YunoHost is an operating system aiming to simplify as much as possible the administration of a server.

Overview

YunoHost

YunoHost

Build status GitHub license Mastodon Follow

YunoHost is an operating system aiming to simplify as much as possible the administration of a server.

This repository corresponds to the core code of YunoHost, mainly written in Python and Bash.

Screenshots

Webadmin (Yunohost-Admin) Single sign-on user portal (SSOwat)

Contributing

Translation status

License

As other components of YunoHost, this repository is licensed under GNU AGPL v3.

Comments
  • [enh] Certificate management integration (e.g. Let's Encrypt ...)

    [enh] Certificate management integration (e.g. Let's Encrypt ...)

    Hi guys,

    here's a first proposition of integration of Let's Encrypt (and more generally certificate management).

    It adds the following features :

    Check certificate status

    usage: yunohost domain cert-status [-h] [--full] [domainList [domainList ...]]
    
    positional arguments:
      domainList  Domains to check
    
    optional arguments:
      -h, --help  show this help message and exit
      --full      Show more details
    

    Install Let's Encrypt certificates

    usage: yunohost domain cert-install [-h] [--force] [--no-checks]
                                        [--self-signed]
                                        [domainList [domainList ...]]
    
    positional arguments:
      domainList     Domains for which to install the certificates
    
    optional arguments:
      -h, --help     show this help message and exit
      --force        Install even if current certificate is not self-signed
      --no-checks    Does not perform any check that your domain seems correcly
                     configured (DNS, reachability) before attempting to install.
                     (Not recommended)
      --self-signed  Install self-signed certificate instead of Let's Encrypt
    

    Renew Let's Encrypt certificate

    usage: yunohost domain cert-renew [-h] [--force] [--email] [--no-checks]
                                      [domainList [domainList ...]]
    
    positional arguments:
      domainList   Domains for which to renew the certificates
    
    optional arguments:
      -h, --help   show this help message and exit
      --force      Ignore the validity treshold (30 days)
      --email      Send an email to root with logs if some renewing fails
      --no-checks  Does not perform any check that your domain seems correcly
                   configured (DNS, reachability) before attempting to renew. (Not
                   recommended)
    

    Some more details / explanations

    • Let's Encrypt certificates are managed using acme-tiny. The choice was driven by the fact that it is a lightweight module, somewhat easy to use, and can be installed through pip install acme-tiny ;
    • I edited the ssowatconf function to automatically authorize the ACME challenge uri /.well-known/blahif it is present in the nginx conf ;
    • cert-install automatically adds a small cron-job (2 lines of code), calling yunohost domain cert-renew --email every week, which will renew Let's Encrypt certificates which are about to expire, and send an email to root if some renewing fails ;
    • By default, cert-install and cert-renew include some checks that the domain seems to have a reasonable setup to attempt Let's Encrypt certificate installation (DNS poiting to global IP, + being able to GET a page) ;
    • I moved the generation of self-signed certificate into a new file, and cert-install can be used to regenerate a self-signed certificate (in case you don't want Let's Encrypt anymore for some reason). The short/mid-term goal is also to refactorize this part of code to get rid of os.system() calls and use the OpenSSL.crypto module instead.

    There are more features we can think about including in the future, such as supporting other ACME authorities, supporting DNS-based challenge, set level of security (e.g. deactivate TLS v1.0 and 1.1), import certificates from non-ACME authorities, provide a diagnosis for domain (e.g. inform user a Let's Encrypt cert can be installed, display current SSL Labs rating) etc... But for now, let's focus on the basic stuff :)

    Remaining work

    • How do we manage acme-tiny (and python-tabulate) as dependencies. At the moment this code does not work if you didn't do a pip install acme-tiny and pip install tabulate for example.
    • How do we make sure the transition from letsencrypt_ynh is smooth
    • ???

    Cheers !

    opened by alexAubin 43
  • Extends permissions features

    Extends permissions features

    The problem

    • There are no way to protect a permission.
    • There are no way to set multiple uris for the same permission.
    • There are no clean way to manage multiple uris for the same application.
    • https://github.com/YunoHost/issues/issues/1486
    • https://forum.yunohost.org/t/yunohost-3-7-spooky-testing-call-for-feedback/9385/31?u=josue
    • https://github.com/YunoHost/issues/issues/1420
    • https://github.com/YunoHost/issues/issues/1534

    Solution

    • Add an attribute in LDAP to know if this permission is protected (solve ttps://github.com/YunoHost/issues/issues/1486)
    • Add an attribute in LDAP to know if we need to set the auth HEADER or not to the application (solve https://github.com/YunoHost/issues/issues/1420)
    • Add the possibility to have multiple uris for the same permission. Note that we will have one main uris for each permission an optionally we will have a list of additional uris.
    • Add an attribute in LDAP to have the label for each permissions and add on other attribute to know if we will show a tile in the SSO for this permission (solve https://github.com/YunoHost/issues/issues/1534)
    • Rework the ssowatconf.json to pass all this informations to SSOwat.

    Here is an example of how will look like the new ssowatconf.json.

    {
        "additional_headers": {
            "Auth-User": "uid", 
            "Email": "mail", 
            "Name": "cn", 
            "Remote-User": "uid"
        }, 
        "domains": [
            "domainA.tld", 
            "domainB.tld"
        ], 
        "permissions": {
            "sogo.main": { // Equals to actual protected_uris
                "users": [
                    "alice",
                    "bob"
                ],
                "label": "SOGo", // Mandatory
                "show_tile": true,
                "auth_header": true,
                "protected": true,
                "uris": [   // Not mandatory, note that the first entry will be the main uris, the others will be the additional uris.
                    "domainA.tld/SOGo",
                    "domainB.tld/something",
                    "domainA.tld/someotherthing"
                ]
            },
            "gitea.main": { // Equals to actual skipped_uris
                "users": [
                    "alice",
                    "jack"
                ],
                "label": "Gitea",
                "show_tile": true,
                "auth_header": false,
                "protected": false,
                "uris": [
                    "domainB.tld/gitea"
                ]
            },
            "gitea.admin": { // Equals to actual unprotected_uris
                "users": [
                    "alice"
                ],
                "label": "Gitea admin",
                "show_tile": false,
                "auth_header": true,
                "protected": false,
                "uris": [
                    "domainB.tld/gitea/admin"
                ]
            },
            "regex-example.main": { // Equals to actual unprotected_regex
                "users": [
                    "alice"
                ],
                "label": "Regex example",
                "show_tile": true,
                "auth_header": true,
                "protected": false,
                "uris": [
                    "re:domainB.tld/test[a-z]+/example"
                ]
            },
            "other-example.main": { // Equals to actual protected but with no auth header
                "users": [
                    "alice"
                ],
                "label": "Other example B",
                "show_tile": false,
                "auth_header": false,
                "protected": true,
                "uris": [
                    "re:domainB.tld/test[1-9]+/other-example"
                ]
            },
            "core": { // Core permission
                "users": [], // Have no sens here, so just put nothing...
                "label": "Core permissions",
                "show_tile": false,
                "auth_header": false,
                "protected": false,
                "uris": [
                    "^[^/]*/%.well%-known/acme%-challenge/.*$", 
                    "^[^/]*/%.well%-known/autoconfig/mail/config%-v1%.1%.xml.*$"
                ]
            }
        }, 
        "portal_domain": "domain.tld", 
        "portal_path": "/yunohost/sso/", 
        "redirected_regex": {
            "domain.tld/yunohost[\\/]?$": "https://domain.tld/yunohost/sso/"
        }, 
        "redirected_urls": {}, 
    }
    

    PR Status

    • [x] Implement a migration
    • [x] Manage backup/restore
    • [x] Implement the unit test
    • [x] Test the code (done by the unit test)
    • [x] Try to remove the big legacy code in app_ssowatconf. https://github.com/YunoHost/yunohost/pull/935
    • [x] Update webadmin with new feature (attribute : label, show_tile). https://github.com/YunoHost/yunohost-admin/pull/297
    • [x] Update documentation https://github.com/YunoHost/doc/pull/1263
    • [x] Test everything :smile: Done with theses apps (maybe we need to test with some other tricky app, but I don't know which one):
      • wordpress
      • nextcloud
      • gitea
      • etherpad_mypads
      • leed
    • [ ] Fix the test (maybe we need to run the migration before to launch the test). Locally all test pass.

    How to test

    • Create a protected permission (in a app) or just use the mail permission (which should be protected).
    • Try to add or remove the visitors group in this permission. ...

    Note that to test this with the unit test you need this branch : https://github.com/YunoHost/test_apps/pull/5

    Validation

    • [ ] Principle agreement 0/2 :
    • [ ] Quick review 0/1 :
    • [ ] Simple test 0/1 :
    • [ ] Deep review 0/1 :
    app helpers tests needed 
    opened by Josue-T 39
  • [enh] Add fail2ban helpers

    [enh] Add fail2ban helpers

    Problems

    To enhance applications protection against hackers/spammers, etc., we can propose helpers to ease the creating of fail2ban jails.

    Solution

    Add ynh_add_fail2ban_config and ynh_remove_fail2ban_config helpers. A successful implementation example is the piwigo app.

    PR Status

    Working, but opinion welcome! And should be implemented in other applications to validate its principle.

    Validation

    • [ ] Principle agreement 0/2 :
    • [ ] Quick review 0/1 :
    • [ ] Simple test 0/1 :
    • [ ] Deep review 0/1 :
    merging soon™ app helpers 
    opened by JimboJoe 33
  • XMPP http upload

    XMPP http upload

    The problem

    Sharing files with XMPP's http upload mechanism is currently impossible. This PR is an attempt to address issue #1278

    Metronome's configuration is ready for http upload but port 5290 is not reachable.

    Solution

    http upload requires a dedicated subdomain (I have chosen jabber.thedomain.net instead of upload.thedomain.net to avoid possible conflicts with possible other "upload" things).

    This subdomain should be reachable via HTTPS so we need:

    • [X] add a DNS entry for that subdomain
    • [X] transparently include jabber.thedomain.net as a SAN in the same certificate for thedomain.net
    • [X] explicitly define the storage path in metronome's config (the same will be configured in nginx)
    • [X] create an nginx config for that subdomain
    • [x] silently recreate existing Letsencrypt certificates

    PR Status

    The PR ready for review.

    How to test

    Create 2 accounts : alice and bob Install Dino and configure those accounts. Happily share pictures between alice and bob.

    Validation

    • [ ] Principle agreement 0/2 :
    • [ ] Quick review 0/1 :
    • [ ] Simple test 0/1 :
    • [ ] Deep review 0/1 :
    merging soon™ tests needed 
    opened by pitchum 32
  • [enh] Add postgresql helpers

    [enh] Add postgresql helpers

    I pull request just for memo and to signal this work (it was in my _common.sh file for packaging...).

    The work is unfinished. The api is similar to ynh_mysql helpers.

    opinion needed app helpers 
    opened by zamentur 26
  • Trigger error if app dependency install fails (Redmine 1006) + allow for 'or' in dependencies

    Trigger error if app dependency install fails (Redmine 1006) + allow for 'or' in dependencies

    I purpose this change to improve the helper 'ynh_install_app_dependencies'. Before this change if the dependences are not installable the install didn't fail. By these change the helper generate an error and the install stop.

    opinion needed app helpers 
    opened by Josue-T 25
  • [Fix] Adresse de rebond différente du domaine principal.

    [Fix] Adresse de rebond différente du domaine principal.

    Problem

    issue: https://forum.yunohost.org/t/probleme-mail-dns-2d-domaine/3460

    Solution

    • Change the header
    • add anonymisation
    • En fait, cette correction est le fruit d'une recherche de près de 10h sur postfix. Finalement, j'ai trouvé la solution dans la conf d'un autre logiciel, par hasard. Par soucis d'honnêteté, le site dont j'ai puisé cette conf est mailinabox : https://github.com/mail-in-a-box/mailinabox/blob/master/conf/postfix_outgoing_mail_header_filters

    PR Status

    REOPENED TEST/ REVIEW Highly Needed (RHN)

    EXAMPLE (for JimBoJoe and Reviewers)

    before with postsrsd :

    Return-Path: <[email protected]> # ou 'Return-Path: <[email protected]>' sans Postsrsd 
    
    Received: from mwinf5c54 (mwinf5c54.ANONYME.net [10.23.111.104])
    by mwinb1c03 with LMTPA;
    Wed, 13 Sep 2017 15:28:52 +0200
    
    X-Sieve: CMU Sieve 2.3
    
    Received: from domainprincipal.tld ([45.065.99.90])
    by mwinf5c54 with ME
    id 91Ur1w00Q0RFXA5011UrSl; Wed, 13 Sep 2017 15:28:52 +0200
    
    X-bcc: [email protected]
    
    X-ME-bounce-domain: DomainExterne.tld
    
    X-ME-engine: default
    
    X-me-spamcause: (0)(0000)gggruggvucftvghtrhhoucdtuddrfeelledrgeeggdeijecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfogfdpggftiffpkfenuceurghilhhou
    hhtmecugedttdenucenucfjughrpefhvffukffftgggsehttdertddttdejnecuhfhrohhmpefluhhlihgvnhcuifhomhgvshcuffhirghsuceojhhulhhivghnsegrshg
    tphgrphhhihhlrghtvghlihgvrdgvuheqnecukfhppedugedurddvheehrddufedtrdduleenucfrrghrrghmpehhvghlohepsheggedrvghupdhinhgvthepudeguddrv
    dehhedrudeftddrudelpdhmrghilhhfrhhomhepshhrshdtpehofigufeeprghopegrshgtphgrphhhihhlrghtvghlihgvrdgvuhepjhhulhhivghnsehsgeegrdgvuhd
    prhgtphhtthhopegtlhhjuhegjeeisehorhgrnhhgvgdrfhhr
    
    X-me-spamlevel: not-spam
    
    X-ME-Helo: domainprincipal.tld
    
    X-ME-IP: 45.065.99.90  # MY IP adress
    
    X-ME-Entity: ofr
    
    Received: from domainprincipal.tld (localhost [IPv6:::1])
    by domainprincipal.tld (Postfix) with ESMTPSA id C22136B5
    for <[email protected]>; Wed, 13 Sep 2017 15:28:50 +0200 (CEST)
    
    From: Name of the user <[email protected]>
    
    To: [email protected]
    
    Subject: ceci est un message de test
    
    Message-ID: <20170913132850.Horde.JcbFlT1kgDPDbzDz7ZcP2Ca@mail.server-d-envoi-test-domaine.tld>
    
    Date: Wed, 13 Sep 2017 13:28:50 +0000
    
    ...
    
    DKIM-Signature: ANONYME-LK2R
    

    After :

    Return-Path: <[email protected]>
    
    Received: from mwinf5c56 (mwinf5c56.ANONYME.net [10.23.111.106])
    by mwinb1c03 with LMTPA;
    Tue, 26 Sep 2017 10:36:54 +0200
    
    X-Sieve: CMU Sieve 2.3
    
    Received: from domainprincipal.tld ([45.065.99.90])
    by mwinf5c56 with ME
    id E8ct1w0030RFXA5018ct2f; Tue, 26 Sep 2017 10:36:54 +0200
    
    X-bcc: [email protected]
    
    X-ME-bounce-domain: DomainExterne.tld
    
    X-ME-engine: default
    
    X-me-spamcause: (0)(0000)gggruggvucftvghtrhhoucdtuddrfeelledrjedvgddtkecutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfogfdpggftiffpkfenuceurghilhhou
    hhtmecugedttdenucenucfjughrpefhvffukffftgggsehttdertddttdejnecuhfhrohhmpefluhhlihgvnhcuifhomhgvshcuffhirghsuceojhhulhhivghnsegrshg
    tphgrphhhihhlrghtvghlihgvrdgvuheqnecukfhppedugedurddvheehrddufedtrdduleenucfrrghrrghmpehhvghlohepsheggedrvghupdhinhgvthepudeguddrv
    dehhedrudeftddrudelpdhmrghilhhfrhhomhepjhhulhhivghnsegrshgtphgrphhhihhlrghtvghlihgvrdgvuhdprhgtphhtthhopegtlhhjuhegjeeisehorhgrnhh
    gvgdrfhhr
    
    X-me-spamlevel: not-spam
    
    X-ME-Helo: domainprincipal.tld
    
    X-ME-IP: 45.065.99.90
    
    X-ME-Entity: ofr
    
    Received: from authenticated-user (PRIMARY_HOSTNAME [PUBLIC_IP])nge.fr>; Tue, 26 Sep 2017 10:36:52 +0200 (CEST)
    
    From: Name Of my User <[email protected]>
    
    To: [email protected]
    
    Subject: ceci est un message de test
    
    Message-ID: <20170926083652.Horde.yPJwWVW9iq7zfLHZDP99fPB@mail.server-d-envoi-test-domaine.tld>
    
    Date: Tue, 26 Sep 2017 08:36:52 +0000
    ...
    DKIM-Signature: ANONYME-LK2R
    

    Remerciement

    Donc, un grand merci à eux (sans le vouloir).

    opinion needed 
    opened by frju365 25
  • Attemp to fix broken installation on slow hardware / VPS

    Attemp to fix broken installation on slow hardware / VPS

    Hello,

    As reported here or here, YunoHost post install fails on slow hardware/vps because slapd is to slow to restart itself after its regen-conf.

    This patch is an attempt to fix this but I don't have a good testing environment (my vagrant is too fast for that). Maybe testing that it's possible to run something using the admin user could be a better test but I don't see how to do it easily.

    A workarround would be to use my patch to runs this kind of operation using root instead of admin but this is a workaround, not a real fix (and this bug could still generate other problems).

    Cheers,

    opinion needed important 
    opened by Psycojoker 25
  • Mail aliases

    Mail aliases

    Based on the work from @mbugeia in #58 , rebased onto current unstable.

    List of modifications applied after this initial work :

    • ou=aliases (instead of ou=alias) to follow ou=users, ou=domains, ...
    • Removing alias_update for the moment (one can delete and re-create)
    • Main modification : do not make alias entries in LDAP inherit from inetOrgPerson. inetOrgPerson are for people (with first name, surname, ...). Instead, create a specific dedicated mailAlias objectclass. Alias objects in ldap inherits from both mailAlias and mailAccount. mailAlias is the "structural" class for holding the aliases. It enforces that the maildrop be non empty. mailAccount holds the mail address/mail forward addresses. Using mailAccount (as it is done for users) makes it transparent for most downstream applications (postfix, all apps searching for mail accounts in ldap) so that no modification is required for them.
    • add support for mail-forward with mail addresses containing a '+' separator
    • remove the need to call alias_init : the creation of the ou=aliases in the ldap db is done automatically at first use.
    inactive work needed 
    opened by julienmalik 24
  • Use a dedicated php service for each app

    Use a dedicated php service for each app

    The problem

    Discussion about using a dedicated php service for each app https://github.com/YunoHost/issues/issues/1536

    Solution

    It works perfectly

    PR Status

    We should probably reload the main service during an upgrade though.

    How to test

    Use this config file as an extra helper to source into the scripts.

    Validation

    • [ ] Principle agreement 0/2 :
    • [ ] Quick review 0/1 :
    • [ ] Simple test 0/1 :
    • [ ] Deep review 0/1 :
    merging soon™ app helpers 
    opened by maniackcrudelis 22
  • Add indexes for fields listed by slapd in the logs

    Add indexes for fields listed by slapd in the logs

    I get lots of suggestion of indexes by slapd in my logs:

    <= mdb_equality_candidates: (cn) not indexed <= mdb_equality_candidates: (gidNumber) not indexed <= mdb_equality_candidates: (mail) not indexed <= mdb_equality_candidates: (member) not indexed <= mdb_equality_candidates: (memberUid) not indexed <= mdb_equality_candidates: (sudoUser) not indexed <= mdb_equality_candidates: (uidNumber) not indexed <= mdb_equality_candidates: (uniqueMember) not indexed <= mdb_equality_candidates: (virtualdomain) not indexed <= mdb_substring_candidates: (sudoUser) not indexed

    Since Yunohost makes it hard to edit LDAP server configuration (see https://github.com/YunoHost/issues/issues/1350), the default configuration should contain indexes for the fields used by Yunohost a lot.

    The problem

    ...

    Solution

    ...

    PR Status

    ...

    How to test

    ...

    Validation

    • [ ] Principle agreement 0/2 :
    • [ ] Quick review 0/1 :
    • [ ] Simple test 0/1 :
    • [ ] Deep review 0/1 :
    merging soon™ 
    opened by MCMic 22
  • [fix] Enable pop3 settings make dovecot failed

    [fix] Enable pop3 settings make dovecot failed

    The problem

    When we enable dovecot pop3 on sans-nuage.fr, the dovecot fail with error:

    Fatal: service(pop3) access(/usr/lib/dovecot/pop3) failed: No such file or directory
    

    Solution

    Install dovecot-pop3d package

    PR Status

    Ready

    How to test

    ...

    micro 
    opened by zamentur 2
  • Add a global setting to disable root login on local network

    Add a global setting to disable root login on local network

    The problem

    • Fix and improve handling of PasswordAuthentication option
    • Add a setting for PermitRootLogin usage on local network

    Solution

    • Directly use the value of ssh_password_authentication
    • Add ssh_allow_root_on_localnet to manage the last part of the SSH template

    PR Status

    First release and review

    How to test

    Play with the ssh settings.

    opened by npalix 3
  • be able to change the loginShell of a user

    be able to change the loginShell of a user

    The problem

    We can't use another shell like sh or zsh.

    Solution

    Add the possibility to change it

    PR Status

    Yolotested in prod.

    Maybe we should manage the moment when the shell is removed from the system, but meh, it's not simple.

    How to test

    ...

    opened by kay0u 0
  • Fix OCSP stapling ... but using Google resolver :|

    Fix OCSP stapling ... but using Google resolver :|

    The problem

    OCSP stapling is in fact broken because nginx complains in the log file :

    r3.o.lencr.org could not be resolved (110: Operation timed out) while requesting certificate status, responder: r3.o.lencr.org, certificate: "/etc/yunohost/certs/domain.tld/crt.pem"

    Also related to : https://github.com/YunoHost/issues/issues/1099

    Solution

    I don't know why, but Nginx doesnt like 127.0.0.1 as a resolver, despite the fact that dnsmasq listens on 0.0.0.0:53 and a dig request on 127.0.0.1 does work ...

    Using Google resolver works, but this is probably not what we want, so opening as draft PR only

    PR Status

    Using Google resolver works, but this is probably not what we want, so opening as draft PR only

    How to test

    openssl s_client -connect domain.tld:443 -status | grep OCSP

    should display:

    OCSP response: 
    OCSP Response Data:
        OCSP Response Status: successful (0x0)
    
    opened by alexAubin 0
Releases(debian/3.7.0.5)
  • debian/3.7.0.5(Mar 15, 2020)

  • debian/2.7.12(May 6, 2018)

  • debian/2.7.13(May 6, 2018)

    • [enh] Add 'manual migration' mechanism to the migration framework (#429)
    • [enh] Add Stretch migration (#433)
    • [enh] Use recommended ECDH curves (#454)
    Source code(tar.gz)
    Source code(zip)
  • debian/2.7.11(May 1, 2018)

    (This is a testing release)

    Important changes / fixes

    • [enh] Add commands to manage user ssh accesses and keys (#403, #445)
    • [fix] Fix Lets Encrypt install when an app is installed at root (#428)
    • [enh] Improve performances by lazy-loading some modules (#451)
    • [enh] Use Mozilla's recommended headers in nginx conf (#399, #456)
    • [fix] Fix path traversal issues in yunohost admin nginx conf (#420)
    • [helpers] Add nodejs helpers (#441, #446)

    Other changes

    • [enh] Enable gzip compression for common text mimetypes in nginx (#356)
    • [enh] Add 'post' hooks on app management operations (#360)
    • [fix] Fix an issue with custom backup methods and crons (#421)
    • [mod] Simplify the way we fetch and test global ip (#424)
    • [enh] Manage etckeeper.conf to make etckeeper quiet (#426)
    • [fix] Be able to access conf folder in change_url scripts (#427)
    • [enh] Verbosify backup/restores that are performed during app upgrades (#432)
    • [enh] Display debug information on cert-install/renew failure (#447)
    • [fix] Add mailutils and wget as a dependencies
    • [mod] Misc tweaks to display more info when some commands fail
    • [helpers] More explicit depreciation warning for 'app checkurl'
    • [helpers] Fix an issue in ynh_restore_file if destination already exists (#384)
    • [helpers] Update php-fpm helpers to handle stretch/php7 and a smooth migration (#373)
    • [helpers] Add helper 'ynh_get_debian_release' (#373)
    • [helpers] Trigger an error when failing to install dependencies (#381)
    • [helpers] Allow for 'or' in dependencies (#381)
    • [helpers] Tweak the usage of BACKUP_CORE_ONLY (#398)
    • [helpers] Tweak systemd config helpers (optional service name and template name) (#425)
    • [i18n] Improve translations for Arabic, French, German, Occitan, Spanish

    Thanks to all contributors (ariasuni, pitchum, ljf, JimboJoe, frju365, Maniack, J-B Lescher, Josue, Aleks, Bram, jibec) and the several translators (ButterflyOfFire, Eric G., Cedric, J. Keerl, beyercenter, P. Gatzka, Quenti, bjarkan) :heart: !

    Source code(tar.gz)
    Source code(zip)
  • debian/2.7.10(Mar 7, 2018)

  • debian/2.7.9(Jan 30, 2018)

  • debian/2.7.8(Jan 24, 2018)

    (This is a testing release)

    • [fix] Use HMAC-SHA512 for DynDNS TSIG
    • [fix] Fix ynh_restore_upgradebackup
    • [i18n] Improve french translation

    Thanks to all contributors (Bram, Maniack, Jibec, Aleks) ! :heart:

    Source code(tar.gz)
    Source code(zip)
  • debian/2.7.7(Jan 24, 2018)

  • debian/2.7.6(Jan 16, 2018)

    (This is a testing release)

    Major changes

    • [enh] Add new api entry point to check for Meltdown vulnerability
    • [enh] New command 'app change-label'

    Misc fixes/improvements

    • [helpers] Fix upgrade of fake package
    • [helpers] Fix ynh_use_logrotate
    • [helpers] Fix broken ynh_replace_string
    • [helpers] Use local variables
    • [enh/fix] Save the conf/ directory of app during installation and upgrade
    • [enh] Improve UX for app messages
    • [enh] Keep SSH sessions alive
    • [enh] --version now display stable/testing/unstable information
    • [enh] Backup: add ability to symlink the archives dir
    • [enh] Add regen-conf messages, nginx -t and backports .deb to diagnosis output
    • [fix] Comment line syntax for DNS zone recommendation (use ';')
    • [fix] Fix a bug in disk diagnosis
    • [mod] Use systemctl for all service operations
    • [i18n] Improved Spanish and French translations

    Thanks to all contributors (Maniack, Josue, Bram, ljf, Aleks, Jocelyn, JimboeJoe, David B, Lapineige, ...) ! :heart:

    Source code(tar.gz)
    Source code(zip)
  • debian/2.7.5(Dec 2, 2017)

  • debian/2.7.4(Nov 29, 2017)

    This is a minor testing release

    • [fix] Update acme-tiny as LE updated its ToS (#386)
    • [fix] Fix helper for old apps without backup script (#388)
    • [mod] Remove port 53 from UPnP (but keep it open on local network) (#362)
    • [i18n] Improve French translation

    Thanks to all contributors :heart: ! (jibec, Moul, Maniack, Aleks)

    Source code(tar.gz)
    Source code(zip)
  • debian/2.7.3(Oct 12, 2017)

    This is a minor testing release

    Major changes

    • [fix] Refactor/clean madness related to DynDNS (#353)
    • [i18n] Improve french translation (#355)
    • [fix] Use cryptorandom to generate password (#358)
    • [enh] Support for single app upgrade from the webadmin (#359)
    • [enh] Be able to give lock to son processes detached by systemctl (#367)
    • [enh] Make MySQL dumps with a single transaction to ensure backup consistency (#370)

    Misc fixes/improvements

    • [enh] Escape some special character in ynh_replace_string (#354)
    • [fix] Allow dash at the beginning of app settings value (#357)
    • [enh] Handle root path in nginx conf (#361)
    • [enh] Add debugging in ldap init (#365)
    • [fix] Fix app_upgrade_string with missing key
    • [fix] Fix for change_url path normalizing with root url (#368)
    • [fix] Missing 'ask_path' string (#369)
    • [enh] Remove date from sql dump (#371)
    • [fix] Fix unicode error in backup/restore (#375)
    • [fix] Fix an error in ynh_replace_string (#379)

    Thanks to all contributors ❤️ ! (Bram, Maniack C, ljf, JimboJoe, ariasuni, Jibec, Aleks)

    Source code(tar.gz)
    Source code(zip)
  • debian/2.7.2(Aug 23, 2017)

  • debian/2.7.1(Aug 20, 2017)

    Security: uses sha-512 to store password and auto upgrade old password on login

    • [fix] use real random for hash selection (Laurent Peuch)
    • [enh] use the full length of available chars for salt generation (Laurent Peuch)
    • [mod] add more salt because life is miserable (Laurent Peuch)
    • [fix] move to sh512 because it's fucking year 2017 (Laurent Peuch)
    • [enh] according to https://www.safaribooksonline.com/library/view/practical-unix-and/0596003234/ch04s03.html we can go up to 16 salt caracters (Laurent Peuch)
    • [fix] also uses sha512 in user_update() (Laurent Peuch)
    • [fix] uses strong hash for admin password (Laurent Peuch)

    Add a reboot/shutdown action

    • [enh] Add reboot/shutdown actions in tools (#190) (Laurent Peuch, opi)

    Change lock mechanism

    • Remove old 'lock' configuration (Alexandre Aubin)
    • Removed unusted socket import (Alexandre Aubin)

    Various fix

    backup

    • [fix] Remove check that domain is resolved locally (Alexandre Aubin)
    • [fix] Tell user that domain dns-conf shows a recommendation only (Alexandre Aubin)
    • [fix] Backup without info.json (#342) (ljf)
    • [fix] Make read-only mount bind actually read-only (#343) (ljf)

    dyndns

    • Regen dnsmasq conf if it's not up to date :| (Alexandre Aubin)
    • [fix] timeout on request to avoid blocking process (Laurent Peuch)
    • Put request url in an intermediate variable (Alexandre Aubin)

    other

    • clean users.py (Laurent Peuch)
    • clean domains.py (Laurent Peuch)
    • [enh] add 'yunohost tools shell' (Laurent Peuch)
    • Use app_ssowatconf instead of os.system call (Alexandre Aubin)

    Thanks to all contributors <3 ! (Bram, ljf, Aleks, opi)

    Source code(tar.gz)
    Source code(zip)
  • debian/2.7.0(Aug 7, 2017)

    This is a testing release !

    Major fixes / improvements

    • [enh] Add a migration framework (#195)
    • [enh] Remove m18n (and other globals) black magic (#336)
    • [fix] Refactor DNS conf management for domains (#299)
    • [enh] Support custom backup methods (#326)

    App helpers

    • New helper autopurge (#321)
    • New helpers ynh_add_fpm_config and ynh_remove_fpm_config (#284)
    • New helpers ynh_restore_upgradebackup and ynh_backup_before_upgrade (#289)
    • New helpers ynh_add_nginx_config and ynh_remove_nginx_config (#285)
    • New helpers ynh_add_systemd_config and ynh_remove_systemd_config (#287)

    Smaller fixes / improvements

    • [fix] Run change_url scripts as root as a matter of homogeneity (#329)
    • [fix] Don't verify SSL during changeurl tests :/ (#332)
    • [fix] Depreciation warning for --hooks was always shown (#333)
    • [fix] Logrotate append (#328)
    • [enh] Check that url is available and normalize path before app install (#304)
    • [enh] Check that user is legitimate to use an email adress when sending mail (#330)
    • [fix] Properly catch Invalid manifest json with ValueError. (#324)
    • [fix] No default backup method (redmine 968) (#339)
    • [enh] Add a script to test m18n keys usage (#308)
    • [i18] Started russian translation (#340)

    Thanks to all contributors ❤️ ! (Bram, Maniack C, ljf, Aleks, JimboJoe, anmol26s, e-lie, Ozhiganov)

    Source code(tar.gz)
    Source code(zip)
  • debian/2.6.5(Jul 26, 2017)

  • debian/2.6.4(Jun 21, 2017)

    This a stable release :tada: !

    Specific changes since 2.6.3

    • Misc fixes here and there
    • [i18n] Update Spanish, German and French translations (#323)

    Thanks to all contributors : opi, Maniack C, Alex, JuanuSt, franzos, Jibec, Jeroen and beyercenter :heart: !

    Source code(tar.gz)
    Source code(zip)
  • debian/2.6.3(Jun 2, 2017)

    This a testing release, candidate for stable release !

    Major changes

    • [love] Add missing contributors & translators.
    • [enh] Introduce global settings mechanism (#229)
    • [enh] Refactor backup management to pave the way to borg (#275)
    • [enh] Changing nginx ciphers to intermediate compatiblity (#298)
    • [enh] Use ssl-cert group for certificates, instead of metronome (#222)
    • [enh] Allow regen-conf to manage new files already present on the system (#311)
    • [apps] New helpers
      • ynh_secure_remove (#281)
      • ynh_setup_source (#282)
      • ynh_webpath_available and ynh_webpath_register (#235)
      • ynh_mysql_generate_db and ynh_mysql_remove_db (#236)
      • ynh_store_file_checksum and ynh_backup_if_checksum_is_different (#286)
    • Misc fixes here and there
    • [i18n] Update Spanish, German and French translations (#318)

    Thanks to all contributors : Bram, ljf, opi, Maniack C, Alex, JimboJoe, Moul, Jibec, JuanuSt and franzos ❤️ !

    Source code(tar.gz)
    Source code(zip)
  • debian/2.6.2(Apr 24, 2017)

    Testing release

    New Features

    • [enh] Allow applications to ship a script to change its url (#185)
    • New helper ynh_replace_string (#280)
    • New helper ynh_local_curl (#288)

    Fixes

    • Fix for missing YunoHost tiles (#276)
    • [fix] Properly define app upgradability / Fix app part of tools update (#255)
    • [fix] Properly manage resolv.conf, dns resolvers and dnsmasq (#290)
    • [fix] Add random delay to app fetchlist cron job (#297)

    Improvements

    • [fix] Avoid to remove a apt package accidentally (#292)
    • [enh] Refactor applist management (#160)
    • [enh] Add libnss-mdns as Debian dependency. (#279)
    • [enh] ip6.yunohost is now served through HTTPS.
    • [enh] Adding new port availability checker (#266)
    • [fix] Split checkurl into two functions : availability + booking (#267)
    • [enh] Cleaner postinstall logs during CA creation (#250)
    • Allow underscore in backup name
    • Rewrite text for "appslist_retrieve_bad_format"
    • Rewrite text for "certmanager_http_check_timeout"
    • Updated Spanish, German, Italian, French and Dutch translations

    Thanks to every contributors (Bram, Aleks, Maniack, ljf, Jean-Baptiste, JimboJoe, opi), reviewers, testers and translators ! ❤️

    Source code(tar.gz)
    Source code(zip)
  • debian/2.6.1(Mar 23, 2017)

    Apps

    • [enh] App scripts are now executed with root user #188
    • [mod] Small cleaning / refactoring of app_list #194
    • [fix] We can now use common.sh during restore operation #246
    • [fix] Launch ssowatconf at the end of a broken install to avoid sso bad state #270
    • New apps helpers:
      • ynh_normalize_url_path #234
      • ynh_package_remove & ynh_package_autoremove
      • ynh_abort_if_errors #245
      • ynh_install_app_dependencies with equivs #247
      • ynh_remove_app_dependencies
      • logrotate #248
      • ynh_no_log: #230
      • ynh_clean_setup

    Core

    • [enh] Upgrade nginx ciphers accordin to Mozilla 'modern' compatibility recommendation #259
    • [enh] Show fail2ban logs on admin web interface #260
    • [enh] Use _get_maindomain helper. #272
    • [fix] dnsmasq configuration fixes #264, #265
    • [enh] Trigger exception if string key aint defined during unit tests #261
    • Clean services.yml #269
    • Update translations #258

    Thanks to every contributors (Bram, Aleks, Maniack Crudelis, Moul, opi) and translators ❤️

    Source code(tar.gz)
    Source code(zip)
  • debian/2.6.0(Feb 20, 2017)

    Important changes

    • [enh] Add unit test mechanism (#254)
    • [fix] (Certificate management) Any address in the range 127.0.0.0/8 is a valid loopback address for localhost
    • [enh] Include script to reset admin password (#217)
    • [enh] Set main domain as hostname (#219)
    • [enh] New bash helpers for app scripts:
      • ynh_system_user_create, ynh_system_user_delete
      • ynh_find_port

    Thanks to every contributors (Bram, Aleks, Maniack Crudelis, ZeHiro, opi, julienmalik). <3

    Source code(tar.gz)
    Source code(zip)
  • debian/2.5.6(Feb 18, 2017)

    Hotfix release

    [fix] Update Rmilter configuration to fix dkim signing. [fix] Any address in the range 127.0.0.0/8 is a valid loopback address

    Thanks to every contributors & testers

    Source code(tar.gz)
    Source code(zip)
  • debian/2.5.5(Feb 9, 2017)

  • debian/2.5.4(Feb 2, 2017)

    Stable release including changes made in v2.5.0, v2.5.1, v2.5.2, v2.5.3 and v2.5.3.1 testing releases. See the release announcement on our forum.

    Significant changes:

    • Let's Encrypt support \o/
    • Lot of fixes with nscd, slapd and LDAP
    • Support installation of apps with Git submodules
    • SSOwat configuration cleanup
    • Add haveged as dependency, fix entropy issue
    • Dovecot configuration cleanup
    • Update translations (French, German, Hindi, Spanish)

    Thanks to all contributors <3

    Source code(tar.gz)
    Source code(zip)
  • debian/2.5.3.1(Jan 10, 2017)

  • debian/2.5.3(Jan 9, 2017)

    Love

    • [enh][love] Add CONTRIBUTORS.md

    Let's Encrypt / Certificate mangement

    • [enh] Check acme challenge conf exists in nginx when renewing cert
    • [fix] Fix a bad validity check when trying to renew
    • [fix] Adding check that domain is resolved locally when installing a LE cert
    • [fix] Fix a situation where a cert could end up with bad perms for metronome

    Misc

    • [fix] No more socket activation for rspamd
    • [fix] fail2ban rules now take into account failed login attempts on ssowat
    • [fix] Ignore dyndns option is not needed with small domain
    • [enh] Add yaml syntax check in travis.yml
    • [mod] Autopep8 on all files that aren't concerned by a PR
    • [fix] Add timeout to fetchlist's wget

    Thanks to all contributors: Aleks, Bram, ju, ljf, opi, zimo2001 and to the people who are participating to the beta and giving us feedback <3

    Source code(tar.gz)
    Source code(zip)
  • debian/2.5.2(Dec 16, 2016)

    LDAP admin user
    • [fix] Wait for admin user to be available after a slapd regen-conf. This fixes an issue arising during install on slow hardware/vps.
    Dovecot/emails
    • [enh] Reorder dovecot main configuration, so that it is easier to read and extend
    • [enh] Allow for dovecot configuration extensions
    • [fix] Check if dovecot is up to fetch mailbox used space
    Backup
    • [fix] Create archives_path even for custom output directory
    • [fix] Keep track of backups with custom directory (using symlinks)
    Security
    • [fix] Improve dnssec key generation on low entropy devices
    • [enh] Add haveged as dependency to increase available entropy (relevant for virtual servers)
    Random broken app installed on slow hardware
    • [enh] List available domains when installing an app by CLI.
    Translation
    • French by Jibec and Genma
    • German by Philip Gatzka
    • Hindi by Anmol
    • Spanish by Juanu
    Other fixes and improvements
    • [enh] Remove timeout from cli interface
    • [fix] Missing 'python-openssl' dependency for Let's Encrypt integration.
    • [fix] --no-remove-on-failure for app install should behave as a flag.
    • [fix] Don't remove trailing char if it's not a slash, when generating SSOwat conf

    Thanks to all contributors: Aleks, alex, Anmol, Bram, Genma, jibec, ju, Juanu, ljf, Moul, opi, Philip Gatzka and to the people who are participating to the beta and giving us feedback <3

    Source code(tar.gz)
    Source code(zip)
  • debian/2.5.1(Dec 11, 2016)

    Here is the changelog of this release:

    SSOwat conf
    • #532, #170
    • [fix] : Raise error on malformed SSOwat persistent conf.
    • [enh] Catch SSOwat persistent configuration write error.
    • [fix] Write SSOwat configuration file only if needed.
    • [enh] Display full exception error message.
    • [mod] give instructions on how to solve the conf.json.persistant parsing error
    Feature
    • [Apps][enh] #192: --no-remove-on-failure cli option to avoid removing an application on installation failure
    Fixes
    Nscd, admin
    • [fix] avoid random bug on post-install due to nscd cache
    • [fix] #203, #656: Add missing dependency to nscd package
    • [enh] #191: Adding check that user is actually created + minor refactor of ldap/auth init
    Other
    • [Let's’encrypt][fix] #199: Fix the way name of self-CA is determined
    • [Apps][fix] #187: Refactoring tools_maindomain and disabling removal of main domain to avoid breaking things
    • [App helper][fix] #205: Bracket in passwd from ynh_string_random

    This is a mostly a big bugfix release (except the new cli option that is used for development).

    Thanks to all contributors for making this possible: @alexAubin, @Psycojoker, @julienmalik, @Jibec, @zamentur, @M5oul, @opi ❤️ (and all the people who have reported bugs and so one, that we have probably forgot)

    Source code(tar.gz)
    Source code(zip)
  • debian/2.5.0(Dec 1, 2016)

    _Testing Release_

    Features
    • [Certificate][enh] #180: Certificate management integration (e.g. Let's Encrypt certificate install)
    • [Apps][fix] #174, #533: Support git ynh app install with submodules
    • [enh] display file path on file_not_exist error
    • [mod] move a part of os.system calls to native shutil/os
    Fix
    • [App/backup][fix] #184, #593: Can't restore app on a root domain
    Other
    • [Readme][enh] #183: Complete Readme.
    • Lots of code cleaning and optimization, pep8 and other coding standard stuff

    Thanks to all contributors: @alexAubin, @Psycojoker, @Jibec, @zamentur, @M5oul Kudos to @alexAubin for leading the Let's Encrypt integration to YunoHost core \o/

    Source code(tar.gz)
    Source code(zip)
  • debian/2.4.2(Aug 14, 2016)

Owner
YunoHost
YunoHost is an operating system aiming to simplify as much as possible the administration of a server.
YunoHost
Beancount: Double-Entry Accounting from Text Files.

beancount: Double-Entry Accounting from Text Files Contents Description Documentation Download & Installation Versions Filing Bugs Copyright and Licen

2.3k Dec 28, 2022
Programming labs for 6.S060 (Foundations of Computer Security).

6.S060 Labs This git repository contains the code for the labs in 6.S060. In these labs, you will add a series of security features to a photo-sharing

MIT PDOS 10 Nov 02, 2022
TeamFleming is a multicultural group of 20 young bioinformatics enthusiasts participating in the 2021 HackBio Virtual Summer Internship

💻 Welcome to Team Fleming's Repo! #TeamFleming is a multicultural group of 20 young bioinformatics enthusiasts participating in the 2021 HackBio Virt

3 Aug 08, 2021
A Kodi add-on for watching content hosted on PeerTube.

A Kodi add-on for watching content hosted on PeerTube. This add-on is under development so only basic features work, and you're welcome to improve it.

1 Dec 18, 2021
Hitchhikers-guide - The Hitchhiker's Guide to Data Science for Social Good

Welcome to the Hitchhiker's Guide to Data Science for Social Good. What is the Data Science for Social Good Fellowship? The Data Science for Social Go

Data Science for Social Good 907 Jan 01, 2023
Anki cards generator for Leetcode

Leetcode Anki card generator Summary By running this script you'll be able to generate Anki cards with all the leetcode problems. I personally use it

Pavel Safronov 150 Dec 25, 2022
Persistent/Immutable/Functional data structures for Python

Pyrsistent Pyrsistent is a number of persistent collections (by some referred to as functional data structures). Persistent in the sense that they are

Tobias Gustafsson 1.8k Dec 31, 2022
SpaCy3Urdu: run command to setup assets(dataset from UD)

Project setup run command to setup assets(dataset from UD) spacy project assets It uses project.yml file and download the data from UD GitHub reposito

Muhammad Irfan 1 Dec 14, 2021
Senator Stock Trading Tester

Senator Stock Trading Tester Program to compare stock performance of Senator's transactions vs when the sale is disclosed. Using to find if tracking S

Cole Cestaro 1 Dec 07, 2021
A PowSyBl and Python integration based on GraalVM native image

PyPowSyBl The PyPowSyBl project gives access PowSyBl Java framework to Python developers. This Python integration relies on GraalVM to compile Java co

powsybl 23 Dec 14, 2022
Verification of Monty Hall problem by experimental simulation.

Verification of Monty Hall problem by experimental simulation. |中文|English| In the process of learning causal inference, I learned about the Monty Hal

云端听茗 1 Nov 22, 2022
Run Windows Applications on Linux as if they are native, Use linux applications to launch files files located in windows vm without needing to install applications on vm. With easy to use configuration GUI

Run Windows Applications on Linux as if they are native, Use linux applications to launch files files located in windows vm without needing to install applications on vm. With easy to use configurati

Casu Al Snek 2k Jan 02, 2023
A web app that is written entirely in Python

University Project About I made this web app to finish a project assigned by my teacher. It is written entirely in Python, thanks to streamlit to make

15 Nov 27, 2022
General tricks that may help you find bad, or noisy, labels in your dataset

doubtlab A lab for bad labels. Warning still in progress. This repository contains general tricks that may help you find bad, or noisy, labels in your

vincent d warmerdam 449 Dec 26, 2022
System Information Utility With Python

System-Information-Utility This is a simple utility, for the terminal, which allows you to find out information about your PC. It's very easy to run t

2 Apr 15, 2022
A simple countdown timer in eazy code to show timer with python

Countdown_Timer The simple CLI countdown timer in eazy code to show timer How Work First you fill the input by int-- (Enter the time in Seconds:) for

Yasin Rezvani 3 Nov 15, 2022
Create VSCode Extensions with python

About Create vscode extensions with python. Installation Stable version: pip install vscode-ext Why use this? Why should you use this for building VSc

Swas.py 134 Jan 07, 2023
Practice10 - Operasi String With Python

Operasi String MY SOSIAL MEDIA : Apa itu Python String ? String adalah urutan si

Maulana Reza Badrudin 1 Jan 05, 2022
Um sistema de llogin feito em uma interface grafica.

Interface-para-login Um sistema de login feito com JSON. Utilizando a biblioteca Tkinter, eu criei um sistema de login, onde guarda a informações de l

Mobben 1 Nov 28, 2021
A 100% python file organizer. Keep your computer always organized!

PythonOrganizer A 100% python file organizer. Keep your computer always organized! To run the project, just clone the folder and run the installation

3 Dec 02, 2022