Thursday, September 19, 2024
apps@conference.yunohost.org
September
Mon Tue Wed Thu Fri Sat Sun
            1
2
 3 4 5 6
 7
 8
9
 10
 11
 12
 13
 14
 15
16
 17
 18
 19
 20
 21
 22
23
 24
 25
 26
 27
 28
 29
30
            

[00:00:00] <geoma> https://aria.im/_matrix/media/v1/download/matrix.org/KlZcrCxLLfrHqMBNqJZMmarg
[00:00:09] <geoma> just installed it a few hours ago from scratch
[00:01:13] <geoma> drupal 9.5.11 is from september 2023...
[00:01:16] <geoma> https://www.drupal.org/project/drupal/releases/9.5.11
[02:42:36] <Yunohost Git/Infra notifications> Autoupdater just ran, here are the results:

- 46 pending update PRs
- 12 new apps PRs
- 2 failed apps updates: fluffychat, mlmmj

See the full log here: http://paste.yunohost.org/raw/uzarevehef
[08:14:23] <nicofrand> https://apps.yunohost.org/app/kresus why is it marked as broken??
[08:14:23] <nicofrand> Hi!
[08:17:27] <orhtej2> > https://apps.yunohost.org/app/kresus why is it marked as broken??

because the latest CI run failed https://ci-apps.yunohost.org/ci/apps/kresus/
[08:17:37] <orhtej2> IDK what the problem is there
[08:17:53] <nicofrand> lol, nothing changed on the app side but the CI marks it as broken, great
[08:18:20] <nicofrand> `46713 WARNING [error] cannot read character map directory `/usr/share/i18n/charmaps': No such file or directory`
[08:18:35] <nicofrand> so, I have to edit the app just to please the CI now?
[08:20:56] <orhtej2> I mean CI is not WRONG, on super bare system there's some thing missing, IDK what 🤷
[08:21:13] <orhtej2> (also you always had to please the CI so nothing changed in that front :P)
[08:24:16] <nicofrand> The locales package is enough on all systems I tried
[08:24:33] <nicofrand> > (also you always had to please the CI so nothing changed in that front :P)

yeah but the CI states that the app is broken, which is not
[08:24:49] <nicofrand> Causing fatigue to the maintainer, whereas everything is fine
[08:26:08] <nicofrand> How can I debug `update-locale C.UTF-8` on the CI then?
[08:44:18] <nicofrand> This line is not new at all in the app package, and worked fine on all previous CI runs: https://ci-apps.yunohost.org/ci/job/29366
[08:44:42] <orhtej2> IDK, add `locales` as apt dependency given [this answer](https://stackoverflow.com/a/69590164/7034621)?
[08:45:23] <nicofrand> > IDK, add `locales` as apt dependency given [this answer](https://stackoverflow.com/a/69590164/7034621)?

Already the case: https://github.com/YunoHost-Apps/kresus_ynh/blob/master/manifest.toml#L63
[08:45:29] <nicofrand> Again, nothing changed about that in the app.
[08:52:43] <Yunohost Git/Infra notifications> [nextcloud_ynh] ImaCrea [commented](https://github.com/YunoHost-Apps/nextcloud_ynh/issues/731#issuecomment-2360404085) on [issue #731](https://github.com/YunoHost-Apps/nextcloud_ynh/issues/731) Nextcloud text app dont sync well causing data loss, need Nextcloud update for fix: Thank you @ericgaspar Ill try with 29.0.7.
[08:53:10] <Yunohost Git/Infra notifications> [nextcloud_ynh] ImaCrea [commented](https://github.com/YunoHost-Apps/nextcloud_ynh/issues/731#issuecomment-2360404085) on [issue #731](https://github.com/YunoHost-Apps/nextcloud_ynh/issues/731) Nextcloud text app dont sync well causing data loss, need Nextcloud update for fix: Thank you @ericgaspar Ill try with 29.0.7
[09:09:20] <Yunohost Git/Infra notifications> [nextcloud_ynh] ImaCrea closed [issue #731](https://github.com/YunoHost-Apps/nextcloud_ynh/issues/731): Nextcloud text app dont sync well causing data loss, need Nextcloud update for fix
[09:20:45] <Yunohost Git/Infra notifications> [nextcloud_ynh] ericgaspar [commented](https://github.com/YunoHost-Apps/nextcloud_ynh/issues/731#issuecomment-2360465614) on [issue #731](https://github.com/YunoHost-Apps/nextcloud_ynh/issues/731) Nextcloud text app dont sync well causing data loss, need Nextcloud update for fix: 29.0.7 is now on master
[09:23:36] <Yunohost Git/Infra notifications> [nextcloud_ynh] ImaCrea [commented](https://github.com/YunoHost-Apps/nextcloud_ynh/issues/731#issuecomment-2360473672) on [issue #731](https://github.com/YunoHost-Apps/nextcloud_ynh/issues/731) Nextcloud text app dont sync well causing data loss, need Nextcloud update for fix: I updated from the testing tree following your advise and it all went well :)
[11:46:13] <m606> Hello, would there be a json to toml converter preinstalled on YNH ?
[11:47:18] <Salamandar> toml_to_json() {
python3 -c 'import toml, json, sys; print(json.dumps(toml.load(sys.stdin)))'
}
[11:47:31] <Salamandar> that's what's used in the helpers
[11:47:47] <Salamandar> we could use yq in bookworm i suppose
[11:49:09] <m606> `yq` not in the PATH I guess `-bash: yq: command not found`
[11:55:10] <Salamandar> could == maybe in the future
[12:00:00] <m606> thanks, i can have it working this way `cat cb848892jgjhlgh0.json | python3 -c 'import toml, json, sys; print(toml.dumps(json.load(sys.stdin)))'`
[12:03:23] <Salamandar> just use `toml_to_json`…
[12:12:34] <m606> > <@Salamandar:matrix.org> just use `toml_to_json`…

i wanted `json_to_toml`
[12:13:09] <Salamandar> ah !
[12:13:19] <Salamandar> yes then what you did is good
[12:16:08] <m606> I am considering a package for an app which enables using a Wireguard config file as a proxy.
I wonder what would be the best YNH interface for it:
- auto load client config from the YNH Wireguard app ? i.e. access `/var/www/wireguard/db/clients`
- or let user upload the config file manually to this new app
[12:17:38] <m606> or basically integrate with potentially existing apps or keep it fully separate ?
[12:32:22] <Aleks (he/him/il/lui)> "as a proxy" you mean route all internet traffic through the wireguard ?
[12:53:48] <m606> > <@Alekswag:matrix.org> "as a proxy" you mean route all internet traffic through the wireguard ?

i mean socks5 proxy which goes through a Wireguard tunnel - https://github.com/pufferffish/wireproxy
[12:55:09] <m606> or "A wireguard client that exposes itself as a socks5/http proxy or tunnels."
[13:02:17] <m606> thinking about it, if the app should integrate with YNH WG app it could also be :
3. option 2 & a button which - if YNH WG app is installed - triggers the generation of a specific client config in YNG WG app to be used by wireproxy
[14:45:58] <oblanc> Hello, i needed an app so I went to package it for yunohost. The upstream is https://github.com/AppDaemon/appdaemon this is an addon for homeassistant to write automations in python. Since homeassistant is not installed in a way we can have addons on yunohost, I created the app for it.
Can someone explain to me what i need to do to have it in the store ? I saw I have to add it to the apps list, but is there any reviewing before, what is the completion level needed (readme, every scripts for update and backup completed) and what are the criteria to have it as a yunohost app ?
Thank you very much
[14:59:34] <Aleks (he/him/il/lui)> ideally it should pass the CI tests yes, otherwise it won't be actually available in the store
[15:00:07] <Aleks (he/him/il/lui)> https://yunohost.org/packaging_testing
[15:00:24] <Aleks (he/him/il/lui)> typically if your app is in the "Yunohost-Apps" org we can easily trigger our automatic test suite
[15:00:29] <Aleks (he/him/il/lui)> and then you can iterate on it / fix issues
[15:11:55] <m606> > <@Alekswag:matrix.org> typically if your app is in the "Yunohost-Apps" org we can easily trigger our automatic test suite

i.e. transferring the repo to Yunohost-Apps organization - https://docs.github.com/en/repositories/creating-and-managing-repositories/transferring-a-repository#transferring-a-repository-owned-by-your-personal-account.
You will then be granted back admin rights on this repo
[15:29:48] <Thomas> What changed with fail2ban in bookworm?
In general, how can we know how to integrate fail2ban in an app?
[15:29:51] <Thomas> https://ci-apps-bookworm.yunohost.org/ci/job/8347
[15:42:29] <Aleks (he/him/il/lui)> is your problem that the fail2ban rules for this app worked on bullseye but not on bookworm ...?
[15:45:57] <Thomas> Yess
[15:46:34] <Thomas> And also a general question about how to integrate fail2ban in different apps
[15:47:34] <Aleks (he/him/il/lui)> not sure what you mean by "how" ... the how is to call the helper with the appropriate regex rule ?
[15:51:03] <Aleks (he/him/il/lui)> (I'm not sure how to debug the fail2ban thingy just using the CI ... reading the regex in the install script it looks fine ? I guess you'd have to install the app on a sandbox server and find where the actual error message for fail2ban is ...)
[16:05:41] <Thomas> > <@Alekswag:matrix.org> not sure what you mean by "how" ... the how is to call the helper with the appropriate regex rule ?

Yes, my question is more about how to find the regex?
[16:06:39] <Aleks (he/him/il/lui)> typically you want to identify in the nginx log or the app log the request that is symptomatic of a failed authentication
[16:07:25] <Aleks (he/him/il/lui)> typically something looking like `POST /path/to/app/login ... 40x` (401 ? 403 ? ... i guess 401 ...)
[16:08:29] <Aleks (he/him/il/lui)> and now that you mention it I'm wondering if the regex for peertube is really the correct one ... `"<HOST>.* \"POST /api/v1/token/ HTTP/1.1\" 400 68.*$"` ... the "68." looks weird / unecessary (hence may it doesnt match some malicious attempt), and same goes for the HTTP/1.1
[16:08:36] <Aleks (he/him/il/lui)> and i'm wondering about 400 vs 401
[16:09:52] <Aleks (he/him/il/lui)> also now that I'm thinking about it we could probably build some higher abstraction on top of this, because probably the vast majority of fail2ban rules are "find failed login attempts corresponding to route 'blah' with a code different from 200"
[16:10:40] <Aleks (he/him/il/lui)> and there are so many ways to get the regex wrong that it turns into an useless one and actually provide zero security
[16:12:03] <Thomas> Ok I will already analyse failed attemps to better understand how it works ^^
[16:12:11] <Thomas> Thanks
[16:19:21] <Thomas> For FitTrackee I have `"POST /api/auth/login HTTP/2.0" 401 53`
[16:19:41] <Thomas> For Funkwhale i have `"POST /api/v1/users/login HTTP/2.0" 400 68`
[16:19:52] <Thomas> > <@thovi98:matrix.org> For Funkwhale i have `"POST /api/v1/users/login HTTP/2.0" 400 68`

So it’s the same as Peertube
[16:20:03] <Thomas> It may be federation related?
[16:22:57] <Thomas> *about the 400 68
[16:23:47] <Aleks (he/him/il/lui)> imho the 68 is irrelevant
[16:24:26] <Aleks (he/him/il/lui)> why would you expect the routes to be the same for funkwhale and fittrackee ?
[16:26:00] <Thomas> I don't know, I'm knew to all these things 😛
[16:27:21] <Thomas> So you say we have to remove the number after 400/401?
[16:30:52] <Aleks (he/him/il/lui)> yeah i'm not sure what this is, something like "bytes transferred" maybe but that irrelevant
[16:31:02] <Aleks (he/him/il/lui)> same for HTTP/2.0
[16:31:26] <Aleks (he/him/il/lui)> the relevant part are : verb = POST, url = the login route, and return code = 400 / 401
[16:33:57] <Aleks (he/him/il/lui)> roughly speaking that should translate to something like : `"<HOST>.* \"POST /api/v1/token/ HTTP/\d.\d\" 40"` (for funkwhale)
[16:34:19] <Aleks (he/him/il/lui)> note the 40 instead of 400 such that it covers 400, 401, 403
[16:34:47] <Aleks (he/him/il/lui)> also I removed the `.*$` part because it feels unecessary (at least for the yunohost "core" regex we don't have this)
[16:35:39] <Thomas> Okay nice, will update and try
[17:08:39] <Thomas> And about the `WARNING 'allowipv6' not defined in 'Definition'.`, it’s a fail2ban issue fixed in latest version (https://github.com/fail2ban/fail2ban/discussions/3699) which is not available in bookworm
[17:24:02] <Aleks (he/him/il/lui)> yeah i wouldnt mind too much about it from a packaging point of view, "it's just a warning", or at least it has no relation to why fail2ban crash even though that may be the only error-like message displayed
[17:30:27] <Thomas> And to report back, your regex works greatly, I’ve banned myself easily ^^
[19:04:13] <orhtej2> If anyone has any insight why CI does not mark jobs as done nor does it report 'level' results now is the time to speak 🫠
[19:04:44] <orhtej2> it actually finishes `package_check.sh` to my knowledge 🤷
[19:11:51] <Aleks (he/him/il/lui)> yes, it's probably some change in linter that broke some expectation from yunorunner and then yunorunner crashes silently
[20:20:55] <Yunohost Git/Infra notifications> [apps] yunohost-bot pushed 1 commit to add-to-wishlist-schleuder-web: Add Schleuder Web to wishlist ([84a9352e](https://github.com/YunoHost/apps/commit/84a9352ea5d8c2a1e4cfa5d2186ad6391d62a031))
[20:20:55] <Yunohost Git/Infra notifications> [apps] yunohost-bot created new branch add-to-wishlist-schleuder-web
[20:20:59] <Yunohost Git/Infra notifications> [apps] yunohost-bot opened [pull request #2594](https://github.com/YunoHost/apps/pull/2594): Add Schleuder Web to wishlist
[20:20:59] <Yunohost Git/Infra notifications> [apps] yunohost-bot labeled Wishlist on [pull request #2594](https://github.com/YunoHost/apps/pull/2594): Add Schleuder Web to wishlist
[20:29:11] <marc-flender> Bonjour, je rencontre un problème pour le package test de my_webdav, ici:
[20:29:44] <marc-flender> https://github.com/YunoHost-Apps/my_webdav_ynh/pull/15
[20:29:59] <marc-flender> le résultat est mauvais:
[20:30:00] <marc-flender> https://ci-apps-dev.yunohost.org/ci/job/19536
[20:30:20] <marc-flender> Ca bloque dès le "[Test 2/6] Installation on the root"
[20:31:46] <marc-flender> Mais l'installation est incorrecte car il installe en "public" alors que mon app est réservée aux utilisateurs Yunohost
[20:31:47] <marc-flender> [resources.permissions]
# This will configure SSOwat permission for $domain/$path/
# The initial allowed group of user is configured via the init_main_permission question (public=visitors, private=all_users)
main.url = "/"
main.allowed = "all_users"
[20:31:47] <marc-flender> Running: yunohost app install --no-remove-on-failure --force /app_folder -a "&domain=sub.domain.tld&path=/&admin=package_checker&is_public=1&init_main_permission=visitors&"
[20:32:02] <marc-flender> Quelqu'un peut-il m'expliquer ce qui se passe?
[20:32:05] <marc-flender> Merci d'avance
[20:37:21] <Yunohost Git/Infra notifications> [package_check] alexAubin pushed 1 commit to master: Update curl_tests.py: typo / missing default expect_return_code ([35cecd56](https://github.com/YunoHost/package_check/commit/35cecd569a90f21e9627aa1e90f06c022ac27637))
[20:38:14] <Aleks (he/him/il/lui)> > <@marc-flender:matrix.org> le résultat est mauvais:

si tu parles du fait qu'il râle parce que il obtient un code 401 au lieu d'un code 200, il faut remplacer les curl_tests par défaut avec un truc avec `.expect_return_code = 401`
[20:38:28] <Aleks (he/him/il/lui)> cf https://github.com/YunoHost/package_check/blob/master/README.md?plain=1#L186
[20:38:52] <Aleks (he/him/il/lui)> et idéalement en mettre un avec `.logged_on_sso = true` pour valider que quand on est connecté au SSO ça marche bien
[20:39:38] <tituspijean> <del>Tu peux désactiver certains tests, cf. https://github.com/YunoHost/package\_check#teststoml-syntax</del>
[20:43:29] <Yunohost Git/Infra notifications> Job [#30674](https://ci-apps.yunohost.org/ci/job/30674) for searxng failed miserably :(
[21:18:04] <marc-flender> Merci.
[21:19:22] <marc-flender> Non en fait je ne comprends pas pourquoi il teste en mode "is_public=1" et visitors, alors que dans le manifest.toml l'app est réservée aux all_users Je pensais qu'il s'adaptait au manifest.toml pour établir son test
[21:20:06] <Aleks (he/him/il/lui)> Qu'estce qui te fait dire qu'il reste en mode ispublic=1
[21:20:42] <marc-flender> parce qu'il installe avec cette commande: Running: yunohost app install --no-remove-on-failure --force /app_folder -a "&domain=sub.domain.tld&path=/&admin=package_checker&is_public=1&init_main_permission=visitors&"
[21:21:19] <Aleks (he/him/il/lui)> Peu importe, il n'y a pas d'argument is public dans l'app donc c'est ignoré par yunohost
[21:21:50] <marc-flender> et le "init_main_permission=visitors" ?
[21:22:08] <Aleks (he/him/il/lui)> Pareil
[21:22:37] <marc-flender> oui mais il ne peut pas tester une connexion en mode privé s'il n'utilise pas un identifiant et un mode de passe. Donc ce test est voué à l'échec
[21:22:58] <marc-flender> Il est obligé d'avoir un résultat "fail"
[21:22:59] <Aleks (he/him/il/lui)> Cf les commentaires précédents
[21:29:45] <marc-flender> Merci
[21:29:45] <marc-flender> ok je vais changer le test.toml, ce sera plus simple.