Merge pull request #143 from YunoHost-Apps/testing

Testing | Fix config panel and waiting for openvpn client

.gitignore

@@ -0,0 +1,3 @@
+*~
+*.sw[op]
+.DS_Store

README.md

@@ -11,7 +11,7 @@ It shall NOT be edited by hand.
 Tunnel the internet traffic through a VPN
 
 [![🌐 Official app website](https://img.shields.io/badge/Official_app_website-darkgreen?style=for-the-badge)](https://labriqueinter.net)
-[![Version: 2.3~ynh1](https://img.shields.io/badge/Version-2.3~ynh1-rgba(0,150,0,1)?style=for-the-badge)](https://ci-apps.yunohost.org/ci/apps/vpnclient/)
+[![Version: 2.3~ynh2](https://img.shields.io/badge/Version-2.3~ynh2-rgba(0,150,0,1)?style=for-the-badge)](https://ci-apps.yunohost.org/ci/apps/vpnclient/)
 
 <div align="center">
 <a href="https://apps.yunohost.org/app/vpnclient"><img height="100px" src="https://github.com/YunoHost/yunohost-artwork/raw/refs/heads/main/badges/neopossum-badges/badge_more_info_on_the_appstore.svg"/></a>

conf/ynh-vpnclient

@@ -58,13 +58,20 @@ function critical()
 
 cleanup() {
   local last_exit_code="$?"
-  if [[ "${action}" != "stop" && "${last_exit_code}" -ne 0 ]]; then
-    rm -f /tmp/.ynh-vpnclient-started
+  if [[ "${action}" == "stop" || "${last_exit_code}" -eq 0 ]]; then
+    return
+  fi
+
+  if systemctl is-active -q openvpn@client.service; then
+    info "Stopping OpenVPN client..."
+    systemctl stop openvpn@client.service
   fi
+
+  rm -f /tmp/.ynh-vpnclient-started
 }
 
 # Cleanup before exit
-trap cleanup 0
+trap cleanup EXIT SIGINT SIGTERM
 
 ###################################################################################
 # Time sync                                                                       #
@@ -121,6 +128,19 @@ check_config() {
   fi
 }
 
+find_last_line_number() {
+  local pattern=$1
+  local path=$2
+
+  local match
+  # Search in the file from the end until the pattern matches
+  if match=$(tac "${path}" 2>/dev/null | grep -n "${pattern}" -m 1 --line-buffered); then
+    sed 's/:.*//' <<< $match
+  else
+    echo 0
+  fi
+}
+
 action=${1}
 if [[ "$action" != restart ]]; then
   # Variables
@@ -144,70 +164,71 @@ case "$action" in
 
   start)
     info "[vpnclient] Starting..."
+
+    if [[ "${ynh_service_enabled}" -eq 0 ]]; then
+      warn "Service is disabled, not starting it"
+      exit 0
+    fi
     
-    if [[ -e /tmp/.ynh-vpnclient.started ]] || systemctl -q is-active openvpn@client.service; then
+    if ! lockfile -r 0 /tmp/.ynh-vpnclient-started &>/dev/null; then
       info "Service is already running"
       exit 0
-    elif [[ "${ynh_service_enabled}" -eq 0 ]]; then
-      warn "Service is disabled, not starting it"
-      exit 0
     fi
 
-    touch /tmp/.ynh-vpnclient-started
+    if systemctl is-active -q openvpn@client.service; then
+      info "OpenVPN client is already running"
+      exit 0
+    fi
 
     sync_time
     check_config
 
     info "Now actually starting OpenVPN client..."
-
     if systemctl start openvpn@client.service; then
-      info "OpenVPN client started ... waiting for tun0 interface to show up"
+      success "OpenVPN client started!"
     else
       tail -n 20 /var/log/openvpn-client.log | tee -a $LOGFILE
-	    critical "Failed to start OpenVPN :/"
+	    critical "Failed to start OpenVPN client"
     fi
 
-    has_errors=true
-    for attempt in $(seq 0 20); do
-      sleep 1
-      if ip link show dev tun0 &> /dev/null; then
-        success "tun0 interface is up!"
-        has_errors=false
-        break
-      fi
-    done
-  
-    if $has_errors; then
-      error "Tun0 interface did not show up ... most likely an issue happening in OpenVPN client ... below is an extract of the log that might be relevant to pinpoint the issue"
+    info "Waiting for tun0 interface to show up"
+    openvpn_log_start=$(find_last_line_number "process exiting" /var/log/openvpn-client.log)
+    if ! timeout 180 tail -n-${openvpn_log_start} -f /var/log/openvpn-client.log 2>/dev/null | grep -q "TUN/TAP device tun0 opened"; then
+      error "The VPN client didn't open tun0 interface"
       tail -n 20 /var/log/openvpn-client.log | tee -a $LOGFILE
-      systemctl stop openvpn@client.service
-      critical "Failed to start OpenVPN client : tun0 interface did not show up"
+      critical "Failed to start OpenVPN client"
+    fi
+
+    if ip link show tun0 up &>/dev/null; then
+      success "tun0 interface is up!"
+    else
+      error "tun0 interface did not show up, most likely an issue happening in OpenVPN client"
+      tail -n 20 /var/log/openvpn-client.log | tee -a $LOGFILE
+      critical "Failed to start OpenVPN client"
     fi
 
     info "Waiting for VPN client to be ready..."
-    if ! timeout 180 tail -n 0 -f /var/log/openvpn-client.log | grep -q "Initialization Sequence Completed"; then
+    if ! timeout 180 tail -n-${openvpn_log_start} -f /var/log/openvpn-client.log 2>/dev/null | grep -q "Initialization Sequence Completed"; then
       error "The VPN client didn't complete initiliasation"
       tail -n 20 /var/log/openvpn-client.log | tee -a $LOGFILE
-      systemctl stop openvpn@client.service
       critical "Failed to start OpenVPN client"
     fi
 
     info "Validating that VPN is up and the server is connected to internet..."
 
-    ipv4=$(timeout 5 ping -w3 -c1 ip.yunohost.org  >/dev/null 2>&1 && curl --max-time 5 https://ip.yunohost.org --silent)
-    ipv6=$(timeout 5 ping -w3 -c1 ip6.yunohost.org >/dev/null 2>&1 && curl --max-time 5 https://ip6.yunohost.org --silent)
-
-    if ip route get 1.2.3.4 | grep -q tun0; then
-      if timeout 5 ping -c1 -w3 debian.org >/dev/null; then
-        success "YunoHost VPN client started!"
-        info "IPv4 address is $ipv4"
-        info "IPv6 address is $ipv6"
-      else
-        critical "The VPN is up but debian.org cannot be reached, indicating that something is probably misconfigured/blocked."
-      fi
-    else
+    if ! ip route get 1.2.3.4 | grep -q tun0; then
       critical "IPv4 routes are misconfigured !?"
     fi
+
+    ipv4=$(timeout 10 ping -w3 -c1 ip.yunohost.org  >/dev/null 2>&1 && curl --max-time 5 https://ip.yunohost.org --silent)
+    ipv6=$(timeout 10 ping -w3 -c1 ip6.yunohost.org >/dev/null 2>&1 && curl --max-time 5 https://ip6.yunohost.org --silent)
+    if [[ -z "${ipv4}" && -z "${ipv6}" ]]; then
+      critical "The VPN is up but yunohost.org cannot be reached, indicating that something is probably misconfigured/blocked."
+    fi
+    
+    success "YunoHost VPN client started!"
+    info "IPv4 address is $ipv4"
+    info "IPv6 address is $ipv6"
   ;;
 
   # ########## #
@@ -216,7 +237,6 @@ case "$action" in
 
   stop)
     info "[vpnclient] Stopping..."
-    rm -f /tmp/.ynh-vpnclient-started
 
     if systemctl is-active -q openvpn@client.service; then
       info "Stopping OpenVPN service"
@@ -229,6 +249,8 @@ case "$action" in
         fi
       done
     fi
+    
+    rm -f /tmp/.ynh-vpnclient-started
   ;;
 
   # ########## #

conf/ynh-vpnclient-checker.service

@@ -4,6 +4,7 @@ After=ynh-vpnclient.service
 
 [Service]
 Type=simple
+User=root
 ExecStart=/usr/local/bin/ynh-vpnclient-checker.sh
 
 [Install]

conf/ynh-vpnclient.service

@@ -5,6 +5,7 @@ After=network.target
 
 [Service]
 Type=oneshot
+User=root
 ExecStart=/usr/local/bin/ynh-vpnclient start
 ExecStop=/usr/local/bin/ynh-vpnclient stop
 RemainAfterExit=yes

config_panel.toml

@@ -1,7 +1,7 @@
 version = "1.0"
 
 [main]
-name = "Auto-configuration"
+name = "Configuration"
 
     [main.vpn]
     name = ""
@@ -92,18 +92,17 @@ name = "Auto-configuration"
         visible = 'config_file && match(config_file,"^\s*tls-auth\s") && ! match(config_file,"^\s*<tls-auth>")'
         redact = true
 
-[advanced]
-name = "DNS & IPv6"
-    [advanced.dns]
+
+    [main.dns]
     name = "DNS"
 
-        [advanced.dns.dns_method]
+        [main.dns.dns_method]
         ask = "DNS resolvers"
         type = "select"
         choices.yunohost = "Default DNS resolvers from YunoHost"
         choices.custom = "Use custom DNS resolvers"
 
-        [advanced.dns.nameservers]
+        [main.dns.nameservers]
         ask = "Custom DNS resolvers"
         type = "tags"
         optional = true
@@ -111,10 +110,10 @@ name = "DNS & IPv6"
         pattern.regexp = "^([0-9.]{7,15}|[0-9a-fA-F:]+)$"
         pattern.error = "Not an ip"
 
-    [advanced.ipv6]
+    [main.ipv6]
     name = "IPv6"
 
-        [advanced.ipv6.ip6_net]
+        [main.ipv6.ip6_net]
         ask = "IPv6 prefix"
         type = "string"
         optional = true
@@ -122,7 +121,7 @@ name = "DNS & IPv6"
         pattern.regexp = "^[0-9a-fA-F:]+$"
         pattern.error = "Please provide a valid IPv6 Prefix"
 
-        [advanced.ipv6.ip6_addr]
+        [main.ipv6.ip6_addr]
         ask = "IPv6"
         type = "string"
         optional = true
@@ -131,7 +130,7 @@ name = "DNS & IPv6"
         pattern.regexp = "^[0-9a-fA-F:]+$"
         pattern.error = "Please provide a valid IPv6"
 
-        [advanced.ipv6.ip6_send_over_tun_enabled]
+        [main.ipv6.ip6_send_over_tun_enabled]
         ask = "IPv6 local routing over tun"
         type = "boolean"
         help = "If enabled, local IPv6 traffic will be routed through internet. You should enable this if you can't reach your server in IPv6 from your local network."

manifest.toml

@@ -7,7 +7,7 @@ name = "VPN Client"
 description.en = "Tunnel the internet traffic through a VPN"
 description.fr = "Fait passer le trafic internet à travers un VPN"
 
-version = "2.3~ynh1"
+version = "2.3~ynh2"
 
 maintainers = []
 
@@ -16,11 +16,14 @@ license = "AGPL-3.0"
 website = "https://labriqueinter.net"
 
 [integration]
-yunohost = ">= 11.2"
+yunohost = ">= 12.0.9"
+helpers_version = "2.1"
 architectures = "all"
 multi_instance = false
+
 ldap = "not_relevant"
 sso = "not_relevant"
+
 disk = "50M"
 ram.build = "50M"
 ram.runtime = "50M"

scripts/_common.sh

@@ -1,8 +1,7 @@
 #!/bin/bash
 
 service_name="ynh-vpnclient"
-service_checker_name=$service_name"-checker"
-
+service_checker_name="$service_name-checker"
 
 # Operations needed by both 'install' and 'upgrade' scripts
 function vpnclient_deploy_files_and_services()
@@ -45,11 +44,11 @@ function vpnclient_deploy_files_and_services()
   #=================================================
   # SETUP SYSTEMD
   #=================================================
-  ynh_print_info "Configuring a systemd service..."
+  ynh_print_info "Configuring $app's systemd service..."
 
-  ynh_add_systemd_config $service_name "$service_name.service"
+  ynh_config_add_systemd --service="$service_name" --template="$service_name.service"
 
-  ynh_add_systemd_config $service_checker_name "$service_checker_name.service"
+  ynh_config_add_systemd --service="$service_checker_name" --template="$service_checker_name.service"
 }
 
 function read_cube() {
@@ -79,8 +78,8 @@ function convert_cube_file()
 {
   local config_file="$1"
   local tmp_dir=$(dirname "$config_file")
-  
-  ynh_print_info --message="Transforming .cube into OVPN file"
+
+  ynh_print_info "Transforming .cube into OVPN file"
   server_name="$(read_cube $config_file server_name)"
   server_port="$(read_cube $config_file server_port)"
   server_proto="$(read_cube $config_file server_proto)"
@@ -102,7 +101,7 @@ function convert_cube_file()
     dns_method="custom"
     nameservers="$dns0,$dns1"
   fi
-  
+
   # Build specific OVPN template
   config_template="$tmp_dir/client.conf.tpl"
   cp -f /etc/yunohost/apps/vpnclient/conf/openvpn_client.conf.tpl "$config_template"
@@ -130,7 +129,7 @@ function convert_cube_file()
   [ -n "$login_user" ] && login_comment="" || login_comment="#"
 
   # Actually generate/hydrate the final configuration
-  ynh_add_config --template="$config_template" --destination="$config_file"
+  ynh_config_add --template="$config_template" --destination="$config_file"
 
   if [ "$server_proto" == tcp-client ]; then
     server_proto=tcp
@@ -142,7 +141,7 @@ function convert_ovpn_file()
   local config_file="$1"
   local tmp_dir=$(dirname "$config_file")
 
-  ynh_print_info --message="Extracting TLS keys from .ovpn file"
+  ynh_print_info "Extracting TLS keys from .ovpn file"
   if grep -q '^\s*<ca>' ${config_file}
   then
     grep -Poz '(?<=<ca>)(.*\n)*.*(?=</ca>)' ${config_file} | sed '/^$/d'  > $tmp_dir/crt_server_ca
@@ -189,6 +188,20 @@ function convert_ovpn_file()
   sed -i 's@^\s*key\s.*$@key /etc/openvpn/keys/user.key@g' ${config_file}
   sed -i 's@^\s*tls-auth\s.*$@tls-auth /etc/openvpn/keys/user_ta.key 1@g' ${config_file}
 
+  status="status /var/log/openvpn-client.status"
+  if grep -q '^\s*status\s.*$' ${config_file}; then
+    sed -i "s@^\s*status\s.*\$@$status@g" ${config_file}
+  else
+    echo "$status" >> ${config_file}
+  fi
+
+  log_append="log-append /var/log/openvpn-client.log"
+  if grep -E -q '^\s*log(-append)?\s.*$' ${config_file}; then
+    sed -E -i "s@^\s*log(-append)?\s.*\$@$log_append@g" ${config_file}
+  else
+    echo "$log_append" >> ${config_file}
+  fi
+
   script_security="script-security 2"
   if grep -q '^\s*script-security\s.*$' ${config_file}; then
     sed -i "s@^\s*script-security\s.*\$@$script_security@g" ${config_file}

scripts/backup

@@ -8,31 +8,31 @@ source /usr/share/yunohost/helpers
 #=================================================
 ynh_print_info "Backing up the main app directory..."
 
-ynh_backup --src_path="/usr/local/bin/$service_name-loadcubefile.sh"
+ynh_backup "/usr/local/bin/$service_name-loadcubefile.sh"
 
-ynh_backup --src_path="/etc/openvpn/client.conf" --not_mandatory
-ynh_backup --src_path="/etc/openvpn/client.cube" --not_mandatory
-ynh_backup --src_path="/etc/openvpn/client.ovpn" --not_mandatory
+ynh_backup "/etc/openvpn/client.conf" || true
+ynh_backup "/etc/openvpn/client.cube" || true
+ynh_backup "/etc/openvpn/client.ovpn" || true
 
 for FILE in $(ls /etc/openvpn/scripts/route-up.d/*-vpnclient-* /etc/openvpn/scripts/route-down.d/*-vpnclient-*); do
-    ynh_backup --src_path="$FILE"
+    ynh_backup "$FILE"
 done
 
-ynh_backup --src_path="/etc/openvpn/keys/"
-ynh_backup --src_path="/etc/openvpn/scripts/run-parts.sh"
+ynh_backup "/etc/openvpn/keys/"
+ynh_backup "/etc/openvpn/scripts/run-parts.sh"
 
-ynh_backup --src_path="/usr/local/bin/$service_name"
-ynh_backup --src_path="/usr/local/bin/$service_checker_name.sh"
+ynh_backup "/usr/local/bin/$service_name"
+ynh_backup "/usr/local/bin/$service_checker_name.sh"
 
 #=================================================
 # BACKUP SYSTEMD
 #=================================================
 ynh_print_info "Backing up systemd configuration..."
 
-ynh_backup --src_path="/etc/systemd/system/$service_name.service"
-ynh_backup --src_path="/etc/systemd/system/$service_checker_name.service"
-ynh_backup --src_path="/etc/systemd/system/$service_checker_name.timer"
-ynh_backup --src_path="/etc/systemd/system/openvpn@.service.d/override.conf"
+ynh_backup "/etc/systemd/system/$service_name.service"
+ynh_backup "/etc/systemd/system/$service_checker_name.service"
+ynh_backup "/etc/systemd/system/$service_checker_name.timer"
+ynh_backup "/etc/systemd/system/openvpn@.service.d/override.conf"
 
 #=================================================
 # END OF SCRIPT

scripts/config

@@ -1,22 +1,9 @@
 #!/bin/bash
 
-#=================================================
-# GENERIC STARTING
-#=================================================
-# IMPORT GENERIC HELPERS
-#=================================================
-
 source _common.sh
 source /usr/share/yunohost/helpers
 
 #=================================================
-# MANAGE SCRIPT FAILURE
-#=================================================
-
-# Exit if an error occurs during the execution of the script
-ynh_abort_if_errors
-
-#=================================================
 # RETRIEVE ARGUMENTS
 #=================================================
 
@@ -37,7 +24,7 @@ BACKTICK='`'
 TRIPLEBACKTICKS='```'
 
 get__status() {
-    local service_enabled=$(ynh_app_setting_get $app service_enabled)
+    local service_enabled=$(ynh_app_setting_get --key="service_enabled")
 
     ipv4=$(ping -w3 -c1 ip.yunohost.org  >/dev/null 2>&1 && curl --max-time 5 https://ip.yunohost.org --silent)
     ipv6=$(ping -w3 -c1 ip6.yunohost.org >/dev/null 2>&1 && curl --max-time 5 https://ip6.yunohost.org --silent)
@@ -235,9 +222,9 @@ ynh_app_config_validate() {
 ynh_app_config_apply() {
 
     # Stop vpn client
-    ynh_print_info --message="Stopping vpnclient in order to edit files"
-    ynh_systemd_action --service_name="ynh-vpnclient-checker.timer" --action="stop"
-    ynh_systemd_action --service_name="ynh-vpnclient" --action="stop"
+    ynh_print_info "Stopping vpnclient in order to edit files"
+    ynh_systemctl --service="ynh-vpnclient-checker.timer" --action="stop"
+    ynh_systemctl --service="ynh-vpnclient" --action="stop"
 
     chown $app:$app /etc/openvpn/keys
     chmod go=--- /etc/openvpn/keys
@@ -245,20 +232,21 @@ ynh_app_config_apply() {
     _ynh_app_config_apply
 
     # If we are uploading a cube file, then the file would be in a temporary folder
-    # Otherwise, we aren't uploading a cube file, then the path is either empty 
+    # Otherwise, we aren't uploading a cube file, then the path is either empty
+
     # or takes the value of the previous upload, that is, the target path for the cube file.
     if [[ -n "${cube_file:-}" && "$cube_file" != "/etc/openvpn/client.cube" ]]; then
-      ynh_app_setting_set $app ip6_addr "$ip6_addr"
-      ynh_app_setting_set $app ip6_net "$ip6_net"
-      ynh_app_setting_set $app ip6_send_over_tun_enabled "$ip6_send_over_tun_enabled"
+      ynh_app_setting_set --key="ip6_addr" --value="$ip6_addr"
+      ynh_app_setting_set --key="ip6_net" --value="$ip6_net"
+      ynh_app_setting_set --key="ip6_send_over_tun_enabled" --value="$ip6_send_over_tun_enabled"
     fi
 
     if [[ ${ip6_send_over_tun_enabled} -eq 1 ]]; then
         install -b -o root -g root -m 0755 ../conf/optional-scripts/route-up.d/50-vpnclient-set-ipv6-send-over-tun /etc/openvpn/scripts/route-up.d/
         install -b -o root -g root -m 0755 ../conf/optional-scripts/route-down.d/50-vpnclient-unset-ipv6-send-over-tun /etc/openvpn/scripts/route-down.d/
     else
-        ynh_secure_remove /etc/openvpn/scripts/route-up.d/50-vpnclient-set-ipv6-send-over-tun
-        ynh_secure_remove /etc/openvpn/scripts/route-down.d/50-vpnclient-unset-ipv6-send-over-tun
+        ynh_safe_rm /etc/openvpn/scripts/route-up.d/50-vpnclient-set-ipv6-send-over-tun
+        ynh_safe_rm /etc/openvpn/scripts/route-down.d/50-vpnclient-unset-ipv6-send-over-tun
     fi
 
     set_permissions /etc/openvpn/client.conf
@@ -272,9 +260,9 @@ ynh_app_config_apply() {
     [[ -n "${ovpn_file:-}" && "$ovpn_file" == "/etc/openvpn/client.ovpn" ]] && rm -f "$ovpn_file"
 
     # Start vpn client
-    ynh_print_info --message="Starting vpnclient service if needed"
-    ynh_systemd_action --service_name="ynh-vpnclient" --action="start"
-    ynh_systemd_action --service_name="ynh-vpnclient-checker.timer" --action="start"
+    ynh_print_info "Starting vpnclient service if needed"
+    ynh_systemctl --service="ynh-vpnclient" --action="start"
+    ynh_systemctl --service="ynh-vpnclient-checker.timer" --action="start"
 }
 
 ynh_app_config_run $1

scripts/install

@@ -4,12 +4,12 @@ source _common.sh
 source /usr/share/yunohost/helpers
 
 # Default values for config panel
-ynh_app_setting_set "$app" service_enabled 0
-ynh_app_setting_set "$app" dns_method "yunohost"
-ynh_app_setting_set "$app" nameservers ""
-ynh_app_setting_set "$app" ip6_addr ""
-ynh_app_setting_set "$app" ip6_net ""
-ynh_app_setting_set "$app" ip6_send_over_tun_enabled 0
+ynh_app_setting_set --key="service_enabled" --value="0"
+ynh_app_setting_set --key="dns_method" --value="yunohost"
+ynh_app_setting_set --key="nameservers" --value=""
+ynh_app_setting_set --key="ip6_addr" --value=""
+ynh_app_setting_set --key="ip6_net" --value=""
+ynh_app_setting_set --key="ip6_send_over_tun_enabled" --value="0"
 
 #=================================================
 # DEPLOY FILES FROM PACKAGE
@@ -34,8 +34,8 @@ systemctl stop openvpn
 yunohost service add $service_name --description "Tunnels the internet traffic through a VPN" --need_lock --test_status="systemctl is-active openvpn@client.service" --log "/var/log/ynh-vpnclient.log"
 yunohost service enable $service_name
 
-ynh_use_logrotate --logfile="/var/log/ynh-vpnclient.log"
-ynh_use_logrotate --logfile="/var/log/openvpn-client.log"
+ynh_config_add_logrotate "/var/log/ynh-vpnclient.log"
+ynh_config_add_logrotate "/var/log/openvpn-client.log"
 
 # checker service
 
@@ -48,4 +48,4 @@ systemctl enable $service_checker_name.timer --quiet
 # END OF SCRIPT
 #=================================================
 
-ynh_script_progression --message="Installation of $app completed" --last
+ynh_script_progression "Installation of $app completed"

scripts/remove

@@ -13,13 +13,13 @@ systemctl disable $service_checker_name.timer --quiet
 systemctl stop $service_checker_name
 systemctl disable $service_checker_name --quiet
 
-if ynh_exec_warn_less yunohost service status $service_name >/dev/null; then
+if ynh_hide_warnings yunohost service status $service_name >/dev/null; then
     yunohost service remove $service_name
 fi
-ynh_remove_logrotate
+ynh_config_remove_logrotate
 
 for FILE in $(ls /etc/systemd/system/$service_name* /usr/local/bin/ynh-vpnclient* /tmp/.ynh-vpnclient-*); do
-    ynh_secure_remove "$FILE"
+    ynh_safe_rm "$FILE"
 done
 
 #=================================================
@@ -28,22 +28,22 @@ done
 ynh_print_info "Removing openvpn configuration"
 
 # Remove openvpn configurations
-ynh_secure_remove /etc/openvpn/client.conf
-ynh_secure_remove /etc/openvpn/client.cube
-ynh_secure_remove /etc/openvpn/client.ovpn
+ynh_safe_rm /etc/openvpn/client.conf
+ynh_safe_rm /etc/openvpn/client.cube
+ynh_safe_rm /etc/openvpn/client.ovpn
 
 # Remove openvpn script
-ynh_secure_remove /etc/openvpn/scripts/run-parts.sh
+ynh_safe_rm /etc/openvpn/scripts/run-parts.sh
 
 for FILE in $(ls /etc/openvpn/scripts/route-up.d/*-vpnclient-* /etc/openvpn/scripts/route-down.d/*-vpnclient-*); do
-    ynh_secure_remove "$FILE"
+    ynh_safe_rm "$FILE"
 done
 
 # Remove openvpn service
-ynh_secure_remove /etc/systemd/system/openvpn@.service.d/override.conf
+ynh_safe_rm /etc/systemd/system/openvpn@.service.d/override.conf
 
 # Remove openvpn certificates
-ynh_secure_remove /etc/openvpn/keys
+ynh_safe_rm /etc/openvpn/keys
 
 # Reload systemd configuration
 systemctl daemon-reload

scripts/restore

@@ -8,12 +8,11 @@ source /usr/share/yunohost/helpers
 #=================================================
 ynh_print_info "Restoring the app files..."
 
-ynh_restore
-
+ynh_restore_everything
 #=================================================
 # RESTORE SYSTEMD
 #=================================================
-ynh_print_info "Restoring the systemd configuration..."
+ynh_print_info "Restoring $app's systemd service..."
 
 systemctl daemon-reload
 
@@ -28,8 +27,8 @@ systemctl stop openvpn
 yunohost service add $service_name --description "Tunnels the internet traffic through a VPN" --need_lock --test_status="systemctl is-active openvpn@client.service" --log "/var/log/ynh-vpnclient.log"
 yunohost service enable "$service_name"
 
-ynh_use_logrotate --logfile="/var/log/ynh-vpnclient.log"
-ynh_use_logrotate --logfile="/var/log/openvpn-client.log"
+ynh_config_add_logrotate "/var/log/ynh-vpnclient.log"
+ynh_config_add_logrotate "/var/log/openvpn-client.log"
 
 # checker service
 
@@ -38,12 +37,10 @@ systemctl enable "$service_checker_name" --quiet
 systemctl start "$service_checker_name.timer"
 systemctl enable "$service_checker_name.timer" --quiet
 
-
 #=================================================
 # ADVERTISE SERVICE IN ADMIN PANEL
 #=================================================
 
-
 #=================================================
 # END OF SCRIPT
 #=================================================

scripts/upgrade

@@ -9,78 +9,66 @@ source /usr/share/yunohost/helpers
 
 # Removing configuration files with naming that occured in versions < 1.2.0 ("vpnadmin" instead off "$app")
 if [ -d /var/www/vpnadmin ]; then
-  ynh_secure_remove /var/www/vpnadmin
+  ynh_safe_rm /var/www/vpnadmin
 fi
 
 # Old stuff
 
 if [ -f /etc/nginx/conf.d/*.d/$app.conf ]; then
-	ynh_secure_remove /etc/nginx/conf.d/*.d/$app.conf
-    ynh_systemd_action --service_name=nginx --action=reload
+	ynh_safe_rm /etc/nginx/conf.d/*.d/$app.conf
+  ynh_systemctl --service="nginx" --action="reload"
 fi
 
 for php_path in $(ls /etc/php/*/fpm/pool.d/$app.conf 2> /dev/null); do
-	ynh_secure_remove $php_path
+	ynh_safe_rm "$php_path"
 done
 
 if [ -d /var/www/$app ]; then
-	ynh_secure_remove /var/www/$app
+	ynh_safe_rm "/var/www/$app"
 fi
 
-[ -z "${domain:-}" ] || ynh_app_setting_delete $app domain
-[ -z "${path:-}" ] || ynh_app_setting_delete $app path
-[ -z "${is_public:-}" ] || ynh_app_setting_delete $app is_public
-[ -z "${install_dir:-}" ] || ynh_app_setting_delete $app install_dir
+[ -z "${domain:-}" ] || ynh_app_setting_delete domain
+[ -z "${path:-}" ] || ynh_app_setting_delete path
+[ -z "${is_public:-}" ] || ynh_app_setting_delete is_public
+[ -z "${install_dir:-}" ] || ynh_app_setting_delete install_dir
 
 if [ -e "/etc/sudoers.d/${app}_ynh" ]; then
-  ynh_secure_remove "/etc/sudoers.d/${app}_ynh"
+  ynh_safe_rm "/etc/sudoers.d/${app}_ynh"
 fi
 
 if [ -e "/etc/yunohost/hooks.d/90-vpnclient.tpl" ]; then
-  ynh_secure_remove "/etc/yunohost/hooks.d/90-vpnclient.tpl"
+  ynh_safe_rm "/etc/yunohost/hooks.d/90-vpnclient.tpl"
 fi
 
 if [ -e "/etc/openvpn/client.conf.tpl" ]; then
-  ynh_secure_remove "/etc/openvpn/client.conf.tpl"
+  ynh_safe_rm "/etc/openvpn/client.conf.tpl"
 fi
 
 # New stuff
 
-if [ -z "${dns_method:-}" ]; then
-    ynh_app_setting_set --app=$app --key=dns_method --value=custom
-fi
-if [ -z "${nameservers:-}" ]; then
-    nameservers="$(grep -o -P '\s*nameserver\s+\K[abcdefabcdef\d.:]+' /etc/resolv.dnsmasq.conf | sort | uniq | paste -s -d, -)"
-    ynh_app_setting_set --app=$app --key=nameservers --value="$nameservers"
-fi
-if [ -z "${service_enabled:-}" ]; then
-    ynh_app_setting_set --app=$app --key=service_enabled --value=0
-fi
-if [ -z "${ip6_addr:-}" ]; then
-    ynh_app_setting_set --app=$app --key=ip6_addr --value=""
-fi
-if [ -z "${ip6_net:-}" ]; then
-    ynh_app_setting_set --app=$app --key=ip6_net --value=""
-fi
-if [ -z "${ip6_send_over_tun_enabled:-}" ]; then
-    ynh_app_setting_set --app=$app --key=ip6_send_over_tun_enabled --value=0
-fi
+ynh_app_setting_set_default --key="dns_method" --value="custom"
+default_nameservers="$(grep -o -P '\s*nameserver\s+\K[abcdefabcdef\d.:]+' /etc/resolv.dnsmasq.conf | sort | uniq | paste -s -d, -)"
+ynh_app_setting_set_default --key="nameservers" --value="$default_nameservers"
+ynh_app_setting_set_default --key="service_enabled" --value="0"
+ynh_app_setting_set_default --key="ip6_addr" --value=""
+ynh_app_setting_set_default --key="ip6_net" --value=""
+ynh_app_setting_set_default --key="ip6_send_over_tun_enabled" --value="0"
 
 #=================================================
 # UPGRADE FROM BUSTER TO BULLSEYE
 #=================================================
 
 if [ -e "/etc/systemd/system/openvpn@.service" ]; then
-  ynh_secure_remove "/etc/systemd/system/openvpn@.service"
+  ynh_safe_rm "/etc/systemd/system/openvpn@.service"
 fi
 
 #=================================================
 # DEPLOY FILES FROM PACKAGE
 #=================================================
 
-ynh_print_info --message="Stopping VPN client to apply config changes..."
+ynh_print_info "Stopping VPN client to apply config changes..."
 
-ynh_systemd_action --action="stop" --service_name="$service_checker_name.timer"
+ynh_systemctl --action="stop" --service="$service_checker_name.timer"
 yunohost service stop $service_name
 
 # Keep a copy of existing config files before overwriting them
@@ -116,7 +104,7 @@ for config_file in ${tmp_dir}/client.{conf,cube,ovpn}; do
     cp "${config_file}" /etc/openvpn/
   fi
 done
-ynh_secure_remove ${tmp_dir}
+ynh_safe_rm "${tmp_dir}"
 
 #=================================================
 # SERVICE INTEGRATION IN YUNOHOST
@@ -128,11 +116,11 @@ ynh_print_info "Configuring VPN client services..."
 # main service
 yunohost service add $service_name --description "Tunnels the internet traffic through a VPN" --need_lock --test_status="systemctl is-active openvpn@client.service" --log "/var/log/ynh-vpnclient.log"
 
-ynh_use_logrotate --logfile="/var/log/ynh-vpnclient.log"
-ynh_use_logrotate --logfile="/var/log/openvpn-client.log"
+ynh_config_add_logrotate "/var/log/ynh-vpnclient.log"
+ynh_config_add_logrotate "/var/log/openvpn-client.log"
 
 # checker service (this service was previously integrated in yunohost but we do not do this anymore)
-if ynh_exec_warn_less yunohost service status $service_checker_name >/dev/null
+if ynh_hide_warnings yunohost service status $service_checker_name >/dev/null
 then
     yunohost service remove $service_checker_name
 fi
@@ -144,7 +132,7 @@ ynh_print_info "Restart services..."
 
 # this is meant to propagate the new files and configs
 yunohost service start $service_name
-ynh_systemd_action --action="start" --service_name="$service_checker_name.timer"
+ynh_systemctl --action="start" --service="$service_checker_name.timer"
 
 #=================================================
 # END OF SCRIPT

tests.toml

@@ -4,6 +4,6 @@ test_format = 1.0
 
 [default]
 
-    [default.test_upgrade_from.0d2a6b1d]
-    name = "v1 era"
+    [default.test_upgrade_from.179f9fa]
+    name = "v2.2"
     args.domain = "domain.tld"