Some VPS providers preconfigure ufw which can break the
FreedomBox installation process on plain Debian. To
prevent this, make the freedombox package remove ufw.
Tests I made:
1. Enabled ufw on a Debian system
2. Built a custom package with the modification in the
control file
3. Installed the custom packge.
Result: ufw gets removed before the execution of
`update-initramfs: Generating /boot/initrd.img-5.10.0-17-amd64`
Signed-off-by: nbenedek <contact@nbenedek.me>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes: #2169.
python3-coverage >= 6.0 requires python3-tomli to be installed when using
pyproject.toml. There is no hard dependency on tomli for the coverage package
perhaps due to its optional nature.
However, python3-toml is not available in Bullseye. So, require a version of
python3-coverage that does not require python3-tomli.
Tests:
- Run git-pbuilder for stable and unstable. Builds were successful.
- Run autopkgtest for stable and unstable. Dependencies were satisfied but there
was an unrelated error during test collection.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
python3-all:any means that python3 interpreter of any architecture could be used
to build the package. python3-all means that same architecture as the build
process would be needed. This is a stricter restriction and is unnecessary for
the case of freedombox package.
See discussion in: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=995498
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2100.
- wireless-tools package is being orphaned. https://bugs.debian.org/963896 .
- We use Network Manager to manage network and don't use iw* tools from
wireless-tools package. Network Manager itself does not need wireless-tools
package to configure and manage Wi-Fi connections. This is seen on typical
desktops.
- FreedomBox service uses NM D-Bus API to scan for available networks.
- Code does not refer to the tools iwconfig, iwevent, iwgetid, iwlist, iwpriv or
iwspy. These are the binaries provided by the wireless-tools package.
Tests:
- After removal of the wireless-tools package, wireless scan functionality does
not result in an error.
- Not tested: Attaching actual Wi-Fi hardware and seeing the list of available
Wi-Fi networks.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #1818. The new navbar collapse handles items better without a scrollbar.
- Switch dependency to newer bootstrap4 library.
- Bootstrap 4 has 5 grid levels instead of 4. Adjust all classes accordingly to
retain current semantics.
- Update for newer markup for dropdowns.
- Replace use for labels with badges. Labels have been removed. Use
badge-secondary instead of label-default.
- Replace use of btn-xs with btn-sm. Size is roughly the same.
- Accommodate removal of form-horizontal.
- .hidden* and .visible* classes have been removed. Use alternate utilities.
- Replace use of table-condensed with table-sm.
- Update progress bar background styling. .progress-bar-* have been replaced
with bg-*.
- Drop support for IE9 and below. Bootstrap 4 does not support those browsers.
- Use the new simplified markup for navs, navbar and navbar-toggler. Accommodate
removal of .navbar-fixed-top.
- Update the JSXC page too.
- Update all values that are using rem units. The base font size is now 1rem =
16px instead of 1rem = 10px. This the default for bootstrap 4.
- A button inside a dropdown menu is natively supported by bootstrap 4. Remove
custom styling done earlier.
- Drop use of removed class thumbnail.
- Override colors for buttons and warnings to keep the old style.
- Use new markup for close buttons inside alerts.
- Use .collapse.show instead of .collapse.in as per bootstrap 4 styling.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Required only by tests when run as superuser. However, it's addition makes it
very uniform to ensure that all dependencies are pre-installed in a container
when running tests.
- We may find ways to run root user tests in future.
- The package seems very stable.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
This change prevents the plinth user to set the ssh-keys without
knowing the user password.
- Debian: added new dependency python3-pampy to authenticate users.
- Added additional required parameter --auth-user to the
'actions/ssh set-keys' command. A password should be
provided through STDIN.
Tests performed:
- running 'actions/ssh set-keys' with empty or wrong admin credentials
fails.
- running 'actions/ssh set-keys' with correct admin credentials
succeeds.
- running 'actions/ssh set-keys' with correct non-admin credentials
succeeds if the --username is the same user.
- running 'actions/ssh set-keys' with correct non-admin credentials
fails if the --username is a different user.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
GPT scheme has two mostly identical partition table headers. One at the
beginning of the disk and one at the end. When an image is written to larger
disk, the second header is not at the end of the disk. Fix that by moving second
partition to end of the disk before attempting partition
Tests:
- Unit tests run as root work.
- On A64-OLinuXino board, boot with eMMC and UEFI image. The partition does not
expand on initial setup. Trying to manually expand in storage app fails. Apply
patch. Manual expansion works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
From documentation[1][2], it appears that the proper way to rename the source
package is simply to change the source package name. The binaries will be
treated generated from a new source package name. The old source package will
then not have any binaries associated with it. This will prompt the 'dak
cruft-report' tool to automatically remove the old source package[3]. No further
action will necessary to remove the old source package.
Links:
1) https://wiki.debian.org/RenamingPackages
2) https://www.debian.org/doc/manuals/developers-reference/pkgs.html#moving-removing-renaming-orphaning-adopting-and-reintroducing-packages
3) https://wiki.debian.org/ftpmaster_Removals
Tests:
- Build .deb package. Package is built successfully. Source package name is
'freedombox'.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This is a slightly hacky way to ensure that nscd package is installed
rather than unscd (which provides nscd as a virtual package).
This will work as long as unscd does not jump to a version 2. It is
currently 0.53-1 and has little recent activity, so this condition
seems likely to hold in the near future.
Tests:
- In vagrant box, installed unscd. Installed modified freedombox deb.
Saw that unscd was removed and nscd was installed.
- In DigitalOcean droplet, reproduced issue from #1877. Installed
modified freedombox deb. Saw that unscd was removed (no other
packages were removed) and nscd was installed. FreedomBox interface
was available again.
- Built a freedom-maker image with modified freedombox deb. Checked
build log that nscd was installed and unscd was not installed.
Closes: #1877.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Module systemd.journal is used for writing proper structured messages to
systemd-journald. This was earlier only a recommends.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
See #1841 for discussion on why Turbolinks needs to be removed.
Closes: #1841.
Closes: #1804.
Tests performed:
- There are no more references to 'turbolinks' in source code other than .po(t)
files and the manual.
- When loading a page, turbolinks.js is no longer loaded.
- The following links don't have data-turbolinks attribute and work well when
clicked.a
- Gitweb repository links
- Download manual links (en, es)
- Ikiwiki wiki links
- Sharing app web share links
- TT-RSS mobile app link
- 'Launch web client' button
- 'Launch' button in web section of clients table
- Active and regular front page shortcut
- Roundcube does not have a link to /roundcube in description.
- turblinks not present in /static/jslicense.html . LibreJs accepts all scripts.
Reported-by: Veiko Aasa <veiko17@disroot.org>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Tested-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Issue was reported by multiarch hinter on
https://tracker.debian.org/pkg/plinth.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- The repository has been renamed from 'plinth' to 'freedombox'.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- When there are multiple binary packages, a common practice is to install into
debian/tmp using the Makefile and then use dh_install and .install files. This
splits the contents installed into debian/tmp to various package directories
debian/{package}.
- Install documentation in to /usr/share/freedombox instead of
/usr/share/doc/freedombox. Then create a link to /usr/share/doc/freedombox/.
This approach is recommended Debian Policy Manual in section 12.3[1] because
it should safe for administrator to delete files in /usr/share/doc safely
without breaking the application functionality. The doc-base must refer to the
documentation in /usr/share/doc as per doc-base documentation.
Links
1) https://www.debian.org/doc/debian-policy/ch-docs.html#additional-documentation
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This package adds a single command on_ac_power to the system which is used by
unattended-upgrades to avoid running upgrades when on batter power.
Closes: #1753.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Stop building plinth package.
This will spark removal of package from unstable as it will not be built for any
source package (NBS, "not built from source") by the "cruft-report" tool.
Eventually it will also be removed from testing as there are not dependencies on
it.
See: https://wiki.debian.org/ftpmaster_Removals
Removal from backports may require filing a ticket in RT.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Requests library is still used by functional tests.
- Add requests as test dependency in setup.py.
- Keep python3-requests are build dependency in debian/control
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This introduces flake8 and fixes a bunch of flake8 errors.
flake8 is run with: ./venv/bin/flake8 plinth
if you're using a python3 venv.
We can eventually further integrate this with gitlab ci.
https://salsa.debian.org/freedombox-team/plinth/issues/58
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Create option --include-functional to run functional tests. Otherwise, they
are disabled by default. If pytest-bdd is not installed, functional tests are
not discovered at all.
- Make pytest-django discover the setting files by creating dummy manage.py in
top level directory.
- Make pytest run as './setup.py pytest'. Add alias from './setup.py test'. This
requires pytest-runner package.
- Merge .gitignore files from functional_tests/
- Update gitlab-ci.yml to run tests with coverage using pytest.
- Update HACKING.md to suggest using py.test-3 instead of old way of running.
Merge functional tests README.md into HACKING.md.
- Remove execution wrapper runtests.py as pytest-django is able to configure
Django settings before execution of tests. Update tests to explicitly ask for
Django database as database access is denied by default.
- Replace usage of python3-coverage with python3-pytest-coverage. Execution
wrappers are not required.
- Add build dependencies on pytest modules.
- Let all warnings be shown after running tests.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Implement listening for CacheUpdated notification.
- Configuration to allow only root to trigger the notification.
- Trigger the notification from an apt update hook.
- Retrieve the list of packages available for upgrade and print them to log.
- Add dependency on libglib2.0-bin for the gdbus command line tool.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Passwords will be automatically upgraded for each user on login.
Usernames not yet upgraded are vulnerable to user enumeration attack due to
difference in password check timing.
No need to add build dependency on python3-argon2 because tests use a different
Django configuration which does not use argon2 hash.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This is necessary to avoid errors when installing freedombox with older plinth
already installed. Also make plinth depend on latest freedombox to ensure
upgrades go smoothly.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
