YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Merge branch 'stretch-unstable' into use_getops

Browse source
This commit is contained in:
Maniack Crudelis 2019-01-27 23:11:50 +01:00 committed by GitHub
commit e14d897c13
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
32 changed files with 2247 additions and 399 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

43
bin/yunoprompt
View file

@ -1,8 +1,5 @@
#!/bin/bash
# Fetch ips
ip=$(hostname --all-ip-address)
# Fetch SSH fingerprints
i=0
for key in $(ls /etc/ssh/ssh_host_{ed25519,rsa,ecdsa}_key.pub 2> /dev/null) ; do
@ -32,11 +29,17 @@ EOF
# Build the actual message
#
sleep 5
# Get local IP
# (we do this after the sleep 5 to have
# better chances that the network is up)
local_ip=$(hostname --all-ip-address | awk '{print $1}')
LOGO_AND_FINGERPRINTS=$(cat << EOF
$LOGO
IP: ${ip}
IP: ${local_ip}
SSH fingerprints:
${fingerprint[0]}
${fingerprint[1]}
@ -51,17 +54,35 @@ if [[ -f /etc/yunohost/installed ]]
then
echo "$LOGO_AND_FINGERPRINTS" > /etc/issue
else
sleep 5
chvt 2
# Formatting
[[ -n "$local_ip" ]] && local_ip=$(echo -e "https://$local_ip/") || local_ip="(no ip detected?)"
echo "$LOGO_AND_FINGERPRINTS"
echo -e "\e[m Post-installation \e[0m"
echo "Congratulations! YunoHost has been successfully installed.\nTwo more steps are required to activate the services of your server."
read -p "Proceed to post-installation? (y/n)\nAlternatively, you can proceed the post-installation on https://${ip}" -n 1
cat << EOF
===============================================================================
You should now proceed with Yunohost post-installation. This is where you will
be asked for :
- the main domain of your server ;
- the administration password.
You can perform this step :
- from your web browser, by accessing : ${local_ip}
- or in this terminal by answering 'yes' to the following question
If this is your first time with YunoHost, it is strongly recommended to take
time to read the administator documentation and in particular the sections
'Finalizing your setup' and 'Getting to know YunoHost'. It is available at
the following URL : https://yunohost.org/admindoc
===============================================================================
EOF
read -p "Proceed with post-installation? (y/n) "
RESULT=1
while [ $RESULT -gt 0 ]; do
if [[ $REPLY =~ ^[Nn]$ ]]; then
chvt 1
exit 0
break
fi
echo -e "\n"
/usr/bin/yunohost tools postinstall
@ -71,4 +92,6 @@ else
read -p "Retry? (y/n) " -n 1
fi
done
chvt 1
exit 0
fi

39
data/actionsmap/yunohost.yml
View file

@ -606,14 +606,14 @@ app:
full: --domain
help: New app domain on which the application will be moved
extra:
ask: ask_main_domain
ask: ask_new_domain
pattern: *pattern_domain
required: True
-p:
full: --path
help: New path at which the application will be moved
extra:
ask: ask_path
ask: ask_new_path
required: True
### app_setting()
@ -1149,6 +1149,14 @@ service:
-d:
full: --description
help: Description of the service
-t:
full: --log_type
help: Type of the log (file or systemd)
nargs: "+"
choices:
- file
- systemd
default: file
### service_remove()
remove:
@ -1178,6 +1186,33 @@ service:
nargs: "+"
metavar: NAME
### service_reload()
reload:
action_help: Reload one or more services
arguments:
names:
help: Service name to reload
nargs: "+"
metavar: NAME
### service_restart()
restart:
action_help: Restart one or more services. If the services are not running yet, they will be started.
arguments:
names:
help: Service name to restart
nargs: "+"
metavar: NAME
### service_reload_or_restart()
reload_or_restart:
action_help: Reload one or more services if they support it. If not, restart them instead. If the services are not running yet, they will be started.
arguments:
names:
help: Service name to reload or restart
nargs: "+"
metavar: NAME
### service_enable()
enable:
action_help: Enable one or more services

7
data/helpers.d/backend
View file

@ -263,7 +263,12 @@ ynh_add_fpm_config () {
if [ -e "../conf/php-fpm.ini" ]
then
echo "Please do not use a separate ini file, merge you directives in the pool file instead." &>2
echo "Packagers ! Please do not use a separate php ini file, merge your directives in the pool file instead." >&2
finalphpini="$fpm_config_dir/conf.d/20-$app.ini"
ynh_backup_if_checksum_is_different "$finalphpini"
sudo cp ../conf/php-fpm.ini "$finalphpini"
sudo chown root: "$finalphpini"
ynh_store_file_checksum "$finalphpini"
fi
sudo systemctl reload $fpm_service
}

2
data/helpers.d/filesystem
View file

@ -79,6 +79,8 @@ ynh_backup() {
echo "Source path '${src_path}' does not exist" >&2
if [ "$not_mandatory" == "0" ]
then
echo "Source path '${SRC_PATH}' does not exist" >&2
# This is a temporary fix for fail2ban config files missing after the migration to stretch.
if echo "${src_path}" | grep --quiet "/etc/fail2ban"
then

10
data/helpers.d/package
View file

@ -147,11 +147,11 @@ ynh_package_install_from_equivs () {
# Install the fake package without its dependencies with dpkg
# Install missing dependencies with ynh_package_install
ynh_wait_dpkg_free
(cp "$controlfile" "${TMPDIR}/control" && cd "$TMPDIR" \
&& equivs-build ./control 1>/dev/null \
&& sudo dpkg --force-depends \
-i "./${pkgname}_${pkgversion}_all.deb" 2>&1 \
&& ynh_package_install -f) || ynh_die --message="Unable to install dependencies"
cp "$controlfile" "${TMPDIR}/control"
(cd "$TMPDIR"
equivs-build ./control 1> /dev/null
dpkg --force-depends -i "./${pkgname}_${pkgversion}_all.deb" 2>&1)
ynh_package_install -f || ynh_die --message="Unable to install dependencies"
[[ -n "$TMPDIR" ]] && rm -rf $TMPDIR # Remove the temp dir.
# check if the package is actually installed

25
data/helpers.d/user
View file

@ -65,26 +65,41 @@ ynh_system_user_exists() {
# Create a system user
#
# usage: ynh_system_user_create --username=user_name [--home_dir=home_dir]
# examples:
# - ynh_system_user_create --username=nextcloud -> creates a nextcloud user with
# no home directory and /usr/sbin/nologin login shell (hence no login capability)
# - ynh_system_user_create --username=discourse --home_dir=/var/www/discourse --use_shell --> creates a
# discourse user using /var/www/discourse as home directory and the default login shell
#
# usage: ynh_system_user_create --username=user_name [--home_dir=home_dir] [--use_shell]
# | arg: -u, --username - Name of the system user that will be create
# | arg: -h, --home_dir - Path of the home dir for the user. Usually the final path of the app. If this argument is omitted, the user will be created without home
# | arg: -s, --use_shell - Create a user using the default login shell if present.
# If this argument is omitted, the user will be created with /usr/sbin/nologin shell
ynh_system_user_create () {
# Declare an array to define the options of this helper.
local legacy_args=uh
declare -Ar args_array=( [u]=username= [h]=home_dir= )
local legacy_args=uhs
declare -Ar args_array=( [u]=username= [h]=home_dir= [s]=use_shell )
local username
local home_dir
local use_shell
# Manage arguments with getopts
ynh_handle_getopts_args "$@"
local use_shell="${use_shell:-0}"
if ! ynh_system_user_exists "$username" # Check if the user exists on the system
then # If the user doesn't exist
if [ $# -ge 2 ]; then # If a home dir is mentioned
if [ -n "$home_dir" ]; then # If a home dir is mentioned
local user_home_dir="-d $home_dir"
else
local user_home_dir="--no-create-home"
fi
sudo useradd $user_home_dir --system --user-group $username --shell /usr/sbin/nologin || ynh_die --message="Unable to create $username system account"
if [ $use_shell -eq 1 ]; then # If we want a shell for the user
local shell="" # Use default shell
else
local shell="--shell /usr/sbin/nologin"
fi
useradd $user_home_dir --system --user-group $username $shell || ynh_die "Unable to create $username system account"
fi
}

4
data/helpers.d/utils
View file

@ -50,7 +50,7 @@ ynh_restore_upgradebackup () {
# Remove the application then restore it
sudo yunohost app remove $app
# Restore the backup
sudo yunohost backup restore $app_bck-pre-upgrade$backup_number --apps $app --force
sudo yunohost backup restore $app_bck-pre-upgrade$backup_number --apps $app --force --debug
ynh_die --message="The app was restored to the way it was before the failed upgrade."
fi
else
@ -89,7 +89,7 @@ ynh_backup_before_upgrade () {
fi
# Create backup
sudo BACKUP_CORE_ONLY=1 yunohost backup create --apps $app --name $app_bck-pre-upgrade$backup_number
sudo BACKUP_CORE_ONLY=1 yunohost backup create --apps $app --name $app_bck-pre-upgrade$backup_number --debug
if [ "$?" -eq 0 ]
then
# If the backup succeeded, remove the previous backup

10
data/hooks/conf_regen/03-ssh
View file

@ -16,17 +16,11 @@ do_pre_regen() {
# do not listen to IPv6 if unavailable
[[ -f /proc/net/if_inet6 ]] && ipv6_enabled=true || ipv6_enabled=false
# Support legacy setting (this setting might be disabled by a user during a migration)
ssh_keys=$(ls /etc/ssh/ssh_host_{ed25519,rsa,ecdsa}_key 2>/dev/null)
if [[ "$(yunohost settings get 'service.ssh.allow_deprecated_dsa_hostkey')" == "True" ]]; then
ssh_keys="$ssh_keys $(ls /etc/ssh/ssh_host_dsa_key 2>/dev/null)"
fi
ssh_keys=$(ls /etc/ssh/ssh_host_{ed25519,rsa,ecdsa}_key 2>/dev/null)
ssh_keys=$(ls /etc/ssh/ssh_host_{ed25519,rsa,ecdsa}_key 2>/dev/null || true)
# Support legacy setting (this setting might be disabled by a user during a migration)
if [[ "$(yunohost settings get 'service.ssh.allow_deprecated_dsa_hostkey')" == "True" ]]; then
ssh_keys="$ssh_keys $(ls /etc/ssh/ssh_host_dsa_key 2>/dev/null)"
ssh_keys="$ssh_keys $(ls /etc/ssh/ssh_host_dsa_key 2>/dev/null || true)"
fi
export ssh_keys

30
data/templates/nginx/plain/yunohost_admin.conf
View file

@ -12,11 +12,8 @@ server {
}
server {
# Disabling http2 for now as it's causing weird issues with curl
#listen 443 ssl http2 default_server;
#listen [::]:443 ssl http2 default_server;
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
ssl_certificate /etc/yunohost/certs/yunohost.org/crt.pem;
ssl_certificate_key /etc/yunohost/certs/yunohost.org/key.pem;
@ -24,12 +21,7 @@ server {
ssl_session_cache shared:SSL:50m;
# As suggested by Mozilla : https://wiki.mozilla.org/Security/Server_Side_TLS and https://en.wikipedia.org/wiki/Curve25519
# (this doesn't work on jessie though ...?)
# ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
# As suggested by https://cipherli.st/
ssl_ecdh_curve secp384r1;
ssl_ecdh_curve secp521r1:secp384r1:prime256v1;
ssl_prefer_server_ciphers on;
# Ciphers with intermediate compatibility
@ -50,14 +42,14 @@ server {
# Follows the Web Security Directives from the Mozilla Dev Lab and the Mozilla Obervatory + Partners
# https://wiki.mozilla.org/Security/Guidelines/Web_Security
# https://observatory.mozilla.org/
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header 'Referrer-Policy' 'same-origin';
add_header Content-Security-Policy "upgrade-insecure-requests; object-src 'none'; script-src https: 'unsafe-eval'";
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header X-Download-Options noopen;
add_header X-Permitted-Cross-Domain-Policies none;
add_header X-Frame-Options "SAMEORIGIN";
more_set_headers "Strict-Transport-Security : max-age=63072000; includeSubDomains; preload";
more_set_headers "Referrer-Policy : 'same-origin'";
more_set_headers "Content-Security-Policy : upgrade-insecure-requests; object-src 'none'; script-src https: 'unsafe-eval'";
more_set_headers "X-Content-Type-Options : nosniff";
more_set_headers "X-XSS-Protection : 1; mode=block";
more_set_headers "X-Download-Options : noopen";
more_set_headers "X-Permitted-Cross-Domain-Policies : none";
more_set_headers "X-Frame-Options : SAMEORIGIN";
location / {
return 302 https://$http_host/yunohost/admin;

25
debian/changelog vendored
View file

@ -1,3 +1,22 @@
yunohost (3.4.1) testing; urgency=low
* [fix] `_run_service_command` not properly returning False if command fails (#616)
* [enh] Change git clone for gitlab working with branch (#615)
* [fix] Set owner of archives folder to 'admin' (#613)
* [enh] Add reload and restart actions to 'yunohost service' (#611)
* [fix] propagate --no-checks cert-install option to renew crontab (#610)
* [fix] Several issues with bootprompt (#609)
* [fix] Fix the way change_url updates the domain/path (#608)
* [fix] Repair tests (#607)
* [fix] Explicit dependance to iptables (1667ba1)
* [i18n] Tiny typographic changes (#612)
* [i18n] Improve translations for Hungarian, Esperanto, German
* Misc minor fixes and improvements.
Thanks to all contributors (Aleks, Bram, J. Meggyeshazi, Jibec, Josué, M. Martin, P. Bourré, anubis) ! <3
-- Alexandre Aubin <alex.aubin@mailoo.org> Thu, 17 Jan 2019 22:16:00 +0000
yunohost (3.4.0) testing; urgency=low
* Misc fixes (#601, #600, #593)
@ -24,6 +43,12 @@ yunohost (3.4.0) testing; urgency=low
-- Alexandre Aubin <alex.aubin@mailoo.org> Thu, 20 Dec 2018 22:13:00 +0000
yunohost (3.3.4) stable; urgency=low
* [fix] Use --force-confold and noninteractive debian frontend during core upgrade (#614)
-- Alexandre Aubin <alex.aubin@mailoo.org> Thu, 17 Jan 2019 02:00:00 +0000
yunohost (3.3.3) stable; urgency=low
* [fix] ynh_wait_dpkg_free displaying a warning despite everything being okay (#593)

2
debian/control vendored
View file

@ -20,7 +20,7 @@ Depends: ${python:Depends}, ${misc:Depends}
, slapd, ldap-utils, sudo-ldap, libnss-ldapd, unscd, libpam-ldapd
, postfix-ldap, postfix-policyd-spf-perl, postfix-pcre, procmail, mailutils, postsrsd
, dovecot-ldap, dovecot-lmtpd, dovecot-managesieved
, dovecot-antispam, fail2ban
, dovecot-antispam, fail2ban, iptables
, nginx-extras (>=1.6.2), php-fpm, php-ldap, php-intl
, dnsmasq, openssl, avahi-daemon, libnss-mdns, resolvconf, libnss-myhostname
, metronome

4
locales/de.json
View file

@ -12,7 +12,7 @@
"app_install_files_invalid": "Ungültige Installationsdateien",
"app_location_already_used": "Eine andere App ({app}) ist bereits an diesem Ort ({path}) installiert",
"app_location_install_failed": "Die App kann nicht an diesem Ort installiert werden, da es mit der App {other_app} die bereits in diesem Pfad ({other_path}) installiert ist Probleme geben würde",
"app_manifest_invalid": "Ungültiges App-Manifest",
"app_manifest_invalid": "Ungültiges App-Manifest: {error}",
"app_no_upgrade": "Keine Aktualisierungen für Apps verfügbar",
"app_not_installed": "{app:s} ist nicht installiert",
"app_recent_version_required": "Für {:s} benötigt eine aktuellere Version von moulinette",
@ -294,7 +294,7 @@
"backup_applying_method_tar": "Erstellen des Backup-tar Archives...",
"backup_applying_method_copy": "Kopiere alle Dateien ins Backup...",
"app_change_url_no_script": "Die Anwendung '{app_name:s}' unterstützt bisher keine URL-Modufikation. Vielleicht gibt es eine Aktualisierung der Anwendung.",
"app_location_unavailable": "Diese URL ist nicht verfügbar oder wird von einer installierten Anwendung genutzt",
"app_location_unavailable": "Diese URL ist nicht verfügbar oder wird von einer installierten Anwendung genutzt:\n{apps:s}",
"backup_applying_method_custom": "Rufe die benutzerdefinierte Backup-Methode '{method:s}' auf...",
"backup_archive_system_part_not_available": "Der System-Teil '{part:s}' ist in diesem Backup nicht enthalten",
"backup_archive_mount_failed": "Das Einbinden des Backup-Archives ist fehlgeschlagen",

120
locales/en.json
View file

@ -30,20 +30,20 @@
"app_not_properly_removed": "{app:s} has not been properly removed",
"app_package_need_update": "The app {app} package needs to be updated to follow YunoHost changes",
"app_removed": "{app:s} has been removed",
"app_requirements_checking": "Checking required packages for {app}...",
"app_requirements_checking": "Checking required packages for {app}",
"app_requirements_failed": "Unable to meet requirements for {app}: {error}",
"app_requirements_unmeet": "Requirements are not met for {app}, the package {pkgname} ({version}) must be {spec}",
"app_sources_fetch_failed": "Unable to fetch sources files",
"app_unknown": "Unknown app",
"app_unsupported_remote_type": "Unsupported remote type used for the app",
"app_upgrade_app_name": "Upgrading app {app}...",
"app_upgrade_app_name": "Upgrading app {app}",
"app_upgrade_failed": "Unable to upgrade {app:s}",
"app_upgrade_some_app_failed": "Unable to upgrade some applications",
"app_upgraded": "{app:s} has been upgraded",
"appslist_corrupted_json": "Could not load the application lists. It looks like {filename:s} is corrupted.",
"appslist_could_not_migrate": "Could not migrate app list {appslist:s} ! Unable to parse the url... The old cron job has been kept in {bkp_file:s}.",
"appslist_could_not_migrate": "Could not migrate app list {appslist:s}! Unable to parse the url… The old cron job has been kept in {bkp_file:s}.",
"appslist_fetched": "The application list {appslist:s} has been fetched",
"appslist_migrating": "Migrating application list {appslist:s} ...",
"appslist_migrating": "Migrating application list {appslist:s}",
"appslist_name_already_tracked": "There is already a registered application list with name {name:s}.",
"appslist_removed": "The application list {appslist:s} has been removed",
"appslist_retrieve_bad_format": "Retrieved file for application list {appslist:s} is not valid",
@ -57,15 +57,17 @@
"ask_list_to_remove": "List to remove",
"ask_main_domain": "Main domain",
"ask_new_admin_password": "New administration password",
"ask_new_domain": "New domain",
"ask_new_path": "New path",
"ask_password": "Password",
"ask_path": "Path",
"backup_abstract_method": "This backup method hasn't yet been implemented",
"backup_action_required": "You must specify something to save",
"backup_app_failed": "Unable to back up the app '{app:s}'",
"backup_applying_method_borg": "Sending all files to backup into borg-backup repository...",
"backup_applying_method_copy": "Copying all files to backup...",
"backup_applying_method_custom": "Calling the custom backup method '{method:s}'...",
"backup_applying_method_tar": "Creating the backup tar archive...",
"backup_applying_method_borg": "Sending all files to backup into borg-backup repository",
"backup_applying_method_copy": "Copying all files to backup",
"backup_applying_method_custom": "Calling the custom backup method '{method:s}'",
"backup_applying_method_tar": "Creating the backup tar archive",
"backup_archive_app_not_found": "App '{app:s}' not found in the backup archive",
"backup_archive_broken_link": "Unable to access backup archive (broken link to {path:s})",
"backup_archive_mount_failed": "Mounting the backup archive failed",
@ -81,7 +83,7 @@
"backup_copying_to_organize_the_archive": "Copying {size:s}MB to organize the archive",
"backup_couldnt_bind": "Couldn't bind {src:s} to {dest:s}.",
"backup_created": "Backup created",
"backup_creating_archive": "Creating the backup archive...",
"backup_creating_archive": "Creating the backup archive",
"backup_creation_failed": "Backup creation failed",
"backup_csv_addition_failed": "Unable to add files to backup into the CSV file",
"backup_csv_creation_failed": "Unable to create the CSV file needed for future restore operations",
@ -90,7 +92,7 @@
"backup_custom_need_mount_error": "Custom backup method failure on 'need_mount' step",
"backup_delete_error": "Unable to delete '{path:s}'",
"backup_deleted": "The backup has been deleted",
"backup_extracting_archive": "Extracting the backup archive...",
"backup_extracting_archive": "Extracting the backup archive",
"backup_hook_unknown": "Backup hook '{hook:s}' unknown",
"backup_invalid_archive": "Invalid backup archive",
"backup_method_borg_finished": "Backup into borg finished",
@ -104,8 +106,8 @@
"backup_output_directory_required": "You must provide an output directory for the backup",
"backup_output_symlink_dir_broken": "You have a broken symlink instead of your archives directory '{path:s}'. You may have a specific setup to backup your data on an other filesystem, in this case you probably forgot to remount or plug your hard dirve or usb key.",
"backup_php5_to_php7_migration_may_fail": "Could not convert your archive to support php7, your php apps may fail to restore (reason: {error:s})",
"backup_running_app_script": "Running backup script of app '{app:s}'...",
"backup_running_hooks": "Running backup hooks...",
"backup_running_app_script": "Running backup script of app '{app:s}'",
"backup_running_hooks": "Running backup hooks",
"backup_system_part_failed": "Unable to backup the '{part:s}' system part",
"backup_unable_to_organize_files": "Unable to organize files in the archive with the quick method",
"backup_with_no_backup_script_for_app": "App {app:s} has no backup script. Ignoring.",
@ -119,7 +121,7 @@
"certmanager_cert_install_success_selfsigned": "Successfully installed a self-signed certificate for domain {domain:s}!",
"certmanager_cert_renew_success": "Successfully renewed Let's Encrypt certificate for domain {domain:s}!",
"certmanager_cert_signing_failed": "Signing the new certificate failed",
"certmanager_certificate_fetching_or_enabling_failed": "Sounds like enabling the new certificate for {domain:s} failed somehow...",
"certmanager_certificate_fetching_or_enabling_failed": "Sounds like enabling the new certificate for {domain:s} failed somehow",
"certmanager_conflicting_nginx_file": "Unable to prepare domain for ACME challenge: the nginx configuration file {filepath:s} is conflicting and should be removed first",
"certmanager_couldnt_fetch_intermediate_cert": "Timed out when trying to fetch intermediate certificate from Let's Encrypt. Certificate installation/renewal aborted - please try again later.",
"certmanager_domain_cert_not_selfsigned": "The certificate for domain {domain:s} is not self-signed. Are you sure you want to replace it? (Use --force)",
@ -164,23 +166,24 @@
"domain_zone_not_found": "DNS zone file not found for domain {:s}",
"domains_available": "Available domains:",
"done": "Done",
"downloading": "Downloading...",
"downloading": "Downloading",
"dyndns_could_not_check_provide": "Could not check if {provider:s} can provide {domain:s}.",
"dyndns_could_not_check_available": "Could not check if {domain:s} is available on {provider:s}.",
"dyndns_cron_installed": "The DynDNS cron job has been installed",
"dyndns_cron_remove_failed": "Unable to remove the DynDNS cron job",
"dyndns_cron_removed": "The DynDNS cron job has been removed",
"dyndns_ip_update_failed": "Unable to update IP address on DynDNS",
"dyndns_ip_updated": "Your IP address has been updated on DynDNS",
"dyndns_key_generating": "DNS key is being generated, it may take a while...",
"dyndns_key_generating": "DNS key is being generated, it may take a while",
"dyndns_key_not_found": "DNS key not found for the domain",
"dyndns_no_domain_registered": "No domain has been registered with DynDNS",
"dyndns_registered": "The DynDNS domain has been registered",
"dyndns_registration_failed": "Unable to register DynDNS domain: {error:s}",
"dyndns_domain_not_provided": "Dyndns provider {provider:s} cannot provide domain {domain:s}.",
"dyndns_unavailable": "Domain {domain:s} is not available.",
"executing_command": "Executing command '{command:s}'...",
"executing_script": "Executing script '{script:s}'...",
"extracting": "Extracting...",
"executing_command": "Executing command '{command:s}'",
"executing_script": "Executing script '{script:s}'",
"extracting": "Extracting",
"experimental_feature": "Warning: this feature is experimental and not consider stable, you shouldn't be using it except if you know what you are doing.",
"field_invalid": "Invalid field '{:s}'",
"firewall_reload_failed": "Unable to reload the firewall",
@ -214,13 +217,12 @@
"invalid_url_format": "Invalid URL format",
"ip6tables_unavailable": "You cannot play with ip6tables here. You are either in a container or your kernel does not support it",
"iptables_unavailable": "You cannot play with iptables here. You are either in a container or your kernel does not support it",
"log_corrupted_md_file": "The yaml metadata file associated with logs is corrupted : '{md_file}'",
"log_corrupted_md_file": "The yaml metadata file associated with logs is corrupted: '{md_file}'",
"log_category_404": "The log category '{category}' does not exist",
"log_link_to_log": "Full log of this operation: '<a href=\"#/tools/logs/{name}\" style=\"text-decoration:underline\">{desc}</a>'",
"log_help_to_get_log": "To view the log of the operation '{desc}', use the command 'yunohost log display {name}'",
"log_link_to_failed_log": "The operation '{desc}' has failed ! To get help, please <a href=\"#/tools/logs/{name}\">provide the full log of this operation by clicking here</a>",
"log_help_to_get_failed_log": "The operation '{desc}' has failed ! To get help, please share the full log of this operation using the command 'yunohost log display {name} --share'",
"log_category_404": "The log category '{category}' does not exist",
"log_link_to_failed_log": "The operation '{desc}' has failed! To get help, please <a href=\"#/tools/logs/{name}\">provide the full log of this operation by clicking here</a>",
"log_help_to_get_failed_log": "The operation '{desc}' has failed! To get help, please share the full log of this operation using the command 'yunohost log display {name} --share'",
"log_does_exists": "There is not operation log with the name '{log}', use 'yunohost log list to see all available operation logs'",
"log_operation_unit_unclosed_properly": "Operation unit has not been closed properly",
"log_app_addaccess": "Add access to '{}'",
@ -270,11 +272,11 @@
"migrate_tsig_end": "Migration to hmac-sha512 finished",
"migrate_tsig_failed": "Migrating the dyndns domain {domain} to hmac-sha512 failed, rolling back. Error: {error_code} - {error}",
"migrate_tsig_start": "Not secure enough key algorithm detected for TSIG signature of domain '{domain}', initiating migration to the more secure one hmac-sha512",
"migrate_tsig_wait": "Let's wait 3min for the dyndns server to take the new key into account...",
"migrate_tsig_wait_2": "2min...",
"migrate_tsig_wait_3": "1min...",
"migrate_tsig_wait_4": "30 secondes...",
"migrate_tsig_not_needed": "You do not appear to use a dyndns domain, so no migration is needed !",
"migrate_tsig_wait": "Let's wait 3min for the dyndns server to take the new key into account",
"migrate_tsig_wait_2": "2min",
"migrate_tsig_wait_3": "1min",
"migrate_tsig_wait_4": "30 secondes",
"migrate_tsig_not_needed": "You do not appear to use a dyndns domain, so no migration is needed!",
"migration_description_0001_change_cert_group_to_sslcert": "Change certificates group permissions from 'metronome' to 'ssl-cert'",
"migration_description_0002_migrate_to_tsig_sha256": "Improve security of dyndns TSIG by using SHA512 instead of MD5",
"migration_description_0003_migrate_to_stretch": "Upgrade the system to Debian Stretch and YunoHost 3.0",
@ -285,29 +287,29 @@
"migration_description_0008_ssh_conf_managed_by_yunohost_step2": "Let the SSH configuration be managed by YunoHost (step 2, manual)",
"migration_0003_backward_impossible": "The stretch migration cannot be reverted.",
"migration_0003_start": "Starting migration to Stretch. The logs will be available in {logfile}.",
"migration_0003_patching_sources_list": "Patching the sources.lists ...",
"migration_0003_main_upgrade": "Starting main upgrade ...",
"migration_0003_fail2ban_upgrade": "Starting the fail2ban upgrade ...",
"migration_0003_restoring_origin_nginx_conf": "Your file /etc/nginx/nginx.conf was edited somehow. The migration is going to reset back to its original state first... The previous file will be available as {backup_dest}.",
"migration_0003_yunohost_upgrade": "Starting the yunohost package upgrade ... The migration will end, but the actual upgrade will happen right after. After the operation is complete, you might have to re-log on the webadmin.",
"migration_0003_not_jessie": "The current debian distribution is not Jessie !",
"migration_0003_patching_sources_list": "Patching the sources.lists",
"migration_0003_main_upgrade": "Starting main upgrade",
"migration_0003_fail2ban_upgrade": "Starting the fail2ban upgrade",
"migration_0003_restoring_origin_nginx_conf": "Your file /etc/nginx/nginx.conf was edited somehow. The migration is going to reset back to its original state first The previous file will be available as {backup_dest}.",
"migration_0003_yunohost_upgrade": "Starting the yunohost package upgrade The migration will end, but the actual upgrade will happen right after. After the operation is complete, you might have to re-log on the webadmin.",
"migration_0003_not_jessie": "The current debian distribution is not Jessie!",
"migration_0003_system_not_fully_up_to_date": "Your system is not fully up to date. Please perform a regular upgrade before running the migration to stretch.",
"migration_0003_still_on_jessie_after_main_upgrade": "Something wrong happened during the main upgrade : system is still on Jessie !? To investigate the issue, please look at {log} :s ...",
"migration_0003_general_warning": "Please note that this migration is a delicate operation. While the YunoHost team did its best to review and test it, the migration might still break parts of the system or apps.\n\nTherefore, we recommend you to :\n - Perform a backup of any critical data or app. More infos on https://yunohost.org/backup ;\n - Be patient after launching the migration : depending on your internet connection and hardware, it might take up to a few hours for everything to upgrade.\n\nAdditionally, the port for SMTP, used by external email clients (like Thunderbird or K9-Mail) was changed from 465 (SSL/TLS) to 587 (STARTTLS). The old port 465 will automatically be closed and the new port 587 will be opened in the firewall. You and your users *will* have to adapt the configuration of your email clients accordingly!",
"migration_0003_problematic_apps_warning": "Please note that the following possibly problematic installed apps were detected. It looks like those were not installed from an applist or are not flagged as 'working'. Consequently, we cannot guarantee that they will still work after the upgrade : {problematic_apps}",
"migration_0003_modified_files": "Please note that the following files were found to be manually modified and might be overwritten at the end of the upgrade : {manually_modified_files}",
"migration_0003_still_on_jessie_after_main_upgrade": "Something wrong happened during the main upgrade: system is still on Jessie!? To investigate the issue, please look at {log}:s…",
"migration_0003_general_warning": "Please note that this migration is a delicate operation. While the YunoHost team did its best to review and test it, the migration might still break parts of the system or apps.\n\nTherefore, we recommend you to:\n - Perform a backup of any critical data or app. More infos on https://yunohost.org/backup;\n - Be patient after launching the migration: depending on your internet connection and hardware, it might take up to a few hours for everything to upgrade.\n\nAdditionally, the port for SMTP, used by external email clients (like Thunderbird or K9-Mail) was changed from 465 (SSL/TLS) to 587 (STARTTLS). The old port 465 will automatically be closed and the new port 587 will be opened in the firewall. You and your users *will* have to adapt the configuration of your email clients accordingly!",
"migration_0003_problematic_apps_warning": "Please note that the following possibly problematic installed apps were detected. It looks like those were not installed from an applist or are not flagged as 'working'. Consequently, we cannot guarantee that they will still work after the upgrade: {problematic_apps}",
"migration_0003_modified_files": "Please note that the following files were found to be manually modified and might be overwritten at the end of the upgrade: {manually_modified_files}",
"migration_0005_postgresql_94_not_installed": "Postgresql was not installed on your system. Nothing to do!",
"migration_0005_postgresql_96_not_installed": "Postgresql 9.4 has been found to be installed, but not postgresql 9.6 !? Something weird might have happened on your system :( ...",
"migration_0005_not_enough_space": "Not enough space is available in {path} to run the migration right now :(.",
"migration_0005_postgresql_96_not_installed": "Postgresql 9.4 has been found to be installed, but not postgresql 9.6!? Something weird might have happened on your system:(…",
"migration_0005_not_enough_space": "Not enough space is available in {path} to run the migration right now:(.",
"migration_0006_disclaimer": "Yunohost now expects admin and root passwords to be synchronized. By running this migration, your root password is going to be replaced by the admin password.",
"migration_0007_cancelled": "YunoHost has failed to improve the way your SSH conf is managed.",
"migration_0007_cannot_restart": "SSH can't be restarted after trying to cancel migration number 6.",
"migration_0008_general_disclaimer": "To improve the security of your server, it is recommended to let YunoHost manage the SSH configuration. Your current SSH configuration differs from the recommended configuration. If you let YunoHost reconfigure it, the way you connect to your server through SSH will change in the following way:",
"migration_0008_port": " - you will have to connect using port 22 instead of your current custom SSH port. Feel free to reconfigure it ;",
"migration_0008_root": " - you will not be able to connect as root through SSH. Instead you should use the admin user ;",
"migration_0008_dsa": " - the DSA key will be disabled. Hence, you might need to invalidate a spooky warning from your SSH client, and recheck the fingerprint of your server ;",
"migration_0008_port": " - you will have to connect using port 22 instead of your current custom SSH port. Feel free to reconfigure it;",
"migration_0008_root": " - you will not be able to connect as root through SSH. Instead you should use the admin user;",
"migration_0008_dsa": " - the DSA key will be disabled. Hence, you might need to invalidate a spooky warning from your SSH client, and recheck the fingerprint of your server;",
"migration_0008_warning": "If you understand those warnings and agree to let YunoHost override your current configuration, run the migration. Otherwise, you can also skip the migration - though it is not recommended.",
"migration_0008_no_warning": "No major risk has been indentified about overriding your SSH configuration - but we can't be absolutely sure ;) ! If you agree to let YunoHost override your current configuration, run the migration. Otherwise, you can also skip the migration - though it is not recommended.",
"migration_0008_no_warning": "No major risk has been indentified about overriding your SSH configuration - but we can't be absolutely sure ;)! If you agree to let YunoHost override your current configuration, run the migration. Otherwise, you can also skip the migration - though it is not recommended.",
"migrations_backward": "Migrating backward.",
"migrations_bad_value_for_target": "Invalid number for target argument, available migrations numbers are 0 or {}",
"migrations_cant_reach_migration_file": "Can't access migrations files at path %s",
@ -315,12 +317,12 @@
"migrations_error_failed_to_load_migration": "ERROR: failed to load migration {number} {name}",
"migrations_forward": "Migrating forward",
"migrations_list_conflict_pending_done": "You cannot use both --previous and --done at the same time.",
"migrations_loading_migration": "Loading migration {number} {name}...",
"migrations_loading_migration": "Loading migration {number} {name}",
"migrations_migration_has_failed": "Migration {number} {name} has failed with exception {exception}, aborting",
"migrations_no_migrations_to_run": "No migrations to run",
"migrations_show_currently_running_migration": "Running migration {number} {name}...",
"migrations_show_currently_running_migration": "Running migration {number} {name}",
"migrations_show_last_migration": "Last ran migration is {}",
"migrations_skip_migration": "Skipping migration {number} {name}...",
"migrations_skip_migration": "Skipping migration {number} {name}",
"migrations_success": "Successfully ran migration {number} {name}!",
"migrations_to_be_ran_manually": "Migration {number} {name} has to be ran manually. Please go to Tools > Migrations on the webadmin, or run `yunohost tools migrations migrate`.",
"migrations_need_to_accept_disclaimer": "To run the migration {number} {name}, your must accept the following disclaimer:\n---\n{disclaimer}\n---\nIf you accept to run the migration, please re-run the command with the option --accept-disclaimer.",
@ -380,7 +382,7 @@
"restore_cleaning_failed": "Unable to clean-up the temporary restoration directory",
"restore_complete": "Restore complete",
"restore_confirm_yunohost_installed": "Do you really want to restore an already installed system? [{answers:s}]",
"restore_extracting": "Extracting needed files from the archive...",
"restore_extracting": "Extracting needed files from the archive",
"restore_failed": "Unable to restore the system",
"restore_hook_unavailable": "Restoration script for '{part:s}' not available on your system and not in the archive either",
"restore_may_be_not_enough_disk_space": "Your system seems not to have enough disk space (freespace: {free_space:d} B, needed space: {needed_space:d} B, security margin: {margin:d} B)",
@ -388,10 +390,10 @@
"restore_not_enough_disk_space": "Not enough disk space (freespace: {free_space:d} B, needed space: {needed_space:d} B, security margin: {margin:d} B)",
"restore_nothings_done": "Nothing has been restored",
"restore_removing_tmp_dir_failed": "Unable to remove an old temporary directory",
"restore_running_app_script": "Running restore script of app '{app:s}'...",
"restore_running_hooks": "Running restoration hooks...",
"restore_running_app_script": "Running restore script of app '{app:s}'",
"restore_running_hooks": "Running restoration hooks",
"restore_system_part_failed": "Unable to restore the '{part:s}' system part",
"root_password_desynchronized": "The admin password has been changed, but YunoHost was unable to propagate this on the root password !",
"root_password_desynchronized": "The admin password has been changed, but YunoHost was unable to propagate this on the root password!",
"root_password_replaced_by_admin_password": "Your root password have been replaced by your admin password.",
"server_shutdown": "The server will shutdown",
"server_shutdown_confirm": "The server will shutdown immediatly, are you sure? [{answers:s}]",
@ -437,11 +439,17 @@
"service_enable_failed": "Unable to enable service '{service:s}'\n\nRecent service logs:{logs:s}",
"service_enabled": "The service '{service:s}' has been enabled",
"service_no_log": "No log to display for service '{service:s}'",
"service_regenconf_dry_pending_applying": "Checking pending configuration which would have been applied for service '{service}'...",
"service_regenconf_dry_pending_applying": "Checking pending configuration which would have been applied for service '{service}'",
"service_regenconf_failed": "Unable to regenerate the configuration for service(s): {services}",
"service_regenconf_pending_applying": "Applying pending configuration for service '{service}'...",
"service_regenconf_pending_applying": "Applying pending configuration for service '{service}'",
"service_remove_failed": "Unable to remove service '{service:s}'",
"service_removed": "The service '{service:s}' has been removed",
"service_reload_failed": "Unable to reload service '{service:s}'\n\nRecent service logs:{logs:s}",
"service_reloaded": "The service '{service:s}' has been reloaded",
"service_restart_failed": "Unable to restart service '{service:s}'\n\nRecent service logs:{logs:s}",
"service_restarted": "The service '{service:s}' has been restarted",
"service_reload_or_restart_failed": "Unable to reload or restart service '{service:s}'\n\nRecent service logs:{logs:s}",
"service_reloaded_or_restarted": "The service '{service:s}' has been reloaded or restarted",
"service_start_failed": "Unable to start service '{service:s}'\n\nRecent service logs:{logs:s}",
"service_started": "The service '{service:s}' has been started",
"service_status_failed": "Unable to determine status of service '{service:s}'",
@ -455,14 +463,14 @@
"system_upgraded": "The system has been upgraded",
"system_username_exists": "Username already exists in the system users",
"unbackup_app": "App '{app:s}' will not be saved",
"unexpected_error": "An unexpected error occured",
"unexpected_error": "An unexpected error occured: {error}",
"unit_unknown": "Unknown unit '{unit:s}'",
"unlimit": "No quota",
"unrestore_app": "App '{app:s}' will not be restored",
"update_cache_failed": "Unable to update APT cache",
"updating_apt_cache": "Updating the list of available packages...",
"updating_apt_cache": "Updating the list of available packages",
"upgrade_complete": "Upgrade complete",
"upgrading_packages": "Upgrading packages...",
"upgrading_packages": "Upgrading packages",
"upnp_dev_not_found": "No UPnP device found",
"upnp_disabled": "UPnP has been disabled",
"upnp_enabled": "UPnP has been enabled",
@ -481,6 +489,6 @@
"yunohost_ca_creation_failed": "Unable to create certificate authority",
"yunohost_ca_creation_success": "The local certification authority has been created.",
"yunohost_configured": "YunoHost has been configured",
"yunohost_installing": "Installing YunoHost...",
"yunohost_installing": "Installing YunoHost",
"yunohost_not_installed": "YunoHost is not or not correctly installed. Please execute 'yunohost tools postinstall'"
}

37
locales/eo.json
View file

@ -1 +1,36 @@
{}
{
"admin_password_change_failed": "Malebla ŝanĝi pasvorton",
"admin_password_changed": "Pasvorto de la estro estas ŝanĝita",
"app_already_installed": "{app:s} estas jam instalita",
"app_already_up_to_date": "{app:s} estas ĝisdata",
"app_argument_required": "Parametro {name:s} estas bezonata",
"app_change_url_identical_domains": "Malnovaj kaj novaj domajno/URL estas la sama ('{domain:s}{path:s}'), nenio fareblas.",
"app_change_url_success": "URL de appo {app:s} ŝanĝita al {domain:s}{path:s}",
"app_extraction_failed": "Malebla malkompaktigi instaldosierojn",
"app_id_invalid": "Nevalida apo id",
"app_incompatible": "Apo {app} ne estas kongrua kun via YunoHost versio",
"app_install_files_invalid": "Nevalidaj instaldosieroj",
"app_location_already_used": "Apo {app} jam estas instalita al tiu loco ({path})",
"user_updated": "Uzanto estas ĝisdatita",
"users_available": "Uzantoj disponeblaj :",
"yunohost_already_installed": "YunoHost estas jam instalita",
"yunohost_ca_creation_failed": "Ne eblas krei atestan aŭtoritaton",
"yunohost_ca_creation_success": "Loka atesta aŭtoritato estas kreita.",
"yunohost_installing": "Instalata YunoHost...",
"service_description_glances": "monitoras sisteminformojn de via servilo",
"service_description_metronome": "mastrumas XMPP tujmesaĝilon kontojn",
"service_description_mysql": "stokas aplikaĵojn datojn (SQL datumbazo)",
"service_description_nginx": "servas aŭ permesas atingi ĉiujn retejojn gastigita sur via servilo",
"service_description_nslcd": "mastrumas Yunohost uzantojn konektojn per komanda linio",
"service_description_php7.0-fpm": "rulas aplikaĵojn skibita en PHP kun nginx",
"service_description_postfix": "uzita por sendi kaj ricevi retpoŝtojn",
"service_description_redis-server": "specialita datumbazo uzita por rapida datumo atingo, atendovicoj kaj komunikadoj inter programoj",
"service_description_rmilter": "kontrolas diversajn parametrojn en retpoŝtoj",
"service_description_rspamd": "filtras trudmesaĝojn, kaj aliaj funkcioj rilate al retpoŝto",
"service_description_slapd": "stokas uzantojn, domajnojn kaj rilatajn informojn",
"service_description_ssh": "permesas al vi konekti al via servilo kun fora terminalo (SSH protokolo)",
"service_description_yunohost-api": "mastrumas interagojn inter la YunoHost retinterfaco kaj la sistemo",
"service_description_yunohost-firewall": "mastrumas malfermitajn kaj fermitajn konektejojn al servoj",
"service_disable_failed": "Neebla malaktivigi servon '{service:s}'\n\nFreŝaj protokoloj de la servo : {logs:s}",
"service_disabled": "Servo '{service:s}' estas malaktivigita"
}

13
locales/hu.json Normal file
View file

@ -0,0 +1,13 @@
{
"aborting": "Megszakítás.",
"action_invalid": "Érvénytelen művelet '{action:s}'",
"admin_password": "Adminisztrátori jelszó",
"admin_password_change_failed": "Nem lehet a jelszót megváltoztatni",
"admin_password_changed": "Az adminisztrátori jelszó megváltozott",
"app_already_installed": "{app:s} már telepítve van",
"app_already_installed_cant_change_url": "Ez az app már telepítve van. Ezzel a funkcióval az url nem változtatható. Javaslat 'app url változtatás' ha lehetséges.",
"app_already_up_to_date": "{app:s} napra kész",
"app_argument_choice_invalid": "{name:s} érvénytelen választás, csak egyike lehet {choices:s} közül",
"app_argument_invalid": "'{name:s}' hibás paraméter érték :{error:s}",
"app_argument_required": "Parameter '{name:s}' kötelező"
}

49
src/yunohost/app.py
View file

@ -445,6 +445,7 @@ def app_change_url(operation_logger, auth, app, domain, path):
"""
from yunohost.hook import hook_exec, hook_callback
from yunohost.domain import _normalize_domain_path, _get_conflicting_apps
installed = _is_installed(app)
if not installed:
@ -457,18 +458,24 @@ def app_change_url(operation_logger, auth, app, domain, path):
old_path = app_setting(app, "path")
# Normalize path and domain format
domain = domain.strip().lower()
old_path = normalize_url_path(old_path)
path = normalize_url_path(path)
old_domain, old_path = _normalize_domain_path(old_domain, old_path)
domain, path = _normalize_domain_path(domain, path)
if (domain, path) == (old_domain, old_path):
raise YunohostError("app_change_url_identical_domains", domain=domain, path=path)
# WARNING / FIXME : checkurl will modify the settings
# (this is a non intuitive behavior that should be changed)
# (or checkurl renamed in reserve_url)
app_checkurl(auth, '%s%s' % (domain, path), app)
# Check the url is available
conflicts = _get_conflicting_apps(auth, domain, path, ignore_app=app)
if conflicts:
apps = []
for path, app_id, app_label in conflicts:
apps.append(" * {domain:s}{path:s}{app_label:s} ({app_id:s})".format(
domain=domain,
path=path,
app_id=app_id,
app_label=app_label,
))
raise YunohostError('app_location_unavailable', apps="\n".join(apps))
manifest = json.load(open(os.path.join(APPS_SETTING_PATH, app, "manifest.json")))
@ -486,9 +493,9 @@ def app_change_url(operation_logger, auth, app, domain, path):
env_dict["YNH_APP_INSTANCE_NUMBER"] = str(app_instance_nb)
env_dict["YNH_APP_OLD_DOMAIN"] = old_domain
env_dict["YNH_APP_OLD_PATH"] = old_path.rstrip("/")
env_dict["YNH_APP_OLD_PATH"] = old_path
env_dict["YNH_APP_NEW_DOMAIN"] = domain
env_dict["YNH_APP_NEW_PATH"] = path.rstrip("/")
env_dict["YNH_APP_NEW_PATH"] = path
if domain != old_domain:
operation_logger.related_to.append(('domain', old_domain))
@ -830,11 +837,12 @@ def app_install(operation_logger, auth, app, label=None, args=None, no_remove_on
)
except (KeyboardInterrupt, EOFError):
install_retcode = -1
except:
logger.exception(m18n.n('unexpected_error'))
except Exception:
import traceback
logger.exception(m18n.n('unexpected_error', error=u"\n" + traceback.format_exc()))
finally:
if install_retcode != 0:
error_msg = operation_logger.error(m18n.n('unexpected_error'))
error_msg = operation_logger.error(m18n.n('unexpected_error', error='shell command return code: %s' % install_retcode))
if not no_remove_on_failure:
# Setup environment for remove script
env_dict_remove = {}
@ -1251,7 +1259,6 @@ def app_register_url(auth, app, domain, path):
# We cannot change the url of an app already installed simply by changing
# the settings...
# FIXME should look into change_url once it's merged
installed = app in app_list(installed=True, raw=True).keys()
if installed:
@ -1289,7 +1296,7 @@ def app_checkurl(auth, url, app=None):
logger.error("Packagers /!\\ : 'app checkurl' is deprecated ! Please use the helper 'ynh_webpath_register' instead !")
from yunohost.domain import domain_list
from yunohost.domain import domain_list, _normalize_domain_path
if "https://" == url[:8]:
url = url[8:]
@ -1303,8 +1310,7 @@ def app_checkurl(auth, url, app=None):
path = url[url.index('/'):]
installed = False
if path[-1:] != '/':
path = path + '/'
domain, path = _normalize_domain_path(domain, path)
apps_map = app_map(raw=True)
@ -1901,7 +1907,7 @@ def _fetch_app_from_git(app):
# we will be able to use it. Without this option all the history
# of the submodules repo is downloaded.
subprocess.check_call([
'git', 'clone', '--depth=1', '--recursive', url,
'git', 'clone', '-b', branch, '--single-branch', '--recursive', '--depth=1', url,
extracted_app_folder])
subprocess.check_call([
'git', 'reset', '--hard', branch
@ -2529,13 +2535,6 @@ def random_password(length=8):
return ''.join([random.SystemRandom().choice(char_set) for x in range(length)])
def normalize_url_path(url_path):
if url_path.strip("/").strip():
return '/' + url_path.strip("/").strip() + '/'
return "/"
def unstable_apps():
raw_app_installed = app_list(installed=True, raw=True)

12
src/yunohost/backup.py
View file

@ -40,7 +40,7 @@ from moulinette import msignals, m18n
from yunohost.utils.error import YunohostError
from moulinette.utils import filesystem
from moulinette.utils.log import getActionLogger
from moulinette.utils.filesystem import read_file
from moulinette.utils.filesystem import read_file, mkdir
from yunohost.app import (
app_info, _is_installed, _parse_app_instance_name, _patch_php5
@ -885,7 +885,7 @@ class RestoreManager():
raise YunohostError('backup_invalid_archive')
logger.debug("executing the post-install...")
tools_postinstall(domain, 'yunohost', True)
tools_postinstall(domain, 'Yunohost', True)
def clean(self):
"""
@ -1746,8 +1746,8 @@ class CopyBackupMethod(BackupMethod):
return
else:
logger.warning(m18n.n("bind_mouting_disable"))
subprocess.call(["mountpoint", "-q", dest,
"&&", "umount", "-R", dest])
subprocess.call(["mountpoint", "-q", self.work_dir,
"&&", "umount", "-R", self.work_dir])
raise YunohostError('backup_cant_mount_uncompress_archive')
@ -2295,7 +2295,9 @@ def _create_archive_dir():
if os.path.lexists(ARCHIVES_PATH):
raise YunohostError('backup_output_symlink_dir_broken', path=ARCHIVES_PATH)
os.mkdir(ARCHIVES_PATH, 0o750)
# Create the archive folder, with 'admin' as owner, such that
# people can scp archives out of the server
mkdir(ARCHIVES_PATH, mode=0o750, parents=True, uid="admin", gid="root")
def _call_for_each_path(self, callback, csv_path=None):

21
src/yunohost/certificate.py
View file

@ -286,7 +286,7 @@ def _certificate_install_letsencrypt(auth, domain_list, force=False, no_checks=F
_configure_for_acme_challenge(auth, domain)
_fetch_and_enable_new_certificate(domain, staging, no_checks=no_checks)
_install_cron()
_install_cron(no_checks=no_checks)
logger.success(
m18n.n("certmanager_cert_install_success", domain=domain))
@ -407,12 +407,27 @@ def certificate_renew(auth, domain_list, force=False, no_checks=False, email=Fal
#
def _install_cron():
def _install_cron(no_checks=False):
cron_job_file = "/etc/cron.daily/yunohost-certificate-renew"
# we need to check if "--no-checks" isn't already put inside the existing
# crontab, if it's the case it's probably because another domain needed it
# at some point so we keep it
if not no_checks and os.path.exists(cron_job_file):
with open(cron_job_file, "r") as f:
# no the best test in the world but except if we uses a shell
# script parser I'm not expected a much more better way to do that
no_checks = "--no-checks" in f.read()
command = "yunohost domain cert-renew --email\n"
if no_checks:
# handle trailing "\n with ":-1"
command = command[:-1] + " --no-checks\n"
with open(cron_job_file, "w") as f:
f.write("#!/bin/bash\n")
f.write("yunohost domain cert-renew --email\n")
f.write(command)
_set_permissions(cron_job_file, "root", "root", 0o755)

2
src/yunohost/data_migrations/0005_postgresql_9p4_to_9p6.py
View file

@ -38,6 +38,6 @@ class MyMigration(Migration):
def package_is_installed(self, package_name):
p = subprocess.Popen("dpkg --list | grep -q -w {}".format(package_name), shell=True)
p = subprocess.Popen("dpkg --list | grep '^ii ' | grep -q -w {}".format(package_name), shell=True)
p.communicate()
return p.returncode == 0

7
src/yunohost/data_migrations/0008_ssh_conf_managed_by_yunohost_step2.py
View file

@ -2,6 +2,7 @@ import re
from moulinette import m18n
from moulinette.utils.log import getActionLogger
from moulinette.utils.filesystem import chown
from yunohost.tools import Migration
from yunohost.service import service_regen_conf, \
@ -9,6 +10,8 @@ from yunohost.service import service_regen_conf, \
_calculate_hash
from yunohost.settings import settings_set, settings_get
from yunohost.utils.error import YunohostError
from yunohost.backup import ARCHIVES_PATH
logger = getActionLogger('yunohost.migration')
@ -34,6 +37,10 @@ class MyMigration(Migration):
settings_set("service.ssh.allow_deprecated_dsa_hostkey", False)
service_regen_conf(names=['ssh'], force=True)
# Update local archives folder permissions, so that
# admin can scp archives out of the server
chown(ARCHIVES_PATH, uid="admin", gid="root")
def backward(self):
raise YunohostError("migration_0008_backward_impossible")

7
src/yunohost/domain.py
View file

@ -226,13 +226,14 @@ def domain_cert_renew(auth, domain_list, force=False, no_checks=False, email=Fal
return yunohost.certificate.certificate_renew(auth, domain_list, force, no_checks, email, staging)
def _get_conflicting_apps(auth, domain, path):
def _get_conflicting_apps(auth, domain, path, ignore_app=None):
"""
Return a list of all conflicting apps with a domain/path (it can be empty)
Keyword argument:
domain -- The domain for the web path (e.g. your.domain.tld)
path -- The path to check (e.g. /coffee)
ignore_app -- An optional app id to ignore (c.f. the change_url usecase)
"""
domain, path = _normalize_domain_path(domain, path)
@ -253,6 +254,8 @@ def _get_conflicting_apps(auth, domain, path):
if domain in apps_map:
# Loop through apps
for p, a in apps_map[domain].items():
if a["id"] == ignore_app:
continue
if path == p:
conflicts.append((p, a["id"], a["label"]))
# We also don't want conflicts with other apps starting with
@ -298,7 +301,7 @@ def _normalize_domain_path(domain, path):
domain = domain[len("http://"):]
# Remove trailing slashes
domain = domain.rstrip("/")
domain = domain.rstrip("/").lower()
path = "/" + path.strip("/")
return domain, path

3
src/yunohost/firewall.py
View file

@ -342,8 +342,7 @@ def firewall_upnp(action='status', no_refresh=False):
# Refresh port mapping using UPnP
if not no_refresh:
upnpc = miniupnpc.UPnP()
upnpc.discoverdelay = 62000
upnpc.localport = 1900
upnpc.discoverdelay = 3000
# Discover UPnP device(s)
logger.debug('discovering UPnP devices...')

122
src/yunohost/service.py
View file

@ -49,7 +49,7 @@ MOULINETTE_LOCK = "/var/run/moulinette_yunohost.lock"
logger = log.getActionLogger('yunohost.service')
def service_add(name, status=None, log=None, runlevel=None, need_lock=False, description=None):
def service_add(name, status=None, log=None, runlevel=None, need_lock=False, description=None, log_type="file"):
"""
Add a custom service
@ -60,6 +60,7 @@ def service_add(name, status=None, log=None, runlevel=None, need_lock=False, des
runlevel -- Runlevel priority of the service
need_lock -- Use this option to prevent deadlocks if the service does invoke yunohost commands.
description -- description of the service
log_type -- Precise if the corresponding log is a file or a systemd log
"""
services = _get_services()
@ -69,8 +70,23 @@ def service_add(name, status=None, log=None, runlevel=None, need_lock=False, des
services[name] = {'status': status}
if log is not None:
if not isinstance(log, list):
log = [log]
services[name]['log'] = log
if not isinstance(log_type, list):
log_type = [log_type]
if len(log_type) < len(log):
log_type.extend([log_type[-1]] * (len(log) - len(log_type))) # extend list to have the same size as log
if len(log_type) == len(log):
services[name]['log_type'] = log_type
else:
raise YunohostError('service_add_failed', service=name)
if runlevel is not None:
services[name]['runlevel'] = runlevel
@ -152,6 +168,60 @@ def service_stop(names):
logger.debug(m18n.n('service_already_stopped', service=name))
def service_reload(names):
"""
Reload one or more services
Keyword argument:
name -- Services name to reload
"""
if isinstance(names, str):
names = [names]
for name in names:
if _run_service_command('reload', name):
logger.success(m18n.n('service_reloaded', service=name))
else:
if service_status(name)['status'] != 'inactive':
raise YunohostError('service_reload_failed', service=name, logs=_get_journalctl_logs(name))
def service_restart(names):
"""
Restart one or more services. If the services are not running yet, they will be started.
Keyword argument:
name -- Services name to restart
"""
if isinstance(names, str):
names = [names]
for name in names:
if _run_service_command('restart', name):
logger.success(m18n.n('service_restarted', service=name))
else:
if service_status(name)['status'] != 'inactive':
raise YunohostError('service_restart_failed', service=name, logs=_get_journalctl_logs(name))
def service_reload_or_restart(names):
"""
Reload one or more services if they support it. If not, restart them instead. If the services are not running yet, they will be started.
Keyword argument:
name -- Services name to reload or restart
"""
if isinstance(names, str):
names = [names]
for name in names:
if _run_service_command('reload-or-restart', name):
logger.success(m18n.n('service_reloaded_or_restarted', service=name))
else:
if service_status(name)['status'] != 'inactive':
raise YunohostError('service_reload_or_restart_failed', service=name, logs=_get_journalctl_logs(name))
@is_unit_operation()
def service_enable(operation_logger, names):
"""
@ -313,28 +383,37 @@ def service_log(name, number=50):
raise YunohostError('service_no_log', service=name)
log_list = services[name]['log']
log_type_list = services[name].get('log_type', [])
if not isinstance(log_list, list):
log_list = [log_list]
if len(log_type_list) < len(log_list):
log_type_list.extend(["file"] * (len(log_list)-len(log_type_list)))
result = {}
for log_path in log_list:
# log is a file, read it
if not os.path.isdir(log_path):
result[log_path] = _tail(log_path, int(number)) if os.path.exists(log_path) else []
continue
for index, log_path in enumerate(log_list):
log_type = log_type_list[index]
for log_file in os.listdir(log_path):
log_file_path = os.path.join(log_path, log_file)
# not a file : skip
if not os.path.isfile(log_file_path):
if log_type == "file":
# log is a file, read it
if not os.path.isdir(log_path):
result[log_path] = _tail(log_path, int(number)) if os.path.exists(log_path) else []
continue
if not log_file.endswith(".log"):
continue
for log_file in os.listdir(log_path):
log_file_path = os.path.join(log_path, log_file)
# not a file : skip
if not os.path.isfile(log_file_path):
continue
result[log_file_path] = _tail(log_file_path, int(number)) if os.path.exists(log_file_path) else []
if not log_file.endswith(".log"):
continue
result[log_file_path] = _tail(log_file_path, int(number)) if os.path.exists(log_file_path) else []
else:
# get log with journalctl
result[log_path] = _get_journalctl_logs(log_path, int(number)).splitlines()
return result
@ -597,14 +676,14 @@ def _run_service_command(action, service):
if service not in services.keys():
raise YunohostError('service_unknown', service=service)
possible_actions = ['start', 'stop', 'restart', 'reload', 'enable', 'disable']
possible_actions = ['start', 'stop', 'restart', 'reload', 'reload-or-restart', 'enable', 'disable']
if action not in possible_actions:
raise ValueError("Unknown action '%s', available actions are: %s" % (action, ", ".join(possible_actions)))
cmd = 'systemctl %s %s' % (action, service)
need_lock = services[service].get('need_lock', False) \
and action in ['start', 'stop', 'restart', 'reload']
and action in ['start', 'stop', 'restart', 'reload', 'reload-or-restart']
try:
# Launch the command
@ -617,9 +696,12 @@ def _run_service_command(action, service):
# Wait for the command to complete
p.communicate()
except subprocess.CalledProcessError as e:
# TODO: Log output?
logger.warning(m18n.n('service_cmd_exec_failed', command=' '.join(e.cmd)))
if p.returncode != 0:
logger.warning(m18n.n('service_cmd_exec_failed', command=cmd))
return False
except Exception as e:
logger.warning(m18n.n("unexpected_error", error=str(e)))
return False
finally:
@ -990,9 +1072,9 @@ def manually_modified_files():
return output
def _get_journalctl_logs(service):
def _get_journalctl_logs(service, number="all"):
try:
return subprocess.check_output("journalctl -xn -u %s" % service, shell=True)
return subprocess.check_output("journalctl -xn -u {0} -n{1}".format(service, number), shell=True)
except:
import traceback
return "error while get services logs from journalctl:\n%s" % traceback.format_exc()

6
src/yunohost/tests/test_appurl.py
View file

@ -51,18 +51,18 @@ def test_urlavailable():
def test_registerurl():
app_install(auth, "./tests/apps/register_url_app_ynh",
args="domain=%s&path=%s" % (maindomain, "/urlregisterapp"))
args="domain=%s&path=%s" % (maindomain, "/urlregisterapp"), force=True)
assert not domain_url_available(auth, maindomain, "/urlregisterapp")
# Try installing at same location
with pytest.raises(YunohostError):
app_install(auth, "./tests/apps/register_url_app_ynh",
args="domain=%s&path=%s" % (maindomain, "/urlregisterapp"))
args="domain=%s&path=%s" % (maindomain, "/urlregisterapp"), force=True)
def test_registerurl_baddomain():
with pytest.raises(YunohostError):
app_install(auth, "./tests/apps/register_url_app_ynh",
args="domain=%s&path=%s" % ("yolo.swag", "/urlregisterapp"))
args="domain=%s&path=%s" % ("yolo.swag", "/urlregisterapp"), force=True)

2
src/yunohost/tests/test_backuprestore.py
View file

@ -171,7 +171,7 @@ def install_app(app, path, additionnal_args=""):
app_install(auth, "./tests/apps/%s" % app,
args="domain=%s&path=%s%s" % (maindomain, path,
additionnal_args))
additionnal_args), force=True)
def add_archive_wordpress_from_2p4():

6
src/yunohost/tests/test_changeurl.py
View file

@ -28,15 +28,15 @@ def teardown_function(function):
def install_changeurl_app(path):
app_install(auth, "./tests/apps/change_url_app_ynh",
args="domain=%s&path=%s" % (maindomain, path))
args="domain=%s&path=%s" % (maindomain, path), force=True)
def check_changeurl_app(path):
appmap = app_map(raw=True)
assert path + "/" in appmap[maindomain].keys()
assert path in appmap[maindomain].keys()
assert appmap[maindomain][path + "/"]["id"] == "change_url_app"
assert appmap[maindomain][path]["id"] == "change_url_app"
r = requests.get("https://127.0.0.1%s/" % path, headers={"domain": maindomain}, verify=False)
assert r.status_code == 200

10
src/yunohost/tools.py
View file

@ -530,6 +530,11 @@ def tools_upgrade(operation_logger, auth, ignore_apps=False, ignore_packages=Fal
is_api = True if msettings.get('interface') == 'api' else False
if not ignore_packages:
apt.apt_pkg.init()
apt.apt_pkg.config.set("DPkg::Options::", "--force-confdef")
apt.apt_pkg.config.set("DPkg::Options::", "--force-confold")
cache = apt.Cache()
cache.open(None)
cache.upgrade(True)
@ -558,6 +563,7 @@ def tools_upgrade(operation_logger, auth, ignore_apps=False, ignore_packages=Fal
operation_logger.start()
try:
os.environ["DEBIAN_FRONTEND"] = "noninteractive"
# Apply APT changes
# TODO: Logs output for the API
cache.commit(apt.progress.text.AcquireProgress(),
@ -570,6 +576,8 @@ def tools_upgrade(operation_logger, auth, ignore_apps=False, ignore_packages=Fal
else:
logger.info(m18n.n('done'))
operation_logger.success()
finally:
del os.environ["DEBIAN_FRONTEND"]
else:
logger.info(m18n.n('packages_no_upgrade'))
@ -860,7 +868,7 @@ def tools_migrations_migrate(target=None, skip=False, auto=False, accept_disclai
# no new migrations to run
if target == last_run_migration_number:
logger.warn(m18n.n('migrations_no_migrations_to_run'))
logger.info(m18n.n('migrations_no_migrations_to_run'))
return
logger.debug(m18n.n('migrations_show_last_migration', last_run_migration_number))

6
src/yunohost/utils/error.py
View file

@ -32,9 +32,9 @@ class YunohostError(MoulinetteError):
are translated via m18n.n (namespace) instead of m18n.g (global?)
"""
def __init__(self, key, __raw_msg__=False, *args, **kwargs):
if __raw_msg__:
def __init__(self, key, raw_msg=False, *args, **kwargs):
if raw_msg:
msg = key
else:
msg = m18n.n(key, *args, **kwargs)
super(YunohostError, self).__init__(msg, __raw_msg__=True)
super(YunohostError, self).__init__(msg, raw_msg=True)

7
src/yunohost/vendor/spectre-meltdown-checker/Dockerfile vendored Normal file
View file

@ -0,0 +1,7 @@
FROM alpine:3.7
RUN apk --update --no-cache add kmod binutils grep perl
COPY . /check
ENTRYPOINT ["/check/spectre-meltdown-checker.sh"]

59
src/yunohost/vendor/spectre-meltdown-checker/README.md vendored
View file

@ -1,7 +1,15 @@
Spectre & Meltdown Checker
==========================
A shell script to tell if your system is vulnerable against the 3 "speculative execution" CVEs that were made public early 2018.
A shell script to tell if your system is vulnerable against the several "speculative execution" CVEs that were made public in 2018.
- CVE-2017-5753 [bounds check bypass] aka 'Spectre Variant 1'
- CVE-2017-5715 [branch target injection] aka 'Spectre Variant 2'
- CVE-2017-5754 [rogue data cache load] aka 'Meltdown' aka 'Variant 3'
- CVE-2018-3640 [rogue system register read] aka 'Variant 3a'
- CVE-2018-3639 [speculative store bypass] aka 'Variant 4'
- CVE-2018-3615 [L1 terminal fault] aka 'Foreshadow (SGX)'
- CVE-2018-3620 [L1 terminal fault] aka 'Foreshadow-NG (OS)'
- CVE-2018-3646 [L1 terminal fault] aka 'Foreshadow-NG (VMM)'
Supported operating systems:
- Linux (all versions, flavors and distros)
@ -39,6 +47,22 @@ chmod +x spectre-meltdown-checker.sh
sudo ./spectre-meltdown-checker.sh
```
### Run the script in a docker container
#### With docker-compose
```shell
docker-compose build
docker-compose run --rm spectre-meltdown-checker
```
#### Without docker-compose
```shell
docker build -t spectre-meltdown-checker .
docker run --rm --privileged -v /boot:/boot:ro -v /dev/cpu:/dev/cpu:ro -v /lib/modules:/lib/modules:ro spectre-meltdown-checker
```
## Example of script output
- Intel Haswell CPU running under Ubuntu 16.04 LTS
@ -74,7 +98,38 @@ sudo ./spectre-meltdown-checker.sh
- Mitigation: updated kernel (with PTI/KPTI patches), updating the kernel is enough
- Performance impact of the mitigation: low to medium
## Disclaimer
**CVE-2018-3640** rogue system register read (Variant 3a)
- Impact: TBC
- Mitigation: microcode update only
- Performance impact of the mitigation: negligible
**CVE-2018-3639** speculative store bypass (Variant 4)
- Impact: software using JIT (no known exploitation against kernel)
- Mitigation: microcode update + kernel update making possible for affected software to protect itself
- Performance impact of the mitigation: low to medium
**CVE-2018-3615** l1 terminal fault (Foreshadow-NG SGX)
- Impact: Kernel & all software (any physical memory address in the system)
- Mitigation: microcode update
- Performance impact of the mitigation: negligible
**CVE-2018-3620** l1 terminal fault (Foreshadow-NG SMM)
- Impact: Kernel & System management mode
- Mitigation: updated kernel (with PTE inversion)
- Performance impact of the mitigation: negligible
**CVE-2018-3646** l1 terminal fault (Foreshadow-NG VMM)
- Impact: Virtualization software and Virtual Machine Monitors
- Mitigation: disable ept (extended page tables), disable hyper-threading (SMT), or
updated kernel (with L1d flush)
- Performance impact of the mitigation: low to significant
## Understanding what this script does and doesn't
This tool does its best to determine whether your system is immune (or has proper mitigations in place) for the collectively named "speculative execution" vulnerabilities. It doesn't attempt to run any kind of exploit, and can't guarantee that your system is secure, but rather helps you verifying whether your system has the known correct mitigations in place.
However, some mitigations could also exist in your kernel that this script doesn't know (yet) how to detect, or it might falsely detect mitigations that in the end don't work as expected (for example, on backported or modified kernels).

15
src/yunohost/vendor/spectre-meltdown-checker/docker-compose.yml vendored Normal file
View file

@ -0,0 +1,15 @@
version: '2'
services:
spectre-meltdown-checker:
build:
context: ./
dockerfile: ./Dockerfile
image: spectre-meltdown-checker:latest
container_name: spectre-meltdown-checker
privileged: true
network_mode: none
volumes:
- /boot:/boot:ro
- /dev/cpu:/dev/cpu:ro
- /lib/modules:/lib/modules:ro

1941
src/yunohost/vendor/spectre-meltdown-checker/spectre-meltdown-checker.sh vendored
View file

File diff suppressed because it is too large Load diff