Dawarich - Package Updates

TIL that http://env.sh is a valid address.

Just installed the hidden package. There’s no MFA which makes this not „state of the art“ (in a legal sense) and hence not usable for production.

MFA is mandatory according to:
EU

• NIS2 Directive: Mandates MFA for "essential" and "important" entities (energy, health, digital providers, etc.) to ensure supply chain security.
• DORA (Digital Operational Resilience Act): Requires strict identity management and MFA for the financial sector and its cloud service providers.
• GDPR (General Data Protection Regulation): Under Article 32 ("Security of processing"), MFA is considered the "state of the art" requirement for protecting personal data in the cloud.
• PSD2/PSD3: Requires Strong Customer Authentication (SCA) for accessing banking interfaces and authorizing online payments.

USA

• Executive Order 14028: Mandates MFA for all federal agencies and any software service providers (SaaS/Cloud) doing business with the US government.
• FTC Safeguards Rule (GLBA): Explicitly requires MFA for any financial institution (including non-banks like mortgage brokers) to protect customer data.
• HIPAA: While not naming "MFA" specifically in the original text, current HHS guidance treats MFA as a mandatory technical safeguard for protecting electronic Protected Health Information (ePHI).
• NYDFS 23 NYCRR 500: A highly influential New York state regulation requiring MFA for anyone accessing internal networks or cloud-based applications containing non-public information.
• SEC Cybersecurity Rule: Requires public companies to disclose their risk management strategy; lack of MFA is now frequently cited as a material deficiency.

Global Standards

• PCI DSS 4.0: Mandatory MFA for all personnel with access to the Cardholder Data Environment (CDE).
• SOC 2 Type II: While a framework rather than a law, MFA is a baseline requirement for the "Security" trust service criteria in cloud audits.

https://docs.opencloud.eu/docs/admin/configuration/authentication-and-user-management#authentication-with-keycloak suggests that you need integration with Keycloak to have MFA.

https://linkwarden.app/blog/releases/mobile-app:

Today, we’re excited to launch something you’ve been asking for since the very beginning: the official Linkwarden mobile app, now available on iOS and Android.
Here are the highlights so far:

🧩 Create, organize, and browse your links: A native, mobile-first experience with collections, tags, and powerful search.

Save links directly from the share sheet: Send interesting articles from the browser or any other app straight into Linkwarden, no copy-paste required.

Cached data for offline reading: Catch up on long reads, articles, or saved blog posts when you’re away from Wi-Fi.

️ Works with Linkwarden Cloud and self-hosted: Use the same app whether you’re on Linkwarden Cloud or your own self-hosted instance, just point it at your server and sign in.

Built for different screen sizes: Supports iOS / iPadOS, and Android (phones and tablets).

And more coming soon: This first release is just the foundation, expect many improvements and new features soon.

Especially the offline reading feature sounds very exciting for long train rides / flights with unreliable data connections. This puts it well ahead of Linkding, I must say, which seems to just ignore the „mobile first“ requirement (that’s what it is).

iOS App: https://apps.apple.com/app/linkwarden/id6752550960
Android App: https://play.google.com/store/apps/details?id=app.linkwarden

True, not a problem for Cloudron; but as with other such licensed software, it can be a problem for those Cloudron customers who are providers or resellers themselves.

Does that mean it won’t be installable / usable, for the time being (until some day Cloudron‘s backup supports xattr)?

Hashicorp (now IBM) Vault (and all other Hashicorp products such as Terraform) e.g. has a similar license, the BUSL.
Other examples with similar licenses are MongoDB, Kibana, Elasticsearch, Redis…

Here’s a good overview: https://www.goodwinlaw.com/en/insights/publications/2024/09/insights-practices-moving-away-from-open-source-trends-in-licensing

Just a guess, maybe because of https://forum.cloudron.io/post/111732?

3 1/2 years ago? Sorry, no
I don’t even remember what I had for dinner yesterday….

@imc67 … or Firefox?

@swheeler78 said in OpenCloud - Package Updates:

Also, I saw in another post that you were looking for it. It's actually available as a docker container at https://github.com/opencloud-eu

This is the release thread, meaning, it’s already available.

https://github.com/roundcube/roundcubemail/issues

After the last investment rounds (180 mn), it's now valued at 2.5 bn... https://www.heise.de/-10748098

@girish Thanks! After running
sudo -u yellowtent cp -aRlv /media/WD4TB/CloudronBackup/snapshot/mail /media/WD4TB/CloudronBackup/2025-11-10-230001-644/mail_v9.0.7
without error, backups went through without error, as well.
Is there something that can be done to prevent such an error?

I get cp exited with code 1 errors on a backup via rsync to a locally attached USB-HDD:

Nov 11 00:16:14 box:backuptask upload: path snapshot/mail site 59742348-c3f1-490a-aa43-3dc1f1701f47 uploaded: {"transferred":24537785098,"size":24537785098,"fileCount":96084}
Nov 11 00:16:14 box:tasks updating task 21646 with: {"percent":91.47619047619045,"message":"Uploading integrity information to snapshot/mail.backupinfo (mail)"}
Nov 11 00:16:15 box:backupupload upload completed. error: null
Nov 11 00:16:15 box:backuptask runBackupUpload: result - {"result":{"stats":{"transferred":24537785098,"size":24537785098,"fileCount":96084},"integrity":{"signature":"72d32a4ba3105b1a7290323f430f85463992ce714e059553c3995f86bd8584364cf44b481149fe4731e4c2cde6174a7b2c07e19e2c938589594c04bae387550c"}}}
Nov 11 00:16:15 box:backuptask uploadMailSnapshot: took 671.27 seconds
Nov 11 00:16:15 box:backuptask backupMailWithTag: rotating mail snapshot of 59742348-c3f1-490a-aa43-3dc1f1701f47 to 2025-11-10-230001-644/mail_v9.0.7
Nov 11 00:16:15 box:tasks updating task 21646 with: {"percent":91.47619047619045,"message":"Copying /media/WD4TB/CloudronBackup/snapshot/mail to /media/WD4TB/CloudronBackup/2025-11-10-230001-644/mail_v9.0.7"}
Nov 11 00:16:15 box:shell filesystem: cp -aRl /media/WD4TB/CloudronBackup/snapshot/mail /media/WD4TB/CloudronBackup/2025-11-10-230001-644/mail_v9.0.7
Nov 11 00:16:17 box:shell filesystem: cp -aRl /media/WD4TB/CloudronBackup/snapshot/mail /media/WD4TB/CloudronBackup/2025-11-10-230001-644/mail_v9.0.7 errored BoxError: cp exited with code 1 signal null
Nov 11 00:16:17 at ChildProcess.<anonymous> (/home/yellowtent/box/src/shell.js:82:23)
Nov 11 00:16:17 at ChildProcess.emit (node:events:519:28)
Nov 11 00:16:17 at maybeClose (node:internal/child_process:1101:16)
Nov 11 00:16:17 at ChildProcess._handle.onexit (node:internal/child_process:304:5) {
Nov 11 00:16:17 reason: 'Shell Error',
Nov 11 00:16:17 details: {},
Nov 11 00:16:17 stdout: <Buffer >,
Nov 11 00:16:17 stdoutLineCount: 0,
Nov 11 00:16:17 stderr: <Buffer 63 70 3a 20 63 61 6e 6e 6f 74 20 63 72 65 61 74 65 20 68 61 72 64 20 6c 69 6e 6b 20 27 2f 6d 65 64 69 61 2f 57 44 34 54 42 2f 43 6c 6f 75 64 72 6f 6e ... 210 more bytes>,
Nov 11 00:16:17 stderrLineCount: 1,
Nov 11 00:16:17 code: 1,
Nov 11 00:16:17 signal: null,
Nov 11 00:16:17 timedOut: false,
Nov 11 00:16:17 terminated: false
Nov 11 00:16:17 }
Nov 11 00:16:17 box:backuptask copy: copy to 2025-11-10-230001-644/mail_v9.0.7 errored. error: cp exited with code 1 signal null
Nov 11 00:16:17 box:tasks setCompleted - 21646: {"result":null,"error":{"message":"cp exited with code 1 signal null","reason":"External Error"},"percent":100}
Nov 11 00:16:17 box:tasks updating task 21646 with: {"completed":true,"result":null,"error":{"message":"cp exited with code 1 signal null","reason":"External Error"},"percent":100}
Nov 11 00:16:17 box:taskworker Task took 975.553 seconds
Nov 11 00:16:17 BoxError: cp exited with code 1 signal null
Nov 11 00:16:17 at copyInternal (/home/yellowtent/box/src/storage/filesystem.js:217:26)
Nov 11 00:16:17 at process.processTicksAndRejections (node:internal/process/task_queues:105:5)
Nov 11 00:16:17 at async Object.copyDir (/home/yellowtent/box/src/storage/filesystem.js:235:12)
Nov 11 00:16:17 at async Object.copy (/home/yellowtent/box/src/backupformat/rsync.js:311:5)

EDIT: The error persists even after increasing RAM from 4 to 16 GB.

@joseph said in Task 'mvvolume.sh' dies from oom-kill during move of data-directory from local drive to NFS share:

I think rsync requires a server, no?

?
No, not even over SSH. There’s a daemon mode and it can work as a server but it’s not required

Is the manual setup of subdomains still required after https://forum.cloudron.io/post/114771?

@nebulon said in SnappyMail dead?:

more importantly at least one other company seems to be interested in helping out. So lets see how that goes first.

Oh, that's a nice development! Their message almost exactly coincided with me opening this topic

SnappyMail has not have had any updates for over a year now - that‘s not good for a web facing app that holds a trove of sensitive information…
The lack of updates is due to health issues of the maintainer (https://github.com/the-djmaze/snappymail/issues/1911) - yet I wonder whether this app should be delisted?

This is why we can't have nice things:
https://github.com/alam00000/bentopdf/releases/tag/v1.1.4

It recently came to my attention from a user of ours that a company was taking advantage of our open Apache 2.0 license. They repackaged BentoPDF, sold it as a proprietary product at a high price, and offered zero credit or contributions back to the community.
To be blunt, that’s not okay. It undermines the work of every single contributor and the entire spirit of the project.
That’s why we are switching BentoPDF to the AGPLv3 license.
[...]
Here’s what you need to know:

• Commercial use is still allowed. You can continue to use BentoPDF in your products and for your company.
• If you modify BentoPDF and run it as a public-facing service (like a SaaS product), you must now share your source code under the same AGPLv3 license.
  [...]

Most importantly BentoPDF is still free and open source and always will be.