packages: Make modules declare managed packages

This can then be used by a privileged action to verify that packages requested for installation are in fact valid. This slightly improves security of those privileged actions.
2026-06-10 11:00:22 +00:00 · 2016-06-08 10:36:33 +05:30 · 2016-06-08 10:36:33 +05:30 · 5f548a9e36
commit 5f548a9e36
parent 4f634b86e2
27 changed files with 98 additions and 48 deletions
--- a/plinth/modules/avahi/init.py
+++ b/plinth/modules/avahi/init.py
@ -36,6 +36,8 @@ depends = ['system']

 managed_services = ['avahi-daemon']

+managed_packages = ['avahi-daemon']
+
 title = _('Service Discovery')

 description = [
@ -64,7 +66,7 @@ def init():

 def setup(helper, old_version=False):
    """Install and configure the module."""
-    helper.install(['avahi-daemon'])
+    helper.install(managed_packages)


 class AvahiServiceView(ServiceView):
--- a/plinth/modules/datetime/init.py
+++ b/plinth/modules/datetime/init.py
@ -34,6 +34,8 @@ depends = ['system']

 managed_services = ['ntp']

+managed_packages = ['ntp']
+
 title = _('Date & Time')

 description = [
@ -56,7 +58,7 @@ def init():

 def setup(helper, old_version=None):
    """Install and configure the module."""
-    helper.install(['ntp'])
+    helper.install(managed_packages)
    helper.call('post', service.notify_enabled, None, True)


--- a/plinth/modules/deluge/init.py
+++ b/plinth/modules/deluge/init.py
@ -35,6 +35,8 @@ service = None

 managed_services = ['deluge-web']

+managed_packages = ['deluged', 'deluge-web']
+
 title = _('BitTorrent Web Client (Deluge)')

 description = [
@ -60,7 +62,7 @@ def init():

 def setup(helper, old_version=None):
    """Install and configure the module."""
-    helper.install(['deluged', 'deluge-web'])
+    helper.install(managed_packages)
    helper.call('post', actions.superuser_run, 'deluge', ['enable'])
    helper.call('post', service.notify_enabled, None, True)

--- a/plinth/modules/dynamicdns/init.py
+++ b/plinth/modules/dynamicdns/init.py
@ -28,6 +28,8 @@ version = 1

 depends = ['system']

+managed_packages = ['ez-ipupdate']
+
 title = _('Dynamic DNS Client')

 description = [
@ -57,4 +59,4 @@ def init():

 def setup(helper, old_version=None):
    """Install and configure the module."""
-    helper.install(['ez-ipupdate'])
+    helper.install(managed_packages)
--- a/plinth/modules/firewall/init.py
+++ b/plinth/modules/firewall/init.py
@ -34,6 +34,8 @@ is_essential = True

 depends = ['system']

+managed_packages = ['firewalld']
+
 title = _('Firewall')

 description = [
@ -57,7 +59,7 @@ def init():

 def setup(helper, old_version=None):
    """Install and configure the module."""
-    helper.install(['firewalld'])
+    helper.install(managed_packages)


 def get_enabled_status():
--- a/plinth/modules/ikiwiki/init.py
+++ b/plinth/modules/ikiwiki/init.py
@ -31,6 +31,10 @@ version = 1

 depends = ['apps']

+managed_packages = ['ikiwiki', 'gcc', 'libc6-dev', 'libtimedate-perl',
+                    'libcgi-formbuilder-perl', 'libcgi-session-perl',
+                    'libxml-writer-perl']
+
 service = None

 title = _('Wiki and Blog (ikiwiki)')
@ -54,13 +58,7 @@ def init():

 def setup(helper, old_version=None):
    """Install and configure the module."""
-    helper.install(['ikiwiki',
-                    'gcc',
-                    'libc6-dev',
-                    'libtimedate-perl',
-                    'libcgi-formbuilder-perl',
-                    'libcgi-session-perl',
-                    'libxml-writer-perl'])
+    helper.install(managed_packages)
    helper.call('post', actions.superuser_run, 'ikiwiki', ['setup'])
    helper.call('post', service.notify_enabled, None, True)

--- a/plinth/modules/letsencrypt/init.py
+++ b/plinth/modules/letsencrypt/init.py
@ -33,6 +33,8 @@ is_essential = True

 depends = ['apps', 'names']

+managed_packages = ['letsencrypt']
+
 title = _('Certificates (Let\'s Encrypt)')

 description = [
@ -64,7 +66,7 @@ def init():

 def setup(helper, old_version=None):
    """Install and configure the module."""
-    helper.install(['letsencrypt'])
+    helper.install(managed_packages)


 def diagnose():
--- a/plinth/modules/minetest/init.py
+++ b/plinth/modules/minetest/init.py
@ -36,6 +36,8 @@ service = None

 managed_services = ['minetest-server']

+managed_packages = ['minetest-server']
+
 title = _('Block Sandbox (Minetest)')

 description = [
@ -61,7 +63,7 @@ def init():

 def setup(helper, old_version=None):
    """Install and configure the module."""
-    helper.install(managed_services)
+    helper.install(managed_packages)
    helper.call('post', service.notify_enabled, None, True)


--- a/plinth/modules/monkeysphere/init.py
+++ b/plinth/modules/monkeysphere/init.py
@ -27,6 +27,8 @@ version = 1

 depends = ['system']

+managed_packages = ['monkeysphere']
+
 title = _('Monkeysphere')

 description = [
@ -59,4 +61,4 @@ def init():

 def setup(helper, old_version=None):
    """Install and configure the module."""
-    helper.install(['monkeysphere'])
+    helper.install(managed_packages)
--- a/plinth/modules/mumble/init.py
+++ b/plinth/modules/mumble/init.py
@ -37,6 +37,8 @@ service = None

 managed_services = ['mumble-server']

+managed_packages = ['mumble-server']
+
 description = [
    _('Mumble is an open source, low-latency, encrypted, high quality '
      'voice chat software.'),
@ -65,7 +67,7 @@ class MumbleServiceView(ServiceView):

 def setup(helper, old_version=None):
    """Install and configure the module."""
-    helper.install(['mumble-server'])
+    helper.install(managed_packages)
    helper.call('post', service.notify_enabled, None, True)


--- a/plinth/modules/networks/init.py
+++ b/plinth/modules/networks/init.py
@ -34,6 +34,8 @@ is_essential = True

 depends = ['system']

+managed_packages = ['network-manager']
+
 title = _('Networks')

 logger = Logger(__name__)
@ -47,7 +49,7 @@ def init():

 def setup(helper, old_version=None):
    """Install and configure the module."""
-    helper.install(['network-manager'])
+    helper.install(managed_packages)


 def diagnose():
--- a/plinth/modules/openvpn/init.py
+++ b/plinth/modules/openvpn/init.py
@ -36,6 +36,8 @@ service = None

 managed_services = ['openvpn@freedombox']

+managed_packages = ['openvpn', 'easy-rsa']
+
 title = _('Virtual Private Network (OpenVPN)')

 description = [
@ -62,7 +64,7 @@ def init():

 def setup(helper, old_version=None):
    """Install and configure the module."""
-    helper.install(['openvpn', 'easy-rsa'])
+    helper.install(managed_packages)


 def is_setup():
--- a/plinth/modules/owncloud/init.py
+++ b/plinth/modules/owncloud/init.py
@ -32,6 +32,9 @@ version = 1

 depends = ['apps']

+managed_packages = ['postgresql', 'php5-pgsql', 'owncloud', 'php-dropbox',
+                    'php-google-api-php-client']
+
 title = _('File Hosting (ownCloud)')

 description = [
@ -70,8 +73,7 @@ def init():

 def setup(helper, old_version=None):
    """Install and configure the module."""
-    helper.install(['postgresql', 'php5-pgsql', 'owncloud', 'php-dropbox',
-                    'php-google-api-php-client'])
+    helper.install(managed_packages)
    helper.call('post', actions.superuser_run, 'owncloud-setup', ['enable'])
    helper.call('post', service.notify_enabled, None, True)

--- a/plinth/modules/pagekite/init.py
+++ b/plinth/modules/pagekite/init.py
@ -29,6 +29,8 @@ version = 1

 depends = ['system', 'names']

+managed_packages = ['pagekite']
+
 title = _('Public Visibility (PageKite)')

 description = [
@ -76,4 +78,4 @@ def init():

 def setup(helper, old_version=None):
    """Install and configure the module."""
-    helper.install(['pagekite'])
+    helper.install(managed_packages)
--- a/plinth/modules/privoxy/init.py
+++ b/plinth/modules/privoxy/init.py
@ -35,6 +35,10 @@ is_essential = False

 depends = ['apps']

+managed_services = ['privoxy']
+
+managed_packages = ['privoxy']
+
 title = _('Web Proxy (Privoxy)')

 description = [
@ -54,8 +58,6 @@ description = [

 service = None

-managed_services = ['privoxy']
-

 def init():
    """Intialize the module."""
@ -70,7 +72,7 @@ def init():
 def setup(helper, old_version=None):
    """Install and configure the module."""
    helper.call('pre', actions.superuser_run, 'privoxy', ['pre-install'])
-    helper.install(['privoxy'])
+    helper.install(managed_packages)
    helper.call('post', service.notify_enabled, None, True)


--- a/plinth/modules/quassel/init.py
+++ b/plinth/modules/quassel/init.py
@ -35,6 +35,8 @@ service = None

 managed_services = ['quasselcore']

+managed_packages = ['quassel-core']
+
 title = _('IRC Client (Quassel)')

 description = [
@ -73,7 +75,7 @@ class QuasselServiceView(ServiceView):

 def setup(helper, old_version=None):
    """Install and configure the module."""
-    helper.install(['quassel-core'])
+    helper.install(managed_packages)
    helper.call('post', service.notify_enabled, None, True)


--- a/plinth/modules/radicale/init.py
+++ b/plinth/modules/radicale/init.py
@ -37,6 +37,8 @@ service = None

 managed_services = ['radicale']

+managed_packages = ['radicale']
+
 title = _('Calendar and Addressbook (Radicale)')

 description = [
@ -69,7 +71,7 @@ class RadicaleServiceView(ServiceView):

 def setup(helper, old_version=None):
    """Install and configure the module."""
-    helper.install(['radicale'])
+    helper.install(managed_packages)
    helper.call('post', actions.superuser_run, 'radicale', ['setup'])
    helper.call('post', service.notify_enabled, None, True)

--- a/plinth/modules/repro/init.py
+++ b/plinth/modules/repro/init.py
@ -31,6 +31,10 @@ version = 1

 depends = ['apps']

+managed_services = ['repro']
+
+managed_packages = ['repro']
+
 title = _('SIP Server (repro)')

 description = [
@ -56,8 +60,6 @@ description = [

 service = None

-managed_services = ['repro']
-

 def init():
    """Initialize the repro module."""
@ -78,7 +80,7 @@ class ReproServiceView(ServiceView):

 def setup(helper, old_version=None):
    """Install and configure the module."""
-    helper.install(['repro'])
+    helper.install(managed_packages)
    helper.call('post', actions.superuser_run, 'repro', ['setup'])
    helper.call('post', service.notify_enabled, None, True)

--- a/plinth/modules/restore/init.py
+++ b/plinth/modules/restore/init.py
@ -30,6 +30,10 @@ version = 1

 depends = ['apps']

+managed_services = ['node-restore']
+
+managed_packages = ['node-restore']
+
 title = _('Unhosted Storage (reStore)')

 description = [
@ -47,8 +51,6 @@ description = [

 service = None

-managed_services = ['node-restore']
-

 def init():
    """Initialize the reStore module."""
@ -62,4 +64,4 @@ def init():

 def setup(helper, old_version=None):
    """Install and configure the module."""
-    helper.install(['node-restore'])
+    helper.install(managed_packages)
--- a/plinth/modules/roundcube/init.py
+++ b/plinth/modules/roundcube/init.py
@ -31,6 +31,8 @@ version = 1

 depends = ['apps']

+managed_packages = ['sqlite3', 'roundcube', 'roundcube-sqlite3']
+
 title = _('Email Client (Roundcube)')

 description = [
@ -72,7 +74,7 @@ def init():
 def setup(helper, old_version=None):
    """Install and configure the module."""
    helper.call('pre', actions.superuser_run, 'roundcube', ['pre-install'])
-    helper.install(['sqlite3', 'roundcube', 'roundcube-sqlite3'])
+    helper.install(managed_packages)
    helper.call('post', actions.superuser_run, 'roundcube', ['setup'])


--- a/plinth/modules/shaarli/init.py
+++ b/plinth/modules/shaarli/init.py
@ -31,6 +31,8 @@ version = 1

 depends = ['apps']

+managed_packages = ['shaarli']
+
 title = _('Bookmarks (Shaarli)')

 description = [
@ -58,7 +60,7 @@ def init():

 def setup(helper, old_version=None):
    """Install and configure the module."""
-    helper.install(['shaarli'])
+    helper.install(managed_packages)
    helper.call('post', service.notify_enabled, None, True)


--- a/plinth/modules/tor/init.py
+++ b/plinth/modules/tor/init.py
@ -36,6 +36,9 @@ version = 1

 depends = ['apps', 'names']

+managed_packages = ['tor', 'tor-geoipdb', 'torsocks', 'obfs4proxy',
+                    'apt-transport-tor']
+
 title = _('Anonymity Network (Tor)')

 description = [
@ -92,8 +95,7 @@ def init():

 def setup(helper, old_version=None):
    """Install and configure the module."""
-    helper.install(['tor', 'tor-geoipdb', 'torsocks', 'obfs4proxy',
-                    'apt-transport-tor'])
+    helper.install(managed_packages)
    helper.call('post', actions.superuser_run, 'tor', ['setup'])
    helper.call('post', actions.superuser_run, 'tor',
                ['configure', '--apt-transport-tor', 'enable'])
--- a/plinth/modules/transmission/init.py
+++ b/plinth/modules/transmission/init.py
@ -32,6 +32,10 @@ version = 1

 depends = ['apps']

+managed_services = ['transmission-daemon']
+
+managed_packages = ['transmission-daemon']
+
 title = _('BitTorrent (Transmission)')

 description = [
@ -43,8 +47,6 @@ description = [

 service = None

-managed_services = ['transmission-daemon']
-
 TRANSMISSION_CONFIG = '/etc/transmission-daemon/settings.json'


@ -61,7 +63,7 @@ def init():

 def setup(helper, old_version=None):
    """Install and configure the module."""
-    helper.install(['transmission-daemon'])
+    helper.install(managed_packages)

    new_configuration = {'rpc-whitelist-enabled': False}
    helper.call('post', actions.superuser_run, 'transmission',
--- a/plinth/modules/ttrss/init.py
+++ b/plinth/modules/ttrss/init.py
@ -31,6 +31,10 @@ version = 1

 depends = ['apps']

+managed_services = ['tt-rss']
+
+managed_packages = ['tt-rss', 'postgresql', 'dbconfig-pgsql', 'php-pgsql']
+
 title = _('News Feed Reader (Tiny Tiny RSS)')

 description = [
@ -44,8 +48,6 @@ description = [

 service = None

-managed_services = ['tt-rss']
-

 def init():
    """Intialize the module."""
@ -61,7 +63,7 @@ def init():
 def setup(helper, old_version=None):
    """Install and configure the module."""
    helper.call('pre', actions.superuser_run, 'ttrss', ['pre-setup'])
-    helper.install(['tt-rss', 'postgresql', 'dbconfig-pgsql', 'php-pgsql'])
+    helper.install(managed_packages)
    helper.call('post', actions.superuser_run, 'ttrss', ['setup'])
    helper.call('post', service.notify_enabled, None, True)

--- a/plinth/modules/upgrades/init.py
+++ b/plinth/modules/upgrades/init.py
@ -32,6 +32,8 @@ is_essential = True

 depends = ['system']

+managed_packages = ['unattended-upgrades']
+
 title = _('Software Upgrades')

 description = [
@ -55,7 +57,7 @@ def init():

 def setup(helper, old_version=None):
    """Install and configure the module."""
-    helper.install(['unattended-upgrades'])
+    helper.install(managed_packages)
    helper.call('post', actions.superuser_run, 'upgrades', ['enable-auto'])


--- a/plinth/modules/users/init.py
+++ b/plinth/modules/users/init.py
@ -32,6 +32,9 @@ is_essential = True

 depends = ['system']

+managed_packages = ['ldapscripts', 'ldap-utils', 'libnss-ldapd',
+                    'libpam-ldapd', 'nslcd', 'slapd']
+
 title = _('Users and Groups')


@ -44,8 +47,7 @@ def init():
 def setup(helper, old_version=None):
    """Install and configure the module."""
    helper.call('pre', actions.superuser_run, 'users', ['pre-install'])
-    helper.install(['ldapscripts', 'ldap-utils', 'libnss-ldapd',
-                    'libpam-ldapd', 'nslcd', 'slapd'])
+    helper.install(managed_packages)
    helper.call('post', actions.superuser_run, 'users', ['setup'])


--- a/plinth/modules/xmpp/init.py
+++ b/plinth/modules/xmpp/init.py
@ -36,6 +36,10 @@ version = 1

 depends = ['apps']

+managed_services = ['ejabberd']
+
+managed_packages = ['jwchat', 'ejabberd']
+
 title = _('Chat Server (XMPP)')

 description = [
@ -52,8 +56,6 @@ service = None

 logger = logging.getLogger(__name__)

-managed_services = ['ejabberd']
-

 def init():
    """Initialize the XMPP module"""
@ -78,7 +80,7 @@ def setup(helper, old_version=None):

    helper.call('pre', actions.superuser_run, 'xmpp',
                ['pre-install', '--domainname', domainname])
-    helper.install(['jwchat', 'ejabberd'])
+    helper.install(managed_packages)
    helper.call('post', actions.superuser_run, 'xmpp', ['setup'])
    helper.call('post', service.notify_enabled, None, True)