Previously, the cfg.base_href variable was never set (it's not even in
the sample.config file!). Now, Plinth uses the specified root
directory (from the *--server_dir* argument) in each URL reference.
There's no point to having two copies of what's essentially the same
file. In the long term, this means the distributions will need to
patch out cfg.py directories instead of plinth.sample.fhs.config. So,
if diff plinth.sample.config plinth.sample.fhs.config reveals
anything relevant, put that in your patch.
Turns out, that was a terrible idea.
Putting privilegedactions in actions/ meant that we tried to interpret
it during startup (along with other similarly silly bugs). The
fastest way to fix this issue is to merely revert it.
Changes:
1. Remove local minified copies of html5shiv, modernizr, and jquery.
2. Add symlinks to system copies of minified modernizr and jquery. These are installed by libjs-modernizr and libjs-jquery.
3. In apache configuration, change DocumentRoot from plinth/static to just plinth.
4. Add permissions for /static location.
This allow us to handle all the Plinth setup in one package. I've
added one change from Pere's original commit: we disable Apache's
default site. If the default site is enabled, Plinth doesn't load
correctly (we get 404 errors).
Plinth has been moved from plinth.(server).local to (server)/plinth.
*plinth.py* has been updated to take a new *--server_dir* argument,
which *share/init.d/plinth* now provides. *plinth.sample.config* has
also been updated.
Actually, the whole package has been moved to a more Debian-friendly
configuration. *share/apache2/plinth.conf* has been updated to
reflect the standard Debian directories. It seems to make more sense
this way, as (other than FreedomMaker, which now uses this package
anyway) no other tools or derivatives use this system. The
configuration can be patched out by other distributions easily enough.
I'm sure there are still some exploits in the code, but there are
certainly fewer now. Instead of just executing whatever arguments are
passed into privilegedactions.privilegedaction_run, we now limit the
actions that can be run in the following ways:
- Only actions that exist in the actions directory can be executed.
Attempting to run the action "echo; rm -rf /" will look for a file
named "actions/echo; rm -rf /", of which there are none.
- Shell literals are escaped: attempting to run the "echo" action with
options like "'hi'; rm -rf /") will echo "'hi'; rm -rf /".
- It is difficult to interact with the spawned process through this
interface. We can't control whether the spawned process allows
interaction.
The details of the contract are included in privilegedactions.py, and
this contract is tested in privilegedactions_test.py.
Without this change, Apache tries to serve the static files from
/dev/null/static, which never exists, so users will see all exciting
manner of errors.
I've assumed that the correct directory is the default directory that
Freedom-Maker installs Plinth to, currently ``/home/fbx/plinth``.
Other distributions will need to patch this out to their preferred
location, like ``/usr/share/plinth/static``.
Apache configuration was missing a few modules, and the server needs
to be restarted after those modules are enabled. Also, the server
needs to be reloaded after the Plinth site is enabled.
It's inappropriate for the FreedomBox project to recommend Non-Free
Software. Therefore, we point users to the current version of FireFox
if their browser is too old.
Run as user/group plinth, not www-data.
Rewrite to use lsb init-functions for starting/stopping and output.
Use /bin/sh instead of bash to speed up the boot.
