Release v20.12 to unstable

-----BEGIN PGP SIGNATURE-----
 
 iQIzBAABCgAdFiEE5xPDY9ZyWnWupXSBQ+oc/wqnxfIFAl76kcQACgkQQ+oc/wqn
 xfJ8KBAAqcaEO3tV84OJ2te5Varbi/N0ojiiXMmrhBxY8Xy0naajE/gRouZfY/J9
 bpzxBlSTex1JY4I6BYUMDeSkWsyGPMFfKSl3UJ96J5V4/yZkZ5AepuOSlwMvp705
 ZyatEM9872ylpO/gXamltEyjqDE1G/538bNq8Mhh2rCTCXAaTGmPFHsc/6Up3+Oc
 6BSKfX3KeKQMBXaRz3putU3Kep8f6OZEO4qSPqU5dvgSoPQSA8rzrfe7fvRyiAfV
 WPEourSz1yN1tw/n8nwWSFqO8cq0vsC2l716wHX3mCYwHFRJt4rKfBwv9LhZPlHI
 NTmkhtQHfbR26QecbCaTWqDLBeDYa0mmrOOagA9P3CP/WSMX1BxpGSG55B/WsNTK
 HhncoDTFHR3CU24f6NM3zwup9RAfdyNfatfNa8s4XW3N++HutW1BRC27gG3F/BkQ
 dd0YAtGK1mCLgqSFI/QuWkwPmaJqPACu0wQgA+aw2ZzYYRphVUJC2nNNMrDcuyl+
 W8+WywkR+Fread3FnG8u8LGE8bFPWhI4+q3yp8a10tccON/i8Wx5oELNm4M1Su5X
 WQuNbRWEbFAafKKXIaP/eE0X1NHEWzu8zeitKiGjEWiwiukUEtYZVwsfaBrWf3vV
 Ms+PNEAgEnP93nuSB60bRvoGpJRiLyNN0otVIvVq+xsJ0I4YPeA=
 =clcr
 -----END PGP SIGNATURE-----
gpgsig -----BEGIN PGP SIGNATURE-----
 
 iQJKBAABCgA0FiEEfWrbdQ+RCFWJSEvmd8DHXntlCAgFAl792kgWHGp2YWxsZXJv
 eUBtYWlsYm94Lm9yZwAKCRB3wMdee2UICEUPEADBuS+NldPwel2RETC5znM+pbRO
 iA1YlytqRDGOlyKXhCmt7RLJk5FV9jDMy0FW0LV/VT8aSbhq1Kwrh9tiad22MmwS
 jhggN3TUNWpjwjHNt8DCc3bwQjOWuSL9Hd9wcMHtzGvaCcy/FjA5lahSe4yiyCzB
 Vb3BbXb8LB4+ri+izYFzf3vvVR7ta3GR7WfFeXs6ol7/N8TshQj00lUsl3kRZ/LH
 2jvRMjh/beAenpatLP9cOE5kNYAEt5BfOa0wQ8RM6c2Ywh4uvdiHuqPMieFLVSLD
 mm8bSU3V5J7QgDUMRR++f8DVRl+TFLNH7TZGvXQRetjIEaWavROdGTIs+GD1svpz
 YyO1GWlvPeqtoyo/ODB69z7hs8uMABdH9MFv9f2awVZI+LCtQvyY7oVpmf2qMC5n
 MYJHzFE2Evm85oCpA37GlFseMvrSCj1ZQwlq3Pk7aDAfxiQddgc69uWNhtCvw22b
 xrZ8WmxsQxlGrP88RVkgqVu/vQ98SIrNzI+tV3HBgMhhupNmjcwdOxUhzdYGrrph
 2r00AZMKmK+Kd9P+1kzQJr6vxIoJ8PAsI8AUzQ/q17slwuMZ+BoNNb9xXLJwdUxA
 mlcEIYlIYJ5A6uwWIjTPrfzv5o/e3qjo/Mu94CB6MXRSO7VZ/qwgh8/CjQ+ZGqPf
 4Qcv+HrsTkAOqh1zwQ==
 =wN2z
 -----END PGP SIGNATURE-----

Merge tag 'v20.12' into debian/buster-backports

Release v20.12 to unstable

Signed-off-by: James Valleroy <jvalleroy@mailbox.org>

.gitignore

@@ -1,12 +1,6 @@
 *.pyc
 *.py.bak
 *.tiny.css
-data/var/log/plinth/*.log
-data/var/lib/plinth/django-secret.key
-data/var/lib/plinth/*.sqlite3
-data/var/lib/plinth/sessions/*
-data/var/lib/plinth/.ssh/
-data/var/run/*.pid
 doc/manual/*/*.pdf
 doc/manual/*/*.html
 doc/manual/*/*.xml

INSTALL.md

@@ -16,7 +16,7 @@ FreedomBox [Manual](https://wiki.debian.org/FreedomBox/Manual/)'s
     ```
 
     ```
-    $ sudo apt install -y $(./run --list-dependencies)
+    $ sudo apt install -y $(./run --develop --list-dependencies)
     ```
 
     Install additional dependencies by picking the list from debian/control file

Vagrantfile

@@ -32,7 +32,7 @@ Vagrant.configure(2) do |config|
     apt-get update
     # In case new dependencies conflict with old dependencies
     apt-mark hold freedombox
-    DEBIAN_FRONTEND=noninteractive apt-get install --no-upgrade -y $(plinth --list-dependencies)
+    DEBIAN_FRONTEND=noninteractive apt-get install --no-upgrade -y $(sudo -u plinth ./run --develop --list-dependencies)
     apt-mark unhold freedombox
     # Install ncurses-term
     DEBIAN_FRONTEND=noninteractive apt-get install -y ncurses-term

actions/packages

@@ -19,6 +19,7 @@ import apt.cache
 import apt_inst
 import apt_pkg
 from plinth import cfg
+from plinth.action_utils import run_apt_command
 
 LOCK_FILE = '/var/lib/dpkg/lock'
 
@@ -68,29 +69,9 @@ def _apt_hold():
             subprocess.run(['apt-mark', 'unhold', 'freedombox'], check=True)
 
 
-def _run_apt_command(arguments):
-    """Run apt-get with provided arguments."""
-    # Ask apt-get to output its progress to file descriptor 3.
-    command = [
-        'apt-get', '--assume-yes', '--quiet=2', '--option', 'APT::Status-Fd=3'
-    ] + arguments
-
-    # Duplicate stdout to file descriptor 3 for this process.
-    os.dup2(1, 3)
-
-    # Pass on file descriptor 3 instead of closing it.  Close stdout
-    # so that regular output is ignored.
-    env = os.environ.copy()
-    env['DEBIAN_FRONTEND'] = 'noninteractive'
-    process = subprocess.run(command, stdin=subprocess.DEVNULL,
-                             stdout=subprocess.DEVNULL, close_fds=False,
-                             env=env)
-    return process.returncode
-
-
 def subcommand_update(arguments):
     """Update apt package lists."""
-    sys.exit(_run_apt_command(['update']))
+    sys.exit(run_apt_command(['update']))
 
 
 def subcommand_install(arguments):
@@ -113,9 +94,11 @@ def subcommand_install(arguments):
     elif arguments.force_configuration == 'new':
         extra_arguments += ['-o', 'Dpkg::Options::=--force-confnew']
 
+    subprocess.run(['dpkg', '--configure', '-a'])
     with _apt_hold():
-        returncode = _run_apt_command(['install'] + extra_arguments +
-                                      arguments.packages)
+        run_apt_command(['--fix-broken', 'install'])
+        returncode = run_apt_command(['install'] + extra_arguments +
+                                     arguments.packages)
 
     sys.exit(returncode)
 

actions/storage

@@ -259,8 +259,12 @@ def subcommand_mount(arguments):
 def subcommand_eject(arguments):
     """Eject a device by its path."""
     device_path = arguments.device
-    drive = eject_drive_of_device(device_path)
-    print(json.dumps(drive))
+    try:
+        drive = eject_drive_of_device(device_path)
+        print(json.dumps(drive))
+    except Exception as exception:
+        print(exception, file=sys.stderr)
+        sys.exit(1)
 
 
 def _get_options():
@@ -277,6 +281,7 @@ def eject_drive_of_device(device_path):
     Return the details (model, vendor) of drives ejected.
     """
     udisks = utils.import_from_gi('UDisks', '2.0')
+    glib = utils.import_from_gi('GLib', '2.0')
     client = udisks.Client.new_sync()
     object_manager = client.get_object_manager()
 
@@ -303,7 +308,13 @@ def eject_drive_of_device(device_path):
     # Eject the drive
     drive = client.get_drive_for_block(block_device)
     if drive:
-        drive.call_eject_sync(_get_options(), None)
+        try:
+            drive.call_eject_sync(_get_options(), None)
+        except glib.Error:
+            # Ignore error during ejection as along as all the filesystems are
+            # unmounted, the disk can be removed.
+            pass
+
         return {
             'vendor': drive.props.vendor,
             'model': drive.props.model,

actions/upgrades

@@ -11,10 +11,12 @@ import re
 import subprocess
 import sys
 
+from plinth.action_utils import run_apt_command
 from plinth.modules.apache.components import check_url
 
 AUTO_CONF_FILE = '/etc/apt/apt.conf.d/20auto-upgrades'
 LOG_FILE = '/var/log/unattended-upgrades/unattended-upgrades.log'
+DPKG_LOG_FILE = '/var/log/unattended-upgrades/unattended-upgrades-dpkg.log'
 BUSTER_BACKPORTS_RELEASE_FILE_URL = \
     'https://deb.debian.org/debian/dists/buster-backports/Release'
 
@@ -82,6 +84,8 @@ def parse_arguments():
 
 def subcommand_run(_):
     """Run unattended-upgrades"""
+    subprocess.run(['dpkg', '--configure', '-a'])
+    run_apt_command(['--fix-broken', 'install'])
     try:
         subprocess.Popen(['systemctl', 'start', 'freedombox-manual-upgrade'],
                          stdin=subprocess.DEVNULL, stdout=subprocess.DEVNULL,
@@ -132,11 +136,19 @@ def subcommand_disable_auto(_):
 def subcommand_get_log(_):
     """Print the automatic upgrades log."""
     try:
+        print('==> ' + os.path.basename(LOG_FILE))
         with open(LOG_FILE, 'r') as file_handle:
             print(file_handle.read())
     except IOError:
         pass
 
+    try:
+        print('==> ' + os.path.basename(DPKG_LOG_FILE))
+        with open(DPKG_LOG_FILE, 'r') as file_handle:
+            print(file_handle.read())
+    except IOError:
+        pass
+
 
 def _get_protocol():
     """Return the protocol to use for newly added repository sources."""
@@ -199,6 +211,12 @@ def _check_and_backports_sources():
               'backports.')
         return
 
+    release = subprocess.check_output(['lsb_release', '--release',
+                                       '--short']).decode().strip()
+    if release in ['testing', 'unstable']:
+        print(f'System release is {release}. Skip enabling backports.')
+        return
+
     protocol = _get_protocol()
     if protocol == 'tor+http':
         print('Package download over Tor is enabled.')

conftest.py

@@ -50,12 +50,21 @@ def fixture_load_cfg():
     """Load test configuration."""
     from plinth import cfg
 
+    keys = ('file_root', 'config_dir', 'data_dir', 'custom_static_dir',
+            'store_file', 'actions_dir', 'doc_dir', 'server_dir', 'host',
+            'port', 'use_x_forwarded_for', 'use_x_forwarded_host',
+            'secure_proxy_ssl_header', 'box_name', 'develop')
+    saved_state = {}
+    for key in keys:
+        saved_state[key] = getattr(cfg, key)
+
     root_dir = pathlib.Path(__file__).resolve().parent
-    test_data_dir = root_dir / 'plinth' / 'tests' / 'data'
-    cfg_file = test_data_dir / 'etc' / 'plinth' / 'plinth.config'
-    cfg.read(str(cfg_file), str(root_dir))
+    cfg_file = root_dir / 'plinth' / 'develop.config'
+    cfg.read_file(str(cfg_file))
     yield cfg
-    cfg.read()
+
+    for key in keys:
+        setattr(cfg, key, saved_state[key])
 
 
 @pytest.fixture(name='develop_mode')
@@ -85,3 +94,29 @@ def fixture_needs_sudo():
     """Skip test if sudo command is not available."""
     if not os.path.isfile('/usr/bin/sudo'):
         pytest.skip('Needs sudo command installed.')
+
+
+@pytest.fixture(scope='session')
+def splinter_selenium_implicit_wait():
+    """Disable implicit waiting."""
+    return 0
+
+
+@pytest.fixture(scope='session')
+def splinter_wait_time():
+    """Disable explicit waiting."""
+    return 0.01
+
+
+@pytest.fixture(scope='session')
+def splinter_browser_load_condition():
+    """When a page it loaded, wait until <body> is available."""
+
+    def _load_condition(browser):
+        if browser.url == 'about:blank':
+            return True
+
+        ready_state = browser.execute_script('return document.readyState;')
+        return ready_state == 'complete'
+
+    return _load_condition

container

@@ -47,16 +47,15 @@ Shared folder: Using systemd-nspawn, the project directory is mounted as
 /freedombox inside the container. The project directory is determined as
 directory in which this script resides. The project folder from the container
 point of view will be read-only. Container should be able to write various
-files such as build files, FreedomBox sqlite3 database and session files into
-the /freedombox folder. To enable writing, an additional read-write folder is
-overlayed onto /freedombox folder in the container. This directory can't be
-created under the project folder and is created instead in
-$XDG_DATA_HOME/freedombox-container/overlay/$DISTRIBUTION. If XDG_DATA_HOME is
-not set, it is assumed to be $HOME/.local/shared/. Whenever data is written
-into /freedombox directory inside the container, this directory on the host
-receives the changes. See documentation for Overlay filesystem for further
-details. When container is destroyed, this overlay folder is destroyed to
-ensure clean state after bringing up the container again.
+files such as build files into the /freedombox folder. To enable writing, an
+additional read-write folder is overlayed onto /freedombox folder in the
+container. This directory can't be created under the project folder and is
+created instead in $XDG_DATA_HOME/freedombox-container/overlay/$DISTRIBUTION.
+If XDG_DATA_HOME is not set, it is assumed to be $HOME/.local/shared/. Whenever
+data is written into /freedombox directory inside the container, this directory
+on the host receives the changes. See documentation for Overlay filesystem for
+further details. When container is destroyed, this overlay folder is destroyed
+to ensure clean state after bringing up the container again.
 
 Users: PrivateUsers configuration flag for systemd-nspawn is currently off.
 This means that each user's UID on the host is also the same UID in the
@@ -158,9 +157,6 @@ sudo apt-mark unhold freedombox
 # Install ncurses-term
 sudo DEBIAN_FRONTEND=noninteractive apt-get install --yes ncurses-term
 
-# Remove FreedomBox database lingering in source directory to start fresh
-sudo rm -f /freedombox/data/var/lib/plinth/plinth.sqlite3
-
 echo 'alias freedombox-develop="sudo -u plinth /freedombox/run --develop"' \
   >> /home/fbx/.bashrc
 '''

data/etc/apache2/conf-available/freedombox.conf

@@ -11,6 +11,45 @@ Header set Strict-Transport-Security "max-age=31536000; includeSubDomains" env=H
 RedirectMatch "^/$" "/plinth"
 RedirectMatch "^/freedombox" "/plinth"
 
+##
+## Disable sending Referer (sic) header from FreedomBox web interface to
+## external websites. This improves privacy by not disclosing FreedomBox
+## domains/URLs to external domains. Apps such as blogs which want to popularize
+## themselves with referrer header may still do so.
+##
+## A strict Content Security Policy.
+## - @fonts are allowed only from FreedomBox itself.
+## - <frame>/<iframe> sources are disabled.
+## - <img> sources are allowed only from FreedomBox itself.
+## - Manifest file is not allowed as there is none yet.
+## - <audio>, <video>, <track> tags are not allowed yet.
+## - <object>, <embed>, <applet> tags are not allowed yet.
+## - Allow JS from FreedomBox itself (no inline and attribute scripts).
+## - Allow inline CSS and CSS files from Freedombox itself.
+## - Web worker sources are allowed only from FreedomBox itself (for JSXC).
+## - All other fetch sources including Ajax are not allowed from FreedomBox
+##   itself.
+## - <base> tag is not allowed.
+## - No plugins types are alllowed since object-src is 'none'.
+## - Form action should be to FreedomBox itself.
+## - This interface may be not embedded in <frame>, <iframe>, etc. tags.
+## - When serving HTTPS, don't allow HTTP assets.
+##
+## Enable strict sandboxing enabled with some exceptions:
+## - Allow running Javascript.
+## - Allow popups as sometimes we use <a target=_blank>
+## - Allow forms to support configuration forms.
+## -
+##
+## Disable browser guessing of MIME types. FreedoBox already sets good content
+## types for all the common file types.
+##
+<Location /plinth>
+    Header set Referrer-Policy 'same-origin'
+    Header set Content-Security-Policy "font-src 'self'; frame-src 'none'; img-src 'self'; manifest-src 'none'; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'self'; default-src 'self'; base-uri 'none'; sandbox allow-scripts allow-popups allow-forms allow-same-origin; form-action 'self'; frame-ancestors 'none'; block-all-mixed-content;"
+    Header set X-Content-Type-Options 'nosniff'
+</Location>
+
 ##
 ## Serve FreedomBox icon as /favicon.ico for apps that don't present their own
 ## icon using <link rel=''>.

data/etc/plinth/plinth.config

@@ -1,36 +0,0 @@
-[Path]
-# directory locations
-file_root = /usr/share/plinth
-config_dir = /etc/plinth
-data_dir = /var/lib/plinth
-server_dir = /plinth
-actions_dir = /usr/share/plinth/actions
-doc_dir = /usr/share/freedombox
-custom_static_dir = /var/www/plinth/custom/static
-
-# file locations
-store_file = %(data_dir)s/plinth.sqlite3
-
-[Network]
-host = 127.0.0.1
-port = 8000
-
-# Enable the following only if Plinth is behind a proxy server.  The
-# proxy server should properly clean and the following HTTP headers:
-#   X-Forwarded-For
-#   X-Forwarded-Host
-#   X-Forwarded-Proto
-# If you enable these unnecessarily, this will lead to serious security
-# problems. For more information, see
-# https://docs.djangoproject.com/en/1.7/ref/settings/
-#
-# These are enabled by default in Plinth because the default
-# configuration allows only connections from localhost
-#
-# Leave the values blank to disable
-use_x_forwarded_for = True
-use_x_forwarded_host = True
-secure_proxy_ssl_header = HTTP_X_FORWARDED_PROTO
-
-[Misc]
-box_name = FreedomBox

debian/changelog

@@ -1,3 +1,121 @@
+plinth (20.12) unstable; urgency=medium
+
+  [ Oğuz Ersen ]
+  * Translated using Weblate (Turkish)
+
+  [ Sunil Mohan Adapa ]
+  * Translated using Weblate (Telugu)
+  * transmission: tests: functional: Fix to wait properly
+  * ttrss: tests: functional: Fix to wait properly
+  * tor: tests: functional: Fix to wait properly on progress page
+  * users: tests: functional: Leave no-language as final setting
+  * mldonkey: tests: functional: Wait for frame to load properly
+  * snapshot: tests: functional: Delete all snapshots properly
+  * ejabberd: tests: functional: Fixes for no implicit waiting
+  * syncthing: tests: functional: Fix to wait properly
+  * tests: functional: Remove implicit and explicit wait times
+  * tests: functional: Allow parallel installation of apps
+  * d/control: Add python3-systemd as a dependency
+  * apache: Add ssl-cert package as dependency
+  * storage: Use DBus directly for listing disks
+  * storage: Fix regression with showing error messages
+  * storage: Use UDisks information as primary source
+  * storage: Don't show empty progress bar for disks not mounted
+  * storage: Remove rule to not automount system disks with no paritions
+  * storage: Don't auto-mount loopback devices except in develop mode
+  * storage: Allow ejecting any device not in fstab or crypttab
+  * storage: Ignore eject failures if filesystems unmounted properly
+  * backups: Remove an unnecessary print() statement
+  * Translated using Weblate (Telugu)
+  * container: Remove sqlite3 file early enough
+  * storage: Don't log exception of disk space check fails
+  * storage: Use mount info instead of disk info for free space warning
+  * notifications: Fix issue with redirection on dismiss
+  * views: Drop use of private Django utility
+  * cfg: Don't fallback to develop config if main is not found
+  * cfg: Drop the default configuration file
+  * frontpage: Read custom shortcuts from multiple locations
+  * frontpage: Drop empty custom shortcut files
+  * cfg: Allow loading multiple configuration files
+  * cfg: For develop mode, overlay on top of regular configuration
+  * context_processor: tests: Use already available config fixture
+  * cfg: Eliminate the need for 'root' directory in configuration
+  * cfg: Move /plinth.config to plinth/develop.config
+  * cfg: Rename configuration file to freedombox.config
+  * d/tests/control: Rename Plinth to FreedomBox in a comment
+  * cfg: Read configuration from .d files and multiple locations
+  * frontpage: Load shortcuts from .d directories too
+  * frontpage: Read from .d files too
+  * cfg: Remove redundant data in develop.config
+  * cfg: Remove comments in test data
+  * cfg: In develop mode, use /var/lib for DB and sessions
+  * web_framework: Split initialization into two parts
+  * web_framework: Don't create Django secret key when listing depends
+  * log: Allow setting the default log level before log configuration
+  * main: List dependencies without writing to disk
+  * d/rules: vagrant: INSTALL.md: Fix installing dependencies
+  * *: Drop files paths in data/var
+  * doc: Update manual page with configuration file changes
+  * network: test: Fix race condition when deleting connections
+  * storage: tests: Ignore cases needing loop devices when not available
+  * actions: tests: Fix test failures due order of fixtures
+  * tests: Use develop configuration for most tests
+  * templates: Disable button and show spinner on submit for all forms
+  * backups: Remove custom handling of progress on the restore button
+  * js: Simplify auto-refresh page logic
+  * jsxc: Remove inline javascript
+  * apache: Set CSP and other common security headers
+  * apache: Relax CSP to allow web workers for JSXC
+  * locale: Update translation strings
+
+  [ ferhad.necef ]
+  * Translated using Weblate (Russian)
+
+  [ Thomas Vincent ]
+  * Translated using Weblate (French)
+
+  [ Joseph Nuthalapati ]
+  * Translated using Weblate (Telugu)
+
+  [ wind ]
+  * Translated using Weblate (Russian)
+
+  [ James Valleroy ]
+  * upgrades: Combine into single page with manual update
+  * upgrades: Skip enable-auto in develop mode
+  * debian: Add nscd >= 2 as dependency
+  * upgrades: Append unattended-upgrades-dpkg.log for more detail
+  * storage: Handle multi-line text in functional test
+  * apt: Run `apt-get -f install` before other commands
+  * apt: Run `dpkg --configure -a` before other actions
+  * upgrades: Skip enabling backports on testing and unstable
+  * networks: Remove firewall zone warning
+  * networks: Correct wording of internet connection form
+
+  [ Veiko Aasa ]
+  * functional-tests: Handle connection error when web server restarts
+  * functional-tests: Skip tests if app is not available in distribution
+  * functional-tests: Fix page not fully loaded errors when taking backups
+  * functional-tests: Remove unnecessary wait when navigating to module
+
+  [ Michael Breidenbach ]
+  * Translated using Weblate (German)
+  * Translated using Weblate (Swedish)
+
+  [ Fioddor Superconcentrado ]
+  * Translated using Weblate (Spanish)
+
+  [ Pavel Borecki ]
+  * Translated using Weblate (Czech)
+
+  [ Éfrit ]
+  * Translated using Weblate (French)
+
+  [ Jens Molgaard ]
+  * Translated using Weblate (Danish)
+
+ -- Sunil Mohan Adapa <sunil@medhas.org>  Mon, 29 Jun 2020 16:39:33 -0700
+
 plinth (20.11~bpo10+1) buster-backports; urgency=medium
 
   * Rebuild for buster-backports.

debian/control

@@ -85,6 +85,8 @@ Depends:
  lsof,
  netcat-openbsd,
  network-manager,
+# Ensure that nscd is installed rather than unscd.
+ nscd (>= 2),
  ppp,
  pppoe,
  python3-apt,
@@ -104,6 +106,7 @@ Depends:
  python3-psutil,
  python3-requests,
  python3-ruamel.yaml,
+ python3-systemd,
  python3-yaml,
  sudo,
  wget,
@@ -155,8 +158,6 @@ Recommends:
  powermgmt-base,
 # fuser, pstree and other utilities
  psmisc,
-# Optional FreedomBox dependency
- python3-systemd,
 # Manage /etc/resolv.conf
  resolvconf,
 # Tool to kill WLAN, Bluetooth and moble broadband

debian/freedombox.maintscript

@@ -10,3 +10,5 @@ rm_conffile /etc/plinth/modules-enabled/udiskie 0.39.0~
 rm_conffile /etc/plinth/modules-enabled/restore 20.1~
 rm_conffile /etc/plinth/modules-enabled/repro 20.1~
 rm_conffile /etc/apt/preferences.d/50freedombox3.pref 20.5~
+rm_conffile /etc/plinth/plinth.config 20.12~
+rm_conffile /etc/plinth/custom-shortcuts.json 20.12~

debian/rules

@@ -8,7 +8,7 @@ export PYBUILD_DESTDIR=debian/tmp
 
 override_dh_auto_install-indep:
 	dh_auto_install
-	./run --list-dependencies 2> /dev/null | sort | tr '\n' ', ' | \
+	./run --develop --list-dependencies | sort | tr '\n' ', ' | \
 		sed -e 's/^/freedombox:Depends=/' >> debian/freedombox.substvars
 
 override_dh_auto_test:

debian/tests/control

@@ -3,7 +3,7 @@
 # checks that the following aspects are working okay:
 #   - Python runtime
 #   - Python library dependencies
-#   - Plinth configuration
+#   - FreedomBox configuration
 #   - Ability to create and initialize database
 #   - Module inititailzation for essential modules
 #

doc/manual/en/freedombox-manual.raw.xml

@@ -2030,6 +2030,7 @@ proto udp]]></screen>
           <para>If you use Network Manager, you can create a new connection by importing the file: </para>
           <screen><![CDATA[$ sudo apt install network-manager-openvpn-gnome
 $ sudo nmcli connection import type openvpn file /path/to/<USER>.ovpn]]></screen>
+          <para>If you get an error such as <code>configuration error: invalid 1th argument to “proto” (line 5)</code> then edit the .ovpn file and remove the line <code>proto udp6</code>. </para>
         </section>
       </section>
       <section>
@@ -6992,6 +6993,20 @@ nmcli con modify "<connection_name>" connection.zone internal]]></screen>
           <screen><![CDATA[$ ssh USERNAME@ADDRESS.onion]]></screen>
           <para>Replace USERNAME with, e.g., an <code>admin</code> username, and ADDRESS with the onion service address for your FreedomBox. </para>
         </section>
+        <section>
+          <title>SSH Over Pagekite</title>
+          <para>If in FreedomBox you are using Pagekite to expose services to the Internet, you can access your FreedomBox using SSH over Pagekite. On a GNU/Linux computer install netcat-openbsd. </para>
+          <screen><![CDATA[$ sudo apt-get install netcat-openbsd]]></screen>
+          <para>Edit ~/.ssh/config to enable connections over Pagekite. </para>
+          <screen><![CDATA[$ nano ~/.ssh/config]]></screen>
+          <para>Add the following: </para>
+          <screen><![CDATA[Host *.pagekite.me
+  CheckHostIP no
+  ProxyCommand /bin/nc -X connect -x %h:443 %h %p]]></screen>
+          <para>Now to connect to FreedomBox, open a terminal and type: </para>
+          <screen><![CDATA[$ ssh USERNAME@KITENAME.pagekite.me]]></screen>
+          <para>Replace USERNAME with, e.g., an <code>admin</code> username, and KITENAME with your kite name provided by pagekite.net as configured in FreedomBox. </para>
+        </section>
       </section>
       <section>
         <title>Becoming Superuser</title>
@@ -8282,7 +8297,7 @@ Password: <enter user password here>
     </section>
     <section>
       <title>Pioneer Edition FreedomBox</title>
-      <para>Pioneer FreedomBox Home Servers are produced and sold by Olimex, a company which specializes in Open Source Hardware (OSHW). The kit includes pocket-sized server hardware, an SD card with the operating system pre-installed, and a backup battery which can power the hardware for 4-5 hours in case of outages. It sells for 82 euro. An optional storage add-on for high capacity hard disk (HDD) or solid-state drive (SSD) is also available from Olimex.  By purchasing this product, you also support the FreedomBox Foundation's efforts to create and promote its free and open source server software. </para>
+      <para>Pioneer FreedomBox Home Servers are produced and sold by Olimex, a company which specializes in Open Source Hardware (OSHW). The kit includes pocket-sized server hardware, an SD card with the operating system pre-installed, and a backup battery which can power the hardware for 4-5 hours in case of outages. It sells for 69 euro. An optional storage add-on for high capacity hard disk (HDD) or solid-state drive (SSD) is also available from Olimex.  By purchasing this product, you also support the FreedomBox Foundation's efforts to create and promote its free and open source server software. </para>
       <para>
         <inlinemediaobject>
           <imageobject>
@@ -8330,13 +8345,16 @@ Password: <enter user password here>
         <para>The Pioneer Edition FreedomBox Home Server is the first commercially available version of FreedomBox. </para>
         <itemizedlist>
           <listitem>
-            <para>Price: 82 EUR </para>
+            <para>Price: 69 EUR </para>
           </listitem>
           <listitem>
             <para>
               <ulink url="https://www.olimex.com/Products/OLinuXino/Home-Server/Pioneer-FreedomBox-HSK/">Olimex Store</ulink>
             </para>
           </listitem>
+          <listitem>
+            <para>The US version is also available through <ulink url="https://www.mouser.com/ProductDetail/Olimex-Ltd/Pioneer-FreedomBox-HSK-US?qs=TiOZkKH1s2S0e0CDanQrkw%3D%3D">Mouser Electronics</ulink>. </para>
+          </listitem>
         </itemizedlist>
       </section>
       <section>
@@ -10465,6 +10483,67 @@ wget https://www.thinkpenguin.com/files/ath9k_firmware_free-version/htc_7010.fw]
     <section>
       <title>Release Notes</title>
       <para>The following are the release notes for each FreedomBox version. </para>
+      <section>
+        <title>FreedomBox 20.12 (2020-06-29)</title>
+        <section>
+          <title>Highlights</title>
+          <itemizedlist>
+            <listitem>
+              <para>apt: Recover from errors before installing apps or updating system </para>
+            </listitem>
+            <listitem>
+              <para>apache: Add strict content security policy, sandbox and other security headers </para>
+            </listitem>
+            <listitem>
+              <para>storage: Allow ejecting SATA disks </para>
+            </listitem>
+            <listitem>
+              <para>configuration: Allow changes using .d drop-in files </para>
+            </listitem>
+          </itemizedlist>
+        </section>
+        <section>
+          <title>Other Changes</title>
+          <itemizedlist>
+            <listitem>
+              <para>configuration: Move default configuration into source code </para>
+            </listitem>
+            <listitem>
+              <para>configuration: Read from multiple locations in /etc/ and /usr/share/ </para>
+            </listitem>
+            <listitem>
+              <para>debian: Add ssl-cert and nscd as proper dependencies </para>
+            </listitem>
+            <listitem>
+              <para>frontpage: Allow adding shotcuts using .d drop-in files </para>
+            </listitem>
+            <listitem>
+              <para>frontpage: Read shortcuts from multiple locations in /etc/, /usr/share and /var/lib </para>
+            </listitem>
+            <listitem>
+              <para>locale: Update translations for Czech, Danish, French, German, Russian, Spanish, Swedish, Telugu, Turkish </para>
+            </listitem>
+            <listitem>
+              <para>storage: Automount system disks without partition table but ignore all loopback devices </para>
+            </listitem>
+            <listitem>
+              <para>storage: Allow ejecting SATA disks </para>
+            </listitem>
+            <listitem>
+              <para>storage: Show only physical disks and not all mount points </para>
+            </listitem>
+            <listitem>
+              <para>upgrades: Skip enabling backports on testing and unstable </para>
+            </listitem>
+            <listitem>
+              <para>upgrades: Show more logs </para>
+            </listitem>
+            <listitem>
+              <para>ui: Show a spinner and disable button on form submit </para>
+            </listitem>
+          </itemizedlist>
+        </section>
+      </section>
       <section>
         <title>FreedomBox 20.11 (2020-06-15)</title>
         <section>