Chatroom logs for support@conference.yunohost.org (Tuesday, April 07, 2026)

April
Mon	Tue	Wed	Thu	Fri	Sat	Sun
		1	2	3	4	5
6	7	8	9	10	11	12
13	14	15	16	17	18	19
20	21	22	23	24	25	26
27	28	29	30

[09:20:29] <artlog> Hi, i see from forum https://forum.yunohost.org/t/contributors-meeting/7454/128 htat contributor's meeting is today at 8:30 PM , it is my first time i would like to attend. thanks for any hints !
[09:30:15] <artlog> https://aria.im/_bifrost/v1/media/download/ATVr6p2NO377WNlahjVRuyyOl7EshLqt74AJNwENDQZatfsyfazORBXvAQMbk6AihO2vRzrjn7iDlQzTjy6RVQZCedbG2aVAAG1hdHJpeC5vcmcvZExia0pydEdOeG92WUt0V3p6c3liS3hR
[09:30:18] <artlog> link on documention from portal send to a 404
[09:30:32] <artlog> https://doc.yunohost.org/fr/user_guide
[17:59:12] <artlog> time flies and i have no news of this event, time will tell.
[18:11:16] <Chatpitaine Caverne> Salut,
J'ai tenté de mettre une appli de suivi de production solaire qui est en http (pas de https disponible) via un redirect vers l'adresse de l'ESP32.
Il me jette en erreur "blocked by devtools". Est-ce dû à l'absence de https ou est-ce potentiellement autre chose ?
[18:12:21] <tituspijean> regarde dans la console de ton navigateur (ce que je pense être "devtools")?
[18:13:21] <Chatpitaine Caverne> Sinon, j'ai du 200 et du 301, 302
[18:13:21] <Chatpitaine Caverne> C'est dans la console que j'ai pu voir blocked by devtools.
[18:17:47] <Chatpitaine Caverne> Mais si c'est en théorie possible de pointer du http avec redirect depuis Yunohost, c'est que c'est un autre souci.
Mais comme il a une adresse affichée https://MYDOMAI.TLD/Monapplisolaire je me dis que c'est peut-être ça qui ne lui plaît pas.
Il y a aussi que quand je curl l'IP de l'ESP32, j'obtiens du binaire....

NB l'appli c'est OpenDTU sur l'ESP32.
[18:19:34] <Chatpitaine Caverne> J'ai désactivé uBlockOrigin pour ce site aussi, au cas où, mais ce n'est pas ça
[18:20:55] <Chatpitaine Caverne> Après, je dois pouvoir installer un Home Assistant et remonter toutes les infos dedans via MQTT, mais j'aurais aimé ne pas sortir l'artillerie lourde.
[18:33:33] <Aleks (he/him/il/lui)> artlog: sent you the infos in DM
[18:38:05] <artlog> oui merci
[21:57:40] <thatoo> Hello,
I install forgejo and forgejo_runner and I could make forgejo_runner building my zola website with it. However, I can't make forgejo_runner copy the content of ./public/* that it builds into the website folder /var/www/zola/public/
Here is the content of /var/www/zola/.forgejo/workflows/zola.yaml :
```
name: build
on:
push:
branches:
- main
pull_request:
workflow_dispatch:

jobs:
test:
runs-on: self-hosted3
steps:
- run: echo All good!
- uses: actions/checkout@v6
with:
submodules: true
fetch-depth: 0
- run: ls -la
- run: ./zola build
- run: ls -la ./public/
- run: cp -R ./public/* /var/www/zola/public/
```
and here are rights of /var/www/zola/public/ :
```
:~$ sudo ls -al /var/www/zola/public
total 360
drwxrwxr-x 7 zola www-data 4096 7 avril 16:54 .
drwxr-x--- 12 zola www-data 4096 7 avril 15:10 ..

```
and as you can see, forgejo_runner user is member of www-data group :
```
~$ groups forgejo_runner
forgejo_runner : forgejo_runner www-data
```
but action fails with this error :
```
cp -R ./public/* /var/www/zola/public/
cp: cible '/var/www/zola/public/': Permission denied
⚙️ [runner]: RUN exit status 1
```
any idea how I could make forgejo_runner copy, during the worflow, the content it builds into the destination folder?
[21:59:14] <thatoo> I even tried to
`chown forgejo_runner:forgejo_runner -R /var/www/zola/public/`
and to
`chmod 777 -R /var/www/zola/public/`
but it doesn't help, It keeps saying :
`cp: cible '/var/www/zola/public/': Permission denied`

the workflow can't even give me
`ls -al /var/www/zola/public/` whereas forgejo_runner user can :
```
forgejo_runner@yunohost:~$ ls -al /var/www/zola/public
total 360
drwxr-xr-x 7 zola www-data 4096 7 avril 17:48 .
drwxr-x--- 12 zola www-data 4096 7 avril 17:48 ..
drwxr-xr-x 2 zola www-data 4096 7 avril 17:48 2023-10-09-statuts-accolades
drwxr-xr-x 2 zola www-data 4096 7 avril 17:48 2025-01-16-premier
-rw-r--r-- 1 zola www-data 5080 7 avril 17:48 404.html
-rw-r--r-- 1 zola www-data 6782 7 avril 17:48 android-icon.png
-rw-r--r-- 1 zola www-data 2141 7 avril 17:48 app.css
-rw-r--r-- 1 zola www-data 3151 7 avril 17:48 apple-touch-icon.png
-rw-r--r-- 1 zola www-data 37317 7 avril 17:48 atom.xml
-rw-r--r-- 1 zola www-data 167294 7 avril 17:48 favicon.ico
-rw-r--r-- 1 zola www-data 9168 7 avril 17:48 i18n.json
drwxr-xr-x 2 zola www-data 4096 7 avril 17:48 icons
-rw-r--r-- 1 zola www-data 6814 7 avril 17:48 index.html
drwxr-xr-x 2 zola www-data 4096 7 avril 17:48 js
-rw-r--r-- 1 zola www-data 41128 7 avril 17:48 main.css
-rw-r--r-- 1 zola www-data 30333 7 avril 17:48 main.min.css
drwxr-xr-x 3 zola www-data 4096 7 avril 17:48 page
-rw-r--r-- 1 zola www-data 91 7 avril 17:48 robots.txt
-rw-r--r-- 1 zola www-data 660 7 avril 17:48 sitemap.xml

```

[21:59:14] <thatoo> https://aria.im/_bifrost/v1/media/download/ASRfB2qxworc3jYkN4SzKKvPpacoqpXrkUb_7NUrddsehBO_M6D51QzUlgjH868GCmLBArq-SZDyPmj_uyDk42hCedbxtSKAAGRlZmlzLmluZm8vRnJQbURKSFJiT3hGV1pBeVNnY0dIWFFH
[21:59:16] <Aleks (he/him/il/lui)> thatoo: didn't read everything attentively but you should check `namei -l /var/www/zola/public` which will display permissions along the entire path
[21:59:17] <Aleks (he/him/il/lui)> one typically confusing thing with permission is that, to access /var/www/foo/bar/pikachu.jpg, you don't only need read permission on pikachu.jpg, you need the +x on every folder in the path, starting from `/` itself, then `/var`, `/var/www`, etc
[21:59:17] <Aleks (he/him/il/lui)> in this case my guess that `/var/www/zola` has restricted permissions
[21:59:18] <Aleks (he/him/il/lui)> also a bit unsure that adding forgejo_runner to the www-data group is the good way to solve the problem, because it also mean forgejo_runner will have access to plenty of other things on the system ... but giving permissions to a single user to access files owned by another user/group is ... not a trivial problem @_@
[21:59:18] <thatoo> something like that?
```
forgejo_runner@yunohost:~$ namei -l /var/www/zola/public
f: /var/www/zola/public
drwxr-xr-x root root /
drwxr-xr-x root root var
drwxr-xr-x root root www
drwxr-x--- zola www-data zola
drwxr-xr-x zola www-data public
```

[21:59:19] <Aleks (he/him/il/lui)> hmmm so there's +x for www-data on /var/www/zola 🤔
[21:59:19] <Aleks (he/him/il/lui)> could it be that you added forgejo_runner to the www-data groups, but somehow you didn't restart the corresponding service ?
[21:59:19] <rodinux> Or you could add a script .sh and a permission sudoers for the forgego-runner to exxecute the script... with sudo and no-passwd...
[21:59:20] <otm33> Salut, tu as fait une redirection ou un reverse proxy ?
[21:59:20] <thatoo> I agree. So far, I'm trying to understand what's going on and what could be the issue.
[22:04:41] <thatoo> I'm not on a prod VM, I'm testing for now.
[22:10:17] <thatoo> I had fun with debbuging forgejo_runner package and then play with it till this strange behavior, now I'm puzzled
[22:10:19] <Aleks (he/him/il/lui)> in this screenshot, does the "whoami" command effectively returns forgejo_runner ?
[22:10:20] <thatoo> indeed and that's what i don't understand
[22:10:22] <Aleks (he/him/il/lui)> in fact it feels a bit odd to me that during such a CI test, you'd be able to access the entire filesystem of the host, typically CI jobs are running inside a container, but idk maybe in the context of forgejo actions you can
[22:10:22] <Aleks (he/him/il/lui)> i'm not super familiar with deployment from a CI job (which is ultimately what you're trying to do with the cp as far as i understand)
[22:10:23] <thatoo> ```
forgejo_runner@yunohost:~$ ls -al /var/www/zola/public
total 360
drwxrwxr-x 7 zola www-data 4096 7 avril 23:06 .
drwxr-x--- 12 zola www-data 4096 7 avril 23:06 ..
drwxrwxr-x 2 zola www-data 4096 7 avril 23:06 2023-10-09-statuts-accolades
drwxrwxr-x 2 zola www-data 4096 7 avril 23:06 2025-01-16-premier
-rw-rw-r-- 1 zola www-data 5080 7 avril 23:06 404.html
-rw-rw-r-- 1 zola www-data 6782 15 janv. 2025 android-icon.png
-rw-rw-r-- 1 zola www-data 2141 15 janv. 2025 app.css
-rw-rw-r-- 1 zola www-data 3151 15 janv. 2025 apple-touch-icon.png
-rw-rw-r-- 1 zola www-data 37317 7 avril 23:06 atom.xml
-rw-rw-r-- 1 zola www-data 167294 30 avril 2024 favicon.ico
-rw-rw-r-- 1 zola www-data 9168 15 janv. 2025 i18n.json
drwxrwxr-x 2 zola www-data 4096 7 avril 23:06 icons
-rw-rw-r-- 1 zola www-data 6814 7 avril 23:06 index.html
drwxrwxr-x 2 zola www-data 4096 7 avril 23:06 js
-rw-rw-r-- 1 zola www-data 41128 15 janv. 2025 main.css
-rw-rw-r-- 1 zola www-data 30333 15 janv. 2025 main.min.css
drwxrwxr-x 3 zola www-data 4096 7 avril 23:06 page
-rw-rw-r-- 1 zola www-data 91 7 avril 23:06 robots.txt
-rw-rw-r-- 1 zola www-data 660 7 avril 23:06 sitemap.xml
forgejo_runner@yunohost:~$ touch /var/www/zola/public/aaa
```

[22:10:23] <Aleks (he/him/il/lui)> or the few times i've seen it, it was with some sort of `scp`
[22:10:26] <thatoo> I'd like to learn using it with Hugo and Zola
[22:10:29] <Aleks (he/him/il/lui)> (reiterating the question of "could it be that you added forgejo_runner to the www-data groups, but somehow you didn't restart the corresponding service ?" because that would explain why you're seeing the forgejo_runner during the job but it doesn't have the right because in the "old" context it wasnt yet in the group)
[22:10:30] <thatoo> I was thinking of doing that but cp seem easier so I wanted to try that first
[22:10:31] <Aleks (he/him/il/lui)> or alternatively, you can try running the `groups` command inside the test itself
[22:10:32] <thatoo> good point, I surely didn't
[22:10:34] <thatoo> you're the boss, it works!
[22:10:35] <thatoo> Thanks
[22:10:36] <Aleks (he/him/il/lui)> 🥳
[22:10:36] <Aleks (he/him/il/lui)> pesky unix group propagation