From f8e78f33d30519d5a093facf66fc16e3d54b4e3f Mon Sep 17 00:00:00 2001
From: Sunil Mohan Adapa <sunil@medhas.org>
Date: Tue, 25 Mar 2025 14:24:07 -0700
Subject: [PATCH] radicale: Explicitly set the auth type to accommodate
 radicale 3.5

Helps: #2501
Helps: Debian #1100995

- With radicale's Debian packaging for version 3.5 (trixie) the auth/type
configuration value is no longer set to remote_user by default[1]. FreedomBox's
setup depends on this. So, set this value explicitly including for bookworm.

Links:

1) https://tracker.debian.org/media/packages/r/radicale/changelog-3.5.0-1

Tests:

- Install on bookworm and testing VMs and run functional tests. Web UI works.

- On bookworm VM, install radicale and perform dist-upgrade. Upgrade succeeds.
Radicale is at version 3.5.0-1. The file /etc/radicale/config *does not*
contains auth/type as 'remote_user'. This is because unattended-upgrades has
unexpectedly upgraded radicale and overwrote the configuration file. This is
being investigated separately.

Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
---
 plinth/modules/radicale/__init__.py   |  4 +++-
 plinth/modules/radicale/privileged.py | 22 +++++++++++++++++-----
 2 files changed, 20 insertions(+), 6 deletions(-)

diff --git a/plinth/modules/radicale/__init__.py b/plinth/modules/radicale/__init__.py
index 3ba77f71c..6895f4386 100644
--- a/plinth/modules/radicale/__init__.py
+++ b/plinth/modules/radicale/__init__.py
@@ -43,7 +43,7 @@ class RadicaleApp(app_module.App):
 
     app_id = 'radicale'
 
-    _version = 3
+    _version = 4
 
     def __init__(self) -> None:
         """Create components for the app."""
@@ -102,6 +102,7 @@ class RadicaleApp(app_module.App):
     def setup(self, old_version):
         """Install and configure the app."""
         super().setup(old_version)
+        privileged.setup()
         if not old_version:
             self.enable()
 
@@ -117,6 +118,7 @@ class RadicaleApp(app_module.App):
 
         rights = get_rights_value()
         install(['radicale'], force_configuration='new')
+        privileged.setup()
         privileged.configure(rights)
 
         return True
diff --git a/plinth/modules/radicale/privileged.py b/plinth/modules/radicale/privileged.py
index 7c950dcf0..8508fd56d 100644
--- a/plinth/modules/radicale/privileged.py
+++ b/plinth/modules/radicale/privileged.py
@@ -12,6 +12,20 @@ CONFIG_FILE = '/etc/radicale/config'
 LOG_PATH = '/var/log/radicale'
 
 
+@privileged
+def setup():
+    """Configure authentication to Apache remote user.
+
+    For radicale < 3.5 (bookworm), this was set by configuration shipped with
+    Debian. For radicale >= 3.5 (trixie), this needs to be explicitly. For
+    simplicity, set is unconditionally.
+    """
+    aug = load_augeas()
+    aug.set('auth/type', 'remote_user')
+    aug.save()
+    action_utils.service_try_restart('uwsgi')
+
+
 @privileged
 def configure(rights_type: str):
     """Set the radicale rights type to a particular value."""
@@ -20,7 +34,7 @@ def configure(rights_type: str):
         rights_type = 'from_file'
 
     aug = load_augeas()
-    aug.set('/files' + CONFIG_FILE + '/rights/type', rights_type)
+    aug.set('rights/type', rights_type)
     aug.save()
 
     action_utils.service_try_restart('uwsgi')
@@ -38,10 +52,8 @@ def load_augeas():
     """Initialize Augeas."""
     aug = augeas.Augeas(flags=augeas.Augeas.NO_LOAD +
                         augeas.Augeas.NO_MODL_AUTOLOAD)
-
     # INI file lens
-    aug.set('/augeas/load/Puppet/lens', 'Puppet.lns')
-    aug.set('/augeas/load/Puppet/incl[last() + 1]', CONFIG_FILE)
-
+    aug.transform('Puppet', CONFIG_FILE)
+    aug.set('/augeas/context', '/files' + CONFIG_FILE)
     aug.load()
     return aug