🚧 YunoHost 12.0 beta (Bookworm)

ewilly · August 19, 2024, 7:09pm

Migration done on my side in a proxmox LXC. Everything went fine except when running 0030_rebuild_python_venv_in_bookworm.py for 2 of my apps : immich and homeassistant. Those 2 apps uses a compiled python version and updating their venv is not suitable as it brokes them.
@Aleks : could these 2 app be added to the ignored_python_apps list in that script ?

pihomeserver · August 21, 2024, 7:17am

@ljf Unfortunatly a stop/start does not solve the issue. I’m not sure that the clear cache on start is active
I tried to stop dnsmasq service and then run yunohost diagnosis for dns records but i still get the same error messages.

[EDIT] Also the execution of CLI commands are slow due to this wraning. Renewing a certificate is running for 16 minutes
[EDIT] After playing with the dns.py source to understand what the issue is, it seems that the dig command for the NS record of the domain returns an error. Using external tool to request the NS record, it confirms that it exists. So still have to understand why Yunohost doesn’t find it
[EDIT] All DNS servers defined in /etc/resolv.dnsmasq.conf fall in timeout with a dig command. Adding the devil 8.8.8.8 at the first line solves the issue but it does not explain why the upgrade broke that part

rodinux · August 21, 2024, 12:37pm

Nice ! I deploy with success a cloud-init image on a promox. <3

csolisr · August 26, 2024, 1:25am

I managed to migrate from Bullseye to Bookworm (had to uninstall then restore a few apps, and then re-run a few migrations) and I’m almost done with migration, except I’m currently having a conflict between avahi-daemon and yunomdns. Haven’t managed to find a way to properly disable one or the other, every so often Avahi turns itself on and fails as YunoMDNS is already on that port, or vice versa. What would be the proper flow of action here?

nasar · August 26, 2024, 10:34pm

Just reporting on an app that is no longer installing in bookworm: libreErp.

I made a forum post about it here:

The install logs and the errors are here: https://paste.yunohost.org/raw/sirapihusu

csolisr · August 28, 2024, 3:04pm

So, I managed to solve that one by… uninstalling avahi-daemon (thought it’d be a system app, it wasn’t) but now I’m dealing with another problem related to certificate renewals - the xmpp and muc special subdomains for XMPP are not properly handled.

An attempt for renewing the certificate for domain azkware.net failed with the following
error :

Certificate renewing for azkware.net failed!
Could not sign the new certificate
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/yunohost/vendor/acme_tiny/acme_tiny.py", line 214, in get_crt
    assert disable_check or _do_request(wellknown_url)[0] == keyauthorization
                            ^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/yunohost/vendor/acme_tiny/acme_tiny.py", line 76, in _do_request
    raise ValueError(
ValueError: Error:
Url: http://xmpp-upload.azkware.net/.well-known/acme-challenge/l9LI-J_hLdiHja8KYqW51Oph8ezmHjEDGxXfhc14ClU
Data: None
Response Code: None
Response: <urlopen error [Errno 111] Connection refused>

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/yunohost/certificate.py", line 501, in _fetch_and_enable_new_certificate
    signed_certificate = sign_certificate(
                         ^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/yunohost/vendor/acme_tiny/acme_tiny.py", line 216, in get_crt
    raise ValueError(
ValueError: Wrote file to /var/www/.well-known/acme-challenge-public/l9LI-J_hLdiHja8KYqW51Oph8ezmHjEDGxXfhc14ClU, but couldn't download http://xmpp-upload.azkware.net/.well-known/acme-challenge/l9LI-J_hLdiHja8KYqW51Oph8ezmHjEDGxXfhc14ClU: Error:
Url: http://xmpp-upload.azkware.net/.well-known/acme-challenge/l9LI-J_hLdiHja8KYqW51Oph8ezmHjEDGxXfhc14ClU
Data: None
Response Code: None
Response: <urlopen error [Errno 111] Connection refused>

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/yunohost/certificate.py", line 389, in certificate_renew
    _fetch_and_enable_new_certificate(domain, no_checks=no_checks)
  File "/usr/lib/python3/dist-packages/yunohost/certificate.py", line 514, in _fetch_and_enable_new_certificate
    raise YunohostError("certmanager_cert_signing_failed")
yunohost.utils.error.YunohostError: Could not sign the new certificate

jarod5001 · August 29, 2024, 7:35pm

Try deleting cookies

jarod5001 · August 29, 2024, 9:52pm

Check /etc/hosts file, I got some issues with added lines, but I remember that all links were looping

jedie · August 30, 2024, 7:03pm

I installed today on a fresh Debian 12 via $ curl https://install.yunohost.org/bookworm | bash -s -- -d testing

I get a broken WebGUI, with the message: [GET] "https://syncthingynh.fritz.box/yunohost/portalapi/public": 502

Journal has some errors, like:

Aug 30 19:01:22 SyncthingYnh systemd[1]: systemd-logind.service: Failed with result 'exit-code'.
Aug 30 19:01:22 SyncthingYnh systemd[1]: Failed to start systemd-logind.service - User Login Management.
Aug 30 19:01:22 SyncthingYnh systemd[1]: systemd-logind.service: Scheduled restart job, restart counter is at 2.
Aug 30 19:01:22 SyncthingYnh systemd[1]: Stopped systemd-logind.service - User Login Management.
Aug 30 19:01:22 SyncthingYnh systemd[1]: Starting modprobe@drm.service - Load Kernel Module drm...
Aug 30 19:01:22 SyncthingYnh systemd[1]: modprobe@drm.service: Deactivated successfully.
Aug 30 19:01:22 SyncthingYnh systemd[1]: Finished modprobe@drm.service - Load Kernel Module drm.
Aug 30 19:01:22 SyncthingYnh systemd[1]: Starting systemd-logind.service - User Login Management...
Aug 30 19:01:22 SyncthingYnh (d-logind)[1294]: systemd-logind.service: Failed to set up mount namespacing: /run/systemd/unit-root/proc: Permission denied
Aug 30 19:01:22 SyncthingYnh (d-logind)[1294]: systemd-logind.service: Failed at step NAMESPACE spawning /lib/systemd/systemd-logind: Permission denied
Aug 30 19:01:22 SyncthingYnh systemd[1]: systemd-logind.service: Main process exited, code=exited, status=226/NAMESPACE

Aleks · August 30, 2024, 7:04pm

That’s typically because you’re running an unpriviledged LXC (or because it has nesting disabled ,or both)

jedie · August 30, 2024, 7:06pm

Oh, yes. That’s it: It’s a Proxmox container So LXC.

I will change it.

EDIT: Yes: Nesting has missed. Now it works.

Aleks · August 31, 2024, 6:40pm

A few testing updates were released, in particular:

portal: change the way the new ‘public apps’ page in the portal is configured: added a simple bool toggle instead of having the ‘public apps page’ as a default app option, which allows to still configure a default app while the portal has the public apps page
portal: fix the domain’s root not redirecting to the public apps page (when the public apps page is enabled)
portal: fix “extra” app tiles (such as the tile to the app’s admin interface) not being displayed
portal: fix the custom user intro not being displayed
portal: added possibility to add custom css from the domain’s config panel
portal: removed a bunch of themes because there were too many too-similar choices. Added a few new choices (omg, legacy and admin)

ericg · September 1, 2024, 12:38pm

After the update I don’t see any of these new themes in the list (I still have the full list of themes)

orhtej2 · September 1, 2024, 9:52pm

I’ve upgraded the system, it ended with the HTTP 500 but everything seems accessible.

However, umami is not starting with

Sep 01 21:26:13 domain.tld npm[1358]: Invalid `prisma.user.findUnique()` invocation:
Sep 01 21:26:13 domain.tld npm[1358]: Unable to require(`/var/www/umami/release/node_modules/.prisma/client/libquery_engine-debian-openssl-1.1.x.so.node`).
Sep 01 21:26:13 domain.tld npm[1358]: Prisma has detected an incompatible version of the `glibc` C standard library installed in your system. This probably means your system may be too old to run Prisma. Please refer to the d>
Sep 01 21:26:13 domain.tld npm[1358]: Details: /lib/x86_64-linux-gnu/libc.so.6: version `GLIBC_ABI_DT_RELR' not found (required by /lib/x86_64-linux-gnu/librt.so.1)
Sep 01 21:26:13 domain.tld npm[1358]:     at _n.handleRequestError (/var/www/umami/release/node_modules/@prisma/client/runtime/library.js:121:8049)
Sep 01 21:26:13 domain.tld npm[1358]:     at _n.handleAndLogRequestError (/var/www/umami/release/node_modules/@prisma/client/runtime/library.js:121:7057)
Sep 01 21:26:13 domain.tld npm[1358]:     at _n.request (/var/www/umami/release/node_modules/@prisma/client/runtime/library.js:121:6741)
Sep 01 21:26:13 domain.tld npm[1358]:     at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
Sep 01 21:26:13 domain.tld npm[1358]:     at async l (/var/www/umami/release/node_modules/@prisma/client/runtime/library.js:130:9355)
Sep 01 21:26:13 domain.tld npm[1358]:     at async q (/var/www/umami/release/.next/server/pages/api/auth/login.js:1:1847)
Sep 01 21:26:13 domain.tld npm[1358]:     at async K (/var/www/umami/release/node_modules/next/dist/compiled/next-server/pages-api.runtime.prod.js:20:16853)
Sep 01 21:26:13 domain.tld npm[1358]:     at async U.render (/var/www/umami/release/node_modules/next/dist/compiled/next-server/pages-api.runtime.prod.js:20:17492)
Sep 01 21:26:13 domain.tld npm[1358]:     at async NextNodeServer.runApi (/var/www/umami/release/node_modules/next/dist/server/next-server.js:600:9)
Sep 01 21:26:13 domain.tld npm[1358]:     at async NextNodeServer.handleCatchallRenderRequest (/var/www/umami/release/node_modules/next/dist/server/next-server.js:269:37) {
Sep 01 21:26:13 domain.tld npm[1358]:   clientVersion: '5.17.0',
Sep 01 21:26:13 domain.tld npm[1358]:   errorCode: undefined
Sep 01 21:26:13 domain.tld npm[1358]: }
Sep 01 21:27:03 domain.tld systemd[1]: Stopping umami.service - Umami: Web Analytics...

So I came up with force-upgrading to force dependencies rebuild with yunohost app upgrade umami -F, this however failed due to corepack interactive shell. So I aborted, but then backup restore failed with the following

2024-09-01 23:44:33,316: ERROR - Could not restore umami: Something unexpected went wrong: 
Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/yunohost/backup.py", line 1441, in _restore_app
    _tools_migrations_run_before_app_restore(
  File "/usr/lib/python3/dist-packages/yunohost/tools.py", line 924, in _tools_migrations_run_before_app_restore
    current_version = version.parse(ynh_packages_version()["yunohost"]["version"])
                      ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/packaging/version.py", line 52, in parse
    return Version(version)
           ^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/packaging/version.py", line 197, in __init__
    raise InvalidVersion(f"Invalid version: '{version}'")
packaging.version.InvalidVersion: Invalid version: '0:'

Will restore server from backup and try later again.

Josue · September 3, 2024, 9:01pm

Hello,

Did some test with seafile and pgadmin and I discover that there still are some issue about the authentication header.

To remember on bullseye we had a header like this:

...
some other headers
...
Authorization: Basic am9zdWU6cHdk  (base64 decoded: 'josue:pwd')
Remote-User: josue
Email: josue@domain.tld
Name: =?utf-8?b?Sm9zdcODwqkgam9zdWU=?=
Auth-User: josue

And on bookworm we have something like this:

...
some other headers
...
Authorization: Basic am9zdWU6LQ==

The removal of the HEADER Remote-User is a bit annoying as it break the authentification on pgadmin and XWiki.

github.com

YunoHost-Apps/pgadmin_ynh/blob/b1cd2eff160238a6059c9806b7301edc9edd8572/conf/config_local.py#L117


      
          # Webserver Configuration
          ##########################################################################
          
          WEBSERVER_AUTO_CREATE_USER = True
          
          # REMOTE_USER variable will be used to check the environment variable
          # is set or not first, if not available,
          # request header will be checked for the same.
          # Possible values: REMOTE_USER, HTTP_X_FORWARDED_USER, X-Forwarded-User
          
          WEBSERVER_REMOTE_USER = 'REMOTE_USER'
          
          ##########################################################################
          # PSQL tool settings
          ##########################################################################
          # This will enable PSQL tool in pgAdmin when running in server mode.
          # PSQL is always enabled in Desktop mode, however in server mode it is
          # disabled by default because users can run arbitrary commands on the
          # server through it.
          ENABLE_PSQL = True

and

github.com

YunoHost-Apps/xwiki_ynh/blob/0e2b1451d80948051eaab084ecc94588ce7ad979/conf/xwiki.cfg#L701


      
          # xwiki.authentication.ldap.timeout=0
          
          #-# The maximum number of search results to be returned from a search operation.
          #-# The default is 1000
          # xwiki.authentication.ldap.maxresults=1000
          
          #-# An HTTP Header to be use as the authenticated remote user input (in place of using the default authenticated user reported by the servlet container)
          #-# WARNING: Enabling this feature without ensuring the validity of transmitted headers is very insecure.
          #-#
          #-# In this example, the authenticated user will be taken from the HTTP header REMOTE_USER:
          xwiki.authentication.ldap.httpHeader=REMOTE_USER
          
          #-# A Java regexp used to parse the remote user provided by JAAS.
          #-#
          #-# The following matches the users like UID@DOMAIN:
          # xwiki.authentication.ldap.remoteUserParser=(.+)@(.+)
          
          #-# Indicate which of the regexp group correspond to which LDAP properties.
          #-# The following LDAP properties are reserved (any other property can be defined as variable for xwiki.authentication.ldap.userPageName):
          #-#   * uid: the uid of the user
          #-#   * password: the password of the user

And the removal of the HEADER Email is also annoying as it’s also used by Seafile.

github.com

YunoHost-Apps/seafile_ynh/blob/9759fc9fd6831d2f4c5af36de573b6c3daa71eb7/conf/seahub_settings.py#L81


      
          LDAP_USER_NAME_REVERSE = False
          
          # Additional filter conditions, users who meet the filter conditions can log in, otherwise they cannot log in
          LDAP_FILTER = 'permission=cn={{ app }}.main,ou=permission,dc=yunohost,dc=org'
          
          #
          # SSO
          #
          
          ENABLE_REMOTE_USER_AUTHENTICATION = True
          REMOTE_USER_HEADER = 'HTTP_EMAIL'
          REMOTE_USER_CREATE_UNKNOWN_USER = False
          REMOTE_USER_PROTECTED_PATH = ['{{ path }}', '{{ path2 }}accounts/login', '{{ path2 }}sso']
          
          #
          # Security settings
          #
          
          # For security consideration, please set to match the host/domain of your site, e.g., ALLOWED_HOSTS = ['.example.com'].
          # Please refer https://docs.djangoproject.com/en/dev/ref/settings/#allowed-hosts for details.
          ALLOWED_HOSTS = ['{{ domain }}']

lejocelyn · September 8, 2024, 4:53pm

I’ve installed Yunohost 12.0, updated it, all the apps I use seem to work (Overleaf, Nextcloud, Opensondage, Gitea and Invidious), except that I’ve got a weird error message from VPN Client 2.2~ynh5 when I tried to install my cube file: “Unsupported image type : application/json”. So for now, I cannot use the server except locally.

lejocelyn · September 8, 2024, 6:32pm

Another issue when trying to update the dns:

Mise à jour du panneau ‘dns’ de configuration du domaine ‘jocelynaznar.eu’

1

YunoHost a rencontré une erreur interne

Vraiment désolé de cela.

Vous devez chercher de l’aide sur le forum ou le chat pour corriger la situation, ou signaler le bug sur le bugtracker.
Les informations suivantes peuvent être utiles à la personne qui vous aide :

Erreur: "500"

Action: "PUT" /yunohost/api/domains/jocelynaznar.eu/config/dns

Message d’erreur :

Erreur serveur inattendue

Retraçage

Traceback (most recent call last):
  File "/usr/lib/python3/dist-packages/moulinette/interfaces/api.py", line 473, in process
    ret = self.actionsmap.process(arguments, timeout=30, route=_route)
          ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/moulinette/actionsmap.py", line 561, in process
    return func(**arguments)
           ^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/yunohost/log.py", line 478, in func_wrapper
    result = func(*args, **kwargs)
             ^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/yunohost/domain.py", line 670, in domain_config_set
    return config.set(key, value, args, args_file, operation_logger=operation_logger)
           ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/yunohost/utils/configpanel.py", line 576, in set
    self._apply(self.form, previous_settings)
  File "/usr/lib/python3/dist-packages/yunohost/domain.py", line 779, in _apply
    form.custom_css = ""
    ^^^^^^^^^^^^^^^
  File "/usr/lib/python3/dist-packages/pydantic/main.py", line 358, in __setattr__
    raise ValueError(f'"{self.__class__.__name__}" object has no field "{name}"')
ValueError: "DynamicForm" object has no field "custom_css"

rodinux · September 8, 2024, 6:52pm

hello, I could upgrade my server with a vpnclient and a .cube file…
the second error for dns is also perhaps also in relation ??

Can you find logs from openvpn ?

Have you try this ?

for the error json you should verify your .cube, somethong must be wrong.
Did you mistake .cube and hypercube ?

lejocelyn · September 8, 2024, 7:47pm

For the cube, no, the file is ok. For instance, when starting openvpn using the commandline, it works. Regarding the second error, it’s not related at all. I just fixed manually the Python code by commenting the problematic line… for now, it should solve the issue until a proper update.

lejocelyn · September 8, 2024, 7:50pm

Ah, another error, I cannot log into Jupyter lab