From 2d3dddc51a925ed4871014865a9ea8a4348b393b Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sat, 27 Jul 2024 15:06:48 +0200 Subject: [PATCH 01/10] bullseye->bookworm: explicitly import _strptime at the beginning to try to prevent "No module named '_strptime'" during migration --- src/migrations/0027_migrate_to_bookworm.py.disabled | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/migrations/0027_migrate_to_bookworm.py.disabled b/src/migrations/0027_migrate_to_bookworm.py.disabled index 5395153cc..69c9812b3 100644 --- a/src/migrations/0027_migrate_to_bookworm.py.disabled +++ b/src/migrations/0027_migrate_to_bookworm.py.disabled @@ -3,6 +3,9 @@ import os import subprocess from time import sleep +# Explicitly import _strptime to prevent an issue that may arise later because of python3.9 being replaced by 3.11 in the middle of the upgrade etc +import _strptime # noqa: F401 + from moulinette import Moulinette, m18n from moulinette.utils.process import call_async_output from yunohost.utils.error import YunohostError From 8b56983171033b8da1363c04a7956cd4f102b222 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Sat, 27 Jul 2024 15:09:48 +0200 Subject: [PATCH 02/10] bullseye->bookworm: explicitly validate that we're on yunohost 12.x at the end of the migration --- src/migrations/0027_migrate_to_bookworm.py.disabled | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/migrations/0027_migrate_to_bookworm.py.disabled b/src/migrations/0027_migrate_to_bookworm.py.disabled index 69c9812b3..46bde6e25 100644 --- a/src/migrations/0027_migrate_to_bookworm.py.disabled +++ b/src/migrations/0027_migrate_to_bookworm.py.disabled @@ -267,6 +267,9 @@ class MyMigration(Migration): # For some reason subprocess doesn't like the redirections so we have to use bash -c explicity... subprocess.check_call(["bash", "-c", cmd]) + if self.yunohost_major_version() != N_CURRENT_YUNOHOST + 1: + raise YunohostError("Still on YunoHost 11.x at the end of the migration, eh? Sounds like the migration didn't really complete!?", raw_msg=True) + def debian_major_version(self): # The python module "platform" and lsb_release are not reliable because # on some setup, they may still return Release=9 even after upgrading to From d376677db6314c5aec623420dc25e3173ce3b3fc Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Tue, 30 Jul 2024 15:50:45 +0200 Subject: [PATCH 03/10] diagnosis: be more robust when diagnosis DMARC records not containing '=' --- src/diagnosers/12-dnsrecords.py | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/diagnosers/12-dnsrecords.py b/src/diagnosers/12-dnsrecords.py index 041030553..d63e54c9c 100644 --- a/src/diagnosers/12-dnsrecords.py +++ b/src/diagnosers/12-dnsrecords.py @@ -217,7 +217,9 @@ class MyDiagnoser(Diagnoser): } if "v=DMARC1" in r["value"]: for param in current: - key, value = param.split("=") + if "=" not in param: + return False + key, value = param.split("=", 1) if key == "p": return value in ["none", "quarantine", "reject"] return expected == current From ad98a10fa8db7ac7e708d4b501bd1cd9e28db50e Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Tue, 30 Jul 2024 16:00:09 +0200 Subject: [PATCH 04/10] bullseye->bookworm: make sure the non-free / non-free-firmware stuff is idempotent --- src/migrations/0027_migrate_to_bookworm.py.disabled | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/migrations/0027_migrate_to_bookworm.py.disabled b/src/migrations/0027_migrate_to_bookworm.py.disabled index 46bde6e25..b3ae7ea51 100644 --- a/src/migrations/0027_migrate_to_bookworm.py.disabled +++ b/src/migrations/0027_migrate_to_bookworm.py.disabled @@ -411,7 +411,7 @@ class MyMigration(Migration): "-e '/backports/ s@^#*@#@' " "-e 's@ bullseye/updates @ bookworm-security @g' " "-e 's@ bullseye-@ bookworm-@g' " - "-e 's@ non-free@ non-free non-free-firmware@g' " + "-e '/non-free-firmware/!s@ non-free@ non-free non-free-firmware@g' " "-e 's@deb.*http://forge.yunohost.org@deb [signed-by=/usr/share/keyrings/yunohost-bookworm.gpg] http://forge.yunohost.org@g' " ) os.system(command) From 8705dfcf5ce31e7daac914d3c3edc2b0d9c9700c Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Tue, 30 Jul 2024 16:21:08 +0200 Subject: [PATCH 05/10] debian: add rule that moulinette and ssowat must be < 12 to prevent situation in bullseye->bookworm transition where moulinette gets upgrade but yunohost doesnt and everything explodes --- debian/control | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/debian/control b/debian/control index caa793b5c..06a665dec 100644 --- a/debian/control +++ b/debian/control @@ -10,7 +10,7 @@ Package: yunohost Essential: yes Architecture: all Depends: ${python3:Depends}, ${misc:Depends} - , moulinette (>= 11.1), ssowat (>= 11.1) + , moulinette (>= 11.1), moulinette (<< 12.0), ssowat (>= 11.1), ssowat (<< 12.0) , python3-psutil, python3-requests, python3-dnspython, python3-openssl , python3-miniupnpc, python3-dbus, python3-jinja2 , python3-toml, python3-packaging, python3-publicsuffix2 From f4727d3cb6b1b2132ef4bca698ae8ce5586d2c9c Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Tue, 30 Jul 2024 16:51:22 +0200 Subject: [PATCH 06/10] bullseye->bookworm: more stuff to try to prevent aptitude derping about python dependencies --- src/migrations/0027_migrate_to_bookworm.py.disabled | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/migrations/0027_migrate_to_bookworm.py.disabled b/src/migrations/0027_migrate_to_bookworm.py.disabled index b3ae7ea51..802947bb7 100644 --- a/src/migrations/0027_migrate_to_bookworm.py.disabled +++ b/src/migrations/0027_migrate_to_bookworm.py.disabled @@ -228,10 +228,11 @@ class MyMigration(Migration): full_upgrade_cmd += "yunohost yunohost-admin yunohost-portal moulinette ssowat " # This one is needed to solve aptitude derping with nginx dependencies full_upgrade_cmd += "libluajit2-5.1-2 " + # For some reason aptitude is derping about python3 / python3-venv so try to explicitly tell to install python3.11 to replace 3.9... if os.system('dpkg --list | grep -q "^ii python3.9-venv "') == 0: - full_upgrade_cmd += "python3.9- " + full_upgrade_cmd += "python3.11-venv python3.9-venv- " if os.system('dpkg --list | grep -q "^ii python3.9 "') == 0: - full_upgrade_cmd += "python3.9-venv- " + full_upgrade_cmd += "python3.11 python3.9- " try: aptitude_with_progress_bar(full_upgrade_cmd) From 44529b6d9229a899b52cb047d66ac04ab53cd980 Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Tue, 30 Jul 2024 17:13:06 +0200 Subject: [PATCH 07/10] Update changelog for 11.2.25 --- debian/changelog | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/debian/changelog b/debian/changelog index 611e6bbad..1eb7edf34 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,14 @@ +yunohost (11.2.25) stable; urgency=low + + - diagnosis: be more robust when diagnosis DMARC records not containing '=' (d376677db) + - bullseye->bookworm: explicitly import _strptime at the beginning to try to prevent "No module named '_strptime'" during migration (2d3dddc51) + - bullseye->bookworm: explicitly validate that we're on yunohost 12.x at the end of the migration (8b5698317) + - bullseye->bookworm: make sure the non-free / non-free-firmware stuff is idempotent (ad98a10fa) + - bullseye->bookworm: in debian control, add rule that moulinette and ssowat must be < 12 to prevent situation in bullseye->bookworm transition where moulinette gets upgrade but yunohost doesnt and everything explodes (8705dfcf5) + - bullseye->bookworm: more stuff to try to prevent aptitude derping about python dependencies (f4727d3cb) + + -- Alexandre Aubin Tue, 30 Jul 2024 17:12:12 +0200 + yunohost (11.2.24) stable; urgency=low - ci: we don't care about mypy in tests/ folder (ebaecfcbd) From 423e79bd57a02d81fb0ec42567868acad9fbce2d Mon Sep 17 00:00:00 2001 From: Alexandre Aubin <4533074+alexAubin@users.noreply.github.com> Date: Tue, 30 Jul 2024 23:14:32 +0200 Subject: [PATCH 08/10] Update 0027_migrate_to_bookworm.py.disabled: encourage apt to remove luajit if it's installed because for some reason it's causing issues --- src/migrations/0027_migrate_to_bookworm.py.disabled | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/migrations/0027_migrate_to_bookworm.py.disabled b/src/migrations/0027_migrate_to_bookworm.py.disabled index 802947bb7..86f2e37ff 100644 --- a/src/migrations/0027_migrate_to_bookworm.py.disabled +++ b/src/migrations/0027_migrate_to_bookworm.py.disabled @@ -188,7 +188,7 @@ class MyMigration(Migration): logger.debug(f"Running: {command}") os.system(command) - aptitude_with_progress_bar("upgrade cron rspamd- libluajit-5.1-2- --show-why -o APT::Force-LoopBreak=1 -o Dpkg::Options::='--force-confold'") + aptitude_with_progress_bar("upgrade cron rspamd- luajit- libluajit-5.1-2- --show-why -o APT::Force-LoopBreak=1 -o Dpkg::Options::='--force-confold'") aptitude_with_progress_bar("full-upgrade --show-why -o Dpkg::Options::='--force-confold'") From d766f7cdda2d19276eb5b1b2aeec5523f8845cca Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Tue, 30 Jul 2024 23:50:58 +0200 Subject: [PATCH 09/10] bullseye->bookworm: have a specific step dedicated to upgrade python3.9 to 3.11 because apt(itude) is derping about it sometimes... --- .../0027_migrate_to_bookworm.py.disabled | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/src/migrations/0027_migrate_to_bookworm.py.disabled b/src/migrations/0027_migrate_to_bookworm.py.disabled index 86f2e37ff..850f20198 100644 --- a/src/migrations/0027_migrate_to_bookworm.py.disabled +++ b/src/migrations/0027_migrate_to_bookworm.py.disabled @@ -188,8 +188,16 @@ class MyMigration(Migration): logger.debug(f"Running: {command}") os.system(command) - aptitude_with_progress_bar("upgrade cron rspamd- luajit- libluajit-5.1-2- --show-why -o APT::Force-LoopBreak=1 -o Dpkg::Options::='--force-confold'") + aptitude_with_progress_bar("full-upgrade cron rspamd- luajit- libluajit-5.1-2- --show-why -o APT::Force-LoopBreak=1 -o Dpkg::Options::='--force-confold'") + # For some reason aptitude is derping about python3 / python3-venv so try to explicitly tell to install python3.11 to replace 3.9... + # Note the '+M' prefix which is here to mark the packages as automatically installed + python_upgrade_list = "python3 python3.11+M python3.9- " + if os.system('dpkg --list | grep -q "^ii python3.9-venv "') == 0: + python_upgrade_list += "python3-venv+M python3.11-venv+M python3.9-venv-" + aptitude_with_progress_bar(f"full-upgrade {python_upgrade_list} --show-why -o APT::Force-LoopBreak=1 -o Dpkg::Options::='--force-confold'") + + # Full upgrade of "every" packages except the yunohost ones which are held aptitude_with_progress_bar("full-upgrade --show-why -o Dpkg::Options::='--force-confold'") # Force regenconf of nsswitch because for some reason @@ -228,11 +236,6 @@ class MyMigration(Migration): full_upgrade_cmd += "yunohost yunohost-admin yunohost-portal moulinette ssowat " # This one is needed to solve aptitude derping with nginx dependencies full_upgrade_cmd += "libluajit2-5.1-2 " - # For some reason aptitude is derping about python3 / python3-venv so try to explicitly tell to install python3.11 to replace 3.9... - if os.system('dpkg --list | grep -q "^ii python3.9-venv "') == 0: - full_upgrade_cmd += "python3.11-venv python3.9-venv- " - if os.system('dpkg --list | grep -q "^ii python3.9 "') == 0: - full_upgrade_cmd += "python3.11 python3.9- " try: aptitude_with_progress_bar(full_upgrade_cmd) From 65ea34d7cb729f8d1f55d0e7e442a636bf64c83e Mon Sep 17 00:00:00 2001 From: Alexandre Aubin Date: Tue, 30 Jul 2024 23:53:39 +0200 Subject: [PATCH 10/10] bullseye->bookworm: boring tweak to remove chattr +i from /etc/resolv.conf otherwise resolvconf will later explode and complain about it --- src/migrations/0027_migrate_to_bookworm.py.disabled | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/migrations/0027_migrate_to_bookworm.py.disabled b/src/migrations/0027_migrate_to_bookworm.py.disabled index 850f20198..ac8becccd 100644 --- a/src/migrations/0027_migrate_to_bookworm.py.disabled +++ b/src/migrations/0027_migrate_to_bookworm.py.disabled @@ -133,6 +133,9 @@ class MyMigration(Migration): "echo 'libc6 libraries/restart-without-asking boolean true' | debconf-set-selections" ) + # Stupid stuff because resolvconf later wants to edit /etc/resolv.conf and will miserably crash if it's immutable + os.system("chattr -i /etc/resolv.conf") + # Do not restart nginx during the upgrade of nginx-common and nginx-extras ... # c.f. https://manpages.debian.org/bullseye/init-system-helpers/deb-systemd-invoke.1p.en.html # and zcat /usr/share/doc/init-system-helpers/README.policy-rc.d.gz