- RTP ports used for voice and video communication can span a wide range
of ports. Some servers seem to restrict the range. However, repro
does not seem to do that. So, open up the full range.
- Update action to not configure jwchat anymore.
- Update action to not disable jwchat apache configuration. Since the
package is no longer installed, this could cause failures.
- Update action to no refer to jwchat in comments.
- Update jwchat-plinth Apache configuration to not include jwchat
anymore. Keep this file name for now instead of renaming it to
jsxc-plinth as this would introduce additional complexity with little
benefit.
- Install package libjs-jsxc instead of jwchat during xmpp setup.
- Create jsxc front page shortcut instead of for jwchat.
- Perform diagnostics on /http-bind/ URL needed for jwchat instead of
/jwchat.
- Update links that launch XMPP web client.
The wget command to push the current IP via update URL will download the
update URL document without deleting the HTML document afterwards. This
will cause the script to flood "/root/" folder.
Implement killing the publish process from within the action. Don't let
the killing be too generic to avoid potential security issues. Kill
process only if it appears as expected.
Older format was:
uid ssh://host
Newer format is:
uid [ something] ssh://host
I believe this change happened due to migration from gpg to gpg2. Adopt
our code to handle both cases.
Monkeysphere was using MD5 fingerprints (without the 'MD5:' prefix).
They seem to have switched to 'SHA256' recently and started prepending
the hash with the string 'SHA256:'. Make the module work with this
change and hopefully for future hash algorithm fixes.
- Use a parser generated data type exposed by ruamel.yaml library to get
the necessary double-quoted strings that we want in the output file.
- Simplify reading and writing to a YAML file.
- Fix incorrect dependency of ruamel.yaml Debian package. The correct
one is python3-ruamel.yaml.
nscd monitors files in /etc and invalidates the cache automatically when
they change. However, for other mechanisms it recommends issuing a
manual flush in its manual page. Flush nscd passwd and group database
caches after all user operations (not just rename operation, just to be
sure).
Current check whether the package manager is busy and getting the
unattended upgrades log requires root. This will not allow Plinth to
run as non-root. Fix this by moving the operations to actions script.
Due to permission restrictions on the configuration file (due to stored
password), it is not possible to read it as plinth user. Read it using
sudo instead.
- Make the default snapshot detection slightly more robust and refactor.
- Expand description to explain automatic snapshotting, etc.
- Show description even after setup.
- Show default snapshot as a bootstrap label.
- Message explaing how rollback can be undone.
- Minor updates to delete/rollback confirmation messages.
- Minor style refactoring
- Create and list filesystem snapshots. Hide "current" snapshot.
- Allow deleting snapshots, except for default subvolume.
- Allow rollback to a snapshot.
Preseeding settings with debconf won't have any effect if the packages
are already installed. Instead, provide an override database to
dpkg-reconfigure.
- Fix code style.
- Keep description and util functions at module level.
- Add license notice to forms file.
- Internationalize and make choice descriptions more informative.
- Allow users to run regular relays. In addition to that users will be
able to turn them into bridge relays. Like before, by default,
relaying is enabled and the relay type bridge relay.
- Show obfs3/4 transport ports as needing firewall port forwarding only
if bridge relay is enabled.
- Remove pluggable transports configuration from configuration when
bridge rely is disabled.
- Improve description message for relays and bridge relays.
- Do stricter matches when editing configuration file. Earlier
mechanism would match comments etc.
- Move action methods to module core from views.
- During first boot, notify users that console login is restricted and
that they can changed that from security settings.
- Recommend enabling conosle login restrictions. Add message about why
console restrictions are important.
- Show title in security module.
- Show free space of currently mounted partitions. Should help with
people running out of free space and ending up with non-working
system. In future, this module could emit more visible messages.
- Show and allow expanding root partition to help people who have
written FreedomBox images to higher capacity SD cards. Very selective
and restrictive checks to minimize problems.
- Automated tests to ensure expansion works in non-trivial senarious.
Closes#496. If no update is done because no update needs to be done,
the success status needs to be written. Because maybe the DNS record is
up to date when the action script is executed for the first time. In
this case no success message was written and it looks like DynDNS is not
executed.
- Use action helper so that Plinth can run unprivilaged and action
script can run as root.
- Use Status-Fd feature of apt-get to report progress. Don't report
much detail.
- Capture all stderr of the apt-get process and present it only in case
of failure.
- Remove package installation using PackageKit. Remove dependency on
PackageKit.
- Merge --setup package installation with regular package installation.
This should fix the following problems:
- PackageKit throws errors when APT encounters an error and later
corrects them and proceeds well. This is reported upstream but not
fixed.
- PackageKit does not install recommends by default and there is no easy
way to tell it to do so.
- In some rare cases, PackageKit could get stuck for interactive input
even though interactive flag is set to false.
- PackageKit does not work without network manager connections. (Could
have been mitigated by altering packagekit configuration).
- PackageKit glib library leaks file descriptors after each operation.
This leads to running out of fds during long running refresh
operations such as OpenVPN setup. (This should have subsided by not
checking package install with the new setup mechanism.)]
Known issues:
- In development mode, inside action scripts the python modules are
always loaded from system path and not development directory.
- With PackageKit it is possible to run multiple operations
simultaneously. Others would wait while the first is being
installed. With new implementation, the others error out unable to
obtain lock.
- Break down setup process into methods.
- Make sure that LDAP entity setup is idempotent.
- Peform all entry updates while slapd is running instead of using
slapadd.
- Start slapd only when necessary. Shutdown (only) if we have started
slapd.
- adapted all modules to not use views.ConfigurationView anymore
- removed templates that are not needed anymore
- no more implicit 'enabled' and 'get_status' functions in __init__.py files
- (more coherent/explicit use of Django functionality)
The Service object now offers handling services on a system level,
and gathering information whether it's enabled or running.
New methods: enable, disable, is_enabled, is_running;
For this it needs the correct (system-level) service name.
All of the methods can be overridden/customized.
This changes all modules to the new Service object and deletes
action scripts that are not required anymore.
- API: start, stop, enable, disable, reload, is-running, is-enabled, list
- only allows access to a service if the service name is listed in a
'managed_services' variable of any plinth module.
