Sunday, December 15, 2024
apps@conference.yunohost.org
December
Mon Tue Wed Thu Fri Sat Sun
            1
2
 3
 4
 5
 6
 7
 8
9
 10
 11
 12
 13
 14
 15
16
 17
 18
 19
 20
 21
 22
23
 24
 25
 26
 27
 28
 29
30
 31
          

[08:26:39] <miro5001> https://github.com/minio/minio/releases/tag/RELEASE.2024-12-13T22-19-12Z
[08:27:30] <miro5001> >Privilege escalation bug fix
>This release includes a fix for a privilege escalation vulnerability in the IAM import API (#20756). All users are advised to upgrade their deployments to this release.
[11:21:44] <Yunohost Git/Infra notifications> [vaultwarden_ynh] y​alh76 [commented](https://github.com/YunoHost-Apps/vaultwarden_ynh/pull/281#issuecomment-2543833921) on [issue #281](https://github.com/YunoHost-Apps/vaultwarden_ynh/pull/281) Fix trixie: Own CI result for Revision: b5e5f122884ac5e0ce703fc59b3a8b27bfa12646 Repository: https://github.com/YunoHost-Apps/vaultw...
[11:21:52] <Yunohost Git/Infra notifications> [vaultwarden_ynh] y​alh76 merged [pull request #281](https://github.com/YunoHost-Apps/vaultwarden_ynh/pull/281): Fix trixie
[11:25:40] <Yunohost Git/Infra notifications> [vaultwarden_ynh] S​alamandar [commented](https://github.com/YunoHost-Apps/vaultwarden_ynh/pull/281#issuecomment-2543835071) on [issue #281](https://github.com/YunoHost-Apps/vaultwarden_ynh/pull/281) Fix trixie: So now were fixing Trixie CI ? :heart_eyes:
[12:10:28] <Salamandar> @josue:tille.ch hmmm could you please ELI5 this file ?
https://github.com/YunoHost-Apps/monitorix_ynh/blob/master/hooks/post_iptable_rules

I'm in the process of removing this hook (there are only 2 apps using it and this can be replaced by something more standard), and I can't wrap my head around this.
[12:27:34] <Yunohost Git/Infra notifications> [snappymail_ynh] T​agadda [commented](https://github.com/YunoHost-Apps/snappymail_ynh/pull/190#discussion_r1885687335) on pull request #190 Testing: According to the commit message, keep path is relative to dest_dir, not install_path
[12:30:31] <Yunohost Git/Infra notifications> [mastodon_ynh] T​agadda closed [pull request #472](https://github.com/YunoHost-Apps/mastodon_ynh/pull/472): Upgrade to v4.3.1
[12:30:54] <Yunohost Git/Infra notifications> [mastodon_ynh] T​agadda [commented](https://github.com/YunoHost-Apps/mastodon_ynh/pull/478#issuecomment-2543855240) on [issue #478](https://github.com/YunoHost-Apps/mastodon_ynh/pull/478) Upgrade to v4.3.2: Need to update to yarn 4.5
[13:48:53] <Yunohost Git/Infra notifications> [snappymail_ynh] e​ricgaspar closed [issue #187](https://github.com/YunoHost-Apps/snappymail_ynh/issues/187): SSO is broken
[13:48:53] <Yunohost Git/Infra notifications> [snappymail_ynh] e​ricgaspar merged [pull request #190](https://github.com/YunoHost-Apps/snappymail_ynh/pull/190): Testing
[13:48:53] <Yunohost Git/Infra notifications> [snappymail_ynh] e​ricgaspar closed [issue #185](https://github.com/YunoHost-Apps/snappymail_ynh/issues/185): Latest upgrade overwrite configuration file application.ini
[14:47:49] <Josué> Well, this is mainly because monitorix add his custom iptables rules, to monitor the trafic and so after we reload the iptables rules we need to restart monitorix to add again the monitorix rules.
[14:48:09] <Salamandar> arhhhh
[14:48:10] <Salamandar> oké
[14:48:21] <Josué> but well we can change the way to handle this in nftables
[14:48:35] <Josué> it would be interesting to see if monitorix support nftables.
[14:48:46] <Salamandar> > <@josue:tille.ch> it would be interesting to see if monitorix support nftables.

no, there's an isuse about that
[14:48:56] <Salamandar> seems like monitorix is a bit abandonned no ?
[14:49:34] <Josué> no, it still be maintained, there was a release last view week ago
[14:50:27] <Josué> as said in the release are less theses view last year because the tool a quite mature and *also* because the main dev has less time, but it still be developped.
[14:50:47] <Salamandar> > <@josue:tille.ch> but well we can change the way to handle this in nftables

well i was thinking about a job that would be `WantedBy=ntfables` and `After=nftables` that does the `systemctl restart`
[14:51:43] <Josué> to me for nftables we can decide to change the way to hook the rules, but for me need to keep a way to give to the app the possibility to hook nftables.
[14:52:46] <Josué> ah no, I did this way because sometime monitorix is quite bugy. But well maybe now since I rewrote the service with systemd it's more stable, but at some point it was really buggy.
[14:54:02] <Salamandar> > <@josue:tille.ch> to me for nftables we can decide to change the way to hook the rules, but for me need to keep a way to give to the app the possibility to hook nftables.

yes, a hook can be just a service "hooked" on the restart of nftables.service
[14:54:12] <Salamandar> > <@josue:tille.ch> ah no, I did this way because sometime monitorix is quite bugy. But well maybe now since I rewrote the service with systemd it's more stable, but at some point it was really buggy.

yes yes it can be this custom script in the service
[14:54:27] <Josué> Note, one day a 4 year ago when I restarted monitorix it just drop all iptables rules and so I wasn't able to access to my server by the network because everything was blocked...
[14:55:16] <Josué> yes exactly
[14:55:27] <Josué> it should be enough.
[14:56:12] <Salamandar> alright :)
[14:56:13] <Josué> since we have a way to hook the nftables reload call, I think you don't need to take care of monitorix.
[14:58:28] <Salamandar> > <@josue:tille.ch> since we have a way to hook the nftables reload call, I think you don't need to take care of monitorix.

hmmm i suppose we can install both the hook and the "hooked" service, because only one of them will be "active" (either a legacy iptables yunohost or a new nftables yunohost)
[14:59:41] <Josué> do you plan to create a new hook the same way than the previous one ?
[15:09:20] <Josué> well, probably with the compat tools there are probably a way to make working the current monitorix version with nftables.
[15:20:47] <Salamandar> > <@josue:tille.ch> do you plan to create a new hook the same way than the previous one ?

no, there is just the nftables.service you can "hook" yourself to via systemd
[15:21:06] <Salamandar> > <@josue:tille.ch> well, probably with the compat tools there are probably a way to make working the current monitorix version with nftables.

yes yes there is `xtables-compat` that provides iptables-compat
[15:21:23] <Josué> well yes ok but can do it with many app at the same time ?
[15:21:46] <Salamandar> > <@josue:tille.ch> well yes ok but can do it with many app at the same time ?

i don't see why not
[15:22:09] <Salamandar> each app can have its `$app-post-nftables.service` of its own
[15:23:11] <Josué> ok but do you mind to call a yunohost hook on the nftables.service post start ?
[15:31:36] <Salamandar> that would be fine too
[15:31:57] <Salamandar> the only reason why i "don't like" PostStart commands is that it is run with the same user as the rest of the unit
[15:32:06] <Salamandar> and you can't control which user will be used tomorrow
[15:47:21] <Yunohost Git/Infra notifications> [snappymail_ynh] T​agadda [commented](https://github.com/YunoHost-Apps/snappymail_ynh/issues/186#issuecomment-2543923934) on [issue #186](https://github.com/YunoHost-Apps/snappymail_ynh/issues/186) Admin access with [202] mkdir() failed error since 2.38.2~ynh1: Is this still happening ?
[15:59:41] <Josué> ah yes I see, but well currently all yunohost hook are called as root and probably nftables too, so for now it's not really a problem. 🙃
Or maybe we can write a small doc to explain why this hooks was removed and how to replace it with systemd unit. So the packagers won't be lost around this.
[16:02:53] <Salamandar> > Or maybe we can write a small doc to explain why this hooks was removed and how to replace it with systemd unit. So the packagers won't be lost around this.

Only 3 apps are using this hook : incus (i package it), monitorix, and vpnclient (idk who manages it but the solution will be similar to monitorix)
[16:04:13] <Josué> yes, but maybe also somebody use it on the instance as customization, without any package. On my side for many year I used this hook without any package
[16:05:25] <Josué> note, from what I remembrer, I did the first PR to add this hook about 10 year ago, because it was a need for my yunohost...😅
[16:08:54] <Josué> ah no it was for the ssh port, to not use always the port 22 in the firewall rules.
[16:11:54] <Josué> but well anyway, note that there might have some instance which also use this hook, that you can't find it on github. We can decide to just drop it and leave the user to fix it itself, but just keep in mind this 😉
[16:18:15] <Salamandar> > <@josue:tille.ch> yes, but maybe also somebody use it on the instance as customization, without any package. On my side for many year I used this hook without any package

hmmmm okay
[16:18:44] <Salamandar> actually maybe we could just do this systemd service and execute the files in the hook directory
[16:18:50] <Salamandar> directly inside yunohost
[17:15:24] <Salamandar> ok that works
[17:15:41] <Salamandar> https://github.com/YunoHost/yunohost/pull/2011/commits/96c6f23177765dbb8832fced85705c6b26059954
[20:27:24] <Yunohost Git/Infra notifications> [snappymail_ynh] T​agadda pushed 1 commit to testing: Fix permissions while upgrading ([09d942b2](https://github.com/YunoHost-Apps/snappymail_ynh/commit/09d942b2e69c30b4ce7a44d4a06ed93c37b87583))
[20:27:55] <Yunohost Git/Infra notifications> [snappymail_ynh] T​agadda opened [pull request #191](https://github.com/YunoHost-Apps/snappymail_ynh/pull/191): Fix permissions while upgrading
[20:28:03] <Yunohost Git/Infra notifications> [snappymail_ynh] T​agadda edited [pull request #191](https://github.com/YunoHost-Apps/snappymail_ynh/pull/191): Testing
[20:28:06] <Yunohost Git/Infra notifications> [snappymail_ynh] T​agadda [commented](https://github.com/YunoHost-Apps/snappymail_ynh/pull/191#issuecomment-2544046222) on [issue #191](https://github.com/YunoHost-Apps/snappymail_ynh/pull/191) Testing: bump
[20:28:29] <Yunohost Git/Infra notifications> [snappymail_ynh] T​agadda merged [pull request #191](https://github.com/YunoHost-Apps/snappymail_ynh/pull/191): Testing
[20:28:30] <Yunohost Git/Infra notifications> [snappymail_ynh] T​agadda closed [issue #186](https://github.com/YunoHost-Apps/snappymail_ynh/issues/186): Admin access with [202] mkdir() failed error since 2.38.2~ynh1
[20:29:29] <Yunohost Git/Infra notifications> [snappymail_ynh] T​agadda closed [issue #127](https://github.com/YunoHost-Apps/snappymail_ynh/issues/127): application upgrade overwrites application.ini
[20:29:30] <Yunohost Git/Infra notifications> [snappymail_ynh] T​agadda [commented](https://github.com/YunoHost-Apps/snappymail_ynh/issues/127#issuecomment-2544046574) on [issue #127](https://github.com/YunoHost-Apps/snappymail_ynh/issues/127) application upgrade overwrites application.ini: Fixed by 2459a7c
[20:29:51] <Yunohost Git/Infra notifications> [snappymail_ynh] T​agadda closed [issue #147](https://github.com/YunoHost-Apps/snappymail_ynh/issues/147): Admin panel cannot be loaded
[20:30:34] <Yunohost Git/Infra notifications> [snappymail_ynh] T​agadda closed [issue #122](https://github.com/YunoHost-Apps/snappymail_ynh/issues/122): login to admin page broken
[20:32:24] <Yunohost Git/Infra notifications> [snappymail_ynh] T​agadda [commented](https://github.com/YunoHost-Apps/snappymail_ynh/issues/172#issuecomment-2544047567) on [issue #172](https://github.com/YunoHost-Apps/snappymail_ynh/issues/172) Conflict package PHP-imagick: Fixed by c2755ec
[20:32:24] <Yunohost Git/Infra notifications> [snappymail_ynh] T​agadda closed [issue #172](https://github.com/YunoHost-Apps/snappymail_ynh/issues/172): Conflict package PHP-imagick
[20:42:24] <rodinux> Well, I don't hnow how resolve such conflicts ! In mobilizon and the version `4.1.0` you can find build sources for arm only for bullseye, not for bookworm. In last release `5.1.0` you can find build sources for arm only for bookworm, not for bullseye...
[22:41:58] <Yunohost Git/Infra notifications> [vaultwarden_ynh] y​alh76 [commented](https://github.com/YunoHost-Apps/vaultwarden_ynh/pull/281#issuecomment-2544146499) on [issue #281](https://github.com/YunoHost-Apps/vaultwarden_ynh/pull/281) Fix trixie: > So now were fixing Trixie CI ? 😍 That was an easy fix, as there are some test done for Trixie: https://apps.yunohost...
[22:59:19] <Aleks (he/him/il/lui)> https://github.com/YunoHost-Apps/vaultwarden_ynh/pull/281#issuecomment-2543833921 grey background ? 🤔
[23:18:46] <Yunohost Git/Infra notifications> [piped_ynh] y​unohost-bot opened [pull request #162](https://github.com/YunoHost-Apps/piped_ynh/pull/162): Upgrade to v2024.12.09
[23:20:32] <Yunohost Git/Infra notifications> [searxng_ynh] y​unohost-bot opened [pull request #352](https://github.com/YunoHost-Apps/searxng_ynh/pull/352): Upgrade to v2024.12.06