YunoHost 4.1 testing / Call for feedback

,

Hello everyone!

We just released a new testing version for YunoHost and would be happy to receive feedback before releasing it as a stable version :yum:

For now, this release essentially includes the following major changes:

  • :lock: Groups and permissions v2.0: In version 3.7 we added a new permission mechanism. This new iteration allows more flexibility in the management of access rights. It allows for example to hide a tile, it now manages regular expressions in urls and the management of several urls for the same permission… A lot of code has changed to allow this flexibility and that’s why we call on you to test this feature as much as possible.

  • :inbox_tray: Backup download: You can now download a backup directly from the webadmin! No need for FTP client or cryptic scp commands anymore! Backups are now also not compressed by default, because it was identified that the gain is not worth the cost/risks. (Though it’s still possible to manually compress/uncompress them afterwards)

  • :mailbox_with_mail: Support for mail relays: Many users are unable to configure their mail stack because of ISP restrictions. A possible workaround is to use a mail relays which so far had to be configured manually. We now provide some more official support through YunoHost settings. [This should be documented]

  • :rocket: Simplified install process: During installation in a local network, you should be able to access your server using the magic yunohost.local domain. No need to find the local IP address anymore! [Documentation should be updated in that direction]

  • :bust_in_silhouette: Simplify the user creation: During the creation of a new user, the email is by default username@domain, and you can choose among the domains present on the YunoHost instance. This should help prevent some confusion where people would enter their external address during the account creation, or misconfigurations of email clients due do differences between the username and the email address.

  • :rocket: And a lot more as you’ll find out in the changelog!

Thanks to all contributors :heart: ! Aleks, anmol, Augustin T., Baptiste W., Bram, Christian W., Colin W., cricriiiiii, cyxae, danielschmalhofer, ekhae, Éric G., E. Courteau, Félix P., F. Cristoforetti, Josué, Julien J., KaeruCT, Kayou, Leandro N., ljf, Maniack C, miloskroulik, Omnia89, ppr, Quentí, Quentin D., roukydesbois, Salamandar, SiM, Titoko, tituspijean, yalh76, Yifei D., Xaloc

:hammer_and_wrench: Detailed changelog

Apps

Backups

Other important changes for admins

Apps packaging

Misc technical fixes and improvements

Show

YunoHost

Misc technical fixes, improvements, cleanups

  • [enh] ux: Select default domain in app install page (Yunohost-admin#306)
  • [fix] ux: Ignore some unimportant apt warnings (YunoHost/199cc50)
  • [fix] ux, diagnosis: Admin should manually run the first diagnosis (YunoHost-admin/d3b3236)
  • [enh] ux: When searching for an app, also search in app descriptions (YunoHost-admin#317)
  • [enh] diagnosis: report usage of backports repository in apt’s sources.list (#1069)
  • [enh] cli: Display the install path of app in the output of app list (#1120)
  • [enh] cli: Also display app labels when attempting to remove a domain that still has app installed (YunoHost#1124)
  • [enh] cli: Be able to change user password without writing it in clear (YunoHost#1075)
  • [enh] perf: Lazy loading of smtplib to reduce memory footprint a bit (0f2e9ab1)
  • [mod] refactoring, perf: Clean /usr/bin/yunohost, make it easier to use yunohost as a python lib + some performance improvement (YunoHost#922, Moulinette#245)
  • [mod] refactoring: App manifest arguments parsing (YunoHost#1013)
  • [fix] helpers: Detect misformated arguments in getopts (YunoHost#1052)
  • [fix] app: Refactor app download process, make it github-independent (YunoHost#1049)
  • [enh] postinstall: Test at the beginning of postinstall that iptables is working instead of miserably crashing later (YunoHost/f73ae4ee)
  • [fix] services: journalctl -x in fact makes everything bloated, the supposedly additional info it displays does not contains anything relevant… (YunoHost/452b178d)
  • [enh] services: Add configuration tests for dnsmasq, fail2ban, slapd (YunoHost/6e69df37)
  • [fix] regenconf: Add redis hook to enforce permissions on /var/log/redis (YunoHost/a1c1057a)
  • [fix] fail2ban: Remove some old fail2ban jails that do not exists anymore (YunoHost/2c6736df)
  • [fix] nginx, postinstall: Get rid of yunohost.local in main domain nginx conf (YunoHost/ba884d5b)
  • [enh] doc: Auto-generate helper doc when a new yunohost tag is pushed (YunoHost#1080)
  • [fix] security, mail: Add “abuse@you_domain.tld” alias to the first user (YunoHost/67e03e6)

How to participate to the beta-testing :construction_worker_woman: :construction_worker_man:

:warning: DO NOT do this on a critical production server!

From the command line, you can launch the following command to switch to testing:

curl https://install.yunohost.org/switchToTesting | bash

(If you are familiar with bash scripting, you might want to read what this does before blindly running the command)

After this command, you should be running YunoHost 4.1.0. Before using the webadmin, please make sure to force-refresh the cache of your browser.

What to test? :space_invader: :telescope:

Here are some specific items which are important to check to validate the current work:

  • Upgrade an existing instance and check that everything is working (in particular, validate that the new migration ran properly)
  • Try to change permissions, validate that you’re still have access to the applications you need to have access to
  • If you had custom unprotected/skipped uri rules in your conf.json.persistent, validate that things are still working as expected
  • Install/upgrade apps
  • Create remove users
21 Likes

Hey!
Thanks for this new version :heart_eyes:
I installed the update on my production server.
I have a couple of issues:

Adding articles from wallabag for android doesn’t work any more, with this cyclic log in the nginx error log for the domain :

2020/12/05 11:09:45 [error] 25512#25512: *6296 lua entry thread aborted: runtime error: /usr/share/ssowat/helpers.lua:274: string argument only
stack traceback:
coroutine 0:
        [C]: in function 'decode_base64'
        /usr/share/ssowat/helpers.lua:274: in function 'refresh_logged_in'
        /usr/share/ssowat/access.lua:32: in function </usr/share/ssowat/access.lua:1>, client: 192.168.1.254, server: bag.monin.net, request: "POST /api/entries.json HTTP/2.0", host: "bag.monin.net"

Upgrade of PHP 7.3-dependent apps seems to consistently fail on any app; here an example for jirafeau: https://paste.yunohost.org/raw/atigarukah
restarting php7.3-fpm afterwards just works…
Not much information in the logs:

systemctl status php7.3-fpm
● php7.3-fpm.service - The PHP 7.3 FastCGI Process Manager
   Loaded: loaded (/lib/systemd/system/php7.3-fpm.service; enabled; vendor preset: enabled)
   Active: failed (Result: signal) since Sat 2020-12-05 12:53:10 CET; 55s ago
     Docs: man:php-fpm7.3(8)
  Process: 25563 ExecStart=/usr/sbin/php-fpm7.3 --nodaemonize --fpm-config /etc/php/7.3/fpm/php-fpm.conf (code=killed, signal=USR2)
  Process: 25678 ExecStartPost=/usr/lib/php/php-fpm-socket-helper install /run/php/php-fpm.sock /etc/php/7.3/fpm/pool.d/www.conf 73 (code=exited, status=0/SUCC
  Process: 20362 ExecReload=/bin/kill -USR2 $MAINPID (code=exited, status=0/SUCCESS)
  Process: 20364 ExecStopPost=/usr/lib/php/php-fpm-socket-helper remove /run/php/php-fpm.sock /etc/php/7.3/fpm/pool.d/www.conf 73 (code=exited, status=0/SUCCES
 Main PID: 25563 (code=killed, signal=USR2)
   Status: "Processes active: 0, idle: 62, Requests: 2382, slow: 0, Traffic: 0.4req/sec"

déc. 05 09:57:41 Orwell systemd[1]: Starting The PHP 7.3 FastCGI Process Manager...
déc. 05 09:57:44 Orwell systemd[1]: Started The PHP 7.3 FastCGI Process Manager.
déc. 05 12:53:09 Orwell systemd[1]: Reloading The PHP 7.3 FastCGI Process Manager.
déc. 05 12:53:09 Orwell systemd[1]: Reloaded The PHP 7.3 FastCGI Process Manager.
déc. 05 12:53:10 Orwell systemd[1]: Reloading The PHP 7.3 FastCGI Process Manager.
déc. 05 12:53:10 Orwell systemd[1]: Reloaded The PHP 7.3 FastCGI Process Manager.
déc. 05 12:53:10 Orwell systemd[1]: php7.3-fpm.service: Main process exited, code=killed, status=12/USR2
déc. 05 12:53:10 Orwell systemd[1]: php7.3-fpm.service: Failed with result 'signal'.

journalctl -u php7.3-fpm
...
déc. 05 12:53:09 Orwell systemd[1]: Reloading The PHP 7.3 FastCGI Process Manager.
déc. 05 12:53:09 Orwell systemd[1]: Reloaded The PHP 7.3 FastCGI Process Manager.
déc. 05 12:53:10 Orwell systemd[1]: Reloading The PHP 7.3 FastCGI Process Manager.
déc. 05 12:53:10 Orwell systemd[1]: Reloaded The PHP 7.3 FastCGI Process Manager.
déc. 05 12:53:10 Orwell systemd[1]: php7.3-fpm.service: Main process exited, code=killed, status=12/USR2
déc. 05 12:53:10 Orwell systemd[1]: php7.3-fpm.service: Failed with result 'signal'.

/var/log/php7.3-fpm.log
...
[05-Dec-2020 12:52:40] NOTICE: configuration file /etc/php/7.3/fpm/php-fpm.conf test is successful

[05-Dec-2020 12:53:09] NOTICE: configuration file /etc/php/7.3/fpm/php-fpm.conf test is successful

[05-Dec-2020 12:53:09] NOTICE: Reloading in progress ...
[05-Dec-2020 12:53:09] NOTICE: reloading: execvp("/usr/sbin/php-fpm7.3", {"/usr/sbin/php-fpm7.3", "--nodaemonize", "--fpm-config", "/etc/php/7.3/fpm/php-fpm.conf"})
[05-Dec-2020 12:53:35] NOTICE: configuration file /etc/php/7.3/fpm/php-fpm.conf test is successful

SMTP relay configuration not compatible with some ISPs:
In my case, I have Bouygues Telecom ISP, and setting the relay to smtp.bbox.fr works only if smtp_tls_security_level for outgoing connections is set to may, instead of encrypt (and I know it’s baaad)

Install the testing version on a 4.0.8.3 “dev” server with some apps available :

  • Di Discourse
  • Do Dokuwiki
  • Et Etherpad Mypads
  • He Hextris
  • Le Leed
  • Ls Lstu
  • Op OpenSondage
  • Wo WordPress
  • Ze Zerobin
  • ph phpMyAdmin

I remove some public permissions to some apps, and they become private.
I change private apps permissions to public, and they become public !

I create some user but have some errors, bug user is create :
Échec de l’exécution du script : /etc/yunohost/hooks.d/post_user_create/50-ynh_media

sudo: setfacl : commande introuvable
sudo: setfacl : commande introuvable
sudo: setfacl : commande introuvable

acl packet is not present in my system…

If I install it, the error vanish.

I can create permission to my user, like admin in phpmyadmin or access to some private apps

All my new users (created by admin interface or command line) can connect with ldap apps.

They can be deleted as well.

I will try to upgrade some old apps.

Backup download
when I make a backup with the system and some applications:

System
[x] System configuration
[x] Email
[x] User data

Applications
[x] etherpad
[x] nextcloud
[x] thelounge
...

None of the selected applications are saved in the .tar file (only the system part is saved)

… I also get a '1' ne sera pas sauvegardée cryptic warning.

Also when the System elements are unselected and all the apps are selected I get the warning Il n’y a rien à sauvegarder

Simplify the user creation

  • tip_about_user_email doesn’t show any tips…

  • Also we lost Quota de la boite aux lettres option… The option is still available in the Éditer le compte de johndoe section.

Same as @JimboJoe here while installing Jirafeau (with php7.3)

Error: Unable to install jirafeau: This action seems to have broken these important services: php7.3-fpm

Also I get funny logs : https://paste.yunohost.org/raw/upipihipof

Same things.
The previous old backup are download as .tar.gz but they realy are just .tar and cannot be open with gunzip :

$ file 20200622-211541.tar.gz 
20200622-211541.tar.gz: POSIX tar archive (GNU)

I confim the '1' ne sera pas sauvegardée cryptic warning.
And full backup with no apps, just 8 MB :

  • conf
  • data
  • hooks
  • backup.csv
  • info.json

I try to upgrade dokuwiki from 2018 to 2020 and can’t with an error on php7.3-fpm : https://paste.yunohost.org/raw/gagevapade
php7.3-fpm was stopped, so I restart php7.3-fpm an retry but same error :
https://paste.yunohost.org/raw/dematomide

Same problem to upgrade wordpress from 5.5 to 5.5.3 : https://paste.yunohost.org/raw/onahuwojur

Same problem to install Opensondage : https://paste.yunohost.org/raw/lohiqawafe

I tried to install it, and I kinda broke a lot of things… Not sure how and where to look to begin to debug my mess. I upgraded Yunohost and some other app (Funkwhale especially).

  • The webadmin shows 4.1.0 so the upgrade worked in a way.
  • My main domain, usually leading to the User page (with app tiles) now display the nginx message, and basically all pages that redirected there.
  • I can’t login into Funkwhale anymore, it says “A server error occured”.
  • Everything looks fine in the webadmin diagnosis tool.
  • I can’t acces logs from the webadmin : " Yunohost encountered an internal error:/", with this message under “Action” :

GET /logs
{“with_details”:"",“limit”:“40”}

And this one under “Traceback” :

Traceback (most recent call last):
File “/usr/lib/python2.7/dist-packages/moulinette/interfaces/api.py”, line 482, in process
ret = self.actionsmap.process(arguments, timeout=30, route=_route)
File “/usr/lib/python2.7/dist-packages/moulinette/actionsmap.py”, line 587, in process
return func(**arguments)
File “/usr/lib/moulinette/yunohost/log.py”, line 100, in log_list
entry[“parent”] = metadata.get(“parent”)
AttributeError: ‘NoneType’ object has no attribute ‘get’

  • The above error also appears when performing some (but not all) actions from the webadmin, such as after upgrading system packages, even though the updates actually happen.

I did try to remove & add my main domain (hoping it would configure properly) but no luck there. I’ve no clue what to look for.
Cheers :wink:

I have same problem.

I have also a problem with Bitwarden which can’t save anything anymore (a database problem ?) since the upgrade.
Bitwarden expires still immediatly on login, so https://github.com/YunoHost-Apps/bitwarden_ynh/issues/3 is not fixed yet.

Nextcloud seems to run well, except for opening Collabora files. Now I have a warning 2020-12-10 21_27_01-Charte engagement St-Damien.docx - Fichiers - Nextcloud
And if I try with the integrated CODE, there is no warning but I can’t see my file…
So I don’t know if it’s a Nextcloud or Collabora problem, or both (since I can’t try Collabora elsewhere than in Nextcloud).

Funkwhale, Streama and WebTrees work well.

2020/12/11 05:45:25 [error] 18555#18555: *172 connect() to unix:/var/run/php/php7.3-fpm-nextcloud.sock failed (111: Connection refused) while connecting to upstream, client: 2001:ac8:20:309::a17e, server: <domain>, request: "GET / HTTP/2.0", upstream: "fastcgi://unix:/var/run/php/php7.3-fpm-nextcloud.sock:", host: "<domain>"

Tested and approuved :+1: I’ve port 25 closed (ISP doesn’t autorize to open it), so it’s a great help. It’s easy and postfix is not manually modified anymore, so it isn’t repertoried as a problem in the diagnosis.

Thank you the Yunohost Team :partying_face:

2 Likes

This looks really promising ! Would you mind sharing which email relay supplier you are using ?
Would it be a way to get rid of my low email receptivity rate by going through a professionnal email relay provider which would be white listed from Hotmail ?
If yes that’s a very good piece of news

1 Like

Everithing i’ve tested is ok for now, except two things :

  • Got a « Welcome to nginx! » page if go to « my.domain.org » URL, without « /yunohost/sso/ » (redirection problem ?)
  • On peertube (2.4), got this error when i tried to login :

<html> <head><title>500 Internal Server Error</title><script type="text/javascript" src="/ynh_portal.js"></script><link type="text/css" rel="stylesheet" href="/ynh_overlay.css"></link><script type="text/javascript" src="/ynhtheme/custom_portal.js"></script><link type="text/css" rel="stylesheet" href="/ynhtheme/custom_overlay.css"></link></head> <body bgcolor="white"> <center><h1>500 Internal Server Error</h1></center> <hr><center>nginx</center> </body> </html>

PS :
My Yunohost is on testing repo since 3 years, how to wayback to stable ?
Does a command line like this exist ?

No, this command juste change the repository of your yunohost.
If you want the roobakc to a stable version, you change change ‘testing’ to ‘stable’ in :
/etc/apt/sources.list or /etc/apt/sources.list.d/yunohost.list

Replace :

deb http://forge.yunohost.org/debian/ buster testing

by

deb http://forge.yunohost.org/debian/ buster stable

But it’s not sure that your version will be stable. Because the testing version maybe have change other packages.

The testing version should not be used in production, only for tests.

1 Like

Thanks for this answer,
Indeed, my version will be stable, when the stable will catch up this testing ^^;

Mmhh don’t judge me, I use gmail’s relay, I know it’s GAFA but yes, nobody is perfect :stuck_out_tongue:

1 Like

Looks like Mailjet has a free plan, I’ll take a look.
Just to be sure that I understood well, email relay will send emails on behalf of Yunohost but once correctly configured it’s totally transparent, right ?

1 Like

It depends of what you want to say by this, but the email will be received as from your mailjet user, and not from your Yunohost user adress mail.

1 Like

Je pensai que les relais mail étaient transparents en ce qui concerne le nom de domaine.