- As of bind 9.16, the option to enable DNSSEC 'dnssec-enable' is obsolete and
has no effect[1]. The option 'dnssec-validation' controls DNSSEC validation and
is set to 'auto' by default. 'auto' means that DNSSEC validation is enabled and
default trust anchor is used for DNS root zone. DNSSEC signatures are also
passed onto a client whenever available. Current stable, Debian Buster, has
version 9.16[3].
- As of bind 9.18, the option to enable DNSSEC 'dnssec-enable' is not recognized
and causes the daemon to fail to start[2]. Debian next, Debian Bookworm, has
version 9.18[3]. Therefore, in testing and unstable, bind fails to start of
installation from FreedomBox.
- There is no use-case for changing the current default behavior.
Links:
1)
https://bind9.readthedocs.io/en/v9_16_32/reference.html#dnssec-validation-option
2) https://bind9.readthedocs.io/en/v9_18_6/reference.html
3) https://tracker.debian.org/pkg/bind9
Tests:
- Run functional and unit tests.
- Option to enable/disable DNSSEC is removed.
- When bind is installed on testing without the patch, it fails to start. When
the patch is applied, bind will be upgraded, the dnssec-enable option is removed
from the configuration file /etc/bind/named.conf.options and bind is running.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- All tests in patch series have been done with this patch applied
- Install and uninstall of apps works
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- All tests in patch series have been done with this patch applied
- Unit tests pass
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- DONE: Check if package manager is busy works
- DONE: Power app shows status in app/restart/shutdown pages
- DONE: Upgrades app shows in app page and first boot wizard page
- DONE: When attempting force upgrade, busy state results in a back-off
- DONE: An app's packages can be installed/uninstalled successfully
- DONE: apt update is run before install
- DONE: If network is not available during package install, error message is shown
- DONE: Filtering packages with configuration file prompts works. Tested with
firewall 1.0.3 to 1.2.1.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- DONE: Functional tests works
- DONE: Initial setup works
- DONE: Borg repository is created at /var/lib/freedombox/borgbackup
- DONE: With regular and with encrypted repository
- DONE: Creating a repository works
- DONE: Getting information works. When adding a existing location, incorrect
password leads to error in the add form.
- DONE: Listing archives works
- DONE: Creating/restoring an archive works
- DONE: Backup manifest is created in /var/lib/plinth/backups-manifests/
- DONE: Including an app that dumps/restores its settings works
- DONE: Exporting an archive as tar works
- DONE: Exporting a large archive yields reasonable download speeds. 31
MB/s. 1GB file in about 30 seconds.
- DONE: Restoring from an uploaded archive works
- DONE: Listing the apps inside an archive works before restore
- DONE: Errors during operations are re-raises as simpler errors
- DONE: Get info
- DONE: List archives
- DONE: Delete archive (not handled)
- FAIL: Export tar
- DONE: Init repo
- DONE: Get archive apps (not handled)
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- DONE: Unit tests work
- DONE: Transmission
- DONE: Enabling/disabling an app with a daemon works: transmission
- DONE: Showing the status of whether the app is enabled with daemon
is-enabled works.
- DONE: A message is shown if app is enabled and service is not running
- DONE: Service is stopped and re-started during backup
- DONE: Adding user to share group during initial setup restarts the service
- Not tested: Enabling/disabling a service with alias works (no such apps)
- DONE: Restarting/try-restarting a service works
- DONE: Masking/unmasking works
- DONE: rsyslog is masked after initial setup
- DONE: systemd-journald is try-restarted during initial setup
- DONE: Avahi, email, security initial setup works
- DONE: Fail2ban is unmasked and enabled
- DONE: Enabling/disabling fail2ban is security app works
- DONE: Enabling/disabling password authentication in SSH works
- ?? Let's encrypt
- Services are try-restarted during certificate setup, obtain, renew
- Not tested: upgrade pagekite from version 1
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Functional tests work (failing already)
- DONE: Showing front page shortcuts according to user groups works
- DONE: Only user who is party of syncthing group is shown syncthing
- DONE: Admin users are always shown all the apps
- DONE: Syncthing:
- Not tested: When upgrading from version 2 or below, renaming group works
- DONE: Syncthing is added to freedombox-share group
- DONE: Initial setup of users app works
- DONE: freedombox-share group is created
- DONE: Retriving last admin user works
- DONE: Last admin is not allowed to delete account
- DONE: Creating a new user works
- DONE: Password is set properly (user can login with 'su - user' after)
- DONE: Incorrect confirmation password leads to error
- DONE: Adding the user to groups works (edit page shows correct list of groups)
- DONE: Editing a user works
- DONE: User is renamed properly
- DONE: Removing user from groups works
- DONE: Adding user to new groups works
- DONE: Providing incorrect auth password results in error message
- DONE: Enabling/disabling account work (confirm with 'su - user'). See #2277.
- DONE: Updating user password works
- DONE: New password is set (confirm with 'su - user')
- DONE: Providing incorrect auth password results in error message
- DONE: Initial user account creation works
- DONE: User account can be used (confirm with 'su - user')
- DONE: User is added to admin group
- DONE: Exception while getting SSH keys results in showing empty field
- DONE: Removing a user works
- DONE: Command provided in a message in users_firstboot.html works for
deleting users.
- DONE: If an admin users exists when running first wizard, list of admin users
is shown.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- SKIPPED: Functional tests work
- DONE: Initial setup works
- DONE: Root partition is expanded when space is available
- DONE: When there is free space for root partition it shows up in the interface
- DONE: Expand partition from user interface works
- DONE: Getting storage usage information works
- DONE: Disks and free space shown in app page
- DONE: Showing share mounts in samba works
- DONE: Backups add repository form shows disk choices
- DONE: Samba shows proper list of mounted shares and unavailable shares
- DONE: Directory validator works
- DONE: In deluge and transmission
- DONE: Auto-mounting a device works
- DONE: Ejecting a mounted disk from UI works
- DONE: Error are graciously handled
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Functional tests work (uninstall fails)
- Initial setup works
- File /etc/default/samba is updated
- Dump and restore share during backup/restore works
- Setup run successfully during restore
- /var/lib/plinth/backups-data/samba-shares-dump.conf
- Adding/deleting a share works
- Not tested: Add a share on ntfs or vfat file system works
- Showing list of shares in app view works
- Getting list of samba users in app view works
- Handling errors during add/delete share works
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Mounting an SSH repository works
- If an known error is thrown during mounting, a simplified error is shown.
- Unmounting an SSH repository works
- If an known error is thrown during mounting, a simplified error is shown.
- Correct status of whether the repository is mounted is shown.
- If an known error is thrown during mounting, a simplified error is shown.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Functional tests work
- Dump/restore of database works
- Initial setup works
- MySQL Database is created
- Configuration options are set
- OSM is enabled by default
- User who installed the app becomes admin
- Setting configuration works
- Enabling OSM
- Setting admin user
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Functional tests work (when libpam-tmpdir is removed)
- Backup and restore of database works
- Initial setup work
- Configuration file is created
- Database is created
- Website is accessible
- Enabling/disabling public access works
- Configuration file created/deleted
- App page show proper status
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Functional tests work (uninstall test fails to no backup component,
intermittent failure)
- Showing status information works
- In the main app page for server and clients
- When showing server details
- When showing client details
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- DONE: Functional tests work
- DONE: Initial setup works
- DONE: Automatic upgrades are enable by default
- DONE: apt preferences have been updated
- DONE: Enabling backports works
- DONE: Configuration file is created
- DONE: Correct status is shown in the app page
- DONE: Enabling/disabling automatic upgrades works
- DONE: Configuration file is updated
- DONE: Correct status is shown in the app page
- DONE: Manual triggering of updates work
- DONE: Log is shown properly in the app page
- DONE: Checking for distribution upgrade works
- DONE: Distribution upgrade from stable to testing works
- DONE: When running on btrfs distribution, snapshot is created before.
- DONE: Snapshots will be disable before upgrade and re-enabled later.
- DONE: When searx is enabled before upgrade, it's uwsgi will be disabled and
re-enabled later.
- Failures due to freedombox package not being the latest version (with the
changes).
- DONE: Development Vagrant box
- DONE: Automatic updates are disabled during development setup
- DONE: Development Container
- DONE: Automatic updates are disabled during development setup
- DONE: On stable, backports are enabled when running tests
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Ignore setting a None domain
- Updated tests to use base class
- Functional tests work
- Backup/restore works. Database is dumped and restored.
- Initial setup works
- Enabling/disabling works
- API access is enabled and a valid domain is set when available
- Setting the domain works
- Configuration is updated in update.php
- App page show newly set domain
- Not tested: force upgrade of package
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Fixed issue with restarting start when apt transport is updated
Tests:
- Functional tests work
- Initial setup works
- 'plinth' instance is created
- Enabling works
- Firewall ports are updated.
- Disabling works
- Apt transport over Tor is disabled
- Diagnostics work
- Shows all ports for Tor
- Updating configuration works
- Correct value is set in configuration file
- App page shows correct status
- Setting/unsetting each of relay, bridge relay, bridges, hidden service, apt
transport all work.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Functional tests succeed (noticed intermittent failure)
- Initial setup succeeds
- User/group are created. /var/lib/syncthing is created with proper user/group
ownership.
- In configuration file, authentication notification is disabled
- Syncthing web interface is accessible
- Authentication related notification is not shown.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Functional tests succeed
- Initial setup run during first setup successfully
- A key pair is created in /etc/apache2/auth-pubtkt-keys
- User is able successfully login to web UI.
- A non-admin user who has permission to access an app via group membership is
able to access the app's web interface.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- DONE: Functional tests work
- DONE: Initial setup work on btrfs filesystem
- Not tested: Upgrading from older versions
- DONE: After backup is restored for snapshot app, snapper daemon is reloaded
- DONE: All configuration values are updated as expected
- DONE: Values show up correctly in app page
- DONE: Configuration files contain the proper values
- DONE: New snapshot can be created, gets listed in the snapshots list
- DONE: Enabling/disabling apt snapshotting works
- DONE: Configuration file is updated
- DONE: App page shows the correct value
- DONE: Deleting snapshots works, snapshot is removed from the list
- FAIL: Rolling back snapshots works (#2144)
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Initial setup works.
- Empty Apache configuration file is created
- Adding a share works all the information added is shown during editing.
Configuration file is updated as expected.
- List of shares is shown as expected.
- When editing a share, information about share is shown correctly. Editing
works are expected.
- Removing a share works.
- Trying to add share with a name that already exists throws a proper error
message.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Functional tests work
- Initial setup works
- Setting configuration works, correct configuration is updated in the
configuration files and app shows the values correctly.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- When the app is disabled, configuration can still be updated. Attempts to
enable the setting while app is disabled seemingly fail.
Tests:
- Functional tests pass.
- When public access is enabled and app is disabled, the page still shows public
access as enabled.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Functional tests work
- Initial setup works
- UWSGI configuration is created and daemon is running.
- Enabling and disabling public access works. Public access file is
created/removed. App page shows current value. If exception is raised, error
is shown properly.
- Setting safe search to all three values works. Configuration file is updated
properly. App page shows current value properly. If exception is raised, error
is shown properly.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Functional tests work
- When the app is enabled, if the log path does not exist, it is created
/var/log/radicale.
- Not tested: upgrading from older version to 3.x
- Setting the access rights works. It is reflected in the app page and
configuration file /etc/radicale/config.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Functional tests work
- Setting the domain updates the configuration file, reflects in the app page
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Reboot works, the process works in the background showing apps page
- Shutdown works, the process works in the background showing apps page
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Functional tests work
- Initial setup succeeds
- Configuration can be set and new configuration is properly reflected in app
page and configuration files.
- A new service can be added and reflects in configuration files.
- Service can be deleted and reflects in configuration files.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- RSA to ECC migration was introduced in October 2020 is available to
Buster (via backports) and to Bullseye users. Dropping the code will make it
easy to test regular maintenance code updates.
- A two step setup process of first installing and then setting up the
certificates is no longer necessary. (New installs already don't use this). The
certificate generation process does not take hours but minutes. We also have a
good progress indication during install+setup process.
Tests:
- Functional tests pass.
- Initial setup completes successfully and does not take very long time.
- Profiles can be downloaded successfully and imported.
- A client an use them to connect.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Functional tests pass.
- Initial setup completes successfully and does not take very long time.
- Profiles can be downloaded successfully and imported.
- A client an use them to connect.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Initial setup of during first setup works
- When there are no wired network interfaces
- When there is 1 wired network interface
- When there is one wifi interface. wired network is setup as 'external'
WAN. (simulated with edit of _get_interfaces())
- When there are no wifi interfaces. wired network is setup as 'internal'
WAN.
- When there are multiple wired network interfaces
- First one is setup as WAN rest as shared
- When there is one wifi interface, interface is setup as shared.
- When there are no wifi interfaces
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This prevents the diagnostic failure.
Tests:
- Functional tests pass
- Diagnostics page shows a test for each hostname in the system. All of them
pass.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Functional tests work
- Setting the media directory updates the configuration file. Newly set
directory is shown on the app page after update.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Functional tests work
- Updating the configuration values works
- Enable/disable works
- Editing the max players works
- Changing all of them together and one at a time
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Functional tests works (when libpam-tmpdir is removed)
- Initial setup works
- Website is accessible
- sqlite file is created
- Database update is triggered
- Changing skin/admin password/public registrations/private mode/site name works
- Configuration file is updated
- App page shows the current value
- Website is reflects the correct value
- When private mode is enabled, public registrations are automatically
disabled
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Functional tests work
- Initial setup works
- Setup after install works
- Domain is properly set
- Configure domains is properly shown in the app page
- Updating TURN configuration works
- Configuration file is updated
- Enabling/disabling public registration works
- Configuration file is updated
- App page show current status
- FAIL: Daemon fails to start when public registration is enabled
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Functional tests work
- Initial setup succeeds
- infinoted user/group is added to the system
- systemd service is created and service is running after install
- Directories /var/lib/infinoted, /etc/infinoted and /var/lib/infinoted/sync
are created with infinoted as owner and group.
- Certificates /etc/infinoted/infinoted-{cert,key}.pem are created with
infinoted as owner and group.
- Enabling/disabling works and enables/disables the service
- Gobby is able to connect to the server and create a document
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Functional tests work.
- Initial setup works
- /var/www/ikiwiki is created
- Shortcuts are created for existing sites after restarting FreedomBox service.
- Creating a new wiki works.
- The site is listed in the list of blogs/wikis
- Creating a new blog works.
- The site is listed in the list of blogs/wikis
- Deleting a wiki works
- Deleting a blog works
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Functional tests work.
- Initial setup works
- Sometimes fails to write tunnel configuration (See #2127).
- Favorites are created as listed in FAVORITES in resources.py
- Tunnels are created: I2P HTTP Proxy, I2P HTTPS Proxy, Irc2P
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Functional tests work
- Accessing help/status-log/ works and last 100 logs lines are shown.
- When there are no logs, '--no entries--' message is shown.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Functions tests work
- Initial setup works
- Global default branch is set to 'main'
- Creating an repository works
- Cloning a repository works
- Progress is shown on the app page
- List of repositories is shown properly in the app page
- Deleting a repo works
- Editing a repository works
- Repository information is shown properly in the form
- Renaming a repository
- Setting description
- Setting owner
- Setting a repository private/public
- Setting default branch (list of branches is shown properly)
- Error is thrown properly when a remote repository does not exist
- Errors are handled properly when creating/editing/deleting repo
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- If a daemon is not-running, we already show an error message to the user. Use
that mechanism instead of the custom one.
Tests:
- Functional tests work.
- Initial setup for firewall on first boot works.
- Default zone of the firewalld is set to external in /etc/firewalld.conf
- Status of various apps is shown properly in the app page
- If firewalld is not running, the app page is still displayed properly and
message that firewalld is not running is shown.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Functional tests work (uninstall test does not work)
- Initial setup works
- Domains are setup
- Home is setup (others don't have permission for /var/mail)
- Aliases configuration is setup
- Postfix is setup
- rspamd is setup
- Changing primary domain works
- Adding/removing domains works
- Error during operations is handle properly: getting dkim key
- Setting up DKIM key when changing, adding/removing domain works
- Showing DKIM key in app page works
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Functional tests work (backup test intermittent failure)
- Initial setup works
- Domain name is configured properly
- FAIL: Changing hostname works (See #2276)
- Adding a domain to the system works
- Current list of domains shown properly in app page
- Setting list of domains works
- Showing TURN configuration works
- Updating TURN configuration in coturn page works
- Enabling/disabling MAM status works
- Configure file is updated
- App page shows correct status
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Functional tests work.
- Initial setup works.
- Setting the setup version to 1 and running the service upgrades to version 2.
During this, export_config() and clean() work successfully.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
