Monday, November 26, 2018
yunohost@conference.lightwitch.org
November
Mon Tue Wed Thu Fri Sat Sun
      1
2
3
4
5
6
7
8
9 10
11
12
13
14
15
16 17 18
19 20 21
22
23
24
25
26
27
28
29
30
   
             
YunoHost support room | Don't ask to ask, just ask ! | Be patient and stay polite with everybody (this is a free software project ran by volunteers) | No answer? Post on the forum: https://forum.yunohost.org | This room is mirrored via Echo1 | Donate: https://liberapay.com/YunoHost

[06:53:46] <irc> <Pierre0412> Hello
[07:07:17] <massimiliano> Bonjour
[08:33:48] <irc> <frju365:matrix.org> Bonjour !
[08:41:33] <irc> <m_b> slt
[08:44:50] <irc> <Trane1000> HEllow
[10:54:33] <irc> <liberodark:matrix.org> bonjour a tous
[13:01:14] <irc> <mod24> Hi there, since the last upgrade to yunohost 3.3.1 I have the problem that I can't login to the Admin Interface any longer
[13:01:42] <irc> <mod24> In the yunohost-api.log it says: "2018-11-26 13:42:18,245 ERROR moulinette.authenticator _retrieve_session - unable to decrypt password for the session:
[13:01:42] <irc> <mod24> 2018-11-26 13:42:18,245 ERROR moulinette.authenticator _retrieve_session - unable to decrypt password for the session: "
[13:02:58] <irc> <mod24> I already tried a yunohost service regen-conf, but without any success. Also tried to "yunohost tools migrations migrate", but without improvement of the situation. Any help would be really appreciated
[13:25:01] <irc> <Aleks_> hm
[13:25:15] <irc> <Aleks_> mod24: can you try to "yunohost tools shell" ? it shall ask you the admin password
[13:25:36] <irc> <Aleks_> with this i mainly want to test if ldap authentication is working or broken in CLI as well
[13:25:54] <irc> <Aleks_> (if it works it should open you a command prompt which you can close with Ctrl+D I think)
[13:27:44] <irc> <mod24> Hi Aleks, thanks for answering. Just tried and "yunohost tools shell" asks me for the admin-password and after I enter it the shell opens
[13:28:41] <irc> <Aleks_> hmokay
[13:29:23] <irc> <Aleks_> so sounds like nothing serious is broken :P but still mysterious what's happening on the admin interface
[13:29:36] <irc> <Aleks_> does running "systemctl restart yunohost-api" improves the situation ?
[13:32:02] <irc> <mod24> Unfortuantely it doesn't. I already tried this, as well as rebooting the whole server.
[13:35:19] <irc> <Aleks_> hm
[13:35:36] <irc> <Aleks_> random idea, but does using a different browser works better ?
[13:40:00] <irc> <mod24> No, just tried Chromium und Firefox.
[13:40:25] <irc> <mod24> Any Ideas to get more log-output or debug messages to see what's going on?
[13:48:27] <irc> <Aleks_> lemme have a look at the code
[13:49:41] <irc> <Aleks_> sounds like there's an issue with a file in /var/cache/moulinette
[13:50:01] <irc> <Aleks_> ending in .asc ?
[13:50:20] <irc> <Aleks_> mod24: what does "ls /var/cache/moulinette/*.asc" returns
[13:50:35] <irc> <Aleks_> hmwait in fact in might be more like :
[13:50:43] <irc> <Aleks_> "ls /var/cache/moulinette/session/*/*.asc"
[13:57:04] <irc> <mod24> https://thepasteb.in/p/Z4hP6l9pJqNtG
[13:57:22] <irc> <mod24> Thank you very much for helping me out, btw
[14:06:04] <irc> <Aleks_> mod24: hmmm so
[14:06:14] <irc> <Aleks_> naively I would do something like
[14:06:24] <irc> <Aleks_> mkdir /root/tmp_cache_save
[14:06:33] <irc> <Aleks_> mv /var/cache/moulinette/session/*/*.asc /root/tmp_cache_save
[14:06:41] <irc> <Aleks_> and see if that fixes the situation
[14:14:17] <irc> <mod24> Just tried this. It doesn't solve the situation. I have only one .asc file now in /var/cache.... but the error is the same
[14:16:56] <irc> <Aleks_> hmokay
[14:17:13] <irc> <Aleks_> let's see
[14:18:55] <irc> <Aleks_> can you run this :
[14:19:46] <irc> <Aleks_> python -c 'open("/var/cache/moulinette/session/default/1234567890abcdef.asc", "r")'
[14:19:49] <irc> <Aleks_> (replace 1234567890abcdef with the name of the file you have in the cache folder)
[14:20:13] <irc> <mod24> I did: python -c 'open("/var/cache/moulinette/session/default/c9f0e0f8cd8d50fd74a651366011d12b0d5003e3.asc", "r")'
[14:20:49] <irc> <mod24> No error message, but no output either. Just checked with nano, the file is empty
[14:21:11] <irc> <Aleks_> @.@
[14:21:54] <irc> <Aleks_> ah wait
[14:22:49] <irc> <Aleks_> hm okay that makes more sense
[14:23:16] <irc> <Aleks_> mod24: on your browser, do you have anything configured that could stop cookies from working properly ? (or on the other browser you used)
[14:24:52] <irc> <mod24> Yes, I do have an pi-hole locally and some extensions. I'll try another browser without any extension right now
[14:25:25] <irc> <mod24> Ok, I just tried with epiphany browser, but it still is the same. I just deactivated my pi-hole for 5 minutes but still the same
[14:25:42] <irc> <Aleks_> hmokay so maybe that's unrelated
[14:27:16] <irc> <Aleks_> ah, in the yunohost-api logs, do you happen to have some lines written "unable to store session" somewhere ?
[14:27:32] <irc> <Aleks_> e.g. if you run tail -n 100 /var/log/yunohost/yunohost-api.log
[14:29:08] <irc> <mod24> Just looked through the logs: No appearance of "unable to store session". I only have two types of Entries: The error from moulinette.autheticator and INFO Messages from geventwebsocker.handler
[14:33:33] <irc> <Aleks_> meh
[14:33:48] <irc> <Aleks_> was it even working at some point in the past ? xD
[14:34:49] <irc> <mod24> Yes, for sure ;-)
[14:35:04] <irc> <Aleks_> ah that's since the upgrade
[14:35:45] <irc> <mod24> Yes, since 3.3(1)
[14:35:45] <irc> <Aleks_> so just to be sure, there's no content in the cache file you say ?
[14:36:34] <irc> <Aleks_> what about the files we backuped in /root/tmp_cache_save, if you run "cat /root/tmp_cache_save/*", does that print stuff ?
[15:04:31] <irc> <fffrantz> Hi guys! I have an issue with mariadb-server refusing to update saying it requires mariadb-server-10.1 to be configured... I looked in the forums for answers, to no avail...
[15:07:35] <irc> <Aleks_> can you paste the exacte error messages somewhere ?
[15:10:24] <irc> <fffrantz> Here's the result of apt update && apt upgrade : https://pastebin.com/AbKcdJkz
[15:11:32] <irc> <Aleks_> what about dist-upgrade ?
[15:12:04] <irc> <Aleks_> though maybe that's unrelated but i'd tend to use dist-upgrade by default
[15:12:09] <irc> <mod24> Sorry, I was offline for some minutes because my provider decided that it's time to go offline :-(
[15:12:47] <irc> <mod24> All of the files are empty (also the saved ones). 0 byte all of them
[15:13:05] <irc> <Aleks_> otherwise mabe try this fffrantz : https://askubuntu.com/a/861241
[15:13:30] <irc> <Aleks_> eh okay mod24
[15:14:49] <irc> <fffrantz> Same issue with dist-upgrade, unfortunately
[15:15:35] <irc> <Aleks_> try this fffrantz : https://askubuntu.com/a/861241
[15:17:08] <irc> <fffrantz> @Aleks_ Still the same issue, and still throwing errors on /dev/log connection refused
[15:17:28] <irc> <fffrantz> Well, I guess I'll do a clean install over the weekend, I've been having a lot of errors since the update to Jessie
[15:17:36] <irc> <Aleks_> mod24: try running this :
[15:17:39] <irc> <Aleks_> python -c "import gnupg; gpg=gnupg.GPG(); gpg.encoding = 'utf-8'; f=open('/root/test.gpg','w'); f.write(str(gpg.encrypt('toto', None, symmetric=True, passphrase='yunohost')))"
[15:17:47] <irc> <Aleks_> and check if there's something in /root/test.gpg then
[15:18:06] <irc> <Aleks_> okay fffrantz :s
[15:18:38] <irc> <fffrantz> Thanks guys! Keep up the good work!
[15:20:15] <irc> <mod24> Interesting: test.gpg gets created but it's also 0 byte with nothing in there
[15:22:03] <irc> <Aleks_> wow okay
[15:22:15] <irc> <Aleks_> sounds like we're getting closer
[15:23:46] <irc> <Aleks_> so i'm guessing the following code doesn't print anything either ?
[15:23:50] <irc> <Aleks_> python -c "import gnupg; gpg=gnupg.GPG(); gpg.encoding = 'utf-8'; s=gpg.encrypt('toto', None, symmetric=True, passphrase='yunohost'); print(s)"
[15:24:31] <irc> <mod24> correct. Empty result
[15:24:35] <irc> <Aleks_> if you run "dpkg --list | grep python-gnupg", do you see version 0.3.9 ?
[15:25:03] <irc> <mod24> 0.3.9-1 to be exact
[15:25:29] <irc> <Aleks_> yes
[15:25:46] <irc> <Aleks_> and python --version shows 2.7.x ?
[15:25:58] <irc> <mod24> 2.7.13
[15:26:13] <irc> <Aleks_> alright
[15:29:55] <irc> <Aleks_> mod24: bear with me, we'll fix this ;P
[15:29:58] <irc> <Aleks_> if you run :
[15:30:00] <irc> <Aleks_> cat /root/.gnupg/gpg.conf | grep -v "^#\|^$"
[15:30:09] <irc> <Aleks_> do you see something like "no-tty" ?
[15:30:45] <irc> <mod24> no. I only see "use-agent", "pinenty-mode loopback"
[15:32:31] <irc> <Aleks_> is use-agent set to True ?
[15:33:29] <irc> <Aleks_> ah maybe this should display some info about why it's failing ? :
[15:33:30] <irc> <mod24> no. it's just one line saying "use-agent"
[15:33:31] <irc> <Aleks_> python -c "import gnupg; s = gnupg.GPG(verbose=True).encrypt('toto', None, symmetric=True, passphrase='yunohost'); print(s)"
[15:33:34] <irc> <Aleks_> ok
[15:34:08] <irc> <Aleks_> does this works any better ? :
[15:34:10] <irc> <Aleks_> python -c "import gnupg; s = gnupg.GPG(use_agent=False).encrypt('toto', None, symmetric=True, passphrase='yunohost'); print(s)"
[15:34:47] <irc> <mod24> No it doesn'. Still soesn't respond with anything
[15:35:15] <irc> <mod24> But the first one (with verbsoity turned on) says: gpg: /root/.gnupg/gpg.conf:2: invalid option
[15:35:22] <irc> <Aleks_> ah :D
[15:35:35] <irc> <Aleks_> well uh, have you been editing this file somehow ?
[15:36:28] <irc> <mod24> Not that i remember, but i do use duply for backups and they are using gpg I think
[15:36:39] <irc> <mod24> Any hints, how your gpg.conf looks like?
[15:37:00] <irc> <Aleks_> well what it says is that basically what's on line 2 is "wrong"
[15:37:12] <irc> <Aleks_> what does "head -n2 /root/.gnupg/gpg.conf" says ?
[15:37:51] <irc> <Aleks_> (on my side, i have only the "keyserver" option enabled
[15:37:59] <irc> <Aleks_> root@yolo:~# cat /root/.gnupg/gpg.conf | grep -v "^#\|^$"
[15:38:02] <irc> <Aleks_> keyserver hkp://keys.gnupg.net
[15:39:15] <irc> <mod24> Ok, i just moved my old gpg.conf away try to log on now
[15:40:12] <irc> <mod24> YOU DID IT!!!! Thanks man! It's working again
[15:40:25] <irc> <mod24> I would never ever had this relation to gpg found out. Thanks so much
[15:40:37] <irc> <Aleks_> xD
[15:40:52] <irc> <Aleks_> i'll see to add a check in the code about this somehow
[15:41:38] <irc> <mod24> I don't understand why this was working before, but maybe it got broken with some kind of gpg update in the past. Since I don't use the interface too often (I am more on the shell side) maybe it broke before 3.3
[15:42:11] <irc> <mod24> Nevertheless: Thank you so much for helping me with this one.
[15:42:26] <irc> <Aleks_> yeah i dunno what exactly modified you gpg.conf but it basically broke gpg I think
[15:43:00] <irc> <Aleks_> well thank you for your patience in pinpointing the issue :P
[15:43:53] <irc> <mod24> Have a great day and thanks for this fantastic project
[15:45:09] <irc> <Aleks_> see you !
[16:01:53] <irc> <Simounet> Coucou par ici, juste pour vous dire que la version non SSL de demo.yunohost.org n'a pas l'air d'être configurée.
[16:02:39] <irc> <Simounet> Sorry about my french sentence. The demo site without SSL isn't configured. http://demo.yunohost.org/
[16:04:06] <irc> <Aleks_> thanks
[16:04:12] <irc> <Aleks_> what do you mean it isnt configured ?
[16:04:22] <irc> <Aleks_> it should automatically redirects to https
[16:04:28] <irc> <Simounet> It isn't.
[16:04:47] <irc> <Simounet> If you try with a private tab or clean browser http://demo.yunohost.org/
[16:05:27] <irc> <Simounet> You'll see the nginx default page.
[16:06:43] <irc> <Aleks_> uh
[16:06:44] <irc> <Aleks_> indeed
[16:12:54] <irc> <anmol:talk.datamol.org> I want to use an old pc on yunohost through my mobile internet.
[16:13:37] <irc> <frju365:matrix.org> Bonjour !
[16:13:42] <irc> <anmol:talk.datamol.org> Should I use vpn with static ip ?
[16:15:11] <irc> <anmol:talk.datamol.org> And is there tut for configuring a vpn over Yunohost?
[16:20:42] <irc> <Aleks_> anmol : I guess you need a vpn to expose ports to the outside world yes
[16:23:35] <irc> <Aleks_> and yes there's vpnclient_ynh to help you configure VPN
[16:23:40] <irc> <Aleks_> (it's mainly designed to interface with VPN from the FFDN)
[16:33:57] <irc> <anmol:talk.datamol.org> Aleks_: but this vpnclient_ynh is in working state still?
[16:35:15] <irc> <Aleks_> yes
[20:10:19] <irc> http://im.yunohost.org/paste/444965fe-fd54-4a1f-a115-bd9e5ca9424c
[20:11:27] <irc> <Aleks_> tmenon : tu as des lignes avant ça ?
[20:12:25] <irc> <tmenon:matrix.liberium.fr> Yes la même chose pour toutes les autres apps
[20:12:59] <irc> <tmenon:matrix.liberium.fr> Je fais peut être un erreur lors des backups
[20:13:17] <irc> <Aleks_> genre là ca ressemble au log de désinstallation suite à l'échec de restauration de l'app, donc c'est pas le log de restauration en tant que tel...
[20:13:59] <irc> <tmenon:matrix.liberium.fr> 2018-11-26 00:24:08,687: WARNING - Traceback (most recent call last): http://im.yunohost.org/paste/473a5977-c538-44f5-8342-23596abc6b77
[20:14:52] <irc> <Aleks_> et avant ça encore, t'as pas autre chose ?
[20:15:03] <irc> <Aleks_> (genre t'as pas moyen de filer tout le log entier ? :/)
[20:15:18] <irc> <Aleks_> t'es bien en yunohost 3.2 ou 3.3 ?
[20:18:26] <irc> <tmenon:matrix.liberium.fr> Je trouve pas c'est les même logs pour chaques apps
[20:19:32] <irc> <tmenon:matrix.liberium.fr> Je vais refaire une installation
[20:19:47] <irc> <Aleks_> non mais juste tu peux pas tout copier/coller quelque part depuis le début jusqu'à la fin ?
[20:20:03] <irc> <Aleks_> parce que avoir juste des morceaux de log éparse c'est pas super pratique pour analyser le truc...
[20:20:56] <irc> <Aleks_> si tu es en yunohost 3.2 ou 3.3, normalement il t'indique que tu peux partager les logs facilement à la fin
[20:21:19] <irc> <Aleks_> (genre en allant dans Outils > Journaux/Logs, ou bien avec yunohost logs share (un truc du genre...))
[20:22:59] <irc> <tmenon:matrix.liberium.fr> en 3.3
[20:23:58] <irc> <tmenon:matrix.liberium.fr> Et dans les logs justement je ne peux partager que par morceau ^^
[20:26:13] <irc> <Aleks_> mais du coup tu peux pas partager le truc via le bouton "Share with YunoPaste" ? :s
[20:53:21] <yolateng0> salut je regarde la video de @Bram https://hooktube.com/watch?v=OEXEStoOYpw
[20:53:48] <yolateng0> felicitation aux 3 dev a fond et a l ensemble de la team
[21:00:28] <irc> <d5w> After fresh install, no domain is registered with dyndns. i.e. d5w.noho.st: get message Error: [Errno 52] Invalid url https://dyndns.yunohost.org/domains (does this site exists ?)
[21:00:28] <irc> <d5w> Warning: dyndns_provider_unreachable
[21:08:36] <irc> <piks3l_> salut !
[21:09:27] <irc> <piks3l_> est-ce qu'il y a un moyen de régler le soucis avec le certificat auto signé ?
[21:11:22] <yolateng0> > piks3l_ : il y aun probleme avec la certification LetsEncrypt?
[21:11:46] <irc> <piks3l_> ben firefox me dit "pas sécurisé", j'imagine c'est qu'il est auto signé ?
[21:12:03] <yolateng0> oui piks3l_
[21:12:50] <irc> <piks3l_> et du coup, c'est normal ?
[21:13:15] <yolateng0> essaie sur un autre navigateur si tu as bcp d extensions. ou essaie d effacer le cache
[21:13:24] <irc> <piks3l_> ok
[21:13:31] <irc> <d5w> @yolatengo Didn't work: https://paste.yunohost.org/raw/enajoxetiw
[21:13:48] <irc> <d5w> first command did, but update did not
[21:15:02] <irc> <piks3l_> @yolaten0 même soucis sous chrome et j'ai peux d'extensions (privacy badger et ublock et https everywhere=
[21:17:02] <yolateng0> perhaps your prb are equals piks3L d5w
[21:17:14] <irc> <piks3l_> oh ?
[21:17:30] <irc> <piks3l_> is it ?
[21:18:05] <yolateng0> piks3l and d5w have you got this ligne on dns @ 3600 IN CAA 128 issue 'letsencrypt.org'?
[21:18:27] <irc> <piks3l_> lemme check
[21:19:47] <irc> <piks3l_> not as a @ (as I have other subdomain which lead other places, I replaced it with my subdomain)
[21:19:53] <yolateng0> piks3l_ tu essaie bien d installer un certificat letsencrypt ou tu n arrives tout simplement pas à rafraichir ta page?
[21:20:25] <irc> <piks3l_> tout marche, juste les navigateurs marquent comme non sécurisé et je dois ajouter une exception de sécurité
[21:21:03] <yolateng0> oui si tu y arrives (nouvelles secu sur firefox)
[21:22:08] <irc> <d5w> I would try French, but it's *very* rusty, sorry. I don't see it in my dns
[21:22:18] <yolateng0> ok d5w
[21:22:24] <irc> <piks3l_> nah we can switch in english
[21:23:11] <irc> <d5w> I can sort of follow, but no way can respond
[21:25:10] <yolateng0> d5w > this command "yunohost dyndns update" , your result?
[21:25:38] <irc> <d5w> yes, that was the pastebin link I posted
[21:25:51] <irc> <d5w> https://paste.yunohost.org/raw/enajoxetiw
[21:28:20] <yolateng0> sorry d5w i'am redundant ;-)
[21:28:55] <irc> <d5w> pas de problem. I just install let's encrypt certificate manually from CLI, and now it works!
[21:29:45] <yolateng0> pk d5w try > rm /etc/yunohost/dyndns/old_ip
[21:30:36] <irc> <d5w> It's working after manual Let's Encrypt cert install...should I still do that?
[21:30:42] <yolateng0> d5w > after test a another time = yunohost dyndns update --debug .....after 1hour it could be fun
[21:31:57] <yolateng0> d5w > ah ok ....it's great it was the time of certification and browser cache ;-)
[21:32:22] <yolateng0> piks3l_ c est ok pour toi?
[21:32:30] <irc> <piks3l_> atta tel
[21:33:41] <irc> <d5w> yolateng0 Merci
[21:34:45] <yolateng0> d5w y'r welcome!
[21:45:55] <irc> <piks3l_> ok
[21:45:56] <irc> <piks3l_> re
[21:46:05] <irc> <piks3l_> donc dyndns d'abord ?
[21:52:08] <yolateng0> ipikls3l_ as tu vidé le.cache de ton navigateur?
[21:53:28] <irc> <piks3l_> oui
[21:53:44] <yolateng0> Accepte sur firefox ton site auto signé puis passe sur une certification letsencrypt
[21:54:11] <irc> <piks3l_> ça veut dire quoi "passer sur une certification letsencrypt" ?
[21:54:47] <yolateng0> Vas dans le menu domaine de ton administration yuko host
[21:54:55] <yolateng0> Yunohost
[21:55:32] <irc> <piks3l_> ok je vois
[21:56:20] <irc> <piks3l_> ok samarchpa
[21:56:24] <irc> <piks3l_> je t'envoie les logs
[21:56:59] <irc> <piks3l_> https://privatebin.net/?acdb85ecab53c389#3kSgrwmP76ENYlq3aIA1jeSGl80Rz/BSwKIHBljxOsM=
[21:57:09] <yolateng0> Puis d ici qlq secondes ou minutes ton serveur sera certifier par ce certificats officiel
[21:59:14] <irc> <piks3l_> ok si je comprends bien le soucis, le record DNS empêche la génération du cert LE ?
[21:59:26] <irc> <piks3l_> "CAA record for yunohost.pksl.es prevents issuance" ?
[22:00:54] <irc> <piks3l_> boum
[22:00:57] <irc> <piks3l_> c'était ça
[22:01:02] <irc> <piks3l_> merci yolateng0
[22:02:06] <yolateng0> 😉
[22:56:28] <irc> <Aleks_> uuuuh le CAA c'est vraiment optionnel a priori...