Friday, January 10, 2025
dev@conference.yunohost.org
January
Mon Tue Wed Thu Fri Sat Sun
    1
 2
 3
 4
 5
6
 7
 8
 9
 10
 11 12
13
 14
 15
 16
 17
 18
 19
20
 21
 22
 23
 24
 25
 26
27
 28
 29
 30
 31
    
             

[10:44:32] <autra> Hi! I've dug into the opensondage mail problem a bit, and also realized that nextcloud can't currently send mail. It might be a more general yunohost issue. Is there already an issue for that?
[10:45:47] <autra> (in short, if I understand correctly, postfix delegates to dovecot for the authent, which itself has 2 main ways : linux authent + ldap, and both wouldn't work for nextcloud or opensondage user as it is currently config)
[10:46:22] <autra> not sure of these assumptions though, and not sure how dovecot is supposed to authent apps as opposed to regular users.
[10:47:53] <autra> the issue in question : https://github.com/YunoHost-Apps/opensondage_ynh/issues/95
[21:37:16] <orhtej2> > <@autra:trancart.eu> (in short, if I understand correctly, postfix delegates to dovecot for the authent, which itself has 2 main ways : linux authent + ldap, and both wouldn't work for nextcloud or opensondage user as it is currently config)

[this line](https://github.com/YunoHost-Apps/opensondage_ynh/blob/1d08aa7138b253e7ab6dd3590a926e9b9144b3a6/conf/config.php#L91) should reference `127.0.0.1` and you pray that whatever opensondage uses ignores invalid TLS cert
[21:37:49] <orhtej2> [and this](https://github.com/YunoHost-Apps/opensondage_ynh/blob/1d08aa7138b253e7ab6dd3590a926e9b9144b3a6/conf/config.php#L95) needs to be `tls`
[21:38:42] <orhtej2> and no, for whatever reason you cannot have unsecure connection from 127.0.0.1, and by whatever reason I mean because `dovecot` does not allow it
[22:11:31] <autra> not sure about that, I think I go farther when I keep my domain (which resolves to 127.0.0.1 anyway) because it allows me to go past the TLS handshake. The error I have is a "SASL login authentication failed", which supposes the TLS is successfull
[22:12:21] <autra> For me the problem lies in the dovecot authent, because when I do `doveadm auth login opensondage@trancart.eu <thepass in the opensondage config file>` it fails
[22:13:14] <orhtej2> > <@autra:trancart.eu> not sure about that, I think I go farther when I keep my domain (which resolves to 127.0.0.1 anyway) because it allows me to go past the TLS handshake. The error I have is a "SASL login authentication failed", which supposes the TLS is successfull

thing is service user is NOT allowed to connect to anything but `127.0.0.1` and the creds are rejected not because they're invalid, but because `dovecot` thinks the connection comes from the outside
[22:13:24] <orhtej2> login to opensondate@127.0.0.1 and it'll high five you
[22:13:44] <autra> that is possible indeed. Because in this case, it'll check the ldap and there is no opensondage user there
[22:13:59] <orhtej2> that user is not in LDAP
[22:14:06] <autra> yes
[22:14:40] <orhtej2> `cat /etc/dovecot/app-senders-passwd`, the user should be there
[22:14:40] <autra> there is also a support for linux authent if I read the conf correctly, but the opensondage user does not have a password so...
[22:15:23] <orhtej2> assuming the app declares e-mail capability it's set up just fine, just log in to 127.0.0.1, bypass TLS cert and you're golden
[22:16:01] <orhtej2> yup it does https://github.com/YunoHost-Apps/opensondage_ynh/blob/1d08aa7138b253e7ab6dd3590a926e9b9144b3a6/manifest.toml#L64
[22:17:17] <autra> ah yes, it's because by doveadm command was not correct, I should specify opensondage user, not opensondage@trancart.eu
[22:17:41] <autra> ok thanks for the pointer orhtej2 , I'm gonna see if I can persuade opensondage to ignore cert error...
[22:26:59] <orhtej2> supported but not exposed https://github.com/PHPMailer/PHPMailer/blob/2f5c94fe7493efc213f643c23b1b1c249d40f47e/examples/ssl_options.phps#L46C9-L46C31
[22:27:00] <orhtej2> https://framagit.org/framasoft/framadate/framadate/-/blob/v1.1.x/app/classes/Framadate/Services/MailService.php?ref_type=heads#L103
[22:27:00] <orhtej2> or better https://github.com/PHPMailer/PHPMailer/blob/2f5c94fe7493efc213f643c23b1b1c249d40f47e/examples/ssl_options.phps#L49
[22:33:28] <autra> btw I think we have a similar problem with nextcloud
[22:34:06] <autra> I'm wondering if this couln't be fixed more generally (I don't have any clue how though)
[22:35:25] <autra> ok, I'll double-check then.
[22:35:25] <orhtej2> > <@autra:trancart.eu> btw I think we have a similar problem with nextcloud

nextcloud worked for me last time I checked
[22:36:49] <orhtej2> https://aria.im/_bifrost/v1/media/download/AcmhQ4RNdDXzy6N7NC3MUWN6Y8EUTsWUmKLfnSJYslXYisK8mmDnqikHFppVbF0s3HarPAmTLYDodmBwBPgcMk1CeUV4NJjwAGNpcmNsZWRzcXVhcmVyb290Lm92aC9jYzg1YjI5ZjkzMzMxNjNjYzkxOTQxNGM3M2I1ZmFkODM4MWE3Njk2ZmNiMTgzNTYzMTNlN2UzOTE5MTNhOTU0
[22:36:49] <orhtej2> still works
[22:37:40] <orhtej2> > <@autra:trancart.eu> I'm wondering if this couln't be fixed more generally (I don't have any clue how though)

I spent some time some time ago on this issue and the only solution I came up with was getting cert for `localhost` that locally run `curl` would consider valid and I gave up
[22:38:24] <orhtej2> issue for tracking: https://github.com/YunoHost/issues/issues/2276
[22:39:11] <autra> https://aria.im/_bifrost/v1/media/download/AQsEtUqNbaT638Nq5uC43ZWbHUr5GlKv5jPjT8wbydlxEVO6vFCfjpdxDGhLjESfDWhlJA7LMuA5TnwmCEW-vPRCeUV4V0bQAHRyYW5jYXJ0LmV1L2FrbVRDZ0ZXaEhtcUlxZ2ROT0pyaVBhcQ
[22:39:13] <autra> does not for me :-(
[22:39:21] <autra> what is your version of nextcloud?
[22:41:55] <orhtej2> 29.something
[22:42:06] <orhtej2> I don't think the config changed
[22:43:19] <orhtej2> https://aria.im/_bifrost/v1/media/download/AWw3ROb8hR90T3ZQVxDwXn0tqKCKHmzXQtNi2N6i8t86n4q11TtexDNY-bCvdDUhD4J5kOT4gSgLBy508sKSzjtCeUV4k8SQAGNpcmNsZWRzcXVhcmVyb290Lm92aC8yMzE0ZmY2ZWRkZDA2NWUxODgzNmY3YTA0NzgzNzllODFlNWFiY2UyMDZmNjk4YzIwZWNjM2FiOWU3NTk1NzBi
[22:43:24] <orhtej2> does your config differ?
[22:44:12] <orhtej2> changing it to `sendmail` should work and get you tagged as spam everywhere 🤷
[22:49:37] <Yunohost Git/Infra notifications> [yunohost] a​lexAubin [commented](https://github.com/YunoHost/yunohost/pull/2023#discussion_r1911598958) on pull request #2023 Improving go helper: Im super confused because it is app for the ruby helper x_X Or is the ruby helper also wrong ? https://github.com/Yu...
[22:49:37] <Yunohost Git/Infra notifications> [yunohost] a​lexAubin [commented](https://github.com/YunoHost/yunohost/pull/2023#discussion_r1911572593) on pull request #2023 Improving go helper: suggestion if [[ -z "final_go_version" ]] then
[22:49:37] <Yunohost Git/Infra notifications> [yunohost] a​lexAubin [commented](https://github.com/YunoHost/yunohost/pull/2023#discussion_r1911605829) on pull request #2023 Improving go helper: To me whats troublesome is : what is it doing in the first place x_X It looks like this is meant to verify that RBEN...
[22:49:37] <Yunohost Git/Infra notifications> [yunohost] a​lexAubin [commented](https://github.com/YunoHost/yunohost/pull/2023#discussion_r1911571742) on pull request #2023 Improving go helper: I would tend to keep the previous syntax such that HOME doesnt get change in the rest of the script which could have ...
[22:49:37] <Yunohost Git/Infra notifications> [yunohost] a​lexAubin [commented](https://github.com/YunoHost/yunohost/pull/2023#discussion_r1911566662) on pull request #2023 Improving go helper: Uuuuh not sure why switching to the new version ... the current one with json and jq seems much more clean and robust ...
[22:49:40] <Yunohost Git/Infra notifications> [yunohost] a​lexAubin [commented](https://github.com/YunoHost/yunohost/pull/2023#discussion_r1911581421) on pull request #2023 Improving go helper: (are we sure that having that same var in lowercase is actually useful for anything x_x ... i guess it comes from copypa...
[22:51:36] <Yunohost Git/Infra notifications> [yunohost] a​lexAubin [commented](https://github.com/YunoHost/yunohost/pull/2023#issuecomment-2584650053) on [issue #2023](https://github.com/YunoHost/yunohost/pull/2023) Improving go helper: (Now im just super confused about whats the best starting point between ruby and go, but it definitely looks like the ...
[22:55:26] <Yunohost Git/Infra notifications> [yunohost] a​lexAubin created new tag debian/12.0.10
[22:55:26] <Yunohost Git/Infra notifications> [yunohost] a​lexAubin pushed 1 commit to dev: Update changelog for 12.0.10 ([992b25d7](https://github.com/YunoHost/yunohost/commit/992b25d7ba42e0ace7c5d4cfab41c4f7a1e1c65b))
[22:55:58] <Yunohost Git/Infra notifications> 🏗️ Starting build for yunohost/12.0.10 for bookworm/stable/all ...
[22:57:04] <Yunohost Git/Infra notifications> ✔️ Completed build for yunohost/12.0.10 for bookworm/stable/all.
[22:57:22] <orhtej2> we could use backporting of some of the fixes to bullseye, but then apps require bookworm for no reason so what's the use 🤷
[22:58:02] <Aleks (he/him/il/lui)> merp @_@
[22:58:22] <Aleks (he/him/il/lui)> bullseye is kind of supposed to become a thing of the past asap tho
[22:58:38] <Aleks (he/him/il/lui)> we're 6 months away from trixie supposedly 😬
[23:00:06] <Yunohost Git/Infra notifications> 🏗️ Starting build for yunohost/12.0.10+202501110000 for bookworm/unstable/all ...
[23:00:56] <Aleks (he/him/il/lui)> https://release.debian.org/trixie/freeze_policy.html hm there's still no freezing schedule announced 🤔 last time bookworm first freeze stage was on january 12th 🤔
[23:01:43] <Yunohost Git/Infra notifications> ✔️ Completed build for yunohost/12.0.10+202501110000 for bookworm/unstable/all.
[23:18:23] <autra> Yes it did, Encryption was set to SSL. It's working now, thanks!