From 5f548a9e3659eb8b75b4b8dabe8b123889569f0f Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa Date: Wed, 8 Jun 2016 10:36:33 +0530 Subject: [PATCH] packages: Make modules declare managed packages This can then be used by a privileged action to verify that packages requested for installation are in fact valid. This slightly improves security of those privileged actions. --- plinth/modules/avahi/__init__.py | 4 +++- plinth/modules/datetime/__init__.py | 4 +++- plinth/modules/deluge/__init__.py | 4 +++- plinth/modules/dynamicdns/__init__.py | 4 +++- plinth/modules/firewall/__init__.py | 4 +++- plinth/modules/ikiwiki/__init__.py | 12 +++++------- plinth/modules/letsencrypt/__init__.py | 4 +++- plinth/modules/minetest/__init__.py | 4 +++- plinth/modules/monkeysphere/__init__.py | 4 +++- plinth/modules/mumble/__init__.py | 4 +++- plinth/modules/networks/__init__.py | 4 +++- plinth/modules/openvpn/__init__.py | 4 +++- plinth/modules/owncloud/__init__.py | 6 ++++-- plinth/modules/pagekite/__init__.py | 4 +++- plinth/modules/privoxy/__init__.py | 8 +++++--- plinth/modules/quassel/__init__.py | 4 +++- plinth/modules/radicale/__init__.py | 4 +++- plinth/modules/repro/__init__.py | 8 +++++--- plinth/modules/restore/__init__.py | 8 +++++--- plinth/modules/roundcube/__init__.py | 4 +++- plinth/modules/shaarli/__init__.py | 4 +++- plinth/modules/tor/__init__.py | 6 ++++-- plinth/modules/transmission/__init__.py | 8 +++++--- plinth/modules/ttrss/__init__.py | 8 +++++--- plinth/modules/upgrades/__init__.py | 4 +++- plinth/modules/users/__init__.py | 6 ++++-- plinth/modules/xmpp/__init__.py | 8 +++++--- 27 files changed, 98 insertions(+), 48 deletions(-) diff --git a/plinth/modules/avahi/__init__.py b/plinth/modules/avahi/__init__.py index a3b019521..a074d77ea 100644 --- a/plinth/modules/avahi/__init__.py +++ b/plinth/modules/avahi/__init__.py @@ -36,6 +36,8 @@ depends = ['system'] managed_services = ['avahi-daemon'] +managed_packages = ['avahi-daemon'] + title = _('Service Discovery') description = [ @@ -64,7 +66,7 @@ def init(): def setup(helper, old_version=False): """Install and configure the module.""" - helper.install(['avahi-daemon']) + helper.install(managed_packages) class AvahiServiceView(ServiceView): diff --git a/plinth/modules/datetime/__init__.py b/plinth/modules/datetime/__init__.py index 363d00fd1..631ecfc85 100644 --- a/plinth/modules/datetime/__init__.py +++ b/plinth/modules/datetime/__init__.py @@ -34,6 +34,8 @@ depends = ['system'] managed_services = ['ntp'] +managed_packages = ['ntp'] + title = _('Date & Time') description = [ @@ -56,7 +58,7 @@ def init(): def setup(helper, old_version=None): """Install and configure the module.""" - helper.install(['ntp']) + helper.install(managed_packages) helper.call('post', service.notify_enabled, None, True) diff --git a/plinth/modules/deluge/__init__.py b/plinth/modules/deluge/__init__.py index ff1c20c43..620617c5e 100644 --- a/plinth/modules/deluge/__init__.py +++ b/plinth/modules/deluge/__init__.py @@ -35,6 +35,8 @@ service = None managed_services = ['deluge-web'] +managed_packages = ['deluged', 'deluge-web'] + title = _('BitTorrent Web Client (Deluge)') description = [ @@ -60,7 +62,7 @@ def init(): def setup(helper, old_version=None): """Install and configure the module.""" - helper.install(['deluged', 'deluge-web']) + helper.install(managed_packages) helper.call('post', actions.superuser_run, 'deluge', ['enable']) helper.call('post', service.notify_enabled, None, True) diff --git a/plinth/modules/dynamicdns/__init__.py b/plinth/modules/dynamicdns/__init__.py index 7b3e99f69..0579e4b18 100644 --- a/plinth/modules/dynamicdns/__init__.py +++ b/plinth/modules/dynamicdns/__init__.py @@ -28,6 +28,8 @@ version = 1 depends = ['system'] +managed_packages = ['ez-ipupdate'] + title = _('Dynamic DNS Client') description = [ @@ -57,4 +59,4 @@ def init(): def setup(helper, old_version=None): """Install and configure the module.""" - helper.install(['ez-ipupdate']) + helper.install(managed_packages) diff --git a/plinth/modules/firewall/__init__.py b/plinth/modules/firewall/__init__.py index acdc18ee2..1161d7f0c 100644 --- a/plinth/modules/firewall/__init__.py +++ b/plinth/modules/firewall/__init__.py @@ -34,6 +34,8 @@ is_essential = True depends = ['system'] +managed_packages = ['firewalld'] + title = _('Firewall') description = [ @@ -57,7 +59,7 @@ def init(): def setup(helper, old_version=None): """Install and configure the module.""" - helper.install(['firewalld']) + helper.install(managed_packages) def get_enabled_status(): diff --git a/plinth/modules/ikiwiki/__init__.py b/plinth/modules/ikiwiki/__init__.py index 62319e650..898a29a1b 100644 --- a/plinth/modules/ikiwiki/__init__.py +++ b/plinth/modules/ikiwiki/__init__.py @@ -31,6 +31,10 @@ version = 1 depends = ['apps'] +managed_packages = ['ikiwiki', 'gcc', 'libc6-dev', 'libtimedate-perl', + 'libcgi-formbuilder-perl', 'libcgi-session-perl', + 'libxml-writer-perl'] + service = None title = _('Wiki and Blog (ikiwiki)') @@ -54,13 +58,7 @@ def init(): def setup(helper, old_version=None): """Install and configure the module.""" - helper.install(['ikiwiki', - 'gcc', - 'libc6-dev', - 'libtimedate-perl', - 'libcgi-formbuilder-perl', - 'libcgi-session-perl', - 'libxml-writer-perl']) + helper.install(managed_packages) helper.call('post', actions.superuser_run, 'ikiwiki', ['setup']) helper.call('post', service.notify_enabled, None, True) diff --git a/plinth/modules/letsencrypt/__init__.py b/plinth/modules/letsencrypt/__init__.py index 0bc71ac82..476c81598 100644 --- a/plinth/modules/letsencrypt/__init__.py +++ b/plinth/modules/letsencrypt/__init__.py @@ -33,6 +33,8 @@ is_essential = True depends = ['apps', 'names'] +managed_packages = ['letsencrypt'] + title = _('Certificates (Let\'s Encrypt)') description = [ @@ -64,7 +66,7 @@ def init(): def setup(helper, old_version=None): """Install and configure the module.""" - helper.install(['letsencrypt']) + helper.install(managed_packages) def diagnose(): diff --git a/plinth/modules/minetest/__init__.py b/plinth/modules/minetest/__init__.py index 1a7e1a66b..70d42580c 100644 --- a/plinth/modules/minetest/__init__.py +++ b/plinth/modules/minetest/__init__.py @@ -36,6 +36,8 @@ service = None managed_services = ['minetest-server'] +managed_packages = ['minetest-server'] + title = _('Block Sandbox (Minetest)') description = [ @@ -61,7 +63,7 @@ def init(): def setup(helper, old_version=None): """Install and configure the module.""" - helper.install(managed_services) + helper.install(managed_packages) helper.call('post', service.notify_enabled, None, True) diff --git a/plinth/modules/monkeysphere/__init__.py b/plinth/modules/monkeysphere/__init__.py index 40d63c81d..e48ee24cd 100644 --- a/plinth/modules/monkeysphere/__init__.py +++ b/plinth/modules/monkeysphere/__init__.py @@ -27,6 +27,8 @@ version = 1 depends = ['system'] +managed_packages = ['monkeysphere'] + title = _('Monkeysphere') description = [ @@ -59,4 +61,4 @@ def init(): def setup(helper, old_version=None): """Install and configure the module.""" - helper.install(['monkeysphere']) + helper.install(managed_packages) diff --git a/plinth/modules/mumble/__init__.py b/plinth/modules/mumble/__init__.py index 3b3a43528..00214c835 100644 --- a/plinth/modules/mumble/__init__.py +++ b/plinth/modules/mumble/__init__.py @@ -37,6 +37,8 @@ service = None managed_services = ['mumble-server'] +managed_packages = ['mumble-server'] + description = [ _('Mumble is an open source, low-latency, encrypted, high quality ' 'voice chat software.'), @@ -65,7 +67,7 @@ class MumbleServiceView(ServiceView): def setup(helper, old_version=None): """Install and configure the module.""" - helper.install(['mumble-server']) + helper.install(managed_packages) helper.call('post', service.notify_enabled, None, True) diff --git a/plinth/modules/networks/__init__.py b/plinth/modules/networks/__init__.py index edcf47087..e50b1ea8e 100644 --- a/plinth/modules/networks/__init__.py +++ b/plinth/modules/networks/__init__.py @@ -34,6 +34,8 @@ is_essential = True depends = ['system'] +managed_packages = ['network-manager'] + title = _('Networks') logger = Logger(__name__) @@ -47,7 +49,7 @@ def init(): def setup(helper, old_version=None): """Install and configure the module.""" - helper.install(['network-manager']) + helper.install(managed_packages) def diagnose(): diff --git a/plinth/modules/openvpn/__init__.py b/plinth/modules/openvpn/__init__.py index 3c87263ec..5fc083b89 100644 --- a/plinth/modules/openvpn/__init__.py +++ b/plinth/modules/openvpn/__init__.py @@ -36,6 +36,8 @@ service = None managed_services = ['openvpn@freedombox'] +managed_packages = ['openvpn', 'easy-rsa'] + title = _('Virtual Private Network (OpenVPN)') description = [ @@ -62,7 +64,7 @@ def init(): def setup(helper, old_version=None): """Install and configure the module.""" - helper.install(['openvpn', 'easy-rsa']) + helper.install(managed_packages) def is_setup(): diff --git a/plinth/modules/owncloud/__init__.py b/plinth/modules/owncloud/__init__.py index 1c3b9483f..5e1b8bb12 100644 --- a/plinth/modules/owncloud/__init__.py +++ b/plinth/modules/owncloud/__init__.py @@ -32,6 +32,9 @@ version = 1 depends = ['apps'] +managed_packages = ['postgresql', 'php5-pgsql', 'owncloud', 'php-dropbox', + 'php-google-api-php-client'] + title = _('File Hosting (ownCloud)') description = [ @@ -70,8 +73,7 @@ def init(): def setup(helper, old_version=None): """Install and configure the module.""" - helper.install(['postgresql', 'php5-pgsql', 'owncloud', 'php-dropbox', - 'php-google-api-php-client']) + helper.install(managed_packages) helper.call('post', actions.superuser_run, 'owncloud-setup', ['enable']) helper.call('post', service.notify_enabled, None, True) diff --git a/plinth/modules/pagekite/__init__.py b/plinth/modules/pagekite/__init__.py index 5c2b51b8c..fd868f631 100644 --- a/plinth/modules/pagekite/__init__.py +++ b/plinth/modules/pagekite/__init__.py @@ -29,6 +29,8 @@ version = 1 depends = ['system', 'names'] +managed_packages = ['pagekite'] + title = _('Public Visibility (PageKite)') description = [ @@ -76,4 +78,4 @@ def init(): def setup(helper, old_version=None): """Install and configure the module.""" - helper.install(['pagekite']) + helper.install(managed_packages) diff --git a/plinth/modules/privoxy/__init__.py b/plinth/modules/privoxy/__init__.py index ae7a545b8..984c7cceb 100644 --- a/plinth/modules/privoxy/__init__.py +++ b/plinth/modules/privoxy/__init__.py @@ -35,6 +35,10 @@ is_essential = False depends = ['apps'] +managed_services = ['privoxy'] + +managed_packages = ['privoxy'] + title = _('Web Proxy (Privoxy)') description = [ @@ -54,8 +58,6 @@ description = [ service = None -managed_services = ['privoxy'] - def init(): """Intialize the module.""" @@ -70,7 +72,7 @@ def init(): def setup(helper, old_version=None): """Install and configure the module.""" helper.call('pre', actions.superuser_run, 'privoxy', ['pre-install']) - helper.install(['privoxy']) + helper.install(managed_packages) helper.call('post', service.notify_enabled, None, True) diff --git a/plinth/modules/quassel/__init__.py b/plinth/modules/quassel/__init__.py index dfb8c1afe..865c38672 100644 --- a/plinth/modules/quassel/__init__.py +++ b/plinth/modules/quassel/__init__.py @@ -35,6 +35,8 @@ service = None managed_services = ['quasselcore'] +managed_packages = ['quassel-core'] + title = _('IRC Client (Quassel)') description = [ @@ -73,7 +75,7 @@ class QuasselServiceView(ServiceView): def setup(helper, old_version=None): """Install and configure the module.""" - helper.install(['quassel-core']) + helper.install(managed_packages) helper.call('post', service.notify_enabled, None, True) diff --git a/plinth/modules/radicale/__init__.py b/plinth/modules/radicale/__init__.py index a682dea8d..7ab5e8f89 100644 --- a/plinth/modules/radicale/__init__.py +++ b/plinth/modules/radicale/__init__.py @@ -37,6 +37,8 @@ service = None managed_services = ['radicale'] +managed_packages = ['radicale'] + title = _('Calendar and Addressbook (Radicale)') description = [ @@ -69,7 +71,7 @@ class RadicaleServiceView(ServiceView): def setup(helper, old_version=None): """Install and configure the module.""" - helper.install(['radicale']) + helper.install(managed_packages) helper.call('post', actions.superuser_run, 'radicale', ['setup']) helper.call('post', service.notify_enabled, None, True) diff --git a/plinth/modules/repro/__init__.py b/plinth/modules/repro/__init__.py index 99d8936ba..d20d7cc6e 100644 --- a/plinth/modules/repro/__init__.py +++ b/plinth/modules/repro/__init__.py @@ -31,6 +31,10 @@ version = 1 depends = ['apps'] +managed_services = ['repro'] + +managed_packages = ['repro'] + title = _('SIP Server (repro)') description = [ @@ -56,8 +60,6 @@ description = [ service = None -managed_services = ['repro'] - def init(): """Initialize the repro module.""" @@ -78,7 +80,7 @@ class ReproServiceView(ServiceView): def setup(helper, old_version=None): """Install and configure the module.""" - helper.install(['repro']) + helper.install(managed_packages) helper.call('post', actions.superuser_run, 'repro', ['setup']) helper.call('post', service.notify_enabled, None, True) diff --git a/plinth/modules/restore/__init__.py b/plinth/modules/restore/__init__.py index a8a8a1408..0aa1f2edf 100644 --- a/plinth/modules/restore/__init__.py +++ b/plinth/modules/restore/__init__.py @@ -30,6 +30,10 @@ version = 1 depends = ['apps'] +managed_services = ['node-restore'] + +managed_packages = ['node-restore'] + title = _('Unhosted Storage (reStore)') description = [ @@ -47,8 +51,6 @@ description = [ service = None -managed_services = ['node-restore'] - def init(): """Initialize the reStore module.""" @@ -62,4 +64,4 @@ def init(): def setup(helper, old_version=None): """Install and configure the module.""" - helper.install(['node-restore']) + helper.install(managed_packages) diff --git a/plinth/modules/roundcube/__init__.py b/plinth/modules/roundcube/__init__.py index 30ab0a72c..d924cf1b0 100644 --- a/plinth/modules/roundcube/__init__.py +++ b/plinth/modules/roundcube/__init__.py @@ -31,6 +31,8 @@ version = 1 depends = ['apps'] +managed_packages = ['sqlite3', 'roundcube', 'roundcube-sqlite3'] + title = _('Email Client (Roundcube)') description = [ @@ -72,7 +74,7 @@ def init(): def setup(helper, old_version=None): """Install and configure the module.""" helper.call('pre', actions.superuser_run, 'roundcube', ['pre-install']) - helper.install(['sqlite3', 'roundcube', 'roundcube-sqlite3']) + helper.install(managed_packages) helper.call('post', actions.superuser_run, 'roundcube', ['setup']) diff --git a/plinth/modules/shaarli/__init__.py b/plinth/modules/shaarli/__init__.py index 84d60f89c..70f182410 100644 --- a/plinth/modules/shaarli/__init__.py +++ b/plinth/modules/shaarli/__init__.py @@ -31,6 +31,8 @@ version = 1 depends = ['apps'] +managed_packages = ['shaarli'] + title = _('Bookmarks (Shaarli)') description = [ @@ -58,7 +60,7 @@ def init(): def setup(helper, old_version=None): """Install and configure the module.""" - helper.install(['shaarli']) + helper.install(managed_packages) helper.call('post', service.notify_enabled, None, True) diff --git a/plinth/modules/tor/__init__.py b/plinth/modules/tor/__init__.py index e94b6deaa..d1e58c942 100644 --- a/plinth/modules/tor/__init__.py +++ b/plinth/modules/tor/__init__.py @@ -36,6 +36,9 @@ version = 1 depends = ['apps', 'names'] +managed_packages = ['tor', 'tor-geoipdb', 'torsocks', 'obfs4proxy', + 'apt-transport-tor'] + title = _('Anonymity Network (Tor)') description = [ @@ -92,8 +95,7 @@ def init(): def setup(helper, old_version=None): """Install and configure the module.""" - helper.install(['tor', 'tor-geoipdb', 'torsocks', 'obfs4proxy', - 'apt-transport-tor']) + helper.install(managed_packages) helper.call('post', actions.superuser_run, 'tor', ['setup']) helper.call('post', actions.superuser_run, 'tor', ['configure', '--apt-transport-tor', 'enable']) diff --git a/plinth/modules/transmission/__init__.py b/plinth/modules/transmission/__init__.py index 8ec19d19d..6af0e7b19 100644 --- a/plinth/modules/transmission/__init__.py +++ b/plinth/modules/transmission/__init__.py @@ -32,6 +32,10 @@ version = 1 depends = ['apps'] +managed_services = ['transmission-daemon'] + +managed_packages = ['transmission-daemon'] + title = _('BitTorrent (Transmission)') description = [ @@ -43,8 +47,6 @@ description = [ service = None -managed_services = ['transmission-daemon'] - TRANSMISSION_CONFIG = '/etc/transmission-daemon/settings.json' @@ -61,7 +63,7 @@ def init(): def setup(helper, old_version=None): """Install and configure the module.""" - helper.install(['transmission-daemon']) + helper.install(managed_packages) new_configuration = {'rpc-whitelist-enabled': False} helper.call('post', actions.superuser_run, 'transmission', diff --git a/plinth/modules/ttrss/__init__.py b/plinth/modules/ttrss/__init__.py index 92db1ce5f..1bcda91c5 100644 --- a/plinth/modules/ttrss/__init__.py +++ b/plinth/modules/ttrss/__init__.py @@ -31,6 +31,10 @@ version = 1 depends = ['apps'] +managed_services = ['tt-rss'] + +managed_packages = ['tt-rss', 'postgresql', 'dbconfig-pgsql', 'php-pgsql'] + title = _('News Feed Reader (Tiny Tiny RSS)') description = [ @@ -44,8 +48,6 @@ description = [ service = None -managed_services = ['tt-rss'] - def init(): """Intialize the module.""" @@ -61,7 +63,7 @@ def init(): def setup(helper, old_version=None): """Install and configure the module.""" helper.call('pre', actions.superuser_run, 'ttrss', ['pre-setup']) - helper.install(['tt-rss', 'postgresql', 'dbconfig-pgsql', 'php-pgsql']) + helper.install(managed_packages) helper.call('post', actions.superuser_run, 'ttrss', ['setup']) helper.call('post', service.notify_enabled, None, True) diff --git a/plinth/modules/upgrades/__init__.py b/plinth/modules/upgrades/__init__.py index c9e6ba601..bbbf63fde 100644 --- a/plinth/modules/upgrades/__init__.py +++ b/plinth/modules/upgrades/__init__.py @@ -32,6 +32,8 @@ is_essential = True depends = ['system'] +managed_packages = ['unattended-upgrades'] + title = _('Software Upgrades') description = [ @@ -55,7 +57,7 @@ def init(): def setup(helper, old_version=None): """Install and configure the module.""" - helper.install(['unattended-upgrades']) + helper.install(managed_packages) helper.call('post', actions.superuser_run, 'upgrades', ['enable-auto']) diff --git a/plinth/modules/users/__init__.py b/plinth/modules/users/__init__.py index 8d4bf759a..e5e0be0ce 100644 --- a/plinth/modules/users/__init__.py +++ b/plinth/modules/users/__init__.py @@ -32,6 +32,9 @@ is_essential = True depends = ['system'] +managed_packages = ['ldapscripts', 'ldap-utils', 'libnss-ldapd', + 'libpam-ldapd', 'nslcd', 'slapd'] + title = _('Users and Groups') @@ -44,8 +47,7 @@ def init(): def setup(helper, old_version=None): """Install and configure the module.""" helper.call('pre', actions.superuser_run, 'users', ['pre-install']) - helper.install(['ldapscripts', 'ldap-utils', 'libnss-ldapd', - 'libpam-ldapd', 'nslcd', 'slapd']) + helper.install(managed_packages) helper.call('post', actions.superuser_run, 'users', ['setup']) diff --git a/plinth/modules/xmpp/__init__.py b/plinth/modules/xmpp/__init__.py index 793410ad7..cb36ea49a 100644 --- a/plinth/modules/xmpp/__init__.py +++ b/plinth/modules/xmpp/__init__.py @@ -36,6 +36,10 @@ version = 1 depends = ['apps'] +managed_services = ['ejabberd'] + +managed_packages = ['jwchat', 'ejabberd'] + title = _('Chat Server (XMPP)') description = [ @@ -52,8 +56,6 @@ service = None logger = logging.getLogger(__name__) -managed_services = ['ejabberd'] - def init(): """Initialize the XMPP module""" @@ -78,7 +80,7 @@ def setup(helper, old_version=None): helper.call('pre', actions.superuser_run, 'xmpp', ['pre-install', '--domainname', domainname]) - helper.install(['jwchat', 'ejabberd']) + helper.install(managed_packages) helper.call('post', actions.superuser_run, 'xmpp', ['setup']) helper.call('post', service.notify_enabled, None, True)