Neutrinet issueshttps://gitlab.domainepublic.net/groups/Neutrinet/-/issues2020-05-03T11:06:40Zhttps://gitlab.domainepublic.net/Neutrinet/neutrinet_ynh/-/issues/20Certificate renewal hotfix release2020-05-03T11:06:40ZHgOCertificate renewal hotfix releaseI already started some testing in !30
In short, we have a bug that occurs when a certificate is renewed:
- The common name (CN) was set to `certificate for <email>` before the refactoring of the renew_cert script last autumn.
- Since w...I already started some testing in !30
In short, we have a bug that occurs when a certificate is renewed:
- The common name (CN) was set to `certificate for <email>` before the refactoring of the renew_cert script last autumn.
- Since we released the new script, the CN is now set to `<email>`
- However, our VPN server doesn't like that kind of change, and can suddenly think that we introduced a new client with IPv6 only...
We are still not sure when this bug occurs exactly, but the fix is to take the CN from the VPN server. We first take the CN from the first IPv4 client, otherwise we take it from the first IPv6-only client, otherwise it is set to `<email>`.
We are waiting for the merge of https://gitlab.domainepublic.net/Neutrinet/renew_cert/-/merge_requests/3, but we could work on some improvement already. For instance, there will be new flags, such as `--quiet` that should be used in the cron job.HgOHgOhttps://gitlab.domainepublic.net/Neutrinet/neutrinet_cube_install/-/issues/26Documentation about downloading the script2020-02-16T13:10:18ZHgODocumentation about downloading the scriptOnce #20 is solved, the user would have 5 options to download the script:
```shell
git clone https://gitlab.domainepublic.net/Neutrinet/neutrinet_cube_install.git
```
Download a zip with the button on the project page (just below the cl...Once #20 is solved, the user would have 5 options to download the script:
```shell
git clone https://gitlab.domainepublic.net/Neutrinet/neutrinet_cube_install.git
```
Download a zip with the button on the project page (just below the clone button), or just do:
```shell
wget https://git.domainepublic.net/Neutrinet/neutrinet_cube_install/-/archive/stable/neutrinet_cube_install-stable.zip
```
Download the standalone script (English only) with button on the [main script](https://gitlab.domainepublic.net/Neutrinet/neutrinet_cube_install/blob/stable/neutrinet_cube_install.sh), or just do:
```shell
wget https://git.domainepublic.net/Neutrinet/neutrinet_cube_install/raw/stable/neutrinet_cube_install.sh
```
It would be nice to document some of them :)Install Party 16/02/2020HgOHgOhttps://gitlab.domainepublic.net/Neutrinet/neutrinet_cube_install/-/issues/24Issues with the cleanup function when aborting2020-02-16T13:10:18ZHgOIssues with the cleanup function when abortingThere are two bugs with the cleanup function when we interrupt the script:
- After a `read -s`, the user inputs are kept hidden (e.g, try Ctrl+C after a password prompt)
- After the prompt for sudo password, the user is not asked to remo...There are two bugs with the cleanup function when we interrupt the script:
- After a `read -s`, the user inputs are kept hidden (e.g, try Ctrl+C after a password prompt)
- After the prompt for sudo password, the user is not asked to remove the resources. This is because at this point in the script, we are in the `cube_resources` folder, so the cleanup function is checking to remove resources that would be located relatively to this folder... Solution is to use absolute paths.Install Party 16/02/2020HgOHgOhttps://gitlab.domainepublic.net/Neutrinet/neutrinet_cube_install/-/issues/21Import of Yunohost GPG key should cancel signature's verification on failure2020-02-16T13:10:16ZHgOImport of Yunohost GPG key should cancel signature's verification on failureWhen the script fails to import Yunohost's GPG key, it shouldn't try to verify the GPG signature of the Yunohost image.When the script fails to import Yunohost's GPG key, it shouldn't try to verify the GPG signature of the Yunohost image.Install Party 16/02/2020HgOHgOhttps://gitlab.domainepublic.net/Neutrinet/vpn/ISP-ng/-/issues/14Form validation in javascript for the personnal user informations2020-02-16T14:36:09ZTharyrokForm validation in javascript for the personnal user informations*Created by: Psycojoker*
It's the point where most errors seems to be done. This is especially important for the date part, maybe a date picker would be great too.
*Created by: Psycojoker*
It's the point where most errors seems to be done. This is especially important for the date part, maybe a date picker would be great too.
https://gitlab.domainepublic.net/Neutrinet/neutrinet_cube_install/-/issues/20Include neutrinet specifics in general script2020-02-16T13:10:18ZIljaInclude neutrinet specifics in general scriptUsing the install script should always be as easy as possible for people who use it. We should be able to download just the one file and run that. `custom_neutrinet_specifics.sh` should be added to the script for that.Using the install script should always be as easy as possible for people who use it. We should be able to download just the one file and run that. `custom_neutrinet_specifics.sh` should be added to the script for that.Install Party 16/02/2020IljaIljahttps://gitlab.domainepublic.net/Neutrinet/neutrinet_ynh/-/issues/21Which license do we choose ?2020-12-05T16:57:46ZHgOWhich license do we choose ?As the Yunohost's CI tool requires a license for the app, I guess it's time to think about this.
In the manifest, the GPL3.0 is mentionned. However, I would go for AGPL as this is a web service. But if we don't really care, we could go ...As the Yunohost's CI tool requires a license for the app, I guess it's time to think about this.
In the manifest, the GPL3.0 is mentionned. However, I would go for AGPL as this is a web service. But if we don't really care, we could go for the [BeerWare](https://fr.wikipedia.org/wiki/Beerware) license? (although I would prefer a non-alcoholic license ^^)
What are your thoughts / preferences about this ?https://gitlab.domainepublic.net/Neutrinet/neutrinet_cube_install/-/issues/19Add flag for dev questions2020-02-16T13:10:17ZIljaAdd flag for dev questionsCurrently the script asks if you want to include Neutrinet-specifics, but this will always be the case in production. It's okey to have this as an option with a flag, but shouldn't be asked during 'normal' operation.Currently the script asks if you want to include Neutrinet-specifics, but this will always be the case in production. It's okey to have this as an option with a flag, but shouldn't be asked during 'normal' operation.Install Party 16/02/2020HgOHgOhttps://gitlab.domainepublic.net/Neutrinet/neutrinet_cube_install/-/issues/23Incorrect password limits for Yunohost2020-02-16T13:10:18ZHgOIncorrect password limits for YunohostThe limit defined by Yunohost for the admin password appears to be at least 8 characters (on a lime1).
We should change that and verify if other password limits are incorrect.The limit defined by Yunohost for the admin password appears to be at least 8 characters (on a lime1).
We should change that and verify if other password limits are incorrect.Install Party 16/02/2020HgOHgOhttps://gitlab.domainepublic.net/Neutrinet/neutrinet_cube_install/-/issues/22Explain why sudo password is required2020-02-16T13:53:36ZHgOExplain why sudo password is requiredWhen we build the Yunohost image with the hypercube script, the user is asked for its sudo password, without more details. We should add a message that explains to the user why it is required.When we build the Yunohost image with the hypercube script, the user is asked for its sudo password, without more details. We should add a message that explains to the user why it is required.https://gitlab.domainepublic.net/Neutrinet/vpn/ISP-ng/-/issues/10IPv4 address gets assigned without requesting it2020-02-16T14:34:09ZTharyrokIPv4 address gets assigned without requesting it*Created by: wannes-ds*
*Created by: wannes-ds*
https://gitlab.domainepublic.net/Neutrinet/neutrinet_ynh/-/issues/22Depreciation of yunocube scripts2020-12-12T17:00:33ZHgODepreciation of yunocube scriptsApparently, La Brique Internet will change the way they build the images. Instead of [a script that builds a Yunohost image](https://github.com/labriqueinternet/build.labriqueinter.net), they will provide their own image : https://github...Apparently, La Brique Internet will change the way they build the images. Instead of [a script that builds a Yunohost image](https://github.com/labriqueinternet/build.labriqueinter.net), they will provide their own image : https://github.com/YunoHost/arm-images
I'm not sure what's the status of this project, or when would the yunocube scripts become obsolete...
But I think we should have a look on this as this could affect our own script.
According to these [PR comments](https://github.com/labriqueinternet/build.labriqueinter.net/pull/70#issuecomment-623019265), we could get more information this Monday.https://gitlab.domainepublic.net/Neutrinet/neutrinet_cube_install/-/issues/25Improve certificates import (again)2020-04-09T17:50:25ZHgOImprove certificates import (again)We noticed at the install party that the question about the certificates could be improved. As a reminder, we first ask the user if they would like to import their certificates from a directory. If they say no, they are invited to copy/p...We noticed at the install party that the question about the certificates could be improved. As a reminder, we first ask the user if they would like to import their certificates from a directory. If they say no, they are invited to copy/paste the content of their certificates.
The question is how could we improve this? Is the copy/paste option still required? We could just explain to the user how to download their certificates (by following [this guide](https://wiki.neutrinet.be/vpn/order), or from an existing cube (reinstall))…
We could also explain what the script will look for. Basically, the script is looking for user.crt / client.crt, user.key / client.key and ca.crt / server-ca.crt, as they are the default name on the cube and in the guide.Install Party 17/05/2020https://gitlab.domainepublic.net/Neutrinet/vpn/ISP-ng/-/issues/3For manuel registration (aka without eid), fix the cert2020-02-16T14:34:56ZTharyrokFor manuel registration (aka without eid), fix the cert*Created by: Psycojoker*
Command
```
openssl x509 -in client.crt -inform der -out client.crt
```
*Created by: Psycojoker*
Command
```
openssl x509 -in client.crt -inform der -out client.crt
```
https://gitlab.domainepublic.net/Neutrinet/neutrinet_ynh/-/issues/23Install procedure is misleading for ynh 3.82020-12-05T16:56:40ZThierry FenasseInstall procedure is misleading for ynh 3.8I tried what is proposed on the readme (web or cli) but I was not able to install the app.
From the web, there is no more tools > advanced > applications…
![image](/uploads/7a274690d3a845b55df92074a229be41/image.png)
From the cli, the...I tried what is proposed on the readme (web or cli) but I was not able to install the app.
From the web, there is no more tools > advanced > applications…
![image](/uploads/7a274690d3a845b55df92074a229be41/image.png)
From the cli, there is no more « listlists »
```
# yunohost app listlists
usage: yunohost app
{catalog,fetchlist,list,info,map,install,remove,upgrade,change-url,setting,register-url,makedefault,ssowatconf,change-label,addaccess,removeaccess,clearaccess,action,config}
...
[-h]
yunohost app: error: invalid choice: 'listlists' (choose from 'catalog', 'fetchlist', 'list', 'info', 'map', 'install', 'remove', 'upgrade', 'change-url', 'setting', 'register-url', 'makedefault', 'ssowatconf', 'change-label', 'addaccess', 'removeaccess', 'clearaccess', 'action', 'config')
```
Or the app fetchlist does not work anymore
```
# yunohost app fetchlist --name neutrinet -u https://neutrinet.be/apps.json
Warning: 'yunohost app fetchlist' is deprecated and will be removed in the future
usage: yunohost
{user,domain,app,backup,settings,service,firewall,dyndns,tools,hook,log,diagnosis}
...
[-h] [--no-cache] [--output-as {json,plain,none}] [--debug]
[--quiet] [--timeout ==SUPPRESS==] [--admin-password PASSWORD]
[-v]
yunohost: error: unrecognized arguments: --name neutrinet -u https://neutrinet.be/apps.json
```https://gitlab.domainepublic.net/Neutrinet/vpn/ISP-ng/-/issues/1Ship signed certificates in ASCII armored format2014-08-13T16:35:33ZTharyrokShip signed certificates in ASCII armored format*Created by: wannes-ds*
OpenVPN does not appreciate DER-encoded certificates
*Created by: wannes-ds*
OpenVPN does not appreciate DER-encoded certificates
https://gitlab.domainepublic.net/Neutrinet/neutrinet_ynh/-/issues/24Generate dummy VPN certificate for testing2022-01-14T21:34:01ZHgOGenerate dummy VPN certificate for testingThe Yunohost CI cannot run the renew script, as the openvpn client is not installed in the test environment.
The script is reading credentials from `/etc/openvpn/keys/credentials`, and the public certificate from `/etc/openvpn/keys/use...The Yunohost CI cannot run the renew script, as the openvpn client is not installed in the test environment.
The script is reading credentials from `/etc/openvpn/keys/credentials`, and the public certificate from `/etc/openvpn/keys/user.crt`. Then, it is calling the renew_cert python script \[1\], which will just check the expiration date of the certificate. It will do complex stuff only when the certificate must be renewed.https://gitlab.domainepublic.net/Neutrinet/neutrinet_cube_install/-/issues/27Translations workflow2020-05-05T15:10:16ZHgOTranslations workflowWe need to define a workflow for the translations, as it leads to conflicts really easily.
For instance, I'm changing the code and some sentences in English, then I generate the translation strings with
```
bash --dump-po-strings neutri...We need to define a workflow for the translations, as it leads to conflicts really easily.
For instance, I'm changing the code and some sentences in English, then I generate the translation strings with
```
bash --dump-po-strings neutrinet_cube_install.sh | msguniq -o locale/neutrinet.pot
```
And from that template, I start updating the French translation.
The problem is that the template (locale/neutrinet.pot) and the translation file (locale/fr/LC_MESSAGES/neutrinet.po) are generated by a program... The whole files might change even if we add just one line of code...
So, I propose to have a separate branch for translations (called locale-fr, locale-nl, etc.). Each time a new feature is merged, we pull the new changes from unstable branch into the locale branch. Then we push back the translated work into unstable again.https://gitlab.domainepublic.net/Neutrinet/vpn/ISP-ng/-/issues/2Check CSR X509 subject validity2014-08-28T18:15:31ZTharyrokCheck CSR X509 subject validity*Created by: wannes-ds*
It should always contain a CN, otherwise following error occurs:
VERIFY ERROR: could not extract CN from X509 subject string ('C=BE, ST=Some-State, O=Internet Widgits Pty Ltd') -- note that the username length i...*Created by: wannes-ds*
It should always contain a CN, otherwise following error occurs:
VERIFY ERROR: could not extract CN from X509 subject string ('C=BE, ST=Some-State, O=Internet Widgits Pty Ltd') -- note that the username length is limited to 64 characters
https://gitlab.domainepublic.net/Neutrinet/neutrinet_ynh/-/issues/25Add Yunohost pipeline status icons in the ReadMe2020-12-12T17:20:03ZHgOAdd Yunohost pipeline status icons in the ReadMeExample: https://github.com/YunoHost-Apps/dokuwiki_ynh/blob/testing/README.md
For Neutrinet, this would give the following:
[![Integration level](https://dash.yunohost.org/integration/neutrinet.svg)](https://dash.yunohost.org/appci/app...Example: https://github.com/YunoHost-Apps/dokuwiki_ynh/blob/testing/README.md
For Neutrinet, this would give the following:
[![Integration level](https://dash.yunohost.org/integration/neutrinet.svg)](https://dash.yunohost.org/appci/app/neutrinet) [![](https://ci-apps.yunohost.org/ci/badges/neutrinet.status.svg)](https://ci-apps.yunohost.org/ci/badges/neutrinet.status.svg) [![](https://ci-apps.yunohost.org/ci/badges/neutrinet.maintain.svg)](https://ci-apps.yunohost.org/ci/badges/neutrinet.maintain.svg)
[![Install DokuWiki with YunoHost](https://install-app.yunohost.org/install-with-yunohost.png)](https://install-app.yunohost.org/?app=neutrinet)Neutrinet v0.3.1~ynh3HgOHgO