- Installing dbcommon-pgsql and not install dbcommon-mysql does not
ensure that PostgreSQL is selected as the database for the
application. Set a debconf value to force selection of PostgreSQL.
- Minor styling fixes.
- Read Apache configuration to find the list of all available
certificates and their associated domains. Use this for setting UIDs
properly.
- Solve the issue of re-importing renewed certficiate. Use the SSH
fingerprints as unique keys instead of domain names. Compute SSH
fingerprints for SSH keys and HTTPS certficates inorder accurately
identify if they are currently imported into monkeysphere.
- Allow having more than one domains for a certficiate. Add action to
import new domains to an existing monkeysphere OpenPGP key.
- Import only once for a given certficiate and keep adding UIDs when
domains get added.
- Merge services SSH and HTTPS giving us the ability to deals with many
more services. Remove special handling for different kinds of
certificate sources.
- Supress monkeysphere prompts in case of reusing UIDs.
- Since we are trusting the remote user header, it is much safer not
listen on external addresses. We don't that since Apache connects on
internal address.
- When writing the configuration file for no NAT case, append then last
part of the file instead of overwriting.
- Also 'echo' statements are missing leading to attempt to execute the
config options instead of writing them to a file.
Currenly uptime is being taken as measure to decide whether update must
run. Uptime is the number of seconds since machine has booted. If a
machine has run for 30 hours, and rebooted, then update will not be done
until the machine has run for 30 hours + desinated time. Using seconds
since epoch fixes this.
- The current code to parse the configuration file does not work proper
if there is an '=' in the password. Fix it.
- Also if predesignated keyword like 'server' occurs in the password,
configuration can't be read properly. Fix it.
* Add an option to pass the password via cmdline (optional, not used by
plinth) if called manually.
* Fix: If -p option was not the last given option, everything after -p
was lost. Closes#310.
- Add note about resetarting firewalld.
- Refactor checking for running configuration process.
- Fix error message being show as info message.
- Minor indentation fixes.
- Allow setting multiple SSH keys one per line (which is already
allowed, but advertise it better).
- Use mkhomedir_helper to create the user's home directory. Avoid
security and accuracy complexities of creating a home directory.
- Allow homes that don't exist in /home.
- Closes#366 and closes#304 (all sub-tasks).
- Start new process group with setsid() by sending
start_new_session=True
- Detach from parent process fds by closing all FDs and attaching stdin,
stdou and stderr to /dev/null.
- Don't wait for the process to complete.
- This allows for upgrading Plinth while upgrades are trigged from
Plinth itself.
- Show log of upgrade exection instead of output and error log of the
process which can no longer be collected. This has the advantage of
showing automatic executions also.
- Rewrite the mechanism to detect whether upgrades can be run. It is
now based on whether the package manager is busy. This has the
advantage of working properly if other apt processes are running,
automatic upgrades are running, etc.
- Busy status works even if Plinth is restarted while upgrades are in
progress.
- More descriptive messages showing that upgrades don't have to be
triggered manually.
- Warn that other packages can't be installed while upgrades are
running, which may take a long time.
- Warn the users of potential temporary unavailability of
Plinth/Apache2.
This is the first implementation for obtaining certificates from Let's
Encrypt. Following the features and limitations.
- Requires manual operation.
- Registrations are done anonymously.
- Supports revoking and re-obtaining certificates. Does not have a way
to show if a certficate is already renewed.
- Automatic renewal is not available.
- Details messages in case of errors.
- Has ability to switch to testing mode by using LE's staging servers.
- Sets up Apache configuration for the domain and enables/disables it.
When certificates are not available for a domain, default website
configuration is used. When certificates are available, separate
SSL website configuration for each domain is used.
- Many domain will work with a single IP address with the help of Server
Name Indication (SNI) which is supported by all modern browsers.
- Supports diagnostics on websites.
Action:
- Don't use const for HOST_TOOL, it is unlikely to be ever changed.
- Don't pass multiple key ids as single string to monkeysphere-host.
- Use JSON for data transfer with action instead of custom format and
parsing.
- Minor styling fixes.
Template:
- More consistent indentation.
- Improve the description.
- Add headers to the table.
- List domains instead of domain types.
URLs:
- Take domain as argument for key generation.
- Narrow down fingerprint matching regex.
Views:
- Take domain as argument for key generation. Verify that domain is
valid.
- Minor grammer fix to cancel message.
- Use JSON format for getting key status.
- List domains instead of domain types.
monkeysphere: Run publish as background task, allow user to cancel.
Small fixes to names module:
- Remove unused ugettext import.
- Change SERVICES to tuple.
- If a domain is not available for a service type, return None instead
of (translated) "Not Available".
- Rename get_services -> get_enabled_services.
- Change term 'reboot' to 'restart' as it is less techinical and more
consistent with popular interaces on desktop/mobiles.
- Updated description for power module.
- Simplify the module title to just 'Power'.
- Update the use of elipses and angular quotes as angular quotes and
elipses are both used to indicate that further user interface will be
available after pressing the button.
- Remove suprious '\' in power_reboot.html.
- Notify to the user that web interface will not be available after
reboot/shutdown.
- Redirect the user to application page after restart/shutdown. If the
page serve succeeds, they will have simply refresh/access it after
restart/shutdown after waiting or powering on.
- Authentication using client certificates. Extra password based
authentication for later.
- Auto setup of CA, server and client certificates.
- Provides a .ovpn profile for each user for easy setup.
- Use 4096 bit Diffie-Hellman parameters for better security. If this
takes to much time, reduce it to 2048 or 1024, at least during
debugging.
- When the current configuration does not contain a port and we try to
set the port for the frontend server, it fails. This patch fixes
that.
- Minor styling and spelling fixes.
- Make sure that if port is not set for frontend, it will be set on
saving the form.
