OVH VPS, IPv6 enabled, upgraded to Bookworm.
YunoHost install went smoothly.
Just tried to install Streams for the moment, it works as expected.
OVH VPS, IPv6 enabled, upgraded to Bookworm.
YunoHost install went smoothly.
Just tried to install Streams for the moment, it works as expected.
Hello,
Thanks a lot for works by all Yunohost team
Did some test (mainly with SOGo) on bookworm and I detected some breaking changes or issues about authentications header passed to applications.
On debian bullseye I have something like that for authentication header
...
some other headers
...
Authorization: Basic am9zdWU6cHdk (base64 decoded: 'josue:pwd')
Remote-User: josue
Email: josue@domain.tld
Name: =?utf-8?b?Sm9zdcODwqkgam9zdWU=?=
Auth-User: josue
But on debian bookworm I have this
...
some other headers
...
Authorization: Basic am9zdWU6LQ== (base64 decoded: 'josue:-')
So there are missing some element and the password are not passed correctly, so apps like SOGo which need auth header to retrieve the password to pass to IMAP server are broken.
Note that I used this tools to analyse this, which is really great: simple python http server to dump request headers Ā· GitHub
3 posts were split to a new topic: Au sujet de lāĆ©criture inclusive dans YunoHost
Hi all, I have a small issue on Yunohost 12. Every time I enable UPnP on the firewall parameters, after some time UPnP is disabled again. Is that by default ? I donāt know where to look for any logs for debug if itās a big. I donāt know how to disable that feature if itās a feature. Thanks !
Sounds like my issue on 11.x Yunohost Firewall keeps closing/removing Home Assistant port - #7
Seems like the issue observed before on CI with private install test failures is not phony at all.
Limesurvey flat out denies access to admin panel because āuser is not authorizedā (302 to SSO, message from ssowat.log
) despite belonging to Admins group and having permission to limesurvey.admin
explicitly granted to them.
auth_header
should be set to user-with-password
for that to work (True
defaults to user-without-password
), but not sure if itās a valid entry in manifest.toml
.
Hi jwqos, and all XMPP users/admins,
i have a first working version of Prosody for Yunohost 12 (to fill the gap of Metronome and hopefully finally provide a better XMPP experience!): GitHub - anubister/prosody_ynh: Prosody package for YunoHost
Feel free to test (as YNH12, it is alpha and will be improved in the next days), report or comment on xmpp:yunohost-xmpp@muc.chapril.org?join or here on the announcement post : [prosody] XMPP server for Yunohost 12
Naively Iād say that the same stuff as for SOGo and other (iirc the āprivate installā test on the CI fails all the time because it expects the result page to be the yunohost portal, which it checks from the HTML title (or similar stuff), which changed in Bookworm - totally unrelated from actual ACL, but Iām only 90% sure of this)
Long story short, I was hoping we would be able to not send the password inside the Basic auth header, hence I made this the default behavior, but then realized at least a few apps donāt just trust the $remote_user part but also need the password, so I started hardcoding a temporary list, but it looks like way many apps are affected so maybe we need to re-change the policy to auth-with-password by default but meh, that just means weāre stuck with the password issue until somehow some day we figure out all apps that do require it >_>
Related piece of code: yunohost/src/app.py at bookworm Ā· YunoHost/yunohost Ā· GitHub
Naively Iād say that the same stuff as for SOGo
I figured that one out, yunohost.portal
cookie is set for domain.tld
while Bullseye SSOWat issued auth cookie(s) for .domain.tld
, hence matching subdomains.
Possibly we should issue cookie-per-explicit-domain-handled-by-this-instance or something?
Well the issue with with SOGo, but probably with many other webmail, is that the app need the password to be able to authenticate to the remote mail server (SMTP and IMAP) and for this there might be some other solution but it might be quite more complicated. Would be interesting to know if the issue also happen with roundcube or some other webmail and if itās not the case how it work.
For this from my point of view, here is the solution which could be investigated:
[resources.permissions]
main.url = "/"
main.auth_header = true # Current setting
main.auth_header_password = true # New setting
main.auth_header_password_comment = "It is needed because the webmail need to pass the user and password to the SMTP and IMAP server for authentication"
The following log: https://paste.yunohost.org/raw/makacuzudo is considered failure, hence chain of upgrade(fail)->remove(fail)->restore does not reach the restoration phase.
EDIT: even better, the app was indeed not removed and is effectively unremovable now
Uninstall log:
~$ sudo yunohost app remove penpot --debug
168 DEBUG acquiring lock...
182 DEBUG lock has been acquired
194 DEBUG loading python module yunohost.app took 0.012s
194 DEBUG processing action 'yunohost.app.remove'
203 INFO Removing penpotā¦
249 DEBUG Executing command '['sh', '-c', '/bin/bash -x "./remove" 7>&1']'
253 DEBUG + source _common.sh
254 DEBUG ++ nodejs_version=20
254 DEBUG ++ current_hash=1eaf7b2b4
254 DEBUG ++ version=1.19.3-10698-g1eaf7b2b4
254 DEBUG ++ build_date='Mon, 18 Sep 2023 09:14:03 +0000'
255 DEBUG + source /usr/share/yunohost/helpers
256 DEBUG +++ set +o
256 DEBUG +++ grep xtrace
258 DEBUG ++ readonly 'XTRACE_ENABLE=set -o xtrace'
258 DEBUG ++ XTRACE_ENABLE='set -o xtrace'
258 DEBUG ++ set +x
283 DEBUG + ynh_script_progression '--message=Removing system configurations related to penpot...'
283 DEBUG + set +o xtrace
314 DEBUG + set +o xtrace
343 DEBUG + echo '! Helper used in legacy mode !'
344 DEBUG + set +x
346 DEBUG + echo '[+++++...............] > Removing system configurations related to penpot...'
346 DEBUG + set -o xtrace
347 DEBUG + ynh_exec_warn_less yunohost service status penpot-backend
347 DEBUG + [[ 4 -eq 1 ]]
347 DEBUG + yunohost service status penpot-backend
347 INFO [+++++...............] > Removing system configurations related to penpot...
690 DEBUG + ynh_exec_warn_less yunohost service status penpot-exporter
690 DEBUG + [[ 4 -eq 1 ]]
690 DEBUG + yunohost service status penpot-exporter
1031 DEBUG + ynh_remove_nginx_config
1031 DEBUG + ynh_secure_remove --file=/etc/nginx/conf.d/d1.bookworm.circledsquareroot.ovh.d/penpot.conf
1031 DEBUG + local legacy_args=f
1032 DEBUG + args_array=(['f']='file=')
1032 DEBUG + local -A args_array
1032 DEBUG + local file
1032 DEBUG + ynh_handle_getopts_args --file=/etc/nginx/conf.d/d1.bookworm.circledsquareroot.ovh.d/penpot.conf
1032 DEBUG + set +o xtrace
1041 DEBUG + set +o xtrace
1051 DEBUG + echo ''\''/etc/nginx/conf.d/d1.bookworm.circledsquareroot.ovh.d/penpot.conf'\'' wasn'\''t deleted because it doesn'\''t exist.'
1051 DEBUG + set -o xtrace
1052 DEBUG + ynh_systemd_action --service_name=nginx --action=reload
1052 DEBUG + local legacy_args=nalpte
1052 DEBUG + args_array=(['n']='service_name=' ['a']='action=' ['l']='line_match=' ['p']='log_path=' ['t']='timeout=' ['e']='length=')
1052 DEBUG + local -A args_array
1052 DEBUG + local service_name
1053 DEBUG + local action
1053 DEBUG + local line_match
1053 DEBUG + local length
1053 DEBUG + local log_path
1053 DEBUG + local timeout
1054 DEBUG + ynh_handle_getopts_args --service_name=nginx --action=reload
1054 DEBUG + set +o xtrace
1054 INFO '/etc/nginx/conf.d/d1.bookworm.circledsquareroot.ovh.d/penpot.conf' wasn't deleted because it doesn't exist.
1133 DEBUG + service_name=nginx
1133 DEBUG + action=reload
1133 DEBUG + line_match=
1134 DEBUG + length=20
1134 DEBUG + log_path=/var/log/nginx/nginx.log
1134 DEBUG + timeout=300
1135 DEBUG + '[' reload == stop ']'
1135 DEBUG + [[ -n '' ]]
1135 DEBUG + '[' reload == reload ']'
1135 DEBUG + action=reload-or-restart
1136 DEBUG ++ date --utc --rfc-3339=seconds
1136 DEBUG ++ cut -d+ -f1
1138 DEBUG + local 'time_start=2024-04-19 22:44:29 UTC'
1138 DEBUG + systemctl reload-or-restart nginx
1260 DEBUG + [[ -n '' ]]
1260 DEBUG + ynh_remove_logrotate
1261 DEBUG + '[' -e /etc/logrotate.d/penpot ']'
1261 DEBUG + ynh_secure_remove --file=/var/log/penpot
1261 DEBUG + local legacy_args=f
1261 DEBUG + args_array=(['f']='file=')
1261 DEBUG + local -A args_array
1261 DEBUG + local file
1262 DEBUG + ynh_handle_getopts_args --file=/var/log/penpot
1262 DEBUG + set +o xtrace
1264 DEBUG + set +o xtrace
1276 DEBUG + echo ''\''/var/log/penpot'\'' wasn'\''t deleted because it doesn'\''t exist.'
1276 DEBUG + set -o xtrace
1276 DEBUG + ynh_redis_remove_db 1
1277 DEBUG + local db=1
1277 DEBUG + redis-cli -n 1 flushall
1277 INFO '/var/log/penpot' wasn't deleted because it doesn't exist.
1299 DEBUG OK
1304 DEBUG + ynh_script_progression '--message=Removal of penpot completed' --last
1304 DEBUG + set +o xtrace
1362 DEBUG + set +o xtrace
1373 DEBUG + echo '! Helper used in legacy mode !'
1373 DEBUG + set +x
1375 DEBUG + echo '[####################] > Removal of penpot completed'
1375 DEBUG + set -o xtrace
1375 INFO [####################] > Removal of penpot completed
1487 INFO The operation 'Remove the 'penpot' app' could not be completed. Please share the full log of this operation using the command 'yunohost log share 20240419-224428-app_remove-penpot' to get help
1494 DEBUG action executed in 1.300s
1494 DEBUG lock has been released
Traceback (most recent call last):
File "/usr/bin/yunohost", line 77, in <module>
yunohost.cli(
File "/usr/lib/python3/dist-packages/yunohost/__init__.py", line 41, in cli
ret = moulinette.cli(
^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/moulinette/__init__.py", line 115, in cli
).run(args, output_as=output_as, timeout=timeout)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/moulinette/interfaces/cli.py", line 501, in run
ret = self.actionsmap.process(args, timeout=timeout)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/moulinette/actionsmap.py", line 567, in process
return func(**arguments)
^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/yunohost/log.py", line 407, in func_wrapper
result = func(*args, **kwargs)
^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/yunohost/app.py", line 1454, in app_remove
AppResourceManager(app, wanted={}, current=manifest).apply(
File "/usr/lib/python3/dist-packages/yunohost/utils/resources.py", line 55, in apply
todos = list(self.compute_todos())
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/yunohost/utils/resources.py", line 127, in compute_todos
resource = AppResourceClassesByType[name](infos, self.app, self)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/yunohost/utils/resources.py", line 1399, in __init__
super().__init__(properties, *args, **kwargs)
File "/usr/lib/python3/dist-packages/yunohost/utils/resources.py", line 157, in __init__
manager.wanted["version"].split("~")[0]
~~~~~~~~~~~~~~^^^^^^^^^^^
KeyError: 'version'
Zblerg yeah i think this bug was fixed in the dev branch but not yet propagated to the bookworm branch (just need to git merge Ć©_ĆØ)
Perhaps this isnāt related to the fact that itās the alpha version: if anyone can tell me whether they have the same problem or not. I could create another topic if necessary.
The problem seems to be the same as the one created 1 year ago here
Iāve read the whole threadā¦ Iāve tested the suggested commands. But either what needs to be checked is ok, or it doesnāt change anything. I still get the 401 error.
The only thing I donāt have is the line "use_remote_user_var_in_nginx_conf": false,
in /etc/ssowat/config.jsonā¦
I tried adding it by hand in the right place, restarting the nginx service (I didnāt see any sso
service), then trying to connect again: but nothing, error 401ā¦
I also noticed that the following libraries had not been installed: php-json php-xml php-php-gettext php-pear php-mbstring
Iām comparing this to an older installation that I have on hand, on the current stable branch of yunohost (I havenāt listed the php packages in version 7 that are installed with version 8).
Even installing them still doesnāt workā¦
I didnāt specify. But the rest of the installation works perfectly: I have full access (without any errors) to my nextcloud interface (well, thereās just the little error linked to sso, mentioned above, but I think thatās another problem).
I confess I donāt really know where to look for this error.
Does anyone have the same error? If not, Iāll create another thread to discuss it
There seem to be apt-keys missing for yarnpkg.com and sury.org.
What I did:
YunoHost encountered an internal error
Really sorry about that.
You should look for help on (edited link out due to forum link limit) or (edited link out due to forum link limit) to fix the situation, or report the bug on (edited link out due to forum link limit).
The following information might be useful for the person helping you:Error:
"500" Internal Server Error
Action:
"PUT" /yunohost/api/update/all
The error message is not really helpful, as it simply dumps all apt sources but at the bottom there follows:
**While processing the action the server said:**
Fetching available upgrades for system packagesā¦
W: GPG error: https://dl.yarnpkg.com/debian stable InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 23E7166788B63E1E
E: The repository 'https://dl.yarnpkg.com/debian stable InRelease' is not signed.
W: GPG error: https://packages.sury.org/php bookworm InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY B188E2B695BD4743
E: The repository 'https://packages.sury.org/php bookworm InRelease' is not signed.
And indeed, while /etc/apt/sources.list.d/yarn.list says
deb [signed-by=/etc/apt/trusted.gpg.d/yarn.gpg] https://dl.yarnpkg.com/debian/ stable main
there is no /etc/apt/trusted.gpg.d/yarn.gpg file
(and the same for /etc/apt/sources.list.d/extra_php_version.list, which contains the sury.org reference).
Now, I know how to get those keys but
a) I doubt that installation should include manual key addition and
b) I wonder why I am the only one where this happened, because if it was a general error basically everyone should have noticed this.
Hello,
I donāt know if this point has been raised, but at the very least for the SimpleX application, the 2 services will not start if the binaries were made on an OS with OpenSSL1 (smp-server and xftp-server).
The binaries will have to be redone on an OS with OpenSSL3 at this time for Bookworm in order to avoid this issue.
Hello, cat /etc/os-release PRETTY_NAME=āDebian GNU/Linux 11 (bullseye)ā NAME=āDebian GNU/Linuxā VERSION_ID=ā11ā VERSION=ā11 (bullseye)ā VERSION_CODENAME=bullseye ID=debian HOME_URL=āhttps://www.debian.org/ā SUPPORT_URL=āDebian -- User Supportā BUG_REPORT_URL=āhttps://bugs.debian.org/ā Iāve seen that : openssl (1.1.1w-0+deb11u1) https://packages.debian.org/bullseye/openssl openssl (3.0.11-1~deb12u2) Debian -- Details of package openssl in bookworm Maybe have to wait Bookwoā¦
ppr
Bonjour Ć tous,
Tout dāabord, je tiens Ć vous remercier pour votre travail. Jāai un serveur depuis quelques annĆ©es, et grĆ¢ce Ć vous jāai fait la paix avec Linux
Auriez-vous une idƩe de la date de sortie en version stable ?
Pour une utilisation personnelle (Mail & Nextcloud) est-il risquĆ© de lancer lāupgrade dans votre derniĆØre itĆ©ration Alpha-stage ?
Hello everyone,
First of all, I would like to thank you for your work. Iāve had a server for a few years, and thanks to you Iāve made peace with Linux
Do you have any idea when this versions will be released?
For personal use (Mail & Nextcloud) is it risky to launch the update in your latest Alpha-stage version?
Do you have any idea when this versions will be released?
We cannot give a timeline, but the prerequisites are: make sure that a large part of the apps are compatible, and that the features introduced are stable,and the migration is smooth.
For personal use (Mail & Nextcloud) is it risky to launch the update in your latest Alpha-stage version?
I have not had issues, but as always do a backup and download it before.
The binaries will have to be redone
Yup, oftentimes a simple force-upgrade of the app Iād enough to fix the binaries.
Thank you !