Since update to v8.2.1 backups fail with "Too many empty directories"

@SebGG this is normal behavior starting from 8.2 . we put this check in place to prevent backup or app data corruption .

• Too many empty folders. This means that something suspect is going on with the app . When you create too many empty dirs, you run out of inodes over time and this leads to fs corruption. Since empty dirs don't show up in du listings, people wonder why fs is becoming fullish when files are not taking space

• Too many executables. This is a security issue if data files are executable. In most cases, this is because user used a tarball which had incorrect permissions inside it . Or the mount permissions or wrong.

So, the backup failure is a way for end users to check on both the things above.

Yes, ultimately we use https://nodejs.org/api/crypto.html#cryptoscryptsyncpassword-salt-keylen-options to derive a key from the password . It has no length restrictions (per the docs).

@Lanhild I can fix the package to only do this when Cloudron OIDC is enabled.

@SunDevil it seems there is a whole bunch of node modules installed via apt on the system. Cloudron doesn't install these. Cloudron installs the node version it wants under /usr/local/node-20.18.0/ and then creates a symlink. Something like this:

apt remove nodejs
ln -sf /usr/local/node-20.18.0/bin/node /usr/bin/node

After this, node should be 20.18.0 . Then, you can systemctl restart box and it will start with the correct node.

@rbzvr pushed a mr - https://git.cloudron.io/packages/vpn-app/-/merge_requests/26

To summarize the situation:

• starting 8.2, it seems the mail server has started to prefer using IPv6 for gmail. This wasn't a change in Cloudron consciously at least. I have looked into the Haraka changes and cannot find anything specific there either. I do see that gmail has IPv6 mail servers now, not sure if they were there before or not.

• To fix the situation, you simply have to set IPv6 PTR record . Cloudron has not implemented a IPv6 PTR check in 8.2 but a check is implemented for next release. The PTR record is set in the VPS provider. Usually, IPv6 is allocated a block of addresses and not a single address like IPv4.

• If you run curl https://ipv6.api.cloudron.io/api/v1/helper/public_ip, this will give you the specific IPv6 address that Cloudron is using to connect to gmail. You have to set the PTR for this specific IPv6 address.

• If your VPS provider does not allow you to set IPv6 PTR , then just disable IPv6 in the interfaces. sysctl -w net.ipv6.conf.ens18.disable_ipv6=1 for example . You have to put net.ipv6.conf.ens18.disable_ipv6=1 in your /etc/sysctl.conf for this to persist reboots. After you do this, also disable IPv6 in Cloudron, Network -> IPv6 -> Disable.

@privsec yes

For the backup issue atleast, -R is not needed. Just the top level directory and symlink has to be owned by yellowtent user

@jdaviescoates yes, many have it already. You have to search for CLOUDRON_OIDC_PROVIDER_NAME in the packaging code but maybe @vladimir-d has a more complete list.

@Shai I think you have to contact us at support@ at this point, if you want us to fix it.