Remove discovery config validation from supervisor (#4937)

* Remove discovery config validation from supervisor

* Remove invalid test

* Change validation to require a dictionary for compatibility

.devcontainer/devcontainer.json

@@ -7,34 +7,34 @@
   "appPort": ["9123:8123", "7357:4357"],
   "postCreateCommand": "bash devcontainer_bootstrap",
   "runArgs": ["-e", "GIT_EDITOR=code --wait", "--privileged"],
-  "extensions": [
-    "ms-python.python",
-    "ms-python.vscode-pylance",
-    "visualstudioexptteam.vscodeintellicode",
-    "esbenp.prettier-vscode"
-  ],
-  "mounts": ["type=volume,target=/var/lib/docker"],
-  "settings": {
-    "terminal.integrated.profiles.linux": {
-      "zsh": {
-        "path": "/usr/bin/zsh"
+  "customizations": {
+    "vscode": {
+      "extensions": [
+        "charliermarsh.ruff",
+        "ms-python.pylint",
+        "ms-python.vscode-pylance",
+        "visualstudioexptteam.vscodeintellicode",
+        "redhat.vscode-yaml",
+        "esbenp.prettier-vscode",
+        "GitHub.vscode-pull-request-github"
+      ],
+      "settings": {
+        "terminal.integrated.profiles.linux": {
+          "zsh": {
+            "path": "/usr/bin/zsh"
+          }
+        },
+        "terminal.integrated.defaultProfile.linux": "zsh",
+        "editor.formatOnPaste": false,
+        "editor.formatOnSave": true,
+        "editor.formatOnType": true,
+        "files.trimTrailingWhitespace": true,
+        "python.pythonPath": "/usr/local/bin/python3",
+        "[python]": {
+          "editor.defaultFormatter": "charliermarsh.ruff"
+        }
       }
-    },
-    "terminal.integrated.defaultProfile.linux": "zsh",
-    "editor.formatOnPaste": false,
-    "editor.formatOnSave": true,
-    "editor.formatOnType": true,
-    "files.trimTrailingWhitespace": true,
-    "python.pythonPath": "/usr/local/bin/python3",
-    "python.linting.pylintEnabled": true,
-    "python.linting.enabled": true,
-    "python.formatting.provider": "black",
-    "python.formatting.blackArgs": ["--target-version", "py310"],
-    "python.formatting.blackPath": "/usr/local/bin/black",
-    "python.linting.banditPath": "/usr/local/bin/bandit",
-    "python.linting.flake8Path": "/usr/local/bin/flake8",
-    "python.linting.mypyPath": "/usr/local/bin/mypy",
-    "python.linting.pylintPath": "/usr/local/bin/pylint",
-    "python.linting.pydocstylePath": "/usr/local/bin/pydocstyle"
-  }
+    }
+  },
+  "mounts": ["type=volume,target=/var/lib/docker"]
 }

.github/PULL_REQUEST_TEMPLATE.md

@@ -52,7 +52,7 @@
 - [ ] Local tests pass. **Your PR cannot be merged unless tests pass**
 - [ ] There is no commented out code in this PR.
 - [ ] I have followed the [development checklist][dev-checklist]
-- [ ] The code has been formatted using Black (`black --fast supervisor tests`)
+- [ ] The code has been formatted using Ruff (`ruff format supervisor tests`)
 - [ ] Tests have been added to verify that the new code works.
 
 If API endpoints of add-on configuration are added/changed:

.github/workflows/builder.yml

@@ -33,7 +33,7 @@ on:
       - setup.py
 
 env:
-  DEFAULT_PYTHON: "3.11"
+  DEFAULT_PYTHON: "3.12"
   BUILD_NAME: supervisor
   BUILD_TYPE: supervisor
 
@@ -53,7 +53,7 @@ jobs:
       requirements: ${{ steps.requirements.outputs.changed }}
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.1.1
         with:
           fetch-depth: 0
 
@@ -70,25 +70,29 @@ jobs:
       - name: Get changed files
         id: changed_files
         if: steps.version.outputs.publish == 'false'
-        uses: jitterbit/get-changed-files@v1
+        uses: masesgroup/retrieve-changed-files@v3.0.0
 
       - name: Check if requirements files changed
         id: requirements
         run: |
-          if [[ "${{ steps.changed_files.outputs.all }}" =~ (requirements.txt|build.json) ]]; then
-            echo "::set-output name=changed::true"
+          if [[ "${{ steps.changed_files.outputs.all }}" =~ (requirements.txt|build.yaml) ]]; then
+            echo "changed=true" >> "$GITHUB_OUTPUT"
           fi
 
   build:
     name: Build ${{ matrix.arch }} supervisor
     needs: init
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      id-token: write
+      packages: write
     strategy:
       matrix:
         arch: ${{ fromJson(needs.init.outputs.architectures) }}
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.1.1
         with:
           fetch-depth: 0
 
@@ -102,13 +106,13 @@ jobs:
 
       - name: Build wheels
         if: needs.init.outputs.requirements == 'true'
-        uses: home-assistant/wheels@2023.04.0
+        uses: home-assistant/wheels@2024.01.0
         with:
-          abi: cp311
+          abi: cp312
           tag: musllinux_1_2
           arch: ${{ matrix.arch }}
           wheels-key: ${{ secrets.WHEELS_KEY }}
-          apk: "libffi-dev;openssl-dev"
+          apk: "libffi-dev;openssl-dev;yaml-dev"
           skip-binary: aiohttp
           env-file: true
           requirements: "requirements.txt"
@@ -119,16 +123,33 @@ jobs:
         with:
           type: ${{ env.BUILD_TYPE }}
 
-      - name: Login to DockerHub
+      - name: Set up Python ${{ env.DEFAULT_PYTHON }}
         if: needs.init.outputs.publish == 'true'
-        uses: docker/login-action@v2.2.0
+        uses: actions/setup-python@v5.0.0
         with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
+          python-version: ${{ env.DEFAULT_PYTHON }}
+
+      - name: Install Cosign
+        if: needs.init.outputs.publish == 'true'
+        uses: sigstore/cosign-installer@v3.4.0
+        with:
+          cosign-release: "v2.0.2"
+
+      - name: Install dirhash and calc hash
+        if: needs.init.outputs.publish == 'true'
+        run: |
+          pip3 install setuptools dirhash
+          dir_hash="$(dirhash "${{ github.workspace }}/supervisor" -a sha256 --match "*.py")"
+          echo "${dir_hash}" > rootfs/supervisor.sha256
+
+      - name: Sign supervisor SHA256
+        if: needs.init.outputs.publish == 'true'
+        run: |
+          cosign sign-blob --yes rootfs/supervisor.sha256 --bundle rootfs/supervisor.sha256.sig
 
       - name: Login to GitHub Container Registry
         if: needs.init.outputs.publish == 'true'
-        uses: docker/login-action@v2.2.0
+        uses: docker/login-action@v3.0.0
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
@@ -139,55 +160,17 @@ jobs:
         run: echo "BUILD_ARGS=--test" >> $GITHUB_ENV
 
       - name: Build supervisor
-        uses: home-assistant/builder@2023.06.0
+        uses: home-assistant/builder@2024.01.0
         with:
           args: |
             $BUILD_ARGS \
             --${{ matrix.arch }} \
             --target /data \
+            --cosign \
             --generic ${{ needs.init.outputs.version }}
         env:
           CAS_API_KEY: ${{ secrets.CAS_TOKEN }}
 
-  codenotary:
-    name: CAS signature
-    needs: init
-    runs-on: ubuntu-latest
-    steps:
-      - name: Checkout the repository
-        if: needs.init.outputs.publish == 'true'
-        uses: actions/checkout@v3.5.3
-        with:
-          fetch-depth: 0
-
-      - name: Set up Python ${{ env.DEFAULT_PYTHON }}
-        if: needs.init.outputs.publish == 'true'
-        uses: actions/setup-python@v4.6.1
-        with:
-          python-version: ${{ env.DEFAULT_PYTHON }}
-
-      - name: Set version
-        if: needs.init.outputs.publish == 'true'
-        uses: home-assistant/actions/helpers/version@master
-        with:
-          type: ${{ env.BUILD_TYPE }}
-
-      - name: Install dirhash and calc hash
-        if: needs.init.outputs.publish == 'true'
-        id: dirhash
-        run: |
-          pip3 install dirhash
-          dir_hash="$(dirhash "${{ github.workspace }}/supervisor" -a sha256 --match "*.py")"
-          echo "::set-output name=dirhash::${dir_hash}"
-
-      - name: Signing Source
-        if: needs.init.outputs.publish == 'true'
-        uses: home-assistant/actions/helpers/codenotary@master
-        with:
-          source: hash://${{ steps.dirhash.outputs.dirhash }}
-          asset: supervisor-${{ needs.init.outputs.version }}
-          token: ${{ secrets.CAS_TOKEN }}
-
   version:
     name: Update version
     needs: ["init", "run_supervisor"]
@@ -195,7 +178,7 @@ jobs:
     steps:
       - name: Checkout the repository
         if: needs.init.outputs.publish == 'true'
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.1.1
 
       - name: Initialize git
         if: needs.init.outputs.publish == 'true'
@@ -216,15 +199,15 @@ jobs:
   run_supervisor:
     runs-on: ubuntu-latest
     name: Run the Supervisor
-    needs: ["build", "codenotary", "init"]
+    needs: ["build", "init"]
     timeout-minutes: 60
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.1.1
 
       - name: Build the Supervisor
         if: needs.init.outputs.publish != 'true'
-        uses: home-assistant/builder@2023.06.0
+        uses: home-assistant/builder@2024.01.0
         with:
           args: |
             --test \
@@ -236,7 +219,7 @@ jobs:
         if: needs.init.outputs.publish == 'true'
         run: |
           docker pull ghcr.io/home-assistant/amd64-hassio-supervisor:${{ needs.init.outputs.version }}
-          docker tag ghcr.io/home-assistant/amd64-hassio-supervisor:${{ needs.init.outputs.version }} homeassistant/amd64-hassio-supervisor:runner
+          docker tag ghcr.io/home-assistant/amd64-hassio-supervisor:${{ needs.init.outputs.version }} ghcr.io/home-assistant/amd64-hassio-supervisor:runner
 
       - name: Create the Supervisor
         run: |
@@ -253,7 +236,7 @@ jobs:
             -e SUPERVISOR_NAME=hassio_supervisor \
             -e SUPERVISOR_DEV=1 \
             -e SUPERVISOR_MACHINE="qemux86-64" \
-          homeassistant/amd64-hassio-supervisor:runner
+          ghcr.io/home-assistant/amd64-hassio-supervisor:runner
 
       - name: Start the Supervisor
         run: docker start hassio_supervisor
@@ -341,7 +324,7 @@ jobs:
           if [ "$(echo $test | jq -r '.result')" != "ok" ]; then
             exit 1
           fi
-          echo "::set-output name=slug::$(echo $test | jq -r '.data.slug')"
+          echo "slug=$(echo $test | jq -r '.data.slug')" >> "$GITHUB_OUTPUT"
 
       - name: Uninstall SSH add-on
         run: |

.github/workflows/ci.yaml

@@ -8,9 +8,8 @@ on:
   pull_request: ~
 
 env:
-  DEFAULT_PYTHON: "3.11"
-  PRE_COMMIT_HOME: ~/.cache/pre-commit
-  DEFAULT_CAS: v1.0.2
+  DEFAULT_PYTHON: "3.12"
+  PRE_COMMIT_CACHE: ~/.cache/pre-commit
 
 concurrency:
   group: "${{ github.workflow }}-${{ github.ref }}"
@@ -26,15 +25,15 @@ jobs:
     name: Prepare Python dependencies
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.1.1
       - name: Set up Python
         id: python
-        uses: actions/setup-python@v4.6.1
+        uses: actions/setup-python@v5.0.0
         with:
           python-version: ${{ env.DEFAULT_PYTHON }}
       - name: Restore Python virtual environment
         id: cache-venv
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@v4.0.1
         with:
           path: venv
           key: |
@@ -48,9 +47,10 @@ jobs:
           pip install -r requirements.txt -r requirements_tests.txt
       - name: Restore pre-commit environment from cache
         id: cache-precommit
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@v4.0.1
         with:
-          path: ${{ env.PRE_COMMIT_HOME }}
+          path: ${{ env.PRE_COMMIT_CACHE }}
+          lookup-only: true
           key: |
             ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
           restore-keys: |
@@ -61,21 +61,21 @@ jobs:
           . venv/bin/activate
           pre-commit install-hooks
 
-  lint-black:
-    name: Check black
+  lint-ruff-format:
+    name: Check ruff-format
     runs-on: ubuntu-latest
     needs: prepare
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.1.1
       - name: Set up Python ${{ needs.prepare.outputs.python-version }}
-        uses: actions/setup-python@v4.6.1
+        uses: actions/setup-python@v5.0.0
         id: python
         with:
           python-version: ${{ needs.prepare.outputs.python-version }}
       - name: Restore Python virtual environment
         id: cache-venv
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@v4.0.1
         with:
           path: venv
           key: |
@@ -85,10 +85,67 @@ jobs:
         run: |
           echo "Failed to restore Python virtual environment from cache"
           exit 1
-      - name: Run black
+      - name: Restore pre-commit environment from cache
+        id: cache-precommit
+        uses: actions/cache@v4.0.1
+        with:
+          path: ${{ env.PRE_COMMIT_CACHE }}
+          key: |
+            ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
+      - name: Fail job if cache restore failed
+        if: steps.cache-venv.outputs.cache-hit != 'true'
+        run: |
+          echo "Failed to restore Python virtual environment from cache"
+          exit 1
+      - name: Run ruff-format
         run: |
           . venv/bin/activate
-          black --target-version py38 --check supervisor tests setup.py
+          pre-commit run --hook-stage manual ruff-format --all-files --show-diff-on-failure
+        env:
+          RUFF_OUTPUT_FORMAT: github
+
+  lint-ruff:
+    name: Check ruff
+    runs-on: ubuntu-latest
+    needs: prepare
+    steps:
+      - name: Check out code from GitHub
+        uses: actions/checkout@v4.1.1
+      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
+        uses: actions/setup-python@v5.0.0
+        id: python
+        with:
+          python-version: ${{ needs.prepare.outputs.python-version }}
+      - name: Restore Python virtual environment
+        id: cache-venv
+        uses: actions/cache@v4.0.1
+        with:
+          path: venv
+          key: |
+            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
+      - name: Fail job if Python cache restore failed
+        if: steps.cache-venv.outputs.cache-hit != 'true'
+        run: |
+          echo "Failed to restore Python virtual environment from cache"
+          exit 1
+      - name: Restore pre-commit environment from cache
+        id: cache-precommit
+        uses: actions/cache@v4.0.1
+        with:
+          path: ${{ env.PRE_COMMIT_CACHE }}
+          key: |
+            ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
+      - name: Fail job if cache restore failed
+        if: steps.cache-venv.outputs.cache-hit != 'true'
+        run: |
+          echo "Failed to restore Python virtual environment from cache"
+          exit 1
+      - name: Run ruff
+        run: |
+          . venv/bin/activate
+          pre-commit run --hook-stage manual ruff --all-files --show-diff-on-failure
+        env:
+          RUFF_OUTPUT_FORMAT: github
 
   lint-dockerfile:
     name: Check Dockerfile
@@ -96,7 +153,7 @@ jobs:
     needs: prepare
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.1.1
       - name: Register hadolint problem matcher
         run: |
           echo "::add-matcher::.github/workflows/matchers/hadolint.json"
@@ -111,15 +168,15 @@ jobs:
     needs: prepare
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.1.1
       - name: Set up Python ${{ needs.prepare.outputs.python-version }}
-        uses: actions/setup-python@v4.6.1
+        uses: actions/setup-python@v5.0.0
         id: python
         with:
           python-version: ${{ needs.prepare.outputs.python-version }}
       - name: Restore Python virtual environment
         id: cache-venv
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@v4.0.1
         with:
           path: venv
           key: |
@@ -131,9 +188,9 @@ jobs:
           exit 1
       - name: Restore pre-commit environment from cache
         id: cache-precommit
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@v4.0.1
         with:
-          path: ${{ env.PRE_COMMIT_HOME }}
+          path: ${{ env.PRE_COMMIT_CACHE }}
           key: |
             ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
       - name: Fail job if cache restore failed
@@ -149,94 +206,21 @@ jobs:
           . venv/bin/activate
           pre-commit run --hook-stage manual check-executables-have-shebangs --all-files
 
-  lint-flake8:
-    name: Check flake8
-    runs-on: ubuntu-latest
-    needs: prepare
-    steps:
-      - name: Check out code from GitHub
-        uses: actions/checkout@v3.5.3
-      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
-        uses: actions/setup-python@v4.6.1
-        id: python
-        with:
-          python-version: ${{ needs.prepare.outputs.python-version }}
-      - name: Restore Python virtual environment
-        id: cache-venv
-        uses: actions/cache@v3.3.1
-        with:
-          path: venv
-          key: |
-            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
-      - name: Fail job if Python cache restore failed
-        if: steps.cache-venv.outputs.cache-hit != 'true'
-        run: |
-          echo "Failed to restore Python virtual environment from cache"
-          exit 1
-      - name: Register flake8 problem matcher
-        run: |
-          echo "::add-matcher::.github/workflows/matchers/flake8.json"
-      - name: Run flake8
-        run: |
-          . venv/bin/activate
-          flake8 supervisor tests
-
-  lint-isort:
-    name: Check isort
-    runs-on: ubuntu-latest
-    needs: prepare
-    steps:
-      - name: Check out code from GitHub
-        uses: actions/checkout@v3.5.3
-      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
-        uses: actions/setup-python@v4.6.1
-        id: python
-        with:
-          python-version: ${{ needs.prepare.outputs.python-version }}
-      - name: Restore Python virtual environment
-        id: cache-venv
-        uses: actions/cache@v3.3.1
-        with:
-          path: venv
-          key: |
-            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
-      - name: Fail job if Python cache restore failed
-        if: steps.cache-venv.outputs.cache-hit != 'true'
-        run: |
-          echo "Failed to restore Python virtual environment from cache"
-          exit 1
-      - name: Restore pre-commit environment from cache
-        id: cache-precommit
-        uses: actions/cache@v3.3.1
-        with:
-          path: ${{ env.PRE_COMMIT_HOME }}
-          key: |
-            ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
-      - name: Fail job if cache restore failed
-        if: steps.cache-venv.outputs.cache-hit != 'true'
-        run: |
-          echo "Failed to restore Python virtual environment from cache"
-          exit 1
-      - name: Run isort
-        run: |
-          . venv/bin/activate
-          pre-commit run --hook-stage manual isort --all-files --show-diff-on-failure
-
   lint-json:
     name: Check JSON
     runs-on: ubuntu-latest
     needs: prepare
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.1.1
       - name: Set up Python ${{ needs.prepare.outputs.python-version }}
-        uses: actions/setup-python@v4.6.1
+        uses: actions/setup-python@v5.0.0
         id: python
         with:
           python-version: ${{ needs.prepare.outputs.python-version }}
       - name: Restore Python virtual environment
         id: cache-venv
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@v4.0.1
         with:
           path: venv
           key: |
@@ -248,9 +232,9 @@ jobs:
           exit 1
       - name: Restore pre-commit environment from cache
         id: cache-precommit
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@v4.0.1
         with:
-          path: ${{ env.PRE_COMMIT_HOME }}
+          path: ${{ env.PRE_COMMIT_CACHE }}
           key: |
             ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
       - name: Fail job if cache restore failed
@@ -272,15 +256,15 @@ jobs:
     needs: prepare
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.1.1
       - name: Set up Python ${{ needs.prepare.outputs.python-version }}
-        uses: actions/setup-python@v4.6.1
+        uses: actions/setup-python@v5.0.0
         id: python
         with:
           python-version: ${{ needs.prepare.outputs.python-version }}
       - name: Restore Python virtual environment
         id: cache-venv
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@v4.0.1
         with:
           path: venv
           key: |
@@ -298,66 +282,25 @@ jobs:
           . venv/bin/activate
           pylint supervisor tests
 
-  lint-pyupgrade:
-    name: Check pyupgrade
-    runs-on: ubuntu-latest
-    needs: prepare
-    steps:
-      - name: Check out code from GitHub
-        uses: actions/checkout@v3.5.3
-      - name: Set up Python ${{ needs.prepare.outputs.python-version }}
-        uses: actions/setup-python@v4.6.1
-        id: python
-        with:
-          python-version: ${{ needs.prepare.outputs.python-version }}
-      - name: Restore Python virtual environment
-        id: cache-venv
-        uses: actions/cache@v3.3.1
-        with:
-          path: venv
-          key: |
-            ${{ runner.os }}-venv-${{ needs.prepare.outputs.python-version }}-${{ hashFiles('requirements.txt') }}-${{ hashFiles('requirements_tests.txt') }}
-      - name: Fail job if Python cache restore failed
-        if: steps.cache-venv.outputs.cache-hit != 'true'
-        run: |
-          echo "Failed to restore Python virtual environment from cache"
-          exit 1
-      - name: Restore pre-commit environment from cache
-        id: cache-precommit
-        uses: actions/cache@v3.3.1
-        with:
-          path: ${{ env.PRE_COMMIT_HOME }}
-          key: |
-            ${{ runner.os }}-pre-commit-${{ hashFiles('.pre-commit-config.yaml') }}
-      - name: Fail job if cache restore failed
-        if: steps.cache-venv.outputs.cache-hit != 'true'
-        run: |
-          echo "Failed to restore Python virtual environment from cache"
-          exit 1
-      - name: Run pyupgrade
-        run: |
-          . venv/bin/activate
-          pre-commit run --hook-stage manual pyupgrade --all-files --show-diff-on-failure
-
   pytest:
     runs-on: ubuntu-latest
     needs: prepare
     name: Run tests Python ${{ needs.prepare.outputs.python-version }}
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.1.1
       - name: Set up Python ${{ needs.prepare.outputs.python-version }}
-        uses: actions/setup-python@v4.6.1
+        uses: actions/setup-python@v5.0.0
         id: python
         with:
           python-version: ${{ needs.prepare.outputs.python-version }}
-      - name: Install CAS tools
-        uses: home-assistant/actions/helpers/cas@master
+      - name: Install Cosign
+        uses: sigstore/cosign-installer@v3.4.0
         with:
-          version: ${{ env.DEFAULT_CAS }}
+          cosign-release: "v2.0.2"
       - name: Restore Python virtual environment
         id: cache-venv
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@v4.0.1
         with:
           path: venv
           key: |
@@ -392,7 +335,7 @@ jobs:
             -o console_output_style=count \
             tests
       - name: Upload coverage artifact
-        uses: actions/upload-artifact@v3.1.2
+        uses: actions/upload-artifact@v4.3.1
         with:
           name: coverage-${{ matrix.python-version }}
           path: .coverage
@@ -403,15 +346,15 @@ jobs:
     needs: ["pytest", "prepare"]
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.1.1
       - name: Set up Python ${{ needs.prepare.outputs.python-version }}
-        uses: actions/setup-python@v4.6.1
+        uses: actions/setup-python@v5.0.0
         id: python
         with:
           python-version: ${{ needs.prepare.outputs.python-version }}
       - name: Restore Python virtual environment
         id: cache-venv
-        uses: actions/cache@v3.3.1
+        uses: actions/cache@v4.0.1
         with:
           path: venv
           key: |
@@ -422,7 +365,7 @@ jobs:
           echo "Failed to restore Python virtual environment from cache"
           exit 1
       - name: Download all coverage artifacts
-        uses: actions/download-artifact@v3
+        uses: actions/download-artifact@v4.1.4
       - name: Combine coverage results
         run: |
           . venv/bin/activate
@@ -430,4 +373,4 @@ jobs:
           coverage report
           coverage xml
       - name: Upload coverage to Codecov
-        uses: codecov/codecov-action@v3.1.4
+        uses: codecov/codecov-action@v4.1.0

.github/workflows/lock.yml

@@ -9,7 +9,7 @@ jobs:
   lock:
     runs-on: ubuntu-latest
     steps:
-      - uses: dessant/lock-threads@v4.0.1
+      - uses: dessant/lock-threads@v5.0.1
         with:
           github-token: ${{ github.token }}
           issue-inactive-days: "30"

.github/workflows/matchers/flake8.json

@@ -1,30 +0,0 @@
-{
-  "problemMatcher": [
-    {
-      "owner": "flake8-error",
-      "severity": "error",
-      "pattern": [
-        {
-          "regexp": "^(.*):(\\d+):(\\d+):\\s(E\\d{3}\\s.*)$",
-          "file": 1,
-          "line": 2,
-          "column": 3,
-          "message": 4
-        }
-      ]
-    },
-    {
-      "owner": "flake8-warning",
-      "severity": "warning",
-      "pattern": [
-        {
-          "regexp": "^(.*):(\\d+):(\\d+):\\s([CDFNW]\\d{3}\\s.*)$",
-          "file": 1,
-          "line": 2,
-          "column": 3,
-          "message": 4
-        }
-      ]
-    }
-  ]
-}

.github/workflows/release-drafter.yml

@@ -11,7 +11,7 @@ jobs:
     name: Release Drafter
     steps:
       - name: Checkout the repository
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.1.1
         with:
           fetch-depth: 0
 
@@ -33,10 +33,10 @@ jobs:
 
           echo Current version:    $latest
           echo New target version: $datepre.$newpost
-          echo "::set-output name=version::$datepre.$newpost"
+          echo "version=$datepre.$newpost" >> "$GITHUB_OUTPUT"
 
       - name: Run Release Drafter
-        uses: release-drafter/release-drafter@v5.23.0
+        uses: release-drafter/release-drafter@v6.0.0
         with:
           tag: ${{ steps.version.outputs.version }}
           name: ${{ steps.version.outputs.version }}

.github/workflows/sentry.yaml

@@ -10,9 +10,9 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Check out code from GitHub
-        uses: actions/checkout@v3.5.3
+        uses: actions/checkout@v4.1.1
       - name: Sentry Release
-        uses: getsentry/action-release@v1.4.1
+        uses: getsentry/action-release@v1.7.0
         env:
           SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
           SENTRY_ORG: ${{ secrets.SENTRY_ORG }}

.github/workflows/stale.yml

@@ -9,7 +9,7 @@ jobs:
   stale:
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/stale@v8.0.0
+      - uses: actions/stale@v9.0.0
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
           days-before-stale: 30

.hadolint.yaml

@@ -3,4 +3,5 @@ ignored:
   - DL3006
   - DL3013
   - DL3018
+  - DL3042
   - SC2155

.pre-commit-config.yaml

@@ -1,34 +1,15 @@
 repos:
-  - repo: https://github.com/psf/black
-    rev: 23.1.0
+  - repo: https://github.com/astral-sh/ruff-pre-commit
+    rev: v0.2.1
     hooks:
-      - id: black
+      - id: ruff
         args:
-          - --safe
-          - --quiet
-          - --target-version
-          - py310
+          - --fix
+      - id: ruff-format
         files: ^((supervisor|tests)/.+)?[^/]+\.py$
-  - repo: https://github.com/PyCQA/flake8
-    rev: 6.0.0
-    hooks:
-      - id: flake8
-        additional_dependencies:
-          - flake8-docstrings==1.7.0
-          - pydocstyle==6.3.0
-        files: ^(supervisor|script|tests)/.+\.py$
   - repo: https://github.com/pre-commit/pre-commit-hooks
-    rev: v4.3.0
+    rev: v4.5.0
     hooks:
       - id: check-executables-have-shebangs
         stages: [manual]
       - id: check-json
-  - repo: https://github.com/PyCQA/isort
-    rev: 5.12.0
-    hooks:
-      - id: isort
-  - repo: https://github.com/asottile/pyupgrade
-    rev: v3.4.0
-    hooks:
-      - id: pyupgrade
-        args: [--py310-plus]

.vscode/tasks.json

@@ -58,9 +58,23 @@
       "problemMatcher": []
     },
     {
-      "label": "Flake8",
+      "label": "Ruff Check",
       "type": "shell",
-      "command": "flake8 supervisor tests",
+      "command": "ruff check --fix supervisor tests",
+      "group": {
+        "kind": "test",
+        "isDefault": true
+      },
+      "presentation": {
+        "reveal": "always",
+        "panel": "new"
+      },
+      "problemMatcher": []
+    },
+    {
+      "label": "Ruff Format",
+      "type": "shell",
+      "command": "ruff format supervisor tests",
       "group": {
         "kind": "test",
         "isDefault": true

Dockerfile

@@ -7,13 +7,15 @@ ENV \
     CRYPTOGRAPHY_OPENSSL_NO_LEGACY=1
 
 ARG \
-    CAS_VERSION
+    COSIGN_VERSION \
+    BUILD_ARCH
 
 # Install base
 WORKDIR /usr/src
 RUN \
     set -x \
     && apk add --no-cache \
+        findutils \
         eudev \
         eudev-libs \
         git \
@@ -21,33 +23,23 @@ RUN \
         libpulse \
         musl \
         openssl \
-    && apk add --no-cache --virtual .build-dependencies \
-        build-base \
-        go \
+        yaml \
     \
-    && git clone -b "v${CAS_VERSION}" --depth 1 \
-        https://github.com/codenotary/cas \
-    && cd cas \
-    && make cas \
-    && mv cas /usr/bin/cas \
-    \
-    && apk del .build-dependencies \
-    && rm -rf /root/go /root/.cache \
-    && rm -rf /usr/src/cas
+    && curl -Lso /usr/bin/cosign "https://github.com/home-assistant/cosign/releases/download/${COSIGN_VERSION}/cosign_${BUILD_ARCH}" \
+    && chmod a+x /usr/bin/cosign
 
 # Install requirements
 COPY requirements.txt .
 RUN \
     export MAKEFLAGS="-j$(nproc)" \
-    && pip3 install --no-cache-dir --no-index --only-binary=:all: --find-links \
-        "https://wheels.home-assistant.io/musllinux/" \
+    && pip3 install --only-binary=:all: \
         -r ./requirements.txt \
     && rm -f requirements.txt
 
 # Install Home Assistant Supervisor
 COPY . supervisor
 RUN \
-    pip3 install --no-cache-dir -e ./supervisor \
+    pip3 install -e ./supervisor \
     && python3 -m compileall ./supervisor/supervisor
 
 

build.yaml

@@ -1,16 +1,18 @@
-image: homeassistant/{arch}-hassio-supervisor
-shadow_repository: ghcr.io/home-assistant
+image: ghcr.io/home-assistant/{arch}-hassio-supervisor
 build_from:
-  aarch64: ghcr.io/home-assistant/aarch64-base-python:3.11-alpine3.16
-  armhf: ghcr.io/home-assistant/armhf-base-python:3.11-alpine3.16
-  armv7: ghcr.io/home-assistant/armv7-base-python:3.11-alpine3.16
-  amd64: ghcr.io/home-assistant/amd64-base-python:3.11-alpine3.16
-  i386: ghcr.io/home-assistant/i386-base-python:3.11-alpine3.16
+  aarch64: ghcr.io/home-assistant/aarch64-base-python:3.12-alpine3.18
+  armhf: ghcr.io/home-assistant/armhf-base-python:3.12-alpine3.18
+  armv7: ghcr.io/home-assistant/armv7-base-python:3.12-alpine3.18
+  amd64: ghcr.io/home-assistant/amd64-base-python:3.12-alpine3.18
+  i386: ghcr.io/home-assistant/i386-base-python:3.12-alpine3.18
 codenotary:
   signer: notary@home-assistant.io
   base_image: notary@home-assistant.io
+cosign:
+  base_identity: https://github.com/home-assistant/docker-base/.*
+  identity: https://github.com/home-assistant/supervisor/.*
 args:
-  CAS_VERSION: 1.0.2
+  COSIGN_VERSION: 2.0.2
 labels:
   io.hass.type: supervisor
   org.opencontainers.image.title: Home Assistant Supervisor

pylintrc

@@ -1,45 +0,0 @@
-[MASTER]
-reports=no
-jobs=2
-
-good-names=id,i,j,k,ex,Run,_,fp,T,os
-
-extension-pkg-whitelist=
-  ciso8601
-
-# Reasons disabled:
-# format - handled by black
-# locally-disabled - it spams too much
-# duplicate-code - unavoidable
-# cyclic-import - doesn't test if both import on load
-# abstract-class-not-used - is flaky, should not show up but does
-# unused-argument - generic callbacks and setup methods create a lot of warnings
-# too-many-* - are not enforced for the sake of readability
-# too-few-* - same as too-many-*
-# abstract-method - with intro of async there are always methods missing
-disable=
-  format,
-  abstract-method,
-  cyclic-import,
-  duplicate-code,
-  locally-disabled,
-  no-else-return,
-  not-context-manager,
-  too-few-public-methods,
-  too-many-arguments,
-  too-many-branches,
-  too-many-instance-attributes,
-  too-many-lines,
-  too-many-locals,
-  too-many-public-methods,
-  too-many-return-statements,
-  too-many-statements,
-  unused-argument,
-  consider-using-with
-
-[EXCEPTIONS]
-overgeneral-exceptions=builtins.Exception
-
-
-[TYPECHECK]
-ignored-modules = distutils

pyproject.toml

@@ -0,0 +1,371 @@
+[build-system]
+requires = ["setuptools~=68.0.0", "wheel~=0.40.0"]
+build-backend = "setuptools.build_meta"
+
+[project]
+name = "Supervisor"
+dynamic = ["version", "dependencies"]
+license = { text = "Apache-2.0" }
+description = "Open-source private cloud os for Home-Assistant based on HassOS"
+readme = "README.md"
+authors = [
+    { name = "The Home Assistant Authors", email = "hello@home-assistant.io" },
+]
+keywords = ["docker", "home-assistant", "api"]
+requires-python = ">=3.12.0"
+
+[project.urls]
+"Homepage" = "https://www.home-assistant.io/"
+"Source Code" = "https://github.com/home-assistant/supervisor"
+"Bug Reports" = "https://github.com/home-assistant/supervisor/issues"
+"Docs: Dev" = "https://developers.home-assistant.io/"
+"Discord" = "https://www.home-assistant.io/join-chat/"
+"Forum" = "https://community.home-assistant.io/"
+
+[tool.setuptools]
+platforms = ["any"]
+zip-safe = false
+include-package-data = true
+
+[tool.setuptools.packages.find]
+include = ["supervisor*"]
+
+[tool.pylint.MAIN]
+py-version = "3.11"
+# Use a conservative default here; 2 should speed up most setups and not hurt
+# any too bad. Override on command line as appropriate.
+jobs = 2
+persistent = false
+extension-pkg-allow-list = ["ciso8601"]
+
+[tool.pylint.BASIC]
+class-const-naming-style = "any"
+good-names = ["id", "i", "j", "k", "ex", "Run", "_", "fp", "T", "os"]
+
+[tool.pylint."MESSAGES CONTROL"]
+# Reasons disabled:
+# format - handled by ruff
+# abstract-method - with intro of async there are always methods missing
+# cyclic-import - doesn't test if both import on load
+# duplicate-code - unavoidable
+# locally-disabled - it spams too much
+# too-many-* - are not enforced for the sake of readability
+# too-few-* - same as too-many-*
+# unused-argument - generic callbacks and setup methods create a lot of warnings
+disable = [
+    "format",
+    "abstract-method",
+    "cyclic-import",
+    "duplicate-code",
+    "locally-disabled",
+    "no-else-return",
+    "not-context-manager",
+    "too-few-public-methods",
+    "too-many-arguments",
+    "too-many-branches",
+    "too-many-instance-attributes",
+    "too-many-lines",
+    "too-many-locals",
+    "too-many-public-methods",
+    "too-many-return-statements",
+    "too-many-statements",
+    "unused-argument",
+    "consider-using-with",
+
+    # Handled by ruff
+    # Ref: <https://github.com/astral-sh/ruff/issues/970>
+    "await-outside-async",    # PLE1142
+    "bad-str-strip-call",     # PLE1310
+    "bad-string-format-type", # PLE1307
+    "bidirectional-unicode",  # PLE2502
+    "continue-in-finally",    # PLE0116
+    "duplicate-bases",        # PLE0241
+    "format-needs-mapping",   # F502
+    "function-redefined",     # F811
+    # Needed because ruff does not understand type of __all__ generated by a function
+    # "invalid-all-format", # PLE0605
+    "invalid-all-object",                 # PLE0604
+    "invalid-character-backspace",        # PLE2510
+    "invalid-character-esc",              # PLE2513
+    "invalid-character-nul",              # PLE2514
+    "invalid-character-sub",              # PLE2512
+    "invalid-character-zero-width-space", # PLE2515
+    "logging-too-few-args",               # PLE1206
+    "logging-too-many-args",              # PLE1205
+    "missing-format-string-key",          # F524
+    "mixed-format-string",                # F506
+    "no-method-argument",                 # N805
+    "no-self-argument",                   # N805
+    "nonexistent-operator",               # B002
+    "nonlocal-without-binding",           # PLE0117
+    "not-in-loop",                        # F701, F702
+    "notimplemented-raised",              # F901
+    "return-in-init",                     # PLE0101
+    "return-outside-function",            # F706
+    "syntax-error",                       # E999
+    "too-few-format-args",                # F524
+    "too-many-format-args",               # F522
+    "too-many-star-expressions",          # F622
+    "truncated-format-string",            # F501
+    "undefined-all-variable",             # F822
+    "undefined-variable",                 # F821
+    "used-prior-global-declaration",      # PLE0118
+    "yield-inside-async-function",        # PLE1700
+    "yield-outside-function",             # F704
+    "anomalous-backslash-in-string",      # W605
+    "assert-on-string-literal",           # PLW0129
+    "assert-on-tuple",                    # F631
+    "bad-format-string",                  # W1302, F
+    "bad-format-string-key",              # W1300, F
+    "bare-except",                        # E722
+    "binary-op-exception",                # PLW0711
+    "cell-var-from-loop",                 # B023
+    # "dangerous-default-value", # B006, ruff catches new occurrences, needs more work
+    "duplicate-except",                     # B014
+    "duplicate-key",                        # F601
+    "duplicate-string-formatting-argument", # F
+    "duplicate-value",                      # F
+    "eval-used",                            # PGH001
+    "exec-used",                            # S102
+    # "expression-not-assigned", # B018, ruff catches new occurrences, needs more work
+    "f-string-without-interpolation",      # F541
+    "forgotten-debug-statement",           # T100
+    "format-string-without-interpolation", # F
+    # "global-statement", # PLW0603, ruff catches new occurrences, needs more work
+    "global-variable-not-assigned",  # PLW0602
+    "implicit-str-concat",           # ISC001
+    "import-self",                   # PLW0406
+    "inconsistent-quotes",           # Q000
+    "invalid-envvar-default",        # PLW1508
+    "keyword-arg-before-vararg",     # B026
+    "logging-format-interpolation",  # G
+    "logging-fstring-interpolation", # G
+    "logging-not-lazy",              # G
+    "misplaced-future",              # F404
+    "named-expr-without-context",    # PLW0131
+    "nested-min-max",                # PLW3301
+    # "pointless-statement", # B018, ruff catches new occurrences, needs more work
+    "raise-missing-from", # TRY200
+    # "redefined-builtin", # A001, ruff is way more stricter, needs work
+    "try-except-raise",               # TRY302
+    "unused-argument",                # ARG001, we don't use it
+    "unused-format-string-argument",  #F507
+    "unused-format-string-key",       # F504
+    "unused-import",                  # F401
+    "unused-variable",                # F841
+    "useless-else-on-loop",           # PLW0120
+    "wildcard-import",                # F403
+    "bad-classmethod-argument",       # N804
+    "consider-iterating-dictionary",  # SIM118
+    "empty-docstring",                # D419
+    "invalid-name",                   # N815
+    "line-too-long",                  # E501, disabled globally
+    "missing-class-docstring",        # D101
+    "missing-final-newline",          # W292
+    "missing-function-docstring",     # D103
+    "missing-module-docstring",       # D100
+    "multiple-imports",               #E401
+    "singleton-comparison",           # E711, E712
+    "subprocess-run-check",           # PLW1510
+    "superfluous-parens",             # UP034
+    "ungrouped-imports",              # I001
+    "unidiomatic-typecheck",          # E721
+    "unnecessary-direct-lambda-call", # PLC3002
+    "unnecessary-lambda-assignment",  # PLC3001
+    "unneeded-not",                   # SIM208
+    "useless-import-alias",           # PLC0414
+    "wrong-import-order",             # I001
+    "wrong-import-position",          # E402
+    "comparison-of-constants",        # PLR0133
+    "comparison-with-itself",         # PLR0124
+    # "consider-alternative-union-syntax", # UP007, typing extension
+    "consider-merging-isinstance", # PLR1701
+    # "consider-using-alias",              # UP006, typing extension
+    "consider-using-dict-comprehension", # C402
+    "consider-using-generator",          # C417
+    "consider-using-get",                # SIM401
+    "consider-using-set-comprehension",  # C401
+    "consider-using-sys-exit",           # PLR1722
+    "consider-using-ternary",            # SIM108
+    "literal-comparison",                # F632
+    "property-with-parameters",          # PLR0206
+    "super-with-arguments",              # UP008
+    "too-many-branches",                 # PLR0912
+    "too-many-return-statements",        # PLR0911
+    "too-many-statements",               # PLR0915
+    "trailing-comma-tuple",              # COM818
+    "unnecessary-comprehension",         # C416
+    "use-a-generator",                   # C417
+    "use-dict-literal",                  # C406
+    "use-list-literal",                  # C405
+    "useless-object-inheritance",        # UP004
+    "useless-return",                    # PLR1711
+    # "no-self-use", # PLR6301  # Optional plugin, not enabled
+]
+
+[tool.pylint.REPORTS]
+score = false
+
+[tool.pylint.TYPECHECK]
+ignored-modules = ["distutils"]
+
+[tool.pylint.FORMAT]
+expected-line-ending-format = "LF"
+
+[tool.pylint.EXCEPTIONS]
+overgeneral-exceptions = ["builtins.BaseException", "builtins.Exception"]
+
+[tool.pytest.ini_options]
+testpaths = ["tests"]
+norecursedirs = [".git"]
+log_format = "%(asctime)s.%(msecs)03d %(levelname)-8s %(threadName)s %(name)s:%(filename)s:%(lineno)s %(message)s"
+log_date_format = "%Y-%m-%d %H:%M:%S"
+asyncio_mode = "auto"
+filterwarnings = [
+    "error",
+    "ignore:pkg_resources is deprecated as an API:DeprecationWarning:dirhash",
+    "ignore::pytest.PytestUnraisableExceptionWarning",
+]
+
+[tool.ruff]
+select = [
+    "B002",    # Python does not support the unary prefix increment
+    "B007",    # Loop control variable {name} not used within loop body
+    "B014",    # Exception handler with duplicate exception
+    "B023",    # Function definition does not bind loop variable {name}
+    "B026",    # Star-arg unpacking after a keyword argument is strongly discouraged
+    "C",       # complexity
+    "COM818",  # Trailing comma on bare tuple prohibited
+    "D",       # docstrings
+    "DTZ003",  # Use datetime.now(tz=) instead of datetime.utcnow()
+    "DTZ004",  # Use datetime.fromtimestamp(ts, tz=) instead of datetime.utcfromtimestamp(ts)
+    "E",       # pycodestyle
+    "F",       # pyflakes/autoflake
+    "G",       # flake8-logging-format
+    "I",       # isort
+    "ICN001",  # import concentions; {name} should be imported as {asname}
+    "N804",    # First argument of a class method should be named cls
+    "N805",    # First argument of a method should be named self
+    "N815",    # Variable {name} in class scope should not be mixedCase
+    "PGH001",  # No builtin eval() allowed
+    "PGH004",  # Use specific rule codes when using noqa
+    "PLC0414", # Useless import alias. Import alias does not rename original package.
+    "PLC",     # pylint
+    "PLE",     # pylint
+    "PLR",     # pylint
+    "PLW",     # pylint
+    "Q000",    # Double quotes found but single quotes preferred
+    "RUF006",  # Store a reference to the return value of asyncio.create_task
+    "S102",    # Use of exec detected
+    "S103",    # bad-file-permissions
+    "S108",    # hardcoded-temp-file
+    "S306",    # suspicious-mktemp-usage
+    "S307",    # suspicious-eval-usage
+    "S313",    # suspicious-xmlc-element-tree-usage
+    "S314",    # suspicious-xml-element-tree-usage
+    "S315",    # suspicious-xml-expat-reader-usage
+    "S316",    # suspicious-xml-expat-builder-usage
+    "S317",    # suspicious-xml-sax-usage
+    "S318",    # suspicious-xml-mini-dom-usage
+    "S319",    # suspicious-xml-pull-dom-usage
+    "S320",    # suspicious-xmle-tree-usage
+    "S601",    # paramiko-call
+    "S602",    # subprocess-popen-with-shell-equals-true
+    "S604",    # call-with-shell-equals-true
+    "S608",    # hardcoded-sql-expression
+    "S609",    # unix-command-wildcard-injection
+    "SIM105",  # Use contextlib.suppress({exception}) instead of try-except-pass
+    "SIM117",  # Merge with-statements that use the same scope
+    "SIM118",  # Use {key} in {dict} instead of {key} in {dict}.keys()
+    "SIM201",  # Use {left} != {right} instead of not {left} == {right}
+    "SIM208",  # Use {expr} instead of not (not {expr})
+    "SIM212",  # Use {a} if {a} else {b} instead of {b} if not {a} else {a}
+    "SIM300",  # Yoda conditions. Use 'age == 42' instead of '42 == age'.
+    "SIM401",  # Use get from dict with default instead of an if block
+    "T100",    # Trace found: {name} used
+    "T20",     # flake8-print
+    "TID251",  # Banned imports
+    "TRY004",  # Prefer TypeError exception for invalid type
+    "TRY200",  # Use raise from to specify exception cause
+    "TRY302",  # Remove exception handler; error is immediately re-raised
+    "UP",      # pyupgrade
+    "W",       # pycodestyle
+]
+
+ignore = [
+    "D202", # No blank lines allowed after function docstring
+    "D203", # 1 blank line required before class docstring
+    "D213", # Multi-line docstring summary should start at the second line
+    "D406", # Section name should end with a newline
+    "D407", # Section name underlining
+    "E501", # line too long
+    "E731", # do not assign a lambda expression, use a def
+
+    # Ignore ignored, as the rule is now back in preview/nursery, which cannot
+    # be ignored anymore without warnings.
+    # https://github.com/astral-sh/ruff/issues/7491
+    # "PLC1901", # Lots of false positives
+
+    # False positives https://github.com/astral-sh/ruff/issues/5386
+    "PLC0208", # Use a sequence type instead of a `set` when iterating over values
+    "PLR0911", # Too many return statements ({returns} > {max_returns})
+    "PLR0912", # Too many branches ({branches} > {max_branches})
+    "PLR0913", # Too many arguments to function call ({c_args} > {max_args})
+    "PLR0915", # Too many statements ({statements} > {max_statements})
+    "PLR2004", # Magic value used in comparison, consider replacing {value} with a constant variable
+    "PLW2901", # Outer {outer_kind} variable {name} overwritten by inner {inner_kind} target
+    "UP006",   # keep type annotation style as is
+    "UP007",   # keep type annotation style as is
+    # Ignored due to performance: https://github.com/charliermarsh/ruff/issues/2923
+    "UP038", # Use `X | Y` in `isinstance` call instead of `(X, Y)`
+
+    # May conflict with the formatter, https://docs.astral.sh/ruff/formatter/#conflicting-lint-rules
+    "W191",
+    "E111",
+    "E114",
+    "E117",
+    "D206",
+    "D300",
+    "Q000",
+    "Q001",
+    "Q002",
+    "Q003",
+    "COM812",
+    "COM819",
+    "ISC001",
+    "ISC002",
+
+    # Disabled because ruff does not understand type of __all__ generated by a function
+    "PLE0605",
+]
+
+[tool.ruff.flake8-import-conventions.extend-aliases]
+voluptuous = "vol"
+
+[tool.ruff.flake8-pytest-style]
+fixture-parentheses = false
+
+[tool.ruff.flake8-tidy-imports.banned-api]
+"pytz".msg = "use zoneinfo instead"
+
+[tool.ruff.isort]
+force-sort-within-sections = true
+section-order = [
+    "future",
+    "standard-library",
+    "third-party",
+    "first-party",
+    "local-folder",
+]
+forced-separate = ["tests"]
+known-first-party = ["supervisor", "tests"]
+combine-as-imports = true
+split-on-trailing-comma = false
+
+[tool.ruff.per-file-ignores]
+
+# DBus Service Mocks must use typing and names understood by dbus-fast
+"tests/dbus_service_mocks/*.py" = ["F722", "F821", "N815"]
+
+[tool.ruff.mccabe]
+max-complexity = 25

pytest.ini

@@ -1,2 +0,0 @@
-[pytest]
-asyncio_mode = auto

requirements.txt

@@ -1,26 +1,29 @@
-aiodns==3.0.0
-aiohttp==3.8.4
-async_timeout==4.0.2
+aiodns==3.1.1
+aiohttp==3.9.3
+aiohttp-fast-url-dispatcher==0.3.0
 atomicwrites-homeassistant==1.4.1
-attrs==23.1.0
-awesomeversion==23.5.0
-brotli==1.0.9
-ciso8601==2.3.0
-colorlog==6.7.0
+attrs==23.2.0
+awesomeversion==24.2.0
+brotli==1.1.0
+ciso8601==2.3.1
+colorlog==6.8.2
 cpe==1.2.1
-cryptography==41.0.1
-debugpy==1.6.7
-deepmerge==1.1.0
+cryptography==42.0.5
+debugpy==1.8.1
+deepmerge==1.1.1
 dirhash==0.2.1
-docker==6.1.3
-faust-cchardet==2.1.18
-gitpython==3.1.31
-jinja2==3.1.2
+docker==7.0.0
+faust-cchardet==2.1.19
+gitpython==3.1.42
+jinja2==3.1.3
+orjson==3.9.15
 pulsectl==23.5.2
 pyudev==0.24.1
-ruamel.yaml==0.17.21
-securetar==2023.3.0
-sentry-sdk==1.25.1
-voluptuous==0.13.1
-dbus-fast==1.86.0
-typing_extensions==4.6.3
+PyYAML==6.0.1
+securetar==2024.2.1
+sentry-sdk==1.40.6
+setuptools==69.1.1
+voluptuous==0.14.2
+dbus-fast==2.21.1
+typing_extensions==4.10.0
+zlib-fast==0.2.0

requirements_tests.txt

@@ -1,16 +1,12 @@
-black==23.3.0
-coverage==7.2.7
-flake8-docstrings==1.7.0
-flake8==6.0.0
-pre-commit==3.3.3
-pydocstyle==6.3.0
-pylint==2.17.4
-pytest-aiohttp==1.0.4
-pytest-asyncio==0.18.3
+coverage==7.4.3
+pre-commit==3.6.2
+pylint==3.1.0
+pytest-aiohttp==1.0.5
+pytest-asyncio==0.23.5
 pytest-cov==4.1.0
-pytest-timeout==2.1.0
-pytest==7.3.2
-pyupgrade==3.7.0
-time-machine==2.10.0
-typing_extensions==4.6.3
-urllib3==2.0.3
+pytest-timeout==2.2.0
+pytest==8.1.0
+ruff==0.3.0
+time-machine==2.14.0
+typing_extensions==4.10.0
+urllib3==2.2.1

rootfs/etc/services.d/watchdog/run

@@ -15,7 +15,7 @@ do
     if [[ "${supervisor_state}" = "running"  ]]; then
 
         # Check API
-        if bashio::supervisor.ping; then
+        if bashio::supervisor.ping > /dev/null; then
             failed_count=0
         else
             bashio::log.warning "Maybe found an issue on API healthy"

rootfs/root/.cas-trusted-signing-pub-key

@@ -1,4 +0,0 @@
------BEGIN PUBLIC KEY-----
-MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE03LvYuz79GTJx4uKp3w6NrSe5JZI
-iBtgzzYi0YQYtZO/r+xFpgDJEa0gLHkXtl94fpqrFiN89In83lzaszbZtA==
------END PUBLIC KEY-----

rootfs/root/.cas/config.json

@@ -1,8 +0,0 @@
-{
-  "currentcontext": {
-    "LcHost": "cas.codenotary.com",
-    "LcPort": "443"
-  },
-  "schemaversion": 3,
-  "users": null
-}

setup.cfg

@@ -1,31 +0,0 @@
-[isort]
-multi_line_output = 3
-include_trailing_comma=True
-force_grid_wrap=0
-line_length=88
-indent = "    "
-force_sort_within_sections = true
-sections = FUTURE,STDLIB,THIRDPARTY,FIRSTPARTY,LOCALFOLDER
-default_section = THIRDPARTY
-forced_separate = tests
-combine_as_imports = true
-use_parentheses = true
-known_first_party = supervisor,tests
-
-[flake8]
-exclude = .venv,.git,.tox,docs,venv,bin,lib,deps,build
-doctests = True
-max-line-length = 88
-# E501: line too long
-# W503: Line break occurred before a binary operator
-# E203: Whitespace before ':'
-# D202 No blank lines allowed after function docstring
-# W504 line break after binary operator
-ignore =
-    E501,
-    W503,
-    E203,
-    D202,
-    W504
-per-file-ignores =
-    tests/dbus_service_mocks/*.py: F821,F722

setup.py

@@ -1,60 +1,27 @@
 """Home Assistant Supervisor setup."""
+from pathlib import Path
+import re
+
 from setuptools import setup
 
-from supervisor.const import SUPERVISOR_VERSION
+RE_SUPERVISOR_VERSION = re.compile(r"^SUPERVISOR_VERSION =\s*(.+)$")
+
+SUPERVISOR_DIR = Path(__file__).parent
+REQUIREMENTS_FILE = SUPERVISOR_DIR / "requirements.txt"
+CONST_FILE = SUPERVISOR_DIR / "supervisor/const.py"
+
+REQUIREMENTS = REQUIREMENTS_FILE.read_text(encoding="utf-8")
+CONSTANTS = CONST_FILE.read_text(encoding="utf-8")
+
+
+def _get_supervisor_version():
+    for line in CONSTANTS.split("/n"):
+        if match := RE_SUPERVISOR_VERSION.match(line):
+            return match.group(1)
+    return "99.9.9dev"
+
 
 setup(
-    name="Supervisor",
-    version=SUPERVISOR_VERSION,
-    license="BSD License",
-    author="The Home Assistant Authors",
-    author_email="hello@home-assistant.io",
-    url="https://home-assistant.io/",
-    description=("Open-source private cloud os for Home-Assistant" " based on HassOS"),
-    long_description=(
-        "A maintainless private cloud operator system that"
-        "setup a Home-Assistant instance. Based on HassOS"
-    ),
-    classifiers=[
-        "Intended Audience :: End Users/Desktop",
-        "Intended Audience :: Developers",
-        "License :: OSI Approved :: Apache Software License",
-        "Operating System :: OS Independent",
-        "Topic :: Home Automation",
-        "Topic :: Software Development :: Libraries :: Python Modules",
-        "Topic :: Scientific/Engineering :: Atmospheric Science",
-        "Development Status :: 5 - Production/Stable",
-        "Intended Audience :: Developers",
-        "Programming Language :: Python :: 3.8",
-    ],
-    keywords=["docker", "home-assistant", "api"],
-    zip_safe=False,
-    platforms="any",
-    packages=[
-        "supervisor.addons",
-        "supervisor.api",
-        "supervisor.backups",
-        "supervisor.dbus.network",
-        "supervisor.dbus.network.setting",
-        "supervisor.dbus",
-        "supervisor.discovery.services",
-        "supervisor.discovery",
-        "supervisor.docker",
-        "supervisor.homeassistant",
-        "supervisor.host",
-        "supervisor.jobs",
-        "supervisor.misc",
-        "supervisor.plugins",
-        "supervisor.resolution.checks",
-        "supervisor.resolution.evaluations",
-        "supervisor.resolution.fixups",
-        "supervisor.resolution",
-        "supervisor.security",
-        "supervisor.services.modules",
-        "supervisor.services",
-        "supervisor.store",
-        "supervisor.utils",
-        "supervisor",
-    ],
-    include_package_data=True,
+    version=_get_supervisor_version(),
+    dependencies=REQUIREMENTS.split("/n"),
 )

supervisor/__main__.py

@@ -5,7 +5,15 @@ import logging
 from pathlib import Path
 import sys
 
-from supervisor import bootstrap
+import zlib_fast
+
+# Enable fast zlib before importing supervisor
+zlib_fast.enable()
+
+from supervisor import bootstrap  # pylint: disable=wrong-import-position # noqa: E402
+from supervisor.utils.logging import (  # pylint: disable=wrong-import-position  # noqa: E402
+    activate_log_queue_handler,
+)
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 
@@ -38,6 +46,8 @@ if __name__ == "__main__":
     executor = ThreadPoolExecutor(thread_name_prefix="SyncWorker")
     loop.set_default_executor(executor)
 
+    activate_log_queue_handler()
+
     _LOGGER.info("Initializing Supervisor setup")
     coresys = loop.run_until_complete(bootstrap.initialize_coresys())
     loop.set_debug(coresys.config.debug)

supervisor/addons/__init__.py

@@ -1,457 +1 @@
 """Init file for Supervisor add-ons."""
-import asyncio
-from collections.abc import Awaitable
-from contextlib import suppress
-import logging
-import tarfile
-from typing import Union
-
-from ..const import AddonBoot, AddonStartup, AddonState
-from ..coresys import CoreSys, CoreSysAttributes
-from ..exceptions import (
-    AddonConfigurationError,
-    AddonsError,
-    AddonsJobError,
-    AddonsNotSupportedError,
-    CoreDNSError,
-    DockerAPIError,
-    DockerError,
-    DockerNotFound,
-    HomeAssistantAPIError,
-    HostAppArmorError,
-)
-from ..jobs.decorator import Job, JobCondition
-from ..resolution.const import ContextType, IssueType, SuggestionType
-from ..store.addon import AddonStore
-from ..utils import check_exception_chain
-from ..utils.sentry import capture_exception
-from .addon import Addon
-from .const import ADDON_UPDATE_CONDITIONS
-from .data import AddonsData
-
-_LOGGER: logging.Logger = logging.getLogger(__name__)
-
-AnyAddon = Union[Addon, AddonStore]
-
-
-class AddonManager(CoreSysAttributes):
-    """Manage add-ons inside Supervisor."""
-
-    def __init__(self, coresys: CoreSys):
-        """Initialize Docker base wrapper."""
-        self.coresys: CoreSys = coresys
-        self.data: AddonsData = AddonsData(coresys)
-        self.local: dict[str, Addon] = {}
-        self.store: dict[str, AddonStore] = {}
-
-    @property
-    def all(self) -> list[AnyAddon]:
-        """Return a list of all add-ons."""
-        addons: dict[str, AnyAddon] = {**self.store, **self.local}
-        return list(addons.values())
-
-    @property
-    def installed(self) -> list[Addon]:
-        """Return a list of all installed add-ons."""
-        return list(self.local.values())
-
-    def get(self, addon_slug: str, local_only: bool = False) -> AnyAddon | None:
-        """Return an add-on from slug.
-
-        Prio:
-          1 - Local
-          2 - Store
-        """
-        if addon_slug in self.local:
-            return self.local[addon_slug]
-        if not local_only:
-            return self.store.get(addon_slug)
-        return None
-
-    def from_token(self, token: str) -> Addon | None:
-        """Return an add-on from Supervisor token."""
-        for addon in self.installed:
-            if token == addon.supervisor_token:
-                return addon
-        return None
-
-    async def load(self) -> None:
-        """Start up add-on management."""
-        tasks = []
-        for slug in self.data.system:
-            addon = self.local[slug] = Addon(self.coresys, slug)
-            tasks.append(self.sys_create_task(addon.load()))
-
-        # Run initial tasks
-        _LOGGER.info("Found %d installed add-ons", len(tasks))
-        if tasks:
-            await asyncio.wait(tasks)
-
-        # Sync DNS
-        await self.sync_dns()
-
-    async def boot(self, stage: AddonStartup) -> None:
-        """Boot add-ons with mode auto."""
-        tasks: list[Addon] = []
-        for addon in self.installed:
-            if addon.boot != AddonBoot.AUTO or addon.startup != stage:
-                continue
-            tasks.append(addon)
-
-        # Evaluate add-ons which need to be started
-        _LOGGER.info("Phase '%s' starting %d add-ons", stage, len(tasks))
-        if not tasks:
-            return
-
-        # Start Add-ons sequential
-        # avoid issue on slow IO
-        # Config.wait_boot is deprecated. Until addons update with healthchecks,
-        # add a sleep task for it to keep the same minimum amount of wait time
-        wait_boot: list[Awaitable[None]] = [asyncio.sleep(self.sys_config.wait_boot)]
-        for addon in tasks:
-            try:
-                if start_task := await addon.start():
-                    wait_boot.append(start_task)
-            except AddonsError as err:
-                # Check if there is an system/user issue
-                if check_exception_chain(
-                    err, (DockerAPIError, DockerNotFound, AddonConfigurationError)
-                ):
-                    addon.boot = AddonBoot.MANUAL
-                    addon.save_persist()
-            except Exception as err:  # pylint: disable=broad-except
-                capture_exception(err)
-            else:
-                continue
-
-            _LOGGER.warning("Can't start Add-on %s", addon.slug)
-
-        # Ignore exceptions from waiting for addon startup, addon errors handled elsewhere
-        await asyncio.gather(*wait_boot, return_exceptions=True)
-
-    async def shutdown(self, stage: AddonStartup) -> None:
-        """Shutdown addons."""
-        tasks: list[Addon] = []
-        for addon in self.installed:
-            if addon.state != AddonState.STARTED or addon.startup != stage:
-                continue
-            tasks.append(addon)
-
-        # Evaluate add-ons which need to be stopped
-        _LOGGER.info("Phase '%s' stopping %d add-ons", stage, len(tasks))
-        if not tasks:
-            return
-
-        # Stop Add-ons sequential
-        # avoid issue on slow IO
-        for addon in tasks:
-            try:
-                await addon.stop()
-            except Exception as err:  # pylint: disable=broad-except
-                _LOGGER.warning("Can't stop Add-on %s: %s", addon.slug, err)
-                capture_exception(err)
-
-    @Job(
-        conditions=ADDON_UPDATE_CONDITIONS,
-        on_condition=AddonsJobError,
-    )
-    async def install(self, slug: str) -> None:
-        """Install an add-on."""
-        if slug in self.local:
-            raise AddonsError(f"Add-on {slug} is already installed", _LOGGER.warning)
-        store = self.store.get(slug)
-
-        if not store:
-            raise AddonsError(f"Add-on {slug} does not exist", _LOGGER.error)
-
-        store.validate_availability()
-
-        self.data.install(store)
-        addon = Addon(self.coresys, slug)
-        await addon.load()
-
-        if not addon.path_data.is_dir():
-            _LOGGER.info(
-                "Creating Home Assistant add-on data folder %s", addon.path_data
-            )
-            addon.path_data.mkdir()
-
-        # Setup/Fix AppArmor profile
-        await addon.install_apparmor()
-
-        try:
-            await addon.instance.install(store.version, store.image, arch=addon.arch)
-        except DockerError as err:
-            self.data.uninstall(addon)
-            raise AddonsError() from err
-
-        self.local[slug] = addon
-
-        # Reload ingress tokens
-        if addon.with_ingress:
-            await self.sys_ingress.reload()
-
-        _LOGGER.info("Add-on '%s' successfully installed", slug)
-
-    async def uninstall(self, slug: str) -> None:
-        """Remove an add-on."""
-        if slug not in self.local:
-            _LOGGER.warning("Add-on %s is not installed", slug)
-            return
-        addon = self.local[slug]
-
-        try:
-            await addon.instance.remove()
-        except DockerError as err:
-            raise AddonsError() from err
-
-        addon.state = AddonState.UNKNOWN
-
-        await addon.unload()
-
-        # Cleanup audio settings
-        if addon.path_pulse.exists():
-            with suppress(OSError):
-                addon.path_pulse.unlink()
-
-        # Cleanup AppArmor profile
-        with suppress(HostAppArmorError):
-            await addon.uninstall_apparmor()
-
-        # Cleanup Ingress panel from sidebar
-        if addon.ingress_panel:
-            addon.ingress_panel = False
-            with suppress(HomeAssistantAPIError):
-                await self.sys_ingress.update_hass_panel(addon)
-
-        # Cleanup Ingress dynamic port assignment
-        if addon.with_ingress:
-            self.sys_create_task(self.sys_ingress.reload())
-            self.sys_ingress.del_dynamic_port(slug)
-
-        # Cleanup discovery data
-        for message in self.sys_discovery.list_messages:
-            if message.addon != addon.slug:
-                continue
-            self.sys_discovery.remove(message)
-
-        # Cleanup services data
-        for service in self.sys_services.list_services:
-            if addon.slug not in service.active:
-                continue
-            service.del_service_data(addon)
-
-        self.data.uninstall(addon)
-        self.local.pop(slug)
-
-        _LOGGER.info("Add-on '%s' successfully removed", slug)
-
-    @Job(
-        conditions=ADDON_UPDATE_CONDITIONS,
-        on_condition=AddonsJobError,
-    )
-    async def update(
-        self, slug: str, backup: bool | None = False
-    ) -> Awaitable[None] | None:
-        """Update add-on.
-
-        Returns a coroutine that completes when addon has state 'started' (see addon.start)
-        if addon is started after update. Else nothing is returned.
-        """
-        if slug not in self.local:
-            raise AddonsError(f"Add-on {slug} is not installed", _LOGGER.error)
-        addon = self.local[slug]
-
-        if addon.is_detached:
-            raise AddonsError(
-                f"Add-on {slug} is not available inside store", _LOGGER.error
-            )
-        store = self.store[slug]
-
-        if addon.version == store.version:
-            raise AddonsError(f"No update available for add-on {slug}", _LOGGER.warning)
-
-        # Check if available, Maybe something have changed
-        store.validate_availability()
-
-        if backup:
-            await self.sys_backups.do_backup_partial(
-                name=f"addon_{addon.slug}_{addon.version}",
-                homeassistant=False,
-                addons=[addon.slug],
-            )
-
-        # Update instance
-        last_state: AddonState = addon.state
-        old_image = addon.image
-        try:
-            await addon.instance.update(store.version, store.image)
-        except DockerError as err:
-            raise AddonsError() from err
-
-        _LOGGER.info("Add-on '%s' successfully updated", slug)
-        self.data.update(store)
-
-        # Cleanup
-        with suppress(DockerError):
-            await addon.instance.cleanup(old_image=old_image)
-
-        # Setup/Fix AppArmor profile
-        await addon.install_apparmor()
-
-        # restore state
-        return (
-            await addon.start()
-            if last_state in [AddonState.STARTED, AddonState.STARTUP]
-            else None
-        )
-
-    @Job(
-        conditions=[
-            JobCondition.FREE_SPACE,
-            JobCondition.INTERNET_HOST,
-            JobCondition.HEALTHY,
-        ],
-        on_condition=AddonsJobError,
-    )
-    async def rebuild(self, slug: str) -> Awaitable[None] | None:
-        """Perform a rebuild of local build add-on.
-
-        Returns a coroutine that completes when addon has state 'started' (see addon.start)
-        if addon is started after rebuild. Else nothing is returned.
-        """
-        if slug not in self.local:
-            raise AddonsError(f"Add-on {slug} is not installed", _LOGGER.error)
-        addon = self.local[slug]
-
-        if addon.is_detached:
-            raise AddonsError(
-                f"Add-on {slug} is not available inside store", _LOGGER.error
-            )
-        store = self.store[slug]
-
-        # Check if a rebuild is possible now
-        if addon.version != store.version:
-            raise AddonsError(
-                "Version changed, use Update instead Rebuild", _LOGGER.error
-            )
-        if not addon.need_build:
-            raise AddonsNotSupportedError(
-                "Can't rebuild a image based add-on", _LOGGER.error
-            )
-
-        # remove docker container but not addon config
-        last_state: AddonState = addon.state
-        try:
-            await addon.instance.remove()
-            await addon.instance.install(addon.version)
-        except DockerError as err:
-            raise AddonsError() from err
-
-        self.data.update(store)
-        _LOGGER.info("Add-on '%s' successfully rebuilt", slug)
-
-        # restore state
-        return (
-            await addon.start()
-            if last_state in [AddonState.STARTED, AddonState.STARTUP]
-            else None
-        )
-
-    @Job(
-        conditions=[
-            JobCondition.FREE_SPACE,
-            JobCondition.INTERNET_HOST,
-            JobCondition.HEALTHY,
-        ],
-        on_condition=AddonsJobError,
-    )
-    async def restore(
-        self, slug: str, tar_file: tarfile.TarFile
-    ) -> Awaitable[None] | None:
-        """Restore state of an add-on.
-
-        Returns a coroutine that completes when addon has state 'started' (see addon.start)
-        if addon is started after restore. Else nothing is returned.
-        """
-        if slug not in self.local:
-            _LOGGER.debug("Add-on %s is not local available for restore", slug)
-            addon = Addon(self.coresys, slug)
-        else:
-            _LOGGER.debug("Add-on %s is local available for restore", slug)
-            addon = self.local[slug]
-
-        wait_for_start = await addon.restore(tar_file)
-
-        # Check if new
-        if slug not in self.local:
-            _LOGGER.info("Detect new Add-on after restore %s", slug)
-            self.local[slug] = addon
-
-        # Update ingress
-        if addon.with_ingress:
-            await self.sys_ingress.reload()
-            with suppress(HomeAssistantAPIError):
-                await self.sys_ingress.update_hass_panel(addon)
-
-        return wait_for_start
-
-    @Job(conditions=[JobCondition.FREE_SPACE, JobCondition.INTERNET_HOST])
-    async def repair(self) -> None:
-        """Repair local add-ons."""
-        needs_repair: list[Addon] = []
-
-        # Evaluate Add-ons to repair
-        for addon in self.installed:
-            if await addon.instance.exists():
-                continue
-            needs_repair.append(addon)
-
-        _LOGGER.info("Found %d add-ons to repair", len(needs_repair))
-        if not needs_repair:
-            return
-
-        for addon in needs_repair:
-            _LOGGER.info("Repairing for add-on: %s", addon.slug)
-            with suppress(DockerError, KeyError):
-                # Need pull a image again
-                if not addon.need_build:
-                    await addon.instance.install(addon.version, addon.image)
-                    continue
-
-                # Need local lookup
-                if addon.need_build and not addon.is_detached:
-                    store = self.store[addon.slug]
-                    # If this add-on is available for rebuild
-                    if addon.version == store.version:
-                        await addon.instance.install(addon.version, addon.image)
-                        continue
-
-            _LOGGER.error("Can't repair %s", addon.slug)
-            with suppress(AddonsError):
-                await self.uninstall(addon.slug)
-
-    async def sync_dns(self) -> None:
-        """Sync add-ons DNS names."""
-        # Update hosts
-        for addon in self.installed:
-            try:
-                if not await addon.instance.is_running():
-                    continue
-            except DockerError as err:
-                _LOGGER.warning("Add-on %s is corrupt: %s", addon.slug, err)
-                self.sys_resolution.create_issue(
-                    IssueType.CORRUPT_DOCKER,
-                    ContextType.ADDON,
-                    reference=addon.slug,
-                    suggestions=[SuggestionType.EXECUTE_REPAIR],
-                )
-                capture_exception(err)
-            else:
-                self.sys_plugins.dns.add_host(
-                    ipv4=addon.ip_address, names=[addon.hostname], write=False
-                )
-
-        # Write hosts files
-        with suppress(CoreDNSError):
-            self.sys_plugins.dns.write_hosts()

supervisor/addons/addon.py

@@ -3,6 +3,8 @@ import asyncio
 from collections.abc import Awaitable
 from contextlib import suppress
 from copy import deepcopy
+from datetime import datetime
+import errno
 from ipaddress import IPv4Address
 import logging
 from pathlib import Path, PurePath
@@ -14,11 +16,14 @@ from tempfile import TemporaryDirectory
 from typing import Any, Final
 
 import aiohttp
+from awesomeversion import AwesomeVersionCompareException
 from deepmerge import Merger
 from securetar import atomic_contents_add, secure_path
 import voluptuous as vol
 from voluptuous.humanize import humanize_error
 
+from supervisor.utils.dt import utc_from_timestamp
+
 from ..bus import EventListener
 from ..const import (
     ATTR_ACCESS_TOKEN,
@@ -45,6 +50,7 @@ from ..const import (
     ATTR_USER,
     ATTR_UUID,
     ATTR_VERSION,
+    ATTR_VERSION_TIMESTAMP,
     ATTR_WATCHDOG,
     DNS_SUFFIX,
     AddonBoot,
@@ -64,12 +70,15 @@ from ..exceptions import (
     AddonsNotSupportedError,
     ConfigurationFileError,
     DockerError,
+    HomeAssistantAPIError,
     HostAppArmorError,
 )
 from ..hardware.data import Device
 from ..homeassistant.const import WSEvent, WSType
 from ..jobs.const import JobExecutionLimit
 from ..jobs.decorator import Job
+from ..resolution.const import UnhealthyReason
+from ..store.addon import AddonStore
 from ..utils import check_port
 from ..utils.apparmor import adjust_profile
 from ..utils.json import read_json_file, write_json_file
@@ -80,6 +89,7 @@ from .const import (
     WATCHDOG_THROTTLE_MAX_CALLS,
     WATCHDOG_THROTTLE_PERIOD,
     AddonBackupMode,
+    MappingType,
 )
 from .model import AddonModel, Data
 from .options import AddonOptions
@@ -129,54 +139,7 @@ class Addon(AddonModel):
         )
         self._listeners: list[EventListener] = []
         self._startup_event = asyncio.Event()
-
-        @Job(
-            name=f"addon_{slug}_restart_after_problem",
-            limit=JobExecutionLimit.THROTTLE_RATE_LIMIT,
-            throttle_period=WATCHDOG_THROTTLE_PERIOD,
-            throttle_max_calls=WATCHDOG_THROTTLE_MAX_CALLS,
-            on_condition=AddonsJobError,
-        )
-        async def restart_after_problem(addon: Addon, state: ContainerState):
-            """Restart unhealthy or failed addon."""
-            attempts = 0
-            while await addon.instance.current_state() == state:
-                if not addon.in_progress:
-                    _LOGGER.warning(
-                        "Watchdog found addon %s is %s, restarting...",
-                        addon.name,
-                        state.value,
-                    )
-                    try:
-                        if state == ContainerState.FAILED:
-                            # Ensure failed container is removed before attempting reanimation
-                            if attempts == 0:
-                                with suppress(DockerError):
-                                    await addon.instance.stop(remove_container=True)
-
-                            await (await addon.start())
-                        else:
-                            await (await addon.restart())
-                    except AddonsError as err:
-                        attempts = attempts + 1
-                        _LOGGER.error(
-                            "Watchdog restart of addon %s failed!", addon.name
-                        )
-                        capture_exception(err)
-                    else:
-                        break
-
-                if attempts >= WATCHDOG_MAX_ATTEMPTS:
-                    _LOGGER.critical(
-                        "Watchdog cannot restart addon %s, failed all %s attempts",
-                        addon.name,
-                        attempts,
-                    )
-                    break
-
-                await asyncio.sleep(WATCHDOG_RETRY_SECONDS)
-
-        self._restart_after_problem = restart_after_problem
+        self._startup_task: asyncio.Task | None = None
 
     def __repr__(self) -> str:
         """Return internal representation."""
@@ -228,6 +191,7 @@ class Addon(AddonModel):
             )
         )
 
+        await self._check_ingress_port()
         with suppress(DockerError):
             await self.instance.attach(version=self.version)
 
@@ -246,6 +210,11 @@ class Addon(AddonModel):
         """Return add-on data from store."""
         return self.sys_store.data.addons.get(self.slug, self.data)
 
+    @property
+    def addon_store(self) -> AddonStore | None:
+        """Return store representation of addon."""
+        return self.sys_addons.store.get(self.slug)
+
     @property
     def persist(self) -> Data:
         """Return add-on data/config."""
@@ -315,6 +284,28 @@ class Addon(AddonModel):
         """Set auto update."""
         self.persist[ATTR_AUTO_UPDATE] = value
 
+    @property
+    def auto_update_available(self) -> bool:
+        """Return if it is safe to auto update addon."""
+        if not self.need_update or not self.auto_update:
+            return False
+
+        for version in self.breaking_versions:
+            try:
+                # Must update to latest so if true update crosses a breaking version
+                if self.version < version:
+                    return False
+            except AwesomeVersionCompareException:
+                # If version scheme changed, we may get compare exception
+                # If latest version >= breaking version then assume update will
+                # cross it as the version scheme changes
+                # If both versions have compare exception, ignore as its in the past
+                with suppress(AwesomeVersionCompareException):
+                    if self.latest_version >= version:
+                        return False
+
+        return True
+
     @property
     def watchdog(self) -> bool:
         """Return True if watchdog is enable."""
@@ -357,6 +348,11 @@ class Addon(AddonModel):
         """Return version of add-on."""
         return self.data_store[ATTR_VERSION]
 
+    @property
+    def latest_version_timestamp(self) -> datetime:
+        """Return when latest version was first seen."""
+        return utc_from_timestamp(self.data_store[ATTR_VERSION_TIMESTAMP])
+
     @property
     def protected(self) -> bool:
         """Return if add-on is in protected mode."""
@@ -434,7 +430,7 @@ class Addon(AddonModel):
 
         port = self.data[ATTR_INGRESS_PORT]
         if port == 0:
-            return self.sys_ingress.get_dynamic_port(self.slug)
+            raise RuntimeError(f"No port set for add-on {self.slug}")
         return port
 
     @property
@@ -500,6 +496,21 @@ class Addon(AddonModel):
         """Return add-on data path external for Docker."""
         return PurePath(self.sys_config.path_extern_addons_data, self.slug)
 
+    @property
+    def addon_config_used(self) -> bool:
+        """Add-on is using its public config folder."""
+        return MappingType.ADDON_CONFIG in self.map_volumes
+
+    @property
+    def path_config(self) -> Path:
+        """Return add-on config path inside Supervisor."""
+        return Path(self.sys_config.path_addon_configs, self.slug)
+
+    @property
+    def path_extern_config(self) -> PurePath:
+        """Return add-on config path external for Docker."""
+        return PurePath(self.sys_config.path_extern_addon_configs, self.slug)
+
     @property
     def path_options(self) -> Path:
         """Return path to add-on options."""
@@ -563,7 +574,7 @@ class Addon(AddonModel):
 
         # TCP monitoring
         if s_prefix == "tcp":
-            return await self.sys_run_in_executor(check_port, self.ip_address, port)
+            return await check_port(self.ip_address, port)
 
         # lookup the correct protocol from config
         if t_proto:
@@ -579,7 +590,7 @@ class Addon(AddonModel):
             ) as req:
                 if req.status < 300:
                     return True
-        except (asyncio.TimeoutError, aiohttp.ClientError):
+        except (TimeoutError, aiohttp.ClientError):
             pass
 
         return False
@@ -606,16 +617,206 @@ class Addon(AddonModel):
 
         raise AddonConfigurationError()
 
+    @Job(
+        name="addon_unload",
+        limit=JobExecutionLimit.GROUP_ONCE,
+        on_condition=AddonsJobError,
+    )
     async def unload(self) -> None:
         """Unload add-on and remove data."""
+        if self._startup_task:
+            # If we were waiting on startup, cancel that and let the task finish before proceeding
+            self._startup_task.cancel(f"Removing add-on {self.name} from system")
+            with suppress(asyncio.CancelledError):
+                await self._startup_task
+
         for listener in self._listeners:
             self.sys_bus.remove_listener(listener)
 
-        if not self.path_data.is_dir():
+        if self.path_data.is_dir():
+            _LOGGER.info("Removing add-on data folder %s", self.path_data)
+            await remove_data(self.path_data)
+
+    async def _check_ingress_port(self):
+        """Assign a ingress port if dynamic port selection is used."""
+        if not self.with_ingress:
             return
 
-        _LOGGER.info("Removing add-on data folder %s", self.path_data)
-        await remove_data(self.path_data)
+        if self.data[ATTR_INGRESS_PORT] == 0:
+            self.data[ATTR_INGRESS_PORT] = await self.sys_ingress.get_dynamic_port(
+                self.slug
+            )
+
+    @Job(
+        name="addon_install",
+        limit=JobExecutionLimit.GROUP_ONCE,
+        on_condition=AddonsJobError,
+    )
+    async def install(self) -> None:
+        """Install and setup this addon."""
+        self.sys_addons.data.install(self.addon_store)
+        await self.load()
+
+        if not self.path_data.is_dir():
+            _LOGGER.info(
+                "Creating Home Assistant add-on data folder %s", self.path_data
+            )
+            self.path_data.mkdir()
+
+        # Setup/Fix AppArmor profile
+        await self.install_apparmor()
+
+        # Install image
+        try:
+            await self.instance.install(
+                self.latest_version, self.addon_store.image, arch=self.arch
+            )
+        except DockerError as err:
+            self.sys_addons.data.uninstall(self)
+            raise AddonsError() from err
+
+        # Add to addon manager
+        self.sys_addons.local[self.slug] = self
+
+        # Reload ingress tokens
+        if self.with_ingress:
+            await self.sys_ingress.reload()
+
+    @Job(
+        name="addon_uninstall",
+        limit=JobExecutionLimit.GROUP_ONCE,
+        on_condition=AddonsJobError,
+    )
+    async def uninstall(self, *, remove_config: bool) -> None:
+        """Uninstall and cleanup this addon."""
+        try:
+            await self.instance.remove()
+        except DockerError as err:
+            raise AddonsError() from err
+
+        self.state = AddonState.UNKNOWN
+
+        await self.unload()
+
+        # Remove config if present and requested
+        if self.addon_config_used and remove_config:
+            await remove_data(self.path_config)
+
+        # Cleanup audio settings
+        if self.path_pulse.exists():
+            with suppress(OSError):
+                self.path_pulse.unlink()
+
+        # Cleanup AppArmor profile
+        with suppress(HostAppArmorError):
+            await self.uninstall_apparmor()
+
+        # Cleanup Ingress panel from sidebar
+        if self.ingress_panel:
+            self.ingress_panel = False
+            with suppress(HomeAssistantAPIError):
+                await self.sys_ingress.update_hass_panel(self)
+
+        # Cleanup Ingress dynamic port assignment
+        if self.with_ingress:
+            self.sys_create_task(self.sys_ingress.reload())
+            self.sys_ingress.del_dynamic_port(self.slug)
+
+        # Cleanup discovery data
+        for message in self.sys_discovery.list_messages:
+            if message.addon != self.slug:
+                continue
+            self.sys_discovery.remove(message)
+
+        # Cleanup services data
+        for service in self.sys_services.list_services:
+            if self.slug not in service.active:
+                continue
+            service.del_service_data(self)
+
+        # Remove from addon manager
+        self.sys_addons.data.uninstall(self)
+        self.sys_addons.local.pop(self.slug)
+
+    @Job(
+        name="addon_update",
+        limit=JobExecutionLimit.GROUP_ONCE,
+        on_condition=AddonsJobError,
+    )
+    async def update(self) -> asyncio.Task | None:
+        """Update this addon to latest version.
+
+        Returns a Task that completes when addon has state 'started' (see start)
+        if it was running. Else nothing is returned.
+        """
+        old_image = self.image
+        # Cache data to prevent races with other updates to global
+        store = self.addon_store.clone()
+
+        try:
+            await self.instance.update(store.version, store.image, arch=self.arch)
+        except DockerError as err:
+            raise AddonsError() from err
+
+        # Stop the addon if running
+        if (last_state := self.state) in {AddonState.STARTED, AddonState.STARTUP}:
+            await self.stop()
+
+        try:
+            _LOGGER.info("Add-on '%s' successfully updated", self.slug)
+            self.sys_addons.data.update(store)
+            await self._check_ingress_port()
+
+            # Cleanup
+            with suppress(DockerError):
+                await self.instance.cleanup(
+                    old_image=old_image, image=store.image, version=store.version
+                )
+
+            # Setup/Fix AppArmor profile
+            await self.install_apparmor()
+
+        finally:
+            # restore state. Return Task for caller if no exception
+            out = (
+                await self.start()
+                if last_state in {AddonState.STARTED, AddonState.STARTUP}
+                else None
+            )
+        return out
+
+    @Job(
+        name="addon_rebuild",
+        limit=JobExecutionLimit.GROUP_ONCE,
+        on_condition=AddonsJobError,
+    )
+    async def rebuild(self) -> asyncio.Task | None:
+        """Rebuild this addons container and image.
+
+        Returns a Task that completes when addon has state 'started' (see start)
+        if it was running. Else nothing is returned.
+        """
+        last_state: AddonState = self.state
+        try:
+            # remove docker container but not addon config
+            try:
+                await self.instance.remove()
+                await self.instance.install(self.version)
+            except DockerError as err:
+                raise AddonsError() from err
+
+            self.sys_addons.data.update(self.addon_store)
+            await self._check_ingress_port()
+            _LOGGER.info("Add-on '%s' successfully rebuilt", self.slug)
+
+        finally:
+            # restore state
+            out = (
+                await self.start()
+                if last_state in [AddonState.STARTED, AddonState.STARTUP]
+                else None
+            )
+        return out
 
     def write_pulse(self) -> None:
         """Write asound config to file and return True on success."""
@@ -631,6 +832,8 @@ class Addon(AddonModel):
         try:
             self.path_pulse.write_text(pulse_config, encoding="utf-8")
         except OSError as err:
+            if err.errno == errno.EBADMSG:
+                self.sys_resolution.unhealthy = UnhealthyReason.OSERROR_BAD_MESSAGE
             _LOGGER.error(
                 "Add-on %s can't write pulse/client.config: %s", self.slug, err
             )
@@ -699,24 +902,34 @@ class Addon(AddonModel):
     async def _wait_for_startup(self) -> None:
         """Wait for startup event to be set with timeout."""
         try:
-            await asyncio.wait_for(self._startup_event.wait(), STARTUP_TIMEOUT)
-        except asyncio.TimeoutError:
+            self._startup_task = self.sys_create_task(self._startup_event.wait())
+            await asyncio.wait_for(self._startup_task, STARTUP_TIMEOUT)
+        except TimeoutError:
             _LOGGER.warning(
-                "Timeout while waiting for addon %s to start, took more then %s seconds",
+                "Timeout while waiting for addon %s to start, took more than %s seconds",
                 self.name,
                 STARTUP_TIMEOUT,
             )
+        except asyncio.CancelledError as err:
+            _LOGGER.info("Wait for addon startup task cancelled due to: %s", err)
+        finally:
+            self._startup_task = None
 
-    async def start(self) -> Awaitable[None]:
+    @Job(
+        name="addon_start",
+        limit=JobExecutionLimit.GROUP_ONCE,
+        on_condition=AddonsJobError,
+    )
+    async def start(self) -> asyncio.Task:
         """Set options and start add-on.
 
-        Returns a coroutine that completes when addon has state 'started'.
+        Returns a Task that completes when addon has state 'started'.
         For addons with a healthcheck, that is when they become healthy or unhealthy.
         Addons without a healthcheck have state 'started' immediately.
         """
         if await self.instance.is_running():
             _LOGGER.warning("%s is already running!", self.slug)
-            return
+            return self.sys_create_task(self._wait_for_startup())
 
         # Access Token
         self.persist[ATTR_ACCESS_TOKEN] = secrets.token_hex(56)
@@ -729,6 +942,18 @@ class Addon(AddonModel):
         if self.with_audio:
             self.write_pulse()
 
+        def _check_addon_config_dir():
+            if self.path_config.is_dir():
+                return
+
+            _LOGGER.info(
+                "Creating Home Assistant add-on config folder %s", self.path_config
+            )
+            self.path_config.mkdir()
+
+        if self.addon_config_used:
+            await self.sys_run_in_executor(_check_addon_config_dir)
+
         # Start Add-on
         self._startup_event.clear()
         try:
@@ -737,8 +962,13 @@ class Addon(AddonModel):
             self.state = AddonState.ERROR
             raise AddonsError() from err
 
-        return self._wait_for_startup()
+        return self.sys_create_task(self._wait_for_startup())
 
+    @Job(
+        name="addon_stop",
+        limit=JobExecutionLimit.GROUP_ONCE,
+        on_condition=AddonsJobError,
+    )
     async def stop(self) -> None:
         """Stop add-on."""
         self._manual_stop = True
@@ -748,10 +978,15 @@ class Addon(AddonModel):
             self.state = AddonState.ERROR
             raise AddonsError() from err
 
-    async def restart(self) -> Awaitable[None]:
+    @Job(
+        name="addon_restart",
+        limit=JobExecutionLimit.GROUP_ONCE,
+        on_condition=AddonsJobError,
+    )
+    async def restart(self) -> asyncio.Task:
         """Restart add-on.
 
-        Returns a coroutine that completes when addon has state 'started' (see start).
+        Returns a Task that completes when addon has state 'started' (see start).
         """
         with suppress(AddonsError):
             await self.stop()
@@ -778,11 +1013,13 @@ class Addon(AddonModel):
         except DockerError as err:
             raise AddonsError() from err
 
+    @Job(
+        name="addon_write_stdin",
+        limit=JobExecutionLimit.GROUP_ONCE,
+        on_condition=AddonsJobError,
+    )
     async def write_stdin(self, data) -> None:
-        """Write data to add-on stdin.
-
-        Return a coroutine.
-        """
+        """Write data to add-on stdin."""
         if not self.with_stdin:
             raise AddonsNotSupportedError(
                 f"Add-on {self.slug} does not support writing to stdin!", _LOGGER.error
@@ -810,14 +1047,59 @@ class Addon(AddonModel):
                 _LOGGER.error,
             ) from err
 
-    async def backup(self, tar_file: tarfile.TarFile) -> Awaitable[None] | None:
+    @Job(
+        name="addon_begin_backup",
+        limit=JobExecutionLimit.GROUP_ONCE,
+        on_condition=AddonsJobError,
+    )
+    async def begin_backup(self) -> bool:
+        """Execute pre commands or stop addon if necessary.
+
+        Returns value of `is_running`. Caller should not call `end_backup` if return is false.
+        """
+        if not await self.is_running():
+            return False
+
+        if self.backup_mode == AddonBackupMode.COLD:
+            _LOGGER.info("Shutdown add-on %s for cold backup", self.slug)
+            await self.stop()
+
+        elif self.backup_pre is not None:
+            await self._backup_command(self.backup_pre)
+
+        return True
+
+    @Job(
+        name="addon_end_backup",
+        limit=JobExecutionLimit.GROUP_ONCE,
+        on_condition=AddonsJobError,
+    )
+    async def end_backup(self) -> asyncio.Task | None:
+        """Execute post commands or restart addon if necessary.
+
+        Returns a Task that completes when addon has state 'started' (see start)
+        for cold backup. Else nothing is returned.
+        """
+        if self.backup_mode is AddonBackupMode.COLD:
+            _LOGGER.info("Starting add-on %s again", self.slug)
+            return await self.start()
+
+        if self.backup_post is not None:
+            await self._backup_command(self.backup_post)
+        return None
+
+    @Job(
+        name="addon_backup",
+        limit=JobExecutionLimit.GROUP_ONCE,
+        on_condition=AddonsJobError,
+    )
+    async def backup(self, tar_file: tarfile.TarFile) -> asyncio.Task | None:
         """Backup state of an add-on.
 
-        Returns a coroutine that completes when addon has state 'started' (see start)
+        Returns a Task that completes when addon has state 'started' (see start)
         for cold backup. Else nothing is returned.
         """
         wait_for_start: Awaitable[None] | None = None
-        is_running = await self.is_running()
 
         with TemporaryDirectory(dir=self.sys_config.path_tmp) as temp:
             temp_path = Path(temp)
@@ -869,16 +1151,16 @@ class Addon(AddonModel):
                         arcname="data",
                     )
 
-            if (
-                is_running
-                and self.backup_mode == AddonBackupMode.HOT
-                and self.backup_pre is not None
-            ):
-                await self._backup_command(self.backup_pre)
-            elif is_running and self.backup_mode == AddonBackupMode.COLD:
-                _LOGGER.info("Shutdown add-on %s for cold backup", self.slug)
-                await self.instance.stop()
+                    # Backup config
+                    if self.addon_config_used:
+                        atomic_contents_add(
+                            backup,
+                            self.path_config,
+                            excludes=self.backup_exclude,
+                            arcname="config",
+                        )
 
+            is_running = await self.begin_backup()
             try:
                 _LOGGER.info("Building backup for add-on %s", self.slug)
                 await self.sys_run_in_executor(_write_tarfile)
@@ -887,23 +1169,21 @@ class Addon(AddonModel):
                     f"Can't write tarfile {tar_file}: {err}", _LOGGER.error
                 ) from err
             finally:
-                if (
-                    is_running
-                    and self.backup_mode == AddonBackupMode.HOT
-                    and self.backup_post is not None
-                ):
-                    await self._backup_command(self.backup_post)
-                elif is_running and self.backup_mode is AddonBackupMode.COLD:
-                    _LOGGER.info("Starting add-on %s again", self.slug)
-                    wait_for_start = await self.start()
+                if is_running:
+                    wait_for_start = await self.end_backup()
 
         _LOGGER.info("Finish backup for addon %s", self.slug)
         return wait_for_start
 
-    async def restore(self, tar_file: tarfile.TarFile) -> Awaitable[None] | None:
+    @Job(
+        name="addon_restore",
+        limit=JobExecutionLimit.GROUP_ONCE,
+        on_condition=AddonsJobError,
+    )
+    async def restore(self, tar_file: tarfile.TarFile) -> asyncio.Task | None:
         """Restore state of an add-on.
 
-        Returns a coroutine that completes when addon has state 'started' (see start)
+        Returns a Task that completes when addon has state 'started' (see start)
         if addon is started after restore. Else nothing is returned.
         """
         wait_for_start: Awaitable[None] | None = None
@@ -912,7 +1192,11 @@ class Addon(AddonModel):
             def _extract_tarfile():
                 """Extract tar backup."""
                 with tar_file as backup:
-                    backup.extractall(path=Path(temp), members=secure_path(backup))
+                    backup.extractall(
+                        path=Path(temp),
+                        members=secure_path(backup),
+                        filter="fully_trusted",
+                    )
 
             try:
                 await self.sys_run_in_executor(_extract_tarfile)
@@ -950,64 +1234,81 @@ class Addon(AddonModel):
                 self.slug, data[ATTR_USER], data[ATTR_SYSTEM], restore_image
             )
 
-            # Check version / restore image
-            version = data[ATTR_VERSION]
-            if not await self.instance.exists():
-                _LOGGER.info("Restore/Install of image for addon %s", self.slug)
+            # Stop it first if its running
+            if await self.instance.is_running():
+                await self.stop()
 
-                image_file = Path(temp, "image.tar")
-                if image_file.is_file():
-                    with suppress(DockerError):
-                        await self.instance.import_image(image_file)
-                else:
-                    with suppress(DockerError):
-                        await self.instance.install(version, restore_image)
-                        await self.instance.cleanup()
-            elif self.instance.version != version or self.legacy:
-                _LOGGER.info("Restore/Update of image for addon %s", self.slug)
-                with suppress(DockerError):
-                    await self.instance.update(version, restore_image)
-            else:
-                with suppress(DockerError):
-                    await self.instance.stop()
-
-            # Restore data
-            def _restore_data():
-                """Restore data."""
-                temp_data = Path(temp, "data")
-                if temp_data.is_dir():
-                    shutil.copytree(temp_data, self.path_data, symlinks=True)
-                else:
-                    self.path_data.mkdir()
-
-            _LOGGER.info("Restoring data for addon %s", self.slug)
-            if self.path_data.is_dir():
-                await remove_data(self.path_data)
             try:
-                await self.sys_run_in_executor(_restore_data)
-            except shutil.Error as err:
-                raise AddonsError(
-                    f"Can't restore origin data: {err}", _LOGGER.error
-                ) from err
+                # Check version / restore image
+                version = data[ATTR_VERSION]
+                if not await self.instance.exists():
+                    _LOGGER.info("Restore/Install of image for addon %s", self.slug)
+
+                    image_file = Path(temp, "image.tar")
+                    if image_file.is_file():
+                        with suppress(DockerError):
+                            await self.instance.import_image(image_file)
+                    else:
+                        with suppress(DockerError):
+                            await self.instance.install(
+                                version, restore_image, self.arch
+                            )
+                            await self.instance.cleanup()
+                elif self.instance.version != version or self.legacy:
+                    _LOGGER.info("Restore/Update of image for addon %s", self.slug)
+                    with suppress(DockerError):
+                        await self.instance.update(version, restore_image, self.arch)
+                await self._check_ingress_port()
+
+                # Restore data and config
+                def _restore_data():
+                    """Restore data and config."""
+                    temp_data = Path(temp, "data")
+                    if temp_data.is_dir():
+                        shutil.copytree(temp_data, self.path_data, symlinks=True)
+                    else:
+                        self.path_data.mkdir()
+
+                    temp_config = Path(temp, "config")
+                    if temp_config.is_dir():
+                        shutil.copytree(temp_config, self.path_config, symlinks=True)
+                    elif self.addon_config_used:
+                        self.path_config.mkdir()
+
+                _LOGGER.info("Restoring data and config for addon %s", self.slug)
+                if self.path_data.is_dir():
+                    await remove_data(self.path_data)
+                if self.path_config.is_dir():
+                    await remove_data(self.path_config)
 
-            # Restore AppArmor
-            profile_file = Path(temp, "apparmor.txt")
-            if profile_file.exists():
                 try:
-                    await self.sys_host.apparmor.load_profile(self.slug, profile_file)
-                except HostAppArmorError as err:
-                    _LOGGER.error(
-                        "Can't restore AppArmor profile for add-on %s", self.slug
-                    )
-                    raise AddonsError() from err
+                    await self.sys_run_in_executor(_restore_data)
+                except shutil.Error as err:
+                    raise AddonsError(
+                        f"Can't restore origin data: {err}", _LOGGER.error
+                    ) from err
 
-            # Is add-on loaded
-            if not self.loaded:
-                await self.load()
+                # Restore AppArmor
+                profile_file = Path(temp, "apparmor.txt")
+                if profile_file.exists():
+                    try:
+                        await self.sys_host.apparmor.load_profile(
+                            self.slug, profile_file
+                        )
+                    except HostAppArmorError as err:
+                        _LOGGER.error(
+                            "Can't restore AppArmor profile for add-on %s", self.slug
+                        )
+                        raise AddonsError() from err
 
-            # Run add-on
-            if data[ATTR_STATE] == AddonState.STARTED:
-                wait_for_start = await self.start()
+                # Is add-on loaded
+                if not self.loaded:
+                    await self.load()
+
+            finally:
+                # Run add-on
+                if data[ATTR_STATE] == AddonState.STARTED:
+                    wait_for_start = await self.start()
 
         _LOGGER.info("Finished restore for add-on %s", self.slug)
         return wait_for_start
@@ -1019,6 +1320,50 @@ class Addon(AddonModel):
         """
         return self.instance.check_trust()
 
+    @Job(
+        name="addon_restart_after_problem",
+        limit=JobExecutionLimit.GROUP_THROTTLE_RATE_LIMIT,
+        throttle_period=WATCHDOG_THROTTLE_PERIOD,
+        throttle_max_calls=WATCHDOG_THROTTLE_MAX_CALLS,
+        on_condition=AddonsJobError,
+    )
+    async def _restart_after_problem(self, state: ContainerState):
+        """Restart unhealthy or failed addon."""
+        attempts = 0
+        while await self.instance.current_state() == state:
+            if not self.in_progress:
+                _LOGGER.warning(
+                    "Watchdog found addon %s is %s, restarting...",
+                    self.name,
+                    state,
+                )
+                try:
+                    if state == ContainerState.FAILED:
+                        # Ensure failed container is removed before attempting reanimation
+                        if attempts == 0:
+                            with suppress(DockerError):
+                                await self.instance.stop(remove_container=True)
+
+                        await (await self.start())
+                    else:
+                        await (await self.restart())
+                except AddonsError as err:
+                    attempts = attempts + 1
+                    _LOGGER.error("Watchdog restart of addon %s failed!", self.name)
+                    capture_exception(err)
+                else:
+                    break
+
+            if attempts >= WATCHDOG_MAX_ATTEMPTS:
+                _LOGGER.critical(
+                    "Watchdog cannot restart addon %s, failed all %s attempts",
+                    self.name,
+                    attempts,
+                )
+                break
+
+            await asyncio.sleep(WATCHDOG_RETRY_SECONDS)
+
     async def container_state_changed(self, event: DockerContainerStateEvent) -> None:
         """Set addon state from container state."""
         if event.name != self.instance.name:
@@ -1053,4 +1398,4 @@ class Addon(AddonModel):
             ContainerState.STOPPED,
             ContainerState.UNHEALTHY,
         ]:
-            await self._restart_after_problem(self, event.state)
+            await self._restart_after_problem(event.state)

supervisor/addons/configuration.py

@@ -0,0 +1,11 @@
+"""Confgiuration Objects for Addon Config."""
+
+from dataclasses import dataclass
+
+
+@dataclass(slots=True)
+class FolderMapping:
+    """Represent folder mapping configuration."""
+
+    path: str | None
+    read_only: bool

supervisor/addons/const.py

@@ -1,19 +1,37 @@
 """Add-on static data."""
 from datetime import timedelta
-from enum import Enum
+from enum import StrEnum
 
 from ..jobs.const import JobCondition
 
 
-class AddonBackupMode(str, Enum):
+class AddonBackupMode(StrEnum):
     """Backup mode of an Add-on."""
 
     HOT = "hot"
     COLD = "cold"
 
 
+class MappingType(StrEnum):
+    """Mapping type of an Add-on Folder."""
+
+    DATA = "data"
+    CONFIG = "config"
+    SSL = "ssl"
+    ADDONS = "addons"
+    BACKUP = "backup"
+    SHARE = "share"
+    MEDIA = "media"
+    HOMEASSISTANT_CONFIG = "homeassistant_config"
+    ALL_ADDON_CONFIGS = "all_addon_configs"
+    ADDON_CONFIG = "addon_config"
+
+
 ATTR_BACKUP = "backup"
+ATTR_BREAKING_VERSIONS = "breaking_versions"
 ATTR_CODENOTARY = "codenotary"
+ATTR_READ_ONLY = "read_only"
+ATTR_PATH = "path"
 WATCHDOG_RETRY_SECONDS = 10
 WATCHDOG_MAX_ATTEMPTS = 5
 WATCHDOG_THROTTLE_PERIOD = timedelta(minutes=30)

supervisor/addons/manager.py

@@ -0,0 +1,374 @@
+"""Supervisor add-on manager."""
+import asyncio
+from collections.abc import Awaitable
+from contextlib import suppress
+import logging
+import tarfile
+from typing import Union
+
+from ..const import AddonBoot, AddonStartup, AddonState
+from ..coresys import CoreSys, CoreSysAttributes
+from ..exceptions import (
+    AddonConfigurationError,
+    AddonsError,
+    AddonsJobError,
+    AddonsNotSupportedError,
+    CoreDNSError,
+    DockerAPIError,
+    DockerError,
+    DockerNotFound,
+    HassioError,
+    HomeAssistantAPIError,
+)
+from ..jobs.decorator import Job, JobCondition
+from ..resolution.const import ContextType, IssueType, SuggestionType
+from ..store.addon import AddonStore
+from ..utils import check_exception_chain
+from ..utils.sentry import capture_exception
+from .addon import Addon
+from .const import ADDON_UPDATE_CONDITIONS
+from .data import AddonsData
+
+_LOGGER: logging.Logger = logging.getLogger(__name__)
+
+AnyAddon = Union[Addon, AddonStore]
+
+
+class AddonManager(CoreSysAttributes):
+    """Manage add-ons inside Supervisor."""
+
+    def __init__(self, coresys: CoreSys):
+        """Initialize Docker base wrapper."""
+        self.coresys: CoreSys = coresys
+        self.data: AddonsData = AddonsData(coresys)
+        self.local: dict[str, Addon] = {}
+        self.store: dict[str, AddonStore] = {}
+
+    @property
+    def all(self) -> list[AnyAddon]:
+        """Return a list of all add-ons."""
+        addons: dict[str, AnyAddon] = {**self.store, **self.local}
+        return list(addons.values())
+
+    @property
+    def installed(self) -> list[Addon]:
+        """Return a list of all installed add-ons."""
+        return list(self.local.values())
+
+    def get(self, addon_slug: str, local_only: bool = False) -> AnyAddon | None:
+        """Return an add-on from slug.
+
+        Prio:
+          1 - Local
+          2 - Store
+        """
+        if addon_slug in self.local:
+            return self.local[addon_slug]
+        if not local_only:
+            return self.store.get(addon_slug)
+        return None
+
+    def from_token(self, token: str) -> Addon | None:
+        """Return an add-on from Supervisor token."""
+        for addon in self.installed:
+            if token == addon.supervisor_token:
+                return addon
+        return None
+
+    async def load(self) -> None:
+        """Start up add-on management."""
+        tasks = []
+        for slug in self.data.system:
+            addon = self.local[slug] = Addon(self.coresys, slug)
+            tasks.append(self.sys_create_task(addon.load()))
+
+        # Run initial tasks
+        _LOGGER.info("Found %d installed add-ons", len(tasks))
+        if tasks:
+            await asyncio.wait(tasks)
+
+        # Sync DNS
+        await self.sync_dns()
+
+    async def boot(self, stage: AddonStartup) -> None:
+        """Boot add-ons with mode auto."""
+        tasks: list[Addon] = []
+        for addon in self.installed:
+            if addon.boot != AddonBoot.AUTO or addon.startup != stage:
+                continue
+            tasks.append(addon)
+
+        # Evaluate add-ons which need to be started
+        _LOGGER.info("Phase '%s' starting %d add-ons", stage, len(tasks))
+        if not tasks:
+            return
+
+        # Start Add-ons sequential
+        # avoid issue on slow IO
+        # Config.wait_boot is deprecated. Until addons update with healthchecks,
+        # add a sleep task for it to keep the same minimum amount of wait time
+        wait_boot: list[Awaitable[None]] = [asyncio.sleep(self.sys_config.wait_boot)]
+        for addon in tasks:
+            try:
+                if start_task := await addon.start():
+                    wait_boot.append(start_task)
+            except AddonsError as err:
+                # Check if there is an system/user issue
+                if check_exception_chain(
+                    err, (DockerAPIError, DockerNotFound, AddonConfigurationError)
+                ):
+                    addon.boot = AddonBoot.MANUAL
+                    addon.save_persist()
+            except HassioError:
+                pass  # These are already handled
+            else:
+                continue
+
+            _LOGGER.warning("Can't start Add-on %s", addon.slug)
+
+        # Ignore exceptions from waiting for addon startup, addon errors handled elsewhere
+        await asyncio.gather(*wait_boot, return_exceptions=True)
+
+    async def shutdown(self, stage: AddonStartup) -> None:
+        """Shutdown addons."""
+        tasks: list[Addon] = []
+        for addon in self.installed:
+            if addon.state != AddonState.STARTED or addon.startup != stage:
+                continue
+            tasks.append(addon)
+
+        # Evaluate add-ons which need to be stopped
+        _LOGGER.info("Phase '%s' stopping %d add-ons", stage, len(tasks))
+        if not tasks:
+            return
+
+        # Stop Add-ons sequential
+        # avoid issue on slow IO
+        for addon in tasks:
+            try:
+                await addon.stop()
+            except Exception as err:  # pylint: disable=broad-except
+                _LOGGER.warning("Can't stop Add-on %s: %s", addon.slug, err)
+                capture_exception(err)
+
+    @Job(
+        name="addon_manager_install",
+        conditions=ADDON_UPDATE_CONDITIONS,
+        on_condition=AddonsJobError,
+    )
+    async def install(self, slug: str) -> None:
+        """Install an add-on."""
+        self.sys_jobs.current.reference = slug
+
+        if slug in self.local:
+            raise AddonsError(f"Add-on {slug} is already installed", _LOGGER.warning)
+        store = self.store.get(slug)
+
+        if not store:
+            raise AddonsError(f"Add-on {slug} does not exist", _LOGGER.error)
+
+        store.validate_availability()
+
+        await Addon(self.coresys, slug).install()
+
+        _LOGGER.info("Add-on '%s' successfully installed", slug)
+
+    async def uninstall(self, slug: str, *, remove_config: bool = False) -> None:
+        """Remove an add-on."""
+        if slug not in self.local:
+            _LOGGER.warning("Add-on %s is not installed", slug)
+            return
+
+        await self.local[slug].uninstall(remove_config=remove_config)
+
+        _LOGGER.info("Add-on '%s' successfully removed", slug)
+
+    @Job(
+        name="addon_manager_update",
+        conditions=ADDON_UPDATE_CONDITIONS,
+        on_condition=AddonsJobError,
+    )
+    async def update(
+        self, slug: str, backup: bool | None = False
+    ) -> asyncio.Task | None:
+        """Update add-on.
+
+        Returns a Task that completes when addon has state 'started' (see addon.start)
+        if addon is started after update. Else nothing is returned.
+        """
+        self.sys_jobs.current.reference = slug
+
+        if slug not in self.local:
+            raise AddonsError(f"Add-on {slug} is not installed", _LOGGER.error)
+        addon = self.local[slug]
+
+        if addon.is_detached:
+            raise AddonsError(
+                f"Add-on {slug} is not available inside store", _LOGGER.error
+            )
+        store = self.store[slug]
+
+        if addon.version == store.version:
+            raise AddonsError(f"No update available for add-on {slug}", _LOGGER.warning)
+
+        # Check if available, Maybe something have changed
+        store.validate_availability()
+
+        if backup:
+            await self.sys_backups.do_backup_partial(
+                name=f"addon_{addon.slug}_{addon.version}",
+                homeassistant=False,
+                addons=[addon.slug],
+            )
+
+        return await addon.update()
+
+    @Job(
+        name="addon_manager_rebuild",
+        conditions=[
+            JobCondition.FREE_SPACE,
+            JobCondition.INTERNET_HOST,
+            JobCondition.HEALTHY,
+        ],
+        on_condition=AddonsJobError,
+    )
+    async def rebuild(self, slug: str) -> asyncio.Task | None:
+        """Perform a rebuild of local build add-on.
+
+        Returns a Task that completes when addon has state 'started' (see addon.start)
+        if addon is started after rebuild. Else nothing is returned.
+        """
+        self.sys_jobs.current.reference = slug
+
+        if slug not in self.local:
+            raise AddonsError(f"Add-on {slug} is not installed", _LOGGER.error)
+        addon = self.local[slug]
+
+        if addon.is_detached:
+            raise AddonsError(
+                f"Add-on {slug} is not available inside store", _LOGGER.error
+            )
+        store = self.store[slug]
+
+        # Check if a rebuild is possible now
+        if addon.version != store.version:
+            raise AddonsError(
+                "Version changed, use Update instead Rebuild", _LOGGER.error
+            )
+        if not addon.need_build:
+            raise AddonsNotSupportedError(
+                "Can't rebuild a image based add-on", _LOGGER.error
+            )
+
+        return await addon.rebuild()
+
+    @Job(
+        name="addon_manager_restore",
+        conditions=[
+            JobCondition.FREE_SPACE,
+            JobCondition.INTERNET_HOST,
+            JobCondition.HEALTHY,
+        ],
+        on_condition=AddonsJobError,
+    )
+    async def restore(
+        self, slug: str, tar_file: tarfile.TarFile
+    ) -> asyncio.Task | None:
+        """Restore state of an add-on.
+
+        Returns a Task that completes when addon has state 'started' (see addon.start)
+        if addon is started after restore. Else nothing is returned.
+        """
+        self.sys_jobs.current.reference = slug
+
+        if slug not in self.local:
+            _LOGGER.debug("Add-on %s is not local available for restore", slug)
+            addon = Addon(self.coresys, slug)
+            had_ingress = False
+        else:
+            _LOGGER.debug("Add-on %s is local available for restore", slug)
+            addon = self.local[slug]
+            had_ingress = addon.ingress_panel
+
+        wait_for_start = await addon.restore(tar_file)
+
+        # Check if new
+        if slug not in self.local:
+            _LOGGER.info("Detect new Add-on after restore %s", slug)
+            self.local[slug] = addon
+
+        # Update ingress
+        if had_ingress != addon.ingress_panel:
+            await self.sys_ingress.reload()
+            with suppress(HomeAssistantAPIError):
+                await self.sys_ingress.update_hass_panel(addon)
+
+        return wait_for_start
+
+    @Job(
+        name="addon_manager_repair",
+        conditions=[JobCondition.FREE_SPACE, JobCondition.INTERNET_HOST],
+    )
+    async def repair(self) -> None:
+        """Repair local add-ons."""
+        needs_repair: list[Addon] = []
+
+        # Evaluate Add-ons to repair
+        for addon in self.installed:
+            if await addon.instance.exists():
+                continue
+            needs_repair.append(addon)
+
+        _LOGGER.info("Found %d add-ons to repair", len(needs_repair))
+        if not needs_repair:
+            return
+
+        for addon in needs_repair:
+            _LOGGER.info("Repairing for add-on: %s", addon.slug)
+            with suppress(DockerError, KeyError):
+                # Need pull a image again
+                if not addon.need_build:
+                    await addon.instance.install(addon.version, addon.image)
+                    continue
+
+                # Need local lookup
+                if addon.need_build and not addon.is_detached:
+                    store = self.store[addon.slug]
+                    # If this add-on is available for rebuild
+                    if addon.version == store.version:
+                        await addon.instance.install(addon.version, addon.image)
+                        continue
+
+            _LOGGER.error("Can't repair %s", addon.slug)
+            with suppress(AddonsError):
+                await self.uninstall(addon.slug)
+
+    async def sync_dns(self) -> None:
+        """Sync add-ons DNS names."""
+        # Update hosts
+        add_host_coros: list[Awaitable[None]] = []
+        for addon in self.installed:
+            try:
+                if not await addon.instance.is_running():
+                    continue
+            except DockerError as err:
+                _LOGGER.warning("Add-on %s is corrupt: %s", addon.slug, err)
+                self.sys_resolution.create_issue(
+                    IssueType.CORRUPT_DOCKER,
+                    ContextType.ADDON,
+                    reference=addon.slug,
+                    suggestions=[SuggestionType.EXECUTE_REPAIR],
+                )
+                capture_exception(err)
+            else:
+                add_host_coros.append(
+                    self.sys_plugins.dns.add_host(
+                        ipv4=addon.ip_address, names=[addon.hostname], write=False
+                    )
+                )
+
+        await asyncio.gather(*add_host_coros)
+
+        # Write hosts files
+        with suppress(CoreDNSError):
+            await self.sys_plugins.dns.write_hosts()

supervisor/addons/model.py

@@ -1,13 +1,17 @@
 """Init file for Supervisor add-ons."""
 from abc import ABC, abstractmethod
-from collections.abc import Awaitable, Callable
+from collections import defaultdict
+from collections.abc import Callable
 from contextlib import suppress
+from datetime import datetime
 import logging
 from pathlib import Path
 from typing import Any
 
 from awesomeversion import AwesomeVersion, AwesomeVersionException
 
+from supervisor.utils.dt import utc_from_timestamp
+
 from ..const import (
     ATTR_ADVANCED,
     ATTR_APPARMOR,
@@ -64,11 +68,13 @@ from ..const import (
     ATTR_TIMEOUT,
     ATTR_TMPFS,
     ATTR_TRANSLATIONS,
+    ATTR_TYPE,
     ATTR_UART,
     ATTR_UDEV,
     ATTR_URL,
     ATTR_USB,
     ATTR_VERSION,
+    ATTR_VERSION_TIMESTAMP,
     ATTR_VIDEO,
     ATTR_WATCHDOG,
     ATTR_WEBUI,
@@ -79,24 +85,38 @@ from ..const import (
     AddonStage,
     AddonStartup,
 )
-from ..coresys import CoreSys, CoreSysAttributes
+from ..coresys import CoreSys
 from ..docker.const import Capabilities
 from ..exceptions import AddonsNotSupportedError
-from .const import ATTR_BACKUP, ATTR_CODENOTARY, AddonBackupMode
+from ..jobs.const import JOB_GROUP_ADDON
+from ..jobs.job_group import JobGroup
+from ..utils import version_is_new_enough
+from .configuration import FolderMapping
+from .const import (
+    ATTR_BACKUP,
+    ATTR_BREAKING_VERSIONS,
+    ATTR_CODENOTARY,
+    ATTR_PATH,
+    ATTR_READ_ONLY,
+    AddonBackupMode,
+    MappingType,
+)
 from .options import AddonOptions, UiOptions
-from .validate import RE_SERVICE, RE_VOLUME
+from .validate import RE_SERVICE
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 
 Data = dict[str, Any]
 
 
-class AddonModel(CoreSysAttributes, ABC):
+class AddonModel(JobGroup, ABC):
     """Add-on Data layout."""
 
     def __init__(self, coresys: CoreSys, slug: str):
         """Initialize data holder."""
-        self.coresys: CoreSys = coresys
+        super().__init__(
+            coresys, JOB_GROUP_ADDON.format_map(defaultdict(str, slug=slug)), slug
+        )
         self.slug: str = slug
 
     @property
@@ -206,6 +226,11 @@ class AddonModel(CoreSysAttributes, ABC):
         """Return latest version of add-on."""
         return self.data[ATTR_VERSION]
 
+    @property
+    def latest_version_timestamp(self) -> datetime:
+        """Return when latest version was first seen."""
+        return utc_from_timestamp(self.data[ATTR_VERSION_TIMESTAMP])
+
     @property
     def version(self) -> AwesomeVersion:
         """Return version of add-on."""
@@ -532,14 +557,13 @@ class AddonModel(CoreSysAttributes, ABC):
         return ATTR_IMAGE not in self.data
 
     @property
-    def map_volumes(self) -> dict[str, bool]:
-        """Return a dict of {volume: read-only} from add-on."""
+    def map_volumes(self) -> dict[MappingType, FolderMapping]:
+        """Return a dict of {MappingType: FolderMapping} from add-on."""
         volumes = {}
         for volume in self.data[ATTR_MAP]:
-            result = RE_VOLUME.match(volume)
-            if not result:
-                continue
-            volumes[result.group(1)] = result.group(2) != "rw"
+            volumes[MappingType(volume[ATTR_TYPE])] = FolderMapping(
+                volume.get(ATTR_PATH), volume[ATTR_READ_ONLY]
+            )
 
         return volumes
 
@@ -606,6 +630,11 @@ class AddonModel(CoreSysAttributes, ABC):
         """Return Signer email address for CAS."""
         return self.data.get(ATTR_CODENOTARY)
 
+    @property
+    def breaking_versions(self) -> list[AwesomeVersion]:
+        """Return breaking versions of addon."""
+        return self.data[ATTR_BREAKING_VERSIONS]
+
     def validate_availability(self) -> None:
         """Validate if addon is available for current system."""
         return self._validate_availability(self.data, logger=_LOGGER.error)
@@ -640,7 +669,9 @@ class AddonModel(CoreSysAttributes, ABC):
         # Home Assistant
         version: AwesomeVersion | None = config.get(ATTR_HOMEASSISTANT)
         with suppress(AwesomeVersionException, TypeError):
-            if self.sys_homeassistant.version < version:
+            if version and not version_is_new_enough(
+                self.sys_homeassistant.version, version
+            ):
                 raise AddonsNotSupportedError(
                     f"Add-on {self.slug} not supported on this system, requires Home Assistant version {version} or greater",
                     logger,
@@ -664,19 +695,3 @@ class AddonModel(CoreSysAttributes, ABC):
 
         # local build
         return f"{config[ATTR_REPOSITORY]}/{self.sys_arch.default}-addon-{config[ATTR_SLUG]}"
-
-    def install(self) -> Awaitable[None]:
-        """Install this add-on."""
-        return self.sys_addons.install(self.slug)
-
-    def uninstall(self) -> Awaitable[None]:
-        """Uninstall this add-on."""
-        return self.sys_addons.uninstall(self.slug)
-
-    def update(self, backup: bool | None = False) -> Awaitable[Awaitable[None] | None]:
-        """Update this add-on."""
-        return self.sys_addons.update(self.slug, backup=backup)
-
-    def rebuild(self) -> Awaitable[Awaitable[None] | None]:
-        """Rebuild this add-on."""
-        return self.sys_addons.rebuild(self.slug)

supervisor/addons/validate.py

@@ -81,6 +81,7 @@ from ..const import (
     ATTR_TIMEOUT,
     ATTR_TMPFS,
     ATTR_TRANSLATIONS,
+    ATTR_TYPE,
     ATTR_UART,
     ATTR_UDEV,
     ATTR_URL,
@@ -98,7 +99,6 @@ from ..const import (
     AddonStartup,
     AddonState,
 )
-from ..discovery.validate import valid_discovery_service
 from ..docker.const import Capabilities
 from ..validate import (
     docker_image,
@@ -109,12 +109,23 @@ from ..validate import (
     uuid_match,
     version_tag,
 )
-from .const import ATTR_BACKUP, ATTR_CODENOTARY, RE_SLUG, AddonBackupMode
+from .const import (
+    ATTR_BACKUP,
+    ATTR_BREAKING_VERSIONS,
+    ATTR_CODENOTARY,
+    ATTR_PATH,
+    ATTR_READ_ONLY,
+    RE_SLUG,
+    AddonBackupMode,
+    MappingType,
+)
 from .options import RE_SCHEMA_ELEMENT
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 
-RE_VOLUME = re.compile(r"^(config|ssl|addons|backup|share|media)(?::(rw|ro))?$")
+RE_VOLUME = re.compile(
+    r"^(data|config|ssl|addons|backup|share|media|homeassistant_config|all_addon_configs|addon_config)(?::(rw|ro))?$"
+)
 RE_SERVICE = re.compile(r"^(?P<service>mqtt|mysql):(?P<rights>provide|want|need)$")
 
 
@@ -143,6 +154,9 @@ RE_MACHINE = re.compile(
     r"|raspberrypi3"
     r"|raspberrypi4-64"
     r"|raspberrypi4"
+    r"|raspberrypi5-64"
+    r"|yellow"
+    r"|green"
     r"|tinker"
     r")$"
 )
@@ -196,9 +210,9 @@ def _migrate_addon_config(protocol=False):
                     name,
                 )
             if value == "before":
-                config[ATTR_STARTUP] = AddonStartup.SERVICES.value
+                config[ATTR_STARTUP] = AddonStartup.SERVICES
             elif value == "after":
-                config[ATTR_STARTUP] = AddonStartup.APPLICATION.value
+                config[ATTR_STARTUP] = AddonStartup.APPLICATION
 
         # UART 2021-01-20
         if "auto_uart" in config:
@@ -244,6 +258,48 @@ def _migrate_addon_config(protocol=False):
                     name,
                 )
 
+        # 2023-11 "map" entries can also be dict to allow path configuration
+        volumes = []
+        for entry in config.get(ATTR_MAP, []):
+            if isinstance(entry, dict):
+                volumes.append(entry)
+            if isinstance(entry, str):
+                result = RE_VOLUME.match(entry)
+                if not result:
+                    continue
+                volumes.append(
+                    {
+                        ATTR_TYPE: result.group(1),
+                        ATTR_READ_ONLY: result.group(2) != "rw",
+                    }
+                )
+
+        if volumes:
+            config[ATTR_MAP] = volumes
+
+        # 2023-10 "config" became "homeassistant" so /config can be used for addon's public config
+        if any(volume[ATTR_TYPE] == MappingType.CONFIG for volume in volumes):
+            if any(
+                volume
+                and volume[ATTR_TYPE]
+                in {MappingType.ADDON_CONFIG, MappingType.HOMEASSISTANT_CONFIG}
+                for volume in volumes
+            ):
+                _LOGGER.warning(
+                    "Add-on config using incompatible map options, '%s' and '%s' are ignored if '%s' is included. Please report this to the maintainer of %s",
+                    MappingType.ADDON_CONFIG,
+                    MappingType.HOMEASSISTANT_CONFIG,
+                    MappingType.CONFIG,
+                    name,
+                )
+            else:
+                _LOGGER.debug(
+                    "Add-on config using deprecated map option '%s' instead of '%s'. Please report this to the maintainer of %s",
+                    MappingType.CONFIG,
+                    MappingType.HOMEASSISTANT_CONFIG,
+                    name,
+                )
+
         return config
 
     return _migrate
@@ -292,7 +348,15 @@ _SCHEMA_ADDON_CONFIG = vol.Schema(
         vol.Optional(ATTR_DEVICES): [str],
         vol.Optional(ATTR_UDEV, default=False): vol.Boolean(),
         vol.Optional(ATTR_TMPFS, default=False): vol.Boolean(),
-        vol.Optional(ATTR_MAP, default=list): [vol.Match(RE_VOLUME)],
+        vol.Optional(ATTR_MAP, default=list): [
+            vol.Schema(
+                {
+                    vol.Required(ATTR_TYPE): vol.Coerce(MappingType),
+                    vol.Optional(ATTR_READ_ONLY, default=True): bool,
+                    vol.Optional(ATTR_PATH): str,
+                }
+            )
+        ],
         vol.Optional(ATTR_ENVIRONMENT): {vol.Match(r"\w*"): str},
         vol.Optional(ATTR_PRIVILEGED): [vol.Coerce(Capabilities)],
         vol.Optional(ATTR_APPARMOR, default=True): vol.Boolean(),
@@ -313,7 +377,7 @@ _SCHEMA_ADDON_CONFIG = vol.Schema(
         vol.Optional(ATTR_DOCKER_API, default=False): vol.Boolean(),
         vol.Optional(ATTR_AUTH_API, default=False): vol.Boolean(),
         vol.Optional(ATTR_SERVICES): [vol.Match(RE_SERVICE)],
-        vol.Optional(ATTR_DISCOVERY): [valid_discovery_service],
+        vol.Optional(ATTR_DISCOVERY): [str],
         vol.Optional(ATTR_BACKUP_EXCLUDE): [str],
         vol.Optional(ATTR_BACKUP_PRE): str,
         vol.Optional(ATTR_BACKUP_POST): str,
@@ -344,6 +408,7 @@ _SCHEMA_ADDON_CONFIG = vol.Schema(
             vol.Coerce(int), vol.Range(min=10, max=300)
         ),
         vol.Optional(ATTR_JOURNALD, default=False): vol.Boolean(),
+        vol.Optional(ATTR_BREAKING_VERSIONS, default=list): [version_tag],
     },
     extra=vol.REMOVE_EXTRA,
 )

supervisor/api/__init__.py

@@ -5,6 +5,7 @@ from pathlib import Path
 from typing import Any
 
 from aiohttp import web
+from aiohttp_fast_url_dispatcher import FastUrlDispatcher, attach_fast_url_dispatcher
 
 from ..const import AddonState
 from ..coresys import CoreSys, CoreSysAttributes
@@ -64,9 +65,10 @@ class RestAPI(CoreSysAttributes):
                 "max_field_size": MAX_LINE_SIZE,
             },
         )
+        attach_fast_url_dispatcher(self.webapp, FastUrlDispatcher())
 
         # service stuff
-        self._runner: web.AppRunner = web.AppRunner(self.webapp)
+        self._runner: web.AppRunner = web.AppRunner(self.webapp, shutdown_timeout=5)
         self._site: web.TCPSite | None = None
 
     async def load(self) -> None:
@@ -180,12 +182,15 @@ class RestAPI(CoreSysAttributes):
                 web.post("/os/config/sync", api_os.config_sync),
                 web.post("/os/datadisk/move", api_os.migrate_data),
                 web.get("/os/datadisk/list", api_os.list_data),
+                web.post("/os/datadisk/wipe", api_os.wipe_data),
             ]
         )
 
         # Boards endpoints
         self.webapp.add_routes(
             [
+                web.get("/os/boards/green", api_os.boards_green_info),
+                web.post("/os/boards/green", api_os.boards_green_options),
                 web.get("/os/boards/yellow", api_os.boards_yellow_info),
                 web.post("/os/boards/yellow", api_os.boards_yellow_options),
                 web.get("/os/boards/{board}", api_os.boards_other_info),
@@ -215,6 +220,8 @@ class RestAPI(CoreSysAttributes):
                 web.get("/jobs/info", api_jobs.info),
                 web.post("/jobs/options", api_jobs.options),
                 web.post("/jobs/reset", api_jobs.reset),
+                web.get("/jobs/{uuid}", api_jobs.job_info),
+                web.delete("/jobs/{uuid}", api_jobs.remove_job),
             ]
         )
 
@@ -330,6 +337,7 @@ class RestAPI(CoreSysAttributes):
                 web.post("/auth", api_auth.auth),
                 web.post("/auth/reset", api_auth.reset),
                 web.delete("/auth/cache", api_auth.cache),
+                web.get("/auth/list", api_auth.list_users),
             ]
         )
 
@@ -485,6 +493,8 @@ class RestAPI(CoreSysAttributes):
                 web.get("/backups/info", api_backups.info),
                 web.post("/backups/options", api_backups.options),
                 web.post("/backups/reload", api_backups.reload),
+                web.post("/backups/freeze", api_backups.freeze),
+                web.post("/backups/thaw", api_backups.thaw),
                 web.post("/backups/new/full", api_backups.backup_full),
                 web.post("/backups/new/partial", api_backups.backup_partial),
                 web.post("/backups/new/upload", api_backups.upload),
@@ -667,9 +677,7 @@ class RestAPI(CoreSysAttributes):
     async def start(self) -> None:
         """Run RESTful API webserver."""
         await self._runner.setup()
-        self._site = web.TCPSite(
-            self._runner, host="0.0.0.0", port=80, shutdown_timeout=5
-        )
+        self._site = web.TCPSite(self._runner, host="0.0.0.0", port=80)
 
         try:
             await self._site.start()

supervisor/api/addons.py

@@ -8,8 +8,8 @@ from aiohttp import web
 import voluptuous as vol
 from voluptuous.humanize import humanize_error
 
-from ..addons import AnyAddon
 from ..addons.addon import Addon
+from ..addons.manager import AnyAddon
 from ..addons.utils import rating_security
 from ..const import (
     ATTR_ADDONS,
@@ -106,7 +106,7 @@ from ..exceptions import (
     PwnedSecret,
 )
 from ..validate import docker_ports
-from .const import ATTR_SIGNED, CONTENT_TYPE_BINARY
+from .const import ATTR_REMOVE_CONFIG, ATTR_SIGNED, CONTENT_TYPE_BINARY
 from .utils import api_process, api_process_raw, api_validate, json_loads
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
@@ -126,9 +126,13 @@ SCHEMA_OPTIONS = vol.Schema(
     }
 )
 
-# pylint: disable=no-value-for-parameter
 SCHEMA_SECURITY = vol.Schema({vol.Optional(ATTR_PROTECTED): vol.Boolean()})
 
+SCHEMA_UNINSTALL = vol.Schema(
+    {vol.Optional(ATTR_REMOVE_CONFIG, default=False): vol.Boolean()}
+)
+# pylint: enable=no-value-for-parameter
+
 
 class APIAddons(CoreSysAttributes):
     """Handle RESTful API for add-on functions."""
@@ -385,10 +389,15 @@ class APIAddons(CoreSysAttributes):
         }
 
     @api_process
-    def uninstall(self, request: web.Request) -> Awaitable[None]:
+    async def uninstall(self, request: web.Request) -> Awaitable[None]:
         """Uninstall add-on."""
         addon = self._extract_addon(request)
-        return asyncio.shield(addon.uninstall())
+        body: dict[str, Any] = await api_validate(SCHEMA_UNINSTALL, request)
+        return await asyncio.shield(
+            self.sys_addons.uninstall(
+                addon.slug, remove_config=body[ATTR_REMOVE_CONFIG]
+            )
+        )
 
     @api_process
     async def start(self, request: web.Request) -> None:
@@ -414,7 +423,7 @@ class APIAddons(CoreSysAttributes):
     async def rebuild(self, request: web.Request) -> None:
         """Rebuild local build add-on."""
         addon = self._extract_addon(request)
-        if start_task := await asyncio.shield(addon.rebuild()):
+        if start_task := await asyncio.shield(self.sys_addons.rebuild(addon.slug)):
             await start_task
 
     @api_process_raw(CONTENT_TYPE_BINARY)

supervisor/api/audio.py

@@ -1,11 +1,11 @@
 """Init file for Supervisor Audio RESTful API."""
 import asyncio
 from collections.abc import Awaitable
+from dataclasses import asdict
 import logging
 from typing import Any
 
 from aiohttp import web
-import attr
 import voluptuous as vol
 
 from ..const import (
@@ -76,15 +76,11 @@ class APIAudio(CoreSysAttributes):
             ATTR_UPDATE_AVAILABLE: self.sys_plugins.audio.need_update,
             ATTR_HOST: str(self.sys_docker.network.audio),
             ATTR_AUDIO: {
-                ATTR_CARD: [attr.asdict(card) for card in self.sys_host.sound.cards],
-                ATTR_INPUT: [
-                    attr.asdict(stream) for stream in self.sys_host.sound.inputs
-                ],
-                ATTR_OUTPUT: [
-                    attr.asdict(stream) for stream in self.sys_host.sound.outputs
-                ],
+                ATTR_CARD: [asdict(card) for card in self.sys_host.sound.cards],
+                ATTR_INPUT: [asdict(stream) for stream in self.sys_host.sound.inputs],
+                ATTR_OUTPUT: [asdict(stream) for stream in self.sys_host.sound.outputs],
                 ATTR_APPLICATION: [
-                    attr.asdict(stream) for stream in self.sys_host.sound.applications
+                    asdict(stream) for stream in self.sys_host.sound.applications
                 ],
             },
         }

supervisor/api/auth.py

@@ -1,6 +1,7 @@
 """Init file for Supervisor auth/SSO RESTful API."""
 import asyncio
 import logging
+from typing import Any
 
 from aiohttp import BasicAuth, web
 from aiohttp.hdrs import AUTHORIZATION, CONTENT_TYPE, WWW_AUTHENTICATE
@@ -8,10 +9,19 @@ from aiohttp.web_exceptions import HTTPUnauthorized
 import voluptuous as vol
 
 from ..addons.addon import Addon
-from ..const import ATTR_PASSWORD, ATTR_USERNAME, REQUEST_FROM
+from ..const import ATTR_NAME, ATTR_PASSWORD, ATTR_USERNAME, REQUEST_FROM
 from ..coresys import CoreSysAttributes
 from ..exceptions import APIForbidden
-from .const import CONTENT_TYPE_JSON, CONTENT_TYPE_URL
+from ..utils.json import json_loads
+from .const import (
+    ATTR_GROUP_IDS,
+    ATTR_IS_ACTIVE,
+    ATTR_IS_OWNER,
+    ATTR_LOCAL_ONLY,
+    ATTR_USERS,
+    CONTENT_TYPE_JSON,
+    CONTENT_TYPE_URL,
+)
 from .utils import api_process, api_validate
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
@@ -67,7 +77,7 @@ class APIAuth(CoreSysAttributes):
 
         # Json
         if request.headers.get(CONTENT_TYPE) == CONTENT_TYPE_JSON:
-            data = await request.json()
+            data = await request.json(loads=json_loads)
             return await self._process_dict(request, addon, data)
 
         # URL encoded
@@ -89,3 +99,21 @@ class APIAuth(CoreSysAttributes):
     async def cache(self, request: web.Request) -> None:
         """Process cache reset request."""
         self.sys_auth.reset_data()
+
+    @api_process
+    async def list_users(self, request: web.Request) -> dict[str, list[dict[str, Any]]]:
+        """List users on the Home Assistant instance."""
+        return {
+            ATTR_USERS: [
+                {
+                    ATTR_USERNAME: user[ATTR_USERNAME],
+                    ATTR_NAME: user[ATTR_NAME],
+                    ATTR_IS_OWNER: user[ATTR_IS_OWNER],
+                    ATTR_IS_ACTIVE: user[ATTR_IS_ACTIVE],
+                    ATTR_LOCAL_ONLY: user[ATTR_LOCAL_ONLY],
+                    ATTR_GROUP_IDS: user[ATTR_GROUP_IDS],
+                }
+                for user in await self.sys_auth.list_users()
+                if user[ATTR_USERNAME]
+            ]
+        }

supervisor/api/backups.py

@@ -1,5 +1,7 @@
 """Backups RESTful API."""
 import asyncio
+from collections.abc import Callable
+import errno
 import logging
 from pathlib import Path
 import re
@@ -10,6 +12,7 @@ from aiohttp import web
 from aiohttp.hdrs import CONTENT_DISPOSITION
 import voluptuous as vol
 
+from ..backups.backup import Backup
 from ..backups.validate import ALL_FOLDERS, FOLDER_HOMEASSISTANT, days_until_stale
 from ..const import (
     ATTR_ADDONS,
@@ -20,6 +23,7 @@ from ..const import (
     ATTR_DAYS_UNTIL_STALE,
     ATTR_FOLDERS,
     ATTR_HOMEASSISTANT,
+    ATTR_HOMEASSISTANT_EXCLUDE_DATABASE,
     ATTR_LOCATON,
     ATTR_NAME,
     ATTR_PASSWORD,
@@ -28,13 +32,18 @@ from ..const import (
     ATTR_SIZE,
     ATTR_SLUG,
     ATTR_SUPERVISOR_VERSION,
+    ATTR_TIMEOUT,
     ATTR_TYPE,
     ATTR_VERSION,
+    BusEvent,
+    CoreState,
 )
 from ..coresys import CoreSysAttributes
 from ..exceptions import APIError
+from ..jobs import JobSchedulerOptions
 from ..mounts.const import MountUsage
-from .const import CONTENT_TYPE_TAR
+from ..resolution.const import UnhealthyReason
+from .const import ATTR_BACKGROUND, ATTR_JOB_ID, CONTENT_TYPE_TAR
 from .utils import api_process, api_validate
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
@@ -46,23 +55,29 @@ RE_SLUGIFY_NAME = re.compile(r"[^A-Za-z0-9]+")
 _ALL_FOLDERS = ALL_FOLDERS + [FOLDER_HOMEASSISTANT]
 
 # pylint: disable=no-value-for-parameter
-SCHEMA_RESTORE_PARTIAL = vol.Schema(
+SCHEMA_RESTORE_FULL = vol.Schema(
     {
         vol.Optional(ATTR_PASSWORD): vol.Maybe(str),
+        vol.Optional(ATTR_BACKGROUND, default=False): vol.Boolean(),
+    }
+)
+
+SCHEMA_RESTORE_PARTIAL = SCHEMA_RESTORE_FULL.extend(
+    {
         vol.Optional(ATTR_HOMEASSISTANT): vol.Boolean(),
         vol.Optional(ATTR_ADDONS): vol.All([str], vol.Unique()),
         vol.Optional(ATTR_FOLDERS): vol.All([vol.In(_ALL_FOLDERS)], vol.Unique()),
     }
 )
 
-SCHEMA_RESTORE_FULL = vol.Schema({vol.Optional(ATTR_PASSWORD): vol.Maybe(str)})
-
 SCHEMA_BACKUP_FULL = vol.Schema(
     {
         vol.Optional(ATTR_NAME): str,
         vol.Optional(ATTR_PASSWORD): vol.Maybe(str),
         vol.Optional(ATTR_COMPRESSED): vol.Maybe(vol.Boolean()),
         vol.Optional(ATTR_LOCATON): vol.Maybe(str),
+        vol.Optional(ATTR_HOMEASSISTANT_EXCLUDE_DATABASE): vol.Boolean(),
+        vol.Optional(ATTR_BACKGROUND, default=False): vol.Boolean(),
     }
 )
 
@@ -80,6 +95,12 @@ SCHEMA_OPTIONS = vol.Schema(
     }
 )
 
+SCHEMA_FREEZE = vol.Schema(
+    {
+        vol.Optional(ATTR_TIMEOUT): vol.All(int, vol.Range(min=1)),
+    }
+)
+
 
 class APIBackups(CoreSysAttributes):
     """Handle RESTful API for backups functions."""
@@ -142,7 +163,7 @@ class APIBackups(CoreSysAttributes):
         self.sys_backups.save_data()
 
     @api_process
-    async def reload(self, request):
+    async def reload(self, _):
         """Reload backup list."""
         await asyncio.shield(self.sys_backups.reload())
         return True
@@ -177,6 +198,7 @@ class APIBackups(CoreSysAttributes):
             ATTR_ADDONS: data_addons,
             ATTR_REPOSITORIES: backup.repositories,
             ATTR_FOLDERS: backup.folders,
+            ATTR_HOMEASSISTANT_EXCLUDE_DATABASE: backup.homeassistant_exclude_database,
         }
 
     def _location_to_mount(self, body: dict[str, Any]) -> dict[str, Any]:
@@ -192,46 +214,120 @@ class APIBackups(CoreSysAttributes):
 
         return body
 
+    async def _background_backup_task(
+        self, backup_method: Callable, *args, **kwargs
+    ) -> tuple[asyncio.Task, str]:
+        """Start backup task in  background and return task and job ID."""
+        event = asyncio.Event()
+        job, backup_task = self.sys_jobs.schedule_job(
+            backup_method, JobSchedulerOptions(), *args, **kwargs
+        )
+
+        async def release_on_freeze(new_state: CoreState):
+            if new_state == CoreState.FREEZE:
+                event.set()
+
+        # Wait for system to get into freeze state before returning
+        # If the backup fails validation it will raise before getting there
+        listener = self.sys_bus.register_event(
+            BusEvent.SUPERVISOR_STATE_CHANGE, release_on_freeze
+        )
+        try:
+            await asyncio.wait(
+                (
+                    backup_task,
+                    self.sys_create_task(event.wait()),
+                ),
+                return_when=asyncio.FIRST_COMPLETED,
+            )
+            return (backup_task, job.uuid)
+        finally:
+            self.sys_bus.remove_listener(listener)
+
     @api_process
     async def backup_full(self, request):
         """Create full backup."""
         body = await api_validate(SCHEMA_BACKUP_FULL, request)
-
-        backup = await asyncio.shield(
-            self.sys_backups.do_backup_full(**self._location_to_mount(body))
+        background = body.pop(ATTR_BACKGROUND)
+        backup_task, job_id = await self._background_backup_task(
+            self.sys_backups.do_backup_full, **self._location_to_mount(body)
         )
 
+        if background and not backup_task.done():
+            return {ATTR_JOB_ID: job_id}
+
+        backup: Backup = await backup_task
         if backup:
-            return {ATTR_SLUG: backup.slug}
-        return False
+            return {ATTR_JOB_ID: job_id, ATTR_SLUG: backup.slug}
+        raise APIError(
+            f"An error occurred while making backup, check job '{job_id}' or supervisor logs for details",
+            job_id=job_id,
+        )
 
     @api_process
     async def backup_partial(self, request):
         """Create a partial backup."""
         body = await api_validate(SCHEMA_BACKUP_PARTIAL, request)
-        backup = await asyncio.shield(
-            self.sys_backups.do_backup_partial(**self._location_to_mount(body))
+        background = body.pop(ATTR_BACKGROUND)
+        backup_task, job_id = await self._background_backup_task(
+            self.sys_backups.do_backup_partial, **self._location_to_mount(body)
         )
 
+        if background and not backup_task.done():
+            return {ATTR_JOB_ID: job_id}
+
+        backup: Backup = await backup_task
         if backup:
-            return {ATTR_SLUG: backup.slug}
-        return False
+            return {ATTR_JOB_ID: job_id, ATTR_SLUG: backup.slug}
+        raise APIError(
+            f"An error occurred while making backup, check job '{job_id}' or supervisor logs for details",
+            job_id=job_id,
+        )
 
     @api_process
     async def restore_full(self, request):
         """Full restore of a backup."""
         backup = self._extract_slug(request)
         body = await api_validate(SCHEMA_RESTORE_FULL, request)
+        background = body.pop(ATTR_BACKGROUND)
+        restore_task, job_id = await self._background_backup_task(
+            self.sys_backups.do_restore_full, backup, **body
+        )
 
-        return await asyncio.shield(self.sys_backups.do_restore_full(backup, **body))
+        if background and not restore_task.done() or await restore_task:
+            return {ATTR_JOB_ID: job_id}
+        raise APIError(
+            f"An error occurred during restore of {backup.slug}, check job '{job_id}' or supervisor logs for details",
+            job_id=job_id,
+        )
 
     @api_process
     async def restore_partial(self, request):
         """Partial restore a backup."""
         backup = self._extract_slug(request)
         body = await api_validate(SCHEMA_RESTORE_PARTIAL, request)
+        background = body.pop(ATTR_BACKGROUND)
+        restore_task, job_id = await self._background_backup_task(
+            self.sys_backups.do_restore_partial, backup, **body
+        )
 
-        return await asyncio.shield(self.sys_backups.do_restore_partial(backup, **body))
+        if background and not restore_task.done() or await restore_task:
+            return {ATTR_JOB_ID: job_id}
+        raise APIError(
+            f"An error occurred during restore of {backup.slug}, check job '{job_id}' or supervisor logs for details",
+            job_id=job_id,
+        )
+
+    @api_process
+    async def freeze(self, request):
+        """Initiate manual freeze for external backup."""
+        body = await api_validate(SCHEMA_FREEZE, request)
+        await asyncio.shield(self.sys_backups.freeze_all(**body))
+
+    @api_process
+    async def thaw(self, request):
+        """Begin thaw after manual freeze."""
+        await self.sys_backups.thaw_all()
 
     @api_process
     async def remove(self, request):
@@ -267,6 +363,8 @@ class APIBackups(CoreSysAttributes):
                         backup.write(chunk)
 
             except OSError as err:
+                if err.errno == errno.EBADMSG:
+                    self.sys_resolution.unhealthy = UnhealthyReason.OSERROR_BAD_MESSAGE
                 _LOGGER.error("Can't write new backup file: %s", err)
                 return False
 

supervisor/api/const.py

@@ -13,6 +13,7 @@ ATTR_AGENT_VERSION = "agent_version"
 ATTR_APPARMOR_VERSION = "apparmor_version"
 ATTR_ATTRIBUTES = "attributes"
 ATTR_AVAILABLE_UPDATES = "available_updates"
+ATTR_BACKGROUND = "background"
 ATTR_BOOT_TIMESTAMP = "boot_timestamp"
 ATTR_BOOTS = "boots"
 ATTR_BROADCAST_LLMNR = "broadcast_llmnr"
@@ -23,7 +24,6 @@ ATTR_CONNECTION_BUS = "connection_bus"
 ATTR_DATA_DISK = "data_disk"
 ATTR_DEVICE = "device"
 ATTR_DEV_PATH = "dev_path"
-ATTR_DISK_LED = "disk_led"
 ATTR_DISKS = "disks"
 ATTR_DRIVES = "drives"
 ATTR_DT_SYNCHRONIZED = "dt_synchronized"
@@ -31,25 +31,32 @@ ATTR_DT_UTC = "dt_utc"
 ATTR_EJECTABLE = "ejectable"
 ATTR_FALLBACK = "fallback"
 ATTR_FILESYSTEMS = "filesystems"
-ATTR_HEARTBEAT_LED = "heartbeat_led"
+ATTR_GROUP_IDS = "group_ids"
 ATTR_IDENTIFIERS = "identifiers"
+ATTR_IS_ACTIVE = "is_active"
+ATTR_IS_OWNER = "is_owner"
+ATTR_JOB_ID = "job_id"
+ATTR_JOBS = "jobs"
 ATTR_LLMNR = "llmnr"
 ATTR_LLMNR_HOSTNAME = "llmnr_hostname"
+ATTR_LOCAL_ONLY = "local_only"
 ATTR_MDNS = "mdns"
 ATTR_MODEL = "model"
 ATTR_MOUNTS = "mounts"
 ATTR_MOUNT_POINTS = "mount_points"
 ATTR_PANEL_PATH = "panel_path"
-ATTR_POWER_LED = "power_led"
 ATTR_REMOVABLE = "removable"
+ATTR_REMOVE_CONFIG = "remove_config"
 ATTR_REVISION = "revision"
 ATTR_SEAT = "seat"
 ATTR_SIGNED = "signed"
 ATTR_STARTUP_TIME = "startup_time"
 ATTR_SUBSYSTEM = "subsystem"
 ATTR_SYSFS = "sysfs"
+ATTR_SYSTEM_HEALTH_LED = "system_health_led"
 ATTR_TIME_DETECTED = "time_detected"
 ATTR_UPDATE_TYPE = "update_type"
-ATTR_USE_NTP = "use_ntp"
 ATTR_USAGE = "usage"
+ATTR_USE_NTP = "use_ntp"
+ATTR_USERS = "users"
 ATTR_VENDOR = "vendor"

supervisor/api/discovery.py

@@ -1,6 +1,9 @@
 """Init file for Supervisor network RESTful API."""
+import logging
+
 import voluptuous as vol
 
+from ..addons.addon import Addon
 from ..const import (
     ATTR_ADDON,
     ATTR_CONFIG,
@@ -9,16 +12,18 @@ from ..const import (
     ATTR_SERVICES,
     ATTR_UUID,
     REQUEST_FROM,
+    AddonState,
 )
 from ..coresys import CoreSysAttributes
-from ..discovery.validate import valid_discovery_service
 from ..exceptions import APIError, APIForbidden
 from .utils import api_process, api_validate, require_home_assistant
 
+_LOGGER: logging.Logger = logging.getLogger(__name__)
+
 SCHEMA_DISCOVERY = vol.Schema(
     {
-        vol.Required(ATTR_SERVICE): valid_discovery_service,
-        vol.Optional(ATTR_CONFIG): vol.Maybe(dict),
+        vol.Required(ATTR_SERVICE): str,
+        vol.Required(ATTR_CONFIG): dict,
     }
 )
 
@@ -36,19 +41,19 @@ class APIDiscovery(CoreSysAttributes):
     @api_process
     @require_home_assistant
     async def list(self, request):
-        """Show register services."""
-
+        """Show registered and available services."""
         # Get available discovery
-        discovery = []
-        for message in self.sys_discovery.list_messages:
-            discovery.append(
-                {
-                    ATTR_ADDON: message.addon,
-                    ATTR_SERVICE: message.service,
-                    ATTR_UUID: message.uuid,
-                    ATTR_CONFIG: message.config,
-                }
-            )
+        discovery = [
+            {
+                ATTR_ADDON: message.addon,
+                ATTR_SERVICE: message.service,
+                ATTR_UUID: message.uuid,
+                ATTR_CONFIG: message.config,
+            }
+            for message in self.sys_discovery.list_messages
+            if (addon := self.sys_addons.get(message.addon, local_only=True))
+            and addon.state == AddonState.STARTED
+        ]
 
         # Get available services/add-ons
         services = {}
@@ -62,11 +67,19 @@ class APIDiscovery(CoreSysAttributes):
     async def set_discovery(self, request):
         """Write data into a discovery pipeline."""
         body = await api_validate(SCHEMA_DISCOVERY, request)
-        addon = request[REQUEST_FROM]
+        addon: Addon = request[REQUEST_FROM]
+        service = body[ATTR_SERVICE]
 
         # Access?
         if body[ATTR_SERVICE] not in addon.discovery:
-            raise APIForbidden("Can't use discovery!")
+            _LOGGER.error(
+                "Add-on %s attempted to send discovery for service %s which is not listed in its config. Please report this to the maintainer of the add-on",
+                addon.name,
+                service,
+            )
+            raise APIForbidden(
+                "Add-ons must list services they provide via discovery in their config!"
+            )
 
         # Process discovery message
         message = self.sys_discovery.send(addon, **body)

supervisor/api/homeassistant.py

@@ -12,6 +12,7 @@ from ..const import (
     ATTR_AUDIO_INPUT,
     ATTR_AUDIO_OUTPUT,
     ATTR_BACKUP,
+    ATTR_BACKUPS_EXCLUDE_DATABASE,
     ATTR_BLK_READ,
     ATTR_BLK_WRITE,
     ATTR_BOOT,
@@ -51,6 +52,7 @@ SCHEMA_OPTIONS = vol.Schema(
         vol.Optional(ATTR_REFRESH_TOKEN): vol.Maybe(str),
         vol.Optional(ATTR_AUDIO_OUTPUT): vol.Maybe(str),
         vol.Optional(ATTR_AUDIO_INPUT): vol.Maybe(str),
+        vol.Optional(ATTR_BACKUPS_EXCLUDE_DATABASE): vol.Boolean(),
     }
 )
 
@@ -82,6 +84,7 @@ class APIHomeAssistant(CoreSysAttributes):
             ATTR_WATCHDOG: self.sys_homeassistant.watchdog,
             ATTR_AUDIO_INPUT: self.sys_homeassistant.audio_input,
             ATTR_AUDIO_OUTPUT: self.sys_homeassistant.audio_output,
+            ATTR_BACKUPS_EXCLUDE_DATABASE: self.sys_homeassistant.backups_exclude_database,
         }
 
     @api_process
@@ -113,6 +116,11 @@ class APIHomeAssistant(CoreSysAttributes):
         if ATTR_AUDIO_OUTPUT in body:
             self.sys_homeassistant.audio_output = body[ATTR_AUDIO_OUTPUT]
 
+        if ATTR_BACKUPS_EXCLUDE_DATABASE in body:
+            self.sys_homeassistant.backups_exclude_database = body[
+                ATTR_BACKUPS_EXCLUDE_DATABASE
+            ]
+
         self.sys_homeassistant.save_data()
 
     @api_process

supervisor/api/ingress.py

@@ -21,11 +21,18 @@ from ..const import (
     ATTR_ICON,
     ATTR_PANELS,
     ATTR_SESSION,
+    ATTR_SESSION_DATA_USER_ID,
     ATTR_TITLE,
+    HEADER_REMOTE_USER_DISPLAY_NAME,
+    HEADER_REMOTE_USER_ID,
+    HEADER_REMOTE_USER_NAME,
     HEADER_TOKEN,
     HEADER_TOKEN_OLD,
+    IngressSessionData,
+    IngressSessionDataUser,
 )
 from ..coresys import CoreSysAttributes
+from ..exceptions import HomeAssistantAPIError
 from .const import COOKIE_INGRESS
 from .utils import api_process, api_validate, require_home_assistant
 
@@ -33,10 +40,46 @@ _LOGGER: logging.Logger = logging.getLogger(__name__)
 
 VALIDATE_SESSION_DATA = vol.Schema({ATTR_SESSION: str})
 
+"""Expected optional payload of create session request"""
+SCHEMA_INGRESS_CREATE_SESSION_DATA = vol.Schema(
+    {
+        vol.Optional(ATTR_SESSION_DATA_USER_ID): str,
+    }
+)
+
+
+# from https://github.com/aio-libs/aiohttp/blob/8ae650bee4add9f131d49b96a0a150311ea58cd1/aiohttp/helpers.py#L1059C1-L1079C1
+def must_be_empty_body(method: str, code: int) -> bool:
+    """Check if a request must return an empty body."""
+    return (
+        status_code_must_be_empty_body(code)
+        or method_must_be_empty_body(method)
+        or (200 <= code < 300 and method.upper() == hdrs.METH_CONNECT)
+    )
+
+
+def method_must_be_empty_body(method: str) -> bool:
+    """Check if a method must return an empty body."""
+    # https://datatracker.ietf.org/doc/html/rfc9112#section-6.3-2.1
+    # https://datatracker.ietf.org/doc/html/rfc9112#section-6.3-2.2
+    return method.upper() == hdrs.METH_HEAD
+
+
+def status_code_must_be_empty_body(code: int) -> bool:
+    """Check if a status code must return an empty body."""
+    # https://datatracker.ietf.org/doc/html/rfc9112#section-6.3-2.1
+    return code in {204, 304} or 100 <= code < 200
+
 
 class APIIngress(CoreSysAttributes):
     """Ingress view to handle add-on webui routing."""
 
+    _list_of_users: list[IngressSessionDataUser]
+
+    def __init__(self) -> None:
+        """Initialize APIIngress."""
+        self._list_of_users = []
+
     def _extract_addon(self, request: web.Request) -> Addon:
         """Return addon, throw an exception it it doesn't exist."""
         token = request.match_info.get("token")
@@ -71,7 +114,19 @@ class APIIngress(CoreSysAttributes):
     @require_home_assistant
     async def create_session(self, request: web.Request) -> dict[str, Any]:
         """Create a new session."""
-        session = self.sys_ingress.create_session()
+        schema_ingress_config_session_data = await api_validate(
+            SCHEMA_INGRESS_CREATE_SESSION_DATA, request
+        )
+        data: IngressSessionData | None = None
+
+        if ATTR_SESSION_DATA_USER_ID in schema_ingress_config_session_data:
+            user = await self._find_user_by_id(
+                schema_ingress_config_session_data[ATTR_SESSION_DATA_USER_ID]
+            )
+            if user:
+                data = IngressSessionData(user)
+
+        session = self.sys_ingress.create_session(data)
         return {ATTR_SESSION: session}
 
     @api_process
@@ -99,13 +154,14 @@ class APIIngress(CoreSysAttributes):
         # Process requests
         addon = self._extract_addon(request)
         path = request.match_info.get("path")
+        session_data = self.sys_ingress.get_session_data(session)
         try:
             # Websocket
             if _is_websocket(request):
-                return await self._handle_websocket(request, addon, path)
+                return await self._handle_websocket(request, addon, path, session_data)
 
             # Request
-            return await self._handle_request(request, addon, path)
+            return await self._handle_request(request, addon, path, session_data)
 
         except aiohttp.ClientError as err:
             _LOGGER.error("Ingress error: %s", err)
@@ -113,7 +169,11 @@ class APIIngress(CoreSysAttributes):
         raise HTTPBadGateway()
 
     async def _handle_websocket(
-        self, request: web.Request, addon: Addon, path: str
+        self,
+        request: web.Request,
+        addon: Addon,
+        path: str,
+        session_data: IngressSessionData | None,
     ) -> web.WebSocketResponse:
         """Ingress route for websocket."""
         if hdrs.SEC_WEBSOCKET_PROTOCOL in request.headers:
@@ -131,7 +191,7 @@ class APIIngress(CoreSysAttributes):
 
         # Preparing
         url = self._create_url(addon, path)
-        source_header = _init_header(request, addon)
+        source_header = _init_header(request, addon, session_data)
 
         # Support GET query
         if request.query_string:
@@ -157,11 +217,15 @@ class APIIngress(CoreSysAttributes):
         return ws_server
 
     async def _handle_request(
-        self, request: web.Request, addon: Addon, path: str
+        self,
+        request: web.Request,
+        addon: Addon,
+        path: str,
+        session_data: IngressSessionData | None,
     ) -> web.Response | web.StreamResponse:
         """Ingress route for request."""
         url = self._create_url(addon, path)
-        source_header = _init_header(request, addon)
+        source_header = _init_header(request, addon, session_data)
 
         # Passing the raw stream breaks requests for some webservers
         # since we just need it for POST requests really, for all other methods
@@ -184,10 +248,18 @@ class APIIngress(CoreSysAttributes):
             skip_auto_headers={hdrs.CONTENT_TYPE},
         ) as result:
             headers = _response_header(result)
-
+            # Avoid parsing content_type in simple cases for better performance
+            if maybe_content_type := result.headers.get(hdrs.CONTENT_TYPE):
+                content_type = (maybe_content_type.partition(";"))[0].strip()
+            else:
+                content_type = result.content_type
             # Simple request
             if (
-                hdrs.CONTENT_LENGTH in result.headers
+                # empty body responses should not be streamed,
+                # otherwise aiohttp < 3.9.0 may generate
+                # an invalid "0\r\n\r\n" chunk instead of an empty response.
+                must_be_empty_body(request.method, result.status)
+                or hdrs.CONTENT_LENGTH in result.headers
                 and int(result.headers.get(hdrs.CONTENT_LENGTH, 0)) < 4_194_000
             ):
                 # Return Response
@@ -195,13 +267,13 @@ class APIIngress(CoreSysAttributes):
                 return web.Response(
                     headers=headers,
                     status=result.status,
-                    content_type=result.content_type,
+                    content_type=content_type,
                     body=body,
                 )
 
             # Stream response
             response = web.StreamResponse(status=result.status, headers=headers)
-            response.content_type = result.content_type
+            response.content_type = content_type
 
             try:
                 await response.prepare(request)
@@ -217,11 +289,35 @@ class APIIngress(CoreSysAttributes):
 
             return response
 
+    async def _find_user_by_id(self, user_id: str) -> IngressSessionDataUser | None:
+        """Find user object by the user's ID."""
+        try:
+            list_of_users = await self.sys_homeassistant.get_users()
+        except (HomeAssistantAPIError, TypeError) as err:
+            _LOGGER.error(
+                "%s error occurred while requesting list of users: %s", type(err), err
+            )
+            return None
 
-def _init_header(request: web.Request, addon: str) -> CIMultiDict | dict[str, str]:
+        if list_of_users is not None:
+            self._list_of_users = list_of_users
+
+        return next((user for user in self._list_of_users if user.id == user_id), None)
+
+
+def _init_header(
+    request: web.Request, addon: Addon, session_data: IngressSessionData | None
+) -> CIMultiDict | dict[str, str]:
     """Create initial header."""
     headers = {}
 
+    if session_data is not None:
+        headers[HEADER_REMOTE_USER_ID] = session_data.user.id
+        if session_data.user.username is not None:
+            headers[HEADER_REMOTE_USER_NAME] = session_data.user.username
+        if session_data.user.display_name is not None:
+            headers[HEADER_REMOTE_USER_DISPLAY_NAME] = session_data.user.display_name
+
     # filter flags
     for name, value in request.headers.items():
         if name in (
@@ -234,6 +330,9 @@ def _init_header(request: web.Request, addon: str) -> CIMultiDict | dict[str, st
             hdrs.SEC_WEBSOCKET_KEY,
             istr(HEADER_TOKEN),
             istr(HEADER_TOKEN_OLD),
+            istr(HEADER_REMOTE_USER_ID),
+            istr(HEADER_REMOTE_USER_NAME),
+            istr(HEADER_REMOTE_USER_DISPLAY_NAME),
         ):
             continue
         headers[name] = value

supervisor/api/jobs.py

@@ -6,7 +6,10 @@ from aiohttp import web
 import voluptuous as vol
 
 from ..coresys import CoreSysAttributes
+from ..exceptions import APIError
+from ..jobs import SupervisorJob
 from ..jobs.const import ATTR_IGNORE_CONDITIONS, JobCondition
+from .const import ATTR_JOBS
 from .utils import api_process, api_validate
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
@@ -19,11 +22,47 @@ SCHEMA_OPTIONS = vol.Schema(
 class APIJobs(CoreSysAttributes):
     """Handle RESTful API for OS functions."""
 
+    def _list_jobs(self, start: SupervisorJob | None = None) -> list[dict[str, Any]]:
+        """Return current job tree."""
+        jobs_by_parent: dict[str | None, list[SupervisorJob]] = {}
+        for job in self.sys_jobs.jobs:
+            if job.internal:
+                continue
+
+            if job.parent_id not in jobs_by_parent:
+                jobs_by_parent[job.parent_id] = [job]
+            else:
+                jobs_by_parent[job.parent_id].append(job)
+
+        job_list: list[dict[str, Any]] = []
+        queue: list[tuple[list[dict[str, Any]], SupervisorJob]] = (
+            [(job_list, start)]
+            if start
+            else [(job_list, job) for job in jobs_by_parent.get(None, [])]
+        )
+
+        while queue:
+            (current_list, current_job) = queue.pop(0)
+            child_jobs: list[dict[str, Any]] = []
+
+            # We remove parent_id and instead use that info to represent jobs as a tree
+            job_dict = current_job.as_dict() | {"child_jobs": child_jobs}
+            job_dict.pop("parent_id")
+            current_list.append(job_dict)
+
+            if current_job.uuid in jobs_by_parent:
+                queue.extend(
+                    [(child_jobs, job) for job in jobs_by_parent.get(current_job.uuid)]
+                )
+
+        return job_list
+
     @api_process
     async def info(self, request: web.Request) -> dict[str, Any]:
         """Return JobManager information."""
         return {
             ATTR_IGNORE_CONDITIONS: self.sys_jobs.ignore_conditions,
+            ATTR_JOBS: self._list_jobs(),
         }
 
     @api_process
@@ -42,3 +81,19 @@ class APIJobs(CoreSysAttributes):
     async def reset(self, request: web.Request) -> None:
         """Reset options for JobManager."""
         self.sys_jobs.reset_data()
+
+    @api_process
+    async def job_info(self, request: web.Request) -> dict[str, Any]:
+        """Get details of a job by ID."""
+        job = self.sys_jobs.get_job(request.match_info.get("uuid"))
+        return self._list_jobs(job)[0]
+
+    @api_process
+    async def remove_job(self, request: web.Request) -> None:
+        """Remove a completed job."""
+        job = self.sys_jobs.get_job(request.match_info.get("uuid"))
+
+        if not job.done:
+            raise APIError(f"Job {job.uuid} is not done!")
+
+        self.sys_jobs.remove_job(job)

supervisor/api/middleware/security.py

@@ -19,6 +19,7 @@ from ...const import (
     CoreState,
 )
 from ...coresys import CoreSys, CoreSysAttributes
+from ...utils import version_is_new_enough
 from ..utils import api_return_error, excract_supervisor_token
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
@@ -102,6 +103,8 @@ ADDONS_ROLE_ACCESS: dict[str, re.Pattern] = {
         r"|/addons(?:/" + RE_SLUG + r"/(?!security).+|/reload)?"
         r"|/audio/.+"
         r"|/auth/cache"
+        r"|/available_updates"
+        r"|/backups.*"
         r"|/cli/.+"
         r"|/core/.+"
         r"|/dns/.+"
@@ -111,16 +114,17 @@ ADDONS_ROLE_ACCESS: dict[str, re.Pattern] = {
         r"|/hassos/.+"
         r"|/homeassistant/.+"
         r"|/host/.+"
+        r"|/mounts.*"
         r"|/multicast/.+"
         r"|/network/.+"
         r"|/observer/.+"
-        r"|/os/.+"
+        r"|/os/(?!datadisk/wipe).+"
+        r"|/refresh_updates"
         r"|/resolution/.+"
-        r"|/backups.*"
+        r"|/security/.+"
         r"|/snapshots.*"
         r"|/store.*"
         r"|/supervisor/.+"
-        r"|/security/.+"
         r")$"
     ),
     ROLE_ADMIN: re.compile(
@@ -195,7 +199,7 @@ class SecurityMiddleware(CoreSysAttributes):
             CoreState.FREEZE,
         ):
             return api_return_error(
-                message=f"System is not ready with state: {self.sys_core.state.value}"
+                message=f"System is not ready with state: {self.sys_core.state}"
             )
 
         return await handler(request)
@@ -273,9 +277,8 @@ class SecurityMiddleware(CoreSysAttributes):
     @middleware
     async def core_proxy(self, request: Request, handler: RequestHandler) -> Response:
         """Validate user from Core API proxy."""
-        if (
-            request[REQUEST_FROM] != self.sys_homeassistant
-            or self.sys_homeassistant.version >= _CORE_VERSION
+        if request[REQUEST_FROM] != self.sys_homeassistant or version_is_new_enough(
+            self.sys_homeassistant.version, _CORE_VERSION
         ):
             return await handler(request)
 

supervisor/api/network.py

@@ -1,11 +1,11 @@
 """REST API for network."""
 import asyncio
 from collections.abc import Awaitable
+from dataclasses import replace
 from ipaddress import ip_address, ip_interface
 from typing import Any
 
 from aiohttp import web
-import attr
 import voluptuous as vol
 
 from ..const import (
@@ -43,8 +43,7 @@ from ..const import (
 )
 from ..coresys import CoreSysAttributes
 from ..exceptions import APIError, HostNetworkNotFound
-from ..host.const import AuthMethod, InterfaceType, WifiMode
-from ..host.network import (
+from ..host.configuration import (
     AccessPoint,
     Interface,
     InterfaceMethod,
@@ -52,6 +51,7 @@ from ..host.network import (
     VlanConfig,
     WifiConfig,
 )
+from ..host.const import AuthMethod, InterfaceType, WifiMode
 from .utils import api_process, api_validate
 
 _SCHEMA_IP_CONFIG = vol.Schema(
@@ -121,6 +121,7 @@ def interface_struct(interface: Interface) -> dict[str, Any]:
         ATTR_ENABLED: interface.enabled,
         ATTR_CONNECTED: interface.connected,
         ATTR_PRIMARY: interface.primary,
+        ATTR_MAC: interface.mac,
         ATTR_IPV4: ipconfig_struct(interface.ipv4) if interface.ipv4 else None,
         ATTR_IPV6: ipconfig_struct(interface.ipv6) if interface.ipv6 else None,
         ATTR_WIFI: wifi_struct(interface.wifi) if interface.wifi else None,
@@ -196,19 +197,19 @@ class APINetwork(CoreSysAttributes):
         # Apply config
         for key, config in body.items():
             if key == ATTR_IPV4:
-                interface.ipv4 = attr.evolve(
+                interface.ipv4 = replace(
                     interface.ipv4
                     or IpConfig(InterfaceMethod.STATIC, [], None, [], None),
                     **config,
                 )
             elif key == ATTR_IPV6:
-                interface.ipv6 = attr.evolve(
+                interface.ipv6 = replace(
                     interface.ipv6
                     or IpConfig(InterfaceMethod.STATIC, [], None, [], None),
                     **config,
                 )
             elif key == ATTR_WIFI:
-                interface.wifi = attr.evolve(
+                interface.wifi = replace(
                     interface.wifi
                     or WifiConfig(
                         WifiMode.INFRASTRUCTURE, "", AuthMethod.OPEN, None, None
@@ -276,6 +277,8 @@ class APINetwork(CoreSysAttributes):
             )
 
         vlan_interface = Interface(
+            "",
+            "",
             "",
             True,
             True,

supervisor/api/os.py

@@ -8,11 +8,15 @@ from aiohttp import web
 import voluptuous as vol
 
 from ..const import (
+    ATTR_ACTIVITY_LED,
     ATTR_BOARD,
     ATTR_BOOT,
     ATTR_DEVICES,
+    ATTR_DISK_LED,
+    ATTR_HEARTBEAT_LED,
     ATTR_ID,
     ATTR_NAME,
+    ATTR_POWER_LED,
     ATTR_SERIAL,
     ATTR_SIZE,
     ATTR_UPDATE_AVAILABLE,
@@ -27,21 +31,19 @@ from .const import (
     ATTR_DATA_DISK,
     ATTR_DEV_PATH,
     ATTR_DEVICE,
-    ATTR_DISK_LED,
     ATTR_DISKS,
-    ATTR_HEARTBEAT_LED,
     ATTR_MODEL,
-    ATTR_POWER_LED,
+    ATTR_SYSTEM_HEALTH_LED,
     ATTR_VENDOR,
 )
 from .utils import api_process, api_validate
 
 _LOGGER: logging.Logger = logging.getLogger(__name__)
 
+# pylint: disable=no-value-for-parameter
 SCHEMA_VERSION = vol.Schema({vol.Optional(ATTR_VERSION): version_tag})
 SCHEMA_DISK = vol.Schema({vol.Required(ATTR_DEVICE): str})
 
-# pylint: disable=no-value-for-parameter
 SCHEMA_YELLOW_OPTIONS = vol.Schema(
     {
         vol.Optional(ATTR_DISK_LED): vol.Boolean(),
@@ -49,6 +51,14 @@ SCHEMA_YELLOW_OPTIONS = vol.Schema(
         vol.Optional(ATTR_POWER_LED): vol.Boolean(),
     }
 )
+SCHEMA_GREEN_OPTIONS = vol.Schema(
+    {
+        vol.Optional(ATTR_ACTIVITY_LED): vol.Boolean(),
+        vol.Optional(ATTR_POWER_LED): vol.Boolean(),
+        vol.Optional(ATTR_SYSTEM_HEALTH_LED): vol.Boolean(),
+    }
+)
+# pylint: enable=no-value-for-parameter
 
 
 class APIOS(CoreSysAttributes):
@@ -86,6 +96,11 @@ class APIOS(CoreSysAttributes):
 
         await asyncio.shield(self.sys_os.datadisk.migrate_disk(body[ATTR_DEVICE]))
 
+    @api_process
+    def wipe_data(self, request: web.Request) -> Awaitable[None]:
+        """Trigger data disk wipe on Host."""
+        return asyncio.shield(self.sys_os.datadisk.wipe_disk())
+
     @api_process
     async def list_data(self, request: web.Request) -> dict[str, Any]:
         """Return possible data targets."""
@@ -105,6 +120,35 @@ class APIOS(CoreSysAttributes):
             ],
         }
 
+    @api_process
+    async def boards_green_info(self, request: web.Request) -> dict[str, Any]:
+        """Get green board settings."""
+        return {
+            ATTR_ACTIVITY_LED: self.sys_dbus.agent.board.green.activity_led,
+            ATTR_POWER_LED: self.sys_dbus.agent.board.green.power_led,
+            ATTR_SYSTEM_HEALTH_LED: self.sys_dbus.agent.board.green.user_led,
+        }
+
+    @api_process
+    async def boards_green_options(self, request: web.Request) -> None:
+        """Update green board settings."""
+        body = await api_validate(SCHEMA_GREEN_OPTIONS, request)
+
+        if ATTR_ACTIVITY_LED in body:
+            await self.sys_dbus.agent.board.green.set_activity_led(
+                body[ATTR_ACTIVITY_LED]
+            )
+
+        if ATTR_POWER_LED in body:
+            await self.sys_dbus.agent.board.green.set_power_led(body[ATTR_POWER_LED])
+
+        if ATTR_SYSTEM_HEALTH_LED in body:
+            await self.sys_dbus.agent.board.green.set_user_led(
+                body[ATTR_SYSTEM_HEALTH_LED]
+            )
+
+        self.sys_dbus.agent.board.green.save_data()
+
     @api_process
     async def boards_yellow_info(self, request: web.Request) -> dict[str, Any]:
         """Get yellow board settings."""
@@ -120,14 +164,17 @@ class APIOS(CoreSysAttributes):
         body = await api_validate(SCHEMA_YELLOW_OPTIONS, request)
 
         if ATTR_DISK_LED in body:
-            self.sys_dbus.agent.board.yellow.disk_led = body[ATTR_DISK_LED]
+            await self.sys_dbus.agent.board.yellow.set_disk_led(body[ATTR_DISK_LED])
 
         if ATTR_HEARTBEAT_LED in body:
-            self.sys_dbus.agent.board.yellow.heartbeat_led = body[ATTR_HEARTBEAT_LED]
+            await self.sys_dbus.agent.board.yellow.set_heartbeat_led(
+                body[ATTR_HEARTBEAT_LED]
+            )
 
         if ATTR_POWER_LED in body:
-            self.sys_dbus.agent.board.yellow.power_led = body[ATTR_POWER_LED]
+            await self.sys_dbus.agent.board.yellow.set_power_led(body[ATTR_POWER_LED])
 
+        self.sys_dbus.agent.board.yellow.save_data()
         self.sys_resolution.create_issue(
             IssueType.REBOOT_REQUIRED,
             ContextType.SYSTEM,

supervisor/api/panel/entrypoint.js

@@ -1 +1 @@
-!function(){function n(n){var t=document.createElement("script");t.src=n,document.body.appendChild(t)}if(/.*Version\/(?:11|12)(?:\.\d+)*.*Safari\//.test(navigator.userAgent))n("/api/hassio/app/frontend_es5/entrypoint--liD1mEGpuE.js");else try{new Function("import('/api/hassio/app/frontend_latest/entrypoint-rUOHXrRXNJA.js')")()}catch(t){n("/api/hassio/app/frontend_es5/entrypoint--liD1mEGpuE.js")}}()
+!function(){function n(n){var t=document.createElement("script");t.src=n,document.body.appendChild(t)}if(/.*Version\/(?:11|12)(?:\.\d+)*.*Safari\//.test(navigator.userAgent))n("/api/hassio/app/frontend_es5/entrypoint-5yRSddAJzJ4.js");else try{new Function("import('/api/hassio/app/frontend_latest/entrypoint-qzB1D0O4L9U.js')")()}catch(t){n("/api/hassio/app/frontend_es5/entrypoint-5yRSddAJzJ4.js")}}()

supervisor/api/panel/frontend_es5/1047-g7fFLS9eP4I.js.map

@@ -1 +1 @@
-{"version":3,"file":"1047-g7fFLS9eP4I.js","mappings":"yKAAO,IAAMA,EAAkB,SAACC,GAAE,OAAKA,EAAGD,iBAAiB,C,qLCQ9CE,G,UAAcC,EAAAA,EAAAA,GAAA,EAD1BC,EAAAA,EAAAA,IAAc,0BAAuB,SAAAC,EAAAC,GAAA,IACzBJ,EAAc,SAAAK,IAAAC,EAAAA,EAAAA,GAAAN,EAAAK,GAAA,IAAAE,GAAAC,EAAAA,EAAAA,GAAAR,GAAA,SAAAA,IAAA,IAAAS,GAAAC,EAAAA,EAAAA,GAAA,KAAAV,GAAA,QAAAW,EAAAC,UAAAC,OAAAC,EAAA,IAAAC,MAAAJ,GAAAK,EAAA,EAAAA,EAAAL,EAAAK,IAAAF,EAAAE,GAAAJ,UAAAI,GAAA,OAAAP,EAAAF,EAAAU,KAAAC,MAAAX,EAAA,OAAAY,OAAAL,IAAAX,GAAAiB,EAAAA,EAAAA,GAAAX,IAAAA,CAAA,QAAAY,EAAAA,EAAAA,GAAArB,EAAA,EAAAI,GAAA,OAAAkB,EAAdtB,EAAcuB,EAAA,EAAAC,KAAA,QAAAC,WAAA,EACxBC,EAAAA,EAAAA,IAAS,CAAEC,WAAW,KAAQC,IAAA,OAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAE9BC,EAAAA,EAAAA,IAAS,CAAEC,WAAW,KAAQC,IAAA,WAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAE9BC,EAAAA,EAAAA,IAAS,CAAEC,WAAW,KAAQC,IAAA,QAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAE9BC,EAAAA,EAAAA,OAAUE,IAAA,QAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAEVC,EAAAA,EAAAA,OAAUE,IAAA,SAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAEVC,EAAAA,EAAAA,IAAS,CAAEI,KAAMC,WAAUH,IAAA,WAAAC,MAAA,kBAAmB,CAAK,IAAAL,KAAA,QAAAC,WAAA,EAEnDC,EAAAA,EAAAA,IAAS,CAAEI,KAAMC,WAAUH,IAAA,WAAAC,MAAA,kBAAmB,CAAI,IAAAL,KAAA,SAAAI,IAAA,SAAAC,MAEnD,WAAmB,IAAAG,EACjB,OAAOC,EAAAA,EAAAA,IAAIC,IAAAA,GAAAC,EAAAA,EAAAA,GAAA,wIAEEC,KAAKC,MACJD,KAAKE,OACPF,KAAKP,MACDO,KAAKG,SACLH,KAAKI,SACkB,QADVR,EACZI,KAAKK,SAASC,gBAAQ,IAAAV,OAAA,EAAtBA,EAAwBW,WAG3C,IAAC,GA1BiCC,EAAAA,I","sources":["https://raw.githubusercontent.com/home-assistant/frontend/20230608.0/src/common/dom/stop_propagation.ts","https://raw.githubusercontent.com/home-assistant/frontend/20230608.0/src/components/ha-selector/ha-selector-duration.ts"],"names":["stopPropagation","ev","HaTimeDuration","_decorate","customElement","_initialize","_LitElement","_LitElement2","_inherits","_super","_createSuper","_this","_classCallCheck","_len","arguments","length","args","Array","_key","call","apply","concat","_assertThisInitialized","_createClass","F","d","kind","decorators","property","attribute","key","value","type","Boolean","_this$selector$durati","html","_templateObject","_taggedTemplateLiteral","this","label","helper","disabled","required","selector","duration","enable_day","LitElement"],"sourceRoot":""}
+{"version":3,"file":"1047-g7fFLS9eP4I.js","mappings":"yKAAO,IAAMA,EAAkB,SAACC,GAAE,OAAKA,EAAGD,iBAAiB,C,qLCQ9CE,G,UAAcC,EAAAA,EAAAA,GAAA,EAD1BC,EAAAA,EAAAA,IAAc,0BAAuB,SAAAC,EAAAC,GAAA,IACzBJ,EAAc,SAAAK,IAAAC,EAAAA,EAAAA,GAAAN,EAAAK,GAAA,IAAAE,GAAAC,EAAAA,EAAAA,GAAAR,GAAA,SAAAA,IAAA,IAAAS,GAAAC,EAAAA,EAAAA,GAAA,KAAAV,GAAA,QAAAW,EAAAC,UAAAC,OAAAC,EAAA,IAAAC,MAAAJ,GAAAK,EAAA,EAAAA,EAAAL,EAAAK,IAAAF,EAAAE,GAAAJ,UAAAI,GAAA,OAAAP,EAAAF,EAAAU,KAAAC,MAAAX,EAAA,OAAAY,OAAAL,IAAAX,GAAAiB,EAAAA,EAAAA,GAAAX,IAAAA,CAAA,QAAAY,EAAAA,EAAAA,GAAArB,EAAA,EAAAI,GAAA,OAAAkB,EAAdtB,EAAcuB,EAAA,EAAAC,KAAA,QAAAC,WAAA,EACxBC,EAAAA,EAAAA,IAAS,CAAEC,WAAW,KAAQC,IAAA,OAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAE9BC,EAAAA,EAAAA,IAAS,CAAEC,WAAW,KAAQC,IAAA,WAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAE9BC,EAAAA,EAAAA,IAAS,CAAEC,WAAW,KAAQC,IAAA,QAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAE9BC,EAAAA,EAAAA,OAAUE,IAAA,QAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAEVC,EAAAA,EAAAA,OAAUE,IAAA,SAAAC,WAAA,IAAAL,KAAA,QAAAC,WAAA,EAEVC,EAAAA,EAAAA,IAAS,CAAEI,KAAMC,WAAUH,IAAA,WAAAC,MAAA,kBAAmB,CAAK,IAAAL,KAAA,QAAAC,WAAA,EAEnDC,EAAAA,EAAAA,IAAS,CAAEI,KAAMC,WAAUH,IAAA,WAAAC,MAAA,kBAAmB,CAAI,IAAAL,KAAA,SAAAI,IAAA,SAAAC,MAEnD,WAAmB,IAAAG,EACjB,OAAOC,EAAAA,EAAAA,IAAIC,IAAAA,GAAAC,EAAAA,EAAAA,GAAA,wIAEEC,KAAKC,MACJD,KAAKE,OACPF,KAAKP,MACDO,KAAKG,SACLH,KAAKI,SACkB,QADVR,EACZI,KAAKK,SAASC,gBAAQ,IAAAV,OAAA,EAAtBA,EAAwBW,WAG3C,IAAC,GA1BiCC,EAAAA,I","sources":["https://raw.githubusercontent.com/home-assistant/frontend/20230703.0/src/common/dom/stop_propagation.ts","https://raw.githubusercontent.com/home-assistant/frontend/20230703.0/src/components/ha-selector/ha-selector-duration.ts"],"names":["stopPropagation","ev","HaTimeDuration","_decorate","customElement","_initialize","_LitElement","_LitElement2","_inherits","_super","_createSuper","_this","_classCallCheck","_len","arguments","length","args","Array","_key","call","apply","concat","_assertThisInitialized","_createClass","F","d","kind","decorators","property","attribute","key","value","type","Boolean","_this$selector$durati","html","_templateObject","_taggedTemplateLiteral","this","label","helper","disabled","required","selector","duration","enable_day","LitElement"],"sourceRoot":""}

supervisor/api/panel/frontend_es5/1402-6WKUruvoXtM.js

@@ -0,0 +1,2 @@
+!function(){"use strict";var n,t,e={14595:function(n,t,e){e(58556);var r,i,o=e(93217),u=e(422),a=e(62173),s=function(n,t,e){if("input"===n){if("type"===t&&"checkbox"===e||"checked"===t||"disabled"===t)return;return""}},c={renderMarkdown:function(n,t){var e,o=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{};return r||(r=Object.assign(Object.assign({},(0,a.getDefaultWhiteList)()),{},{input:["type","disabled","checked"],"ha-icon":["icon"],"ha-svg-icon":["path"],"ha-alert":["alert-type","title"]})),o.allowSvg?(i||(i=Object.assign(Object.assign({},r),{},{svg:["xmlns","height","width"],path:["transform","stroke","d"],img:["src"]})),e=i):e=r,(0,a.filterXSS)((0,u.TU)(n,t),{whiteList:e,onTagAttr:s})}};(0,o.Jj)(c)}},r={};function i(n){var t=r[n];if(void 0!==t)return t.exports;var o=r[n]={exports:{}};return e[n](o,o.exports,i),o.exports}i.m=e,i.x=function(){var n=i.O(void 0,[9191,215],(function(){return i(14595)}));return n=i.O(n)},n=[],i.O=function(t,e,r,o){if(!e){var u=1/0;for(f=0;f<n.length;f++){e=n[f][0],r=n[f][1],o=n[f][2];for(var a=!0,s=0;s<e.length;s++)(!1&o||u>=o)&&Object.keys(i.O).every((function(n){return i.O[n](e[s])}))?e.splice(s--,1):(a=!1,o<u&&(u=o));if(a){n.splice(f--,1);var c=r();void 0!==c&&(t=c)}}return t}o=o||0;for(var f=n.length;f>0&&n[f-1][2]>o;f--)n[f]=n[f-1];n[f]=[e,r,o]},i.n=function(n){var t=n&&n.__esModule?function(){return n.default}:function(){return n};return i.d(t,{a:t}),t},i.d=function(n,t){for(var e in t)i.o(t,e)&&!i.o(n,e)&&Object.defineProperty(n,e,{enumerable:!0,get:t[e]})},i.f={},i.e=function(n){return Promise.all(Object.keys(i.f).reduce((function(t,e){return i.f[e](n,t),t}),[]))},i.u=function(n){return n+"-"+{215:"FPZmDYZTPdk",9191:"37260H-osZ4"}[n]+".js"},i.o=function(n,t){return Object.prototype.hasOwnProperty.call(n,t)},i.p="/api/hassio/app/frontend_es5/",function(){var n={1402:1};i.f.i=function(t,e){n[t]||importScripts(i.p+i.u(t))};var t=self.webpackChunkhome_assistant_frontend=self.webpackChunkhome_assistant_frontend||[],e=t.push.bind(t);t.push=function(t){var r=t[0],o=t[1],u=t[2];for(var a in o)i.o(o,a)&&(i.m[a]=o[a]);for(u&&u(i);r.length;)n[r.pop()]=1;e(t)}}(),t=i.x,i.x=function(){return Promise.all([i.e(9191),i.e(215)]).then(t)};i.x()}();
+//# sourceMappingURL=1402-6WKUruvoXtM.js.map

supervisor/api/panel/frontend_es5/1402-6WKUruvoXtM.js.map

@@ -1 +1 @@
-{"version":3,"file":"1402-iZ60uWYWN9o.js","mappings":"6BAAIA,ECAAC,E,sCCMAC,EACAC,E,+BAMEC,EAAY,SAChBC,EACAC,EACAC,GAEA,GAAY,UAARF,EAAiB,CACnB,GACY,SAATC,GAA6B,aAAVC,GACX,YAATD,GACS,aAATA,EAEA,OAEF,MAAO,EACT,CAEF,EA0CME,EAAM,CACVC,eAzCqB,SACrBC,EACAC,GAKW,IAWPC,EAfJC,EAGCC,UAAAC,OAAA,QAAAC,IAAAF,UAAA,GAAAA,UAAA,GAAG,CAAC,EA4BL,OA1BKZ,IACHA,EAAee,OAAAC,OAAAD,OAAAC,OAAA,IACVC,EAAAA,EAAAA,wBAAqB,IACxBC,MAAO,CAAC,OAAQ,WAAY,WAC5B,UAAW,CAAC,QACZ,cAAe,CAAC,QAChB,WAAY,CAAC,aAAc,YAM3BP,EAAYQ,UACTlB,IACHA,EAAYc,OAAAC,OAAAD,OAAAC,OAAA,GACPhB,GAAe,IAClBoB,IAAK,CAAC,QAAS,SAAU,SACzBC,KAAM,CAAC,YAAa,SAAU,KAC9BC,IAAK,CAAC,UAGVZ,EAAYT,GAEZS,EAAYV,GAGPuB,EAAAA,EAAAA,YAAUC,EAAAA,EAAAA,IAAOhB,EAASC,GAAgB,CAC/CC,UAAAA,EACAR,UAAAA,GAEJ,IAQAuB,EAAAA,EAAAA,IAAOnB,E,GC5EHoB,EAA2B,CAAC,EAGhC,SAASC,EAAoBC,GAE5B,IAAIC,EAAeH,EAAyBE,GAC5C,QAAqBd,IAAjBe,EACH,OAAOA,EAAaC,QAGrB,IAAIC,EAASL,EAAyBE,GAAY,CAGjDE,QAAS,CAAC,GAOX,OAHAE,EAAoBJ,GAAUG,EAAQA,EAAOD,QAASH,GAG/CI,EAAOD,OACf,CAGAH,EAAoBM,EAAID,EAGxBL,EAAoBO,EAAI,WAGvB,IAAIC,EAAsBR,EAAoBS,OAAEtB,EAAW,CAAC,KAAK,MAAM,WAAa,OAAOa,EAAoB,MAAQ,IAEvH,OADAQ,EAAsBR,EAAoBS,EAAED,EAE7C,EHlCIrC,EAAW,GACf6B,EAAoBS,EAAI,SAASC,EAAQC,EAAUC,EAAIC,GACtD,IAAGF,EAAH,CAMA,IAAIG,EAAeC,IACnB,IAASC,EAAI,EAAGA,EAAI7C,EAASe,OAAQ8B,IAAK,CACrCL,EAAWxC,EAAS6C,GAAG,GACvBJ,EAAKzC,EAAS6C,GAAG,GACjBH,EAAW1C,EAAS6C,GAAG,GAE3B,IAJA,IAGIC,GAAY,EACPC,EAAI,EAAGA,EAAIP,EAASzB,OAAQgC,MACpB,EAAXL,GAAsBC,GAAgBD,IAAazB,OAAO+B,KAAKnB,EAAoBS,GAAGW,OAAM,SAASC,GAAO,OAAOrB,EAAoBS,EAAEY,GAAKV,EAASO,GAAK,IAChKP,EAASW,OAAOJ,IAAK,IAErBD,GAAY,EACTJ,EAAWC,IAAcA,EAAeD,IAG7C,GAAGI,EAAW,CACb9C,EAASmD,OAAON,IAAK,GACrB,IAAIO,EAAIX,SACEzB,IAANoC,IAAiBb,EAASa,EAC/B,CACD,CACA,OAAOb,CArBP,CAJCG,EAAWA,GAAY,EACvB,IAAI,IAAIG,EAAI7C,EAASe,OAAQ8B,EAAI,GAAK7C,EAAS6C,EAAI,GAAG,GAAKH,EAAUG,IAAK7C,EAAS6C,GAAK7C,EAAS6C,EAAI,GACrG7C,EAAS6C,GAAK,CAACL,EAAUC,EAAIC,EAwB/B,EI5BAb,EAAoBwB,EAAI,SAASpB,GAChC,IAAIqB,EAASrB,GAAUA,EAAOsB,WAC7B,WAAa,OAAOtB,EAAgB,OAAG,EACvC,WAAa,OAAOA,CAAQ,EAE7B,OADAJ,EAAoB2B,EAAEF,EAAQ,CAAEG,EAAGH,IAC5BA,CACR,ECNAzB,EAAoB2B,EAAI,SAASxB,EAAS0B,GACzC,IAAI,IAAIR,KAAOQ,EACX7B,EAAoB8B,EAAED,EAAYR,KAASrB,EAAoB8B,EAAE3B,EAASkB,IAC5EjC,OAAO2C,eAAe5B,EAASkB,EAAK,CAAEW,YAAY,EAAMC,IAAKJ,EAAWR,IAG3E,ECPArB,EAAoBkC,EAAI,CAAC,EAGzBlC,EAAoBmC,EAAI,SAASC,GAChC,OAAOC,QAAQC,IAAIlD,OAAO+B,KAAKnB,EAAoBkC,GAAGK,QAAO,SAASC,EAAUnB,GAE/E,OADArB,EAAoBkC,EAAEb,GAAKe,EAASI,GAC7BA,CACR,GAAG,IACJ,ECPAxC,EAAoByC,EAAI,SAASL,GAEhC,OAAYA,EAAU,IAAM,CAAC,IAAM,cAAc,KAAO,eAAeA,GAAW,KACnF,ECJApC,EAAoB8B,EAAI,SAASY,EAAKC,GAAQ,OAAOvD,OAAOwD,UAAUC,eAAeC,KAAKJ,EAAKC,EAAO,ECAtG3C,EAAoB+C,EAAI,gC,WCIxB,IAAIC,EAAkB,CACrB,KAAM,GAkBPhD,EAAoBkC,EAAElB,EAAI,SAASoB,EAASI,GAEvCQ,EAAgBZ,IAElBa,cAAcjD,EAAoB+C,EAAI/C,EAAoByC,EAAEL,GAG/D,EAEA,IAAIc,EAAqBC,KAA0C,oCAAIA,KAA0C,qCAAK,GAClHC,EAA6BF,EAAmBG,KAAKC,KAAKJ,GAC9DA,EAAmBG,KAzBA,SAASE,GAC3B,IAAI5C,EAAW4C,EAAK,GAChBC,EAAcD,EAAK,GACnBE,EAAUF,EAAK,GACnB,IAAI,IAAItD,KAAYuD,EAChBxD,EAAoB8B,EAAE0B,EAAavD,KACrCD,EAAoBM,EAAEL,GAAYuD,EAAYvD,IAIhD,IADGwD,GAASA,EAAQzD,GACdW,EAASzB,QACd8D,EAAgBrC,EAAS+C,OAAS,EACnCN,EAA2BG,EAC5B,C,ITtBInF,EAAO4B,EAAoBO,EAC/BP,EAAoBO,EAAI,WACvB,OAAO8B,QAAQC,IAAI,CAClBtC,EAAoBmC,EAAE,MACtBnC,EAAoBmC,EAAE,OACpBwB,KAAKvF,EACT,EUL0B4B,EAAoBO,G","sources":["no-source/webpack/runtime/chunk loaded","no-source/webpack/runtime/startup chunk dependencies","https://raw.githubusercontent.com/home-assistant/frontend/20230608.0/src/resources/markdown-worker.ts","no-source/webpack/bootstrap","no-source/webpack/runtime/compat get default export","no-source/webpack/runtime/define property getters","no-source/webpack/runtime/ensure chunk","no-source/webpack/runtime/get javascript chunk filename","no-source/webpack/runtime/hasOwnProperty shorthand","no-source/webpack/runtime/publicPath","no-source/webpack/runtime/importScripts chunk loading","no-source/webpack/startup"],"names":["deferred","next","whiteListNormal","whiteListSvg","onTagAttr","tag","name","value","api","renderMarkdown","content","markedOptions","whiteList","hassOptions","arguments","length","undefined","Object","assign","getDefaultWhiteList","input","allowSvg","svg","path","img","filterXSS","marked","expose","__webpack_module_cache__","__webpack_require__","moduleId","cachedModule","exports","module","__webpack_modules__","m","x","__webpack_exports__","O","result","chunkIds","fn","priority","notFulfilled","Infinity","i","fulfilled","j","keys","every","key","splice","r","n","getter","__esModule","d","a","definition","o","defineProperty","enumerable","get","f","e","chunkId","Promise","all","reduce","promises","u","obj","prop","prototype","hasOwnProperty","call","p","installedChunks","importScripts","chunkLoadingGlobal","self","parentChunkLoadingFunction","push","bind","data","moreModules","runtime","pop","then"],"sourceRoot":""}
+{"version":3,"file":"1402-6WKUruvoXtM.js","mappings":"6BAAIA,ECAAC,E,sCCMAC,EACAC,E,+BAMEC,EAAY,SAChBC,EACAC,EACAC,GAEA,GAAY,UAARF,EAAiB,CACnB,GACY,SAATC,GAA6B,aAAVC,GACX,YAATD,GACS,aAATA,EAEA,OAEF,MAAO,EACT,CAEF,EA0CME,EAAM,CACVC,eAzCqB,SACrBC,EACAC,GAKW,IAWPC,EAfJC,EAGCC,UAAAC,OAAA,QAAAC,IAAAF,UAAA,GAAAA,UAAA,GAAG,CAAC,EA4BL,OA1BKZ,IACHA,EAAee,OAAAC,OAAAD,OAAAC,OAAA,IACVC,EAAAA,EAAAA,wBAAqB,IACxBC,MAAO,CAAC,OAAQ,WAAY,WAC5B,UAAW,CAAC,QACZ,cAAe,CAAC,QAChB,WAAY,CAAC,aAAc,YAM3BP,EAAYQ,UACTlB,IACHA,EAAYc,OAAAC,OAAAD,OAAAC,OAAA,GACPhB,GAAe,IAClBoB,IAAK,CAAC,QAAS,SAAU,SACzBC,KAAM,CAAC,YAAa,SAAU,KAC9BC,IAAK,CAAC,UAGVZ,EAAYT,GAEZS,EAAYV,GAGPuB,EAAAA,EAAAA,YAAUC,EAAAA,EAAAA,IAAOhB,EAASC,GAAgB,CAC/CC,UAAAA,EACAR,UAAAA,GAEJ,IAQAuB,EAAAA,EAAAA,IAAOnB,E,GC5EHoB,EAA2B,CAAC,EAGhC,SAASC,EAAoBC,GAE5B,IAAIC,EAAeH,EAAyBE,GAC5C,QAAqBd,IAAjBe,EACH,OAAOA,EAAaC,QAGrB,IAAIC,EAASL,EAAyBE,GAAY,CAGjDE,QAAS,CAAC,GAOX,OAHAE,EAAoBJ,GAAUG,EAAQA,EAAOD,QAASH,GAG/CI,EAAOD,OACf,CAGAH,EAAoBM,EAAID,EAGxBL,EAAoBO,EAAI,WAGvB,IAAIC,EAAsBR,EAAoBS,OAAEtB,EAAW,CAAC,KAAK,MAAM,WAAa,OAAOa,EAAoB,MAAQ,IAEvH,OADAQ,EAAsBR,EAAoBS,EAAED,EAE7C,EHlCIrC,EAAW,GACf6B,EAAoBS,EAAI,SAASC,EAAQC,EAAUC,EAAIC,GACtD,IAAGF,EAAH,CAMA,IAAIG,EAAeC,IACnB,IAASC,EAAI,EAAGA,EAAI7C,EAASe,OAAQ8B,IAAK,CACrCL,EAAWxC,EAAS6C,GAAG,GACvBJ,EAAKzC,EAAS6C,GAAG,GACjBH,EAAW1C,EAAS6C,GAAG,GAE3B,IAJA,IAGIC,GAAY,EACPC,EAAI,EAAGA,EAAIP,EAASzB,OAAQgC,MACpB,EAAXL,GAAsBC,GAAgBD,IAAazB,OAAO+B,KAAKnB,EAAoBS,GAAGW,OAAM,SAASC,GAAO,OAAOrB,EAAoBS,EAAEY,GAAKV,EAASO,GAAK,IAChKP,EAASW,OAAOJ,IAAK,IAErBD,GAAY,EACTJ,EAAWC,IAAcA,EAAeD,IAG7C,GAAGI,EAAW,CACb9C,EAASmD,OAAON,IAAK,GACrB,IAAIO,EAAIX,SACEzB,IAANoC,IAAiBb,EAASa,EAC/B,CACD,CACA,OAAOb,CArBP,CAJCG,EAAWA,GAAY,EACvB,IAAI,IAAIG,EAAI7C,EAASe,OAAQ8B,EAAI,GAAK7C,EAAS6C,EAAI,GAAG,GAAKH,EAAUG,IAAK7C,EAAS6C,GAAK7C,EAAS6C,EAAI,GACrG7C,EAAS6C,GAAK,CAACL,EAAUC,EAAIC,EAwB/B,EI5BAb,EAAoBwB,EAAI,SAASpB,GAChC,IAAIqB,EAASrB,GAAUA,EAAOsB,WAC7B,WAAa,OAAOtB,EAAgB,OAAG,EACvC,WAAa,OAAOA,CAAQ,EAE7B,OADAJ,EAAoB2B,EAAEF,EAAQ,CAAEG,EAAGH,IAC5BA,CACR,ECNAzB,EAAoB2B,EAAI,SAASxB,EAAS0B,GACzC,IAAI,IAAIR,KAAOQ,EACX7B,EAAoB8B,EAAED,EAAYR,KAASrB,EAAoB8B,EAAE3B,EAASkB,IAC5EjC,OAAO2C,eAAe5B,EAASkB,EAAK,CAAEW,YAAY,EAAMC,IAAKJ,EAAWR,IAG3E,ECPArB,EAAoBkC,EAAI,CAAC,EAGzBlC,EAAoBmC,EAAI,SAASC,GAChC,OAAOC,QAAQC,IAAIlD,OAAO+B,KAAKnB,EAAoBkC,GAAGK,QAAO,SAASC,EAAUnB,GAE/E,OADArB,EAAoBkC,EAAEb,GAAKe,EAASI,GAC7BA,CACR,GAAG,IACJ,ECPAxC,EAAoByC,EAAI,SAASL,GAEhC,OAAYA,EAAU,IAAM,CAAC,IAAM,cAAc,KAAO,eAAeA,GAAW,KACnF,ECJApC,EAAoB8B,EAAI,SAASY,EAAKC,GAAQ,OAAOvD,OAAOwD,UAAUC,eAAeC,KAAKJ,EAAKC,EAAO,ECAtG3C,EAAoB+C,EAAI,gC,WCIxB,IAAIC,EAAkB,CACrB,KAAM,GAkBPhD,EAAoBkC,EAAElB,EAAI,SAASoB,EAASI,GAEvCQ,EAAgBZ,IAElBa,cAAcjD,EAAoB+C,EAAI/C,EAAoByC,EAAEL,GAG/D,EAEA,IAAIc,EAAqBC,KAA0C,oCAAIA,KAA0C,qCAAK,GAClHC,EAA6BF,EAAmBG,KAAKC,KAAKJ,GAC9DA,EAAmBG,KAzBA,SAASE,GAC3B,IAAI5C,EAAW4C,EAAK,GAChBC,EAAcD,EAAK,GACnBE,EAAUF,EAAK,GACnB,IAAI,IAAItD,KAAYuD,EAChBxD,EAAoB8B,EAAE0B,EAAavD,KACrCD,EAAoBM,EAAEL,GAAYuD,EAAYvD,IAIhD,IADGwD,GAASA,EAAQzD,GACdW,EAASzB,QACd8D,EAAgBrC,EAAS+C,OAAS,EACnCN,EAA2BG,EAC5B,C,ITtBInF,EAAO4B,EAAoBO,EAC/BP,EAAoBO,EAAI,WACvB,OAAO8B,QAAQC,IAAI,CAClBtC,EAAoBmC,EAAE,MACtBnC,EAAoBmC,EAAE,OACpBwB,KAAKvF,EACT,EUL0B4B,EAAoBO,G","sources":["no-source/webpack/runtime/chunk loaded","no-source/webpack/runtime/startup chunk dependencies","https://raw.githubusercontent.com/home-assistant/frontend/20230703.0/src/resources/markdown-worker.ts","no-source/webpack/bootstrap","no-source/webpack/runtime/compat get default export","no-source/webpack/runtime/define property getters","no-source/webpack/runtime/ensure chunk","no-source/webpack/runtime/get javascript chunk filename","no-source/webpack/runtime/hasOwnProperty shorthand","no-source/webpack/runtime/publicPath","no-source/webpack/runtime/importScripts chunk loading","no-source/webpack/startup"],"names":["deferred","next","whiteListNormal","whiteListSvg","onTagAttr","tag","name","value","api","renderMarkdown","content","markedOptions","whiteList","hassOptions","arguments","length","undefined","Object","assign","getDefaultWhiteList","input","allowSvg","svg","path","img","filterXSS","marked","expose","__webpack_module_cache__","__webpack_require__","moduleId","cachedModule","exports","module","__webpack_modules__","m","x","__webpack_exports__","O","result","chunkIds","fn","priority","notFulfilled","Infinity","i","fulfilled","j","keys","every","key","splice","r","n","getter","__esModule","d","a","definition","o","defineProperty","enumerable","get","f","e","chunkId","Promise","all","reduce","promises","u","obj","prop","prototype","hasOwnProperty","call","p","installedChunks","importScripts","chunkLoadingGlobal","self","parentChunkLoadingFunction","push","bind","data","moreModules","runtime","pop","then"],"sourceRoot":""}

supervisor/api/panel/frontend_es5/1402-iZ60uWYWN9o.js

@@ -1,2 +0,0 @@
-!function(){"use strict";var t,n,e={14595:function(t,n,e){e(58556);var r,i,o=e(93217),u=e(422),a=e(62173),c=function(t,n,e){if("input"===t){if("type"===n&&"checkbox"===e||"checked"===n||"disabled"===n)return;return""}},s={renderMarkdown:function(t,n){var e,o=arguments.length>2&&void 0!==arguments[2]?arguments[2]:{};return r||(r=Object.assign(Object.assign({},(0,a.getDefaultWhiteList)()),{},{input:["type","disabled","checked"],"ha-icon":["icon"],"ha-svg-icon":["path"],"ha-alert":["alert-type","title"]})),o.allowSvg?(i||(i=Object.assign(Object.assign({},r),{},{svg:["xmlns","height","width"],path:["transform","stroke","d"],img:["src"]})),e=i):e=r,(0,a.filterXSS)((0,u.TU)(t,n),{whiteList:e,onTagAttr:c})}};(0,o.Jj)(s)}},r={};function i(t){var n=r[t];if(void 0!==n)return n.exports;var o=r[t]={exports:{}};return e[t](o,o.exports,i),o.exports}i.m=e,i.x=function(){var t=i.O(void 0,[9191,215],(function(){return i(14595)}));return t=i.O(t)},t=[],i.O=function(n,e,r,o){if(!e){var u=1/0;for(f=0;f<t.length;f++){e=t[f][0],r=t[f][1],o=t[f][2];for(var a=!0,c=0;c<e.length;c++)(!1&o||u>=o)&&Object.keys(i.O).every((function(t){return i.O[t](e[c])}))?e.splice(c--,1):(a=!1,o<u&&(u=o));if(a){t.splice(f--,1);var s=r();void 0!==s&&(n=s)}}return n}o=o||0;for(var f=t.length;f>0&&t[f-1][2]>o;f--)t[f]=t[f-1];t[f]=[e,r,o]},i.n=function(t){var n=t&&t.__esModule?function(){return t.default}:function(){return t};return i.d(n,{a:n}),n},i.d=function(t,n){for(var e in n)i.o(n,e)&&!i.o(t,e)&&Object.defineProperty(t,e,{enumerable:!0,get:n[e]})},i.f={},i.e=function(t){return Promise.all(Object.keys(i.f).reduce((function(n,e){return i.f[e](t,n),n}),[]))},i.u=function(t){return t+"-"+{215:"FPZmDYZTPdk",9191:"37260H-osZ4"}[t]+".js"},i.o=function(t,n){return Object.prototype.hasOwnProperty.call(t,n)},i.p="/api/hassio/app/frontend_es5/",function(){var t={1402:1};i.f.i=function(n,e){t[n]||importScripts(i.p+i.u(n))};var n=self.webpackChunkhome_assistant_frontend=self.webpackChunkhome_assistant_frontend||[],e=n.push.bind(n);n.push=function(n){var r=n[0],o=n[1],u=n[2];for(var a in o)i.o(o,a)&&(i.m[a]=o[a]);for(u&&u(i);r.length;)t[r.pop()]=1;e(n)}}(),n=i.x,i.x=function(){return Promise.all([i.e(9191),i.e(215)]).then(n)};i.x()}();
-//# sourceMappingURL=1402-iZ60uWYWN9o.js.map