From 9af9a504e09b8021041a7d8fe4540574f42edc1c Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa Date: Thu, 12 Sep 2024 21:06:56 -0700 Subject: [PATCH] miniflux: Workaround a packaging bug with DB connection The latest version of miniflux can't connect to the database after a fresh installation. This is due to incorrect ownership of /etc/miniflux/database file which is owned by root (and correctly having the permissions 0600). After changes in bug #1078416, miniflux no longer runs as root user and instead runs as miniflux user. This user can't read the database file. The daemon silently falls back to using built in defaults and fails to connect to PostgreSQL database. This is originally caught by functional tests in FreedomBox's miniflux integration. Links: 1) https://bugs.debian.org/1081562 2) https://salsa.debian.org/go-team/packages/miniflux/-/merge_requests/2 Tests: - Freshly install miniflux with the patch and the daemon is running. Ownership for the file /etc/miniflux/database is as expected. - Install miniflux without the patch. Daemon is not running. Apply patch and restart service. miniflux app is updated. Daemon is running. Ownership for the file /etc/miniflux/database is as expected. Signed-off-by: Sunil Mohan Adapa Reviewed-by: James Valleroy --- plinth/modules/miniflux/__init__.py | 3 ++- plinth/modules/miniflux/privileged.py | 17 ++++++++++++++++- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/plinth/modules/miniflux/__init__.py b/plinth/modules/miniflux/__init__.py index 671d6d2af..cb846b541 100644 --- a/plinth/modules/miniflux/__init__.py +++ b/plinth/modules/miniflux/__init__.py @@ -33,7 +33,7 @@ class MinifluxApp(app_module.App): app_id = 'miniflux' - _version = 1 + _version = 2 def __init__(self): """Create components for the app.""" @@ -88,6 +88,7 @@ class MinifluxApp(app_module.App): """Install and configure the app.""" privileged.pre_setup() super().setup(old_version) + privileged.setup(old_version) if not old_version: self.enable() diff --git a/plinth/modules/miniflux/privileged.py b/plinth/modules/miniflux/privileged.py index d187fb80b..4e8cb4669 100644 --- a/plinth/modules/miniflux/privileged.py +++ b/plinth/modules/miniflux/privileged.py @@ -4,6 +4,7 @@ import json import os import pathlib +import shutil from typing import Tuple from urllib.parse import urlparse @@ -40,7 +41,7 @@ def _env_file_to_dict(env_vars: str) -> dict[str, str]: @privileged def pre_setup(): - """Perform post-install actions for Miniflux.""" + """Perform pre-install actions for Miniflux.""" vars_file = pathlib.Path(ENV_VARS_FILE) vars_file.parent.mkdir(parents=True, exist_ok=True) @@ -53,6 +54,20 @@ def pre_setup(): vars_file.write_text(_dict_to_env_file(new_settings)) +@privileged +def setup(old_version: int): + """Perform post-install actions for Miniflux.""" + # Fix incorrect permissions on database file in version 2.2.0-2. See + # https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081562 . Can be + # removed after the fix for the bug reaches Trixie/testing. + shutil.chown(DATABASE_FILE, user='miniflux', group='root') + if not old_version or action_utils.service_is_enabled('miniflux'): + # If the service was tried too many times already, it won't + # successfully restart. + action_utils.service_reset_failed('miniflux') + action_utils.service_restart('miniflux') + + def _run_miniflux_interactively(command: str, username: str, password: str) -> Tuple[str, dict]: """Fill interactive terminal prompt for username and password."""