Sunday, October 27, 2024
dev@conference.yunohost.org
October
Mon Tue Wed Thu Fri Sat Sun
  1
 2
 3
 4
 5
 6
7
 8
 9 10
 11
 12 13
14 15 16 17 18 19 20
21
 22
 23
 24
 25
 26
 27
28
 29
 30
 31
      
             

[00:17:16] <Yunohost Git/Infra notifications> [autoupdate_app_sources] App sources auto-update failed miserably!
[01:20:40] <Yunohost Git/Infra notifications> [gitlab_ynh] kay0u merged [pull request #266](https://github.com/YunoHost-Apps/gitlab_ynh/pull/266): 17.5.1
[01:20:40] <Yunohost Git/Infra notifications> [gitlab_ynh/master] Auto-update READMEs - yunohost-bot
[01:20:40] <Yunohost Git/Infra notifications> [gitlab_ynh] kay0u pushed 4 commits to master ([16f8b287e225...6b2f169c06e4](https://github.com/YunoHost-Apps/gitlab_ynh/compare/16f8b287e225...6b2f169c06e4))
[01:20:40] <Yunohost Git/Infra notifications> [gitlab_ynh/master] Merge pull request #266 from YunoHost-Apps/testing 17.5.1 - Kayou
[01:20:40] <Yunohost Git/Infra notifications> [gitlab_ynh/master] Merge branch testing of github.com:YunoHost-Apps/gitlab_ynh into testing - Kay0u
[01:20:43] <Yunohost Git/Infra notifications> [gitlab_ynh] yunohost-bot pushed 1 commit to testing: Merge pull request #266 from YunoHost-Apps/testing 17.5.1 ([6b2f169c](https://github.com/YunoHost-Apps/gitlab_ynh/commit/6b2f169c06e41f9fefbe809d2ddba03ffea7d821))
[01:24:25] <Yunohost Git/Infra notifications> [nextcloud_ynh] kay0u approved [pull request #735](https://github.com/YunoHost-Apps/nextcloud_ynh/pull/735#pullrequestreview-2397382611) Testing
[03:27:36] <Yunohost Git/Infra notifications> [nextcloud_ynh] kay0u [commented](https://github.com/YunoHost-Apps/nextcloud_ynh/pull/735#issuecomment-2439823453) on [issue #735](https://github.com/YunoHost-Apps/nextcloud_ynh/pull/735) Testing: We should merge #714 first, so ppl can use it to stay on version 29 when the version 30 is ready
[07:29:39] <Yunohost Git/Infra notifications> [apps] Thovi98 opened [pull request #2663](https://github.com/YunoHost/apps/pull/2663): add wanderer to catalog
[09:18:27] <Yunohost Git/Infra notifications> [apps] ericgaspar approved [pull request #2663](https://github.com/YunoHost/apps/pull/2663#pullrequestreview-2397444571) add wanderer to catalog
[09:18:34] <Yunohost Git/Infra notifications> [apps] ericgaspar merged [pull request #2663](https://github.com/YunoHost/apps/pull/2663): add wanderer to catalog
[09:18:34] <Yunohost Git/Infra notifications> [apps] ericgaspar pushed 1 commit to master: add wanderer to catalog (#2663) ([3bbdeb65](https://github.com/YunoHost/apps/commit/3bbdeb65e19acf7ea013a4dc79fe7972836626ba))
[09:19:14] <Yunohost Git/Infra notifications> [apps] yunohost-bot pushed 1 commit to master: Automatically add dates to the catalog files ([a6aecc9a](https://github.com/YunoHost/apps/commit/a6aecc9a96d2cc5a297d5395ba9241b67961c66c))
[09:19:50] <Yunohost Git/Infra notifications> [apps] ericgaspar pushed 1 commit to antifeature-lychee: Update apps.toml ([8e025f8b](https://github.com/YunoHost/apps/commit/8e025f8b7937dfeb8f0d3c07672398fd3428e8bd))
[09:19:50] <Yunohost Git/Infra notifications> [apps] ericgaspar created new branch antifeature-lychee
[09:20:13] <Yunohost Git/Infra notifications> [apps] ericgaspar opened [pull request #2664](https://github.com/YunoHost/apps/pull/2664): Lychee antifeature the retour
[11:08:09] <Yunohost Git/Infra notifications> [apps] tituspijean approved [pull request #2664](https://github.com/YunoHost/apps/pull/2664#pullrequestreview-2397506487) Lychee antifeature the retour
[11:08:15] <Yunohost Git/Infra notifications> [apps] tituspijean pushed 1 commit to master: Update apps.toml (#2664) ([635db8fc](https://github.com/YunoHost/apps/commit/635db8fc45c98bd96f78ccb2d8adbc444204dc65))
[11:08:16] <Yunohost Git/Infra notifications> [apps] tituspijean merged [pull request #2664](https://github.com/YunoHost/apps/pull/2664): Lychee antifeature the retour
[11:08:17] <Yunohost Git/Infra notifications> [apps] tituspijean deleted branch antifeature-lychee
[15:09:28] <Yunohost Git/Infra notifications> [yunohost] kay0u pushed 1 commit to bookworm: fix confirmation during postinstall ([7f117b02](https://github.com/YunoHost/yunohost/commit/7f117b0272d0fef4e7636e327da2903feaba0fad))
[15:15:08] <Yunohost Git/Infra notifications> 🏗️ Starting build for yunohost/12.0.4.1+202410271615 for bookworm/unstable/all ...
[15:15:49] <Yunohost Git/Infra notifications> ✔️ Completed build for yunohost/12.0.4.1+202410271615 for bookworm/unstable/all.
[15:25:55] <Yunohost Git/Infra notifications> [yunohost] alexAubin pushed 1 commit to bookworm: Update domain.py: fix TOS confirmation during domain add with dyndns ([6c435a55](https://github.com/YunoHost/yunohost/commit/6c435a554ae382dfc210cdf282629eb23291c767))
[15:27:24] <Yunohost Git/Infra notifications> [yunohost] ✖️ Pipeline [#1515355368](https://gitlab.com/YunoHost/yunohost/-/pipelines/1515355368) canceled on branch bookworm
[15:30:07] <Yunohost Git/Infra notifications> 🏗️ Starting build for yunohost/12.0.4.1+202410271630 for bookworm/unstable/all ...
[15:30:44] <Yunohost Git/Infra notifications> ✔️ Completed build for yunohost/12.0.4.1+202410271630 for bookworm/unstable/all.
[15:56:02] <Yunohost Git/Infra notifications> [yunohost] alexAubin [commented](https://github.com/YunoHost/yunohost/pull/1981#discussion_r1818129749) on pull request #1981 #2445: Pass email, username and fullname as header for ssowat: suggestion return {"user": username, "pwd": encrypt(password), "email": ldap_user_infos["mail"][0], ...
[15:56:10] <Yunohost Git/Infra notifications> [yunohost] alexAubin [commented](https://github.com/YunoHost/yunohost/pull/1981#discussion_r1818129783) on pull request #1981 #2445: Pass email, username and fullname as header for ssowat: suggestion assert "fullname" in infos
[15:56:40] <Yunohost Git/Infra notifications> [yunohost] alexAubin pushed 1 commit to auth_headers: Apply suggestions from code review fix data returned by ldap being list, and rename user_fullname to fullname ([4e917428](https://github.com/YunoHost/yunohost/commit/4e917428f7fdc366f01414590f075856833e33cc))
[15:57:00] <Yunohost Git/Infra notifications> [yunohost] alexAubin [commented](https://github.com/YunoHost/yunohost/pull/1981#discussion_r1818129987) on pull request #1981 #2445: Pass email, username and fullname as header for ssowat: suggestion ldap_user_infos = _get_ldap_interface().search("ou=users", f"uid={username}", attrs=["cn", "ma...
[15:57:14] <Yunohost Git/Infra notifications> [yunohost] alexAubin pushed 1 commit to auth_headers: fstrings ftw ([efabf32d](https://github.com/YunoHost/yunohost/commit/efabf32d63cc9dee7c6b25652dc49ba735066e99))
[15:57:59] <Yunohost Git/Infra notifications> [yunohost] alexAubin [commented](https://github.com/YunoHost/yunohost/pull/1981#discussion_r1818130253) on pull request #1981 #2445: Pass email, username and fullname as header for ssowat: suggestion return {"user": username, "pwd": encrypt(password), "...
[15:58:04] <Yunohost Git/Infra notifications> [yunohost] alexAubin pushed 1 commit to auth_headers: cosmetics ([3ae34234](https://github.com/YunoHost/yunohost/commit/3ae3423423e3e0dbf7920706b0f197652d1d7683))
[16:01:50] <Yunohost Git/Infra notifications> [SSOwat] alexAubin [commented](https://github.com/YunoHost/SSOwat/pull/231#discussion_r1818130877) on pull request #231 Auth headers: Isnt this block supposed to happen no matter what and not just if an Authorization header is provided ?
[16:01:52] <Yunohost Git/Infra notifications> [yunohost] 🔴 Pipeline [#1515361814](https://gitlab.com/YunoHost/yunohost/-/pipelines/1515361814) failed on branch bookworm
[16:06:32] <Yunohost Git/Infra notifications> [package_linter] alexAubin [commented](https://github.com/YunoHost/package_linter/pull/164#discussion_r1818131840) on pull request #164 Add test to validate SSO config for bookworm: Im really thinking we should autopatch the nginx conf directly in the nginx helper ? Though that doesnt change the fac...
[16:29:03] <Yunohost Git/Infra notifications> [SSOwat] Josue-T [commented](https://github.com/YunoHost/SSOwat/pull/231#discussion_r1818136111) on pull request #231 Auth headers: The idea there was juste to ensure that there are no way from the client to do user spoofing for all header YNH_*. So ...
[16:33:54] <Yunohost Git/Infra notifications> [yunohost] 🔴 Pipeline [#1515371726](https://gitlab.com/YunoHost/yunohost/-/pipelines/1515371726) failed on branch auth_headers
[16:35:01] <Yunohost Git/Infra notifications> [SSOwat] alexAubin [commented](https://github.com/YunoHost/SSOwat/pull/231#discussion_r1818137027) on pull request #231 Auth headers: i understand what this block does, what im pointing out is the fact that its ran only if theres an Authorization head...
[17:01:32] <Salamandar> Hmmmm not sure what this eval is about? https://github.com/YunoHost/yunohost/blob/5d15c00d921927825a0bf98b0c5d872dac57d1b7/helpers/helpers.v2.1.d/setting#L69
[17:07:36] <Aleks (he/him/il/lui)> it's about being able to define a variable from a var name contained in another variable ?
[17:10:22] <Salamandar> yes but
[17:10:28] <Salamandar> `myvar=${!myvarname}`
[17:10:38] <Salamandar> okay
[17:10:38] <Salamandar> ah but
[17:11:13] <Salamandar> my mistake
[17:35:49] <Yunohost Git/Infra notifications> [package_linter] Josue-T [commented](https://github.com/YunoHost/package_linter/pull/164#discussion_r1818147474) on pull request #164 Add test to validate SSO config for bookworm: Well, this warning is mainly for a cleanup of something which is not needed any more. Note that for php app which use i...
[17:46:52] <Yunohost Git/Infra notifications> [SSOwat] Josue-T [commented](https://github.com/YunoHost/SSOwat/pull/231#discussion_r1818149135) on pull request #231 Auth headers: Yes, I understand now. I think in this case, it make more sense to move it out of the if. So we remove in any case the h...
[18:03:20] <Yunohost Git/Infra notifications> [package_linter] alexAubin [commented](https://github.com/YunoHost/package_linter/pull/164#discussion_r1818151725) on pull request #164 Add test to validate SSO config for bookworm: > in php we have 2 different header, and so we dont exactly know which one to use depending of the app. Can you elabor...
[18:30:13] <Yunohost Git/Infra notifications> [landingpage] alexAubin pushed 1 commit to main: babel: for some reason babel was complaining about Unknown extraction method jinja2 for me? ([215f9e1e](https://github.com/YunoHost/landingpage/commit/215f9e1efa3961edb5baca14e267e020f65f1987))
[18:34:23] <Yunohost Git/Infra notifications> [package_linter] Josue-T [commented](https://github.com/YunoHost/package_linter/pull/164#discussion_r1818156887) on pull request #164 Add test to validate SSO config for bookworm: Yes in PHP we can get the header this way h getallheaders()["Ynh-User"] or _SERVER["HTTP_YNH_USER"] Note I not a s...
[18:34:36] <Yunohost Git/Infra notifications> [package_linter] Josue-T edited a [comment](https://github.com/YunoHost/package_linter/pull/164#discussion_r1818156887) on pull request #164 Add test to validate SSO config for bookworm: Yes in PHP we can get the header this way getallheaders()["Ynh-User"] or _SERVER["HTTP_YNH_USER"] Note I not a spe...
[18:37:05] <Yunohost Git/Infra notifications> [package_linter] alexAubin [commented](https://github.com/YunoHost/package_linter/pull/164#discussion_r1818157265) on pull request #164 Add test to validate SSO config for bookworm: hmokay but the isnt the point that the defacto standard is that apps will use the REMOTE_USER var which is provisione...
[18:49:37] <Yunohost Git/Infra notifications> [landingpage] alexAubin pushed 1 commit to main: We dont need the lang code in links to the doc, its gonna lead to 404 for langs that are not supported on the doc, and... ([fc309d35](https://github.com/YunoHost/landingpage/commit/fc309d35ad517a51e62412524cca13899a2ea49c))
[18:59:53] <Yunohost Git/Infra notifications> [package_linter] Josue-T [commented](https://github.com/YunoHost/package_linter/pull/164#discussion_r1818161137) on pull request #164 Add test to validate SSO config for bookworm: Ah yes I see now. It might work but well, in this case we also need to detect if we include the fastcgi_params and in th...
[19:06:36] <Yunohost Git/Infra notifications> [package_linter] alexAubin [commented](https://github.com/YunoHost/package_linter/pull/164#discussion_r1818162209) on pull request #164 Add test to validate SSO config for bookworm: Yes indeed (Also now that were talking about it, we should probably tell people that they should always include the fa...
[19:08:01] <Yunohost Git/Infra notifications> [landingpage] alexAubin pushed 1 commit to main: Cleanup unused stuff, bits of indents ([8b0ab6aa](https://github.com/YunoHost/landingpage/commit/8b0ab6aaeb5760500b563fd333df3bc29146bf43))
[19:42:44] <Émy – OniriCorpe> I have an issue while using 2.1 helpers on latest 11 ynh stable:
```
2024-10-27 20:31:38,405: DEBUG - + ynh_apt_remove_dependencies
2024-10-27 20:31:38,408: WARNING - ./deprovision_apt: ligne 5: ynh_apt_remove_dependencies : commande introuvable
```
At the end of this log https://paste.yunohost.org/raw/evuzeparir
context is that the upgrade was in error, so ynh removed and reinstalled the previous update backup
[19:45:41] <orhtej2> > <@oniricorpe:im.emelyne.eu> I have an issue while using 2.1 helpers on latest 11 ynh stable:
> ```
> 2024-10-27 20:31:38,405: DEBUG - + ynh_apt_remove_dependencies
> 2024-10-27 20:31:38,408: WARNING - ./deprovision_apt: ligne 5: ynh_apt_remove_dependencies : commande introuvable
> ```
> At the end of this log https://paste.yunohost.org/raw/evuzeparir
> context is that the upgrade was in error, so ynh removed and reinstalled the previous update backup

update between helpers version perhaps?
[19:46:07] <orhtej2> (might be that helpers version is leaking to restore operation that was supposed to use helpers v1 or smth?)
[19:50:31] <Aleks (he/him/il/lui)> sounds related to https://github.com/YunoHost/yunohost/blob/dev/src/utils/resources.py#L1268 and https://github.com/YunoHost/yunohost/blob/dev/src/utils/resources.py#L161 ... i guess the rollback doesn't re-check for the helper version used in the previous version of the app
[19:51:00] <Aleks (he/him/il/lui)> yeah here it should redefine the helper version : https://github.com/YunoHost/yunohost/blob/dev/src/utils/resources.py#L88
[19:53:09] <Josué> Hello,
About https://github.com/YunoHost/package_linter/pull/164#discussion_r1818162209, I'm not sure about what is the best way to manage this. In most of case it's probably a good way do add `include fastcgi_params;`, but not sure at 100% in all case it should be put, maybe some app don't include it for some good reason, I don't know.
Maybe ideally we should just override in yunohost the `/etc/nginx/fastcgi_params` file with the recommended values and than just say that in all php app we just need to include this and it's all. And maybe we can do the same for the proxy_params.
From what I understood Aleks (he/him/il/lui), your idea was for retro-compatibility reason, to map `YNH_USER` to `REMOTE_USER` header and so the currents app will still work on bookworm ? is it right ? We can do it but, this way, it might take a long time to be able to remove it... Note we can also do this mapping in ssowat, so we set the legacy header as same as the new header... or we can also auto patch, but to me the auto patch might be quite complicated to cover all cases.
[19:54:59] <Aleks (he/him/il/lui)> "a long time to be able to remove it" ... what's "it" ?
[19:58:33] <Yunohost Git/Infra notifications> [SSOwat] Josue-T pushed 1 commit to auth_headers: Clean in all case YNH_* header from client ([d9342865](https://github.com/YunoHost/SSOwat/commit/d934286505060a7434f7a1d380c8faa34e7505ca))
[20:01:06] <Josué> > <@Alekswag:matrix.org> "a long time to be able to remove it" ... what's "it" ?

it might take a long time to remove the retro compatibility layer.... because we might suppose that some app still wasn't updated and so we need to keep it.
[20:05:37] <Aleks (he/him/il/lui)> in any case it will take time because even if we magically fixed all apps tonight, there will still be unupgraded apps in the wild installed on people's machines
[20:09:58] <Josué> Yes I understand, so, maybe to me the best way, and probably the simplest is in SSOWAT to set the "legacy" header and so the app will still work in any case, also if the app wasn't upgraded (because the auto patch work since we do an upgrade).
And we keep the new warning in the linter so we ensure that the packagers will at some time do the necessary changes. What do you think ?
[20:12:20] <Aleks (he/him/il/lui)> i don't have a clear view about all this, if by "legacy" header you mean the "authorization" header then to me even with these changes it is still not "legacy" or cannot be dropped because some apps do rely on the Authorization header because they don't blindly trust the REMOTE_USER info and want to re-authenticate using the password
[20:12:44] <Aleks (he/him/il/lui)> though at least we could reduce the size of the issue by enforcing stuff about the setting "basic_with/without_password"
[20:13:19] <Aleks (he/him/il/lui)> to me the whole thing about the new YNH_USER is to address the possible spoofing issue
[20:13:58] <Aleks (he/him/il/lui)> meaning in the mid-term we can remove the "protect_aganist_spoofing_attempts" ugly hack
[20:14:30] <Aleks (he/him/il/lui)> but the Authorization header is still going to be needed for some apps, and there's no magic way around this except using OIDC / SAML
[20:14:50] <Aleks (he/him/il/lui)> (but i'm juggling with 3 others things right now and it's a complex issue so maybe i'm missing the point)
[20:15:09] <Josué> no to me the legacy header is `REMOTE_USER`, `EMAIL` and `NAME` (which can be seen in `/etc/ssowat/conf.json` in `additional_headers`.
[20:15:48] <Josué> the "authorization" header with the basic authentication is to me still used and needed, we should keep it.
[20:17:02] <Josué> to me the "authorization" header is needed and make sens for app which use it a real basic authentication with the password check.
[20:18:06] <Josué> > <@Alekswag:matrix.org> to me the whole thing about the new YNH_USER is to address the possible spoofing issue

yes, and also to be more explicit about what is what and what should be used where....
[20:19:38] <Josué> > <@Alekswag:matrix.org> though at least we could reduce the size of the issue by enforcing stuff about the setting "basic_with/without_password"

don't really understand by enforcing stuff ?
[20:22:08] <Aleks (he/him/il/lui)> enforcing as in "making it mandatory for apps to declare what SSO method they need"
[20:22:25] <Aleks (he/him/il/lui)> hence we can pass the Authorization header only when explicitly needed by an app
[20:22:44] <Josué> to me the apps the apps with use basic without password don't really make sens to me, in this case the app should use the `YNH_USER` header instead. The basic header is mainly here for apps which require password. But it's what I see in the packages that I did, I don't see all apps and there a lot of sso implementation and usage...
[20:23:31] <Aleks (he/him/il/lui)> yeah it's all come from the fact that the $remote_user internal nginx var is from the Authorization header
[20:23:43] <Aleks (he/him/il/lui)> it's all an untangled mess of legacy and hmpf ~_~
[20:25:11] <Josué> > <@Alekswag:matrix.org> enforcing as in "making it mandatory for apps to declare what SSO method they need"

ah yes, could be good, so to have something like `sso_type`: `auth_basic` or `remote_user_header` or something like that...
[20:28:30] <Josué> the confusing stuff about this is that we can't really find a good documentation about this, and we use the same terme `remote_user` for some different stuff like `$remote_user` var from nginx which is linked to the auth basic and in many application the `remote_user` term is related to a specific header which is most of time named `REMOTE_USER` but can be named anything and which is a header which just the username of the authenticated user set by the reverse proxy.
[20:30:12] <Aleks (he/him/il/lui)> (to me `REMOTE_USER` as a fast cgi param is actually not a header but ... a fastcgi param ... but yes the old version of SSOwat also injected an HTTP header called REMOTE_USER, which increases the confusion)
[20:32:10] <Josué> yes in fast cgi, but in may apps (like by example seafile) the remote_user term is related to a header 😉
[20:32:28] <Aleks (he/him/il/lui)> @_@
[20:32:53] <Aleks (he/him/il/lui)> time to burn computers and grow potatoes and goats
[20:38:49] <Josué> like in seafile: https://manual.seafile.com/11.0/deploy/remote_user/
[20:39:32] <Josué> note, related to our last discussion, in seafile you can map the user fullname with a header.
[20:42:25] <Yunohost Git/Infra notifications> [landingpage] alexAubin pushed 2 commits to main ([8b0ab6aaeb57...48bbf0f0ac06](https://github.com/YunoHost/landingpage/compare/8b0ab6aaeb57...48bbf0f0ac06))
[20:42:29] <Yunohost Git/Infra notifications> [landingpage/main] Fix border colors in dark mode - Alexandre Aubin
[20:42:30] <Yunohost Git/Infra notifications> [landingpage/main] Split long markdown item-list i18n strings with emoji to individual strings - Alexandre Aubin
[20:53:30] <Émy – OniriCorpe> > update between helpers version perhaps?

Hum neh, previous version was already using 2.1 helpers
[22:00:31] <Yunohost Git/Infra notifications> [landingpage] Salamandar pushed 1 commit to main: Add dot in text ([8a18e71a](https://github.com/YunoHost/landingpage/commit/8a18e71af885cfdb992786f77fbaae326dedb88c))
[22:23:40] <Yunohost Git/Infra notifications> [landingpage] Salamandar pushed 1 commit to main: Fix translations ([3b4a6719](https://github.com/YunoHost/landingpage/commit/3b4a671941c6d2eceeb83b4316af00bba3ad099c))
[22:29:05] <Yunohost Git/Infra notifications> [landingpage] Salamandar pushed 1 commit to main: Fix about link, fix hover-opacity ([4848ecbf](https://github.com/YunoHost/landingpage/commit/4848ecbf9248fab9be743449758b454e75cd2269))
[22:31:20] <Yunohost Git/Infra notifications> [landingpage] Salamandar pushed 1 commit to main: Fix about link, fix hover-opacity ([7efeb362](https://github.com/YunoHost/landingpage/commit/7efeb362e80b3ad6c3bf2bed2bdbe129e9de3b3a))