Bump ruff from 0.11.5 to 0.11.6 (#5828)

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

.devcontainer/devcontainer.json

@@ -1,38 +1,51 @@
 {
   "name": "Supervisor dev",
-  "image": "ghcr.io/home-assistant/devcontainer:supervisor",
+  "image": "ghcr.io/home-assistant/devcontainer:2-supervisor",
   "containerEnv": {
     "WORKSPACE_DIRECTORY": "${containerWorkspaceFolder}"
   },
+  "remoteEnv": {
+    "PATH": "${containerEnv:VIRTUAL_ENV}/bin:${containerEnv:PATH}"
+  },
   "appPort": ["9123:8123", "7357:4357"],
-  "postCreateCommand": "bash devcontainer_bootstrap",
+  "postCreateCommand": "bash devcontainer_setup",
+  "postStartCommand": "bash devcontainer_bootstrap",
   "runArgs": ["-e", "GIT_EDITOR=code --wait", "--privileged"],
   "customizations": {
     "vscode": {
       "extensions": [
-        "ms-python.python",
+        "charliermarsh.ruff",
         "ms-python.pylint",
         "ms-python.vscode-pylance",
         "visualstudioexptteam.vscodeintellicode",
-        "esbenp.prettier-vscode"
+        "redhat.vscode-yaml",
+        "esbenp.prettier-vscode",
+        "GitHub.vscode-pull-request-github"
       ],
       "settings": {
+        "python.defaultInterpreterPath": "/home/vscode/.local/ha-venv/bin/python",
+        "python.pythonPath": "/home/vscode/.local/ha-venv/bin/python",
+        "python.terminal.activateEnvInCurrentTerminal": true,
+        "python.testing.pytestArgs": ["--no-cov"],
+        "pylint.importStrategy": "fromEnvironment",
+        "editor.formatOnPaste": false,
+        "editor.formatOnSave": true,
+        "editor.formatOnType": true,
+        "files.trimTrailingWhitespace": true,
         "terminal.integrated.profiles.linux": {
           "zsh": {
             "path": "/usr/bin/zsh"
           }
         },
         "terminal.integrated.defaultProfile.linux": "zsh",
-        "editor.formatOnPaste": false,
-        "editor.formatOnSave": true,
-        "editor.formatOnType": true,
-        "files.trimTrailingWhitespace": true,
-        "python.pythonPath": "/usr/local/bin/python3",
-        "python.formatting.provider": "black",
-        "python.formatting.blackArgs": ["--target-version", "py311"],
-        "python.formatting.blackPath": "/usr/local/bin/black"
+        "[python]": {
+          "editor.defaultFormatter": "charliermarsh.ruff"
+        }
       }
     }
   },
-  "mounts": ["type=volume,target=/var/lib/docker"]
+  "mounts": [
+    "type=volume,target=/var/lib/docker",
+    "type=volume,target=/mnt/supervisor"
+  ]
 }

.github/ISSUE_TEMPLATE/bug_report.yml

@@ -26,7 +26,7 @@ body:
     attributes:
       label: What type of installation are you running?
       description: >
-        If you don't know, can be found in [Settings -> System -> Repairs -> System Information](https://my.home-assistant.io/redirect/system_health/).
+        If you don't know, can be found in [Settings -> System -> Repairs -> (three dot menu) -> System Information](https://my.home-assistant.io/redirect/system_health/).
         It is listed as the `Installation Type` value.
       options:
         - Home Assistant OS
@@ -72,9 +72,9 @@ body:
     validations:
       required: true
     attributes:
-      label: System Health information
+      label: System information
       description: >
-        System Health information can be found in the top right menu in [Settings -> System -> Repairs](https://my.home-assistant.io/redirect/repairs/).
+        The System information can be found in [Settings -> System -> Repairs -> (three dot menu) -> System Information](https://my.home-assistant.io/redirect/system_health/).
         Click the copy button at the bottom of the pop-up and paste it here.
         
         [![Open your Home Assistant instance and show health information about your system.](https://my.home-assistant.io/badges/system_health.svg)](https://my.home-assistant.io/redirect/system_health/)
@@ -83,8 +83,9 @@ body:
       label: Supervisor diagnostics
       placeholder: "drag-and-drop the diagnostics data file here (do not copy-and-paste the content)"
       description: >-
-        Supervisor diagnostics can be found in [Settings -> Integrations](https://my.home-assistant.io/redirect/integrations/).
-        Find the card that says `Home Assistant Supervisor`, open its menu and select 'Download diagnostics'.
+        Supervisor diagnostics can be found in [Settings -> Devices & services](https://my.home-assistant.io/redirect/integrations/).
+        Find the card that says `Home Assistant Supervisor`, open it, and select the three dot menu of the Supervisor integration entry
+        and select 'Download diagnostics'.
         
         **Please drag-and-drop the downloaded file into the textbox below. Do not copy and paste its contents.**
   - type: textarea

.github/PULL_REQUEST_TEMPLATE.md

@@ -38,6 +38,7 @@
 - This PR is related to issue:
 - Link to documentation pull request:
 - Link to cli pull request:
+- Link to client library pull request:
 
 ## Checklist
 
@@ -52,12 +53,14 @@
 - [ ] Local tests pass. **Your PR cannot be merged unless tests pass**
 - [ ] There is no commented out code in this PR.
 - [ ] I have followed the [development checklist][dev-checklist]
-- [ ] The code has been formatted using Black (`black --fast supervisor tests`)
+- [ ] The code has been formatted using Ruff (`ruff format supervisor tests`)
 - [ ] Tests have been added to verify that the new code works.
 
-If API endpoints of add-on configuration are added/changed:
+If API endpoints or add-on configuration are added/changed:
 
 - [ ] Documentation added/updated for [developers.home-assistant.io][docs-repository]
+- [ ] [CLI][cli-repository] updated (if necessary)
+- [ ] [Client library][client-library-repository] updated (if necessary)
 
 <!--
   Thank you for contributing <3
@@ -67,3 +70,5 @@ If API endpoints of add-on configuration are added/changed:
 
 [dev-checklist]: https://developers.home-assistant.io/docs/en/development_checklist.html
 [docs-repository]: https://github.com/home-assistant/developers.home-assistant
+[cli-repository]: https://github.com/home-assistant/cli
+[client-library-repository]: https://github.com/home-assistant-libs/python-supervisor-client/

.github/workflows/builder.yml

@@ -33,7 +33,7 @@ on:
       - setup.py
 
 env:
-  DEFAULT_PYTHON: "3.11"
+  DEFAULT_PYTHON: "3.13"
   BUILD_NAME: supervisor
   BUILD_TYPE: supervisor
 
@@ -53,7 +53,7 @@ jobs:
       requirements: ${{ steps.requirements.outputs.changed }}
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@v4.2.2
         with:
           fetch-depth: 0
 
@@ -75,7 +75,7 @@ jobs:
       - name: Check if requirements files changed
         id: requirements
         run: |
-          if [[ "${{ steps.changed_files.outputs.all }}" =~ (requirements.txt|build.json) ]]; then
+          if [[ "${{ steps.changed_files.outputs.all }}" =~ (requirements.txt|build.yaml) ]]; then
             echo "changed=true" >> "$GITHUB_OUTPUT"
           fi
 
@@ -92,7 +92,7 @@ jobs:
         arch: ${{ fromJson(needs.init.outputs.architectures) }}
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@v4.2.2
         with:
           fetch-depth: 0
 
@@ -106,9 +106,9 @@ jobs:
 
       - name: Build wheels
         if: needs.init.outputs.requirements == 'true'
-        uses: home-assistant/wheels@2023.10.5
+        uses: home-assistant/wheels@2025.03.0
         with:
-          abi: cp311
+          abi: cp313
           tag: musllinux_1_2
           arch: ${{ matrix.arch }}
           wheels-key: ${{ secrets.WHEELS_KEY }}
@@ -125,20 +125,20 @@ jobs:
 
       - name: Set up Python ${{ env.DEFAULT_PYTHON }}
         if: needs.init.outputs.publish == 'true'
-        uses: actions/setup-python@v5.0.0
+        uses: actions/setup-python@v5.5.0
         with:
           python-version: ${{ env.DEFAULT_PYTHON }}
 
       - name: Install Cosign
         if: needs.init.outputs.publish == 'true'
-        uses: sigstore/cosign-installer@v3.3.0
+        uses: sigstore/cosign-installer@v3.8.1
         with:
-          cosign-release: "v2.0.2"
+          cosign-release: "v2.4.0"
 
       - name: Install dirhash and calc hash
         if: needs.init.outputs.publish == 'true'
         run: |
-          pip3 install dirhash
+          pip3 install setuptools dirhash
           dir_hash="$(dirhash "${{ github.workspace }}/supervisor" -a sha256 --match "*.py")"
           echo "${dir_hash}" > rootfs/supervisor.sha256
 
@@ -149,7 +149,7 @@ jobs:
 
       - name: Login to GitHub Container Registry
         if: needs.init.outputs.publish == 'true'
-        uses: docker/login-action@v3.0.0
+        uses: docker/login-action@v3.4.0
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
@@ -160,7 +160,7 @@ jobs:
         run: echo "BUILD_ARGS=--test" >> $GITHUB_ENV
 
       - name: Build supervisor
-        uses: home-assistant/builder@2023.12.0
+        uses: home-assistant/builder@2025.03.0
         with:
           args: |
             $BUILD_ARGS \
@@ -178,7 +178,7 @@ jobs:
     steps:
       - name: Checkout the repository
         if: needs.init.outputs.publish == 'true'
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@v4.2.2
 
       - name: Initialize git
         if: needs.init.outputs.publish == 'true'
@@ -203,11 +203,11 @@ jobs:
     timeout-minutes: 60
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@v4.2.2
 
       - name: Build the Supervisor
         if: needs.init.outputs.publish != 'true'
-        uses: home-assistant/builder@2023.12.0
+        uses: home-assistant/builder@2025.03.0
         with:
           args: |
             --test \

.github/workflows/ci.yaml

@@ -8,7 +8,7 @@ on:
   pull_request: ~
 
 env:
-  DEFAULT_PYTHON: "3.11"
+  DEFAULT_PYTHON: "3.13"
   PRE_COMMIT_CACHE: ~/.cache/pre-commit
 
 concurrency:
@@ -25,15 +25,15 @@ jobs:
     name: Prepare Python dependencies
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@v4.2.2
       - name: Set up Python
         id: python
-        uses: actions/setup-python@v5.0.0
+        uses: actions/setup-python@v5.5.0
         with:
           python-version: ${{ env.DEFAULT_PYTHON }}
       - name: Restore Python virtual environment
         id: cache-venv
-        uses: actions/cache@v3.3.2
+        uses: actions/cache@v4.2.3
         with:
           path: venv
           key: |
@@ -47,7 +47,7 @@ jobs:
           pip install -r requirements.txt -r requirements_tests.txt
       - name: Restore pre-commit environment from cache
         id: cache-precommit
-        uses: actions/cache@v3.3.2
+        uses: actions/cache@v4.2.3
         with:
           path: ${{ env.PRE_COMMIT_CACHE }}
           lookup-only: true
@@ -61,21 +61,21 @@ jobs:
           . venv/bin/activate
           pre-commit install-hooks
 
-  lint-black:
-    name: Check black
+  lint-ruff-format:
+    name: Check ruff-format
     runs-on: ubuntu-latest
     needs: prepare
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@v4.2.2
       - name: Set up Python ${{ needs.prepare.outputs.python-version }}
-        uses: actions/setup-python@v5.0.0
+        uses: actions/setup-python@v5.5.0
         id: python
         with:
           python-version: ${{ needs.prepare.outputs.python-version }}
       - name: Restore Python virtual environment
         id: cache-venv
-        uses: actions/cache@v3.3.2
+        uses: actions/cache@v4.2.3
         with:
           path: venv
           key: |
@@ -85,10 +85,67 @@ jobs:
         run: |
           echo "Failed to restore Python virtual environment from cache"
           exit 1
-      - name: Run black
+      - name: Restore pre-commit environment from cache
+        id: cache-precommit
+        uses: actions/cache@v4.2.3
+        with:
+          path: ${{ env.PRE_COMMIT_CACHE }}
+          key: |
+            ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
+      - name: Fail job if cache restore failed
+        if: steps.cache-venv.outputs.cache-hit != 'true'
+        run: |
+          echo "Failed to restore Python virtual environment from cache"
+          exit 1
+      - name: Run ruff-format
         run: |
           . venv/bin/activate
-          black --target-version py311 --check supervisor tests setup.py
+          pre-commit run --hook-stage manual ruff-format --all-files --show-diff-on-failure
+        env:
+          RUFF_OUTPUT_FORMAT: github
+
+  lint-ruff:
+    name: Check ruff
+    runs-on: ubuntu-latest
+    needs: prepare
+    steps:
+      - name: Check out code from GitHub
+        uses: actions/checkout@v4.2.2
+      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
+        uses: actions/setup-python@v5.5.0
+        id: python
+        with:
+          python-version: ${{ needs.prepare.outputs.python-version }}
+      - name: Restore Python virtual environment
+        id: cache-venv
+        uses: actions/cache@v4.2.3
+        with:
+          path: venv
+          key: |
+            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
+      - name: Fail job if Python cache restore failed
+        if: steps.cache-venv.outputs.cache-hit != 'true'
+        run: |
+          echo "Failed to restore Python virtual environment from cache"
+          exit 1
+      - name: Restore pre-commit environment from cache
+        id: cache-precommit
+        uses: actions/cache@v4.2.3
+        with:
+          path: ${{ env.PRE_COMMIT_CACHE }}
+          key: |
+            ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
+      - name: Fail job if cache restore failed
+        if: steps.cache-venv.outputs.cache-hit != 'true'
+        run: |
+          echo "Failed to restore Python virtual environment from cache"
+          exit 1
+      - name: Run ruff
+        run: |
+          . venv/bin/activate
+          pre-commit run --hook-stage manual ruff --all-files --show-diff-on-failure
+        env:
+          RUFF_OUTPUT_FORMAT: github
 
   lint-dockerfile:
     name: Check Dockerfile
@@ -96,7 +153,7 @@ jobs:
     needs: prepare
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@v4.2.2
       - name: Register hadolint problem matcher
         run: |
           echo "::add-matcher::.github/workflows/matchers/hadolint.json"
@@ -111,15 +168,15 @@ jobs:
     needs: prepare
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@v4.2.2
       - name: Set up Python ${{ needs.prepare.outputs.python-version }}
-        uses: actions/setup-python@v5.0.0
+        uses: actions/setup-python@v5.5.0
         id: python
         with:
           python-version: ${{ needs.prepare.outputs.python-version }}
       - name: Restore Python virtual environment
         id: cache-venv
-        uses: actions/cache@v3.3.2
+        uses: actions/cache@v4.2.3
         with:
           path: venv
           key: |
@@ -131,7 +188,7 @@ jobs:
           exit 1
       - name: Restore pre-commit environment from cache
         id: cache-precommit
-        uses: actions/cache@v3.3.2
+        uses: actions/cache@v4.2.3
         with:
           path: ${{ env.PRE_COMMIT_CACHE }}
           key: |
@@ -149,94 +206,21 @@ jobs:
           . venv/bin/activate
           pre-commit run --hook-stage manual check-executables-have-shebangs --all-files
 
-  lint-flake8:
-    name: Check flake8
-    runs-on: ubuntu-latest
-    needs: prepare
-    steps:
-      - name: Check out code from GitHub
-        uses: actions/checkout@v4.1.1
-      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
-        uses: actions/setup-python@v5.0.0
-        id: python
-        with:
-          python-version: ${{ needs.prepare.outputs.python-version }}
-      - name: Restore Python virtual environment
-        id: cache-venv
-        uses: actions/cache@v3.3.2
-        with:
-          path: venv
-          key: |
-            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
-      - name: Fail job if Python cache restore failed
-        if: steps.cache-venv.outputs.cache-hit != 'true'
-        run: |
-          echo "Failed to restore Python virtual environment from cache"
-          exit 1
-      - name: Register flake8 problem matcher
-        run: |
-          echo "::add-matcher::.github/workflows/matchers/flake8.json"
-      - name: Run flake8
-        run: |
-          . venv/bin/activate
-          flake8 supervisor tests
-
-  lint-isort:
-    name: Check isort
-    runs-on: ubuntu-latest
-    needs: prepare
-    steps:
-      - name: Check out code from GitHub
-        uses: actions/checkout@v4.1.1
-      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
-        uses: actions/setup-python@v5.0.0
-        id: python
-        with:
-          python-version: ${{ needs.prepare.outputs.python-version }}
-      - name: Restore Python virtual environment
-        id: cache-venv
-        uses: actions/cache@v3.3.2
-        with:
-          path: venv
-          key: |
-            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
-      - name: Fail job if Python cache restore failed
-        if: steps.cache-venv.outputs.cache-hit != 'true'
-        run: |
-          echo "Failed to restore Python virtual environment from cache"
-          exit 1
-      - name: Restore pre-commit environment from cache
-        id: cache-precommit
-        uses: actions/cache@v3.3.2
-        with:
-          path: ${{ env.PRE_COMMIT_CACHE }}
-          key: |
-            ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
-      - name: Fail job if cache restore failed
-        if: steps.cache-venv.outputs.cache-hit != 'true'
-        run: |
-          echo "Failed to restore Python virtual environment from cache"
-          exit 1
-      - name: Run isort
-        run: |
-          . venv/bin/activate
-          pre-commit run --hook-stage manual isort --all-files --show-diff-on-failure
-
   lint-json:
     name: Check JSON
     runs-on: ubuntu-latest
     needs: prepare
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@v4.2.2
       - name: Set up Python ${{ needs.prepare.outputs.python-version }}
-        uses: actions/setup-python@v5.0.0
+        uses: actions/setup-python@v5.5.0
         id: python
         with:
           python-version: ${{ needs.prepare.outputs.python-version }}
       - name: Restore Python virtual environment
         id: cache-venv
-        uses: actions/cache@v3.3.2
+        uses: actions/cache@v4.2.3
         with:
           path: venv
           key: |
@@ -248,7 +232,7 @@ jobs:
           exit 1
       - name: Restore pre-commit environment from cache
         id: cache-precommit
-        uses: actions/cache@v3.3.2
+        uses: actions/cache@v4.2.3
         with:
           path: ${{ env.PRE_COMMIT_CACHE }}
           key: |
@@ -272,92 +256,15 @@ jobs:
     needs: prepare
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@v4.2.2
       - name: Set up Python ${{ needs.prepare.outputs.python-version }}
-        uses: actions/setup-python@v5.0.0
+        uses: actions/setup-python@v5.5.0
         id: python
         with:
           python-version: ${{ needs.prepare.outputs.python-version }}
       - name: Restore Python virtual environment
         id: cache-venv
-        uses: actions/cache@v3.3.2
-        with:
-          path: venv
-          key: |
-            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
-      - name: Fail job if Python cache restore failed
-        if: steps.cache-venv.outputs.cache-hit != 'true'
-        run: |
-          echo "Failed to restore Python virtual environment from cache"
-          exit 1
-      - name: Register pylint problem matcher
-        run: |
-          echo "::add-matcher::.github/workflows/matchers/pylint.json"
-      - name: Run pylint
-        run: |
-          . venv/bin/activate
-          pylint supervisor tests
-
-  lint-pyupgrade:
-    name: Check pyupgrade
-    runs-on: ubuntu-latest
-    needs: prepare
-    steps:
-      - name: Check out code from GitHub
-        uses: actions/checkout@v4.1.1
-      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
-        uses: actions/setup-python@v5.0.0
-        id: python
-        with:
-          python-version: ${{ needs.prepare.outputs.python-version }}
-      - name: Restore Python virtual environment
-        id: cache-venv
-        uses: actions/cache@v3.3.2
-        with:
-          path: venv
-          key: |
-            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
-      - name: Fail job if Python cache restore failed
-        if: steps.cache-venv.outputs.cache-hit != 'true'
-        run: |
-          echo "Failed to restore Python virtual environment from cache"
-          exit 1
-      - name: Restore pre-commit environment from cache
-        id: cache-precommit
-        uses: actions/cache@v3.3.2
-        with:
-          path: ${{ env.PRE_COMMIT_CACHE }}
-          key: |
-            ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
-      - name: Fail job if cache restore failed
-        if: steps.cache-venv.outputs.cache-hit != 'true'
-        run: |
-          echo "Failed to restore Python virtual environment from cache"
-          exit 1
-      - name: Run pyupgrade
-        run: |
-          . venv/bin/activate
-          pre-commit run --hook-stage manual pyupgrade --all-files --show-diff-on-failure
-
-  pytest:
-    runs-on: ubuntu-latest
-    needs: prepare
-    name: Run tests Python ${{ needs.prepare.outputs.python-version }}
-    steps:
-      - name: Check out code from GitHub
-        uses: actions/checkout@v4.1.1
-      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
-        uses: actions/setup-python@v5.0.0
-        id: python
-        with:
-          python-version: ${{ needs.prepare.outputs.python-version }}
-      - name: Install Cosign
-        uses: sigstore/cosign-installer@v3.3.0
-        with:
-          cosign-release: "v2.0.2"
-      - name: Restore Python virtual environment
-        id: cache-venv
-        uses: actions/cache@v3.3.2
+        uses: actions/cache@v4.2.3
         with:
           path: venv
           key: |
@@ -370,7 +277,47 @@ jobs:
       - name: Install additional system dependencies
         run: |
           sudo apt-get update
-          sudo apt-get install -y --no-install-recommends libpulse0 libudev1 dbus dbus-x11
+          sudo apt-get install -y --no-install-recommends libpulse0
+      - name: Register pylint problem matcher
+        run: |
+          echo "::add-matcher::.github/workflows/matchers/pylint.json"
+      - name: Run pylint
+        run: |
+          . venv/bin/activate
+          pylint supervisor tests
+
+  pytest:
+    runs-on: ubuntu-latest
+    needs: prepare
+    name: Run tests Python ${{ needs.prepare.outputs.python-version }}
+    steps:
+      - name: Check out code from GitHub
+        uses: actions/checkout@v4.2.2
+      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
+        uses: actions/setup-python@v5.5.0
+        id: python
+        with:
+          python-version: ${{ needs.prepare.outputs.python-version }}
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@v3.8.1
+        with:
+          cosign-release: "v2.4.0"
+      - name: Restore Python virtual environment
+        id: cache-venv
+        uses: actions/cache@v4.2.3
+        with:
+          path: venv
+          key: |
+            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
+      - name: Fail job if Python cache restore failed
+        if: steps.cache-venv.outputs.cache-hit != 'true'
+        run: |
+          echo "Failed to restore Python virtual environment from cache"
+          exit 1
+      - name: Install additional system dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y --no-install-recommends libpulse0 libudev1 dbus-daemon
       - name: Register Python problem matcher
         run: |
           echo "::add-matcher::.github/workflows/matchers/python.json"
@@ -392,10 +339,11 @@ jobs:
             -o console_output_style=count \
             tests
       - name: Upload coverage artifact
-        uses: actions/upload-artifact@v4.0.0
+        uses: actions/upload-artifact@v4.6.2
         with:
           name: coverage-${{ matrix.python-version }}
           path: .coverage
+          include-hidden-files: true
 
   coverage:
     name: Process test coverage
@@ -403,15 +351,15 @@ jobs:
     needs: ["pytest", "prepare"]
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@v4.2.2
       - name: Set up Python ${{ needs.prepare.outputs.python-version }}
-        uses: actions/setup-python@v5.0.0
+        uses: actions/setup-python@v5.5.0
         id: python
         with:
           python-version: ${{ needs.prepare.outputs.python-version }}
       - name: Restore Python virtual environment
         id: cache-venv
-        uses: actions/cache@v3.3.2
+        uses: actions/cache@v4.2.3
         with:
           path: venv
           key: |
@@ -422,7 +370,7 @@ jobs:
           echo "Failed to restore Python virtual environment from cache"
           exit 1
       - name: Download all coverage artifacts
-        uses: actions/download-artifact@v4.1.0
+        uses: actions/download-artifact@v4.2.1
       - name: Combine coverage results
         run: |
           . venv/bin/activate
@@ -430,4 +378,4 @@ jobs:
           coverage report
           coverage xml
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v3.1.4
+        uses: codecov/codecov-action@v5.4.2

.github/workflows/matchers/flake8.json

@@ -1,30 +0,0 @@
-{
-  "problemMatcher": [
-    {
-      "owner": "flake8-error",
-      "severity": "error",
-      "pattern": [
-        {
-          "regexp": "^(.*):(\\d+):(\\d+):\\s(E\\d{3}\\s.*)$",
-          "file": 1,
-          "line": 2,
-          "column": 3,
-          "message": 4
-        }
-      ]
-    },
-    {
-      "owner": "flake8-warning",
-      "severity": "warning",
-      "pattern": [
-        {
-          "regexp": "^(.*):(\\d+):(\\d+):\\s([CDFNW]\\d{3}\\s.*)$",
-          "file": 1,
-          "line": 2,
-          "column": 3,
-          "message": 4
-        }
-      ]
-    }
-  ]
-}

.github/workflows/release-drafter.yml

@@ -11,7 +11,7 @@ jobs:
     name: Release Drafter
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@v4.2.2
         with:
           fetch-depth: 0
 
@@ -36,7 +36,7 @@ jobs:
           echo "version=$datepre.$newpost" >> "$GITHUB_OUTPUT"
 
       - name: Run Release Drafter
-        uses: release-drafter/release-drafter@v5.25.0
+        uses: release-drafter/release-drafter@v6.1.0
         with:
           tag: ${{ steps.version.outputs.version }}
           name: ${{ steps.version.outputs.version }}

.github/workflows/sentry.yaml

@@ -10,9 +10,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v4.1.1
+        uses: actions/checkout@v4.2.2
       - name: Sentry Release
-        uses: getsentry/action-release@v1.6.0
+        uses: getsentry/action-release@v3.1.1
         env:
           SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
           SENTRY_ORG: ${{ secrets.SENTRY_ORG }}

.github/workflows/stale.yml

@@ -9,7 +9,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v9.0.0
+      - uses: actions/stale@v9.1.0
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           days-before-stale: 30

.github/workflows/update_frontend.yml

@@ -0,0 +1,82 @@
+name: Update frontend
+
+on:
+  schedule: # once a day
+    - cron: "0 0 * * *"
+  workflow_dispatch:
+
+jobs:
+  check-version:
+    runs-on: ubuntu-latest
+    outputs:
+      skip: ${{ steps.check_version.outputs.skip || steps.check_existing_pr.outputs.skip }}
+      current_version: ${{ steps.check_version.outputs.current_version }}
+      latest_version: ${{ steps.latest_frontend_version.outputs.latest_tag }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Get latest frontend release
+        id: latest_frontend_version
+        uses: abatilo/release-info-action@v1.3.3
+        with:
+          owner: home-assistant
+          repo: frontend
+      - name: Check if version is up to date
+        id: check_version
+        run: |
+          current_version="$(cat .ha-frontend-version)"
+          latest_version="${{ steps.latest_frontend_version.outputs.latest_tag }}"
+          echo "current_version=${current_version}" >> $GITHUB_OUTPUT
+          echo "LATEST_VERSION=${latest_version}" >> $GITHUB_ENV
+          if [[ ! "$current_version" < "$latest_version" ]]; then
+            echo "Frontend version is up to date"
+            echo "skip=true" >> $GITHUB_OUTPUT
+          fi
+      - name: Check if there is no open PR with this version
+        if: steps.check_version.outputs.skip != 'true'
+        id: check_existing_pr
+        env:
+          GH_TOKEN: ${{ github.token }}
+        run: |
+          PR=$(gh pr list --state open --base main --json title --search "Update frontend to version $LATEST_VERSION")
+          if [[ "$PR" != "[]" ]]; then
+            echo "Skipping - There is already a PR open for version $LATEST_VERSION"
+            echo "skip=true" >> $GITHUB_OUTPUT
+          fi
+  create-pr:
+    runs-on: ubuntu-latest
+    needs: check-version
+    if: needs.check-version.outputs.skip != 'true'
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+      - name: Clear www folder
+        run: |
+          rm -rf supervisor/api/panel/*
+      - name: Update version file
+        run: |
+          echo "${{ needs.check-version.outputs.latest_version }}" > .ha-frontend-version
+      - name: Download release assets
+        uses: robinraju/release-downloader@v1
+        with:
+          repository: 'home-assistant/frontend'
+          tag: ${{ needs.check-version.outputs.latest_version }}
+          fileName: home_assistant_frontend_supervisor-${{ needs.check-version.outputs.latest_version }}.tar.gz
+          extract: true
+          out-file-path: supervisor/api/panel/
+      - name: Remove release assets archive
+        run: |
+          rm -f supervisor/api/panel/home_assistant_frontend_supervisor-*.tar.gz
+      - name: Create PR
+        uses: peter-evans/create-pull-request@v7
+        with:
+          commit-message: "Update frontend to version ${{ needs.check-version.outputs.latest_version }}"
+          branch: autoupdate-frontend
+          base: main
+          draft: true
+          sign-commits: true
+          title: "Update frontend to version ${{ needs.check-version.outputs.latest_version }}"
+          body: >
+            Update frontend from ${{ needs.check-version.outputs.current_version }} to
+            [${{ needs.check-version.outputs.latest_version }}](https://github.com/home-assistant/frontend/releases/tag/${{ needs.check-version.outputs.latest_version }})
+

.gitmodules

@@ -1,4 +0,0 @@
-[submodule "home-assistant-polymer"]
-	path = home-assistant-polymer
-	url = https://github.com/home-assistant/home-assistant-polymer
-	branch = dev

.ha-frontend-version

@@ -0,0 +1 @@
+20250401.0

.pre-commit-config.yaml

@@ -1,34 +1,15 @@
 repos:
-  - repo: https://github.com/psf/black
-    rev: 23.1.0
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.9.1
     hooks:
-      - id: black
+      - id: ruff
         args:
-          - --safe
-          - --quiet
-          - --target-version
-          - py311
+          - --fix
+      - id: ruff-format
         files: ^((supervisor|tests)/.+)?[^/]+\.py$
-  - repo: https://github.com/PyCQA/flake8
-    rev: 6.0.0
-    hooks:
-      - id: flake8
-        additional_dependencies:
-          - flake8-docstrings==1.7.0
-          - pydocstyle==6.3.0
-        files: ^(supervisor|script|tests)/.+\.py$
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.3.0
+    rev: v5.0.0
     hooks:
       - id: check-executables-have-shebangs
         stages: [manual]
       - id: check-json
-  - repo: https://github.com/PyCQA/isort
-    rev: 5.12.0
-    hooks:
-      - id: isort
-  - repo: https://github.com/asottile/pyupgrade
-    rev: v3.15.0
-    hooks:
-      - id: pyupgrade
-        args: [--py311-plus]

.vscode/tasks.json

@@ -58,9 +58,23 @@
       "problemMatcher": []
     },
     {
-      "label": "Flake8",
+      "label": "Ruff Check",
       "type": "shell",
-      "command": "flake8 supervisor tests",
+      "command": "ruff check --fix supervisor tests",
+      "group": {
+        "kind": "test",
+        "isDefault": true
+      },
+      "presentation": {
+        "reveal": "always",
+        "panel": "new"
+      },
+      "problemMatcher": []
+    },
+    {
+      "label": "Ruff Format",
+      "type": "shell",
+      "command": "ruff format supervisor tests",
       "group": {
         "kind": "test",
         "isDefault": true

Dockerfile

@@ -4,11 +4,13 @@ FROM ${BUILD_FROM}
 ENV \
     S6_SERVICES_GRACETIME=10000 \
     SUPERVISOR_API=http://localhost \
-    CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1
+    CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1 \
+    UV_SYSTEM_PYTHON=true
 
 ARG \
     COSIGN_VERSION \
-    BUILD_ARCH
+    BUILD_ARCH \
+    QEMU_CPU
 
 # Install base
 WORKDIR /usr/src
@@ -26,20 +28,24 @@ RUN \
         yaml \
     \
     && curl -Lso /usr/bin/cosign "https://github.com/home-assistant/cosign/releases/download/${COSIGN_VERSION}/cosign_${BUILD_ARCH}" \
-    && chmod a+x /usr/bin/cosign
+    && chmod a+x /usr/bin/cosign \
+    && pip3 install uv==0.6.1
 
 # Install requirements
 COPY requirements.txt .
 RUN \
-    export MAKEFLAGS="-j$(nproc)" \
-    && pip3 install --only-binary=:all: \
-        -r ./requirements.txt \
+    if [ "${BUILD_ARCH}" = "i386" ]; then \
+        setarch="linux32"; \
+    else \
+        setarch=""; \
+    fi \
+    && ${setarch} uv pip install --compile-bytecode --no-cache --no-build -r requirements.txt \
     && rm -f requirements.txt
 
 # Install Home Assistant Supervisor
 COPY . supervisor
 RUN \
-    pip3 install -e ./supervisor \
+    uv pip install --no-cache -e ./supervisor \
     && python3 -m compileall ./supervisor/supervisor
 
 

README.md

@@ -30,3 +30,5 @@ Releases are done in 3 stages (channels) with this structure:
 
 [development]: https://developers.home-assistant.io/docs/supervisor/development
 [stable]: https://github.com/home-assistant/version/blob/master/stable.json
+
+[![Home Assistant - A project from the Open Home Foundation](https://www.openhomefoundation.org/badges/home-assistant.png)](https://www.openhomefoundation.org/)

build.yaml

@@ -1,10 +1,10 @@
 image: ghcr.io/home-assistant/{arch}-hassio-supervisor
 build_from:
-  aarch64: ghcr.io/home-assistant/aarch64-base-python:3.11-alpine3.18
-  armhf: ghcr.io/home-assistant/armhf-base-python:3.11-alpine3.18
-  armv7: ghcr.io/home-assistant/armv7-base-python:3.11-alpine3.18
-  amd64: ghcr.io/home-assistant/amd64-base-python:3.11-alpine3.18
-  i386: ghcr.io/home-assistant/i386-base-python:3.11-alpine3.18
+  aarch64: ghcr.io/home-assistant/aarch64-base-python:3.13-alpine3.21
+  armhf: ghcr.io/home-assistant/armhf-base-python:3.13-alpine3.21
+  armv7: ghcr.io/home-assistant/armv7-base-python:3.13-alpine3.21
+  amd64: ghcr.io/home-assistant/amd64-base-python:3.13-alpine3.21
+  i386: ghcr.io/home-assistant/i386-base-python:3.13-alpine3.21
 codenotary:
   signer: notary@home-assistant.io
   base_image: notary@home-assistant.io
@@ -12,7 +12,7 @@ cosign:
   base_identity: https://github.com/home-assistant/docker-base/.*
   identity: https://github.com/home-assistant/supervisor/.*
 args:
-  COSIGN_VERSION: 2.0.2
+  COSIGN_VERSION: 2.4.0
 labels:
   io.hass.type: supervisor
   org.opencontainers.image.title: Home Assistant Supervisor

home-assistant-polymer

@@ -1 +0,0 @@
-Subproject commit 9d457d52e80fc936491f0e8ece773d90748889c4

pylintrc

@@ -1,45 +0,0 @@
-[MASTER]
-reports=no
-jobs=2
-
-good-names=id,i,j,k,ex,Run,_,fp,T,os
-
-extension-pkg-whitelist=
-  ciso8601
-
-# Reasons disabled:
-# format - handled by black
-# locally-disabled - it spams too much
-# duplicate-code - unavoidable
-# cyclic-import - doesn't test if both import on load
-# abstract-class-not-used - is flaky, should not show up but does
-# unused-argument - generic callbacks and setup methods create a lot of warnings
-# too-many-* - are not enforced for the sake of readability
-# too-few-* - same as too-many-*
-# abstract-method - with intro of async there are always methods missing
-disable=
-  format,
-  abstract-method,
-  cyclic-import,
-  duplicate-code,
-  locally-disabled,
-  no-else-return,
-  not-context-manager,
-  too-few-public-methods,
-  too-many-arguments,
-  too-many-branches,
-  too-many-instance-attributes,
-  too-many-lines,
-  too-many-locals,
-  too-many-public-methods,
-  too-many-return-statements,
-  too-many-statements,
-  unused-argument,
-  consider-using-with
-
-[EXCEPTIONS]
-overgeneral-exceptions=builtins.Exception
-
-
-[TYPECHECK]
-ignored-modules = distutils

pyproject.toml

@@ -0,0 +1,374 @@
+[build-system]
+requires = ["setuptools~=78.1.0", "wheel~=0.46.1"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "Supervisor"
+dynamic = ["version", "dependencies"]
+license = { text = "Apache-2.0" }
+description = "Open-source private cloud os for Home-Assistant based on HassOS"
+readme = "README.md"
+authors = [
+    { name = "The Home Assistant Authors", email = "hello@home-assistant.io" },
+]
+keywords = ["docker", "home-assistant", "api"]
+requires-python = ">=3.13.0"
+
+[project.urls]
+"Homepage" = "https://www.home-assistant.io/"
+"Source Code" = "https://github.com/home-assistant/supervisor"
+"Bug Reports" = "https://github.com/home-assistant/supervisor/issues"
+"Docs: Dev" = "https://developers.home-assistant.io/"
+"Discord" = "https://www.home-assistant.io/join-chat/"
+"Forum" = "https://community.home-assistant.io/"
+
+[tool.setuptools]
+platforms = ["any"]
+zip-safe = false
+include-package-data = true
+
+[tool.setuptools.packages.find]
+include = ["supervisor*"]
+
+[tool.pylint.MAIN]
+py-version = "3.13"
+# Use a conservative default here; 2 should speed up most setups and not hurt
+# any too bad. Override on command line as appropriate.
+jobs = 2
+persistent = false
+extension-pkg-allow-list = ["ciso8601"]
+
+[tool.pylint.BASIC]
+class-const-naming-style = "any"
+good-names = ["id", "i", "j", "k", "ex", "Run", "_", "fp", "T", "os"]
+
+[tool.pylint."MESSAGES CONTROL"]
+# Reasons disabled:
+# format - handled by ruff
+# abstract-method - with intro of async there are always methods missing
+# cyclic-import - doesn't test if both import on load
+# duplicate-code - unavoidable
+# locally-disabled - it spams too much
+# too-many-* - are not enforced for the sake of readability
+# too-few-* - same as too-many-*
+# unused-argument - generic callbacks and setup methods create a lot of warnings
+disable = [
+    "format",
+    "abstract-method",
+    "cyclic-import",
+    "duplicate-code",
+    "locally-disabled",
+    "no-else-return",
+    "not-context-manager",
+    "too-few-public-methods",
+    "too-many-arguments",
+    "too-many-branches",
+    "too-many-instance-attributes",
+    "too-many-lines",
+    "too-many-locals",
+    "too-many-public-methods",
+    "too-many-return-statements",
+    "too-many-statements",
+    "unused-argument",
+    "consider-using-with",
+
+    # Handled by ruff
+    # Ref: <https://github.com/astral-sh/ruff/issues/970>
+    "await-outside-async",    # PLE1142
+    "bad-str-strip-call",     # PLE1310
+    "bad-string-format-type", # PLE1307
+    "bidirectional-unicode",  # PLE2502
+    "continue-in-finally",    # PLE0116
+    "duplicate-bases",        # PLE0241
+    "format-needs-mapping",   # F502
+    "function-redefined",     # F811
+    # Needed because ruff does not understand type of __all__ generated by a function
+    # "invalid-all-format", # PLE0605
+    "invalid-all-object",                 # PLE0604
+    "invalid-character-backspace",        # PLE2510
+    "invalid-character-esc",              # PLE2513
+    "invalid-character-nul",              # PLE2514
+    "invalid-character-sub",              # PLE2512
+    "invalid-character-zero-width-space", # PLE2515
+    "logging-too-few-args",               # PLE1206
+    "logging-too-many-args",              # PLE1205
+    "missing-format-string-key",          # F524
+    "mixed-format-string",                # F506
+    "no-method-argument",                 # N805
+    "no-self-argument",                   # N805
+    "nonexistent-operator",               # B002
+    "nonlocal-without-binding",           # PLE0117
+    "not-in-loop",                        # F701, F702
+    "notimplemented-raised",              # F901
+    "return-in-init",                     # PLE0101
+    "return-outside-function",            # F706
+    "syntax-error",                       # E999
+    "too-few-format-args",                # F524
+    "too-many-format-args",               # F522
+    "too-many-star-expressions",          # F622
+    "truncated-format-string",            # F501
+    "undefined-all-variable",             # F822
+    "undefined-variable",                 # F821
+    "used-prior-global-declaration",      # PLE0118
+    "yield-inside-async-function",        # PLE1700
+    "yield-outside-function",             # F704
+    "anomalous-backslash-in-string",      # W605
+    "assert-on-string-literal",           # PLW0129
+    "assert-on-tuple",                    # F631
+    "bad-format-string",                  # W1302, F
+    "bad-format-string-key",              # W1300, F
+    "bare-except",                        # E722
+    "binary-op-exception",                # PLW0711
+    "cell-var-from-loop",                 # B023
+    # "dangerous-default-value", # B006, ruff catches new occurrences, needs more work
+    "duplicate-except",                     # B014
+    "duplicate-key",                        # F601
+    "duplicate-string-formatting-argument", # F
+    "duplicate-value",                      # F
+    "eval-used",                            # PGH001
+    "exec-used",                            # S102
+    # "expression-not-assigned", # B018, ruff catches new occurrences, needs more work
+    "f-string-without-interpolation",      # F541
+    "forgotten-debug-statement",           # T100
+    "format-string-without-interpolation", # F
+    # "global-statement", # PLW0603, ruff catches new occurrences, needs more work
+    "global-variable-not-assigned",  # PLW0602
+    "implicit-str-concat",           # ISC001
+    "import-self",                   # PLW0406
+    "inconsistent-quotes",           # Q000
+    "invalid-envvar-default",        # PLW1508
+    "keyword-arg-before-vararg",     # B026
+    "logging-format-interpolation",  # G
+    "logging-fstring-interpolation", # G
+    "logging-not-lazy",              # G
+    "misplaced-future",              # F404
+    "named-expr-without-context",    # PLW0131
+    "nested-min-max",                # PLW3301
+    # "pointless-statement", # B018, ruff catches new occurrences, needs more work
+    "raise-missing-from", # TRY200
+    # "redefined-builtin", # A001, ruff is way more stricter, needs work
+    "try-except-raise",               # TRY203
+    "unused-argument",                # ARG001, we don't use it
+    "unused-format-string-argument",  #F507
+    "unused-format-string-key",       # F504
+    "unused-import",                  # F401
+    "unused-variable",                # F841
+    "useless-else-on-loop",           # PLW0120
+    "wildcard-import",                # F403
+    "bad-classmethod-argument",       # N804
+    "consider-iterating-dictionary",  # SIM118
+    "empty-docstring",                # D419
+    "invalid-name",                   # N815
+    "line-too-long",                  # E501, disabled globally
+    "missing-class-docstring",        # D101
+    "missing-final-newline",          # W292
+    "missing-function-docstring",     # D103
+    "missing-module-docstring",       # D100
+    "multiple-imports",               #E401
+    "singleton-comparison",           # E711, E712
+    "subprocess-run-check",           # PLW1510
+    "superfluous-parens",             # UP034
+    "ungrouped-imports",              # I001
+    "unidiomatic-typecheck",          # E721
+    "unnecessary-direct-lambda-call", # PLC3002
+    "unnecessary-lambda-assignment",  # PLC3001
+    "unneeded-not",                   # SIM208
+    "useless-import-alias",           # PLC0414
+    "wrong-import-order",             # I001
+    "wrong-import-position",          # E402
+    "comparison-of-constants",        # PLR0133
+    "comparison-with-itself",         # PLR0124
+    # "consider-alternative-union-syntax", # UP007, typing extension
+    "consider-merging-isinstance", # PLR1701
+    # "consider-using-alias",              # UP006, typing extension
+    "consider-using-dict-comprehension", # C402
+    "consider-using-generator",          # C417
+    "consider-using-get",                # SIM401
+    "consider-using-set-comprehension",  # C401
+    "consider-using-sys-exit",           # PLR1722
+    "consider-using-ternary",            # SIM108
+    "literal-comparison",                # F632
+    "property-with-parameters",          # PLR0206
+    "super-with-arguments",              # UP008
+    "too-many-branches",                 # PLR0912
+    "too-many-return-statements",        # PLR0911
+    "too-many-statements",               # PLR0915
+    "trailing-comma-tuple",              # COM818
+    "unnecessary-comprehension",         # C416
+    "use-a-generator",                   # C417
+    "use-dict-literal",                  # C406
+    "use-list-literal",                  # C405
+    "useless-object-inheritance",        # UP004
+    "useless-return",                    # PLR1711
+    # "no-self-use", # PLR6301  # Optional plugin, not enabled
+]
+
+[tool.pylint.REPORTS]
+score = false
+
+[tool.pylint.TYPECHECK]
+ignored-modules = ["distutils"]
+
+[tool.pylint.FORMAT]
+expected-line-ending-format = "LF"
+
+[tool.pylint.EXCEPTIONS]
+overgeneral-exceptions = ["builtins.BaseException", "builtins.Exception"]
+
+[tool.pylint.DESIGN]
+max-positional-arguments = 10
+
+[tool.pytest.ini_options]
+testpaths = ["tests"]
+norecursedirs = [".git"]
+log_format = "%(asctime)s.%(msecs)03d %(levelname)-8s %(threadName)s %(name)s:%(filename)s:%(lineno)s %(message)s"
+log_date_format = "%Y-%m-%d %H:%M:%S"
+asyncio_default_fixture_loop_scope = "function"
+asyncio_mode = "auto"
+filterwarnings = [
+    "error",
+    "ignore:pkg_resources is deprecated as an API:DeprecationWarning:dirhash",
+    "ignore::pytest.PytestUnraisableExceptionWarning",
+]
+
+[tool.ruff]
+lint.select = [
+    "B002",    # Python does not support the unary prefix increment
+    "B007",    # Loop control variable {name} not used within loop body
+    "B014",    # Exception handler with duplicate exception
+    "B023",    # Function definition does not bind loop variable {name}
+    "B026",    # Star-arg unpacking after a keyword argument is strongly discouraged
+    "B904",    # Use raise from to specify exception cause
+    "C",       # complexity
+    "COM818",  # Trailing comma on bare tuple prohibited
+    "D",       # docstrings
+    "DTZ003",  # Use datetime.now(tz=) instead of datetime.utcnow()
+    "DTZ004",  # Use datetime.fromtimestamp(ts, tz=) instead of datetime.utcfromtimestamp(ts)
+    "E",       # pycodestyle
+    "F",       # pyflakes/autoflake
+    "G",       # flake8-logging-format
+    "I",       # isort
+    "ICN001",  # import concentions; {name} should be imported as {asname}
+    "N804",    # First argument of a class method should be named cls
+    "N805",    # First argument of a method should be named self
+    "N815",    # Variable {name} in class scope should not be mixedCase
+    "PGH004",  # Use specific rule codes when using noqa
+    "PLC0414", # Useless import alias. Import alias does not rename original package.
+    "PLC",     # pylint
+    "PLE",     # pylint
+    "PLR",     # pylint
+    "PLW",     # pylint
+    "Q000",    # Double quotes found but single quotes preferred
+    "RUF006",  # Store a reference to the return value of asyncio.create_task
+    "S102",    # Use of exec detected
+    "S103",    # bad-file-permissions
+    "S108",    # hardcoded-temp-file
+    "S306",    # suspicious-mktemp-usage
+    "S307",    # suspicious-eval-usage
+    "S313",    # suspicious-xmlc-element-tree-usage
+    "S314",    # suspicious-xml-element-tree-usage
+    "S315",    # suspicious-xml-expat-reader-usage
+    "S316",    # suspicious-xml-expat-builder-usage
+    "S317",    # suspicious-xml-sax-usage
+    "S318",    # suspicious-xml-mini-dom-usage
+    "S319",    # suspicious-xml-pull-dom-usage
+    "S320",    # suspicious-xmle-tree-usage
+    "S601",    # paramiko-call
+    "S602",    # subprocess-popen-with-shell-equals-true
+    "S604",    # call-with-shell-equals-true
+    "S608",    # hardcoded-sql-expression
+    "S609",    # unix-command-wildcard-injection
+    "SIM105",  # Use contextlib.suppress({exception}) instead of try-except-pass
+    "SIM117",  # Merge with-statements that use the same scope
+    "SIM118",  # Use {key} in {dict} instead of {key} in {dict}.keys()
+    "SIM201",  # Use {left} != {right} instead of not {left} == {right}
+    "SIM208",  # Use {expr} instead of not (not {expr})
+    "SIM212",  # Use {a} if {a} else {b} instead of {b} if not {a} else {a}
+    "SIM300",  # Yoda conditions. Use 'age == 42' instead of '42 == age'.
+    "SIM401",  # Use get from dict with default instead of an if block
+    "T100",    # Trace found: {name} used
+    "T20",     # flake8-print
+    "TID251",  # Banned imports
+    "TRY004",  # Prefer TypeError exception for invalid type
+    "TRY203",  # Remove exception handler; error is immediately re-raised
+    "UP",      # pyupgrade
+    "W",       # pycodestyle
+]
+
+lint.ignore = [
+    "D202", # No blank lines allowed after function docstring
+    "D203", # 1 blank line required before class docstring
+    "D213", # Multi-line docstring summary should start at the second line
+    "D406", # Section name should end with a newline
+    "D407", # Section name underlining
+    "E501", # line too long
+    "E731", # do not assign a lambda expression, use a def
+
+    # Ignore ignored, as the rule is now back in preview/nursery, which cannot
+    # be ignored anymore without warnings.
+    # https://github.com/astral-sh/ruff/issues/7491
+    # "PLC1901", # Lots of false positives
+
+    # False positives https://github.com/astral-sh/ruff/issues/5386
+    "PLC0208", # Use a sequence type instead of a `set` when iterating over values
+    "PLR0911", # Too many return statements ({returns} > {max_returns})
+    "PLR0912", # Too many branches ({branches} > {max_branches})
+    "PLR0913", # Too many arguments to function call ({c_args} > {max_args})
+    "PLR0915", # Too many statements ({statements} > {max_statements})
+    "PLR2004", # Magic value used in comparison, consider replacing {value} with a constant variable
+    "PLW2901", # Outer {outer_kind} variable {name} overwritten by inner {inner_kind} target
+    "UP006",   # keep type annotation style as is
+    "UP007",   # keep type annotation style as is
+    # Ignored due to performance: https://github.com/charliermarsh/ruff/issues/2923
+    "UP038", # Use `X | Y` in `isinstance` call instead of `(X, Y)`
+
+    # May conflict with the formatter, https://docs.astral.sh/ruff/formatter/#conflicting-lint-rules
+    "W191",
+    "E111",
+    "E114",
+    "E117",
+    "D206",
+    "D300",
+    "Q000",
+    "Q001",
+    "Q002",
+    "Q003",
+    "COM812",
+    "COM819",
+    "ISC001",
+    "ISC002",
+
+    # Disabled because ruff does not understand type of __all__ generated by a function
+    "PLE0605",
+]
+
+[tool.ruff.lint.flake8-import-conventions.extend-aliases]
+voluptuous = "vol"
+
+[tool.ruff.lint.flake8-pytest-style]
+fixture-parentheses = false
+
+[tool.ruff.lint.flake8-tidy-imports.banned-api]
+"pytz".msg = "use zoneinfo instead"
+
+[tool.ruff.lint.isort]
+force-sort-within-sections = true
+section-order = [
+    "future",
+    "standard-library",
+    "third-party",
+    "first-party",
+    "local-folder",
+]
+forced-separate = ["tests"]
+known-first-party = ["supervisor", "tests"]
+combine-as-imports = true
+split-on-trailing-comma = false
+
+[tool.ruff.lint.per-file-ignores]
+
+# DBus Service Mocks must use typing and names understood by dbus-fast
+"tests/dbus_service_mocks/*.py" = ["F722", "F821", "N815"]
+
+[tool.ruff.lint.mccabe]
+max-complexity = 25

pytest.ini

@@ -1,6 +0,0 @@
-[pytest]
-asyncio_mode = auto
-filterwarnings =
-    error
-    ignore:pkg_resources is deprecated as an API:DeprecationWarning:dirhash
-    ignore::pytest.PytestUnraisableExceptionWarning

requirements.txt

@@ -1,27 +1,30 @@
-aiodns==3.1.1
-aiohttp==3.9.1
-aiohttp-fast-url-dispatcher==0.3.0
-async_timeout==4.0.3
+aiodns==3.2.0
+aiohttp==3.11.16
 atomicwrites-homeassistant==1.4.1
-attrs==23.1.0
-awesomeversion==23.11.0
+attrs==25.3.0
+awesomeversion==24.6.0
+blockbuster==1.5.24
 brotli==1.1.0
-ciso8601==2.3.1
-colorlog==6.8.0
-cpe==1.2.1
-cryptography==41.0.7
-debugpy==1.8.0
-deepmerge==1.1.1
-dirhash==0.2.1
-docker==7.0.0
+ciso8601==2.3.2
+colorlog==6.9.0
+cpe==1.3.1
+cryptography==44.0.2
+debugpy==1.8.14
+deepmerge==2.0
+dirhash==0.5.0
+docker==7.1.0
 faust-cchardet==2.1.19
-gitpython==3.1.40
-jinja2==3.1.2
-pulsectl==23.5.2
-pyudev==0.24.1
-PyYAML==6.0.1
-securetar==2023.12.0
-sentry-sdk==1.39.1
-voluptuous==0.14.1
-dbus-fast==2.21.0
-typing_extensions==4.9.0
+gitpython==3.1.44
+jinja2==3.1.6
+log-rate-limit==1.4.2
+orjson==3.10.16
+pulsectl==24.12.0
+pyudev==0.24.3
+PyYAML==6.0.2
+requests==2.32.3
+securetar==2025.2.1
+sentry-sdk==2.26.1
+setuptools==78.1.0
+voluptuous==0.15.2
+dbus-fast==2.44.1
+zlib-fast==0.2.1

requirements_tests.txt

@@ -1,16 +1,12 @@
-black==23.12.1
-coverage==7.4.0
-flake8-docstrings==1.7.0
-flake8==6.1.0
-pre-commit==3.6.0
-pydocstyle==6.3.0
-pylint==3.0.3
-pytest-aiohttp==1.0.5
-pytest-asyncio==0.18.3
-pytest-cov==4.1.0
-pytest-timeout==2.2.0
-pytest==7.4.3
-pyupgrade==3.15.0
-time-machine==2.13.0
-typing_extensions==4.9.0
-urllib3==2.1.0
+astroid==3.3.9
+coverage==7.8.0
+pre-commit==4.2.0
+pylint==3.3.6
+pytest-aiohttp==1.1.0
+pytest-asyncio==0.25.2
+pytest-cov==6.1.1
+pytest-timeout==2.3.1
+pytest==8.3.5
+ruff==0.11.6
+time-machine==2.16.0
+urllib3==2.4.0

scripts/update-frontend.sh

@@ -1,30 +0,0 @@
-#!/bin/bash
-source "/etc/supervisor_scripts/common"
-
-set -e
-
-# Update frontend
-git submodule update --init --recursive --remote
-
-[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh"
-cd home-assistant-polymer
-nvm install
-script/bootstrap
-
-# Download translations
-start_docker
-./script/translations_download
-
-# build frontend
-cd hassio
-./script/build_hassio
-
-# Copy frontend
-rm -rf ../../supervisor/api/panel/*
-cp -rf build/* ../../supervisor/api/panel/
-
-# Reset frontend git
-cd ..
-git reset --hard HEAD
-
-stop_docker

setup.cfg

@@ -1,31 +0,0 @@
-[isort]
-multi_line_output = 3
-include_trailing_comma=True
-force_grid_wrap=0
-line_length=88
-indent = "    "
-force_sort_within_sections = true
-sections = FUTURE,STDLIB,THIRDPARTY,FIRSTPARTY,LOCALFOLDER
-default_section = THIRDPARTY
-forced_separate = tests
-combine_as_imports = true
-use_parentheses = true
-known_first_party = supervisor,tests
-
-[flake8]
-exclude = .venv,.git,.tox,docs,venv,bin,lib,deps,build
-doctests = True
-max-line-length = 88
-# E501: line too long
-# W503: Line break occurred before a binary operator
-# E203: Whitespace before ':'
-# D202 No blank lines allowed after function docstring
-# W504 line break after binary operator
-ignore =
-    E501,
-    W503,
-    E203,
-    D202,
-    W504
-per-file-ignores =
-    tests/dbus_service_mocks/*.py: F821,F722

setup.py

@@ -1,48 +1,28 @@
 """Home Assistant Supervisor setup."""
+
+from pathlib import Path
+import re
+
 from setuptools import setup
 
-from supervisor.const import SUPERVISOR_VERSION
+RE_SUPERVISOR_VERSION = re.compile(r"^SUPERVISOR_VERSION =\s*(.+)$")
+
+SUPERVISOR_DIR = Path(__file__).parent
+REQUIREMENTS_FILE = SUPERVISOR_DIR / "requirements.txt"
+CONST_FILE = SUPERVISOR_DIR / "supervisor/const.py"
+
+REQUIREMENTS = REQUIREMENTS_FILE.read_text(encoding="utf-8")
+CONSTANTS = CONST_FILE.read_text(encoding="utf-8")
+
+
+def _get_supervisor_version():
+    for line in CONSTANTS.split("/n"):
+        if match := RE_SUPERVISOR_VERSION.match(line):
+            return match.group(1)
+    return "9999.09.9.dev9999"
+
 
 setup(
-    name="Supervisor",
-    version=SUPERVISOR_VERSION,
-    license="BSD License",
-    author="The Home Assistant Authors",
-    author_email="hello@home-assistant.io",
-    url="https://home-assistant.io/",
-    description=("Open-source private cloud os for Home-Assistant" " based on HassOS"),
-    long_description=(
-        "A maintainless private cloud operator system that"
-        "setup a Home-Assistant instance. Based on HassOS"
-    ),
-    keywords=["docker", "home-assistant", "api"],
-    zip_safe=False,
-    platforms="any",
-    packages=[
-        "supervisor.addons",
-        "supervisor.api",
-        "supervisor.backups",
-        "supervisor.dbus.network",
-        "supervisor.dbus.network.setting",
-        "supervisor.dbus",
-        "supervisor.discovery.services",
-        "supervisor.discovery",
-        "supervisor.docker",
-        "supervisor.homeassistant",
-        "supervisor.host",
-        "supervisor.jobs",
-        "supervisor.misc",
-        "supervisor.plugins",
-        "supervisor.resolution.checks",
-        "supervisor.resolution.evaluations",
-        "supervisor.resolution.fixups",
-        "supervisor.resolution",
-        "supervisor.security",
-        "supervisor.services.modules",
-        "supervisor.services",
-        "supervisor.store",
-        "supervisor.utils",
-        "supervisor",
-    ],
-    include_package_data=True,
+    version=_get_supervisor_version(),
+    dependencies=REQUIREMENTS.split("/n"),
 )

supervisor/__main__.py

@@ -1,12 +1,22 @@
 """Main file for Supervisor."""
+
 import asyncio
 from concurrent.futures import ThreadPoolExecutor
 import logging
 from pathlib import Path
 import sys
 
-from supervisor import bootstrap
-from supervisor.utils.logging import activate_log_queue_handler
+import zlib_fast
+
+# Enable fast zlib before importing supervisor
+zlib_fast.enable()
+
+# pylint: disable=wrong-import-position
+from supervisor import bootstrap  # noqa: E402
+from supervisor.utils.blockbuster import activate_blockbuster  # noqa: E402
+from supervisor.utils.logging import activate_log_queue_handler  # noqa: E402
+
+# pylint: enable=wrong-import-position
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 
@@ -44,10 +54,11 @@ if __name__ == "__main__":
     _LOGGER.info("Initializing Supervisor setup")
     coresys = loop.run_until_complete(bootstrap.initialize_coresys())
     loop.set_debug(coresys.config.debug)
+    if coresys.config.detect_blocking_io:
+        activate_blockbuster()
     loop.run_until_complete(coresys.core.connect())
 
-    bootstrap.supervisor_debugger(coresys)
-    bootstrap.migrate_system_env(coresys)
+    loop.run_until_complete(bootstrap.supervisor_debugger(coresys))
 
     # Signal health startup for container
     run_os_startup_check_cleanup()

supervisor/addons/addon.py

@@ -1,9 +1,12 @@
 """Init file for Supervisor add-ons."""
+
 import asyncio
 from collections.abc import Awaitable
 from contextlib import suppress
 from copy import deepcopy
+from datetime import datetime
 import errno
+from functools import partial
 from ipaddress import IPv4Address
 import logging
 from pathlib import Path, PurePath
@@ -15,11 +18,14 @@ from tempfile import TemporaryDirectory
 from typing import Any, Final
 
 import aiohttp
+from awesomeversion import AwesomeVersion, AwesomeVersionCompareException
 from deepmerge import Merger
-from securetar import atomic_contents_add, secure_path
+from securetar import AddFileError, atomic_contents_add, secure_path
 import voluptuous as vol
 from voluptuous.humanize import humanize_error
 
+from supervisor.utils.dt import utc_from_timestamp
+
 from ..bus import EventListener
 from ..const import (
     ATTR_ACCESS_TOKEN,
@@ -42,13 +48,17 @@ from ..const import (
     ATTR_SLUG,
     ATTR_STATE,
     ATTR_SYSTEM,
+    ATTR_SYSTEM_MANAGED,
+    ATTR_SYSTEM_MANAGED_CONFIG_ENTRY,
     ATTR_TYPE,
     ATTR_USER,
     ATTR_UUID,
     ATTR_VERSION,
+    ATTR_VERSION_TIMESTAMP,
     ATTR_WATCHDOG,
     DNS_SUFFIX,
     AddonBoot,
+    AddonBootConfig,
     AddonStartup,
     AddonState,
     BusEvent,
@@ -72,12 +82,13 @@ from ..hardware.data import Device
 from ..homeassistant.const import WSEvent, WSType
 from ..jobs.const import JobExecutionLimit
 from ..jobs.decorator import Job
-from ..resolution.const import UnhealthyReason
+from ..resolution.const import ContextType, IssueType, UnhealthyReason
+from ..resolution.data import Issue
 from ..store.addon import AddonStore
 from ..utils import check_port
 from ..utils.apparmor import adjust_profile
 from ..utils.json import read_json_file, write_json_file
-from ..utils.sentry import capture_exception
+from ..utils.sentry import async_capture_exception
 from .const import (
     WATCHDOG_MAX_ATTEMPTS,
     WATCHDOG_RETRY_SECONDS,
@@ -129,17 +140,31 @@ class Addon(AddonModel):
         super().__init__(coresys, slug)
         self.instance: DockerAddon = DockerAddon(coresys, self)
         self._state: AddonState = AddonState.UNKNOWN
-        self._manual_stop: bool = (
-            self.sys_hardware.helper.last_boot != self.sys_config.last_boot
-        )
+        self._manual_stop: bool = False
         self._listeners: list[EventListener] = []
         self._startup_event = asyncio.Event()
         self._startup_task: asyncio.Task | None = None
+        self._boot_failed_issue = Issue(
+            IssueType.BOOT_FAIL, ContextType.ADDON, reference=self.slug
+        )
+        self._device_access_missing_issue = Issue(
+            IssueType.DEVICE_ACCESS_MISSING, ContextType.ADDON, reference=self.slug
+        )
 
     def __repr__(self) -> str:
         """Return internal representation."""
         return f"<Addon: {self.slug}>"
 
+    @property
+    def boot_failed_issue(self) -> Issue:
+        """Get issue used if start on boot failed."""
+        return self._boot_failed_issue
+
+    @property
+    def device_access_missing_issue(self) -> Issue:
+        """Get issue used if device access is missing and can't be automatically added."""
+        return self._device_access_missing_issue
+
     @property
     def state(self) -> AddonState:
         """Return state of the add-on."""
@@ -157,6 +182,20 @@ class Addon(AddonModel):
         if new_state == AddonState.STARTED or old_state == AddonState.STARTUP:
             self._startup_event.set()
 
+        # Dismiss boot failed issue if present and we started
+        if (
+            new_state == AddonState.STARTED
+            and self.boot_failed_issue in self.sys_resolution.issues
+        ):
+            self.sys_resolution.dismiss_issue(self.boot_failed_issue)
+
+        # Dismiss device access missing issue if present and we stopped
+        if (
+            new_state == AddonState.STOPPED
+            and self.device_access_missing_issue in self.sys_resolution.issues
+        ):
+            self.sys_resolution.dismiss_issue(self.device_access_missing_issue)
+
         self.sys_homeassistant.websocket.send_message(
             {
                 ATTR_TYPE: WSType.SUPERVISOR_EVENT,
@@ -175,6 +214,13 @@ class Addon(AddonModel):
 
     async def load(self) -> None:
         """Async initialize of object."""
+        self._manual_stop = (
+            await self.sys_hardware.helper.last_boot() != self.sys_config.last_boot
+        )
+
+        if self.is_detached:
+            await super().refresh_path_cache()
+
         self._listeners.append(
             self.sys_bus.register_event(
                 BusEvent.DOCKER_CONTAINER_STATE_CHANGE, self.container_state_changed
@@ -187,9 +233,20 @@ class Addon(AddonModel):
         )
 
         await self._check_ingress_port()
-        with suppress(DockerError):
+        default_image = self._image(self.data)
+        try:
             await self.instance.attach(version=self.version)
 
+            # Ensure we are using correct image for this system
+            await self.instance.check_image(self.version, default_image, self.arch)
+        except DockerError:
+            _LOGGER.info("No %s addon Docker image %s found", self.slug, self.image)
+            with suppress(DockerError):
+                await self.instance.install(self.version, default_image, arch=self.arch)
+
+        self.persist[ATTR_IMAGE] = default_image
+        await self.save_persist()
+
     @property
     def ip_address(self) -> IPv4Address:
         """Return IP of add-on instance."""
@@ -225,13 +282,41 @@ class Addon(AddonModel):
         """Return True if add-on is detached."""
         return self.slug not in self.sys_store.data.addons
 
+    @property
+    def with_icon(self) -> bool:
+        """Return True if an icon exists."""
+        if self.is_detached or not self.addon_store:
+            return super().with_icon
+        return self.addon_store.with_icon
+
+    @property
+    def with_logo(self) -> bool:
+        """Return True if a logo exists."""
+        if self.is_detached or not self.addon_store:
+            return super().with_logo
+        return self.addon_store.with_logo
+
+    @property
+    def with_changelog(self) -> bool:
+        """Return True if a changelog exists."""
+        if self.is_detached or not self.addon_store:
+            return super().with_changelog
+        return self.addon_store.with_changelog
+
+    @property
+    def with_documentation(self) -> bool:
+        """Return True if a documentation exists."""
+        if self.is_detached or not self.addon_store:
+            return super().with_documentation
+        return self.addon_store.with_documentation
+
     @property
     def available(self) -> bool:
         """Return True if this add-on is available on this platform."""
         return self._available(self.data_store)
 
     @property
-    def version(self) -> str | None:
+    def version(self) -> AwesomeVersion:
         """Return installed version."""
         return self.persist[ATTR_VERSION]
 
@@ -261,7 +346,9 @@ class Addon(AddonModel):
 
     @property
     def boot(self) -> AddonBoot:
-        """Return boot config with prio local settings."""
+        """Return boot config with prio local settings unless config is forced."""
+        if self.boot_config == AddonBootConfig.MANUAL_ONLY:
+            return super().boot
         return self.persist.get(ATTR_BOOT, super().boot)
 
     @boot.setter
@@ -269,6 +356,13 @@ class Addon(AddonModel):
         """Store user boot options."""
         self.persist[ATTR_BOOT] = value
 
+        # Dismiss boot failed issue if present and boot at start disabled
+        if (
+            value == AddonBoot.MANUAL
+            and self._boot_failed_issue in self.sys_resolution.issues
+        ):
+            self.sys_resolution.dismiss_issue(self._boot_failed_issue)
+
     @property
     def auto_update(self) -> bool:
         """Return if auto update is enable."""
@@ -279,6 +373,28 @@ class Addon(AddonModel):
         """Set auto update."""
         self.persist[ATTR_AUTO_UPDATE] = value
 
+    @property
+    def auto_update_available(self) -> bool:
+        """Return if it is safe to auto update addon."""
+        if not self.need_update or not self.auto_update:
+            return False
+
+        for version in self.breaking_versions:
+            try:
+                # Must update to latest so if true update crosses a breaking version
+                if self.version < version:
+                    return False
+            except AwesomeVersionCompareException:
+                # If version scheme changed, we may get compare exception
+                # If latest version >= breaking version then assume update will
+                # cross it as the version scheme changes
+                # If both versions have compare exception, ignore as its in the past
+                with suppress(AwesomeVersionCompareException):
+                    if self.latest_version >= version:
+                        return False
+
+        return True
+
     @property
     def watchdog(self) -> bool:
         """Return True if watchdog is enable."""
@@ -294,6 +410,37 @@ class Addon(AddonModel):
         else:
             self.persist[ATTR_WATCHDOG] = value
 
+    @property
+    def system_managed(self) -> bool:
+        """Return True if addon is managed by Home Assistant."""
+        return self.persist[ATTR_SYSTEM_MANAGED]
+
+    @system_managed.setter
+    def system_managed(self, value: bool) -> None:
+        """Set system managed enable/disable."""
+        if not value and self.system_managed_config_entry:
+            self.system_managed_config_entry = None
+
+        self.persist[ATTR_SYSTEM_MANAGED] = value
+
+    @property
+    def system_managed_config_entry(self) -> str | None:
+        """Return id of config entry managing this addon (if any)."""
+        if not self.system_managed:
+            return None
+        return self.persist.get(ATTR_SYSTEM_MANAGED_CONFIG_ENTRY)
+
+    @system_managed_config_entry.setter
+    def system_managed_config_entry(self, value: str | None) -> None:
+        """Set ID of config entry managing this addon."""
+        if not self.system_managed:
+            _LOGGER.warning(
+                "Ignoring system managed config entry for %s because it is not system managed",
+                self.slug,
+            )
+        else:
+            self.persist[ATTR_SYSTEM_MANAGED_CONFIG_ENTRY] = value
+
     @property
     def uuid(self) -> str:
         """Return an API token for this add-on."""
@@ -317,10 +464,15 @@ class Addon(AddonModel):
         return None
 
     @property
-    def latest_version(self) -> str:
+    def latest_version(self) -> AwesomeVersion:
         """Return version of add-on."""
         return self.data_store[ATTR_VERSION]
 
+    @property
+    def latest_version_timestamp(self) -> datetime:
+        """Return when latest version was first seen."""
+        return utc_from_timestamp(self.data_store[ATTR_VERSION_TIMESTAMP])
+
     @property
     def protected(self) -> bool:
         """Return if add-on is in protected mode."""
@@ -366,9 +518,8 @@ class Addon(AddonModel):
     def webui(self) -> str | None:
         """Return URL to webui or None."""
         url = super().webui
-        if not url:
+        if not url or not (webui := RE_WEBUI.match(url)):
             return None
-        webui = RE_WEBUI.match(url)
 
         # extract arguments
         t_port = webui.group("t_port")
@@ -517,16 +668,15 @@ class Addon(AddonModel):
         """Is add-on loaded."""
         return bool(self._listeners)
 
-    def save_persist(self) -> None:
+    async def save_persist(self) -> None:
         """Save data of add-on."""
-        self.sys_addons.data.save_data()
+        await self.sys_addons.data.save_data()
 
     async def watchdog_application(self) -> bool:
         """Return True if application is running."""
-        url = super().watchdog
-        if not url:
+        url = self.watchdog_url
+        if not url or not (application := RE_WATCHDOG.match(url)):
             return True
-        application = RE_WATCHDOG.match(url)
 
         # extract arguments
         t_port = int(application.group("t_port"))
@@ -535,8 +685,10 @@ class Addon(AddonModel):
         s_suffix = application.group("s_suffix") or ""
 
         # search host port for this docker port
-        if self.host_network:
-            port = self.ports.get(f"{t_port}/tcp", t_port)
+        if self.host_network and self.ports:
+            port = self.ports.get(f"{t_port}/tcp")
+            if port is None:
+                port = t_port
         else:
             port = t_port
 
@@ -570,7 +722,7 @@ class Addon(AddonModel):
 
         try:
             options = self.schema.validate(self.options)
-            write_json_file(self.path_options, options)
+            await self.sys_run_in_executor(write_json_file, self.path_options, options)
         except vol.Invalid as ex:
             _LOGGER.error(
                 "Add-on %s has invalid options: %s",
@@ -601,9 +753,12 @@ class Addon(AddonModel):
         for listener in self._listeners:
             self.sys_bus.remove_listener(listener)
 
-        if self.path_data.is_dir():
-            _LOGGER.info("Removing add-on data folder %s", self.path_data)
-            await remove_data(self.path_data)
+        def remove_data_dir():
+            if self.path_data.is_dir():
+                _LOGGER.info("Removing add-on data folder %s", self.path_data)
+                remove_data(self.path_data)
+
+        await self.sys_run_in_executor(remove_data_dir)
 
     async def _check_ingress_port(self):
         """Assign a ingress port if dynamic port selection is used."""
@@ -622,14 +777,20 @@ class Addon(AddonModel):
     )
     async def install(self) -> None:
         """Install and setup this addon."""
-        self.sys_addons.data.install(self.addon_store)
+        if not self.addon_store:
+            raise AddonsError("Missing from store, cannot install!")
+
+        await self.sys_addons.data.install(self.addon_store)
         await self.load()
 
-        if not self.path_data.is_dir():
-            _LOGGER.info(
-                "Creating Home Assistant add-on data folder %s", self.path_data
-            )
-            self.path_data.mkdir()
+        def setup_data():
+            if not self.path_data.is_dir():
+                _LOGGER.info(
+                    "Creating Home Assistant add-on data folder %s", self.path_data
+                )
+                self.path_data.mkdir()
+
+        await self.sys_run_in_executor(setup_data)
 
         # Setup/Fix AppArmor profile
         await self.install_apparmor()
@@ -640,7 +801,7 @@ class Addon(AddonModel):
                 self.latest_version, self.addon_store.image, arch=self.arch
             )
         except DockerError as err:
-            self.sys_addons.data.uninstall(self)
+            await self.sys_addons.data.uninstall(self)
             raise AddonsError() from err
 
         # Add to addon manager
@@ -655,10 +816,12 @@ class Addon(AddonModel):
         limit=JobExecutionLimit.GROUP_ONCE,
         on_condition=AddonsJobError,
     )
-    async def uninstall(self) -> None:
+    async def uninstall(
+        self, *, remove_config: bool, remove_image: bool = True
+    ) -> None:
         """Uninstall and cleanup this addon."""
         try:
-            await self.instance.remove()
+            await self.instance.remove(remove_image=remove_image)
         except DockerError as err:
             raise AddonsError() from err
 
@@ -666,10 +829,17 @@ class Addon(AddonModel):
 
         await self.unload()
 
-        # Cleanup audio settings
-        if self.path_pulse.exists():
-            with suppress(OSError):
-                self.path_pulse.unlink()
+        def cleanup_config_and_audio():
+            # Remove config if present and requested
+            if self.addon_config_used and remove_config:
+                remove_data(self.path_config)
+
+            # Cleanup audio settings
+            if self.path_pulse.exists():
+                with suppress(OSError):
+                    self.path_pulse.unlink()
+
+        await self.sys_run_in_executor(cleanup_config_and_audio)
 
         # Cleanup AppArmor profile
         with suppress(HostAppArmorError):
@@ -683,23 +853,23 @@ class Addon(AddonModel):
 
         # Cleanup Ingress dynamic port assignment
         if self.with_ingress:
+            await self.sys_ingress.del_dynamic_port(self.slug)
             self.sys_create_task(self.sys_ingress.reload())
-            self.sys_ingress.del_dynamic_port(self.slug)
 
         # Cleanup discovery data
         for message in self.sys_discovery.list_messages:
             if message.addon != self.slug:
                 continue
-            self.sys_discovery.remove(message)
+            await self.sys_discovery.remove(message)
 
         # Cleanup services data
         for service in self.sys_services.list_services:
             if self.slug not in service.active:
                 continue
-            service.del_service_data(self)
+            await service.del_service_data(self)
 
         # Remove from addon manager
-        self.sys_addons.data.uninstall(self)
+        await self.sys_addons.data.uninstall(self)
         self.sys_addons.local.pop(self.slug)
 
     @Job(
@@ -713,6 +883,9 @@ class Addon(AddonModel):
         Returns a Task that completes when addon has state 'started' (see start)
         if it was running. Else nothing is returned.
         """
+        if not self.addon_store:
+            raise AddonsError("Missing from store, cannot update!")
+
         old_image = self.image
         # Cache data to prevent races with other updates to global
         store = self.addon_store.clone()
@@ -728,7 +901,7 @@ class Addon(AddonModel):
 
         try:
             _LOGGER.info("Add-on '%s' successfully updated", self.slug)
-            self.sys_addons.data.update(store)
+            await self.sys_addons.data.update(store)
             await self._check_ingress_port()
 
             # Cleanup
@@ -769,7 +942,10 @@ class Addon(AddonModel):
             except DockerError as err:
                 raise AddonsError() from err
 
-            self.sys_addons.data.update(self.addon_store)
+            if self.addon_store:
+                await self.sys_addons.data.update(self.addon_store)
+
+            await self._check_ingress_port()
             _LOGGER.info("Add-on '%s' successfully rebuilt", self.slug)
 
         finally:
@@ -781,22 +957,25 @@ class Addon(AddonModel):
             )
         return out
 
-    def write_pulse(self) -> None:
+    async def write_pulse(self) -> None:
         """Write asound config to file and return True on success."""
         pulse_config = self.sys_plugins.audio.pulse_client(
             input_profile=self.audio_input, output_profile=self.audio_output
         )
 
-        # Cleanup wrong maps
-        if self.path_pulse.is_dir():
-            shutil.rmtree(self.path_pulse, ignore_errors=True)
-
-        # Write pulse config
-        try:
+        def write_pulse_config():
+            # Cleanup wrong maps
+            if self.path_pulse.is_dir():
+                shutil.rmtree(self.path_pulse, ignore_errors=True)
             self.path_pulse.write_text(pulse_config, encoding="utf-8")
+
+        try:
+            await self.sys_run_in_executor(write_pulse_config)
         except OSError as err:
             if err.errno == errno.EBADMSG:
-                self.sys_resolution.unhealthy = UnhealthyReason.OSERROR_BAD_MESSAGE
+                self.sys_resolution.add_unhealthy_reason(
+                    UnhealthyReason.OSERROR_BAD_MESSAGE
+                )
             _LOGGER.error(
                 "Add-on %s can't write pulse/client.config: %s", self.slug, err
             )
@@ -808,7 +987,7 @@ class Addon(AddonModel):
     async def install_apparmor(self) -> None:
         """Install or Update AppArmor profile for Add-on."""
         exists_local = self.sys_host.apparmor.exists(self.slug)
-        exists_addon = self.path_apparmor.exists()
+        exists_addon = await self.sys_run_in_executor(self.path_apparmor.exists)
 
         # Nothing to do
         if not exists_local and not exists_addon:
@@ -820,11 +999,21 @@ class Addon(AddonModel):
             return
 
         # Need install/update
-        with TemporaryDirectory(dir=self.sys_config.path_tmp) as tmp_folder:
-            profile_file = Path(tmp_folder, "apparmor.txt")
+        tmp_folder: TemporaryDirectory | None = None
 
+        def install_update_profile() -> Path:
+            nonlocal tmp_folder
+            tmp_folder = TemporaryDirectory(dir=self.sys_config.path_tmp)
+            profile_file = Path(tmp_folder.name, "apparmor.txt")
             adjust_profile(self.slug, self.path_apparmor, profile_file)
+            return profile_file
+
+        try:
+            profile_file = await self.sys_run_in_executor(install_update_profile)
             await self.sys_host.apparmor.load_profile(self.slug, profile_file)
+        finally:
+            if tmp_folder:
+                await self.sys_run_in_executor(tmp_folder.cleanup)
 
     async def uninstall_apparmor(self) -> None:
         """Remove AppArmor profile for Add-on."""
@@ -896,14 +1085,14 @@ class Addon(AddonModel):
 
         # Access Token
         self.persist[ATTR_ACCESS_TOKEN] = secrets.token_hex(56)
-        self.save_persist()
+        await self.save_persist()
 
         # Options
         await self.write_options()
 
         # Sound
         if self.with_audio:
-            self.write_pulse()
+            await self.write_pulse()
 
         def _check_addon_config_dir():
             if self.path_config.is_dir():
@@ -1051,6 +1240,25 @@ class Addon(AddonModel):
             await self._backup_command(self.backup_post)
         return None
 
+    def _is_excluded_by_filter(
+        self, origin_path: Path, arcname: str, item_arcpath: PurePath
+    ) -> bool:
+        """Filter out files from backup based on filters provided by addon developer.
+
+        This tests the dev provided filters against the full path of the file as
+        Supervisor sees them using match. This is done for legacy reasons, testing
+        against the relative path makes more sense and may be changed in the future.
+        """
+        full_path = origin_path / item_arcpath.relative_to(arcname)
+
+        for exclude in self.backup_exclude:
+            if not full_path.match(exclude):
+                continue
+            _LOGGER.debug("Ignoring %s because of %s", full_path, exclude)
+            return True
+
+        return False
+
     @Job(
         name="addon_backup",
         limit=JobExecutionLimit.GROUP_ONCE,
@@ -1062,46 +1270,45 @@ class Addon(AddonModel):
         Returns a Task that completes when addon has state 'started' (see start)
         for cold backup. Else nothing is returned.
         """
-        wait_for_start: Awaitable[None] | None = None
 
-        with TemporaryDirectory(dir=self.sys_config.path_tmp) as temp:
-            temp_path = Path(temp)
+        def _addon_backup(
+            store_image: bool,
+            metadata: dict[str, Any],
+            apparmor_profile: str | None,
+            addon_config_used: bool,
+        ):
+            """Start the backup process."""
+            with TemporaryDirectory(dir=self.sys_config.path_tmp) as temp:
+                temp_path = Path(temp)
 
-            # store local image
-            if self.need_build:
+                # store local image
+                if store_image:
+                    try:
+                        self.instance.export_image(temp_path.joinpath("image.tar"))
+                    except DockerError as err:
+                        raise AddonsError() from err
+
+                # Store local configs/state
                 try:
-                    await self.instance.export_image(temp_path.joinpath("image.tar"))
-                except DockerError as err:
-                    raise AddonsError() from err
-
-            data = {
-                ATTR_USER: self.persist,
-                ATTR_SYSTEM: self.data,
-                ATTR_VERSION: self.version,
-                ATTR_STATE: _MAP_ADDON_STATE.get(self.state, self.state),
-            }
-
-            # Store local configs/state
-            try:
-                write_json_file(temp_path.joinpath("addon.json"), data)
-            except ConfigurationFileError as err:
-                raise AddonsError(
-                    f"Can't save meta for {self.slug}", _LOGGER.error
-                ) from err
-
-            # Store AppArmor Profile
-            if self.sys_host.apparmor.exists(self.slug):
-                profile = temp_path.joinpath("apparmor.txt")
-                try:
-                    await self.sys_host.apparmor.backup_profile(self.slug, profile)
-                except HostAppArmorError as err:
+                    write_json_file(temp_path.joinpath("addon.json"), metadata)
+                except ConfigurationFileError as err:
                     raise AddonsError(
-                        "Can't backup AppArmor profile", _LOGGER.error
+                        f"Can't save meta for {self.slug}", _LOGGER.error
                     ) from err
 
-            # write into tarfile
-            def _write_tarfile():
-                """Write tar inside loop."""
+                # Store AppArmor Profile
+                if apparmor_profile:
+                    profile_backup_file = temp_path.joinpath("apparmor.txt")
+                    try:
+                        self.sys_host.apparmor.backup_profile(
+                            apparmor_profile, profile_backup_file
+                        )
+                    except HostAppArmorError as err:
+                        raise AddonsError(
+                            "Can't backup AppArmor profile", _LOGGER.error
+                        ) from err
+
+                # Write tarfile
                 with tar_file as backup:
                     # Backup metadata
                     backup.add(temp, arcname=".")
@@ -1110,32 +1317,56 @@ class Addon(AddonModel):
                     atomic_contents_add(
                         backup,
                         self.path_data,
-                        excludes=self.backup_exclude,
+                        file_filter=partial(
+                            self._is_excluded_by_filter, self.path_data, "data"
+                        ),
                         arcname="data",
                     )
 
                     # Backup config
-                    if self.addon_config_used:
+                    if addon_config_used:
                         atomic_contents_add(
                             backup,
                             self.path_config,
-                            excludes=self.backup_exclude,
+                            file_filter=partial(
+                                self._is_excluded_by_filter, self.path_config, "config"
+                            ),
                             arcname="config",
                         )
 
-            is_running = await self.begin_backup()
-            try:
-                _LOGGER.info("Building backup for add-on %s", self.slug)
-                await self.sys_run_in_executor(_write_tarfile)
-            except (tarfile.TarError, OSError) as err:
-                raise AddonsError(
-                    f"Can't write tarfile {tar_file}: {err}", _LOGGER.error
-                ) from err
-            finally:
-                if is_running:
-                    wait_for_start = await self.end_backup()
+        wait_for_start: asyncio.Task | None = None
+
+        data = {
+            ATTR_USER: self.persist,
+            ATTR_SYSTEM: self.data,
+            ATTR_VERSION: self.version,
+            ATTR_STATE: _MAP_ADDON_STATE.get(self.state, self.state),
+        }
+        apparmor_profile = (
+            self.slug if self.sys_host.apparmor.exists(self.slug) else None
+        )
+
+        was_running = await self.begin_backup()
+        try:
+            _LOGGER.info("Building backup for add-on %s", self.slug)
+            await self.sys_run_in_executor(
+                partial(
+                    _addon_backup,
+                    store_image=self.need_build,
+                    metadata=data,
+                    apparmor_profile=apparmor_profile,
+                    addon_config_used=self.addon_config_used,
+                )
+            )
+            _LOGGER.info("Finish backup for addon %s", self.slug)
+        except (tarfile.TarError, OSError, AddFileError) as err:
+            raise AddonsError(
+                f"Can't write tarfile {tar_file}: {err}", _LOGGER.error
+            ) from err
+        finally:
+            if was_running:
+                wait_for_start = await self.end_backup()
 
-        _LOGGER.info("Finish backup for addon %s", self.slug)
         return wait_for_start
 
     @Job(
@@ -1149,27 +1380,37 @@ class Addon(AddonModel):
         Returns a Task that completes when addon has state 'started' (see start)
         if addon is started after restore. Else nothing is returned.
         """
-        wait_for_start: Awaitable[None] | None = None
-        with TemporaryDirectory(dir=self.sys_config.path_tmp) as temp:
-            # extract backup
-            def _extract_tarfile():
-                """Extract tar backup."""
+        wait_for_start: asyncio.Task | None = None
+
+        # Extract backup
+        def _extract_tarfile() -> tuple[TemporaryDirectory, dict[str, Any]]:
+            """Extract tar backup."""
+            tmp = TemporaryDirectory(dir=self.sys_config.path_tmp)
+            try:
                 with tar_file as backup:
-                    backup.extractall(path=Path(temp), members=secure_path(backup))
+                    backup.extractall(
+                        path=tmp.name,
+                        members=secure_path(backup),
+                        filter="fully_trusted",
+                    )
 
-            try:
-                await self.sys_run_in_executor(_extract_tarfile)
-            except tarfile.TarError as err:
-                raise AddonsError(
-                    f"Can't read tarfile {tar_file}: {err}", _LOGGER.error
-                ) from err
+                data = read_json_file(Path(tmp.name, "addon.json"))
+            except:
+                tmp.cleanup()
+                raise
 
-            # Read backup data
-            try:
-                data = read_json_file(Path(temp, "addon.json"))
-            except ConfigurationFileError as err:
-                raise AddonsError() from err
+            return tmp, data
 
+        try:
+            tmp, data = await self.sys_run_in_executor(_extract_tarfile)
+        except tarfile.TarError as err:
+            raise AddonsError(
+                f"Can't read tarfile {tar_file}: {err}", _LOGGER.error
+            ) from err
+        except ConfigurationFileError as err:
+            raise AddonsError() from err
+
+        try:
             # Validate
             try:
                 data = SCHEMA_ADDON_BACKUP(data)
@@ -1189,7 +1430,7 @@ class Addon(AddonModel):
             # Restore local add-on information
             _LOGGER.info("Restore config for addon %s", self.slug)
             restore_image = self._image(data[ATTR_SYSTEM])
-            self.sys_addons.data.restore(
+            await self.sys_addons.data.restore(
                 self.slug, data[ATTR_USER], data[ATTR_SYSTEM], restore_image
             )
 
@@ -1203,7 +1444,7 @@ class Addon(AddonModel):
                 if not await self.instance.exists():
                     _LOGGER.info("Restore/Install of image for addon %s", self.slug)
 
-                    image_file = Path(temp, "image.tar")
+                    image_file = Path(tmp.name, "image.tar")
                     if image_file.is_file():
                         with suppress(DockerError):
                             await self.instance.import_image(image_file)
@@ -1217,29 +1458,29 @@ class Addon(AddonModel):
                     _LOGGER.info("Restore/Update of image for addon %s", self.slug)
                     with suppress(DockerError):
                         await self.instance.update(version, restore_image, self.arch)
-                self._check_ingress_port()
+                await self._check_ingress_port()
 
                 # Restore data and config
                 def _restore_data():
                     """Restore data and config."""
-                    temp_data = Path(temp, "data")
+                    _LOGGER.info("Restoring data and config for addon %s", self.slug)
+                    if self.path_data.is_dir():
+                        remove_data(self.path_data)
+                    if self.path_config.is_dir():
+                        remove_data(self.path_config)
+
+                    temp_data = Path(tmp.name, "data")
                     if temp_data.is_dir():
                         shutil.copytree(temp_data, self.path_data, symlinks=True)
                     else:
                         self.path_data.mkdir()
 
-                    temp_config = Path(temp, "config")
+                    temp_config = Path(tmp.name, "config")
                     if temp_config.is_dir():
                         shutil.copytree(temp_config, self.path_config, symlinks=True)
                     elif self.addon_config_used:
                         self.path_config.mkdir()
 
-                _LOGGER.info("Restoring data and config for addon %s", self.slug)
-                if self.path_data.is_dir():
-                    await remove_data(self.path_data)
-                if self.path_config.is_dir():
-                    await remove_data(self.path_config)
-
                 try:
                     await self.sys_run_in_executor(_restore_data)
                 except shutil.Error as err:
@@ -1248,27 +1489,29 @@ class Addon(AddonModel):
                     ) from err
 
                 # Restore AppArmor
-                profile_file = Path(temp, "apparmor.txt")
-                if profile_file.exists():
+                profile_file = Path(tmp.name, "apparmor.txt")
+                if await self.sys_run_in_executor(profile_file.exists):
                     try:
                         await self.sys_host.apparmor.load_profile(
                             self.slug, profile_file
                         )
                     except HostAppArmorError as err:
                         _LOGGER.error(
-                            "Can't restore AppArmor profile for add-on %s", self.slug
+                            "Can't restore AppArmor profile for add-on %s",
+                            self.slug,
                         )
                         raise AddonsError() from err
 
+            finally:
                 # Is add-on loaded
                 if not self.loaded:
                     await self.load()
 
-            finally:
                 # Run add-on
                 if data[ATTR_STATE] == AddonState.STARTED:
                     wait_for_start = await self.start()
-
+        finally:
+            await self.sys_run_in_executor(tmp.cleanup)
         _LOGGER.info("Finished restore for add-on %s", self.slug)
         return wait_for_start
 
@@ -1309,7 +1552,7 @@ class Addon(AddonModel):
                 except AddonsError as err:
                     attempts = attempts + 1
                     _LOGGER.error("Watchdog restart of addon %s failed!", self.name)
-                    capture_exception(err)
+                    await async_capture_exception(err)
                 else:
                     break
 
@@ -1358,3 +1601,9 @@ class Addon(AddonModel):
             ContainerState.UNHEALTHY,
         ]:
             await self._restart_after_problem(event.state)
+
+    def refresh_path_cache(self) -> Awaitable[None]:
+        """Refresh cache of existing paths."""
+        if self.is_detached or not self.addon_store:
+            return super().refresh_path_cache()
+        return self.addon_store.refresh_path_cache()

supervisor/addons/build.py

@@ -1,9 +1,10 @@
 """Supervisor add-on build environment."""
+
 from __future__ import annotations
 
 from functools import cached_property
 from pathlib import Path
-from typing import TYPE_CHECKING
+from typing import TYPE_CHECKING, Any
 
 from awesomeversion import AwesomeVersion
 
@@ -22,7 +23,7 @@ from ..utils.common import FileConfiguration, find_one_filetype
 from .validate import SCHEMA_BUILD_CONFIG
 
 if TYPE_CHECKING:
-    from . import AnyAddon
+    from .manager import AnyAddon
 
 
 class AddonBuild(FileConfiguration, CoreSysAttributes):
@@ -33,23 +34,36 @@ class AddonBuild(FileConfiguration, CoreSysAttributes):
         self.coresys: CoreSys = coresys
         self.addon = addon
 
+        # Search for build file later in executor
+        super().__init__(None, SCHEMA_BUILD_CONFIG)
+
+    def _get_build_file(self) -> Path:
+        """Get build file.
+
+        Must be run in executor.
+        """
         try:
-            build_file = find_one_filetype(
+            return find_one_filetype(
                 self.addon.path_location, "build", FILE_SUFFIX_CONFIGURATION
             )
         except ConfigurationFileError:
-            build_file = self.addon.path_location / "build.json"
+            return self.addon.path_location / "build.json"
 
-        super().__init__(build_file, SCHEMA_BUILD_CONFIG)
+    async def read_data(self) -> None:
+        """Load data from file."""
+        if not self._file:
+            self._file = await self.sys_run_in_executor(self._get_build_file)
 
-    def save_data(self):
+        await super().read_data()
+
+    async def save_data(self):
         """Ignore save function."""
         raise RuntimeError()
 
     @cached_property
     def arch(self) -> str:
         """Return arch of the add-on."""
-        return self.sys_arch.match(self.addon.arch)
+        return self.sys_arch.match([self.addon.arch])
 
     @property
     def base_image(self) -> str:
@@ -67,13 +81,6 @@ class AddonBuild(FileConfiguration, CoreSysAttributes):
             )
         return self._data[ATTR_BUILD_FROM][self.arch]
 
-    @property
-    def dockerfile(self) -> Path:
-        """Return Dockerfile path."""
-        if self.addon.path_location.joinpath(f"Dockerfile.{self.arch}").exists():
-            return self.addon.path_location.joinpath(f"Dockerfile.{self.arch}")
-        return self.addon.path_location.joinpath("Dockerfile")
-
     @property
     def squash(self) -> bool:
         """Return True or False if squash is active."""
@@ -89,25 +96,40 @@ class AddonBuild(FileConfiguration, CoreSysAttributes):
         """Return additional Docker labels."""
         return self._data[ATTR_LABELS]
 
-    @property
-    def is_valid(self) -> bool:
+    def get_dockerfile(self) -> Path:
+        """Return Dockerfile path.
+
+        Must be run in executor.
+        """
+        if self.addon.path_location.joinpath(f"Dockerfile.{self.arch}").exists():
+            return self.addon.path_location.joinpath(f"Dockerfile.{self.arch}")
+        return self.addon.path_location.joinpath("Dockerfile")
+
+    async def is_valid(self) -> bool:
         """Return true if the build env is valid."""
-        try:
+
+        def build_is_valid() -> bool:
             return all(
                 [
                     self.addon.path_location.is_dir(),
-                    self.dockerfile.is_file(),
+                    self.get_dockerfile().is_file(),
                 ]
             )
+
+        try:
+            return await self.sys_run_in_executor(build_is_valid)
         except HassioArchNotFound:
             return False
 
-    def get_docker_args(self, version: AwesomeVersion):
-        """Create a dict with Docker build arguments."""
-        args = {
+    def get_docker_args(self, version: AwesomeVersion, image: str | None = None):
+        """Create a dict with Docker build arguments.
+
+        Must be run in executor.
+        """
+        args: dict[str, Any] = {
             "path": str(self.addon.path_location),
-            "tag": f"{self.addon.image}:{version!s}",
-            "dockerfile": str(self.dockerfile),
+            "tag": f"{image or self.addon.image}:{version!s}",
+            "dockerfile": str(self.get_dockerfile()),
             "pull": True,
             "forcerm": not self.sys_dev,
             "squash": self.squash,

supervisor/addons/const.py

@@ -1,4 +1,5 @@
 """Add-on static data."""
+
 from datetime import timedelta
 from enum import StrEnum
 
@@ -28,6 +29,7 @@ class MappingType(StrEnum):
 
 
 ATTR_BACKUP = "backup"
+ATTR_BREAKING_VERSIONS = "breaking_versions"
 ATTR_CODENOTARY = "codenotary"
 ATTR_READ_ONLY = "read_only"
 ATTR_PATH = "path"

supervisor/addons/data.py

@@ -1,4 +1,5 @@
 """Init file for Supervisor add-on data."""
+
 from copy import deepcopy
 from typing import Any
 
@@ -37,7 +38,7 @@ class AddonsData(FileConfiguration, CoreSysAttributes):
         """Return local add-on data."""
         return self._data[ATTR_SYSTEM]
 
-    def install(self, addon: AddonStore) -> None:
+    async def install(self, addon: AddonStore) -> None:
         """Set addon as installed."""
         self.system[addon.slug] = deepcopy(addon.data)
         self.user[addon.slug] = {
@@ -45,26 +46,28 @@ class AddonsData(FileConfiguration, CoreSysAttributes):
             ATTR_VERSION: addon.version,
             ATTR_IMAGE: addon.image,
         }
-        self.save_data()
+        await self.save_data()
 
-    def uninstall(self, addon: Addon) -> None:
+    async def uninstall(self, addon: Addon) -> None:
         """Set add-on as uninstalled."""
         self.system.pop(addon.slug, None)
         self.user.pop(addon.slug, None)
-        self.save_data()
+        await self.save_data()
 
-    def update(self, addon: AddonStore) -> None:
+    async def update(self, addon: AddonStore) -> None:
         """Update version of add-on."""
         self.system[addon.slug] = deepcopy(addon.data)
         self.user[addon.slug].update(
             {ATTR_VERSION: addon.version, ATTR_IMAGE: addon.image}
         )
-        self.save_data()
+        await self.save_data()
 
-    def restore(self, slug: str, user: Config, system: Config, image: str) -> None:
+    async def restore(
+        self, slug: str, user: Config, system: Config, image: str
+    ) -> None:
         """Restore data to add-on."""
         self.user[slug] = deepcopy(user)
         self.system[slug] = deepcopy(system)
 
         self.user[slug][ATTR_IMAGE] = image
-        self.save_data()
+        await self.save_data()

supervisor/addons/manager.py

@@ -1,30 +1,29 @@
 """Supervisor add-on manager."""
+
 import asyncio
 from collections.abc import Awaitable
 from contextlib import suppress
 import logging
 import tarfile
-from typing import Union
+from typing import Self, Union
+
+from attr import evolve
 
 from ..const import AddonBoot, AddonStartup, AddonState
 from ..coresys import CoreSys, CoreSysAttributes
 from ..exceptions import (
-    AddonConfigurationError,
     AddonsError,
     AddonsJobError,
     AddonsNotSupportedError,
     CoreDNSError,
-    DockerAPIError,
     DockerError,
-    DockerNotFound,
     HassioError,
     HomeAssistantAPIError,
 )
 from ..jobs.decorator import Job, JobCondition
 from ..resolution.const import ContextType, IssueType, SuggestionType
 from ..store.addon import AddonStore
-from ..utils import check_exception_chain
-from ..utils.sentry import capture_exception
+from ..utils.sentry import async_capture_exception
 from .addon import Addon
 from .const import ADDON_UPDATE_CONDITIONS
 from .data import AddonsData
@@ -75,17 +74,27 @@ class AddonManager(CoreSysAttributes):
                 return addon
         return None
 
+    async def load_config(self) -> Self:
+        """Load config in executor."""
+        await self.data.read_data()
+        return self
+
     async def load(self) -> None:
         """Start up add-on management."""
-        tasks = []
+        # Refresh cache for all store addons
+        tasks: list[Awaitable[None]] = [
+            store.refresh_path_cache() for store in self.store.values()
+        ]
+
+        # Load all installed addons
         for slug in self.data.system:
             addon = self.local[slug] = Addon(self.coresys, slug)
-            tasks.append(self.sys_create_task(addon.load()))
+            tasks.append(addon.load())
 
         # Run initial tasks
-        _LOGGER.info("Found %d installed add-ons", len(tasks))
+        _LOGGER.info("Found %d installed add-ons", len(self.data.system))
         if tasks:
-            await asyncio.wait(tasks)
+            await asyncio.gather(*tasks)
 
         # Sync DNS
         await self.sync_dns()
@@ -112,15 +121,14 @@ class AddonManager(CoreSysAttributes):
             try:
                 if start_task := await addon.start():
                     wait_boot.append(start_task)
-            except AddonsError as err:
-                # Check if there is an system/user issue
-                if check_exception_chain(
-                    err, (DockerAPIError, DockerNotFound, AddonConfigurationError)
-                ):
-                    addon.boot = AddonBoot.MANUAL
-                    addon.save_persist()
             except HassioError:
-                pass  # These are already handled
+                self.sys_resolution.add_issue(
+                    evolve(addon.boot_failed_issue),
+                    suggestions=[
+                        SuggestionType.EXECUTE_START,
+                        SuggestionType.DISABLE_BOOT,
+                    ],
+                )
             else:
                 continue
 
@@ -129,6 +137,19 @@ class AddonManager(CoreSysAttributes):
         # Ignore exceptions from waiting for addon startup, addon errors handled elsewhere
         await asyncio.gather(*wait_boot, return_exceptions=True)
 
+        # After waiting for startup, create an issue for boot addons that are error or unknown state
+        # Ignore stopped as single shot addons can be run at boot and this is successful exit
+        # Timeout waiting for startup is not a failure, addon is probably just slow
+        for addon in tasks:
+            if addon.state in {AddonState.ERROR, AddonState.UNKNOWN}:
+                self.sys_resolution.add_issue(
+                    evolve(addon.boot_failed_issue),
+                    suggestions=[
+                        SuggestionType.EXECUTE_START,
+                        SuggestionType.DISABLE_BOOT,
+                    ],
+                )
+
     async def shutdown(self, stage: AddonStartup) -> None:
         """Shutdown addons."""
         tasks: list[Addon] = []
@@ -149,7 +170,7 @@ class AddonManager(CoreSysAttributes):
                 await addon.stop()
             except Exception as err:  # pylint: disable=broad-except
                 _LOGGER.warning("Can't stop Add-on %s: %s", addon.slug, err)
-                capture_exception(err)
+                await async_capture_exception(err)
 
     @Job(
         name="addon_manager_install",
@@ -173,13 +194,22 @@ class AddonManager(CoreSysAttributes):
 
         _LOGGER.info("Add-on '%s' successfully installed", slug)
 
-    async def uninstall(self, slug: str) -> None:
+    @Job(name="addon_manager_uninstall")
+    async def uninstall(self, slug: str, *, remove_config: bool = False) -> None:
         """Remove an add-on."""
         if slug not in self.local:
             _LOGGER.warning("Add-on %s is not installed", slug)
             return
 
-        await self.local[slug].uninstall()
+        shared_image = any(
+            self.local[slug].image == addon.image
+            and self.local[slug].version == addon.version
+            for addon in self.installed
+            if addon.slug != slug
+        )
+        await self.local[slug].uninstall(
+            remove_config=remove_config, remove_image=not shared_image
+        )
 
         _LOGGER.info("Add-on '%s' successfully removed", slug)
 
@@ -284,7 +314,7 @@ class AddonManager(CoreSysAttributes):
         if slug not in self.local:
             _LOGGER.debug("Add-on %s is not local available for restore", slug)
             addon = Addon(self.coresys, slug)
-            had_ingress = False
+            had_ingress: bool | None = False
         else:
             _LOGGER.debug("Add-on %s is local available for restore", slug)
             addon = self.local[slug]
@@ -359,7 +389,7 @@ class AddonManager(CoreSysAttributes):
                     reference=addon.slug,
                     suggestions=[SuggestionType.EXECUTE_REPAIR],
                 )
-                capture_exception(err)
+                await async_capture_exception(err)
             else:
                 add_host_coros.append(
                     self.sys_plugins.dns.add_host(

supervisor/addons/model.py

@@ -1,14 +1,18 @@
 """Init file for Supervisor add-ons."""
+
 from abc import ABC, abstractmethod
 from collections import defaultdict
-from collections.abc import Callable
+from collections.abc import Awaitable, Callable
 from contextlib import suppress
+from datetime import datetime
 import logging
 from pathlib import Path
 from typing import Any
 
 from awesomeversion import AwesomeVersion, AwesomeVersionException
 
+from supervisor.utils.dt import utc_from_timestamp
+
 from ..const import (
     ATTR_ADVANCED,
     ATTR_APPARMOR,
@@ -43,7 +47,7 @@ from ..const import (
     ATTR_JOURNALD,
     ATTR_KERNEL_MODULES,
     ATTR_LEGACY,
-    ATTR_LOCATON,
+    ATTR_LOCATION,
     ATTR_MACHINE,
     ATTR_MAP,
     ATTR_NAME,
@@ -71,6 +75,7 @@ from ..const import (
     ATTR_URL,
     ATTR_USB,
     ATTR_VERSION,
+    ATTR_VERSION_TIMESTAMP,
     ATTR_VIDEO,
     ATTR_WATCHDOG,
     ATTR_WEBUI,
@@ -78,6 +83,7 @@ from ..const import (
     SECURITY_DISABLE,
     SECURITY_PROFILE,
     AddonBoot,
+    AddonBootConfig,
     AddonStage,
     AddonStartup,
 )
@@ -90,6 +96,7 @@ from ..utils import version_is_new_enough
 from .configuration import FolderMapping
 from .const import (
     ATTR_BACKUP,
+    ATTR_BREAKING_VERSIONS,
     ATTR_CODENOTARY,
     ATTR_PATH,
     ATTR_READ_ONLY,
@@ -113,6 +120,10 @@ class AddonModel(JobGroup, ABC):
             coresys, JOB_GROUP_ADDON.format_map(defaultdict(str, slug=slug)), slug
         )
         self.slug: str = slug
+        self._path_icon_exists: bool = False
+        self._path_logo_exists: bool = False
+        self._path_changelog_exists: bool = False
+        self._path_documentation_exists: bool = False
 
     @property
     @abstractmethod
@@ -140,10 +151,15 @@ class AddonModel(JobGroup, ABC):
         return self.data[ATTR_OPTIONS]
 
     @property
-    def boot(self) -> AddonBoot:
-        """Return boot config with prio local settings."""
+    def boot_config(self) -> AddonBootConfig:
+        """Return boot config."""
         return self.data[ATTR_BOOT]
 
+    @property
+    def boot(self) -> AddonBoot:
+        """Return boot config with prio local settings unless config is forced."""
+        return AddonBoot(self.data[ATTR_BOOT])
+
     @property
     def auto_update(self) -> bool | None:
         """Return if auto update is enable."""
@@ -194,18 +210,6 @@ class AddonModel(JobGroup, ABC):
         """Return description of add-on."""
         return self.data[ATTR_DESCRIPTON]
 
-    @property
-    def long_description(self) -> str | None:
-        """Return README.md as long_description."""
-        readme = Path(self.path_location, "README.md")
-
-        # If readme not exists
-        if not readme.exists():
-            return None
-
-        # Return data
-        return readme.read_text(encoding="utf-8")
-
     @property
     def repository(self) -> str:
         """Return repository of add-on."""
@@ -221,6 +225,11 @@ class AddonModel(JobGroup, ABC):
         """Return latest version of add-on."""
         return self.data[ATTR_VERSION]
 
+    @property
+    def latest_version_timestamp(self) -> datetime:
+        """Return when latest version was first seen."""
+        return utc_from_timestamp(self.data[ATTR_VERSION_TIMESTAMP])
+
     @property
     def version(self) -> AwesomeVersion:
         """Return version of add-on."""
@@ -285,7 +294,7 @@ class AddonModel(JobGroup, ABC):
         return self.data.get(ATTR_WEBUI)
 
     @property
-    def watchdog(self) -> str | None:
+    def watchdog_url(self) -> str | None:
         """Return URL to for watchdog or None."""
         return self.data.get(ATTR_WATCHDOG)
 
@@ -501,22 +510,22 @@ class AddonModel(JobGroup, ABC):
     @property
     def with_icon(self) -> bool:
         """Return True if an icon exists."""
-        return self.path_icon.exists()
+        return self._path_icon_exists
 
     @property
     def with_logo(self) -> bool:
         """Return True if a logo exists."""
-        return self.path_logo.exists()
+        return self._path_logo_exists
 
     @property
     def with_changelog(self) -> bool:
         """Return True if a changelog exists."""
-        return self.path_changelog.exists()
+        return self._path_changelog_exists
 
     @property
     def with_documentation(self) -> bool:
         """Return True if a documentation exists."""
-        return self.path_documentation.exists()
+        return self._path_documentation_exists
 
     @property
     def supported_arch(self) -> list[str]:
@@ -560,7 +569,7 @@ class AddonModel(JobGroup, ABC):
     @property
     def path_location(self) -> Path:
         """Return path to this add-on."""
-        return Path(self.data[ATTR_LOCATON])
+        return Path(self.data[ATTR_LOCATION])
 
     @property
     def path_icon(self) -> Path:
@@ -597,7 +606,7 @@ class AddonModel(JobGroup, ABC):
         return AddonOptions(self.coresys, raw_schema, self.name, self.slug)
 
     @property
-    def schema_ui(self) -> list[dict[any, any]] | None:
+    def schema_ui(self) -> list[dict[Any, Any]] | None:
         """Create a UI schema for add-on options."""
         raw_schema = self.data[ATTR_SCHEMA]
 
@@ -620,6 +629,37 @@ class AddonModel(JobGroup, ABC):
         """Return Signer email address for CAS."""
         return self.data.get(ATTR_CODENOTARY)
 
+    @property
+    def breaking_versions(self) -> list[AwesomeVersion]:
+        """Return breaking versions of addon."""
+        return self.data[ATTR_BREAKING_VERSIONS]
+
+    async def long_description(self) -> str | None:
+        """Return README.md as long_description."""
+
+        def read_readme() -> str | None:
+            readme = Path(self.path_location, "README.md")
+
+            # If readme not exists
+            if not readme.exists():
+                return None
+
+            # Return data
+            return readme.read_text(encoding="utf-8")
+
+        return await self.sys_run_in_executor(read_readme)
+
+    def refresh_path_cache(self) -> Awaitable[None]:
+        """Refresh cache of existing paths."""
+
+        def check_paths():
+            self._path_icon_exists = self.path_icon.exists()
+            self._path_logo_exists = self.path_logo.exists()
+            self._path_changelog_exists = self.path_changelog.exists()
+            self._path_documentation_exists = self.path_documentation.exists()
+
+        return self.sys_run_in_executor(check_paths)
+
     def validate_availability(self) -> None:
         """Validate if addon is available for current system."""
         return self._validate_availability(self.data, logger=_LOGGER.error)

supervisor/addons/options.py

@@ -1,4 +1,5 @@
 """Add-on Options / UI rendering."""
+
 import hashlib
 import logging
 from pathlib import Path
@@ -136,7 +137,7 @@ class AddonOptions(CoreSysAttributes):
             ) from None
 
         # prepare range
-        range_args = {}
+        range_args: dict[str, Any] = {}
         for group_name in _SCHEMA_LENGTH_PARTS:
             group_value = match.group(group_name)
             if group_value:
@@ -389,14 +390,14 @@ class UiOptions(CoreSysAttributes):
         multiple: bool = False,
     ) -> None:
         """UI nested dict items."""
-        ui_node = {
+        ui_node: dict[str, Any] = {
             "name": key,
             "type": "schema",
             "optional": True,
             "multiple": multiple,
         }
 
-        nested_schema = []
+        nested_schema: list[dict[str, Any]] = []
         for c_key, c_value in option_dict.items():
             # Nested?
             if isinstance(c_value, list):
@@ -412,7 +413,7 @@ def _create_device_filter(str_filter: str) -> dict[str, Any]:
     """Generate device Filter."""
     raw_filter = dict(value.split("=") for value in str_filter.split(";"))
 
-    clean_filter = {}
+    clean_filter: dict[str, Any] = {}
     for key, value in raw_filter.items():
         if key == "subsystem":
             clean_filter[key] = UdevSubsystem(value)

supervisor/addons/utils.py

@@ -1,9 +1,10 @@
 """Util add-ons functions."""
+
 from __future__ import annotations
 
-import asyncio
 import logging
 from pathlib import Path
+import subprocess
 from typing import TYPE_CHECKING
 
 from ..const import ROLE_ADMIN, ROLE_MANAGER, SECURITY_DISABLE, SECURITY_PROFILE
@@ -45,6 +46,7 @@ def rating_security(addon: AddonModel) -> int:
             privilege in addon.privileged
             for privilege in (
                 Capabilities.BPF,
+                Capabilities.CHECKPOINT_RESTORE,
                 Capabilities.DAC_READ_SEARCH,
                 Capabilities.NET_ADMIN,
                 Capabilities.NET_RAW,
@@ -84,18 +86,20 @@ def rating_security(addon: AddonModel) -> int:
     return max(min(8, rating), 1)
 
 
-async def remove_data(folder: Path) -> None:
-    """Remove folder and reset privileged."""
-    try:
-        proc = await asyncio.create_subprocess_exec(
-            "rm", "-rf", str(folder), stdout=asyncio.subprocess.DEVNULL
-        )
+def remove_data(folder: Path) -> None:
+    """Remove folder and reset privileged.
 
-        _, error_msg = await proc.communicate()
+    Must be run in executor.
+    """
+    try:
+        subprocess.run(
+            ["rm", "-rf", str(folder)], stdout=subprocess.DEVNULL, text=True, check=True
+        )
     except OSError as err:
         error_msg = str(err)
+    except subprocess.CalledProcessError as procerr:
+        error_msg = procerr.stderr.strip()
     else:
-        if proc.returncode == 0:
-            return
+        return
 
     _LOGGER.error("Can't remove Add-on Data: %s", error_msg)

supervisor/addons/validate.py

@@ -1,4 +1,5 @@
 """Validate add-ons options schema."""
+
 import logging
 import re
 import secrets
@@ -54,7 +55,7 @@ from ..const import (
     ATTR_KERNEL_MODULES,
     ATTR_LABELS,
     ATTR_LEGACY,
-    ATTR_LOCATON,
+    ATTR_LOCATION,
     ATTR_MACHINE,
     ATTR_MAP,
     ATTR_NAME,
@@ -78,6 +79,8 @@ from ..const import (
     ATTR_STATE,
     ATTR_STDIN,
     ATTR_SYSTEM,
+    ATTR_SYSTEM_MANAGED,
+    ATTR_SYSTEM_MANAGED_CONFIG_ENTRY,
     ATTR_TIMEOUT,
     ATTR_TMPFS,
     ATTR_TRANSLATIONS,
@@ -95,11 +98,11 @@ from ..const import (
     ROLE_ALL,
     ROLE_DEFAULT,
     AddonBoot,
+    AddonBootConfig,
     AddonStage,
     AddonStartup,
     AddonState,
 )
-from ..discovery.validate import valid_discovery_service
 from ..docker.const import Capabilities
 from ..validate import (
     docker_image,
@@ -112,6 +115,7 @@ from ..validate import (
 )
 from .const import (
     ATTR_BACKUP,
+    ATTR_BREAKING_VERSIONS,
     ATTR_CODENOTARY,
     ATTR_PATH,
     ATTR_READ_ONLY,
@@ -189,20 +193,6 @@ def _warn_addon_config(config: dict[str, Any]):
             name,
         )
 
-    invalid_services: list[str] = []
-    for service in config.get(ATTR_DISCOVERY, []):
-        try:
-            valid_discovery_service(service)
-        except vol.Invalid:
-            invalid_services.append(service)
-
-    if invalid_services:
-        _LOGGER.warning(
-            "Add-on lists the following unknown services for discovery: %s. Please report this to the maintainer of %s",
-            ", ".join(invalid_services),
-            name,
-        )
-
     return config
 
 
@@ -332,7 +322,9 @@ _SCHEMA_ADDON_CONFIG = vol.Schema(
         vol.Optional(ATTR_STARTUP, default=AddonStartup.APPLICATION): vol.Coerce(
             AddonStartup
         ),
-        vol.Optional(ATTR_BOOT, default=AddonBoot.AUTO): vol.Coerce(AddonBoot),
+        vol.Optional(ATTR_BOOT, default=AddonBootConfig.AUTO): vol.Coerce(
+            AddonBootConfig
+        ),
         vol.Optional(ATTR_INIT, default=True): vol.Boolean(),
         vol.Optional(ATTR_ADVANCED, default=False): vol.Boolean(),
         vol.Optional(ATTR_STAGE, default=AddonStage.STABLE): vol.Coerce(AddonStage),
@@ -422,6 +414,7 @@ _SCHEMA_ADDON_CONFIG = vol.Schema(
             vol.Coerce(int), vol.Range(min=10, max=300)
         ),
         vol.Optional(ATTR_JOURNALD, default=False): vol.Boolean(),
+        vol.Optional(ATTR_BREAKING_VERSIONS, default=list): [version_tag],
     },
     extra=vol.REMOVE_EXTRA,
 )
@@ -480,6 +473,8 @@ SCHEMA_ADDON_USER = vol.Schema(
         vol.Optional(ATTR_PROTECTED, default=True): vol.Boolean(),
         vol.Optional(ATTR_INGRESS_PANEL, default=False): vol.Boolean(),
         vol.Optional(ATTR_WATCHDOG, default=False): vol.Boolean(),
+        vol.Optional(ATTR_SYSTEM_MANAGED, default=False): vol.Boolean(),
+        vol.Optional(ATTR_SYSTEM_MANAGED_CONFIG_ENTRY, default=None): vol.Maybe(str),
     },
     extra=vol.REMOVE_EXTRA,
 )
@@ -488,7 +483,7 @@ SCHEMA_ADDON_SYSTEM = vol.All(
     _migrate_addon_config(),
     _SCHEMA_ADDON_CONFIG.extend(
         {
-            vol.Required(ATTR_LOCATON): str,
+            vol.Required(ATTR_LOCATION): str,
             vol.Required(ATTR_REPOSITORY): str,
             vol.Required(ATTR_TRANSLATIONS, default=dict): {
                 str: SCHEMA_ADDON_TRANSLATIONS

supervisor/api/__init__.py

@@ -1,20 +1,23 @@
 """Init file for Supervisor RESTful API."""
+
+from dataclasses import dataclass
 from functools import partial
 import logging
 from pathlib import Path
 from typing import Any
 
-from aiohttp import web
-from aiohttp_fast_url_dispatcher import FastUrlDispatcher, attach_fast_url_dispatcher
+from aiohttp import hdrs, web
 
 from ..const import AddonState
 from ..coresys import CoreSys, CoreSysAttributes
-from ..exceptions import APIAddonNotInstalled
+from ..exceptions import APIAddonNotInstalled, HostNotSupportedError
+from ..utils.sentry import async_capture_exception
 from .addons import APIAddons
 from .audio import APIAudio
 from .auth import APIAuth
 from .backups import APIBackups
 from .cli import APICli
+from .const import CONTENT_TYPE_TEXT
 from .discovery import APIDiscovery
 from .dns import APICoreDNS
 from .docker import APIDocker
@@ -36,7 +39,7 @@ from .security import APISecurity
 from .services import APIServices
 from .store import APIStore
 from .supervisor import APISupervisor
-from .utils import api_process
+from .utils import api_process, api_process_raw
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 
@@ -45,6 +48,14 @@ MAX_CLIENT_SIZE: int = 1024**2 * 16
 MAX_LINE_SIZE: int = 24570
 
 
+@dataclass(slots=True, frozen=True)
+class StaticResourceConfig:
+    """Configuration for a static resource."""
+
+    prefix: str
+    path: Path
+
+
 class RestAPI(CoreSysAttributes):
     """Handle RESTful API for Supervisor."""
 
@@ -65,14 +76,19 @@ class RestAPI(CoreSysAttributes):
                 "max_field_size": MAX_LINE_SIZE,
             },
         )
-        attach_fast_url_dispatcher(self.webapp, FastUrlDispatcher())
 
         # service stuff
         self._runner: web.AppRunner = web.AppRunner(self.webapp, shutdown_timeout=5)
         self._site: web.TCPSite | None = None
 
+        # share single host API handler for reuse in logging endpoints
+        self._api_host: APIHost = APIHost()
+        self._api_host.coresys = coresys
+
     async def load(self) -> None:
         """Register REST API Calls."""
+        static_resource_configs: list[StaticResourceConfig] = []
+
         self._register_addons()
         self._register_audio()
         self._register_auth()
@@ -91,7 +107,7 @@ class RestAPI(CoreSysAttributes):
         self._register_network()
         self._register_observer()
         self._register_os()
-        self._register_panel()
+        static_resource_configs.extend(self._register_panel())
         self._register_proxy()
         self._register_resolution()
         self._register_root()
@@ -100,12 +116,54 @@ class RestAPI(CoreSysAttributes):
         self._register_store()
         self._register_supervisor()
 
+        if static_resource_configs:
+
+            def process_configs() -> list[web.StaticResource]:
+                return [
+                    web.StaticResource(config.prefix, config.path)
+                    for config in static_resource_configs
+                ]
+
+            for resource in await self.sys_run_in_executor(process_configs):
+                self.webapp.router.register_resource(resource)
+
         await self.start()
 
+    def _register_advanced_logs(self, path: str, syslog_identifier: str):
+        """Register logs endpoint for a given path, returning logs for single syslog identifier."""
+
+        self.webapp.add_routes(
+            [
+                web.get(
+                    f"{path}/logs",
+                    partial(self._api_host.advanced_logs, identifier=syslog_identifier),
+                ),
+                web.get(
+                    f"{path}/logs/follow",
+                    partial(
+                        self._api_host.advanced_logs,
+                        identifier=syslog_identifier,
+                        follow=True,
+                    ),
+                ),
+                web.get(
+                    f"{path}/logs/boots/{{bootid}}",
+                    partial(self._api_host.advanced_logs, identifier=syslog_identifier),
+                ),
+                web.get(
+                    f"{path}/logs/boots/{{bootid}}/follow",
+                    partial(
+                        self._api_host.advanced_logs,
+                        identifier=syslog_identifier,
+                        follow=True,
+                    ),
+                ),
+            ]
+        )
+
     def _register_host(self) -> None:
         """Register hostcontrol functions."""
-        api_host = APIHost()
-        api_host.coresys = self.coresys
+        api_host = self._api_host
 
         self.webapp.add_routes(
             [
@@ -179,9 +237,13 @@ class RestAPI(CoreSysAttributes):
             [
                 web.get("/os/info", api_os.info),
                 web.post("/os/update", api_os.update),
+                web.get("/os/config/swap", api_os.config_swap_info),
+                web.post("/os/config/swap", api_os.config_swap_options),
                 web.post("/os/config/sync", api_os.config_sync),
                 web.post("/os/datadisk/move", api_os.migrate_data),
                 web.get("/os/datadisk/list", api_os.list_data),
+                web.post("/os/datadisk/wipe", api_os.wipe_data),
+                web.post("/os/boot-slot", api_os.set_boot_slot),
             ]
         )
 
@@ -219,6 +281,8 @@ class RestAPI(CoreSysAttributes):
                 web.get("/jobs/info", api_jobs.info),
                 web.post("/jobs/options", api_jobs.options),
                 web.post("/jobs/reset", api_jobs.reset),
+                web.get("/jobs/{uuid}", api_jobs.job_info),
+                web.delete("/jobs/{uuid}", api_jobs.remove_job),
             ]
         )
 
@@ -257,11 +321,11 @@ class RestAPI(CoreSysAttributes):
             [
                 web.get("/multicast/info", api_multicast.info),
                 web.get("/multicast/stats", api_multicast.stats),
-                web.get("/multicast/logs", api_multicast.logs),
                 web.post("/multicast/update", api_multicast.update),
                 web.post("/multicast/restart", api_multicast.restart),
             ]
         )
+        self._register_advanced_logs("/multicast", "hassio_multicast")
 
     def _register_hardware(self) -> None:
         """Register hardware functions."""
@@ -334,6 +398,7 @@ class RestAPI(CoreSysAttributes):
                 web.post("/auth", api_auth.auth),
                 web.post("/auth/reset", api_auth.reset),
                 web.delete("/auth/cache", api_auth.cache),
+                web.get("/auth/list", api_auth.list_users),
             ]
         )
 
@@ -347,7 +412,6 @@ class RestAPI(CoreSysAttributes):
                 web.get("/supervisor/ping", api_supervisor.ping),
                 web.get("/supervisor/info", api_supervisor.info),
                 web.get("/supervisor/stats", api_supervisor.stats),
-                web.get("/supervisor/logs", api_supervisor.logs),
                 web.post("/supervisor/update", api_supervisor.update),
                 web.post("/supervisor/reload", api_supervisor.reload),
                 web.post("/supervisor/restart", api_supervisor.restart),
@@ -356,6 +420,39 @@ class RestAPI(CoreSysAttributes):
             ]
         )
 
+        async def get_supervisor_logs(*args, **kwargs):
+            try:
+                return await self._api_host.advanced_logs_handler(
+                    *args, identifier="hassio_supervisor", **kwargs
+                )
+            except Exception as err:  # pylint: disable=broad-exception-caught
+                # Supervisor logs are critical, so catch everything, log the exception
+                # and try to return Docker container logs as the fallback
+                _LOGGER.exception(
+                    "Failed to get supervisor logs using advanced_logs API"
+                )
+                if not isinstance(err, HostNotSupportedError):
+                    # No need to capture HostNotSupportedError to Sentry, the cause
+                    # is known and reported to the user using the resolution center.
+                    await async_capture_exception(err)
+                kwargs.pop("follow", None)  # Follow is not supported for Docker logs
+                return await api_supervisor.logs(*args, **kwargs)
+
+        self.webapp.add_routes(
+            [
+                web.get("/supervisor/logs", get_supervisor_logs),
+                web.get(
+                    "/supervisor/logs/follow",
+                    partial(get_supervisor_logs, follow=True),
+                ),
+                web.get("/supervisor/logs/boots/{bootid}", get_supervisor_logs),
+                web.get(
+                    "/supervisor/logs/boots/{bootid}/follow",
+                    partial(get_supervisor_logs, follow=True),
+                ),
+            ]
+        )
+
     def _register_homeassistant(self) -> None:
         """Register Home Assistant functions."""
         api_hass = APIHomeAssistant()
@@ -364,7 +461,6 @@ class RestAPI(CoreSysAttributes):
         self.webapp.add_routes(
             [
                 web.get("/core/info", api_hass.info),
-                web.get("/core/logs", api_hass.logs),
                 web.get("/core/stats", api_hass.stats),
                 web.post("/core/options", api_hass.options),
                 web.post("/core/update", api_hass.update),
@@ -376,11 +472,12 @@ class RestAPI(CoreSysAttributes):
             ]
         )
 
+        self._register_advanced_logs("/core", "homeassistant")
+
         # Reroute from legacy
         self.webapp.add_routes(
             [
                 web.get("/homeassistant/info", api_hass.info),
-                web.get("/homeassistant/logs", api_hass.logs),
                 web.get("/homeassistant/stats", api_hass.stats),
                 web.post("/homeassistant/options", api_hass.options),
                 web.post("/homeassistant/restart", api_hass.restart),
@@ -392,6 +489,8 @@ class RestAPI(CoreSysAttributes):
             ]
         )
 
+        self._register_advanced_logs("/homeassistant", "homeassistant")
+
     def _register_proxy(self) -> None:
         """Register Home Assistant API Proxy."""
         api_proxy = APIProxy()
@@ -427,24 +526,45 @@ class RestAPI(CoreSysAttributes):
 
         self.webapp.add_routes(
             [
-                web.get("/addons", api_addons.list),
+                web.get("/addons", api_addons.list_addons),
                 web.post("/addons/{addon}/uninstall", api_addons.uninstall),
                 web.post("/addons/{addon}/start", api_addons.start),
                 web.post("/addons/{addon}/stop", api_addons.stop),
                 web.post("/addons/{addon}/restart", api_addons.restart),
                 web.post("/addons/{addon}/options", api_addons.options),
+                web.post("/addons/{addon}/sys_options", api_addons.sys_options),
                 web.post(
                     "/addons/{addon}/options/validate", api_addons.options_validate
                 ),
                 web.get("/addons/{addon}/options/config", api_addons.options_config),
                 web.post("/addons/{addon}/rebuild", api_addons.rebuild),
-                web.get("/addons/{addon}/logs", api_addons.logs),
                 web.post("/addons/{addon}/stdin", api_addons.stdin),
                 web.post("/addons/{addon}/security", api_addons.security),
                 web.get("/addons/{addon}/stats", api_addons.stats),
             ]
         )
 
+        @api_process_raw(CONTENT_TYPE_TEXT, error_type=CONTENT_TYPE_TEXT)
+        async def get_addon_logs(request, *args, **kwargs):
+            addon = api_addons.get_addon_for_request(request)
+            kwargs["identifier"] = f"addon_{addon.slug}"
+            return await self._api_host.advanced_logs(request, *args, **kwargs)
+
+        self.webapp.add_routes(
+            [
+                web.get("/addons/{addon}/logs", get_addon_logs),
+                web.get(
+                    "/addons/{addon}/logs/follow",
+                    partial(get_addon_logs, follow=True),
+                ),
+                web.get("/addons/{addon}/logs/boots/{bootid}", get_addon_logs),
+                web.get(
+                    "/addons/{addon}/logs/boots/{bootid}/follow",
+                    partial(get_addon_logs, follow=True),
+                ),
+            ]
+        )
+
         # Legacy routing to support requests for not installed addons
         api_store = APIStore()
         api_store.coresys = self.coresys
@@ -474,7 +594,9 @@ class RestAPI(CoreSysAttributes):
                 web.post("/ingress/session", api_ingress.create_session),
                 web.post("/ingress/validate_session", api_ingress.validate_session),
                 web.get("/ingress/panels", api_ingress.panels),
-                web.view("/ingress/{token}/{path:.*}", api_ingress.handler),
+                web.route(
+                    hdrs.METH_ANY, "/ingress/{token}/{path:.*}", api_ingress.handler
+                ),
             ]
         )
 
@@ -485,7 +607,7 @@ class RestAPI(CoreSysAttributes):
 
         self.webapp.add_routes(
             [
-                web.get("/backups", api_backups.list),
+                web.get("/backups", api_backups.list_backups),
                 web.get("/backups/info", api_backups.info),
                 web.post("/backups/options", api_backups.options),
                 web.post("/backups/reload", api_backups.reload),
@@ -512,7 +634,7 @@ class RestAPI(CoreSysAttributes):
 
         self.webapp.add_routes(
             [
-                web.get("/services", api_services.list),
+                web.get("/services", api_services.list_services),
                 web.get("/services/{service}", api_services.get_service),
                 web.post("/services/{service}", api_services.set_service),
                 web.delete("/services/{service}", api_services.del_service),
@@ -526,7 +648,7 @@ class RestAPI(CoreSysAttributes):
 
         self.webapp.add_routes(
             [
-                web.get("/discovery", api_discovery.list),
+                web.get("/discovery", api_discovery.list_discovery),
                 web.get("/discovery/{uuid}", api_discovery.get_discovery),
                 web.delete("/discovery/{uuid}", api_discovery.del_discovery),
                 web.post("/discovery", api_discovery.set_discovery),
@@ -542,7 +664,6 @@ class RestAPI(CoreSysAttributes):
             [
                 web.get("/dns/info", api_dns.info),
                 web.get("/dns/stats", api_dns.stats),
-                web.get("/dns/logs", api_dns.logs),
                 web.post("/dns/update", api_dns.update),
                 web.post("/dns/options", api_dns.options),
                 web.post("/dns/restart", api_dns.restart),
@@ -550,18 +671,17 @@ class RestAPI(CoreSysAttributes):
             ]
         )
 
+        self._register_advanced_logs("/dns", "hassio_dns")
+
     def _register_audio(self) -> None:
         """Register Audio functions."""
         api_audio = APIAudio()
         api_audio.coresys = self.coresys
-        api_host = APIHost()
-        api_host.coresys = self.coresys
 
         self.webapp.add_routes(
             [
                 web.get("/audio/info", api_audio.info),
                 web.get("/audio/stats", api_audio.stats),
-                web.get("/audio/logs", api_audio.logs),
                 web.post("/audio/update", api_audio.update),
                 web.post("/audio/restart", api_audio.restart),
                 web.post("/audio/reload", api_audio.reload),
@@ -574,6 +694,8 @@ class RestAPI(CoreSysAttributes):
             ]
         )
 
+        self._register_advanced_logs("/audio", "hassio_audio")
+
     def _register_mounts(self) -> None:
         """Register mounts endpoints."""
         api_mounts = APIMounts()
@@ -600,7 +722,6 @@ class RestAPI(CoreSysAttributes):
                 web.get("/store", api_store.store_info),
                 web.get("/store/addons", api_store.addons_list),
                 web.get("/store/addons/{addon}", api_store.addons_addon_info),
-                web.get("/store/addons/{addon}/{version}", api_store.addons_addon_info),
                 web.get("/store/addons/{addon}/icon", api_store.addons_addon_icon),
                 web.get("/store/addons/{addon}/logo", api_store.addons_addon_logo),
                 web.get(
@@ -622,6 +743,8 @@ class RestAPI(CoreSysAttributes):
                     "/store/addons/{addon}/update/{version}",
                     api_store.addons_addon_update,
                 ),
+                # Must be below others since it has a wildcard in resource path
+                web.get("/store/addons/{addon}/{version}", api_store.addons_addon_info),
                 web.post("/store/reload", api_store.reload),
                 web.get("/store/repositories", api_store.repositories_list),
                 web.get(
@@ -651,10 +774,9 @@ class RestAPI(CoreSysAttributes):
             ]
         )
 
-    def _register_panel(self) -> None:
+    def _register_panel(self) -> list[StaticResourceConfig]:
         """Register panel for Home Assistant."""
-        panel_dir = Path(__file__).parent.joinpath("panel")
-        self.webapp.add_routes([web.static("/app", panel_dir)])
+        return [StaticResourceConfig("/app", Path(__file__).parent.joinpath("panel"))]
 
     def _register_docker(self) -> None:
         """Register docker configuration functions."""

supervisor/api/addons.py

@@ -1,15 +1,15 @@
 """Init file for Supervisor Home Assistant RESTful API."""
+
 import asyncio
 from collections.abc import Awaitable
 import logging
-from typing import Any
+from typing import Any, TypedDict
 
 from aiohttp import web
 import voluptuous as vol
 from voluptuous.humanize import humanize_error
 
 from ..addons.addon import Addon
-from ..addons.manager import AnyAddon
 from ..addons.utils import rating_security
 from ..const import (
     ATTR_ADDONS,
@@ -62,7 +62,6 @@ from ..const import (
     ATTR_MEMORY_LIMIT,
     ATTR_MEMORY_PERCENT,
     ATTR_MEMORY_USAGE,
-    ATTR_MESSAGE,
     ATTR_NAME,
     ATTR_NETWORK,
     ATTR_NETWORK_DESCRIPTION,
@@ -71,7 +70,6 @@ from ..const import (
     ATTR_OPTIONS,
     ATTR_PRIVILEGED,
     ATTR_PROTECTED,
-    ATTR_PWNED,
     ATTR_RATING,
     ATTR_REPOSITORY,
     ATTR_SCHEMA,
@@ -81,13 +79,14 @@ from ..const import (
     ATTR_STARTUP,
     ATTR_STATE,
     ATTR_STDIN,
+    ATTR_SYSTEM_MANAGED,
+    ATTR_SYSTEM_MANAGED_CONFIG_ENTRY,
     ATTR_TRANSLATIONS,
     ATTR_UART,
     ATTR_UDEV,
     ATTR_UPDATE_AVAILABLE,
     ATTR_URL,
     ATTR_USB,
-    ATTR_VALID,
     ATTR_VERSION,
     ATTR_VERSION_LATEST,
     ATTR_VIDEO,
@@ -95,6 +94,7 @@ from ..const import (
     ATTR_WEBUI,
     REQUEST_FROM,
     AddonBoot,
+    AddonBootConfig,
 )
 from ..coresys import CoreSysAttributes
 from ..docker.stats import DockerStats
@@ -102,12 +102,13 @@ from ..exceptions import (
     APIAddonNotInstalled,
     APIError,
     APIForbidden,
+    APINotFound,
     PwnedError,
     PwnedSecret,
 )
 from ..validate import docker_ports
-from .const import ATTR_SIGNED, CONTENT_TYPE_BINARY
-from .utils import api_process, api_process_raw, api_validate, json_loads
+from .const import ATTR_BOOT_CONFIG, ATTR_REMOVE_CONFIG, ATTR_SIGNED
+from .utils import api_process, api_validate, json_loads
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 
@@ -126,16 +127,35 @@ SCHEMA_OPTIONS = vol.Schema(
     }
 )
 
-# pylint: disable=no-value-for-parameter
+SCHEMA_SYS_OPTIONS = vol.Schema(
+    {
+        vol.Optional(ATTR_SYSTEM_MANAGED): vol.Boolean(),
+        vol.Optional(ATTR_SYSTEM_MANAGED_CONFIG_ENTRY): vol.Maybe(str),
+    }
+)
+
 SCHEMA_SECURITY = vol.Schema({vol.Optional(ATTR_PROTECTED): vol.Boolean()})
 
+SCHEMA_UNINSTALL = vol.Schema(
+    {vol.Optional(ATTR_REMOVE_CONFIG, default=False): vol.Boolean()}
+)
+# pylint: enable=no-value-for-parameter
+
+
+class OptionsValidateResponse(TypedDict):
+    """Response object for options validate."""
+
+    message: str
+    valid: bool
+    pwned: bool | None
+
 
 class APIAddons(CoreSysAttributes):
     """Handle RESTful API for add-on functions."""
 
-    def _extract_addon(self, request: web.Request) -> Addon:
-        """Return addon, throw an exception it it doesn't exist."""
-        addon_slug: str = request.match_info.get("addon")
+    def get_addon_for_request(self, request: web.Request) -> Addon:
+        """Return addon, throw an exception if it doesn't exist."""
+        addon_slug: str = request.match_info["addon"]
 
         # Lookup itself
         if addon_slug == "self":
@@ -146,14 +166,14 @@ class APIAddons(CoreSysAttributes):
 
         addon = self.sys_addons.get(addon_slug)
         if not addon:
-            raise APIError(f"Addon {addon_slug} does not exist")
+            raise APINotFound(f"Addon {addon_slug} does not exist")
         if not isinstance(addon, Addon) or not addon.is_installed:
             raise APIAddonNotInstalled("Addon is not installed")
 
         return addon
 
     @api_process
-    async def list(self, request: web.Request) -> dict[str, Any]:
+    async def list_addons(self, request: web.Request) -> dict[str, Any]:
         """Return all add-ons or repositories."""
         data_addons = [
             {
@@ -174,6 +194,7 @@ class APIAddons(CoreSysAttributes):
                 ATTR_URL: addon.url,
                 ATTR_ICON: addon.with_icon,
                 ATTR_LOGO: addon.with_logo,
+                ATTR_SYSTEM_MANAGED: addon.system_managed,
             }
             for addon in self.sys_addons.installed
         ]
@@ -187,7 +208,7 @@ class APIAddons(CoreSysAttributes):
 
     async def info(self, request: web.Request) -> dict[str, Any]:
         """Return add-on information."""
-        addon: AnyAddon = self._extract_addon(request)
+        addon: Addon = self.get_addon_for_request(request)
 
         data = {
             ATTR_NAME: addon.name,
@@ -195,13 +216,14 @@ class APIAddons(CoreSysAttributes):
             ATTR_HOSTNAME: addon.hostname,
             ATTR_DNS: addon.dns,
             ATTR_DESCRIPTON: addon.description,
-            ATTR_LONG_DESCRIPTION: addon.long_description,
+            ATTR_LONG_DESCRIPTION: await addon.long_description(),
             ATTR_ADVANCED: addon.advanced,
             ATTR_STAGE: addon.stage,
             ATTR_REPOSITORY: addon.repository,
             ATTR_VERSION_LATEST: addon.latest_version,
             ATTR_PROTECTED: addon.protected,
             ATTR_RATING: rating_security(addon),
+            ATTR_BOOT_CONFIG: addon.boot_config,
             ATTR_BOOT: addon.boot,
             ATTR_OPTIONS: addon.options,
             ATTR_SCHEMA: addon.schema_ui,
@@ -261,6 +283,8 @@ class APIAddons(CoreSysAttributes):
             ATTR_WATCHDOG: addon.watchdog,
             ATTR_DEVICES: addon.static_devices
             + [device.path for device in addon.devices],
+            ATTR_SYSTEM_MANAGED: addon.system_managed,
+            ATTR_SYSTEM_MANAGED_CONFIG_ENTRY: addon.system_managed_config_entry,
         }
 
         return data
@@ -268,7 +292,7 @@ class APIAddons(CoreSysAttributes):
     @api_process
     async def options(self, request: web.Request) -> None:
         """Store user options for add-on."""
-        addon = self._extract_addon(request)
+        addon = self.get_addon_for_request(request)
 
         # Update secrets for validation
         await self.sys_homeassistant.secrets.reload()
@@ -283,6 +307,10 @@ class APIAddons(CoreSysAttributes):
         if ATTR_OPTIONS in body:
             addon.options = body[ATTR_OPTIONS]
         if ATTR_BOOT in body:
+            if addon.boot_config == AddonBootConfig.MANUAL_ONLY:
+                raise APIError(
+                    f"Addon {addon.slug} boot option is set to {addon.boot_config} so it cannot be changed"
+                )
             addon.boot = body[ATTR_BOOT]
         if ATTR_AUTO_UPDATE in body:
             addon.auto_update = body[ATTR_AUTO_UPDATE]
@@ -298,13 +326,27 @@ class APIAddons(CoreSysAttributes):
         if ATTR_WATCHDOG in body:
             addon.watchdog = body[ATTR_WATCHDOG]
 
-        addon.save_persist()
+        await addon.save_persist()
 
     @api_process
-    async def options_validate(self, request: web.Request) -> None:
+    async def sys_options(self, request: web.Request) -> None:
+        """Store system options for an add-on."""
+        addon = self.get_addon_for_request(request)
+
+        # Validate/Process Body
+        body = await api_validate(SCHEMA_SYS_OPTIONS, request)
+        if ATTR_SYSTEM_MANAGED in body:
+            addon.system_managed = body[ATTR_SYSTEM_MANAGED]
+        if ATTR_SYSTEM_MANAGED_CONFIG_ENTRY in body:
+            addon.system_managed_config_entry = body[ATTR_SYSTEM_MANAGED_CONFIG_ENTRY]
+
+        await addon.save_persist()
+
+    @api_process
+    async def options_validate(self, request: web.Request) -> OptionsValidateResponse:
         """Validate user options for add-on."""
-        addon = self._extract_addon(request)
-        data = {ATTR_MESSAGE: "", ATTR_VALID: True, ATTR_PWNED: False}
+        addon = self.get_addon_for_request(request)
+        data = OptionsValidateResponse(message="", valid=True, pwned=False)
 
         options = await request.json(loads=json_loads) or addon.options
 
@@ -313,8 +355,8 @@ class APIAddons(CoreSysAttributes):
         try:
             options_schema.validate(options)
         except vol.Invalid as ex:
-            data[ATTR_MESSAGE] = humanize_error(options, ex)
-            data[ATTR_VALID] = False
+            data["message"] = humanize_error(options, ex)
+            data["valid"] = False
 
         if not self.sys_security.pwned:
             return data
@@ -325,27 +367,27 @@ class APIAddons(CoreSysAttributes):
                 await self.sys_security.verify_secret(secret)
                 continue
             except PwnedSecret:
-                data[ATTR_PWNED] = True
+                data["pwned"] = True
             except PwnedError:
-                data[ATTR_PWNED] = None
+                data["pwned"] = None
             break
 
-        if self.sys_security.force and data[ATTR_PWNED] in (None, True):
-            data[ATTR_VALID] = False
-            if data[ATTR_PWNED] is None:
-                data[ATTR_MESSAGE] = "Error happening on pwned secrets check!"
+        if self.sys_security.force and data["pwned"] in (None, True):
+            data["valid"] = False
+            if data["pwned"] is None:
+                data["message"] = "Error happening on pwned secrets check!"
             else:
-                data[ATTR_MESSAGE] = "Add-on uses pwned secrets!"
+                data["message"] = "Add-on uses pwned secrets!"
 
         return data
 
     @api_process
     async def options_config(self, request: web.Request) -> None:
         """Validate user options for add-on."""
-        slug: str = request.match_info.get("addon")
+        slug: str = request.match_info["addon"]
         if slug != "self":
             raise APIForbidden("This can be only read by the Add-on itself!")
-        addon = self._extract_addon(request)
+        addon = self.get_addon_for_request(request)
 
         # Lookup/reload secrets
         await self.sys_homeassistant.secrets.reload()
@@ -357,19 +399,19 @@ class APIAddons(CoreSysAttributes):
     @api_process
     async def security(self, request: web.Request) -> None:
         """Store security options for add-on."""
-        addon = self._extract_addon(request)
+        addon = self.get_addon_for_request(request)
         body: dict[str, Any] = await api_validate(SCHEMA_SECURITY, request)
 
         if ATTR_PROTECTED in body:
             _LOGGER.warning("Changing protected flag for %s!", addon.slug)
             addon.protected = body[ATTR_PROTECTED]
 
-        addon.save_persist()
+        await addon.save_persist()
 
     @api_process
     async def stats(self, request: web.Request) -> dict[str, Any]:
         """Return resource information."""
-        addon = self._extract_addon(request)
+        addon = self.get_addon_for_request(request)
 
         stats: DockerStats = await addon.stats()
 
@@ -385,48 +427,47 @@ class APIAddons(CoreSysAttributes):
         }
 
     @api_process
-    def uninstall(self, request: web.Request) -> Awaitable[None]:
+    async def uninstall(self, request: web.Request) -> Awaitable[None]:
         """Uninstall add-on."""
-        addon = self._extract_addon(request)
-        return asyncio.shield(self.sys_addons.uninstall(addon.slug))
+        addon = self.get_addon_for_request(request)
+        body: dict[str, Any] = await api_validate(SCHEMA_UNINSTALL, request)
+        return await asyncio.shield(
+            self.sys_addons.uninstall(
+                addon.slug, remove_config=body[ATTR_REMOVE_CONFIG]
+            )
+        )
 
     @api_process
     async def start(self, request: web.Request) -> None:
         """Start add-on."""
-        addon = self._extract_addon(request)
+        addon = self.get_addon_for_request(request)
         if start_task := await asyncio.shield(addon.start()):
             await start_task
 
     @api_process
     def stop(self, request: web.Request) -> Awaitable[None]:
         """Stop add-on."""
-        addon = self._extract_addon(request)
+        addon = self.get_addon_for_request(request)
         return asyncio.shield(addon.stop())
 
     @api_process
     async def restart(self, request: web.Request) -> None:
         """Restart add-on."""
-        addon: Addon = self._extract_addon(request)
+        addon: Addon = self.get_addon_for_request(request)
         if start_task := await asyncio.shield(addon.restart()):
             await start_task
 
     @api_process
     async def rebuild(self, request: web.Request) -> None:
         """Rebuild local build add-on."""
-        addon = self._extract_addon(request)
+        addon = self.get_addon_for_request(request)
         if start_task := await asyncio.shield(self.sys_addons.rebuild(addon.slug)):
             await start_task
 
-    @api_process_raw(CONTENT_TYPE_BINARY)
-    def logs(self, request: web.Request) -> Awaitable[bytes]:
-        """Return logs from add-on."""
-        addon = self._extract_addon(request)
-        return addon.logs()
-
     @api_process
     async def stdin(self, request: web.Request) -> None:
         """Write to stdin of add-on."""
-        addon = self._extract_addon(request)
+        addon = self.get_addon_for_request(request)
         if not addon.with_stdin:
             raise APIError(f"STDIN not supported the {addon.slug} add-on")
 

supervisor/api/audio.py

@@ -1,4 +1,5 @@
 """Init file for Supervisor Audio RESTful API."""
+
 import asyncio
 from collections.abc import Awaitable
 from dataclasses import asdict
@@ -35,8 +36,7 @@ from ..coresys import CoreSysAttributes
 from ..exceptions import APIError
 from ..host.sound import StreamType
 from ..validate import version_tag
-from .const import CONTENT_TYPE_BINARY
-from .utils import api_process, api_process_raw, api_validate
+from .utils import api_process, api_validate
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 
@@ -111,11 +111,6 @@ class APIAudio(CoreSysAttributes):
             raise APIError(f"Version {version} is already in use")
         await asyncio.shield(self.sys_plugins.audio.update(version))
 
-    @api_process_raw(CONTENT_TYPE_BINARY)
-    def logs(self, request: web.Request) -> Awaitable[bytes]:
-        """Return Audio Docker logs."""
-        return self.sys_plugins.audio.logs()
-
     @api_process
     def restart(self, request: web.Request) -> Awaitable[None]:
         """Restart Audio plugin."""
@@ -129,7 +124,7 @@ class APIAudio(CoreSysAttributes):
     @api_process
     async def set_volume(self, request: web.Request) -> None:
         """Set audio volume on stream."""
-        source: StreamType = StreamType(request.match_info.get("source"))
+        source: StreamType = StreamType(request.match_info["source"])
         application: bool = request.path.endswith("application")
         body = await api_validate(SCHEMA_VOLUME, request)
 
@@ -142,7 +137,7 @@ class APIAudio(CoreSysAttributes):
     @api_process
     async def set_mute(self, request: web.Request) -> None:
         """Mute audio volume on stream."""
-        source: StreamType = StreamType(request.match_info.get("source"))
+        source: StreamType = StreamType(request.match_info["source"])
         application: bool = request.path.endswith("application")
         body = await api_validate(SCHEMA_MUTE, request)
 
@@ -155,7 +150,7 @@ class APIAudio(CoreSysAttributes):
     @api_process
     async def set_default(self, request: web.Request) -> None:
         """Set audio default stream."""
-        source: StreamType = StreamType(request.match_info.get("source"))
+        source: StreamType = StreamType(request.match_info["source"])
         body = await api_validate(SCHEMA_DEFAULT, request)
 
         await asyncio.shield(self.sys_host.sound.set_default(source, body[ATTR_NAME]))

supervisor/api/auth.py

@@ -1,6 +1,9 @@
 """Init file for Supervisor auth/SSO RESTful API."""
+
 import asyncio
+from collections.abc import Awaitable
 import logging
+from typing import Any
 
 from aiohttp import BasicAuth, web
 from aiohttp.hdrs import AUTHORIZATION, CONTENT_TYPE, WWW_AUTHENTICATE
@@ -8,10 +11,19 @@ from aiohttp.web_exceptions import HTTPUnauthorized
 import voluptuous as vol
 
 from ..addons.addon import Addon
-from ..const import ATTR_PASSWORD, ATTR_USERNAME, REQUEST_FROM
+from ..const import ATTR_NAME, ATTR_PASSWORD, ATTR_USERNAME, REQUEST_FROM
 from ..coresys import CoreSysAttributes
 from ..exceptions import APIForbidden
-from .const import CONTENT_TYPE_JSON, CONTENT_TYPE_URL
+from ..utils.json import json_loads
+from .const import (
+    ATTR_GROUP_IDS,
+    ATTR_IS_ACTIVE,
+    ATTR_IS_OWNER,
+    ATTR_LOCAL_ONLY,
+    ATTR_USERS,
+    CONTENT_TYPE_JSON,
+    CONTENT_TYPE_URL,
+)
 from .utils import api_process, api_validate
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
@@ -31,7 +43,7 @@ REALM_HEADER: dict[str, str] = {
 class APIAuth(CoreSysAttributes):
     """Handle RESTful API for auth functions."""
 
-    def _process_basic(self, request: web.Request, addon: Addon) -> bool:
+    def _process_basic(self, request: web.Request, addon: Addon) -> Awaitable[bool]:
         """Process login request with basic auth.
 
         Return a coroutine.
@@ -41,7 +53,7 @@ class APIAuth(CoreSysAttributes):
 
     def _process_dict(
         self, request: web.Request, addon: Addon, data: dict[str, str]
-    ) -> bool:
+    ) -> Awaitable[bool]:
         """Process login with dict data.
 
         Return a coroutine.
@@ -67,7 +79,7 @@ class APIAuth(CoreSysAttributes):
 
         # Json
         if request.headers.get(CONTENT_TYPE) == CONTENT_TYPE_JSON:
-            data = await request.json()
+            data = await request.json(loads=json_loads)
             return await self._process_dict(request, addon, data)
 
         # URL encoded
@@ -88,4 +100,22 @@ class APIAuth(CoreSysAttributes):
     @api_process
     async def cache(self, request: web.Request) -> None:
         """Process cache reset request."""
-        self.sys_auth.reset_data()
+        await self.sys_auth.reset_data()
+
+    @api_process
+    async def list_users(self, request: web.Request) -> dict[str, list[dict[str, Any]]]:
+        """List users on the Home Assistant instance."""
+        return {
+            ATTR_USERS: [
+                {
+                    ATTR_USERNAME: user[ATTR_USERNAME],
+                    ATTR_NAME: user[ATTR_NAME],
+                    ATTR_IS_OWNER: user[ATTR_IS_OWNER],
+                    ATTR_IS_ACTIVE: user[ATTR_IS_ACTIVE],
+                    ATTR_LOCAL_ONLY: user[ATTR_LOCAL_ONLY],
+                    ATTR_GROUP_IDS: user[ATTR_GROUP_IDS],
+                }
+                for user in await self.sys_auth.list_users()
+                if user[ATTR_USERNAME]
+            ]
+        }

supervisor/api/backups.py

@@ -1,16 +1,24 @@
 """Backups RESTful API."""
+
+from __future__ import annotations
+
 import asyncio
+from collections.abc import Callable
 import errno
+from io import IOBase
 import logging
 from pathlib import Path
 import re
 from tempfile import TemporaryDirectory
-from typing import Any
+from typing import Any, cast
 
-from aiohttp import web
+from aiohttp import BodyPartReader, web
 from aiohttp.hdrs import CONTENT_DISPOSITION
 import voluptuous as vol
+from voluptuous.humanize import humanize_error
 
+from ..backups.backup import Backup
+from ..backups.const import LOCATION_CLOUD_BACKUP, LOCATION_TYPE
 from ..backups.validate import ALL_FOLDERS, FOLDER_HOMEASSISTANT, days_until_stale
 from ..const import (
     ATTR_ADDONS,
@@ -19,77 +27,118 @@ from ..const import (
     ATTR_CONTENT,
     ATTR_DATE,
     ATTR_DAYS_UNTIL_STALE,
+    ATTR_EXTRA,
+    ATTR_FILENAME,
     ATTR_FOLDERS,
     ATTR_HOMEASSISTANT,
     ATTR_HOMEASSISTANT_EXCLUDE_DATABASE,
-    ATTR_LOCATON,
+    ATTR_JOB_ID,
+    ATTR_LOCATION,
     ATTR_NAME,
     ATTR_PASSWORD,
     ATTR_PROTECTED,
     ATTR_REPOSITORIES,
     ATTR_SIZE,
+    ATTR_SIZE_BYTES,
     ATTR_SLUG,
     ATTR_SUPERVISOR_VERSION,
     ATTR_TIMEOUT,
     ATTR_TYPE,
     ATTR_VERSION,
+    REQUEST_FROM,
+    BusEvent,
+    CoreState,
 )
 from ..coresys import CoreSysAttributes
-from ..exceptions import APIError
+from ..exceptions import APIError, APIForbidden, APINotFound
+from ..jobs import JobSchedulerOptions, SupervisorJob
 from ..mounts.const import MountUsage
+from ..mounts.mount import Mount
 from ..resolution.const import UnhealthyReason
-from .const import CONTENT_TYPE_TAR
+from .const import (
+    ATTR_ADDITIONAL_LOCATIONS,
+    ATTR_BACKGROUND,
+    ATTR_LOCATION_ATTRIBUTES,
+    ATTR_LOCATIONS,
+    CONTENT_TYPE_TAR,
+)
 from .utils import api_process, api_validate
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 
+ALL_ADDONS_FLAG = "ALL"
+
+LOCATION_LOCAL = ".local"
+
 RE_SLUGIFY_NAME = re.compile(r"[^A-Za-z0-9]+")
+RE_BACKUP_FILENAME = re.compile(r"^[^\\\/]+\.tar$")
 
 # Backwards compatible
 # Remove: 2022.08
 _ALL_FOLDERS = ALL_FOLDERS + [FOLDER_HOMEASSISTANT]
 
+
+def _ensure_list(item: Any) -> list:
+    """Ensure value is a list."""
+    if not isinstance(item, list):
+        return [item]
+    return item
+
+
+def _convert_local_location(item: str | None) -> str | None:
+    """Convert local location value."""
+    if item in {LOCATION_LOCAL, ""}:
+        return None
+    return item
+
+
 # pylint: disable=no-value-for-parameter
-SCHEMA_RESTORE_PARTIAL = vol.Schema(
+SCHEMA_FOLDERS = vol.All([vol.In(_ALL_FOLDERS)], vol.Unique())
+SCHEMA_LOCATION = vol.All(vol.Maybe(str), _convert_local_location)
+SCHEMA_LOCATION_LIST = vol.All(_ensure_list, [SCHEMA_LOCATION], vol.Unique())
+
+SCHEMA_RESTORE_FULL = vol.Schema(
     {
         vol.Optional(ATTR_PASSWORD): vol.Maybe(str),
-        vol.Optional(ATTR_HOMEASSISTANT): vol.Boolean(),
-        vol.Optional(ATTR_ADDONS): vol.All([str], vol.Unique()),
-        vol.Optional(ATTR_FOLDERS): vol.All([vol.In(_ALL_FOLDERS)], vol.Unique()),
+        vol.Optional(ATTR_BACKGROUND, default=False): vol.Boolean(),
+        vol.Optional(ATTR_LOCATION): SCHEMA_LOCATION,
     }
 )
 
-SCHEMA_RESTORE_FULL = vol.Schema({vol.Optional(ATTR_PASSWORD): vol.Maybe(str)})
+SCHEMA_RESTORE_PARTIAL = SCHEMA_RESTORE_FULL.extend(
+    {
+        vol.Optional(ATTR_HOMEASSISTANT): vol.Boolean(),
+        vol.Optional(ATTR_ADDONS): vol.All([str], vol.Unique()),
+        vol.Optional(ATTR_FOLDERS): SCHEMA_FOLDERS,
+    }
+)
 
 SCHEMA_BACKUP_FULL = vol.Schema(
     {
         vol.Optional(ATTR_NAME): str,
+        vol.Optional(ATTR_FILENAME): vol.Match(RE_BACKUP_FILENAME),
         vol.Optional(ATTR_PASSWORD): vol.Maybe(str),
         vol.Optional(ATTR_COMPRESSED): vol.Maybe(vol.Boolean()),
-        vol.Optional(ATTR_LOCATON): vol.Maybe(str),
+        vol.Optional(ATTR_LOCATION): SCHEMA_LOCATION_LIST,
         vol.Optional(ATTR_HOMEASSISTANT_EXCLUDE_DATABASE): vol.Boolean(),
+        vol.Optional(ATTR_BACKGROUND, default=False): vol.Boolean(),
+        vol.Optional(ATTR_EXTRA): dict,
     }
 )
 
 SCHEMA_BACKUP_PARTIAL = SCHEMA_BACKUP_FULL.extend(
     {
-        vol.Optional(ATTR_ADDONS): vol.All([str], vol.Unique()),
-        vol.Optional(ATTR_FOLDERS): vol.All([vol.In(_ALL_FOLDERS)], vol.Unique()),
+        vol.Optional(ATTR_ADDONS): vol.Or(
+            ALL_ADDONS_FLAG, vol.All([str], vol.Unique())
+        ),
+        vol.Optional(ATTR_FOLDERS): SCHEMA_FOLDERS,
         vol.Optional(ATTR_HOMEASSISTANT): vol.Boolean(),
     }
 )
 
-SCHEMA_OPTIONS = vol.Schema(
-    {
-        vol.Optional(ATTR_DAYS_UNTIL_STALE): days_until_stale,
-    }
-)
-
-SCHEMA_FREEZE = vol.Schema(
-    {
-        vol.Optional(ATTR_TIMEOUT): vol.All(int, vol.Range(min=1)),
-    }
-)
+SCHEMA_OPTIONS = vol.Schema({vol.Optional(ATTR_DAYS_UNTIL_STALE): days_until_stale})
+SCHEMA_FREEZE = vol.Schema({vol.Optional(ATTR_TIMEOUT): vol.All(int, vol.Range(min=1))})
+SCHEMA_REMOVE = vol.Schema({vol.Optional(ATTR_LOCATION): SCHEMA_LOCATION_LIST})
 
 
 class APIBackups(CoreSysAttributes):
@@ -99,9 +148,19 @@ class APIBackups(CoreSysAttributes):
         """Return backup, throw an exception if it doesn't exist."""
         backup = self.sys_backups.get(request.match_info.get("slug"))
         if not backup:
-            raise APIError("Backup does not exist")
+            raise APINotFound("Backup does not exist")
         return backup
 
+    def _make_location_attributes(self, backup: Backup) -> dict[str, dict[str, Any]]:
+        """Make location attributes dictionary."""
+        return {
+            loc if loc else LOCATION_LOCAL: {
+                ATTR_PROTECTED: backup.all_locations[loc].protected,
+                ATTR_SIZE_BYTES: backup.all_locations[loc].size_bytes,
+            }
+            for loc in backup.locations
+        }
+
     def _list_backups(self):
         """Return list of backups."""
         return [
@@ -111,8 +170,11 @@ class APIBackups(CoreSysAttributes):
                 ATTR_DATE: backup.date,
                 ATTR_TYPE: backup.sys_type,
                 ATTR_SIZE: backup.size,
-                ATTR_LOCATON: backup.location,
+                ATTR_SIZE_BYTES: backup.size_bytes,
+                ATTR_LOCATION: backup.location,
+                ATTR_LOCATIONS: backup.locations,
                 ATTR_PROTECTED: backup.protected,
+                ATTR_LOCATION_ATTRIBUTES: self._make_location_attributes(backup),
                 ATTR_COMPRESSED: backup.compressed,
                 ATTR_CONTENT: {
                     ATTR_HOMEASSISTANT: backup.homeassistant_version is not None,
@@ -121,10 +183,11 @@ class APIBackups(CoreSysAttributes):
                 },
             }
             for backup in self.sys_backups.list_backups
+            if backup.location != LOCATION_CLOUD_BACKUP
         ]
 
     @api_process
-    async def list(self, request):
+    async def list_backups(self, request):
         """Return backup list."""
         data_backups = self._list_backups()
 
@@ -150,7 +213,7 @@ class APIBackups(CoreSysAttributes):
         if ATTR_DAYS_UNTIL_STALE in body:
             self.sys_backups.days_until_stale = body[ATTR_DAYS_UNTIL_STALE]
 
-        self.sys_backups.save_data()
+        await self.sys_backups.save_data()
 
     @api_process
     async def reload(self, _):
@@ -180,125 +243,339 @@ class APIBackups(CoreSysAttributes):
             ATTR_NAME: backup.name,
             ATTR_DATE: backup.date,
             ATTR_SIZE: backup.size,
+            ATTR_SIZE_BYTES: backup.size_bytes,
             ATTR_COMPRESSED: backup.compressed,
             ATTR_PROTECTED: backup.protected,
+            ATTR_LOCATION_ATTRIBUTES: self._make_location_attributes(backup),
             ATTR_SUPERVISOR_VERSION: backup.supervisor_version,
             ATTR_HOMEASSISTANT: backup.homeassistant_version,
-            ATTR_LOCATON: backup.location,
+            ATTR_LOCATION: backup.location,
+            ATTR_LOCATIONS: backup.locations,
             ATTR_ADDONS: data_addons,
             ATTR_REPOSITORIES: backup.repositories,
             ATTR_FOLDERS: backup.folders,
             ATTR_HOMEASSISTANT_EXCLUDE_DATABASE: backup.homeassistant_exclude_database,
+            ATTR_EXTRA: backup.extra,
         }
 
-    def _location_to_mount(self, body: dict[str, Any]) -> dict[str, Any]:
-        """Change location field to mount if necessary."""
-        if not body.get(ATTR_LOCATON):
-            return body
+    def _location_to_mount(self, location: str | None) -> LOCATION_TYPE:
+        """Convert a single location to a mount if possible."""
+        if not location or location == LOCATION_CLOUD_BACKUP:
+            return cast(LOCATION_TYPE, location)
 
-        body[ATTR_LOCATON] = self.sys_mounts.get(body[ATTR_LOCATON])
-        if body[ATTR_LOCATON].usage != MountUsage.BACKUP:
+        mount = self.sys_mounts.get(location)
+        if mount.usage != MountUsage.BACKUP:
             raise APIError(
-                f"Mount {body[ATTR_LOCATON].name} is not used for backups, cannot backup to there"
+                f"Mount {mount.name} is not used for backups, cannot backup to there"
             )
 
+        return mount
+
+    def _location_field_to_mount(self, body: dict[str, Any]) -> dict[str, Any]:
+        """Change location field to mount if necessary."""
+        body[ATTR_LOCATION] = self._location_to_mount(body.get(ATTR_LOCATION))
         return body
 
+    def _validate_cloud_backup_location(
+        self, request: web.Request, location: list[str | None] | str | None
+    ) -> None:
+        """Cloud backup location is only available to Home Assistant."""
+        if not isinstance(location, list):
+            location = [location]
+        if (
+            LOCATION_CLOUD_BACKUP in location
+            and request.get(REQUEST_FROM) != self.sys_homeassistant
+        ):
+            raise APIForbidden(
+                f"Location {LOCATION_CLOUD_BACKUP} is only available for Home Assistant"
+            )
+
+    async def _background_backup_task(
+        self, backup_method: Callable, *args, **kwargs
+    ) -> tuple[asyncio.Task, str]:
+        """Start backup task in  background and return task and job ID."""
+        event = asyncio.Event()
+        job, backup_task = cast(
+            tuple[SupervisorJob, asyncio.Task],
+            self.sys_jobs.schedule_job(
+                backup_method, JobSchedulerOptions(), *args, **kwargs
+            ),
+        )
+
+        async def release_on_freeze(new_state: CoreState):
+            if new_state == CoreState.FREEZE:
+                event.set()
+
+        # Wait for system to get into freeze state before returning
+        # If the backup fails validation it will raise before getting there
+        listener = self.sys_bus.register_event(
+            BusEvent.SUPERVISOR_STATE_CHANGE, release_on_freeze
+        )
+        try:
+            event_task = self.sys_create_task(event.wait())
+            _, pending = await asyncio.wait(
+                (backup_task, event_task),
+                return_when=asyncio.FIRST_COMPLETED,
+            )
+            # It seems backup returned early (error or something), make sure to cancel
+            # the event task to avoid "Task was destroyed but it is pending!" errors.
+            if event_task in pending:
+                event_task.cancel()
+            return (backup_task, job.uuid)
+        finally:
+            self.sys_bus.remove_listener(listener)
+
     @api_process
-    async def backup_full(self, request):
+    async def backup_full(self, request: web.Request):
         """Create full backup."""
         body = await api_validate(SCHEMA_BACKUP_FULL, request)
+        locations: list[LOCATION_TYPE] | None = None
 
-        backup = await asyncio.shield(
-            self.sys_backups.do_backup_full(**self._location_to_mount(body))
+        if ATTR_LOCATION in body:
+            location_names: list[str | None] = body.pop(ATTR_LOCATION)
+            self._validate_cloud_backup_location(request, location_names)
+
+            locations = [
+                self._location_to_mount(location) for location in location_names
+            ]
+            body[ATTR_LOCATION] = locations.pop(0)
+            if locations:
+                body[ATTR_ADDITIONAL_LOCATIONS] = locations
+
+        background = body.pop(ATTR_BACKGROUND)
+        backup_task, job_id = await self._background_backup_task(
+            self.sys_backups.do_backup_full, **body
         )
 
+        if background and not backup_task.done():
+            return {ATTR_JOB_ID: job_id}
+
+        backup: Backup = await backup_task
         if backup:
-            return {ATTR_SLUG: backup.slug}
-        return False
+            return {ATTR_JOB_ID: job_id, ATTR_SLUG: backup.slug}
+        raise APIError(
+            f"An error occurred while making backup, check job '{job_id}' or supervisor logs for details",
+            job_id=job_id,
+        )
 
     @api_process
-    async def backup_partial(self, request):
+    async def backup_partial(self, request: web.Request):
         """Create a partial backup."""
         body = await api_validate(SCHEMA_BACKUP_PARTIAL, request)
-        backup = await asyncio.shield(
-            self.sys_backups.do_backup_partial(**self._location_to_mount(body))
+        locations: list[LOCATION_TYPE] | None = None
+
+        if ATTR_LOCATION in body:
+            location_names: list[str | None] = body.pop(ATTR_LOCATION)
+            self._validate_cloud_backup_location(request, location_names)
+
+            locations = [
+                self._location_to_mount(location) for location in location_names
+            ]
+            body[ATTR_LOCATION] = locations.pop(0)
+            if locations:
+                body[ATTR_ADDITIONAL_LOCATIONS] = locations
+
+        if body.get(ATTR_ADDONS) == ALL_ADDONS_FLAG:
+            body[ATTR_ADDONS] = list(self.sys_addons.local)
+
+        background = body.pop(ATTR_BACKGROUND)
+        backup_task, job_id = await self._background_backup_task(
+            self.sys_backups.do_backup_partial, **body
         )
 
+        if background and not backup_task.done():
+            return {ATTR_JOB_ID: job_id}
+
+        backup: Backup = await backup_task
         if backup:
-            return {ATTR_SLUG: backup.slug}
-        return False
+            return {ATTR_JOB_ID: job_id, ATTR_SLUG: backup.slug}
+        raise APIError(
+            f"An error occurred while making backup, check job '{job_id}' or supervisor logs for details",
+            job_id=job_id,
+        )
 
     @api_process
-    async def restore_full(self, request):
+    async def restore_full(self, request: web.Request):
         """Full restore of a backup."""
         backup = self._extract_slug(request)
         body = await api_validate(SCHEMA_RESTORE_FULL, request)
+        self._validate_cloud_backup_location(
+            request, body.get(ATTR_LOCATION, backup.location)
+        )
+        background = body.pop(ATTR_BACKGROUND)
+        restore_task, job_id = await self._background_backup_task(
+            self.sys_backups.do_restore_full, backup, **body
+        )
 
-        return await asyncio.shield(self.sys_backups.do_restore_full(backup, **body))
+        if background and not restore_task.done() or await restore_task:
+            return {ATTR_JOB_ID: job_id}
+        raise APIError(
+            f"An error occurred during restore of {backup.slug}, check job '{job_id}' or supervisor logs for details",
+            job_id=job_id,
+        )
 
     @api_process
-    async def restore_partial(self, request):
+    async def restore_partial(self, request: web.Request):
         """Partial restore a backup."""
         backup = self._extract_slug(request)
         body = await api_validate(SCHEMA_RESTORE_PARTIAL, request)
+        self._validate_cloud_backup_location(
+            request, body.get(ATTR_LOCATION, backup.location)
+        )
+        background = body.pop(ATTR_BACKGROUND)
+        restore_task, job_id = await self._background_backup_task(
+            self.sys_backups.do_restore_partial, backup, **body
+        )
 
-        return await asyncio.shield(self.sys_backups.do_restore_partial(backup, **body))
+        if background and not restore_task.done() or await restore_task:
+            return {ATTR_JOB_ID: job_id}
+        raise APIError(
+            f"An error occurred during restore of {backup.slug}, check job '{job_id}' or supervisor logs for details",
+            job_id=job_id,
+        )
 
     @api_process
-    async def freeze(self, request):
+    async def freeze(self, request: web.Request):
         """Initiate manual freeze for external backup."""
         body = await api_validate(SCHEMA_FREEZE, request)
         await asyncio.shield(self.sys_backups.freeze_all(**body))
 
     @api_process
-    async def thaw(self, request):
+    async def thaw(self, request: web.Request):
         """Begin thaw after manual freeze."""
         await self.sys_backups.thaw_all()
 
     @api_process
-    async def remove(self, request):
+    async def remove(self, request: web.Request):
         """Remove a backup."""
         backup = self._extract_slug(request)
-        return self.sys_backups.remove(backup)
+        body = await api_validate(SCHEMA_REMOVE, request)
+        locations: list[LOCATION_TYPE] | None = None
 
-    async def download(self, request):
+        if ATTR_LOCATION in body:
+            self._validate_cloud_backup_location(request, body[ATTR_LOCATION])
+            locations = [self._location_to_mount(name) for name in body[ATTR_LOCATION]]
+        else:
+            self._validate_cloud_backup_location(request, backup.location)
+
+        await self.sys_backups.remove(backup, locations=locations)
+
+    @api_process
+    async def download(self, request: web.Request):
         """Download a backup file."""
         backup = self._extract_slug(request)
+        # Query will give us '' for /backups, convert value to None
+        location = _convert_local_location(
+            request.query.get(ATTR_LOCATION, backup.location)
+        )
+        self._validate_cloud_backup_location(request, location)
+        if location not in backup.all_locations:
+            raise APIError(f"Backup {backup.slug} is not in location {location}")
 
         _LOGGER.info("Downloading backup %s", backup.slug)
-        response = web.FileResponse(backup.tarfile)
+        filename = backup.all_locations[location].path
+        # If the file is missing, return 404 and trigger reload of location
+        if not await self.sys_run_in_executor(filename.is_file):
+            self.sys_create_task(self.sys_backups.reload(location))
+            return web.Response(status=404)
+
+        response = web.FileResponse(filename)
         response.content_type = CONTENT_TYPE_TAR
-        response.headers[
-            CONTENT_DISPOSITION
-        ] = f"attachment; filename={RE_SLUGIFY_NAME.sub('_', backup.name)}.tar"
+
+        download_filename = filename.name
+        if download_filename == f"{backup.slug}.tar":
+            download_filename = f"{RE_SLUGIFY_NAME.sub('_', backup.name)}.tar"
+        response.headers[CONTENT_DISPOSITION] = (
+            f"attachment; filename={download_filename}"
+        )
         return response
 
     @api_process
-    async def upload(self, request):
+    async def upload(self, request: web.Request):
         """Upload a backup file."""
-        with TemporaryDirectory(dir=str(self.sys_config.path_tmp)) as temp_dir:
-            tar_file = Path(temp_dir, "backup.tar")
+        location: LOCATION_TYPE = None
+        locations: list[LOCATION_TYPE] | None = None
+        tmp_path = self.sys_config.path_tmp
+        if ATTR_LOCATION in request.query:
+            location_names: list[str] = request.query.getall(ATTR_LOCATION, [])
+            self._validate_cloud_backup_location(
+                request, cast(list[str | None], location_names)
+            )
+            # Convert empty string to None if necessary
+            locations = [
+                self._location_to_mount(location)
+                if _convert_local_location(location)
+                else None
+                for location in location_names
+            ]
+            location = locations.pop(0)
+
+            if location and location != LOCATION_CLOUD_BACKUP:
+                tmp_path = cast(Mount, location).local_where
+
+        filename: str | None = None
+        if ATTR_FILENAME in request.query:
+            filename = request.query.get(ATTR_FILENAME)
+            try:
+                vol.Match(RE_BACKUP_FILENAME)(filename)
+            except vol.Invalid as ex:
+                raise APIError(humanize_error(filename, ex)) from None
+
+        temp_dir: TemporaryDirectory | None = None
+        backup_file_stream: IOBase | None = None
+
+        def open_backup_file() -> Path:
+            nonlocal temp_dir, backup_file_stream
+            temp_dir = TemporaryDirectory(dir=tmp_path.as_posix())
+            tar_file = Path(temp_dir.name, "backup.tar")
+            backup_file_stream = tar_file.open("wb")
+            return tar_file
+
+        def close_backup_file() -> None:
+            if backup_file_stream:
+                # Make sure it got closed, in case of exception. It is safe to
+                # close the file stream twice.
+                backup_file_stream.close()
+            if temp_dir:
+                temp_dir.cleanup()
+
+        try:
             reader = await request.multipart()
             contents = await reader.next()
-            try:
-                with tar_file.open("wb") as backup:
-                    while True:
-                        chunk = await contents.read_chunk()
-                        if not chunk:
-                            break
-                        backup.write(chunk)
+            if not isinstance(contents, BodyPartReader):
+                raise APIError("Improperly formatted upload, could not read backup")
 
-            except OSError as err:
-                if err.errno == errno.EBADMSG:
-                    self.sys_resolution.unhealthy = UnhealthyReason.OSERROR_BAD_MESSAGE
-                _LOGGER.error("Can't write new backup file: %s", err)
-                return False
+            tar_file = await self.sys_run_in_executor(open_backup_file)
+            while chunk := await contents.read_chunk(size=2**16):
+                await self.sys_run_in_executor(
+                    cast(IOBase, backup_file_stream).write, chunk
+                )
+            await self.sys_run_in_executor(cast(IOBase, backup_file_stream).close)
 
-            except asyncio.CancelledError:
-                return False
+            backup = await asyncio.shield(
+                self.sys_backups.import_backup(
+                    tar_file,
+                    filename,
+                    location=location,
+                    additional_locations=locations,
+                )
+            )
+        except OSError as err:
+            if err.errno == errno.EBADMSG and location in {
+                LOCATION_CLOUD_BACKUP,
+                None,
+            }:
+                self.sys_resolution.add_unhealthy_reason(
+                    UnhealthyReason.OSERROR_BAD_MESSAGE
+                )
+            _LOGGER.error("Can't write new backup file: %s", err)
+            return False
 
-            backup = await asyncio.shield(self.sys_backups.import_backup(tar_file))
+        except asyncio.CancelledError:
+            return False
+
+        finally:
+            await self.sys_run_in_executor(close_backup_file)
 
         if backup:
             return {ATTR_SLUG: backup.slug}

supervisor/api/cli.py

@@ -1,4 +1,5 @@
 """Init file for Supervisor HA cli RESTful API."""
+
 import asyncio
 import logging
 from typing import Any

supervisor/api/const.py

@@ -1,18 +1,26 @@
 """Const for API."""
 
+from enum import StrEnum
+
 CONTENT_TYPE_BINARY = "application/octet-stream"
 CONTENT_TYPE_JSON = "application/json"
 CONTENT_TYPE_PNG = "image/png"
 CONTENT_TYPE_TAR = "application/tar"
 CONTENT_TYPE_TEXT = "text/plain"
 CONTENT_TYPE_URL = "application/x-www-form-urlencoded"
+CONTENT_TYPE_X_LOG = "text/x-log"
 
 COOKIE_INGRESS = "ingress_session"
 
+ATTR_ADDITIONAL_LOCATIONS = "additional_locations"
 ATTR_AGENT_VERSION = "agent_version"
 ATTR_APPARMOR_VERSION = "apparmor_version"
 ATTR_ATTRIBUTES = "attributes"
 ATTR_AVAILABLE_UPDATES = "available_updates"
+ATTR_BACKGROUND = "background"
+ATTR_BOOT_CONFIG = "boot_config"
+ATTR_BOOT_SLOT = "boot_slot"
+ATTR_BOOT_SLOTS = "boot_slots"
 ATTR_BOOT_TIMESTAMP = "boot_timestamp"
 ATTR_BOOTS = "boots"
 ATTR_BROADCAST_LLMNR = "broadcast_llmnr"
@@ -30,25 +38,53 @@ ATTR_DT_UTC = "dt_utc"
 ATTR_EJECTABLE = "ejectable"
 ATTR_FALLBACK = "fallback"
 ATTR_FILESYSTEMS = "filesystems"
+ATTR_FORCE = "force"
+ATTR_GROUP_IDS = "group_ids"
 ATTR_IDENTIFIERS = "identifiers"
+ATTR_IS_ACTIVE = "is_active"
+ATTR_IS_OWNER = "is_owner"
 ATTR_JOBS = "jobs"
 ATTR_LLMNR = "llmnr"
 ATTR_LLMNR_HOSTNAME = "llmnr_hostname"
+ATTR_LOCAL_ONLY = "local_only"
+ATTR_LOCATION_ATTRIBUTES = "location_attributes"
+ATTR_LOCATIONS = "locations"
 ATTR_MDNS = "mdns"
 ATTR_MODEL = "model"
 ATTR_MOUNTS = "mounts"
 ATTR_MOUNT_POINTS = "mount_points"
 ATTR_PANEL_PATH = "panel_path"
 ATTR_REMOVABLE = "removable"
+ATTR_REMOVE_CONFIG = "remove_config"
 ATTR_REVISION = "revision"
+ATTR_SAFE_MODE = "safe_mode"
 ATTR_SEAT = "seat"
 ATTR_SIGNED = "signed"
 ATTR_STARTUP_TIME = "startup_time"
+ATTR_STATUS = "status"
 ATTR_SUBSYSTEM = "subsystem"
 ATTR_SYSFS = "sysfs"
 ATTR_SYSTEM_HEALTH_LED = "system_health_led"
 ATTR_TIME_DETECTED = "time_detected"
 ATTR_UPDATE_TYPE = "update_type"
-ATTR_USE_NTP = "use_ntp"
 ATTR_USAGE = "usage"
+ATTR_USE_NTP = "use_ntp"
+ATTR_USERS = "users"
+ATTR_USER_PATH = "user_path"
 ATTR_VENDOR = "vendor"
+ATTR_VIRTUALIZATION = "virtualization"
+
+
+class BootSlot(StrEnum):
+    """Boot slots used by HAOS."""
+
+    A = "A"
+    B = "B"
+
+
+class DetectBlockingIO(StrEnum):
+    """Enable/Disable detection for blocking I/O in event loop."""
+
+    OFF = "off"
+    ON = "on"
+    ON_AT_STARTUP = "on_at_startup"

supervisor/api/discovery.py

@@ -1,6 +1,9 @@
 """Init file for Supervisor network RESTful API."""
-import logging
 
+import logging
+from typing import Any, cast
+
+from aiohttp import web
 import voluptuous as vol
 
 from ..addons.addon import Addon
@@ -15,8 +18,8 @@ from ..const import (
     AddonState,
 )
 from ..coresys import CoreSysAttributes
-from ..discovery.validate import valid_discovery_service
-from ..exceptions import APIError, APIForbidden
+from ..discovery import Message
+from ..exceptions import APIForbidden, APINotFound
 from .utils import api_process, api_validate, require_home_assistant
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
@@ -24,7 +27,7 @@ _LOGGER: logging.Logger = logging.getLogger(__name__)
 SCHEMA_DISCOVERY = vol.Schema(
     {
         vol.Required(ATTR_SERVICE): str,
-        vol.Optional(ATTR_CONFIG): vol.Maybe(dict),
+        vol.Required(ATTR_CONFIG): dict,
     }
 )
 
@@ -32,16 +35,16 @@ SCHEMA_DISCOVERY = vol.Schema(
 class APIDiscovery(CoreSysAttributes):
     """Handle RESTful API for discovery functions."""
 
-    def _extract_message(self, request):
+    def _extract_message(self, request: web.Request) -> Message:
         """Extract discovery message from URL."""
-        message = self.sys_discovery.get(request.match_info.get("uuid"))
+        message = self.sys_discovery.get(request.match_info["uuid"])
         if not message:
-            raise APIError("Discovery message not found")
+            raise APINotFound("Discovery message not found")
         return message
 
     @api_process
     @require_home_assistant
-    async def list(self, request):
+    async def list_discovery(self, request: web.Request) -> dict[str, Any]:
         """Show registered and available services."""
         # Get available discovery
         discovery = [
@@ -52,12 +55,16 @@ class APIDiscovery(CoreSysAttributes):
                 ATTR_CONFIG: message.config,
             }
             for message in self.sys_discovery.list_messages
-            if (addon := self.sys_addons.get(message.addon, local_only=True))
-            and addon.state == AddonState.STARTED
+            if (
+                discovered := cast(
+                    Addon, self.sys_addons.get(message.addon, local_only=True)
+                )
+            )
+            and discovered.state == AddonState.STARTED
         ]
 
         # Get available services/add-ons
-        services = {}
+        services: dict[str, list[str]] = {}
         for addon in self.sys_addons.all:
             for name in addon.discovery:
                 services.setdefault(name, []).append(addon.slug)
@@ -65,21 +72,12 @@ class APIDiscovery(CoreSysAttributes):
         return {ATTR_DISCOVERY: discovery, ATTR_SERVICES: services}
 
     @api_process
-    async def set_discovery(self, request):
+    async def set_discovery(self, request: web.Request) -> dict[str, str]:
         """Write data into a discovery pipeline."""
         body = await api_validate(SCHEMA_DISCOVERY, request)
         addon: Addon = request[REQUEST_FROM]
         service = body[ATTR_SERVICE]
 
-        try:
-            valid_discovery_service(service)
-        except vol.Invalid:
-            _LOGGER.warning(
-                "Received discovery message for unknown service %s from addon %s. Please report this to the maintainer of the add-on",
-                service,
-                addon.name,
-            )
-
         # Access?
         if body[ATTR_SERVICE] not in addon.discovery:
             _LOGGER.error(
@@ -92,13 +90,13 @@ class APIDiscovery(CoreSysAttributes):
             )
 
         # Process discovery message
-        message = self.sys_discovery.send(addon, **body)
+        message = await self.sys_discovery.send(addon, **body)
 
         return {ATTR_UUID: message.uuid}
 
     @api_process
     @require_home_assistant
-    async def get_discovery(self, request):
+    async def get_discovery(self, request: web.Request) -> dict[str, Any]:
         """Read data into a discovery message."""
         message = self._extract_message(request)
 
@@ -110,7 +108,7 @@ class APIDiscovery(CoreSysAttributes):
         }
 
     @api_process
-    async def del_discovery(self, request):
+    async def del_discovery(self, request: web.Request) -> None:
         """Delete data into a discovery message."""
         message = self._extract_message(request)
         addon = request[REQUEST_FROM]
@@ -119,5 +117,4 @@ class APIDiscovery(CoreSysAttributes):
         if message.addon != addon.slug:
             raise APIForbidden("Can't remove discovery message")
 
-        self.sys_discovery.remove(message)
-        return True
+        await self.sys_discovery.remove(message)

supervisor/api/dns.py

@@ -1,4 +1,5 @@
 """Init file for Supervisor DNS RESTful API."""
+
 import asyncio
 from collections.abc import Awaitable
 import logging
@@ -26,8 +27,8 @@ from ..const import (
 from ..coresys import CoreSysAttributes
 from ..exceptions import APIError
 from ..validate import dns_server_list, version_tag
-from .const import ATTR_FALLBACK, ATTR_LLMNR, ATTR_MDNS, CONTENT_TYPE_BINARY
-from .utils import api_process, api_process_raw, api_validate
+from .const import ATTR_FALLBACK, ATTR_LLMNR, ATTR_MDNS
+from .utils import api_process, api_validate
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 
@@ -77,7 +78,7 @@ class APICoreDNS(CoreSysAttributes):
         if restart_required:
             self.sys_create_task(self.sys_plugins.dns.restart())
 
-        self.sys_plugins.dns.save_data()
+        await self.sys_plugins.dns.save_data()
 
     @api_process
     async def stats(self, request: web.Request) -> dict[str, Any]:
@@ -105,11 +106,6 @@ class APICoreDNS(CoreSysAttributes):
             raise APIError(f"Version {version} is already in use")
         await asyncio.shield(self.sys_plugins.dns.update(version))
 
-    @api_process_raw(CONTENT_TYPE_BINARY)
-    def logs(self, request: web.Request) -> Awaitable[bytes]:
-        """Return DNS Docker logs."""
-        return self.sys_plugins.dns.logs()
-
     @api_process
     def restart(self, request: web.Request) -> Awaitable[None]:
         """Restart CoreDNS plugin."""

supervisor/api/docker.py

@@ -1,4 +1,5 @@
 """Init file for Supervisor Home Assistant RESTful API."""
+
 import logging
 from typing import Any
 
@@ -15,6 +16,7 @@ from ..const import (
     ATTR_VERSION,
 )
 from ..coresys import CoreSysAttributes
+from ..exceptions import APINotFound
 from .utils import api_process, api_validate
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
@@ -51,14 +53,17 @@ class APIDocker(CoreSysAttributes):
         for hostname, registry in body.items():
             self.sys_docker.config.registries[hostname] = registry
 
-        self.sys_docker.config.save_data()
+        await self.sys_docker.config.save_data()
 
     @api_process
     async def remove_registry(self, request: web.Request):
         """Delete a docker registry."""
         hostname = request.match_info.get(ATTR_HOSTNAME)
+        if hostname not in self.sys_docker.config.registries:
+            raise APINotFound(f"Hostname {hostname} does not exist in registries")
+
         del self.sys_docker.config.registries[hostname]
-        self.sys_docker.config.save_data()
+        await self.sys_docker.config.save_data()
 
     @api_process
     async def info(self, request: web.Request):

supervisor/api/hardware.py

@@ -1,4 +1,5 @@
 """Init file for Supervisor hardware RESTful API."""
+
 import logging
 from typing import Any
 
@@ -16,7 +17,7 @@ from ..const import (
     ATTR_SYSTEM,
 )
 from ..coresys import CoreSysAttributes
-from ..dbus.udisks2 import UDisks2
+from ..dbus.udisks2 import UDisks2Manager
 from ..dbus.udisks2.block import UDisks2Block
 from ..dbus.udisks2.drive import UDisks2Drive
 from ..hardware.data import Device
@@ -67,12 +68,15 @@ def filesystem_struct(fs_block: UDisks2Block) -> dict[str, Any]:
         ATTR_NAME: fs_block.id_label,
         ATTR_SYSTEM: fs_block.hint_system,
         ATTR_MOUNT_POINTS: [
-            str(mount_point) for mount_point in fs_block.filesystem.mount_points
+            str(mount_point)
+            for mount_point in (
+                fs_block.filesystem.mount_points if fs_block.filesystem else []
+            )
         ],
     }
 
 
-def drive_struct(udisks2: UDisks2, drive: UDisks2Drive) -> dict[str, Any]:
+def drive_struct(udisks2: UDisks2Manager, drive: UDisks2Drive) -> dict[str, Any]:
     """Return a dict with information of a disk to be used in the API."""
     return {
         ATTR_VENDOR: drive.vendor,

supervisor/api/homeassistant.py

@@ -1,4 +1,5 @@
 """Init file for Supervisor Home Assistant RESTful API."""
+
 import asyncio
 from collections.abc import Awaitable
 import logging
@@ -34,10 +35,10 @@ from ..const import (
     ATTR_WATCHDOG,
 )
 from ..coresys import CoreSysAttributes
-from ..exceptions import APIError
+from ..exceptions import APIDBMigrationInProgress, APIError
 from ..validate import docker_image, network_port, version_tag
-from .const import CONTENT_TYPE_BINARY
-from .utils import api_process, api_process_raw, api_validate
+from .const import ATTR_FORCE, ATTR_SAFE_MODE
+from .utils import api_process, api_validate
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 
@@ -63,10 +64,34 @@ SCHEMA_UPDATE = vol.Schema(
     }
 )
 
+SCHEMA_RESTART = vol.Schema(
+    {
+        vol.Optional(ATTR_SAFE_MODE, default=False): vol.Boolean(),
+        vol.Optional(ATTR_FORCE, default=False): vol.Boolean(),
+    }
+)
+
+SCHEMA_STOP = vol.Schema(
+    {
+        vol.Optional(ATTR_FORCE, default=False): vol.Boolean(),
+    }
+)
+
 
 class APIHomeAssistant(CoreSysAttributes):
     """Handle RESTful API for Home Assistant functions."""
 
+    async def _check_offline_migration(self, force: bool = False) -> None:
+        """Check and raise if there's an offline DB migration in progress."""
+        if (
+            not force
+            and (state := await self.sys_homeassistant.api.get_api_state())
+            and state.offline_db_migration
+        ):
+            raise APIDBMigrationInProgress(
+                "Offline database migration in progress, try again after it has completed"
+            )
+
     @api_process
     async def info(self, request: web.Request) -> dict[str, Any]:
         """Return host information."""
@@ -93,7 +118,10 @@ class APIHomeAssistant(CoreSysAttributes):
         body = await api_validate(SCHEMA_OPTIONS, request)
 
         if ATTR_IMAGE in body:
-            self.sys_homeassistant.image = body[ATTR_IMAGE]
+            self.sys_homeassistant.set_image(body[ATTR_IMAGE])
+            self.sys_homeassistant.override_image = (
+                self.sys_homeassistant.image != self.sys_homeassistant.default_image
+            )
 
         if ATTR_BOOT in body:
             self.sys_homeassistant.boot = body[ATTR_BOOT]
@@ -121,7 +149,7 @@ class APIHomeAssistant(CoreSysAttributes):
                 ATTR_BACKUPS_EXCLUDE_DATABASE
             ]
 
-        self.sys_homeassistant.save_data()
+        await self.sys_homeassistant.save_data()
 
     @api_process
     async def stats(self, request: web.Request) -> dict[Any, str]:
@@ -145,6 +173,7 @@ class APIHomeAssistant(CoreSysAttributes):
     async def update(self, request: web.Request) -> None:
         """Update Home Assistant."""
         body = await api_validate(SCHEMA_UPDATE, request)
+        await self._check_offline_migration()
 
         await asyncio.shield(
             self.sys_homeassistant.core.update(
@@ -154,9 +183,12 @@ class APIHomeAssistant(CoreSysAttributes):
         )
 
     @api_process
-    def stop(self, request: web.Request) -> Awaitable[None]:
+    async def stop(self, request: web.Request) -> Awaitable[None]:
         """Stop Home Assistant."""
-        return asyncio.shield(self.sys_homeassistant.core.stop())
+        body = await api_validate(SCHEMA_STOP, request)
+        await self._check_offline_migration(force=body[ATTR_FORCE])
+
+        return await asyncio.shield(self.sys_homeassistant.core.stop())
 
     @api_process
     def start(self, request: web.Request) -> Awaitable[None]:
@@ -164,19 +196,24 @@ class APIHomeAssistant(CoreSysAttributes):
         return asyncio.shield(self.sys_homeassistant.core.start())
 
     @api_process
-    def restart(self, request: web.Request) -> Awaitable[None]:
+    async def restart(self, request: web.Request) -> None:
         """Restart Home Assistant."""
-        return asyncio.shield(self.sys_homeassistant.core.restart())
+        body = await api_validate(SCHEMA_RESTART, request)
+        await self._check_offline_migration(force=body[ATTR_FORCE])
+
+        await asyncio.shield(
+            self.sys_homeassistant.core.restart(safe_mode=body[ATTR_SAFE_MODE])
+        )
 
     @api_process
-    def rebuild(self, request: web.Request) -> Awaitable[None]:
+    async def rebuild(self, request: web.Request) -> None:
         """Rebuild Home Assistant."""
-        return asyncio.shield(self.sys_homeassistant.core.rebuild())
+        body = await api_validate(SCHEMA_RESTART, request)
+        await self._check_offline_migration(force=body[ATTR_FORCE])
 
-    @api_process_raw(CONTENT_TYPE_BINARY)
-    def logs(self, request: web.Request) -> Awaitable[bytes]:
-        """Return Home Assistant Docker logs."""
-        return self.sys_homeassistant.core.logs()
+        await asyncio.shield(
+            self.sys_homeassistant.core.rebuild(safe_mode=body[ATTR_SAFE_MODE])
+        )
 
     @api_process
     async def check(self, request: web.Request) -> None:

supervisor/api/host.py

@@ -1,9 +1,11 @@
 """Init file for Supervisor host RESTful API."""
+
 import asyncio
 from contextlib import suppress
 import logging
+from typing import Any
 
-from aiohttp import web
+from aiohttp import ClientConnectionResetError, web
 from aiohttp.hdrs import ACCEPT, RANGE
 import voluptuous as vol
 from voluptuous.error import CoerceInvalid
@@ -27,8 +29,15 @@ from ..const import (
     ATTR_TIMEZONE,
 )
 from ..coresys import CoreSysAttributes
-from ..exceptions import APIError, HostLogError
-from ..host.const import PARAM_BOOT_ID, PARAM_FOLLOW, PARAM_SYSLOG_IDENTIFIER
+from ..exceptions import APIDBMigrationInProgress, APIError, HostLogError
+from ..host.const import (
+    PARAM_BOOT_ID,
+    PARAM_FOLLOW,
+    PARAM_SYSLOG_IDENTIFIER,
+    LogFormat,
+    LogFormatter,
+)
+from ..utils.systemd_journal import journal_logs_reader
 from .const import (
     ATTR_AGENT_VERSION,
     ATTR_APPARMOR_VERSION,
@@ -38,26 +47,48 @@ from .const import (
     ATTR_BROADCAST_MDNS,
     ATTR_DT_SYNCHRONIZED,
     ATTR_DT_UTC,
+    ATTR_FORCE,
     ATTR_IDENTIFIERS,
     ATTR_LLMNR_HOSTNAME,
     ATTR_STARTUP_TIME,
     ATTR_USE_NTP,
+    ATTR_VIRTUALIZATION,
     CONTENT_TYPE_TEXT,
+    CONTENT_TYPE_X_LOG,
 )
-from .utils import api_process, api_validate
+from .utils import api_process, api_process_raw, api_validate
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 
 IDENTIFIER = "identifier"
 BOOTID = "bootid"
-DEFAULT_RANGE = 100
+DEFAULT_LINES = 100
 
 SCHEMA_OPTIONS = vol.Schema({vol.Optional(ATTR_HOSTNAME): str})
 
+# pylint: disable=no-value-for-parameter
+SCHEMA_SHUTDOWN = vol.Schema(
+    {
+        vol.Optional(ATTR_FORCE, default=False): vol.Boolean(),
+    }
+)
+# pylint: enable=no-value-for-parameter
+
 
 class APIHost(CoreSysAttributes):
     """Handle RESTful API for host functions."""
 
+    async def _check_ha_offline_migration(self, force: bool) -> None:
+        """Check if HA has an offline migration in progress and raise if not forced."""
+        if (
+            not force
+            and (state := await self.sys_homeassistant.api.get_api_state())
+            and state.offline_db_migration
+        ):
+            raise APIDBMigrationInProgress(
+                "Home Assistant offline database migration in progress, please wait until complete before shutting down host"
+            )
+
     @api_process
     async def info(self, request):
         """Return host information."""
@@ -65,12 +96,13 @@ class APIHost(CoreSysAttributes):
             ATTR_AGENT_VERSION: self.sys_dbus.agent.version,
             ATTR_APPARMOR_VERSION: self.sys_host.apparmor.version,
             ATTR_CHASSIS: self.sys_host.info.chassis,
+            ATTR_VIRTUALIZATION: self.sys_host.info.virtualization,
             ATTR_CPE: self.sys_host.info.cpe,
             ATTR_DEPLOYMENT: self.sys_host.info.deployment,
-            ATTR_DISK_FREE: self.sys_host.info.free_space,
-            ATTR_DISK_TOTAL: self.sys_host.info.total_space,
-            ATTR_DISK_USED: self.sys_host.info.used_space,
-            ATTR_DISK_LIFE_TIME: self.sys_host.info.disk_life_time,
+            ATTR_DISK_FREE: await self.sys_host.info.free_space(),
+            ATTR_DISK_TOTAL: await self.sys_host.info.total_space(),
+            ATTR_DISK_USED: await self.sys_host.info.used_space(),
+            ATTR_DISK_LIFE_TIME: await self.sys_host.info.disk_life_time(),
             ATTR_FEATURES: self.sys_host.features,
             ATTR_HOSTNAME: self.sys_host.info.hostname,
             ATTR_LLMNR_HOSTNAME: self.sys_host.info.llmnr_hostname,
@@ -98,14 +130,20 @@ class APIHost(CoreSysAttributes):
             )
 
     @api_process
-    def reboot(self, request):
+    async def reboot(self, request):
         """Reboot host."""
-        return asyncio.shield(self.sys_host.control.reboot())
+        body = await api_validate(SCHEMA_SHUTDOWN, request)
+        await self._check_ha_offline_migration(force=body[ATTR_FORCE])
+
+        return await asyncio.shield(self.sys_host.control.reboot())
 
     @api_process
-    def shutdown(self, request):
+    async def shutdown(self, request):
         """Poweroff host."""
-        return asyncio.shield(self.sys_host.control.shutdown())
+        body = await api_validate(SCHEMA_SHUTDOWN, request)
+        await self._check_ha_offline_migration(force=body[ATTR_FORCE])
+
+        return await asyncio.shield(self.sys_host.control.shutdown())
 
     @api_process
     def reload(self, request):
@@ -153,50 +191,94 @@ class APIHost(CoreSysAttributes):
                 raise APIError() from err
         return possible_offset
 
-    @api_process
-    async def advanced_logs(
+    async def advanced_logs_handler(
         self, request: web.Request, identifier: str | None = None, follow: bool = False
     ) -> web.StreamResponse:
         """Return systemd-journald logs."""
-        params = {}
+        log_formatter = LogFormatter.PLAIN
+        params: dict[str, Any] = {}
         if identifier:
             params[PARAM_SYSLOG_IDENTIFIER] = identifier
         elif IDENTIFIER in request.match_info:
-            params[PARAM_SYSLOG_IDENTIFIER] = request.match_info.get(IDENTIFIER)
+            params[PARAM_SYSLOG_IDENTIFIER] = request.match_info[IDENTIFIER]
         else:
             params[PARAM_SYSLOG_IDENTIFIER] = self.sys_host.logs.default_identifiers
+            # host logs should be always verbose, no matter what Accept header is used
+            log_formatter = LogFormatter.VERBOSE
 
         if BOOTID in request.match_info:
-            params[PARAM_BOOT_ID] = await self._get_boot_id(
-                request.match_info.get(BOOTID)
-            )
+            params[PARAM_BOOT_ID] = await self._get_boot_id(request.match_info[BOOTID])
         if follow:
             params[PARAM_FOLLOW] = ""
 
         if ACCEPT in request.headers and request.headers[ACCEPT] not in [
             CONTENT_TYPE_TEXT,
+            CONTENT_TYPE_X_LOG,
             "*/*",
         ]:
             raise APIError(
-                "Invalid content type requested. Only text/plain supported for now."
+                "Invalid content type requested. Only text/plain and text/x-log "
+                "supported for now."
             )
 
-        if RANGE in request.headers:
-            range_header = request.headers.get(RANGE)
+        if "verbose" in request.query or request.headers[ACCEPT] == CONTENT_TYPE_X_LOG:
+            log_formatter = LogFormatter.VERBOSE
+
+        if "lines" in request.query:
+            lines = request.query.get("lines", DEFAULT_LINES)
+            try:
+                lines = int(lines)
+            except ValueError:
+                # If the user passed a non-integer value, just use the default instead of error.
+                lines = DEFAULT_LINES
+            finally:
+                # We can't use the entries= Range header syntax to refer to the last 1 line,
+                # and passing 1 to the calculation below would return the 1st line of the logs
+                # instead. Since this is really an edge case that doesn't matter much, we'll just
+                # return 2 lines at minimum.
+                lines = max(2, lines)
+            # entries=cursor[[:num_skip]:num_entries]
+            range_header = f"entries=:-{lines - 1}:{'' if follow else lines}"
+        elif RANGE in request.headers:
+            range_header = request.headers[RANGE]
         else:
-            range_header = f"entries=:-{DEFAULT_RANGE}:"
+            range_header = (
+                f"entries=:-{DEFAULT_LINES - 1}:{'' if follow else DEFAULT_LINES}"
+            )
 
         async with self.sys_host.logs.journald_logs(
-            params=params, range_header=range_header
+            params=params, range_header=range_header, accept=LogFormat.JOURNAL
         ) as resp:
             try:
                 response = web.StreamResponse()
                 response.content_type = CONTENT_TYPE_TEXT
-                await response.prepare(request)
-                async for data in resp.content:
-                    await response.write(data)
+                headers_returned = False
+                async for cursor, line in journal_logs_reader(resp, log_formatter):
+                    try:
+                        if not headers_returned:
+                            if cursor:
+                                response.headers["X-First-Cursor"] = cursor
+                            response.headers["X-Accel-Buffering"] = "no"
+                            await response.prepare(request)
+                            headers_returned = True
+                        await response.write(line.encode("utf-8") + b"\n")
+                    except ClientConnectionResetError as err:
+                        # When client closes the connection while reading busy logs, we
+                        # sometimes get this exception. It should be safe to ignore it.
+                        _LOGGER.debug(
+                            "ClientConnectionResetError raised when returning journal logs: %s",
+                            err,
+                        )
+                        break
             except ConnectionResetError as ex:
                 raise APIError(
                     "Connection reset when trying to fetch data from systemd-journald."
                 ) from ex
             return response
+
+    @api_process_raw(CONTENT_TYPE_TEXT, error_type=CONTENT_TYPE_TEXT)
+    async def advanced_logs(
+        self, request: web.Request, identifier: str | None = None, follow: bool = False
+    ) -> web.StreamResponse:
+        """Return systemd-journald logs. Wrapped as standard API handler."""
+        return await self.advanced_logs_handler(request, identifier, follow)

supervisor/api/ingress.py

@@ -1,4 +1,5 @@
 """Supervisor Add-on ingress service."""
+
 import asyncio
 from ipaddress import ip_address
 import logging
@@ -82,7 +83,7 @@ class APIIngress(CoreSysAttributes):
 
     def _extract_addon(self, request: web.Request) -> Addon:
         """Return addon, throw an exception it it doesn't exist."""
-        token = request.match_info.get("token")
+        token = request.match_info["token"]
 
         # Find correct add-on
         addon = self.sys_ingress.get(token)
@@ -131,7 +132,7 @@ class APIIngress(CoreSysAttributes):
 
     @api_process
     @require_home_assistant
-    async def validate_session(self, request: web.Request) -> dict[str, Any]:
+    async def validate_session(self, request: web.Request) -> None:
         """Validate session and extending how long it's valid for."""
         data = await api_validate(VALIDATE_SESSION_DATA, request)
 
@@ -146,14 +147,14 @@ class APIIngress(CoreSysAttributes):
         """Route data to Supervisor ingress service."""
 
         # Check Ingress Session
-        session = request.cookies.get(COOKIE_INGRESS)
+        session = request.cookies.get(COOKIE_INGRESS, "")
         if not self.sys_ingress.validate_session(session):
             _LOGGER.warning("No valid ingress session %s", session)
             raise HTTPUnauthorized()
 
         # Process requests
         addon = self._extract_addon(request)
-        path = request.match_info.get("path")
+        path = request.match_info.get("path", "")
         session_data = self.sys_ingress.get_session_data(session)
         try:
             # Websocket
@@ -182,7 +183,7 @@ class APIIngress(CoreSysAttributes):
                 for proto in request.headers[hdrs.SEC_WEBSOCKET_PROTOCOL].split(",")
             ]
         else:
-            req_protocols = ()
+            req_protocols = []
 
         ws_server = web.WebSocketResponse(
             protocols=req_protocols, autoclose=False, autoping=False
@@ -276,8 +277,9 @@ class APIIngress(CoreSysAttributes):
             response.content_type = content_type
 
             try:
+                response.headers["X-Accel-Buffering"] = "no"
                 await response.prepare(request)
-                async for data in result.content.iter_chunked(4096):
+                async for data, _ in result.content.iter_chunks():
                     await response.write(data)
 
             except (
@@ -338,9 +340,10 @@ def _init_header(
         headers[name] = value
 
     # Update X-Forwarded-For
-    forward_for = request.headers.get(hdrs.X_FORWARDED_FOR)
-    connected_ip = ip_address(request.transport.get_extra_info("peername")[0])
-    headers[hdrs.X_FORWARDED_FOR] = f"{forward_for}, {connected_ip!s}"
+    if request.transport:
+        forward_for = request.headers.get(hdrs.X_FORWARDED_FOR)
+        connected_ip = ip_address(request.transport.get_extra_info("peername")[0])
+        headers[hdrs.X_FORWARDED_FOR] = f"{forward_for}, {connected_ip!s}"
 
     return headers
 

supervisor/api/jobs.py

@@ -1,4 +1,5 @@
 """Init file for Supervisor Jobs RESTful API."""
+
 import logging
 from typing import Any
 
@@ -6,6 +7,7 @@ from aiohttp import web
 import voluptuous as vol
 
 from ..coresys import CoreSysAttributes
+from ..exceptions import APIError, APINotFound, JobNotFound
 from ..jobs import SupervisorJob
 from ..jobs.const import ATTR_IGNORE_CONDITIONS, JobCondition
 from .const import ATTR_JOBS
@@ -21,10 +23,24 @@ SCHEMA_OPTIONS = vol.Schema(
 class APIJobs(CoreSysAttributes):
     """Handle RESTful API for OS functions."""
 
-    def _list_jobs(self) -> list[dict[str, Any]]:
-        """Return current job tree."""
+    def _extract_job(self, request: web.Request) -> SupervisorJob:
+        """Extract job from request or raise."""
+        try:
+            return self.sys_jobs.get_job(request.match_info["uuid"])
+        except JobNotFound:
+            raise APINotFound("Job does not exist") from None
+
+    def _list_jobs(self, start: SupervisorJob | None = None) -> list[dict[str, Any]]:
+        """Return current job tree.
+
+        Jobs are added to cache as they are created so by default they are in oldest to newest.
+        This is correct ordering for child jobs as it makes logical sense to present those in
+        the order they occurred within the parent. For the list as a whole, sort from newest
+        to oldest as its likely any client is most interested in the newer ones.
+        """
+        # Initially sort oldest to newest so all child lists end up in correct order
         jobs_by_parent: dict[str | None, list[SupervisorJob]] = {}
-        for job in self.sys_jobs.jobs:
+        for job in sorted(self.sys_jobs.jobs):
             if job.internal:
                 continue
 
@@ -33,10 +49,16 @@ class APIJobs(CoreSysAttributes):
             else:
                 jobs_by_parent[job.parent_id].append(job)
 
+        # After parent-child organization, sort the root jobs only from newest to oldest
         job_list: list[dict[str, Any]] = []
-        queue: list[tuple[list[dict[str, Any]], SupervisorJob]] = [
-            (job_list, job) for job in jobs_by_parent.get(None, [])
-        ]
+        queue: list[tuple[list[dict[str, Any]], SupervisorJob]] = (
+            [(job_list, start)]
+            if start
+            else [
+                (job_list, job)
+                for job in sorted(jobs_by_parent.get(None, []), reverse=True)
+            ]
+        )
 
         while queue:
             (current_list, current_job) = queue.pop(0)
@@ -49,7 +71,10 @@ class APIJobs(CoreSysAttributes):
 
             if current_job.uuid in jobs_by_parent:
                 queue.extend(
-                    [(child_jobs, job) for job in jobs_by_parent.get(current_job.uuid)]
+                    [
+                        (child_jobs, job)
+                        for job in jobs_by_parent.get(current_job.uuid, [])
+                    ]
                 )
 
         return job_list
@@ -70,11 +95,27 @@ class APIJobs(CoreSysAttributes):
         if ATTR_IGNORE_CONDITIONS in body:
             self.sys_jobs.ignore_conditions = body[ATTR_IGNORE_CONDITIONS]
 
-        self.sys_jobs.save_data()
+        await self.sys_jobs.save_data()
 
         await self.sys_resolution.evaluate.evaluate_system()
 
     @api_process
     async def reset(self, request: web.Request) -> None:
         """Reset options for JobManager."""
-        self.sys_jobs.reset_data()
+        await self.sys_jobs.reset_data()
+
+    @api_process
+    async def job_info(self, request: web.Request) -> dict[str, Any]:
+        """Get details of a job by ID."""
+        job = self._extract_job(request)
+        return self._list_jobs(job)[0]
+
+    @api_process
+    async def remove_job(self, request: web.Request) -> None:
+        """Remove a completed job."""
+        job = self._extract_job(request)
+
+        if not job.done:
+            raise APIError(f"Job {job.uuid} is not done!")
+
+        self.sys_jobs.remove_job(job)

supervisor/api/middleware/security.py

@@ -1,13 +1,17 @@
 """Handle security part of this API."""
+
+from collections.abc import Callable
 import logging
 import re
 from typing import Final
 from urllib.parse import unquote
 
-from aiohttp.web import Request, RequestHandler, Response, middleware
+from aiohttp.web import Request, Response, middleware
 from aiohttp.web_exceptions import HTTPBadRequest, HTTPForbidden, HTTPUnauthorized
 from awesomeversion import AwesomeVersion
 
+from supervisor.homeassistant.const import LANDINGPAGE
+
 from ...addons.const import RE_SLUG
 from ...const import (
     REQUEST_FROM,
@@ -20,7 +24,7 @@ from ...const import (
 )
 from ...coresys import CoreSys, CoreSysAttributes
 from ...utils import version_is_new_enough
-from ..utils import api_return_error, excract_supervisor_token
+from ..utils import api_return_error, extract_supervisor_token
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 _CORE_VERSION: Final = AwesomeVersion("2023.3.4")
@@ -77,6 +81,13 @@ ADDONS_API_BYPASS: Final = re.compile(
     r")$"
 )
 
+# Home Assistant only
+CORE_ONLY_PATHS: Final = re.compile(
+    r"^(?:"
+    r"/addons/" + RE_SLUG + "/sys_options"
+    r")$"
+)
+
 # Policy role add-on API access
 ADDONS_ROLE_ACCESS: dict[str, re.Pattern] = {
     ROLE_DEFAULT: re.compile(
@@ -103,6 +114,8 @@ ADDONS_ROLE_ACCESS: dict[str, re.Pattern] = {
         r"|/addons(?:/" + RE_SLUG + r"/(?!security).+|/reload)?"
         r"|/audio/.+"
         r"|/auth/cache"
+        r"|/available_updates"
+        r"|/backups.*"
         r"|/cli/.+"
         r"|/core/.+"
         r"|/dns/.+"
@@ -112,16 +125,17 @@ ADDONS_ROLE_ACCESS: dict[str, re.Pattern] = {
         r"|/hassos/.+"
         r"|/homeassistant/.+"
         r"|/host/.+"
+        r"|/mounts.*"
         r"|/multicast/.+"
         r"|/network/.+"
         r"|/observer/.+"
-        r"|/os/.+"
+        r"|/os/(?!datadisk/wipe).+"
+        r"|/refresh_updates"
         r"|/resolution/.+"
-        r"|/backups.*"
+        r"|/security/.+"
         r"|/snapshots.*"
         r"|/store.*"
         r"|/supervisor/.+"
-        r"|/security/.+"
         r")$"
     ),
     ROLE_ADMIN: re.compile(
@@ -166,9 +180,7 @@ class SecurityMiddleware(CoreSysAttributes):
         return unquoted
 
     @middleware
-    async def block_bad_requests(
-        self, request: Request, handler: RequestHandler
-    ) -> Response:
+    async def block_bad_requests(self, request: Request, handler: Callable) -> Response:
         """Process request and tblock commonly known exploit attempts."""
         if FILTERS.search(self._recursive_unquote(request.path)):
             _LOGGER.warning(
@@ -186,9 +198,7 @@ class SecurityMiddleware(CoreSysAttributes):
         return await handler(request)
 
     @middleware
-    async def system_validation(
-        self, request: Request, handler: RequestHandler
-    ) -> Response:
+    async def system_validation(self, request: Request, handler: Callable) -> Response:
         """Check if core is ready to response."""
         if self.sys_core.state not in (
             CoreState.STARTUP,
@@ -202,12 +212,10 @@ class SecurityMiddleware(CoreSysAttributes):
         return await handler(request)
 
     @middleware
-    async def token_validation(
-        self, request: Request, handler: RequestHandler
-    ) -> Response:
+    async def token_validation(self, request: Request, handler: Callable) -> Response:
         """Check security access of this layer."""
-        request_from = None
-        supervisor_token = excract_supervisor_token(request)
+        request_from: CoreSysAttributes | None = None
+        supervisor_token = extract_supervisor_token(request)
 
         # Blacklist
         if BLACKLIST.match(request.path):
@@ -229,6 +237,9 @@ class SecurityMiddleware(CoreSysAttributes):
         if supervisor_token == self.sys_homeassistant.supervisor_token:
             _LOGGER.debug("%s access from Home Assistant", request.path)
             request_from = self.sys_homeassistant
+        elif CORE_ONLY_PATHS.match(request.path):
+            _LOGGER.warning("Attempted access to %s from client besides Home Assistant")
+            raise HTTPForbidden()
 
         # Host
         if supervisor_token == self.sys_plugins.cli.supervisor_token:
@@ -272,10 +283,12 @@ class SecurityMiddleware(CoreSysAttributes):
         raise HTTPForbidden()
 
     @middleware
-    async def core_proxy(self, request: Request, handler: RequestHandler) -> Response:
+    async def core_proxy(self, request: Request, handler: Callable) -> Response:
         """Validate user from Core API proxy."""
-        if request[REQUEST_FROM] != self.sys_homeassistant or version_is_new_enough(
-            self.sys_homeassistant.version, _CORE_VERSION
+        if (
+            request[REQUEST_FROM] != self.sys_homeassistant
+            or self.sys_homeassistant.version == LANDINGPAGE
+            or version_is_new_enough(self.sys_homeassistant.version, _CORE_VERSION)
         ):
             return await handler(request)
 

supervisor/api/mounts.py

@@ -1,17 +1,17 @@
 """Inits file for supervisor mounts REST API."""
 
-from typing import Any
+from typing import Any, cast
 
 from aiohttp import web
 import voluptuous as vol
 
 from ..const import ATTR_NAME, ATTR_STATE
 from ..coresys import CoreSysAttributes
-from ..exceptions import APIError
+from ..exceptions import APIError, APINotFound
 from ..mounts.const import ATTR_DEFAULT_BACKUP_MOUNT, MountUsage
 from ..mounts.mount import Mount
-from ..mounts.validate import SCHEMA_MOUNT_CONFIG
-from .const import ATTR_MOUNTS
+from ..mounts.validate import SCHEMA_MOUNT_CONFIG, MountData
+from .const import ATTR_MOUNTS, ATTR_USER_PATH
 from .utils import api_process, api_validate
 
 SCHEMA_OPTIONS = vol.Schema(
@@ -24,6 +24,13 @@ SCHEMA_OPTIONS = vol.Schema(
 class APIMounts(CoreSysAttributes):
     """Handle REST API for mounting options."""
 
+    def _extract_mount(self, request: web.Request) -> Mount:
+        """Extract mount from request or raise."""
+        name = request.match_info["mount"]
+        if name not in self.sys_mounts:
+            raise APINotFound(f"No mount exists with name {name}")
+        return self.sys_mounts.get(name)
+
     @api_process
     async def info(self, request: web.Request) -> dict[str, Any]:
         """Return MountManager info."""
@@ -32,7 +39,13 @@ class APIMounts(CoreSysAttributes):
             if self.sys_mounts.default_backup_mount
             else None,
             ATTR_MOUNTS: [
-                mount.to_dict() | {ATTR_STATE: mount.state}
+                mount.to_dict()
+                | {
+                    ATTR_STATE: mount.state,
+                    ATTR_USER_PATH: mount.container_where.as_posix()
+                    if mount.container_where
+                    else None,
+                }
                 for mount in self.sys_mounts.mounts
             ],
         }
@@ -53,15 +66,15 @@ class APIMounts(CoreSysAttributes):
             else:
                 self.sys_mounts.default_backup_mount = mount
 
-        self.sys_mounts.save_data()
+        await self.sys_mounts.save_data()
 
     @api_process
     async def create_mount(self, request: web.Request) -> None:
         """Create a new mount in supervisor."""
-        body = await api_validate(SCHEMA_MOUNT_CONFIG, request)
+        body = cast(MountData, await api_validate(SCHEMA_MOUNT_CONFIG, request))
 
-        if body[ATTR_NAME] in self.sys_mounts:
-            raise APIError(f"A mount already exists with name {body[ATTR_NAME]}")
+        if body["name"] in self.sys_mounts:
+            raise APIError(f"A mount already exists with name {body['name']}")
 
         mount = Mount.from_dict(self.coresys, body)
         await self.sys_mounts.create_mount(mount)
@@ -74,19 +87,20 @@ class APIMounts(CoreSysAttributes):
             if not self.sys_mounts.default_backup_mount:
                 self.sys_mounts.default_backup_mount = mount
 
-        self.sys_mounts.save_data()
+        await self.sys_mounts.save_data()
 
     @api_process
     async def update_mount(self, request: web.Request) -> None:
         """Update an existing mount in supervisor."""
-        name = request.match_info.get("mount")
+        current = self._extract_mount(request)
         name_schema = vol.Schema(
-            {vol.Optional(ATTR_NAME, default=name): name}, extra=vol.ALLOW_EXTRA
+            {vol.Optional(ATTR_NAME, default=current.name): current.name},
+            extra=vol.ALLOW_EXTRA,
+        )
+        body = cast(
+            MountData,
+            await api_validate(vol.All(name_schema, SCHEMA_MOUNT_CONFIG), request),
         )
-        body = await api_validate(vol.All(name_schema, SCHEMA_MOUNT_CONFIG), request)
-
-        if name not in self.sys_mounts:
-            raise APIError(f"No mount exists with name {name}")
 
         mount = Mount.from_dict(self.coresys, body)
         await self.sys_mounts.create_mount(mount)
@@ -99,26 +113,26 @@ class APIMounts(CoreSysAttributes):
         elif self.sys_mounts.default_backup_mount == mount:
             self.sys_mounts.default_backup_mount = None
 
-        self.sys_mounts.save_data()
+        await self.sys_mounts.save_data()
 
     @api_process
     async def delete_mount(self, request: web.Request) -> None:
         """Delete an existing mount in supervisor."""
-        name = request.match_info.get("mount")
-        mount = await self.sys_mounts.remove_mount(name)
+        current = self._extract_mount(request)
+        mount = await self.sys_mounts.remove_mount(current.name)
 
         # If it was a backup mount, reload backups
         if mount.usage == MountUsage.BACKUP:
             self.sys_create_task(self.sys_backups.reload())
 
-        self.sys_mounts.save_data()
+        await self.sys_mounts.save_data()
 
     @api_process
     async def reload_mount(self, request: web.Request) -> None:
         """Reload an existing mount in supervisor."""
-        name = request.match_info.get("mount")
-        await self.sys_mounts.reload_mount(name)
+        mount = self._extract_mount(request)
+        await self.sys_mounts.reload_mount(mount.name)
 
         # If it's a backup mount, reload backups
-        if self.sys_mounts.get(name).usage == MountUsage.BACKUP:
+        if mount.usage == MountUsage.BACKUP:
             self.sys_create_task(self.sys_backups.reload())

supervisor/api/multicast.py

@@ -1,4 +1,5 @@
 """Init file for Supervisor Multicast RESTful API."""
+
 import asyncio
 from collections.abc import Awaitable
 import logging
@@ -23,8 +24,7 @@ from ..const import (
 from ..coresys import CoreSysAttributes
 from ..exceptions import APIError
 from ..validate import version_tag
-from .const import CONTENT_TYPE_BINARY
-from .utils import api_process, api_process_raw, api_validate
+from .utils import api_process, api_validate
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 
@@ -69,11 +69,6 @@ class APIMulticast(CoreSysAttributes):
             raise APIError(f"Version {version} is already in use")
         await asyncio.shield(self.sys_plugins.multicast.update(version))
 
-    @api_process_raw(CONTENT_TYPE_BINARY)
-    def logs(self, request: web.Request) -> Awaitable[bytes]:
-        """Return Multicast Docker logs."""
-        return self.sys_plugins.multicast.logs()
-
     @api_process
     def restart(self, request: web.Request) -> Awaitable[None]:
         """Restart Multicast plugin."""

supervisor/api/network.py

@@ -1,8 +1,8 @@
 """REST API for network."""
+
 import asyncio
 from collections.abc import Awaitable
-from dataclasses import replace
-from ipaddress import ip_address, ip_interface
+from ipaddress import IPv4Address, IPv4Interface, IPv6Address, IPv6Interface
 from typing import Any
 
 from aiohttp import web
@@ -42,24 +42,34 @@ from ..const import (
     DOCKER_NETWORK_MASK,
 )
 from ..coresys import CoreSysAttributes
-from ..exceptions import APIError, HostNetworkNotFound
+from ..exceptions import APIError, APINotFound, HostNetworkNotFound
 from ..host.configuration import (
     AccessPoint,
     Interface,
     InterfaceMethod,
     IpConfig,
+    IpSetting,
     VlanConfig,
     WifiConfig,
 )
 from ..host.const import AuthMethod, InterfaceType, WifiMode
 from .utils import api_process, api_validate
 
-_SCHEMA_IP_CONFIG = vol.Schema(
+_SCHEMA_IPV4_CONFIG = vol.Schema(
     {
-        vol.Optional(ATTR_ADDRESS): [vol.Coerce(ip_interface)],
+        vol.Optional(ATTR_ADDRESS): [vol.Coerce(IPv4Interface)],
         vol.Optional(ATTR_METHOD): vol.Coerce(InterfaceMethod),
-        vol.Optional(ATTR_GATEWAY): vol.Coerce(ip_address),
-        vol.Optional(ATTR_NAMESERVERS): [vol.Coerce(ip_address)],
+        vol.Optional(ATTR_GATEWAY): vol.Coerce(IPv4Address),
+        vol.Optional(ATTR_NAMESERVERS): [vol.Coerce(IPv4Address)],
+    }
+)
+
+_SCHEMA_IPV6_CONFIG = vol.Schema(
+    {
+        vol.Optional(ATTR_ADDRESS): [vol.Coerce(IPv6Interface)],
+        vol.Optional(ATTR_METHOD): vol.Coerce(InterfaceMethod),
+        vol.Optional(ATTR_GATEWAY): vol.Coerce(IPv6Address),
+        vol.Optional(ATTR_NAMESERVERS): [vol.Coerce(IPv6Address)],
     }
 )
 
@@ -76,18 +86,18 @@ _SCHEMA_WIFI_CONFIG = vol.Schema(
 # pylint: disable=no-value-for-parameter
 SCHEMA_UPDATE = vol.Schema(
     {
-        vol.Optional(ATTR_IPV4): _SCHEMA_IP_CONFIG,
-        vol.Optional(ATTR_IPV6): _SCHEMA_IP_CONFIG,
+        vol.Optional(ATTR_IPV4): _SCHEMA_IPV4_CONFIG,
+        vol.Optional(ATTR_IPV6): _SCHEMA_IPV6_CONFIG,
         vol.Optional(ATTR_WIFI): _SCHEMA_WIFI_CONFIG,
         vol.Optional(ATTR_ENABLED): vol.Boolean(),
     }
 )
 
 
-def ipconfig_struct(config: IpConfig) -> dict[str, Any]:
+def ipconfig_struct(config: IpConfig, setting: IpSetting) -> dict[str, Any]:
     """Return a dict with information about ip configuration."""
     return {
-        ATTR_METHOD: config.method,
+        ATTR_METHOD: setting.method,
         ATTR_ADDRESS: [address.with_prefixlen for address in config.address],
         ATTR_NAMESERVERS: [str(address) for address in config.nameservers],
         ATTR_GATEWAY: str(config.gateway) if config.gateway else None,
@@ -122,8 +132,12 @@ def interface_struct(interface: Interface) -> dict[str, Any]:
         ATTR_CONNECTED: interface.connected,
         ATTR_PRIMARY: interface.primary,
         ATTR_MAC: interface.mac,
-        ATTR_IPV4: ipconfig_struct(interface.ipv4) if interface.ipv4 else None,
-        ATTR_IPV6: ipconfig_struct(interface.ipv6) if interface.ipv6 else None,
+        ATTR_IPV4: ipconfig_struct(interface.ipv4, interface.ipv4setting)
+        if interface.ipv4 and interface.ipv4setting
+        else None,
+        ATTR_IPV6: ipconfig_struct(interface.ipv6, interface.ipv6setting)
+        if interface.ipv6 and interface.ipv6setting
+        else None,
         ATTR_WIFI: wifi_struct(interface.wifi) if interface.wifi else None,
         ATTR_VLAN: vlan_struct(interface.vlan) if interface.vlan else None,
     }
@@ -157,7 +171,7 @@ class APINetwork(CoreSysAttributes):
             except HostNetworkNotFound:
                 pass
 
-        raise APIError(f"Interface {name} does not exist") from None
+        raise APINotFound(f"Interface {name} does not exist") from None
 
     @api_process
     async def info(self, request: web.Request) -> dict[str, Any]:
@@ -180,14 +194,14 @@ class APINetwork(CoreSysAttributes):
     @api_process
     async def interface_info(self, request: web.Request) -> dict[str, Any]:
         """Return network information for a interface."""
-        interface = self._get_interface(request.match_info.get(ATTR_INTERFACE))
+        interface = self._get_interface(request.match_info[ATTR_INTERFACE])
 
         return interface_struct(interface)
 
     @api_process
     async def interface_update(self, request: web.Request) -> None:
         """Update the configuration of an interface."""
-        interface = self._get_interface(request.match_info.get(ATTR_INTERFACE))
+        interface = self._get_interface(request.match_info[ATTR_INTERFACE])
 
         # Validate data
         body = await api_validate(SCHEMA_UPDATE, request)
@@ -197,24 +211,26 @@ class APINetwork(CoreSysAttributes):
         # Apply config
         for key, config in body.items():
             if key == ATTR_IPV4:
-                interface.ipv4 = replace(
-                    interface.ipv4
-                    or IpConfig(InterfaceMethod.STATIC, [], None, [], None),
-                    **config,
+                interface.ipv4setting = IpSetting(
+                    config.get(ATTR_METHOD, InterfaceMethod.STATIC),
+                    config.get(ATTR_ADDRESS, []),
+                    config.get(ATTR_GATEWAY),
+                    config.get(ATTR_NAMESERVERS, []),
                 )
             elif key == ATTR_IPV6:
-                interface.ipv6 = replace(
-                    interface.ipv6
-                    or IpConfig(InterfaceMethod.STATIC, [], None, [], None),
-                    **config,
+                interface.ipv6setting = IpSetting(
+                    config.get(ATTR_METHOD, InterfaceMethod.STATIC),
+                    config.get(ATTR_ADDRESS, []),
+                    config.get(ATTR_GATEWAY),
+                    config.get(ATTR_NAMESERVERS, []),
                 )
             elif key == ATTR_WIFI:
-                interface.wifi = replace(
-                    interface.wifi
-                    or WifiConfig(
-                        WifiMode.INFRASTRUCTURE, "", AuthMethod.OPEN, None, None
-                    ),
-                    **config,
+                interface.wifi = WifiConfig(
+                    config.get(ATTR_MODE, WifiMode.INFRASTRUCTURE),
+                    config.get(ATTR_SSID, ""),
+                    config.get(ATTR_AUTH, AuthMethod.OPEN),
+                    config.get(ATTR_PSK, None),
+                    None,
                 )
             elif key == ATTR_ENABLED:
                 interface.enabled = config
@@ -231,7 +247,7 @@ class APINetwork(CoreSysAttributes):
     @api_process
     async def scan_accesspoints(self, request: web.Request) -> dict[str, Any]:
         """Scan and return a list of available networks."""
-        interface = self._get_interface(request.match_info.get(ATTR_INTERFACE))
+        interface = self._get_interface(request.match_info[ATTR_INTERFACE])
 
         # Only wlan is supported
         if interface.type != InterfaceType.WIRELESS:
@@ -244,8 +260,10 @@ class APINetwork(CoreSysAttributes):
     @api_process
     async def create_vlan(self, request: web.Request) -> None:
         """Create a new vlan."""
-        interface = self._get_interface(request.match_info.get(ATTR_INTERFACE))
-        vlan = int(request.match_info.get(ATTR_VLAN))
+        interface = self._get_interface(request.match_info[ATTR_INTERFACE])
+        vlan = int(request.match_info.get(ATTR_VLAN, -1))
+        if vlan < 0:
+            raise APIError(f"Invalid vlan specified: {vlan}")
 
         # Only ethernet is supported
         if interface.type != InterfaceType.ETHERNET:
@@ -256,24 +274,22 @@ class APINetwork(CoreSysAttributes):
 
         vlan_config = VlanConfig(vlan, interface.name)
 
-        ipv4_config = None
+        ipv4_setting = None
         if ATTR_IPV4 in body:
-            ipv4_config = IpConfig(
+            ipv4_setting = IpSetting(
                 body[ATTR_IPV4].get(ATTR_METHOD, InterfaceMethod.AUTO),
                 body[ATTR_IPV4].get(ATTR_ADDRESS, []),
                 body[ATTR_IPV4].get(ATTR_GATEWAY, None),
                 body[ATTR_IPV4].get(ATTR_NAMESERVERS, []),
-                None,
             )
 
-        ipv6_config = None
+        ipv6_setting = None
         if ATTR_IPV6 in body:
-            ipv6_config = IpConfig(
+            ipv6_setting = IpSetting(
                 body[ATTR_IPV6].get(ATTR_METHOD, InterfaceMethod.AUTO),
                 body[ATTR_IPV6].get(ATTR_ADDRESS, []),
                 body[ATTR_IPV6].get(ATTR_GATEWAY, None),
                 body[ATTR_IPV6].get(ATTR_NAMESERVERS, []),
-                None,
             )
 
         vlan_interface = Interface(
@@ -284,8 +300,10 @@ class APINetwork(CoreSysAttributes):
             True,
             False,
             InterfaceType.VLAN,
-            ipv4_config,
-            ipv6_config,
+            None,
+            ipv4_setting,
+            None,
+            ipv6_setting,
             None,
             vlan_config,
         )

supervisor/api/observer.py

@@ -1,4 +1,5 @@
 """Init file for Supervisor Observer RESTful API."""
+
 import asyncio
 import logging
 from typing import Any

supervisor/api/os.py

@@ -1,7 +1,9 @@
 """Init file for Supervisor HassOS RESTful API."""
+
 import asyncio
 from collections.abc import Awaitable
 import logging
+import re
 from typing import Any
 
 from aiohttp import web
@@ -19,22 +21,29 @@ from ..const import (
     ATTR_POWER_LED,
     ATTR_SERIAL,
     ATTR_SIZE,
+    ATTR_STATE,
+    ATTR_SWAP_SIZE,
+    ATTR_SWAPPINESS,
     ATTR_UPDATE_AVAILABLE,
     ATTR_VERSION,
     ATTR_VERSION_LATEST,
 )
 from ..coresys import CoreSysAttributes
-from ..exceptions import BoardInvalidError
+from ..exceptions import APINotFound, BoardInvalidError
 from ..resolution.const import ContextType, IssueType, SuggestionType
 from ..validate import version_tag
 from .const import (
+    ATTR_BOOT_SLOT,
+    ATTR_BOOT_SLOTS,
     ATTR_DATA_DISK,
     ATTR_DEV_PATH,
     ATTR_DEVICE,
     ATTR_DISKS,
     ATTR_MODEL,
+    ATTR_STATUS,
     ATTR_SYSTEM_HEALTH_LED,
     ATTR_VENDOR,
+    BootSlot,
 )
 from .utils import api_process, api_validate
 
@@ -42,6 +51,7 @@ _LOGGER: logging.Logger = logging.getLogger(__name__)
 
 # pylint: disable=no-value-for-parameter
 SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): version_tag})
+SCHEMA_SET_BOOT_SLOT = vol.Schema({vol.Required(ATTR_BOOT_SLOT): vol.Coerce(BootSlot)})
 SCHEMA_DISK = vol.Schema({vol.Required(ATTR_DEVICE): str})
 
 SCHEMA_YELLOW_OPTIONS = vol.Schema(
@@ -58,6 +68,15 @@ SCHEMA_GREEN_OPTIONS = vol.Schema(
         vol.Optional(ATTR_SYSTEM_HEALTH_LED): vol.Boolean(),
     }
 )
+
+RE_SWAP_SIZE = re.compile(r"^\d+([KMG](i?B)?|B)?$", re.IGNORECASE)
+
+SCHEMA_SWAP_OPTIONS = vol.Schema(
+    {
+        vol.Optional(ATTR_SWAP_SIZE): vol.Match(RE_SWAP_SIZE),
+        vol.Optional(ATTR_SWAPPINESS): vol.All(int, vol.Range(min=0, max=200)),
+    }
+)
 # pylint: enable=no-value-for-parameter
 
 
@@ -74,6 +93,15 @@ class APIOS(CoreSysAttributes):
             ATTR_BOARD: self.sys_os.board,
             ATTR_BOOT: self.sys_dbus.rauc.boot_slot,
             ATTR_DATA_DISK: self.sys_os.datadisk.disk_used_id,
+            ATTR_BOOT_SLOTS: {
+                slot.bootname: {
+                    ATTR_STATE: slot.state,
+                    ATTR_STATUS: slot.boot_status,
+                    ATTR_VERSION: slot.bundle_version,
+                }
+                for slot in self.sys_os.slots
+                if slot.bootname
+            },
         }
 
     @api_process
@@ -96,6 +124,17 @@ class APIOS(CoreSysAttributes):
 
         await asyncio.shield(self.sys_os.datadisk.migrate_disk(body[ATTR_DEVICE]))
 
+    @api_process
+    def wipe_data(self, request: web.Request) -> Awaitable[None]:
+        """Trigger data disk wipe on Host."""
+        return asyncio.shield(self.sys_os.datadisk.wipe_disk())
+
+    @api_process
+    async def set_boot_slot(self, request: web.Request) -> None:
+        """Change the active boot slot and reboot into it."""
+        body = await api_validate(SCHEMA_SET_BOOT_SLOT, request)
+        await asyncio.shield(self.sys_os.set_boot_slot(body[ATTR_BOOT_SLOT]))
+
     @api_process
     async def list_data(self, request: web.Request) -> dict[str, Any]:
         """Return possible data targets."""
@@ -130,15 +169,19 @@ class APIOS(CoreSysAttributes):
         body = await api_validate(SCHEMA_GREEN_OPTIONS, request)
 
         if ATTR_ACTIVITY_LED in body:
-            self.sys_dbus.agent.board.green.activity_led = body[ATTR_ACTIVITY_LED]
+            await self.sys_dbus.agent.board.green.set_activity_led(
+                body[ATTR_ACTIVITY_LED]
+            )
 
         if ATTR_POWER_LED in body:
-            self.sys_dbus.agent.board.green.power_led = body[ATTR_POWER_LED]
+            await self.sys_dbus.agent.board.green.set_power_led(body[ATTR_POWER_LED])
 
         if ATTR_SYSTEM_HEALTH_LED in body:
-            self.sys_dbus.agent.board.green.user_led = body[ATTR_SYSTEM_HEALTH_LED]
+            await self.sys_dbus.agent.board.green.set_user_led(
+                body[ATTR_SYSTEM_HEALTH_LED]
+            )
 
-        self.sys_dbus.agent.board.green.save_data()
+        await self.sys_dbus.agent.board.green.save_data()
 
     @api_process
     async def boards_yellow_info(self, request: web.Request) -> dict[str, Any]:
@@ -155,15 +198,17 @@ class APIOS(CoreSysAttributes):
         body = await api_validate(SCHEMA_YELLOW_OPTIONS, request)
 
         if ATTR_DISK_LED in body:
-            self.sys_dbus.agent.board.yellow.disk_led = body[ATTR_DISK_LED]
+            await self.sys_dbus.agent.board.yellow.set_disk_led(body[ATTR_DISK_LED])
 
         if ATTR_HEARTBEAT_LED in body:
-            self.sys_dbus.agent.board.yellow.heartbeat_led = body[ATTR_HEARTBEAT_LED]
+            await self.sys_dbus.agent.board.yellow.set_heartbeat_led(
+                body[ATTR_HEARTBEAT_LED]
+            )
 
         if ATTR_POWER_LED in body:
-            self.sys_dbus.agent.board.yellow.power_led = body[ATTR_POWER_LED]
+            await self.sys_dbus.agent.board.yellow.set_power_led(body[ATTR_POWER_LED])
 
-        self.sys_dbus.agent.board.yellow.save_data()
+        await self.sys_dbus.agent.board.yellow.save_data()
         self.sys_resolution.create_issue(
             IssueType.REBOOT_REQUIRED,
             ContextType.SYSTEM,
@@ -179,3 +224,53 @@ class APIOS(CoreSysAttributes):
             )
 
         return {}
+
+    @api_process
+    async def config_swap_info(self, request: web.Request) -> dict[str, Any]:
+        """Get swap settings."""
+        if (
+            not self.coresys.os.available
+            or not self.coresys.os.version
+            or self.coresys.os.version < "15.0"
+        ):
+            raise APINotFound(
+                "Home Assistant OS 15.0 or newer required for swap settings"
+            )
+
+        return {
+            ATTR_SWAP_SIZE: self.sys_dbus.agent.swap.swap_size,
+            ATTR_SWAPPINESS: self.sys_dbus.agent.swap.swappiness,
+        }
+
+    @api_process
+    async def config_swap_options(self, request: web.Request) -> None:
+        """Update swap settings."""
+        if (
+            not self.coresys.os.available
+            or not self.coresys.os.version
+            or self.coresys.os.version < "15.0"
+        ):
+            raise APINotFound(
+                "Home Assistant OS 15.0 or newer required for swap settings"
+            )
+
+        body = await api_validate(SCHEMA_SWAP_OPTIONS, request)
+
+        reboot_required = False
+
+        if ATTR_SWAP_SIZE in body:
+            old_size = self.sys_dbus.agent.swap.swap_size
+            await self.sys_dbus.agent.swap.set_swap_size(body[ATTR_SWAP_SIZE])
+            reboot_required = reboot_required or old_size != body[ATTR_SWAP_SIZE]
+
+        if ATTR_SWAPPINESS in body:
+            old_swappiness = self.sys_dbus.agent.swap.swappiness
+            await self.sys_dbus.agent.swap.set_swappiness(body[ATTR_SWAPPINESS])
+            reboot_required = reboot_required or old_swappiness != body[ATTR_SWAPPINESS]
+
+        if reboot_required:
+            self.sys_resolution.create_issue(
+                IssueType.REBOOT_REQUIRED,
+                ContextType.SYSTEM,
+                suggestions=[SuggestionType.EXECUTE_REBOOT],
+            )

supervisor/api/panel/entrypoint.js

@@ -1 +1 @@
-!function(){function n(n){var t=document.createElement("script");t.src=n,document.body.appendChild(t)}if(/.*Version\/(?:11|12)(?:\.\d+)*.*Safari\//.test(navigator.userAgent))n("/api/hassio/app/frontend_es5/entrypoint-5yRSddAJzJ4.js");else try{new Function("import('/api/hassio/app/frontend_latest/entrypoint-qzB1D0O4L9U.js')")()}catch(t){n("/api/hassio/app/frontend_es5/entrypoint-5yRSddAJzJ4.js")}}()
+!function(){function d(d){var e=document.createElement("script");e.src=d,document.body.appendChild(e)}if(/Edge?\/(12[4-9]|1[3-9]\d|[2-9]\d{2}|\d{4,})\.\d+(\.\d+|)|Firefox\/(12[5-9]|1[3-9]\d|[2-9]\d{2}|\d{4,})\.\d+(\.\d+|)|Chrom(ium|e)\/(109|1[1-9]\d|[2-9]\d{2}|\d{4,})\.\d+(\.\d+|)|(Maci|X1{2}).+ Version\/(17\.([5-9]|\d{2,})|(1[89]|[2-9]\d|\d{3,})\.\d+)([,.]\d+|)( \(\w+\)|)( Mobile\/\w+|) Safari\/|Chrome.+OPR\/(1{2}\d|1[2-9]\d|[2-9]\d{2}|\d{4,})\.\d+\.\d+|(CPU[ +]OS|iPhone[ +]OS|CPU[ +]iPhone|CPU IPhone OS|CPU iPad OS)[ +]+(15[._]([6-9]|\d{2,})|(1[6-9]|[2-9]\d|\d{3,})[._]\d+)([._]\d+|)|Android:?[ /-](12[4-9]|1[3-9]\d|[2-9]\d{2}|\d{4,})(\.\d+|)(\.\d+|)|Mobile Safari.+OPR\/([89]\d|\d{3,})\.\d+\.\d+|Android.+Firefox\/(12[5-9]|1[3-9]\d|[2-9]\d{2}|\d{4,})\.\d+(\.\d+|)|Android.+Chrom(ium|e)\/(12[4-9]|1[3-9]\d|[2-9]\d{2}|\d{4,})\.\d+(\.\d+|)|SamsungBrowser\/(2[5-9]|[3-9]\d|\d{3,})\.\d+|Home As{2}istant\/[\d.]+ \(.+; macOS (1[2-9]|[2-9]\d|\d{3,})\.\d+(\.\d+)?\)/.test(navigator.userAgent))try{new Function("import('/api/hassio/app/frontend_latest/entrypoint.35399ae87c70acf8.js')")()}catch(e){d("/api/hassio/app/frontend_es5/entrypoint.476bfed22da63267.js")}else d("/api/hassio/app/frontend_es5/entrypoint.476bfed22da63267.js")}()

supervisor/api/panel/frontend_es5/1047-g7fFLS9eP4I.js

@@ -1,2 +0,0 @@
-"use strict";(self.webpackChunkhome_assistant_frontend=self.webpackChunkhome_assistant_frontend||[]).push([[1047],{32594:function(e,t,r){r.d(t,{U:function(){return n}});var n=function(e){return e.stopPropagation()}},75054:function(e,t,r){r.r(t),r.d(t,{HaTimeDuration:function(){return f}});var n,a=r(88962),i=r(33368),o=r(71650),d=r(82390),u=r(69205),l=r(70906),s=r(91808),c=r(68144),v=r(79932),f=(r(47289),(0,s.Z)([(0,v.Mo)("ha-selector-duration")],(function(e,t){var r=function(t){(0,u.Z)(n,t);var r=(0,l.Z)(n);function n(){var t;(0,o.Z)(this,n);for(var a=arguments.length,i=new Array(a),u=0;u<a;u++)i[u]=arguments[u];return t=r.call.apply(r,[this].concat(i)),e((0,d.Z)(t)),t}return(0,i.Z)(n)}(t);return{F:r,d:[{kind:"field",decorators:[(0,v.Cb)({attribute:!1})],key:"hass",value:void 0},{kind:"field",decorators:[(0,v.Cb)({attribute:!1})],key:"selector",value:void 0},{kind:"field",decorators:[(0,v.Cb)({attribute:!1})],key:"value",value:void 0},{kind:"field",decorators:[(0,v.Cb)()],key:"label",value:void 0},{kind:"field",decorators:[(0,v.Cb)()],key:"helper",value:void 0},{kind:"field",decorators:[(0,v.Cb)({type:Boolean})],key:"disabled",value:function(){return!1}},{kind:"field",decorators:[(0,v.Cb)({type:Boolean})],key:"required",value:function(){return!0}},{kind:"method",key:"render",value:function(){var e;return(0,c.dy)(n||(n=(0,a.Z)([' <ha-duration-input .label="','" .helper="','" .data="','" .disabled="','" .required="','" ?enableDay="','"></ha-duration-input> '])),this.label,this.helper,this.value,this.disabled,this.required,null===(e=this.selector.duration)||void 0===e?void 0:e.enable_day)}}]}}),c.oi))}}]);
-//# sourceMappingURL=1047-g7fFLS9eP4I.js.map

supervisor/api/panel/frontend_es5/1047-g7fFLS9eP4I.js.map

@@ -1 +0,0 @@
-{"version":3,"file":"1047-g7fFLS9eP4I.js","mappings":"yKAAO,IAAMA,EAAkB,SAACC,GAAE,OAAKA,EAAGD,iBAAiB,C,qLCQ9CE,G,UAAcC,EAAAA,EAAAA,GAAA,EAD1BC,EAAAA,EAAAA,IAAc,0BAAuB,SAAAC,EAAAC,GAAA,IACzBJ,EAAc,SAAAK,IAAAC,EAAAA,EAAAA,GAAAN,EAAAK,GAAA,IAAAE,GAAAC,EAAAA,EAAAA,GAAAR,GAAA,SAAAA,IAAA,IAAAS,GAAAC,EAAAA,EAAAA,GAAA,KAAAV,GAAA,QAAAW,EAAAC,UAAAC,OAAAC,EAAA,IAAAC,MAAAJ,GAAAK,EAAA,EAAAA,EAAAL,EAAAK,IAAAF,EAAAE,GAAAJ,UAAAI,GAAA,OAAAP,EAAAF,EAAAU,KAAAC,MAAAX,EAAA,OAAAY,OAAAL,IAAAX,GAAAiB,EAAAA,EAAAA,GAAAX,IAAAA,CAAA,QAAAY,EAAAA,EAAAA,GAAArB,EAAA,EAAAI,GAAA,OAAAkB,EAAdtB,EAAcuB,EAAA,EAAAC,KAAA,QAAAC,WAAA,EACxBC,EAAAA,EAAAA,IAAS,CAAEC,WAAW,KAAQC,IAAA,OAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAE9BC,EAAAA,EAAAA,IAAS,CAAEC,WAAW,KAAQC,IAAA,WAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAE9BC,EAAAA,EAAAA,IAAS,CAAEC,WAAW,KAAQC,IAAA,QAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAE9BC,EAAAA,EAAAA,OAAUE,IAAA,QAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAEVC,EAAAA,EAAAA,OAAUE,IAAA,SAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAEVC,EAAAA,EAAAA,IAAS,CAAEI,KAAMC,WAAUH,IAAA,WAAAC,MAAA,kBAAmB,CAAK,IAAAL,KAAA,QAAAC,WAAA,EAEnDC,EAAAA,EAAAA,IAAS,CAAEI,KAAMC,WAAUH,IAAA,WAAAC,MAAA,kBAAmB,CAAI,IAAAL,KAAA,SAAAI,IAAA,SAAAC,MAEnD,WAAmB,IAAAG,EACjB,OAAOC,EAAAA,EAAAA,IAAIC,IAAAA,GAAAC,EAAAA,EAAAA,GAAA,wIAEEC,KAAKC,MACJD,KAAKE,OACPF,KAAKP,MACDO,KAAKG,SACLH,KAAKI,SACkB,QADVR,EACZI,KAAKK,SAASC,gBAAQ,IAAAV,OAAA,EAAtBA,EAAwBW,WAG3C,IAAC,GA1BiCC,EAAAA,I","sources":["https://raw.githubusercontent.com/home-assistant/frontend/20230703.0/src/common/dom/stop_propagation.ts","https://raw.githubusercontent.com/home-assistant/frontend/20230703.0/src/components/ha-selector/ha-selector-duration.ts"],"names":["stopPropagation","ev","HaTimeDuration","_decorate","customElement","_initialize","_LitElement","_LitElement2","_inherits","_super","_createSuper","_this","_classCallCheck","_len","arguments","length","args","Array","_key","call","apply","concat","_assertThisInitialized","_createClass","F","d","kind","decorators","property","attribute","key","value","type","Boolean","_this$selector$durati","html","_templateObject","_taggedTemplateLiteral","this","label","helper","disabled","required","selector","duration","enable_day","LitElement"],"sourceRoot":""}

supervisor/api/panel/frontend_es5/1081.91949d686e61cc12.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"1081.91949d686e61cc12.js","sources":["https://raw.githubusercontent.com/home-assistant/frontend/20250401.0/src/components/ha-button-toggle-group.ts","https://raw.githubusercontent.com/home-assistant/frontend/20250401.0/src/components/ha-selector/ha-selector-button-toggle.ts"],"names":["_decorate","customElement","_initialize","_LitElement","F","constructor","args","d","kind","decorators","property","attribute","key","value","type","Boolean","queryAll","html","_t","_","this","buttons","map","button","iconPath","_t2","label","active","_handleClick","_t3","styleMap","width","fullWidth","length","dense","_this$_buttons","_buttons","forEach","async","updateComplete","shadowRoot","querySelector","style","margin","ev","currentTarget","fireEvent","static","css","_t4","LitElement","HaButtonToggleSelector","_this$selector$button","_this$selector$button2","_this$selector$button3","options","selector","button_toggle","option","translationKey","translation_key","localizeValue","localizedLabel","sort","a","b","caseInsensitiveStringCompare","hass","locale","language","toggleButtons","item","_valueChanged","_ev$detail","_this$value","stopPropagation","detail","target","disabled","undefined"],"mappings":"qXAWgCA,EAAAA,EAAAA,GAAA,EAD/BC,EAAAA,EAAAA,IAAc,4BAAyB,SAAAC,EAAAC,GAkIvC,OAAAC,EAlID,cACgCD,EAAoBE,WAAAA,IAAAC,GAAA,SAAAA,GAAAJ,EAAA,QAApBK,EAAA,EAAAC,KAAA,QAAAC,WAAA,EAC7BC,EAAAA,EAAAA,IAAS,CAAEC,WAAW,KAAQC,IAAA,UAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAE9BC,EAAAA,EAAAA,OAAUE,IAAA,SAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAEVC,EAAAA,EAAAA,IAAS,CAAEC,UAAW,aAAcG,KAAMC,WAAUH,IAAA,YAAAC,KAAAA,GAAA,OAClC,CAAK,IAAAL,KAAA,QAAAC,WAAA,EAEvBC,EAAAA,EAAAA,IAAS,CAAEI,KAAMC,WAAUH,IAAA,QAAAC,KAAAA,GAAA,OAAgB,CAAK,IAAAL,KAAA,QAAAC,WAAA,EAEhDO,EAAAA,EAAAA,IAAS,eAAaJ,IAAA,WAAAC,WAAA,IAAAL,KAAA,SAAAI,IAAA,SAAAC,MAEvB,WACE,OAAOI,EAAAA,EAAAA,IAAIC,IAAAA,EAAAC,CAAA,uBAELC,KAAKC,QAAQC,KAAKC,GAClBA,EAAOC,UACHP,EAAAA,EAAAA,IAAIQ,IAAAA,EAAAN,CAAA,2GACOI,EAAOG,MACRH,EAAOC,SACND,EAAOV,MACNO,KAAKO,SAAWJ,EAAOV,MACxBO,KAAKQ,eAEhBX,EAAAA,EAAAA,IAAIY,IAAAA,EAAAV,CAAA,iHACMW,EAAAA,EAAAA,GAAS,CACfC,MAAOX,KAAKY,UACL,IAAMZ,KAAKC,QAAQY,OAAtB,IACA,YAGGb,KAAKc,MACLX,EAAOV,MACNO,KAAKO,SAAWJ,EAAOV,MACxBO,KAAKQ,aACXL,EAAOG,SAKxB,GAAC,CAAAlB,KAAA,SAAAI,IAAA,UAAAC,MAED,WAAoB,IAAAsB,EAEL,QAAbA,EAAAf,KAAKgB,gBAAQ,IAAAD,GAAbA,EAAeE,SAAQC,gBACff,EAAOgB,eAEXhB,EAAOiB,WAAYC,cAAc,UACjCC,MAAMC,OAAS,GAAG,GAExB,GAAC,CAAAnC,KAAA,SAAAI,IAAA,eAAAC,MAED,SAAqB+B,GACnBxB,KAAKO,OAASiB,EAAGC,cAAchC,OAC/BiC,EAAAA,EAAAA,GAAU1B,KAAM,gBAAiB,CAAEP,MAAOO,KAAKO,QACjD,GAAC,CAAAnB,KAAA,QAAAuC,QAAA,EAAAnC,IAAA,SAAAC,KAAAA,GAAA,OAEemC,EAAAA,EAAAA,IAAGC,IAAAA,EAAA9B,CAAA,u0CAzDoB+B,EAAAA,I,MCD5BC,GAAsBnD,EAAAA,EAAAA,GAAA,EADlCC,EAAAA,EAAAA,IAAc,+BAA4B,SAAAC,EAAAC,GA4F1C,OAAAC,EA5FD,cACmCD,EAAoBE,WAAAA,IAAAC,GAAA,SAAAA,GAAAJ,EAAA,QAApBK,EAAA,EAAAC,KAAA,QAAAC,WAAA,EAChCC,EAAAA,EAAAA,IAAS,CAAEC,WAAW,KAAQC,IAAA,OAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAE9BC,EAAAA,EAAAA,IAAS,CAAEC,WAAW,KAAQC,IAAA,WAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAE9BC,EAAAA,EAAAA,OAAUE,IAAA,QAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAEVC,EAAAA,EAAAA,OAAUE,IAAA,QAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAEVC,EAAAA,EAAAA,OAAUE,IAAA,SAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAEVC,EAAAA,EAAAA,IAAS,CAAEC,WAAW,KAAQC,IAAA,gBAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAG9BC,EAAAA,EAAAA,IAAS,CAAEI,KAAMC,WAAUH,IAAA,WAAAC,KAAAA,GAAA,OAAmB,CAAK,IAAAL,KAAA,QAAAC,WAAA,EAEnDC,EAAAA,EAAAA,IAAS,CAAEI,KAAMC,WAAUH,IAAA,WAAAC,KAAAA,GAAA,OAAmB,CAAI,IAAAL,KAAA,SAAAI,IAAA,SAAAC,MAEnD,WAAmB,IAAAuC,EAAAC,EAAAC,EACjB,MAAMC,GACuB,QAA3BH,EAAAhC,KAAKoC,SAASC,qBAAa,IAAAL,GAAS,QAATA,EAA3BA,EAA6BG,eAAO,IAAAH,OAAA,EAApCA,EAAsC9B,KAAKoC,GACvB,iBAAXA,EACFA,EACA,CAAE7C,MAAO6C,EAAQhC,MAAOgC,OAC1B,GAEDC,EAA4C,QAA9BN,EAAGjC,KAAKoC,SAASC,qBAAa,IAAAJ,OAAA,EAA3BA,EAA6BO,gBAEhDxC,KAAKyC,eAAiBF,GACxBJ,EAAQlB,SAASqB,IACf,MAAMI,EAAiB1C,KAAKyC,cAC1B,GAAGF,aAA0BD,EAAO7C,SAElCiD,IACFJ,EAAOhC,MAAQoC,EACjB,IAI2B,QAA/BR,EAAIlC,KAAKoC,SAASC,qBAAa,IAAAH,GAA3BA,EAA6BS,MAC/BR,EAAQQ,MAAK,CAACC,EAAGC,KACfC,EAAAA,EAAAA,IACEF,EAAEtC,MACFuC,EAAEvC,MACFN,KAAK+C,KAAKC,OAAOC,YAKvB,MAAMC,EAAgCf,EAAQjC,KAAKiD,IAAkB,CACnE7C,MAAO6C,EAAK7C,MACZb,MAAO0D,EAAK1D,UAGd,OAAOI,EAAAA,EAAAA,IAAIC,IAAAA,EAAAC,CAAA,iHACPC,KAAKM,MAEM4C,EACDlD,KAAKP,MACEO,KAAKoD,cAG5B,GAAC,CAAAhE,KAAA,SAAAI,IAAA,gBAAAC,MAED,SAAsB+B,GAAI,IAAA6B,EAAAC,EACxB9B,EAAG+B,kBAEH,MAAM9D,GAAiB,QAAT4D,EAAA7B,EAAGgC,cAAM,IAAAH,OAAA,EAATA,EAAW5D,QAAS+B,EAAGiC,OAAOhE,MACxCO,KAAK0D,eAAsBC,IAAVlE,GAAuBA,KAAqB,QAAhB6D,EAAMtD,KAAKP,aAAK,IAAA6D,EAAAA,EAAI,MAGrE5B,EAAAA,EAAAA,GAAU1B,KAAM,gBAAiB,CAC/BP,MAAOA,GAEX,GAAC,CAAAL,KAAA,QAAAuC,QAAA,EAAAnC,IAAA,SAAAC,KAAAA,GAAA,OAEemC,EAAAA,EAAAA,IAAGvB,IAAAA,EAAAN,CAAA,wLA5EuB+B,EAAAA,G"}

supervisor/api/panel/frontend_es5/12.ffa1bdc0a98802fa.js

@@ -0,0 +1,2 @@
+"use strict";(self.webpackChunkhome_assistant_frontend=self.webpackChunkhome_assistant_frontend||[]).push([["12"],{5739:function(e,a,t){t.a(e,(async function(e,i){try{t.r(a),t.d(a,{HaNavigationSelector:()=>c});var d=t(73577),r=(t(71695),t(47021),t(57243)),n=t(50778),l=t(36522),o=t(63297),s=e([o]);o=(s.then?(await s)():s)[0];let u,h=e=>e,c=(0,d.Z)([(0,n.Mo)("ha-selector-navigation")],(function(e,a){return{F:class extends a{constructor(...a){super(...a),e(this)}},d:[{kind:"field",decorators:[(0,n.Cb)({attribute:!1})],key:"hass",value:void 0},{kind:"field",decorators:[(0,n.Cb)({attribute:!1})],key:"selector",value:void 0},{kind:"field",decorators:[(0,n.Cb)()],key:"value",value:void 0},{kind:"field",decorators:[(0,n.Cb)()],key:"label",value:void 0},{kind:"field",decorators:[(0,n.Cb)()],key:"helper",value:void 0},{kind:"field",decorators:[(0,n.Cb)({type:Boolean,reflect:!0})],key:"disabled",value(){return!1}},{kind:"field",decorators:[(0,n.Cb)({type:Boolean})],key:"required",value(){return!0}},{kind:"method",key:"render",value:function(){return(0,r.dy)(u||(u=h` <ha-navigation-picker .hass="${0}" .label="${0}" .value="${0}" .required="${0}" .disabled="${0}" .helper="${0}" @value-changed="${0}"></ha-navigation-picker> `),this.hass,this.label,this.value,this.required,this.disabled,this.helper,this._valueChanged)}},{kind:"method",key:"_valueChanged",value:function(e){(0,l.B)(this,"value-changed",{value:e.detail.value})}}]}}),r.oi);i()}catch(u){i(u)}}))}}]);
+//# sourceMappingURL=12.ffa1bdc0a98802fa.js.map

supervisor/api/panel/frontend_es5/12.ffa1bdc0a98802fa.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"12.ffa1bdc0a98802fa.js","sources":["https://raw.githubusercontent.com/home-assistant/frontend/20250401.0/src/components/ha-selector/ha-selector-navigation.ts"],"names":["HaNavigationSelector","_decorate","customElement","_initialize","_LitElement","F","constructor","args","d","kind","decorators","property","attribute","key","value","type","Boolean","reflect","html","_t","_","this","hass","label","required","disabled","helper","_valueChanged","ev","fireEvent","detail","LitElement"],"mappings":"mVAQaA,GAAoBC,EAAAA,EAAAA,GAAA,EADhCC,EAAAA,EAAAA,IAAc,4BAAyB,SAAAC,EAAAC,GAiCvC,OAAAC,EAjCD,cACiCD,EAAoBE,WAAAA,IAAAC,GAAA,SAAAA,GAAAJ,EAAA,QAApBK,EAAA,EAAAC,KAAA,QAAAC,WAAA,EAC9BC,EAAAA,EAAAA,IAAS,CAAEC,WAAW,KAAQC,IAAA,OAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAE9BC,EAAAA,EAAAA,IAAS,CAAEC,WAAW,KAAQC,IAAA,WAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAE9BC,EAAAA,EAAAA,OAAUE,IAAA,QAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAEVC,EAAAA,EAAAA,OAAUE,IAAA,QAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAEVC,EAAAA,EAAAA,OAAUE,IAAA,SAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAEVC,EAAAA,EAAAA,IAAS,CAAEI,KAAMC,QAASC,SAAS,KAAOJ,IAAA,WAAAC,KAAAA,GAAA,OAAmB,CAAK,IAAAL,KAAA,QAAAC,WAAA,EAElEC,EAAAA,EAAAA,IAAS,CAAEI,KAAMC,WAAUH,IAAA,WAAAC,KAAAA,GAAA,OAAmB,CAAI,IAAAL,KAAA,SAAAI,IAAA,SAAAC,MAEnD,WACE,OAAOI,EAAAA,EAAAA,IAAIC,IAAAA,EAAAC,CAAA,mKAECC,KAAKC,KACJD,KAAKE,MACLF,KAAKP,MACFO,KAAKG,SACLH,KAAKI,SACPJ,KAAKK,OACEL,KAAKM,cAG5B,GAAC,CAAAlB,KAAA,SAAAI,IAAA,gBAAAC,MAED,SAAsBc,IACpBC,EAAAA,EAAAA,GAAUR,KAAM,gBAAiB,CAAEP,MAAOc,EAAGE,OAAOhB,OACtD,IAAC,GA/BuCiB,EAAAA,I"}

supervisor/api/panel/frontend_es5/1236.64ca65d0ea4d76d4.js

@@ -0,0 +1,2 @@
+(self.webpackChunkhome_assistant_frontend=self.webpackChunkhome_assistant_frontend||[]).push([["1236"],{4121:function(){Intl.PluralRules&&"function"==typeof Intl.PluralRules.__addLocaleData&&Intl.PluralRules.__addLocaleData({data:{categories:{cardinal:["one","other"],ordinal:["one","two","few","other"]},fn:function(e,n){var t=String(e).split("."),a=!t[1],l=Number(t[0])==e,o=l&&t[0].slice(-1),r=l&&t[0].slice(-2);return n?1==o&&11!=r?"one":2==o&&12!=r?"two":3==o&&13!=r?"few":"other":1==e&&a?"one":"other"}},locale:"en"})}}]);
+//# sourceMappingURL=1236.64ca65d0ea4d76d4.js.map

supervisor/api/panel/frontend_es5/1236.64ca65d0ea4d76d4.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"1236.64ca65d0ea4d76d4.js","sources":["/unknown/node_modules/@formatjs/intl-pluralrules/locale-data/en.js"],"names":["Intl","PluralRules","__addLocaleData","n","ord","s","String","split","v0","t0","Number","n10","slice","n100"],"mappings":"wHAEIA,KAAKC,aAA2D,mBAArCD,KAAKC,YAAYC,iBAC9CF,KAAKC,YAAYC,gBAAgB,CAAC,KAAO,CAAC,WAAa,CAAC,SAAW,CAAC,MAAM,SAAS,QAAU,CAAC,MAAM,MAAM,MAAM,UAAU,GAAK,SAASC,EAAGC,GAC3I,IAAIC,EAAIC,OAAOH,GAAGI,MAAM,KAAMC,GAAMH,EAAE,GAAII,EAAKC,OAAOL,EAAE,KAAOF,EAAGQ,EAAMF,GAAMJ,EAAE,GAAGO,OAAO,GAAIC,EAAOJ,GAAMJ,EAAE,GAAGO,OAAO,GACvH,OAAIR,EAAmB,GAAPO,GAAoB,IAARE,EAAa,MAC9B,GAAPF,GAAoB,IAARE,EAAa,MAClB,GAAPF,GAAoB,IAARE,EAAa,MACzB,QACQ,GAALV,GAAUK,EAAK,MAAQ,OAChC,GAAG,OAAS,M"}

supervisor/api/panel/frontend_es5/1295.d3a5058b570b3a9e.js

@@ -0,0 +1 @@
+"use strict";(self.webpackChunkhome_assistant_frontend=self.webpackChunkhome_assistant_frontend||[]).push([["1295"],{21393:function(s,n,e){e.r(n)}}]);