YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'unstable' into stretch-unstable

Browse source
This commit is contained in:
Alexandre Aubin 2018-05-20 21:43:05 +02:00
commit dd8af083b3
20 changed files with 2973 additions and 683 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

26
data/helpers.d/backend
View file

@ -117,7 +117,10 @@ ynh_remove_systemd_config () {
# Create a dedicated nginx config
#
# usage: ynh_add_nginx_config
# usage: ynh_add_nginx_config "list of others variables to replace"
#
# | arg: list of others variables to replace separeted by a space
# | for example : 'path_2 port_2 ...'
#
# This will use a template in ../conf/nginx.conf
# __PATH__ by $path_url
@ -126,8 +129,13 @@ ynh_remove_systemd_config () {
# __NAME__ by $app
# __FINALPATH__ by $final_path
#
# And dynamic variables (from the last example) :
# __PATH_2__ by $path_2
# __PORT_2__ by $port_2
#
ynh_add_nginx_config () {
finalnginxconf="/etc/nginx/conf.d/$domain.d/$app.conf"
local others_var=${1:-}
ynh_backup_if_checksum_is_different "$finalnginxconf"
sudo cp ../conf/nginx.conf "$finalnginxconf"
@ -151,6 +159,22 @@ ynh_add_nginx_config () {
if test -n "${final_path:-}"; then
ynh_replace_string "__FINALPATH__" "$final_path" "$finalnginxconf"
fi
# Replace all other variable given as arguments
for var_to_replace in $others_var
do
# ${var_to_replace^^} make the content of the variable on upper-cases
# ${!var_to_replace} get the content of the variable named $var_to_replace
ynh_replace_string "__${var_to_replace^^}__" "${!var_to_replace}" "$finalnginxconf"
done
if [ "${path_url:-}" != "/" ]
then
ynh_replace_string "^#sub_path_only" "" "$finalnginxconf"
else
ynh_replace_string "^#root_path_only" "" "$finalnginxconf"
fi
ynh_store_file_checksum "$finalnginxconf"
sudo systemctl reload nginx

4
data/helpers.d/package
View file

@ -30,7 +30,7 @@ ynh_package_version() {
#
# usage: ynh_apt update
ynh_apt() {
DEBIAN_FRONTEND=noninteractive sudo apt-get -y -qq $@
DEBIAN_FRONTEND=noninteractive sudo apt-get -y $@
}
# Update package index files
@ -167,4 +167,4 @@ EOF
ynh_remove_app_dependencies () {
local dep_app=${app//_/-} # Replace all '_' by '-'
ynh_package_autopurge ${dep_app}-ynh-deps # Remove the fake package and its dependencies if they not still used.
}
}

83
data/helpers.d/utils
View file

@ -37,16 +37,23 @@ ynh_get_plain_key() {
ynh_restore_upgradebackup () {
echo "Upgrade failed." >&2
local app_bck=${app//_/-} # Replace all '_' by '-'
# Check if an existing backup can be found before removing and restoring the application.
if sudo yunohost backup list | grep -q $app_bck-pre-upgrade$backup_number
then
# Remove the application then restore it
sudo yunohost app remove $app
# Restore the backup
sudo yunohost backup restore --ignore-system $app_bck-pre-upgrade$backup_number --apps $app --force --verbose
ynh_die "The app was restored to the way it was before the failed upgrade."
fi
NO_BACKUP_UPGRADE=${NO_BACKUP_UPGRADE:-0}
if [ "$NO_BACKUP_UPGRADE" -eq 0 ]
then
# Check if an existing backup can be found before removing and restoring the application.
if sudo yunohost backup list | grep -q $app_bck-pre-upgrade$backup_number
then
# Remove the application then restore it
sudo yunohost app remove $app
# Restore the backup
sudo yunohost backup restore --ignore-system $app_bck-pre-upgrade$backup_number --apps $app --force --verbose
ynh_die "The app was restored to the way it was before the failed upgrade."
fi
else
echo "\$NO_BACKUP_UPGRADE is set, that means there's no backup to restore. You have to fix this upgrade by yourself !" >&2
fi
}
# Make a backup in case of failed upgrade
@ -67,28 +74,34 @@ ynh_backup_before_upgrade () {
backup_number=1
local old_backup_number=2
local app_bck=${app//_/-} # Replace all '_' by '-'
NO_BACKUP_UPGRADE=${NO_BACKUP_UPGRADE:-0}
# Check if a backup already exists with the prefix 1
if sudo yunohost backup list | grep -q $app_bck-pre-upgrade1
then
# Prefix becomes 2 to preserve the previous backup
backup_number=2
old_backup_number=1
fi
# Create backup
sudo BACKUP_CORE_ONLY=1 yunohost backup create --ignore-system --apps $app --name $app_bck-pre-upgrade$backup_number --verbose
if [ "$?" -eq 0 ]
then
# If the backup succeeded, remove the previous backup
if sudo yunohost backup list | grep -q $app_bck-pre-upgrade$old_backup_number
if [ "$NO_BACKUP_UPGRADE" -eq 0 ]
then
# Check if a backup already exists with the prefix 1
if sudo yunohost backup list | grep -q $app_bck-pre-upgrade1
then
# Remove the previous backup only if it exists
sudo yunohost backup delete $app_bck-pre-upgrade$old_backup_number > /dev/null
# Prefix becomes 2 to preserve the previous backup
backup_number=2
old_backup_number=1
fi
else
ynh_die "Backup failed, the upgrade process was aborted."
fi
# Create backup
sudo BACKUP_CORE_ONLY=1 yunohost backup create --ignore-system --apps $app --name $app_bck-pre-upgrade$backup_number --verbose
if [ "$?" -eq 0 ]
then
# If the backup succeeded, remove the previous backup
if sudo yunohost backup list | grep -q $app_bck-pre-upgrade$old_backup_number
then
# Remove the previous backup only if it exists
sudo yunohost backup delete $app_bck-pre-upgrade$old_backup_number > /dev/null
fi
else
ynh_die "Backup failed, the upgrade process was aborted."
fi
else
echo "\$NO_BACKUP_UPGRADE is set, backup will be avoided. Be careful, this upgrade is going to be operated without a security backup"
fi
}
# Download, check integrity, uncompress and patch the source from app.src
@ -109,6 +122,10 @@ ynh_backup_before_upgrade () {
# # (Optionnal) Name of the local archive (offline setup support)
# # default: ${src_id}.${src_format}
# SOURCE_FILENAME=example.tar.gz
# # (Optional) If it set as false don't extract the source.
# # (Useful to get a debian package or a python wheel.)
# # default: true
# SOURCE_EXTRACT=(true|false)
#
# Details:
# This helper downloads sources from SOURCE_URL if there is no local source
@ -137,6 +154,7 @@ ynh_setup_source () {
local src_sum=$(grep 'SOURCE_SUM=' "$YNH_CWD/../conf/${src_id}.src" | cut -d= -f2-)
local src_sumprg=$(grep 'SOURCE_SUM_PRG=' "$YNH_CWD/../conf/${src_id}.src" | cut -d= -f2-)
local src_format=$(grep 'SOURCE_FORMAT=' "$YNH_CWD/../conf/${src_id}.src" | cut -d= -f2-)
local src_extract=$(grep 'SOURCE_EXTRACT=' "$YNH_CWD/../conf/${src_id}.src" | cut -d= -f2-)
local src_in_subdir=$(grep 'SOURCE_IN_SUBDIR=' "$YNH_CWD/../conf/${src_id}.src" | cut -d= -f2-)
local src_filename=$(grep 'SOURCE_FILENAME=' "$YNH_CWD/../conf/${src_id}.src" | cut -d= -f2-)
@ -145,6 +163,7 @@ ynh_setup_source () {
src_in_subdir=${src_in_subdir:-true}
src_format=${src_format:-tar.gz}
src_format=$(echo "$src_format" | tr '[:upper:]' '[:lower:]')
src_extract=${src_extract:-true}
if [ "$src_filename" = "" ] ; then
src_filename="${src_id}.${src_format}"
fi
@ -163,7 +182,11 @@ ynh_setup_source () {
# Extract source into the app dir
mkdir -p "$dest_dir"
if [ "$src_format" = "zip" ]
if ! "$src_extract"
then
mv $src_filename $dest_dir
elif [ "$src_format" = "zip" ]
then
# Zip format
# Using of a temp directory, because unzip doesn't manage --strip-components

18
data/hooks/conf_regen/01-yunohost
View file

@ -61,11 +61,17 @@ do_pre_regen() {
_update_services() {
sudo python2 - << EOF
import yaml
with open('services.yml') as f:
new_services = yaml.load(f)
with open('/etc/yunohost/services.yml') as f:
services = yaml.load(f)
updated = False
for service, conf in new_services.items():
# remove service with empty conf
if conf is None:
@ -73,20 +79,32 @@ for service, conf in new_services.items():
print("removing '{0}' from services".format(service))
del services[service]
updated = True
# add new service
elif not services.get(service, None):
print("adding '{0}' to services".format(service))
services[service] = conf
updated = True
# update service conf
else:
conffiles = services[service].pop('conffiles', {})
# status need to be removed
if "status" not in conf and "status" in services[service]:
print("update '{0}' service status access".format(service))
del services[service]["status"]
updated = True
if services[service] != conf:
print("update '{0}' service".format(service))
services[service].update(conf)
updated = True
if conffiles:
services[service]['conffiles'] = conffiles
if updated:
with open('/etc/yunohost/services.yml-new', 'w') as f:
yaml.safe_dump(services, f, default_flow_style=False)

7
data/templates/nginx/plain/yunohost_admin.conf
View file

@ -22,8 +22,13 @@ server {
ssl_certificate_key /etc/yunohost/certs/yunohost.org/key.pem;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
# As suggested by Mozilla : https://wiki.mozilla.org/Security/Server_Side_TLS and https://en.wikipedia.org/wiki/Curve25519
ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
# (this doesn't work on jessie though ...?)
# ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
# As suggested by https://cipherli.st/
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;

7
data/templates/nginx/server.tpl.conf
View file

@ -27,8 +27,13 @@ server {
ssl_certificate_key /etc/yunohost/certs/{{ domain }}/key.pem;
ssl_session_timeout 5m;
ssl_session_cache shared:SSL:50m;
# As suggested by Mozilla : https://wiki.mozilla.org/Security/Server_Side_TLS and https://en.wikipedia.org/wiki/Curve25519
ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
# (this doesn't work on jessie though ...?)
# ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
# As suggested by https://cipherli.st/
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;

5
data/templates/postfix/main.cf
View file

@ -45,6 +45,11 @@ smtp_tls_exclude_ciphers = $smtpd_tls_exclude_ciphers
smtp_tls_mandatory_ciphers= $smtpd_tls_mandatory_ciphers
smtp_tls_loglevel=1
# Configure Root CA certificates
# (for example, avoids getting "Untrusted TLS connection established to" messages in logs)
smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

58
data/templates/yunohost/services.yml
View file

@ -1,54 +1,42 @@
nginx:
status: service
log: /var/log/nginx
log: /var/log/nginx
avahi-daemon:
status: service
log: /var/log/daemon.log
log: /var/log/daemon.log
dnsmasq:
status: service
log: /var/log/daemon.log
log: /var/log/daemon.log
fail2ban:
status: service
log: /var/log/fail2ban.log
log: /var/log/fail2ban.log
dovecot:
status: service
log: [/var/log/mail.log,/var/log/mail.err]
log: [/var/log/mail.log,/var/log/mail.err]
postfix:
status: service
log: [/var/log/mail.log,/var/log/mail.err]
log: [/var/log/mail.log,/var/log/mail.err]
rspamd:
status: systemctl status rspamd.service
log: /var/log/rspamd/rspamd.log
log: /var/log/rspamd/rspamd.log
redis-server:
status: service
log: /var/log/redis/redis-server.log
log: /var/log/redis/redis-server.log
mysql:
status: service
log: [/var/log/mysql.log,/var/log/mysql.err]
glances:
status: service
log: [/var/log/mysql.log,/var/log/mysql.err]
glances: {}
ssh:
status: service
log: /var/log/auth.log
log: /var/log/auth.log
ssl:
status: null
metronome:
status: metronomectl status
log: [/var/log/metronome/metronome.log,/var/log/metronome/metronome.err]
log: [/var/log/metronome/metronome.log,/var/log/metronome/metronome.err]
slapd:
status: service
log: /var/log/syslog
log: /var/log/syslog
php7.0-fpm:
status: service
log: /var/log/php7.0-fpm.log
log: /var/log/php7.0-fpm.log
yunohost-api:
status: service
log: /var/log/yunohost/yunohost-api.log
log: /var/log/yunohost/yunohost-api.log
yunohost-firewall:
status: service
need_lock: true
need_lock: true
nslcd:
status: service
log: /var/log/syslog
nsswitch: {}
log: /var/log/syslog
nsswitch:
status: null
yunohost:
status: null
bind9: null
tahoe-lafs: null
memcached: null

28
debian/changelog vendored
View file

@ -24,6 +24,34 @@ yunohost (3.0.0~beta1) testing; urgency=low
-- Alexandre Aubin <alex.aubin@mailoo.org> Thu, 03 May 2018 03:04:45 +0000
yunohost (2.7.13.2) testing; urgency=low
* [fix] Fix an error with services marked as None (#466)
* [fix] Issue with nginx not upgrading correctly /etc/nginx/nginx.conf if it was manually modified
-- Alexandre Aubin <alex.aubin@mailoo.org> Fri, 11 May 2018 02:06:42 +0000
yunohost (2.7.13.1) testing; urgency=low
* [fix] Misc fixes on stretch migration following feedback
-- Alexandre Aubin <alex.aubin@mailoo.org> Wed, 09 May 2018 00:44:50 +0000
yunohost (2.7.13) testing; urgency=low
* [enh] Add 'manual migration' mechanism to the migration framework (#429)
* [enh] Add Stretch migration (#433)
* [enh] Use recommended ECDH curves (#454)
-- Alexandre Aubin <alex.aubin@mailoo.org> Sun, 06 May 2018 23:10:13 +0000
yunohost (2.7.12) stable; urgency=low
* [i18n] Improve translation for Portuguese
* Bump version number for stable release
-- Alexandre Aubin <alex.aubin@mailoo.org> Sun, 06 May 2018 16:40:11 +0000
yunohost (2.7.11.1) testing; urgency=low
* [fix] Nginx Regression typo (#459)

2
debian/control vendored
View file

@ -12,7 +12,7 @@ Architecture: all
Depends: ${python:Depends}, ${misc:Depends}
, moulinette (>= 2.7.1), ssowat (>= 2.7.1)
, python-psutil, python-requests, python-dnspython, python-openssl
, python-apt, python-miniupnpc
, python-apt, python-miniupnpc, python-dbus
, glances
, dnsutils, bind9utils, unzip, git, curl, cron, wget
, ca-certificates, netcat-openbsd, iproute

57
locales/ar.json
View file

@ -5,7 +5,7 @@
"admin_password_changed": "تم تعديل الكلمة السرية الإدارية",
"app_already_installed": "{app:s} تم تنصيبه مِن قبل",
"app_already_installed_cant_change_url": "",
"app_already_up_to_date": "",
"app_already_up_to_date": "{app:s} تم تحديثه مِن قَبل",
"app_argument_choice_invalid": "",
"app_argument_invalid": "",
"app_argument_required": "",
@ -24,11 +24,11 @@
"app_location_unavailable": "This url is not available or conflicts with an already installed app",
"app_manifest_invalid": "Invalid app manifest: {error}",
"app_no_upgrade": "البرمجيات لا تحتاج إلى تحديث",
"app_not_correctly_installed": "{app:s} seems to be incorrectly installed",
"app_not_installed": "{app:s} is not installed",
"app_not_correctly_installed": "يبدو أن التطبيق {app:s} لم يتم تنصيبه بشكل صحيح",
"app_not_installed": "إنّ التطبيق {app:s} غير مُنصَّب",
"app_not_properly_removed": "{app:s} has not been properly removed",
"app_package_need_update": "The app {app} package needs to be updated to follow YunoHost changes",
"app_removed": "{app:s} has been removed",
"app_removed": "تمت إزالة تطبيق {app:s}",
"app_requirements_checking": "Checking required packages for {app}...",
"app_requirements_failed": "Unable to meet requirements for {app}: {error}",
"app_requirements_unmeet": "Requirements are not met for {app}, the package {pkgname} ({version}) must be {spec}",
@ -38,7 +38,7 @@
"app_upgrade_app_name": "جارٍ تحديث برنامج {app}...",
"app_upgrade_failed": "تعذرت عملية ترقية {app:s}",
"app_upgrade_some_app_failed": "تعذرت عملية ترقية بعض البرمجيات",
"app_upgraded": "{app:s} has been upgraded",
"app_upgraded": "تم تحديث التطبيق {app:s}",
"appslist_corrupted_json": "Could not load the application lists. It looks like {filename:s} is corrupted.",
"appslist_could_not_migrate": "Could not migrate app list {appslist:s} ! Unable to parse the url... The old cron job has been kept in {bkp_file:s}.",
"appslist_fetched": "The application list {appslist:s} has been fetched",
@ -115,8 +115,8 @@
"certmanager_cannot_read_cert": "Something wrong happened when trying to open current certificate for domain {domain:s} (file: {file:s}), reason: {reason:s}",
"certmanager_cert_install_success": "تمت عملية تنصيب شهادة Let's Encrypt بنجاح على النطاق {domain:s}!",
"certmanager_cert_install_success_selfsigned": "Successfully installed a self-signed certificate for domain {domain:s}!",
"certmanager_cert_renew_success": "Successfully renewed Let's Encrypt certificate for domain {domain:s}!",
"certmanager_cert_signing_failed": "Signing the new certificate failed",
"certmanager_cert_renew_success": "نجحت عملية تجديد شهادة Let's Encrypt الخاصة باسم النطاق {domain:s} !",
"certmanager_cert_signing_failed": "فشل إجراء توقيع الشهادة الجديدة",
"certmanager_certificate_fetching_or_enabling_failed": "Sounds like enabling the new certificate for {domain:s} failed somehow...",
"certmanager_conflicting_nginx_file": "Unable to prepare domain for ACME challenge: the nginx configuration file {filepath:s} is conflicting and should be removed first",
"certmanager_couldnt_fetch_intermediate_cert": "Timed out when trying to fetch intermediate certificate from Let's Encrypt. Certificate installation/renewal aborted - please try again later.",
@ -139,13 +139,13 @@
"diagnosis_monitor_disk_error": "Can't monitor disks: {error}",
"diagnosis_monitor_network_error": "Can't monitor network: {error}",
"diagnosis_monitor_system_error": "Can't monitor system: {error}",
"diagnosis_no_apps": "No installed application",
"diagnosis_no_apps": "لم تقم بتنصيب أية تطبيقات بعد",
"dnsmasq_isnt_installed": "dnsmasq does not seem to be installed, please run 'apt-get remove bind9 && apt-get install dnsmasq'",
"domain_cannot_remove_main": "Cannot remove main domain. Set a new main domain first",
"domain_cert_gen_failed": "Unable to generate certificate",
"domain_created": "The domain has been created",
"domain_creation_failed": "Unable to create domain",
"domain_deleted": "The domain has been deleted",
"domain_created": "تم إنشاء النطاق",
"domain_creation_failed": "تعذرت عملية إنشاء النطاق",
"domain_deleted": "تم حذف النطاق",
"domain_deletion_failed": "Unable to delete domain",
"domain_dns_conf_is_just_a_recommendation": "This command shows you what is the *recommended* configuration. It does not actually set up the DNS configuration for you. It is your responsability to configure your DNS zone in your registrar according to this recommendation.",
"domain_dyndns_already_subscribed": "You've already subscribed to a DynDNS domain",
@ -222,7 +222,7 @@
"migrate_tsig_wait_4": "30 ثانية …",
"migrate_tsig_not_needed": "You do not appear to use a dyndns domain, so no migration is needed !",
"migrations_backward": "Migrating backward.",
"migrations_bad_value_for_target": "Invalide number for target argument, available migrations numbers are 0 or {}",
"migrations_bad_value_for_target": "Invalid number for target argument, available migrations numbers are 0 or {}",
"migrations_cant_reach_migration_file": "Can't access migrations files at path %s",
"migrations_current_target": "Migration target is {}",
"migrations_error_failed_to_load_migration": "ERROR: failed to load migration {number} {name}",
@ -257,18 +257,18 @@
"package_not_installed": "Package '{pkgname}' is not installed",
"package_unexpected_error": "An unexpected error occurred processing the package '{pkgname}'",
"package_unknown": "Unknown package '{pkgname}'",
"packages_no_upgrade": "There is no package to upgrade",
"packages_no_upgrade": "لا يوجد هناك أية حزمة بحاجة إلى تحديث",
"packages_upgrade_critical_later": "Critical packages ({packages:s}) will be upgraded later",
"packages_upgrade_failed": "Unable to upgrade all of the packages",
"path_removal_failed": "Unable to remove path {:s}",
"pattern_backup_archive_name": "Must be a valid filename with max 30 characters, and alphanumeric and -_. characters only",
"pattern_domain": "Must be a valid domain name (e.g. my-domain.org)",
"pattern_email": "Must be a valid email address (e.g. someone@domain.org)",
"pattern_domain": "يتوجب أن يكون إسم نطاق صالح (مثل my-domain.org)",
"pattern_email": "يتوجب أن يكون عنوان بريد إلكتروني صالح (مثل someone@domain.org)",
"pattern_firstname": "Must be a valid first name",
"pattern_lastname": "Must be a valid last name",
"pattern_listname": "Must be alphanumeric and underscore characters only",
"pattern_mailbox_quota": "Must be a size with b/k/M/G/T suffix or 0 to disable the quota",
"pattern_password": "Must be at least 3 characters long",
"pattern_password": "يتوجب أن تكون مكونة من 3 حروف على الأقل",
"pattern_port": "يجب أن يكون رقم منفذ صالح (مثال 0-65535)",
"pattern_port_or_range": "Must be a valid port number (i.e. 0-65535) or range of ports (e.g. 100:200)",
"pattern_positive_number": "يجب أن يكون عددا إيجابيا",
@ -283,22 +283,22 @@
"restore_cleaning_failed": "Unable to clean-up the temporary restoration directory",
"restore_complete": "Restore complete",
"restore_confirm_yunohost_installed": "Do you really want to restore an already installed system? [{answers:s}]",
"restore_extracting": "Extracting needed files from the archive...",
"restore_extracting": "فك الضغط عن الملفات التي نحتاجها من النسخة الإحتياطية ...",
"restore_failed": "Unable to restore the system",
"restore_hook_unavailable": "Restoration script for '{part:s}' not available on your system and not in the archive either",
"restore_may_be_not_enough_disk_space": "Your system seems not to have enough disk space (freespace: {free_space:d} B, needed space: {needed_space:d} B, security margin: {margin:d} B)",
"restore_mounting_archive": "Mounting archive into '{path:s}'",
"restore_mounting_archive": "تنصيب النسخة الإحتياطية على المسار '{path:s}'",
"restore_not_enough_disk_space": "Not enough disk space (freespace: {free_space:d} B, needed space: {needed_space:d} B, security margin: {margin:d} B)",
"restore_nothings_done": "Nothing has been restored",
"restore_removing_tmp_dir_failed": "Unable to remove an old temporary directory",
"restore_running_app_script": "Running restore script of app '{app:s}'...",
"restore_running_hooks": "Running restoration hooks...",
"restore_system_part_failed": "Unable to restore the '{part:s}' system part",
"server_shutdown": "The server will shutdown",
"server_shutdown_confirm": "The server will shutdown immediatly, are you sure? [{answers:s}]",
"server_shutdown": "سوف ينطفئ الخادوم",
"server_shutdown_confirm": "سوف ينطفئ الخادوم حالا. متأكد ؟ [{answers:s}]",
"server_reboot": "The server will reboot",
"server_reboot_confirm": "The server will reboot immediatly, are you sure? [{answers:s}]",
"service_add_failed": "Unable to add service '{service:s}'",
"service_add_failed": "تعذرت إضافة خدمة '{service:s}'",
"service_added": "The service '{service:s}' has been added",
"service_already_started": "Service '{service:s}' has already been started",
"service_already_stopped": "Service '{service:s}' has already been stopped",
@ -315,9 +315,9 @@
"service_conf_up_to_date": "The configuration is already up-to-date for service '{service}'",
"service_conf_updated": "The configuration has been updated for service '{service}'",
"service_conf_would_be_updated": "The configuration would have been updated for service '{service}'",
"service_disable_failed": "Unable to disable service '{service:s}'",
"service_disable_failed": "",
"service_disabled": "The service '{service:s}' has been disabled",
"service_enable_failed": "Unable to enable service '{service:s}'",
"service_enable_failed": "",
"service_enabled": "The service '{service:s}' has been enabled",
"service_no_log": "No log to display for service '{service:s}'",
"service_regenconf_dry_pending_applying": "Checking pending configuration which would have been applied for service '{service}'...",
@ -325,10 +325,10 @@
"service_regenconf_pending_applying": "Applying pending configuration for service '{service}'...",
"service_remove_failed": "Unable to remove service '{service:s}'",
"service_removed": "The service '{service:s}' has been removed",
"service_start_failed": "Unable to start service '{service:s}'",
"service_start_failed": "",
"service_started": "The service '{service:s}' has been started",
"service_status_failed": "Unable to determine status of service '{service:s}'",
"service_stop_failed": "Unable to stop service '{service:s}'",
"service_stop_failed": "",
"service_stopped": "The service '{service:s}' has been stopped",
"service_unknown": "Unknown service '{service:s}'",
"ssowat_conf_generated": "The SSOwat configuration has been generated",
@ -364,5 +364,10 @@
"yunohost_ca_creation_success": "تم إنشاء هيئة الشهادات المحلية.",
"yunohost_configured": "YunoHost has been configured",
"yunohost_installing": "عملية تنصيب يونوهوست جارية …",
"yunohost_not_installed": "YunoHost is not or not correctly installed. Please execute 'yunohost tools postinstall'"
"yunohost_not_installed": "YunoHost is not or not correctly installed. Please execute 'yunohost tools postinstall'",
"migration_description_0003_migrate_to_stretch": "تحديث النظام إلى ديبيان ستريتش و واي يونوهوست 3.0",
"migration_0003_patching_sources_list": "عملية تعديل ملف المصادر sources.lists جارية ...",
"migration_0003_main_upgrade": "بداية عملية التحديث الأساسية ...",
"migration_0003_fail2ban_upgrade": "بداية عملية تحديث fail2ban ...",
"migration_0003_not_jessie": "إن توزيعة ديبيان الحالية تختلف عن جيسي !"
}

9
locales/en.json
View file

@ -232,6 +232,7 @@
"migration_0003_patching_sources_list": "Patching the sources.lists ...",
"migration_0003_main_upgrade": "Starting main upgrade ...",
"migration_0003_fail2ban_upgrade": "Starting the fail2ban upgrade ...",
"migration_0003_restoring_origin_nginx_conf": "Your file /etc/nginx/nginx.conf was edited somehow. The migration is going to reset back to its original state first... The previous file will be available as {backup_dest}.",
"migration_0003_yunohost_upgrade": "Starting the yunohost package upgrade ... The migration will end, but the actual upgrade will happen right after. After the operation is complete, you might have to re-log on the webadmin.",
"migration_0003_not_jessie": "The current debian distribution is not Jessie !",
"migration_0003_system_not_fully_up_to_date": "Your system is not fully up to date. Please perform a regular upgrade before running the migration to stretch.",
@ -338,9 +339,9 @@
"service_conf_up_to_date": "The configuration is already up-to-date for service '{service}'",
"service_conf_updated": "The configuration has been updated for service '{service}'",
"service_conf_would_be_updated": "The configuration would have been updated for service '{service}'",
"service_disable_failed": "Unable to disable service '{service:s}'",
"service_disable_failed": "Unable to disable service '{service:s}'\n\nRecent service logs:{logs:s}",
"service_disabled": "The service '{service:s}' has been disabled",
"service_enable_failed": "Unable to enable service '{service:s}'",
"service_enable_failed": "Unable to enable service '{service:s}'\n\nRecent service logs:{logs:s}",
"service_enabled": "The service '{service:s}' has been enabled",
"service_no_log": "No log to display for service '{service:s}'",
"service_regenconf_dry_pending_applying": "Checking pending configuration which would have been applied for service '{service}'...",
@ -348,10 +349,10 @@
"service_regenconf_pending_applying": "Applying pending configuration for service '{service}'...",
"service_remove_failed": "Unable to remove service '{service:s}'",
"service_removed": "The service '{service:s}' has been removed",
"service_start_failed": "Unable to start service '{service:s}'",
"service_start_failed": "Unable to start service '{service:s}'\n\nRecent service logs:{logs:s}",
"service_started": "The service '{service:s}' has been started",
"service_status_failed": "Unable to determine status of service '{service:s}'",
"service_stop_failed": "Unable to stop service '{service:s}'",
"service_stop_failed": "Unable to stop service '{service:s}'\n\nRecent service logs:{logs:s}",
"service_stopped": "The service '{service:s}' has been stopped",
"service_unknown": "Unknown service '{service:s}'",
"ssowat_conf_generated": "The SSOwat configuration has been generated",

29
locales/fr.json
View file

@ -200,9 +200,9 @@
"service_configuration_conflict": "Le fichier {file:s} a été modifié depuis sa dernière génération. Veuillez y appliquer les modifications manuellement ou utiliser loption --force (ce qui écrasera toutes les modifications effectuées sur le fichier).",
"service_configured": "La configuration du service « {service:s} » a été générée avec succès",
"service_configured_all": "La configuration de tous les services a été générée avec succès",
"service_disable_failed": "Impossible de désactiver le service « {service:s} »",
"service_disable_failed": "Impossible de désactiver le service « {service:s} »\n\nJournaux récents : {logs:s}",
"service_disabled": "Le service « {service:s} » a été désactivé",
"service_enable_failed": "Impossible d'activer le service « {service:s} »",
"service_enable_failed": "Impossible dactiver le service « {service:s} »\n\nJournaux récents : {logs:s}",
"service_enabled": "Le service « {service:s} » a été activé",
"service_no_log": "Aucun journal à afficher pour le service « {service:s} »",
"service_regenconf_dry_pending_applying": "Vérification des configurations en attentes qui pourraient être appliquées pour le service « {service} »…",
@ -210,10 +210,10 @@
"service_regenconf_pending_applying": "Application des configurations en attentes pour le service « {service} »…",
"service_remove_failed": "Impossible d'enlever le service « {service:s} »",
"service_removed": "Le service « {service:s} » a été enlevé",
"service_start_failed": "Impossible de démarrer le service « {service:s} »",
"service_start_failed": "Impossible de démarrer le service « {service:s} »\n\nJournaux récents : {logs:s}",
"service_started": "Le service « {service:s} » a été démarré",
"service_status_failed": "Impossible de déterminer le statut du service « {service:s} »",
"service_stop_failed": "Impossible d'arrêter le service « {service:s} »",
"service_stop_failed": "Impossible darrêter le service « {service:s} »\n\nJournaux récents : {logs:s}",
"service_stopped": "Le service « {service:s} » a été arrêté",
"service_unknown": "Service « {service:s} » inconnu",
"services_configured": "La configuration a été générée avec succès",
@ -379,5 +379,24 @@
"migrate_tsig_wait_3": "1 minute…",
"migrate_tsig_wait_4": "30 secondes…",
"migrate_tsig_not_needed": "Il ne semble pas que vous utilisez un domaine dyndns, donc aucune migration nest nécessaire !",
"app_checkurl_is_deprecated": "Packagers /!\\ 'app checkurl' est obsolète ! Utilisez 'app register-url' en remplacement !"
"app_checkurl_is_deprecated": "Packagers /!\\ 'app checkurl' est obsolète ! Utilisez 'app register-url' en remplacement !",
"migration_description_0001_change_cert_group_to_sslcert": "Change les permissions de groupe des certificats de « metronome » à « ssl-cert »",
"migration_description_0002_migrate_to_tsig_sha256": "Améliore la sécurité de DynDNDS TSIG en utilisant SHA512 au lieu de MD5",
"migration_description_0003_migrate_to_stretch": "Mise à niveau du système vers Debian Stretch et YunoHost 3.0",
"migration_0003_backward_impossible": "La migration Stretch nest pas réversible.",
"migration_0003_start": "Démarrage de la migration vers Stretch. Les journaux seront disponibles dans {logfile}.",
"migration_0003_patching_sources_list": "Modification de sources.lists…",
"migration_0003_main_upgrade": "Démarrage de la mise à niveau principale…",
"migration_0003_fail2ban_upgrade": "Démarrage de la mise à niveau de fail2ban…",
"migration_0003_restoring_origin_nginx_conf": "Votre fichier /etc/nginx/nginx.conf a été modifié dune manière ou dune autre. La migration va dabords le réinitialiser à son état initial… Le fichier précédent sera disponible en tant que {backup_dest}.",
"migration_0003_yunohost_upgrade": "Démarrage de la mise à niveau du paquet YunoHost… La migration terminera, mais la mise à jour réelle aura lieu immédiatement après. Après cette opération terminée, vous pourriez avoir à vous reconnecter à ladministration web.",
"migration_0003_not_jessie": "La distribution Debian actuelle nest pas Jessie !",
"migration_0003_system_not_fully_up_to_date": "Votre système nest pas complètement à jour. Veuillez mener une mise à jour classique avant de lancer à migration à Stretch.",
"migration_0003_still_on_jessie_after_main_upgrade": "Quelque chose sest ma passé pendant la mise à niveau principale : le système est toujours sur Jessie ?!? Pour investiguer le problème, veuillez regarder {log} 🙁…",
"migration_0003_general_warning": "Veuillez noter que cette migration est une opération délicate. Si léquipe YunoHost a fait de son mieux pour la relire et la tester, la migration pourrait tout de même casser des parties de votre système ou de vos applications.\n\nEn conséquence, nous vous recommandons :\n - de lancer une sauvegarde de vos données ou applications critiques ;\n - dêtre patient après avoir lancé la migration : selon votre connexion internet et matériel, cela pourrait prendre jusqu'à quelques heures pour que tout soit à niveau.",
"migration_0003_problematic_apps_warning": "Veuillez noter que les applications suivantes, éventuellement problématiques, ont été détectées. Il semble quelles naient pas été installées depuis une liste dapplication ou quelles ne soit pas marquées «working ». En conséquence, nous ne pouvons pas garantir quelles fonctionneront après la mise à niveau : {problematic_apps}",
"migration_0003_modified_files": "Veuillez noter que les fichiers suivants ont été détectés comme modifiés manuellement et pourraient être écrasés à la fin de la mise à niveau : {manually_modified_files}",
"migrations_list_conflict_pending_done": "Vous ne pouvez pas utiliser --previous et --done simultanément.",
"migrations_to_be_ran_manually": "La migration {number} {name} doit être lancée manuellement. Veuillez aller dans Outils > Migration dans linterface admin, ou lancer `yunohost tools migrations migrate`.",
"migrations_need_to_accept_disclaimer": "Pour lancer la migration {number} {name}, vous devez accepter cette clause de non-responsabilité :\n---\n{disclaimer}\n---\nSi vous acceptez de lancer la migration, veuillez relancer la commande avec loption --accept-disclaimer."
}

83
locales/oc.json
View file

@ -3,5 +3,86 @@
"admin_password_change_failed": "Impossible de cambiar lo senhal",
"admin_password_changed": "Lo senhal d'administracion es ben estat cambiat",
"app_already_installed": "{app:s} es ja installat",
"app_already_up_to_date": "{app:s} es ja a jorn"
"app_already_up_to_date": "{app:s} es ja a jorn",
"installation_complete": "Installacion acabada",
"app_id_invalid": "Id daplicacion incorrècte",
"app_install_files_invalid": "Fichièrs dinstallacion incorrèctes",
"app_no_upgrade": "Pas cap daplicacion de metre a jorn",
"app_not_correctly_installed": "{app:s} sembla pas ben installat",
"app_not_installed": "{app:s} es pas installat",
"app_not_properly_removed": "{app:s} es pas estat corrèctament suprimit",
"app_removed": "{app:s} es estat suprimit",
"app_unknown": "Aplicacion desconeguda",
"app_upgrade_app_name": "Mesa a jorn de laplicacion {app}...",
"app_upgrade_failed": "Impossible de metre a jorn {app:s}",
"app_upgrade_some_app_failed": "Daplicacions se pòdon pas metre a jorn",
"app_upgraded": "{app:s} es estat mes a jorn",
"appslist_fetched": "Recuperacion de la lista daplicacions {appslist:s} corrèctament realizada",
"appslist_migrating": "Migracion de la lista daplicacion{appslist:s}…",
"appslist_name_already_tracked": "I a ja una lista daplicacion enregistrada amb lo nom {name:s}.",
"appslist_removed": "Supression de la lista daplicacions {appslist:s} corrèctament realizada",
"appslist_retrieve_bad_format": "Lo fichièr recuperat per la lista daplicacions {appslist:s} es pas valid",
"appslist_unknown": "La lista daplicacions {appslist:s} es desconeguda.",
"appslist_url_already_tracked": "I a ja una lista daplicacions enregistrada amb lURL {url:s}.",
"ask_current_admin_password": "Senhal administrator actual",
"ask_email": "Adreça de corrièl",
"ask_firstname": "Prenom",
"ask_lastname": "Nom",
"ask_list_to_remove": "Lista de suprimir",
"ask_main_domain": "Domeni màger",
"ask_new_admin_password": "Nòu senhal administrator",
"ask_password": "Senhal",
"ask_path": "Camin",
"backup_action_required": "Devètz precisar çò que cal salvagardar",
"backup_app_failed": "Impossible de salvagardar laplicacion « {app:s} »",
"backup_applying_method_copy": "Còpia de totes los fichièrs dins la salvagarda…",
"backup_applying_method_tar": "Creacion de larchiu tar de la salvagarda…",
"backup_archive_name_exists": "Un archiu de salvagarda amb aquesta nom existís ja",
"backup_archive_name_unknown": "Larchiu local de salvagarda apelat « {name:s} » es desconegut",
"action_invalid": "Accion « {action:s} » incorrècte",
"app_argument_choice_invalid": "Causida invalida pel paramètre « {name:s} », cal que siá un de {choices:s}",
"app_argument_invalid": "Valor invalida pel paramètre « {name:s} » : {error:s}",
"app_argument_required": "Lo paramètre « {name:s} » es requesit",
"app_change_url_failed_nginx_reload": "La reaviada de nginx a fracassat. Vaquí la sortida de «nginx -t»:\n{nginx_errors:s}",
"app_change_url_identical_domains": "Lancian e lo novèl coble domeni/camin son identics per {domain:s}{path:s}, pas res a far.",
"app_change_url_success": "LURL de laplicacion {app:s} a cambiat per {domain:s}{path:s}",
"app_checkurl_is_deprecated": "Packagers /!\\ 'app checkurl' es obsolèt! Utilizatz 'app register-url' a la plaça!",
"app_extraction_failed": "Extraccion dels fichièrs dinstallacion impossibla",
"app_incompatible": "Laplicacion {app} es pas compatibla amb vòstra version de YunoHost",
"app_location_already_used": "Laplicacion « {app} » es ja installada a aqueste emplaçament ({path})",
"app_manifest_invalid": "Manifest daplicacion incorrècte: {error}",
"app_package_need_update": "Lo paquet de laplicacion {app} deu èsser mes a jorn per seguir los cambiaments de YunoHost",
"app_requirements_checking": "Verificacion dels paquets requesida per {app}...",
"app_sources_fetch_failed": "Recuperacion dels fichièrs fonts impossibla",
"app_unsupported_remote_type": "Lo tipe alonhat utilizat per laplicacion es pas suportat",
"appslist_retrieve_error": "Impossible de recuperar la lista daplicacions alonhadas {appslist:s}: {error:s}",
"backup_archive_app_not_found": "Laplicacion « {app:s} » es pas estada trobada dins larchiu de la salvagarda",
"backup_archive_broken_link": "Impossible daccedir a larchiu de salvagarda (ligam invalid cap a {path:s})",
"backup_archive_mount_failed": "Lo montatge de larchiu de salvagarda a fracassat",
"backup_archive_open_failed": "Impossible de dobrir larchiu de salvagarda",
"backup_archive_system_part_not_available": "La part « {part:s} » del sistèma es pas disponibla dins aquesta salvagarda",
"backup_cleaning_failed": "Impossible de netejar lo repertòri temporari de salvagarda",
"backup_copying_to_organize_the_archive": "Còpia de {size:s} Mio per organizar larchiu",
"backup_created": "Salvagarda acabada",
"backup_creating_archive": "Creacion de larchiu de salvagarda...",
"backup_creation_failed": "Impossible de crear la salvagarda",
"app_already_installed_cant_change_url": "Aquesta aplicacion es ja installada. Aquesta foncion pòt pas simplament cambiar lURL. Agachatz « app changeurl » ses disponible.",
"app_change_no_change_url_script": "Laplicacion {app_name:s} pren pas en compte lo cambiament dURL, poiretz aver de la metre a jorn.",
"app_change_url_no_script": "Laplicacion {app_name:s} pren pas en compte lo cambiament dURL, benlèu que vos cal la metre a jorn.",
"app_make_default_location_already_used": "Impossible de configurar laplicacion « {app} » per defaut pel domeni {domain} perque es ja utilizat per laplicacion {other_app}",
"app_location_install_failed": "Impossible dinstallar laplicacion a aqueste emplaçament per causa de conflicte amb laplicacion {other_app} ques ja installada sus {other_path}",
"app_location_unavailable": "Aquesta URL es pas disponibla o en conflicte amb una aplicacion existenta",
"appslist_corrupted_json": "Cargament impossible de la lista daplicacion. Sembla que {filename:s} siá gastat.",
"backup_delete_error": "Impossible de suprimir « {path:s} »",
"backup_deleted": "La salvagarda es estada suprimida",
"backup_hook_unknown": "Script de salvagarda « {hook:s} » desconegut",
"backup_invalid_archive": "Archiu de salvagarda incorrècte",
"backup_method_borg_finished": "La salvagarda dins Borg es acabada",
"backup_method_copy_finished": "La còpia de salvagarda es acabada",
"backup_method_tar_finished": "Larchiu tar de la salvagarda es estat creat",
"backup_output_directory_not_empty": "Lo dorsièr de sortida es pas void",
"backup_output_directory_required": "Vos cal especificar un dorsièr de sortida per la salvagarda",
"backup_running_app_script": "Lançament de lescript de salvagarda de laplicacion « {app:s} »...",
"backup_running_hooks": "Execucion dels scripts de salvagarda...",
"backup_system_part_failed": "Impossible de salvagardar la part « {part:s} » del sistèma"
}

8
locales/pt.json
View file

@ -162,5 +162,11 @@
"backup_extracting_archive": "Extraindo arquivo de backup...",
"backup_hook_unknown": "Gancho de backup '{hook:s}' desconhecido",
"backup_nothings_done": "Não há nada para guardar",
"backup_output_directory_forbidden": "Diretório de saída proibido. Os backups não podem ser criados em /boot, /dev, /etc, /lib, /root, /run, /sbin, /sys, /usr, /var ou /home/yunohost.backup/archives subpastas"
"backup_output_directory_forbidden": "Diretório de saída proibido. Os backups não podem ser criados em /boot, /dev, /etc, /lib, /root, /run, /sbin, /sys, /usr, /var ou /home/yunohost.backup/archives subpastas",
"app_already_installed_cant_change_url": "Este aplicativo já está instalado. A URL não pode ser alterada apenas por esta função. Olhe para o `app changeurl` se estiver disponível.",
"app_already_up_to_date": "{app:s} já está atualizado",
"app_argument_choice_invalid": "Escolha inválida para o argumento '{name:s}', deve ser um dos {choices:s}",
"app_argument_invalid": "Valor inválido de argumento '{name:s}': {error:s}",
"app_argument_required": "O argumento '{name:s}' é obrigatório",
"app_change_url_failed_nginx_reload": "Falha ao reiniciar o nginx. Aqui está o retorno de 'nginx -t':\n{nginx_errors:s}"
}

101
src/yunohost/data_migrations/0003_migrate_to_stretch.py
View file

@ -1,11 +1,5 @@
import glob
import os
import requests
import base64
import time
import json
import errno
import platform
from shutil import copy2
from moulinette import m18n, msettings
@ -16,13 +10,16 @@ from moulinette.utils.filesystem import read_file
from yunohost.tools import Migration
from yunohost.app import unstable_apps
from yunohost.service import _run_service_command, service_regen_conf, manually_modified_files
from yunohost.service import (_run_service_command,
manually_modified_files,
manually_modified_files_compared_to_debian_default)
from yunohost.utils.filesystem import free_space_in_directory
from yunohost.utils.packages import get_installed_version
logger = getActionLogger('yunohost.migration')
YUNOHOST_PACKAGES = ["yunohost", "yunohost-admin", "moulinette", "ssowat" ]
YUNOHOST_PACKAGES = ["yunohost", "yunohost-admin", "moulinette", "ssowat"]
class MyMigration(Migration):
"Upgrade the system to Debian Stretch and Yunohost 3.0"
@ -42,6 +39,8 @@ class MyMigration(Migration):
logger.warning(m18n.n("migration_0003_start", logfile=self.logfile))
# Preparing the upgrade
self.restore_original_nginx_conf_if_needed()
logger.warning(m18n.n("migration_0003_patching_sources_list"))
self.patch_apt_sources_list()
self.backup_files_to_keep()
@ -53,7 +52,7 @@ class MyMigration(Migration):
# Main dist-upgrade
logger.warning(m18n.n("migration_0003_main_upgrade"))
_run_service_command("stop", "mysql")
self.apt_dist_upgrade(conf_flags=["old", "def"])
self.apt_dist_upgrade(conf_flags=["old", "miss", "def"])
_run_service_command("start", "mysql")
if self.debian_major_version() == 8:
raise MoulinetteError(m18n.n("migration_0003_still_on_jessie_after_main_upgrade", log=self.logfile))
@ -80,7 +79,11 @@ class MyMigration(Migration):
self.upgrade_yunohost_packages()
def debian_major_version(self):
return int(platform.dist()[1][0])
# We rely on lsb_release instead of the python module "platform",
# because "platform" relies on uname, which on some weird setups does
# not behave correctly (still says running Jessie when lsb_release says
# Stretch...)
return int(check_output("lsb_release -r").split("\t")[1][0])
def yunohost_major_version(self):
return int(get_installed_version("yunohost").split('.')[0])
@ -92,7 +95,7 @@ class MyMigration(Migration):
# in the middle and debian version could be >= 9.x but yunohost package
# would still be in 2.x...
if not self.debian_major_version() == 8 \
and not self.yunohost_major_version() == 2:
and not self.yunohost_major_version() == 2:
raise MoulinetteError(m18n.n("migration_0003_not_jessie"))
# Have > 1 Go free space on /var/ ?
@ -102,7 +105,7 @@ class MyMigration(Migration):
# Check system is up to date
# (but we don't if 'stretch' is already in the sources.list ...
# which means maybe a previous upgrade crashed and we're re-running it)
if not " stretch " in read_file("/etc/apt/sources.list"):
if " stretch " not in read_file("/etc/apt/sources.list"):
self.apt_update()
apt_list_upgradable = check_output("apt list --upgradable -a")
if "upgradable" in apt_list_upgradable:
@ -117,16 +120,20 @@ class MyMigration(Migration):
# in the middle and debian version could be >= 9.x but yunohost package
# would still be in 2.x...
if not self.debian_major_version() == 8 \
and not self.yunohost_major_version() == 2:
and not self.yunohost_major_version() == 2:
return None
# Get list of problematic apps ? I.e. not official or community+working
problematic_apps = unstable_apps()
problematic_apps = "".join(["\n - "+app for app in problematic_apps ])
problematic_apps = "".join(["\n - " + app for app in problematic_apps])
# Manually modified files ? (c.f. yunohost service regen-conf)
modified_files = manually_modified_files()
modified_files = "".join(["\n - "+f for f in modified_files ])
# We also have a specific check for nginx.conf which some people
# modified and needs to be upgraded...
if "/etc/nginx/nginx.conf" in manually_modified_files_compared_to_debian_default():
modified_files.append("/etc/nginx/nginx.conf")
modified_files = "".join(["\n - " + f for f in modified_files])
message = m18n.n("migration_0003_general_warning")
@ -146,12 +153,13 @@ class MyMigration(Migration):
# This :
# - replace single 'jessie' occurence by 'stretch'
# - comments lines containing "backports"
# - replace 'jessie/updates' by 'strech/updates'
# - replace 'jessie/updates' by 'strech/updates' (or same with a -)
# - switch yunohost's repo to forge
for f in sources_list:
command = "sed -i -e 's@ jessie @ stretch @g' " \
"-e '/backports/ s@^#*@#@' " \
"-e 's@ jessie/updates @ stretch/updates @g' " \
"-e 's@ jessie-updates @ stretch-updates @g' " \
"-e 's@repo.yunohost@forge.yunohost@g' " \
"{}".format(f)
os.system(command)
@ -209,14 +217,13 @@ class MyMigration(Migration):
wait_until_end_of_yunohost_command = "(while [ -f {} ]; do sleep 2; done)".format(MOULINETTE_LOCK)
command = "({} && {}; echo 'Done!') &".format(wait_until_end_of_yunohost_command,
upgrade_command)
command = "({} && {}; echo 'Migration complete!') &".format(wait_until_end_of_yunohost_command,
upgrade_command)
logger.debug("Running command :\n{}".format(command))
os.system(command)
def apt_dist_upgrade(self, conf_flags):
# Make apt-get happy
@ -248,7 +255,6 @@ class MyMigration(Migration):
# enabled if the user explicitly add --verbose ...
os.system(command)
# Those are files that should be kept and restored before the final switch
# to yunohost 3.x... They end up being modified by the various dist-upgrades
# (or need to be taken out momentarily), which then blocks the regen-conf
@ -289,3 +295,58 @@ class MyMigration(Migration):
dest_file = f.strip('/').replace("/", "_")
copy2(os.path.join(tmp_dir, dest_file), f)
# On some setups, /etc/nginx/nginx.conf got edited. But this file needs
# to be upgraded because of the way the new module system works for nginx.
# (in particular, having the line that include the modules at the top)
#
# So here, if it got edited, we force the restore of the original conf
# *before* starting the actual upgrade...
#
# An alternative strategy that was attempted was to hold the nginx-common
# package and have a specific upgrade for it like for fail2ban, but that
# leads to apt complaining about not being able to upgrade for shitty
# reasons >.>
def restore_original_nginx_conf_if_needed(self):
if "/etc/nginx/nginx.conf" not in manually_modified_files_compared_to_debian_default():
return
if not os.path.exists("/etc/nginx/nginx.conf"):
return
# If stretch is in the sources.list, we already started migrating on
# stretch so we don't re-do this
if " stretch " in read_file("/etc/apt/sources.list"):
return
backup_dest = "/home/yunohost.conf/backup/nginx.conf.bkp_before_stretch"
logger.warning(m18n.n("migration_0003_restoring_origin_nginx_conf",
backup_dest=backup_dest))
os.system("mv /etc/nginx/nginx.conf %s" % backup_dest)
command = ""
command += " DEBIAN_FRONTEND=noninteractive"
command += " APT_LISTCHANGES_FRONTEND=none"
command += " apt-get"
command += " --fix-broken --show-upgraded --assume-yes"
command += ' -o Dpkg::Options::="--force-confmiss"'
command += " install --reinstall"
command += " nginx-common"
logger.debug("Running apt command :\n{}".format(command))
command += " 2>&1 | tee -a {}".format(self.logfile)
is_api = msettings.get('interface') == 'api'
if is_api:
callbacks = (
lambda l: logger.info(l.rstrip()),
lambda l: logger.warning(l.rstrip()),
)
call_async_output(command, callbacks, shell=True)
else:
# We do this when running from the cli to have the output of the
# command showing in the terminal, since 'info' channel is only
# enabled if the user explicitly add --verbose ...
os.system(command)

283
src/yunohost/service.py
View file

@ -27,12 +27,13 @@ import os
import time
import yaml
import json
import glob
import subprocess
import errno
import shutil
import hashlib
from difflib import unified_diff
from datetime import datetime
from moulinette import m18n
from moulinette.core import MoulinetteError
@ -75,6 +76,7 @@ def service_add(name, status=None, log=None, runlevel=None):
try:
_save_services(services)
except:
# we'll get a logger.warning with more details in _save_services
raise MoulinetteError(errno.EIO, m18n.n('service_add_failed', service=name))
logger.success(m18n.n('service_added', service=name))
@ -98,6 +100,7 @@ def service_remove(name):
try:
_save_services(services)
except:
# we'll get a logger.warning with more details in _save_services
raise MoulinetteError(errno.EIO, m18n.n('service_remove_failed', service=name))
logger.success(m18n.n('service_removed', service=name))
@ -113,13 +116,16 @@ def service_start(names):
"""
if isinstance(names, str):
names = [names]
for name in names:
if _run_service_command('start', name):
logger.success(m18n.n('service_started', service=name))
else:
if service_status(name)['status'] != 'running':
raise MoulinetteError(errno.EPERM,
m18n.n('service_start_failed', service=name))
m18n.n('service_start_failed',
service=name,
logs=_get_journalctl_logs(name)))
logger.info(m18n.n('service_already_started', service=name))
@ -139,7 +145,9 @@ def service_stop(names):
else:
if service_status(name)['status'] != 'inactive':
raise MoulinetteError(errno.EPERM,
m18n.n('service_stop_failed', service=name))
m18n.n('service_stop_failed',
service=name,
logs=_get_journalctl_logs(name)))
logger.info(m18n.n('service_already_stopped', service=name))
@ -158,7 +166,9 @@ def service_enable(names):
logger.success(m18n.n('service_enabled', service=name))
else:
raise MoulinetteError(errno.EPERM,
m18n.n('service_enable_failed', service=name))
m18n.n('service_enable_failed',
service=name,
logs=_get_journalctl_logs(name)))
def service_disable(names):
@ -176,7 +186,9 @@ def service_disable(names):
logger.success(m18n.n('service_disabled', service=name))
else:
raise MoulinetteError(errno.EPERM,
m18n.n('service_disable_failed', service=name))
m18n.n('service_disable_failed',
service=name,
logs=_get_journalctl_logs(name)))
def service_status(names=[]):
@ -202,46 +214,54 @@ def service_status(names=[]):
raise MoulinetteError(errno.EINVAL,
m18n.n('service_unknown', service=name))
status = None
if services[name].get('status') == 'service':
status = 'service %s status' % name
elif "status" in services[name]:
status = str(services[name]['status'])
else:
# this "service" isn't a service actually so we skip it
#
# the historical reason is because regenconf has been hacked into the
# service part of YunoHost will in some situation we need to regenconf
# for things that aren't services
# the hack was to add fake services...
# we need to extract regenconf from service at some point, also because
# some app would really like to use it
if "status" in services[name] and services[name]["status"] is None:
continue
runlevel = 5
if 'runlevel' in services[name].keys():
runlevel = int(services[name]['runlevel'])
status = _get_service_information_from_systemd(name)
result[name] = {'status': 'unknown', 'loaded': 'unknown'}
# Retrieve service status
try:
ret = subprocess.check_output(status, stderr=subprocess.STDOUT,
shell=True)
except subprocess.CalledProcessError as e:
if 'usage:' in e.output.lower():
logger.warning(m18n.n('service_status_failed', service=name))
else:
result[name]['status'] = 'inactive'
else:
result[name]['status'] = 'running'
# Retrieve service loading
rc_path = glob.glob("/etc/rc%d.d/S[0-9][0-9]%s" % (runlevel, name))
if len(rc_path) == 1 and os.path.islink(rc_path[0]):
result[name]['loaded'] = 'enabled'
elif os.path.isfile("/etc/init.d/%s" % name):
result[name]['loaded'] = 'disabled'
else:
result[name]['loaded'] = 'not-found'
result[name] = {
'status': str(status.get("SubState", "unknown")),
'loaded': "enabled" if str(status.get("LoadState", "unknown")) == "loaded" else str(status.get("LoadState", "unknown")),
'active': str(status.get("ActiveState", "unknown")),
'active_at': {
"timestamp": str(status.get("ActiveEnterTimestamp", "unknown")),
"human": datetime.fromtimestamp(status.get("ActiveEnterTimestamp") / 1000000).strftime("%F %X"),
},
'description': str(status.get("Description", "")),
'service_file_path': str(status.get("FragmentPath", "unknown")),
}
if len(names) == 1:
return result[names[0]]
return result
def _get_service_information_from_systemd(service):
"this is the equivalent of 'systemctl status $service'"
import dbus
d = dbus.SystemBus()
systemd = d.get_object('org.freedesktop.systemd1','/org/freedesktop/systemd1')
manager = dbus.Interface(systemd, 'org.freedesktop.systemd1.Manager')
service_path = manager.GetUnit(service + ".service")
service_proxy = d.get_object('org.freedesktop.systemd1', service_path)
# unit_proxy = dbus.Interface(service_proxy, 'org.freedesktop.systemd1.Unit',)
properties_interface = dbus.Interface(service_proxy, 'org.freedesktop.DBus.Properties')
return properties_interface.GetAll('org.freedesktop.systemd1.Unit')
def service_log(name, number=50):
"""
Log every log files of a service
@ -256,21 +276,33 @@ def service_log(name, number=50):
if name not in services.keys():
raise MoulinetteError(errno.EINVAL, m18n.n('service_unknown', service=name))
if 'log' in services[name]:
log_list = services[name]['log']
result = {}
if not isinstance(log_list, list):
log_list = [log_list]
for log_path in log_list:
if os.path.isdir(log_path):
for log in [f for f in os.listdir(log_path) if os.path.isfile(os.path.join(log_path, f)) and f[-4:] == '.log']:
result[os.path.join(log_path, log)] = _tail(os.path.join(log_path, log), int(number))
else:
result[log_path] = _tail(log_path, int(number))
else:
if 'log' not in services[name]:
raise MoulinetteError(errno.EPERM, m18n.n('service_no_log', service=name))
log_list = services[name]['log']
if not isinstance(log_list, list):
log_list = [log_list]
result = {}
for log_path in log_list:
# log is a file, read it
if not os.path.isdir(log_path):
result[log_path] = _tail(log_path, int(number))
continue
for log_file in os.listdir(log_path):
log_file_path = os.path.join(log_path, log_file)
# not a file : skip
if not os.path.isfile(log_file_path):
continue
if not log_file.endswith(".log"):
continue
result[log_file_path] = _tail(log_file_path, int(number))
return result
@ -292,14 +324,19 @@ def service_regen_conf(names=[], with_diff=False, force=False, dry_run=False,
# Return the list of pending conf
if list_pending:
pending_conf = _get_pending_conf(names)
if with_diff:
for service, conf_files in pending_conf.items():
for system_path, pending_path in conf_files.items():
pending_conf[service][system_path] = {
'pending_conf': pending_path,
'diff': _get_files_diff(
system_path, pending_path, True),
}
if not with_diff:
return pending_conf
for service, conf_files in pending_conf.items():
for system_path, pending_path in conf_files.items():
pending_conf[service][system_path] = {
'pending_conf': pending_path,
'diff': _get_files_diff(
system_path, pending_path, True),
}
return pending_conf
# Clean pending conf directory
@ -323,12 +360,15 @@ def service_regen_conf(names=[], with_diff=False, force=False, dry_run=False,
# create the pending conf directory for the service
service_pending_path = os.path.join(PENDING_CONF_DIR, name)
filesystem.mkdir(service_pending_path, 0755, True, uid='root')
# return the arguments to pass to the script
return pre_args + [service_pending_path, ]
pre_result = hook_callback('conf_regen', names, pre_callback=_pre_call)
# Update the services name
names = pre_result['succeed'].keys()
if not names:
raise MoulinetteError(errno.EIO,
m18n.n('service_regenconf_failed',
@ -386,6 +426,7 @@ def service_regen_conf(names=[], with_diff=False, force=False, dry_run=False,
'service_conf_file_manually_removed',
conf=system_path))
conf_status = 'removed'
# -> system conf is not managed yet
elif not saved_hash:
logger.debug("> system conf is not managed yet")
@ -409,6 +450,7 @@ def service_regen_conf(names=[], with_diff=False, force=False, dry_run=False,
logger.warning(m18n.n('service_conf_file_kept_back',
conf=system_path, service=service))
conf_status = 'unmanaged'
# -> system conf has not been manually modified
elif system_hash == saved_hash:
if to_remove:
@ -421,6 +463,7 @@ def service_regen_conf(names=[], with_diff=False, force=False, dry_run=False,
logger.debug("> system conf is already up-to-date")
os.remove(pending_path)
continue
else:
logger.debug("> system conf has been manually modified")
if system_hash == new_hash:
@ -457,6 +500,7 @@ def service_regen_conf(names=[], with_diff=False, force=False, dry_run=False,
'service_conf_updated' if not dry_run else
'service_conf_would_be_updated',
service=service))
if succeed_regen and not dry_run:
_update_conf_hashes(service, conf_hashes)
@ -480,6 +524,7 @@ def service_regen_conf(names=[], with_diff=False, force=False, dry_run=False,
else:
regen_conf_files = ''
return post_args + [regen_conf_files, ]
hook_callback('conf_regen', names, pre_callback=_pre_call)
return result
@ -498,11 +543,11 @@ def _run_service_command(action, service):
if service not in services.keys():
raise MoulinetteError(errno.EINVAL, m18n.n('service_unknown', service=service))
cmd = None
if action in ['start', 'stop', 'restart', 'reload', 'enable', 'disable']:
cmd = 'systemctl %s %s' % (action, service)
else:
raise ValueError("Unknown action '%s'" % action)
possible_actions = ['start', 'stop', 'restart', 'reload', 'enable', 'disable']
if action not in possible_actions:
raise ValueError("Unknown action '%s', available actions are: %s" % (action, ", ".join(possible_actions)))
cmd = 'systemctl %s %s' % (action, service)
need_lock = services[service].get('need_lock', False) \
and action in ['start', 'stop', 'restart', 'reload']
@ -517,14 +562,17 @@ def _run_service_command(action, service):
PID = _give_lock(action, service, p)
# Wait for the command to complete
p.communicate()
# Remove the lock if one was given
if need_lock and PID != 0:
_remove_lock(PID)
except subprocess.CalledProcessError as e:
# TODO: Log output?
logger.warning(m18n.n('service_cmd_exec_failed', command=' '.join(e.cmd)))
return False
finally:
# Remove the lock if one was given
if need_lock and PID != 0:
_remove_lock(PID)
return True
@ -557,6 +605,7 @@ def _give_lock(action, service, p):
return son_PID
def _remove_lock(PID_to_remove):
# FIXME ironically not concurrency safe because it's not atomic...
PIDs = filesystem.read_file(MOULINETTE_LOCK).split("\n")
PIDs_to_keep = [ PID for PID in PIDs if int(PID) != PID_to_remove ]
@ -574,6 +623,12 @@ def _get_services():
except:
return {}
else:
# some services are marked as None to remove them from YunoHost
# filter this
for key, value in services.items():
if value is None:
del services[key]
return services
@ -585,12 +640,15 @@ def _save_services(services):
services -- A dict of managed services with their parameters
"""
# TODO: Save to custom services.yml
with open('/etc/yunohost/services.yml', 'w') as f:
yaml.safe_dump(services, f, default_flow_style=False)
try:
with open('/etc/yunohost/services.yml', 'w') as f:
yaml.safe_dump(services, f, default_flow_style=False)
except Exception as e:
logger.warning('Error while saving services, exception: %s', e, exc_info=1)
raise
def _tail(file, n, offset=None):
def _tail(file, n):
"""
Reads a n lines from f with an offset of offset lines. The return
value is a tuple in the form ``(lines, has_more)`` where `has_more` is
@ -598,7 +656,7 @@ def _tail(file, n, offset=None):
"""
avg_line_length = 74
to_read = n + (offset or 0)
to_read = n
try:
with open(file, 'r') as f:
@ -609,13 +667,17 @@ def _tail(file, n, offset=None):
# woops. apparently file is smaller than what we want
# to step back, go to the beginning instead
f.seek(0)
pos = f.tell()
lines = f.read().splitlines()
if len(lines) >= to_read or pos == 0:
return lines[-to_read:offset and -offset or None]
return lines[-to_read]
avg_line_length *= 1.3
except IOError:
except IOError as e:
logger.warning("Error while tailing file '%s': %s", file, e, exc_info=1)
return []
@ -627,36 +689,39 @@ def _get_files_diff(orig_file, new_file, as_string=False, skip_header=True):
header can also be removed if skip_header is True.
"""
contents = [[], []]
for i, path in enumerate((orig_file, new_file)):
try:
with open(path, 'r') as f:
contents[i] = f.readlines()
except IOError:
pass
with open(orig_file, 'r') as orig_file:
orig_file = orig_file.readlines()
with open(new_file, 'r') as new_file:
new_file.readlines()
# Compare files and format output
diff = unified_diff(contents[0], contents[1])
diff = unified_diff(orig_file, new_file)
if skip_header:
for i in range(2):
try:
next(diff)
except:
break
try:
next(diff)
next(diff)
except:
pass
if as_string:
result = ''.join(line for line in diff)
return result.rstrip()
return ''.join(diff).rstrip()
return diff
def _calculate_hash(path):
"""Calculate the MD5 hash of a file"""
hasher = hashlib.md5()
try:
with open(path, 'rb') as f:
hasher.update(f.read())
return hasher.hexdigest()
except IOError:
except IOError as e:
logger.warning("Error while calculating file '%s' hash: %s", path, e, exc_info=1)
return None
@ -672,25 +737,33 @@ def _get_pending_conf(services=[]):
"""
result = {}
if not os.path.isdir(PENDING_CONF_DIR):
return result
if not services:
services = os.listdir(PENDING_CONF_DIR)
for name in services:
service_pending_path = os.path.join(PENDING_CONF_DIR, name)
if not os.path.isdir(service_pending_path):
continue
path_index = len(service_pending_path)
service_conf = {}
for root, dirs, files in os.walk(service_pending_path):
for filename in files:
pending_path = os.path.join(root, filename)
service_conf[pending_path[path_index:]] = pending_path
if service_conf:
result[name] = service_conf
else:
# remove empty directory
shutil.rmtree(service_pending_path, ignore_errors=True)
return result
@ -702,9 +775,11 @@ def _get_conf_hashes(service):
if service not in services:
logger.debug("Service %s is not in services.yml yet.", service)
return {}
elif services[service] is None or 'conffiles' not in services[service]:
logger.debug("No configuration files for service %s.", service)
return {}
else:
return services[service]['conffiles']
@ -737,11 +812,14 @@ def _process_regen_conf(system_conf, new_conf=None, save=True):
backup_path = os.path.join(BACKUP_CONF_DIR, '{0}-{1}'.format(
system_conf.lstrip('/'), time.strftime("%Y%m%d.%H%M%S")))
backup_dir = os.path.dirname(backup_path)
if not os.path.isdir(backup_dir):
filesystem.mkdir(backup_dir, 0755, True)
shutil.copy2(system_conf, backup_path)
logger.info(m18n.n('service_conf_file_backed_up',
conf=system_conf, backup=backup_path))
try:
if not new_conf:
os.remove(system_conf)
@ -749,19 +827,26 @@ def _process_regen_conf(system_conf, new_conf=None, save=True):
conf=system_conf))
else:
system_dir = os.path.dirname(system_conf)
if not os.path.isdir(system_dir):
filesystem.mkdir(system_dir, 0755, True)
shutil.copyfile(new_conf, system_conf)
logger.info(m18n.n('service_conf_file_updated',
conf=system_conf))
except:
except Exception as e:
logger.warning("Exception while trying to regenerate conf '%s': %s", system_conf, e, exc_info=1)
if not new_conf and os.path.exists(system_conf):
logger.warning(m18n.n('service_conf_file_remove_failed',
conf=system_conf),
exc_info=1)
return False
elif new_conf:
try:
# From documentation:
# Raise an exception if an os.stat() call on either pathname fails.
# (os.stats returns a series of information from a file like type, size...)
copy_succeed = os.path.samefile(system_conf, new_conf)
except:
copy_succeed = False
@ -771,8 +856,10 @@ def _process_regen_conf(system_conf, new_conf=None, save=True):
conf=system_conf, new=new_conf),
exc_info=1)
return False
return True
def manually_modified_files():
# We do this to have --quiet, i.e. don't throw a whole bunch of logs
@ -793,3 +880,21 @@ def manually_modified_files():
output.append(filename)
return output
def _get_journalctl_logs(service):
try:
return subprocess.check_output("journalctl -xn -u %s" % service, shell=True)
except:
import traceback
return "error while get services logs from journalctl:\n%s" % traceback.format_exc()
def manually_modified_files_compared_to_debian_default():
# from https://serverfault.com/a/90401
r = subprocess.check_output("dpkg-query -W -f='${Conffiles}\n' '*' \
| awk 'OFS=\" \"{print $2,$1}' \
| md5sum -c 2>/dev/null \
| awk -F': ' '$2 !~ /OK/{print $1}'", shell=True)
return r.strip().split("\n")

2
src/yunohost/tools.py
View file

@ -668,7 +668,7 @@ def _check_if_vulnerable_to_meltdown():
stderr=subprocess.STDOUT)
output, _ = call.communicate()
assert call.returncode == 0
assert call.returncode in (0, 2, 3), "Return code: %s" % call.returncode
CVEs = json.loads(output)
assert len(CVEs) == 1

55
src/yunohost/vendor/spectre-meltdown-checker/README.md vendored
View file

@ -1,16 +1,57 @@
Spectre & Meltdown Checker
==========================
A simple shell script to tell if your Linux installation is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
A shell script to tell if your system is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
Without options, it'll inspect your currently running kernel.
You can also specify a kernel image on the command line, if you'd like to inspect a kernel you're not running.
Supported operating systems:
- Linux (all versions, flavors and distros)
- BSD (FreeBSD, NetBSD, DragonFlyBSD)
The script will do its best to detect mitigations, including backported non-vanilla patches, regardless of the advertised kernel version number.
Supported architectures:
- x86 (32 bits)
- amd64/x86_64 (64 bits)
- ARM and ARM64
- other architectures will work, but mitigations (if they exist) might not always be detected
For Linux systems, the script will detect mitigations, including backported non-vanilla patches, regardless of the advertised kernel version number and the distribution (such as Debian, Ubuntu, CentOS, RHEL, Fedora, openSUSE, Arch, ...), it also works if you've compiled your own kernel.
For BSD systems, the detection will work as long as the BSD you're using supports `cpuctl` and `linprocfs` (this is not the case of OpenBSD for example).
## Easy way to run the script
- Get the latest version of the script using `curl` *or* `wget`
```bash
curl -L https://meltdown.ovh -o spectre-meltdown-checker.sh
wget https://meltdown.ovh -O spectre-meltdown-checker.sh
```
- Inspect the script. You never blindly run scripts you downloaded from the Internet, do you?
```bash
vim spectre-meltdown-checker.sh
```
- When you're ready, run the script as root
```bash
chmod +x spectre-meltdown-checker.sh
sudo ./spectre-meltdown-checker.sh
```
## Example of script output
![checker](https://framapic.org/6O4v4AAwMenv/M6J4CFWwsB3z.png)
- Intel Haswell CPU running under Ubuntu 16.04 LTS
![haswell](https://framapic.org/1kWmNwE6ll0p/ayTRX9JRlHJ7.png)
- AMD Ryzen running under OpenSUSE Tumbleweed
![ryzen](https://framapic.org/TkWbuh421YQR/6MAGUP3lL6Ne.png)
- Batch mode (JSON flavor)
![batch](https://framapic.org/HEcWFPrLewbs/om1LdufspWTJ.png)
## Quick summary of the CVEs
@ -38,8 +79,10 @@ The script will do its best to detect mitigations, including backported non-vani
This tool does its best to determine whether your system is immune (or has proper mitigations in place) for the collectively named "speculative execution" vulnerabilities. It doesn't attempt to run any kind of exploit, and can't guarantee that your system is secure, but rather helps you verifying whether your system has the known correct mitigations in place.
However, some mitigations could also exist in your kernel that this script doesn't know (yet) how to detect, or it might falsely detect mitigations that in the end don't work as expected (for example, on backported or modified kernels).
Your system exposure also depends on your CPU. As of now, AMD and ARM processors are marked as immune to some or all of these vulnerabilities (except some specific ARM models). All Intel processors manufactured since circa 1995 are thought to be vulnerable. Whatever processor one uses, one might seek more information from the manufacturer of that processor and/or of the device in which it runs.
Your system exposure also depends on your CPU. As of now, AMD and ARM processors are marked as immune to some or all of these vulnerabilities (except some specific ARM models). All Intel processors manufactured since circa 1995 are thought to be vulnerable, except some specific/old models, such as some early Atoms. Whatever processor one uses, one might seek more information from the manufacturer of that processor and/or of the device in which it runs.
The nature of the discovered vulnerabilities being quite new, the landscape of vulnerable processors can be expected to change over time, which is why this script makes the assumption that all CPUs are vulnerable, except if the manufacturer explicitly stated otherwise in a verifiable public announcement.
Please also note that for Spectre vulnerabilities, all software can possibly be exploited, this tool only verifies that the kernel (which is the core of the system) you're using has the proper protections in place. Verifying all the other software is out of the scope of this tool. As a general measure, ensure you always have the most up to date stable versions of all the software you use, especially for those who are exposed to the world, such as network daemons and browsers.
This tool has been released in the hope that it'll be useful, but don't use it to jump to conclusions about your security.

2791
src/yunohost/vendor/spectre-meltdown-checker/spectre-meltdown-checker.sh vendored
View file

File diff suppressed because it is too large Load diff