Allow read access by URL by default.
Tests:
- Installing bepasty fresh show the default permissions as read.
- Upgrading bepasty from older version when default permissions are none sets
the default permissions to read.
- Upgrading bepasty from older version when default permissions are not none
retrains the permissions.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil: Don't relocate setup() method]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tested-by: Sunil Mohan Adapa <sunil@medhas.org>
- This will allow us to remove the code needed for force upgrading. Upgrade code
can be dropped after a while.
- This will ensure that all our users have a single configuration format which
will make future testing easier.
- We can notify the users of a single overwrite now and be assured that in
future, the overwrites of configuration will not happen.
- We don't have to monitor for changes to configuration files in future version
of the package.
- Keep old configuration as a backup file and restore a pristine copy with
--reinstall and --force-confmiss.
Tests:
- Install the app freshly. Configuration file is unchanged, new config snippets
are created. App is running.
- Install the app with code before new configuration changes. Notice that old
configuration format is used. Then switch the code to a branch with current
changes. Setup is automatically executed. The package is reinstalled. After
re-installation, the main config file is restored. Configuration snippets exist.
value of public registration and domain is preserved. Backup file exists with
previous configuration contents.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Tested-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Also add ability restore missing configuration files during reinstall.
- Reinstall is useful for restoring the original configuration files of the
package.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Now it is possible to change default branch when editing a repository.
Gitweb site shows default branch as a main branch and the 'git clone'
command checks out to default branch.
Added unit and functional tests. Splitted one large 'test_actions'
into multiple tests.
Tests performed:
- All gitweb unit and functional tests pass.
- Created a repository from a remote repository which has default
branch other than master. Confirmed that the 'Edit repository'
page shows correct branch and gitweb site shows this branch as
a default branch
Closes#1925
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Prevent leaking private info through Tor onion service or Pagekite.
Tests:
- When starting plinth, apache setup is run. Status module is
disabled, and apache2 is restarted.
- sunil: After upgrade, status page is not available.
- sunil: mod_status is available in stable (2.4.38-3+deb10u3) and
testing/unstable (2.4.46-1).
Closes: #1935.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tested-by: Sunil Mohan Adapa <sunil@medhas.org>
- Stick to a subset of allowed configuration file syntax (full syntax). Only KEY
= VALUE statements are allowed. Values can be full JSON (valid python).
- Use augeas to read as key/value pairs and then parse the values in JSON.
- Add convenience methods to read and write configuration files.
- Read the entire configuration file in a single action.
- Internationalize the permission strings displayed to the user.
- Pass password during remove-password operation via stdin instead of command
line.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- Since a password without any permissions is not useful.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
Since radicale 1.x is only in Stretch (oldstable), remove code that
was added to support that version and migration from 1.x to newer
versions.
Keep the fix for missing log path as the fix is not available in Buster yet.
Tests:
- Ran functional tests in testing container. Manually tested logging
in to web interface and creating a calendar.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Add back the fix for missing log path]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
GPT scheme has two mostly identical partition table headers. One at the
beginning of the disk and one at the end. When an image is written to larger
disk, the second header is not at the end of the disk. Fix that by moving second
partition to end of the disk before attempting partition
Tests:
- Unit tests run as root work.
- On A64-OLinuXino board, boot with eMMC and UEFI image. The partition does not
expand on initial setup. Trying to manually expand in storage app fails. Apply
patch. Manual expansion works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Also, set 'username' and 'keys' arguments for the ssh action
script as required.
Tests performed:
- Setting and deleting ssh keys for the 'tester' user via
web interface works.
- trying to set keys for the root user
`./actions/ssh set-keys --username root --keys abc`
fails with an error.
- trying to get root user keys fails
`./actions/ssh get-keys --username root`
- running ./actions/ssh get-keys and set-keys without parameters
shows required arguments.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
I tested that ikiwiki functional tests pass and running the command
`sudo ./actions/ikiwiki delete --name '../'`
returns an error and does not delete any directory.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
New API was introduced in ruamel.yaml 0.15.0:
https://yaml.readthedocs.io/en/latest/api.html
Set allow_duplicate_keys to true to avoid error when parsing
ejabberd.yaml.
Tested ejabberd install on unstable, testing, and stable.
Closes: #1888.
Additional tests:
- Install the app. It will contain configuration related to LDAP and SSL
certificates.
- Add a domain to FreedomBox it will show up in the configuration.
- Add a domain that is already present in the configuration file. It will not be
added again.
- Enable/disable MAM. The configuration is updated accordingly.
- Login via JSXC and send simple messages across two users.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tested-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Run with new code. Setup is run for upgrades modules.
/etc/apt/preferences.d/51-freedombox-apps.pref contains the changes for
python3-attr.
- On stable. apt policy python3-attr shows version 19.3.0-3~bpo10+1 is the
preferred version.
- On stable, installing matrix-synapse leads to installation of python3-attr
=19.3.0-3~bpo10+1.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- On unstable and testing:
- Ran functional tests for upgrades.
- Ran actions "upgrades setup" and "upgrades setup-repositories".
- On testing:
- In develop mode, activated backports.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- 50freedombox4.pref handles freedombox package from current
backports. Whenever upgrading to a new Debian release, backports can
be activated for the new release, and will always include the
freedombox package at the start.
- 51freedombox-apps.pref handles apps, and each entry is particular to
a Debian release. For example, after bullseye release, entries from
bullseye-backports can be added, and entries from buster-backports
can be removed.
Tests:
- In testing container, run setup in development mode. Apt preferences
files have the expected content.
- In stable vagrant box, install deb with these changes. Apt
preferences files have the expected content.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- If backports is for older release, then it can be activated again to
upgrade to latest release. (Plan is to make this automatic, but
leave the manual option as a fallback.)
- Security notice still shown if older backports are enabled.
Tests:
- On Buster system, change distribution in
/etc/apt/sources.list.d/freedombox2.list to
stretch-backports. Updates page shows button to activate backports
again. Activate and check the source list to confirm that it has
buster-backports again.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Build deb and install in buster image. Manually remove backports
sources file. Security page does not show backports notice. Updates
page shows button to activate backports.
- Activate backports from updates page. Success message is shown and
button to activate backports is removed. Security page shows
backports notice.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Uses lsb-release which is a dependency of unattended-upgrades.
Closes: #1844.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Minor change to the printed message]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Run `apt-get --fix-broken install` before installing package or manual
update. This will attempt to correct broken dependencies.
Tests:
- Install a package without its dependencies using `dpkg -i`.
- Both app install and manual update successfully recover from this
situation.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Not all disks can be ejected. For example, SATA disks can't be ejected. However,
they can be removed as long as all filesystems are unmounted properly. Ignore
errors during ejecting of a disk.
Closes: #1597.
Tests performed:
- In VirtualBox, attach a SATA disk, format it with two partitions. See them
auto-mounted by FreedomBox. Eject one of the partitions, both partitions are
unmounted but operation does not fail despite SATA disks not being eject-able.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
In ed09028fcd2c850c3b87b65de66187b214190150, when eject was made to run as
superuser inside storage action, parsing of the error messages was not handled
properly. Fix it to show simple error messages about why the eject was not
successful.
Tests performed:
- In a terminal, switch to the directory where a disk is mounted to keep the
mount point busy. Attempt to eject the disk. A large stack trace is shown
without the patch and a clean error message is shown with it.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Do not enable/start service during package install/upgrade
- Configure needrestart to skip restarting service
Closes: #1638.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Provide proper regex string in needrestart configuration with qr()]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Avoid introducing dependency on dpkg-vendor.
Tested:
- Install a base-files package from Ubuntu. Change
/etc/dpkg/origins/default to point to it. Running the
setup-repositories action does not create the backports list in apt
sources.
Closes: #1654.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Add log warnings to help debug if there is a related issue.
May help #1834.
Tested:
- Run action command with valid and invalid username. Warning is printed for
invalid username.
- Modify the output to remove '='. Warning is printed instead of exception.
- Ensure that warnings messages are output to stderr and not stdout.
- On frontpage.py change the call to get user groups and ensure that that output
warning messages are not parsed groups.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Drop module logger as root logger is at use]
[sunil: Use %s formatting for logging API]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This is a fix for regression introduced by
ebe6a0ed026e27dc650b4c2fed8426357f959ddc. I have incorrectly assumed that
providing only IPv6 ORPort is sufficient to listen on IPv4 and IPv6. As a
result, Tor does not run when relay is enabled. Fix this by adding ORPorts for
both IPv6 and IPv4.
Tests performed:
- Tor shows as running after enabling relay functionality.
- Adding single or multiple ORPort values in the configuration file leads to
actions/tor get-status reporting that relay is enabled.
- Functional tests for Tor run properly.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
/etc/sysctl.conf is owned by procps package.
Test: Run minidlna install on fresh image.
- /etc/sysctl.conf is not modified.
- /etc/sysctl.d/50-freedombox.conf has the expected content.
- /proc/sys/fs/inotify/max_user_watches contains 100000.
- Running with these changes upgrades app version and triggers a setup. Changes
in /etc/sysctl.conf are removed. After undoing the changes /etc/sysctl.conf is
identical to pristine version installed from procps package. This can be
obtained by running; rm -f /etc/sysctl.conf ; apt install --reinstall procps -o
Dpkg::Options::=--force-confmiss
Closes#1802.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Undo changes done in /etc/sysctl.conf in older versions]
[sunil: Increment app version to trigger configuration migration]
[sunil: Ensure that app is not re-enabled during migration]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Remove freedombox-udiskie.service file. Don't run udiskie anymore. Use our own
implementation of auto-mounting.
- Schedule disk failure checking to 3 seconds after application initialization.
Also perform auto-mounting at that time.
- Listen to new filesystems added and auto-mount them.
- Listen to disk failing attribute and report to user via a notification.
- Add rules to polkit-1 to allow plinth user to mount drives.
- Add simple abstractions over DBusProxy objects make accessing properties
simpler.
- Replicate udiskie's approach to mounting disks.
- Mount as root user for now using command line instead of DBus API. This is to
keep compatibility with older code that mounted under /media/root with relaxed
permissions.
Udiskie analysis:
- On device added, media added, perform auto_add
- On device changed and is addable and old state is not addable or removeable
- Automount condition:
- Matches configuration
- Not ignored
- is_filesystem and not mounted -> mount
- crypto device -> try unlock -> if success, mount
- is partition table
- Get all non-ignored devices, if partition then mount
- Mount condition:
- Is not ignored
- Is filesystem
- Find device with path
- Get options from configuration
- Is ntfs and executable ntfs-3g is not available
- Call mount
- No support for udisks1
- Built-in rules
- {'symlinks': '/dev/mapper/docker-*', 'ignore': True}
- {'symlinks': '/dev/disk/by-id/dm-name-docker-*', 'ignore': True}
- {'is_loop': True, 'is_ignored': False, 'loop_file': '/*', 'ignore': False}
- {'is_block': False, 'ignore': True}
- {'is_external': False, 'is_toplevel': True, 'ignore': True}
- {'is_ignored': True, 'ignore': True}
Tests performed:
- Create a CDROM in VM, inject media. Disk should get mounted.
- Create a temp file. mkfs.ext4 it at top level. losetup it. It should not get
auto mounted as it is a top level internal device.
- Create a temp file. Create two partitions and format the partitions. kpartx
-a on it. Both the file systems should get mounted.
- Create a temp file. luksformat it. Create a filesystem. luksopen the file.
It should get auto mounted.
- Checking for disk space repeatedly happens every 3 minutes.
- Drives are checked for healthy status only once, 3 seconds after FreedomBox is started.
- FreedomBox is able to mount disks while running as 'plinth' user with
policykit-1 version 0.105-26.
- FreedomBox is able to mount disks while running as 'plinth' user with
policykit-1 version 0.116-2 from experimental.
- Temporarily flip the is_failing condition in report_failing_drive. When
FreedomBox is restarted, notification about drives failing show up. When the
condition is reverted to normal, the notification is withdrawn.
- Build new Debian package and upgrade system with 20.8 installed. Two files
should be removed:
/var/lib/systemd/deb-systemd-helper-enabled/freedombox-udiskie.service.dsh-also
/etc/systemd/system/multi-user.target.wants/freedombox-udiskie.service .
systemctl status freedombox-udiskie.service should report no such unit.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Avoid no-response error when deleting a snapshot. This is caused when disk is
full and delete operation tries to store data in session which is stored on
disk. The session update fails and there are no values to delete. This case in
not handled and return a None in view causing a 500 error. Use GET params
instead.
- Delete all functionality that is meant to speed up deleting snapshots has
regressed and is currently never used. Further, there are more types of
snapshots that can't be deleted that needs to be handled in delete all
functionality. Drop it for now.
- When snapper list is run the snapshot number can contain '-', '+' or '*'
suffixed to it. Currently only '*' is handled. This leads to failure in listing
the snapshots after a restore snapshot'. Fix this is properly parsing. Also it
is no longer needed to query 'btrfs' command to know the snapshot that will
used at next boot. '+' or '*' means that.
- Don't list snapshot number '0'. It is never listed to the user and it can
never be deleted. It represents the current system.
- Properly implement checking for default and active snapshots. Don't let delete
operation on either of them.
- Fix regression with disabling the delete button when there are no snapshots
that can be deleted.
Tests performed:
- Before any snapshot is restored, the labels 'will be used at next boot' and
'in use' are not shown. Snapshot with number 0 is not shown.
- Immediately after restoring a snapshot, the 'will be used at next boot' label
will shown up on snapshot that is going to boot next.
- After rebooting after restore, the snapshot that has been restored will show
'will be used at next boot' and 'in use' labels. Restoring another snapshot will
move the 'will be used at next boot' label to the new restore snapshot but keep
the 'in use' label on the current snapshot until next reboot. Snapshot with
number 0 is not shown.
- Delete check boxes are not shown against the 'in use' and 'will be used at
next boot' snapshots. Entering their values manually in the URL in the delete
screen will lead them to be ignored.
- Select multiple snapshots and click delete. The details appear properly in the
confirmation window. Deleting will delete the snapshots.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This is workaround for /usr/bin/php pointing to a different version than what
php-defaults (and php-mbstring, php-xml) points to. See:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=959742
Tests performed:
- On unstable, install MediaWiki and open the web interface.
- On testing, install MediaWiki and open the web interface.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Shows URLs and shared secret that communication servers like matrix-synapse
should be configured to. Later we will implement auto-configuring those servers.
- Allow selecting domain for the sake of TLS/DTLS certificate installation.
- Simplify systemd service file options. Drop log file and pid file support as
they are not needed with systemd. Add security options.
- Set custom configuration file by overriding systemd service file options so
that we don't have a problem with conffile prompts.
- Implement functional tests (and automatic diagnostics).
- Custom icon selected from the Noun project as Coturn project does not have
one.
- Backup/restore configuration file and certificates.
- Document some questions regarding configuration options.
Tests performed:
- App is not listed in the app page if 'advanced' flag is disabled.
- App name, icon and short description shows up correctly in apps page.
- App name, icon, short description, description, manual link, enable/disable
button and diagnostics link show up currently in app page.
- Verify that configuration used by coturn server is the FreedomBox
configuration by checking the cert path in the log output.
- PID file is not created in /var/run/turnserver/. It goes into /dev/null
according to the log output.
- No log file is created other than what is collected by systemd from command
line.
- systemctl show coturn.service shows all the intended restrictions such as
NoNewPrivileges, Protect* options.
- Run functional tests.
- Ensure that backup of configuration file works by taking backup, changing the
secret and restoring. During backup and restore coturn should be stopped and
started as per logs.
- Build Debian package. No warnings about the copyright file.
- Enabling the app enables the service and runs it.
- Disabling the app disables the service and stop it.
- All diagnostics tests pass.
- Diagnostic tests show firewall port coturn-freedombox for internal and
external networks, service coturn, and each listening port for udp4, udp6, tcp4
and tcp6.
- Information in the firewall page shows up properly. Enabling the app opens
firewall ports, and disabling it closes them.
- When the app is installed, if a cert domain is available, it will be used.
When multiple domains are available, one of them is picked.
- Status shows 4 URLs with the currently selected domain and secret key.
- Changing domain to another domain succeeds and reflects in the status
information.
- When no domain is configured. Installing the app succeeds. No domain is shown
in the list of domains.
- When domain is changed, the certificates files in /etc/coturn/certs are
overwritten.
- Certificates have the ownership turnserver:turnserver. Public key is cert.pem
has 644 permissions. Private is pkey.pem has 600 permissions. /etc/coturn/certs
is owned by root:root.
- Let's encrypt certificates are setup immediately after install.
- Port forwarding information shows all ports except for relay ports.
- Trying to create a user with username 'turnserver' throws an error. This
happens even when coturn is not installed yet.
- After installing coturn, the configuration file /etc/coturn/freedombox.conf is
created with ownership root:turnserver and permissions 640. The directory
/etc/coturn is created with ownership root:root and permissions 755.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
[jvalleroy: Fix copied form_valid comment]
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
If an error occurs during creation of a git repository, delete possibly
corrupted git repository directory and show more specific error message.
Closes#1829
Tests performed:
- Gitweb unit and functional tests pass
- Create a small disk for git repositories:
> dd if=/dev/zero of=disk.img iflag=fullblock bs=128k count=100 && sync
> mkfs.ext4 disk.img
> mount -o loop disk.img /var/lib/git/
- Clone a large repository https://salsa.debian.org/freedombox-team/plinth
Disk got full during cloning remote repository. Repository listing do not
show this repository anymore. (No errors is shown to the user.)
- Fill disk space:
> head -c 1G </dev/urandom > /var/lib/git/myfile
- Disk is full. Cloning an existing remote repository fails with an error
message (No space left on device)
- Disk is full. Creating a new repository fails with an error message
(No space left on device)
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
