YunoHost is an operating system aiming to simplify as much as possible the administration of a server.

Overview

YunoHost

YunoHost

Build status GitHub license Mastodon Follow

YunoHost is an operating system aiming to simplify as much as possible the administration of a server.

This repository corresponds to the core code of YunoHost, mainly written in Python and Bash.

Screenshots

Webadmin (Yunohost-Admin) Single sign-on user portal (SSOwat)

Contributing

Translation status

License

As other components of YunoHost, this repository is licensed under GNU AGPL v3.

Comments
  • [enh] Certificate management integration (e.g. Let's Encrypt ...)

    [enh] Certificate management integration (e.g. Let's Encrypt ...)

    Hi guys,

    here's a first proposition of integration of Let's Encrypt (and more generally certificate management).

    It adds the following features :

    Check certificate status

    usage: yunohost domain cert-status [-h] [--full] [domainList [domainList ...]]
    
    positional arguments:
      domainList  Domains to check
    
    optional arguments:
      -h, --help  show this help message and exit
      --full      Show more details
    

    Install Let's Encrypt certificates

    usage: yunohost domain cert-install [-h] [--force] [--no-checks]
                                        [--self-signed]
                                        [domainList [domainList ...]]
    
    positional arguments:
      domainList     Domains for which to install the certificates
    
    optional arguments:
      -h, --help     show this help message and exit
      --force        Install even if current certificate is not self-signed
      --no-checks    Does not perform any check that your domain seems correcly
                     configured (DNS, reachability) before attempting to install.
                     (Not recommended)
      --self-signed  Install self-signed certificate instead of Let's Encrypt
    

    Renew Let's Encrypt certificate

    usage: yunohost domain cert-renew [-h] [--force] [--email] [--no-checks]
                                      [domainList [domainList ...]]
    
    positional arguments:
      domainList   Domains for which to renew the certificates
    
    optional arguments:
      -h, --help   show this help message and exit
      --force      Ignore the validity treshold (30 days)
      --email      Send an email to root with logs if some renewing fails
      --no-checks  Does not perform any check that your domain seems correcly
                   configured (DNS, reachability) before attempting to renew. (Not
                   recommended)
    

    Some more details / explanations

    • Let's Encrypt certificates are managed using acme-tiny. The choice was driven by the fact that it is a lightweight module, somewhat easy to use, and can be installed through pip install acme-tiny ;
    • I edited the ssowatconf function to automatically authorize the ACME challenge uri /.well-known/blahif it is present in the nginx conf ;
    • cert-install automatically adds a small cron-job (2 lines of code), calling yunohost domain cert-renew --email every week, which will renew Let's Encrypt certificates which are about to expire, and send an email to root if some renewing fails ;
    • By default, cert-install and cert-renew include some checks that the domain seems to have a reasonable setup to attempt Let's Encrypt certificate installation (DNS poiting to global IP, + being able to GET a page) ;
    • I moved the generation of self-signed certificate into a new file, and cert-install can be used to regenerate a self-signed certificate (in case you don't want Let's Encrypt anymore for some reason). The short/mid-term goal is also to refactorize this part of code to get rid of os.system() calls and use the OpenSSL.crypto module instead.

    There are more features we can think about including in the future, such as supporting other ACME authorities, supporting DNS-based challenge, set level of security (e.g. deactivate TLS v1.0 and 1.1), import certificates from non-ACME authorities, provide a diagnosis for domain (e.g. inform user a Let's Encrypt cert can be installed, display current SSL Labs rating) etc... But for now, let's focus on the basic stuff :)

    Remaining work

    • How do we manage acme-tiny (and python-tabulate) as dependencies. At the moment this code does not work if you didn't do a pip install acme-tiny and pip install tabulate for example.
    • How do we make sure the transition from letsencrypt_ynh is smooth
    • ???

    Cheers !

    opened by alexAubin 43
  • Extends permissions features

    Extends permissions features

    The problem

    • There are no way to protect a permission.
    • There are no way to set multiple uris for the same permission.
    • There are no clean way to manage multiple uris for the same application.
    • https://github.com/YunoHost/issues/issues/1486
    • https://forum.yunohost.org/t/yunohost-3-7-spooky-testing-call-for-feedback/9385/31?u=josue
    • https://github.com/YunoHost/issues/issues/1420
    • https://github.com/YunoHost/issues/issues/1534

    Solution

    • Add an attribute in LDAP to know if this permission is protected (solve ttps://github.com/YunoHost/issues/issues/1486)
    • Add an attribute in LDAP to know if we need to set the auth HEADER or not to the application (solve https://github.com/YunoHost/issues/issues/1420)
    • Add the possibility to have multiple uris for the same permission. Note that we will have one main uris for each permission an optionally we will have a list of additional uris.
    • Add an attribute in LDAP to have the label for each permissions and add on other attribute to know if we will show a tile in the SSO for this permission (solve https://github.com/YunoHost/issues/issues/1534)
    • Rework the ssowatconf.json to pass all this informations to SSOwat.

    Here is an example of how will look like the new ssowatconf.json.

    {
        "additional_headers": {
            "Auth-User": "uid", 
            "Email": "mail", 
            "Name": "cn", 
            "Remote-User": "uid"
        }, 
        "domains": [
            "domainA.tld", 
            "domainB.tld"
        ], 
        "permissions": {
            "sogo.main": { // Equals to actual protected_uris
                "users": [
                    "alice",
                    "bob"
                ],
                "label": "SOGo", // Mandatory
                "show_tile": true,
                "auth_header": true,
                "protected": true,
                "uris": [   // Not mandatory, note that the first entry will be the main uris, the others will be the additional uris.
                    "domainA.tld/SOGo",
                    "domainB.tld/something",
                    "domainA.tld/someotherthing"
                ]
            },
            "gitea.main": { // Equals to actual skipped_uris
                "users": [
                    "alice",
                    "jack"
                ],
                "label": "Gitea",
                "show_tile": true,
                "auth_header": false,
                "protected": false,
                "uris": [
                    "domainB.tld/gitea"
                ]
            },
            "gitea.admin": { // Equals to actual unprotected_uris
                "users": [
                    "alice"
                ],
                "label": "Gitea admin",
                "show_tile": false,
                "auth_header": true,
                "protected": false,
                "uris": [
                    "domainB.tld/gitea/admin"
                ]
            },
            "regex-example.main": { // Equals to actual unprotected_regex
                "users": [
                    "alice"
                ],
                "label": "Regex example",
                "show_tile": true,
                "auth_header": true,
                "protected": false,
                "uris": [
                    "re:domainB.tld/test[a-z]+/example"
                ]
            },
            "other-example.main": { // Equals to actual protected but with no auth header
                "users": [
                    "alice"
                ],
                "label": "Other example B",
                "show_tile": false,
                "auth_header": false,
                "protected": true,
                "uris": [
                    "re:domainB.tld/test[1-9]+/other-example"
                ]
            },
            "core": { // Core permission
                "users": [], // Have no sens here, so just put nothing...
                "label": "Core permissions",
                "show_tile": false,
                "auth_header": false,
                "protected": false,
                "uris": [
                    "^[^/]*/%.well%-known/acme%-challenge/.*$", 
                    "^[^/]*/%.well%-known/autoconfig/mail/config%-v1%.1%.xml.*$"
                ]
            }
        }, 
        "portal_domain": "domain.tld", 
        "portal_path": "/yunohost/sso/", 
        "redirected_regex": {
            "domain.tld/yunohost[\\/]?$": "https://domain.tld/yunohost/sso/"
        }, 
        "redirected_urls": {}, 
    }
    

    PR Status

    • [x] Implement a migration
    • [x] Manage backup/restore
    • [x] Implement the unit test
    • [x] Test the code (done by the unit test)
    • [x] Try to remove the big legacy code in app_ssowatconf. https://github.com/YunoHost/yunohost/pull/935
    • [x] Update webadmin with new feature (attribute : label, show_tile). https://github.com/YunoHost/yunohost-admin/pull/297
    • [x] Update documentation https://github.com/YunoHost/doc/pull/1263
    • [x] Test everything :smile: Done with theses apps (maybe we need to test with some other tricky app, but I don't know which one):
      • wordpress
      • nextcloud
      • gitea
      • etherpad_mypads
      • leed
    • [ ] Fix the test (maybe we need to run the migration before to launch the test). Locally all test pass.

    How to test

    • Create a protected permission (in a app) or just use the mail permission (which should be protected).
    • Try to add or remove the visitors group in this permission. ...

    Note that to test this with the unit test you need this branch : https://github.com/YunoHost/test_apps/pull/5

    Validation

    • [ ] Principle agreement 0/2 :
    • [ ] Quick review 0/1 :
    • [ ] Simple test 0/1 :
    • [ ] Deep review 0/1 :
    app helpers tests needed 
    opened by Josue-T 39
  • [enh] Add fail2ban helpers

    [enh] Add fail2ban helpers

    Problems

    To enhance applications protection against hackers/spammers, etc., we can propose helpers to ease the creating of fail2ban jails.

    Solution

    Add ynh_add_fail2ban_config and ynh_remove_fail2ban_config helpers. A successful implementation example is the piwigo app.

    PR Status

    Working, but opinion welcome! And should be implemented in other applications to validate its principle.

    Validation

    • [ ] Principle agreement 0/2 :
    • [ ] Quick review 0/1 :
    • [ ] Simple test 0/1 :
    • [ ] Deep review 0/1 :
    merging soon™ app helpers 
    opened by JimboJoe 33
  • XMPP http upload

    XMPP http upload

    The problem

    Sharing files with XMPP's http upload mechanism is currently impossible. This PR is an attempt to address issue #1278

    Metronome's configuration is ready for http upload but port 5290 is not reachable.

    Solution

    http upload requires a dedicated subdomain (I have chosen jabber.thedomain.net instead of upload.thedomain.net to avoid possible conflicts with possible other "upload" things).

    This subdomain should be reachable via HTTPS so we need:

    • [X] add a DNS entry for that subdomain
    • [X] transparently include jabber.thedomain.net as a SAN in the same certificate for thedomain.net
    • [X] explicitly define the storage path in metronome's config (the same will be configured in nginx)
    • [X] create an nginx config for that subdomain
    • [x] silently recreate existing Letsencrypt certificates

    PR Status

    The PR ready for review.

    How to test

    Create 2 accounts : alice and bob Install Dino and configure those accounts. Happily share pictures between alice and bob.

    Validation

    • [ ] Principle agreement 0/2 :
    • [ ] Quick review 0/1 :
    • [ ] Simple test 0/1 :
    • [ ] Deep review 0/1 :
    merging soon™ tests needed 
    opened by pitchum 32
  • [enh] Add postgresql helpers

    [enh] Add postgresql helpers

    I pull request just for memo and to signal this work (it was in my _common.sh file for packaging...).

    The work is unfinished. The api is similar to ynh_mysql helpers.

    opinion needed app helpers 
    opened by zamentur 26
  • Trigger error if app dependency install fails (Redmine 1006) + allow for 'or' in dependencies

    Trigger error if app dependency install fails (Redmine 1006) + allow for 'or' in dependencies

    I purpose this change to improve the helper 'ynh_install_app_dependencies'. Before this change if the dependences are not installable the install didn't fail. By these change the helper generate an error and the install stop.

    opinion needed app helpers 
    opened by Josue-T 25
  • [Fix] Adresse de rebond différente du domaine principal.

    [Fix] Adresse de rebond différente du domaine principal.

    Problem

    issue: https://forum.yunohost.org/t/probleme-mail-dns-2d-domaine/3460

    Solution

    • Change the header
    • add anonymisation
    • En fait, cette correction est le fruit d'une recherche de près de 10h sur postfix. Finalement, j'ai trouvé la solution dans la conf d'un autre logiciel, par hasard. Par soucis d'honnêteté, le site dont j'ai puisé cette conf est mailinabox : https://github.com/mail-in-a-box/mailinabox/blob/master/conf/postfix_outgoing_mail_header_filters

    PR Status

    REOPENED TEST/ REVIEW Highly Needed (RHN)

    EXAMPLE (for JimBoJoe and Reviewers)

    before with postsrsd :

    Return-Path: <[email protected]> # ou 'Return-Path: <[email protected]>' sans Postsrsd 
    
    Received: from mwinf5c54 (mwinf5c54.ANONYME.net [10.23.111.104])
    by mwinb1c03 with LMTPA;
    Wed, 13 Sep 2017 15:28:52 +0200
    
    X-Sieve: CMU Sieve 2.3
    
    Received: from domainprincipal.tld ([45.065.99.90])
    by mwinf5c54 with ME
    id 91Ur1w00Q0RFXA5011UrSl; Wed, 13 Sep 2017 15:28:52 +0200
    
    X-bcc: [email protected]
    
    X-ME-bounce-domain: DomainExterne.tld
    
    X-ME-engine: default
    
    X-me-spamcause: (0)(0000)gggruggvucftvghtrhhoucdtuddrfeelledrgeeggdeijecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfogfdpggftiffpkfenuceurghilhhou
    hhtmecugedttdenucenucfjughrpefhvffukffftgggsehttdertddttdejnecuhfhrohhmpefluhhlihgvnhcuifhomhgvshcuffhirghsuceojhhulhhivghnsegrshg
    tphgrphhhihhlrghtvghlihgvrdgvuheqnecukfhppedugedurddvheehrddufedtrdduleenucfrrghrrghmpehhvghlohepsheggedrvghupdhinhgvthepudeguddrv
    dehhedrudeftddrudelpdhmrghilhhfrhhomhepshhrshdtpehofigufeeprghopegrshgtphgrphhhihhlrghtvghlihgvrdgvuhepjhhulhhivghnsehsgeegrdgvuhd
    prhgtphhtthhopegtlhhjuhegjeeisehorhgrnhhgvgdrfhhr
    
    X-me-spamlevel: not-spam
    
    X-ME-Helo: domainprincipal.tld
    
    X-ME-IP: 45.065.99.90  # MY IP adress
    
    X-ME-Entity: ofr
    
    Received: from domainprincipal.tld (localhost [IPv6:::1])
    by domainprincipal.tld (Postfix) with ESMTPSA id C22136B5
    for <[email protected]>; Wed, 13 Sep 2017 15:28:50 +0200 (CEST)
    
    From: Name of the user <[email protected]>
    
    To: [email protected]
    
    Subject: ceci est un message de test
    
    Message-ID: <20170913132850.Horde.JcbFlT1kgDPDbzDz7ZcP2Ca@mail.server-d-envoi-test-domaine.tld>
    
    Date: Wed, 13 Sep 2017 13:28:50 +0000
    
    ...
    
    DKIM-Signature: ANONYME-LK2R
    

    After :

    Return-Path: <[email protected]>
    
    Received: from mwinf5c56 (mwinf5c56.ANONYME.net [10.23.111.106])
    by mwinb1c03 with LMTPA;
    Tue, 26 Sep 2017 10:36:54 +0200
    
    X-Sieve: CMU Sieve 2.3
    
    Received: from domainprincipal.tld ([45.065.99.90])
    by mwinf5c56 with ME
    id E8ct1w0030RFXA5018ct2f; Tue, 26 Sep 2017 10:36:54 +0200
    
    X-bcc: [email protected]
    
    X-ME-bounce-domain: DomainExterne.tld
    
    X-ME-engine: default
    
    X-me-spamcause: (0)(0000)gggruggvucftvghtrhhoucdtuddrfeelledrjedvgddtkecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfogfdpggftiffpkfenuceurghilhhou
    hhtmecugedttdenucenucfjughrpefhvffukffftgggsehttdertddttdejnecuhfhrohhmpefluhhlihgvnhcuifhomhgvshcuffhirghsuceojhhulhhivghnsegrshg
    tphgrphhhihhlrghtvghlihgvrdgvuheqnecukfhppedugedurddvheehrddufedtrdduleenucfrrghrrghmpehhvghlohepsheggedrvghupdhinhgvthepudeguddrv
    dehhedrudeftddrudelpdhmrghilhhfrhhomhepjhhulhhivghnsegrshgtphgrphhhihhlrghtvghlihgvrdgvuhdprhgtphhtthhopegtlhhjuhegjeeisehorhgrnhh
    gvgdrfhhr
    
    X-me-spamlevel: not-spam
    
    X-ME-Helo: domainprincipal.tld
    
    X-ME-IP: 45.065.99.90
    
    X-ME-Entity: ofr
    
    Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])nge.fr>; Tue, 26 Sep 2017 10:36:52 +0200 (CEST)
    
    From: Name Of my User <[email protected]>
    
    To: [email protected]
    
    Subject: ceci est un message de test
    
    Message-ID: <20170926083652.Horde.yPJwWVW9iq7zfLHZDP99fPB@mail.server-d-envoi-test-domaine.tld>
    
    Date: Tue, 26 Sep 2017 08:36:52 +0000
    ...
    DKIM-Signature: ANONYME-LK2R
    

    Remerciement

    Donc, un grand merci à eux (sans le vouloir).

    opinion needed 
    opened by frju365 25
  • Attemp to fix broken installation on slow hardware / VPS

    Attemp to fix broken installation on slow hardware / VPS

    Hello,

    As reported here or here, YunoHost post install fails on slow hardware/vps because slapd is to slow to restart itself after its regen-conf.

    This patch is an attempt to fix this but I don't have a good testing environment (my vagrant is too fast for that). Maybe testing that it's possible to run something using the admin user could be a better test but I don't see how to do it easily.

    A workarround would be to use my patch to runs this kind of operation using root instead of admin but this is a workaround, not a real fix (and this bug could still generate other problems).

    Cheers,

    opinion needed important 
    opened by Psycojoker 25
  • Mail aliases

    Mail aliases

    Based on the work from @mbugeia in #58 , rebased onto current unstable.

    List of modifications applied after this initial work :

    • ou=aliases (instead of ou=alias) to follow ou=users, ou=domains, ...
    • Removing alias_update for the moment (one can delete and re-create)
    • Main modification : do not make alias entries in LDAP inherit from inetOrgPerson. inetOrgPerson are for people (with first name, surname, ...). Instead, create a specific dedicated mailAlias objectclass. Alias objects in ldap inherits from both mailAlias and mailAccount. mailAlias is the "structural" class for holding the aliases. It enforces that the maildrop be non empty. mailAccount holds the mail address/mail forward addresses. Using mailAccount (as it is done for users) makes it transparent for most downstream applications (postfix, all apps searching for mail accounts in ldap) so that no modification is required for them.
    • add support for mail-forward with mail addresses containing a '+' separator
    • remove the need to call alias_init : the creation of the ou=aliases in the ldap db is done automatically at first use.
    inactive work needed 
    opened by julienmalik 24
  • Use a dedicated php service for each app

    Use a dedicated php service for each app

    The problem

    Discussion about using a dedicated php service for each app https://github.com/YunoHost/issues/issues/1536

    Solution

    It works perfectly

    PR Status

    We should probably reload the main service during an upgrade though.

    How to test

    Use this config file as an extra helper to source into the scripts.

    Validation

    • [ ] Principle agreement 0/2 :
    • [ ] Quick review 0/1 :
    • [ ] Simple test 0/1 :
    • [ ] Deep review 0/1 :
    merging soon™ app helpers 
    opened by maniackcrudelis 22
  • Add indexes for fields listed by slapd in the logs

    Add indexes for fields listed by slapd in the logs

    I get lots of suggestion of indexes by slapd in my logs:

    <= mdb_equality_candidates: (cn) not indexed <= mdb_equality_candidates: (gidNumber) not indexed <= mdb_equality_candidates: (mail) not indexed <= mdb_equality_candidates: (member) not indexed <= mdb_equality_candidates: (memberUid) not indexed <= mdb_equality_candidates: (sudoUser) not indexed <= mdb_equality_candidates: (uidNumber) not indexed <= mdb_equality_candidates: (uniqueMember) not indexed <= mdb_equality_candidates: (virtualdomain) not indexed <= mdb_substring_candidates: (sudoUser) not indexed

    Since Yunohost makes it hard to edit LDAP server configuration (see https://github.com/YunoHost/issues/issues/1350), the default configuration should contain indexes for the fields used by Yunohost a lot.

    The problem

    ...

    Solution

    ...

    PR Status

    ...

    How to test

    ...

    Validation

    • [ ] Principle agreement 0/2 :
    • [ ] Quick review 0/1 :
    • [ ] Simple test 0/1 :
    • [ ] Deep review 0/1 :
    merging soon™ 
    opened by MCMic 22
  • [fix] Enable pop3 settings make dovecot failed

    [fix] Enable pop3 settings make dovecot failed

    The problem

    When we enable dovecot pop3 on sans-nuage.fr, the dovecot fail with error:

    Fatal: service(pop3) access(/usr/lib/dovecot/pop3) failed: No such file or directory
    

    Solution

    Install dovecot-pop3d package

    PR Status

    Ready

    How to test

    ...

    micro 
    opened by zamentur 2
  • Add a global setting to disable root login on local network

    Add a global setting to disable root login on local network

    The problem

    • Fix and improve handling of PasswordAuthentication option
    • Add a setting for PermitRootLogin usage on local network

    Solution

    • Directly use the value of ssh_password_authentication
    • Add ssh_allow_root_on_localnet to manage the last part of the SSH template

    PR Status

    First release and review

    How to test

    Play with the ssh settings.

    opened by npalix 3
  • be able to change the loginShell of a user

    be able to change the loginShell of a user

    The problem

    We can't use another shell like sh or zsh.

    Solution

    Add the possibility to change it

    PR Status

    Yolotested in prod.

    Maybe we should manage the moment when the shell is removed from the system, but meh, it's not simple.

    How to test

    ...

    opened by kay0u 0
  • Fix OCSP stapling ... but using Google resolver :|

    Fix OCSP stapling ... but using Google resolver :|

    The problem

    OCSP stapling is in fact broken because nginx complains in the log file :

    r3.o.lencr.org could not be resolved (110: Operation timed out) while requesting certificate status, responder: r3.o.lencr.org, certificate: "/etc/yunohost/certs/domain.tld/crt.pem"

    Also related to : https://github.com/YunoHost/issues/issues/1099

    Solution

    I don't know why, but Nginx doesnt like 127.0.0.1 as a resolver, despite the fact that dnsmasq listens on 0.0.0.0:53 and a dig request on 127.0.0.1 does work ...

    Using Google resolver works, but this is probably not what we want, so opening as draft PR only

    PR Status

    Using Google resolver works, but this is probably not what we want, so opening as draft PR only

    How to test

    openssl s_client -connect domain.tld:443 -status | grep OCSP

    should display:

    OCSP response: 
    OCSP Response Data:
        OCSP Response Status: successful (0x0)
    
    opened by alexAubin 0
Releases(debian/3.7.0.5)
  • debian/3.7.0.5(Mar 15, 2020)

  • debian/2.7.12(May 6, 2018)

  • debian/2.7.13(May 6, 2018)

    • [enh] Add 'manual migration' mechanism to the migration framework (#429)
    • [enh] Add Stretch migration (#433)
    • [enh] Use recommended ECDH curves (#454)
    Source code(tar.gz)
    Source code(zip)
  • debian/2.7.11(May 1, 2018)

    (This is a testing release)

    Important changes / fixes

    • [enh] Add commands to manage user ssh accesses and keys (#403, #445)
    • [fix] Fix Lets Encrypt install when an app is installed at root (#428)
    • [enh] Improve performances by lazy-loading some modules (#451)
    • [enh] Use Mozilla's recommended headers in nginx conf (#399, #456)
    • [fix] Fix path traversal issues in yunohost admin nginx conf (#420)
    • [helpers] Add nodejs helpers (#441, #446)

    Other changes

    • [enh] Enable gzip compression for common text mimetypes in nginx (#356)
    • [enh] Add 'post' hooks on app management operations (#360)
    • [fix] Fix an issue with custom backup methods and crons (#421)
    • [mod] Simplify the way we fetch and test global ip (#424)
    • [enh] Manage etckeeper.conf to make etckeeper quiet (#426)
    • [fix] Be able to access conf folder in change_url scripts (#427)
    • [enh] Verbosify backup/restores that are performed during app upgrades (#432)
    • [enh] Display debug information on cert-install/renew failure (#447)
    • [fix] Add mailutils and wget as a dependencies
    • [mod] Misc tweaks to display more info when some commands fail
    • [helpers] More explicit depreciation warning for 'app checkurl'
    • [helpers] Fix an issue in ynh_restore_file if destination already exists (#384)
    • [helpers] Update php-fpm helpers to handle stretch/php7 and a smooth migration (#373)
    • [helpers] Add helper 'ynh_get_debian_release' (#373)
    • [helpers] Trigger an error when failing to install dependencies (#381)
    • [helpers] Allow for 'or' in dependencies (#381)
    • [helpers] Tweak the usage of BACKUP_CORE_ONLY (#398)
    • [helpers] Tweak systemd config helpers (optional service name and template name) (#425)
    • [i18n] Improve translations for Arabic, French, German, Occitan, Spanish

    Thanks to all contributors (ariasuni, pitchum, ljf, JimboJoe, frju365, Maniack, J-B Lescher, Josue, Aleks, Bram, jibec) and the several translators (ButterflyOfFire, Eric G., Cedric, J. Keerl, beyercenter, P. Gatzka, Quenti, bjarkan) :heart: !

    Source code(tar.gz)
    Source code(zip)
  • debian/2.7.10(Mar 7, 2018)

  • debian/2.7.9(Jan 30, 2018)

  • debian/2.7.8(Jan 24, 2018)

    (This is a testing release)

    • [fix] Use HMAC-SHA512 for DynDNS TSIG
    • [fix] Fix ynh_restore_upgradebackup
    • [i18n] Improve french translation

    Thanks to all contributors (Bram, Maniack, Jibec, Aleks) ! :heart:

    Source code(tar.gz)
    Source code(zip)
  • debian/2.7.7(Jan 24, 2018)

  • debian/2.7.6(Jan 16, 2018)

    (This is a testing release)

    Major changes

    • [enh] Add new api entry point to check for Meltdown vulnerability
    • [enh] New command 'app change-label'

    Misc fixes/improvements

    • [helpers] Fix upgrade of fake package
    • [helpers] Fix ynh_use_logrotate
    • [helpers] Fix broken ynh_replace_string
    • [helpers] Use local variables
    • [enh/fix] Save the conf/ directory of app during installation and upgrade
    • [enh] Improve UX for app messages
    • [enh] Keep SSH sessions alive
    • [enh] --version now display stable/testing/unstable information
    • [enh] Backup: add ability to symlink the archives dir
    • [enh] Add regen-conf messages, nginx -t and backports .deb to diagnosis output
    • [fix] Comment line syntax for DNS zone recommendation (use ';')
    • [fix] Fix a bug in disk diagnosis
    • [mod] Use systemctl for all service operations
    • [i18n] Improved Spanish and French translations

    Thanks to all contributors (Maniack, Josue, Bram, ljf, Aleks, Jocelyn, JimboeJoe, David B, Lapineige, ...) ! :heart:

    Source code(tar.gz)
    Source code(zip)
  • debian/2.7.5(Dec 2, 2017)

  • debian/2.7.4(Nov 29, 2017)

    This is a minor testing release

    • [fix] Update acme-tiny as LE updated its ToS (#386)
    • [fix] Fix helper for old apps without backup script (#388)
    • [mod] Remove port 53 from UPnP (but keep it open on local network) (#362)
    • [i18n] Improve French translation

    Thanks to all contributors :heart: ! (jibec, Moul, Maniack, Aleks)

    Source code(tar.gz)
    Source code(zip)
  • debian/2.7.3(Oct 12, 2017)

    This is a minor testing release

    Major changes

    • [fix] Refactor/clean madness related to DynDNS (#353)
    • [i18n] Improve french translation (#355)
    • [fix] Use cryptorandom to generate password (#358)
    • [enh] Support for single app upgrade from the webadmin (#359)
    • [enh] Be able to give lock to son processes detached by systemctl (#367)
    • [enh] Make MySQL dumps with a single transaction to ensure backup consistency (#370)

    Misc fixes/improvements

    • [enh] Escape some special character in ynh_replace_string (#354)
    • [fix] Allow dash at the beginning of app settings value (#357)
    • [enh] Handle root path in nginx conf (#361)
    • [enh] Add debugging in ldap init (#365)
    • [fix] Fix app_upgrade_string with missing key
    • [fix] Fix for change_url path normalizing with root url (#368)
    • [fix] Missing 'ask_path' string (#369)
    • [enh] Remove date from sql dump (#371)
    • [fix] Fix unicode error in backup/restore (#375)
    • [fix] Fix an error in ynh_replace_string (#379)

    Thanks to all contributors ❤️ ! (Bram, Maniack C, ljf, JimboJoe, ariasuni, Jibec, Aleks)

    Source code(tar.gz)
    Source code(zip)
  • debian/2.7.2(Aug 23, 2017)

  • debian/2.7.1(Aug 20, 2017)

    Security: uses sha-512 to store password and auto upgrade old password on login

    • [fix] use real random for hash selection (Laurent Peuch)
    • [enh] use the full length of available chars for salt generation (Laurent Peuch)
    • [mod] add more salt because life is miserable (Laurent Peuch)
    • [fix] move to sh512 because it's fucking year 2017 (Laurent Peuch)
    • [enh] according to https://www.safaribooksonline.com/library/view/practical-unix-and/0596003234/ch04s03.html we can go up to 16 salt caracters (Laurent Peuch)
    • [fix] also uses sha512 in user_update() (Laurent Peuch)
    • [fix] uses strong hash for admin password (Laurent Peuch)

    Add a reboot/shutdown action

    • [enh] Add reboot/shutdown actions in tools (#190) (Laurent Peuch, opi)

    Change lock mechanism

    • Remove old 'lock' configuration (Alexandre Aubin)
    • Removed unusted socket import (Alexandre Aubin)

    Various fix

    backup

    • [fix] Remove check that domain is resolved locally (Alexandre Aubin)
    • [fix] Tell user that domain dns-conf shows a recommendation only (Alexandre Aubin)
    • [fix] Backup without info.json (#342) (ljf)
    • [fix] Make read-only mount bind actually read-only (#343) (ljf)

    dyndns

    • Regen dnsmasq conf if it's not up to date :| (Alexandre Aubin)
    • [fix] timeout on request to avoid blocking process (Laurent Peuch)
    • Put request url in an intermediate variable (Alexandre Aubin)

    other

    • clean users.py (Laurent Peuch)
    • clean domains.py (Laurent Peuch)
    • [enh] add 'yunohost tools shell' (Laurent Peuch)
    • Use app_ssowatconf instead of os.system call (Alexandre Aubin)

    Thanks to all contributors <3 ! (Bram, ljf, Aleks, opi)

    Source code(tar.gz)
    Source code(zip)
  • debian/2.7.0(Aug 7, 2017)

    This is a testing release !

    Major fixes / improvements

    • [enh] Add a migration framework (#195)
    • [enh] Remove m18n (and other globals) black magic (#336)
    • [fix] Refactor DNS conf management for domains (#299)
    • [enh] Support custom backup methods (#326)

    App helpers

    • New helper autopurge (#321)
    • New helpers ynh_add_fpm_config and ynh_remove_fpm_config (#284)
    • New helpers ynh_restore_upgradebackup and ynh_backup_before_upgrade (#289)
    • New helpers ynh_add_nginx_config and ynh_remove_nginx_config (#285)
    • New helpers ynh_add_systemd_config and ynh_remove_systemd_config (#287)

    Smaller fixes / improvements

    • [fix] Run change_url scripts as root as a matter of homogeneity (#329)
    • [fix] Don't verify SSL during changeurl tests :/ (#332)
    • [fix] Depreciation warning for --hooks was always shown (#333)
    • [fix] Logrotate append (#328)
    • [enh] Check that url is available and normalize path before app install (#304)
    • [enh] Check that user is legitimate to use an email adress when sending mail (#330)
    • [fix] Properly catch Invalid manifest json with ValueError. (#324)
    • [fix] No default backup method (redmine 968) (#339)
    • [enh] Add a script to test m18n keys usage (#308)
    • [i18] Started russian translation (#340)

    Thanks to all contributors ❤️ ! (Bram, Maniack C, ljf, Aleks, JimboJoe, anmol26s, e-lie, Ozhiganov)

    Source code(tar.gz)
    Source code(zip)
  • debian/2.6.5(Jul 26, 2017)

  • debian/2.6.4(Jun 21, 2017)

    This a stable release :tada: !

    Specific changes since 2.6.3

    • Misc fixes here and there
    • [i18n] Update Spanish, German and French translations (#323)

    Thanks to all contributors : opi, Maniack C, Alex, JuanuSt, franzos, Jibec, Jeroen and beyercenter :heart: !

    Source code(tar.gz)
    Source code(zip)
  • debian/2.6.3(Jun 2, 2017)

    This a testing release, candidate for stable release !

    Major changes

    • [love] Add missing contributors & translators.
    • [enh] Introduce global settings mechanism (#229)
    • [enh] Refactor backup management to pave the way to borg (#275)
    • [enh] Changing nginx ciphers to intermediate compatiblity (#298)
    • [enh] Use ssl-cert group for certificates, instead of metronome (#222)
    • [enh] Allow regen-conf to manage new files already present on the system (#311)
    • [apps] New helpers
      • ynh_secure_remove (#281)
      • ynh_setup_source (#282)
      • ynh_webpath_available and ynh_webpath_register (#235)
      • ynh_mysql_generate_db and ynh_mysql_remove_db (#236)
      • ynh_store_file_checksum and ynh_backup_if_checksum_is_different (#286)
    • Misc fixes here and there
    • [i18n] Update Spanish, German and French translations (#318)

    Thanks to all contributors : Bram, ljf, opi, Maniack C, Alex, JimboJoe, Moul, Jibec, JuanuSt and franzos ❤️ !

    Source code(tar.gz)
    Source code(zip)
  • debian/2.6.2(Apr 24, 2017)

    Testing release

    New Features

    • [enh] Allow applications to ship a script to change its url (#185)
    • New helper ynh_replace_string (#280)
    • New helper ynh_local_curl (#288)

    Fixes

    • Fix for missing YunoHost tiles (#276)
    • [fix] Properly define app upgradability / Fix app part of tools update (#255)
    • [fix] Properly manage resolv.conf, dns resolvers and dnsmasq (#290)
    • [fix] Add random delay to app fetchlist cron job (#297)

    Improvements

    • [fix] Avoid to remove a apt package accidentally (#292)
    • [enh] Refactor applist management (#160)
    • [enh] Add libnss-mdns as Debian dependency. (#279)
    • [enh] ip6.yunohost is now served through HTTPS.
    • [enh] Adding new port availability checker (#266)
    • [fix] Split checkurl into two functions : availability + booking (#267)
    • [enh] Cleaner postinstall logs during CA creation (#250)
    • Allow underscore in backup name
    • Rewrite text for "appslist_retrieve_bad_format"
    • Rewrite text for "certmanager_http_check_timeout"
    • Updated Spanish, German, Italian, French and Dutch translations

    Thanks to every contributors (Bram, Aleks, Maniack, ljf, Jean-Baptiste, JimboJoe, opi), reviewers, testers and translators ! ❤️

    Source code(tar.gz)
    Source code(zip)
  • debian/2.6.1(Mar 23, 2017)

    Apps

    • [enh] App scripts are now executed with root user #188
    • [mod] Small cleaning / refactoring of app_list #194
    • [fix] We can now use common.sh during restore operation #246
    • [fix] Launch ssowatconf at the end of a broken install to avoid sso bad state #270
    • New apps helpers:
      • ynh_normalize_url_path #234
      • ynh_package_remove & ynh_package_autoremove
      • ynh_abort_if_errors #245
      • ynh_install_app_dependencies with equivs #247
      • ynh_remove_app_dependencies
      • logrotate #248
      • ynh_no_log: #230
      • ynh_clean_setup

    Core

    • [enh] Upgrade nginx ciphers accordin to Mozilla 'modern' compatibility recommendation #259
    • [enh] Show fail2ban logs on admin web interface #260
    • [enh] Use _get_maindomain helper. #272
    • [fix] dnsmasq configuration fixes #264, #265
    • [enh] Trigger exception if string key aint defined during unit tests #261
    • Clean services.yml #269
    • Update translations #258

    Thanks to every contributors (Bram, Aleks, Maniack Crudelis, Moul, opi) and translators ❤️

    Source code(tar.gz)
    Source code(zip)
  • debian/2.6.0(Feb 20, 2017)

    Important changes

    • [enh] Add unit test mechanism (#254)
    • [fix] (Certificate management) Any address in the range 127.0.0.0/8 is a valid loopback address for localhost
    • [enh] Include script to reset admin password (#217)
    • [enh] Set main domain as hostname (#219)
    • [enh] New bash helpers for app scripts:
      • ynh_system_user_create, ynh_system_user_delete
      • ynh_find_port

    Thanks to every contributors (Bram, Aleks, Maniack Crudelis, ZeHiro, opi, julienmalik). <3

    Source code(tar.gz)
    Source code(zip)
  • debian/2.5.6(Feb 18, 2017)

    Hotfix release

    [fix] Update Rmilter configuration to fix dkim signing. [fix] Any address in the range 127.0.0.0/8 is a valid loopback address

    Thanks to every contributors & testers

    Source code(tar.gz)
    Source code(zip)
  • debian/2.5.5(Feb 9, 2017)

  • debian/2.5.4(Feb 2, 2017)

    Stable release including changes made in v2.5.0, v2.5.1, v2.5.2, v2.5.3 and v2.5.3.1 testing releases. See the release announcement on our forum.

    Significant changes:

    • Let's Encrypt support \o/
    • Lot of fixes with nscd, slapd and LDAP
    • Support installation of apps with Git submodules
    • SSOwat configuration cleanup
    • Add haveged as dependency, fix entropy issue
    • Dovecot configuration cleanup
    • Update translations (French, German, Hindi, Spanish)

    Thanks to all contributors <3

    Source code(tar.gz)
    Source code(zip)
  • debian/2.5.3.1(Jan 10, 2017)

  • debian/2.5.3(Jan 9, 2017)

    Love

    • [enh][love] Add CONTRIBUTORS.md

    Let's Encrypt / Certificate mangement

    • [enh] Check acme challenge conf exists in nginx when renewing cert
    • [fix] Fix a bad validity check when trying to renew
    • [fix] Adding check that domain is resolved locally when installing a LE cert
    • [fix] Fix a situation where a cert could end up with bad perms for metronome

    Misc

    • [fix] No more socket activation for rspamd
    • [fix] fail2ban rules now take into account failed login attempts on ssowat
    • [fix] Ignore dyndns option is not needed with small domain
    • [enh] Add yaml syntax check in travis.yml
    • [mod] Autopep8 on all files that aren't concerned by a PR
    • [fix] Add timeout to fetchlist's wget

    Thanks to all contributors: Aleks, Bram, ju, ljf, opi, zimo2001 and to the people who are participating to the beta and giving us feedback <3

    Source code(tar.gz)
    Source code(zip)
  • debian/2.5.2(Dec 16, 2016)

    LDAP admin user
    • [fix] Wait for admin user to be available after a slapd regen-conf. This fixes an issue arising during install on slow hardware/vps.
    Dovecot/emails
    • [enh] Reorder dovecot main configuration, so that it is easier to read and extend
    • [enh] Allow for dovecot configuration extensions
    • [fix] Check if dovecot is up to fetch mailbox used space
    Backup
    • [fix] Create archives_path even for custom output directory
    • [fix] Keep track of backups with custom directory (using symlinks)
    Security
    • [fix] Improve dnssec key generation on low entropy devices
    • [enh] Add haveged as dependency to increase available entropy (relevant for virtual servers)
    Random broken app installed on slow hardware
    • [enh] List available domains when installing an app by CLI.
    Translation
    • French by Jibec and Genma
    • German by Philip Gatzka
    • Hindi by Anmol
    • Spanish by Juanu
    Other fixes and improvements
    • [enh] Remove timeout from cli interface
    • [fix] Missing 'python-openssl' dependency for Let's Encrypt integration.
    • [fix] --no-remove-on-failure for app install should behave as a flag.
    • [fix] Don't remove trailing char if it's not a slash, when generating SSOwat conf

    Thanks to all contributors: Aleks, alex, Anmol, Bram, Genma, jibec, ju, Juanu, ljf, Moul, opi, Philip Gatzka and to the people who are participating to the beta and giving us feedback <3

    Source code(tar.gz)
    Source code(zip)
  • debian/2.5.1(Dec 11, 2016)

    Here is the changelog of this release:

    SSOwat conf
    • #532, #170
    • [fix] : Raise error on malformed SSOwat persistent conf.
    • [enh] Catch SSOwat persistent configuration write error.
    • [fix] Write SSOwat configuration file only if needed.
    • [enh] Display full exception error message.
    • [mod] give instructions on how to solve the conf.json.persistant parsing error
    Feature
    • [Apps][enh] #192: --no-remove-on-failure cli option to avoid removing an application on installation failure
    Fixes
    Nscd, admin
    • [fix] avoid random bug on post-install due to nscd cache
    • [fix] #203, #656: Add missing dependency to nscd package
    • [enh] #191: Adding check that user is actually created + minor refactor of ldap/auth init
    Other
    • [Let's’encrypt][fix] #199: Fix the way name of self-CA is determined
    • [Apps][fix] #187: Refactoring tools_maindomain and disabling removal of main domain to avoid breaking things
    • [App helper][fix] #205: Bracket in passwd from ynh_string_random

    This is a mostly a big bugfix release (except the new cli option that is used for development).

    Thanks to all contributors for making this possible: @alexAubin, @Psycojoker, @julienmalik, @Jibec, @zamentur, @M5oul, @opi ❤️ (and all the people who have reported bugs and so one, that we have probably forgot)

    Source code(tar.gz)
    Source code(zip)
  • debian/2.5.0(Dec 1, 2016)

    _Testing Release_

    Features
    • [Certificate][enh] #180: Certificate management integration (e.g. Let's Encrypt certificate install)
    • [Apps][fix] #174, #533: Support git ynh app install with submodules
    • [enh] display file path on file_not_exist error
    • [mod] move a part of os.system calls to native shutil/os
    Fix
    • [App/backup][fix] #184, #593: Can't restore app on a root domain
    Other
    • [Readme][enh] #183: Complete Readme.
    • Lots of code cleaning and optimization, pep8 and other coding standard stuff

    Thanks to all contributors: @alexAubin, @Psycojoker, @Jibec, @zamentur, @M5oul Kudos to @alexAubin for leading the Let's Encrypt integration to YunoHost core \o/

    Source code(tar.gz)
    Source code(zip)
  • debian/2.4.2(Aug 14, 2016)

Owner
YunoHost
YunoHost is an operating system aiming to simplify as much as possible the administration of a server.
YunoHost
pyRTOS is a real-time operating system (RTOS), written in Python.

pyRTOS Introduction pyRTOS is a real-time operating system (RTOS), written in Python. The primary goal of pyRTOS is to provide a pure Python RTOS that

Ben Williams 96 Dec 30, 2022
An kind of operating system portal to a variety of apps with pure python

pyos An kind of operating system portal to a variety of apps. Installation Run this on your terminal: git clone https://github.com/arjunj132/pyos.git

null 1 Jan 22, 2022
pythonOS: An operating system kernel made in python and assembly

pythonOS An operating system kernel made in python and assembly Wait what? It uses a custom compiler called snek that implements a part of python3.9 (

Abbix 69 Dec 23, 2022
Snek-test - An operating system kernel made in python and assembly

pythonOS An operating system kernel made in python and assembly Wait what? It us

TechStudent10 2 Jan 25, 2022
The Begin button and menu for the Meadows operating system. The start button for UNIX/Linux.

By: Seanpm2001, Meadows Et; Al. Top README.md Read this article in a different language Sorted by: A-Z Sorting options unavailable ( af Afrikaans Afri

Sean P. Myrick V19.1.7.2 4 Aug 28, 2022
CBLang is a programming language aiming to fix most of my problems with Python

CBLang A bad programming language made in Python. CBLang is a programming language aiming to fix most of my problems with Python (this means that you

Chadderbox 43 Dec 22, 2022
This is a library which aiming to save all my code about cpp. It will help me to code conveniently.

This is a library which aiming to save all my code about cpp. It will help me to code conveniently.

Paul Leo 21 Dec 6, 2021
A collection of existing KGQA datasets in the form of the huggingface datasets library, aiming to provide an easy-to-use access to them.

KGQA Datasets Brief Introduction This repository is a collection of existing KGQA datasets in the form of the huggingface datasets library, aiming to

Semantic Systems research group 21 Jan 6, 2023
A redesign of our previous Python World Cup, aiming to simulate the 2022 World Cup all the way from the qualifiers

A redesign of our previous Python World Cup, aiming to simulate the 2022 World Cup all the way from the qualifiers. This new version is designed to be more compact and more efficient and will reflect the improvements in our programming ability.

Sam Counsell 1 Jan 7, 2022
Retrying is an Apache 2.0 licensed general-purpose retrying library, written in Python, to simplify the task of adding retry behavior to just about anything.

Retrying Retrying is an Apache 2.0 licensed general-purpose retrying library, written in Python, to simplify the task of adding retry behavior to just

Ray Holder 1.9k Dec 29, 2022
A python script to simplify recompiling, signing and installing reverse engineered android apps.

urszi.py A python script to simplify the Uninstall Recompile Sign Zipalign Install cycle when reverse engineering Android applications. It checks if d

Ahmed Harmouche 4 Jun 24, 2022
fetchmesh is a tool to simplify working with Atlas anchoring mesh measurements

A Python library for working with the RIPE Atlas anchoring mesh. fetchmesh is a tool to simplify working with Atlas anchoring mesh measurements. It ca

null 2 Aug 30, 2022
Python client SDK designed to simplify integrations by automating key generation and certificate enrollment using Venafi machine identity services.

This open source project is community-supported. To report a problem or share an idea, use Issues; and if you have a suggestion for fixing the issue,

Venafi, Inc. 13 Sep 27, 2022
More routines for operating on iterables, beyond itertools

More Itertools Python's itertools library is a gem - you can compose elegant solutions for a variety of problems with the functions it provides. In mo

null 2.8k Jan 2, 2023
LSO, also known as Linux Swap Operator, is a software with both GUI and terminal versions that you can manage the Swap area for Linux operating systems.

LSO - Linux Swap Operator Türkçe - LSO Nedir? LSO, diğer adıyla Linux Swap Operator Linux işletim sistemleri için Swap alanını yönetebileceğiniz hem G

Eren İnce 4 Feb 9, 2022
Framework To Ease Operating with Quantum Computers

QType Framework To Ease Operating with Quantum Computers Concept # define an array of 15 cubits:

Antonio Párraga Navarro 2 Jun 6, 2022
A Python wrapper API for operating and working with the Neo4j Graph Data Science (GDS) library

gdsclient NOTE: This is a work in progress and many GDS features are known to be missing or not working properly. This repo hosts the sources for gdsc

Neo4j 100 Dec 20, 2022
🤖🤖 Jarvis is an virtual assistant which can some tasks easy for you like surfing on web opening an app and much more... 🤖🤖

Jarvis ?? ?? Jarvis is an virtual assistant which can some tasks easy for you like surfing on web opening an app and much more... ?? ?? Developer : su

null 1 Nov 8, 2021
Edorado93 - Unraveling a Rockstar! -- Too much? Fine, Unraveling a humble programmer then?

Hi, I'm Sachin Malhotra ( ⛄ ?? ?? ?? ) Let me set the records straight. Roger Federer is the GOAT and I will not hear otherwise! Now that we have that

Sachin Malhotra 7 Dec 25, 2022