-	    yunohost-firewall.service
-
-#override_dh_systemd_start:
-#	dh_systemd_start --restart-after-upgrade yunohost-api.service
+	dh_installsystemd -pyunohost --name=yunohost-api --restart-after-upgrade
+	dh_installsystemd -pyunohost --name=yunohost-firewall --noscripts

locales/ca.json

@@ -563,7 +563,7 @@
     "migration_description_0015_migrate_to_buster": "Actualitza els sistema a Debian Buster i YunoHost 4.x",
     "regenconf_need_to_explicitly_specify_ssh": "La configuració ssh ha estat modificada manualment, però heu d'especificar explícitament la categoria «ssh» amb --force per fer realment els canvis.",
     "migration_0015_weak_certs": "S'han trobat els següents certificats que encara utilitzen algoritmes de signatura febles i s'han d'actualitzar per a ser compatibles amb la propera versió de nginx: {certs}",
-    "service_description_php7.3-fpm": "Executa aplicacions escrites en PHP amb NGINX",
+    "service_description_php7.4-fpm": "Executa aplicacions escrites en PHP amb NGINX",
     "migration_0018_failed_to_reset_legacy_rules": "No s'ha pogut restaurar les regles legacy iptables: {error}",
     "migration_0018_failed_to_migrate_iptables_rules": "No s'ha pogut migrar les regles legacy iptables a nftables: {error}",
     "migration_0017_not_enough_space": "Feu suficient espai disponible en {path} per a realitzar la migració.",

locales/en.json

@@ -484,39 +484,29 @@
     "mailbox_used_space_dovecot_down": "The Dovecot mailbox service needs to be up if you want to fetch used mailbox space",
     "main_domain_change_failed": "Unable to change the main domain",
     "main_domain_changed": "The main domain has been changed",
-    "migrating_legacy_permission_settings": "Migrating legacy permission settings...",
-    "migration_0015_cleaning_up": "Cleaning up cache and packages not useful anymore...",
-    "migration_0015_general_warning": "Please note that this migration is a delicate operation. The YunoHost team did its best to review and test it, but the migration might still break parts of the system or its apps.\n\nTherefore, it is recommended to:\n    - Perform a backup of any critical data or app. More info on https://yunohost.org/backup;\n    - Be patient after launching the migration: Depending on your Internet connection and hardware, it might take up to a few hours for everything to upgrade.",
-    "migration_0015_main_upgrade": "Starting main upgrade...",
-    "migration_0015_modified_files": "Please note that the following files were found to be manually modified and might be overwritten following the upgrade: {manually_modified_files}",
-    "migration_0015_not_enough_free_space": "Free space is pretty low in /var/! You should have at least 1GB free to run this migration.",
-    "migration_0015_not_stretch": "The current Debian distribution is not Stretch!",
-    "migration_0015_patching_sources_list": "Patching the sources.lists...",
-    "migration_0015_problematic_apps_warning": "Please note that the following possibly problematic installed apps were detected. It looks like those were not installed from the YunoHost app catalog, or are not flagged as 'working'. Consequently, it cannot be guaranteed that they will still work after the upgrade: {problematic_apps}",
-    "migration_0015_specific_upgrade": "Starting upgrade of system packages that needs to be upgrade independently...",
-    "migration_0015_start": "Starting migration to Buster",
-    "migration_0015_still_on_stretch_after_main_upgrade": "Something went wrong during the main upgrade, the system appears to still be on Debian Stretch",
-    "migration_0015_system_not_fully_up_to_date": "Your system is not fully up-to-date. Please perform a regular upgrade before running the migration to Buster.",
-    "migration_0015_weak_certs": "The following certificates were found to still use weak signature algorithms and have to be upgraded to be compatible with the next version of nginx: {certs}",
-    "migration_0015_yunohost_upgrade": "Starting YunoHost core upgrade...",
-    "migration_0017_not_enough_space": "Make sufficient space available in {path} to run the migration.",
-    "migration_0017_postgresql_11_not_installed": "PostgreSQL 9.6 is installed, but not postgresql 11‽ Something weird might have happened on your system :(...",
-    "migration_0017_postgresql_96_not_installed": "PostgreSQL was not installed on your system. Nothing to do.",
-    "migration_0018_failed_to_migrate_iptables_rules": "Failed to migrate legacy iptables rules to nftables: {error}",
-    "migration_0018_failed_to_reset_legacy_rules": "Failed to reset legacy iptables rules: {error}",
-    "migration_0019_add_new_attributes_in_ldap": "Add new attributes for permissions in LDAP database",
-    "migration_0019_slapd_config_will_be_overwritten": "It looks like you manually edited the slapd configuration. For this critical migration, YunoHost needs to force the update of the slapd configuration. The original files will be backuped in {conf_backup_folder}.",
-    "migration_description_0015_migrate_to_buster": "Upgrade the system to Debian Buster and YunoHost 4.x",
-    "migration_description_0016_php70_to_php73_pools": "Migrate php7.0-fpm 'pool' conf files to php7.3",
-    "migration_description_0017_postgresql_9p6_to_11": "Migrate databases from PostgreSQL 9.6 to 11",
-    "migration_description_0018_xtable_to_nftable": "Migrate old network traffic rules to the new nftable system",
-    "migration_description_0019_extend_permissions_features": "Extend/rework the app permission management system",
-    "migration_description_0020_ssh_sftp_permissions": "Add SSH and SFTP permissions support",
+    "migration_0021_start" : "Starting migration to Bullseye",
+    "migration_0021_patching_sources_list": "Patching the sources.lists...",
+    "migration_0021_main_upgrade": "Starting main upgrade...",
+    "migration_0021_still_on_buster_after_main_upgrade": "Something went wrong during the main upgrade, the system appears to still be on Debian Buster",
+    "migration_0021_yunohost_upgrade" : "Starting YunoHost core upgrade...",
+    "migration_0021_not_buster" : "The current Debian distribution is not Buster!",
+    "migration_0021_not_enough_free_space" : "Free space is pretty low in /var/! You should have at least 1GB free to run this migration.",
+    "migration_0021_system_not_fully_up_to_date": "Your system is not fully up-to-date. Please perform a regular upgrade before running the migration to Bullseye.",
+    "migration_0021_general_warning": "Please note that this migration is a delicate operation. The YunoHost team did its best to review and test it, but the migration might still break parts of the system or its apps.\n\nTherefore, it is recommended to:\n    - Perform a backup of any critical data or app. More info on https://yunohost.org/backup;\n    - Be patient after launching the migration: Depending on your Internet connection and hardware, it might take up to a few hours for everything to upgrade.",
+    "migration_0021_problematic_apps_warning": "Please note that the following possibly problematic installed apps were detected. It looks like those were not installed from the YunoHost app catalog, or are not flagged as 'working'. Consequently, it cannot be guaranteed that they will still work after the upgrade: {problematic_apps}",
+    "migration_0021_modified_files": "Please note that the following files were found to be manually modified and might be overwritten following the upgrade: {manually_modified_files}",
+    "migration_0021_cleaning_up": "Cleaning up cache and packages not useful anymore...",
+    "migration_0021_patch_yunohost_conflicts": "Applying patch to workaround conflict issue...",
+    "migration_0023_postgresql_11_not_installed": "PostgreSQL was not installed on your system. Nothing to do.",
+    "migration_0023_postgresql_13_not_installed": "PostgreSQL 11 is installed, but not postgresql 13!? Something weird might have happened on your system :(...",
+    "migration_0023_not_enough_space": "Make sufficient space available in {path} to run the migration.",
+    "migration_description_0021_migrate_to_bullseye": "Upgrade the system to Debian Bullseye and YunoHost 11.x",
+    "migration_description_0022_php73_to_php74_pools": "Migrate php7.3-fpm 'pool' conf files to php7.4",
+    "migration_description_0023_postgresql_11_to_13": "Migrate databases from PostgreSQL 11 to 13",
     "migration_ldap_backup_before_migration": "Creating a backup of LDAP database and apps settings prior to the actual migration.",
     "migration_ldap_can_not_backup_before_migration": "The backup of the system could not be completed before the migration failed. Error: {error}",
     "migration_ldap_migration_failed_trying_to_rollback": "Could not migrate... trying to roll back the system.",
     "migration_ldap_rollback_success": "System rolled back.",
-    "migration_update_LDAP_schema": "Updating LDAP schema...",
     "migrations_already_ran": "Those migrations are already done: {ids}",
     "migrations_cant_reach_migration_file": "Could not access migrations files at the path '%s'",
     "migrations_dependencies_not_satisfied": "Run these migrations: '{dependencies_id}', before migration {id}.",
@@ -639,7 +629,6 @@
     "service_enable_failed": "Could not make the service '{service}' automatically start at boot.\n\nRecent service logs:{logs}",
     "service_enabled": "The service '{service}' will now be automatically started during system boots.",
     "service_not_reloading_because_conf_broken": "Not reloading/restarting service '{name}' because its configuration is broken: {errors}",
-    "service_regen_conf_is_deprecated": "'yunohost service regen-conf' is deprecated! Please use 'yunohost tools regen-conf' instead.",
     "service_reload_failed": "Could not reload the service '{service}'\n\nRecent service logs:{logs}",
     "service_reload_or_restart_failed": "Could not reload or restart the service '{service}'\n\nRecent service logs:{logs}",
     "service_reloaded": "Service '{service}' reloaded",
@@ -660,8 +649,6 @@
     "system_upgraded": "System upgraded",
     "system_username_exists": "Username already exists in the list of system users",
     "this_action_broke_dpkg": "This action broke dpkg/APT (the system package managers)... You can try to solve this issue by connecting through SSH and running `sudo apt install --fix-broken` and/or `sudo dpkg --configure -a`.",
-    "tools_upgrade_at_least_one": "Please specify 'apps', or 'system'",
-    "tools_upgrade_cant_both": "Cannot upgrade both system and apps at the same time",
     "tools_upgrade_cant_hold_critical_packages": "Could not hold critical packages...",
     "tools_upgrade_cant_unhold_critical_packages": "Could not unhold critical packages...",
     "tools_upgrade_regular_packages": "Now upgrading 'regular' (non-yunohost-related) packages...",

locales/es.json

@@ -4,7 +4,7 @@
     "admin_password_change_failed": "No se pudo cambiar la contraseña",
     "admin_password_changed": "La contraseña de administración fue cambiada",
     "app_already_installed": "{app} ya está instalada",
-    "app_argument_choice_invalid": "Use una de estas opciones «{choices}» para el argumento «{name}»",
+    "app_argument_choice_invalid": "Elija un valor válido para el argumento '{name}': '{value}' no se encuentra entre las opciones disponibles ({choices})",
     "app_argument_invalid": "Elija un valor válido para el argumento «{name}»: {error}",
     "app_argument_required": "Se requiere el argumento '{name} 7'",
     "app_extraction_failed": "No se pudieron extraer los archivos de instalación",
@@ -14,7 +14,7 @@
     "app_not_correctly_installed": "La aplicación {app} 8 parece estar incorrectamente instalada",
     "app_not_installed": "No se pudo encontrar «{app}» en la lista de aplicaciones instaladas: {all_apps}",
     "app_not_properly_removed": "La {app} 0 no ha sido desinstalada correctamente",
-    "app_removed": "Eliminado {app}",
+    "app_removed": "{app} Desinstalado",
     "app_requirements_checking": "Comprobando los paquetes necesarios para {app}…",
     "app_requirements_unmeet": "No se cumplen los requisitos para {app}, el paquete {pkgname} ({version}) debe ser {spec}",
     "app_sources_fetch_failed": "No se pudieron obtener los archivos con el código fuente, ¿es el URL correcto?",
@@ -520,7 +520,7 @@
     "app_manifest_install_ask_is_public": "¿Debería exponerse esta aplicación a visitantes anónimos?",
     "app_manifest_install_ask_admin": "Elija un usuario administrativo para esta aplicación",
     "app_manifest_install_ask_password": "Elija una contraseña de administración para esta aplicación",
-    "app_manifest_install_ask_path": "Seleccione el path donde esta aplicación debería ser instalada",
+    "app_manifest_install_ask_path": "Seleccione la ruta de URL (después del dominio) donde esta aplicación debería ser instalada",
     "app_manifest_install_ask_domain": "Seleccione el dominio donde esta app debería ser instalada",
     "app_label_deprecated": "Este comando está depreciado! Favor usar el nuevo comando 'yunohost user permission update' para administrar la etiqueta de app.",
     "app_argument_password_no_default": "Error al interpretar argumento de contraseña'{name}': El argumento de contraseña no puede tener un valor por defecto por razón de seguridad",
@@ -580,5 +580,11 @@
     "diagnosis_backports_in_sources_list": "Parece que apt (el gestor de paquetes) está configurado para usar el repositorio backports. A menos que realmente sepas lo que estás haciendo, desaconsejamos absolutamente instalar paquetes desde backports, ya que pueden provocar comportamientos intestables o conflictos en el sistema.",
     "diagnosis_basesystem_hardware_model": "El modelo de servidor es {model}",
     "additional_urls_already_removed": "La URL adicional «{url}» ya se ha eliminado para el permiso «{permission}»",
-    "additional_urls_already_added": "La URL adicional «{url}» ya se ha añadido para el permiso «{permission}»"
-}
+    "additional_urls_already_added": "La URL adicional «{url}» ya se ha añadido para el permiso «{permission}»",
+    "config_apply_failed": "Falló la aplicación de la nueva configuración: {error}",
+    "app_restore_script_failed": "Ha ocurrido un error dentro del script de restauración de aplicaciones",
+    "app_config_unable_to_apply": "No se pudieron aplicar los valores del panel configuración.",
+    "app_config_unable_to_read": "No se pudieron leer los valores del panel configuración.",
+    "backup_create_size_estimation": "El archivo contendrá aproximadamente {size} de datos.",
+    "config_cant_set_value_on_section": "No puede establecer un único valor en una sección de configuración completa."
+}

locales/eu.json

@@ -1,6 +1,6 @@
 {
-    "password_too_simple_1": "Pasahitzak gutxienez 8 karaktere izan behar ditu",
-    "action_invalid": "'{action}' ekintza baliogabea",
+    "password_too_simple_1": "Pasahitzak gutxienez zortzi karaktere izan behar ditu",
+    "action_invalid": "'{action}' eragiketa baliogabea da",
     "aborting": "Bertan behera uzten.",
     "admin_password_changed": "Administrazio-pasahitza aldatu da",
     "admin_password_change_failed": "Ezinezkoa izan da pasahitza aldatzea",
@@ -8,44 +8,44 @@
     "additional_urls_already_removed": "'{url}' URL gehigarriari '{permission}' baimena kendu zaio dagoeneko",
     "admin_password": "Administrazio-pasahitza",
     "diagnosis_ip_global": "IP orokorra: <code>{global}</code>",
-    "app_argument_password_no_default": "Errorea egon da '{name}' pasahitzaren argumentua ikuskatzean: pasahitzaren argumentuak ezin du balio hori izan segurtasun urria duela-eta",
+    "app_argument_password_no_default": "Errorea egon da '{name}' pasahitzaren argumentua ikuskatzean: pasahitzak ezin du balio hori izan segurtasuna dela-eta",
     "app_extraction_failed": "Ezinezkoa izan da instalazio fitxategiak ateratzea",
     "app_requirements_unmeet": "{app}(e)k behar dituen baldintzak ez dira betetzen, {pkgname} ({version}) paketea {spec} izan behar da",
     "backup_deleted": "Babeskopia ezabatuta",
-    "app_argument_required": "'{name}' argumentua beharrezkoa da",
-    "certmanager_acme_not_configured_for_domain": "Ezin da ACME azterketa {domain} domeinurako burutu une honetan nginx konfigurazioak ez duelako beharrezko kodea… Baieztatu nginx-en konfigurazioa egunean dagoela 'yunohost tools regen-conf nginx --dry-run --with-diff' komandoa exekutatuz.",
+    "app_argument_required": "'{name}' argumentua ezinbestekoa da",
+    "certmanager_acme_not_configured_for_domain": "Ezinezkoa da ACME azterketa {domain} domeinurako burutzea une honetan nginx ezarpenek ez dutelako beharrezko kodea… Egiaztatu nginx ezarpenak egunean daudela 'yunohost tools regen-conf nginx --dry-run --with-diff' komandoa exekutatuz.",
     "certmanager_domain_dns_ip_differs_from_public_ip": "'{domain}' domeinurako DNS balioak ez datoz bat zerbitzariaren IParekin. Mesedez, egiaztatu 'DNS balioak' (oinarrizkoa) kategoria diagnostikoen atalean. A balioak duela gutxi aldatu badituzu, itxaron hedatu daitezen (badaude DNSen hedapena ikusteko erramintak interneten). (Zertan ari zeren baldin badakizu, erabili '--no-checks' egiaztapen horiek desgaitzeko.)",
-    "confirm_app_install_thirdparty": "KONTUZ! Aplikazio hau ez da YunoHosten aplikazioen katalogokoa. Kanpoko aplikazioek sistemaren integritate eta segurtasuna arriskuan jarri dezakete. Ziur asko EZ zenuke instalatu beharko zertan ari zaren ez badakizu. Aplikazio hau ez badabil edo sistema hondatzen badu EZ DA LAGUNTZARIK EMANGO… aurrera jarraitu nahi duzu hala ere? Aukeratu '{answers}'",
+    "confirm_app_install_thirdparty": "KONTUZ! Aplikazio hau ez da YunoHosten aplikazioen katalogokoa. Kanpoko aplikazioek sistemaren integritate eta segurtasuna arriskuan jarri dezakete. Ziur asko EZ zenuke instalatu beharko zertan ari zaren ez badakizu. Aplikazio hau ez badabil edo sistema kaltetzen badu EZ DA LAGUNTZARIK EMANGO… aurrera jarraitu nahi duzu hala ere? Aukeratu '{answers}'",
     "app_start_remove": "{app} ezabatzen…",
-    "diagnosis_http_hairpinning_issue_details": "Litekeena da erantzulea zure kable-modem / routerra izatea. Honen eraginez, saretik kanpo daudenek zerbitzaria arazorik gabe erabili ahal izango dute, baina sarean bertan daudenek (ziur asko zure kasua) ezingo dute kanpoko IPa edo domeinu izena erabili zerbitzarira konektatzeko. Egoera hobetu edo guztiz konpontzeko, irakurri <a href='https://yunohost.org/dns_local_network'>dokumentazioa</a>. [Itzultzailearen oharra: SBC merke batean Pi-Hole instalatu eta bertako Local DNS > DNS records baliatu arazo hau ekiditeko]",
+    "diagnosis_http_hairpinning_issue_details": "Litekeena da erantzulea zure kable-modem / routerra izatea. Honen eraginez, saretik kanpo daudenek zerbitzaria arazorik gabe erabili ahal izango dute, baina sare lokalean bertan daudenek (ziur asko zure kasua) ezingo dute kanpoko IPa edo domeinu izena erabili zerbitzarira konektatzeko. Egoera hobetu edo guztiz konpontzeko, irakurri <a href='https://yunohost.org/dns_local_network'>dokumentazioa</a>",
     "diagnosis_http_special_use_tld": "{domain} domeinua top-level domain (TLD) motakoa da .local edo .test bezala eta ez du sare lokaletik kanpo eskuragarri zertan egon.",
-    "diagnosis_ip_weird_resolvconf_details": "<code>/etc/resolv.conf</code> fitxategia symlink bat izan beharko litzateke <code>/etc/resolvconf/run/resolv.conf</code> fitxategira <code>127.0.0.1</code>ra adi dagoena (dnsmasq). DNS ebazleak eskuz konfiguratu nahi badituzu, mesedez aldatu <code>/etc/resolv.dnsmasq.conf</code> fitxategia.",
+    "diagnosis_ip_weird_resolvconf_details": "<code>/etc/resolv.conf</code> fitxategia symlink bat izan beharko litzateke <code>127.0.0.1</code>ra adi dagoen <code>/etc/resolvconf/run/resolv.conf</code> fitxategira (dnsmasq). DNS ebazleak eskuz konfiguratu nahi badituzu, mesedez aldatu <code>/etc/resolv.dnsmasq.conf</code> fitxategia.",
     "diagnosis_ip_connected_ipv4": "Zerbitzaria IPv4 bidez dago internetera konektatuta!",
     "diagnosis_basesystem_ynh_inconsistent_versions": "YunoHost paketeen bertsioak ez datoz bat… ziur asko noizbait eguneraketa batek kale egin edo erabat amaitu ez zuelako.",
     "diagnosis_high_number_auth_failures": "Azken aldian kale egin duten saio-hasiera saiakera ugari egon dira. Egiaztatu fail2ban martxan dabilela eta egoki konfiguratuta dagoela, edo erabili beste ataka bat SSHrako <a href=\"https://yunohost.org/security\">dokumentazioa</a>n azaldu bezala.",
-    "diagnosis_mail_ehlo_could_not_diagnose": "Ezin izan da egiaztatu postfix posta zerbitzaria IPv{ipversion}az kanpo eskuragarri dagoenik.",
+    "diagnosis_mail_ehlo_could_not_diagnose": "Ezinezkoa izan da postfix posta zerbitzaria IPv{ipversion}az kanpo eskuragarri dagoen egiaztatzea.",
     "app_id_invalid": "Aplikazio ID okerra",
-    "app_install_files_invalid": "Fitxategi hauek ezin dira instalatu",
+    "app_install_files_invalid": "Ezin dira fitxategi hauek instalatu",
     "diagnosis_description_ip": "Internet konexioa",
     "diagnosis_description_dnsrecords": "DNS erregistroak",
-    "app_label_deprecated": "Komando hau zaharkitua dago! Mesedez erabili 'yunohost user permission update' komando berria aplikazioaren etiketa kudeatzeko.",
-    "confirm_app_install_danger": "KONTUZ! Aplikazio hau esperimentala da (edo ez dabil)! Ez zenuke instalatu beharko zertan ari zaren ez badakizu. Aplikazio hau ez badabil edo sistema hondatzen badu, EZ DA LAGUNTZARIK EMANGO… aurrera jarraitu nahi al duzu hala ere? Aukeratu '{answers}'",
+    "app_label_deprecated": "Komando hau zaharkitua dago! Mesedez, erabili 'yunohost user permission update' komando berria aplikazioaren etiketa kudeatzeko.",
+    "confirm_app_install_danger": "KONTUZ! Aplikazio hau esperimentala da (edo ez dabil)! Ez zenuke instalatu beharko zertan ari zaren ez badakizu. Aplikazio hau ez badabil edo sistema kaltetzen badu, EZ DA LAGUNTZARIK EMANGO… aurrera jarraitu nahi al duzu hala ere? Aukeratu '{answers}'",
     "diagnosis_description_systemresources": "Sistemaren baliabideak",
-    "backup_csv_addition_failed": "Ezin izan dira fitxategiak CSV fitxategira kopiatu",
+    "backup_csv_addition_failed": "Ezinezkoa izan da fitxategiak CSV fitxategira kopiatzea",
     "backup_no_uncompress_archive_dir": "Ez dago horrelako deskonprimatutako fitxategi katalogorik",
     "danger": "Arriskua:",
     "diagnosis_dns_discrepancy": "Ez dirudi ondorengo DNS balioak bat datozenik proposatutako konfigurazioarekin:<br>Mota: <code>{type}</code><br>Izena: <code>{name}</code><br>Oraingo balioa: <code>{current}</code><br>Proposatutako balioa: <code>{value}</code>",
-    "diagnosis_dns_specialusedomain": "{domain} domeinua top-level domain (TLD) erabilera berezikoa da .local edo .test bezala eta horregatik ez du DNS erregistrorik erabiltzen.",
-    "diagnosis_http_bad_status_code": "Badirudi zerbitzaria ez den beste gailu batek erantzun diola eskaerari (agian routerrak).<br>1. Honen arrazoi ohikoena 80 (eta 443) ataka <a href='https://yunohost.org/isp_box_config'>zerbitzarira ondo birbidaltzen ez dela</a> da.<br>2. Konfigurazio konplexua badarabilzu, egiaztatu suebakiak edo reverse-proxyk oztopatzen ez dutela.",
-    "diagnosis_http_timeout": "Denbora agortu da sare lokaletik kanpo zure zerbitzarira konexioa gauzatzeko ahaleginean. Eskuragarri ez dagoela dirudi.<br>1. 80 (eta 443) ataka <a href='https://yunohost.org/isp_box_config'>zerbitzarira modu egokian birbidaltzen ez direla da</a> ohiko arrazoia.<br>2. Badaezpada egiaztatu nginx martxan dagoela.<br>3. Konfigurazio konplexuetan, egiaztatu suebakiak edo reverse-proxyk konexioa oztopatzen ez dutela.",
-    "app_sources_fetch_failed": "Ezin izan dira fitxategiak eskuratu, zuzena al da URLa?",
-    "app_make_default_location_already_used": "Ezinezkoa izan da '{app}' domeinuko aplikazio nagusi ezartzea, '{other_app}'(e)k dagoeneko '{domain}' erabiltzen duelako",
-    "app_already_installed_cant_change_url": "Aplikazio hau instalatuta dago dagoeneko. URLa ezin da aldatu aukera honekin. Markatu `app changeurl` markatzeko moduan badago.",
+    "diagnosis_dns_specialusedomain": "{domain} domeinua top-level domain (TLD) erabilera berezikoa da .local edo .test bezala eta horregatik ez du DNS erregistrorik erabiltzeko beharrik.",
+    "diagnosis_http_bad_status_code": "Zerbitzari hau ez den beste gailu batek erantzun omen dio eskaerari (agian routerrak).<br>1. Honen arrazoi ohikoena 80 (eta 443) ataka <a href='https://yunohost.org/isp_box_config'>zerbitzarira ondo birbidaltzen ez dela</a> da.<br>2. Konfigurazio konplexua badarabilzu, egiaztatu suebakiak edo reverse-proxyk oztopatzen ez dutela.",
+    "diagnosis_http_timeout": "Denbora agortu da sare lokaletik kanpo zure zerbitzarira konektatzeko ahaleginean. Eskuragarri ez dagoela dirudi.<br>1. 80 (eta 443) ataka <a href='https://yunohost.org/isp_box_config'>zerbitzarira modu egokian birzuzentzen ez direla da</a> ohiko zergatia.<br>2. Badaezpada egiaztatu nginx martxan dagoela.<br>3. Konfigurazio konplexuetan, egiaztatu suebakiak edo reverse-proxyk konexioa oztopatzen ez dutela.",
+    "app_sources_fetch_failed": "Ezinezkoa izan da fitxategiak eskuratzea, zuzena al da URLa?",
+    "app_make_default_location_already_used": "Ezinezkoa izan da '{app}' '{domain}' domeinuan lehenestea, '{other_app}'(e)k dagoeneko '{domain}' erabiltzen duelako",
+    "app_already_installed_cant_change_url": "Aplikazio hau instalatuta dago dagoeneko. URLa ezin da aldatu aukera honekin. Markatu 'app changeurl' markatzeko moduan badago.",
     "diagnosis_ip_not_connected_at_all": "Badirudi zerbitzaria ez dagoela internetera konektatuta!?",
-    "app_already_up_to_date": "{app} aplikazioa egunean da dagoeneko",
+    "app_already_up_to_date": "{app} egunean da dagoeneko",
     "app_change_url_success": "{app} aplikazioaren URLa {domain}{path} da orain",
-    "admin_password_too_long": "Mesedez aukeratu 127 karaktere baino laburragoa den pasahitz bat",
-    "app_action_broke_system": "Ekintza honek {services} zerbitzu garrantzitsuak hondatu dituela dirudi",
+    "admin_password_too_long": "Mesedez, aukeratu 127 karaktere baino laburragoa den pasahitz bat",
+    "app_action_broke_system": "Eragiketa honek {services} zerbitzu garrantzitsua(k) hondatu d(it)uela dirudi",
     "diagnosis_basesystem_hardware_model": "Zerbitzariaren modeloa {model} da",
     "already_up_to_date": "Ez dago egiteko ezer. Guztia dago egunean.",
     "backup_permission": "{app}(r)entzat babeskopia baimena",
@@ -53,35 +53,35 @@
     "config_validate_email": "Benetazko posta elektronikoa izan behar da",
     "config_validate_time": "OO:MM formatua duen ordu bat izan behar da",
     "config_validate_url": "Benetazko URL bat izan behar da",
-    "config_version_not_supported": "Ezin da konfigurazio-panelaren '{version}' bertsioa erabili.",
+    "config_version_not_supported": "Ezinezkoa da konfigurazio-panelaren '{version}' bertsioa erabiltzea.",
     "app_restore_script_failed": "Errorea gertatu da aplikazioa lehengoratzeko aginduan",
-    "app_upgrade_some_app_failed": "Ezin izan dira aplikazio batzuk eguneratu",
+    "app_upgrade_some_app_failed": "Ezinezkoa izan da aplikazio batzuk eguneratzea",
     "app_install_failed": "Ezinezkoa izan da {app} instalatzea: {error}",
     "diagnosis_basesystem_kernel": "Zerbitzariak Linuxen {kernel_version} kernela darabil",
-    "app_argument_invalid": "Aukeratu balio onargarri bat {name}' argumenturako: {error}",
+    "app_argument_invalid": "Aukeratu balio egoki bat '{name}' argumenturako: {error}",
     "app_already_installed": "{app} instalatuta dago dagoeneko",
     "app_config_unable_to_apply": "Ezinezkoa izan da konfigurazio aukerak ezartzea.",
     "app_config_unable_to_read": "Ezinezkoa izan da konfigurazio aukerak irakurtzea.",
     "config_apply_failed": "Ezin izan da konfigurazio berria ezarri: {error}",
-    "config_cant_set_value_on_section": "Ezin da balio bakar bat ezarri konfigurazio atal oso batean.",
+    "config_cant_set_value_on_section": "Ezinezkoa da balio bakar bat ezartzea konfigurazio atal oso batean.",
     "config_no_panel": "Ez da konfigurazio-panelik aurkitu.",
-    "diagnosis_found_errors_and_warnings": "{category} atalari dago(z)kion {errors} arazoa(k) (eta {warnings} abisua(k)) aurkitu d(ir)a!",
+    "diagnosis_found_errors_and_warnings": "{category} atalari dago(z)kion {errors} arazo (eta {warnings} abisu) aurkitu d(ir)a!",
     "diagnosis_description_regenconf": "Sistemaren ezarpenak",
     "app_upgrade_script_failed": "Errore bat gertatu da aplikazioaren eguneratze aginduan",
     "diagnosis_basesystem_hardware": "Zerbitzariaren arkitektura {virt} {arch} da",
-    "diagnosis_mail_ehlo_ok": "SMTP posta zerbitzaria eskuragarri dago kanpoko saretik eta beraz, posta elektronikoa jasotzeko gai da!",
+    "diagnosis_mail_ehlo_ok": "SMTP posta zerbitzaria eskuragarri dago kanpoko saretik eta, beraz, posta elektronikoa jasotzeko gai da!",
     "app_unknown": "Aplikazio ezezaguna",
     "diagnosis_mail_ehlo_bad_answer": "SMTP ez den zerbitzu batek erantzun du IPv{ipversion}ko 25. atakan",
     "diagnosis_mail_ehlo_could_not_diagnose_details": "Errorea: {error}",
-    "diagnosis_mail_blacklist_ok": "Zerbitzari honek darabiltzan IPak eta domeinuak ez dirudi inolako zerrenda beltzetan daudenik",
+    "diagnosis_mail_blacklist_ok": "Ez dirudi zerbitzari honek darabiltzan IPak eta domeinuak inolako zerrenda beltzean daudenik",
     "diagnosis_domain_expiration_error": "Domeinu batzuk IRAUNGITZEAR daude!",
     "diagnosis_domain_expiration_success": "Domeinuak erregistratuta daude eta ez dira oraingoz iraungiko.",
-    "app_manifest_install_ask_is_public": "Saiorik hasi gabeko bisitarientzat ikusgai egon beharko litzateke aplikazio hau?",
+    "app_manifest_install_ask_is_public": "Saiorik hasi gabeko bisitarientzat ikusgai egon beharko luke aplikazioak?",
     "diagnosis_domain_expires_in": "{domain} {days} egun barru iraungiko da.",
-    "app_manifest_install_ask_domain": "Aukeratu zein domeinutan instalatu nahi duzun aplikazio hau",
+    "app_manifest_install_ask_domain": "Aukeratu zein domeinutan instalatu nahi duzun aplikazioa",
     "custom_app_url_required": "URL bat zehaztu behar duzu {app} eguneratzeko",
     "app_change_url_identical_domains": "Domeinu zahar eta berriaren bidea bera dira: ('{domain}{path}'), ez dago ezer egitekorik.",
-    "app_upgrade_failed": "Ezinezkoa {app} eguneratzea: {error}",
+    "app_upgrade_failed": "Ezinezkoa izan da {app} eguneratzea: {error}",
     "app_upgrade_app_name": "Orain {app} eguneratzen…",
     "app_upgraded": "{app} eguneratu da",
     "ask_firstname": "Izena",
@@ -90,9 +90,9 @@
     "config_forbidden_keyword": "'{keyword}' etiketa sistemak bakarrik erabil dezake; ezin da ID hau daukan baliorik sortu edo erabili.",
     "config_unknown_filter_key": "'{filter_key}' filtroaren kakoa ez da zuzena.",
     "config_validate_color": "RGB hamaseitar kolore bat izan behar da",
-    "diagnosis_cant_run_because_of_dep": "Ezin da diagnosia abiarazi {category} atalerako {dep}(r)i lotutako arazo garrantzitsuek dirauen artean.",
+    "diagnosis_cant_run_because_of_dep": "Ezinezkoa da diagnosia abiaraztea {category} atalerako {dep}(r)i lotutako arazo garrantzitsuek dirauen artean.",
     "diagnosis_dns_missing_record": "Proposatutako DNS konfigurazioaren arabera, ondorengo informazioa gehitu beharko zenuke DNS erregistroan:<br>Mota: <code>{type}</code><br>Izena: <code>{name}</code><br>Balioa: <code>{value}</code>",
-    "diagnosis_http_nginx_conf_not_up_to_date": "Domeinu honen nginx konfigurazioa eskuz moldatu dela dirudi eta YunoHostek ezin du egiaztatu HTTP bidez eskuragarri dagoen.",
+    "diagnosis_http_nginx_conf_not_up_to_date": "Domeinu honen nginx ezarpenak eskuz moldatu direla dirudi eta YunoHostek ezin du egiaztatu HTTP bidez eskuragarri dagoenik.",
     "ask_new_admin_password": "Administrazio-pasahitz berria",
     "ask_new_domain": "Domeinu berria",
     "ask_new_path": "Bide berria",
@@ -103,91 +103,91 @@
     "backup_archive_app_not_found": "Ezin izan da {app} aurkitu babeskopia fitxategian",
     "backup_applying_method_tar": "Babeskopiaren TAR fitxategia sortzen…",
     "backup_archive_broken_link": "Ezin izan da babeskopiaren fitxategia eskuratu ({path}ra esteka okerra)",
-    "backup_creation_failed": "Ezin izan da babeskopiaren fitxategia sortu",
-    "backup_csv_creation_failed": "Ezin izan da lehengoratzeko beharrezkoak diren CSV fitxategiak sortu",
+    "backup_creation_failed": "Ezinezkoa izan da babeskopiaren fitxategia sortzea",
+    "backup_csv_creation_failed": "Ezinezkoa izan da lehengoratzeko beharrezkoak diren CSV fitxategiak sortzea",
     "backup_custom_mount_error": "Neurrira egindako babeskopiak ezin izan du 'muntatu' urratsetik haratago egin",
-    "backup_delete_error": "Ezin izan da '{path}' ezabatu",
+    "backup_delete_error": "Ezinezkoa izan da '{path}' ezabatzea",
     "backup_method_copy_finished": "Babeskopiak amaitu du",
-    "backup_hook_unknown": "Babeskopiaren '{hook}' kakoa ez da ezagutzen",
+    "backup_hook_unknown": "Babeskopiaren '{hook}' kakoa ezezaguna da",
     "backup_method_custom_finished": "'{method}' neurrira egindako babeskopiak amaitu du",
     "backup_method_tar_finished": "TAR babeskopia artxiboa sortu da",
-    "backup_mount_archive_for_restore": "Lehengoratzeko fitxategoak prestatzen…",
+    "backup_mount_archive_for_restore": "Lehengoratzeko fitxategiak prestatzen…",
     "backup_nothings_done": "Ez dago gordetzeko ezer",
     "backup_output_directory_required": "Babeskopia non gorde nahi duzun zehaztu behar duzu",
-    "backup_system_part_failed": "Ezin izan da sistemaren '{part}' atalaren babeskopia egin",
+    "backup_system_part_failed": "Ezinezkoa izan da sistemaren '{part}' atalaren babeskopia egitea",
     "apps_catalog_updating": "Aplikazioen katalogoa eguneratzen…",
-    "certmanager_cert_signing_failed": "Ezin izan da ziurtagiri berria sinatu",
+    "certmanager_cert_signing_failed": "Ezinezkoa izan da ziurtagiri berria sinatzea",
     "certmanager_cert_renew_success": "Let's Encrypt ziurtagiria berriztu da '{domain}' domeinurako",
     "app_requirements_checking": "{app}(e)k behar dituen paketeak ikuskatzen…",
-    "certmanager_unable_to_parse_self_CA_name": "Ezin izan da norberak sinatutako ziurtagiriaren izena prozesatu (fitxategia: {file})",
+    "certmanager_unable_to_parse_self_CA_name": "Ezinezkoa izan da norberak sinatutako ziurtagiriaren izena prozesatzea (fitxategia: {file})",
     "app_remove_after_failed_install": "Aplikazioa ezabatzen instalatzerakoan errorea dela-eta…",
     "diagnosis_basesystem_ynh_single_version": "{package} bertsioa: {version} ({repo})",
     "diagnosis_failed_for_category": "'{category}' ataleko diagnostikoak kale egin du: {error}",
     "diagnosis_cache_still_valid": "(Cachea oraindik baliogarria da {category} (ar)en diagnosirako. Ez da berrabiaraziko!)",
-    "diagnosis_found_errors": "{category} atalari dago(z)kion {errors} arazoa(k) aurkitu d(ir)a!",
-    "diagnosis_found_warnings": "{category} atalari dagokion eta hobetu daite(z)keen {warnings} abisua(k) aurkitu d(ir)a.",
+    "diagnosis_found_errors": "{category} atalari dago(z)kion {errors} arazo aurkitu d(ir)a!",
+    "diagnosis_found_warnings": "{category} atalari dagokion eta hobetu daite(z)keen {warnings} abisu aurkitu d(ir)a.",
     "diagnosis_ip_connected_ipv6": "Zerbitzaria IPv6 bidez dago internetera konektatuta!",
-    "diagnosis_everything_ok": "Itxura ona dauka {category} atalak!",
+    "diagnosis_everything_ok": "Badirudi guztia zuzen dagoela {category} atalean!",
     "diagnosis_ip_no_ipv4": "Zerbitzariak ez du dabilen IPv4rik.",
     "diagnosis_ip_no_ipv6": "Zerbitzariak ez du dabilen IPv6rik.",
-    "diagnosis_ip_broken_dnsresolution": "Domeinu izenaren ebazpena hondatuta dagoela dirudi… Suebakiren bat ote dago DNS eskaerak oztopatzen?",
-    "diagnosis_diskusage_low": "<code>{mountpoint}</code> euskarriak (<code>{device}</code> gailuan) edukieraren {free} ({free_percent}%) bakarrik du erabilgarri ({total} orotara). Kontuz ibili.",
+    "diagnosis_ip_broken_dnsresolution": "Domeinu izenaren ebazpena kaltetuta dagoela dirudi… Suebakiren bat ote dago DNS eskaerak oztopatzen?",
+    "diagnosis_diskusage_low": "<code>{mountpoint}</code> fitxategi-sistemak (<code>{device}</code> euskarrian) edukieraren {free} (%{free_percent}a) bakarrik ditu erabilgarri ({total} orotara). Kontuz ibili.",
     "diagnosis_dns_good_conf": "DNS ezarpenak zuzen konfiguratuta daude {domain} domeinurako ({category} atala)",
-    "diagnosis_diskusage_verylow": "<code>{mountpoint}</code> euskarriak (<code>{device}</code> gailuan) edukieraren {free} ({free_percent}%) bakarrik du erabilgarri ({total} orotara). Zertxobait hustu beharko zenuke!",
+    "diagnosis_diskusage_verylow": "<code>{mountpoint}</code> fitxategi-sistemak (<code>{device}</code> euskarrian) edukieraren {free} (%{free_percent}a) bakarrik ditu erabilgarri ({total} orotara). Zertxobait hustu beharko zenuke!",
     "diagnosis_description_basesystem": "Sistemaren oinarria",
     "diagnosis_description_services": "Zerbitzuen egoeraren egiaztapena",
-    "diagnosis_http_could_not_diagnose": "Ezin izan da egiaztatu domeinuak IPv{ipversion} kanpotik eskuragarri daudenik.",
-    "diagnosis_http_ok": "Ezin da {domain} domeinua HTTP bidez bisitatu sare lokaletik kanpo.",
+    "diagnosis_http_could_not_diagnose": "Ezinezkoa izan da domeinuak IPv{ipversion} kanpotik eskuragarri dauden egiaztatzea.",
+    "diagnosis_http_ok": "{domain} domeinua HTTP bidez bisitatu daiteke sare lokaletik kanpo.",
     "diagnosis_http_unreachable": "Badirudi {domain} domeinua ez dagoela eskuragarri HTTP bidez sare lokaletik kanpo.",
     "apps_catalog_failed_to_download": "Ezinezkoa izan da {apps_catalog} aplikazioen zerrenda eskuratzea: {error}",
     "apps_catalog_init_success": "Abiarazi da aplikazioen katalogo sistema!",
     "apps_catalog_obsolete_cache": "Aplikazioen katalogoaren cachea hutsik edo zaharkituta dago.",
     "diagnosis_description_mail": "Posta elektronikoa",
-    "diagnosis_http_connection_error": "Arazoa konexioan: ezin izan da domeinu horretara konektatu, litekeena da eskuragaitza izatea.",
+    "diagnosis_http_connection_error": "Arazoa konexioan: ezin izan da domeinu horretara konektatu, litekeena da eskuragarri ez egotea.",
     "diagnosis_description_web": "Weba",
-    "diagnosis_display_tip": "Aurkitu diren arazoak ikusteko joan Diagnosien atalera administrazio-webgunean, edo exekutatu 'yunohost diagnosis show --issues --human-readable' komandoak nahiago badituzu.",
+    "diagnosis_display_tip": "Aurkitu diren arazoak ikusteko joan administrazio-atariko Diagnostikoak atalera, edo exekutatu 'yunohost diagnosis show --issues --human-readable' komandoak nahiago badituzu.",
     "diagnosis_dns_point_to_doc": "Mesedez, irakurri <a href='https://yunohost.org/dns_config'>dokumentazioa</a> DNS erregistroekin laguntza behar baduzu.",
-    "diagnosis_mail_ehlo_unreachable": "SMTP posta zerbitzaria ez dago eskuragarri IPv{ipversion}ko sare lokaletik kanpo eta beraz, ez da posta elektronikoa jasotzeko gai.",
+    "diagnosis_mail_ehlo_unreachable": "SMTP posta zerbitzaria ez dago eskuragarri IPv{ipversion}ko sare lokaletik kanpo eta, beraz, ez da posta elektronikoa jasotzeko gai.",
     "diagnosis_mail_ehlo_bad_answer_details": "Litekeena da zure zerbitzaria ez den beste gailu batek erantzun izana.",
-    "diagnosis_mail_blacklist_listed_by": "Zure IP edo <code>{item}</code> domeinua {blacklist_name} zerrenda beltzean ageri da",
+    "diagnosis_mail_blacklist_listed_by": "Zure domeinua edo <code>{item}</code> IPa {blacklist_name} zerrenda beltzean ageri da",
     "diagnosis_mail_blacklist_website": "Zerrenda beltzean zergatik zauden ulertu eta konpondu ondoren, {blacklist_website} webgunean zure IP edo domeinua bertatik atera dezatela eska dezakezu",
     "diagnosis_http_could_not_diagnose_details": "Errorea: {error}",
     "diagnosis_http_hairpinning_issue": "Dirudienez zure sareak ez du hairpinninga gaituta.",
     "diagnosis_http_partially_unreachable": "Badirudi {domain} domeinua ezin dela bisitatu HTTP bidez IPv{failed} sare lokaletik kanpo, bai ordea IPv{passed} erabiliz.",
-    "backup_archive_cant_retrieve_info_json": "Ezin izan da '{archive}' fitxategiko informazioa eskuratu… info.json ezin izan da eskuratu (edo ez da baliozko jsona).",
-    "diagnosis_domain_expiration_not_found": "Ezin izan da domeinu batzuen iraungitze data egiaztatu",
-    "diagnosis_domain_expiration_not_found_details": "Dirudienez {domain} domeinuari buruzko WHOIS informazioak ez du zehazten noiz iraungiko den.",
+    "backup_archive_cant_retrieve_info_json": "Ezinezkoa izan da '{archive}' fitxategiko informazioa eskuratzea… info.json ezin izan da eskuratu (edo ez da baliozko jsona).",
+    "diagnosis_domain_expiration_not_found": "Ezinezkoa izan da domeinu batzuen iraungitze data egiaztatzea",
+    "diagnosis_domain_expiration_not_found_details": "Badirudi {domain} domeinuari buruzko WHOIS informazioak ez duela zehazten noiz iraungiko den.",
     "certmanager_domain_not_diagnosed_yet": "Oraindik ez dago {domain} domeinurako diagnostikorik. Mesedez, berrabiarazi diagnostikoak 'DNS balioak' eta 'Web' ataletarako diagnostikoen gunean Let's Encrypt ziurtagirirako prest ote dagoen egiaztatzeko. (Edo zertan ari zaren baldin badakizu, erabili '--no-checks' egiaztatzea desgaitzeko.)",
     "diagnosis_domain_expiration_warning": "Domeinu batzuk iraungitzear daude!",
     "app_packaging_format_not_supported": "Aplikazio hau ezin da instalatu YunoHostek ez duelako paketea ezagutzen. Sistema eguneratzea hausnartu beharko zenuke ziur asko.",
     "diagnosis_dns_try_dyndns_update_force": "Domeinu honen DNS konfigurazioa YunoHostek kudeatu beharko luke automatikoki. Gertatuko ez balitz, eguneratzera behartu zenezake <cmd>yunohost dyndns update --force</cmd> erabiliz.",
     "app_manifest_install_ask_path": "Aukeratu aplikazio hau instalatzeko URLaren bidea (domeinuaren atzeko aldean)",
-    "app_manifest_install_ask_admin": "Aukeratu administrati bat aplikazio honetarako",
+    "app_manifest_install_ask_admin": "Aukeratu administrari bat aplikazio honetarako",
     "app_manifest_install_ask_password": "Aukeratu administrazio-pasahitz bat aplikazio honetarako",
     "ask_user_domain": "Erabiltzailearen posta elektroniko eta XMPP konturako erabiliko den domeinua",
-    "app_action_cannot_be_ran_because_required_services_down": "{services} zerbitzuak martxan egon beharko lirateke ekintza hau gauzatu ahal izateko. Saia zaitez zerbitzuok berrabiarazten (eta ikertu zergatik abiarazi ez diren).",
+    "app_action_cannot_be_ran_because_required_services_down": "{services} zerbitzuak martxan egon beharko lirateke eragiketa hau exekutatu ahal izateko. Saia zaitez zerbitzuok berrabiarazten (eta ikertu zergatik ez diren abiarazi).",
     "apps_already_up_to_date": "Egunean daude dagoeneko aplikazio guztiak",
     "app_full_domain_unavailable": "Aplikazio honek bere domeinu propioa behar du, baina beste aplikazio batzuk daude dagoeneko instalatuta '{domain}' domeinuan. Azpidomeinu bat erabil zenezake instalatu nahi duzun aplikaziorako.",
     "app_install_script_failed": "Errore bat gertatu da aplikazioaren instalatzailearen aginduetan",
     "diagnosis_basesystem_host": "Zerbitzariak Debian {debian_version} darabil",
-    "diagnosis_ignored_issues": "(kontuan hartu ez d(ir)en + {nb_ignored} arazoa(k))",
+    "diagnosis_ignored_issues": "(kontuan hartu ez d(ir)en + {nb_ignored} arazo)",
     "diagnosis_ip_dnsresolution_working": "Domeinu izenaren ebazpena badabil!",
-    "diagnosis_failed": "Ezin izan da '{category}' ataleko diagnostikoa lortu: {error}",
+    "diagnosis_failed": "Ezinezkoa izan da '{category}' ataleko diagnostikoa lortzea: {error}",
     "diagnosis_ip_weird_resolvconf": "DNS ebazpena badabilela dirudi, baina antza denez moldatutako <code>/etc/resolv.conf</code> fitxategia erabiltzen ari zara.",
     "diagnosis_dns_bad_conf": "DNS balio batzuk falta dira edo ez dira zuzenak {domain} domeinurako ({category} atala)",
-    "diagnosis_diskusage_ok": "<code>{mountpoint}</code> euskarriak (<code>{device}</code> gailuan) edukieraren {free} ({free_percent}%) du erabilgarri oraindik ({total} orotara)!",
+    "diagnosis_diskusage_ok": "<code>{mountpoint}</code> fitxategi-sistemak (<code>{device}</code> euskarrian) edukieraren {free} (%{free_percent}a) ditu erabilgarri oraindik ({total} orotara)!",
     "apps_catalog_update_success": "Aplikazioen katalogoa eguneratu da!",
     "certmanager_warning_subdomain_dns_record": "'{subdomain}' azpidomeinuak ez dauka '{domain}'(e)k duen IP bera. Ezaugarri batzuk ez dira erabilgarri egongo hau zuzendu arte eta ziurtagiri bat birsortu arte.",
-    "app_argument_choice_invalid": "Aukeratu ({choices}) aukeretako bat '{name}' argumenturako: '{value}' ez dago aukera horien artean",
+    "app_argument_choice_invalid": "Hautatu ({choices}) aukeretako bat '{name}' argumenturako: '{value}' ez dago aukera horien artean",
     "backup_create_size_estimation": "Fitxategiak {size} datu inguru izango ditu.",
     "diagnosis_basesystem_ynh_main_version": "Zerbitzariak YunoHosten {main_version} ({repo}) darabil",
     "backup_custom_backup_error": "Neurrira egindako babeskopiak ezin izan du 'babeskopia egin' urratsetik haratago egin",
-    "diagnosis_ip_broken_resolvconf": "Zure zerbitzarian domeinu izenaren ebazpena hondatuta dagoela dirudi, antza denez <code>/etc/resolv.conf</code> fitxategia ez dago <code>127.0.0.1</code>ra adi.",
-    "diagnosis_ip_no_ipv6_tip": "Dabilen IPv6 izatea ez da derrigorrezkoa zerbitzariaren funtzionamendurako, baina egokiena da interneten osasunerako. IPv6 automatikoki konfiguratu beharko luke sistemak edo telefono-konpainiak. Bestela, eskuz konfiguratu beharko zenituzke hainbat gauza <a href='https://yunohost.org/#/ipv6'>dokumentazioa</a>n azaltzen den bezala. Ezin baduzu edo IPv6 gaitzea zuretzat kontu teknikoegia baldin bada, ez duzu abisu hau zertan kontutan hartu.",
+    "diagnosis_ip_broken_resolvconf": "Zure zerbitzarian domeinu izenaren ebazpena kaltetuta dagoela dirudi, antza denez <code>/etc/resolv.conf</code> fitxategia ez dago <code>127.0.0.1</code>ra adi.",
+    "diagnosis_ip_no_ipv6_tip": "Dabilen IPv6 izatea ez da derrigorrezkoa zerbitzariaren funtzionamendurako, baina egokiena da interneten osasunerako. IPv6 automatikoki konfiguratu beharko luke sistemak edo operadoreak. Bestela, eskuz konfiguratu beharko zenituzke hainbat gauza <a href='https://yunohost.org/#/ipv6'>dokumentazioa</a>n azaltzen den bezala. Ezin baduzu edo IPv6 gaitzea zuretzat kontu teknikoegia baldin bada, ez duzu abisu hau zertan kontuan hartu.",
     "diagnosis_http_nginx_conf_not_up_to_date_details": "Egoera konpontzeko, ikuskatu desberdintasunak <cmd> yunohost tools regen-conf nginx --dry-run --with-diff</cmd> komandoren bidez eta, proposatutako aldaketak onartzen badituzu, ezarri itzazu <cmd>yunohost tools regen-conf nginx --force</cmd> erabiliz.",
     "diagnosis_domain_not_found_details": "{domain} domeinua ez da WHOISen datubasean existitzen edo iraungi da!",
-    "app_start_backup": "{app}(r)en babes-kopia egiteko fitxategiak hartzen…",
-    "app_change_url_no_script": "'{app_name}' aplikazioak ez du URLa moldatzerik onartzen momentuz. Agian eguneratu beharko zenuke.",
+    "app_start_backup": "{app}(r)en babeskopia egiteko fitxategiak eskuratzen…",
+    "app_change_url_no_script": "'{app_name}' aplikazioak oraingoz ez du URLa moldatzerik onartzen. Agian eguneratu beharko zenuke.",
     "app_location_unavailable": "URL hau ez dago erabilgarri edota dagoeneko instalatutako aplikazioren batekin talka egiten du:\n{apps}",
     "app_not_upgraded": "'{failed_app}' aplikazioa ezin izan da eguneratu, eta horregatik ondorengo aplikazioen eguneraketak bertan behera utzi dira: {apps}",
     "app_not_correctly_installed": "Ez dirudi {app} ondo instalatuta dagoenik",
@@ -195,54 +195,514 @@
     "app_not_properly_removed": "Ezinezkoa izan da {app} guztiz ezabatzea",
     "app_start_install": "{app} instalatzen…",
     "app_start_restore": "{app} lehengoratzen…",
-    "app_unsupported_remote_type": "Aplikazioak darabilen urruneko motak ez du babesik",
+    "app_unsupported_remote_type": "Aplikazioak darabilen urruneko motak ez du babesik (Unsupported remote type)",
     "app_upgrade_several_apps": "Ondorengo aplikazioak eguneratuko dira: {apps}",
     "backup_app_failed": "Ezinezkoa izan da {app}(r)en babeskopia egitea",
     "backup_actually_backuping": "Bildutako fitxategiekin babeskopia sortzen…",
     "backup_archive_name_exists": "Dagoeneko existitzen da izen bera duen babeskopia fitxategi bat.",
     "backup_archive_name_unknown": "Ez da '{name}' izeneko babeskopia ezagutzen",
-    "backup_archive_open_failed": "Ezin izan da babeskopien fitxategia ireki",
+    "backup_archive_open_failed": "Ezinezkoa izan da babeskopien fitxategia irekitzea",
     "backup_archive_system_part_not_available": "'{part}' sistemaren atala ez dago erabilgarri babeskopia honetan",
-    "backup_archive_writing_error": "Ezin izan da '{source}' ('{dest}' fitxategiak eskatu dituenak) fitxategia '{archive}' konprimatutako babeskopian sartu",
-    "backup_ask_for_copying_if_needed": "Denbora batez {size}MB erabili nahi dituzu babeskopia gauzatu ahal izateko? (Horrela egiten da fitxategi batzuk ezin direlako modu eraginkorragoan prestatu.)",
-    "backup_cant_mount_uncompress_archive": "Ezin izan da deskonprimatutako fitxategia muntatu idazketa-babesa duelako",
-    "backup_created": "Egin da babeskopia",
+    "backup_archive_writing_error": "Ezinezkoa izan da '{source}' ('{dest}' fitxategiak eskatu dituenak) fitxategia '{archive}' konprimatutako babeskopian sartzea",
+    "backup_ask_for_copying_if_needed": "Behin-behinean {size}MB erabili nahi dituzu babeskopia gauzatu ahal izateko? (Horrela egiten da fitxategi batzuk ezin direlako modu eraginkorragoan prestatu.)",
+    "backup_cant_mount_uncompress_archive": "Ezinezkoa izan da deskonprimatutako fitxategia muntatzea idazketa-babesa duelako",
+    "backup_created": "Babeskopia sortu da",
     "backup_copying_to_organize_the_archive": "{size}MB kopiatzen fitxategia antolatzeko",
     "backup_couldnt_bind": "Ezin izan da {src} {dest}-ra lotu.",
-    "backup_output_directory_forbidden": "Aukeratu beste katalogo bat emaitza gordetzeko. Babeskopiak ezin dira sortu /bin, /boot, /dev, /etc, /lib, /root, /run, /sbin, /sys, /usr, /var or /home/yunohost.backup/archives azpi-katalogoetan",
+    "backup_output_directory_forbidden": "Aukeratu beste katalogo bat emaitza gordetzeko. Babeskopiak ezin dira sortu /bin, /boot, /dev, /etc, /lib, /root, /run, /sbin, /sys, /usr, /var edo /home/yunohost.backup/archives azpi-katalogoetan",
     "backup_output_directory_not_empty": "Aukeratu hutsik dagoen katalogo bat",
     "backup_running_hooks": "Babeskopien kakoak exekutatzen…",
-    "backup_unable_to_organize_files": "Ezin izan da modu azkarra erabili fitxategiko artxiboak prestatzeko",
+    "backup_unable_to_organize_files": "Ezinezkoa izan da modu azkarra erabiltzea fitxategiko artxiboak prestatzeko",
     "backup_output_symlink_dir_broken": "'{path}' fitxategi-katalogoaren symlink-a ez dabil. Agian [ber]muntatzea ahaztu zaizu edo euskarria atakara konektatzea ahaztu duzu.",
-    "backup_with_no_backup_script_for_app": "'{app}' aplikazioak ez du babeskopia egiteko agindurik. Ez da kontutan hartuko.",
+    "backup_with_no_backup_script_for_app": "'{app}' aplikazioak ez du babeskopia egiteko agindurik. Ez da kontuan hartuko.",
     "backup_with_no_restore_script_for_app": "{app}(e)k ez du lehengoratzeko agindurik, ezingo duzu aplikazio hau automatikoki lehengoratu.",
     "certmanager_attempt_to_renew_nonLE_cert": "'{domain}' domeinurako ziurtagiria ez da Let's Encryptek jaulkitakoa. Ezin da automatikoki berriztu!",
     "certmanager_attempt_to_renew_valid_cert": "'{domain}' domeinurako ziurtagiria iraungitzear dago! (Zertan ari zaren baldin badakizu, --force erabil dezakezu)",
-    "certmanager_cannot_read_cert": "Arazoren bat egon da {domain} (fitxategia: {file}) domeinurako oraingo ziurtagiria irekitzen saiatzerakoan, arrazoia: {reason}",
+    "certmanager_cannot_read_cert": "Arazoren bat egon da {domain} (fitxategia: {file}) domeinurako oraingo ziurtagiria irekitzen saiatzerakoan, zergatia: {reason}",
     "certmanager_cert_install_success": "Let's Encrypt ziurtagiria instalatu da '{domain}' domeinurako",
     "certmanager_cert_install_success_selfsigned": "Norberak sinatutako ziurtagiria instalatu da '{domain}' domeinurako",
-    "certmanager_domain_cert_not_selfsigned": "{domain} domeinurako ziurtagiria ez da norberak sinatutakoa. Ziur al zaude ordezkatzeaz? (Erabili '--force' hori egiteko.)",
+    "certmanager_domain_cert_not_selfsigned": "{domain} domeinurako ziurtagiria ez da norberak sinatutakoa. Ziur al zaude ordezkatu nahi duzula? (Erabili '--force' hori egiteko.)",
     "certmanager_certificate_fetching_or_enabling_failed": "{domain} domeinurako ziurtagiri berriak kale egin du…",
-    "certmanager_domain_http_not_working": "Ez dirudi {domain} domeinua HTTP bidez ikusgai dagoenik. Mesedez, egiaztatu 'Web' kategoria diagnosien gunean informazio gehiagorako. (zertan ari zaren baldin badakizu, erabili '--no-checks' egiaztapen horiek desgaitzeko.)",
-    "certmanager_hit_rate_limit": "{domain} domeinu-multzurako ziurtagiri gehiegi jaulki dira dagoeneko. Mesedez, saia saitez geroago. Ikus https://letsencrypt.org/docs/rate-limits/ xehetasun gehiagorako",
-    "certmanager_no_cert_file": "Ezin izan da ziurtagiri fitxategia irakurri {domain} (fitxategia: {file}) domeinurako",
-    "certmanager_self_ca_conf_file_not_found": "Ezin izan da konfigurazio-fitxategia aurkitu norberak sinatutako ziurtagirirako (fitxategia: {file})",
+    "certmanager_domain_http_not_working": "Ez dirudi {domain} domeinua HTTP bidez ikusgai dagoenik. Mesedez, egiaztatu 'Weba' atala diagnosien gunean informazio gehiagorako. (Zertan ari zaren baldin badakizu, erabili '--no-checks' egiaztapen horiek desgaitzeko.)",
+    "certmanager_hit_rate_limit": "{domain} domeinu-multzorako ziurtagiri gehiegi jaulki dira dagoeneko. Mesedez, saia saitez geroago. Ikus https://letsencrypt.org/docs/rate-limits/ xehetasun gehiagorako",
+    "certmanager_no_cert_file": "Ezinezkoa izan da {domain} domeinurako ziurtagiri fitxategia irakurrtzea (fitxategia: {file})",
+    "certmanager_self_ca_conf_file_not_found": "Ezinezkoa izan da konfigurazio-fitxategia aurkitzea norberak sinatutako ziurtagirirako (fitxategia: {file})",
     "confirm_app_install_warning": "Adi: litekeena da aplikazio hau ibiltzea baina ez dago YunoHostera egina. Ezaugarri batzuk, SSO edo babeskopia/lehengoratzea esaterako, desgaituta egon daitezke. Instalatu hala ere? [{answers}] ",
     "diagnosis_description_ports": "Ataken irisgarritasuna",
-    "backup_archive_corrupted": "Badirudi '{archive}' babeskopia fitxategia hondatuta dagoela: {error}",
+    "backup_archive_corrupted": "Badirudi '{archive}' babeskopia fitxategia kaltetuta dagoela: {error}",
     "diagnosis_ip_local": "IP lokala: <code>{local}</code>",
-    "diagnosis_mail_blacklist_reason": "Zerrenda beltzean egotearen arrazoia zera da: {reason}",
+    "diagnosis_mail_blacklist_reason": "Zerrenda beltzean egotearen zergatia zera da: {reason}",
     "app_removed": "{app} desinstalatu da",
-    "backup_cleaning_failed": "Ezin izan da behin-behineko babeskopien karpeta hustu",
+    "backup_cleaning_failed": "Ezinezkoa izan da behin-behineko babeskopien karpeta hustea",
     "certmanager_attempt_to_replace_valid_cert": "{domain} domeinurako egokia eta baliogarria den ziurtagiri bat ordezkatzen saiatzen ari zara! (Erabili --force mezu hau deuseztatu eta ziurtagiria ordezkatzeko)",
     "diagnosis_backports_in_sources_list": "Dirudienez apt (pakete kudeatzailea) backports biltegia erabiltzeko konfiguratuta dago. Zertan ari zaren ez badakizu, ez zenuke backports biltegietako aplikaziorik instalatu beharko, ezegonkortasun eta gatazkak eragin ditzaketelako sistemarekin.",
     "app_restore_failed": "Ezinezkoa izan da {app} lehengoratzea: {error}",
     "diagnosis_apps_allgood": "Instalatutako aplikazioek oinarrizko pakete-jarraibideekin bat egiten dute",
-    "diagnosis_apps_bad_quality": "Aplikazio hau hondatuta dagoela dio YunoHosten aplikazioen katalogoak. Agian behin-behineko kontua da arduradunak arazoa konpondu bitartean. Momentuz, ezin da aplikazioa eguneratu.",
-    "diagnosis_apps_broken": "Aplikazio hau hondatuta dagoela ageri da YunoHosten aplikazioen katalogoan. Agian, behin-behineko kontua da arduradunak konpondu bitartean. Momentuz, ezin da aplikazioa eguneratu.",
-    "diagnosis_apps_deprecated_practices": "Instalatutako aplikazio honen bertsioak oraindik darabil zaharkitutako pakete-jarraibideak. Eguneratzea hausnartu beharko zenuke.",
+    "diagnosis_apps_bad_quality": "Aplikazio hau hondatuta dagoela dio YunoHosten aplikazioen katalogoak. Agian behin-behineko kontua da arduradunak arazoa konpondu bitartean. Oraingoz, ezin da aplikazioa eguneratu.",
+    "diagnosis_apps_broken": "Aplikazio hau YunoHosten aplikazioen katalogoan hondatuta dagoela ageri da. Agian behin-behineko kontua da arduradunak konpondu bitartean. Oraingoz, ezin da aplikazioa eguneratu.",
+    "diagnosis_apps_deprecated_practices": "Instalatutako aplikazio honen bertsioak oraindik darabiltza zaharkitutako pakete-jarraibideak. Eguneratzea hausnartu beharko zenuke.",
     "diagnosis_apps_issue": "Arazo bat dago {app} aplikazioarekin",
-    "diagnosis_apps_not_in_app_catalog": "Aplikazio hau ez da YunoHosten aplikazioen katalogokoa. Iraganean egon bazen eta ezabatu izan balitz, desinstalatzea litzateke onena, ez baitu eguneraketarik jasoko eta sistemaren integritate eta segurtasuna arriskuan jarri lezake.",
+    "diagnosis_apps_not_in_app_catalog": "Aplikazio hau ez da YunoHosten aplikazioen katalogokoa. Iraganean egon bazen eta ezabatu izan balitz, desinstalatzea litzateke onena, ez baitu eguneraketarik jasoko eta sistemaren integritate eta segurtasuna arriskuan jarri lezakeelako.",
     "diagnosis_apps_outdated_ynh_requirement": "Instalatutako aplikazio honen bertsioak yunohost >= 2.x baino ez du behar, eta horrek egungo pakete-jardunbideekin bat ez datorrela iradokitzen du. Eguneratzen saiatu beharko zinateke.",
-    "diagnosis_description_apps": "Aplikazioak"
+    "diagnosis_description_apps": "Aplikazioak",
+    "domain_dns_conf_special_use_tld": "Domeinu hau top-level domain (TLD) erabilera bereziko motakoa da .local edo .test bezala eta ez du DNS ezarpenik behar.",
+    "log_permission_create": "Sortu '{}' baimena",
+    "log_user_delete": "Ezabatu '{}' erabiltzailea",
+    "log_app_install": "'{}' aplikazioa instalatu",
+    "done": "Egina",
+    "group_user_already_in_group": "{user} erabiltzailea {group} taldean dago dagoeneko",
+    "firewall_reloaded": "Suebakia birkargatu da",
+    "domain_unknown": "'{domain}' domeinua ezezaguna da",
+    "global_settings_cant_serialize_settings": "Ezinezkoa izan da konfikurazio-datuak serializatzea, zergatia: {reason}",
+    "global_settings_setting_security_nginx_redirect_to_https": "Birbideratu HTTP eskaerak HTTPSra (EZ ITZALI hau ez badakizu zertan ari zaren!)",
+    "group_deleted": "'{group}' taldea ezabatu da",
+    "invalid_password": "Pasahitza ez da zuzena",
+    "log_domain_main_domain": "Lehenetsi '{}' domeinua",
+    "log_user_group_update": "Moldatu '{}' taldea",
+    "dyndns_could_not_check_available": "Ezinezkoa izan da {domain} {provider}(e)n eskuragarri dagoen egiaztatzea.",
+    "diagnosis_rootfstotalspace_critical": "'root' fitxategi-sistemak {space} baino ez ditu erabilgarri, eta hori kezkagarria da! Litekeena da oso laster memoriarik gabe geratzea! 'root' fitxategi-sistemak gutxienez 16GB erabilgarri izatea da gomendioa.",
+    "disk_space_not_sufficient_install": "Ez dago aplikazio hau instalatzeko nahikoa espaziorik",
+    "domain_dns_conf_is_just_a_recommendation": "Komando honek *iradokitako* konfigurazioa erakusten du. Ez du DNS konfigurazioa zugatik ezartzen. Zure ardura da DNS gunea zure erregistro-enpresaren gomendioen arabera ezartzea.",
+    "dyndns_ip_update_failed": "Ezin izan da IP helbidea DynDNSan eguneratu",
+    "dyndns_ip_updated": "IP helbidea DynDNS-n eguneratu da",
+    "dyndns_key_not_found": "Ez da domeinurako DNS gakorik aurkitu",
+    "dyndns_unavailable": "'{domain}' domeinua ez dago eskuragarri.",
+    "log_app_makedefault": "Lehenetsi '{}' aplikazioa",
+    "log_does_exists": "Ez dago '{log}' izena duen eragiketa-erregistrorik; erabili 'yunohost log list' eragiketa-erregistro guztiak ikusteko",
+    "log_user_group_delete": "Ezabatu '{}' taldea",
+    "log_user_import": "Inportatu erabiltzaileak",
+    "dyndns_key_generating": "DNS gakoa sortzen… litekeena da honek denbora behar izatea.",
+    "diagnosis_mail_fcrdns_ok": "Alderantzizko DNSa zuzen konfiguratuta dago!",
+    "diagnosis_mail_queue_unavailable_details": "Errorea: {error}",
+    "dyndns_provider_unreachable": "Ezinezkoa izan da DynDNS {provider} enpresarekin konektatzea: agian zure YunoHost zerbitzaria ez dago internetera konektatuta edo dynette zerbitzaria ez dago martxan.",
+    "dyndns_registered": "DynDNS domeinua erregistratu da",
+    "dyndns_registration_failed": "Ezinezkoa izan da DynDNS domeinua erregistratzea: {error}",
+    "extracting": "Ateratzen…",
+    "diagnosis_ports_unreachable": "{port}. ataka ez dago eskuragarri kanpotik.",
+    "diagnosis_regenconf_manually_modified_details": "Ez dago arazorik zertan ari zaren baldin badakizu! YunoHostek fitxategi hau automatikoki eguneratzeari utziko dio… Baina kontuan izan YunoHosten eguneraketek aldaketa garrantzitsuak izan ditzaketela. Nahi izatekotan, desberdintasunak aztertu ditzakezu <cmd>yunohost tools regen-conf {category} --dry-run --with-diff</cmd> komandoa exekutatuz, eta gomendatutako konfiguraziora bueltatu <cmd>yunohost tools regen-conf {category} --force</cmd> erabiliz",
+    "experimental_feature": "Adi: Funtzio hau esperimentala eta ezegonkorra da, ez zenuke erabili beharko ez badakizu zertan ari zaren.",
+    "global_settings_cant_write_settings": "Ezinezkoa izan da konfigurazio fitxategia gordetzea, zergatia: {reason}",
+    "dyndns_domain_not_provided": "{provider} DynDNS enpresak ezin du {domain} domeinua eskaini.",
+    "firewall_reload_failed": "Ezinezkoa izan da suebakia birkargatzea",
+    "global_settings_setting_security_password_admin_strength": "Administrazio-pasahitzaren segurtasuna",
+    "hook_name_unknown": "'{name}' 'hook' izen ezezaguna",
+    "domain_deletion_failed": "Ezinezkoa izan da {domain} ezabatzea: {error}",
+    "global_settings_setting_security_nginx_compatibility": "Bateragarritasun eta segurtasun arteko gatazka NGINX web zerbitzarirako. Zifraketari eragiten dio (eta segurtasunari lotutako beste kontu batzuei)",
+    "log_regen_conf": "Berregin '{}' sistemaren konfigurazioa",
+    "dpkg_lock_not_available": "Ezin da komando hau une honetan exekutatu beste aplikazio batek dpkg (sistemaren paketeen kudeatzailea) blokeatuta duelako, erabiltzen ari baita",
+    "group_created": "'{group}' taldea sortu da",
+    "global_settings_setting_security_password_user_strength": "Erabiltzaile-pasahitzaren segurtasuna",
+    "global_settings_setting_security_experimental_enabled": "Gaitu segurtasun funtzio esperimentalak (ez ezazu egin ez badakizu zertan ari zaren!)",
+    "good_practices_about_admin_password": "Administrazio-pasahitz berria ezartzear zaude. Pasahitzak zortzi karaktere izan beharko lituzke gutxienez, baina gomendagarria da pasahitz luzeagoa erabiltzea (esaldi bat, esaterako) edota karaktere desberdinak erabiltzea (hizki larriak, txikiak, zenbakiak eta karaktere bereziak).",
+    "log_help_to_get_failed_log": "Ezin izan da '{desc}' eragiketa exekutatu. Mesedez, laguntza nahi baduzu partekatu eragiketa honen erregistro osoa 'yunohost log share {name}' komandoa erabiliz",
+    "global_settings_setting_security_webadmin_allowlist_enabled": "Baimendu IP zehatz batzuk bakarrik administrazio-atarian.",
+    "group_unknown": "'{group}' taldea ezezaguna da",
+    "group_updated": "'{group}' taldea eguneratu da",
+    "group_update_failed": "Ezinezkoa izan da '{group}' taldea eguneratzea: {error}",
+    "diagnosis_rootfstotalspace_warning": "'root' fitxategi-sistemak {space} baino ez ditu. Agian ez da arazorik egongo, baina kontuz ibili edo memoriarik gabe gera zaitezke laster… 'root' fitxategi-sistemak gutxienez 16GB erabilgarri izatea da gomendioa.",
+    "iptables_unavailable": "Ezin dituzu iptaulak hemen moldatu; edukiontzi bat erabiltzen ari zara edo kernelak ez du aukera hau onartzen",
+    "log_permission_delete": "Ezabatu '{}' baimena",
+    "group_already_exist": "{group} taldea existitzen da dagoeneko",
+    "group_user_not_in_group": "{user} erabiltzailea ez dago {group} taldean",
+    "diagnosis_mail_fcrdns_nok_alternatives_6": "Operadore batzuek ez dute alderantzizko DNSa konfiguratzen uzten (edo funtzioa ez dabil…). IPv4rako alderantzizko DNSa zuzen konfiguratuta badago, IPv6 desgaitzen saia zaitezke posta elektronikoa bidaltzeko, <cmd>yunohost settings set smtp.allow_ipv6 -v off</cmd> exekutatuz. Adi: honek esan nahi du ez zarela gai izango IPv6 bakarrik darabilten zerbitzari apurren posta elektronikoa jasotzeko edo beraiei bidaltzeko.",
+    "diagnosis_sshd_config_inconsistent": "Dirudienez SSH ataka eskuz aldatu da /etc/ssh/sshd_config fitxategian. YunoHost 4.2tik aurrera 'security.ssh.port' izeneko ezarpen orokor bat dago konfigurazioa eskuz aldatzea ekiditeko.",
+    "diagnosis_sshd_config_inconsistent_details": "Mesedez, exekutatu <cmd>yunohost settings set security.ssh.port -v YOUR_SSH_PORT</cmd> SSH ataka zehazteko, egiaztatu <cmd>yunohost tools regen-conf ssh --dry-run --with-diff</cmd> erabiliz eta <cmd>yunohost tools regen-conf ssh --force</cmd> exekutatu gomendatutako konfiguraziora bueltatu nahi baduzu.",
+    "domain_dns_push_failed_to_authenticate": "Ezinezkoa izan da '{domain}' domeinurako APIa erabiliz erregistro-enpresan saioa hastea. Zuzenak al dira datuak? (Errorea: {error})",
+    "domain_dns_pushing": "DNS ezarpenak bidaltzen…",
+    "diagnosis_sshd_config_insecure": "Badirudi SSH konfigurazioa eskuz aldatu dela eta ez da segurua ez duelako 'AllowGroups' edo 'AllowUsers' baldintzarik jartzen fitxategien atzitzea oztopatzeko.",
+    "disk_space_not_sufficient_update": "Ez dago aplikazio hau eguneratzeko nahikoa espaziorik",
+    "domain_cannot_add_xmpp_upload": "Ezin dira 'xmpp-upload.' hasiera duten domeinuak gehitu. Izen mota hau YunoHosten zati den XMPP igoeretarako erabiltzen da.",
+    "domain_cannot_remove_main_add_new_one": "Ezin duzu '{domain}' ezabatu domeinu nagusi eta bakarra delako. Beste domeinu bat gehitu 'yunohost domain add <beste-domeinua.eus>' exekutatuz, gero erabili 'yunohost domain main-domain -n <beste-domeinua.eus>' domeinu nagusi bilakatzeko, eta azkenik ezabatu {domain}' domeinua 'yunohost domain remove {domain}' komandoarekin.",
+    "domain_dns_push_record_failed": "Ezinezkoa izan da {type}/{name} ezarpenak {action}: {error}",
+    "domain_dns_push_success": "DNS ezarpenak eguneratu dira!",
+    "domain_dns_push_failed": "DNS ezarpenen eguneratzeak kale egin du.",
+    "domain_dns_push_partial_failure": "DNS ezarpenak erdipurdi eguneratu dira: jakinarazpen/errore batzuk egon dira.",
+    "global_settings_setting_smtp_relay_host": "YunoHosten ordez posta elektronikoa bidaltzeko SMTP relay helbidea. Erabilgarri izan daiteke egoera hauetan: operadore edo VPS enpresak 25. ataka blokeatzen badu, DUHLen zure etxeko IPa ageri bada, ezin baduzu alderantzizko DNSa ezarri edo zerbitzari hau ez badago zuzenean internetera konektatuta baina posta elektronikoa bidali nahi baduzu.",
+    "group_deletion_failed": "Ezinezkoa izan da '{group}' taldea ezabatzea: {error}",
+    "invalid_number_min": "{min} baino handiagoa izan behar da",
+    "invalid_number_max": "{max} baino txikiagoa izan behar da",
+    "diagnosis_services_bad_status": "{service} zerbitzua {status} dago :(",
+    "diagnosis_ports_needed_by": "{category} funtzioetarako ezinbestekoa da ataka hau eskuragarri egotea ({service} zerbitzua)",
+    "diagnosis_package_installed_from_sury": "Sistemaren pakete batzuen lehenagoko bertsioak beharko lirateke",
+    "global_settings_setting_smtp_relay_password": "SMTP relay helbideko pasahitza",
+    "global_settings_setting_smtp_relay_port": "SMTP relay ataka",
+    "domain_deleted": "Domeinua ezabatu da",
+    "domain_dyndns_root_unknown": "Ez da ezagutzen DynDNSaren root domeinua",
+    "domain_exists": "Dagoeneko existitzen da domeinu hau",
+    "domain_registrar_is_not_configured": "Oraindik ez da {domain} domeinurako erregistro-enpresa ezarri.",
+    "domain_dns_push_not_applicable": "Ezin da {domain} domeinurako DNS konfigurazio automatiko funtzioa erabili. DNS erregistroak eskuz ezarri beharko zenituzke gidaorriei erreparatuz: https://yunohost.org/dns_config.",
+    "domain_dns_push_managed_in_parent_domain": "DNS ezarpenak automatikoki konfiguratzeko funtzioa {parent_domain} domeinu nagusian kudeatzen da.",
+    "domain_dns_registrar_managed_in_parent_domain": "Domeinu hau {parent_domain_link} (r)en azpidomeinua da. DNS ezarpenak {parent_domain}(r)en konfigurazio atalean kudeatu behar dira.",
+    "domain_dns_registrar_yunohost": "Hau nohost.me / nohost.st / ynh.fr domeinu bat da eta, beraz, DNS ezarpenak automatikoki kudeatzen ditu YunoHostek, bestelako ezer konfiguratu beharrik gabe. (ikus 'yunohost dyndns update' komandoa)",
+    "domain_dns_registrar_not_supported": "YunoHostek ezin izan du domeinu honen erregistro-enpresa automatikoki antzeman. Eskuz konfiguratu beharko dituzu DNS ezarpenak gidalerroei erreparatuz: https://yunohost.org/dns.",
+    "domain_dns_registrar_experimental": "Oraingoz, YunoHosten kideek ez dute **{registrar}** erregistro-enpresaren APIa nahi beste probatu eta aztertu. Funtzioa **oso esperimentala** da — kontuz!",
+    "domain_config_mail_in": "Jasotako mezuak",
+    "domain_config_auth_token": "Token autentifikazioa",
+    "domain_config_auth_key": "Autentifikazio gakoa",
+    "domain_config_auth_secret": "Autentifikazioaren \"secret\"a",
+    "domain_config_api_protocol": "API protokoloa",
+    "domain_config_auth_entrypoint": "APIaren sarrera",
+    "domain_config_auth_application_key": "Aplikazioaren gakoa",
+    "domain_config_auth_application_secret": "Aplikazioaren gako sekretua",
+    "domain_config_auth_consumer_key": "Erabiltzailearen gakoa",
+    "global_settings_setting_smtp_allow_ipv6": "Baimendu IPv6 posta elektronikoa jaso eta bidaltzeko",
+    "group_cannot_be_deleted": "{group} taldea ezin da eskuz ezabatu.",
+    "log_domain_config_set": "Aldatu '{}' domeinuko ezarpenak",
+    "log_domain_dns_push": "Bidali '{}' domeinuaren DNS ezarpenak",
+    "log_tools_migrations_migrate_forward": "Exekutatu migrazioak",
+    "log_tools_postinstall": "Abiarazi YunoHost zerbitzariaren instalazio ondorengo prozesua",
+    "diagnosis_mail_fcrdns_nok_alternatives_4": "Operadore batzuek ez dute alderantzizko DNSa konfiguratzen uzten (edo funtzioa ez dabil…). Hau dela-eta arazoak badituzu, irtenbide batzuk eduki ditzakezu:<br>- Operadore batzuek <a href='https://yunohost.org/#/email_configure_relay'>relay posta zerbitzari bat</a> eskaini dezakete, baina kasu horretan zure posta elektronikoa zelatatu dezakete.<br>- Pribatutasuna bermatzeko *IP publikoa* duen VPN bat erabiltzea izan daiteke irtenbidea. Ikus <a href='https://yunohost.org/#/vpn_advantage'>https://yunohost.org/#/vpn_advantage</a><br>- Edo <a href='https://yunohost.org/#/isp'>operadore desberdin batera aldatu</a>",
+    "domain_dns_registrar_supported": "YunoHostek automatikoki antzeman du domeinu hau **{registrar}** erregistro-enpresak kudeatzen duela. Nahi baduzu YunoHostek automatikoki konfiguratu ditzake DNS ezarpenak, API egiaztagiri zuzenak zehazten badituzu. API egiaztagiriak non lortzeko dokumentazioa orri honetan duzu: https://yunohost.org/registar_api_{registrar}. (Baduzu DNS erregistroak eskuz konfiguratzeko aukera ere, gidalerro hauetan ageri den bezala: https://yunohost.org/dns)",
+    "domain_dns_push_failed_to_list": "Ezinezkoa izan da APIa erabiliz oraingo erregistroak antzematea: {error}",
+    "domain_dns_push_already_up_to_date": "Ezarpenak egunean daude, ez dago zereginik.",
+    "domain_config_features_disclaimer": "Oraingoz, posta elektronikoa edo XMPP funtzioak gaitu/desgaitzeak DNS ezarpenei soilik eragiten die, ez sistemaren konfigurazioari!",
+    "domain_config_mail_out": "Bidalitako mezuak",
+    "domain_config_xmpp": "Bat-bateko mezularitza (XMPP)",
+    "global_settings_bad_choice_for_enum": "{setting} ezarpenerako aukera okerra. '{choice}' ezarri da baina hauek dira aukerak: {available_choices}",
+    "global_settings_setting_security_postfix_compatibility": "Bateragarritasun eta segurtasun arteko gatazka Postfix zerbitzarirako. Zifraketari eragiten dio (eta segurtasunari lotutako beste kontu batzuei)",
+    "global_settings_setting_security_ssh_compatibility": "Bateragarritasun eta segurtasun arteko gatazka SSH zerbitzarirako. Zifraketari eragiten dio (eta segurtasunari lotutako beste kontu batzuei)",
+    "good_practices_about_user_password": "Erabiltzaile-pasahitz berria ezartzear zaude. Pasahitzak zortzi karaktere izan beharko lituzke gutxienez, baina gomendagarria da pasahitz luzeagoa erabiltzea (esaldi bat, esaterako) edota karaktere desberdinak erabiltzea (hizki larriak, txikiak, zenbakiak eta karaktere bereziak).",
+    "group_cannot_edit_all_users": "'all_users' taldea ezin da eskuz moldatu. YunoHosten izena emanda dauden erabiltzaile guztiak barne dituen talde berezia da",
+    "invalid_number": "Zenbaki bat izan behar da",
+    "ldap_attribute_already_exists": "'{attribute}' LDAP funtzioa existitzen da dagoeneko eta '{value}' balioa dauka",
+    "log_app_change_url": "'{}' aplikazioaren URLa aldatu",
+    "log_app_config_set": "Ezarri '{}' aplikazioko konfigurazioa",
+    "downloading": "Deskargatzen…",
+    "dyndns_could_not_check_provide": "Ezinezkoa izan da {provider}(e)k {domain} eskaini dezakeen egiaztatzea.",
+    "log_available_on_yunopaste": "Erregistroa {url} estekan ikus daiteke",
+    "log_dyndns_update": "Eguneratu YunoHosten '{}' domeinuari lotutako IP helbidea",
+    "log_letsencrypt_cert_install": "Instalatu Let's Encrypt ziurtagiria '{}' domeinurako",
+    "log_selfsigned_cert_install": "Instalatu '{}' domeinurako norberak sinatutako ziurtagiria",
+    "diagnosis_mail_ehlo_wrong": "Zurea ez den SMTP posta zerbitzari batek erantzun du IPv{ipversion}an. Litekeena da zure zerbitzariak posta elektronikorik jaso ezin izatea.",
+    "log_tools_upgrade": "Eguneratu sistemaren paketeak",
+    "log_tools_reboot": "Berrabiarazi zerbitzaria",
+    "diagnosis_mail_queue_unavailable": "Ezinezkoa da ilaran zenbat posta elektroniko dauden kontsultatzea",
+    "log_user_create": "Gehitu '{}' erabiltzailea",
+    "group_cannot_edit_visitors": "'bisitariak' taldea ezin da eskuz moldatu. Saiorik hasi gabeko bisitariak barne hartzen dituen talde berezia da",
+    "diagnosis_ram_verylow": "RAM memoriaren {available} baino ez ditu erabilgarri sistemak; memoria guztiaren ({total}) %{available_percent}a bakarrik!",
+    "diagnosis_ram_low": "RAM memoriaren {available} ditu erabilgarri sistemak; memoria guztiaren ({total}) %{available_percent}a. Adi ibili.",
+    "diagnosis_ram_ok": "RAM memoriaren {available} ditu oraindik erabilgarri sistemak; memoria guztiaren ({total}) %{available_percent}a.",
+    "diagnosis_swap_none": "Sistemak ez du swap-ik. Gutxienez {recommended} izaten saiatu beharko zinateke, sistema memoriarik gabe gera ez dadin.",
+    "diagnosis_swap_ok": "Sistemak {total} swap dauzka!",
+    "diagnosis_regenconf_allgood": "Konfigurazio-fitxategi guztiak bat datoz gomendatutako ezarpenekin!",
+    "diagnosis_regenconf_manually_modified": "Dirudienez <code>{file}</code> konfigurazio fitxategia eskuz aldatu da.",
+    "diagnosis_security_vulnerable_to_meltdown": "Badirudi Meltdown izeneko segurtasun arazo larriak eragin diezazukela",
+    "diagnosis_ports_could_not_diagnose": "Ezinezkoa izan da atakak IPv{ipversion} erabiliz kanpotik eskuragarri dauden egiaztatzea.",
+    "diagnosis_ports_ok": "{port}. ataka eskuragarri dago kanpotik.",
+    "diagnosis_unknown_categories": "Honako atalak ez dira ezagutzen: {categories}",
+    "diagnosis_services_running": "{service} zerbitzua martxan dago!",
+    "log_app_action_run": "'{}' aplikazioaren eragiketa exekutatu",
+    "diagnosis_never_ran_yet": "Badirudi zerbitzari hau duela gutxi konfiguratu dela eta oraindik ez dago erakusteko diagnostikorik. Diagnostiko osoa abiarazi beharko zenuke, administrazio-webgunetik edo 'yunohost diagnosis run' komandoa exekutatuz.",
+    "diagnosis_mail_outgoing_port_25_blocked": "SMTP posta zerbitzariak ezin ditu posta elektronikoak bidali 25. ataka itxita dagoelako IPv{ipversion}n.",
+    "diagnosis_mail_outgoing_port_25_blocked_details": "Lehenik eta behin operadorearen routerreko aukeretan saiatu beharko zinateke 25. ataka desblokeatzen. (Hosting enpresaren arabera, beraiekin harremanetan jartzea beharrezkoa izango da).",
+    "diagnosis_mail_ehlo_wrong_details": "Kanpo-diagnostikatzaileak IPv{ipversion}an jaso duen EHLOa eta zure zerbitzariaren domeinukoa ez datoz bat.<br> Jasotako EHLOa: <code>{wrong_ehlo}</code><br>Esperotakoa: <code>{right_ehlo}</code><br>Arazo honen zergati ohikoena 25. ataka <a href='https://yunohost.org/isp_box_config'>zuzen konfiguratuta ez egotea</a> da. Edo agian suebaki edo reverse-proxya oztopo izan daiteke.",
+    "diagnosis_mail_fcrdns_different_from_ehlo_domain": "Alderantzizko DNSa ez dago zuzen konfiguratuta IPv{ipversion}an. Litekeena da hartzaileak posta elektroniko batzuk jaso ezin izatea edo mezuok spam modura etiketatuak izatea.",
+    "diagnosis_mail_fcrdns_different_from_ehlo_domain_details": "Oraingo alderantzizko DNSa: <code>{rdns_domain}</code><br>Esperotako balioa: <code>{ehlo_domain}</code>",
+    "diagnosis_mail_queue_too_big": "Mezu gehiegi posta elektronikoaren ilaran: ({nb_pending} mezu)",
+    "diagnosis_ports_could_not_diagnose_details": "Errorea: {error}",
+    "diagnosis_swap_tip": "Mesedez, kontuan hartu zerbitzari honen swap memoria SD edo SSD euskarri batean gordetzeak euskarri horren bizi-iraupena izugarri laburtu dezakeela.",
+    "invalid_regex": "'Regexa' ez da zuzena: '{regex}'",
+    "group_creation_failed": "Ezinezkoa izan da '{group}' taldea sortzea: {error}",
+    "log_user_permission_reset": "Berrezarri '{}' baimena",
+    "group_cannot_edit_primary_group": "'{group}' taldea ezin da eskuz moldatu. Erabiltzaile zehatz bakar bat duen talde nagusia da.",
+    "diagnosis_swap_notsomuch": "Sistemak {total} swap baino ez ditu. Gutxienez {recommended} izaten saiatu beharko zinateke sistema memoriarik gabe gera ez dadin.",
+    "diagnosis_security_vulnerable_to_meltdown_details": "Arazoa konpontzeko, sistema eguneratu eta berrabiarazi beharko zenuke linux-en kernel berriagoa erabiltzeko (edo zerbitzariaren arduradunarekin jarri harremanetan). Ikus https://meltdownattack.com/ argibide gehiagorako.",
+    "diagnosis_services_conf_broken": "{service} zerbitzuko konfigurazioa hondatuta dago!",
+    "diagnosis_services_bad_status_tip": "Zerbitzua <a href='#/services/{service}'>berrabiarazten</a> saia zaitezke eta nahikoa ez bada, <a href='#/services/{service}'>aztertu zerbitzuaren erregistroa administrazio-atarian</a>. (komandoak nahiago badituzu <cmd>yunohost service restart {service}</cmd> eta <cmd>yunohost service log {service}</cmd> hurrenez hurren).",
+    "diagnosis_mail_ehlo_unreachable_details": "Ezinezkoa izan da zure zerbitzariko 25. atakari konektatzea IPv{ipversion} erabiliz. Badirudi ez dagoela eskuragarri.<br>1. Arazo honen zergati ohikoena 25. ataka <a href='https://yunohost.org/isp_box_config'>egoki birbideratuta ez egotea</a> da.<br>2. Egiaztatu postfix zerbitzua martxan dagoela.<br>3. Konfigurazio konplexuagoetan: egiaztatu suebaki edo reverse-proxyak konexioa oztopatzen ez dutela.",
+    "group_already_exist_on_system_but_removing_it": "{group} taldea existitzen da sistemaren taldeetan, baina YunoHostek ezabatuko du…",
+    "diagnosis_mail_fcrdns_nok_details": "Lehenik eta behin zure routerraren konfigurazio gunean edo hostingaren enpresaren aukeretan alderantzizko DNSa konfiguratzen saiatu beharko zinateke <code>{ehlo_domain}</code> erabiliz. (Hosting enpresaren arabera, ezinbestekoa da beraiekin harremanetan jartzea).",
+    "diagnosis_mail_outgoing_port_25_ok": "SMTP posta zerbitzaria posta elektronikoa bidaltzeko gai da (25. atakaren irteera ez dago blokeatuta).",
+    "diagnosis_ports_partially_unreachable": "{port}. ataka ez dago eskuragarri kanpotik Pv{failed} erabiliz.",
+    "diagnosis_ports_forwarding_tip": "Arazoa konpontzeko, litekeena da operadorearen routerrean ataken birbideraketa konfiguratu behar izatea, <a href='https://yunohost.org/isp_box_config'>https://yunohost.org/isp_box_config</a>-n agertzen den bezala",
+    "domain_creation_failed": "Ezinezkoa izan da {domain} domeinua sortzea: {error}",
+    "domains_available": "Erabilgarri dauden domeinuak:",
+    "global_settings_setting_pop3_enabled": "Gaitu POP3 protokoloa posta zerbitzarirako",
+    "global_settings_setting_security_ssh_port": "SSH ataka",
+    "global_settings_unknown_type": "Gertaera ezezaguna, {setting} ezarpenak {unknown_type} mota duela dirudi baina mota hori ez da sistemarekin bateragarria.",
+    "group_already_exist_on_system": "{group} taldea existitzen da dagoeneko sistemaren taldeetan",
+    "diagnosis_processes_killed_by_oom_reaper": "Memoria agortu eta sistemak prozesu batzuk amaituarazi behar izan ditu. Honek esan nahi du sistemak ez duela memoria nahikoa edo prozesuren batek memoria gehiegi behar duela. Amaituarazi d(ir)en prozesua(k):\n{kills_summary}",
+    "hook_exec_not_terminated": "Aginduak ez du behar bezala amaitu: {path}",
+    "log_corrupted_md_file": "Erregistroei lotutako YAML metadatu fitxategia kaltetuta dago: '{md_file}\nErrorea: {error}'",
+    "log_letsencrypt_cert_renew": "Berriztu '{}' Let's Encrypt ziurtagiria",
+    "log_remove_on_failed_restore": "Ezabatu '{}' babeskopia baten lehengoratzeak huts egin eta gero",
+    "diagnosis_package_installed_from_sury_details": "Sury izena duen kanpoko biltegi batetik instalatu dira pakete batzuk, nahi gabe. YunoHosten taldeak hobekuntzak egin ditu pakete hauek kudeatzeko, baina litekeena da PHP7.3 aplikazioak Stretch sistema eragilean instalatu zituzten kasu batzuetan arazoak sortzea. Egoera hau konpontzeko, honako komando hau exekutatu beharko zenuke: <cmd>{cmd_to_fix}</cmd>",
+    "log_help_to_get_log": "'{desc}' eragiketaren erregistroa ikusteko, exekutatu 'yunohost log show {name}'",
+    "dpkg_is_broken": "Ezin duzu une honetan egin dpkg/APT (sistemaren pakateen kudeatzaileak) hondatutako itxura dutelako… Arazoa konpontzeko SSH bidez konektatzen saia zaitezke eta ondoren exekutatu 'sudo apt install --fix-broken' edota 'sudo dpkg --configure -a'.",
+    "domain_cannot_remove_main": "Ezin duzu '{domain}' ezabatu domeinu nagusia delako. Beste domeinu bat ezarri beharko duzu nagusi bezala 'yunohost domain main-domain -n <another-domain>' erabiliz; honako hauek dituzu aukeran: {other_domains}",
+    "domain_created": "Sortu da domeinua",
+    "domain_dyndns_already_subscribed": "Dagoeneko izena eman duzu DynDNS domeinu batean",
+    "domain_hostname_failed": "Ezinezkoa izan da hostname berria ezartzea. Honek arazoak ekar litzake etorkizunean (litekeena da ondo egotea).",
+    "domain_uninstall_app_first": "Honako aplikazio hauek domeinuan instalatuta daude:\n{apps}\n\nMesedez, desinstalatu 'yunohost app remove the_app_id' ezekutatuz edo alda itzazu beste domeinu batera 'yunohost app change-url the_app_id' erabiliz domeinua ezabatu baino lehen",
+    "file_does_not_exist": "{path} fitxategia ez da existitzen.",
+    "firewall_rules_cmd_failed": "Suebakiko arau batzuen exekuzioak huts egin du. Informazio gehiago erregistroetan.",
+    "log_app_remove": "Ezabatu '{}' aplikazioa",
+    "global_settings_cant_open_settings": "Ezinezkoa izan da konfigurazio fitxategia irekitzea, zergatia: {reason}",
+    "global_settings_reset_success": "Lehengo ezarpenak {path}-n gorde dira",
+    "global_settings_unknown_setting_from_settings_file": "Gako ezezaguna ezarpenetan: '{setting_key}', baztertu eta gorde ezazu hemen: /etc/yunohost/settings-unknown.json",
+    "domain_remove_confirm_apps_removal": "Domeinu hau ezabatzean aplikazio hauek desinstalatuko dira:\n{apps}\n\nZiur al zaude? [{answers}]",
+    "global_settings_setting_service_ssh_allow_deprecated_dsa_hostkey": "Baimendu DSA gakoa (zaharkitua) SSH zerbitzuaren konfiguraziorako",
+    "hook_list_by_invalid": "Aukera hau ezin da 'hook'ak zerrendatzeko erabili",
+    "installation_complete": "Instalazioa amaitu da",
+    "hook_exec_failed": "Ezinezkoa izan da agindua exekutatzea: {path}",
+    "hook_json_return_error": "Ezin izan da {path} aginduaren erantzuna irakurri. Errorea: {msg}. Jatorrizko edukia: {raw_content}",
+    "ip6tables_unavailable": "Ezin dituzu ip6taulak hemen moldatu; edukiontzi bat erabiltzen ari zara edo kernelak ez du aukera hau onartzen",
+    "log_link_to_log": "Eragiketa honen erregistro osoa: '<a href=\"#/tools/logs/{name}\" style=\"text-decoration:underline\">{desc}</a>'",
+    "log_operation_unit_unclosed_properly": "Eragiketa ez da modu egokian itxi",
+    "log_backup_restore_app": "Lehengoratu '{}' babeskopia fitxategi bat erabiliz",
+    "log_remove_on_failed_install": "Ezabatu '{}' instalazioak huts egin ondoren",
+    "log_domain_add": "Gehitu '{}' domeinua sistemaren konfiguraziora",
+    "log_dyndns_subscribe": "Eman izena YunoHosten '{}' azpidomeinuan",
+    "diagnosis_no_cache": "Oraindik ez dago '{category}' atalerako diagnostikoaren cacherik",
+    "diagnosis_mail_queue_ok": "Posta elektronikoaren ilaran zain dauden mezuak: {nb_pending}",
+    "global_settings_setting_smtp_relay_user": "SMTP relay erabiltzailea",
+    "domain_cert_gen_failed": "Ezinezkoa izan da ziurtagiria sortzea",
+    "field_invalid": "'{}' ez da baliogarria",
+    "diagnosis_mail_outgoing_port_25_blocked_relay_vpn": "Operadore batzuei bost axola zaie internetaren neutraltasuna (Net Neutrality) eta ez dute 25. ataka desblokeatzen uzten.<br>- Operadore batzuek <a href='https://yunohost.org/#/email_configure_relay'>relay posta zerbitzari bat</a> eskaini dezakete, baina kasu horretan zure posta elektronikoa zelatatu dezakete.<br>- Pribatutasuna bermatzeko *IP publikoa* duen VPN bat erabiltzea izan daiteke irtenbidea. Ikus <a href='https://yunohost.org/#/vpn_advantage'>https://yunohost.org/#/vpn_advantage</a><br>- Edo <a href='https://yunohost.org/#/isp'>operadore desberdin batera aldatu</a>",
+    "ldap_server_down": "Ezin izan da LDAP zerbitzarira konektatu",
+    "ldap_server_is_down_restart_it": "LDAP zerbitzaria ez dago martxan, saia zaitez berrabiarazten…",
+    "log_app_upgrade": "'{}' aplikazioa eguneratu",
+    "log_tools_shutdown": "Itzali zerbitzaria",
+    "log_user_permission_update": "Eguneratu '{}' baimenerako sarbideak",
+    "log_user_update": "Eguneratu '{}' erabiltzailearen informazioa",
+    "dyndns_no_domain_registered": "Ez dago DynDNSrekin izena emandako domeinurik",
+    "global_settings_bad_type_for_setting": "{setting} ezarpenerako mota okerra. {received_type} ezarri da, {expected_type} espero zen",
+    "diagnosis_mail_fcrdns_dns_missing": "Ez da alderantzizko DNSrik ezarri IPv{ipversion}rako. Litekeena da hartzaileak posta elektroniko batzuk jaso ezin izatea edo mezuok spam modura etiketatuak izatea.",
+    "log_backup_create": "Sortu babeskopia fitxategia",
+    "global_settings_setting_backup_compress_tar_archives": "Babeskopia berriak sortzean, konprimitu fitxategiak (.tar.gz) konprimitu gabeko fitxategien (.tar) ordez. Aukera hau gaitzean babeskopiek espazio gutxiago beharko dute, baina hasierako prozesua luzeagoa izango da eta CPUari lan handiagoa eragingo dio.",
+    "global_settings_setting_security_webadmin_allowlist": "Administrazio-ataria bisita dezaketen IP helbideak, koma bidez bereiziak.",
+    "global_settings_key_doesnt_exists": "'{settings_key}' gakoa ez da existitzen konfigurazio orokorrean; erabilgarri dauden gakoak ikus ditzakezu 'yunohost settings list' exekutatuz",
+    "global_settings_setting_ssowat_panel_overlay_enabled": "Gaitu SSOwat paneleko \"overlay\"a",
+    "log_backup_restore_system": "Lehengoratu sistema babeskopia fitxategi batetik",
+    "log_domain_remove": "Ezabatu '{}' domeinua sistemaren ezarpenetatik",
+    "log_link_to_failed_log": "Ezinezkoa izan da '{desc}' eragiketa exekutatzea. Mesedez, laguntza nahi izanez gero, partekatu erakigeta honen erregistro osoa <a href=\"#/tools/logs/{name}\">hemen sakatuz</a>",
+    "log_permission_url": "Eguneratu '{}' baimenari lotutako URLa",
+    "log_user_group_create": "Sortu '{}' taldea",
+    "permission_creation_failed": "Ezinezkoa izan da '{permission}' baimena sortzea: {error}",
+    "permission_not_found": "Ez da '{permission}' baimena aurkitu",
+    "pattern_lastname": "Abizen horrek ez du balio",
+    "permission_deleted": "'{permission}' baimena ezabatu da",
+    "service_disabled": "'{service}' zerbitzua ez da etorkizunean zerbitzaria abiaraztearekin batera exekutatuko.",
+    "tools_upgrade_regular_packages_failed": "Ezin izan dira paketeak eguneratu: {packages_list}",
+    "tools_upgrade_special_packages_completed": "YunoHosten paketeak eguneratu dira.\nSakatu [Enter] komando-lerrora bueltatzeko",
+    "unexpected_error": "Ezusteko zerbaitek huts egin du: {error}",
+    "updating_apt_cache": "Sistemaren paketeen eguneraketak eskuratzen…",
+    "mail_forward_remove_failed": "Ezinezkoa izan da '{mail}' posta elektronikoko birbidalketa ezabatzea",
+    "migration_description_0020_ssh_sftp_permissions": "Gehitu SSH eta SFTP baimenak",
+    "migration_ldap_migration_failed_trying_to_rollback": "Ezinezkoa izan da migratzea… sistema lehengoratzen saiatzen.",
+    "migrations_exclusive_options": "'--auto', '--skip', eta '--force-rerun' aukerek batak bestea baztertzen du.",
+    "migrations_running_forward": "{id} migrazioa exekutatzen…",
+    "regenconf_dry_pending_applying": "'{category}' atalari dagokion konfigurazioa egiaztatzen…",
+    "regenconf_file_backed_up": "'{conf} konfigurazio fitxategia '{backup}' babeskopian kopiatu da",
+    "regenconf_file_manually_modified": "'{conf}' konfigurazio fitxategia eskuz moldatu da eta ez da eguneratuko",
+    "regenconf_file_updated": "'{conf}' konfigurazio fitxategia eguneratu da",
+    "regenconf_updated": "'{category}' atalerako ezarpenak eguneratu dira",
+    "service_started": "'{service}' zerbitzua abiarazi da",
+    "show_tile_cant_be_enabled_for_regex": "Ezin duzu 'show_tile' gaitu une honetan, '{permission}' baimenerako URLa regex delako",
+    "unknown_main_domain_path": "{app} aplikaziorako domeinu edo bide ezezaguna. Domeinua eta bidea zehaztu behar dituzu baimena emateko URLa ahalbidetzeko.",
+    "user_import_partial_failed": "Erabiltzaileak inportatzeko eragiketak erdizka huts egin du",
+    "user_import_success": "Erabiltzaileak arazorik gabe inportatu dira",
+    "yunohost_already_installed": "YunoHost instalatuta dago dagoeneko",
+    "migration_0015_not_stretch": "Debianen oraingo bertsioa ez da Stretch!",
+    "migrations_success_forward": "{id} migrazioak amaitu du",
+    "migrations_to_be_ran_manually": "{id} migrazioa eskuz abiarazi behar da. Mesedez, joan Erramintak → Migrazioak atalera administrazio-atarian edo bestela exekutatu 'yunohost tools migrations run'.",
+    "permission_currently_allowed_for_all_users": "Baimen hau erabiltzaile guztiei esleitzen zaie eta baita beste talde batzuei ere. Litekeena da 'all users' baimena edo esleituta duten taldeei baimena kendu nahi izatea.",
+    "permission_require_account": "'{permission}' baimena zerbitzarian kontua duten erabiltzaileentzat da eta, beraz, ezin da gaitu bisitarientzat.",
+    "postinstall_low_rootfsspace": "'root' fitxategi-sistemak 10 GB edo espazio gutxiago dauka, kezkatzekoa dena! Litekeena da espaziorik gabe geratzea aurki! Gomendagarria da 'root' fitxategi-sistemak gutxienez 16 GB libre izatea. Jakinarazpen honen ondoren YunoHost instalatzen jarraitu nahi baduzu, berrabiarazi agindua '--force-diskspace' gehituz",
+    "this_action_broke_dpkg": "Eragiketa honek dpkg/APT (sistemaren pakete kudeatzaileak) kaltetu ditu… Arazoa konpontzeko SSH bidez konektatu eta 'sudo apt install --fix-broken' edota 'sudo dpkg --configure -a' exekutatu dezakezu.",
+    "tools_upgrade_special_packages_explanation": "Eguneraketa bereziak atzeko planoan jarraituko du. Mesedez, ez abiarazi bestelako eragiketarik datozen ~10 minutuetan (zure hardwarearen abiaduraren arabera). Honen ondoren litekeena da saioa berriro hasi behar izatea. Eguneraketaren erregistroa Erramintak → Erregistroak atalean (administrazio-atarian) edo 'yunohost log list' komandoa erabiliz egongo da ikusgai.",
+    "user_import_bad_line": "{line} lerro okerra: {details}",
+    "restore_complete": "Lehengoratzea amaitu da",
+    "restore_extracting": "Behar diren fitxategiak ateratzen…",
+    "tools_upgrade_cant_unhold_critical_packages": "Ezin izan dira pakete kritikoak deuseztatu…",
+    "tools_upgrade_regular_packages": "Orain pakete \"arruntak\" (YunoHostekin zerikusia ez dutenak) eguneratzen…",
+    "tools_upgrade_special_packages": "Orain pakete \"bereziak\" (YunoHostekin zerikusia dutenak) eguneratzen…",
+    "regenconf_would_be_updated": "'{category}' atalerako konfigurazioa eguneratu izango litzatekeen",
+    "migration_description_0018_xtable_to_nftable": "Migratu internet trafiko arau zaharrak nftaula sistema berrira",
+    "migrations_dependencies_not_satisfied": "Exekutatu honako migrazioak: '{dependencies_id}', {id} migratu baino lehen.",
+    "permission_created": "'{permission}' baimena sortu da",
+    "regenconf_now_managed_by_yunohost": "'{conf}' konfigurazio fitxategia YunoHostek kudeatzen du orain ({category} atala).",
+    "service_enabled": "'{service}' zerbitzua ez da automatikoki exekutatuko sistema abiaraztean.",
+    "service_removed": "'{service}' zerbitzua ezabatu da",
+    "service_restart_failed": "Ezin izan da '{service}' zerbitzua berrabiarazi\n\nZerbitzuen azken erregistroak: {logs}",
+    "service_restarted": "'{service}' zerbitzua berrabiarazi da",
+    "service_start_failed": "Ezin izan da '{service}' zerbitzua abiarazi\n\nZerbitzuen azken erregistroak: {logs}",
+    "ssowat_conf_updated": "SSOwat ezarpenak eguneratu dira",
+    "tools_upgrade_at_least_one": "Mesedez, zehaztu '--apps' edo '--system'",
+    "tools_upgrade_cant_both": "Ezin dira sistema eta aplikazioak une berean eguneratu",
+    "update_apt_cache_failed": "Ezin da APT Debian-en pakete kudeatzailearen cachea eguneratu. Hemen dituzu sources.list fitxategiaren lerroak, arazoa identifikatzeko baliagarria izan dezakezuna:\n{sourceslist}",
+    "update_apt_cache_warning": "Zerbaitek huts egin du APT Debian-en pakete kudeatzailearen cachea eguneratzean. Hemen dituzu sources.list fitxategiaren lerroak, arazoa identifikatzeko baliagarria izan dezakezuna:\n{sourceslist}",
+    "user_created": "Erabiltzailea sortu da",
+    "user_deletion_failed": "Ezin izan da '{user}' ezabatu: {error}",
+    "permission_updated": "'{permission}' baimena moldatu da",
+    "ssowat_conf_generated": "SSOwat ezarpenak berregin dira",
+    "system_upgraded": "Sistema eguneratu da",
+    "upnp_port_open_failed": "Ezin izan da UPnP bidez ataka zabaldu",
+    "user_creation_failed": "Ezin izan da '{user}' erabiltzailea sortu: {error}",
+    "user_deleted": "Erabiltzailea ezabatu da",
+    "main_domain_changed": "Domeinu nagusia aldatu da",
+    "migrations_already_ran": "Honako migrazio hauek amaitu dute dagoeneko: {ids}",
+    "yunohost_installing": "YunoHost instalatzen…",
+    "migrations_failed_to_load_migration": "Ezinezkoa izan da {id} migrazioa kargatzea: {error}",
+    "migrations_must_provide_explicit_targets": "'--skip' edo '--force-rerun' aukerak erabiltzean jomuga zehatzak zehaztu behar dituzu",
+    "migrations_pending_cant_rerun": "Migrazio hauek exekutatzeke daude eta, beraz, ezin dira berriro abiarazi: {ids}",
+    "regenconf_file_kept_back": "'{conf}' konfigurazio fitxategia regen-conf-ek ({category} atala) ezabatzekoa zen baina mantendu egin da.",
+    "regenconf_file_removed": "'{conf}' konfigurazio fitxategia ezabatu da",
+    "tools_upgrade_cant_hold_critical_packages": "Ezin izan dira pakete kritikoak mantendu…",
+    "migrations_cant_reach_migration_file": "Ezinezkoa izan da '%s' migrazioen fitxategia eskuratzea",
+    "permission_already_allowed": "'{group} taldeak badauka dagoeneko '{permission}' baimena",
+    "permission_cant_add_to_all_users": "{permission} baimena ezin da erabiltzaile guztiei ezarri.",
+    "mailbox_disabled": "Posta elektronikoa desgaituta dago {user} erabiltzailearentzat",
+    "operation_interrupted": "Eragiketa eskuz geldiarazi da?",
+    "permission_already_exist": "'{permission}' baimena existitzen da dagoeneko",
+    "regenconf_pending_applying": "'{category}' atalerako konfigurazioa ezartzen…",
+    "user_import_nothing_to_do": "Ez dago erabiltzaileak inportatu beharrik",
+    "mailbox_used_space_dovecot_down": "Dovecot mailbox zerbitzua martxan egon behar da postak erabilitako espazioa ezagutzeko",
+    "migration_0015_cleaning_up": "Beharrezkoak ez diren cache eta paketeak kentzen…",
+    "migration_0015_modified_files": "Mesedez, kontuan hartu ondorengo fitxategiak eskuz aldatu direla eta sistema eguneratzean euren gainean idatziko dela: {manually_modified_files}",
+    "migration_0015_not_enough_free_space": "/var/ fitxategi-sisteman oso espazio gutxi geratzen da! Gutxienez GB bat izan behar da migrazioa abiarazteko.",
+    "migration_0015_weak_certs": "Sinadura-algoritmo ahulak darabiltzaten ziurtagiriak aurkitu dira eta eguneratu behar dira nginx-en hurrengo bertsioarekin bateragarriak izateko: {certs}",
+    "migration_description_0017_postgresql_9p6_to_11": "Migratu datubaseak PostgreSQL 9.6-tik 11-ra",
+    "other_available_options": "… eta erakusten ez diren beste {n} aukera daude",
+    "permission_cannot_remove_main": "Ezin da baimen nagusi bat kendu",
+    "service_not_reloading_because_conf_broken": "Ez da '{name}' zerbitzua birkargatu/berrabiarazi konfigurazioa kaltetuta dagoelako: {errors}",
+    "service_reloaded": "'{service}' zerbitzua birkargatu da",
+    "service_reloaded_or_restarted": "'{service}' zerbitzua birkargatu edo berrabiarazi da",
+    "user_import_bad_file": "CSV fitxategiak ez du formatu egokia eta ekidingo da balizko datuen galera saihesteko",
+    "user_import_failed": "Erabiltzaileak inportatzeko eragiketak huts egin du",
+    "user_import_missing_columns": "Ondorengo zutabeak falta dira: {columns}",
+    "service_disable_failed": "Ezin izan da '{service}' zerbitzua geldiarazi zerbitzaria abiaraztean.\n\nZerbitzuen erregistro berrienak: {logs}",
+    "migrations_skip_migration": "{id} migrazioa saihesten…",
+    "packages_upgrade_failed": "Ezinezkoa izan da pakete guztiak eguneratzea",
+    "upnp_disabled": "UPnP itzalita dago",
+    "main_domain_change_failed": "Ezinezkoa izan da domeinu nagusia aldatzea",
+    "regenconf_failed": "Ezinezkoa izan da ondorengo atal(ar)en konfigurazioa berregitea: {categories}",
+    "migration_0015_start": "Buster-erako migrazioa abiarazten",
+    "migration_0015_patching_sources_list": "sources.lists petatxatzen…",
+    "migration_0015_yunohost_upgrade": "YunoHosten muinaren eguneraketa abiarazten…",
+    "migration_0017_postgresql_96_not_installed": "Ez da PostgreSQL instalatu. Ez dago egitekorik.",
+    "pattern_email_forward": "Helbide elektroniko baliagarri bat izan behar da, '+' karakterea onartzen da (adibidez: izena+urtea@domeinua.eus)",
+    "migrating_legacy_permission_settings": "Zaharkitutako baimenen ezarpenak migratzen…",
+    "migration_0019_add_new_attributes_in_ldap": "Gehitu LDAP datubasean baimenetarako atributu berriak",
+    "regenconf_file_manually_removed": "'{conf}' konfigurazio fitxategia eskuz ezabatu da eta ez da berriro sortuko",
+    "regenconf_up_to_date": "Konfigurazioa egunean dago dagoeneko '{category}' atalerako",
+    "service_regen_conf_is_deprecated": "'yunohost service regen-conf' zaharkitua dago! Mesedez, erabili 'yunohost tools regen-conf' haren ordez.",
+    "migrations_no_such_migration": "Ez dago '{id}' izeneko migraziorik",
+    "migrations_not_pending_cant_skip": "Migrazio hauek ez daude exekutatzeke eta, beraz, ezin dira saihestu: {ids}",
+    "regex_with_only_domain": "Ezin duzu regex domeinuetarako erabili; bideetarako bakarrik",
+    "port_already_closed": "{port}. ataka itxita dago dagoeneko {ip_version} konexioetarako",
+    "regenconf_file_copy_failed": "Ezinezkoa izan da '{new}' konfigurazio fitxategi berria '{conf}'-(e)n kopiatzea",
+    "regenconf_file_remove_failed": "Ezinezkoa izan da '{conf}' konfigurazio fitxategia ezabatzea",
+    "server_shutdown_confirm": "Zerbitzaria berehala itzaliko da, ziur al zaude? [{answers}]",
+    "restore_already_installed_app": "'{app}' IDa duen aplikazioa dagoeneko instalatuta dago",
+    "service_description_postfix": "Posta elektronikoa bidali eta jasotzeko erabiltzen da",
+    "service_enable_failed": "Ezin izan da '{service}' zerbitzua sistema abiaraztearekin batera exekutatzea lortu.\n\nZerbitzuen erregistro berrienak: {logs}",
+    "system_username_exists": "Erabiltzaile izena existitzen da dagoeneko sistemaren erabiltzaileen zerrendan",
+    "user_already_exists": "'{user}' erabiltzailea existitzen da dagoeneko",
+    "migration_0018_failed_to_migrate_iptables_rules": "Zaharkitutako iptaulak nftauletara eguneratzeak huts egin du: {error}",
+    "mail_domain_unknown": "Ezinezkoa da posta elektroniko hori '{domain}' domeinurako erabiltzea. Mesedez, erabili zerbitzari honek kudeatzen duen domeinu bat.",
+    "migrations_list_conflict_pending_done": "Ezin dituzu '--previous' eta '--done' aldi berean erabili.",
+    "migrations_loading_migration": "{id} migrazioa kargatzen…",
+    "migrations_no_migrations_to_run": "Ez dago exekutatzeko migraziorik",
+    "password_listed": "Pasahitz hau munduan erabilienetarikoa da. Mesedez, aukeratu bereziagoa den beste bat.",
+    "password_too_simple_2": "Pasahitzak zortzi karaktere izan behar ditu gutxienez eta zenbakiren bat, hizki larriren bat eta txikiren bat izan behar ditu",
+    "pattern_firstname": "Izen horrek ez du balio",
+    "pattern_password": "Gutxienez hiru karaktere izan behar ditu",
+    "restore_failed": "Ezin izan da sistema lehengoratu",
+    "restore_removing_tmp_dir_failed": "Ezinezkoa izan da behin-behineko direktorio zaharra ezabatzea",
+    "restore_running_app_script": "'{app}' aplikazioa lehengoratzen…",
+    "root_password_replaced_by_admin_password": "Administrazio-pasahitzak root pasahitza ordezkatu du.",
+    "service_description_fail2ban": "Internetetik datozen bortxaz egindako saiakerak eta bestelako erasoak ekiditen ditu",
+    "service_description_ssh": "Zerbitzarira sare lokaletik kanpo konektatzea ahalbidetzen du (SSH protokoloa)",
+    "service_description_yunohost-firewall": "Zerbitzuen konexiorako atakak ireki eta ixteko kudeatzailea da",
+    "service_remove_failed": "Ezin izan da '{service}' zerbitzua ezabatu",
+    "service_reload_failed": "Ezin izan da '{service}' zerbitzua birkargatu\n\nZerbitzuen erregistro berrienak: {logs}",
+    "service_reload_or_restart_failed": "Ezin izan da '{service}' zerbitzua birkargatu edo berrabiarazi\n\nZerbitzuen erregistro berrienak: {logs}",
+    "service_stopped": "'{service}' zerbitzua geldiarazi da",
+    "unbackup_app": "{app} ez da gordeko",
+    "unrestore_app": "{app} ez da lehengoratuko",
+    "upgrade_complete": "Eguneraketa amaitu da",
+    "upgrading_packages": "Paketeak eguneratzen…",
+    "upnp_dev_not_found": "Ez da UPnP gailurik aurkitu",
+    "user_update_failed": "Ezin izan da {user} erabiltzailea eguneratu: {error}",
+    "user_updated": "Erabiltzailearen informazioa aldatu da",
+    "yunohost_configured": "YunoHost konfiguratuta dago",
+    "migration_0015_system_not_fully_up_to_date": "Sistema ez dago guztiz eguneratuta. Mesedez, exekutatu eguneraketa orokorra Buster-erako migrazioa abiarazi baino lehen.",
+    "migration_description_0015_migrate_to_buster": "Eguneratu sistema Debian Buster eta YunoHost 4.x-ra",
+    "service_description_yunomdns": "Sare lokalean zerbitzarira 'yunohost.local' erabiliz konektatzea ahalbidetzen du",
+    "mail_alias_remove_failed": "Ezin izan da '{mail}' e-mail ezizena ezabatu",
+    "mail_unavailable": "Helbide elektroniko hau lehenengo erabiltzailearentzat gorde da eta hari ezarri zaio automatikoki",
+    "migration_description_0016_php70_to_php73_pools": "Migratu php7.0-fpm 'pool' fitxategiak php7.3-ra",
+    "migration_description_0019_extend_permissions_features": "Hedatu aplikazioen baimenen kudeaketa sistema",
+    "migration_0015_main_upgrade": "Eguneraketa orokorra abiarazten…",
+    "migration_ldap_backup_before_migration": "Sortu LDAP datubase eta aplikazioen ezarpenen babeskopia migrazioa abiarazi baino lehen.",
+    "migration_ldap_can_not_backup_before_migration": "Sistemaren babeskopiak ez du amaitu migrazioak huts egin baino lehen. Errorea: {error}",
+    "migration_0015_problematic_apps_warning": "Mesedez, kontuan izan arazoak sor ditzaketen aplikazioak aurkitu direla. Badirudi ez zirela YunoHosten aplikazioen katalogotik instalatu, edo 'ez dabiltza' etiketa dute. Beraz, ezin da bermatu eguneratu eta gero funtzionatuko dutenik: {problematic_apps}",
+    "migration_0017_not_enough_space": "Espazio gehiago behar da {path}-n migrazioa exekutatzeko.",
+    "migration_0017_postgresql_11_not_installed": "PostgreSQL 9.6 instalatuta egon arren postgresql 11 ez‽ Zerbait arraroa gertatu da zure sisteman :(…",
+    "migration_0018_failed_to_reset_legacy_rules": "Ezinezkoa izan da zaharkitutako iptaulak berrezartzea: {error}",
+    "migrations_migration_has_failed": "{id} migrazioak ez du amaitu, geldiarazten. Errorea: {exception}",
+    "migrations_need_to_accept_disclaimer": "{id} migrazioa abiarazteko, ondorengo baldintzak onartu behar dituzu:\n---\n{disclaimer}\n---\nMigrazioa onartzen baduzu, mesedez berrabiarazi prozesua komandoan '--accept-disclaimer' aukera gehituz.",
+    "not_enough_disk_space": "Ez dago nahikoa espazio librerik '{path}'-n",
+    "password_too_simple_3": "Pasahitzak zortzi karaktere izan behar ditu gutxienez eta zenbakiren bat, hizki larriren bat, txikiren bat eta karaktere bereziren bat izan behar ditu",
+    "pattern_backup_archive_name": "Fitxategiaren izenak 30 karaktere izan ditzake gehienez, alfanumerikoak eta ._- baino ez",
+    "pattern_domain": "Domeinu izen baliagarri bat izan behar da (adibidez: nire-domeinua.eus)",
+    "pattern_mailbox_quota": "Tamainak b/k/M/G/T zehaztu behar du edo 0 mugarik ezarri nahi ez bada",
+    "pattern_password_app": "Barka, baina pasahitzek ezin dituzte ondorengo karaktereak izan: {forbidden_chars}",
+    "pattern_port_or_range": "Ataka zenbaki (0-65535) edo errenkada (100:200) baliagarri bat izan behar da",
+    "permission_already_disallowed": "'{group}' taldeak desgaituta dauka dagoeneko '{permission} baimena",
+    "permission_already_up_to_date": "Baimena ez da eguneratu egindako eskaria egungo egoerarekin bat datorrelako.",
+    "migration_0015_still_on_stretch_after_main_upgrade": "Zerbaitek huts egin du eguneraketa orokorrean; badirudi sistemak oraindik darabilela Debian Stretch",
+    "migration_update_LDAP_schema": "LDAP eskema eguneratzen…",
+    "permission_protected": "'{permission}' baimena babestuta dago. Ezin duzu bisitarien taldea baimen honetara gehitu / baimen honetatik kendu.",
+    "permission_update_failed": "Ezinezkoa izan da '{permission}' baimena aldatzea: {error}",
+    "port_already_opened": "{port}. ataka dagoeneko irekita dago {ip_version} konexioetarako",
+    "user_home_creation_failed": "Ezin izan da erabiltzailearentzat '{home}' direktorioa sortu",
+    "user_unknown": "Erabiltzaile ezezaguna: {user}",
+    "yunohost_postinstall_end_tip": "Instalazio ondorengo prozesua amaitu da! Sistemaren konfigurazioa bukatzeko:\n- gehitu erabiltzaile bat administrazio-atariko 'Erabiltzaileak' atalean (edo 'yunohost user create <erabiltzailea>' komandoa erabiliz);\n- erabili 'Diagnostikoak' atala ohiko arazoei aurre hartzeko. Administrazio-atarian abiarazi edo 'yunohost diagnosis run' exekutatu;\n- irakurri 'Finalizing your setup' eta 'Getting to know YunoHost' atalak. Dokumentazioan aurki ditzakezu: https://yunohost.org/admindoc.",
+    "yunohost_not_installed": "YunoHost ez da zuzen instalatu. Mesedez, exekutatu 'yunohost tools postinstall'",
+    "migration_0019_slapd_config_will_be_overwritten": "Badirudi eskuz moldatu duzula slapd konfigurazioa. Migrazio garrantzitsu honetarako, YunoHostek slapd ezarpenak eguneratu behar ditu. Oraingo fitxategiak {conf_backup_folder}-n kopiatuko dira.",
+    "unlimit": "Mugarik ez",
+    "restore_already_installed_apps": "Ondorengo aplikazioak ezin dira lehengoratu dagoeneko instalatuta daudelako: {apps}",
+    "migration_0015_general_warning": "Mesedez, uler ezazu migrazio hau eragiketa zaila dela. YunoHosten kideek ahalik eta hoberen egin dute prozesua egiaztatzeko, baina hala ere sistemaren atalak edo aplikazioak kaltetu litezke.\n\nHorregatik gomendagarria da:\n- Informazio edo aplikazio garrantzitsuen babeskopia egitea. Argibide gehiagorako: https://yunohost.org/backup;\n- Pazientzia izatea migrazioa abiarazterakoan: zure internet konexioaren eta hardwarearen arabera litekeena da ordu batzuk behar izatea eguneraketa amaitu arte.",
+    "migration_0015_specific_upgrade": "Aparte eguneratu behar diren sistemaren paketeen eguneraketa abiarazten…",
+    "password_too_simple_4": "Pasahitzak 12 karaktere izan behar ditu gutxienez eta zenbakiren bat, hizki larriren bat, txikiren bat eta karaktere bereziren bat izan behar ditu",
+    "pattern_email": "Helbide elektroniko baliagarri bat izan behar da, '+' karaktererik gabe (adibidez: izena@domeinua.eus)",
+    "pattern_username": "Txikiz idatzitako karaktere alfanumerikoak eta azpiko marra soilik eduki ditzake",
+    "permission_deletion_failed": "Ezinezkoa izan da '{permission}' baimena ezabatzea: {error}",
+    "migration_ldap_rollback_success": "Sistema lehengoratu da.",
+    "regenconf_need_to_explicitly_specify_ssh": "SSH ezarpenak eskuz aldatu dira, baina aldaketak erabiltzeko '--force' zehaztu behar duzu 'ssh' atalean.",
+    "regex_incompatible_with_tile": "/!\\ Pakete-arduradunak! {permission}' baimenak show_tile aukera 'true' bezala dauka eta horregatik ezin duzue regex URLa URL nagusi bezala ezarri",
+    "root_password_desynchronized": "Administrariaren pasahitza aldatu da baina YunoHostek ezin izan du aldaketa root pasahitzera hedatu!",
+    "server_shutdown": "Zerbitzaria itzaliko da",
+    "service_stop_failed": "Ezin izan da '{service}' zerbitzua geldiarazi\n\nZerbitzuen azken erregistroak: {logs}",
+    "service_unknown": "'{service}' zerbitzu ezezaguna",
+    "show_tile_cant_be_enabled_for_url_not_defined": "Ezin duzu 'show_tile' gaitu une honetan, '{permission}' baimenerako URL bat zehaztu behar duzulako",
+    "upnp_enabled": "UPnP piztuta dago",
+    "restore_nothings_done": "Ez da ezer lehengoratu",
+    "restore_backup_too_old": "Babeskopia fitxategi hau ezin da lehengoratu YunoHosten bertsio zaharregi batetik datorrelako.",
+    "restore_hook_unavailable": "'{part}'-(e)rako lehengoratze agindua ez dago erabilgarri ez sisteman ezta fitxategian ere",
+    "restore_cleaning_failed": "Ezin izan dira lehengoratzeko behin-behineko fitxategiak ezabatu",
+    "restore_confirm_yunohost_installed": "Ziur al zaude dagoeneko instalatuta dagoen sistema lehengoratu nahi duzula? [{answers}]",
+    "restore_may_be_not_enough_disk_space": "Badirudi zure sistemak ez duela nahikoa espazio (erabilgarri: {free_space} B, beharrezkoa {needed_space} B, segurtasuneko tartea: {margin} B)",
+    "restore_not_enough_disk_space": "Ez dago nahikoa espazio (erabilgarri: {free_space} B, beharrezkoa {needed_space} B, segurtasuneko tartea: {margin} B)",
+    "restore_running_hooks": "Lehengoratzeko 'hook'ak exekutatzen…",
+    "restore_system_part_failed": "Ezinezkoa izan da sistemaren '{part}' atala lehengoratzea",
+    "server_reboot": "Zerbitzaria berrabiaraziko da",
+    "server_reboot_confirm": "Zerbitzaria berehala berrabiaraziko da, ziur al zaude? [{answers}]",
+    "service_add_failed": "Ezinezkoa izan da '{service}' zerbitzua gehitzea",
+    "service_added": "'{service}' zerbitzua gehitu da",
+    "service_already_started": "'{service}' zerbitzua matxan dago dagoeneko",
+    "service_already_stopped": "'{service}' zerbitzua geldiarazi da dagoeneko",
+    "service_cmd_exec_failed": "Ezin izan da '{command}' komandoa exekutatu",
+    "service_description_dnsmasq": "Domeinuen izenen ebazpena (DNSa) kudeatzen du",
+    "service_description_dovecot": "Posta elektronikorako programei mezuak jasotzea ahalbidetzen die (IMAP eta POP3 bidez)",
+    "service_description_metronome": "Bat-bateko XMPP mezularitza kontuak kudeatzen ditu",
+    "service_description_mysql": "Aplikazioen datuak gordetzen ditu (SQL datubasea)",
+    "service_description_nginx": "Zerbitzariak ostatazen dituen webguneak ikusgai egiten ditu",
+    "service_description_php7.3-fpm": "PHP aplikazioak exekutatzen ditu NGINXi esker",
+    "service_description_redis-server": "Datuak bizkor atzitzeko, zereginak lerratzeko eta programen arteko komunikaziorako datubase berezi bat da",
+    "service_description_rspamd": "Spama bahetu eta posta elektronikoarekin zerikusia duten bestelako futzioen ardura dauka",
+    "service_description_slapd": "Erabiltzaileak, domeinuak eta hauei lotutako informazioa gordetzen du",
+    "service_description_yunohost-api": "YunoHosten web-atariaren eta sistemaren arteko hartuemana kudeatzen du"
 }

locales/fr.json

@@ -568,7 +568,7 @@
     "migration_0015_weak_certs": "Il a été constaté que les certificats suivants utilisent encore des algorithmes de signature peu robustes et doivent être mis à jour pour être compatibles avec la prochaine version de NGINX : {certs}",
     "global_settings_setting_backup_compress_tar_archives": "Lors de la création de nouvelles sauvegardes, compresser automatiquement les archives (.tar.gz) au lieu des archives non compressées (.tar). N.B. : activer cette option permet de créer des archives plus légères, mais la procédure de sauvegarde initiale sera significativement plus longues et plus gourmandes en CPU.",
     "migration_description_0018_xtable_to_nftable": "Migrer les anciennes règles de trafic réseau vers le nouveau système basé sur nftables",
-    "service_description_php7.3-fpm": "Exécute les applications écrites en PHP avec NGINX",
+    "service_description_php7.4-fpm": "Exécute les applications écrites en PHP avec NGINX",
     "migration_0018_failed_to_reset_legacy_rules": "La réinitialisation des règles iptable par défaut a échoué : {error}",
     "migration_0018_failed_to_migrate_iptables_rules": "Échec de la migration des anciennes règles iptables vers nftables : {error}",
     "migration_0017_not_enough_space": "Laissez suffisamment d'espace disponible dans {path} avant de lancer la migration.",
@@ -685,7 +685,7 @@
     "domain_dns_registrar_managed_in_parent_domain": "Ce domaine est un sous-domaine de {parent_domain_link}. La configuration du registrar DNS doit être gérée dans le panneau de configuration de {parent_domain}.",
     "domain_dns_registrar_not_supported": "YunoHost n'a pas pu détecter automatiquement le bureau d'enregistrement gérant ce domaine. Vous devez configurer manuellement vos enregistrements DNS en suivant la documentation sur https://yunohost.org/dns.",
     "domain_dns_registrar_experimental": "Jusqu'à présent, l'interface avec l'API de **{registrar}** n'a pas été correctement testée et revue par la communauté YunoHost. L'assistance est **très expérimentale** - soyez prudent !",
-    "domain_dns_push_failed_to_authenticate": "Échec de l'authentification sur l'API du registrar gérant la réservation de votre nom de domaine internet pour '{domain}'. Il est très probable que les informations d'identification soient incorrectes ? (Erreur : {error})",
+    "domain_dns_push_failed_to_authenticate": "Échec de l'authentification sur l'API du registrar qui gère votre nom de domaine internet pour '{domain}'. Il est très probable que les informations d'identification soient incorrectes ? (Erreur : {error})",
     "domain_dns_push_failed_to_list": "Échec de la liste des enregistrements actuels à l'aide de l'API du registraire : {error}",
     "domain_dns_push_already_up_to_date": "Dossiers déjà à jour.",
     "domain_dns_pushing": "Transmission des enregistrements DNS...",

locales/id.json

@@ -1 +1,46 @@
-{}
+{
+    "admin_password": "Kata sandi administrasi",
+    "admin_password_change_failed": "Tidak dapat mengubah kata sandi",
+    "admin_password_changed": "Kata sandi administrasi diubah",
+    "admin_password_too_long": "Harap pilih kata sandi yang lebih pendek dari 127 karakter",
+    "already_up_to_date": "Tak ada yang harus dilakukan. Semuanya sudah mutakhir.",
+    "app_action_broke_system": "Tindakan ini sepertinya telah merusak layanan-layanan penting ini: {services}",
+    "app_already_installed": "{app} sudah terpasang",
+    "app_already_up_to_date": "{app} sudah dalam versi mutakhir",
+    "app_argument_required": "Argumen '{name}' dibutuhkan",
+    "app_change_url_identical_domains": "Domain)url_path yang lama dan baru identik ('{domain}{path}'), tak ada yang perlu dilakukan.",
+    "app_change_url_no_script": "Aplikasi '{app_name}' belum mendukung pengubahan URL. Mungkin Anda harus memperbaruinya.",
+    "app_change_url_success": "URL {app} sekarang adalah {domain}{path}",
+    "app_id_invalid": "ID aplikasi tidak valid",
+    "app_install_failed": "Tidak dapat memasang {app}: {error}",
+    "app_install_files_invalid": "Berkas-berkas ini tidak dapat dipasang",
+    "app_install_script_failed": "Sebuah kesalahan terjadi pada script pemasangan aplikasi",
+    "app_manifest_install_ask_admin": "Pilih seorang administrator untuk aplikasi ini",
+    "app_manifest_install_ask_domain": "Pilih di domain mana aplikasi ini harus dipasang",
+    "app_not_installed": "Tidak dapat menemukan {app} di daftar aplikasi yang terpasang: {all_apps}",
+    "app_not_properly_removed": "{app} belum dihapus dengan benar",
+    "app_remove_after_failed_install": "Menghapus aplikasi mengikuti kegagalan pemasangan...",
+    "app_removed": "{app} dihapus",
+    "app_restore_failed": "Tidak dapat memulihkan {app}: {error}",
+    "app_upgrade_some_app_failed": "Beberapa aplikasi tidak dapat diperbarui",
+    "app_upgraded": "{app} diperbarui",
+    "apps_already_up_to_date": "Semua aplikasi sudah pada versi mutakhir",
+    "apps_catalog_update_success": "Katalog aplikasi telah diperbarui!",
+    "apps_catalog_updating": "Memperbarui katalog aplikasi...",
+    "ask_firstname": "Nama depan",
+    "ask_lastname": "Nama belakang",
+    "ask_main_domain": "Domain utama",
+    "ask_new_domain": "Domain baru",
+    "ask_user_domain": "Domain yang digunakan untuk alamat surel dan akun XMPP pengguna",
+    "app_not_correctly_installed": "{app} kelihatannya terpasang dengan salah",
+    "app_start_restore": "Memulihkan {app}...",
+    "app_unknown": "Aplikasi tak dikenal",
+    "ask_new_admin_password": "Kata sandi administrasi baru",
+    "ask_password": "Kata sandi",
+    "app_upgrade_app_name": "Memperbarui {app}...",
+    "app_upgrade_failed": "Tidak dapat memperbarui {app}: {error}",
+    "app_start_install": "Memasang {app}...",
+    "app_start_remove": "Menghapus {app}...",
+    "app_manifest_install_ask_password": "Pilih kata sandi administrasi untuk aplikasi ini",
+    "app_upgrade_several_apps": "Aplikasi-aplikasi berikut akan diperbarui: {apps}"
+}

locales/it.json

@@ -42,7 +42,7 @@
     "ask_new_admin_password": "Nuova password dell'amministrazione",
     "backup_app_failed": "Non è possibile fare il backup {app}",
     "backup_archive_app_not_found": "{app} non è stata trovata nel archivio di backup",
-    "app_argument_choice_invalid": "Usa una delle seguenti scelte '{choices}' per il parametro '{name}' invece di '{value}'",
+    "app_argument_choice_invalid": "Scegli un opzione valida per il parametro '{name}': '{value}' non è fra le opzioni disponibili ('{choices}')",
     "app_argument_invalid": "Scegli un valore valido per il parametro '{name}': {error}",
     "app_argument_required": "L'argomento '{name}' è requisito",
     "app_id_invalid": "Identificativo dell'applicazione non valido",
@@ -301,7 +301,7 @@
     "app_manifest_install_ask_is_public": "Quest'applicazione dovrà essere visibile ai visitatori anonimi?",
     "app_manifest_install_ask_admin": "Scegli un utente amministratore per quest'applicazione",
     "app_manifest_install_ask_password": "Scegli una password di amministrazione per quest'applicazione",
-    "app_manifest_install_ask_path": "Scegli il percorso dove installare quest'applicazione",
+    "app_manifest_install_ask_path": "Scegli il percorso URL (dopo il dominio) dove installare quest'applicazione",
     "app_manifest_install_ask_domain": "Scegli il dominio dove installare quest'app",
     "app_argument_password_no_default": "Errore durante il parsing dell'argomento '{name}': l'argomento password non può avere un valore di default per ragioni di sicurezza",
     "additional_urls_already_added": "L'URL aggiuntivo '{url}' è già utilizzato come URL aggiuntivo per il permesso '{permission}'",
@@ -418,7 +418,7 @@
     "service_description_rspamd": "Filtra SPAM, e altre funzionalità legate alle mail",
     "service_description_redis-server": "Un database specializzato usato per un veloce accesso ai dati, task queue, e comunicazioni tra programmi",
     "service_description_postfix": "Usato per inviare e ricevere email",
-    "service_description_php7.3-fpm": "Esegue app scritte in PHP con NGINX",
+    "service_description_php7.4-fpm": "Esegue app scritte in PHP con NGINX",
     "service_description_nginx": "Serve o permette l'accesso a tutti i siti pubblicati sul tuo server",
     "service_description_mysql": "Memorizza i dati delle app (database SQL)",
     "service_description_metronome": "Gestisce gli account di messaggistica instantanea XMPP",
@@ -629,5 +629,81 @@
     "global_settings_setting_security_webadmin_allowlist": "Indirizzi IP con il permesso di accedere al webadmin, separati da virgola.",
     "global_settings_setting_security_webadmin_allowlist_enabled": "Permetti solo ad alcuni IP di accedere al webadmin.",
     "disk_space_not_sufficient_update": "Non c'è abbastanza spazio libero per aggiornare questa applicazione",
-    "disk_space_not_sufficient_install": "Non c'è abbastanza spazio libero per installare questa applicazione"
-}
+    "disk_space_not_sufficient_install": "Non c'è abbastanza spazio libero per installare questa applicazione",
+    "app_config_unable_to_apply": "Applicazione dei valori nel pannello di configurazione non riuscita.",
+    "app_config_unable_to_read": "Lettura dei valori nel pannello di configurazione non riuscita.",
+    "diagnosis_apps_issue": "È stato rilevato un errore per l’app {app}",
+    "global_settings_setting_security_nginx_redirect_to_https": "Reindirizza richieste HTTP a HTTPs di default (NON DISABILITARE a meno che tu non sappia veramente bene cosa stai facendo!)",
+    "diagnosis_http_special_use_tld": "Il dominio {domain} è basato su un dominio di primo livello (TLD) dall’uso speciale, come .local o .test, perciò non è previsto che sia esposto al di fuori della rete locale.",
+    "domain_dns_conf_special_use_tld": "Questo dominio è basato su un dominio di primo livello (TLD) dall’uso speciale, come .local o .test, perciò non è previsto abbia reali record DNS.",
+    "domain_dns_push_not_applicable": "La configurazione automatica del DNS non è applicabile al dominio {domain}. Dovresti configurare i tuoi record DNS manualmente, seguendo la documentazione su https://yunohost.org/dns_config.",
+    "domain_dns_registrar_not_supported": "YunoHost non è riuscito a riconoscere quale registrar sta gestendo questo dominio. Dovresti configurare i tuoi record DNS manualmente, seguendo la <a href='https://yunohost.org/dns' target='_blank' title='DNS - YunoHost documentation'>documentazione</a>.",
+    "domain_dns_registrar_experimental": "Per ora, il collegamento con le API di **{registrar}** non è stata opportunamente testata e revisionata dalla comunità di YunoHost. Questa funzionalità è **altamente sperimentale**, fai attenzione!",
+    "domain_dns_push_failed_to_authenticate": "L’autenticazione sulle API del registrar per il dominio '{domain}' è fallita. Probabilmente le credenziali non sono corrette. (Error: {error})",
+    "domain_dns_push_failed_to_list": "Il reperimento dei record attuali usando le API del registrar è fallito: {error}",
+    "domain_dns_push_already_up_to_date": "I record sono aggiornati, nulla da fare.",
+    "domain_dns_pushing": "Sincronizzando i record DNS…",
+    "domain_config_mail_out": "Email in uscita",
+    "domain_config_xmpp": "Messaggistica (XMPP)",
+    "domain_config_auth_token": "Token di autenticazione",
+    "domain_config_auth_key": "Chiave di autenticazione",
+    "domain_config_auth_secret": "Autenticazione segreta",
+    "domain_config_api_protocol": "Protocollo API",
+    "domain_config_auth_entrypoint": "API entry point",
+    "other_available_options": "… e {n} altre opzioni di variabili non mostrate",
+    "service_description_yunomdns": "Ti permette di raggiungere il tuo server usando 'yunohost.local' all’interno della tua rete locale",
+    "user_import_nothing_to_do": "Nessun utente deve essere importato",
+    "user_import_partial_failed": "L’importazione degli utenti è parzialmente fallita",
+    "domain_unknown": "Il dominio '{domain}' è sconosciuto",
+    "log_user_import": "Importa utenti",
+    "invalid_password": "Password non valida",
+    "diagnosis_high_number_auth_failures": "Recentemente c’è stato un numero insolitamente alto di autenticazioni fallite. Potresti assicurarti che fail2ban stia funzionando e che sia configurato correttamente, oppure usare una differente porta SSH, come spiegato in https://yunohost.org/security.",
+    "diagnosis_apps_allgood": "Tutte le applicazioni installate rispettano le pratiche di packaging di base",
+    "config_apply_failed": "L’applicazione della nuova configurazione è fallita: {error}",
+    "diagnosis_apps_outdated_ynh_requirement": "La versione installata di quest’app richiede esclusivamente YunoHost >= 2.x, che tendenzialmente significa che non è aggiornata secondo le pratiche di packaging raccomandate. Dovresti proprio considerare di aggiornarla.",
+    "global_settings_setting_security_experimental_enabled": "Abilita funzionalità di sicurezza sperimentali (non abilitare se non sai cosa stai facendo!)",
+    "invalid_number_min": "Deve essere più grande di {min}",
+    "invalid_number_max": "Deve essere meno di {max}",
+    "log_app_config_set": "Applica la configurazione all’app '{}'",
+    "log_domain_dns_push": "Sincronizza i record DNS per il dominio '{}'",
+    "user_import_bad_file": "Il tuo file CSV non è formattato correttamente e sarà ignorato per evitare potenziali perdite di dati",
+    "user_import_failed": "L’operazione di importazione è completamente fallita",
+    "user_import_missing_columns": "Mancano le seguenti colonne: {columns}",
+    "user_import_success": "Utenti importati con successo",
+    "diagnosis_apps_bad_quality": "Sul catalogo delle applicazioni di YunoHost, questa applicazione è momentaneamente segnalata come non funzionante. Potrebbe trattarsi di un problema temporaneo, mentre i manutentori provano a risolverlo. Nel frattempo, l’aggiornamento di quest’app è disabilitato.",
+    "diagnosis_apps_broken": "Sul catalogo delle applicazioni di YunoHost, questa applicazione è momentaneamente segnalata come non funzionante. Potrebbe trattarsi di un problema temporaneo, mentre i manutentori provano a risolverlo. Nel frattempo, l’aggiornamento di quest’app è disabilitato.",
+    "diagnosis_apps_deprecated_practices": "La versione installata di questa app usa ancora delle pratiche di packaging super-vecchie oppure deprecate. Dovresti proprio considerare di aggiornarla.",
+    "diagnosis_apps_not_in_app_catalog": "Questa applicazione non è nel catalogo delle applicazioni di YunoHost. Se precedentemente lo era ed è stata rimossa, dovresti considerare di disinstallare l’app, dato che non riceverà aggiornamenti e potrebbe compromettere l’integrità e la sicurezza del tuo sistema.",
+    "diagnosis_dns_specialusedomain": "Il dominio {domain} è basato su un dominio di primo livello (TLD) dall’uso speciale, come .local o .test, perciò non è previsto abbia reali record DNS.",
+    "domain_dns_registrar_supported": "YunoHost ha automaticamente riconosciuto che questo dominio è gestito dal registrar **{registrar}**. Se vuoi e se fornirai le credenziali API appropriate, YunoHost può configurare automaticamente questa zona DNS. Puoi trovare la documentazione su come ottenere le tue credenziali API su <a href='https://yunohost.org/registar_api_{registrar}' target='_blank' title='Istruzioni autenticazione API per {registrar}'>questa pagina</a>. (Puoi anche configurare i tuoi record DNS manualmente, seguendo la <a href='https://yunohost.org/dns' target='_blank' title='DNS - YunoHost documentation'>documentazione</a>)",
+    "service_not_reloading_because_conf_broken": "Non sto ricaricando/riavviando il servizio '{name}' perché la sua configurazione è rotta: {errors}",
+    "config_cant_set_value_on_section": "Non puoi impostare un unico parametro in un’intera sezione della configurazione.",
+    "config_forbidden_keyword": "La parola chiave '{keyword}' è riservata, non puoi creare o utilizzare un pannello di configurazione con una domanda con questo id.",
+    "config_no_panel": "Nessun panello di configurazione trovato.",
+    "config_unknown_filter_key": "Il valore del filtro '{filter_key}' non è corretto.",
+    "config_validate_color": "È necessario inserire un codice colore in RGB esadecimale",
+    "config_validate_date": "È necessario inserire una data valida nel formato AAAA-MM-GG",
+    "config_validate_email": "È necessario inserire un’email valida",
+    "diagnosis_description_apps": "Applicazioni",
+    "domain_registrar_is_not_configured": "Il registrar non è ancora configurato per il dominio {domain}.",
+    "domain_dns_registrar_managed_in_parent_domain": "Questo dominio è un sotto-dominio di {parent_domain_link}. La configurazione del registrar DNS dovrebbe essere gestita dal pannello di configurazione di {parent_domain}.",
+    "domain_dns_registrar_yunohost": "Questo dominio è un nohost.me / nohost.st / ynh.fr, perciò la sua configurazione DNS è gestita automaticamente da YunoHost, senza alcuna ulteriore configurazione. (vedi il comando <code>yunohost dyndns update</code>)",
+    "domain_dns_push_success": "Record DNS aggiornati!",
+    "domain_dns_push_failed": "L’aggiornamento dei record DNS è miseramente fallito.",
+    "domain_dns_push_partial_failure": "Record DNS parzialmente aggiornati: alcuni segnali/errori sono stati riportati.",
+    "domain_config_features_disclaimer": "Per ora, abilitare/disabilitare le impostazioni di posta o XMPP impatta unicamente sulle configurazioni DNS raccomandate o ottimizzate, non cambia quelle di sistema!",
+    "domain_config_mail_in": "Email in arrivo",
+    "domain_config_auth_application_key": "Chiave applicazione",
+    "domain_config_auth_application_secret": "Chiave segreta applicazione",
+    "domain_config_auth_consumer_key": "Chiave consumatore",
+    "ldap_attribute_already_exists": "L’attributo LDAP '{attribute}' esiste già con il valore '{value}'",
+    "config_validate_time": "È necessario inserire un orario valido, come HH:MM",
+    "config_version_not_supported": "Le versioni '{version}' del pannello di configurazione non sono supportate.",
+    "danger": "Attenzione:",
+    "log_domain_config_set": "Aggiorna la configurazione per il dominio '{}'",
+    "domain_dns_push_managed_in_parent_domain": "La configurazione automatica del DNS è gestita nel dominio genitore {parent_domain}.",
+    "user_import_bad_line": "Linea errata {line}: {details}",
+    "config_validate_url": "È necessario inserire un URL web valido",
+    "ldap_server_down": "Impossibile raggiungere il server LDAP",
+    "ldap_server_is_down_restart_it": "Il servizio LDAP è down, prova a riavviarlo…"
+}

locales/oc.json

@@ -78,8 +78,8 @@
     "upnp_enabled": "UPnP es activat",
     "upnp_port_open_failed": "Impossible de dobrir los pòrts amb UPnP",
     "yunohost_already_installed": "YunoHost es ja installat",
-    "yunohost_configured": "YunoHost es estat configurat",
-    "yunohost_installing": "Installacion de YunoHost…",
+    "yunohost_configured": "YunoHost es ara configurat",
+    "yunohost_installing": "Installacion de YunoHost...",
     "backup_csv_creation_failed": "Creacion impossibla del fichièr CSV necessari a las operacions futuras de restauracion",
     "backup_output_symlink_dir_broken": "Vòstre repertòri d’archiu  « {path} » es un ligam simbolic copat. Saique oblidèretz de re/montar o de connectar supòrt.",
     "backup_with_no_backup_script_for_app": "L’aplicacion {app} a pas cap de script de salvagarda. I fasèm pas cas.",
@@ -144,7 +144,7 @@
     "restore_already_installed_app": "Una aplicacion es ja installada amb l’id « {app} »",
     "app_restore_failed": "Impossible de restaurar l’aplicacion « {app} »: {error}",
     "backup_ask_for_copying_if_needed": "Volètz far una salvagarda en utilizant {size} Mo temporàriament ? (Aqueste biais de far es emplegat perque unes fichièrs an pas pogut èsser preparats amb un metòde mai eficaç.)",
-    "yunohost_not_installed": "YunoHost es pas installat o corrèctament installat. Mercés d’executar « yunohost tools postinstall »",
+    "yunohost_not_installed": "YunoHost es pas corrèctament installat. Mercés d’executar « yunohost tools postinstall »",
     "backup_output_directory_forbidden": "Causissètz un repertòri de destinacion deferent. Las salvagardas pòdon pas se realizar dins los repertòris bin, /boot, /dev, /etc, /lib, /root, /run, /sbin, /sys, /usr, /var ou /home/yunohost.backup/archives",
     "certmanager_attempt_to_replace_valid_cert": "Sètz a remplaçar un certificat corrècte e valid pel domeni {domain} ! (Utilizatz --force per cortcircuitar)",
     "certmanager_cert_renew_success": "Renovèlament capitat d’un certificat Let’s Encrypt pel domeni « {domain} »",
@@ -513,4 +513,4 @@
     "diagnosis_domain_expiration_not_found": "Impossible de verificar la data d’expiracion d’unes domenis",
     "backup_create_size_estimation": "L’archiu contendrà apr’aquí {size} de donadas.",
     "app_restore_script_failed": "Una error s’es producha a l’interior del script de restauracion de l’aplicacion"
-}
+}

locales/uk.json

@@ -247,8 +247,8 @@
     "log_help_to_get_log": "Щоб переглянути журнал операції '{desc}', використовуйте команду 'yunohost log show {name}'",
     "log_link_to_log": "Повний журнал цієї операції: '<a href=\"#/tools/logs/{name}\" style=\"text-decoration:underline\">{desc}</a>'",
     "log_corrupted_md_file": "Файл метаданих YAML, пов'язаний з журналами, пошкоджено: '{md_file}\nПомилка: {error}'",
-    "iptables_unavailable": "Ви не можете грати з iptables тут. Ви перебуваєте або в контейнері, або ваше ядро не підтримує його",
-    "ip6tables_unavailable": "Ви не можете грати з ip6tables тут. Ви перебуваєте або в контейнері, або ваше ядро не підтримує його",
+    "iptables_unavailable": "Ви не можете відтворювати з iptables тут. Ви перебуваєте або в контейнері, або ваше ядро не підтримує його",
+    "ip6tables_unavailable": "Ви не можете відтворювати з ip6tables тут. Ви перебуваєте або в контейнері, або ваше ядро не підтримує його",
     "invalid_regex": "Неприпустимий regex: '{regex}'",
     "installation_complete": "Установлення завершено",
     "hook_name_unknown": "Невідома назва хука '{name}'",

locales/zh_Hans.json

@@ -625,5 +625,30 @@
     "log_user_group_delete": "删除组'{}'",
     "log_user_group_create": "创建组'{}'",
     "log_user_delete": "删除用户'{}'",
-    "log_user_create": "添加用户'{}'"
-}
+    "log_user_create": "添加用户'{}'",
+    "domain_registrar_is_not_configured": "尚未为域 {domain} 配置注册商。",
+    "domain_dns_push_not_applicable": "的自动DNS配置的特征是不适用域{域}。您应该按照 https://yunohost.org/dns_config 上的文档手动配置DNS 记录。",
+    "disk_space_not_sufficient_update": "没有足够的磁盘空间来更新此应用程序",
+    "diagnosis_high_number_auth_failures": "最近出现了大量可疑的失败身份验证。您的fail2ban正在运行且配置正确，或使用自定义端口的SSH作为https://yunohost.org/解释的安全性。",
+    "diagnosis_apps_not_in_app_catalog": "此应用程序不在 YunoHost 的应用程序目录中。如果它过去有被删除过，您应该考虑卸载此应用程，因为它不会更新，并且可能会损害您系统的完整和安全性。",
+    "app_config_unable_to_apply": "无法应用配置面板值。",
+    "app_config_unable_to_read": "无法读取配置面板值。",
+    "config_forbidden_keyword": "关键字“{keyword}”是保留的，您不能创建或使用带有此 ID 的问题的配置面板。",
+    "config_no_panel": "未找到配置面板。",
+    "config_unknown_filter_key": "该过滤器钥匙“{filter_key}”有误。",
+    "diagnosis_apps_outdated_ynh_requirement": "此应用程序的安装 版本只需要 yunohost >= 2.x，这往往表明它与推荐的打包实践和帮助程序不是最新的。你真的应该考虑更新它。",
+    "disk_space_not_sufficient_install": "没有足够的磁盘空间来安装此应用程序",
+    "config_apply_failed": "应用新配置 失败：{错误}",
+    "config_cant_set_value_on_section": "无法在整个配置部分设置单个值 。",
+    "config_validate_color": "是有效的 RGB 十六进制颜色",
+    "config_validate_date": "有效日期格式为YYYY-MM-DD",
+    "config_validate_email": "是有效的电子邮件",
+    "config_validate_time": "应该是像 HH:MM 这样的有效时间",
+    "config_validate_url": "应该是有效的URL",
+    "config_version_not_supported": "不支持配置面板版本“{ version }”。",
+    "danger": "警告：",
+    "diagnosis_apps_allgood": "所有已安装的应用程序都遵守基本的打包原则",
+    "diagnosis_apps_deprecated_practices": "此应用程序的安装 版本仍然使用一些超旧的弃用打包原则。推荐您升级它。",
+    "diagnosis_apps_issue": "发现应用{ app } 存在问题",
+    "diagnosis_description_apps": "应用"
+}

sbin/yunohost-reset-ldap-password

@@ -1,3 +0,0 @@
-#!/bin/bash
-echo "Warning: this script is now deprecated. You can simply type 'yunohost tools adminpw' to change the root/admin password."
-yunohost tools adminpw

src/yunohost/app.py

@@ -66,7 +66,6 @@ from yunohost.app_catalog import (  # noqa
     app_catalog,
     app_search,
     _load_apps_catalog,
-    app_fetchlist,
 )
 
 logger = getActionLogger("yunohost.app")
@@ -95,30 +94,13 @@ APP_FILES_TO_COPY = [
 ]
 
 
-def app_list(full=False, installed=False, filter=None):
+def app_list(full=False):
     """
     List installed apps
     """
 
-    # Old legacy argument ... app_list was a combination of app_list and
-    # app_catalog before 3.8 ...
-    if installed:
-        logger.warning(
-            "Argument --installed ain't needed anymore when using 'yunohost app list'. It directly returns the list of installed apps.."
-        )
-
-    # Filter is a deprecated option...
-    if filter:
-        logger.warning(
-            "Using -f $appname in 'yunohost app list' is deprecated. Just use 'yunohost app list | grep -q 'id: $appname' to check a specific app is installed"
-        )
-
     out = []
     for app_id in sorted(_installed_apps()):
-
-        if filter and not app_id.startswith(filter):
-            continue
-
         try:
             app_info_dict = app_info(app_id, full=full)
         except Exception as e:
@@ -1073,64 +1055,6 @@ def app_remove(operation_logger, app, purge=False):
     _assert_system_is_sane_for_app(manifest, "post")
 
 
-def app_addaccess(apps, users=[]):
-    """
-    Grant access right to users (everyone by default)
-
-    Keyword argument:
-        users
-        apps
-
-    """
-    from yunohost.permission import user_permission_update
-
-    output = {}
-    for app in apps:
-        permission = user_permission_update(
-            app + ".main", add=users, remove="all_users"
-        )
-        output[app] = permission["corresponding_users"]
-
-    return {"allowed_users": output}
-
-
-def app_removeaccess(apps, users=[]):
-    """
-    Revoke access right to users (everyone by default)
-
-    Keyword argument:
-        users
-        apps
-
-    """
-    from yunohost.permission import user_permission_update
-
-    output = {}
-    for app in apps:
-        permission = user_permission_update(app + ".main", remove=users)
-        output[app] = permission["corresponding_users"]
-
-    return {"allowed_users": output}
-
-
-def app_clearaccess(apps):
-    """
-    Reset access rights for the app
-
-    Keyword argument:
-        apps
-
-    """
-    from yunohost.permission import user_permission_reset
-
-    output = {}
-    for app in apps:
-        permission = user_permission_reset(app + ".main")
-        output[app] = permission["corresponding_users"]
-
-    return {"allowed_users": output}
-
-
 @is_unit_operation()
 def app_makedefault(operation_logger, app, domain=None):
     """
@@ -1460,10 +1384,6 @@ def app_ssowatconf():
 
     write_to_json("/etc/ssowat/conf.json", conf_dict, sort_keys=True, indent=4)
 
-    from .utils.legacy import translate_legacy_rules_in_ssowant_conf_json_persistent
-
-    translate_legacy_rules_in_ssowant_conf_json_persistent()
-
     logger.debug(m18n.n("ssowat_conf_generated"))
 
 
@@ -2390,6 +2310,7 @@ def _make_environment_for_app_script(
         "YNH_APP_INSTANCE_NAME": app,
         "YNH_APP_INSTANCE_NUMBER": str(app_instance_nb),
         "YNH_APP_MANIFEST_VERSION": manifest.get("version", "?"),
+        "YNH_ARCH": check_output("dpkg --print-architecture"),
     }
 
     if workdir:
@@ -2520,10 +2441,10 @@ def _assert_system_is_sane_for_app(manifest, when):
 
     services = manifest.get("services", [])
 
-    # Some apps use php-fpm or php5-fpm which is now php7.0-fpm
+    # Some apps use php-fpm, php5-fpm or php7.x-fpm which is now php7.4-fpm
     def replace_alias(service):
-        if service in ["php-fpm", "php5-fpm", "php7.0-fpm"]:
-            return "php7.3-fpm"
+        if service in ["php-fpm", "php5-fpm", "php7.0-fpm", "php7.3-fpm"]:
+            return "php7.4-fpm"
         else:
             return service
 
@@ -2532,7 +2453,7 @@ def _assert_system_is_sane_for_app(manifest, when):
     # We only check those, mostly to ignore "custom" services
     # (added by apps) and because those are the most popular
     # services
-    service_filter = ["nginx", "php7.3-fpm", "mysql", "postfix"]
+    service_filter = ["nginx", "php7.4-fpm", "mysql", "postfix"]
     services = [str(s) for s in services if s in service_filter]
 
     if "nginx" not in services:
@@ -2542,6 +2463,7 @@ def _assert_system_is_sane_for_app(manifest, when):
 
     # Wait if a service is reloading
     test_nb = 0
+
     while test_nb < 16:
         if not any(s for s in services if service_status(s)["status"] == "reloading"):
             break

src/yunohost/app_catalog.py

@@ -23,16 +23,6 @@ APPS_CATALOG_API_VERSION = 2
 APPS_CATALOG_DEFAULT_URL = "https://app.yunohost.org/default"
 
 
-# Old legacy function...
-def app_fetchlist():
-    logger.warning(
-        "'yunohost app fetchlist' is deprecated. Please use 'yunohost tools update --apps' instead"
-    )
-    from yunohost.tools import tools_update
-
-    tools_update(target="apps")
-
-
 def app_catalog(full=False, with_categories=False):
     """
     Return a dict of apps available to installation from Yunohost's app catalog

src/yunohost/backup.py

@@ -734,7 +734,8 @@ class BackupManager:
             this_app_permissions = {name: infos for name, infos in permissions.items()}
             write_to_yaml("%s/permissions.yml" % settings_dir, this_app_permissions)
 
-        except Exception:
+        except Exception as e:
+            logger.debug(e)
             abs_tmp_app_dir = os.path.join(self.work_dir, "apps/", app)
             shutil.rmtree(abs_tmp_app_dir, ignore_errors=True)
             logger.error(m18n.n("backup_app_failed", app=app))
@@ -861,9 +862,13 @@ class RestoreManager:
         # FIXME this way to get the info is not compatible with copy or custom
         # backup methods
         self.info = backup_info(name, with_details=True)
-        if not self.info["from_yunohost_version"] or version.parse(
-            self.info["from_yunohost_version"]
-        ) < version.parse("3.8.0"):
+
+        from_version = self.info.get("from_yunohost_version", "")
+        # Remove any '~foobar' in the version ... c.f ~alpha, ~beta version during
+        # early dev for next debian version
+        from_version = re.sub(r'~\w+', '', from_version)
+
+        if not from_version or version.parse(from_version) < version.parse("4.2.0"):
             raise YunohostValidationError("restore_backup_too_old")
 
         self.archive_path = self.info["path"]
@@ -1184,7 +1189,7 @@ class RestoreManager:
 
     def _patch_legacy_php_versions_in_csv_file(self):
         """
-        Apply dirty patch to redirect php5 and php7.0 files to php7.3
+        Apply dirty patch to redirect php5 and php7.0 files to php7.4
         """
         from yunohost.utils.legacy import LEGACY_PHP_VERSION_REPLACEMENTS
 

src/yunohost/certificate.py

@@ -500,13 +500,7 @@ Subject: %s
 def _check_acme_challenge_configuration(domain):
 
     domain_conf = "/etc/nginx/conf.d/%s.conf" % domain
-    if "include /etc/nginx/conf.d/acme-challenge.conf.inc" in read_file(domain_conf):
-        return True
-    else:
-        # This is for legacy setups which haven't updated their domain conf to
-        # the new conf that include the acme snippet...
-        legacy_acme_conf = "/etc/nginx/conf.d/%s.d/000-acmechallenge.conf" % domain
-        return os.path.exists(legacy_acme_conf)
+    return "include /etc/nginx/conf.d/acme-challenge.conf.inc" in read_file(domain_conf)
 
 
 def _fetch_and_enable_new_certificate(domain, staging=False, no_checks=False):
@@ -853,6 +847,7 @@ def _check_domain_is_ready_for_ACME(domain):
 
     from yunohost.domain import _get_parent_domain_of
     from yunohost.dns import _get_dns_zone_for_domain
+    from yunohost.utils.dns import is_yunohost_dyndns_domain
 
     httpreachable = (
         Diagnoser.get_cached_report(
@@ -876,6 +871,15 @@ def _check_domain_is_ready_for_ACME(domain):
     record_name = (
         domain.replace(f".{base_dns_zone}", "") if domain != base_dns_zone else "@"
     )
+
+    # Stupid edge case for subdomains of ynh dyndns domains ...
+    # ... related to the fact that we don't actually check subdomains for
+    # dyndns domains because we assume that there's already the wildcard doing
+    # the job, hence no "A:foobar" ... Instead, just check that the parent domain
+    # is correctly configured.
+    if is_yunohost_dyndns_domain(parent_domain):
+        record_name = "@"
+
     A_record_status = dnsrecords.get("data").get(f"A:{record_name}")
     AAAA_record_status = dnsrecords.get("data").get(f"AAAA:{record_name}")
 

src/yunohost/data_migrations/0015_migrate_to_buster.py

@@ -1,291 +0,0 @@
-import glob
-import os
-
-from moulinette import m18n
-from yunohost.utils.error import YunohostError
-from moulinette.utils.log import getActionLogger
-from moulinette.utils.process import check_output, call_async_output
-from moulinette.utils.filesystem import read_file
-
-from yunohost.tools import Migration, tools_update, tools_upgrade
-from yunohost.app import unstable_apps
-from yunohost.regenconf import manually_modified_files
-from yunohost.utils.filesystem import free_space_in_directory
-from yunohost.utils.packages import (
-    get_ynh_package_version,
-    _list_upgradable_apt_packages,
-)
-
-logger = getActionLogger("yunohost.migration")
-
-
-class MyMigration(Migration):
-
-    "Upgrade the system to Debian Buster and Yunohost 4.x"
-
-    mode = "manual"
-
-    def run(self):
-
-        self.check_assertions()
-
-        logger.info(m18n.n("migration_0015_start"))
-
-        #
-        # Make sure certificates do not use weak signature hash algorithms (md5, sha1)
-        # otherwise nginx will later refuse to start which result in
-        # catastrophic situation
-        #
-        self.validate_and_upgrade_cert_if_necessary()
-
-        #
-        # Patch sources.list
-        #
-        logger.info(m18n.n("migration_0015_patching_sources_list"))
-        self.patch_apt_sources_list()
-        tools_update(target="system")
-
-        # Tell libc6 it's okay to restart system stuff during the upgrade
-        os.system(
-            "echo 'libc6 libraries/restart-without-asking boolean true' | debconf-set-selections"
-        )
-
-        # Don't send an email to root about the postgresql migration. It should be handled automatically after.
-        os.system(
-            "echo 'postgresql-common postgresql-common/obsolete-major seen true' | debconf-set-selections"
-        )
-
-        #
-        # Specific packages upgrades
-        #
-        logger.info(m18n.n("migration_0015_specific_upgrade"))
-
-        # Update unscd independently, was 0.53-1+yunohost on stretch (custom build of ours) but now it's 0.53-1+b1 on vanilla buster,
-        # which for apt appears as a lower version (hence the --allow-downgrades and the hardcoded version number)
-        unscd_version = check_output(
-            'dpkg -s unscd | grep "^Version: " | cut -d " " -f 2'
-        )
-        if "yunohost" in unscd_version:
-            new_version = check_output(
-                "LC_ALL=C apt policy unscd 2>/dev/null | grep -v '\\*\\*\\*' | grep http -B1 | head -n 1 | awk '{print $1}'"
-            ).strip()
-            if new_version:
-                self.apt_install("unscd=%s --allow-downgrades" % new_version)
-            else:
-                logger.warning("Could not identify which version of unscd to install")
-
-        # Upgrade libpam-modules independently, small issue related to willing to overwrite a file previously provided by Yunohost
-        libpammodules_version = check_output(
-            'dpkg -s libpam-modules | grep "^Version: " | cut -d " " -f 2'
-        )
-        if not libpammodules_version.startswith("1.3"):
-            self.apt_install('libpam-modules -o Dpkg::Options::="--force-overwrite"')
-
-        #
-        # Main upgrade
-        #
-        logger.info(m18n.n("migration_0015_main_upgrade"))
-
-        apps_packages = self.get_apps_equivs_packages()
-        self.hold(apps_packages)
-        tools_upgrade(target="system", allow_yunohost_upgrade=False)
-
-        if self.debian_major_version() == 9:
-            raise YunohostError("migration_0015_still_on_stretch_after_main_upgrade")
-
-        # Clean the mess
-        logger.info(m18n.n("migration_0015_cleaning_up"))
-        os.system("apt autoremove --assume-yes")
-        os.system("apt clean --assume-yes")
-
-        #
-        # Yunohost upgrade
-        #
-        logger.info(m18n.n("migration_0015_yunohost_upgrade"))
-        self.unhold(apps_packages)
-        tools_upgrade(target="system")
-
-    def debian_major_version(self):
-        # The python module "platform" and lsb_release are not reliable because
-        # on some setup, they may still return Release=9 even after upgrading to
-        # buster ... (Apparently this is related to OVH overriding some stuff
-        # with /etc/lsb-release for instance -_-)
-        # Instead, we rely on /etc/os-release which should be the raw info from
-        # the distribution...
-        return int(
-            check_output(
-                "grep VERSION_ID /etc/os-release | head -n 1 | tr '\"' ' ' | cut -d ' ' -f2"
-            )
-        )
-
-    def yunohost_major_version(self):
-        return int(get_ynh_package_version("yunohost")["version"].split(".")[0])
-
-    def check_assertions(self):
-
-        # Be on stretch (9.x) and yunohost 3.x
-        # NB : we do both check to cover situations where the upgrade crashed
-        # in the middle and debian version could be > 9.x but yunohost package
-        # would still be in 3.x...
-        if (
-            not self.debian_major_version() == 9
-            and not self.yunohost_major_version() == 3
-        ):
-            raise YunohostError("migration_0015_not_stretch")
-
-        # Have > 1 Go free space on /var/ ?
-        if free_space_in_directory("/var/") / (1024 ** 3) < 1.0:
-            raise YunohostError("migration_0015_not_enough_free_space")
-
-        # Check system is up to date
-        # (but we don't if 'stretch' is already in the sources.list ...
-        # which means maybe a previous upgrade crashed and we're re-running it)
-        if " buster " not in read_file("/etc/apt/sources.list"):
-            tools_update(target="system")
-            upgradable_system_packages = list(_list_upgradable_apt_packages())
-            if upgradable_system_packages:
-                raise YunohostError("migration_0015_system_not_fully_up_to_date")
-
-    @property
-    def disclaimer(self):
-
-        # Avoid having a super long disclaimer + uncessary check if we ain't
-        # on stretch / yunohost 3.x anymore
-        # NB : we do both check to cover situations where the upgrade crashed
-        # in the middle and debian version could be >= 10.x but yunohost package
-        # would still be in 3.x...
-        if (
-            not self.debian_major_version() == 9
-            and not self.yunohost_major_version() == 3
-        ):
-            return None
-
-        # Get list of problematic apps ? I.e. not official or community+working
-        problematic_apps = unstable_apps()
-        problematic_apps = "".join(["\n    - " + app for app in problematic_apps])
-
-        # Manually modified files ? (c.f. yunohost service regen-conf)
-        modified_files = manually_modified_files()
-        modified_files = "".join(["\n    - " + f for f in modified_files])
-
-        message = m18n.n("migration_0015_general_warning")
-
-        message = (
-            "N.B.: This migration has been tested by the community over the last few months but has only been declared stable recently. If your server hosts critical services and if you are not too confident with debugging possible issues, we recommend you to wait a little bit more while we gather more feedback and polish things up. If on the other hand you are relatively confident with debugging small issues that may arise, you are encouraged to run this migration ;)! You can read about remaining known issues and feedback from the community here: https://forum.yunohost.org/t/12195\n\n"
-            + message
-        )
-
-        if problematic_apps:
-            message += "\n\n" + m18n.n(
-                "migration_0015_problematic_apps_warning",
-                problematic_apps=problematic_apps,
-            )
-
-        if modified_files:
-            message += "\n\n" + m18n.n(
-                "migration_0015_modified_files", manually_modified_files=modified_files
-            )
-
-        return message
-
-    def patch_apt_sources_list(self):
-
-        sources_list = glob.glob("/etc/apt/sources.list.d/*.list")
-        sources_list.append("/etc/apt/sources.list")
-
-        # This :
-        # - replace single 'stretch' occurence by 'buster'
-        # - comments lines containing "backports"
-        # - replace 'stretch/updates' by 'strech/updates' (or same with -)
-        for f in sources_list:
-            command = (
-                "sed -i -e 's@ stretch @ buster @g' "
-                "-e '/backports/ s@^#*@#@' "
-                "-e 's@ stretch/updates @ buster/updates @g' "
-                "-e 's@ stretch-@ buster-@g' "
-                "{}".format(f)
-            )
-            os.system(command)
-
-    def get_apps_equivs_packages(self):
-
-        command = (
-            "dpkg --get-selections"
-            " | grep -v deinstall"
-            " | awk '{print $1}'"
-            " | { grep 'ynh-deps$' || true; }"
-        )
-
-        output = check_output(command)
-
-        return output.split("\n") if output else []
-
-    def hold(self, packages):
-        for package in packages:
-            os.system("apt-mark hold {}".format(package))
-
-    def unhold(self, packages):
-        for package in packages:
-            os.system("apt-mark unhold {}".format(package))
-
-    def apt_install(self, cmd):
-        def is_relevant(line):
-            return "Reading database ..." not in line.rstrip()
-
-        callbacks = (
-            lambda l: logger.info("+ " + l.rstrip() + "\r")
-            if is_relevant(l)
-            else logger.debug(l.rstrip() + "\r"),
-            lambda l: logger.warning(l.rstrip()),
-        )
-
-        cmd = (
-            "LC_ALL=C DEBIAN_FRONTEND=noninteractive APT_LISTCHANGES_FRONTEND=none apt install --quiet -o=Dpkg::Use-Pty=0 --fix-broken --assume-yes "
-            + cmd
-        )
-
-        logger.debug("Running: %s" % cmd)
-
-        call_async_output(cmd, callbacks, shell=True)
-
-    def validate_and_upgrade_cert_if_necessary(self):
-
-        active_certs = set(
-            check_output("grep -roh '/.*crt.pem' /etc/nginx/").split("\n")
-        )
-
-        cmd = "LC_ALL=C openssl x509 -in %s -text -noout | grep -i 'Signature Algorithm:' | awk '{print $3}' | uniq"
-
-        default_crt = "/etc/yunohost/certs/yunohost.org/crt.pem"
-        default_key = "/etc/yunohost/certs/yunohost.org/key.pem"
-        default_signature = (
-            check_output(cmd % default_crt) if default_crt in active_certs else None
-        )
-        if default_signature is not None and (
-            default_signature.startswith("md5") or default_signature.startswith("sha1")
-        ):
-            logger.warning(
-                "%s is using a pretty old certificate incompatible with newer versions of nginx ... attempting to regenerate a fresh one"
-                % default_crt
-            )
-
-            os.system("mv %s %s.old" % (default_crt, default_crt))
-            os.system("mv %s %s.old" % (default_key, default_key))
-            ret = os.system("/usr/share/yunohost/hooks/conf_regen/02-ssl init")
-
-            if ret != 0 or not os.path.exists(default_crt):
-                logger.error("Upgrading the certificate failed ... reverting")
-                os.system("mv %s.old %s" % (default_crt, default_crt))
-                os.system("mv %s.old %s" % (default_key, default_key))
-
-        signatures = {cert: check_output(cmd % cert) for cert in active_certs}
-
-        def cert_is_weak(cert):
-            sig = signatures[cert]
-            return sig.startswith("md5") or sig.startswith("sha1")
-
-        weak_certs = [cert for cert in signatures.keys() if cert_is_weak(cert)]
-        if weak_certs:
-            raise YunohostError(
-                "migration_0015_weak_certs", certs=", ".join(weak_certs)
-            )

src/yunohost/data_migrations/0018_xtable_to_nftable.py

@@ -1,126 +0,0 @@
-import os
-import subprocess
-
-from moulinette import m18n
-from yunohost.utils.error import YunohostError
-from moulinette.utils.log import getActionLogger
-
-from yunohost.firewall import firewall_reload
-from yunohost.service import service_restart
-from yunohost.tools import Migration
-
-logger = getActionLogger("yunohost.migration")
-
-
-class MyMigration(Migration):
-
-    "Migrate legacy iptables rules from stretch that relied on xtable and should now rely on nftable"
-
-    dependencies = ["migrate_to_buster"]
-
-    def run(self):
-
-        self.do_ipv4 = os.system("iptables -w -L >/dev/null") == 0
-        self.do_ipv6 = os.system("ip6tables -w -L >/dev/null") == 0
-
-        if not self.do_ipv4:
-            logger.warning(m18n.n("iptables_unavailable"))
-        if not self.do_ipv6:
-            logger.warning(m18n.n("ip6tables_unavailable"))
-
-        backup_folder = "/home/yunohost.backup/premigration/xtable_to_nftable/"
-        if not os.path.exists(backup_folder):
-            os.makedirs(backup_folder, 0o750)
-        self.backup_rules_ipv4 = os.path.join(backup_folder, "legacy_rules_ipv4")
-        self.backup_rules_ipv6 = os.path.join(backup_folder, "legacy_rules_ipv6")
-
-        # Backup existing legacy rules to be able to rollback
-        if self.do_ipv4 and not os.path.exists(self.backup_rules_ipv4):
-            self.runcmd(
-                "iptables-legacy -L >/dev/null"
-            )  # For some reason if we don't do this, iptables-legacy-save is empty ?
-            self.runcmd("iptables-legacy-save > %s" % self.backup_rules_ipv4)
-            assert (
-                open(self.backup_rules_ipv4).read().strip()
-            ), "Uhoh backup of legacy ipv4 rules is empty !?"
-        if self.do_ipv6 and not os.path.exists(self.backup_rules_ipv6):
-            self.runcmd(
-                "ip6tables-legacy -L >/dev/null"
-            )  # For some reason if we don't do this, iptables-legacy-save is empty ?
-            self.runcmd("ip6tables-legacy-save > %s" % self.backup_rules_ipv6)
-            assert (
-                open(self.backup_rules_ipv6).read().strip()
-            ), "Uhoh backup of legacy ipv6 rules is empty !?"
-
-        # We inject the legacy rules (iptables-legacy) into the new iptable (just "iptables")
-        try:
-            if self.do_ipv4:
-                self.runcmd("iptables-legacy-save | iptables-restore")
-            if self.do_ipv6:
-                self.runcmd("ip6tables-legacy-save | ip6tables-restore")
-        except Exception as e:
-            self.rollback()
-            raise YunohostError(
-                "migration_0018_failed_to_migrate_iptables_rules", error=e
-            )
-
-        # Reset everything in iptables-legacy
-        # Stolen from https://serverfault.com/a/200642
-        try:
-            if self.do_ipv4:
-                self.runcmd(
-                    "iptables-legacy-save | awk '/^[*]/ { print $1 }"  # Keep lines like *raw, *filter and *nat
-                    '                            /^:[A-Z]+ [^-]/ { print $1 " ACCEPT" ; }'  # Turn all policies to accept
-                    "                            /COMMIT/ { print $0; }'"  # Keep the line COMMIT
-                    " | iptables-legacy-restore"
-                )
-            if self.do_ipv6:
-                self.runcmd(
-                    "ip6tables-legacy-save | awk '/^[*]/ { print $1 }"  # Keep lines like *raw, *filter and *nat
-                    '                            /^:[A-Z]+ [^-]/ { print $1 " ACCEPT" ; }'  # Turn all policies to accept
-                    "                            /COMMIT/ { print $0; }'"  # Keep the line COMMIT
-                    " | ip6tables-legacy-restore"
-                )
-        except Exception as e:
-            self.rollback()
-            raise YunohostError("migration_0018_failed_to_reset_legacy_rules", error=e)
-
-        # You might be wondering "uh but is it really useful to
-        # iptables-legacy-save | iptables-restore considering firewall_reload()
-        # flush/resets everything anyway ?"
-        # But the answer is : firewall_reload() only resets the *filter table.
-        # On more complex setups (e.g. internet cube or docker) you will also
-        # have rules in the *nat (or maybe *raw?) sections of iptables.
-        firewall_reload()
-        service_restart("fail2ban")
-
-    def rollback(self):
-
-        if self.do_ipv4:
-            self.runcmd("iptables-legacy-restore < %s" % self.backup_rules_ipv4)
-        if self.do_ipv6:
-            self.runcmd("iptables-legacy-restore < %s" % self.backup_rules_ipv6)
-
-    def runcmd(self, cmd, raise_on_errors=True):
-
-        logger.debug("Running command: " + cmd)
-
-        p = subprocess.Popen(
-            cmd,
-            shell=True,
-            executable="/bin/bash",
-            stdout=subprocess.PIPE,
-            stderr=subprocess.PIPE,
-        )
-
-        out, err = p.communicate()
-        returncode = p.returncode
-        if raise_on_errors and returncode != 0:
-            raise YunohostError(
-                "Failed to run command '{}'.\nreturncode: {}\nstdout:\n{}\nstderr:\n{}\n".format(
-                    cmd, returncode, out, err
-                )
-            )
-
-        out = out.strip().split(b"\n")
-        return (returncode, out, err)

src/yunohost/data_migrations/0019_extend_permissions_features.py

@@ -1,107 +0,0 @@
-from moulinette import m18n
-from moulinette.utils.log import getActionLogger
-
-from yunohost.tools import Migration
-from yunohost.permission import user_permission_list
-from yunohost.utils.legacy import migrate_legacy_permission_settings
-
-logger = getActionLogger("yunohost.migration")
-
-
-class MyMigration(Migration):
-    """
-    Add protected attribute in LDAP permission
-    """
-
-    @Migration.ldap_migration
-    def run(self, backup_folder):
-
-        # Update LDAP database
-        self.add_new_ldap_attributes()
-
-        # Migrate old settings
-        migrate_legacy_permission_settings()
-
-    def add_new_ldap_attributes(self):
-
-        from yunohost.utils.ldap import _get_ldap_interface
-        from yunohost.regenconf import regen_conf, BACKUP_CONF_DIR
-
-        # Check if the migration can be processed
-        ldap_regen_conf_status = regen_conf(names=["slapd"], dry_run=True)
-        # By this we check if the have been customized
-        if ldap_regen_conf_status and ldap_regen_conf_status["slapd"]["pending"]:
-            logger.warning(
-                m18n.n(
-                    "migration_0019_slapd_config_will_be_overwritten",
-                    conf_backup_folder=BACKUP_CONF_DIR,
-                )
-            )
-
-        # Update LDAP schema restart slapd
-        logger.info(m18n.n("migration_update_LDAP_schema"))
-        regen_conf(names=["slapd"], force=True)
-
-        logger.info(m18n.n("migration_0019_add_new_attributes_in_ldap"))
-        ldap = _get_ldap_interface()
-        permission_list = user_permission_list(full=True)["permissions"]
-
-        for permission in permission_list:
-            system_perms = {
-                "mail": "E-mail",
-                "xmpp": "XMPP",
-                "ssh": "SSH",
-                "sftp": "STFP",
-            }
-            if permission.split(".")[0] in system_perms:
-                update = {
-                    "authHeader": ["FALSE"],
-                    "label": [system_perms[permission.split(".")[0]]],
-                    "showTile": ["FALSE"],
-                    "isProtected": ["TRUE"],
-                }
-            else:
-                app, subperm_name = permission.split(".")
-                if permission.endswith(".main"):
-                    update = {
-                        "authHeader": ["TRUE"],
-                        "label": [
-                            app
-                        ],  # Note that this is later re-changed during the call to migrate_legacy_permission_settings() if a 'label' setting exists
-                        "showTile": ["TRUE"],
-                        "isProtected": ["FALSE"],
-                    }
-                else:
-                    update = {
-                        "authHeader": ["TRUE"],
-                        "label": [subperm_name.title()],
-                        "showTile": ["FALSE"],
-                        "isProtected": ["TRUE"],
-                    }
-
-            ldap.update("cn=%s,ou=permission" % permission, update)
-
-    introduced_in_version = "4.1"
-
-    def run_after_system_restore(self):
-        # Update LDAP database
-        self.add_new_ldap_attributes()
-
-    def run_before_app_restore(self, app_id):
-        from yunohost.app import app_setting
-        from yunohost.utils.legacy import migrate_legacy_permission_settings
-
-        # Migrate old settings
-        legacy_permission_settings = [
-            "skipped_uris",
-            "unprotected_uris",
-            "protected_uris",
-            "skipped_regex",
-            "unprotected_regex",
-            "protected_regex",
-        ]
-        if any(
-            app_setting(app_id, setting) is not None
-            for setting in legacy_permission_settings
-        ):
-            migrate_legacy_permission_settings(app=app_id)

src/yunohost/data_migrations/0020_ssh_sftp_permissions.py

@@ -1,100 +0,0 @@
-import subprocess
-import os
-
-from moulinette import m18n
-from moulinette.utils.log import getActionLogger
-
-from yunohost.tools import Migration
-from yunohost.permission import user_permission_update, permission_sync_to_user
-from yunohost.regenconf import manually_modified_files
-
-logger = getActionLogger("yunohost.migration")
-
-###################################################
-# Tools used also for restoration
-###################################################
-
-
-class MyMigration(Migration):
-    """
-    Add new permissions around SSH/SFTP features
-    """
-
-    introduced_in_version = "4.2.2"
-    dependencies = ["extend_permissions_features"]
-
-    @Migration.ldap_migration
-    def run(self, *args):
-
-        from yunohost.utils.ldap import _get_ldap_interface
-
-        ldap = _get_ldap_interface()
-
-        existing_perms_raw = ldap.search(
-            "ou=permission,dc=yunohost,dc=org", "(objectclass=permissionYnh)", ["cn"]
-        )
-        existing_perms = [perm["cn"][0] for perm in existing_perms_raw]
-
-        # Add SSH and SFTP permissions
-        if "sftp.main" not in existing_perms:
-            ldap.add(
-                "cn=sftp.main,ou=permission",
-                {
-                    "cn": "sftp.main",
-                    "gidNumber": "5004",
-                    "objectClass": ["posixGroup", "permissionYnh"],
-                    "groupPermission": [],
-                    "authHeader": "FALSE",
-                    "label": "SFTP",
-                    "showTile": "FALSE",
-                    "isProtected": "TRUE",
-                },
-            )
-
-        if "ssh.main" not in existing_perms:
-            ldap.add(
-                "cn=ssh.main,ou=permission",
-                {
-                    "cn": "ssh.main",
-                    "gidNumber": "5003",
-                    "objectClass": ["posixGroup", "permissionYnh"],
-                    "groupPermission": [],
-                    "authHeader": "FALSE",
-                    "label": "SSH",
-                    "showTile": "FALSE",
-                    "isProtected": "TRUE",
-                },
-            )
-
-            # Add a bash terminal to each users
-            users = ldap.search(
-                "ou=users,dc=yunohost,dc=org",
-                filter="(loginShell=*)",
-                attrs=["dn", "uid", "loginShell"],
-            )
-            for user in users:
-                if user["loginShell"][0] == "/bin/false":
-                    dn = user["dn"][0].replace(",dc=yunohost,dc=org", "")
-                    ldap.update(dn, {"loginShell": ["/bin/bash"]})
-                else:
-                    user_permission_update(
-                        "ssh.main", add=user["uid"][0], sync_perm=False
-                    )
-
-            permission_sync_to_user()
-
-            # Somehow this is needed otherwise the PAM thing doesn't forget about the
-            # old loginShell value ?
-            subprocess.call(["nscd", "-i", "passwd"])
-
-        if (
-            "/etc/ssh/sshd_config" in manually_modified_files()
-            and os.system(
-                "grep -q '^ *AllowGroups\\|^ *AllowUsers' /etc/ssh/sshd_config"
-            )
-            != 0
-        ):
-            logger.error(m18n.n("diagnosis_sshd_config_insecure"))
-
-    def run_after_system_restore(self):
-        self.run()

src/yunohost/data_migrations/0021_migrate_to_bullseye.py

@@ -0,0 +1,272 @@
+import glob
+import os
+
+from moulinette import m18n
+from yunohost.utils.error import YunohostError
+from moulinette.utils.log import getActionLogger
+from moulinette.utils.process import check_output, call_async_output
+from moulinette.utils.filesystem import read_file, rm
+
+from yunohost.tools import Migration, tools_update, tools_upgrade
+from yunohost.app import unstable_apps
+from yunohost.regenconf import manually_modified_files, _force_clear_hashes
+from yunohost.utils.filesystem import free_space_in_directory
+from yunohost.utils.packages import (
+    get_ynh_package_version,
+    _list_upgradable_apt_packages,
+)
+
+logger = getActionLogger("yunohost.migration")
+
+N_CURRENT_DEBIAN = 10
+N_CURRENT_YUNOHOST = 4
+
+N_NEXT_DEBAN = 11
+N_NEXT_YUNOHOST = 11
+
+class MyMigration(Migration):
+
+    "Upgrade the system to Debian Bullseye and Yunohost 11.x"
+
+    mode = "manual"
+
+    def run(self):
+
+        self.check_assertions()
+
+        logger.info(m18n.n("migration_0021_start"))
+
+        #
+        # Add new apt .deb signing key
+        #
+
+        new_apt_key = "https://forge.yunohost.org/yunohost_bullseye.asc"
+        check_output(f"wget -O- {new_apt_key} -q | apt-key add -qq -")
+
+        #
+        # Patch sources.list
+        #
+        logger.info(m18n.n("migration_0021_patching_sources_list"))
+        self.patch_apt_sources_list()
+        tools_update(target="system")
+
+        # Tell libc6 it's okay to restart system stuff during the upgrade
+        os.system(
+            "echo 'libc6 libraries/restart-without-asking boolean true' | debconf-set-selections"
+        )
+
+        # Don't send an email to root about the postgresql migration. It should be handled automatically after.
+        os.system(
+            "echo 'postgresql-common postgresql-common/obsolete-major seen true' | debconf-set-selections"
+        )
+
+        #
+        # Patch yunohost conflicts
+        #
+        logger.info(m18n.n("migration_0021_patch_yunohost_conflicts"))
+
+        self.patch_yunohost_conflicts()
+
+        #
+        # Specific tweaking to get rid of custom my.cnf and use debian's default one
+        # (my.cnf is actually a symlink to mariadb.cnf)
+        #
+
+        _force_clear_hashes(["/etc/mysql/my.cnf"])
+        rm("/etc/mysql/mariadb.cnf", force=True)
+        rm("/etc/mysql/my.cnf", force=True)
+        self.apt_install("mariadb-common --reinstall -o Dpkg::Options::='--force-confmiss'")
+
+        #
+        # Main upgrade
+        #
+        logger.info(m18n.n("migration_0021_main_upgrade"))
+
+        apps_packages = self.get_apps_equivs_packages()
+        self.hold(apps_packages)
+        tools_upgrade(target="system", allow_yunohost_upgrade=False)
+
+        if self.debian_major_version() == N_CURRENT_DEBIAN:
+            raise YunohostError("migration_0021_still_on_buster_after_main_upgrade")
+
+        # Clean the mess
+        logger.info(m18n.n("migration_0021_cleaning_up"))
+        os.system("apt autoremove --assume-yes")
+        os.system("apt clean --assume-yes")
+
+        #
+        # Yunohost upgrade
+        #
+        logger.info(m18n.n("migration_0021_yunohost_upgrade"))
+        self.unhold(apps_packages)
+        tools_upgrade(target="system")
+
+    def debian_major_version(self):
+        # The python module "platform" and lsb_release are not reliable because
+        # on some setup, they may still return Release=9 even after upgrading to
+        # buster ... (Apparently this is related to OVH overriding some stuff
+        # with /etc/lsb-release for instance -_-)
+        # Instead, we rely on /etc/os-release which should be the raw info from
+        # the distribution...
+        return int(
+            check_output(
+                "grep VERSION_ID /etc/os-release | head -n 1 | tr '\"' ' ' | cut -d ' ' -f2"
+            )
+        )
+
+    def yunohost_major_version(self):
+        return int(get_ynh_package_version("yunohost")["version"].split(".")[0])
+
+    def check_assertions(self):
+
+        # Be on buster (10.x) and yunohost 4.x
+        # NB : we do both check to cover situations where the upgrade crashed
+        # in the middle and debian version could be > 9.x but yunohost package
+        # would still be in 3.x...
+        if (
+            not self.debian_major_version() == N_CURRENT_DEBIAN
+            and not self.yunohost_major_version() == N_CURRENT_YUNOHOST
+        ):
+            raise YunohostError("migration_0021_not_buster")
+
+        # Have > 1 Go free space on /var/ ?
+        if free_space_in_directory("/var/") / (1024 ** 3) < 1.0:
+            raise YunohostError("migration_0021_not_enough_free_space")
+
+        # Check system is up to date
+        # (but we don't if 'bullseye' is already in the sources.list ...
+        # which means maybe a previous upgrade crashed and we're re-running it)
+        if " bullseye " not in read_file("/etc/apt/sources.list"):
+            tools_update(target="system")
+            upgradable_system_packages = list(_list_upgradable_apt_packages())
+            if upgradable_system_packages:
+                raise YunohostError("migration_0021_system_not_fully_up_to_date")
+
+    @property
+    def disclaimer(self):
+
+        # Avoid having a super long disclaimer + uncessary check if we ain't
+        # on buster / yunohost 4.x anymore
+        # NB : we do both check to cover situations where the upgrade crashed
+        # in the middle and debian version could be >= 10.x but yunohost package
+        # would still be in 4.x...
+        if (
+            not self.debian_major_version() == N_CURRENT_DEBIAN
+            and not self.yunohost_major_version() == N_CURRENT_YUNOHOST
+        ):
+            return None
+
+        # Get list of problematic apps ? I.e. not official or community+working
+        problematic_apps = unstable_apps()
+        problematic_apps = "".join(["\n    - " + app for app in problematic_apps])
+
+        # Manually modified files ? (c.f. yunohost service regen-conf)
+        modified_files = manually_modified_files()
+        modified_files = "".join(["\n    - " + f for f in modified_files])
+
+        message = m18n.n("migration_0021_general_warning")
+
+        # FIXME: re-enable this message with updated topic link once we release the migration as stable
+        #message = (
+        #    "N.B.: This migration has been tested by the community over the last few months but has only been declared stable recently. If your server hosts critical services and if you are not too confident with debugging possible issues, we recommend you to wait a little bit more while we gather more feedback and polish things up. If on the other hand you are relatively confident with debugging small issues that may arise, you are encouraged to run this migration ;)! You can read about remaining known issues and feedback from the community here: https://forum.yunohost.org/t/12195\n\n"
+        #    + message
+        #)
+
+        if problematic_apps:
+            message += "\n\n" + m18n.n(
+                "migration_0021_problematic_apps_warning",
+                problematic_apps=problematic_apps,
+            )
+
+        if modified_files:
+            message += "\n\n" + m18n.n(
+                "migration_0021_modified_files", manually_modified_files=modified_files
+            )
+
+        return message
+
+    def patch_apt_sources_list(self):
+
+        sources_list = glob.glob("/etc/apt/sources.list.d/*.list")
+        sources_list.append("/etc/apt/sources.list")
+
+        # This :
+        # - replace single 'buster' occurence by 'bulleye'
+        # - comments lines containing "backports"
+        # - replace 'buster/updates' by 'bullseye/updates' (or same with -)
+        # Special note about the security suite:
+        # https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.en.html#security-archive
+        for f in sources_list:
+            command = (
+                f"sed -i {f} "
+                "-e 's@ buster @ bullseye @g' "
+                "-e '/backports/ s@^#*@#@' "
+                "-e 's@ buster/updates @ bullseye-security @g' "
+                "-e 's@ buster-@ bullseye-@g' "
+            )
+            os.system(command)
+
+    def get_apps_equivs_packages(self):
+
+        command = (
+            "dpkg --get-selections"
+            " | grep -v deinstall"
+            " | awk '{print $1}'"
+            " | { grep 'ynh-deps$' || true; }"
+        )
+
+        output = check_output(command)
+
+        return output.split("\n") if output else []
+
+    def hold(self, packages):
+        for package in packages:
+            os.system("apt-mark hold {}".format(package))
+
+    def unhold(self, packages):
+        for package in packages:
+            os.system("apt-mark unhold {}".format(package))
+
+    def apt_install(self, cmd):
+        def is_relevant(line):
+            return "Reading database ..." not in line.rstrip()
+
+        callbacks = (
+            lambda l: logger.info("+ " + l.rstrip() + "\r")
+            if is_relevant(l)
+            else logger.debug(l.rstrip() + "\r"),
+            lambda l: logger.warning(l.rstrip()),
+        )
+
+        cmd = (
+            "LC_ALL=C DEBIAN_FRONTEND=noninteractive APT_LISTCHANGES_FRONTEND=none apt install --quiet -o=Dpkg::Use-Pty=0 --fix-broken --assume-yes "
+            + cmd
+        )
+
+        logger.debug("Running: %s" % cmd)
+
+        call_async_output(cmd, callbacks, shell=True)
+
+
+    def patch_yunohost_conflicts(self):
+        #
+        # This is a super dirty hack to remove the conflicts from yunohost's debian/control file
+        # Those conflicts are there to prevent mistakenly upgrading critical packages
+        # such as dovecot, postfix, nginx, openssl, etc... usually related to mistakenly
+        # using backports etc.
+        #
+        # The hack consists in savagely removing the conflicts directly in /var/lib/dpkg/status
+        #
+
+        # We only patch the conflict if we're on yunohost 4.x
+        if self.yunohost_major_version() != N_CURRENT_YUNOHOST:
+            return
+
+        conflicts = check_output("dpkg-query -s yunohost | grep '^Conflicts:'").strip()
+        if conflicts:
+            # We want to keep conflicting with apache/bind9 tho
+            new_conflicts = "Conflicts: apache2, bind9"
+
+            command = f"sed -i /var/lib/dpkg/status -e 's@{conflicts}@{new_conflicts}@g'"
+            logger.debug(f"Running: {command}")
+            os.system(command)

src/yunohost/data_migrations/0022_php73_to_php74_pools.py

@@ -11,47 +11,47 @@ from yunohost.service import _run_service_command
 
 logger = getActionLogger("yunohost.migration")
 
-PHP70_POOLS = "/etc/php/7.0/fpm/pool.d"
-PHP73_POOLS = "/etc/php/7.3/fpm/pool.d"
+OLDPHP_POOLS = "/etc/php/7.3/fpm/pool.d"
+NEWPHP_POOLS = "/etc/php/7.4/fpm/pool.d"
 
-PHP70_SOCKETS_PREFIX = "/run/php/php7.0-fpm"
-PHP73_SOCKETS_PREFIX = "/run/php/php7.3-fpm"
+OLDPHP_SOCKETS_PREFIX = "/run/php/php7.3-fpm"
+NEWPHP_SOCKETS_PREFIX = "/run/php/php7.4-fpm"
 
 MIGRATION_COMMENT = (
-    "; YunoHost note : this file was automatically moved from {}".format(PHP70_POOLS)
+    "; YunoHost note : this file was automatically moved from {}".format(OLDPHP_POOLS)
 )
 
 
 class MyMigration(Migration):
 
-    "Migrate php7.0-fpm 'pool' conf files to php7.3"
+    "Migrate php7.3-fpm 'pool' conf files to php7.4"
 
-    dependencies = ["migrate_to_buster"]
+    dependencies = ["migrate_to_bullseye"]
 
     def run(self):
-        # Get list of php7.0 pool files
-        php70_pool_files = glob.glob("{}/*.conf".format(PHP70_POOLS))
+        # Get list of php7.3 pool files
+        oldphp_pool_files = glob.glob("{}/*.conf".format(OLDPHP_POOLS))
 
         # Keep only basenames
-        php70_pool_files = [os.path.basename(f) for f in php70_pool_files]
+        oldphp_pool_files = [os.path.basename(f) for f in oldphp_pool_files]
 
         # Ignore the "www.conf" (default stuff, probably don't want to touch it ?)
-        php70_pool_files = [f for f in php70_pool_files if f != "www.conf"]
+        oldphp_pool_files = [f for f in oldphp_pool_files if f != "www.conf"]
 
-        for f in php70_pool_files:
+        for f in oldphp_pool_files:
 
-            # Copy the files to the php7.3 pool
-            src = "{}/{}".format(PHP70_POOLS, f)
-            dest = "{}/{}".format(PHP73_POOLS, f)
+            # Copy the files to the php7.4 pool
+            src = "{}/{}".format(OLDPHP_POOLS, f)
+            dest = "{}/{}".format(NEWPHP_POOLS, f)
             copy2(src, dest)
 
             # Replace the socket prefix if it's found
             c = "sed -i -e 's@{}@{}@g' {}".format(
-                PHP70_SOCKETS_PREFIX, PHP73_SOCKETS_PREFIX, dest
+                OLDPHP_SOCKETS_PREFIX, NEWPHP_SOCKETS_PREFIX, dest
             )
             os.system(c)
 
-            # Also add a comment that it was automatically moved from php7.0
+            # Also add a comment that it was automatically moved from php7.3
             # (for human traceability and backward migration)
             c = "sed -i '1i {}' {}".format(MIGRATION_COMMENT, dest)
             os.system(c)
@@ -66,19 +66,19 @@ class MyMigration(Migration):
             for f in nginx_conf_files:
                 # Replace the socket prefix if it's found
                 c = "sed -i -e 's@{}@{}@g' {}".format(
-                    PHP70_SOCKETS_PREFIX, PHP73_SOCKETS_PREFIX, f
+                    OLDPHP_SOCKETS_PREFIX, NEWPHP_SOCKETS_PREFIX, f
                 )
                 os.system(c)
 
         os.system(
-            "rm /etc/logrotate.d/php7.0-fpm"
+            "rm /etc/logrotate.d/php7.3-fpm"
         )  # We remove this otherwise the logrotate cron will be unhappy
 
         # Reload/restart the php pools
-        _run_service_command("restart", "php7.3-fpm")
-        _run_service_command("enable", "php7.3-fpm")
-        os.system("systemctl stop php7.0-fpm")
-        os.system("systemctl disable php7.0-fpm")
+        _run_service_command("restart", "php7.4-fpm")
+        _run_service_command("enable", "php7.4-fpm")
+        os.system("systemctl stop php7.3-fpm")
+        os.system("systemctl disable php7.3-fpm")
 
         # Reload nginx
         _run_service_command("reload", "nginx")

src/yunohost/data_migrations/0023_postgresql_11_to_13.py

@@ -12,41 +12,41 @@ logger = getActionLogger("yunohost.migration")
 
 class MyMigration(Migration):
 
-    "Migrate DBs from Postgresql 9.6 to 11 after migrating to Buster"
+    "Migrate DBs from Postgresql 11 to 13 after migrating to Bullseye"
 
-    dependencies = ["migrate_to_buster"]
+    dependencies = ["migrate_to_bullseye"]
 
     def run(self):
 
-        if not self.package_is_installed("postgresql-9.6"):
-            logger.warning(m18n.n("migration_0017_postgresql_96_not_installed"))
+        if not self.package_is_installed("postgresql-11"):
+            logger.warning(m18n.n("migration_0023_postgresql_11_not_installed"))
             return
 
-        if not self.package_is_installed("postgresql-11"):
-            raise YunohostValidationError("migration_0017_postgresql_11_not_installed")
+        if not self.package_is_installed("postgresql-13"):
+            raise YunohostValidationError("migration_0023_postgresql_13_not_installed")
 
-        # Make sure there's a 9.6 cluster
+        # Make sure there's a 11 cluster
         try:
-            self.runcmd("pg_lsclusters | grep -q '^9.6 '")
+            self.runcmd("pg_lsclusters | grep -q '^11 '")
         except Exception:
             logger.warning(
-                "It looks like there's not active 9.6 cluster, so probably don't need to run this migration"
+                "It looks like there's not active 11 cluster, so probably don't need to run this migration"
             )
             return
 
         if not space_used_by_directory(
-            "/var/lib/postgresql/9.6"
+            "/var/lib/postgresql/11"
         ) > free_space_in_directory("/var/lib/postgresql"):
             raise YunohostValidationError(
-                "migration_0017_not_enough_space", path="/var/lib/postgresql/"
+                "migration_0023_not_enough_space", path="/var/lib/postgresql/"
             )
 
         self.runcmd("systemctl stop postgresql")
         self.runcmd(
-            "LC_ALL=C pg_dropcluster --stop 11 main || true"
-        )  # We do not trigger an exception if the command fails because that probably means cluster 11 doesn't exists, which is fine because it's created during the pg_upgradecluster)
-        self.runcmd("LC_ALL=C pg_upgradecluster -m upgrade 9.6 main")
-        self.runcmd("LC_ALL=C pg_dropcluster --stop 9.6 main")
+            "LC_ALL=C pg_dropcluster --stop 13 main || true"
+        )  # We do not trigger an exception if the command fails because that probably means cluster 13 doesn't exists, which is fine because it's created during the pg_upgradecluster)
+        self.runcmd("LC_ALL=C pg_upgradecluster -m upgrade 11 main")
+        self.runcmd("LC_ALL=C pg_dropcluster --stop 11 main")
         self.runcmd("systemctl start postgresql")
 
     def package_is_installed(self, package_name):

src/yunohost/dyndns.py

@@ -70,7 +70,9 @@ def _dyndns_available(domain):
     logger.debug(f"Checking if domain {domain} is available on {DYNDNS_PROVIDER} ...")
 
     try:
-        r = download_json(f"https://{DYNDNS_PROVIDER}/test/{domain}", expected_status_code=None)
+        r = download_json(
+            f"https://{DYNDNS_PROVIDER}/test/{domain}", expected_status_code=None
+        )
     except MoulinetteError as e:
         logger.error(str(e))
         raise YunohostError(
@@ -81,9 +83,7 @@ def _dyndns_available(domain):
 
 
 @is_unit_operation()
-def dyndns_subscribe(
-    operation_logger, domain=None, key=None
-):
+def dyndns_subscribe(operation_logger, domain=None, key=None):
     """
     Subscribe to a DynDNS service
 
@@ -340,20 +340,6 @@ def dyndns_update(
         )
 
 
-# Legacy
-def dyndns_installcron():
-    logger.warning(
-        "This command is deprecated. The dyndns cron job should automatically be added/removed by the regenconf depending if there's a private key in /etc/yunohost/dyndns. You can run the regenconf yourself with 'yunohost tools regen-conf yunohost'."
-    )
-
-
-# Legacy
-def dyndns_removecron():
-    logger.warning(
-        "This command is deprecated. The dyndns cron job should automatically be added/removed by the regenconf depending if there's a private key in /etc/yunohost/dyndns. You can run the regenconf yourself with 'yunohost tools regen-conf yunohost'."
-    )
-
-
 def _guess_current_dyndns_domain():
     """
     This function tries to guess which domain should be updated by

src/yunohost/log.py

@@ -42,12 +42,36 @@ from yunohost.utils.packages import get_ynh_package_version
 from moulinette.utils.log import getActionLogger
 from moulinette.utils.filesystem import read_file, read_yaml
 
+logger = getActionLogger("yunohost.log")
+
 CATEGORIES_PATH = "/var/log/yunohost/categories/"
 OPERATIONS_PATH = "/var/log/yunohost/categories/operation/"
 METADATA_FILE_EXT = ".yml"
 LOG_FILE_EXT = ".log"
 
-logger = getActionLogger("yunohost.log")
+BORING_LOG_LINES = [
+    r"set [+-]x$",
+    r"set [+-]o xtrace$",
+    r"set [+-]o errexit$",
+    r"set [+-]o nounset$",
+    r"trap '' EXIT",
+    r"local \w+$",
+    r"local exit_code=(1|0)$",
+    r"local legacy_args=.*$",
+    r"local -A args_array$",
+    r"args_array=.*$",
+    r"ret_code=1",
+    r".*Helper used in legacy mode.*",
+    r"ynh_handle_getopts_args",
+    r"ynh_script_progression",
+    r"sleep 0.5",
+    r"'\[' (1|0) -eq (1|0) '\]'$",
+    r"\[?\['? -n '' '?\]\]?$",
+    r"rm -rf /var/cache/yunohost/download/$",
+    r"type -t ynh_clean_setup$",
+    r"DEBUG - \+ echo '",
+    r"DEBUG - \+ exit (1|0)$",
+]
 
 
 def log_list(limit=None, with_details=False, with_suboperations=False):
@@ -163,30 +187,7 @@ def log_show(
     if filter_irrelevant:
 
         def _filter(lines):
-            filters = [
-                r"set [+-]x$",
-                r"set [+-]o xtrace$",
-                r"set [+-]o errexit$",
-                r"set [+-]o nounset$",
-                r"trap '' EXIT",
-                r"local \w+$",
-                r"local exit_code=(1|0)$",
-                r"local legacy_args=.*$",
-                r"local -A args_array$",
-                r"args_array=.*$",
-                r"ret_code=1",
-                r".*Helper used in legacy mode.*",
-                r"ynh_handle_getopts_args",
-                r"ynh_script_progression",
-                r"sleep 0.5",
-                r"'\[' (1|0) -eq (1|0) '\]'$",
-                r"\[?\['? -n '' '?\]\]?$",
-                r"rm -rf /var/cache/yunohost/download/$",
-                r"type -t ynh_clean_setup$",
-                r"DEBUG - \+ echo '",
-                r"DEBUG - \+ exit (1|0)$",
-            ]
-            filters = [re.compile(f) for f in filters]
+            filters = [re.compile(f) for f in BORING_LOG_LINES]
             return [
                 line
                 for line in lines
@@ -738,40 +739,35 @@ class OperationLogger(object):
         with open(self.log_path, "r") as f:
             lines = f.readlines()
 
-        filters = [
-            r"set [+-]x$",
-            r"set [+-]o xtrace$",
-            r"local \w+$",
-            r"local legacy_args=.*$",
-            r".*Helper used in legacy mode.*",
-            r"args_array=.*$",
-            r"local -A args_array$",
-            r"ynh_handle_getopts_args",
-            r"ynh_script_progression",
+        # A line typically looks like
+        # 2019-10-19 16:10:27,611: DEBUG - + mysql -u piwigo --password=********** -B piwigo
+        # And we just want the part starting by "DEBUG - "
+        lines = [line for line in lines if ":" in line.strip()]
+        lines = [line.strip().split(": ", 1)[1] for line in lines]
+        # And we ignore boring/irrelevant lines
+        # Annnnnnd we also ignore lines matching [number] + such as
+        # 72971 DEBUG 29739 + ynh_exit_properly
+        # which are lines from backup-before-upgrade or restore-after-failed-upgrade ...
+        filters = [re.compile(f_) for f_ in BORING_LOG_LINES]
+        filters.append(re.compile(r"\d+ \+ "))
+        lines = [
+            line
+            for line in lines
+            if not any(filter_.search(line) for filter_ in filters)
         ]
 
-        filters = [re.compile(f_) for f_ in filters]
-
         lines_to_display = []
-        for line in lines:
 
-            if ": " not in line.strip():
-                continue
-
-            # A line typically looks like
-            # 2019-10-19 16:10:27,611: DEBUG - + mysql -u piwigo --password=********** -B piwigo
-            # And we just want the part starting by "DEBUG - "
-            line = line.strip().split(": ", 1)[1]
-
-            if any(filter_.search(line) for filter_ in filters):
-                continue
-
-            lines_to_display.append(line)
-
-            if line.endswith("+ ynh_exit_properly") or " + ynh_die " in line:
+        # Get the 20 lines before the last 'ynh_exit_properly'
+        rev_lines = list(reversed(lines))
+        for i, line in enumerate(rev_lines):
+            if line.endswith("+ ynh_exit_properly"):
+                lines_to_display = reversed(rev_lines[i : i + 20])
                 break
-            elif len(lines_to_display) > 20:
-                lines_to_display.pop(0)
+
+        # If didnt find anything, just get the last 20 lines
+        if not lines_to_display:
+            lines_to_display = lines[-20:]
 
         logger.warning(
             "Here's an extract of the logs before the crash. It might help debugging the error:"

src/yunohost/regenconf.py

@@ -125,19 +125,6 @@ def regen_conf(
     if not names:
         names = hook_list("conf_regen", list_by="name", show_info=False)["hooks"]
 
-    # Dirty hack for legacy code : avoid attempting to regen the conf for
-    # glances because it got removed ...  This is only needed *once*
-    # during the upgrade from 3.7 to 3.8 because Yunohost will attempt to
-    # regen glance's conf *before* it gets automatically removed from
-    # services.yml (which will happens only during the regen-conf of
-    # 'yunohost', so at the very end of the regen-conf cycle) Anyway,
-    # this can be safely removed once we're in >= 4.0
-    if "glances" in names:
-        names.remove("glances")
-
-    if "avahi-daemon" in names:
-        names.remove("avahi-daemon")
-
     # [Optimization] We compute and feed the domain list to the conf regen
     # hooks to avoid having to call "yunohost domain list" so many times which
     # ends up in wasted time (about 3~5 seconds per call on a RPi2)
@@ -454,14 +441,6 @@ def _save_regenconf_infos(infos):
         categories -- A dict containing the regenconf infos
     """
 
-    # Ugly hack to get rid of legacy glances stuff
-    if "glances" in infos:
-        del infos["glances"]
-
-    # Ugly hack to get rid of legacy avahi stuff
-    if "avahi-daemon" in infos:
-        del infos["avahi-daemon"]
-
     try:
         with open(REGEN_CONF_FILE, "w") as f:
             yaml.safe_dump(infos, f, default_flow_style=False)

src/yunohost/service.py

@@ -57,12 +57,10 @@ def service_add(
     name,
     description=None,
     log=None,
-    log_type=None,
     test_status=None,
     test_conf=None,
     needs_exposed_ports=None,
     need_lock=False,
-    status=None,
 ):
     """
     Add a custom service
@@ -71,12 +69,10 @@ def service_add(
         name -- Service name to add
         description -- description of the service
         log -- Absolute path to log file to display
-        log_type -- (deprecated) Specify if the corresponding log is a file or a systemd log
         test_status -- Specify a custom bash command to check the status of the service. N.B. : it only makes sense to specify this if the corresponding systemd service does not return the proper information.
         test_conf -- Specify a custom bash command to check if the configuration of the service is valid or broken, similar to nginx -t.
         needs_exposed_ports -- A list of ports that needs to be publicly exposed for the service to work as intended.
         need_lock -- Use this option to prevent deadlocks if the service does invoke yunohost commands.
-        status -- Deprecated, doesn't do anything anymore. Use test_status instead.
     """
     services = _get_services()
 
@@ -86,15 +82,6 @@ def service_add(
         if not isinstance(log, list):
             log = [log]
 
-        # Deprecated log_type stuff
-        if log_type is not None:
-            logger.warning(
-                "/!\\ Packagers! --log_type is deprecated. You do not need to specify --log_type systemd anymore ... Yunohost now automatically fetch the journalctl of the systemd service by default."
-            )
-            # Usually when adding such a service, the service name will be provided so we remove it as it's not a log file path
-            if name in log:
-                log.remove(name)
-
         service["log"] = log
 
     if not description:
@@ -574,29 +561,6 @@ def service_log(name, number=50):
     return result
 
 
-def service_regen_conf(
-    names=[], with_diff=False, force=False, dry_run=False, list_pending=False
-):
-
-    services = _get_services()
-
-    if isinstance(names, str):
-        names = [names]
-
-    for name in names:
-        if name not in services.keys():
-            raise YunohostValidationError("service_unknown", service=name)
-
-    if names is []:
-        names = list(services.keys())
-
-    logger.warning(m18n.n("service_regen_conf_is_deprecated"))
-
-    from yunohost.regenconf import regen_conf
-
-    return regen_conf(names, with_diff, force, dry_run, list_pending)
-
-
 def _run_service_command(action, service):
     """
     Run services management command (start, stop, enable, disable, restart, reload)
@@ -732,9 +696,6 @@ def _get_services():
 
     # Dirty hack to check the status of ynh-vpnclient
     if "ynh-vpnclient" in services:
-        status_check = "systemctl is-active openvpn@client.service"
-        if "test_status" not in services["ynh-vpnclient"]:
-            services["ynh-vpnclient"]["test_status"] = status_check
         if "log" not in services["ynh-vpnclient"]:
             services["ynh-vpnclient"]["log"] = ["/var/log/ynh-vpnclient.log"]
 

src/yunohost/tests/test_backuprestore.py

@@ -48,8 +48,8 @@ def setup_function(function):
         for m in function.__dict__.get("pytestmark", [])
     }
 
-    if "with_wordpress_archive_from_3p8" in markers:
-        add_archive_wordpress_from_3p8()
+    if "with_wordpress_archive_from_4p2" in markers:
+        add_archive_wordpress_from_4p2()
         assert len(backup_list()["archives"]) == 1
 
     if "with_legacy_app_installed" in markers:
@@ -71,8 +71,8 @@ def setup_function(function):
         )
         assert app_is_installed("backup_recommended_app")
 
-    if "with_system_archive_from_3p8" in markers:
-        add_archive_system_from_3p8()
+    if "with_system_archive_from_4p2" in markers:
+        add_archive_system_from_4p2()
         assert len(backup_list()["archives"]) == 1
 
     if "with_permission_app_installed" in markers:
@@ -150,7 +150,7 @@ def backup_test_dependencies_are_met():
 
     # Dummy test apps (or backup archives)
     assert os.path.exists(
-        os.path.join(get_test_apps_dir(), "backup_wordpress_from_3p8")
+        os.path.join(get_test_apps_dir(), "backup_wordpress_from_4p2")
     )
     assert os.path.exists(os.path.join(get_test_apps_dir(), "legacy_app_ynh"))
     assert os.path.exists(
@@ -219,25 +219,25 @@ def install_app(app, path, additionnal_args=""):
     )
 
 
-def add_archive_wordpress_from_3p8():
+def add_archive_wordpress_from_4p2():
 
     os.system("mkdir -p /home/yunohost.backup/archives")
 
     os.system(
         "cp "
-        + os.path.join(get_test_apps_dir(), "backup_wordpress_from_3p8/backup.tar.gz")
-        + " /home/yunohost.backup/archives/backup_wordpress_from_3p8.tar.gz"
+        + os.path.join(get_test_apps_dir(), "backup_wordpress_from_4p2/backup.tar")
+        + " /home/yunohost.backup/archives/backup_wordpress_from_4p2.tar"
     )
 
 
-def add_archive_system_from_3p8():
+def add_archive_system_from_4p2():
 
     os.system("mkdir -p /home/yunohost.backup/archives")
 
     os.system(
         "cp "
-        + os.path.join(get_test_apps_dir(), "backup_system_from_3p8/backup.tar.gz")
-        + " /home/yunohost.backup/archives/backup_system_from_3p8.tar.gz"
+        + os.path.join(get_test_apps_dir(), "backup_system_from_4p2/backup.tar")
+        + " /home/yunohost.backup/archives/backup_system_from_4p2.tar"
     )
 
 
@@ -307,8 +307,8 @@ def test_backup_and_restore_all_sys(mocker):
 #
 
 
-@pytest.mark.with_system_archive_from_3p8
-def test_restore_system_from_Ynh3p8(monkeypatch, mocker):
+@pytest.mark.with_system_archive_from_4p2
+def test_restore_system_from_Ynh4p2(monkeypatch, mocker):
 
     # Backup current system
     with message(mocker, "backup_created"):
@@ -453,9 +453,9 @@ def test_backup_using_copy_method(mocker):
 #
 
 
-@pytest.mark.with_wordpress_archive_from_3p8
+@pytest.mark.with_wordpress_archive_from_4p2
 @pytest.mark.with_custom_domain("yolo.test")
-def test_restore_app_wordpress_from_Ynh3p8(mocker):
+def test_restore_app_wordpress_from_Ynh4p2(mocker):
 
     with message(mocker, "restore_complete"):
         backup_restore(
@@ -463,7 +463,7 @@ def test_restore_app_wordpress_from_Ynh3p8(mocker):
         )
 
 
-@pytest.mark.with_wordpress_archive_from_3p8
+@pytest.mark.with_wordpress_archive_from_4p2
 @pytest.mark.with_custom_domain("yolo.test")
 def test_restore_app_script_failure_handling(monkeypatch, mocker):
     def custom_hook_exec(name, *args, **kwargs):
@@ -484,7 +484,7 @@ def test_restore_app_script_failure_handling(monkeypatch, mocker):
     assert not _is_installed("wordpress")
 
 
-@pytest.mark.with_wordpress_archive_from_3p8
+@pytest.mark.with_wordpress_archive_from_4p2
 def test_restore_app_not_enough_free_space(monkeypatch, mocker):
     def custom_free_space_in_directory(dirpath):
         return 0
@@ -503,7 +503,7 @@ def test_restore_app_not_enough_free_space(monkeypatch, mocker):
     assert not _is_installed("wordpress")
 
 
-@pytest.mark.with_wordpress_archive_from_3p8
+@pytest.mark.with_wordpress_archive_from_4p2
 def test_restore_app_not_in_backup(mocker):
 
     assert not _is_installed("wordpress")
@@ -519,7 +519,7 @@ def test_restore_app_not_in_backup(mocker):
     assert not _is_installed("yoloswag")
 
 
-@pytest.mark.with_wordpress_archive_from_3p8
+@pytest.mark.with_wordpress_archive_from_4p2
 @pytest.mark.with_custom_domain("yolo.test")
 def test_restore_app_already_installed(mocker):
 
@@ -629,7 +629,7 @@ def test_restore_archive_with_no_json(mocker):
 
     # Create a backup with no info.json associated
     os.system("touch /tmp/afile")
-    os.system("tar -czvf /home/yunohost.backup/archives/badbackup.tar.gz /tmp/afile")
+    os.system("tar -cvf /home/yunohost.backup/archives/badbackup.tar /tmp/afile")
 
     assert "badbackup" in backup_list()["archives"]
 
@@ -637,18 +637,18 @@ def test_restore_archive_with_no_json(mocker):
         backup_restore(name="badbackup", force=True)
 
 
-@pytest.mark.with_wordpress_archive_from_3p8
+@pytest.mark.with_wordpress_archive_from_4p2
 def test_restore_archive_with_bad_archive(mocker):
 
     # Break the archive
     os.system(
-        "head -n 1000 /home/yunohost.backup/archives/backup_wordpress_from_3p8.tar.gz > /home/yunohost.backup/archives/backup_wordpress_from_3p8_bad.tar.gz"
+        "head -n 1000 /home/yunohost.backup/archives/backup_wordpress_from_4p2.tar > /home/yunohost.backup/archives/backup_wordpress_from_4p2_bad.tar"
     )
 
-    assert "backup_wordpress_from_3p8_bad" in backup_list()["archives"]
+    assert "backup_wordpress_from_4p2_bad" in backup_list()["archives"]
 
     with raiseYunohostError(mocker, "backup_archive_corrupted"):
-        backup_restore(name="backup_wordpress_from_3p8_bad", force=True)
+        backup_restore(name="backup_wordpress_from_4p2_bad", force=True)
 
     clean_tmp_backup_directory()
 

src/yunohost/tools.py

@@ -248,7 +248,9 @@ def tools_postinstall(
             # and inform the user that we could not contact the dyndns host server.
             except Exception:
                 logger.warning(
-                    m18n.n("dyndns_provider_unreachable", provider="dyndns.yunohost.org")
+                    m18n.n(
+                        "dyndns_provider_unreachable", provider="dyndns.yunohost.org"
+                    )
                 )
 
             if available:
@@ -326,24 +328,12 @@ def tools_regen_conf(
     return regen_conf(names, with_diff, force, dry_run, list_pending)
 
 
-def tools_update(target=None, apps=False, system=False):
+def tools_update(target=None):
     """
     Update apps & system package cache
     """
 
-    # Legacy options (--system, --apps)
-    if apps or system:
-        logger.warning(
-            "Using 'yunohost tools update' with --apps / --system is deprecated, just write 'yunohost tools update apps system' (no -- prefix anymore)"
-        )
-        if apps and system:
-            target = "all"
-        elif apps:
-            target = "apps"
-        else:
-            target = "system"
-
-    elif not target:
+    if not target:
         target = "all"
 
     if target not in ["system", "apps", "all"]:
@@ -452,7 +442,7 @@ def _list_upgradable_apps():
 
 @is_unit_operation()
 def tools_upgrade(
-    operation_logger, target=None, apps=False, system=False, allow_yunohost_upgrade=True
+    operation_logger, target=None, allow_yunohost_upgrade=True
 ):
     """
     Update apps & package cache, then display changelog
@@ -470,21 +460,6 @@ def tools_upgrade(
     if not packages.dpkg_lock_available():
         raise YunohostValidationError("dpkg_lock_not_available")
 
-    # Legacy options management (--system, --apps)
-    if target is None:
-
-        logger.warning(
-            "Using 'yunohost tools upgrade' with --apps / --system is deprecated, just write 'yunohost tools upgrade apps' or 'system' (no -- prefix anymore)"
-        )
-
-        if (system, apps) == (True, True):
-            raise YunohostValidationError("tools_upgrade_cant_both")
-
-        if (system, apps) == (False, False):
-            raise YunohostValidationError("tools_upgrade_at_least_one")
-
-        target = "apps" if apps else "system"
-
     if target not in ["apps", "system"]:
         raise Exception(
             "Uhoh ?! tools_upgrade should have 'apps' or 'system' value for argument target"

src/yunohost/user.py

@@ -138,7 +138,6 @@ def user_create(
     domain,
     password,
     mailbox_quota="0",
-    mail=None,
     from_import=False,
 ):
 
@@ -150,12 +149,6 @@ def user_create(
     # Ensure sufficiently complex password
     assert_password_is_strong_enough("user", password)
 
-    if mail is not None:
-        logger.warning(
-            "Packagers ! Using --mail in 'yunohost user create' is deprecated ... please use --domain instead."
-        )
-        domain = mail.split("@")[-1]
-
     # Validate domain used for email address/xmpp account
     if domain is None:
         if Moulinette.interface.type == "api":

src/yunohost/utils/legacy.py

@@ -1,28 +1,15 @@
 import os
 import re
 import glob
-from moulinette import m18n
 from moulinette.core import MoulinetteError
 from moulinette.utils.log import getActionLogger
 from moulinette.utils.filesystem import (
     read_file,
     write_to_file,
-    write_to_json,
     write_to_yaml,
     read_yaml,
 )
 
-from yunohost.user import user_list
-from yunohost.app import (
-    _installed_apps,
-    _get_app_settings,
-    _set_app_settings,
-)
-from yunohost.permission import (
-    permission_create,
-    user_permission_update,
-    permission_sync_to_user,
-)
 from yunohost.utils.error import YunohostValidationError
 
 
@@ -81,189 +68,32 @@ def legacy_permission_label(app, permission_type):
     )
 
 
-def migrate_legacy_permission_settings(app=None):
-
-    logger.info(m18n.n("migrating_legacy_permission_settings"))
-    apps = _installed_apps()
-
-    if app:
-        if app not in apps:
-            logger.error(
-                "Can't migrate permission for app %s because it ain't installed..."
-                % app
-            )
-            apps = []
-        else:
-            apps = [app]
-
-    for app in apps:
-
-        settings = _get_app_settings(app) or {}
-        if settings.get("label"):
-            user_permission_update(
-                app + ".main", label=settings["label"], sync_perm=False
-            )
-            del settings["label"]
-
-        def _setting(name):
-            s = settings.get(name)
-            return s.split(",") if s else []
-
-        skipped_urls = [uri for uri in _setting("skipped_uris") if uri != "/"]
-        skipped_urls += ["re:" + regex for regex in _setting("skipped_regex")]
-        unprotected_urls = [uri for uri in _setting("unprotected_uris") if uri != "/"]
-        unprotected_urls += ["re:" + regex for regex in _setting("unprotected_regex")]
-        protected_urls = [uri for uri in _setting("protected_uris") if uri != "/"]
-        protected_urls += ["re:" + regex for regex in _setting("protected_regex")]
-
-        if skipped_urls != []:
-            permission_create(
-                app + ".legacy_skipped_uris",
-                additional_urls=skipped_urls,
-                auth_header=False,
-                label=legacy_permission_label(app, "skipped"),
-                show_tile=False,
-                allowed="visitors",
-                protected=True,
-                sync_perm=False,
-            )
-        if unprotected_urls != []:
-            permission_create(
-                app + ".legacy_unprotected_uris",
-                additional_urls=unprotected_urls,
-                auth_header=True,
-                label=legacy_permission_label(app, "unprotected"),
-                show_tile=False,
-                allowed="visitors",
-                protected=True,
-                sync_perm=False,
-            )
-        if protected_urls != []:
-            permission_create(
-                app + ".legacy_protected_uris",
-                additional_urls=protected_urls,
-                auth_header=True,
-                label=legacy_permission_label(app, "protected"),
-                show_tile=False,
-                allowed=[],
-                protected=True,
-                sync_perm=False,
-            )
-
-        legacy_permission_settings = [
-            "skipped_uris",
-            "unprotected_uris",
-            "protected_uris",
-            "skipped_regex",
-            "unprotected_regex",
-            "protected_regex",
-        ]
-        for key in legacy_permission_settings:
-            if key in settings:
-                del settings[key]
-
-        _set_app_settings(app, settings)
-
-        permission_sync_to_user()
-
-
-def translate_legacy_rules_in_ssowant_conf_json_persistent():
-
-    persistent_file_name = "/etc/ssowat/conf.json.persistent"
-    if not os.path.exists(persistent_file_name):
-        return
-
-    # Ugly hack because for some reason so many people have tabs in their conf.json.persistent ...
-    os.system(r"sed -i 's/\t/    /g' /etc/ssowat/conf.json.persistent")
-
-    # Ugly hack to try not to misarably fail migration
-    persistent = read_yaml(persistent_file_name)
-
-    legacy_rules = [
-        "skipped_urls",
-        "unprotected_urls",
-        "protected_urls",
-        "skipped_regex",
-        "unprotected_regex",
-        "protected_regex",
-    ]
-
-    if not any(legacy_rule in persistent for legacy_rule in legacy_rules):
-        return
-
-    if not isinstance(persistent.get("permissions"), dict):
-        persistent["permissions"] = {}
-
-    skipped_urls = persistent.get("skipped_urls", []) + [
-        "re:" + r for r in persistent.get("skipped_regex", [])
-    ]
-    protected_urls = persistent.get("protected_urls", []) + [
-        "re:" + r for r in persistent.get("protected_regex", [])
-    ]
-    unprotected_urls = persistent.get("unprotected_urls", []) + [
-        "re:" + r for r in persistent.get("unprotected_regex", [])
-    ]
-
-    known_users = list(user_list()["users"].keys())
-
-    for legacy_rule in legacy_rules:
-        if legacy_rule in persistent:
-            del persistent[legacy_rule]
-
-    if skipped_urls:
-        persistent["permissions"]["custom_skipped"] = {
-            "users": [],
-            "label": "Custom permissions - skipped",
-            "show_tile": False,
-            "auth_header": False,
-            "public": True,
-            "uris": skipped_urls
-            + persistent["permissions"].get("custom_skipped", {}).get("uris", []),
-        }
-
-    if unprotected_urls:
-        persistent["permissions"]["custom_unprotected"] = {
-            "users": [],
-            "label": "Custom permissions - unprotected",
-            "show_tile": False,
-            "auth_header": True,
-            "public": True,
-            "uris": unprotected_urls
-            + persistent["permissions"].get("custom_unprotected", {}).get("uris", []),
-        }
-
-    if protected_urls:
-        persistent["permissions"]["custom_protected"] = {
-            "users": known_users,
-            "label": "Custom permissions - protected",
-            "show_tile": False,
-            "auth_header": True,
-            "public": False,
-            "uris": protected_urls
-            + persistent["permissions"].get("custom_protected", {}).get("uris", []),
-        }
-
-    write_to_json(persistent_file_name, persistent, sort_keys=True, indent=4)
-
-    logger.warning(
-        "YunoHost automatically translated some legacy rules in /etc/ssowat/conf.json.persistent to match the new permission system"
-    )
-
-
 LEGACY_PHP_VERSION_REPLACEMENTS = [
-    ("/etc/php5", "/etc/php/7.3"),
-    ("/etc/php/7.0", "/etc/php/7.3"),
-    ("/var/run/php5-fpm", "/var/run/php/php7.3-fpm"),
-    ("/var/run/php/php7.0-fpm", "/var/run/php/php7.3-fpm"),
-    ("php5", "php7.3"),
-    ("php7.0", "php7.3"),
+    ("/etc/php5", "/etc/php/7.4"),
+    ("/etc/php/7.0", "/etc/php/7.4"),
+    ("/etc/php/7.3", "/etc/php/7.4"),
+    ("/var/run/php5-fpm", "/var/run/php/php7.4-fpm"),
+    ("/var/run/php/php7.0-fpm", "/var/run/php/php7.4-fpm"),
+    ("/var/run/php/php7.3-fpm", "/var/run/php/php7.4-fpm"),
+    ("php5", "php7.4"),
+    ("php7.0", "php7.4"),
+    ("php7.3", "php7.4"),
+    ('YNH_PHP_VERSION="7.3"', 'YNH_PHP_VERSION="7.4"'),
     (
         'phpversion="${phpversion:-7.0}"',
+        'phpversion="${phpversion:-7.4}"',
+    ),  # Many helpers like the composer ones use 7.0 by default ...
+    (
         'phpversion="${phpversion:-7.3}"',
+        'phpversion="${phpversion:-7.4}"',
     ),  # Many helpers like the composer ones use 7.0 by default ...
     (
         '"$phpversion" == "7.0"',
-        '$(bc <<< "$phpversion >= 7.3") -eq 1',
+        '$(bc <<< "$phpversion >= 7.4") -eq 1',
+    ),  # patch ynh_install_php to refuse installing/removing php <= 7.3
+    (
+        '"$phpversion" == "7.3"',
+        '$(bc <<< "$phpversion >= 7.4") -eq 1',
     ),  # patch ynh_install_php to refuse installing/removing php <= 7.3
 ]
 
@@ -299,15 +129,15 @@ def _patch_legacy_php_versions_in_settings(app_folder):
 
     settings = read_yaml(os.path.join(app_folder, "settings.yml"))
 
-    if settings.get("fpm_config_dir") == "/etc/php/7.0/fpm":
-        settings["fpm_config_dir"] = "/etc/php/7.3/fpm"
-    if settings.get("fpm_service") == "php7.0-fpm":
-        settings["fpm_service"] = "php7.3-fpm"
-    if settings.get("phpversion") == "7.0":
-        settings["phpversion"] = "7.3"
+    if settings.get("fpm_config_dir") in ["/etc/php/7.0/fpm", "/etc/php/7.3/fpm"]:
+        settings["fpm_config_dir"] = "/etc/php/7.4/fpm"
+    if settings.get("fpm_service") in ["php7.0-fpm", "php7.3-fpm"]:
+        settings["fpm_service"] = "php7.4-fpm"
+    if settings.get("phpversion") in ["7.0", "7.3"]:
+        settings["phpversion"] = "7.4"
 
     # We delete these checksums otherwise the file will appear as manually modified
-    list_to_remove = ["checksum__etc_php_7.0_fpm_pool", "checksum__etc_nginx_conf.d"]
+    list_to_remove = ["checksum__etc_php_7.3_fpm_pool", "checksum__etc_php_7.0_fpm_pool", "checksum__etc_nginx_conf.d"]
     settings = {
         k: v
         for k, v in settings.items()
@@ -324,36 +154,10 @@ def _patch_legacy_helpers(app_folder):
     files_to_patch.extend(glob.glob("%s/scripts/.*" % app_folder))
 
     stuff_to_replace = {
-        # Replace
-        #    sudo yunohost app initdb $db_user -p $db_pwd
-        # by
-        #    ynh_mysql_setup_db --db_user=$db_user --db_name=$db_user --db_pwd=$db_pwd
-        "yunohost app initdb": {
-            "pattern": r"(sudo )?yunohost app initdb \"?(\$\{?\w+\}?)\"?\s+-p\s\"?(\$\{?\w+\}?)\"?",
-            "replace": r"ynh_mysql_setup_db --db_user=\2 --db_name=\2 --db_pwd=\3",
-            "important": True,
-        },
-        # Replace
-        #    sudo yunohost app checkport whaterver
-        # by
-        #    ynh_port_available whatever
-        "yunohost app checkport": {
-            "pattern": r"(sudo )?yunohost app checkport",
-            "replace": r"ynh_port_available",
-            "important": True,
-        },
-        # We can't migrate easily port-available
-        # .. but at the time of writing this code, only two non-working apps are using it.
+        "yunohost app initdb": {"important": True},
+        "yunohost app checkport": {"important": True},
         "yunohost tools port-available": {"important": True},
-        # Replace
-        #    yunohost app checkurl "${domain}${path_url}" -a "${app}"
-        # by
-        #    ynh_webpath_register --app=${app} --domain=${domain} --path_url=${path_url}
-        "yunohost app checkurl": {
-            "pattern": r"(sudo )?yunohost app checkurl \"?(\$\{?\w+\}?)\/?(\$\{?\w+\}?)\"?\s+-a\s\"?(\$\{?\w+\}?)\"?",
-            "replace": r"ynh_webpath_register --app=\4 --domain=\2 --path_url=\3",
-            "important": True,
-        },
+        "yunohost app checkurl": {"important": True},
         # Remove
         #    Automatic diagnosis data from YunoHost
         #    __PRE_TAG1__$(yunohost tools diagnosis | ...)__PRE_TAG2__"
@@ -364,26 +168,11 @@ def _patch_legacy_helpers(app_folder):
             "important": False,
         },
         # Old $1, $2 in backup/restore scripts...
-        "app=$2": {
-            "only_for": ["scripts/backup", "scripts/restore"],
-            "pattern": r"app=\$2",
-            "replace": r"app=$YNH_APP_INSTANCE_NAME",
-            "important": True,
-        },
+        "app=$2": {"only_for": ["scripts/backup", "scripts/restore"], "important": True},
         # Old $1, $2 in backup/restore scripts...
-        "backup_dir=$1": {
-            "only_for": ["scripts/backup", "scripts/restore"],
-            "pattern": r"backup_dir=\$1",
-            "replace": r"backup_dir=.",
-            "important": True,
-        },
+        "backup_dir=$1": {"only_for": ["scripts/backup", "scripts/restore"], "important": True},
         # Old $1, $2 in backup/restore scripts...
-        "restore_dir=$1": {
-            "only_for": ["scripts/restore"],
-            "pattern": r"restore_dir=\$1",
-            "replace": r"restore_dir=.",
-            "important": True,
-        },
+        "restore_dir=$1": {"only_for": ["scripts/restore"], "important": True},
         # Old $1, $2 in install scripts...
         # We ain't patching that shit because it ain't trivial to patch all args...
         "domain=$1": {"only_for": ["scripts/install"], "important": True},

tests/test_helpers.d/ynhtest_apt.sh

@@ -0,0 +1,22 @@
+ynhtest_apt_install_apt_deps_regular() {
+
+    dpkg --list | grep -q "ii *$app-ynh-deps" && apt remove $app-ynh-deps --assume-yes || true
+    dpkg --list | grep -q 'ii *nyancat' && apt remove nyancat --assume-yes || true
+    dpkg --list | grep -q 'ii *sl' && apt remove sl --assume-yes || true
+
+    ! ynh_package_is_installed "$app-ynh-deps"
+    ! ynh_package_is_installed "nyancat"
+    ! ynh_package_is_installed "sl"
+
+    ynh_install_app_dependencies "nyancat sl"
+
+    ynh_package_is_installed "$app-ynh-deps"
+    ynh_package_is_installed "nyancat"
+    ynh_package_is_installed "sl"
+    
+    ynh_remove_app_dependencies
+
+    ! ynh_package_is_installed "$app-ynh-deps"
+    ! ynh_package_is_installed "nyancat"
+    ! ynh_package_is_installed "sl"
+}

tox.ini

@@ -1,15 +1,15 @@
 [tox]
-envlist = py37-{lint,invalidcode},py37-black-{run,check}
+envlist = py39-{lint,invalidcode},py39-black-{run,check}
 
 [testenv]
 skip_install=True
 deps =
-  py37-{lint,invalidcode}: flake8
-  py37-black-{run,check}: black
-  py37-mypy: mypy >= 0.900
+  py39-{lint,invalidcode}: flake8
+  py39-black-{run,check}: black
+  py39-mypy: mypy >= 0.900
 commands =
-        py37-lint: flake8 src doc data tests --ignore E402,E501,E203,W503 --exclude src/yunohost/vendor
-        py37-invalidcode: flake8 src data --exclude src/yunohost/tests,src/yunohost/vendor --select F,E722,W605
-        py37-black-check: black --check --diff src doc data tests
-        py37-black-run: black src doc data tests
-        py37-mypy: mypy  --ignore-missing-import --install-types --non-interactive --follow-imports silent src/yunohost/ --exclude (acme_tiny|data_migrations)
+        py39-lint: flake8 src doc data tests --ignore E402,E501,E203,W503 --exclude src/yunohost/vendor
+        py39-invalidcode: flake8 src data --exclude src/yunohost/tests,src/yunohost/vendor --select F,E722,W605
+        py39-black-check: black --check --diff src doc data tests
+        py39-black-run: black src doc data tests
+        py39-mypy: mypy  --ignore-missing-import --install-types --non-interactive --follow-imports silent src/yunohost/ --exclude (acme_tiny|data_migrations)