Closed yunohost-bot closed 6 years ago
Author: alexAubin
Thanks for spotting this. After reading the code, sounds like it's my fault : https://github.com/YunoHost/yunohost/pull/187/files?diff=split (at the very end)
Thing is, postinstall assumes that you want a dyndns (ignore_dyndns is set to False) but before this PR, the case where domain was not at least a subdomain (i.e. sub.domain.tld) was ignored. But now we call directly domain_add() which raises an error in that case : https://github.com/YunoHost/yunohost/blob/unstable/src/yunohost/domain.py#L95-L97
I don't know what's the proper fix for this. To me, len(domain.split('.')) < 3
is a bad design... It doesn't make sense to me that when I want to add the domain "toto.netlib.re" during postinstall, I have to add --ignore-dyndns to the command line.
I would be more in favor of, for instance, having a list of supported dyndns domain in the code (or fetched from a provider), and check if the domain we're adding is a subdomain of those...
For now though, a working, dirty hack would be to simply change this line in the postinstall :
https://github.com/YunoHost/yunohost/blob/unstable/src/yunohost/tools.py#L185
to :
dydnds = (not ignore_dyndns) and (len(domain.split('.')) >= 3)
Author: ljf
I made this PR https://github.com/YunoHost/yunohost/pull/224
Don't hesitate to propose a better implementation.
Author: ljf
The is a 4th bug on postinstall ! It's near iptables : AttributeError: 'module' object has no attribute 'quote' May be it's beacause I use --verbose ?
root@yunohost:/vagrant# yunohost tools postinstall --verbose
Main domain: test.local
New administration password:
Confirm new administration password:
Installing YunoHost...
Success! LDAP has been initialized
yunohost.org
Executing script '/usr/share/yunohost/hooks/conf_regen/02-ssl'...
+ set -e
+ ssl_dir=/usr/share/yunohost/yunohost-config/ssl/yunoCA
+ FORCE=1
+ DRY_RUN=0
+ case "$1" in
+ do_pre_regen /home/yunohost.conf/pending/ssl
+ pending_dir=/home/yunohost.conf/pending/ssl
+ sudo -s --
+ exit 0
Creating directory '/home/admin'.
Applying pending configuration for service 'ssl'...
The configuration file '/usr/share/yunohost/yunohost-config/ssl/yunoCA/openssl.cnf' has been updated
Success! The configuration has been updated for service 'ssl'
Executing script '/usr/share/yunohost/hooks/conf_regen/02-ssl'...
+ set -e
+ ssl_dir=/usr/share/yunohost/yunohost-config/ssl/yunoCA
+ FORCE=1
+ DRY_RUN=0
+ case "$1" in
+ do_post_regen /usr/share/yunohost/yunohost-config/ssl/yunoCA/openssl.cnf
+ regen_conf_files=/usr/share/yunohost/yunohost-config/ssl/yunoCA/openssl.cnf
+ index_txt=/usr/share/yunohost/yunohost-config/ssl/yunoCA/index.txt
+ [[ -f /usr/share/yunohost/yunohost-config/ssl/yunoCA/index.txt ]]
+ exit 0
Generating a 2048 bit RSA private key
......+++
..+++
writing new private key to '/usr/share/yunohost/yunohost-config/ssl/yunoCA/ca/cakey.pem'
-----
Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d....done.
Generating a 2048 bit RSA private key
..................................+++
................................+++
writing new private key to '/etc/yunohost/certs//test.local-history/20170102.144018-selfsigned/key.pem'
-----
Using configuration from /etc/yunohost/certs//test.local-history/20170102.144018-selfsigned/openssl.cnf
Check that the request matches the signature
Signature ok
Certificate Details:
Serial Number: 1 (0x1)
Validity
Not Before: Jan 2 14:40:18 2017 GMT
Not After : Dec 31 14:40:18 2026 GMT
Subject:
commonName = test.local
X509v3 extensions:
X509v3 Basic Constraints:
CA:FALSE
Netscape Comment:
OpenSSL Generated Certificate
X509v3 Subject Key Identifier:
01:FF:81:B7:07:37:E3:6A:89:51:95:17:4A:D3:58:84:85:5B:48:29
X509v3 Authority Key Identifier:
keyid:06:24:5C:39:55:DF:49:53:F1:31:ED:91:5D:56:9D:0A:6F:FA:E2:DA
X509v3 Key Usage:
Digital Signature, Non Repudiation, Key Encipherment
X509v3 Subject Alternative Name:
DNS:test.local, DNS:www.test.local, DNS:ns.test.local
Certificate is to be certified until Dec 31 14:40:18 2026 GMT (3650 days)
Write out database with 1 new entries
Data Base Updated
Enabling the certificate for domain test.local ...
Restarting services...
Success! Successfully installed a self-signed certificate for domain test.local!
Success! The domain has been created
Success! The main domain has been changed
--2017-01-02 14:40:24-- https://app.yunohost.org/official.json
Resolving app.yunohost.org (app.yunohost.org)... 37.187.18.36
Connecting to app.yunohost.org (app.yunohost.org)|37.187.18.36|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 26105 (25K) [application/json]
Saving to: ‘/var/cache/yunohost/repo/yunohost.json.tmp’
/var/cache/yunohost/repo/yunohost.json.tmp 100%[===========================================================================================================================================>] 25.49K --.-KB/s in 0.04s
2017-01-02 14:40:27 (622 KB/s) - ‘/var/cache/yunohost/repo/yunohost.json.tmp’ saved [26105/26105]
Success! The app list has been fetched
Success! The SSOwat configuration has been generated
Success! The administration password has been changed
Traceback (most recent call last):
File "/usr/bin/yunohost", line 217, in <module>
timeout=opts.timeout,
File "/usr/lib/python2.7/dist-packages/moulinette/__init__.py", line 139, in cli
moulinette.run(args, output_as=output_as, password=password, timeout=timeout)
File "/usr/lib/python2.7/dist-packages/moulinette/interfaces/cli.py", line 358, in run
ret = self.actionsmap.process(args, timeout=timeout)
File "/usr/lib/python2.7/dist-packages/moulinette/actionsmap.py", line 484, in process
return func(**arguments)
File "/usr/lib/moulinette/yunohost/tools.py", line 295, in tools_postinstall
firewall_upnp('enable', no_refresh=True)
File "/usr/lib/moulinette/yunohost/firewall.py", line 328, in firewall_upnp
firewall_reload(skip_upnp=True)
File "/usr/lib/moulinette/yunohost/firewall.py", line 228, in firewall_reload
% (protocol, process.quote(str(port))))
AttributeError: 'module' object has no attribute 'quote'
Author: ljf
Author: ljf
Now there is this one ! https://paste.yunohost.org/ojazagawil.vhdl
LJF: là j'ai un autre soucis: les hooks de la regenconf n'ont pas les permissions, je suppose donc que j'ai un soucis avec slapd, nscd ou nslcd durant la postinstall
[16:41:33] LJF: Du coup je n'arrive même pas à voir ce dont parle opi à propos de rspamd
[16:46:17] Bram: ah zut :/
[16:48:21] LJF: Apparement les hook sont executé avec sudo -u admin ... Et effectivement impossible d'avoir accès à certains répertoires de cette façon !
[16:48:41] Bram: ah ben comme tous les hook_exec non ?
[16:48:50] Bram: ah mais pourtant admin a un le sudo non ?
[16:49:16] LJF: Ben oui mais alors pourquoi les hook de la regen jusqu'ici réussissait à accéder à ces répertoires ???
[16:49:44] Bram: aucune idée :/
[16:49:47] LJF: Oui admin a le sudo
[16:51:03] LJF: Exemple cette ligne ne passe pas https://github.com/YunoHost/yunohost/blob/unstable/data/hooks/conf_regen/02-ssl#L63
[16:51:28] LJF: parce que admin n'a pas les perm pour accéder à ce dossier
[16:52:02] LJF: Exemple d'appel: sudo -n -u admin -H sh -c BASH_XTRACEFD=7 /bin/bash -x "./46-nsswitch
[16:52:46] LJF: peut être à cause du bash dans le shell !
[17:11:13] GitBot: [yunohost] @zamentur commented on issue #224: It seems the erreor on ssl is the same on other regenconf hooks!... https://github.com/YunoHost/yunohost/pull/224#issuecomment-269991323
[17:15:45] Aleks: LJF: j'essaye de refaire une postinstall chez moi, et j'ai TypeError: cli() got an unexpected keyword argument 'timeout'
[17:15:51] Aleks: t'as eu ca récemment aussi ou bien ?
[17:16:12] Aleks: ah faut ptete je pull moulinette
[17:16:22] LJF: Aleks: non mais j'ai autre chose
[17:16:35] LJF: Aleks: oui il faut que tu use-git moulinette
[17:17:55] LJF: et aussi yunohost ou alors il faut que tu utilises --ignore-dyndns pendant la postinstall si c'est domaine qui n'est pas en noho.st ou nohost.me
[17:18:10] Aleks: LJF: hm du coup chez moi a part le dyndns et rmliter/rmspad, j'ai pas de probleme
[17:18:23] Aleks: pendant la postintall~*
[17:18:44] LJF: t'as mis à jour avant la postinstall ?
[17:19:01] LJF: apt-get update & apt-get dist-upgrade
[17:19:07] Aleks: ah
[17:19:28] LJF: t'utilises les images vagrant ou t'es sur un autre trucs ?
[17:20:34] Aleks: j'utilise ynh-dev yep
[17:21:46] LJF: je peux redestroy la vm et refaire un essai mais bon:q
[17:22:17] LJF: (j'utilise un snapshot avant la postinstall mais après l'update debian)
[17:24:24] LJF: Ca c'est mon log : https://paste.yunohost.org/ojazagawil.vhdl
[17:25:22] LJF: Ca commence à barder ligne 117 et ligne 120
Author: ljf
Pull your moulinette repo and use this pull request https://github.com/YunoHost/yunohost/pull/224
./ynh-dev run local.test unstable
sudo su
root@yunohost:/home/vagrant# apt-get update
root@yunohost:/home/vagrant# apt-get dist-upgrade
root@yunohost:/home/vagrant# cd /vagrant
root@yunohost:/vagrant# ./ynh-dev use-git moulinette
root@yunohost:/vagrant# ./ynh-dev use-git yunohost
root@yunohost:/vagrant# yunohost tools postinstall --verbose --debug
At this step I have failure on (almost) all regenconf hooks
Author: ljf
I have create an other bug for ssl Permission denied #699
Author: ljf
Status Changed: Resolved
Original Redmine Issue: 693
Author Name: ljf
I have tried a postinstall on a fresh updated vagrant unstable vm:
Note: I have applied the last commit from moulinette repo (not built for the moment).