Some actions that use this function are expected to output
JSON. Any output from apt-mark can interfere with this.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Guard against removing a hold while the package manager is busy.
Test:
1. Place hold on freedombox package.
2. Wait 3 minutes in development mode.
- Package is held.
3. Touch /var/lib/freedombox/package-held.
4. Wait 3 minutes in development mode.
- Package is not held.
- Flag is removed.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
This is to recover from a situation where the package is held, and
then plinth process is interrupted so it cannot release the hold.
We check for and recover from this situation when installing new apps,
and when running dist upgrade. This provides another way to recover
from the problem, by running manual update.
Tests:
- (normal) No hold on freedombox package, and flag is not set. Run
manual update. Afterwards, there is no hold, and flag is not set.
- (admin preference) Place hold on freedombox package, but flag is not
set. Run manual update. Afterwards, there is still a hold, but flag is
not set.
- (recovery) Place hold on freedombox package, but flag is
set. Run manual update. Afterwards, there is no hold, and flag is not
set.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
In case the plinth process is interrupted, the "finally" block that is
meant to unhold the package may not be executed, and the package will
stay held. The flag is used to indicate this situation, so it can be
resolved the next time apt_hold_freedombox is used.
Tests:
- (normal) No hold on freedombox package, and flag is not set. Install
any app. Afterwards, there is no hold, and flag is not set.
- (admin preference) Place hold on freedombox package, but flag is not
set. Install any app. Afterwards, there is still a hold, but flag is
not set.
- (recovery) Place hold on freedombox package, but flag is
set. Install any app. Afterwards, there is no hold, and flag is not
set.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2074
sunil's changes:
- Ensure that secret is not asked for a second time after creating admin user
and logging in (this happens due to discarding of old session and creating new
one).
- Ensure that this logic is not applied to user using FreedomBox images who are
not required to input the first wizard secret.
- Change the name of the session variable for readability.
Tests performed:
- Without the patch, start first boot wizard on the first browser on a
FreedomBox image (or run the file `base64 < /dev/urandom | head -c 16 | sed -e
's+$+\n+' > /var/lib/plinth/firstboot-wizard-secret`). Finish the welcome step
with first wizard secret. Then open a second browser or from another computer
visit the web interface. The first wizard secret is not asked and user can
create an admin account.
- Repeat with fresh image again with the patch. To mimic fresh image, one may
run `sudo rm -f /var/lib/plinth/plinth.sqlite3` and `echo "password" | | sudo
/freedombox/actions/users remove-user tester`. This time when a different
browser other than the one that provided the first wizard secret try to access
the account creation page, a redirection will occur to welcome page. Providing
the first wizard secret takes the user to account creation page.
- Accessing network first wizard page or internal pages on second browser also
takes one back to the welcome page.
- Accessing help pages from second browser requires login.
- Accessing account login page from second browser is allowed. After creating
the account from first browser, second browser can login and continue the
wizard.
- Clearing cookies in the middle of the wizard takes the user back to welcome
page.
- Clear cookies in the middles of the wizard. Visit the wizard, go to first boot
welcome page. Provide secret and the wizard will continue where it was left
off.
- Clear cookies in the middles of the wizard. Visit the wizard, go to first boot
welcome page. Access login page, login as admin. Then first wizard secret is
not asked. First wizard can be continued.
- On a fresh image, simply complete the first wizard. No change to earlier flow
is noticed. First wizard secret is only asked once at the beginning.
- On a fresh image, remove the file /var/lib/plinth/firstboot-wizard-secret.
First wizard can be completed without the secret.
[sunil: improvements to original patch by Kirill Schmidt]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tested-by: Sunil Mohan Adapa <sunil@medhas.org>
Add the debian-deluged user to the freedombox-share group *before* running
app setup. The app setup process restarts the deluged daemon
after which the process has correct group ownerships.
Tests done in Debian stable and testing dev containers:
- After installing the deluge app, checked from /proc/--process-id--/status that
the deluged daemon process has the freedombox-share group.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Add nslcd.service as a dependency to the services that depend on users
and groups defined in LDAP. deluged, mldonkey-server, syncthing@syncthing
and transmission-daemon services depend on freedombox-share LDAP group.
Closes#2061
Tests done with apps deluge, mldonkey, syncthing and transmission,
in both debian stable and testing dev containers, after applying changes:
- After installing an app and after reboot, the daemon user is a member
of the freedombox-share group.
- Checked with the `systemctl show` command that nslcd.service is added to
After=... dependencies.
- All the functional tests pass (in Debian stable, closed manually
the syncthing usage reporting form - #2059).
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Sunil:
- Minor update to the TURN server message.
- Drop updating the FAQ link since there may not be much time for translators to
translate the changed message due to our current release schedule. The old link
still works.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Matrix Synapse will automatically pick up the locally installed coturn server
during its installation. This handles only the case where coturn is installed
and configured with a valid TLS domain name before matrix-synapse is installed.
- Allow overriding STUN/TURN config. Matrix Synapse uses the local coturn
server's configuration by default. However, an administrator can override the
STUN/TURN configuration from FreedomBox web interface. Allow administrator's
overrides to co-exist with FreedomBox's managed STUN/TURN configuration.
Administrator's configuration, if it exists, always overrides FreedomBox's
managed configuration. Any updates to FreedomBox's managed configuration will
have no impact on the administrator's configuration since the latter takes
precedence.
Sunil:
- Collapse multiple turn actions into a single one for simplicity. Sending empty
configuration means removal of the configuration.
- Ensure that when removing configuration file is idempotent.
- Manage TURN configuration even when app setup is not yet completed. This fixes
issue with TURN configuration not getting setup on app installation and setup.
- Fix issue with TURN configuration getting updated on form submission even when
the field is not changed. This is due to mismatch between the browser submitted
\r\n with the internal \n.
- Simplify JavaScript for the form and attach handlers only after DOM is ready.
- Drop the no-JS message since the loss of functionality is trivial and to
reduce translation burden.
- Fix issue with URIs and secret parameters not getting updated unless the
managed checkbox changes.
- Drop specialized success messages for TURN configuration update to reduce
translation burden.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Sunil:
- Join the string in the template instead of the view.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Sunil:
- Add TurnConfiguration to reference documentation. Add more details in
docstrings.
- Rename the component to TurnConsumer since 'Component' in the name is
redundant and unconventional. Also, hopefully, the component will retain the
API over multiple TURN servers.
- Log when notifying other components about configuration change.
- Use TurnConfiguration class more widely.
- Refactor for simplicity.
- Additional tests.
- Move URI generation code into TurnConfiguration.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Avoid high CPU usage due to uwsgi continuously restarting before searx
config is upgraded.
Helps #1644.
Tests: Ran dist-upgrade for each case:
- Without searx installed -> no log messages related to searx.
- With searx installed but not enabled -> searx config is upgraded.
- With searx installed and enabled -> searx is disabled, later config
is upgraded, and searx is re-enabled. Searx page can be accessed at
the end.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Fixes: #2049.
This is regression introduced by me in 213cf16f8daa66dbfd3c761a61483c959c753559.
Although this case was tested for regression, the test setup was incorrect.
Tests:
- In networks page to details of a connection, the Delete button is aligned to
the right.
- In snapshots page, the Create Snapshot button is aligned to the left and
Delete Snapshots button is aligned to the right. Clicking on the buttons does
not change their position.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Allow plinth service to restart an unlimited number of times, with 5
seconds delay.
Test:
- After introducing an error in plinth startup code, the service is
restarted every 5 seconds without limit.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
