Monday, January 06, 2025
dev@conference.yunohost.org
January
Mon Tue Wed Thu Fri Sat Sun
    1
 2
 3
 4
 5
6
 7
 8
 9
 10
 11 12
13
 14
 15
 16
 17
 18
 19
20
 21
 22
 23
 24
 25
 26
27
 28
 29
 30
 31
    
             

[08:05:21] <Yunohost Git/Infra notifications> [issues] n​icofrand [commented](https://github.com/YunoHost/issues/issues/2493#issuecomment-2572513106) on [issue #2493](https://github.com/YunoHost/issues/issues/2493) [Bookworm] Android shortcuts to homescreen or pinned tabs are redirected to the user portal: My previous answer is actually not the solution: while it seems to solve the issue when logged out, it breaks the behavi...
[10:21:05] <Salamandar> Hmmmm
[10:21:11] <Salamandar> I still have node versions being installed in /usr/local/node_n
[10:21:18] <Salamandar> AND in /opt
[12:15:33] <Salamandar> @Alekswag:matrix.org I have a weird case for example here with incus
[12:16:00] <Salamandar> starting the incus service will create the `incusbr0` network iface, that dnsmasq will pick up… so the incus dnsmasq service will fail to start
[12:16:28] <Salamandar> So we need to install a dnsmasq config file (and restart it) (as root) BEFORE setting up incus…
[14:25:10] <Aleks (he/him/il/lui)> dnsmasq uuuh, on the host you mean ?
[14:25:48] <Aleks (he/him/il/lui)> otherwise yeah there's a known issue that there's sometime no DNS resolution in a preinstalled Yunohost container (because /etc/resolv.conf points to dnsmasq which has no resolver registered)
[14:27:21] <Salamandar> > <@Alekswag:matrix.org> dnsmasq uuuh, on the host you mean ?

yes
[14:28:02] <Salamandar> it's picking up the "private" incusbr0 iface and the incus-provided dnsmasq (that will provide resolution to the containers) can't attach to incusbr0:53
[14:28:18] <Salamandar> anyways i fixed that by first configuring dnsmasq then only configuring incus
[17:10:34] <rodinux> Can you confirm me if activating the auto dns in domains do something when you try renew a cert install ??
[17:11:08] <Aleks (he/him/il/lui)> that shouldnt have any impact ?
[17:13:43] <rodinux> I try understand why I could upgrade a cryptpad and also install a new fresh one yesterday and ither users have errors when renewing the cert install with the sandbox which is only a nginx conf file and a CNAME...
[17:14:11] <Aleks (he/him/il/lui)> what's the error
[17:37:32] <rodinux> example yesterday, I try install a cryptpad, Post-install said you need add a entry look dns suggest `sandbox.cryptpad.domain.tld 3600 IN CNAME cryptpad.domain.tld` and then `yunohost domain cryptpad.domain.tld cert install renew --force`, first I have got errors like
```
yunohost domain cert renew cryptpad.xxxxx.xxx --force
Info: Now attempting renewing of certificate for domain cryptpad.xxxxx.xxx !
Info: Parsing account key...
Info: Parsing CSR...
Info: Found domains: sandbox.cryptpad.xxxxx.xxx, cryptpad.xxxxx.xxx
Info: Getting directory...
Info: Directory found!
Info: Registering account...
Info: Already registered!
Info: Creating new order...
Info: Order created!
Info: Verifying cryptpad.xxxxx.xxx...
Info: cryptpad.xxxxx.xxx verified!
Info: Verifying sandbox.cryptpad.xxxxx.xxx...
Error: Wrote file to /var/www/.well-known/acme-challenge-public/dKTotSaXo0JApPWIQG866zGIzwG8B01Tktx3DctDet0, but couldn't download http://sandbox.cryptpad.xxxxx.xxx/.well-known/acme-challenge/dKTotSaXo0JApPWIQG866zGIzwG8B01Tktx3DctDet0: Error:
Url: http://sandbox.cryptpad.xxxxx.xxx/.well-known/acme-challenge/dKTotSaXo0JApPWIQG866zGIzwG8B01Tktx3DctDet0
Data: None
Response Code: None
Response: <urlopen error [Errno -2] Name or service not known>
Error: Certificate renewing for cryptpad.xxxxx.xxx failed!
Info: The operation 'Renew 'cryptpad.xxxxx.xxx' Let's Encrypt certificate' could not be completed. Please share the full log of this operation using the command 'yunohost log share 20250106-153214-letsencrypt_cert_renew-cryptpad.xxxxx.xxx' to get help
Error: Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/yunohost/vendor/acme_tiny/acme_tiny.py", line 226, in get_crt
assert disable_check or _do_request(wellknown_url)[0] == keyauthorization
^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/yunohost/vendor/acme_tiny/acme_tiny.py", line 88, in _do_request
raise ValueError(
ValueError: Error:
Url: http://sandbox.cryptpad.xxxxx.xxx/.well-known/acme-challenge/dKTotSaXo0JApPWIQG866zGIzwG8B01Tktx3DctDet0
Data: None
Response Code: None
Response: <urlopen error [Errno -2] Name or service not known>

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/yunohost/certificate.py", line 516, in _fetch_and_enable_new_certificate
signed_certificate = sign_certificate(
^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/yunohost/vendor/acme_tiny/acme_tiny.py", line 228, in get_crt
raise ValueError(
ValueError: Wrote file to /var/www/.well-known/acme-challenge-public/dKTotSaXo0JApPWIQG866zGIzwG8B01Tktx3DctDet0, but couldn't download http://sandbox.cryptpad.xxxxx.xxx/.well-known/acme-challenge/dKTotSaXo0JApPWIQG866zGIzwG8B01Tktx3DctDet0: Error:
Url: http://sandbox.cryptpad.xxxxx.xxx/.well-known/acme-challenge/dKTotSaXo0JApPWIQG866zGIzwG8B01Tktx3DctDet0
Data: None
Response Code: None
Response: <urlopen error [Errno -2] Name or service not known>

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/yunohost/certificate.py", line 404, in certificate_renew
_fetch_and_enable_new_certificate(domain, no_checks=no_checks)
File "/usr/lib/python3/dist-packages/yunohost/certificate.py", line 529, in _fetch_and_enable_new_certificate
raise YunohostError("certmanager_cert_signing_failed")
yunohost.utils.error.YunohostError: Could not sign the new certificate

Error: Could not sign the new certificate
Error: Let's Encrypt certificate renew failed for cryptpad.xxxxx.xxx
```
[17:38:46] <rodinux> After a while, trying disable mails ans also auto dns config I could renew the certificate, but I am not sure why ??
[17:40:49] <Aleks (he/him/il/lui)> hmyeah naively i would think disabling mails and auto dns config has nothing to do with it, it feels like a DNS cache issue and just waiting a bit fixed "DNS propagation", but that's my rough guess
[17:41:31] <rodinux> It should be this, ok, just need patience
[17:42:15] <rodinux> thanks
[17:49:34] <rodinux> Can you clean the cache dns ?
[17:50:16] <rodinux> or just with a regen-conf ?
[18:06:16] <Aleks (he/him/il/lui)> the DNS "cache" is not something specifically on the server, it's possibly something across the entire internet ... it depends on your registrar and which DNS resolver you're using, etc
[18:07:10] <Aleks (he/him/il/lui)> typically if for some reason the server tries to ask to resolve "foobar.tld" *before* the DNS record are actually created, it will return that there's no such domain, and may remember than answer for a certain amount of time
[18:08:09] <Aleks (he/him/il/lui)> though i suppose one way around this would be to either set that `disable_check` in acme_tiny's code (cf the `assert disable_check or _do_request(wellknown_url)[0] == keyauthorization` line in the stacktrace) or hack /etc/hosts to force DNS resolution
[18:08:16] <Aleks (he/him/il/lui)> but that raises other existential questions in turn
[18:09:36] <Aleks (he/him/il/lui)> or hmmm now that I think about it, theoretically the resolution for the registered yunohost domains does work because we tweak the dnsmasq conf to resolve those domains, but since the sandbox domain is kind of special and doesnt properly exists, it falls back to external resolution
[18:09:51] <Aleks (he/him/il/lui)> so eeeeh maybe if we had a hook to properly define that subdomain in dnsmasq that would work
[18:10:43] <rodinux> there is a hook here https://github.com/YunoHost-Apps/cryptpad_ynh/blob/master/hooks/custom_dns_rules
[18:11:45] <Aleks (he/him/il/lui)> yes but that one is for alternate names for the certificate, not stuff for dnsmasq ... but maybe we could also parse it during the dnsmasq regen conf i suppose
[18:12:23] <Aleks (he/him/il/lui)> in fact the same issue probably arises for metronome/prosody with muc domains etc
[18:12:32] <Aleks (he/him/il/lui)> except that historically the muc and xmpp-upload domains were part of the recommended conf
[18:12:40] <Aleks (he/him/il/lui)> so maybe nobody really noticed it yet
[18:32:35] <rodinux> It could be nice...
[20:24:45] <orhtej2> new `yunohost app shell xxxxx` produces a shell where `nano` no loger colours syntax, `end` key is unbound and `less` complains about partial shell compatibility 🤷

So long story short something about [this PR](https://github.com/YunoHost/yunohost/pull/2009) is broked
[20:25:01] <Yunohost Git/Infra notifications> [repository] S​alamandar published [new release #v1.2](https://github.com/YunoHost/pepettes/releases/tag/v1.2) v1.2
[20:25:01] <Yunohost Git/Infra notifications> [repository] S​alamandar released [new release #v1.2](https://github.com/YunoHost/pepettes/releases/tag/v1.2) v1.2
[20:25:02] <Yunohost Git/Infra notifications> [repository] S​alamandar created [new release #v1.2](https://github.com/YunoHost/pepettes/releases/tag/v1.2) v1.2
[20:25:02] <Yunohost Git/Infra notifications> [pepettes] S​alamandar created new tag v1.2
[20:27:10] <Salamandar> > new `yunohost app shell xxxxx` produces a shell where `nano` no loger colours syntax, `end` key is unbound and `less` complains about partial shell compatibility 🤷
>
> So long story short something about [this PR](https://github.com/YunoHost/yunohost/pull/2009) is broked

yes, i saw that too, tmux doesn't want to work
[20:27:20] <Salamandar> it's because `TERM` is set to `dummy` or whatnot
[20:28:19] <Salamandar> `_make_environment_for_app_script` needs to "inherit" some values
[21:28:48] <Yunohost Git/Infra notifications> [yunohost] a​lexAubin pushed 1 commit to dev: helpers2.1: force COREPACK_ENABLE_DOWNLOAD_PROMPT=0 when using ynh_exec_as_app ([4a07a830](https://github.com/YunoHost/yunohost/commit/4a07a83014a1c3d62d3b7a563b5078291031d6dd))
[21:29:04] <Aleks (he/him/il/lui)> (assuming we never have reasons to not set it as 0 ^)
[21:30:07] <Yunohost Git/Infra notifications> 🏗️ Starting build for yunohost/12.0.9.2+202501062230 for bookworm/unstable/all ...
[21:31:14] <Yunohost Git/Infra notifications> ✔️ Completed build for yunohost/12.0.9.2+202501062230 for bookworm/unstable/all.
[21:40:46] <Yunohost Git/Infra notifications> [issues] J​osue-T [commented](https://github.com/YunoHost/issues/issues/2493#issuecomment-2573975778) on [issue #2493](https://github.com/YunoHost/issues/issues/2493) [Bookworm] Android shortcuts to homescreen or pinned tabs are redirected to the user portal: Hello, I confirm Ive the same issue.
[22:24:23] <rodinux> Sorry, can you confirm me if I am right or wrong, someone try debug his cryptpad, but the domain he used is already a CNAME of the maindomain, he needs remove such CNAME and put a A and AAAA enrty, isn't it ?
[22:29:00] <Aleks (he/him/il/lui)> i'd say it doesnt matter but i'm not 100% expert on the subtleties between CNAME and A/AAAA
[22:35:43] <rodinux> it is so strange, and I can't see the CNAME in MXtoolbox declared for now... I think the entry for the cryptpad.domain.tld should be a A entry and then there is a CNAME for sandbox.cryptpad.domain.tld cryptpad.domain.tld
[22:53:48] <rodinux> Ok we found the problem !!
[23:12:29] <rodinux> https://forum.yunohost.org/t/sandbox-domain-certproblem/34564/20?u=rodinux