Original Redmine Issue: 48

Author Name: Anonymous

Is Baïkal the server running DAV for AgenDAV to use ? => Wouldn't it be smarter to let it run as a service more than an app ?
Or are they 2 different services => Then the Baïkal app is not really user friendly (according to the demo running right now - a simple message is displayed (Baïkal is running alright) when the app is opened)

Original Redmine Issue: 16

Author Name: moul

It could be great to use the ".ynh" extension as for Debian packages ".deb" on repositories.

Original Redmine Issue: 5

Author Name: Anonymous

It's considered deprecated in favor of subprocess module.

Original Redmine Issue: 67

Author Name: stevenroose

Metronome is no longer maintained and the missing features from Prosody that made us decide for Metronome are no longer missing from Prosody.

Besides, even though my issue concerning MAM has been closed (twice :p), MAM is not working currently in Metronome (Conversations for Android indicates MAM is unavailable).

Prosody is actively maintained these days and the most popular server alongside ejabberd, but because Metronome and Prosody are so alike, installation- and configuration-wise, migrating to Prosody should be easy.

Both MAM and Client State Indication are important XEPs for Mobile users and are not supported by Metronome (or not working currently and hard to get working since documentation is non-existent), but are by Prosody.

Original Redmine Issue: 37

Author Name: Anonymous

For those who don't have UPnP working, fall back to NAT-PMP (or vice versa). libnatpmp to the rescue.

Original Redmine Issue: 6

Author Name: Anonymous

Looking at https://forum.yunohost.org/t/nohost-domain-recovery/442 makes it obvious that this feature is missing ;)

Original Redmine Issue: 40

Author Name: Anonymous

The current app_makedefault action was done as a quick helper - i.e. it just allows to quickly redirect a domain root to an app. Considering the idea, it should be great to improve it by:

• adding/reviewing actions in order to set, remove and get the default app for a domain
• managing it in the generated SSOwat conf - and not in the persistent one as now
• remove this redirection when the default app is uninstalled

Original Redmine Issue: 43

Author Name: Anonymous

Hi,

On yunohost-admin/testing 2.1.5, sometimes I have a dropdown input (list of users or domains) replaced by a text input.
Maxime says that he got pages with dropdown and pages with text input with the same app, so same manifest...

Thanks for this new version.

Original Redmine Issue: 53

Author Name: julienmalik

Hi,
On a fresh Debian, created with DigitalOcean and with my public ssh key (so without having a password for root), the installation fails:

Removing sudo ...
You have asked that the sudo package be removed,
but no root password has been set.
Without sudo, you may not be able to gain administrative privileges.

If you would prefer to access the root account with su(1)
or by logging in directly,
you must set a root password with "sudo passwd".

If you have arranged other means to access the root account,
and you are sure this is what you want,
you may bypass this check by setting an environment variable 
(export SUDO_FORCE_REMOVE=yes).

Refusing to remove sudo.
dpkg: error processing sudo (--remove):
 subprocess installed pre-removal script returned error exit status 1
Errors were encountered while processing:
 sudo
E: Sub-process /usr/bin/dpkg returned an error code (1)

Easy to manually solve, but I'll let you choose the way for the installation script.

Original Redmine Issue: 58

Author Name: moul

A cron should retrieve new pull requests from GitHub doc repository to avoid unsynchronized doc.

Original Redmine Issue: 60

Author Name: mbugeia

When doing something like this:
sudo yunohost app setting appname unprotected_uris -v "somepath"
The function ssowatconf transformed the unprotected_uris setting to unprotected_urls which is domain + app_path + unprotected_uris
Most of the time it's what we want but some app required to unprotect a path which is not in the app path.

For example, in Seafile, we have to unprotect domain.tld/seafhttp for the syncing to work (it's hardcoded in seafile so no way to change it). With the actual behaviour it's not possible to do this with yunohost app setting since the moulinette will not take unprotected_urls as a ssowat parameter. So the only way to do it is to edit /etc/ssowat/conf.json.persistent, which is kind of a dirty hack.

My guess is this was introduced to avoid conflict between app especially with the yunohost app checkurl function but I think for the very specific cases where unprotected_urls this will not be a issue.

Relevant code here: https://github.com/YunoHost/yunohost/blob/unstable/src/yunohost/app.py#L982-L1007

Original Redmine Issue: 30

Author Name: Anonymous

According to :
http://www.upnp-hacks.org/upnp.html

After a discovery request is sent over the network with UDP on port 1900, the response of other machines on the nework is sent over the same port (1900).
By default, the port 1900 is closed, whereas it should be opened.
I have tested on my instance. If the port is not opened, UPNP won't be accessible, if the port is open, UPNP is activated.

Original Redmine Issue: 32

Author Name: Anonymous

Hello

I try in english first (sorry for the bad expression) :

I tried to build a custom image for labriqueinternet in order to have an easy to use configuration for a end-user. For that, I need to install some apps and define a false domain name (that will be changed after first configuration by the end-user), all of this before building the image of course. So, moulinette must have the hability to properly remove the default domain and to re-assign a new default domain to the installed apps.

So, what I did is to add a new domain (new.domain.org). For that, no problems.
I tried to remove the default domain (old.domain.org) but it tell me that I can't because some apps are installed on this domain. But there is no possibility to change the domain for this apps. The only solution is to remove them that is pretty bad if you have configurations.

So, I tried to make it manually, just to test ;)

I changed the domain option in the settings.yml file for all this apps to force removing old.domain.org. I removed the default domain (old.domain.org) and cleared my browser cache. After that, I don't have any access to SSO (because my user is still under old.domain.org) and I don't have any access to the apps administration pages (because the nginx confs have been removed with old.domain.org directory).

After that, I tried another thing : changing the domain option in settings.yml, moving all nginx configuration files from /etc/nginx/conf.d/old.domain.org/ to /etc/nginx/conf.d/new.domain.org/ and finally, removing old.domain.org. It's working better but there is still problems like accessing the apps administration pages with my user. On the access restriction for each app, I defined my user and after that, it's possible to reach the configuration pages.

So, it should be great to have one of this functionnality :

• Possibility to change the domain for each app (before removing an old domain)
  or
• If a domain is removed, moving all apps installed under this domain to the default one

I think the behaviour of each app should differ when trying to change his domain. For that, it should be interesting to give the possibilty to have this option when building an app. So, at least for these apps, moving domain should be possible.

Quite complicated, sorry for the amount of informations. I precise that I have worked on this apps : hotspot, piratebox, torclient and vpnclient

Thanks !!

Original Redmine Issue: 41

Author Name: Anonymous

Hello,
Things get a little bit confusing with multi-instances apps, as their labels and settings are not displayed in the panel. Here is an illustration:

Original Redmine Issue: 49

Author Name: Anonymous

MAM, or Message Archive Management, is used by all state-of-the-art Jabber clients. Somehow, MAM is not enabled for YunoHost (Android Jabber client Conversations indicates so).

In order to make optimal use of the XMPP protocol, please enable MAM by default.

Original Redmine Issue: 2

Author Name: moul

Add Let's Encrypt.

Alex has created this repo: https://github.com/alexAubin/certmanager_ynh

There was discussions on xmpp to implement it directly in a github.com/yunohost/yunohost branch

Features brainstorming for command lines:

• Integrate features in a subsubcommand

yunohost domain certificate install <domain.tld>

• Specify a provider (it could be an other ACME Certificate Authority)

yunohost domain certificate install <domain.tld> --provider=letsencrypt

• List available provider
• Setup a certificate from files

1. From several files
yunohost domain certificate install <domain.tld> --public /root/public.cert --private /root/private.key --ca /root/ca.cert --intermediate /root/int1.cert  --intermediate /root/int2.cert
1. From one compiled files
yunohost domain certificate install <domain.tld> --merged /root/merged.cert
1. With a wildcard/multisite install certificate
yunohost domain certificate install <domain.tld> <domain2.tld> --merged /root/merged.cert

• If ACME nginx challenge check that DNS are propagated on the DNS server used by LE
• Setup a cron to renew 30 days before expiration and an option to change the delay

yunohost domain certificate install <domain.tld> --provider=letsencrypt --renewal-date 15

• Send an email if renewal failed
• Command to renew manualy

yunohost domain certificate renew <domain.tld>
1. If it's a LE cert, renew the cert from LE, if it's a self signed, resigned one

• Command to renew manually
• backup the key for renewal
• indicate a level of security (for example HIGH: deactivate TLSv1.0 and TLSv1.1)
• What about xmpp metronome and postfix/dovecot
• Creates hooks to let apps to be able to reconfigure their service with the new certificate if needed.
• Configure LE by default if noho.st is used

Features brainstorming for yunohost-admin:

Original Redmine Issue: 36

Author Name: Anonymous

The domain matching pattern in the .yml is always rejecting IDNs (ex: café.com).

I suppose yunohost is not built to support IDNs at all. Therefore at least update the web interface and tell people to use the punycode version (xn--) in case they want to use IDNs.

Original Redmine Issue: 54

Author Name: julienmalik

Install script without postinstall should support being launched several times (since its only aim is to install deb packages).
What should postinstall do when we are already post-installed correctly ?

Original Redmine Issue: 52

Author Name: julienmalik

See :
https://github.com/YunoHost/install_script/blob/master/install_yunohostv2#L154

We use --force-confold during install of yunohost.
Reading
https://raphaelhertzog.com/2010/09/21/debian-conffile-configuration-file-managed-by-dpkg/
I believe we should combine it with --force-confdef (to allow modification of conf files which are unmodified).

Original Redmine Issue: 61

Author Name: Kloadut

Un certain "Voisin" vient de me dire que les stacktrace était activée sur translate.yunohost.org lorsque qu'une erreur apparaissait :

(10:34:25) [email protected]/Voisin: https://translate.yunohost.org/translate/yunohost/yunohost-admin/fr/?sid=067b5102-7e20-11e5-a9c5-00224da69287&offset=2
(10:35:13) [email protected]/Voisin: Sans être connecté, j'ai changé la traduction, cliqué sur "suggest", et paf, erreur

Il serait peut-être bon de voir si c'est désactivable dans la configuration de Weblate.

Bisous love <3

Original Redmine Issue: 10

Author Name: Anonymous

As it creates exponential size backup: previous backups are included to new backups

Original Redmine Issue: 46

Author Name: Anonymous

Add documentation to the administration UI + link the related documentation pages directly.

For example, when you add a new domain, you should have an explanation of what it is and the impacts, plus a link to an extensive documentation page.

Original Redmine Issue: 14

Author Name: Anonymous

I am able to connect to my OpenVPN server using the instuctions indicated on the web page, but I can't access the rest of Internet afterward.

It looks like the traffic is not routed properly on the server side.

Can you confirm this behaviour ?

Original Redmine Issue: 7

Author Name: Anonymous

When a new version of an app has just been released, every install made o that same day are done with the old version.

Inserting a call to app fetchlist just at the beginning of an app install could improve the situation.

Original Redmine Issue: 35

Author Name: Anonymous

Add an action to allow the update of an SSL certificate which will replace the current one on the server. It may also be useful to allow reverting to the self-signed certificate or to generate a new one.

Original Redmine Issue: 34

Author Name: Anonymous

It could be nice to view / remove banned ip from moulinette, and from the web administration.

Original Redmine Issue: 8

Author Name: Anonymous

The YunoHost Dovecot installation supports Sieve and managesieve. However, the managesieve port (4190) is not opened in the firewall by default.

Is this on purpose? Security consideration perhaps? Or just forgotten?
Roundcube has the managesieve installation configured by default, but uses the local interface, so it bypasses the firewall.

Discussion begun on https://github.com/YunoHost/yunohost/issues/78

Original Redmine Issue: 15

Author Name: Kloadut

Maintenant qu'on a un document pour ça, il s’agit de le remplir :

https://dev.yunohost.org/documents/1

À ajouter :

• La liste des serveurs
• La liste des services sur chaque serveur
• Comment et où sont gérer les configurations services
• Les droits d’accès
• Quoi backuper
• Qui contacter en cas de pépins
• Qui loue chaque serveur

Original Redmine Issue: 70

Author Name: Anonymous

Manually creating homedir for $USER in /var/mail is still required, even for users created after a system upgrade (apt upgrade)

I had very few 500 errors, but much troubles with Roundcube
However, it works once the user homedir is created in /var/mail, with the appropriate commands (from Neutrinet's script)

sudo mkdir -p /var/mail/nevdull
sudo chown -hR vmail:mail /var/mail/nevdull
sudo /sbin/mkhomedir_helper /var/mail/nevdull

Original Redmine Issue: 47

Author Name: Anonymous

It should be great to extend the Web administration capabilities with a kind of plugin system.

Original Redmine Issue: 39

Author Name: Anonymous

Implementing a diagnostic function would help debugging by providing useful information on Yunohost instance:

• debian version wheezy/jessie
• yunohost version
• running / non running services
• apps installed (including community app)
• server status like RAM and disk usage
• packages versions
• IP
• main domain

Some information can be personal, so we need to carefully show them to the user.

Original Redmine Issue: 9

Author Name: Anonymous

First proposal here: #62 (comment)

The idea is to implement a notification system for the applications in order to inform users while installing/upgrading/removing an app. We can implement it in mainly two ways:

messages are specified in the manifest for several defined moment - e.g. pre-install, post-remove
a command allows - directly from the scripts - to display a message
Feel free to give your opinion, purpose better implementations, ... Thanks!

Original Redmine Issue: 45

Author Name: Anonymous

Due to https://github.com/YunoHost/yunohost-admin/blob/unstable/src/js/app.js#L189, forms which are invalid from the moulinette side - e.g. create a user with an invalid mailbox quota - are cleaned on each submission. It would be better and more practical to keep the form values until it is successfully submitted.

Original Redmine Issue: 68

Author Name: Anonymous

See https://developer.mozilla.org/en-US/docs/Mozilla/Thunderbird/Autoconfiguration

I guess that the /.well-known/ path should be reserved for each domain, and un-protected by SSOWat

Original Redmine Issue: 42

Author Name: Anonymous

Hi,
I have install transmission and get this bug: https://grimaud.me/fichier/index.php/s/mj3u8ZvLq1NPWHG

It seems that the journal is partially display near the button "journal".
May be a string not escaped ?

Here are the end of the installation journal.

+ sudo cp ../sources/toolbar-downloads.png /usr/share/transmission/web/style/transmission/images/toolbar-downloads.png
+ sudo bash -c 'cat ../sources/ynh_common.css >> /usr/share/transmission/web/style/transmission/common.css'
+ sudo sed -i 's@@
@g' /usr/share/transmission/web/index.html
+ sed -i s@PATHTOCHANGE@/torrent@g ../conf/nginx.conf
+ sudo cp ../conf/nginx.conf /etc/nginx/conf.d/yunohost.local.d/transmission.conf
+ sudo service nginx reload
Reloading nginx configuration: nginx.
+ echo 0

Good night

Original Redmine Issue: 64

Author Name: Kloadut

Currently, we have to wait for an app installation to complete without any hint on how it goes.

It would be great to have the installation logs in real-time :)

Original Redmine Issue: 12

Author Name: Anonymous

Bonjour,

Impossible de faire fonctionner Baikal après une installation standard sur mondomaine/baikal.

Screenshots à venir

Original Redmine Issue: 69

Author Name: Anonymous

Searx is not running properly.

sudo cat /var/log/uwsgi/app/searx.log

/opt/yunohost/searx/searx/poolrequests.py line 6 in
class HTTPAdapterWithConnParams(requests.adapters.HTTPAdapter):
AttributeError: 'module' object has no attribute 'adapters'

sudo cat /var/log/uwsgi/app/searx.log
sudo /opt/yunohost/searx/bin/pip install -r /opt/yunohost/searx/requirements.txt
sudo service uwsgi restart
Same error

Most of these commands were help from jappix on yunohost.org

Original Redmine Issue: 71

Author Name: Anonymous

* Problem *

I created a Yunohost user with pseudonym as username for SSO/LDAP and some other name for email : [email protected]
It works perfectly in RoundCube (after some troubles because of missing username homedir in /var/mail), but not in desktop/non-web email clients such as clients IceDove (Thunderbird)

IceDove asks for both user in [email protected] and the logging username
The logging username is the SSO username
Just to make things clear, even thought RainLoop does not have an SSO/LDAP-based auth but uses plain IMAP(S)/SMTP(S), it accepts username as login, but not user value from the email address, as manually filled in email field, in Yunohost user creation interface

After user RainLoop for debugging, I just used [email protected] for email address field, and username in outgoing/incoming username fields
NB : before knowing about RainLoop, I tried many combinations with and without the SSO username (user from [email protected] as incoming/outgoing username), if not all the logical ones

So let's suppose I created user1 with [email protected] as email address
My IceDove configuration looks like this

**Email address** : [email protected]
**Password** : The same as the SSO passwords, works with Rainloop, Roundcube and XMPP clients

### IMAP
**Domain** : domain.tld (full, with a subdomain, the same as defined in Yunohost and my zone DNS file)
**Protocol** : SSL/TLS
**Port** : 993
**Incoming username** : user1

### SMTP
**Domain** : domain.tld (full, with a subdomain, the same as defined in Yunohost and my zone DNS file)
**Protocol** : SSL/TLS
**Port** : 465
**Incoming username** : user1

But it still doesn't work, IceDove fails to verify the configuration, and can't connect
For some reasons, it looks like IceDove (and probably other email clients) doesn't work properly when username is different from user in [email protected]

1. Workaround

I decide to make things simpler and more consistent
I edit my user's profile, changing it's address from user2 to user1, so user from email address has the same value as SSO username
I deleted user1 homedir from /var/mail, then reacted it

1. sudo rm -r /var/mail/user1
1. sudo mkdir -p /var/mail/user1
1. sudo chown -hR vmail:mail /var/mail/user1
1. sudo /sbin/mkhomedir_helper /var/mail/user1

I restarted dovecot and postfix

1. sudo systemctl restart dovecot
1. sudo systemctl restart postfix

Then I edited IceDove account configuration accordingly, I kept the previous conf but changed the email address, now it works properly

1. Suggestion

Until a better solution could be found
Either make it clear it the documentation, that's it's recommended to have the same value for both user in the email address and username for SSO auth, for users who wish to use a non-web email client
Or automate the process by enforcing the same value between both, and not allowing users to modify one value independently from the other

You can for example do it in an conditional manner, by asking the Yunohost admins if they wish to use a non-web/remote client, when they create users
If yes, then enforce the same value for both SSO username and user in [email protected], if not then they could use different values
(Even if different values might be confusing for configuring remote clients)

Original Redmine Issue: 51

Author Name: julienmalik

Add --domain and --admin-password so that the install script can run fully automated.

Original Redmine Issue: 66

Author Name: Anonymous

Hi

When you upload a web page, you might want to sort your resources to keep it tidy. Thus, using folders might be the best option. In the official Custom Webapp, Cherryl does not manage it.
Is there a way to have a folder management in it ? It would be very convenient, because you will be able to see all the elements in your website clearly.

Bests

Original Redmine Issue: 50

Author Name: julienmalik

Some apps do not fit in the portal :

• baikal has an admin web ui, but is not easily accessible, and not so useful since it comes preconfigured.
• firefox sync does not have any web ui
• mumble ?
• opendkim ?
• piratebox ?
• proftpd ?
• radicale ?
• tor stuff ?
• z-push

We shall find a way for apps to declare they don't want to show up in the portal.

Original Redmine Issue: 13

Author Name: Kloadut

Hey, ce serait cool qu'on ait un certif wildcard pour YunoHost !

Il paraît que Gandi en fournit un pour les projets libres qu’il soutient, mais impossible de remettre la main sur la source de cette info...

Original Redmine Issue: 55

Author Name: julienmalik

Currently not implemented correctly.

First step : before a postinstall, it should be possible to apt-get remove yunohost, and get the server back in its previous state.
Some dependent packages had problems in their pre/postrm scripts. Maybe just needs a test now.

Second step : after we are post-installed, can we remove yunohost ? can we purge ? Need specs about expected behavior.

Original Redmine Issue: 38

Author Name: Anonymous

This is a summary thread to follow the IPv6 compatibility.

Please indicate what has been tested, and lacks.

Original Redmine Issue: 44

Author Name: Anonymous

It should be root:root

Original Redmine Issue: 19

Author Name: moul

As YunoHost is enough stable on Debian Jessie, we don't have .iso images based on this current Debian version.

Original Redmine Issue: 33

Author Name: Anonymous

When an application is already at the latest version, yunohost app upgrade is a no-op.
Implement a "-f" option to force the upgrade, whatever the version check result is.

Original Redmine Issue: 65

Author Name: moul

VoIP and visioconference over XMPP doesn't works. I've only try it with two contacts on my server.
File transfert sometimes doesn't works.
If my memory is good, it was working in YunoHost version 2.0 but it doesn't not works on versions 2.2 and 2.4.
It could come from the configuration or from Metronome it self.

Original Redmine Issue: 59

Author Name: moul

During postinstall, the domain name is well added to YunoHost but not on the Dynette server.