Tuesday, February 04, 2025
support@conference.yunohost.org
February
Mon Tue Wed Thu Fri Sat Sun
          1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24 25
26
27
28
   
             

[06:57:14] <Dilroop S. Gill> https://paste.yunohost.org/raw/abepokemun sharkey install fails
[09:41:08] <Westbam> Salut la room, savez vous s'il y a des soucis avec Roundcube en ce moment ? l'installation plante. j'avais déjà le souci avec la migration https://paste.yunohost.org/raw/bizomagusi
[16:51:43] <Westbam> Je viens d'ouvrir un ticket sur le forum de yunohost, wait and see
[16:54:54] <Salamandar> > The phar extension is missing.
[16:54:55] <Salamandar> weird
[16:59:43] <Aleks (he/him/il/lui)> Westbam: can you share the output of `grep -nr extension=phar /etc/php/ | grep 8.3` ?
[17:17:49] <Kavelach> Hi, I am working on connecting a custom web PHP app to YH LDAP. I have seen https://doc.yunohost.org/en/packaging_sso_ldap_integration#ldap-integration, but the documentation here is pretty bare-bones. My question is - when I install the app, how does it connect to LDAP? Does it have a username and a password?
[17:19:31] <Aleks (he/him/il/lui)> it doesn't need a username / password, the LDAP is read-only for anonymous users
[17:20:09] <Kavelach> What about write access?
[17:20:31] <Aleks (he/him/il/lui)> dunno why the app would need write access 😬
[17:27:50] <Kavelach> The only thing the app will be actually doing is assigning and removing people from groups. We are using YH in an organisation with almost 100 people and our IT group is not managing who is in what working groups and whatnot
[17:33:21] <Aleks (he/him/il/lui)> in that case you will need to either use an existing user member of the admin group, or create a new LDAP user somehow and tweak LDAP ACL such as it has write permission, or eeer run your app as root and use unix socket auth (`gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth`)
[17:33:38] <Kavelach> Okay, thanks
[17:34:29] <Aleks (he/him/il/lui)> or call yunohost cli somehow (which also requires sudo, or there's also the admin web API on which you need to be authenticated with cookies etc)
[17:34:41] <Kavelach> Currently the app does not have that functionality, is there a different way to allow a certain group of people to manage group memberships right now?
[17:35:16] <Aleks (he/him/il/lui)> nope
[17:36:35] <Kavelach> Is there any documentation for the web API?
[17:36:36] <Aleks (he/him/il/lui)> imho the best compromise i can think of is adding a special rule in the sudoers conf such that your app user can run `sudo yunohost user group <whatever>` (and only this command as sudo) and call this command from PHP
[17:36:59] <Kavelach> Because the cli I can check out myself with `--help`
[17:37:29] <Kavelach> Yeah, I was thinking that would be the right thing to do when you mentioned the CLI
[17:38:29] <Aleks (he/him/il/lui)> the API swagger doc can be generated from a git clone of https://github.com/YunoHost/yunohost and running these few commands : https://github.com/YunoHost/ynh-dev/blob/master/ynh-dev#L619-L632
[17:38:46] <Kavelach> Thanks a lot! <3
[17:40:18] <Kavelach> One more question - installing the custom webapp, there's the `Choose an administration password for this app` field - what does it do, actually?
[17:45:01] <Aleks (he/him/il/lui)> zmelrp i suppose that's just the SFTP password in case you enable SFTP
[17:46:09] <Aleks (he/him/il/lui)> i'll add an help message on that field
[17:49:17] <Aleks (he/him/il/lui)> https://github.com/YunoHost-Apps/my_webapp_ynh/pull/148
[17:55:36] <Kavelach> Thanks
[19:18:38] <claus> > <@claus:blabla.blablub.de> Tried to upgrade synapse but got the following error: https://paste.yunohost.org/raw/egomawotub - what could I do?

Just to complete the topic - I had to delete a directory from a former synaspe installation in /home/yunohost.app.
[19:42:16] <westbam> salut Aleks (he/him/il/lui) , je poste le retour de la commande ici ?
[19:42:25] <westbam> ça fait 4 lignes
[19:43:23] <westbam> # grep -nr extension=phar /etc/php/
/etc/php/8.1/mods-available/phar.ini:3:extension=phar.so
/etc/php/8.0/mods-available/phar.ini:3:extension=phar.so
/etc/php/7.4/mods-available/phar.ini:3:extension=phar.so
/etc/php/8.2/mods-available/phar.ini:3:extension=phar.so
[19:54:13] <Aleks (he/him/il/lui)> et `ls -ld /etc/php/8.3` montre que le dossier existe ou bien ?
[20:01:29] <westbam> yep
[20:01:31] <westbam> drwxr-xr-x 4 root root 4096 3 févr. 13:18 /etc/php/8.3
[20:06:56] <Aleks (he/him/il/lui)> hmmmoké that's a bit funky then, sounds like the phar extension is missing but it's supposed to be part of the common stuff ? I think ?
[20:07:12] <Aleks (he/him/il/lui)> does `ls -l /etc/php/8.2/mods-available/ | grep phar` shows something ?
[20:07:52] <westbam> ls -l /etc/php/8.2/mods-available/ | grep phar
[20:08:07] <westbam> -rw-r--r-- 1 root root 70 9 juin 2023 phar.ini
[20:08:11] <Aleks (he/him/il/lui)> ah sorry i meant 8.3
[20:08:17] <Aleks (he/him/il/lui)> `ls -l /etc/php/8.3/mods-available/ | grep phar`
[20:08:39] <westbam> non la j'ai rien
[20:08:48] <westbam> pas de phar dans le 8.3
[20:09:03] <westbam> donc c'est cette extension qui pose souci ?
[20:09:42] <westbam> tu l'installes comment ? le script d'install de roundcube ne devrait pas le faire directement ?
[20:10:53] <westbam> #/etc/php/8.3/mods-available# ls
curl.ini mbstring.ini zip.ini

[20:13:11] <westbam> si je recopie les .ini du 8.2/mods-available dans le 8.3/mods-available ça le fait ? ou c'est pas propre ?
[20:37:04] <Aleks (he/him/il/lui)> le script de roundcube devrait faire tout ce qu'il faut oui, mais là j'ai l'impression que normalement c'est un truc "de base" et que y'a rien à faire de spécial mais ptete je mgourre
[21:11:46] <Percy Lee> afternoon. First time visitor here, and recently installed Yunohost to a Digital Ocean droplet. Everything turned out okay for the most part. There was a diagnostic notice asking me to open port 25. I did check DO and all the outbound ports appear open.
[21:12:30] <Percy Lee> Anyway reason why I'm here is I set up ssh sign in for the droplet, but it seems the password was changed when Yunohost completed the install. I tried a few times and was locked out.
[21:13:44] <Percy Lee> I can still sign into Yunohost via the web interface. I'm wondering what the procedure is to regain access by the command line terminal
[21:34:21] <tituspijean> Percy Lee: welcome! try to check this out: https://doc.yunohost.org/en/administer/troubleshooting/noaccess#you-have-been-temporarily
[21:35:26] <tituspijean> during its installation, YunoHost asks to alter the SSH configuration. Notably, it will disable logging in with the root user from external IPs (i.e. all IPs since you have a VPS/droplet)
[21:36:00] <tituspijean> You can however use your first admin's credentials to log in with SSH
[21:38:18] <tituspijean> Regarding port 25: https://docs.digitalocean.com/support/why-is-smtp-blocked/
[22:17:27] <Percy Lee> tituspijean: thanks for the links. I did try to ssh via the admin credentials set up. I'm not able to sign in at this time. I get either a Permission denied or Operation timed out response. I'm currently split between trying to "Change root password" under Yunohost's webadmin or "Reset root password" through Digital Ocean.
[22:25:44] <tituspijean> That's weird :/ I'd suggest to try the YunoHost's way first, then try the DO one
[22:26:21] <tituspijean> (though again, root access is probably disabled)
[22:27:03] <tituspijean> but since you have webadmin access, try to see the sshd's service logs
[22:28:09] <tituspijean> another option is to install a browser-based terminal app (I see DO's Console requires installing a dependency, so that's not possible yet), that would allow you to connect with the root user
[22:58:03] <Percy Lee> seems the sshd service logs are showing probably bots signing in with different user names and IPs. I'm just wondering if I should start from scratch. Next time I won't enable the ssh key upfront. I'll just start with a simple root and password.