J’ai encore aujourd’hui mon mot de passe root (que l’on appellera “XXXXXXXXXXXXX”) qui se balade en clair dans les logs lorsque je fais une mise à jour :
2019-02-01 20:55:33,562 DEBUG gnupg _read_response - [GNUPG:] BEGIN_DECRYPTION
2019-02-01 20:55:33,563 DEBUG gnupg _read_response - [GNUPG:] DECRYPTION_INFO 2 7
2019-02-01 20:55:33,563 DEBUG gnupg _read_response - [GNUPG:] PLAINTEXT 62 1548944968
2019-02-01 20:55:33,564 DEBUG gnupg _read_response - [GNUPG:] PLAINTEXT_LENGTH 17
2019-02-01 20:55:33,564 DEBUG gnupg _read_response - [GNUPG:] DECRYPTION_OKAY
2019-02-01 20:55:33,564 DEBUG gnupg _read_response - [GNUPG:] GOODMDC
2019-02-01 20:55:33,565 DEBUG gnupg _read_response - [GNUPG:] END_DECRYPTION
2019-02-01 20:55:33,566 DEBUG gnupg _read_data - chunk: ‘XXXXXXXXXXXXX’
2019-02-01 20:55:33,566 DEBUG gnupg decrypt_file - decrypt result: ‘XXXXXXXXXXXXX’
2019-02-01 20:55:33,643 DEBUG moulinette.core acquire - lock has been acquired
2019-02-01 20:55:33,644 DEBUG moulinette.actionsmap process - loading python module yunohost.tools took 0.000s
2019-02-01 20:55:33,644 INFO moulinette.actionsmap process - processing action [30719.62]: yunohost.tools.diagnosis with args={‘private’: False, ‘auth’: <moulinette.authenticators.ldap.Authenticator object at 0x6f514290>}
2019-02-01 20:55:41,024 DEBUG moulinette.actionsmap process - action [30719.62] executed in 7.379s
2019-02-01 20:55:41,024 DEBUG moulinette.core release - lock has been released
2019-02-01 20:55:41,027 INFO geventwebsocket.handler log_request - 127.0.0.1 - - [2019-02-01 20:55:41] “GET /diagnosis?locale=fr HTTP/1.1” 200 1625 7.557010
2019-02-01 20:55:41,029 DEBUG geventwebsocket.handler close - Closed WebSocket
2019-02-01 20:55:41,030 DEBUG geventwebsocket.handler close - Failed to write closing frame → closing socket
2019-02-01 20:55:41,031 DEBUG geventwebsocket.handler close - Closed WebSocket
2019-02-01 20:55:41,034 DEBUG geventwebsocket.handler run_application - Initializing WebSocket
2019-02-01 20:55:41,035 DEBUG geventwebsocket.handler upgrade_websocket - Validating WebSocket request
2019-02-01 20:55:41,035 DEBUG geventwebsocket.handler upgrade_connection - Attempting to upgrade connection
2019-02-01 20:55:41,036 DEBUG geventwebsocket.handler upgrade_connection - WebSocket request accepted, switching protocols
2019-02-01 20:55:41,058 DEBUG geventwebsocket.handler run_application - Initializing WebSocket
2019-02-01 20:55:41,058 DEBUG geventwebsocket.handler upgrade_websocket - Validating WebSocket request
2019-02-01 20:55:41,059 DEBUG geventwebsocket.handler upgrade_websocket - Can only upgrade connection if using GET method.
2019-02-01 20:55:41,060 DEBUG moulinette.authenticator.ldap init - initialize authenticator ‘default’ with: uri=‘ldap://localhost:389’, base_dn=‘dc=yunohost,dc=org’, user_rdn=‘cn=admin’
2019-02-01 20:55:41,062 DEBUG gnupg _open_subprocess - [‘gpg1’, ‘–status-fd’, ‘2’, ‘–no-tty’, ‘–version’]
2019-02-01 20:55:41,098 DEBUG gnupg _collect_output - stderr reader: <Thread(Thread-316, initial daemon)>
2019-02-01 20:55:41,099 DEBUG gnupg _collect_output - stdout reader: <Thread(Thread-317, initial daemon)>
2019-02-01 20:55:41,104 DEBUG gnupg _read_data - chunk: ‘gpg (GnuPG) 1.4.21\nCopyright (C) 2015 Free Software Foundation, Inc.\nLicense GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html\nThis is free software: you are free to change and redistribute it.\nThere is NO WARRANTY, to the extent permit’
2019-02-01 20:55:41,105 DEBUG gnupg _open_subprocess - [‘gpg1’, ‘–status-fd’, ‘2’, ‘–no-tty’, ‘–batch’, ‘–passphrase-fd’, ‘0’, ‘–decrypt’]
2019-02-01 20:55:41,140 DEBUG gnupg _write_passphrase - Wrote passphrase
2019-02-01 20:55:41,141 DEBUG gnupg _threaded_copy_data - data copier: <Thread(Thread-318, initial daemon)>, <_io.BytesIO object at 0x6f5bef90>, <open file ‘’, mode ‘wb’ at 0x6f66e230>
2019-02-01 20:55:41,143 DEBUG gnupg _collect_output - stderr reader: <Thread(Thread-319, initial daemon)>
2019-02-01 20:55:41,143 DEBUG gnupg _copy_data - closed output, 179 bytes sent
2019-02-01 20:55:41,145 DEBUG gnupg _collect_output - stdout reader: <Thread(Thread-320, initial daemon)>
2019-02-01 20:55:41,148 DEBUG gnupg _read_response - gpg: AES encrypted data
2019-02-01 20:55:41,149 DEBUG gnupg _read_response - [GNUPG:] NEED_PASSPHRASE_SYM 7 3 2
2019-02-01 20:55:41,149 DEBUG gnupg _read_response - gpg: encrypted with 1 passphrase
2019-02-01 20:55:41,150 DEBUG gnupg _read_response - [GNUPG:] BEGIN_DECRYPTION
2019-02-01 20:55:41,150 DEBUG gnupg _read_response - [GNUPG:] DECRYPTION_INFO 2 7
2019-02-01 20:55:41,151 DEBUG gnupg _read_response - [GNUPG:] PLAINTEXT 62 1548944968
2019-02-01 20:55:41,151 DEBUG gnupg _read_response - [GNUPG:] PLAINTEXT_LENGTH 17
2019-02-01 20:55:41,152 DEBUG gnupg _read_data - chunk: ‘XXXXXXXXXXXXX’
2019-02-01 20:55:41,152 DEBUG gnupg _read_response - [GNUPG:] DECRYPTION_OKAY
2019-02-01 20:55:41,153 DEBUG gnupg _read_response - [GNUPG:] GOODMDC
2019-02-01 20:55:41,154 DEBUG gnupg _read_response - [GNUPG:] END_DECRYPTION
2019-02-01 20:55:41,154 DEBUG gnupg decrypt_file - decrypt result: ‘XXXXXXXXXXXXX’
2019-02-01 20:55:41,232 DEBUG moulinette.core acquire - lock has been acquired
2019-02-01 20:55:41,233 DEBUG moulinette.actionsmap process - loading python module yunohost.tools took 0.000s
2019-02-01 20:55:41,233 INFO moulinette.actionsmap process - processing action [30719.63]: yunohost.tools.update with args={‘ignore_packages’: False, ‘ignore_apps’: False}
2019-02-01 20:55:42,247 DEBUG yunohost.tools tools_update - [30719.63] Mise à jour de la liste des paquets disponibles…
2019-02-01 20:56:22,758 DEBUG yunohost.tools tools_update - [30719.63] Terminé
2019-02-01 20:56:22,763 DEBUG yunohost.app app_fetchlist - [30719.63] Attempting to fetch list yunohost at https://app.yunohost.org/official.json
2019-02-01 20:56:22,770 DEBUG requests.packages.urllib3.connectionpool _new_conn - Starting new HTTPS connection (1): app.yunohost.org
2019-02-01 20:56:23,156 DEBUG requests.packages.urllib3.connectionpool _make_request - https://app.yunohost.org:443 “GET /official.json HTTP/1.1” 200 41849
2019-02-01 20:56:23,193 SUCCESS yunohost.app success - [30719.63] La liste d’applications yunohost a été récupérée
2019-02-01 20:56:23,353 DEBUG moulinette.actionsmap process - action [30719.63] executed in 42.120s
2019-02-01 20:56:23,354 DEBUG moulinette.core release - lock has been released
2019-02-01 20:56:23,356 INFO geventwebsocket.handler log_request - 127.0.0.1 - - [2019-02-01 20:56:23] “PUT /update HTTP/1.1” 200 268 42.297646
2019-02-01 20:56:23,358 DEBUG geventwebsocket.handler close - Closed WebSocket
2019-02-01 20:56:23,359 DEBUG geventwebsocket.handler close - Failed to write closing frame → closing socket
2019-02-01 20:56:23,359 DEBUG geventwebsocket.handler close - Closed WebSocket
2019-02-01 20:56:28,009 DEBUG geventwebsocket.handler run_application - Initializing WebSocket
2019-02-01 20:56:28,011 DEBUG geventwebsocket.handler upgrade_websocket - Validating WebSocket request
2019-02-01 20:56:28,153 DEBUG geventwebsocket.handler upgrade_connection - Attempting to upgrade connection
2019-02-01 20:56:28,155 DEBUG geventwebsocket.handler upgrade_connection - WebSocket request accepted, switching protocols
2019-02-01 20:56:28,183 DEBUG geventwebsocket.handler run_application - Initializing WebSocket
2019-02-01 20:56:28,185 DEBUG geventwebsocket.handler upgrade_websocket - Validating WebSocket request
2019-02-01 20:56:28,185 DEBUG geventwebsocket.handler upgrade_websocket - Can only upgrade connection if using GET method.
2019-02-01 20:56:28,188 DEBUG moulinette.authenticator.ldap init - initialize authenticator ‘default’ with: uri=‘ldap://localhost:389’, base_dn=‘dc=yunohost,dc=org’, user_rdn=‘cn=admin’
2019-02-01 20:56:28,192 DEBUG gnupg _open_subprocess - [‘gpg1’, ‘–status-fd’, ‘2’, ‘–no-tty’, ‘–version’]
2019-02-01 20:56:28,427 DEBUG gnupg _collect_output - stderr reader: <Thread(Thread-321, initial daemon)>
2019-02-01 20:56:28,430 DEBUG gnupg _collect_output - stdout reader: <Thread(Thread-322, initial daemon)>
2019-02-01 20:56:28,440 DEBUG gnupg _read_data - chunk: ‘gpg (GnuPG) 1.4.21\nCopyright (C) 2015 Free Software Foundation, Inc.\nLicense GPLv3+: GNU GPL version 3 or later http://gnu.org/licenses/gpl.html\nThis is free software: you are free to change and redistribute it.\nThere is NO WARRANTY, to the extent permit’
2019-02-01 20:56:28,442 DEBUG gnupg _open_subprocess - [‘gpg1’, ‘–status-fd’, ‘2’, ‘–no-tty’, ‘–batch’, ‘–passphrase-fd’, ‘0’, ‘–decrypt’]
2019-02-01 20:56:28,500 DEBUG gnupg _write_passphrase - Wrote passphrase
2019-02-01 20:56:28,502 DEBUG gnupg _threaded_copy_data - data copier: <Thread(Thread-323, initial daemon)>, <_io.BytesIO object at 0x6f5be420>, <open file ‘’, mode ‘wb’ at 0x6f66e2e0>
2019-02-01 20:56:28,504 DEBUG gnupg _collect_output - stderr reader: <Thread(Thread-324, initial daemon)>
2019-02-01 20:56:28,506 DEBUG gnupg _copy_data - closed output, 179 bytes sent
2019-02-01 20:56:28,507 DEBUG gnupg _collect_output - stdout reader: <Thread(Thread-325, initial daemon)>
2019-02-01 20:56:28,515 DEBUG gnupg _read_response - gpg: AES encrypted data
2019-02-01 20:56:28,516 DEBUG gnupg _read_response - [GNUPG:] NEED_PASSPHRASE_SYM 7 3 2
2019-02-01 20:56:28,518 DEBUG gnupg _read_data - chunk: ‘XXXXXXXXXXXXX’
2019-02-01 20:56:28,518 DEBUG gnupg _read_response - gpg: encrypted with 1 passphrase
2019-02-01 20:56:28,520 DEBUG gnupg _read_response - [GNUPG:] BEGIN_DECRYPTION
2019-02-01 20:56:28,521 DEBUG gnupg _read_response - [GNUPG:] DECRYPTION_INFO 2 7
2019-02-01 20:56:28,522 DEBUG gnupg _read_response - [GNUPG:] PLAINTEXT 62 1548944968
2019-02-01 20:56:28,523 DEBUG gnupg _read_response - [GNUPG:] PLAINTEXT_LENGTH 17
2019-02-01 20:56:28,524 DEBUG gnupg _read_response - [GNUPG:] DECRYPTION_OKAY
2019-02-01 20:56:28,525 DEBUG gnupg _read_response - [GNUPG:] GOODMDC
2019-02-01 20:56:28,526 DEBUG gnupg _read_response - [GNUPG:] END_DECRYPTION
2019-02-01 20:56:28,527 DEBUG gnupg decrypt_file - decrypt result: ‘XXXXXXXXXXXXX’
2019-02-01 20:56:28,638 DEBUG moulinette.core acquire - lock has been acquired
2019-02-01 20:56:28,638 DEBUG moulinette.actionsmap process - loading python module yunohost.tools took 0.000s
2019-02-01 20:56:28,639 INFO moulinette.actionsmap process - processing action [30719.64]: yunohost.tools.upgrade with args={‘ignore_packages’: False, ‘ignore_apps’: True, ‘auth’: <moulinette.authenticators.ldap.Authenticator object at 0x6f563490>}
2019-02-01 20:56:31,583 INFO yunohost.tools tools_upgrade - [30719.64] Mise à jour des paquets…
2019-02-01 20:56:49,291 INFO yunohost.tools tools_upgrade - [30719.64] Terminé
2019-02-01 20:56:49,294 DEBUG yunohost.log close - [30719.64] Log complet de cette opération : « Mise à jour des paquets Debian »
2019-02-01 20:56:49,303 SUCCESS yunohost.tools success - [30719.64] Le système a été mis à jour