diff --git a/debian/changelog b/debian/changelog index ae3a07932..c7b56976e 100644 --- a/debian/changelog +++ b/debian/changelog @@ -27,6 +27,17 @@ yunohost (12.0.0) unstable; urgency=low -- Alexandre Aubin Thu, 04 May 2023 20:30:19 +0200 +yunohost (11.2.25) stable; urgency=low + + - diagnosis: be more robust when diagnosis DMARC records not containing '=' (d376677db) + - bullseye->bookworm: explicitly import _strptime at the beginning to try to prevent "No module named '_strptime'" during migration (2d3dddc51) + - bullseye->bookworm: explicitly validate that we're on yunohost 12.x at the end of the migration (8b5698317) + - bullseye->bookworm: make sure the non-free / non-free-firmware stuff is idempotent (ad98a10fa) + - bullseye->bookworm: in debian control, add rule that moulinette and ssowat must be < 12 to prevent situation in bullseye->bookworm transition where moulinette gets upgrade but yunohost doesnt and everything explodes (8705dfcf5) + - bullseye->bookworm: more stuff to try to prevent aptitude derping about python dependencies (f4727d3cb) + + -- Alexandre Aubin Tue, 30 Jul 2024 17:12:12 +0200 + yunohost (11.2.24) stable; urgency=low - ci: we don't care about mypy in tests/ folder (ebaecfcbd) diff --git a/src/diagnosers/12-dnsrecords.py b/src/diagnosers/12-dnsrecords.py index 5c0f4ea9e..e6959898f 100644 --- a/src/diagnosers/12-dnsrecords.py +++ b/src/diagnosers/12-dnsrecords.py @@ -217,7 +217,9 @@ class MyDiagnoser(Diagnoser): } if "v=DMARC1" in r["value"]: for param in current: - key, value = param.split("=") + if "=" not in param: + return False + key, value = param.split("=", 1) if key == "p": return value in ["none", "quarantine", "reject"] return expected == current diff --git a/src/migrations/0027_migrate_to_bookworm.py b/src/migrations/0027_migrate_to_bookworm.py index 5395153cc..ac8becccd 100644 --- a/src/migrations/0027_migrate_to_bookworm.py +++ b/src/migrations/0027_migrate_to_bookworm.py @@ -3,6 +3,9 @@ import os import subprocess from time import sleep +# Explicitly import _strptime to prevent an issue that may arise later because of python3.9 being replaced by 3.11 in the middle of the upgrade etc +import _strptime # noqa: F401 + from moulinette import Moulinette, m18n from moulinette.utils.process import call_async_output from yunohost.utils.error import YunohostError @@ -130,6 +133,9 @@ class MyMigration(Migration): "echo 'libc6 libraries/restart-without-asking boolean true' | debconf-set-selections" ) + # Stupid stuff because resolvconf later wants to edit /etc/resolv.conf and will miserably crash if it's immutable + os.system("chattr -i /etc/resolv.conf") + # Do not restart nginx during the upgrade of nginx-common and nginx-extras ... # c.f. https://manpages.debian.org/bullseye/init-system-helpers/deb-systemd-invoke.1p.en.html # and zcat /usr/share/doc/init-system-helpers/README.policy-rc.d.gz @@ -185,8 +191,16 @@ class MyMigration(Migration): logger.debug(f"Running: {command}") os.system(command) - aptitude_with_progress_bar("upgrade cron rspamd- libluajit-5.1-2- --show-why -o APT::Force-LoopBreak=1 -o Dpkg::Options::='--force-confold'") + aptitude_with_progress_bar("full-upgrade cron rspamd- luajit- libluajit-5.1-2- --show-why -o APT::Force-LoopBreak=1 -o Dpkg::Options::='--force-confold'") + # For some reason aptitude is derping about python3 / python3-venv so try to explicitly tell to install python3.11 to replace 3.9... + # Note the '+M' prefix which is here to mark the packages as automatically installed + python_upgrade_list = "python3 python3.11+M python3.9- " + if os.system('dpkg --list | grep -q "^ii python3.9-venv "') == 0: + python_upgrade_list += "python3-venv+M python3.11-venv+M python3.9-venv-" + aptitude_with_progress_bar(f"full-upgrade {python_upgrade_list} --show-why -o APT::Force-LoopBreak=1 -o Dpkg::Options::='--force-confold'") + + # Full upgrade of "every" packages except the yunohost ones which are held aptitude_with_progress_bar("full-upgrade --show-why -o Dpkg::Options::='--force-confold'") # Force regenconf of nsswitch because for some reason @@ -225,10 +239,6 @@ class MyMigration(Migration): full_upgrade_cmd += "yunohost yunohost-admin yunohost-portal moulinette ssowat " # This one is needed to solve aptitude derping with nginx dependencies full_upgrade_cmd += "libluajit2-5.1-2 " - if os.system('dpkg --list | grep -q "^ii python3.9-venv "') == 0: - full_upgrade_cmd += "python3.9- " - if os.system('dpkg --list | grep -q "^ii python3.9 "') == 0: - full_upgrade_cmd += "python3.9-venv- " try: aptitude_with_progress_bar(full_upgrade_cmd) @@ -264,6 +274,9 @@ class MyMigration(Migration): # For some reason subprocess doesn't like the redirections so we have to use bash -c explicity... subprocess.check_call(["bash", "-c", cmd]) + if self.yunohost_major_version() != N_CURRENT_YUNOHOST + 1: + raise YunohostError("Still on YunoHost 11.x at the end of the migration, eh? Sounds like the migration didn't really complete!?", raw_msg=True) + def debian_major_version(self): # The python module "platform" and lsb_release are not reliable because # on some setup, they may still return Release=9 even after upgrading to @@ -405,7 +418,7 @@ class MyMigration(Migration): "-e '/backports/ s@^#*@#@' " "-e 's@ bullseye/updates @ bookworm-security @g' " "-e 's@ bullseye-@ bookworm-@g' " - "-e 's@ non-free@ non-free non-free-firmware@g' " + "-e '/non-free-firmware/!s@ non-free@ non-free non-free-firmware@g' " "-e 's@deb.*http://forge.yunohost.org@deb [signed-by=/usr/share/keyrings/yunohost-bookworm.gpg] http://forge.yunohost.org@g' " ) os.system(command)