Fix asyncio.wait in supervisor.reload (#4333)

* Fix asyncio.wait in supervisor.reload

* Unwrap to prevent throttling across tests

.devcontainer/devcontainer.json

@@ -1,6 +1,9 @@
 {
   "name": "Supervisor dev",
   "image": "ghcr.io/home-assistant/devcontainer:supervisor",
+  "containerEnv": {
+    "WORKSPACE_DIRECTORY": "${containerWorkspaceFolder}"
+  },
   "appPort": ["9123:8123", "7357:4357"],
   "postCreateCommand": "bash devcontainer_bootstrap",
   "runArgs": ["-e", "GIT_EDITOR=code --wait", "--privileged"],

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -20,22 +20,14 @@ body:
     attributes:
       value: |
         ## Environment
-  - type: input
-    validations:
-      required: true
-    attributes:
-      label: What is the used version of the Supervisor?
-      placeholder: supervisor-
-      description: >
-        Can be found in the Supervisor panel -> System tab. Starts with
-        `supervisor-....`.
   - type: dropdown
     validations:
       required: true
     attributes:
       label: What type of installation are you running?
       description: >
-        If you don't know, you can find it in: Configuration panel -> Info.
+        If you don't know, can be found in [Settings -> System -> Repairs -> System Information](https://my.home-assistant.io/redirect/system_health/).
+        It is listed as the `Installation Type` value.
       options:
         - Home Assistant OS
         - Home Assistant Supervised
@@ -48,22 +40,6 @@ body:
         - Home Assistant Operating System
         - Debian
         - Other (e.g., Raspbian/Raspberry Pi OS/Fedora)
-  - type: input
-    validations:
-      required: true
-    attributes:
-      label: What is the version of your installed operating system?
-      placeholder: "5.11"
-      description: Can be found in the Supervisor panel -> System tab.
-  - type: input
-    validations:
-      required: true
-    attributes:
-      label: What version of Home Assistant Core is installed?
-      placeholder: core-
-      description: >
-        Can be found in the Supervisor panel -> System tab. Starts with
-        `core-....`.
   - type: markdown
     attributes:
       value: |
@@ -87,8 +63,30 @@ body:
     attributes:
       label: Anything in the Supervisor logs that might be useful for us?
       description: >
-        The Supervisor logs can be found in the Supervisor panel -> System tab.
+        Supervisor Logs can be found in [Settings -> System -> Logs](https://my.home-assistant.io/redirect/logs/)
+        then choose `Supervisor` in the top right.
+
+        [![Open your Home Assistant instance and show your Supervisor system logs.](https://my.home-assistant.io/badges/supervisor_logs.svg)](https://my.home-assistant.io/redirect/supervisor_logs/)
       render: txt
+  - type: textarea
+    validations:
+      required: true
+    attributes:
+      label: System Health information
+      description: >
+        System Health information can be found in the top right menu in [Settings -> System -> Repairs](https://my.home-assistant.io/redirect/repairs/).
+        Click the copy button at the bottom of the pop-up and paste it here.
+        
+        [![Open your Home Assistant instance and show health information about your system.](https://my.home-assistant.io/badges/system_health.svg)](https://my.home-assistant.io/redirect/system_health/)
+  - type: textarea
+    attributes:
+      label: Supervisor diagnostics
+      placeholder: "drag-and-drop the diagnostics data file here (do not copy-and-paste the content)"
+      description: >-
+        Supervisor diagnostics can be found in [Settings -> Integrations](https://my.home-assistant.io/redirect/integrations/).
+        Find the card that says `Home Assistant Supervisor`, open its menu and select 'Download diagnostics'.
+        
+        **Please drag-and-drop the downloaded file into the textbox below. Do not copy and paste its contents.**
   - type: textarea
     attributes:
       label: Additional information

.github/workflows/builder.yml

@@ -33,10 +33,14 @@ on:
       - setup.py
 
 env:
-  DEFAULT_PYTHON: "3.10"
+  DEFAULT_PYTHON: "3.11"
   BUILD_NAME: supervisor
   BUILD_TYPE: supervisor
 
+concurrency:
+  group: "${{ github.workflow }}-${{ github.ref }}"
+  cancel-in-progress: true
+
 jobs:
   init:
     name: Initialize build
@@ -49,7 +53,7 @@ jobs:
       requirements: ${{ steps.requirements.outputs.changed }}
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v3.0.2
+        uses: actions/checkout@v3.5.2
         with:
           fetch-depth: 0
 
@@ -84,7 +88,7 @@ jobs:
         arch: ${{ fromJson(needs.init.outputs.architectures) }}
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v3.0.2
+        uses: actions/checkout@v3.5.2
         with:
           fetch-depth: 0
 
@@ -98,9 +102,9 @@ jobs:
 
       - name: Build wheels
         if: needs.init.outputs.requirements == 'true'
-        uses: home-assistant/wheels@2022.06.7
+        uses: home-assistant/wheels@2023.04.0
         with:
-          abi: cp310
+          abi: cp311
           tag: musllinux_1_2
           arch: ${{ matrix.arch }}
           wheels-key: ${{ secrets.WHEELS_KEY }}
@@ -117,14 +121,14 @@ jobs:
 
       - name: Login to DockerHub
         if: needs.init.outputs.publish == 'true'
-        uses: docker/login-action@v2.0.0
+        uses: docker/login-action@v2.1.0
         with:
           username: ${{ secrets.DOCKERHUB_USERNAME }}
           password: ${{ secrets.DOCKERHUB_TOKEN }}
 
       - name: Login to GitHub Container Registry
         if: needs.init.outputs.publish == 'true'
-        uses: docker/login-action@v2.0.0
+        uses: docker/login-action@v2.1.0
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
@@ -135,7 +139,7 @@ jobs:
         run: echo "BUILD_ARGS=--test" >> $GITHUB_ENV
 
       - name: Build supervisor
-        uses: home-assistant/builder@2022.09.0
+        uses: home-assistant/builder@2023.03.0
         with:
           args: |
             $BUILD_ARGS \
@@ -152,13 +156,13 @@ jobs:
     steps:
       - name: Checkout the repository
         if: needs.init.outputs.publish == 'true'
-        uses: actions/checkout@v3.0.2
+        uses: actions/checkout@v3.5.2
         with:
           fetch-depth: 0
 
       - name: Set up Python ${{ env.DEFAULT_PYTHON }}
         if: needs.init.outputs.publish == 'true'
-        uses: actions/setup-python@v4.2.0
+        uses: actions/setup-python@v4.6.1
         with:
           python-version: ${{ env.DEFAULT_PYTHON }}
 
@@ -191,7 +195,7 @@ jobs:
     steps:
       - name: Checkout the repository
         if: needs.init.outputs.publish == 'true'
-        uses: actions/checkout@v3.0.2
+        uses: actions/checkout@v3.5.2
 
       - name: Initialize git
         if: needs.init.outputs.publish == 'true'
@@ -216,11 +220,11 @@ jobs:
     timeout-minutes: 60
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v3.0.2
+        uses: actions/checkout@v3.5.2
 
       - name: Build the Supervisor
         if: needs.init.outputs.publish != 'true'
-        uses: home-assistant/builder@2022.09.0
+        uses: home-assistant/builder@2023.03.0
         with:
           args: |
             --test \

.github/workflows/ci.yaml

@@ -8,10 +8,14 @@ on:
   pull_request: ~
 
 env:
-  DEFAULT_PYTHON: "3.10"
+  DEFAULT_PYTHON: "3.11"
   PRE_COMMIT_HOME: ~/.cache/pre-commit
   DEFAULT_CAS: v1.0.2
 
+concurrency:
+  group: "${{ github.workflow }}-${{ github.ref }}"
+  cancel-in-progress: true
+
 jobs:
   # Separate job to pre-populate the base dependency cache
   # This prevent upcoming jobs to do the same individually
@@ -22,15 +26,15 @@ jobs:
     name: Prepare Python dependencies
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v3.0.2
+        uses: actions/checkout@v3.5.2
       - name: Set up Python
         id: python
-        uses: actions/setup-python@v4.2.0
+        uses: actions/setup-python@v4.6.1
         with:
           python-version: ${{ env.DEFAULT_PYTHON }}
       - name: Restore Python virtual environment
         id: cache-venv
-        uses: actions/cache@v3.0.10
+        uses: actions/cache@v3.3.1
         with:
           path: venv
           key: |
@@ -44,7 +48,7 @@ jobs:
           pip install -r requirements.txt -r requirements_tests.txt
       - name: Restore pre-commit environment from cache
         id: cache-precommit
-        uses: actions/cache@v3.0.10
+        uses: actions/cache@v3.3.1
         with:
           path: ${{ env.PRE_COMMIT_HOME }}
           key: |
@@ -63,15 +67,15 @@ jobs:
     needs: prepare
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v3.0.2
+        uses: actions/checkout@v3.5.2
       - name: Set up Python ${{ needs.prepare.outputs.python-version }}
-        uses: actions/setup-python@v4.2.0
+        uses: actions/setup-python@v4.6.1
         id: python
         with:
           python-version: ${{ needs.prepare.outputs.python-version }}
       - name: Restore Python virtual environment
         id: cache-venv
-        uses: actions/cache@v3.0.10
+        uses: actions/cache@v3.3.1
         with:
           path: venv
           key: |
@@ -92,7 +96,7 @@ jobs:
     needs: prepare
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v3.0.2
+        uses: actions/checkout@v3.5.2
       - name: Register hadolint problem matcher
         run: |
           echo "::add-matcher::.github/workflows/matchers/hadolint.json"
@@ -107,15 +111,15 @@ jobs:
     needs: prepare
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v3.0.2
+        uses: actions/checkout@v3.5.2
       - name: Set up Python ${{ needs.prepare.outputs.python-version }}
-        uses: actions/setup-python@v4.2.0
+        uses: actions/setup-python@v4.6.1
         id: python
         with:
           python-version: ${{ needs.prepare.outputs.python-version }}
       - name: Restore Python virtual environment
         id: cache-venv
-        uses: actions/cache@v3.0.10
+        uses: actions/cache@v3.3.1
         with:
           path: venv
           key: |
@@ -127,7 +131,7 @@ jobs:
           exit 1
       - name: Restore pre-commit environment from cache
         id: cache-precommit
-        uses: actions/cache@v3.0.10
+        uses: actions/cache@v3.3.1
         with:
           path: ${{ env.PRE_COMMIT_HOME }}
           key: |
@@ -151,15 +155,15 @@ jobs:
     needs: prepare
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v3.0.2
+        uses: actions/checkout@v3.5.2
       - name: Set up Python ${{ needs.prepare.outputs.python-version }}
-        uses: actions/setup-python@v4.2.0
+        uses: actions/setup-python@v4.6.1
         id: python
         with:
           python-version: ${{ needs.prepare.outputs.python-version }}
       - name: Restore Python virtual environment
         id: cache-venv
-        uses: actions/cache@v3.0.10
+        uses: actions/cache@v3.3.1
         with:
           path: venv
           key: |
@@ -183,15 +187,15 @@ jobs:
     needs: prepare
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v3.0.2
+        uses: actions/checkout@v3.5.2
       - name: Set up Python ${{ needs.prepare.outputs.python-version }}
-        uses: actions/setup-python@v4.2.0
+        uses: actions/setup-python@v4.6.1
         id: python
         with:
           python-version: ${{ needs.prepare.outputs.python-version }}
       - name: Restore Python virtual environment
         id: cache-venv
-        uses: actions/cache@v3.0.10
+        uses: actions/cache@v3.3.1
         with:
           path: venv
           key: |
@@ -203,7 +207,7 @@ jobs:
           exit 1
       - name: Restore pre-commit environment from cache
         id: cache-precommit
-        uses: actions/cache@v3.0.10
+        uses: actions/cache@v3.3.1
         with:
           path: ${{ env.PRE_COMMIT_HOME }}
           key: |
@@ -224,15 +228,15 @@ jobs:
     needs: prepare
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v3.0.2
+        uses: actions/checkout@v3.5.2
       - name: Set up Python ${{ needs.prepare.outputs.python-version }}
-        uses: actions/setup-python@v4.2.0
+        uses: actions/setup-python@v4.6.1
         id: python
         with:
           python-version: ${{ needs.prepare.outputs.python-version }}
       - name: Restore Python virtual environment
         id: cache-venv
-        uses: actions/cache@v3.0.10
+        uses: actions/cache@v3.3.1
         with:
           path: venv
           key: |
@@ -244,7 +248,7 @@ jobs:
           exit 1
       - name: Restore pre-commit environment from cache
         id: cache-precommit
-        uses: actions/cache@v3.0.10
+        uses: actions/cache@v3.3.1
         with:
           path: ${{ env.PRE_COMMIT_HOME }}
           key: |
@@ -268,15 +272,15 @@ jobs:
     needs: prepare
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v3.0.2
+        uses: actions/checkout@v3.5.2
       - name: Set up Python ${{ needs.prepare.outputs.python-version }}
-        uses: actions/setup-python@v4.2.0
+        uses: actions/setup-python@v4.6.1
         id: python
         with:
           python-version: ${{ needs.prepare.outputs.python-version }}
       - name: Restore Python virtual environment
         id: cache-venv
-        uses: actions/cache@v3.0.10
+        uses: actions/cache@v3.3.1
         with:
           path: venv
           key: |
@@ -300,15 +304,15 @@ jobs:
     needs: prepare
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v3.0.2
+        uses: actions/checkout@v3.5.2
       - name: Set up Python ${{ needs.prepare.outputs.python-version }}
-        uses: actions/setup-python@v4.2.0
+        uses: actions/setup-python@v4.6.1
         id: python
         with:
           python-version: ${{ needs.prepare.outputs.python-version }}
       - name: Restore Python virtual environment
         id: cache-venv
-        uses: actions/cache@v3.0.10
+        uses: actions/cache@v3.3.1
         with:
           path: venv
           key: |
@@ -320,7 +324,7 @@ jobs:
           exit 1
       - name: Restore pre-commit environment from cache
         id: cache-precommit
-        uses: actions/cache@v3.0.10
+        uses: actions/cache@v3.3.1
         with:
           path: ${{ env.PRE_COMMIT_HOME }}
           key: |
@@ -341,9 +345,9 @@ jobs:
     name: Run tests Python ${{ needs.prepare.outputs.python-version }}
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v3.0.2
+        uses: actions/checkout@v3.5.2
       - name: Set up Python ${{ needs.prepare.outputs.python-version }}
-        uses: actions/setup-python@v4.2.0
+        uses: actions/setup-python@v4.6.1
         id: python
         with:
           python-version: ${{ needs.prepare.outputs.python-version }}
@@ -353,7 +357,7 @@ jobs:
           version: ${{ env.DEFAULT_CAS }}
       - name: Restore Python virtual environment
         id: cache-venv
-        uses: actions/cache@v3.0.10
+        uses: actions/cache@v3.3.1
         with:
           path: venv
           key: |
@@ -366,7 +370,7 @@ jobs:
       - name: Install additional system dependencies
         run: |
           sudo apt-get update
-          sudo apt-get install -y --no-install-recommends libpulse0 libudev1
+          sudo apt-get install -y --no-install-recommends libpulse0 libudev1 dbus dbus-x11
       - name: Register Python problem matcher
         run: |
           echo "::add-matcher::.github/workflows/matchers/python.json"
@@ -388,7 +392,7 @@ jobs:
             -o console_output_style=count \
             tests
       - name: Upload coverage artifact
-        uses: actions/upload-artifact@v3.1.0
+        uses: actions/upload-artifact@v3.1.2
         with:
           name: coverage-${{ matrix.python-version }}
           path: .coverage
@@ -399,15 +403,15 @@ jobs:
     needs: ["pytest", "prepare"]
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v3.0.2
+        uses: actions/checkout@v3.5.2
       - name: Set up Python ${{ needs.prepare.outputs.python-version }}
-        uses: actions/setup-python@v4.2.0
+        uses: actions/setup-python@v4.6.1
         id: python
         with:
           python-version: ${{ needs.prepare.outputs.python-version }}
       - name: Restore Python virtual environment
         id: cache-venv
-        uses: actions/cache@v3.0.10
+        uses: actions/cache@v3.3.1
         with:
           path: venv
           key: |
@@ -426,4 +430,4 @@ jobs:
           coverage report
           coverage xml
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v3.1.1
+        uses: codecov/codecov-action@v3.1.4

.github/workflows/lock.yml

@@ -9,7 +9,7 @@ jobs:
   lock:
     runs-on: ubuntu-latest
     steps:
-      - uses: dessant/lock-threads@v3.0.0
+      - uses: dessant/lock-threads@v4.0.0
         with:
           github-token: ${{ github.token }}
           issue-inactive-days: "30"

.github/workflows/release-drafter.yml

@@ -11,7 +11,7 @@ jobs:
     name: Release Drafter
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v3.0.2
+        uses: actions/checkout@v3.5.2
         with:
           fetch-depth: 0
 
@@ -36,7 +36,7 @@ jobs:
           echo "::set-output name=version::$datepre.$newpost"
 
       - name: Run Release Drafter
-        uses: release-drafter/release-drafter@v5.21.0
+        uses: release-drafter/release-drafter@v5.23.0
         with:
           tag: ${{ steps.version.outputs.version }}
           name: ${{ steps.version.outputs.version }}

.github/workflows/sentry.yaml

@@ -10,9 +10,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v3.0.2
+        uses: actions/checkout@v3.5.2
       - name: Sentry Release
-        uses: getsentry/action-release@v1.2.0
+        uses: getsentry/action-release@v1.4.1
         env:
           SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
           SENTRY_ORG: ${{ secrets.SENTRY_ORG }}

.github/workflows/stale.yml

@@ -9,7 +9,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v6.0.0
+      - uses: actions/stale@v8.0.0
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           days-before-stale: 30

.pre-commit-config.yaml

@@ -1,6 +1,6 @@
 repos:
   - repo: https://github.com/psf/black
-    rev: 22.6.0
+    rev: 23.1.0
     hooks:
       - id: black
         args:
@@ -9,26 +9,26 @@ repos:
           - --target-version
           - py310
         files: ^((supervisor|tests)/.+)?[^/]+\.py$
-  - repo: https://gitlab.com/pycqa/flake8
-    rev: 3.8.3
+  - repo: https://github.com/PyCQA/flake8
+    rev: 6.0.0
     hooks:
       - id: flake8
         additional_dependencies:
-          - flake8-docstrings==1.5.0
-          - pydocstyle==5.0.2
+          - flake8-docstrings==1.7.0
+          - pydocstyle==6.3.0
         files: ^(supervisor|script|tests)/.+\.py$
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v3.1.0
+    rev: v4.3.0
     hooks:
       - id: check-executables-have-shebangs
         stages: [manual]
       - id: check-json
   - repo: https://github.com/PyCQA/isort
-    rev: 5.9.3
+    rev: 5.12.0
     hooks:
       - id: isort
   - repo: https://github.com/asottile/pyupgrade
-    rev: v2.32.1
+    rev: v3.4.0
     hooks:
       - id: pyupgrade
         args: [--py310-plus]

.vscode/launch.json

@@ -13,6 +13,13 @@
           "remoteRoot": "/usr/src/supervisor"
         }
       ]
+    },
+    {
+      "name": "Debug Tests",
+      "type": "python",
+      "request": "test",
+      "console": "internalConsole",
+      "justMyCode": false
     }
   ]
 }

build.yaml

@@ -1,11 +1,11 @@
 image: homeassistant/{arch}-hassio-supervisor
 shadow_repository: ghcr.io/home-assistant
 build_from:
-  aarch64: ghcr.io/home-assistant/aarch64-base-python:3.10-alpine3.16
-  armhf: ghcr.io/home-assistant/armhf-base-python:3.10-alpine3.16
-  armv7: ghcr.io/home-assistant/armv7-base-python:3.10-alpine3.16
-  amd64: ghcr.io/home-assistant/amd64-base-python:3.10-alpine3.16
-  i386: ghcr.io/home-assistant/i386-base-python:3.10-alpine3.16
+  aarch64: ghcr.io/home-assistant/aarch64-base-python:3.11-alpine3.16
+  armhf: ghcr.io/home-assistant/armhf-base-python:3.11-alpine3.16
+  armv7: ghcr.io/home-assistant/armv7-base-python:3.11-alpine3.16
+  amd64: ghcr.io/home-assistant/amd64-base-python:3.11-alpine3.16
+  i386: ghcr.io/home-assistant/i386-base-python:3.11-alpine3.16
 codenotary:
   signer: notary@home-assistant.io
   base_image: notary@home-assistant.io

pylintrc

@@ -38,7 +38,7 @@ disable=
   consider-using-with
 
 [EXCEPTIONS]
-overgeneral-exceptions=Exception
+overgeneral-exceptions=builtins.Exception
 
 
 [TYPECHECK]

requirements.txt

@@ -1,25 +1,26 @@
 aiodns==3.0.0
-aiohttp==3.8.3
+aiohttp==3.8.4
 async_timeout==4.0.2
 atomicwrites-homeassistant==1.4.1
-attrs==22.1.0
-awesomeversion==22.9.0
+attrs==23.1.0
+awesomeversion==23.5.0
 brotli==1.0.9
-cchardet==2.1.7
-ciso8601==2.2.0
+ciso8601==2.3.0
 colorlog==6.7.0
 cpe==1.2.1
-cryptography==38.0.1
-debugpy==1.6.3
-deepmerge==1.0.1
+cryptography==41.0.0
+debugpy==1.6.7
+deepmerge==1.1.0
 dirhash==0.2.1
-docker==6.0.0
-gitpython==3.1.27
+docker==6.1.2
+faust-cchardet==2.1.18
+gitpython==3.1.31
 jinja2==3.1.2
-pulsectl==22.3.2
-pyudev==0.24.0
+pulsectl==23.5.2
+pyudev==0.24.1
 ruamel.yaml==0.17.21
-securetar==2022.2.0
-sentry-sdk==1.9.10
+securetar==2023.3.0
+sentry-sdk==1.24.0
 voluptuous==0.13.1
-dbus-fast==1.24.0
+dbus-fast==1.86.0
+typing_extensions==4.6.2

requirements_tests.txt

@@ -1,15 +1,16 @@
-black==22.8.0
-codecov==2.1.12
-coverage==6.5.0
-flake8-docstrings==1.6.0
-flake8==5.0.4
-pre-commit==2.20.0
-pydocstyle==6.1.1
-pylint==2.15.3
+black==23.3.0
+coverage==7.2.7
+flake8-docstrings==1.7.0
+flake8==6.0.0
+pre-commit==3.3.2
+pydocstyle==6.3.0
+pylint==2.17.4
 pytest-aiohttp==1.0.4
 pytest-asyncio==0.18.3
-pytest-cov==4.0.0
+pytest-cov==4.1.0
 pytest-timeout==2.1.0
-pytest==7.1.3
-pyupgrade==3.0.0
-time-machine==2.8.2
+pytest==7.3.1
+pyupgrade==3.4.0
+time-machine==2.9.0
+typing_extensions==4.6.2
+urllib3==1.26.15

setup.cfg

@@ -27,3 +27,5 @@ ignore =
     E203,
     D202,
     W504
+per-file-ignores =
+    tests/dbus_service_mocks/*.py: F821,F722

supervisor/addons/__init__.py

@@ -23,6 +23,7 @@ from ..jobs.decorator import Job, JobCondition
 from ..resolution.const import ContextType, IssueType, SuggestionType
 from ..store.addon import AddonStore
 from ..utils import check_exception_chain
+from ..utils.sentry import capture_exception
 from .addon import Addon
 from .const import ADDON_UPDATE_CONDITIONS
 from .data import AddonsData
@@ -78,7 +79,7 @@ class AddonManager(CoreSysAttributes):
         tasks = []
         for slug in self.data.system:
             addon = self.local[slug] = Addon(self.coresys, slug)
-            tasks.append(addon.load())
+            tasks.append(self.sys_create_task(addon.load()))
 
         # Run initial tasks
         _LOGGER.info("Found %d installed add-ons", len(tasks))
@@ -114,7 +115,7 @@ class AddonManager(CoreSysAttributes):
                     addon.boot = AddonBoot.MANUAL
                     addon.save_persist()
             except Exception as err:  # pylint: disable=broad-except
-                self.sys_capture_exception(err)
+                capture_exception(err)
             else:
                 continue
 
@@ -142,7 +143,7 @@ class AddonManager(CoreSysAttributes):
                 await addon.stop()
             except Exception as err:  # pylint: disable=broad-except
                 _LOGGER.warning("Can't stop Add-on %s: %s", addon.slug, err)
-                self.sys_capture_exception(err)
+                capture_exception(err)
 
     @Job(
         conditions=ADDON_UPDATE_CONDITIONS,
@@ -157,10 +158,7 @@ class AddonManager(CoreSysAttributes):
         if not store:
             raise AddonsError(f"Add-on {slug} does not exist", _LOGGER.error)
 
-        if not store.available:
-            raise AddonsNotSupportedError(
-                f"Add-on {slug} not supported on this platform", _LOGGER.error
-            )
+        store.validate_availability()
 
         self.data.install(store)
         addon = Addon(self.coresys, slug)
@@ -180,8 +178,8 @@ class AddonManager(CoreSysAttributes):
         except DockerError as err:
             self.data.uninstall(addon)
             raise AddonsError() from err
-        else:
-            self.local[slug] = addon
+
+        self.local[slug] = addon
 
         # Reload ingress tokens
         if addon.with_ingress:
@@ -200,8 +198,8 @@ class AddonManager(CoreSysAttributes):
             await addon.instance.remove()
         except DockerError as err:
             raise AddonsError() from err
-        else:
-            addon.state = AddonState.UNKNOWN
+
+        addon.state = AddonState.UNKNOWN
 
         await addon.unload()
 
@@ -262,10 +260,7 @@ class AddonManager(CoreSysAttributes):
             raise AddonsError(f"No update available for add-on {slug}", _LOGGER.warning)
 
         # Check if available, Maybe something have changed
-        if not store.available:
-            raise AddonsNotSupportedError(
-                f"Add-on {slug} not supported on that platform", _LOGGER.error
-            )
+        store.validate_availability()
 
         if backup:
             await self.sys_backups.do_backup_partial(
@@ -333,9 +328,9 @@ class AddonManager(CoreSysAttributes):
             await addon.instance.install(addon.version)
         except DockerError as err:
             raise AddonsError() from err
-        else:
-            self.data.update(store)
-            _LOGGER.info("Add-on '%s' successfully rebuilt", slug)
+
+        self.data.update(store)
+        _LOGGER.info("Add-on '%s' successfully rebuilt", slug)
 
         # restore state
         if last_state == AddonState.STARTED:
@@ -421,7 +416,7 @@ class AddonManager(CoreSysAttributes):
                     reference=addon.slug,
                     suggestions=[SuggestionType.EXECUTE_REPAIR],
                 )
-                self.sys_capture_exception(err)
+                capture_exception(err)
             else:
                 self.sys_plugins.dns.add_host(
                     ipv4=addon.ip_address, names=[addon.hostname], write=False

supervisor/addons/addon.py

@@ -1,5 +1,6 @@
 """Init file for Supervisor add-ons."""
 import asyncio
+from collections.abc import Awaitable
 from contextlib import suppress
 from copy import deepcopy
 from ipaddress import IPv4Address
@@ -10,7 +11,7 @@ import secrets
 import shutil
 import tarfile
 from tempfile import TemporaryDirectory
-from typing import Any, Awaitable, Final
+from typing import Any, Final
 
 import aiohttp
 from deepmerge import Merger
@@ -72,6 +73,7 @@ from ..jobs.decorator import Job
 from ..utils import check_port
 from ..utils.apparmor import adjust_profile
 from ..utils.json import read_json_file, write_json_file
+from ..utils.sentry import capture_exception
 from .const import (
     WATCHDOG_MAX_ATTEMPTS,
     WATCHDOG_RETRY_SECONDS,
@@ -150,7 +152,7 @@ class Addon(AddonModel):
                         _LOGGER.error(
                             "Watchdog restart of addon %s failed!", addon.name
                         )
-                        addon.sys_capture_exception(err)
+                        capture_exception(err)
                     else:
                         break
 
@@ -467,6 +469,11 @@ class Addon(AddonModel):
         """Return True if this  add-on need a local build."""
         return ATTR_IMAGE not in self.data
 
+    @property
+    def latest_need_build(self) -> bool:
+        """Return True if the latest version of the addon needs a local build."""
+        return ATTR_IMAGE not in self.data_store
+
     @property
     def path_data(self) -> Path:
         """Return add-on data path inside Supervisor."""

supervisor/addons/build.py

@@ -1,6 +1,7 @@
 """Supervisor add-on build environment."""
 from __future__ import annotations
 
+from functools import cached_property
 from pathlib import Path
 from typing import TYPE_CHECKING
 
@@ -16,7 +17,7 @@ from ..const import (
 )
 from ..coresys import CoreSys, CoreSysAttributes
 from ..docker.interface import MAP_ARCH
-from ..exceptions import ConfigurationFileError
+from ..exceptions import ConfigurationFileError, HassioArchNotFound
 from ..utils.common import FileConfiguration, find_one_filetype
 from .validate import SCHEMA_BUILD_CONFIG
 
@@ -45,6 +46,11 @@ class AddonBuild(FileConfiguration, CoreSysAttributes):
         """Ignore save function."""
         raise RuntimeError()
 
+    @cached_property
+    def arch(self) -> str:
+        """Return arch of the add-on."""
+        return self.sys_arch.match(self.addon.arch)
+
     @property
     def base_image(self) -> str:
         """Return base image for this add-on."""
@@ -55,8 +61,18 @@ class AddonBuild(FileConfiguration, CoreSysAttributes):
             return self._data[ATTR_BUILD_FROM]
 
         # Evaluate correct base image
-        arch = self.sys_arch.match(list(self._data[ATTR_BUILD_FROM].keys()))
-        return self._data[ATTR_BUILD_FROM][arch]
+        if self.arch not in self._data[ATTR_BUILD_FROM]:
+            raise HassioArchNotFound(
+                f"Add-on {self.addon.slug} is not supported on {self.arch}"
+            )
+        return self._data[ATTR_BUILD_FROM][self.arch]
+
+    @property
+    def dockerfile(self) -> Path:
+        """Return Dockerfile path."""
+        if self.addon.path_location.joinpath(f"Dockerfile.{self.arch}").exists():
+            return self.addon.path_location.joinpath(f"Dockerfile.{self.arch}")
+        return self.addon.path_location.joinpath("Dockerfile")
 
     @property
     def squash(self) -> bool:
@@ -76,25 +92,29 @@ class AddonBuild(FileConfiguration, CoreSysAttributes):
     @property
     def is_valid(self) -> bool:
         """Return true if the build env is valid."""
-        return all(
-            [
-                self.addon.path_location.is_dir(),
-                Path(self.addon.path_location, "Dockerfile").is_file(),
-            ]
-        )
+        try:
+            return all(
+                [
+                    self.addon.path_location.is_dir(),
+                    self.dockerfile.is_file(),
+                ]
+            )
+        except HassioArchNotFound:
+            return False
 
     def get_docker_args(self, version: AwesomeVersion):
         """Create a dict with Docker build arguments."""
         args = {
             "path": str(self.addon.path_location),
             "tag": f"{self.addon.image}:{version!s}",
+            "dockerfile": str(self.dockerfile),
             "pull": True,
             "forcerm": not self.sys_dev,
             "squash": self.squash,
-            "platform": MAP_ARCH[self.sys_arch.match(self.addon.arch)],
+            "platform": MAP_ARCH[self.arch],
             "labels": {
                 "io.hass.version": version,
-                "io.hass.arch": self.sys_arch.default,
+                "io.hass.arch": self.arch,
                 "io.hass.type": META_ADDON,
                 "io.hass.name": self._fix_label("name"),
                 "io.hass.description": self._fix_label("description"),

supervisor/addons/const.py

@@ -26,3 +26,5 @@ ADDON_UPDATE_CONDITIONS = [
     JobCondition.PLUGINS_UPDATED,
     JobCondition.SUPERVISOR_UPDATED,
 ]
+
+RE_SLUG = r"[-_.A-Za-z0-9]+"

supervisor/addons/model.py

@@ -1,7 +1,10 @@
 """Init file for Supervisor add-ons."""
 from abc import ABC, abstractmethod
+from collections.abc import Awaitable, Callable
+from contextlib import suppress
+import logging
 from pathlib import Path
-from typing import Any, Awaitable
+from typing import Any
 
 from awesomeversion import AwesomeVersion, AwesomeVersionException
 
@@ -31,6 +34,7 @@ from ..const import (
     ATTR_HOST_IPC,
     ATTR_HOST_NETWORK,
     ATTR_HOST_PID,
+    ATTR_HOST_UTS,
     ATTR_IMAGE,
     ATTR_INGRESS,
     ATTR_INGRESS_STREAM,
@@ -77,10 +81,13 @@ from ..const import (
 )
 from ..coresys import CoreSys, CoreSysAttributes
 from ..docker.const import Capabilities
+from ..exceptions import AddonsNotSupportedError
 from .const import ATTR_BACKUP, ATTR_CODENOTARY, AddonBackupMode
 from .options import AddonOptions, UiOptions
 from .validate import RE_SERVICE, RE_VOLUME
 
+_LOGGER: logging.Logger = logging.getLogger(__name__)
+
 Data = dict[str, Any]
 
 
@@ -302,6 +309,11 @@ class AddonModel(CoreSysAttributes, ABC):
         """Return True if add-on run on host IPC namespace."""
         return self.data[ATTR_HOST_IPC]
 
+    @property
+    def host_uts(self) -> bool:
+        """Return True if add-on run on host UTS namespace."""
+        return self.data[ATTR_HOST_UTS]
+
     @property
     def host_dbus(self) -> bool:
         """Return True if add-on run on host D-BUS."""
@@ -520,14 +532,14 @@ class AddonModel(CoreSysAttributes, ABC):
         return ATTR_IMAGE not in self.data
 
     @property
-    def map_volumes(self) -> dict[str, str]:
-        """Return a dict of {volume: policy} from add-on."""
+    def map_volumes(self) -> dict[str, bool]:
+        """Return a dict of {volume: read-only} from add-on."""
         volumes = {}
         for volume in self.data[ATTR_MAP]:
             result = RE_VOLUME.match(volume)
             if not result:
                 continue
-            volumes[result.group(1)] = result.group(2) or "ro"
+            volumes[result.group(1)] = result.group(2) != "rw"
 
         return volumes
 
@@ -594,31 +606,54 @@ class AddonModel(CoreSysAttributes, ABC):
         """Return Signer email address for CAS."""
         return self.data.get(ATTR_CODENOTARY)
 
+    def validate_availability(self) -> None:
+        """Validate if addon is available for current system."""
+        return self._validate_availability(self.data, logger=_LOGGER.error)
+
     def __eq__(self, other):
         """Compaired add-on objects."""
         if not isinstance(other, AddonModel):
             return False
         return self.slug == other.slug
 
-    def _available(self, config) -> bool:
-        """Return True if this add-on is available on this platform."""
+    def _validate_availability(
+        self, config, *, logger: Callable[..., None] | None = None
+    ) -> None:
+        """Validate if addon is available for current system."""
         # Architecture
         if not self.sys_arch.is_supported(config[ATTR_ARCH]):
-            return False
+            raise AddonsNotSupportedError(
+                f"Add-on {self.slug} not supported on this platform, supported architectures: {', '.join(config[ATTR_ARCH])}",
+                logger,
+            )
 
         # Machine / Hardware
         machine = config.get(ATTR_MACHINE)
-        if machine and f"!{self.sys_machine}" in machine:
-            return False
-        elif machine and self.sys_machine not in machine:
-            return False
+        if machine and (
+            f"!{self.sys_machine}" in machine or self.sys_machine not in machine
+        ):
+            raise AddonsNotSupportedError(
+                f"Add-on {self.slug} not supported on this machine, supported machine types: {', '.join(machine)}",
+                logger,
+            )
 
         # Home Assistant
         version: AwesomeVersion | None = config.get(ATTR_HOMEASSISTANT)
+        with suppress(AwesomeVersionException, TypeError):
+            if self.sys_homeassistant.version < version:
+                raise AddonsNotSupportedError(
+                    f"Add-on {self.slug} not supported on this system, requires Home Assistant version {version} or greater",
+                    logger,
+                )
+
+    def _available(self, config) -> bool:
+        """Return True if this add-on is available on this platform."""
         try:
-            return self.sys_homeassistant.version >= version
-        except (AwesomeVersionException, TypeError):
-            return True
+            self._validate_availability(config)
+        except AddonsNotSupportedError:
+            return False
+
+        return True
 
     def _image(self, config) -> str:
         """Generate image name from data."""

supervisor/addons/utils.py

@@ -44,12 +44,15 @@ def rating_security(addon: AddonModel) -> int:
         any(
             privilege in addon.privileged
             for privilege in (
-                Capabilities.NET_ADMIN,
-                Capabilities.SYS_ADMIN,
-                Capabilities.SYS_RAWIO,
-                Capabilities.SYS_PTRACE,
-                Capabilities.SYS_MODULE,
+                Capabilities.BPF,
                 Capabilities.DAC_READ_SEARCH,
+                Capabilities.NET_ADMIN,
+                Capabilities.NET_RAW,
+                Capabilities.PERFMON,
+                Capabilities.SYS_ADMIN,
+                Capabilities.SYS_MODULE,
+                Capabilities.SYS_PTRACE,
+                Capabilities.SYS_RAWIO,
             )
         )
         or addon.with_kernel_modules
@@ -70,6 +73,10 @@ def rating_security(addon: AddonModel) -> int:
     if addon.host_pid:
         rating += -2
 
+    # UTS host namespace allows to set hostname only with SYS_ADMIN
+    if addon.host_uts and Capabilities.SYS_ADMIN in addon.privileged:
+        rating += -1
+
     # Docker Access & full Access
     if addon.access_docker_api or addon.with_full_access:
         rating = 1

supervisor/addons/validate.py

@@ -41,6 +41,7 @@ from ..const import (
     ATTR_HOST_IPC,
     ATTR_HOST_NETWORK,
     ATTR_HOST_PID,
+    ATTR_HOST_UTS,
     ATTR_IMAGE,
     ATTR_INGRESS,
     ATTR_INGRESS_ENTRY,
@@ -108,7 +109,7 @@ from ..validate import (
     uuid_match,
     version_tag,
 )
-from .const import ATTR_BACKUP, ATTR_CODENOTARY, AddonBackupMode
+from .const import ATTR_BACKUP, ATTR_CODENOTARY, RE_SLUG, AddonBackupMode
 from .options import RE_SCHEMA_ELEMENT
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
@@ -129,6 +130,7 @@ RE_MACHINE = re.compile(
     r"|generic-x86-64"
     r"|odroid-c2"
     r"|odroid-c4"
+    r"|odroid-m1"
     r"|odroid-n2"
     r"|odroid-xu"
     r"|qemuarm-64"
@@ -145,6 +147,8 @@ RE_MACHINE = re.compile(
     r")$"
 )
 
+RE_SLUG_FIELD = re.compile(r"^" + RE_SLUG + r"$")
+
 
 def _warn_addon_config(config: dict[str, Any]):
     """Warn about miss configs."""
@@ -250,7 +254,7 @@ _SCHEMA_ADDON_CONFIG = vol.Schema(
     {
         vol.Required(ATTR_NAME): str,
         vol.Required(ATTR_VERSION): version_tag,
-        vol.Required(ATTR_SLUG): str,
+        vol.Required(ATTR_SLUG): vol.Match(RE_SLUG_FIELD),
         vol.Required(ATTR_DESCRIPTON): str,
         vol.Required(ATTR_ARCH): [vol.In(ARCH_ALL)],
         vol.Optional(ATTR_MACHINE): vol.All([vol.Match(RE_MACHINE)], vol.Unique()),
@@ -283,6 +287,7 @@ _SCHEMA_ADDON_CONFIG = vol.Schema(
         vol.Optional(ATTR_HOST_NETWORK, default=False): vol.Boolean(),
         vol.Optional(ATTR_HOST_PID, default=False): vol.Boolean(),
         vol.Optional(ATTR_HOST_IPC, default=False): vol.Boolean(),
+        vol.Optional(ATTR_HOST_UTS, default=False): vol.Boolean(),
         vol.Optional(ATTR_HOST_DBUS, default=False): vol.Boolean(),
         vol.Optional(ATTR_DEVICES): [str],
         vol.Optional(ATTR_UDEV, default=False): vol.Boolean(),

supervisor/api/__init__.py

@@ -1,4 +1,5 @@
 """Init file for Supervisor RESTful API."""
+from functools import partial
 import logging
 from pathlib import Path
 from typing import Any
@@ -22,6 +23,7 @@ from .host import APIHost
 from .ingress import APIIngress
 from .jobs import APIJobs
 from .middleware.security import SecurityMiddleware
+from .mounts import APIMounts
 from .multicast import APIMulticast
 from .network import APINetwork
 from .observer import APIObserver
@@ -52,8 +54,10 @@ class RestAPI(CoreSysAttributes):
         self.webapp: web.Application = web.Application(
             client_max_size=MAX_CLIENT_SIZE,
             middlewares=[
+                self.security.block_bad_requests,
                 self.security.system_validation,
                 self.security.token_validation,
+                self.security.core_proxy,
             ],
             handler_args={
                 "max_line_size": MAX_LINE_SIZE,
@@ -78,20 +82,21 @@ class RestAPI(CoreSysAttributes):
         self._register_hardware()
         self._register_homeassistant()
         self._register_host()
-        self._register_root()
+        self._register_jobs()
         self._register_ingress()
+        self._register_mounts()
         self._register_multicast()
         self._register_network()
         self._register_observer()
         self._register_os()
-        self._register_jobs()
         self._register_panel()
         self._register_proxy()
         self._register_resolution()
-        self._register_services()
-        self._register_supervisor()
-        self._register_store()
+        self._register_root()
         self._register_security()
+        self._register_services()
+        self._register_store()
+        self._register_supervisor()
 
         await self.start()
 
@@ -103,16 +108,36 @@ class RestAPI(CoreSysAttributes):
         self.webapp.add_routes(
             [
                 web.get("/host/info", api_host.info),
-                web.get("/host/logs", api_host.logs),
+                web.get("/host/logs", api_host.advanced_logs),
+                web.get(
+                    "/host/logs/follow",
+                    partial(api_host.advanced_logs, follow=True),
+                ),
+                web.get("/host/logs/identifiers", api_host.list_identifiers),
+                web.get("/host/logs/identifiers/{identifier}", api_host.advanced_logs),
+                web.get(
+                    "/host/logs/identifiers/{identifier}/follow",
+                    partial(api_host.advanced_logs, follow=True),
+                ),
+                web.get("/host/logs/boots", api_host.list_boots),
+                web.get("/host/logs/boots/{bootid}", api_host.advanced_logs),
+                web.get(
+                    "/host/logs/boots/{bootid}/follow",
+                    partial(api_host.advanced_logs, follow=True),
+                ),
+                web.get(
+                    "/host/logs/boots/{bootid}/identifiers/{identifier}",
+                    api_host.advanced_logs,
+                ),
+                web.get(
+                    "/host/logs/boots/{bootid}/identifiers/{identifier}/follow",
+                    partial(api_host.advanced_logs, follow=True),
+                ),
                 web.post("/host/reboot", api_host.reboot),
                 web.post("/host/shutdown", api_host.shutdown),
                 web.post("/host/reload", api_host.reload),
                 web.post("/host/options", api_host.options),
                 web.get("/host/services", api_host.services),
-                web.post("/host/services/{service}/stop", api_host.service_stop),
-                web.post("/host/services/{service}/start", api_host.service_start),
-                web.post("/host/services/{service}/restart", api_host.service_restart),
-                web.post("/host/services/{service}/reload", api_host.service_reload),
             ]
         )
 
@@ -158,6 +183,15 @@ class RestAPI(CoreSysAttributes):
             ]
         )
 
+        # Boards endpoints
+        self.webapp.add_routes(
+            [
+                web.get("/os/boards/yellow", api_os.boards_yellow_info),
+                web.post("/os/boards/yellow", api_os.boards_yellow_options),
+                web.get("/os/boards/{board}", api_os.boards_other_info),
+            ]
+        )
+
     def _register_security(self) -> None:
         """Register Security functions."""
         api_security = APISecurity()
@@ -514,6 +548,8 @@ class RestAPI(CoreSysAttributes):
         """Register Audio functions."""
         api_audio = APIAudio()
         api_audio.coresys = self.coresys
+        api_host = APIHost()
+        api_host.coresys = self.coresys
 
         self.webapp.add_routes(
             [
@@ -532,6 +568,22 @@ class RestAPI(CoreSysAttributes):
             ]
         )
 
+    def _register_mounts(self) -> None:
+        """Register mounts endpoints."""
+        api_mounts = APIMounts()
+        api_mounts.coresys = self.coresys
+
+        self.webapp.add_routes(
+            [
+                web.get("/mounts", api_mounts.info),
+                web.post("/mounts/options", api_mounts.options),
+                web.post("/mounts", api_mounts.create_mount),
+                web.put("/mounts/{mount}", api_mounts.update_mount),
+                web.delete("/mounts/{mount}", api_mounts.delete_mount),
+                web.post("/mounts/{mount}/reload", api_mounts.reload_mount),
+            ]
+        )
+
     def _register_store(self) -> None:
         """Register store endpoints."""
         api_store = APIStore()

supervisor/api/addons.py

@@ -1,7 +1,8 @@
 """Init file for Supervisor Home Assistant RESTful API."""
 import asyncio
+from collections.abc import Awaitable
 import logging
-from typing import Any, Awaitable
+from typing import Any
 
 from aiohttp import web
 import voluptuous as vol
@@ -45,6 +46,7 @@ from ..const import (
     ATTR_HOST_IPC,
     ATTR_HOST_NETWORK,
     ATTR_HOST_PID,
+    ATTR_HOST_UTS,
     ATTR_HOSTNAME,
     ATTR_ICON,
     ATTR_INGRESS,
@@ -215,6 +217,7 @@ class APIAddons(CoreSysAttributes):
             ATTR_HOST_NETWORK: addon.host_network,
             ATTR_HOST_PID: addon.host_pid,
             ATTR_HOST_IPC: addon.host_ipc,
+            ATTR_HOST_UTS: addon.host_uts,
             ATTR_HOST_DBUS: addon.host_dbus,
             ATTR_PRIVILEGED: addon.privileged,
             ATTR_FULL_ACCESS: addon.with_full_access,

supervisor/api/audio.py

@@ -1,7 +1,8 @@
 """Init file for Supervisor Audio RESTful API."""
 import asyncio
+from collections.abc import Awaitable
 import logging
-from typing import Any, Awaitable
+from typing import Any
 
 from aiohttp import web
 import attr

supervisor/api/backups.py

@@ -4,6 +4,7 @@ import logging
 from pathlib import Path
 import re
 from tempfile import TemporaryDirectory
+from typing import Any
 
 from aiohttp import web
 from aiohttp.hdrs import CONTENT_DISPOSITION
@@ -19,6 +20,7 @@ from ..const import (
     ATTR_DAYS_UNTIL_STALE,
     ATTR_FOLDERS,
     ATTR_HOMEASSISTANT,
+    ATTR_LOCATON,
     ATTR_NAME,
     ATTR_PASSWORD,
     ATTR_PROTECTED,
@@ -31,6 +33,7 @@ from ..const import (
 )
 from ..coresys import CoreSysAttributes
 from ..exceptions import APIError
+from ..mounts.const import MountUsage
 from .const import CONTENT_TYPE_TAR
 from .utils import api_process, api_validate
 
@@ -59,6 +62,7 @@ SCHEMA_BACKUP_FULL = vol.Schema(
         vol.Optional(ATTR_NAME): str,
         vol.Optional(ATTR_PASSWORD): vol.Maybe(str),
         vol.Optional(ATTR_COMPRESSED): vol.Maybe(vol.Boolean()),
+        vol.Optional(ATTR_LOCATON): vol.Maybe(str),
     }
 )
 
@@ -173,11 +177,27 @@ class APIBackups(CoreSysAttributes):
             ATTR_FOLDERS: backup.folders,
         }
 
+    def _location_to_mount(self, body: dict[str, Any]) -> dict[str, Any]:
+        """Change location field to mount if necessary."""
+        if not body.get(ATTR_LOCATON):
+            return body
+
+        body[ATTR_LOCATON] = self.sys_mounts.get(body[ATTR_LOCATON])
+        if body[ATTR_LOCATON].usage != MountUsage.BACKUP:
+            raise APIError(
+                f"Mount {body[ATTR_LOCATON].name} is not used for backups, cannot backup to there"
+            )
+
+        return body
+
     @api_process
     async def backup_full(self, request):
         """Create full backup."""
         body = await api_validate(SCHEMA_BACKUP_FULL, request)
-        backup = await asyncio.shield(self.sys_backups.do_backup_full(**body))
+
+        backup = await asyncio.shield(
+            self.sys_backups.do_backup_full(**self._location_to_mount(body))
+        )
 
         if backup:
             return {ATTR_SLUG: backup.slug}
@@ -187,7 +207,9 @@ class APIBackups(CoreSysAttributes):
     async def backup_partial(self, request):
         """Create a partial backup."""
         body = await api_validate(SCHEMA_BACKUP_PARTIAL, request)
-        backup = await asyncio.shield(self.sys_backups.do_backup_partial(**body))
+        backup = await asyncio.shield(
+            self.sys_backups.do_backup_partial(**self._location_to_mount(body))
+        )
 
         if backup:
             return {ATTR_SLUG: backup.slug}

supervisor/api/const.py

@@ -9,31 +9,47 @@ CONTENT_TYPE_URL = "application/x-www-form-urlencoded"
 
 COOKIE_INGRESS = "ingress_session"
 
-HEADER_TOKEN_OLD = "X-Hassio-Key"
-HEADER_TOKEN = "X-Supervisor-Token"
-
-ATTR_APPARMOR_VERSION = "apparmor_version"
 ATTR_AGENT_VERSION = "agent_version"
+ATTR_APPARMOR_VERSION = "apparmor_version"
+ATTR_ATTRIBUTES = "attributes"
 ATTR_AVAILABLE_UPDATES = "available_updates"
 ATTR_BOOT_TIMESTAMP = "boot_timestamp"
+ATTR_BOOTS = "boots"
 ATTR_BROADCAST_LLMNR = "broadcast_llmnr"
 ATTR_BROADCAST_MDNS = "broadcast_mdns"
+ATTR_BY_ID = "by_id"
+ATTR_CHILDREN = "children"
+ATTR_CONNECTION_BUS = "connection_bus"
 ATTR_DATA_DISK = "data_disk"
 ATTR_DEVICE = "device"
+ATTR_DEV_PATH = "dev_path"
+ATTR_DISK_LED = "disk_led"
+ATTR_DISKS = "disks"
+ATTR_DRIVES = "drives"
 ATTR_DT_SYNCHRONIZED = "dt_synchronized"
 ATTR_DT_UTC = "dt_utc"
+ATTR_EJECTABLE = "ejectable"
 ATTR_FALLBACK = "fallback"
+ATTR_FILESYSTEMS = "filesystems"
+ATTR_HEARTBEAT_LED = "heartbeat_led"
+ATTR_IDENTIFIERS = "identifiers"
 ATTR_LLMNR = "llmnr"
 ATTR_LLMNR_HOSTNAME = "llmnr_hostname"
 ATTR_MDNS = "mdns"
+ATTR_MODEL = "model"
+ATTR_MOUNTS = "mounts"
+ATTR_MOUNT_POINTS = "mount_points"
 ATTR_PANEL_PATH = "panel_path"
+ATTR_POWER_LED = "power_led"
+ATTR_REMOVABLE = "removable"
+ATTR_REVISION = "revision"
+ATTR_SEAT = "seat"
 ATTR_SIGNED = "signed"
 ATTR_STARTUP_TIME = "startup_time"
-ATTR_UPDATE_TYPE = "update_type"
-ATTR_USE_NTP = "use_ntp"
-ATTR_BY_ID = "by_id"
 ATTR_SUBSYSTEM = "subsystem"
 ATTR_SYSFS = "sysfs"
-ATTR_DEV_PATH = "dev_path"
-ATTR_ATTRIBUTES = "attributes"
-ATTR_CHILDREN = "children"
+ATTR_TIME_DETECTED = "time_detected"
+ATTR_UPDATE_TYPE = "update_type"
+ATTR_USE_NTP = "use_ntp"
+ATTR_USAGE = "usage"
+ATTR_VENDOR = "vendor"

supervisor/api/dns.py

@@ -1,7 +1,8 @@
 """Init file for Supervisor DNS RESTful API."""
 import asyncio
+from collections.abc import Awaitable
 import logging
-from typing import Any, Awaitable
+from typing import Any
 
 from aiohttp import web
 import voluptuous as vol

supervisor/api/hardware.py

@@ -4,16 +4,41 @@ from typing import Any
 
 from aiohttp import web
 
-from ..const import ATTR_AUDIO, ATTR_DEVICES, ATTR_INPUT, ATTR_NAME, ATTR_OUTPUT
+from ..const import (
+    ATTR_AUDIO,
+    ATTR_DEVICES,
+    ATTR_ID,
+    ATTR_INPUT,
+    ATTR_NAME,
+    ATTR_OUTPUT,
+    ATTR_SERIAL,
+    ATTR_SIZE,
+    ATTR_SYSTEM,
+)
 from ..coresys import CoreSysAttributes
+from ..dbus.udisks2 import UDisks2
+from ..dbus.udisks2.block import UDisks2Block
+from ..dbus.udisks2.drive import UDisks2Drive
 from ..hardware.data import Device
 from .const import (
     ATTR_ATTRIBUTES,
     ATTR_BY_ID,
     ATTR_CHILDREN,
+    ATTR_CONNECTION_BUS,
     ATTR_DEV_PATH,
+    ATTR_DEVICE,
+    ATTR_DRIVES,
+    ATTR_EJECTABLE,
+    ATTR_FILESYSTEMS,
+    ATTR_MODEL,
+    ATTR_MOUNT_POINTS,
+    ATTR_REMOVABLE,
+    ATTR_REVISION,
+    ATTR_SEAT,
     ATTR_SUBSYSTEM,
     ATTR_SYSFS,
+    ATTR_TIME_DETECTED,
+    ATTR_VENDOR,
 )
 from .utils import api_process
 
@@ -21,7 +46,7 @@ _LOGGER: logging.Logger = logging.getLogger(__name__)
 
 
 def device_struct(device: Device) -> dict[str, Any]:
-    """Return a dict with information of a interface to be used in th API."""
+    """Return a dict with information of a interface to be used in the API."""
     return {
         ATTR_NAME: device.name,
         ATTR_SYSFS: device.sysfs,
@@ -33,6 +58,42 @@ def device_struct(device: Device) -> dict[str, Any]:
     }
 
 
+def filesystem_struct(fs_block: UDisks2Block) -> dict[str, Any]:
+    """Return a dict with information of a filesystem block device to be used in the API."""
+    return {
+        ATTR_DEVICE: str(fs_block.device),
+        ATTR_ID: fs_block.id,
+        ATTR_SIZE: fs_block.size,
+        ATTR_NAME: fs_block.id_label,
+        ATTR_SYSTEM: fs_block.hint_system,
+        ATTR_MOUNT_POINTS: [
+            str(mount_point) for mount_point in fs_block.filesystem.mount_points
+        ],
+    }
+
+
+def drive_struct(udisks2: UDisks2, drive: UDisks2Drive) -> dict[str, Any]:
+    """Return a dict with information of a disk to be used in the API."""
+    return {
+        ATTR_VENDOR: drive.vendor,
+        ATTR_MODEL: drive.model,
+        ATTR_REVISION: drive.revision,
+        ATTR_SERIAL: drive.serial,
+        ATTR_ID: drive.id,
+        ATTR_SIZE: drive.size,
+        ATTR_TIME_DETECTED: drive.time_detected.isoformat(),
+        ATTR_CONNECTION_BUS: drive.connection_bus,
+        ATTR_SEAT: drive.seat,
+        ATTR_REMOVABLE: drive.removable,
+        ATTR_EJECTABLE: drive.ejectable,
+        ATTR_FILESYSTEMS: [
+            filesystem_struct(block)
+            for block in udisks2.block_devices
+            if block.filesystem and block.drive == drive.object_path
+        ],
+    }
+
+
 class APIHardware(CoreSysAttributes):
     """Handle RESTful API for hardware functions."""
 
@@ -42,7 +103,11 @@ class APIHardware(CoreSysAttributes):
         return {
             ATTR_DEVICES: [
                 device_struct(device) for device in self.sys_hardware.devices
-            ]
+            ],
+            ATTR_DRIVES: [
+                drive_struct(self.sys_dbus.udisks2, drive)
+                for drive in self.sys_dbus.udisks2.drives
+            ],
         }
 
     @api_process

supervisor/api/homeassistant.py

@@ -1,7 +1,8 @@
 """Init file for Supervisor Home Assistant RESTful API."""
 import asyncio
+from collections.abc import Awaitable
 import logging
-from typing import Any, Awaitable
+from typing import Any
 
 from aiohttp import web
 import voluptuous as vol

supervisor/api/host.py

@@ -1,9 +1,12 @@
 """Init file for Supervisor host RESTful API."""
 import asyncio
-from typing import Awaitable
+from contextlib import suppress
+import logging
 
 from aiohttp import web
+from aiohttp.hdrs import ACCEPT, RANGE
 import voluptuous as vol
+from voluptuous.error import CoerceInvalid
 
 from ..const import (
     ATTR_CHASSIS,
@@ -24,22 +27,30 @@ from ..const import (
     ATTR_TIMEZONE,
 )
 from ..coresys import CoreSysAttributes
+from ..exceptions import APIError, HostLogError
+from ..host.const import PARAM_BOOT_ID, PARAM_FOLLOW, PARAM_SYSLOG_IDENTIFIER
 from .const import (
     ATTR_AGENT_VERSION,
     ATTR_APPARMOR_VERSION,
     ATTR_BOOT_TIMESTAMP,
+    ATTR_BOOTS,
     ATTR_BROADCAST_LLMNR,
     ATTR_BROADCAST_MDNS,
     ATTR_DT_SYNCHRONIZED,
     ATTR_DT_UTC,
+    ATTR_IDENTIFIERS,
     ATTR_LLMNR_HOSTNAME,
     ATTR_STARTUP_TIME,
     ATTR_USE_NTP,
-    CONTENT_TYPE_BINARY,
+    CONTENT_TYPE_TEXT,
 )
-from .utils import api_process, api_process_raw, api_validate
+from .utils import api_process, api_validate
 
-SERVICE = "service"
+_LOGGER: logging.Logger = logging.getLogger(__name__)
+
+IDENTIFIER = "identifier"
+BOOTID = "bootid"
+DEFAULT_RANGE = 100
 
 SCHEMA_OPTIONS = vol.Schema({vol.Optional(ATTR_HOSTNAME): str})
 
@@ -117,30 +128,75 @@ class APIHost(CoreSysAttributes):
         return {ATTR_SERVICES: services}
 
     @api_process
-    def service_start(self, request):
-        """Start a service."""
-        unit = request.match_info.get(SERVICE)
-        return [asyncio.shield(self.sys_host.services.start(unit))]
+    async def list_boots(self, _: web.Request):
+        """Return a list of boot IDs."""
+        boot_ids = await self.sys_host.logs.get_boot_ids()
+        return {
+            ATTR_BOOTS: {
+                str(1 + i - len(boot_ids)): boot_id
+                for i, boot_id in enumerate(boot_ids)
+            }
+        }
 
     @api_process
-    def service_stop(self, request):
-        """Stop a service."""
-        unit = request.match_info.get(SERVICE)
-        return [asyncio.shield(self.sys_host.services.stop(unit))]
+    async def list_identifiers(self, _: web.Request):
+        """Return a list of syslog identifiers."""
+        return {ATTR_IDENTIFIERS: await self.sys_host.logs.get_identifiers()}
+
+    async def _get_boot_id(self, possible_offset: str) -> str:
+        """Convert offset into boot ID if required."""
+        with suppress(CoerceInvalid):
+            offset = vol.Coerce(int)(possible_offset)
+            try:
+                return await self.sys_host.logs.get_boot_id(offset)
+            except (ValueError, HostLogError) as err:
+                raise APIError() from err
+        return possible_offset
 
     @api_process
-    def service_reload(self, request):
-        """Reload a service."""
-        unit = request.match_info.get(SERVICE)
-        return [asyncio.shield(self.sys_host.services.reload(unit))]
+    async def advanced_logs(
+        self, request: web.Request, identifier: str | None = None, follow: bool = False
+    ) -> web.StreamResponse:
+        """Return systemd-journald logs."""
+        params = {}
+        if identifier:
+            params[PARAM_SYSLOG_IDENTIFIER] = identifier
+        elif IDENTIFIER in request.match_info:
+            params[PARAM_SYSLOG_IDENTIFIER] = request.match_info.get(IDENTIFIER)
+        else:
+            params[PARAM_SYSLOG_IDENTIFIER] = self.sys_host.logs.default_identifiers
 
-    @api_process
-    def service_restart(self, request):
-        """Restart a service."""
-        unit = request.match_info.get(SERVICE)
-        return [asyncio.shield(self.sys_host.services.restart(unit))]
+        if BOOTID in request.match_info:
+            params[PARAM_BOOT_ID] = await self._get_boot_id(
+                request.match_info.get(BOOTID)
+            )
+        if follow:
+            params[PARAM_FOLLOW] = ""
 
-    @api_process_raw(CONTENT_TYPE_BINARY)
-    def logs(self, request: web.Request) -> Awaitable[bytes]:
-        """Return host kernel logs."""
-        return self.sys_host.info.get_dmesg()
+        if ACCEPT in request.headers and request.headers[ACCEPT] not in [
+            CONTENT_TYPE_TEXT,
+            "*/*",
+        ]:
+            raise APIError(
+                "Invalid content type requested. Only text/plain supported for now."
+            )
+
+        if RANGE in request.headers:
+            range_header = request.headers.get(RANGE)
+        else:
+            range_header = f"entries=:-{DEFAULT_RANGE}:"
+
+        async with self.sys_host.logs.journald_logs(
+            params=params, range_header=range_header
+        ) as resp:
+            try:
+                response = web.StreamResponse()
+                response.content_type = CONTENT_TYPE_TEXT
+                await response.prepare(request)
+                async for data in resp.content:
+                    await response.write(data)
+            except ConnectionResetError as ex:
+                raise APIError(
+                    "Connection reset when trying to fetch data from systemd-journald."
+                ) from ex
+            return response

supervisor/api/ingress.py

@@ -22,9 +22,11 @@ from ..const import (
     ATTR_PANELS,
     ATTR_SESSION,
     ATTR_TITLE,
+    HEADER_TOKEN,
+    HEADER_TOKEN_OLD,
 )
 from ..coresys import CoreSysAttributes
-from .const import COOKIE_INGRESS, HEADER_TOKEN, HEADER_TOKEN_OLD
+from .const import COOKIE_INGRESS
 from .utils import api_process, api_validate, require_home_assistant
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
@@ -83,7 +85,6 @@ class APIIngress(CoreSysAttributes):
             _LOGGER.warning("No valid ingress session %s", data[ATTR_SESSION])
             raise HTTPUnauthorized()
 
-    @require_home_assistant
     async def handler(
         self, request: web.Request
     ) -> web.Response | web.StreamResponse | web.WebSocketResponse:
@@ -147,8 +148,8 @@ class APIIngress(CoreSysAttributes):
             # Proxy requests
             await asyncio.wait(
                 [
-                    _websocket_forward(ws_server, ws_client),
-                    _websocket_forward(ws_client, ws_server),
+                    self.sys_create_task(_websocket_forward(ws_server, ws_client)),
+                    self.sys_create_task(_websocket_forward(ws_client, ws_server)),
                 ],
                 return_when=asyncio.FIRST_COMPLETED,
             )
@@ -180,6 +181,7 @@ class APIIngress(CoreSysAttributes):
             allow_redirects=False,
             data=data,
             timeout=ClientTimeout(total=None),
+            skip_auto_headers={hdrs.CONTENT_TYPE},
         ) as result:
             headers = _response_header(result)
 

supervisor/api/middleware/security.py

@@ -1,10 +1,14 @@
 """Handle security part of this API."""
 import logging
 import re
+from typing import Final
+from urllib.parse import unquote
 
 from aiohttp.web import Request, RequestHandler, Response, middleware
-from aiohttp.web_exceptions import HTTPForbidden, HTTPUnauthorized
+from aiohttp.web_exceptions import HTTPBadRequest, HTTPForbidden, HTTPUnauthorized
+from awesomeversion import AwesomeVersion
 
+from ...addons.const import RE_SLUG
 from ...const import (
     REQUEST_FROM,
     ROLE_ADMIN,
@@ -18,11 +22,22 @@ from ...coresys import CoreSys, CoreSysAttributes
 from ..utils import api_return_error, excract_supervisor_token
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
+_CORE_VERSION: Final = AwesomeVersion("2023.3.4")
 
 # fmt: off
 
+_CORE_FRONTEND_PATHS: Final = (
+    r"|/app/.*\.(?:js|gz|json|map|woff2)"
+    r"|/(store/)?addons/" + RE_SLUG + r"/(logo|icon)"
+)
+
+CORE_FRONTEND: Final = re.compile(
+    r"^(?:" + _CORE_FRONTEND_PATHS + r")$"
+)
+
+
 # Block Anytime
-BLACKLIST = re.compile(
+BLACKLIST: Final = re.compile(
     r"^(?:"
     r"|/homeassistant/api/hassio/.*"
     r"|/core/api/hassio/.*"
@@ -30,25 +45,27 @@ BLACKLIST = re.compile(
 )
 
 # Free to call or have own security concepts
-NO_SECURITY_CHECK = re.compile(
+NO_SECURITY_CHECK: Final = re.compile(
     r"^(?:"
     r"|/homeassistant/api/.*"
     r"|/homeassistant/websocket"
     r"|/core/api/.*"
     r"|/core/websocket"
     r"|/supervisor/ping"
-    r")$"
+    r"|/ingress/[-_A-Za-z0-9]+/.*"
+    + _CORE_FRONTEND_PATHS
+    + r")$"
 )
 
 # Observer allow API calls
-OBSERVER_CHECK = re.compile(
+OBSERVER_CHECK: Final = re.compile(
     r"^(?:"
     r"|/.+/info"
     r")$"
 )
 
 # Can called by every add-on
-ADDONS_API_BYPASS = re.compile(
+ADDONS_API_BYPASS: Final = re.compile(
     r"^(?:"
     r"|/addons/self/(?!security|update)[^/]+"
     r"|/addons/self/options/config"
@@ -60,7 +77,7 @@ ADDONS_API_BYPASS = re.compile(
 )
 
 # Policy role add-on API access
-ADDONS_ROLE_ACCESS = {
+ADDONS_ROLE_ACCESS: dict[str, re.Pattern] = {
     ROLE_DEFAULT: re.compile(
         r"^(?:"
         r"|/.+/info"
@@ -82,7 +99,7 @@ ADDONS_ROLE_ACCESS = {
     ROLE_MANAGER: re.compile(
         r"^(?:"
         r"|/.+/info"
-        r"|/addons(?:/[^/]+/(?!security).+|/reload)?"
+        r"|/addons(?:/" + RE_SLUG + r"/(?!security).+|/reload)?"
         r"|/audio/.+"
         r"|/auth/cache"
         r"|/cli/.+"
@@ -111,6 +128,26 @@ ADDONS_ROLE_ACCESS = {
     ),
 }
 
+FILTERS: Final = re.compile(
+    r"(?:"
+
+    # Common exploits
+    r"proc/self/environ"
+    r"|(<|%3C).*script.*(>|%3E)"
+
+    # File Injections
+    r"|(\.\.//?)+"  # ../../anywhere
+    r"|[a-zA-Z0-9_]=/([a-z0-9_.]//?)+"  # .html?v=/.//test
+
+    # SQL Injections
+    r"|union.*select.*\("
+    r"|union.*all.*select.*"
+    r"|concat.*\("
+
+    r")",
+    flags=re.IGNORECASE,
+)
+
 # fmt: on
 
 
@@ -121,6 +158,32 @@ class SecurityMiddleware(CoreSysAttributes):
         """Initialize security middleware."""
         self.coresys: CoreSys = coresys
 
+    def _recursive_unquote(self, value: str) -> str:
+        """Handle values that are encoded multiple times."""
+        if (unquoted := unquote(value)) != value:
+            unquoted = self._recursive_unquote(unquoted)
+        return unquoted
+
+    @middleware
+    async def block_bad_requests(
+        self, request: Request, handler: RequestHandler
+    ) -> Response:
+        """Process request and tblock commonly known exploit attempts."""
+        if FILTERS.search(self._recursive_unquote(request.path)):
+            _LOGGER.warning(
+                "Filtered a potential harmful request to: %s", request.raw_path
+            )
+            raise HTTPBadRequest
+
+        if FILTERS.search(self._recursive_unquote(request.query_string)):
+            _LOGGER.warning(
+                "Filtered a request with a potential harmful query string: %s",
+                request.raw_path,
+            )
+            raise HTTPBadRequest
+
+        return await handler(request)
+
     @middleware
     async def system_validation(
         self, request: Request, handler: RequestHandler
@@ -153,6 +216,7 @@ class SecurityMiddleware(CoreSysAttributes):
         # Ignore security check
         if NO_SECURITY_CHECK.match(request.path):
             _LOGGER.debug("Passthrough %s", request.path)
+            request[REQUEST_FROM] = None
             return await handler(request)
 
         # Not token
@@ -205,3 +269,45 @@ class SecurityMiddleware(CoreSysAttributes):
 
         _LOGGER.error("Invalid token for access %s", request.path)
         raise HTTPForbidden()
+
+    @middleware
+    async def core_proxy(self, request: Request, handler: RequestHandler) -> Response:
+        """Validate user from Core API proxy."""
+        if (
+            request[REQUEST_FROM] != self.sys_homeassistant
+            or self.sys_homeassistant.version >= _CORE_VERSION
+        ):
+            return await handler(request)
+
+        authorization_index: int | None = None
+        content_type_index: int | None = None
+        user_request: bool = False
+        admin_request: bool = False
+        ingress_request: bool = False
+
+        for idx, (key, value) in enumerate(request.raw_headers):
+            if key in (b"Authorization", b"X-Hassio-Key"):
+                authorization_index = idx
+            elif key == b"Content-Type":
+                content_type_index = idx
+            elif key == b"X-Hass-User-ID":
+                user_request = True
+            elif key == b"X-Hass-Is-Admin":
+                admin_request = value == b"1"
+            elif key == b"X-Ingress-Path":
+                ingress_request = True
+
+        if (user_request or admin_request) and not ingress_request:
+            return await handler(request)
+
+        is_proxy_request = (
+            authorization_index is not None
+            and content_type_index is not None
+            and content_type_index - authorization_index == 1
+        )
+
+        if (
+            not CORE_FRONTEND.match(request.path) and is_proxy_request
+        ) or ingress_request:
+            raise HTTPBadRequest()
+        return await handler(request)

supervisor/api/mounts.py

@@ -0,0 +1,124 @@
+"""Inits file for supervisor mounts REST API."""
+
+from typing import Any
+
+from aiohttp import web
+import voluptuous as vol
+
+from ..const import ATTR_NAME, ATTR_STATE
+from ..coresys import CoreSysAttributes
+from ..exceptions import APIError
+from ..mounts.const import ATTR_DEFAULT_BACKUP_MOUNT, MountUsage
+from ..mounts.mount import Mount
+from ..mounts.validate import SCHEMA_MOUNT_CONFIG
+from .const import ATTR_MOUNTS
+from .utils import api_process, api_validate
+
+SCHEMA_OPTIONS = vol.Schema(
+    {
+        vol.Optional(ATTR_DEFAULT_BACKUP_MOUNT): vol.Maybe(str),
+    }
+)
+
+
+class APIMounts(CoreSysAttributes):
+    """Handle REST API for mounting options."""
+
+    @api_process
+    async def info(self, request: web.Request) -> dict[str, Any]:
+        """Return MountManager info."""
+        return {
+            ATTR_DEFAULT_BACKUP_MOUNT: self.sys_mounts.default_backup_mount.name
+            if self.sys_mounts.default_backup_mount
+            else None,
+            ATTR_MOUNTS: [
+                mount.to_dict() | {ATTR_STATE: mount.state}
+                for mount in self.sys_mounts.mounts
+            ],
+        }
+
+    @api_process
+    async def options(self, request: web.Request) -> None:
+        """Set Mount Manager options."""
+        body = await api_validate(SCHEMA_OPTIONS, request)
+
+        if ATTR_DEFAULT_BACKUP_MOUNT in body:
+            name: str | None = body[ATTR_DEFAULT_BACKUP_MOUNT]
+            if name is None:
+                self.sys_mounts.default_backup_mount = None
+            elif (mount := self.sys_mounts.get(name)).usage != MountUsage.BACKUP:
+                raise APIError(
+                    f"Mount {name} is not used for backups, cannot use it as default backup mount"
+                )
+            else:
+                self.sys_mounts.default_backup_mount = mount
+
+        self.sys_mounts.save_data()
+
+    @api_process
+    async def create_mount(self, request: web.Request) -> None:
+        """Create a new mount in supervisor."""
+        body = await api_validate(SCHEMA_MOUNT_CONFIG, request)
+
+        if body[ATTR_NAME] in self.sys_mounts:
+            raise APIError(f"A mount already exists with name {body[ATTR_NAME]}")
+
+        mount = Mount.from_dict(self.coresys, body)
+        await self.sys_mounts.create_mount(mount)
+
+        # If it's a backup mount, reload backups
+        if mount.usage == MountUsage.BACKUP:
+            self.sys_create_task(self.sys_backups.reload())
+
+            # If there's no default backup mount, set it to the new mount
+            if not self.sys_mounts.default_backup_mount:
+                self.sys_mounts.default_backup_mount = mount
+
+        self.sys_mounts.save_data()
+
+    @api_process
+    async def update_mount(self, request: web.Request) -> None:
+        """Update an existing mount in supervisor."""
+        name = request.match_info.get("mount")
+        name_schema = vol.Schema(
+            {vol.Optional(ATTR_NAME, default=name): name}, extra=vol.ALLOW_EXTRA
+        )
+        body = await api_validate(vol.All(name_schema, SCHEMA_MOUNT_CONFIG), request)
+
+        if name not in self.sys_mounts:
+            raise APIError(f"No mount exists with name {name}")
+
+        mount = Mount.from_dict(self.coresys, body)
+        await self.sys_mounts.create_mount(mount)
+
+        # If it's a backup mount, reload backups
+        if mount.usage == MountUsage.BACKUP:
+            self.sys_create_task(self.sys_backups.reload())
+
+        # If this mount was the default backup mount and isn't for backups any more, remove it
+        elif self.sys_mounts.default_backup_mount == mount:
+            self.sys_mounts.default_backup_mount = None
+
+        self.sys_mounts.save_data()
+
+    @api_process
+    async def delete_mount(self, request: web.Request) -> None:
+        """Delete an existing mount in supervisor."""
+        name = request.match_info.get("mount")
+        mount = await self.sys_mounts.remove_mount(name)
+
+        # If it was a backup mount, reload backups
+        if mount.usage == MountUsage.BACKUP:
+            self.sys_create_task(self.sys_backups.reload())
+
+        self.sys_mounts.save_data()
+
+    @api_process
+    async def reload_mount(self, request: web.Request) -> None:
+        """Reload an existing mount in supervisor."""
+        name = request.match_info.get("mount")
+        await self.sys_mounts.reload_mount(name)
+
+        # If it's a backup mount, reload backups
+        if self.sys_mounts.get(name).usage == MountUsage.BACKUP:
+            self.sys_create_task(self.sys_backups.reload())

supervisor/api/multicast.py

@@ -1,7 +1,8 @@
 """Init file for Supervisor Multicast RESTful API."""
 import asyncio
+from collections.abc import Awaitable
 import logging
-from typing import Any, Awaitable
+from typing import Any
 
 from aiohttp import web
 import voluptuous as vol

supervisor/api/network.py

@@ -1,7 +1,8 @@
 """REST API for network."""
 import asyncio
+from collections.abc import Awaitable
 from ipaddress import ip_address, ip_interface
-from typing import Any, Awaitable
+from typing import Any
 
 from aiohttp import web
 import attr

supervisor/api/os.py

@@ -1,8 +1,8 @@
 """Init file for Supervisor HassOS RESTful API."""
 import asyncio
+from collections.abc import Awaitable
 import logging
-from pathlib import Path
-from typing import Any, Awaitable
+from typing import Any
 
 from aiohttp import web
 import voluptuous as vol
@@ -11,19 +11,44 @@ from ..const import (
     ATTR_BOARD,
     ATTR_BOOT,
     ATTR_DEVICES,
+    ATTR_ID,
+    ATTR_NAME,
+    ATTR_SERIAL,
+    ATTR_SIZE,
     ATTR_UPDATE_AVAILABLE,
     ATTR_VERSION,
     ATTR_VERSION_LATEST,
 )
 from ..coresys import CoreSysAttributes
+from ..exceptions import BoardInvalidError
+from ..resolution.const import ContextType, IssueType, SuggestionType
 from ..validate import version_tag
-from .const import ATTR_DATA_DISK, ATTR_DEVICE
+from .const import (
+    ATTR_DATA_DISK,
+    ATTR_DEV_PATH,
+    ATTR_DEVICE,
+    ATTR_DISK_LED,
+    ATTR_DISKS,
+    ATTR_HEARTBEAT_LED,
+    ATTR_MODEL,
+    ATTR_POWER_LED,
+    ATTR_VENDOR,
+)
 from .utils import api_process, api_validate
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 
 SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): version_tag})
-SCHEMA_DISK = vol.Schema({vol.Required(ATTR_DEVICE): vol.All(str, vol.Coerce(Path))})
+SCHEMA_DISK = vol.Schema({vol.Required(ATTR_DEVICE): str})
+
+# pylint: disable=no-value-for-parameter
+SCHEMA_YELLOW_OPTIONS = vol.Schema(
+    {
+        vol.Optional(ATTR_DISK_LED): vol.Boolean(),
+        vol.Optional(ATTR_HEARTBEAT_LED): vol.Boolean(),
+        vol.Optional(ATTR_POWER_LED): vol.Boolean(),
+    }
+)
 
 
 class APIOS(CoreSysAttributes):
@@ -38,7 +63,7 @@ class APIOS(CoreSysAttributes):
             ATTR_UPDATE_AVAILABLE: self.sys_os.need_update,
             ATTR_BOARD: self.sys_os.board,
             ATTR_BOOT: self.sys_dbus.rauc.boot_slot,
-            ATTR_DATA_DISK: self.sys_os.datadisk.disk_used,
+            ATTR_DATA_DISK: self.sys_os.datadisk.disk_used_id,
         }
 
     @api_process
@@ -65,5 +90,56 @@ class APIOS(CoreSysAttributes):
     async def list_data(self, request: web.Request) -> dict[str, Any]:
         """Return possible data targets."""
         return {
-            ATTR_DEVICES: self.sys_os.datadisk.available_disks,
+            ATTR_DEVICES: [disk.id for disk in self.sys_os.datadisk.available_disks],
+            ATTR_DISKS: [
+                {
+                    ATTR_NAME: disk.name,
+                    ATTR_VENDOR: disk.vendor,
+                    ATTR_MODEL: disk.model,
+                    ATTR_SERIAL: disk.serial,
+                    ATTR_SIZE: disk.size,
+                    ATTR_ID: disk.id,
+                    ATTR_DEV_PATH: disk.device_path.as_posix(),
+                }
+                for disk in self.sys_os.datadisk.available_disks
+            ],
         }
+
+    @api_process
+    async def boards_yellow_info(self, request: web.Request) -> dict[str, Any]:
+        """Get yellow board settings."""
+        return {
+            ATTR_DISK_LED: self.sys_dbus.agent.board.yellow.disk_led,
+            ATTR_HEARTBEAT_LED: self.sys_dbus.agent.board.yellow.heartbeat_led,
+            ATTR_POWER_LED: self.sys_dbus.agent.board.yellow.power_led,
+        }
+
+    @api_process
+    async def boards_yellow_options(self, request: web.Request) -> None:
+        """Update yellow board settings."""
+        body = await api_validate(SCHEMA_YELLOW_OPTIONS, request)
+
+        if ATTR_DISK_LED in body:
+            self.sys_dbus.agent.board.yellow.disk_led = body[ATTR_DISK_LED]
+
+        if ATTR_HEARTBEAT_LED in body:
+            self.sys_dbus.agent.board.yellow.heartbeat_led = body[ATTR_HEARTBEAT_LED]
+
+        if ATTR_POWER_LED in body:
+            self.sys_dbus.agent.board.yellow.power_led = body[ATTR_POWER_LED]
+
+        self.sys_resolution.create_issue(
+            IssueType.REBOOT_REQUIRED,
+            ContextType.SYSTEM,
+            suggestions=[SuggestionType.EXECUTE_REBOOT],
+        )
+
+    @api_process
+    async def boards_other_info(self, request: web.Request) -> dict[str, Any]:
+        """Empty success return if board is in use, error otherwise."""
+        if request.match_info["board"] != self.sys_os.board:
+            raise BoardInvalidError(
+                f"{request.match_info['board']} board is not in use", _LOGGER.error
+            )
+
+        return {}

supervisor/api/panel/entrypoint.js

@@ -1,16 +1 @@
-
-function loadES5() {
-  var el = document.createElement('script');
-  el.src = '/api/hassio/app/frontend_es5/entrypoint.169d7fb4.js';
-  document.body.appendChild(el);
-}
-if (/.*Version\/(?:11|12)(?:\.\d+)*.*Safari\//.test(navigator.userAgent)) {
-    loadES5();
-} else {
-  try {
-    new Function("import('/api/hassio/app/frontend_latest/entrypoint.24687610.js')")();
-  } catch (err) {
-    loadES5();
-  }
-}
-  
+!function(){function n(n){var t=document.createElement("script");t.src=n,document.body.appendChild(t)}if(/.*Version\/(?:11|12)(?:\.\d+)*.*Safari\//.test(navigator.userAgent))n("/api/hassio/app/frontend_es5/entrypoint-NoHhvMA3Ku8.js");else try{new Function("import('/api/hassio/app/frontend_latest/entrypoint-G81gb268sps.js')")()}catch(t){n("/api/hassio/app/frontend_es5/entrypoint-NoHhvMA3Ku8.js")}}()

supervisor/api/panel/frontend_es5/0d47fc56.js

@@ -1 +0,0 @@
-!function(){"use strict";var t,n,e={14971:function(t,n,e){var r,i,o=e(93217),u=e(69330),a=(e(58556),e(62173)),c=function(t,n,e){if("input"===t){if("type"===n&&"checkbox"===e||"checked"===n||"disabled"===n)return;return""}},f={renderMarkdown:function(t,n){var e,o=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{};return r||(r=Object.assign({},(0,a.getDefaultWhiteList)(),{input:["type","disabled","checked"],"ha-icon":["icon"],"ha-svg-icon":["path"],"ha-alert":["alert-type","title"]})),o.allowSvg?(i||(i=Object.assign({},r,{svg:["xmlns","height","width"],path:["transform","stroke","d"],img:["src"]})),e=i):e=r,(0,a.filterXSS)((0,u.TU)(t,n),{whiteList:e,onTagAttr:c})}};(0,o.Jj)(f)}},r={};function i(t){var n=r[t];if(void 0!==n)return n.exports;var o=r[t]={exports:{}};return e[t](o,o.exports,i),o.exports}i.m=e,i.x=function(){var t=i.O(void 0,[191,752],(function(){return i(14971)}));return t=i.O(t)},t=[],i.O=function(n,e,r,o){if(!e){var u=1/0;for(s=0;s<t.length;s++){e=t[s][0],r=t[s][1],o=t[s][2];for(var a=!0,c=0;c<e.length;c++)(!1&o||u>=o)&&Object.keys(i.O).every((function(t){return i.O[t](e[c])}))?e.splice(c--,1):(a=!1,o<u&&(u=o));if(a){t.splice(s--,1);var f=r();void 0!==f&&(n=f)}}return n}o=o||0;for(var s=t.length;s>0&&t[s-1][2]>o;s--)t[s]=t[s-1];t[s]=[e,r,o]},i.n=function(t){var n=t&&t.__esModule?function(){return t.default}:function(){return t};return i.d(n,{a:n}),n},i.d=function(t,n){for(var e in n)i.o(n,e)&&!i.o(t,e)&&Object.defineProperty(t,e,{enumerable:!0,get:n[e]})},i.f={},i.e=function(t){return Promise.all(Object.keys(i.f).reduce((function(n,e){return i.f[e](t,n),n}),[]))},i.u=function(t){return{191:"2dbdaab4",752:"829db8ac"}[t]+".js"},i.o=function(t,n){return Object.prototype.hasOwnProperty.call(t,n)},i.p="/api/hassio/app/frontend_es5/",function(){var t={971:1};i.f.i=function(n,e){t[n]||importScripts(i.p+i.u(n))};var n=self.webpackChunkhome_assistant_frontend=self.webpackChunkhome_assistant_frontend||[],e=n.push.bind(n);n.push=function(n){var r=n[0],o=n[1],u=n[2];for(var a in o)i.o(o,a)&&(i.m[a]=o[a]);for(u&&u(i);r.length;)t[r.pop()]=1;e(n)}}(),n=i.x,i.x=function(){return Promise.all([i.e(191),i.e(752)]).then(n)};i.x()}();

supervisor/api/panel/frontend_es5/0ef95294.js.LICENSE.txt

@@ -1,14 +0,0 @@
-/*! *****************************************************************************
-Copyright (c) Microsoft Corporation. All rights reserved.
-Licensed under the Apache License, Version 2.0 (the "License"); you may not use
-this file except in compliance with the License. You may obtain a copy of the
-License at http://www.apache.org/licenses/LICENSE-2.0
-
-THIS CODE IS PROVIDED ON AN *AS IS* BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-KIND, EITHER EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION ANY IMPLIED
-WARRANTIES OR CONDITIONS OF TITLE, FITNESS FOR A PARTICULAR PURPOSE,
-MERCHANTABLITY OR NON-INFRINGEMENT.
-
-See the Apache Version 2.0 License for specific language governing permissions
-and limitations under the License.
-***************************************************************************** */

supervisor/api/panel/frontend_es5/1047-g7fFLS9eP4I.js

@@ -0,0 +1,2 @@
+"use strict";(self.webpackChunkhome_assistant_frontend=self.webpackChunkhome_assistant_frontend||[]).push([[1047],{32594:function(e,t,r){r.d(t,{U:function(){return n}});var n=function(e){return e.stopPropagation()}},75054:function(e,t,r){r.r(t),r.d(t,{HaTimeDuration:function(){return f}});var n,a=r(88962),i=r(33368),o=r(71650),d=r(82390),u=r(69205),l=r(70906),s=r(91808),c=r(68144),v=r(79932),f=(r(47289),(0,s.Z)([(0,v.Mo)("ha-selector-duration")],(function(e,t){var r=function(t){(0,u.Z)(n,t);var r=(0,l.Z)(n);function n(){var t;(0,o.Z)(this,n);for(var a=arguments.length,i=new Array(a),u=0;u<a;u++)i[u]=arguments[u];return t=r.call.apply(r,[this].concat(i)),e((0,d.Z)(t)),t}return(0,i.Z)(n)}(t);return{F:r,d:[{kind:"field",decorators:[(0,v.Cb)({attribute:!1})],key:"hass",value:void 0},{kind:"field",decorators:[(0,v.Cb)({attribute:!1})],key:"selector",value:void 0},{kind:"field",decorators:[(0,v.Cb)({attribute:!1})],key:"value",value:void 0},{kind:"field",decorators:[(0,v.Cb)()],key:"label",value:void 0},{kind:"field",decorators:[(0,v.Cb)()],key:"helper",value:void 0},{kind:"field",decorators:[(0,v.Cb)({type:Boolean})],key:"disabled",value:function(){return!1}},{kind:"field",decorators:[(0,v.Cb)({type:Boolean})],key:"required",value:function(){return!0}},{kind:"method",key:"render",value:function(){var e;return(0,c.dy)(n||(n=(0,a.Z)([' <ha-duration-input .label="','" .helper="','" .data="','" .disabled="','" .required="','" ?enableDay="','"></ha-duration-input> '])),this.label,this.helper,this.value,this.disabled,this.required,null===(e=this.selector.duration)||void 0===e?void 0:e.enable_day)}}]}}),c.oi))}}]);
+//# sourceMappingURL=1047-g7fFLS9eP4I.js.map

supervisor/api/panel/frontend_es5/1047-g7fFLS9eP4I.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"1047-g7fFLS9eP4I.js","mappings":"yKAAO,IAAMA,EAAkB,SAACC,GAAE,OAAKA,EAAGD,iBAAiB,C,qLCQ9CE,G,UAAcC,EAAAA,EAAAA,GAAA,EAD1BC,EAAAA,EAAAA,IAAc,0BAAuB,SAAAC,EAAAC,GAAA,IACzBJ,EAAc,SAAAK,IAAAC,EAAAA,EAAAA,GAAAN,EAAAK,GAAA,IAAAE,GAAAC,EAAAA,EAAAA,GAAAR,GAAA,SAAAA,IAAA,IAAAS,GAAAC,EAAAA,EAAAA,GAAA,KAAAV,GAAA,QAAAW,EAAAC,UAAAC,OAAAC,EAAA,IAAAC,MAAAJ,GAAAK,EAAA,EAAAA,EAAAL,EAAAK,IAAAF,EAAAE,GAAAJ,UAAAI,GAAA,OAAAP,EAAAF,EAAAU,KAAAC,MAAAX,EAAA,OAAAY,OAAAL,IAAAX,GAAAiB,EAAAA,EAAAA,GAAAX,IAAAA,CAAA,QAAAY,EAAAA,EAAAA,GAAArB,EAAA,EAAAI,GAAA,OAAAkB,EAAdtB,EAAcuB,EAAA,EAAAC,KAAA,QAAAC,WAAA,EACxBC,EAAAA,EAAAA,IAAS,CAAEC,WAAW,KAAQC,IAAA,OAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAE9BC,EAAAA,EAAAA,IAAS,CAAEC,WAAW,KAAQC,IAAA,WAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAE9BC,EAAAA,EAAAA,IAAS,CAAEC,WAAW,KAAQC,IAAA,QAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAE9BC,EAAAA,EAAAA,OAAUE,IAAA,QAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAEVC,EAAAA,EAAAA,OAAUE,IAAA,SAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAEVC,EAAAA,EAAAA,IAAS,CAAEI,KAAMC,WAAUH,IAAA,WAAAC,MAAA,kBAAmB,CAAK,IAAAL,KAAA,QAAAC,WAAA,EAEnDC,EAAAA,EAAAA,IAAS,CAAEI,KAAMC,WAAUH,IAAA,WAAAC,MAAA,kBAAmB,CAAI,IAAAL,KAAA,SAAAI,IAAA,SAAAC,MAEnD,WAAmB,IAAAG,EACjB,OAAOC,EAAAA,EAAAA,IAAIC,IAAAA,GAAAC,EAAAA,EAAAA,GAAA,wIAEEC,KAAKC,MACJD,KAAKE,OACPF,KAAKP,MACDO,KAAKG,SACLH,KAAKI,SACkB,QADVR,EACZI,KAAKK,SAASC,gBAAQ,IAAAV,OAAA,EAAtBA,EAAwBW,WAG3C,IAAC,GA1BiCC,EAAAA,I","sources":["https://raw.githubusercontent.com/home-assistant/frontend/20230601.0/src/common/dom/stop_propagation.ts","https://raw.githubusercontent.com/home-assistant/frontend/20230601.0/src/components/ha-selector/ha-selector-duration.ts"],"names":["stopPropagation","ev","HaTimeDuration","_decorate","customElement","_initialize","_LitElement","_LitElement2","_inherits","_super","_createSuper","_this","_classCallCheck","_len","arguments","length","args","Array","_key","call","apply","concat","_assertThisInitialized","_createClass","F","d","kind","decorators","property","attribute","key","value","type","Boolean","_this$selector$durati","html","_templateObject","_taggedTemplateLiteral","this","label","helper","disabled","required","selector","duration","enable_day","LitElement"],"sourceRoot":""}

supervisor/api/panel/frontend_es5/1639-fgyA7IMZpwQ.js

@@ -0,0 +1 @@
+"use strict";(self.webpackChunkhome_assistant_frontend=self.webpackChunkhome_assistant_frontend||[]).push([[1639],{71639:function(s){s.exports=[]}}]);

supervisor/api/panel/frontend_es5/16aa06d8.js

@@ -1 +0,0 @@
-"use strict";(self.webpackChunkhome_assistant_frontend=self.webpackChunkhome_assistant_frontend||[]).push([[639],{71639:function(s){s.exports=[]}}]);