Edit: updated changelog with 3.4.1 items
Hello everyone !
We just released a new testing version for YunoHost and would be happy to receive feedback before releasing it as a stable version
This release includes various highlights :
- YunoHost will now ask confirmation if you attempt to install apps with questionable quality (experimental, low-level or third-party). This change is made to clarify to users what can be expected of an app and to avoid inadvertently breaking your system with bad-quality apps - and encourage even more packagers to improve the quality of their apps ;
- the SSH configuration has been hardened and should now be handled by YunoHost. A migration has to be ran manually after the upgrade for this change to take effect. Note that after applying this migration you will have to use the admin user (instead of root) when connecting through SSH. There’s a high chance that you will encounter this spooky warning and will have to remove the old fingerprint in your ssh clients ;
- HTTP2 has been enabled in nginx configuration, which is likely to make browsing faster (though we do not have quantified info about that ) ;
- some other security improvements / fixes (in particular to protect against some CSRF attacks) ;
- a few important bugs were fixed - and namely the infamous “infinite pacman” (at least it should happen much less often) ;
Thanks to all contributors (Aleks, A. Pierré, ButterflyOfFire, Bram, irina11y, Josué, J. Meggyeshazi, Maniack Crudelis, M. Martin, P. Bourré, P. Joelson, Quenti, Sylkevicious, T. Hill, anubis, aleiyer, chateau, frju365, gdayon, liberodark, ljf, randomstuff, nqb, wilPoly) !
- [enh] Ask confirmation when installing experimental or low quality apps (Yunohost#598, Yunohost-admin#218)
- [fix] Harden and standardize sshd configuration (Yunohost#518, Yunohost#590)
- [enh] Protect against CSRF (Moulinette#171, Moulinette#174)
- [enh] Enable HTTP2 in nginx configurations (Yunohost#580)
- [fix] Fix some issues with pacman endlessly running (errors 500 not being handled correctly) (Yunohost-admin#220, Moulinette#180)
- [i18n] Improve translations for Arabic, Occitan, Italian, Spanish, Hungarian, Esperanto, German, Chinese(Mandarin) and Swedish
Misc fixes / improvements
- [enh] Display human readable date and clarify timezone handling (Yunohost#552, Yunohost-admin#216, Moulinette#184)
- [enh] Added option to purge user’s data when removing it from the admin panel (Yunohost-admin#221)
- [enh] Also remove /var/mail/ directory on user delete (with --purge option) (Yunohost#602)
- [fix] Don’t run initial checks each time home page is displayed (Yunohost-admin#217)
- [fix] DEBUG-level messages not appearing in actions performed via the API (Yunohost#603)
- [fix] Add libpam-ldapd as dependency to be able to login through SSH with LDAP users (Yunohost#587)
- [enh] Add post_cert_update hook each time certificate is updated (Yunohost#586)
- [enh] Update ECDH curves recommended by Mozilla, now that we are on stretch (Yunohost#579)
- [enh] Use more_set_headers in nginx config + fixes for path traversal issues (Yunohost#564)
- [enh] Allow to not fail on backup and restore for non-mandatory files (Yunohost#576)
- [fix] Do not use separate ini file for php pools anymore (Yunohost#548)
- [fix] Explicit dependance to iptables (YunoHost/1667ba1)
- [fix] Correctly generate DKIM keys for new domains when they are added (Yunohost/0445aed)
- [enh] Switch to PCRE regex for rules in conf.json (SSOwat#102)
- [enh] Add “select all/none” buttons on webadmin backup creation and restoration pages (YunoHost-admin#224)
- [enh] Handle apps hosted on gitlab properly (YunoHost#615)
- [enh] Simplify error management (Yunohost#574, Moulinette#180)
- [fix] Several issues with bootprompt (YunoHost#609)
- [fix] SSOwat “error 500” after user password got changed (SSOwat#114)
- [fix] Better handling of the super cryptic “error 0” (YunoHost-Admin/4884bff)
- [fix] Set owner of archives folder to ‘admin’ so that backup archives can be copied out of the server with the admin user (YunoHost#613)
- [enh] Add reload and restart actions to
yunohost servicecommand (YunoHost#611)
- [fix] Propagate
--no-checkscert-install option to renew crontab (YunoHost#610)
- [fix] Fix the way change_url updates the domain/path (YunoHost#608)
- [i18n] Orthotypographic changes (YunoHost#612, YunoHost-admin#223, Moulinette#190)
- Misc technical fixes and improvements (Yunohost#601, Yunohost#600, Yunohost#593, Yunohost#595, Moulinette#187, Moulinette#182, Moulinette#181, Moulinette#185, YunoHost#607, YunoHost#616)
How to participate to the beta-testing
Do not do this on a critical server !
In the command line, you can launch this command to switch to testing :
curl https://install.yunohost.org/switchToTesting | bash
(if you are familiar with bash scripting, you might want to read what this does before blindly running the command)
After this command, you should see that you are running YunoHost 3.4.0.
What to test ?
Here are a few specific items for which tests and feedback would be quite important ! If you tweaked nginx’s conf manually, make sure to update / regen the conf with
yunohost service regen-conf nginx --force.
- The SSH migration is actually made of two migrations : the first is automatic and the second is manual. Make sure that the first ran correctly then run the second one. Reconnect through SSH. Report anything that you find troublesome (either bugs or bad UX).
- Check that every app you have still behave correctly.
- Try to install apps that you know are low or bad quality, via the webadmin or the command line, and let us know if you find that the UX could be improved.
- Try to use
yunohost user sshcommands as explained in this documentation and validate that it works as expected (e.g. allow a user to connect through SSH and validate that this indeed works).
- Perform a few usual things on your server such as creating a user, installing an app, …