YunoHost 3.5 testing / Call for feedback

Hello everyone!

We just released a new testing version for YunoHost and would be happy to receive feedback before releasing it as a stable version :yum:

For now, this release essentially includes many miscellaneous fixes and improvements for security, UX and general robustness. Also, many improvements and new helpers are now available for application packagers. In particular, the getopts mechanism will allow for more flexibility in helpers evolution as well as more explicit options name and usage.

Thanks to all contributors (Aleks, Jimmy Monin, JosuĂ© Tille, Kayou, Laurent Peuch, Lukas FĂŒlling, Maniack Crudelis, n3uz, Taekiro, frju365, ljf, opi, yalh76, АлДĐșсДĐč) ! :heart:

In parallel, the application team is currently reworking some of the definition of the quality level of apps to be more meaningful, as well as the whole “official” app classification which is to become more flexible. Some of this is detailed here and here. We will probably release a more detailed statement once everything is settled :wink:!

:hammer_and_wrench: Detailed changelog

Core

  • [fix] Disable gzip entirely to avoid BREACH attacks (#675)
  • [fix] Repair backup tests (#673)
  • [fix] Backup fails because output directory not empty (#672)
  • [fix] Reject app password if they contains { or } (#671)
  • [fix] Optimize dyndns requests (#662)
  • [enh] Don’t add Strict-Transport-Security header in nginx conf if using a selfsigned cert (#661)
  • [enh] Add apt-transport-https to dependencies (#658)
  • [enh] Cache results from meltdown vulnerability checker (#656)
  • [enh] Ensure the tar file is closed during the backup (#655)
  • [enh] Be able to define hook to trigger when changing a setting (#654)
  • [enh] Assert apt/dpkg is not broken before app install (#652)
  • [fix] Loading only one helper file leads to errors because missing getopts (#651)
  • [enh] Improve / add some messages to improve UX (#650)
  • [enh] Reload fail2ban instead of restart to improve performances (#649)
  • [enh] Add IPv6 resolvers from diyisp.org to resolv.dnsmasq.conf (#639)
  • [fix] Remove old SMTP port (465) from fail2ban jail.conf (#637)
  • [enh] Improve protection against indexation from robots (#622)
  • [enh] Allow hooks to return data (#526)
  • [fix] Do not make version number available from web API to unauthenticated users (#291, YunoHost-admin#226)
  • [enh] Add Konami code in webadmin :wink: (YunoHost-admin#208)
  • [i18n] Improve Russian and Chinese (Mandarin) translations

App helpers

  • [enh] ynh_systemd_action : reload-or-restart instead of just reload (#681)
  • [fix] Make sure that ynh_system_user_delete also deletes the group (#680)
  • [enh] Optimize app setting helpers (#663, #676)
  • [enh] Allow display_text ‘fake’ argument in manifest.json (still kinda experimental, might change in the future?) (#669)
  • [enh] Handle ynh_install_nodejs for arm64 / aarch64 (#660)
  • [enh] Update postgresql helpers (#657)
  • [enh] Print diff of files when backup by ynh_backup_if_checksum_is_different (#648)
  • [enh] Add app debugger helper (#647)
  • [fix] Escape double quote before eval in getopts (#646)
  • [fix] ynh_local_curl not using the right url in some cases (#644)
  • [fix] Get rid of annoying ‘unable to initialize frontend’ messages (#643)
  • [enh] Check if dpkg is not broken when calling ynh_wait_dpkg_free (#638)
  • [enh] Warn the packager that ynh_secure_remove should be used with only one arg
 (#635, #642)
  • [enh] Add ynh_script_progression helper (#634)
  • [enh] Add ynh_systemd_action helper (#633)
  • [enh] Allow to dig deeper into an archive with ynh_setup_source (#630)
  • [enh] Use getops (#561)
  • [enh] Add ynh_check_app_version_changed helper (#521)
  • [enh] Add fail2ban helpers (#364)

How to participate to the beta-testing :construction_worker_woman: :construction_worker_man:

:warning: Do not do this on a critical production server!

From the command line, you can launch the following command to switch to testing:

curl https://install.yunohost.org/switchToTesting | bash

(If you are familiar with bash scripting, you might want to read what this does before blindly running the command)

After this command, you should be running YunoHost 3.5.0.

What to test? :space_invader: :telescope:

Here are a few specific items for which tests and feedback would be nice!

  • Browse and test a few things in the webadmin to validate that it behaves correctly;
  • Install / remove few apps 
 ideally test to upgrade an app
  • Try to create a backup with a tmp folder already existing (maybe add --apps some_app to not backup everything if you have a lot of stuff on your system):
mkdir /home/yunohost.backup/tmp/foobar
touch /home/yunohost.backup/tmp/foobar/foobar
yunohost backup create -n foobar
12 Likes

Hi,

So i upgrade from 3.4.x to 3.5.x on a VirtualBox : no error at this time.
In this VirtualBox, i’ve upgrade a WordPress multi-instance : no error at this time.

I’ve upgrade too my Raspberry Pi 3B : no error at this time.

<3

ppr

1 Like

les empaqueteurs sont gĂątĂ©s sur plein de sujets, merci ! Et mĂȘme si c’est pas mis en avant, les Ă©volutions sur le linter, mais surtout sur le paquet d’exemple https://github.com/YunoHost/example_ynh/ sont vraiment supers !

Pour l’histoire des accolades dans les mot de passe qui risquent une injection bash, est-ce qu’il a Ă©tĂ© pensĂ© d’ajouter un cas de tests qui essaye de faire de l’injection bash sur chaque paramĂštre passĂ© dans le manifest.json avec https://github.com/YunoHost/package_check?

c’est logique d’avoir cette protection, et globalement on devrait l’avoir sur n’importe quel champ, c’est juste un peu chiant pour les mots de passe pour le cas lĂ©gitime oĂč on utilise un gĂ©nĂ©rateur de mot de passe genre keepass.

The problem about braces into a password isn’t related to a possible injection. And anyway, why an admin would try to do an injection through an app when he’s already admin and need to be to install an app !

The problem is that such characters break bash as they’re bash special characters.
That’s not only a problem about braces, we had similar issues with other special characters previously.

Administration part, Menu “Versions”. Click.

URL announced by my Firefox browser https://mydomain.com/yunohost/admin/#/tools/versions

Message displayed

Error: 404 Not Found

Sorry, the requested URL ‘http://mydomain.com/version?locale=fr’ caused an error:
Not found: ‘/version’

The URL being in 404 in http without S, and not in subdomain admin, directly at my domain root level (where yunohost is installed).

Info in diagnostic mode

"host": "Debian 9.8",
"kernel": "4.9.0-8-686-pae",
"packages": {
    "yunohost": {
        "repo": "testing",
        "version": "3.5.0.2"
    },
    "yunohost-admin": {
        "repo": "testing",
        "version": "3.5.0"
    },
    "moulinette": {
        "repo": "testing",
        "version": "3.5.0"
    },
    "ssowat": {
        "repo": "testing",
        "version": "3.5.0"
    }

Ah yes indeed, good catch, I forgot about that thing. Will investigate what to do. Thanks for all the tests !

1 Like

Yunohost version still leaks by looking at the source code of the page https://example.org/yunohost/admin/#/login

<!DOCTYPE html>
<html lang="en">
<head>
[...]
    <link rel="stylesheet" media="screen" href="dist/css/style.min.css?version=3.5.0">
    <link rel="shortcut icon" href="dist/img/ynhadmin_icon.png">
    <script type="text/javascript" src="dist/js/script.min.js?version=3.5.0"></script>

Wholy shit indeed, good catch sir :open_mouth:

Will look at this, I think we can safely remove this ?=version as it might not be actually used but not 100% familiar with that particular piece of code

Can be there to avoid browser caching issue while changing/upgrading the css

1 Like

Yunohost 3.5 testing

Introduction

Novice sur Yunohost, aprĂšs avoir “plantĂ©â€ une premiĂšre installation en dĂ©but d’annĂ©e, j’ai installĂ© Yunohost sur une VirtualBox : Debian Stretch (hĂŽte et invitĂ©).
Souhaitant participer, Ă  mon niveau, au projet Yunohost j’ai installĂ© la testing 3.5 sur VirtualBox.
{
“yunohost”: {
“repo”: “testing”,
“version”: “3.5.0.2”
},
“yunohost-admin”: {
“repo”: “testing”,
“version”: “3.5.0”
},
“moulinette”: {
“repo”: “testing”,
“version”: “3.5.0”
},
“ssowat”: {
“repo”: “testing”,
“version”: “3.5.0”
}
}

Installation

  • /etc/apt/sources.list.d/* introuvable
  • apt dist-upgrade Ă  la main pour finaliser installation (retour Ă  l’invite intempestif).

Tests

  • Sur VM Webadmin : OK.
  • Installer/dĂ©sinstaller plusieurs fois Hextris, Jirafeau, Piwigo tout s’est bien passé 

Jirafeau :

En cli, si je laisse vide le mot de passe comme indiquĂ© “DĂ©finissez le mot de passe
(laisser vide pour autoriser tout le monde).”: arrĂȘt installation et renvoi Ă  l’invite de commande.

Kanboard, Rain Loop, Custom Webapp :

installés « à demeure » ont continué à bien fonctionner.

Backup

OK aprĂšs manƓuvre indiquĂ©e !

Conclusion

Je ne sais pas si cela est d’aucune utilitĂ©, mais je n’ai ni les connaissances, ni les compĂ©tences pour aller, pour l’instant, beaucoup plus loin.
Encore bravo et merci pour Yunohost que j’utilise, en privĂ©, par pure curiositĂ© politique et intellectuelle.

Bien cordialement. Melina

2 Likes

Merci beaucoup pour ces tests et le feedback ! :slight_smile:

Est-ce que tu peux juste prĂ©ciser oĂč / comment tu as vu ce problĂšme de /etc/apt/sources.list.d/* introuvable ?

1 Like

Juste au dĂ©but de l’install:

Pachting sources.list to enable testing repository


ls : impossible d’accĂ©der Ă  /etc/apt/sources.lists.d/* Aucun fichier ou dossier de ce type

Running apt-get update


1 Like

Merci beaucoup pour avoir pris du temps et la peine de produire ce retour détaillé!

1 Like

j’ai rencontrĂ© le mĂȘme problĂšme, le script s’interrompt. Il faut relancer manuellement l’installation. AprĂšs tout se dĂ©roule normalement et l’installation est rĂ©ussie. (test sur VM)

Bonjour,
Depuis la derniÚre maj (5/4/19) de la Testing 3.5, je rencontre quelques désagréments.
Je me connecte en utilisateur lambda, 3 applis au tableau :
Rainloop, Kanboard, Custom Webapp (racine du site).
Une fois connectĂ© Ă  Rainloop plus moyen de revenir Ă  la page d’accueil. Clic sur logo Yunohost ouvre ladite page d’accueil une demi seconde et revient sur Rainloop. Je suis obligĂ© de me dĂ©connecter sur l’appli Rainloop pour retrouver la fonction du logo.
En revanche, le logo apparait sur ma page d’accueil webapp : ce n’était pas le cas auparavant !
Avez-vous déjà rencontré ce (petit) problÚme ?
Cordialement, Melina.

1 Like