Tests:
- Check the interface in apps page and in the Deluge app page that icon has
changed.
- No lintian warnings related to debian/copyright file.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Affected sections/pages of the manual are: Firewall, Hardware and VirtualBox.
Confirm by diffing with manual generated without the code changes.
- Open all affected pages and the full manual page and confirm that images have
changed.
- Check all affected pages and the full manual page in FreedomBox interface and
confirm that images have changed.
- Check all affected sections in the generated PDF.
- Repeat tests for English and Spanish manuals.
- No lintian warnings related to debian/copyright file.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
GPT scheme has two mostly identical partition table headers. One at the
beginning of the disk and one at the end. When an image is written to larger
disk, the second header is not at the end of the disk. Fix that by moving second
partition to end of the disk before attempting partition
Tests:
- Unit tests run as root work.
- On A64-OLinuXino board, boot with eMMC and UEFI image. The partition does not
expand on initial setup. Trying to manually expand in storage app fails. Apply
patch. Manual expansion works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Avoid a lintian info about network-freedombox.svg.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Add network-connection*.svg to list, also based on Tango icons]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Simplifies running the `gbp dch` command.
Also detected by debian-janitor to skip updating the changelog.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Fixes#1882
Tests performed:
- During the .deb package installation, the firstboot secret
is shown correctly
- the firstboot secret is separated from the next prompt after
running `cat /var/lib/plinth/firstboot-wizard-secret`
- plinth web interface accepts the firstboot secret
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
From documentation[1][2], it appears that the proper way to rename the source
package is simply to change the source package name. The binaries will be
treated generated from a new source package name. The old source package will
then not have any binaries associated with it. This will prompt the 'dak
cruft-report' tool to automatically remove the old source package[3]. No further
action will necessary to remove the old source package.
Links:
1) https://wiki.debian.org/RenamingPackages
2) https://www.debian.org/doc/manuals/developers-reference/pkgs.html#moving-removing-renaming-orphaning-adopting-and-reintroducing-packages
3) https://wiki.debian.org/ftpmaster_Removals
Tests:
- Build .deb package. Package is built successfully. Source package name is
'freedombox'.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Interface shows Lato font as usual in apps and system pages.
- Build .deb package. Lintian does not show a warning related override for the
TTF font.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Using ./run --develop ensures that the last list of dependencies are picked up
from current source directory instead of list of dependencies from system
configuration.
- Using sudo -u plinth ensures that even if any temporary files are created,
they belong to the plinth user instead of root user.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Installing an empty file in /etc/ that is meant to be modified is an unnecessary
invitation to upgrade issues.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- The configuration module defaults to values in the production configuration
file.
- If the file is found, it is read and the read values overwrite the defaults.
If the file is not found, no error is raised. This allows us to not ship the
configuration file. User may create the configuration if they want to change the
defaults. This eases upgrades when configuration is edited. This also make
FreedomBox robust to deployments where /etc/ is not populated by default such as
OSTree. It is also a good practice for daemons as followed by the likes of
systemd.
- If the file partly populated only the values read override the defaults and
the remaining values don't change. This allows the user to write simpler
configuration file.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This is a slightly hacky way to ensure that nscd package is installed
rather than unscd (which provides nscd as a virtual package).
This will work as long as unscd does not jump to a version 2. It is
currently 0.53-1 and has little recent activity, so this condition
seems likely to hold in the near future.
Tests:
- In vagrant box, installed unscd. Installed modified freedombox deb.
Saw that unscd was removed and nscd was installed.
- In DigitalOcean droplet, reproduced issue from #1877. Installed
modified freedombox deb. Saw that unscd was removed (no other
packages were removed) and nscd was installed. FreedomBox interface
was available again.
- Built a freedom-maker image with modified freedombox deb. Checked
build log that nscd was installed and unscd was not installed.
Closes: #1877.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Module systemd.journal is used for writing proper structured messages to
systemd-journald. This was earlier only a recommends.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
On a development container, we are currently changing the plinth user to be a
non-system user to allow folder sharing with the host. This leads to `addgroup
--system` and `adduser --system` failing when a non-system user/group already
exists.
This patch added checks to ensure that plinth user and group don't exist before
trying to add them. Several packages in Debian seem to be doing similar checks
before running adduser and addgroup. So, this patch is not bad to have even when
container hack is not present.
Closes: #1875.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Do not enable/start service during package install/upgrade
- Configure needrestart to skip restarting service
Closes: #1638.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Provide proper regex string in needrestart configuration with qr()]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
See #1841 for discussion on why Turbolinks needs to be removed.
Closes: #1841.
Closes: #1804.
Tests performed:
- There are no more references to 'turbolinks' in source code other than .po(t)
files and the manual.
- When loading a page, turbolinks.js is no longer loaded.
- The following links don't have data-turbolinks attribute and work well when
clicked.a
- Gitweb repository links
- Download manual links (en, es)
- Ikiwiki wiki links
- Sharing app web share links
- TT-RSS mobile app link
- 'Launch web client' button
- 'Launch' button in web section of clients table
- Active and regular front page shortcut
- Roundcube does not have a link to /roundcube in description.
- turblinks not present in /static/jslicense.html . LibreJs accepts all scripts.
Reported-by: Veiko Aasa <veiko17@disroot.org>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Tested-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Issue was reported by multiarch hinter on
https://tracker.debian.org/pkg/plinth.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Remove freedombox-udiskie.service file. Don't run udiskie anymore. Use our own
implementation of auto-mounting.
- Schedule disk failure checking to 3 seconds after application initialization.
Also perform auto-mounting at that time.
- Listen to new filesystems added and auto-mount them.
- Listen to disk failing attribute and report to user via a notification.
- Add rules to polkit-1 to allow plinth user to mount drives.
- Add simple abstractions over DBusProxy objects make accessing properties
simpler.
- Replicate udiskie's approach to mounting disks.
- Mount as root user for now using command line instead of DBus API. This is to
keep compatibility with older code that mounted under /media/root with relaxed
permissions.
Udiskie analysis:
- On device added, media added, perform auto_add
- On device changed and is addable and old state is not addable or removeable
- Automount condition:
- Matches configuration
- Not ignored
- is_filesystem and not mounted -> mount
- crypto device -> try unlock -> if success, mount
- is partition table
- Get all non-ignored devices, if partition then mount
- Mount condition:
- Is not ignored
- Is filesystem
- Find device with path
- Get options from configuration
- Is ntfs and executable ntfs-3g is not available
- Call mount
- No support for udisks1
- Built-in rules
- {'symlinks': '/dev/mapper/docker-*', 'ignore': True}
- {'symlinks': '/dev/disk/by-id/dm-name-docker-*', 'ignore': True}
- {'is_loop': True, 'is_ignored': False, 'loop_file': '/*', 'ignore': False}
- {'is_block': False, 'ignore': True}
- {'is_external': False, 'is_toplevel': True, 'ignore': True}
- {'is_ignored': True, 'ignore': True}
Tests performed:
- Create a CDROM in VM, inject media. Disk should get mounted.
- Create a temp file. mkfs.ext4 it at top level. losetup it. It should not get
auto mounted as it is a top level internal device.
- Create a temp file. Create two partitions and format the partitions. kpartx
-a on it. Both the file systems should get mounted.
- Create a temp file. luksformat it. Create a filesystem. luksopen the file.
It should get auto mounted.
- Checking for disk space repeatedly happens every 3 minutes.
- Drives are checked for healthy status only once, 3 seconds after FreedomBox is started.
- FreedomBox is able to mount disks while running as 'plinth' user with
policykit-1 version 0.105-26.
- FreedomBox is able to mount disks while running as 'plinth' user with
policykit-1 version 0.116-2 from experimental.
- Temporarily flip the is_failing condition in report_failing_drive. When
FreedomBox is restarted, notification about drives failing show up. When the
condition is reverted to normal, the notification is withdrawn.
- Build new Debian package and upgrade system with 20.8 installed. Two files
should be removed:
/var/lib/systemd/deb-systemd-helper-enabled/freedombox-udiskie.service.dsh-also
/etc/systemd/system/multi-user.target.wants/freedombox-udiskie.service .
systemctl status freedombox-udiskie.service should report no such unit.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Shows URLs and shared secret that communication servers like matrix-synapse
should be configured to. Later we will implement auto-configuring those servers.
- Allow selecting domain for the sake of TLS/DTLS certificate installation.
- Simplify systemd service file options. Drop log file and pid file support as
they are not needed with systemd. Add security options.
- Set custom configuration file by overriding systemd service file options so
that we don't have a problem with conffile prompts.
- Implement functional tests (and automatic diagnostics).
- Custom icon selected from the Noun project as Coturn project does not have
one.
- Backup/restore configuration file and certificates.
- Document some questions regarding configuration options.
Tests performed:
- App is not listed in the app page if 'advanced' flag is disabled.
- App name, icon and short description shows up correctly in apps page.
- App name, icon, short description, description, manual link, enable/disable
button and diagnostics link show up currently in app page.
- Verify that configuration used by coturn server is the FreedomBox
configuration by checking the cert path in the log output.
- PID file is not created in /var/run/turnserver/. It goes into /dev/null
according to the log output.
- No log file is created other than what is collected by systemd from command
line.
- systemctl show coturn.service shows all the intended restrictions such as
NoNewPrivileges, Protect* options.
- Run functional tests.
- Ensure that backup of configuration file works by taking backup, changing the
secret and restoring. During backup and restore coturn should be stopped and
started as per logs.
- Build Debian package. No warnings about the copyright file.
- Enabling the app enables the service and runs it.
- Disabling the app disables the service and stop it.
- All diagnostics tests pass.
- Diagnostic tests show firewall port coturn-freedombox for internal and
external networks, service coturn, and each listening port for udp4, udp6, tcp4
and tcp6.
- Information in the firewall page shows up properly. Enabling the app opens
firewall ports, and disabling it closes them.
- When the app is installed, if a cert domain is available, it will be used.
When multiple domains are available, one of them is picked.
- Status shows 4 URLs with the currently selected domain and secret key.
- Changing domain to another domain succeeds and reflects in the status
information.
- When no domain is configured. Installing the app succeeds. No domain is shown
in the list of domains.
- When domain is changed, the certificates files in /etc/coturn/certs are
overwritten.
- Certificates have the ownership turnserver:turnserver. Public key is cert.pem
has 644 permissions. Private is pkey.pem has 600 permissions. /etc/coturn/certs
is owned by root:root.
- Let's encrypt certificates are setup immediately after install.
- Port forwarding information shows all ports except for relay ports.
- Trying to create a user with username 'turnserver' throws an error. This
happens even when coturn is not installed yet.
- After installing coturn, the configuration file /etc/coturn/freedombox.conf is
created with ownership root:turnserver and permissions 640. The directory
/etc/coturn is created with ownership root:root and permissions 755.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
[jvalleroy: Fix copied form_valid comment]
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- The repository has been renamed from 'plinth' to 'freedombox'.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- Move all the unused image files into doc/visual_design directory.
- Reduces the size of the shipped .deb binary significantly.
Closes: #1840.
Tests performed:
- Ensure that each of the files moves are not referenced anywhere in the source
code.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
When removing systemd services, dh_installsystemd has no idea about services
present in the older versions that been removed. So, it generates no handling
scripts for those services. No convenience methods exist too.
dh_installsystemd uses deb-systemd-helper which maintains state files in
/var/lib/systemd/deb-systemd-helper-enabled/*.dsh-also. These files need to
removed apart from symlinks created in /etc/systemd/system enable services are
enabled. If the service/timer is currently running, stop it too.
Use deb-systemd-helper and deb-systemd-invoke to achieve this.
Closes: #1835
Tests performed:
- Install a freedombox version older than 20.5. Upgrade to 20.5. Notice the
incorrect symlink
/etc/systemd/system/multi-user.target.wants/freedombox-setup-repositories.timer
and also the state file
/var/lib/systemd/deb-systemd-helper-enabled/freedombox-setup-repositories.timer.dsh-also
Then upgrade to a .deb packages built with the patch. The two files will be
removed. No extra messages are warnings are printed during package upgrade.
- Install a freedombox version older than 20.5. Upgrade to .deb packages built
with this patch. Notice the same results.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
