Bump awesomeversion from 22.4.0 to 22.4.1 (#3603)

Bumps [awesomeversion](https://github.com/ludeeus/awesomeversion) from 22.4.0 to 22.4.1.
- [Release notes](https://github.com/ludeeus/awesomeversion/releases)
- [Commits](https://github.com/ludeeus/awesomeversion/compare/22.4.0...22.4.1)

---
updated-dependencies:
- dependency-name: awesomeversion
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.devcontainer/Dockerfile

@@ -1,64 +0,0 @@
-FROM mcr.microsoft.com/vscode/devcontainers/python:0-3.9
-
-ENV \
-    DEBIAN_FRONTEND=noninteractive \
-    VCN_VERSION=0.9.8
-
-SHELL ["/bin/bash", "-c"]
-
-WORKDIR /workspaces
-
-# Set Docker daemon config
-RUN \
-    mkdir -p /etc/docker \
-    && echo '{"storage-driver": "vfs"}' > /etc/docker/daemon.json
-
-# Install Node/Yarn for Frontent
-RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add - \
-    && apt-get update \
-    && apt-get update && apt-get install -y --no-install-recommends \
-        curl \
-        git \
-        apt-utils \
-        apt-transport-https \
-    && echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list \
-    && apt-get update && apt-get install -y --no-install-recommends \
-        nodejs \
-        yarn \
-    && curl -o - https://raw.githubusercontent.com/nvm-sh/nvm/v0.35.3/install.sh | bash \
-    && rm -rf /var/lib/apt/lists/*
-ENV NVM_DIR /root/.nvm
-
-# Install docker
-# https://docs.docker.com/engine/installation/linux/docker-ce/ubuntu/
-RUN apt-get update && apt-get install -y --no-install-recommends \
-        apt-transport-https \
-        ca-certificates \
-        curl \
-        software-properties-common \
-        gpg-agent \
-    && curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add - \
-    && add-apt-repository "deb https://download.docker.com/linux/debian $(lsb_release -cs) stable" \
-    && apt-get update && apt-get install -y --no-install-recommends \
-        docker-ce \
-        docker-ce-cli \
-        containerd.io \
-    && rm -rf /var/lib/apt/lists/*
-
-# Install tools
-RUN apt-get update && apt-get install -y --no-install-recommends \
-        jq \
-        dbus \
-        network-manager \
-        apparmor-utils \
-        libpulse0 \
-    && curl -Lo /bin/vcn https://github.com/codenotary/vcn/releases/download/${VCN_VERSION}/vcn-${VCN_VERSION}-linux-amd64-static \
-    && chmod a+x /bin/vcn \
-    && rm -rf /var/lib/apt/lists/*
-
-# Install Python dependencies from requirements.txt if it exists
-COPY requirements.txt requirements_tests.txt ./
-RUN pip3 install -U setuptools pip \
-    && pip3 install -r requirements.txt -r requirements_tests.txt \
-    && pip3 install tox \
-    && rm -f requirements.txt requirements_tests.txt

.devcontainer/devcontainer.json

@@ -1,11 +1,9 @@
 {
   "name": "Supervisor dev",
-  "context": "..",
-  "dockerFile": "Dockerfile",
-  "appPort": "9123:8123",
-  "postCreateCommand": "pre-commit install",
+  "image": "ghcr.io/home-assistant/devcontainer:supervisor",
+  "appPort": ["9123:8123", "7357:4357"],
+  "postCreateCommand": "bash devcontainer_bootstrap",
   "runArgs": ["-e", "GIT_EDITOR=code --wait", "--privileged"],
-  "containerEnv": { "NVM_DIR": "/usr/local/share/nvm" },
   "extensions": [
     "ms-python.python",
     "ms-python.vscode-pylance",
@@ -13,7 +11,12 @@
     "esbenp.prettier-vscode"
   ],
   "settings": {
-    "terminal.integrated.shell.linux": "/bin/bash",
+    "terminal.integrated.profiles.linux": {
+      "zsh": {
+        "path": "/usr/bin/zsh"
+      }
+    },
+    "terminal.integrated.defaultProfile.linux": "zsh",
     "editor.formatOnPaste": false,
     "editor.formatOnSave": true,
     "editor.formatOnType": true,

.github/release-drafter.yml

@@ -31,6 +31,7 @@ categories:
 
   - title: ":arrow_up: Dependency Updates"
     label: "dependencies"
+    collapse-after: 1
 
 include-labels:
   - "breaking-change"

.github/workflows/builder.yml

@@ -27,12 +27,13 @@ on:
     paths:
       - "rootfs/**"
       - "supervisor/**"
-      - build.json
+      - build.yaml
       - Dockerfile
       - requirements.txt
       - setup.py
 
 env:
+  DEFAULT_PYTHON: 3.9
   BUILD_NAME: supervisor
   BUILD_TYPE: supervisor
   WHEELS_TAG: 3.9-alpine3.14
@@ -49,7 +50,7 @@ jobs:
       requirements: ${{ steps.requirements.outputs.changed }}
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v2.3.4
+        uses: actions/checkout@v3.0.2
         with:
           fetch-depth: 0
 
@@ -84,7 +85,7 @@ jobs:
         arch: ${{ fromJson(needs.init.outputs.architectures) }}
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v2.3.4
+        uses: actions/checkout@v3.0.2
         with:
           fetch-depth: 0
 
@@ -109,14 +110,14 @@ jobs:
 
       - name: Login to DockerHub
         if: needs.init.outputs.publish == 'true'
-        uses: docker/login-action@v1.10.0
+        uses: docker/login-action@v1.14.1
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Login to GitHub Container Registry
         if: needs.init.outputs.publish == 'true'
-        uses: docker/login-action@v1.10.0
+        uses: docker/login-action@v1.14.1
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
@@ -127,41 +128,54 @@ jobs:
         run: echo "BUILD_ARGS=--test" >> $GITHUB_ENV
 
       - name: Build supervisor
-        uses: home-assistant/builder@2021.07.0
+        uses: home-assistant/builder@2022.03.1
         with:
           args: |
             $BUILD_ARGS \
             --${{ matrix.arch }} \
             --target /data \
-            --with-codenotary "${{ secrets.VCN_USER }}" "${{ secrets.VCN_PASSWORD }}" "${{ secrets.VCN_ORG }}" \
-            --validate-from "${{ secrets.VCN_ORG }}" \
             --generic ${{ needs.init.outputs.version }}
+        env:
+          CAS_API_KEY: ${{ secrets.CAS_TOKEN }}
 
   codenotary:
-    name: CodeNotary signature
+    name: CAS signature
     needs: init
     runs-on: ubuntu-latest
     steps:
       - name: Checkout the repository
         if: needs.init.outputs.publish == 'true'
-        uses: actions/checkout@v2.3.4
+        uses: actions/checkout@v3.0.2
         with:
           fetch-depth: 0
 
+      - name: Set up Python ${{ env.DEFAULT_PYTHON }}
+        if: needs.init.outputs.publish == 'true'
+        uses: actions/setup-python@v3.1.2
+        with:
+          python-version: ${{ env.DEFAULT_PYTHON }}
+
       - name: Set version
         if: needs.init.outputs.publish == 'true'
         uses: home-assistant/actions/helpers/version@master
         with:
           type: ${{ env.BUILD_TYPE }}
 
-      - name: Signing image
+      - name: Install dirhash and calc hash
+        if: needs.init.outputs.publish == 'true'
+        id: dirhash
+        run: |
+          pip3 install dirhash
+          dir_hash="$(dirhash "${{ github.workspace }}/supervisor" -a sha256 --match "*.py")"
+          echo "::set-output name=dirhash::${dir_hash}"
+
+      - name: Signing Source
         if: needs.init.outputs.publish == 'true'
         uses: home-assistant/actions/helpers/codenotary@master
         with:
-          source: dir://${{ github.workspace }}
-          user: ${{ secrets.VCN_USER }}
-          password: ${{ secrets.VCN_PASSWORD }}
-          organisation: ${{ secrets.VCN_ORG }}
+          source: hash://${{ steps.dirhash.outputs.dirhash }}
+          asset: supervisor-${{ needs.init.outputs.version }}
+          token: ${{ secrets.CAS_TOKEN }}
 
   version:
     name: Update version
@@ -170,7 +184,7 @@ jobs:
     steps:
       - name: Checkout the repository
         if: needs.init.outputs.publish == 'true'
-        uses: actions/checkout@v2.3.4
+        uses: actions/checkout@v3.0.2
 
       - name: Initialize git
         if: needs.init.outputs.publish == 'true'
@@ -195,11 +209,11 @@ jobs:
     timeout-minutes: 60
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v2.3.4
+        uses: actions/checkout@v3.0.2
 
       - name: Build the Supervisor
         if: needs.init.outputs.publish != 'true'
-        uses: home-assistant/builder@2021.07.0
+        uses: home-assistant/builder@2022.03.1
         with:
           args: |
             --test \
@@ -219,7 +233,7 @@ jobs:
           docker create --name hassio_supervisor \
             --privileged \
             --security-opt seccomp=unconfined \
-            --security-opt apparmor:unconfined \
+            --security-opt apparmor=unconfined \
             -v /run/docker.sock:/run/docker.sock \
             -v /run/dbus:/run/dbus \
             -v /tmp/supervisor/data:/data \
@@ -246,13 +260,13 @@ jobs:
         run: |
           echo "Checking supervisor info"
           test=$(docker exec hassio_cli ha supervisor info --no-progress --raw-json | jq -r '.result')
-          if [ "$test" != "ok" ];then
+          if [ "$test" != "ok" ]; then
             exit 1
           fi
 
           echo "Checking supervisor network info"
           test=$(docker exec hassio_cli ha network info --no-progress --raw-json | jq -r '.result')
-          if [ "$test" != "ok" ];then
+          if [ "$test" != "ok" ]; then
             exit 1
           fi
 
@@ -260,13 +274,19 @@ jobs:
         run: |
           echo "Install Core SSH Add-on"
           test=$(docker exec hassio_cli ha addons install core_ssh --no-progress --raw-json | jq -r '.result')
-          if [ "$test" != "ok" ];then
+          if [ "$test" != "ok" ]; then
+            exit 1
+          fi
+
+          # Make sure it actually installed
+          test=$(docker exec hassio_cli ha addons info core_ssh --no-progress --raw-json | jq -r '.data.version')
+          if [[ "$test" == "null" ]]; then
             exit 1
           fi
 
           echo "Start Core SSH Add-on"
           test=$(docker exec hassio_cli ha addons start core_ssh --no-progress --raw-json | jq -r '.result')
-          if [ "$test" != "ok" ];then
+          if [ "$test" != "ok" ]; then
             exit 1
           fi
 
@@ -275,19 +295,77 @@ jobs:
         run: |
           echo "Enable Content-Trust"
           test=$(docker exec hassio_cli ha security options --content-trust=true --no-progress --raw-json | jq -r '.result')
-          if [ "$test" != "ok" ];then
+          if [ "$test" != "ok" ]; then
             exit 1
           fi
 
           echo "Run supervisor health check"
           test=$(docker exec hassio_cli ha resolution healthcheck --no-progress --raw-json | jq -r '.result')
-          if [ "$test" != "ok" ];then
+          if [ "$test" != "ok" ]; then
             exit 1
           fi
 
           echo "Check supervisor unhealthy"
           test=$(docker exec hassio_cli ha resolution info --no-progress --raw-json | jq -r '.data.unhealthy[]')
-          if [ "$test" != "" ];then
+          if [ "$test" != "" ]; then
+            exit 1
+          fi
+
+          echo "Check supervisor supported"
+          test=$(docker exec hassio_cli ha resolution info --no-progress --raw-json | jq -r '.data.unsupported[]')
+          if [[ "$test" =~ source_mods ]]; then
+            exit 1
+          fi
+
+      - name: Create full backup
+        id: backup
+        run: |
+          test=$(docker exec hassio_cli ha backups new --no-progress --raw-json)
+          if [ "$(echo $test | jq -r '.result')" != "ok" ]; then
+            exit 1
+          fi
+          echo "::set-output name=slug::$(echo $test | jq -r '.data.slug')"
+
+      - name: Uninstall SSH add-on
+        run: |
+          test=$(docker exec hassio_cli ha addons uninstall core_ssh --no-progress --raw-json | jq -r '.result')
+          if [ "$test" != "ok" ]; then
+            exit 1
+          fi
+
+      - name: Restart supervisor
+        run: |
+          test=$(docker exec hassio_cli ha supervisor restart --no-progress --raw-json | jq -r '.result')
+          if [ "$test" != "ok" ]; then
+            exit 1
+          fi
+
+      - name: Wait for Supervisor to come up
+        run: |
+          SUPERVISOR=$(docker inspect --format='{{.NetworkSettings.IPAddress}}' hassio_supervisor)
+          ping="error"
+          while [ "$ping" != "ok" ]; do
+            ping=$(curl -sSL "http://$SUPERVISOR/supervisor/ping" | jq -r '.result')
+            sleep 5
+          done
+
+      - name: Restore SSH add-on from backup
+        run: |
+          test=$(docker exec hassio_cli ha backups restore ${{ steps.backup.outputs.slug }} --addons core_ssh --no-progress --raw-json | jq -r '.result')
+          if [ "$test" != "ok" ]; then
+            exit 1
+          fi
+
+          # Make sure it actually installed
+          test=$(docker exec hassio_cli ha addons info core_ssh --no-progress --raw-json | jq -r '.data.version')
+          if [[ "$test" == "null" ]]; then
+            exit 1
+          fi
+
+      - name: Restore SSL directory from backup
+        run: |
+          test=$(docker exec hassio_cli ha backups restore ${{ steps.backup.outputs.slug }} --folders ssl --no-progress --raw-json | jq -r '.result')
+          if [ "$test" != "ok" ]; then
             exit 1
           fi
 

.github/workflows/ci.yaml

@@ -10,7 +10,7 @@ on:
 env:
   DEFAULT_PYTHON: 3.9
   PRE_COMMIT_HOME: ~/.cache/pre-commit
-  DEFAULT_VCN: v0.9.8
+  DEFAULT_CAS: v1.0.2
 
 jobs:
   # Separate job to pre-populate the base dependency cache
@@ -23,22 +23,19 @@ jobs:
     name: Prepare Python ${{ matrix.python-version }} dependencies
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v2.3.4
+        uses: actions/checkout@v3.0.2
       - name: Set up Python ${{ matrix.python-version }}
         id: python
-        uses: actions/setup-python@v2.2.2
+        uses: actions/setup-python@v3.1.2
         with:
           python-version: ${{ matrix.python-version }}
       - name: Restore Python virtual environment
         id: cache-venv
-        uses: actions/cache@v2.1.6
+        uses: actions/cache@v3.0.2
         with:
           path: venv
           key: |
             ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
-          restore-keys: |
-            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-${{ hashFiles('requirements.txt') }}
-            ${{ runner.os }}-venv-${{ steps.python.outputs.python-version }}-
       - name: Create Python virtual environment
         if: steps.cache-venv.outputs.cache-hit != 'true'
         run: |
@@ -48,7 +45,7 @@ jobs:
           pip install -r requirements.txt -r requirements_tests.txt
       - name: Restore pre-commit environment from cache
         id: cache-precommit
-        uses: actions/cache@v2.1.6
+        uses: actions/cache@v3.0.2
         with:
           path: ${{ env.PRE_COMMIT_HOME }}
           key: |
@@ -67,15 +64,15 @@ jobs:
     needs: prepare
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v2.3.4
+        uses: actions/checkout@v3.0.2
       - name: Set up Python ${{ env.DEFAULT_PYTHON }}
-        uses: actions/setup-python@v2.2.2
+        uses: actions/setup-python@v3.1.2
         id: python
         with:
           python-version: ${{ env.DEFAULT_PYTHON }}
       - name: Restore Python virtual environment
         id: cache-venv
-        uses: actions/cache@v2.1.6
+        uses: actions/cache@v3.0.2
         with:
           path: venv
           key: |
@@ -96,7 +93,7 @@ jobs:
     needs: prepare
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v2.3.4
+        uses: actions/checkout@v3.0.2
       - name: Register hadolint problem matcher
         run: |
           echo "::add-matcher::.github/workflows/matchers/hadolint.json"
@@ -111,15 +108,15 @@ jobs:
     needs: prepare
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v2.3.4
+        uses: actions/checkout@v3.0.2
       - name: Set up Python ${{ env.DEFAULT_PYTHON }}
-        uses: actions/setup-python@v2.2.2
+        uses: actions/setup-python@v3.1.2
         id: python
         with:
           python-version: ${{ env.DEFAULT_PYTHON }}
       - name: Restore Python virtual environment
         id: cache-venv
-        uses: actions/cache@v2.1.6
+        uses: actions/cache@v3.0.2
         with:
           path: venv
           key: |
@@ -131,7 +128,7 @@ jobs:
           exit 1
       - name: Restore pre-commit environment from cache
         id: cache-precommit
-        uses: actions/cache@v2.1.6
+        uses: actions/cache@v3.0.2
         with:
           path: ${{ env.PRE_COMMIT_HOME }}
           key: |
@@ -155,15 +152,15 @@ jobs:
     needs: prepare
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v2.3.4
+        uses: actions/checkout@v3.0.2
       - name: Set up Python ${{ env.DEFAULT_PYTHON }}
-        uses: actions/setup-python@v2.2.2
+        uses: actions/setup-python@v3.1.2
         id: python
         with:
           python-version: ${{ env.DEFAULT_PYTHON }}
       - name: Restore Python virtual environment
         id: cache-venv
-        uses: actions/cache@v2.1.6
+        uses: actions/cache@v3.0.2
         with:
           path: venv
           key: |
@@ -187,15 +184,15 @@ jobs:
     needs: prepare
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v2.3.4
+        uses: actions/checkout@v3.0.2
       - name: Set up Python ${{ env.DEFAULT_PYTHON }}
-        uses: actions/setup-python@v2.2.2
+        uses: actions/setup-python@v3.1.2
         id: python
         with:
           python-version: ${{ env.DEFAULT_PYTHON }}
       - name: Restore Python virtual environment
         id: cache-venv
-        uses: actions/cache@v2.1.6
+        uses: actions/cache@v3.0.2
         with:
           path: venv
           key: |
@@ -207,7 +204,7 @@ jobs:
           exit 1
       - name: Restore pre-commit environment from cache
         id: cache-precommit
-        uses: actions/cache@v2.1.6
+        uses: actions/cache@v3.0.2
         with:
           path: ${{ env.PRE_COMMIT_HOME }}
           key: |
@@ -228,15 +225,15 @@ jobs:
     needs: prepare
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v2.3.4
+        uses: actions/checkout@v3.0.2
       - name: Set up Python ${{ env.DEFAULT_PYTHON }}
-        uses: actions/setup-python@v2.2.2
+        uses: actions/setup-python@v3.1.2
         id: python
         with:
           python-version: ${{ env.DEFAULT_PYTHON }}
       - name: Restore Python virtual environment
         id: cache-venv
-        uses: actions/cache@v2.1.6
+        uses: actions/cache@v3.0.2
         with:
           path: venv
           key: |
@@ -248,7 +245,7 @@ jobs:
           exit 1
       - name: Restore pre-commit environment from cache
         id: cache-precommit
-        uses: actions/cache@v2.1.6
+        uses: actions/cache@v3.0.2
         with:
           path: ${{ env.PRE_COMMIT_HOME }}
           key: |
@@ -272,15 +269,15 @@ jobs:
     needs: prepare
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v2.3.4
+        uses: actions/checkout@v3.0.2
       - name: Set up Python ${{ env.DEFAULT_PYTHON }}
-        uses: actions/setup-python@v2.2.2
+        uses: actions/setup-python@v3.1.2
         id: python
         with:
           python-version: ${{ env.DEFAULT_PYTHON }}
       - name: Restore Python virtual environment
         id: cache-venv
-        uses: actions/cache@v2.1.6
+        uses: actions/cache@v3.0.2
         with:
           path: venv
           key: |
@@ -304,15 +301,15 @@ jobs:
     needs: prepare
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v2.3.4
+        uses: actions/checkout@v3.0.2
       - name: Set up Python ${{ env.DEFAULT_PYTHON }}
-        uses: actions/setup-python@v2.2.2
+        uses: actions/setup-python@v3.1.2
         id: python
         with:
           python-version: ${{ env.DEFAULT_PYTHON }}
       - name: Restore Python virtual environment
         id: cache-venv
-        uses: actions/cache@v2.1.6
+        uses: actions/cache@v3.0.2
         with:
           path: venv
           key: |
@@ -324,7 +321,7 @@ jobs:
           exit 1
       - name: Restore pre-commit environment from cache
         id: cache-precommit
-        uses: actions/cache@v2.1.6
+        uses: actions/cache@v3.0.2
         with:
           path: ${{ env.PRE_COMMIT_HOME }}
           key: |
@@ -348,19 +345,19 @@ jobs:
     name: Run tests Python ${{ matrix.python-version }}
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v2.3.4
+        uses: actions/checkout@v3.0.2
       - name: Set up Python ${{ matrix.python-version }}
-        uses: actions/setup-python@v2.2.2
+        uses: actions/setup-python@v3.1.2
         id: python
         with:
           python-version: ${{ matrix.python-version }}
-      - name: Install VCN tools
-        uses: home-assistant/actions/helpers/vcn@master
+      - name: Install CAS tools
+        uses: home-assistant/actions/helpers/cas@master
         with:
-          vnc_version: ${{ env.DEFAULT_VCN }}
+          version: ${{ env.DEFAULT_CAS }}
       - name: Restore Python virtual environment
         id: cache-venv
-        uses: actions/cache@v2.1.6
+        uses: actions/cache@v3.0.2
         with:
           path: venv
           key: |
@@ -395,7 +392,7 @@ jobs:
             -o console_output_style=count \
             tests
       - name: Upload coverage artifact
-        uses: actions/upload-artifact@v2.2.4
+        uses: actions/upload-artifact@v3.0.0
         with:
           name: coverage-${{ matrix.python-version }}
           path: .coverage
@@ -406,15 +403,15 @@ jobs:
     needs: pytest
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v2.3.4
+        uses: actions/checkout@v3.0.2
       - name: Set up Python ${{ env.DEFAULT_PYTHON }}
-        uses: actions/setup-python@v2.2.2
+        uses: actions/setup-python@v3.1.2
         id: python
         with:
           python-version: ${{ env.DEFAULT_PYTHON }}
       - name: Restore Python virtual environment
         id: cache-venv
-        uses: actions/cache@v2.1.6
+        uses: actions/cache@v3.0.2
         with:
           path: venv
           key: |
@@ -425,7 +422,7 @@ jobs:
           echo "Failed to restore Python virtual environment from cache"
           exit 1
       - name: Download all coverage artifacts
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@v3
       - name: Combine coverage results
         run: |
           . venv/bin/activate
@@ -433,4 +430,4 @@ jobs:
           coverage report
           coverage xml
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v2.1.0
+        uses: codecov/codecov-action@v3.0.0

.github/workflows/lock.yml

@@ -9,12 +9,12 @@ jobs:
   lock:
     runs-on: ubuntu-latest
     steps:
-      - uses: dessant/lock-threads@v2.1.2
+      - uses: dessant/lock-threads@v3.0.0
         with:
           github-token: ${{ github.token }}
-          issue-lock-inactive-days: "30"
-          issue-exclude-created-before: "2020-10-01T00:00:00Z"
+          issue-inactive-days: "30"
+          exclude-issue-created-before: "2020-10-01T00:00:00Z"
           issue-lock-reason: ""
-          pr-lock-inactive-days: "1"
-          pr-exclude-created-before: "2020-11-01T00:00:00Z"
+          pr-inactive-days: "1"
+          exclude-pr-created-before: "2020-11-01T00:00:00Z"
           pr-lock-reason: ""

.github/workflows/release-drafter.yml

@@ -11,7 +11,7 @@ jobs:
     name: Release Drafter
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v2.3.4
+        uses: actions/checkout@v3.0.2
         with:
           fetch-depth: 0
 
@@ -36,7 +36,7 @@ jobs:
           echo "::set-output name=version::$datepre.$newpost"
 
       - name: Run Release Drafter
-        uses: release-drafter/release-drafter@v5
+        uses: release-drafter/release-drafter@v5.19.0
         with:
           tag: ${{ steps.version.outputs.version }}
           name: ${{ steps.version.outputs.version }}

.github/workflows/sentry.yaml

@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v2.3.4
+        uses: actions/checkout@v3.0.2
       - name: Sentry Release
         uses: getsentry/action-release@v1.1.6
         env:

.github/workflows/stale.yml

@@ -9,7 +9,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v4
+      - uses: actions/stale@v5.0.0
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           days-before-stale: 60

.pre-commit-config.yaml

@@ -1,13 +1,13 @@
 repos:
   - repo: https://github.com/psf/black
-    rev: 21.9b0
+    rev: 22.3.0
     hooks:
       - id: black
         args:
           - --safe
           - --quiet
           - --target-version
-          - py38
+          - py39
         files: ^((supervisor|tests)/.+)?[^/]+\.py$
   - repo: https://gitlab.com/pycqa/flake8
     rev: 3.8.3
@@ -23,12 +23,12 @@ repos:
       - id: check-executables-have-shebangs
         stages: [manual]
       - id: check-json
-  - repo: https://github.com/pre-commit/mirrors-isort
-    rev: v4.3.21
+  - repo: https://github.com/PyCQA/isort
+    rev: 5.9.3
     hooks:
       - id: isort
   - repo: https://github.com/asottile/pyupgrade
-    rev: v2.26.0
+    rev: v2.32.0
     hooks:
       - id: pyupgrade
         args: [--py39-plus]

.vscode/tasks.json

@@ -4,7 +4,7 @@
     {
       "label": "Run Supervisor",
       "type": "shell",
-      "command": "./scripts/supervisor.sh",
+      "command": "supervisor_run",
       "group": {
         "kind": "test",
         "isDefault": true

Dockerfile

@@ -5,18 +5,18 @@ ENV \
     S6_SERVICES_GRACETIME=10000 \
     SUPERVISOR_API=http://localhost
 
-ARG BUILD_ARCH
-ARG VCN_VERSION
-WORKDIR /usr/src
+ARG \
+    BUILD_ARCH \
+    CAS_VERSION
 
 # Install base
+WORKDIR /usr/src
 RUN \
     set -x \
     && apk add --no-cache \
         eudev \
         eudev-libs \
         git \
-        glib \
         libffi \
         libpulse \
         musl \
@@ -25,29 +25,15 @@ RUN \
         build-base \
         go \
     \
-    && git clone -b v${VCN_VERSION} --depth 1 \
-        https://github.com/codenotary/vcn \
-    && cd vcn \
-    \
-    && if [ "${BUILD_ARCH}" = "armhf" ]; then \
-        GOARM=6 GOARCH=arm go build -o vcn -ldflags="-s -w" ./cmd/vcn; \
-    elif [ "${BUILD_ARCH}" = "armv7" ]; then \
-        GOARM=7 GOARCH=arm go build -o vcn -ldflags="-s -w" ./cmd/vcn; \
-    elif [ "${BUILD_ARCH}" = "aarch64" ]; then \
-        GOARCH=arm64 go build -o vcn -ldflags="-s -w" ./cmd/vcn; \
-    elif [ "${BUILD_ARCH}" = "i386" ]; then \
-        GOARCH=386 go build -o vcn -ldflags="-s -w" ./cmd/vcn; \
-    elif [ "${BUILD_ARCH}" = "amd64" ]; then \
-        GOARCH=amd64 go build -o vcn -ldflags="-s -w" ./cmd/vcn; \
-    else \
-        exit 1; \
-    fi \
-    \
-    && rm -rf /root/go /root/.cache \
-    && mv vcn /usr/bin/vcn \
+    && git clone -b "v${CAS_VERSION}" --depth 1 \
+        https://github.com/codenotary/cas \
+    && cd cas \
+    && make cas \
+    && mv cas /usr/bin/cas \
     \
     && apk del .build-dependencies \
-    && rm -rf /usr/src/vcn
+    && rm -rf /root/go /root/.cache \
+    && rm -rf /usr/src/cas
 
 # Install requirements
 COPY requirements.txt .

build.json

@@ -1,24 +0,0 @@
-{
-  "image": "homeassistant/{arch}-hassio-supervisor",
-  "shadow_repository": "ghcr.io/home-assistant",
-  "build_from": {
-    "aarch64": "ghcr.io/home-assistant/aarch64-base-python:3.9-alpine3.14",
-    "armhf": "ghcr.io/home-assistant/armhf-base-python:3.9-alpine3.14",
-    "armv7": "ghcr.io/home-assistant/armv7-base-python:3.9-alpine3.14",
-    "amd64": "ghcr.io/home-assistant/amd64-base-python:3.9-alpine3.14",
-    "i386": "ghcr.io/home-assistant/i386-base-python:3.9-alpine3.14"
-  },
-  "args": {
-    "VCN_VERSION": "0.9.8"
-  },
-  "labels": {
-    "io.hass.type": "supervisor",
-    "org.opencontainers.image.title": "Home Assistant Supervisor",
-    "org.opencontainers.image.description": "Container-based system for managing Home Assistant Core installation",
-    "org.opencontainers.image.source": "https://github.com/home-assistant/supervisor",
-    "org.opencontainers.image.authors": "The Home Assistant Authors",
-    "org.opencontainers.image.url": "https://www.home-assistant.io/",
-    "org.opencontainers.image.documentation": "https://www.home-assistant.io/docs/",
-    "org.opencontainers.image.licenses": "Apache License 2.0"
-  }
-}

build.yaml

@@ -0,0 +1,22 @@
+image: homeassistant/{arch}-hassio-supervisor
+shadow_repository: ghcr.io/home-assistant
+build_from:
+  aarch64: ghcr.io/home-assistant/aarch64-base-python:3.9-alpine3.14
+  armhf: ghcr.io/home-assistant/armhf-base-python:3.9-alpine3.14
+  armv7: ghcr.io/home-assistant/armv7-base-python:3.9-alpine3.14
+  amd64: ghcr.io/home-assistant/amd64-base-python:3.9-alpine3.14
+  i386: ghcr.io/home-assistant/i386-base-python:3.9-alpine3.14
+codenotary:
+  signer: notary@home-assistant.io
+  base_image: notary@home-assistant.io
+args:
+  CAS_VERSION: 1.0.2
+labels:
+  io.hass.type: supervisor
+  org.opencontainers.image.title: Home Assistant Supervisor
+  org.opencontainers.image.description: Container-based system for managing Home Assistant Core installation
+  org.opencontainers.image.source: https://github.com/home-assistant/supervisor
+  org.opencontainers.image.authors: The Home Assistant Authors
+  org.opencontainers.image.url: https://www.home-assistant.io/
+  org.opencontainers.image.documentation: https://www.home-assistant.io/docs/
+  org.opencontainers.image.licenses: Apache License 2.0

requirements.txt

@@ -1,20 +1,25 @@
-aiohttp==3.7.4.post0
-async_timeout==3.0.1
+aiodns==3.0.0
+aiohttp==3.8.1
+async_timeout==4.0.2
 atomicwrites==1.4.0
-attrs==21.2.0
-awesomeversion==21.8.1
-brotlipy==0.7.0
+attrs==21.4.0
+awesomeversion==22.4.1
+brotli==1.0.9
 cchardet==2.1.7
 ciso8601==2.2.0
-colorlog==6.4.1
+colorlog==6.6.0
 cpe==1.2.1
-cryptography==3.4.6
-debugpy==1.4.3
-docker==5.0.2
-gitpython==3.1.24
-jinja2==3.0.1
-pulsectl==21.9.1
-pyudev==0.22.0
-ruamel.yaml==0.15.100
-sentry-sdk==1.4.0
-voluptuous==0.12.2
+cryptography==36.0.2
+debugpy==1.6.0
+deepmerge==1.0.1
+dirhash==0.2.1
+docker==5.0.3
+gitpython==3.1.27
+jinja2==3.1.1
+pulsectl==22.3.2
+pyudev==0.23.2
+ruamel.yaml==0.17.17
+securetar==2022.2.0
+sentry-sdk==1.5.10
+voluptuous==0.13.1
+dbus-next==0.2.3

requirements_tests.txt

@@ -1,14 +1,14 @@
-black==21.9b0
+black==22.3.0
 codecov==2.1.12
-coverage==5.5
+coverage==6.3.2
 flake8-docstrings==1.6.0
-flake8==3.9.2
-pre-commit==2.15.0
+flake8==4.0.1
+pre-commit==2.18.1
 pydocstyle==6.1.1
-pylint==2.11.1
+pylint==2.13.7
 pytest-aiohttp==0.3.0
 pytest-asyncio==0.12.0 # NB!: Versions over 0.12.0 breaks pytest-aiohttp (https://github.com/aio-libs/pytest-aiohttp/issues/16)
-pytest-cov==2.12.1
-pytest-timeout==1.4.2
-pytest==6.2.5
-pyupgrade==2.26.0.post1
+pytest-cov==3.0.0
+pytest-timeout==2.1.0
+pytest==7.1.2
+pyupgrade==2.32.0

rootfs/etc/services.d/supervisor/run

@@ -3,5 +3,6 @@
 # Start Supervisor service
 # ==============================================================================
 export LD_PRELOAD="/usr/local/lib/libjemalloc.so.2"
+export MALLOC_CONF="background_thread:true,metadata_thp:auto"
 
 exec python3 -m supervisor

rootfs/etc/services.d/watchdog/run

@@ -31,4 +31,4 @@ do
 
 done
 
-basio::exit.nok "Watchdog detected issue with Supervisor - taking container down!"
+bashio::exit.nok "Watchdog detected issue with Supervisor - taking container down!"

rootfs/root/.cas-trusted-signing-pub-key

@@ -0,0 +1,4 @@
+-----BEGIN PUBLIC KEY-----
+MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE03LvYuz79GTJx4uKp3w6NrSe5JZI
+iBtgzzYi0YQYtZO/r+xFpgDJEa0gLHkXtl94fpqrFiN89In83lzaszbZtA==
+-----END PUBLIC KEY-----

rootfs/root/.cas/config.json

@@ -0,0 +1,8 @@
+{
+  "currentcontext": {
+    "LcHost": "cas.codenotary.com",
+    "LcPort": "443"
+  },
+  "schemaversion": 3,
+  "users": null
+}

scripts/common.sh

@@ -1,61 +0,0 @@
-#!/bin/bash
-
-function start_docker() {
-    local starttime
-    local endtime
-
-    update-alternatives --set iptables /usr/sbin/iptables-legacy || echo "Fails adjust iptables"
-    update-alternatives --set ip6tables /usr/sbin/iptables-legacy || echo "Fails adjust ip6tables"
-
-    echo "Starting docker."
-    dockerd 2> /dev/null &
-    DOCKER_PID=$!
-
-    echo "Waiting for docker to initialize..."
-    starttime="$(date +%s)"
-    endtime="$(date +%s)"
-    until docker info >/dev/null 2>&1; do
-        if [[ $((endtime - starttime)) -le $DOCKER_TIMEOUT ]]; then
-            sleep 1
-            endtime=$(date +%s)
-        else
-            echo "Timeout while waiting for docker to come up"
-            exit 1
-        fi
-    done
-    echo "Docker was initialized"
-}
-
-function stop_docker() {
-    local starttime
-    local endtime
-
-    echo "Stopping in container docker..."
-    if [ "$DOCKER_PID" -gt 0 ] && kill -0 "$DOCKER_PID" 2> /dev/null; then
-        starttime="$(date +%s)"
-        endtime="$(date +%s)"
-
-        # Now wait for it to die
-        kill "$DOCKER_PID"
-        while kill -0 "$DOCKER_PID" 2> /dev/null; do
-            if [[ $((endtime - starttime)) -le $DOCKER_TIMEOUT ]]; then
-                sleep 1
-                endtime=$(date +%s)
-            else
-                echo "Timeout while waiting for container docker to die"
-                exit 1
-            fi
-        done
-    else
-        echo "Your host might have been left with unreleased resources"
-    fi
-}
-
-function cleanup_lastboot() {
-    if [[ -f /workspaces/test_supervisor/config.json ]]; then
-        echo "Cleaning up last boot"
-        cp /workspaces/test_supervisor/config.json /tmp/config.json
-        jq -rM 'del(.last_boot)' /tmp/config.json > /workspaces/test_supervisor/config.json
-        rm /tmp/config.json
-    fi
-}

scripts/supervisor.sh

@@ -1,133 +0,0 @@
-#!/bin/bash
-source "${BASH_SOURCE[0]%/*}/common.sh"
-
-set -eE
-
-DOCKER_TIMEOUT=30
-DOCKER_PID=0
-
-function build_supervisor() {
-    docker pull homeassistant/amd64-builder:dev
-
-    docker run --rm \
-        --privileged \
-        -v /run/docker.sock:/run/docker.sock \
-        -v "$(pwd):/data" \
-        homeassistant/amd64-builder:dev \
-            --generic latest \
-            --target /data \
-            --test \
-            --amd64 \
-            --no-cache
-}
-
-
-function cleanup_docker() {
-    echo "Cleaning up stopped containers..."
-    docker rm $(docker ps -a -q) || true
-}
-
-
-function run_supervisor() {
-    mkdir -p /workspaces/test_supervisor
-
-    echo "Start Supervisor"
-    docker run --rm --privileged \
-        --name hassio_supervisor \
-        --privileged \
-        --security-opt seccomp=unconfined \
-        --security-opt apparmor:unconfined \
-        -v /run/docker.sock:/run/docker.sock:rw \
-        -v /run/dbus:/run/dbus:ro \
-        -v /run/udev:/run/udev:ro \
-        -v "/workspaces/test_supervisor":/data:rw \
-        -v /etc/machine-id:/etc/machine-id:ro \
-        -v /workspaces/supervisor:/usr/src/supervisor \
-        -e SUPERVISOR_SHARE="/workspaces/test_supervisor" \
-        -e SUPERVISOR_NAME=hassio_supervisor \
-        -e SUPERVISOR_DEV=1 \
-        -e SUPERVISOR_MACHINE="qemux86-64" \
-        homeassistant/amd64-hassio-supervisor:latest
-
-}
-
-
-function init_dbus() {
-    if pgrep dbus-daemon; then
-        echo "Dbus is running"
-        return 0
-    fi
-
-    echo "Startup dbus"
-    mkdir -p /var/lib/dbus
-    cp -f /etc/machine-id /var/lib/dbus/machine-id
-
-    # cleanups
-    mkdir -p /run/dbus
-    rm -f /run/dbus/pid
-
-    # run
-    dbus-daemon --system --print-address
-}
-
-
-function init_udev() {
-    if pgrep systemd-udevd; then
-        echo "udev is running"
-        return 0
-    fi
-
-    echo "Startup udev"
-
-    # cleanups
-    mkdir -p /run/udev
-
-    # run
-    /lib/systemd/systemd-udevd --daemon
-    sleep 3
-    udevadm trigger && udevadm settle
-}
-
-function init_os-agent() {
-    if pgrep os-agent; then
-        echo "os-agent is running"
-        return 0
-    fi
-
-    if [ ! -f /usr/sbin/os-agent ]; then
-        curl -Lo /usr/sbin/os-agent https://github.com/home-assistant/os-agent/releases/latest/download/os-agent-debian-amd64.bin
-        curl -Lo /etc/dbus-1/system.d/io.hass.conf https://raw.githubusercontent.com/home-assistant/os-agent/main/contrib/io.hass.conf
-        chmod a+x /usr/sbin/os-agent
-    fi
-
-    /usr/sbin/os-agent &
-}
-
-echo "Run Supervisor"
-
-start_docker
-trap "stop_docker" ERR
-
-
-if [ "$( docker container inspect -f '{{.State.Status}}' hassio_supervisor )" == "running" ]; then
-    echo "Restarting Supervisor"
-    docker rm -f hassio_supervisor
-    init_dbus
-    init_udev
-    init_os-agent
-    cleanup_lastboot
-    run_supervisor
-    stop_docker
-
-else
-    echo "Starting Supervisor"
-    docker system prune -f
-    build_supervisor
-    cleanup_lastboot
-    cleanup_docker
-    init_dbus
-    init_udev
-    init_os-agent
-    run_supervisor
-    stop_docker
-fi

scripts/update-frontend.sh

@@ -1,5 +1,5 @@
 #!/bin/bash
-source "${BASH_SOURCE[0]%/*}/common.sh"
+source "/etc/supervisor_scripts/common"
 
 set -e
 

setup.cfg

@@ -4,9 +4,8 @@ include_trailing_comma=True
 force_grid_wrap=0
 line_length=88
 indent = "    "
-not_skip = __init__.py
 force_sort_within_sections = true
-sections = FUTURE,STDLIB,INBETWEENS,THIRDPARTY,FIRSTPARTY,LOCALFOLDER
+sections = FUTURE,STDLIB,THIRDPARTY,FIRSTPARTY,LOCALFOLDER
 default_section = THIRDPARTY
 forced_separate = tests
 combine_as_imports = true

setup.py

@@ -35,7 +35,7 @@ setup(
         "supervisor.api",
         "supervisor.backups",
         "supervisor.dbus.network",
-        "supervisor.dbus.payloads",
+        "supervisor.dbus.network.setting",
         "supervisor.dbus",
         "supervisor.discovery.services",
         "supervisor.discovery",

supervisor/__main__.py

@@ -39,6 +39,7 @@ if __name__ == "__main__":
 
     _LOGGER.info("Initializing Supervisor setup")
     coresys = loop.run_until_complete(bootstrap.initialize_coresys())
+    loop.set_debug(coresys.config.debug)
     loop.run_until_complete(coresys.core.connect())
 
     bootstrap.supervisor_debugger(coresys)

supervisor/addons/__init__.py

@@ -158,11 +158,11 @@ class AddonManager(CoreSysAttributes):
         store = self.store.get(slug)
 
         if not store:
-            raise AddonsError(f"Add-on {slug} not exists", _LOGGER.error)
+            raise AddonsError(f"Add-on {slug} does not exist", _LOGGER.error)
 
         if not store.available:
             raise AddonsNotSupportedError(
-                f"Add-on {slug} not supported on that platform", _LOGGER.error
+                f"Add-on {slug} not supported on this platform", _LOGGER.error
             )
 
         self.data.install(store)
@@ -178,7 +178,7 @@ class AddonManager(CoreSysAttributes):
         await addon.install_apparmor()
 
         try:
-            await addon.instance.install(store.version, store.image)
+            await addon.instance.install(store.version, store.image, arch=addon.arch)
         except DockerError as err:
             self.data.uninstall(addon)
             raise AddonsError() from err
@@ -252,7 +252,7 @@ class AddonManager(CoreSysAttributes):
         ],
         on_condition=AddonsJobError,
     )
-    async def update(self, slug: str) -> None:
+    async def update(self, slug: str, backup: Optional[bool] = False) -> None:
         """Update add-on."""
         if slug not in self.local:
             raise AddonsError(f"Add-on {slug} is not installed", _LOGGER.error)
@@ -273,6 +273,13 @@ class AddonManager(CoreSysAttributes):
                 f"Add-on {slug} not supported on that platform", _LOGGER.error
             )
 
+        if backup:
+            await self.sys_backups.do_backup_partial(
+                name=f"addon_{addon.slug}_{addon.version}",
+                homeassistant=False,
+                addons=[addon.slug],
+            )
+
         # Update instance
         last_state: AddonState = addon.state
         old_image = addon.image
@@ -306,22 +313,24 @@ class AddonManager(CoreSysAttributes):
     async def rebuild(self, slug: str) -> None:
         """Perform a rebuild of local build add-on."""
         if slug not in self.local:
-            _LOGGER.error("Add-on %s is not installed", slug)
-            raise AddonsError()
+            raise AddonsError(f"Add-on {slug} is not installed", _LOGGER.error)
         addon = self.local[slug]
 
         if addon.is_detached:
-            _LOGGER.error("Add-on %s is not available inside store", slug)
-            raise AddonsError()
+            raise AddonsError(
+                f"Add-on {slug} is not available inside store", _LOGGER.error
+            )
         store = self.store[slug]
 
         # Check if a rebuild is possible now
         if addon.version != store.version:
-            _LOGGER.error("Version changed, use Update instead Rebuild")
-            raise AddonsError()
+            raise AddonsError(
+                "Version changed, use Update instead Rebuild", _LOGGER.error
+            )
         if not addon.need_build:
-            _LOGGER.error("Can't rebuild a image based add-on")
-            raise AddonsNotSupportedError()
+            raise AddonsNotSupportedError(
+                "Can't rebuild a image based add-on", _LOGGER.error
+            )
 
         # remove docker container but not addon config
         last_state: AddonState = addon.state

supervisor/addons/addon.py

@@ -10,9 +10,11 @@ import secrets
 import shutil
 import tarfile
 from tempfile import TemporaryDirectory
-from typing import Any, Awaitable, Optional
+from typing import Any, Awaitable, Final, Optional
 
 import aiohttp
+from deepmerge import Merger
+from securetar import atomic_contents_add, secure_path
 import voluptuous as vol
 from voluptuous.humanize import humanize_error
 
@@ -64,7 +66,6 @@ from ..homeassistant.const import WSEvent, WSType
 from ..utils import check_port
 from ..utils.apparmor import adjust_profile
 from ..utils.json import read_json_file, write_json_file
-from ..utils.tar import atomic_contents_add, secure_path
 from .const import AddonBackupMode
 from .model import AddonModel, Data
 from .options import AddonOptions
@@ -87,6 +88,12 @@ RE_OLD_AUDIO = re.compile(r"\d+,\d+")
 
 WATCHDOG_TIMEOUT = aiohttp.ClientTimeout(total=10)
 
+_OPTIONS_MERGER: Final = Merger(
+    type_strategies=[(dict, ["merge"])],
+    fallback_strategies=["override"],
+    type_conflict_strategies=["override"],
+)
+
 
 class Addon(AddonModel):
     """Hold data for add-on inside Supervisor."""
@@ -112,7 +119,7 @@ class Addon(AddonModel):
         if self._state == new_state:
             return
         self._state = new_state
-        self.sys_homeassistant.websocket.send_command(
+        self.sys_homeassistant.websocket.send_message(
             {
                 ATTR_TYPE: WSType.SUPERVISOR_EVENT,
                 ATTR_DATA: {
@@ -194,7 +201,9 @@ class Addon(AddonModel):
     @property
     def options(self) -> dict[str, Any]:
         """Return options with local changes."""
-        return {**self.data[ATTR_OPTIONS], **self.persist[ATTR_OPTIONS]}
+        return _OPTIONS_MERGER.merge(
+            deepcopy(self.data[ATTR_OPTIONS]), deepcopy(self.persist[ATTR_OPTIONS])
+        )
 
     @options.setter
     def options(self, value: Optional[dict[str, Any]]) -> None:
@@ -578,7 +587,9 @@ class Addon(AddonModel):
             return True
 
         # merge options
-        options = {**self.persist[ATTR_OPTIONS], **default_options}
+        options = _OPTIONS_MERGER.merge(
+            deepcopy(default_options), deepcopy(self.persist[ATTR_OPTIONS])
+        )
 
         # create voluptuous
         new_schema = vol.Schema(
@@ -670,8 +681,9 @@ class Addon(AddonModel):
         Return a coroutine.
         """
         if not self.with_stdin:
-            _LOGGER.error("Add-on %s does not support writing to stdin!", self.slug)
-            raise AddonsNotSupportedError()
+            raise AddonsNotSupportedError(
+                f"Add-on {self.slug} does not support writing to stdin!", _LOGGER.error
+            )
 
         try:
             return await self.instance.write_stdin(data)
@@ -718,24 +730,25 @@ class Addon(AddonModel):
             try:
                 write_json_file(temp_path.joinpath("addon.json"), data)
             except ConfigurationFileError as err:
-                _LOGGER.error("Can't save meta for %s", self.slug)
-                raise AddonsError() from err
+                raise AddonsError(
+                    f"Can't save meta for {self.slug}", _LOGGER.error
+                ) from err
 
             # Store AppArmor Profile
             if self.sys_host.apparmor.exists(self.slug):
                 profile = temp_path.joinpath("apparmor.txt")
                 try:
-                    self.sys_host.apparmor.backup_profile(self.slug, profile)
+                    await self.sys_host.apparmor.backup_profile(self.slug, profile)
                 except HostAppArmorError as err:
-                    _LOGGER.error("Can't backup AppArmor profile")
-                    raise AddonsError() from err
+                    raise AddonsError(
+                        "Can't backup AppArmor profile", _LOGGER.error
+                    ) from err
 
             # write into tarfile
             def _write_tarfile():
                 """Write tar inside loop."""
                 with tar_file as backup:
-                    # Backup system
-
+                    # Backup metadata
                     backup.add(temp, arcname=".")
 
                     # Backup data
@@ -760,8 +773,9 @@ class Addon(AddonModel):
                 _LOGGER.info("Building backup for add-on %s", self.slug)
                 await self.sys_run_in_executor(_write_tarfile)
             except (tarfile.TarError, OSError) as err:
-                _LOGGER.error("Can't write tarfile %s: %s", tar_file, err)
-                raise AddonsError() from err
+                raise AddonsError(
+                    f"Can't write tarfile {tar_file}: {err}", _LOGGER.error
+                ) from err
             finally:
                 if (
                     is_running
@@ -787,8 +801,9 @@ class Addon(AddonModel):
             try:
                 await self.sys_run_in_executor(_extract_tarfile)
             except tarfile.TarError as err:
-                _LOGGER.error("Can't read tarfile %s: %s", tar_file, err)
-                raise AddonsError() from err
+                raise AddonsError(
+                    f"Can't read tarfile {tar_file}: {err}", _LOGGER.error
+                ) from err
 
             # Read backup data
             try:
@@ -800,17 +815,17 @@ class Addon(AddonModel):
             try:
                 data = SCHEMA_ADDON_BACKUP(data)
             except vol.Invalid as err:
-                _LOGGER.error(
-                    "Can't validate %s, backup data: %s",
-                    self.slug,
-                    humanize_error(data, err),
-                )
-                raise AddonsError() from err
+                raise AddonsError(
+                    f"Can't validate {self.slug}, backup data: {humanize_error(data, err)}",
+                    _LOGGER.error,
+                ) from err
 
             # If available
             if not self._available(data[ATTR_SYSTEM]):
-                _LOGGER.error("Add-on %s is not available for this platform", self.slug)
-                raise AddonsNotSupportedError()
+                raise AddonsNotSupportedError(
+                    f"Add-on {self.slug} is not available for this platform",
+                    _LOGGER.error,
+                )
 
             # Restore local add-on information
             _LOGGER.info("Restore config for addon %s", self.slug)
@@ -843,7 +858,11 @@ class Addon(AddonModel):
             # Restore data
             def _restore_data():
                 """Restore data."""
-                shutil.copytree(Path(temp, "data"), self.path_data, symlinks=True)
+                temp_data = Path(temp, "data")
+                if temp_data.is_dir():
+                    shutil.copytree(temp_data, self.path_data, symlinks=True)
+                else:
+                    self.path_data.mkdir()
 
             _LOGGER.info("Restoring data for addon %s", self.slug)
             if self.path_data.is_dir():
@@ -851,8 +870,9 @@ class Addon(AddonModel):
             try:
                 await self.sys_run_in_executor(_restore_data)
             except shutil.Error as err:
-                _LOGGER.error("Can't restore origin data: %s", err)
-                raise AddonsError() from err
+                raise AddonsError(
+                    f"Can't restore origin data: {err}", _LOGGER.error
+                ) from err
 
             # Restore AppArmor
             profile_file = Path(temp, "apparmor.txt")

supervisor/addons/const.py

@@ -10,3 +10,4 @@ class AddonBackupMode(str, Enum):
 
 
 ATTR_BACKUP = "backup"
+ATTR_CODENOTARY = "codenotary"

supervisor/addons/model.py

@@ -79,7 +79,7 @@ from ..const import (
 )
 from ..coresys import CoreSys, CoreSysAttributes
 from ..docker.const import Capabilities
-from .const import ATTR_BACKUP
+from .const import ATTR_BACKUP, ATTR_CODENOTARY
 from .options import AddonOptions, UiOptions
 from .validate import RE_SERVICE, RE_VOLUME
 
@@ -503,6 +503,14 @@ class AddonModel(CoreSysAttributes, ABC):
         """Return list of supported machine."""
         return self.data.get(ATTR_MACHINE, [])
 
+    @property
+    def arch(self) -> str:
+        """Return architecture to use for the addon's image."""
+        if ATTR_IMAGE in self.data:
+            return self.sys_arch.match(self.data[ATTR_ARCH])
+
+        return self.sys_arch.default
+
     @property
     def image(self) -> Optional[str]:
         """Generate image name from data."""
@@ -578,6 +586,16 @@ class AddonModel(CoreSysAttributes, ABC):
         """Return True if the add-on accesses the system journal."""
         return self.data[ATTR_JOURNALD]
 
+    @property
+    def signed(self) -> bool:
+        """Return True if the image is signed."""
+        return ATTR_CODENOTARY in self.data
+
+    @property
+    def codenotary(self) -> Optional[str]:
+        """Return Signer email address for CAS."""
+        return self.data.get(ATTR_CODENOTARY)
+
     def __eq__(self, other):
         """Compaired add-on objects."""
         if not isinstance(other, AddonModel):
@@ -622,9 +640,9 @@ class AddonModel(CoreSysAttributes, ABC):
         """Uninstall this add-on."""
         return self.sys_addons.uninstall(self.slug)
 
-    def update(self) -> Awaitable[None]:
+    def update(self, backup: Optional[bool] = False) -> Awaitable[None]:
         """Update this add-on."""
-        return self.sys_addons.update(self.slug)
+        return self.sys_addons.update(self.slug, backup=backup)
 
     def rebuild(self) -> Awaitable[None]:
         """Rebuild this add-on."""

supervisor/addons/options.py

@@ -167,7 +167,7 @@ class AddonOptions(CoreSysAttributes):
                 device = self.sys_hardware.get_by_path(Path(value))
             except HardwareNotFound:
                 raise vol.Invalid(
-                    f"Device '{value}' does not exists! in {self._name} ({self._slug})"
+                    f"Device '{value}' does not exist in {self._name} ({self._slug})"
                 ) from None
 
             # Have filter

supervisor/addons/utils.py

@@ -16,10 +16,10 @@ _LOGGER: logging.Logger = logging.getLogger(__name__)
 
 
 def rating_security(addon: AddonModel) -> int:
-    """Return 1-6 for security rating.
+    """Return 1-8 for security rating.
 
     1 = not secure
-    6 = high secure
+    8 = high secure
     """
     rating = 5
 
@@ -35,6 +35,10 @@ def rating_security(addon: AddonModel) -> int:
     elif addon.access_auth_api:
         rating += 1
 
+    # Signed
+    if addon.signed:
+        rating += 1
+
     # Privileged options
     if (
         any(
@@ -70,7 +74,7 @@ def rating_security(addon: AddonModel) -> int:
     if addon.access_docker_api or addon.with_full_access:
         rating = 1
 
-    return max(min(6, rating), 1)
+    return max(min(8, rating), 1)
 
 
 async def remove_data(folder: Path) -> None:

supervisor/addons/validate.py

@@ -110,7 +110,7 @@ from ..validate import (
     uuid_match,
     version_tag,
 )
-from .const import ATTR_BACKUP
+from .const import ATTR_BACKUP, ATTR_CODENOTARY
 from .options import RE_SCHEMA_ELEMENT
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
@@ -281,7 +281,7 @@ _SCHEMA_ADDON_CONFIG = vol.Schema(
         vol.Optional(ATTR_PANEL_ICON, default="mdi:puzzle"): str,
         vol.Optional(ATTR_PANEL_TITLE): str,
         vol.Optional(ATTR_PANEL_ADMIN, default=True): vol.Boolean(),
-        vol.Optional(ATTR_HOMEASSISTANT): vol.Maybe(version_tag),
+        vol.Optional(ATTR_HOMEASSISTANT): version_tag,
         vol.Optional(ATTR_HOST_NETWORK, default=False): vol.Boolean(),
         vol.Optional(ATTR_HOST_PID, default=False): vol.Boolean(),
         vol.Optional(ATTR_HOST_IPC, default=False): vol.Boolean(),
@@ -317,6 +317,7 @@ _SCHEMA_ADDON_CONFIG = vol.Schema(
         vol.Optional(ATTR_BACKUP, default=AddonBackupMode.HOT): vol.Coerce(
             AddonBackupMode
         ),
+        vol.Optional(ATTR_CODENOTARY): vol.Email(),
         vol.Optional(ATTR_OPTIONS, default={}): dict,
         vol.Optional(ATTR_SCHEMA, default={}): vol.Any(
             vol.Schema(

supervisor/api/__init__.py

@@ -17,7 +17,6 @@ from .docker import APIDocker
 from .hardware import APIHardware
 from .homeassistant import APIHomeAssistant
 from .host import APIHost
-from .info import APIInfo
 from .ingress import APIIngress
 from .jobs import APIJobs
 from .middleware.security import SecurityMiddleware
@@ -27,6 +26,7 @@ from .observer import APIObserver
 from .os import APIOS
 from .proxy import APIProxy
 from .resolution import APIResoulution
+from .root import APIRoot
 from .security import APISecurity
 from .services import APIServices
 from .store import APIStore
@@ -35,7 +35,7 @@ from .supervisor import APISupervisor
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 
 
-MAX_CLIENT_SIZE: int = 1024 ** 2 * 16
+MAX_CLIENT_SIZE: int = 1024**2 * 16
 
 
 class RestAPI(CoreSysAttributes):
@@ -70,7 +70,7 @@ class RestAPI(CoreSysAttributes):
         self._register_hardware()
         self._register_homeassistant()
         self._register_host()
-        self._register_info()
+        self._register_root()
         self._register_ingress()
         self._register_multicast()
         self._register_network()
@@ -228,12 +228,21 @@ class RestAPI(CoreSysAttributes):
             ]
         )
 
-    def _register_info(self) -> None:
-        """Register info functions."""
-        api_info = APIInfo()
-        api_info.coresys = self.coresys
+    def _register_root(self) -> None:
+        """Register root functions."""
+        api_root = APIRoot()
+        api_root.coresys = self.coresys
 
-        self.webapp.add_routes([web.get("/info", api_info.info)])
+        self.webapp.add_routes([web.get("/info", api_root.info)])
+        self.webapp.add_routes([web.post("/refresh_updates", api_root.refresh_updates)])
+        self.webapp.add_routes(
+            [web.get("/available_updates", api_root.available_updates)]
+        )
+
+        # Remove 2023
+        self.webapp.add_routes(
+            [web.get("/supervisor/available_updates", api_root.available_updates)]
+        )
 
     def _register_resolution(self) -> None:
         """Register info functions."""

supervisor/api/addons.py

@@ -106,11 +106,12 @@ from ..coresys import CoreSysAttributes
 from ..docker.stats import DockerStats
 from ..exceptions import APIError, APIForbidden, PwnedError, PwnedSecret
 from ..validate import docker_ports
+from .const import ATTR_SIGNED
 from .utils import api_process, api_process_raw, api_validate, json_loads
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 
-SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): vol.Coerce(str)})
+SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): str})
 
 # pylint: disable=no-value-for-parameter
 SCHEMA_OPTIONS = vol.Schema(
@@ -118,8 +119,8 @@ SCHEMA_OPTIONS = vol.Schema(
         vol.Optional(ATTR_BOOT): vol.Coerce(AddonBoot),
         vol.Optional(ATTR_NETWORK): vol.Maybe(docker_ports),
         vol.Optional(ATTR_AUTO_UPDATE): vol.Boolean(),
-        vol.Optional(ATTR_AUDIO_OUTPUT): vol.Maybe(vol.Coerce(str)),
-        vol.Optional(ATTR_AUDIO_INPUT): vol.Maybe(vol.Coerce(str)),
+        vol.Optional(ATTR_AUDIO_OUTPUT): vol.Maybe(str),
+        vol.Optional(ATTR_AUDIO_INPUT): vol.Maybe(str),
         vol.Optional(ATTR_INGRESS_PANEL): vol.Boolean(),
         vol.Optional(ATTR_WATCHDOG): vol.Boolean(),
     }
@@ -269,6 +270,7 @@ class APIAddons(CoreSysAttributes):
             ATTR_IP_ADDRESS: None,
             ATTR_TRANSLATIONS: addon.translations,
             ATTR_INGRESS: addon.with_ingress,
+            ATTR_SIGNED: addon.signed,
             ATTR_INGRESS_ENTRY: None,
             ATTR_INGRESS_URL: None,
             ATTR_INGRESS_PORT: None,
@@ -309,7 +311,7 @@ class APIAddons(CoreSysAttributes):
 
         # Extend schema with add-on specific validation
         addon_schema = SCHEMA_OPTIONS.extend(
-            {vol.Optional(ATTR_OPTIONS): vol.Any(None, addon.schema)}
+            {vol.Optional(ATTR_OPTIONS): vol.Maybe(addon.schema)}
         )
 
         # Validate/Process Body
@@ -379,8 +381,10 @@ class APIAddons(CoreSysAttributes):
         slug: str = request.match_info.get("addon")
         if slug != "self":
             raise APIForbidden("This can be only read by the Add-on itself!")
-
         addon = self._extract_addon_installed(request)
+
+        # Lookup/reload secrets
+        await self.sys_homeassistant.secrets.reload()
         try:
             return addon.schema.validate(addon.options)
         except vol.Invalid:

supervisor/api/audio.py

@@ -56,10 +56,10 @@ SCHEMA_MUTE = vol.Schema(
     }
 )
 
-SCHEMA_DEFAULT = vol.Schema({vol.Required(ATTR_NAME): vol.Coerce(str)})
+SCHEMA_DEFAULT = vol.Schema({vol.Required(ATTR_NAME): str})
 
 SCHEMA_PROFILE = vol.Schema(
-    {vol.Required(ATTR_CARD): vol.Coerce(str), vol.Required(ATTR_NAME): vol.Coerce(str)}
+    {vol.Required(ATTR_CARD): str, vol.Required(ATTR_NAME): str}
 )
 
 

supervisor/api/auth.py

@@ -23,8 +23,8 @@ _LOGGER: logging.Logger = logging.getLogger(__name__)
 
 SCHEMA_PASSWORD_RESET = vol.Schema(
     {
-        vol.Required(ATTR_USERNAME): vol.Coerce(str),
-        vol.Required(ATTR_PASSWORD): vol.Coerce(str),
+        vol.Required(ATTR_USERNAME): str,
+        vol.Required(ATTR_PASSWORD): str,
     }
 )
 

supervisor/api/backups.py

@@ -9,10 +9,11 @@ from aiohttp import web
 from aiohttp.hdrs import CONTENT_DISPOSITION
 import voluptuous as vol
 
-from ..backups.validate import ALL_FOLDERS
+from ..backups.validate import ALL_FOLDERS, FOLDER_HOMEASSISTANT
 from ..const import (
     ATTR_ADDONS,
     ATTR_BACKUPS,
+    ATTR_COMPRESSED,
     ATTR_CONTENT,
     ATTR_DATE,
     ATTR_FOLDERS,
@@ -35,31 +36,33 @@ _LOGGER: logging.Logger = logging.getLogger(__name__)
 
 RE_SLUGIFY_NAME = re.compile(r"[^A-Za-z0-9]+")
 
+# Backwards compatible / Remove 2022.08
+_ALL_FOLDERS = ALL_FOLDERS + [FOLDER_HOMEASSISTANT]
+
 # pylint: disable=no-value-for-parameter
 SCHEMA_RESTORE_PARTIAL = vol.Schema(
     {
-        vol.Optional(ATTR_PASSWORD): vol.Any(None, vol.Coerce(str)),
+        vol.Optional(ATTR_PASSWORD): vol.Maybe(str),
         vol.Optional(ATTR_HOMEASSISTANT): vol.Boolean(),
-        vol.Optional(ATTR_ADDONS): vol.All([vol.Coerce(str)], vol.Unique()),
-        vol.Optional(ATTR_FOLDERS): vol.All([vol.In(ALL_FOLDERS)], vol.Unique()),
+        vol.Optional(ATTR_ADDONS): vol.All([str], vol.Unique()),
+        vol.Optional(ATTR_FOLDERS): vol.All([vol.In(_ALL_FOLDERS)], vol.Unique()),
     }
 )
 
-SCHEMA_RESTORE_FULL = vol.Schema(
-    {vol.Optional(ATTR_PASSWORD): vol.Any(None, vol.Coerce(str))}
-)
+SCHEMA_RESTORE_FULL = vol.Schema({vol.Optional(ATTR_PASSWORD): vol.Maybe(str)})
 
 SCHEMA_BACKUP_FULL = vol.Schema(
     {
-        vol.Optional(ATTR_NAME): vol.Coerce(str),
-        vol.Optional(ATTR_PASSWORD): vol.Any(None, vol.Coerce(str)),
+        vol.Optional(ATTR_NAME): str,
+        vol.Optional(ATTR_PASSWORD): vol.Maybe(str),
+        vol.Optional(ATTR_COMPRESSED): vol.Maybe(vol.Boolean()),
     }
 )
 
 SCHEMA_BACKUP_PARTIAL = SCHEMA_BACKUP_FULL.extend(
     {
-        vol.Optional(ATTR_ADDONS): vol.All([vol.Coerce(str)], vol.Unique()),
-        vol.Optional(ATTR_FOLDERS): vol.All([vol.In(ALL_FOLDERS)], vol.Unique()),
+        vol.Optional(ATTR_ADDONS): vol.All([str], vol.Unique()),
+        vol.Optional(ATTR_FOLDERS): vol.All([vol.In(_ALL_FOLDERS)], vol.Unique()),
         vol.Optional(ATTR_HOMEASSISTANT): vol.Boolean(),
     }
 )
@@ -86,7 +89,9 @@ class APIBackups(CoreSysAttributes):
                     ATTR_NAME: backup.name,
                     ATTR_DATE: backup.date,
                     ATTR_TYPE: backup.sys_type,
+                    ATTR_SIZE: backup.size,
                     ATTR_PROTECTED: backup.protected,
+                    ATTR_COMPRESSED: backup.compressed,
                     ATTR_CONTENT: {
                         ATTR_HOMEASSISTANT: backup.homeassistant_version is not None,
                         ATTR_ADDONS: backup.addon_list,
@@ -129,6 +134,7 @@ class APIBackups(CoreSysAttributes):
             ATTR_NAME: backup.name,
             ATTR_DATE: backup.date,
             ATTR_SIZE: backup.size,
+            ATTR_COMPRESSED: backup.compressed,
             ATTR_PROTECTED: backup.protected,
             ATTR_HOMEASSISTANT: backup.homeassistant_version,
             ATTR_ADDONS: data_addons,

supervisor/api/const.py

@@ -1,11 +1,22 @@
 """Const for API."""
 
+ATTR_APPARMOR_VERSION = "apparmor_version"
 ATTR_AGENT_VERSION = "agent_version"
+ATTR_AVAILABLE_UPDATES = "available_updates"
 ATTR_BOOT_TIMESTAMP = "boot_timestamp"
+ATTR_BROADCAST_LLMNR = "broadcast_llmnr"
+ATTR_BROADCAST_MDNS = "broadcast_mdns"
+ATTR_DATA_DISK = "data_disk"
 ATTR_DEVICE = "device"
-ATTR_DISK_DATA = "disk_data"
 ATTR_DT_SYNCHRONIZED = "dt_synchronized"
 ATTR_DT_UTC = "dt_utc"
+ATTR_FALLBACK = "fallback"
+ATTR_LLMNR = "llmnr"
+ATTR_LLMNR_HOSTNAME = "llmnr_hostname"
+ATTR_MDNS = "mdns"
+ATTR_PANEL_PATH = "panel_path"
+ATTR_SIGNED = "signed"
 ATTR_STARTUP_TIME = "startup_time"
+ATTR_UPDATE_TYPE = "update_type"
 ATTR_USE_NTP = "use_ntp"
 ATTR_USE_RTC = "use_rtc"

supervisor/api/dns.py

@@ -26,12 +26,18 @@ from ..const import (
 from ..coresys import CoreSysAttributes
 from ..exceptions import APIError
 from ..validate import dns_server_list, version_tag
+from .const import ATTR_FALLBACK, ATTR_LLMNR, ATTR_MDNS
 from .utils import api_process, api_process_raw, api_validate
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 
 # pylint: disable=no-value-for-parameter
-SCHEMA_OPTIONS = vol.Schema({vol.Optional(ATTR_SERVERS): dns_server_list})
+SCHEMA_OPTIONS = vol.Schema(
+    {
+        vol.Optional(ATTR_SERVERS): dns_server_list,
+        vol.Optional(ATTR_FALLBACK): vol.Boolean(),
+    }
+)
 
 SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): version_tag})
 
@@ -49,15 +55,26 @@ class APICoreDNS(CoreSysAttributes):
             ATTR_HOST: str(self.sys_docker.network.dns),
             ATTR_SERVERS: self.sys_plugins.dns.servers,
             ATTR_LOCALS: self.sys_plugins.dns.locals,
+            ATTR_MDNS: self.sys_plugins.dns.mdns,
+            ATTR_LLMNR: self.sys_plugins.dns.llmnr,
+            ATTR_FALLBACK: self.sys_plugins.dns.fallback,
         }
 
     @api_process
     async def options(self, request: web.Request) -> None:
         """Set DNS options."""
         body = await api_validate(SCHEMA_OPTIONS, request)
+        restart_required = False
 
         if ATTR_SERVERS in body:
             self.sys_plugins.dns.servers = body[ATTR_SERVERS]
+            restart_required = True
+
+        if ATTR_FALLBACK in body:
+            self.sys_plugins.dns.fallback = body[ATTR_FALLBACK]
+            restart_required = True
+
+        if restart_required:
             self.sys_create_task(self.sys_plugins.dns.restart())
 
         self.sys_plugins.dns.save_data()

supervisor/api/docker.py

@@ -21,7 +21,7 @@ _LOGGER: logging.Logger = logging.getLogger(__name__)
 
 SCHEMA_DOCKER_REGISTRY = vol.Schema(
     {
-        vol.Coerce(str): {
+        str: {
             vol.Required(ATTR_USERNAME): str,
             vol.Required(ATTR_PASSWORD): str,
         }

supervisor/api/homeassistant.py

@@ -10,6 +10,7 @@ from ..const import (
     ATTR_ARCH,
     ATTR_AUDIO_INPUT,
     ATTR_AUDIO_OUTPUT,
+    ATTR_BACKUP,
     ATTR_BLK_READ,
     ATTR_BLK_WRITE,
     ATTR_BOOT,
@@ -43,18 +44,23 @@ _LOGGER: logging.Logger = logging.getLogger(__name__)
 SCHEMA_OPTIONS = vol.Schema(
     {
         vol.Optional(ATTR_BOOT): vol.Boolean(),
-        vol.Optional(ATTR_IMAGE): docker_image,
+        vol.Optional(ATTR_IMAGE): vol.Maybe(docker_image),
         vol.Optional(ATTR_PORT): network_port,
         vol.Optional(ATTR_SSL): vol.Boolean(),
         vol.Optional(ATTR_WATCHDOG): vol.Boolean(),
         vol.Optional(ATTR_WAIT_BOOT): vol.All(vol.Coerce(int), vol.Range(min=60)),
-        vol.Optional(ATTR_REFRESH_TOKEN): vol.Maybe(vol.Coerce(str)),
-        vol.Optional(ATTR_AUDIO_OUTPUT): vol.Maybe(vol.Coerce(str)),
-        vol.Optional(ATTR_AUDIO_INPUT): vol.Maybe(vol.Coerce(str)),
+        vol.Optional(ATTR_REFRESH_TOKEN): vol.Maybe(str),
+        vol.Optional(ATTR_AUDIO_OUTPUT): vol.Maybe(str),
+        vol.Optional(ATTR_AUDIO_INPUT): vol.Maybe(str),
     }
 )
 
-SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): version_tag})
+SCHEMA_UPDATE = vol.Schema(
+    {
+        vol.Optional(ATTR_VERSION): version_tag,
+        vol.Optional(ATTR_BACKUP): bool,
+    }
+)
 
 
 class APIHomeAssistant(CoreSysAttributes):
@@ -137,10 +143,14 @@ class APIHomeAssistant(CoreSysAttributes):
     @api_process
     async def update(self, request: web.Request) -> None:
         """Update Home Assistant."""
-        body = await api_validate(SCHEMA_VERSION, request)
-        version = body.get(ATTR_VERSION, self.sys_homeassistant.latest_version)
+        body = await api_validate(SCHEMA_UPDATE, request)
 
-        await asyncio.shield(self.sys_homeassistant.core.update(version))
+        await asyncio.shield(
+            self.sys_homeassistant.core.update(
+                version=body.get(ATTR_VERSION, self.sys_homeassistant.latest_version),
+                backup=body.get(ATTR_BACKUP),
+            )
+        )
 
     @api_process
     def stop(self, request: web.Request) -> Awaitable[None]:

supervisor/api/host.py

@@ -27,9 +27,13 @@ from ..const import (
 from ..coresys import CoreSysAttributes
 from .const import (
     ATTR_AGENT_VERSION,
+    ATTR_APPARMOR_VERSION,
     ATTR_BOOT_TIMESTAMP,
+    ATTR_BROADCAST_LLMNR,
+    ATTR_BROADCAST_MDNS,
     ATTR_DT_SYNCHRONIZED,
     ATTR_DT_UTC,
+    ATTR_LLMNR_HOSTNAME,
     ATTR_STARTUP_TIME,
     ATTR_USE_NTP,
     ATTR_USE_RTC,
@@ -38,7 +42,7 @@ from .utils import api_process, api_process_raw, api_validate
 
 SERVICE = "service"
 
-SCHEMA_OPTIONS = vol.Schema({vol.Optional(ATTR_HOSTNAME): vol.Coerce(str)})
+SCHEMA_OPTIONS = vol.Schema({vol.Optional(ATTR_HOSTNAME): str})
 
 
 class APIHost(CoreSysAttributes):
@@ -49,6 +53,7 @@ class APIHost(CoreSysAttributes):
         """Return host information."""
         return {
             ATTR_AGENT_VERSION: self.sys_dbus.agent.version,
+            ATTR_APPARMOR_VERSION: self.sys_host.apparmor.version,
             ATTR_CHASSIS: self.sys_host.info.chassis,
             ATTR_CPE: self.sys_host.info.cpe,
             ATTR_DEPLOYMENT: self.sys_host.info.deployment,
@@ -58,6 +63,7 @@ class APIHost(CoreSysAttributes):
             ATTR_DISK_LIFE_TIME: self.sys_host.info.disk_life_time,
             ATTR_FEATURES: self.sys_host.features,
             ATTR_HOSTNAME: self.sys_host.info.hostname,
+            ATTR_LLMNR_HOSTNAME: self.sys_host.info.llmnr_hostname,
             ATTR_KERNEL: self.sys_host.info.kernel,
             ATTR_OPERATING_SYSTEM: self.sys_host.info.operating_system,
             ATTR_TIMEZONE: self.sys_host.info.timezone,
@@ -67,6 +73,8 @@ class APIHost(CoreSysAttributes):
             ATTR_USE_RTC: self.sys_host.info.use_rtc,
             ATTR_STARTUP_TIME: self.sys_host.info.startup_time,
             ATTR_BOOT_TIMESTAMP: self.sys_host.info.boot_timestamp,
+            ATTR_BROADCAST_LLMNR: self.sys_host.info.broadcast_llmnr,
+            ATTR_BROADCAST_MDNS: self.sys_host.info.broadcast_mdns,
         }
 
     @api_process

supervisor/api/info.py

@@ -1,52 +0,0 @@
-"""Init file for Supervisor info RESTful API."""
-import logging
-from typing import Any
-
-from aiohttp import web
-
-from ..const import (
-    ATTR_ARCH,
-    ATTR_CHANNEL,
-    ATTR_DOCKER,
-    ATTR_FEATURES,
-    ATTR_HASSOS,
-    ATTR_HOMEASSISTANT,
-    ATTR_HOSTNAME,
-    ATTR_LOGGING,
-    ATTR_MACHINE,
-    ATTR_OPERATING_SYSTEM,
-    ATTR_STATE,
-    ATTR_SUPERVISOR,
-    ATTR_SUPPORTED,
-    ATTR_SUPPORTED_ARCH,
-    ATTR_TIMEZONE,
-)
-from ..coresys import CoreSysAttributes
-from .utils import api_process
-
-_LOGGER: logging.Logger = logging.getLogger(__name__)
-
-
-class APIInfo(CoreSysAttributes):
-    """Handle RESTful API for info functions."""
-
-    @api_process
-    async def info(self, request: web.Request) -> dict[str, Any]:
-        """Show system info."""
-        return {
-            ATTR_SUPERVISOR: self.sys_supervisor.version,
-            ATTR_HOMEASSISTANT: self.sys_homeassistant.version,
-            ATTR_HASSOS: self.sys_os.version,
-            ATTR_DOCKER: self.sys_docker.info.version,
-            ATTR_HOSTNAME: self.sys_host.info.hostname,
-            ATTR_OPERATING_SYSTEM: self.sys_host.info.operating_system,
-            ATTR_FEATURES: self.sys_host.features,
-            ATTR_MACHINE: self.sys_machine,
-            ATTR_ARCH: self.sys_arch.default,
-            ATTR_STATE: self.sys_core.state,
-            ATTR_SUPPORTED_ARCH: self.sys_arch.supported,
-            ATTR_SUPPORTED: self.sys_core.supported,
-            ATTR_CHANNEL: self.sys_updater.channel,
-            ATTR_LOGGING: self.sys_config.logging,
-            ATTR_TIMEZONE: self.sys_timezone,
-        }

supervisor/api/middleware/security.py

@@ -173,7 +173,7 @@ class SecurityMiddleware(CoreSysAttributes):
 
         # Observer
         if supervisor_token == self.sys_plugins.observer.supervisor_token:
-            if not OBSERVER_CHECK.match(request.url):
+            if not OBSERVER_CHECK.match(request.path):
                 _LOGGER.warning("%s invalid Observer access", request.path)
                 raise HTTPForbidden()
             _LOGGER.debug("%s access from Observer", request.path)

supervisor/api/os.py

@@ -17,7 +17,7 @@ from ..const import (
 )
 from ..coresys import CoreSysAttributes
 from ..validate import version_tag
-from .const import ATTR_DEVICE, ATTR_DISK_DATA
+from .const import ATTR_DATA_DISK, ATTR_DEVICE
 from .utils import api_process, api_validate
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
@@ -38,7 +38,7 @@ class APIOS(CoreSysAttributes):
             ATTR_UPDATE_AVAILABLE: self.sys_os.need_update,
             ATTR_BOARD: self.sys_os.board,
             ATTR_BOOT: self.sys_dbus.rauc.boot_slot,
-            ATTR_DISK_DATA: self.sys_os.datadisk.disk_used,
+            ATTR_DATA_DISK: self.sys_os.datadisk.disk_used,
         }
 
     @api_process

supervisor/api/panel/entrypoint.js

@@ -1,14 +1,14 @@
 
 function loadES5() {
   var el = document.createElement('script');
-  el.src = '/api/hassio/app/frontend_es5/entrypoint.fcfbe018.js';
+  el.src = '/api/hassio/app/frontend_es5/entrypoint.cdbafdd4.js';
   document.body.appendChild(el);
 }
 if (/.*Version\/(?:11|12)(?:\.\d+)*.*Safari\//.test(navigator.userAgent)) {
     loadES5();
 } else {
   try {
-    new Function("import('/api/hassio/app/frontend_latest/entrypoint.4a3f19b4.js')")();
+    new Function("import('/api/hassio/app/frontend_latest/entrypoint.7ea95584.js')")();
   } catch (err) {
     loadES5();
   }

supervisor/api/panel/frontend_es5/02e63dc5.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"02e63dc5.js","sources":["webpack://home-assistant-frontend/02e63dc5.js"],"mappings":"AAAA","sourceRoot":""}

supervisor/api/panel/frontend_es5/0ac2c6bb.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"0ac2c6bb.js","sources":["webpack://home-assistant-frontend/0ac2c6bb.js"],"mappings":"AAAA","sourceRoot":""}

supervisor/api/panel/frontend_es5/0bbd5196.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"0bbd5196.js","sources":["webpack://home-assistant-frontend/0bbd5196.js"],"mappings":";AAAA","sourceRoot":""}

supervisor/api/panel/frontend_es5/0d47fc56.js

@@ -0,0 +1 @@
+!function(){"use strict";var t,n,e={14971:function(t,n,e){var r,i,o=e(93217),u=e(69330),a=(e(58556),e(62173)),c=function(t,n,e){if("input"===t){if("type"===n&&"checkbox"===e||"checked"===n||"disabled"===n)return;return""}},f={renderMarkdown:function(t,n){var e,o=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{};return r||(r=Object.assign({},(0,a.getDefaultWhiteList)(),{input:["type","disabled","checked"],"ha-icon":["icon"],"ha-svg-icon":["path"],"ha-alert":["alert-type","title"]})),o.allowSvg?(i||(i=Object.assign({},r,{svg:["xmlns","height","width"],path:["transform","stroke","d"],img:["src"]})),e=i):e=r,(0,a.filterXSS)((0,u.TU)(t,n),{whiteList:e,onTagAttr:c})}};(0,o.Jj)(f)}},r={};function i(t){var n=r[t];if(void 0!==n)return n.exports;var o=r[t]={exports:{}};return e[t](o,o.exports,i),o.exports}i.m=e,i.x=function(){var t=i.O(void 0,[191,752],(function(){return i(14971)}));return t=i.O(t)},t=[],i.O=function(n,e,r,o){if(!e){var u=1/0;for(s=0;s<t.length;s++){e=t[s][0],r=t[s][1],o=t[s][2];for(var a=!0,c=0;c<e.length;c++)(!1&o||u>=o)&&Object.keys(i.O).every((function(t){return i.O[t](e[c])}))?e.splice(c--,1):(a=!1,o<u&&(u=o));if(a){t.splice(s--,1);var f=r();void 0!==f&&(n=f)}}return n}o=o||0;for(var s=t.length;s>0&&t[s-1][2]>o;s--)t[s]=t[s-1];t[s]=[e,r,o]},i.n=function(t){var n=t&&t.__esModule?function(){return t.default}:function(){return t};return i.d(n,{a:n}),n},i.d=function(t,n){for(var e in n)i.o(n,e)&&!i.o(t,e)&&Object.defineProperty(t,e,{enumerable:!0,get:n[e]})},i.f={},i.e=function(t){return Promise.all(Object.keys(i.f).reduce((function(n,e){return i.f[e](t,n),n}),[]))},i.u=function(t){return{191:"2dbdaab4",752:"829db8ac"}[t]+".js"},i.o=function(t,n){return Object.prototype.hasOwnProperty.call(t,n)},i.p="/api/hassio/app/frontend_es5/",function(){var t={971:1};i.f.i=function(n,e){t[n]||importScripts(i.p+i.u(n))};var n=self.webpackChunkhome_assistant_frontend=self.webpackChunkhome_assistant_frontend||[],e=n.push.bind(n);n.push=function(n){var r=n[0],o=n[1],u=n[2];for(var a in o)i.o(o,a)&&(i.m[a]=o[a]);for(u&&u(i);r.length;)t[r.pop()]=1;e(n)}}(),n=i.x,i.x=function(){return Promise.all([i.e(191),i.e(752)]).then(n)};i.x()}();

supervisor/api/panel/frontend_es5/0fc60622.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"0fc60622.js","sources":["webpack://home-assistant-frontend/0fc60622.js"],"mappings":"AAAA","sourceRoot":""}

supervisor/api/panel/frontend_es5/13306aae.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"13306aae.js","sources":["webpack://home-assistant-frontend/13306aae.js"],"mappings":"AAAA","sourceRoot":""}

supervisor/api/panel/frontend_es5/242f17d6.js.LICENSE.txt

@@ -0,0 +1,73 @@
+/**
+ * @license
+ * Copyright (c) 2015 - 2022 Vaadin Ltd.
+ * This program is available under Apache License Version 2.0, available at https://vaadin.com/license/
+ */
+
+/**
+ * @license
+ * Copyright (c) 2017 - 2022 Vaadin Ltd.
+ * This program is available under Apache License Version 2.0, available at https://vaadin.com/license/
+ */
+
+/**
+ * @license
+ * Copyright (c) 2017 The Polymer Project Authors. All rights reserved.
+ * This code may only be used under the BSD style license found at http://polymer.github.io/LICENSE.txt
+ * The complete set of authors may be found at http://polymer.github.io/AUTHORS.txt
+ * The complete set of contributors may be found at http://polymer.github.io/CONTRIBUTORS.txt
+ * Code distributed by Google as part of the polymer project is also
+ * subject to an additional IP rights grant found at http://polymer.github.io/PATENTS.txt
+ */
+
+/**
+ * @license
+ * Copyright (c) 2021 - 2022 Vaadin Ltd.
+ * This program is available under Apache License Version 2.0, available at https://vaadin.com/license/
+ */
+
+/**
+ * @license
+ * Copyright (c) 2021 Vaadin Ltd.
+ * This program is available under Apache License Version 2.0, available at https://vaadin.com/license/
+ */
+
+/**
+ * @license
+ * Copyright 2017 Google LLC
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/**
+ * @license
+ * Copyright 2018 Google LLC
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/**
+ * @license
+ * Copyright 2019 Google LLC
+ * SPDX-License-Identifier: Apache-2.0
+ */
+
+/**
+ * @license
+ * Copyright 2021 Google LLC
+ * SPDX-LIcense-Identifier: Apache-2.0
+ */
+
+/**
+ * @license
+ * Copyright 2021 Google LLC
+ * SPDX-License-Identifier: BSD-3-Clause
+ */
+
+/**
+@license
+Copyright (c) 2017 The Polymer Project Authors. All rights reserved.
+This code may only be used under the BSD style license found at http://polymer.github.io/LICENSE.txt
+The complete set of authors may be found at http://polymer.github.io/AUTHORS.txt
+The complete set of contributors may be found at http://polymer.github.io/CONTRIBUTORS.txt
+Code distributed by Google as part of the polymer project is also
+subject to an additional IP rights grant found at http://polymer.github.io/PATENTS.txt
+*/

supervisor/api/panel/frontend_es5/2e26f89b.js

@@ -0,0 +1 @@
+!function(){"use strict";var r,t,n={77792:function(r,t,n){var e=n(93217),o=(n(58556),n(80339)),u=n.n(o);function i(r){return function(r){if(Array.isArray(r))return a(r)}(r)||function(r){if("undefined"!=typeof Symbol&&null!=r[Symbol.iterator]||null!=r["@@iterator"])return Array.from(r)}(r)||function(r,t){if(!r)return;if("string"==typeof r)return a(r,t);var n=Object.prototype.toString.call(r).slice(8,-1);"Object"===n&&r.constructor&&(n=r.constructor.name);if("Map"===n||"Set"===n)return Array.from(r);if("Arguments"===n||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n))return a(r,t)}(r)||function(){throw new TypeError("Invalid attempt to spread non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}function a(r,t){(null==t||t>r.length)&&(t=r.length);for(var n=0,e=new Array(t);n<t;n++)e[n]=r[n];return e}function f(r){var t=(r||"").match(/("[^"]+"|[^"\s]+)/g);return t?function(r){return t.map((function(t){var n=u().go(t,r,{allowTypo:!0});return n.length>0?Math.max.apply(Math,i(n.map((function(r){return r.score})))):Number.NEGATIVE_INFINITY})).reduce((function(r,t){return r+t}),0)}:function(){return 0}}function l(r,t){return function(r){if(Array.isArray(r))return r}(r)||function(r,t){var n=null==r?null:"undefined"!=typeof Symbol&&r[Symbol.iterator]||r["@@iterator"];if(null==n)return;var e,o,u=[],i=!0,a=!1;try{for(n=n.call(r);!(i=(e=n.next()).done)&&(u.push(e.value),!t||u.length!==t);i=!0);}catch(f){a=!0,o=f}finally{try{i||null==n.return||n.return()}finally{if(a)throw o}}return u}(r,t)||function(r,t){if(!r)return;if("string"==typeof r)return c(r,t);var n=Object.prototype.toString.call(r).slice(8,-1);"Object"===n&&r.constructor&&(n=r.constructor.name);if("Map"===n||"Set"===n)return Array.from(r);if("Arguments"===n||/^(?:Ui|I)nt(?:8|16|32)(?:Clamped)?Array$/.test(n))return c(r,t)}(r,t)||function(){throw new TypeError("Invalid attempt to destructure non-iterable instance.\nIn order to be iterable, non-array objects must have a [Symbol.iterator]() method.")}()}function c(r,t){(null==t||t>r.length)&&(t=r.length);for(var n=0,e=new Array(t);n<t;n++)e[n]=r[n];return e}var s={filterData:function(r,t,n){var e,o=(e=f(n),function(r){return e([r])!==Number.NEGATIVE_INFINITY});return r.filter((function(r){return Object.entries(t).some((function(t){var n=l(t,2),e=n[0],u=n[1];return!(!u.filterable||!o(String(u.filterKey?r[u.valueColumn||e][u.filterKey]:r[u.valueColumn||e])))}))}))},sortData:function(r,t,n,e){return r.sort((function(r,o){var u=1;"desc"===n&&(u=-1);var i=t.filterKey?r[t.valueColumn||e][t.filterKey]:r[t.valueColumn||e],a=t.filterKey?o[t.valueColumn||e][t.filterKey]:o[t.valueColumn||e];return"string"==typeof i&&(i=i.toUpperCase()),"string"==typeof a&&(a=a.toUpperCase()),void 0===i&&void 0!==a?1:void 0===a&&void 0!==i?-1:i<a?-1*u:i>a?1*u:0}))}};(0,e.Jj)(s)}},e={};function o(r){var t=e[r];if(void 0!==t)return t.exports;var u=e[r]={exports:{}};return n[r].call(u.exports,u,u.exports,o),u.exports}o.m=n,o.x=function(){var r=o.O(void 0,[339,191],(function(){return o(77792)}));return r=o.O(r)},r=[],o.O=function(t,n,e,u){if(!n){var i=1/0;for(c=0;c<r.length;c++){n=r[c][0],e=r[c][1],u=r[c][2];for(var a=!0,f=0;f<n.length;f++)(!1&u||i>=u)&&Object.keys(o.O).every((function(r){return o.O[r](n[f])}))?n.splice(f--,1):(a=!1,u<i&&(i=u));if(a){r.splice(c--,1);var l=e();void 0!==l&&(t=l)}}return t}u=u||0;for(var c=r.length;c>0&&r[c-1][2]>u;c--)r[c]=r[c-1];r[c]=[n,e,u]},o.n=function(r){var t=r&&r.__esModule?function(){return r.default}:function(){return r};return o.d(t,{a:t}),t},o.d=function(r,t){for(var n in t)o.o(t,n)&&!o.o(r,n)&&Object.defineProperty(r,n,{enumerable:!0,get:t[n]})},o.f={},o.e=function(r){return Promise.all(Object.keys(o.f).reduce((function(t,n){return o.f[n](r,t),t}),[]))},o.u=function(r){return{191:"2dbdaab4",339:"128021f1"}[r]+".js"},o.o=function(r,t){return Object.prototype.hasOwnProperty.call(r,t)},o.p="/api/hassio/app/frontend_es5/",function(){var r={13:1,792:1};o.f.i=function(t,n){r[t]||importScripts(o.p+o.u(t))};var t=self.webpackChunkhome_assistant_frontend=self.webpackChunkhome_assistant_frontend||[],n=t.push.bind(t);t.push=function(t){var e=t[0],u=t[1],i=t[2];for(var a in u)o.o(u,a)&&(o.m[a]=u[a]);for(i&&i(o);e.length;)r[e.pop()]=1;n(t)}}(),t=o.x,o.x=function(){return Promise.all([o.e(339),o.e(191)]).then(t)};o.x()}();

supervisor/api/panel/frontend_es5/2f1a948c.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"2f1a948c.js","sources":["webpack://home-assistant-frontend/2f1a948c.js"],"mappings":"AAAA","sourceRoot":""}

supervisor/api/panel/frontend_es5/337a39f0.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"337a39f0.js","sources":["webpack://home-assistant-frontend/337a39f0.js"],"mappings":"AAAA","sourceRoot":""}