Forgejo seems to be 'nosey'

Support
,
1

Hi all,

My YunoHost server

  • Server is running Linux kernel 6.5.11-4-pve
  • Server is running Debian 11.8
  • Server is running YunoHost 11.2.8.2 (stable)
  • yunohost version: 11.2.8.2 (stable)
  • yunohost-admin version: 11.2.3 (stable)
  • moulinette version: 11.2 (stable)
  • ssowat version: 11.2 (stable)

Hardware: laptop or computer
YunoHost version:
I have access to my server : Through SSH | through the webadmin | direct access via keyboard / screen | …
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
If yes, please explain:

Description of my issue

A while back I installed Forgejo. Since then I noticed Forgejo popping up when performing upgrades of apps on my Yunohost, but did not delve into it further.

I just installed Snappymail, and wondered where it ended up on disk (meaning to find a shortcut to creating identities instead of one-by-one via the webform). When I opened the log of the installation, I wondered initially whether I opened the correct log: the start of the log is full of mentions of Forgejo.

I would upload the log of the installation, but it has an authorization token for Forgejo, I am not sure whether it is a onetime token or something sensitive. It looks like this: 2023-12-25 22:01:24,629: DEBUG - + curl --url https://forge.domain2.tld//api/v1/admin/cron/sync_external_users -X POST -H 'Authorization: token aefa2b13f6e9677....db2a5b47c34' -kfsS

As Forgejo is only mentioned on the first twenty lines or so, I’ll post the top of the log here:

args:
  app: snappymail
  force: false
  label: undefined
  no_remove_on_failure: false
ended_at: 2023-12-25 22:02:46.673696
env:
  YNH_APP_ACTION: install
  YNH_APP_ARG_DOMAIN: domain2.tld
  YNH_APP_ARG_INIT_MAIN_PERMISSION: all_users
  YNH_APP_ARG_PATH: /snappymail
  YNH_APP_BASEDIR: /var/cache/yunohost/app_tmp_work_dirs/app__2w_hz8u
  YNH_APP_ID: snappymail
  YNH_APP_INSTANCE_NAME: snappymail
  YNH_APP_INSTANCE_NUMBER: '1'
  YNH_APP_MANIFEST_VERSION: 2.31.0~ynh1
  YNH_APP_PACKAGING_FORMAT: '2.0'
  YNH_ARCH: amd64
  YNH_DEBIAN_VERSION: bullseye
error: null
interface: api
operation: app_install
parent: null
related_to:
- - app
  - snappymail
started_at: 2023-12-25 22:01:16.729110
success: true
yunohost_version: 11.2.8.2

============

2023-12-25 22:01:16,748: INFO - Installing snappymail...
2023-12-25 22:01:16,761: INFO - Provisioning sources...
2023-12-25 22:01:16,762: DEBUG - Prefetching asset main: https://github.com/the-djmaze/snappymail/releases/download/v2.31.0/snappymail-2.31.0.tar.gz ...
2023-12-25 22:01:18,284: INFO - Provisioning system_user...
2023-12-25 22:01:21,480: INFO - Provisioning install_dir...
2023-12-25 22:01:21,497: INFO - Provisioning permissions...
2023-12-25 22:01:22,689: DEBUG - Permission 'snappymail.main' updated
2023-12-25 22:01:23,051: DEBUG - Full log of this operation: '<a href="#/tools/logs/20231225-220122-permission_url-snappymail" style="text-decoration:underline">Update URL related to permission 'snappymail'</a>'
2023-12-25 22:01:24,189: DEBUG - Executing command '['sh', '-c', '/bin/bash -x "./50-forgejo" snappymail \'\' main all_users 7>&1']'
2023-12-25 22:01:24,209: DEBUG - + source /usr/share/yunohost/helpers
2023-12-25 22:01:24,210: DEBUG - +++ set +o
2023-12-25 22:01:24,210: DEBUG - +++ grep xtrace
2023-12-25 22:01:24,213: DEBUG - ++ readonly 'XTRACE_ENABLE=set -o xtrace'
2023-12-25 22:01:24,213: DEBUG - ++ XTRACE_ENABLE='set -o xtrace'
2023-12-25 22:01:24,251: DEBUG - ++ dirname ./50-forgejo
2023-12-25 22:01:24,254: DEBUG - + pwd=.
2023-12-25 22:01:24,255: DEBUG - ++ basename ./50-forgejo
2023-12-25 22:01:24,257: DEBUG - + filename=50-forgejo
2023-12-25 22:01:24,258: DEBUG - + app=forgejo
2023-12-25 22:01:24,258: DEBUG - ++ ynh_app_setting_get --app=forgejo --key=domain
2023-12-25 22:01:24,258: DEBUG - ++ local _globalapp=forgejo
2023-12-25 22:01:24,302: DEBUG - ++ app=forgejo
2023-12-25 22:01:24,302: DEBUG - ++ [[ domain =~ (unprotected|protected|skipped)_ ]]
2023-12-25 22:01:24,302: DEBUG - ++ ynh_app_setting get forgejo domain
2023-12-25 22:01:24,385: DEBUG - + domain=forge.domain2.tld
2023-12-25 22:01:24,385: DEBUG - ++ ynh_app_setting_get --app=forgejo --key=path
2023-12-25 22:01:24,386: DEBUG - ++ local _globalapp=forgejo
2023-12-25 22:01:24,426: DEBUG - ++ app=forgejo
2023-12-25 22:01:24,427: DEBUG - ++ [[ path =~ (unprotected|protected|skipped)_ ]]
2023-12-25 22:01:24,427: DEBUG - ++ ynh_app_setting get forgejo path
2023-12-25 22:01:24,500: DEBUG - + path=/
2023-12-25 22:01:24,501: DEBUG - + source ./../../apps/forgejo/scripts/_common.sh
2023-12-25 22:01:24,501: DEBUG - + synchronize_users
2023-12-25 22:01:24,502: DEBUG - + ynh_print_info '--message=Synchronizing forgejo users'
2023-12-25 22:01:24,515: INFO - Synchronizing forgejo users
2023-12-25 22:01:24,517: DEBUG - ++ ynh_app_setting_get --app=forgejo --key=forgejo_api_token
2023-12-25 22:01:24,517: DEBUG - ++ local _globalapp=forgejo
2023-12-25 22:01:24,557: DEBUG - ++ app=forgejo
2023-12-25 22:01:24,558: DEBUG - ++ [[ forgejo_api_token =~ (unprotected|protected|skipped)_ ]]
2023-12-25 22:01:24,558: DEBUG - ++ ynh_app_setting get forgejo forgejo_api_token
2023-12-25 22:01:24,629: DEBUG - + curl --url https://forge.domain2.tld//api/v1/admin/cron/sync_external_users -X POST -H 'Authorization: token aefa2b13f....2a5b47c34' -kfsS
2023-12-25 22:01:24,671: DEBUG - <html>
2023-12-25 22:01:24,671: DEBUG - <head><title>302 Found</title><script type="text/javascript" src="/ynh_portal.js"></script><link type="text/css" rel="stylesheet" href="/ynh_overlay.css"><script type="text/javascript" src="/ynhtheme/custom_portal.js"></script><link type="text/css" rel="stylesheet" href="/ynhtheme/custom_overlay.css"></head>
2023-12-25 22:01:24,671: DEBUG - <body>
2023-12-25 22:01:24,671: DEBUG - <center><h1>302 Found</h1></center>
2023-12-25 22:01:24,672: DEBUG - <hr><center>nginx</center>
2023-12-25 22:01:24,672: DEBUG - </body>
2023-12-25 22:01:24,672: DEBUG - </html>
2023-12-25 22:01:25,674: DEBUG - Executing command '['sh', '-c', '/bin/bash -x "./50-opensondage" snappymail \'\' main all_users 7>&1']'
2023-12-25 22:01:25,692: DEBUG - + source /usr/share/yunohost/helpers
2023-12-25 22:01:25,693: DEBUG - +++ set +o
2023-12-25 22:01:25,694: DEBUG - +++ grep xtrace
2023-12-25 22:01:25,696: DEBUG - ++ readonly 'XTRACE_ENABLE=set -o xtrace'
2023-12-25 22:01:25,696: DEBUG - ++ XTRACE_ENABLE='set -o xtrace'
2023-12-25 22:01:25,724: DEBUG - + app=snappymail
2023-12-25 22:01:25,724: DEBUG - + added_users=
2023-12-25 22:01:25,724: DEBUG - + permission=main
2023-12-25 22:01:25,725: DEBUG - + added_groups=all_users
2023-12-25 22:01:25,725: DEBUG - + '[' snappymail == opensondage ']'

Any idea how come? Is this intended, or could it be an error in my installation of Forgejo?

2

Hmf yeah that’s related to this hook https://github.com/YunoHost-Apps/forgejo_ynh/blob/master/hooks/post_app_addaccess which i guess is meant to keep the user DB and yunohost “ACL” in sync between Yunohost (LDAP) and Forgejo (which i guess is not / can’t be ? properly integrated with LDAP) which in turns call this snippet : https://github.com/YunoHost-Apps/forgejo_ynh/blob/master/scripts/_common.sh#L42

1 Like
3

Hi Aleks,

I see. The script can not distinguish between a person-user and an app-user, so whenever an app is touched, the access for the corresponding user is touched and the hook is activated.

Thanks for explaining and pointing to the relevant sources!

4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.