YunoHost 4.3 release / Sortie de YunoHost 4.3

:uk: English version

We are glad to announce the release of YunoHost 4.3 :partying_face: !

This release includes the following major changes :

  • :globe_with_meridians: Autoconfiguration mechanism for DNS records using registrars API and the Lexicon library. For now, only OVH and Gandi were properly tested by the community. This work also brings more feature-awareness, special-TLD-awareness and subdomain-awareness to the recommended DNS configuration, which should please people handling many subdomains :stuck_out_tongue_winking_eye:. This is the first version of this mechanism - some rough edges may still need to be polished in the next versions, so we’ll appreciate your (constructive) feedback! This work is supported by the NLnet foundation and contributions from students from the University of Technology of CompiĂšgne.

  • :art: A rework of the app config-panel framework which was still an experimental/hidden feature so far. We hope that this rework will make it much easier for packagers to implement interfaces to configure and customize applications, as well as unlocking new possibilities for the future of YunoHost and the webadmin in general. Also, this comes with a significant rework of the VPNclient and Hotspot apps to integrate them in the webadmin! This work is supported by the NLnet foundation.

  • :busts_in_silhouette: User management using CSV export/import. This should make life easier for people handling a large number of users! This work is supported by the CNAM.

  • :house: Better support for .local domain names which should be useful for people willing to host local-only services!

  • :safety_vest: :stethoscope: A new setting for experimental security features as well as some new diagnosis checks.

  • :keyboard: Improved mechanic for command-line prompts, such as auto-completion during app install questions

  • :sparkles: As always, various fixes / improvements for every day life, as well as internal spring cleanings, paving the way for the future!

  • :speaking_head: Lots of translation updates for Arabic, Basque, Catalan, Chinese (Simplified), Czech, Dutch, Esperanto, French, Galician, German, Hindi, Indonesian, Italian, Kurdish (Central), Macedonian, Occitan, Persian, Portuguese, Russian, Slovenian, Spanish, Turkish, Ukrainian

Thanks to all contributors :heart: ! (andretheolauret, axolotle, Christian Wehrli, Colin Wawrik, Corentin Mercier, Cyril Romain, Daniel, Eauchat, Éric Gaspar, FĂ©lix PiĂ©dallu, Flavio Cristoforetti, Geoff Montel, Gregor Lenz, JocelynDelalande, JosĂ© M, Jurij PodgorĆĄek, Kay0u, liimee, ljf, MercierCorentin, mifegui, Paco, Page Asgardius, Parviz Homayun, ppr, punkrockgirl, QuentĂ­, saptrishi das biswas, Semen Turchikhin, tituspijean, Tymofii-Lytvynenko)

:gift: Changelog


  • [enh] users: Be able to import/export users from/to CSV (#1089, Webadmin#357)
  • [enh] apps: New config-panel format and mechanism (#987, Moulinette#258, Webadmin#366)
  • [enh] domain: Automatic configuration for DNS records using lexicon + add domain settings, domain config panel, subdomain awareness, special-TLD awareness, improvements in recommended DNS conf (#1315, Webadmin#396, 17aafe6f, df02f898)
  • [enh] domain: Improve .local domain support, replace avahi-daemon by a new yunomdns service (#1112, #1335, af3d6dd7, 3a07a780)
  • [enh] dyndns: Improve IPv6-only support + improve resilience/robustness (55bacd74, a61d0231, #1367)
  • [enh] cli: Rework/improve prompt mechanics (#1338, Moulinette#290, Moulinette#303, Moulinette/08f7866f)
  • [i18n] Translations updated for Arabic, Basque, Catalan, Chinese (Simplified), Czech, Dutch, Esperanto, French, Galician, German, Hindi, Indonesian, Italian, Kurdish (Central), Macedonian, Occitan, Persian, Portuguese, Russian, Slovenian, Spanish, Turkish, Ukrainian

Misc fixes / enhancement

  • [enh] backup: Backup /home/yunohost.multimedia by default (#1179)
  • [mod] refactoring: Rework the authentication system, paving the way for future works (#1183, Moulinette#270)
  • [enh] apps: Misc refactoring + Prevent change_url from being used to move a fulldomain app to a subpath (#1346)
  • [enh] diagnosis: add an “app” section to check that app are in catalog with good quality, check for deprecated practices (#1217)
  • [fix] dovecot: add conf snippet to get rid of stupid stats-writer errors in mail.log (dab3dc6f)
  • [enh] security: report suspiciously high number of auth failures in diagnosis (#1292)
  • [enh] security: new setting to enable experimental security features (#1290)
  • [enh] security: new setting to handle https redirect (#1304)
  • [enh] security: Add httponly to API cookies (Moulinette/8562c05d)
  • [fix] security: Prevent attacker from crafting redirections to external domains (SSOwat#193)
  • [enh] webadmin: Add spooky easter egg :wink: (Webadmin#411)
  • [enh] webadmin: Add simplified breadcrumb as document title (Webadmin#393)
  • [fix] webadmin: Prevent browser from suggesting saved password on user password change form (Webadmin#329)
  • [mod] webadmin: Make logs unselectable to force people clicking the damn share button instead of copypasting only the last messages >.> (Webadmin#400)
  • [enh] webadmin: Support github-independent repo urls and/or pointing to specific branches (Webadmin#407)
  • [enh] webadmin: Optimizations for waiting modal messages and AppCatalog cards rendering (Webadmin#406)
  • [enh] webadmin: Allow to filter by groups on user list view (Webadmin#378)
  • [enh] ssowat: Add new theme “Clouds” (SSOwat#139)
  • [fix] ssowat: Fix font urls (SSOwat#193)

:warning: Important notes for advanced users

  • Note that /home/yunohost.multimedia is now backed up by default and could impact the size of your backups
  • Users of VPNclient or Hotspot : in the new version of these apps, the configuration interface is available directly from the webadmin (in Apps > appname > Configuration), not via the SSO portal. In particular, this means that it can be accessed directly via the local IP, no need to tweak /etc/hosts anymore.
  • XMPP users : note that XMPP DNS recommendation is only enabled by default on the main domain. You may enable it on other domain or subdomains in Domain > the_domain > Domain configuration.
  • yunohost domain dns-conf got renamed to yunohost domain dns suggest
  • yunohost domain cert-status/install/renew got renamed to cert status/install/renew (no dash)
  • Some unused options in yunohost dyndns subscribe/update have been removed
  • In case you were using it, the command-line interface for config panels got entirely reworked
  • App actions are still sort of working but are meant to be reworked in the near future
  • The new experimental security setting can be enabled with sudo yunohost settings set 'security.experimental.enabled' -v True. So far this does the following:
    • prevents system users from snooping on the list of processes (using ps -ef)
    • adds default-src https: data: to the nginx’s CSP configuration (note that this may break apps or stuff that needs for example a javascript eval)
    • enforces Secure and HTTPonly on all cookies
    • adds a more extensive Permissions-Policy in NGINX configuration

:package: :warning: Changelog / Important notes for app packagers

  • [fix] helpers: improve composer debug when it can’t install dependencies (4ebcaf8d)
  • [enh] helpers: allow to get/set/delete app settings without explicitly passing app id everytime
  • [fix] helpers: Don’t say the ‘app was restored’ when restore failed after failed upgrade (019d207c)
  • [enh] helpers: temporarily auto-add visitors during ynh_local_curl if needed (#1370)
  • [enh] apps: Add YNH_ARCH to app script env for easier debugging and arch checks in script (85eb43a7)
  • [mod] helpers: Deprecate ynh_print_ON/OFF (flagged as internal to not advertise them in the doc) (fe959bd7)
  • [fix] helpers: Rework ynh_exec_* to not use eval (#1358)
  • [enh] helpers: Simplify apt/php dependencies helpers (#1018)
    • using --package in ynh_add_fpm_config is deprecated. Please do not separate php dependencies from other apt dependencies - just install them all at once with ynh_install_app_dependencies. YunoHost will automagically guess that you need a custom php version if needed (e.g. if php8.0-foobar is listed, YunoHost will understand that php8.0-fpm needs to be installed)
  • [enh] helpers: In logrotate helper, enforce decent permissions on log file if app user exists (#1352)
  • [enh] helpers: Bump n version to 7.5.0 (#1347)
  • c.f. #1304 : https autoredirect is now handled by the core, shouldnt not be part of nginx’s app configurations
  • c.f. #987 : a new config panel format / mechanics is available.
    • Note that app actions still sort of work but are meant to be merged with the config panel mecanism somehow
    • There also are new question types and new mecanism (e.g. ‘visible if’) that may also be applicable to install forms !
    • See example_ynh (maybe PR still pending) for example on how to use it + possibly upcoming doc on + ask on the chat if you’re lost / not sure
  • [mod] codequality: Safer, clearer code ynh_secure_remove (#1357)
  • [mod] codequality: Lint/autoformat helpers, hooks and debian scripts (#1356)
  • yunohost app remove now supports a --purge option, which can be tested using the new YNH_APP_PURGE variable equal to 1 (if purge enabled) or 0 (if disabled). The typical use case for this is to delete the data directory if purge is enabled. (This is not yet integrated in the webadmin though)

:arrow_up: How to upgrade

From the web admin

  • Go to “Update system”
  • Then hit the “Update” button in the “System” section.
  • This may take a few minutes, grab your favorite beverage. You will need to re-log into the webadmin once it’s done.
  • Make sure to force-refresh the browser cache (Ctrl+Shift+R in Firefox)
  • Make sure that everything went well (green check :white_check_mark:) in Tools > Logs

Or from the command line

$ sudo yunohost tools update
$ sudo yunohost tools upgrade --system

:scroll: Other project news

The packaging teams continues to deliver an incredible amount of work with a whooping ~280 apps available in the catalog :star_struck:. People willing to keep a look on newly packaged apps can have a look at this new page (which doesn’t include all updates of already-packaged apps)

The next priority for the project is going to be Bullseye support. We expect to release an alpha version in the upcoming days/weeks (definitely before the end of the month) depending on how this 4.3 release goes :stuck_out_tongue_winking_eye:.

:fr: Version française

Nous sommes heureux d’annoncer la sortie de la version 4.3 :partying_face: !

Voici les points clefs de cette nouvelle version :

  • :globe_with_meridians: Un mĂ©canisme d’autoconfiguration des enregistrements DNS basĂ© sur l’API des registrars et la librairie Lexicon. Pour le moment, seulement les interfaces avec OVH et Gandi ont Ă©tĂ© correctement testĂ©e et validĂ©e par la communautĂ©. En outre, YunoHost sais dĂ©sormais un peu mieux gĂ©rer les enregistrements DNS en terme de fonctionnalitĂ© (mail, XMPP), d’extensions spĂ©ciales (par ex. .local, .test), et la notion de sous-domaines, qui devrait plaire aux personnes gĂ©rant beaucoup de sous-domaines :stuck_out_tongue_winking_eye:. Il s’agit d’une premiĂšre version de ce mĂ©canisme et certains Ă©lĂ©ments sont encore sans-doute Ă  paufiner - aussi nous aprĂ©cierons vos retours constructifs ! Ce travail a Ă©tĂ© soutenu par la fondation NLnet et par des contributions d’étudiants de l’UTC CompiĂšgne.

  • :art: Une refonte des panneaux de configuration des apps qui Ă©taient jusqu’ici une fonctionnalitĂ© experimentale et cachĂ©e. Nous espĂ©rons que cette refonte va permettre aux packageurs de crĂ©er plus simplement et rapidement des interfaces pour configurer et personaliser les applications, ainsi que dĂ©bloquer de nouvelles possibilitĂ©s pour le futur de Yunohost et de la webadmin. Ce travail est aussi liĂ© Ă  une refonte de VPNclient et Hotspot qui sont maintenant intĂ©grĂ©es directement dans la webadmin! Ce travail a Ă©tĂ© soutenu par la fondation NLnet.

  • :busts_in_silhouette: Gestion des utilisateurices via des imports/exports CSV. Ceci devrait simplifier la vie des personnes gĂ©rant un grand nombre de comptes ! Ce travail a Ă©tĂ© soutenu par le CNAM.

  • :house: AmĂ©lioration du support des domains en .local, ce qui devrait ĂȘtre utile pour les personnes souhaitant hĂ©berger des services accessibles en rĂ©seau local uniquement!

  • :safety_vest: :stethoscope: Un nouveau paramĂštre de configuration pour activer des mesures de sĂ©curitĂ© expĂ©rimentales ainsi que de nouveaux Ă©lĂ©ments dans le diagnostique.

  • :keyboard: AmĂ©lioration de l’invite de commande en CLI, qui par exemple propose maintenant une auto-complĂ©tion pour rĂ©pondre aux questions lors de l’install des apps

  • :sparkles: Comme toujours, divers correctifs et amĂ©liorations pour la vie de tous les jours, ainsi que des nettoyages en interne dans le code pour prĂ©parer le terrain pour de futur travaux!

  • :speaking_head: De nombreuses mises Ă  jour des traductions : Arabic, Basque, Catalan, Chinese (Simplified), Czech, Dutch, Esperanto, French, Galician, German, Hindi, Indonesian, Italian, Kurdish (Central), Macedonian, Occitan, Persian, Portuguese, Russian, Slovenian, Spanish, Turkish, Ukrainian

Merci Ă  toutes les contributeurices :heart: ! (andretheolauret, axolotle, Christian Wehrli, Colin Wawrik, Corentin Mercier, Cyril Romain, Daniel, Eauchat, Éric Gaspar, FĂ©lix PiĂ©dallu, Flavio Cristoforetti, Geoff Montel, Gregor Lenz, JocelynDelalande, JosĂ© M, Jurij PodgorĆĄek, Kay0u, liimee, ljf, MercierCorentin, mifegui, Paco, Page Asgardius, Parviz Homayun, ppr, punkrockgirl, QuentĂ­, saptrishi das biswas, Semen Turchikhin, tituspijean, Tymofii-Lytvynenko)

:gift: Changelog

(voir la version anglaise)

:warning: Notes pour les utilisateurices avancées et équipe de packaging

(voir la version anglaise)

:arrow_up: Comment mettre Ă  niveau

Depuis la webadmin

  • Aller dans “Mettre Ă  jour le systĂšme”
  • Puis cliquez sur “Mettre Ă  jour” dans la section “SystĂšme”.
  • La mise Ă  jour peut prendre quelques minutes. Il vous faudra ensuite vous re-logger Ă  la webadmin une fois terminĂ©e.
  • Forcez le raffraichissement du cache navigateur (Ctrl+Shift+R in Firefox)
  • Assurez-vous que tout s’est bien passĂ© (petite coche verte :white_check_mark:) dans Outils > Journaux

Ou Ă  partir de la ligne de commande

$ sudo yunohost tools update
$ sudo yunohost tools upgrade --system

:scroll: Autres nouvelles du projet

L’équipe de packaging d’apps continue de faire un travail incroyable sur les applications avec ~280 applications disponibles dans le catalogue :star_struck:. Vous pouvez consulter les nouvelles du catalogue sur cette nouvelle page (qui n’inclue pas les mises Ă  jour rĂ©guliĂšres sur les apps dĂ©jĂ  packagĂ©es)

La priorité suivante du projet va consister au passage à Bullseye. Nous prévoyons de sortir une premiÚre versions alpha dans les jours/semaines qui viennent (en tout cas clairement avant la fin du mois) en fonction de comment cette sortie de version 4.3 se passe :stuck_out_tongue_winking_eye:.


Waouh, another awesome update !! :partying_face:
As always, update is smooth and bugfree, thanks to all contributors !


Pareil, mise Ă  jour sans problĂšme (Rpi4 Raspian)
Au top !

You rock :blush:

Parfait !

It looks and feels great! Superb! :sunglasses: :partying_face:

A big thank you to everybody who contributed!

1 Like

The automatic registration to Gandi DNS works like a charm :smile:

And with a simple cron job, you can handle the dynamic DNS, can’t you?

It’s looks a fine and good update for me!
It was successfully installed on my Kimsufi server!

ProbĂšme depuis la 4.3 de swap se remplissant vite du fait de l’application droppy que j’ai Ă©tĂ© obligĂ© de dĂ©sinstaller

Bonsoir, passage ok pour moi, merci pour l’équipe Yunohost !
Juste deux paquets qui ne se mettent pas Ă  jour :

  • redis-server (de 5:5.0.3-4+deb10u3 Ă  5:5.0.14-1+deb10u1)
  • redis-tools (de 5:5.0.3-4+deb10u3 Ă  5:5.0.14-1+deb10u1)

Mise à jour effectuée avec succÚs.
Un petit message d’erreur lorsque j’ai essayĂ© de me reconnecter Ă  la webadmin comme quoi mot de passe erronĂ© avec un autre message d’erreur que j’ai pas bien lu puis ça s’est volatilisĂ© et tout est rentrĂ© dans l’ordre.

Je n’arrives plus Ă  me connecter Ă  la webadmin depuis la MAJ (Missing credentials parameter ( connexion au panneau admin impossible)) comment le message d’erreur s’est “volatilisĂ©â€ ?
Merci pour ton retour,

:heart_eyes: :muscle:

Je n’ai rien fait de particulier.
Je me suis connectĂ© depuis mon tĂ©lĂ©phone, en utilisant opĂ©ra. Le mot de passe est enregistrĂ© dans le navigateur. Donc je ne l’ai pas tapĂ©, j’ai juste appuyĂ© sur le nom d’utilisateur associĂ© Ă  ce mot de passe. La premiĂšre fois, le bouton login Ă©tait grisĂ©. J’ai alors essayĂ© d’effacer et rĂ©essayer la mĂȘme manip, le bouton login est devenu clicable. Par la suite, je ne me souviens plus prĂ©cisĂ©ment ce que j’ai pu faire. Avec l’erreur et l’écran en rouge, j’ai juste fermĂ© la fenĂȘtre et recouvert une nouvelle, slide en bas pour actualiser. RĂ©entrĂ© le mot de passe, et c’était bien passĂ©.

Moi aussi.

Moi aussi


Thanks a lott for this upgrade, one thing for me i try to yunohost domain add test.domain.tdl and it said

Erreur : Vous ĂȘtes en train de vouloir remplacer un certificat correct et valide pour le domaine ! (Utilisez --force pour contourner cela)

But i don’t have this domain already.

Thanks a lot for the great job

Bonjour Ă  tous,
Je suis aussi dans la mĂȘme situation que vous, du coup j’ai lancĂ© un :
apt-cache policy redis-tools

Retour de la commande :
Installé : 5:5.0.3-4+deb10u3
Candidat : 5:5.0.14-1+deb10u1
Table de version :
5:5.0.14-1+deb10u1 500
500 buster/updates/main amd64 Packages
*** 5:5.0.3-4+deb10u3 500
500 Index of /debian buster/main amd64 Packages
100 /var/lib/dpkg/status

J’ai tentĂ© de forcer l’installation des derniĂšres versions de ces paquets sur mon systĂšme de test avec un :
apt install redis-server=5:5.0.14-1+deb10u1 redis-tools=5:5.0.14-1+deb10u1 -V

Voici le retour de la commande :
Lecture des listes de paquets
Construction de l’arbre des dĂ©pendances
Lecture des informations d’état
Certains paquets ne peuvent ĂȘtre installĂ©s. Ceci peut signifier
que vous avez demandĂ© l’impossible, ou bien, si vous utilisez
la distribution unstable, que certains paquets n’ont pas encore
Ă©tĂ© crĂ©Ă©s ou ne sont pas sortis d’Incoming.
L’information suivante devrait vous aider Ă  rĂ©soudre la situation :

Les paquets suivants contiennent des dépendances non satisfaites :
yunohost : Est en conflit avec: redis-server (>= 5:5.0.7) mais 5:5.0.14-1+deb10u1 devra ĂȘtre installĂ©
E: Erreur, pkgProblem::Resolve a gĂ©nĂ©rĂ© des ruptures, ce qui a pu ĂȘtre causĂ© par les paquets devant ĂȘtre gardĂ©s en l’état.

Il se pourrait que d’autres mises Ă  jour du paquet yunohost arrivent dans quelques jours pour corriger ce dĂ©faut de monter en version des paquets redis-server et redis-tools.

Il nous faut donc attendre :slight_smile:
Bon week-end à la communauté de YunoHost.


This problem could prevent the installation of yunohost and give this error. “he following packages have unmet dependencies:
yunohost : Depends: redis-server but it is not going to be installed
E: Unable to correct problems, you have held broken packages.
[^[[1m^[[31mFAIL^[[0m] Installation of Yunohost packages failed”