Problème d’authentification après mise à jour vers Yunohost 11.1.21

Support
,
1

:uk:/:us:

Hardware: Old laptop or computer
YunoHost version: 11.1.21
I have access to my server : Through SSH
Are you in a special context or did you perform some particular tweaking on your YunoHost instance ? : no
If yes, please explain:

Description of my issue

I’ve just upgrade Yunohost to 11.1.21 (and from 11.1.20). When I look at my upgrade logs, here is what I see (permission issue).

[…]
+ (Lecture de la base de données... 169927 fichiers et répertoires déjà installés.)
+ Préparation du dépaquetage de .../yunohost_11.1.21_all.deb ...
+ Dépaquetage de yunohost (11.1.21) sur (11.1.20) ...
+ Paramétrage de yunohost (11.1.21) ...
+ Installation de la nouvelle version du fichier de configuration /etc/bash_completion.d/yunohost ...
+ Regenerating configuration, this might take a while...
+ La configuration a été mise à jour pour 'yunohost'
+ La configuration a été mise à jour pour 'nginx'
+ La configuration a été mise à jour pour 'dnsmasq'
/opt/goenv/bin/goenv: ligne 23: /dev/null: Permission non accordée
/opt/goenv/libexec/goenv-init: ligne 36: /dev/null: Permission non accordée
/etc/profile.d/goenv.sh: ligne 10: /dev/null: Permission non accordée
/opt/goenv/bin/goenv: ligne 23: /dev/null: Permission non accordée
/opt/goenv/libexec/goenv-hooks: ligne 24: /dev/null: Permission non accordée
+ Launching migrations...
+ Aucune migration à lancer
[…]

When I connect to ssh, I see (but I can connect to ssh):

-bash: /dev/null: Permission non accordée
/opt/goenv/bin/goenv: ligne 23: /dev/null: Permission non accordée
/opt/goenv/libexec/goenv-init: ligne 36: /dev/null: Permission non accordée
-bash: /dev/null: Permission non accordée
/opt/goenv/bin/goenv: ligne 23: /dev/null: Permission non accordée
/opt/goenv/libexec/goenv-hooks: ligne 24: /dev/null: Permission non accordée
-bash: /dev/null: Permission non accordée

And here are my logs from yunohost-api:

Jun 11 22:11:18 next.nohost.me yunohost-api[3815631]:     return callback(*args, **kwargs)
Jun 11 22:11:18 next.nohost.me yunohost-api[3815631]:   File "/usr/lib/python3/dist-packages/moulinette/interfaces/api.py", line 736, in wrapper
Jun 11 22:11:18 next.nohost.me yunohost-api[3815631]:     return callback(*args, **kwargs)
Jun 11 22:11:18 next.nohost.me yunohost-api[3815631]:   File "/usr/lib/python3/dist-packages/moulinette/interfaces/api.py", line 748, in wrapper
Jun 11 22:11:18 next.nohost.me yunohost-api[3815631]:     return callback(*args, **kwargs)
Jun 11 22:11:18 next.nohost.me yunohost-api[3815631]:   File "/usr/lib/python3/dist-packages/moulinette/interfaces/api.py", line 394, in logout
Jun 11 22:11:18 next.nohost.me yunohost-api[3815631]:     authenticator.get_session_cookie()
Jun 11 22:11:18 next.nohost.me yunohost-api[3815631]:   File "/usr/lib/python3/dist-packages/yunohost/authenticators/ldap_admin.py", line 162, in get_session_cookie
Jun 11 22:11:18 next.nohost.me yunohost-api[3815631]:     raise YunohostAuthenticationError("unable_authenticate")
Jun 11 22:11:18 next.nohost.me yunohost-api[3815631]: yunohost.utils.error.YunohostAuthenticationError: Impossible de vous authentifier

Other than that (so thoses permissions and authentification issues), everything works on the server.
Thanks for your support!

EDIT : I spoke to fast, after cleaning cache, the webadmin works, but when I try to upgrade, I’ve an error:

Impossible de mettre à jour le cache APT (gestionnaire de paquets Debian). Voici un extrait du fichier sources.list qui pourrait vous aider à identifier les lignes problématiques :
sources.list:deb http://ftp.debian.org/debian bullseye main contrib
sources.list:deb-src http://ftp.debian.org/debian bullseye main contrib
sources.list:deb http://forge.yunohost.org/debian/ bullseye stable testing
sources.list:deb http://security.debian.org/debian-security bullseye-security main contrib non-free
sources.list:deb-src http://security.debian.org/debian-security bullseye-security main contrib non-free
sources.list:deb http://ftp.debian.org/debian bullseye-updates main contrib non-free
sources.list:deb-src http://ftp.debian.org/debian bullseye-updates main contrib non-free
sources.list.d/extra_php_version.list:deb https://packages.sury.org/php/ bullseye main
sources.list.d/docker.list:deb [arch=amd64] https://download.docker.com/linux/debian bullseye stable
sources.list.d/crystal.list:deb http://download.opensuse.org/repositories/devel:languages:crystal/Debian_Unstable/ /

Pendant le traitement de l'action, le serveur a dit :
Récupération des mises à jour disponibles pour les paquets du système...
gpgv: Signature made Sun Jun 11 19:53:17 2023 CEST
gpgv: using RSA key 40AA6D5FE49AD892BF762EC8FDBB9F3D83BD9E70
gpgv: Good signature from "Yunohost .deb build system "
/usr/bin/apt-key: 57: cannot create /dev/null: Permission denied
gpgv: Signature made Sun Jun 11 19:03:17 2023 CEST
gpgv: using RSA key 5237CEEEF212F3D51C74ABE0112695A0E562B32A
gpgv: Good signature from "Debian Security Archive Automatic Signing Key (10/buster) "
gpgv: Signature made Sun Jun 11 19:03:17 2023 CEST
gpgv: using RSA key ED541312A33F1128F10B1C6C54404762BBB6E853
gpgv: Good signature from "Debian Security Archive Automatic Signing Key (11/bullseye) "
/usr/bin/apt-key: 57: cannot create /dev/null: Permission denied
gpgv: Signature made Sat Jun 10 10:53:06 2023 CEST
gpgv: using RSA key 0146DC6D4A0B2914BDED34DB648ACFD622F3D138
gpgv: Good signature from "Debian Archive Automatic Signing Key (10/buster) "
gpgv: Signature made Sat Jun 10 10:53:07 2023 CEST
gpgv: using RSA key A7236886F3CCCAAD148A27F80E98404D386FA1D9
gpgv: Good signature from "Debian Archive Automatic Signing Key (11/bullseye) "
gpgv: Signature made Sat Jun 10 11:32:24 2023 CEST
gpgv: using RSA key A4285295FC7B1A81600062A9605C66F00D6C9793
gpgv: issuer "debian-release@lists.debian.org"
gpgv: Good signature from "Debian Stable Release Key (11/bullseye) "
/usr/bin/apt-key: 57: cannot create /dev/null: Permission denied
gpgv: Signature made Sun Jun 11 16:09:26 2023 CEST
gpgv: using RSA key A7236886F3CCCAAD148A27F80E98404D386FA1D9
gpgv: Good signature from "Debian Archive Automatic Signing Key (11/bullseye) "
gpgv: Signature made Sun Jun 11 16:10:08 2023 CEST
gpgv: using RSA key 4CB50190207B4758A3F73A796ED0E7B82643E131
gpgv: Good signature from "Debian Archive Automatic Signing Key (12/bookworm) "
/usr/bin/apt-key: 57: cannot create /dev/null: Permission denied
gpgv: Signature made Fri Jun 9 19:19:00 2023 CEST
gpgv: using RSA key 7EA0A9C3F273FCD8
gpgv: Good signature from "Docker Release (CE deb) "
/usr/bin/apt-key: 57: cannot create /dev/null: Permission denied
gpgv: Signature made Sun Jun 11 03:58:31 2023 CEST
gpgv: using RSA key 15058500A0235D97F5D10063B188E2B695BD4743
gpgv: Good signature from "DEB.SURY.ORG Automatic Signing Key "
/usr/bin/apt-key: 57: cannot create /dev/null: Permission denied
E: The repository 'http://download.opensuse.org/repositories/devel:languages:crystal/Debian_Unstable Release' no longer has a Release file.
1 Like
2

Wokay, what dah frak …

This definitely sounds unrelated to the 11.1.21 …

Can we have a look at ls -ld /dev/ and ls -l /dev/null

1 Like
3 
ls -ld /dev/
drwxr-xr-x 18 root root 3420 11 Jun 21:51 /dev/

ls -l /dev/null
crw-r--r-- 1 root root 1, 3  8 May 16:36 /dev/null
4

Ben du coup je sais pas ce qu’il s’est passé sur les permissions de ce fichier mais chez moi j’ai

> ls -l /dev/null
crw-rw-rw- 1 root root 1, 3 juin  11 21:01 /dev/null

et apriori les permissions de /dev/null ne changement pas magiquement … Tu as fait un truc particulier avant la mise à jour de YunoHost …?

5

Après la mise à jour les permissions ont été modifiées aussi

crw-r--r-- 1 root root 1, 3 29 avril 16:40 /dev/null

Du coup, j’ai vérifié sur une instance de test non mise à jour et les droits sont :

crw-rw-rw- 1 root root 1, 3 29 mai   09:19 /dev/null

Une fois que les permissions replacées comme il faut sur l’instance mise à jour, les messages d’erreurs ont disparu.

6

Wokay, great then …

Let’s look at the output of

ls -l /etc/systemd/system/*.service
ls -l /etc/php/*/fpm/pool.d/*.conf
ls -l /etc/nginx/conf.d/*.d/*.conf
ls -l /etc/fail2ban/jail.d/*.conf
7

Hmkay great so plenty of files in /etc/systemd/system/*.service are symlinks to /dev/null …

8

Me too

**Error**: `"500"`

**Action**: `"PUT" /yunohost/api/update/all`

**Error message:**

Could not fetch source files, is the URL correct?

**While processing the action the server said:**

Fetching available upgrades for system packages...

W: Failed to fetch http://ftp.debian.org/debian/dists/bullseye/InRelease Temporary failure resolving 'ftp.debian.org'

W: Failed to fetch http://forge.yunohost.org/debian/dists/bullseye/InRelease Temporary failure resolving 'forge.yunohost.org'

W: Failed to fetch http://security.debian.org/debian-security/dists/bullseye-security/InRelease Temporary failure resolving 'security.debian.org'

W: Failed to fetch http://ftp.debian.org/debian/dists/bullseye-updates/InRelease Temporary failure resolving 'ftp.debian.org'

W: Failed to fetch https://download.docker.com/linux/debian/dists/bullseye/InRelease Temporary failure resolving 'download.docker.com'

W: Failed to fetch https://packages.sury.org/php/dists/bullseye/InRelease Temporary failure resolving 'packages.sury.org'

W: Failed to fetch http://packages.erlang-solutions.com/debian/dists/bullseye/InRelease Temporary failure resolving 'packages.erlang-solutions.com'

W: Some index files failed to download. They have been ignored, or old ones used instead.

Something went wrong while updating the cache of APT (Debian's package manager). Here is a dump of the sources.list lines, which might help identify problematic lines:
sources.list:deb http://ftp.debian.org/debian bullseye main contrib
sources.list:deb-src http://ftp.debian.org/debian bullseye main contrib
sources.list:deb http://forge.yunohost.org/debian/ bullseye stable
sources.list:deb http://security.debian.org/debian-security bullseye-security main contrib non-free
sources.list:deb-src http://security.debian.org/debian-security bullseye-security main contrib non-free
sources.list:deb http://ftp.debian.org/debian bullseye-updates main contrib non-free
sources.list:deb-src http://ftp.debian.org/debian bullseye-updates main contrib non-free
sources.list.d/dockerui.list:deb https://download.docker.com/linux/debian bullseye stable
sources.list.d/extra_php_version.list:deb https://packages.sury.org/php/ bullseye main
sources.list.d/mobilizon.list:deb http://packages.erlang-solutions.com/debian bullseye contrib

Updating application catalog...

Unable to download the default app catalog: Failed to connect to https://app.yunohost.org/default/v3/apps.json ... maybe the service is down, or you are not properly connected to the Internet in IPv4/IPv6.

Command '['git', 'ls-remote', '--symref', 'https://github.com/YunoHost-Apps/element_ynh', 'HEAD']' returned non-zero exit status 128.

Is this normal

lrwxrwxrwx 1 root root 45 19 mars 2021 /etc/systemd/system/dbus-org.freedesktop.timesync1.service -> /lib/systemd/system/systemd-timesyncd.service

9

Les permissions pour :

ls -l /etc/systemd/system/*.service
ls -l /etc/php/*/fpm/pool.d/*.conf
ls -l /etc/nginx/conf.d/*.d/*.conf
ls -l /etc/fail2ban/jail.d/*.conf

Les permissions semblent correctes

rw-r–r-- sur les fichiers

Pour les liens symboliques de certains services les permissions sont : lrwxrwxrwx

10

If you can still run upgrades, I fixed the code in 11.1.21.1 …

Otherwise, you can manually fix the issue with sudo chmod 666 /dev/null (666, yes :thinking: ) then re-attempt the upgrade

Alternatively, a reboot should properly reset /dev/null’s permissions …

2 Likes
11

aaaaand nope … wait for 11.1.21.2 …

12

I couldn’t share logs using yunopaste, Dnsmasq was dead. I had to restart it

Finally the log of 11.1.21
https://paste.yunohost.org/raw/ovipidibey

13

This resolved the issue, thanks @Aleks :boom:

1 Like
14

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.