Following the alpha-testing opened a few months ago, we are happy to announce that we are moving to the beta-testing stage for Bookworm !
We consider that it should now be okay to upgrade to or install a fresh Yunohost 12.0+ running on Bookworm for a production server if you are a tech-savvy person not afraid to debug stuff if needed. However, you should still remain careful, especially when running the Bullseye->Bookworm migration depending on the complexity of your setup (but doing so helps spotting issues !). Additionally, some apps are still known to not be Bookworm-ready yet.
Please keep in mind that this is a beta-testing and small issues or edge-cases are still expected, so be careful.
Major changes
- The user portal and SSO system have been split into three distinct pieces:
- SSOwat only handling only the SSO/ACL logic (nginx lua middleware)
- A new âportal APIâ (
yunohost-portal-api
) service delivering authentication cookies and allowing users to retrieve/update infos - A new portal front end (
yunohost-portal
)
- The install script has been reworked with a simpler flow and UI (instead of the old ncurses/whiptail)
- To base system is now more lightweight
- MySQL/mariadb and PHP are not installed by default anymore (apps will explicitly depend on them hence everything gets installed only when needed)
- Rspamd (antispam system) and Metronome (XMPP server) are not part of the core anymore. Instead, they are to become separate applications : Rspamd_ynh and Metronome_ynh
Regarding the new user portal
- The portal and authentication mechanism are now separated in terms of âmain domain treesâ. For example,
foo.tld
andsub.foo.tld
share the same portal, butbar.tld
andapp.bar.tld
share a second, different portal - Users can only access a portal if they have access to at least one app of that âmain domain treeâ, or if they are admin
- The new portal include app logos, descriptions, and an optional âsearch engineâ bar.
- FIXME: sooner or later, people will want to be able to change logos and descriptions
- The new portalâs appearance can be customized from the webadmin in the corresponding âmain domainâ's setting (such as changing the portal name, logo, default theme, custom message, âŠ). Each user can also pick the theme in their own settings page.
- Note that if you themed the old portal, this theming wonât be magically migrated to the new portal
- New option to have the list of public apps as âdefault appâ
- The old âyunohost tile overlayâ doesnât exist anymore
- It is technically possible to write a completely different and independent user portal (as long as it properly interacts with the portal API)
- FIXME: generate proper documentation for the new portal API, maybe using swagger
Misc/technical changelog
Show/hide
- webadmin: rework cookie/session expiration mechanism. Cookies are now still valid after restarting the API (preventing clumsy disconnect during self-upgrades) and the cookie validity is automatically extended every time an API request is performed.
- mail: DKIM email signing is now done using opendkim instead of rspamd
- various compatibility tweakings for Bookworm
- regenconf: update nginx and dovecot ciphers according to Mozilla recommendation
- regenconf: update fail2ban config
- configpanels: refactor to use pydantic for more typing and consistency, add proper autogenerated doc
- apps: Yarn third-party repo is now available by default in apt config just like Sury, no need for an extra apt resource thingy
- legacy cleanups:
- apps: drop support for unused
--dedicated_service
in php helpers - apps: drop support for legacy LUA-style regexes in permission urls
- apps: do not auto-patch old PHP versions anymore because Sury is enabled by default and allows the install of arbitrary PHP versions
- apps: drop support of the legacy
unprotected_uris
,redirected_url
and similar settings - cli: drop support for legacy
firstname
/lastname
args inyunohost user create
- cli: drop legacy
yunohost domain dns-conf
andyunohost domain cert-status
,cert-install
,cert-renew
- apps: drop support for unused
- perf: minimize regen-conf calls to
yunohost settings get
, and other misc lazy-loading optimizations - quality: simplify the logging mess
- quality: rework ci tests workflow
What to test ?
Generally-speaking, you are encouraged to test everything youâd do on your YunoHost server, such as installing and using your favorite apps, browsing the webadmin, checking the diagnosis, installing certificates, checking emails, âŠ
More specifically we are looking for feedback regarding:
- The new user portal, both in terms of âdoes it work as youâd expectâ but also in terms of âhow do you like the new UI/UXâ
- especially if you have several âdomain treesâ
- The SSO layer: are you correctly logged in your favorite apps when logged on YunoHostâs portal? What about external desktop/mobile clients?
- Validating that email DKIM signing is still working properly (for example using https://mail-tester.com)
- The new Rspamd app and Metronome app if these are things youâd use
Pre-installed images
Testing Bookworm ISOs are available in https://build.yunohost.org/ for arm64 and i386
(FIXME: still need to work on a fresh RPi image)
Cloud-init image
We have build a cloud-init yunohost image. So if you have a proxmox (or know a vps provider who support cloud-init), we will be happy if you try to create a virtual machine with it.
The cloud-init image is here: https://image-builds.yunohost.org/
Installing a fresh YunoHost on top of a fresh Debian 12/Bookworm
- Obtain a brand new server (such as a VPS online, a local virtual machine, or a development LXC)
- Preinstall your server with Debian Bookworm
- Then install Yunohost 12.x with :
$ curl https://install.yunohost.org/bookworm | bash -s -- -d testing
# You will get a disclaimer intended to make sure what you're doing.
# Read it and follow the instructions.
Upgrading an existing YunoHost 11.x/Bullseye server to 12/Bookworm
Latest versions of YunoHost 11.2 already ships a âhiddenâ migration that allows to upgrade to YunoHost 12/Bookworm.
Before going through this process, we reiterate that ideally, you should have a way to entirely rollback your server before proceeding with the upgrade. That way, if you spot issues, weâll be able to provide a fix then validate that the fix works by re-running the upgrade from the same starting point.
-
Switch to the âtestingâ :
curl https://install.yunohost.org/switchtoTesting | bash
(this is needed because later, Yunohost 12 is only shipped through the testing channel) -
Enable the âhiddenâ migration:
sudo mv /usr/lib/python3/dist-packages/yunohost/migrations/0027_migrate_to_bookworm.py{.disabled,}
-
In the webadmin, under Tools > Migrations, you should now see an available migration to upgrade to Bookworm. Read the disclaimer and start the migration.
-
⊠be patient, this will take a while. But try to stay attentive to whatâs going on. Share the detailed log if anything that goes wrong.
-
Ideally after the upgrade, test that everything (e.g. apps installed) still works as expected.