/etc/sysctl.conf is owned by procps package.
Test: Run minidlna install on fresh image.
- /etc/sysctl.conf is not modified.
- /etc/sysctl.d/50-freedombox.conf has the expected content.
- /proc/sys/fs/inotify/max_user_watches contains 100000.
- Running with these changes upgrades app version and triggers a setup. Changes
in /etc/sysctl.conf are removed. After undoing the changes /etc/sysctl.conf is
identical to pristine version installed from procps package. This can be
obtained by running; rm -f /etc/sysctl.conf ; apt install --reinstall procps -o
Dpkg::Options::=--force-confmiss
Closes#1802.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Undo changes done in /etc/sysctl.conf in older versions]
[sunil: Increment app version to trigger configuration migration]
[sunil: Ensure that app is not re-enabled during migration]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Reuse the method in package.py that checks is package manager is busy without
printing and error log.
Tests performed:
- Try to install a package and wait at the apt confirmation prompt.
- Go to power index page /sys/power/ . It shows a warning that package manager
is busy. No error log is printed.
- Go to system restart page. It shows a warning that package manager is busy. No
error log is printed.
- Go to system poweroff page. It shows a warning that package manager is busy.
No error log is printed.
- Without package manager being busy, above warnings are not shown.
- Go to manual update package. It shows as updating if apt is busy, otherwise
shows the manual update button.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Installed Quassel and diagnostics are passed.
- Quassel client connection is successful.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Remove RemainAfterExit=no as it is default]
[sunil: Remove ReadWritePaths= as {Logs|State}Directory= take care of it]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Remove freedombox-udiskie.service file. Don't run udiskie anymore. Use our own
implementation of auto-mounting.
- Schedule disk failure checking to 3 seconds after application initialization.
Also perform auto-mounting at that time.
- Listen to new filesystems added and auto-mount them.
- Listen to disk failing attribute and report to user via a notification.
- Add rules to polkit-1 to allow plinth user to mount drives.
- Add simple abstractions over DBusProxy objects make accessing properties
simpler.
- Replicate udiskie's approach to mounting disks.
- Mount as root user for now using command line instead of DBus API. This is to
keep compatibility with older code that mounted under /media/root with relaxed
permissions.
Udiskie analysis:
- On device added, media added, perform auto_add
- On device changed and is addable and old state is not addable or removeable
- Automount condition:
- Matches configuration
- Not ignored
- is_filesystem and not mounted -> mount
- crypto device -> try unlock -> if success, mount
- is partition table
- Get all non-ignored devices, if partition then mount
- Mount condition:
- Is not ignored
- Is filesystem
- Find device with path
- Get options from configuration
- Is ntfs and executable ntfs-3g is not available
- Call mount
- No support for udisks1
- Built-in rules
- {'symlinks': '/dev/mapper/docker-*', 'ignore': True}
- {'symlinks': '/dev/disk/by-id/dm-name-docker-*', 'ignore': True}
- {'is_loop': True, 'is_ignored': False, 'loop_file': '/*', 'ignore': False}
- {'is_block': False, 'ignore': True}
- {'is_external': False, 'is_toplevel': True, 'ignore': True}
- {'is_ignored': True, 'ignore': True}
Tests performed:
- Create a CDROM in VM, inject media. Disk should get mounted.
- Create a temp file. mkfs.ext4 it at top level. losetup it. It should not get
auto mounted as it is a top level internal device.
- Create a temp file. Create two partitions and format the partitions. kpartx
-a on it. Both the file systems should get mounted.
- Create a temp file. luksformat it. Create a filesystem. luksopen the file.
It should get auto mounted.
- Checking for disk space repeatedly happens every 3 minutes.
- Drives are checked for healthy status only once, 3 seconds after FreedomBox is started.
- FreedomBox is able to mount disks while running as 'plinth' user with
policykit-1 version 0.105-26.
- FreedomBox is able to mount disks while running as 'plinth' user with
policykit-1 version 0.116-2 from experimental.
- Temporarily flip the is_failing condition in report_failing_drive. When
FreedomBox is restarted, notification about drives failing show up. When the
condition is reverted to normal, the notification is withdrawn.
- Build new Debian package and upgrade system with 20.8 installed. Two files
should be removed:
/var/lib/systemd/deb-systemd-helper-enabled/freedombox-udiskie.service.dsh-also
/etc/systemd/system/multi-user.target.wants/freedombox-udiskie.service .
systemctl status freedombox-udiskie.service should report no such unit.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
firewalld has no problem retrieving service information for just-installed
files, it only fails when adding/removing those services to zones. A reload is
needed before those services can be used.
Don't perform firewalld reload during setup.py or debian/postinst. Instead
reload when firewalld throws an error that it does not know a service. This
approach is more minimally intrusive and does not run reload operations when no
services need to be loaded, during Debian package building etc.
Closes: #376.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
bind9 package version 1:9.16.1-2 in unstable renamed bind9.service to
named.service. The new service file contains Alias=bind9.service. Use this
support multiple versions of the package across Debian stable, testing and
unstable.
Closes: #1816.
Tests performed:
- Enable the service. 'service enable bind9' is called but fails with error
ignored. 'service enable named' is also called but succeeds. Running 'service
is-enable bind9' and 'service is-enabled named' return success. App page show
enabled, there are no errors on the page.
- When app is enabled, there is no message that service is not running.
- When diagnostics are run, it shows that bind9 service is running.
- Disable the app. 'service disable bind9' is called. Running 'service is-enable
bind9' and 'service is-enabled named' return errors. App page shows disabled,
there are no errors.
- Repeat tests on Debian stable.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Using cockpit-pcp in ‘System’ section.
Signed-off-by: fred1m <frederic.le-meur@ac-versailles.fr>
[sunil: Minor grammar fix in description, minor styling]
[sunil: Drop the icon completely in favor of just the font icon]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Avoid no-response error when deleting a snapshot. This is caused when disk is
full and delete operation tries to store data in session which is stored on
disk. The session update fails and there are no values to delete. This case in
not handled and return a None in view causing a 500 error. Use GET params
instead.
- Delete all functionality that is meant to speed up deleting snapshots has
regressed and is currently never used. Further, there are more types of
snapshots that can't be deleted that needs to be handled in delete all
functionality. Drop it for now.
- When snapper list is run the snapshot number can contain '-', '+' or '*'
suffixed to it. Currently only '*' is handled. This leads to failure in listing
the snapshots after a restore snapshot'. Fix this is properly parsing. Also it
is no longer needed to query 'btrfs' command to know the snapshot that will
used at next boot. '+' or '*' means that.
- Don't list snapshot number '0'. It is never listed to the user and it can
never be deleted. It represents the current system.
- Properly implement checking for default and active snapshots. Don't let delete
operation on either of them.
- Fix regression with disabling the delete button when there are no snapshots
that can be deleted.
Tests performed:
- Before any snapshot is restored, the labels 'will be used at next boot' and
'in use' are not shown. Snapshot with number 0 is not shown.
- Immediately after restoring a snapshot, the 'will be used at next boot' label
will shown up on snapshot that is going to boot next.
- After rebooting after restore, the snapshot that has been restored will show
'will be used at next boot' and 'in use' labels. Restoring another snapshot will
move the 'will be used at next boot' label to the new restore snapshot but keep
the 'in use' label on the current snapshot until next reboot. Snapshot with
number 0 is not shown.
- Delete check boxes are not shown against the 'in use' and 'will be used at
next boot' snapshots. Entering their values manually in the URL in the delete
screen will lead them to be ignored.
- Select multiple snapshots and click delete. The details appear properly in the
confirmation window. Deleting will delete the snapshots.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Storage Snapshots will be installed by default. It will only be usable
if filesystem is btrfs. For other filesystems, a message is displayed
that it is not available.
Closes#1284.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes: #1846
Tests:
- When systemd-timesyncd is running, 'Run Diagnostics' button is shown and two
diagnostics results are shown. The two results appears on the diagnostics app
results too.
- When systemd-timesyncd is not running, 'Run Diagnostics' button is not shown.
Datetime app is not included the diagnostics app page results.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Merged the two DateTimeApp classes. In future, we will remove all
module.init() methods in favor of automatically performing the operations from
module_loader.
- Also fix an error running './run --list-dependencies' when running without
systemd support inside a test case container:
ERROR plinth.module_loader Exception while running init for <module 'plinth.modules.datetime' from '/builds/sunilmohan/plinth/plinth/modules/datetime/__init__.py'>: Command '['systemctl', 'show', '--property=ConditionResult', '--value', 'systemd-timesyncd']' returned non-zero exit status 1.
Traceback (most recent call last):
File "/builds/sunilmohan/plinth/plinth/module_loader.py", line 123, in _initialize_module
init()
File "/builds/sunilmohan/plinth/plinth/modules/datetime/__init__.py", line 77, in init
if _is_time_managed():
File "/builds/sunilmohan/plinth/plinth/modules/datetime/__init__.py", line 112, in _is_time_managed
output = subprocess.check_output([
File "/usr/lib/python3.8/subprocess.py", line 411, in check_output
return run(*popenargs, stdout=PIPE, timeout=timeout, check=True,
File "/usr/lib/python3.8/subprocess.py", line 512, in run
raise CalledProcessError(retcode, process.args,
subprocess.CalledProcessError: Command '['systemctl', 'show', '--property=ConditionResult', '--value', 'systemd-timesyncd']' returned non-zero exit status 1.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
CC: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Shows URLs and shared secret that communication servers like matrix-synapse
should be configured to. Later we will implement auto-configuring those servers.
- Allow selecting domain for the sake of TLS/DTLS certificate installation.
- Simplify systemd service file options. Drop log file and pid file support as
they are not needed with systemd. Add security options.
- Set custom configuration file by overriding systemd service file options so
that we don't have a problem with conffile prompts.
- Implement functional tests (and automatic diagnostics).
- Custom icon selected from the Noun project as Coturn project does not have
one.
- Backup/restore configuration file and certificates.
- Document some questions regarding configuration options.
Tests performed:
- App is not listed in the app page if 'advanced' flag is disabled.
- App name, icon and short description shows up correctly in apps page.
- App name, icon, short description, description, manual link, enable/disable
button and diagnostics link show up currently in app page.
- Verify that configuration used by coturn server is the FreedomBox
configuration by checking the cert path in the log output.
- PID file is not created in /var/run/turnserver/. It goes into /dev/null
according to the log output.
- No log file is created other than what is collected by systemd from command
line.
- systemctl show coturn.service shows all the intended restrictions such as
NoNewPrivileges, Protect* options.
- Run functional tests.
- Ensure that backup of configuration file works by taking backup, changing the
secret and restoring. During backup and restore coturn should be stopped and
started as per logs.
- Build Debian package. No warnings about the copyright file.
- Enabling the app enables the service and runs it.
- Disabling the app disables the service and stop it.
- All diagnostics tests pass.
- Diagnostic tests show firewall port coturn-freedombox for internal and
external networks, service coturn, and each listening port for udp4, udp6, tcp4
and tcp6.
- Information in the firewall page shows up properly. Enabling the app opens
firewall ports, and disabling it closes them.
- When the app is installed, if a cert domain is available, it will be used.
When multiple domains are available, one of them is picked.
- Status shows 4 URLs with the currently selected domain and secret key.
- Changing domain to another domain succeeds and reflects in the status
information.
- When no domain is configured. Installing the app succeeds. No domain is shown
in the list of domains.
- When domain is changed, the certificates files in /etc/coturn/certs are
overwritten.
- Certificates have the ownership turnserver:turnserver. Public key is cert.pem
has 644 permissions. Private is pkey.pem has 600 permissions. /etc/coturn/certs
is owned by root:root.
- Let's encrypt certificates are setup immediately after install.
- Port forwarding information shows all ports except for relay ports.
- Trying to create a user with username 'turnserver' throws an error. This
happens even when coturn is not installed yet.
- After installing coturn, the configuration file /etc/coturn/freedombox.conf is
created with ownership root:turnserver and permissions 640. The directory
/etc/coturn is created with ownership root:root and permissions 755.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
[jvalleroy: Fix copied form_valid comment]
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
* `py.test-3 plinth/modules/mumble/manifest.py` said only two warnings
(could not create cache path {path})
* `sudo -u plinth /vagrant/run --develop` and https://localhost:4430/ had
show me what I expected
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- The repository has been renamed from 'plinth' to 'freedombox'.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
systemd-timesyncd service does not run if we have another NTP daemon installed
or FreedomBox runs inside a container where the host manages the time. In this
case, make the application as unmanaged - app can't be disabled, no app
diagnostics is shown and enable/disable functional tests are skipped.
Closes#1616
Tests performed:
- Run FreedomBox inside a KVM virtualization module, check that
systemd-timesyncd is running, datetime app can be disabled and all
diagnostics and date_and_time functional tests pass.
- Run FreedomBox inside a systemd-nspawn container, check that
systemd-timesyncd is not running, datetime app can't be disabled,
the diagnostics button is not shown and two date_and_time functional tests
are skipped.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Also properly cleanup mounted file systems.
- When a file system is created, it is automatically mounted by udiskie (or
FreedomBox itself). This leads loop back setups not getting cleaned and btrfs
check failing to check a mounted disk. Force check in case of btrfs and umount
ignoring errors before cleanup.
Closes: #1839.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This removes the need to ship a 67K file and scales better.
- Rename the file to have lowercase chars only for consistency.
Tests performed:
- Goto home page, see the logo at the bottom properly displayed.
- Goto the first wizard welcome page, notice that the logo is displayed. Also
the dimensions of the image are same as without the change.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Try-restart the service (instead of restart) after adding service to the
freedombox-share group to avoid starting the service if app is disabled.
Tests performed:
- Remove syncthing user from the freedombox-share group, disable
syncthing app, increase app version. After the app is upgraded,
verify that syncthing user is in the freedombox-share group and
syncthing@syncthing.service remains disabled.
- Remove syncthing user from the freedombox-share group, enable
syncthing app, increase app version. After the app is upgraded,
verify that syncthing user is in the freedombox-share group and
logs show that syncthing@syncthing.service was restarted.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes: #1808
Test performed:
- Install samba in development VM and create open share (owned from root:freedombox-share).
- install syncthing and create syncronization folder in the above openshare.
- Sync files from desktop peer to development VM one on the above folder.
Signed-off-by: Nektarios Katakis <iam@nektarioskatakis.xyz>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
If an error occurs during creation of a git repository, delete possibly
corrupted git repository directory and show more specific error message.
Closes#1829
Tests performed:
- Gitweb unit and functional tests pass
- Create a small disk for git repositories:
> dd if=/dev/zero of=disk.img iflag=fullblock bs=128k count=100 && sync
> mkfs.ext4 disk.img
> mount -o loop disk.img /var/lib/git/
- Clone a large repository https://salsa.debian.org/freedombox-team/plinth
Disk got full during cloning remote repository. Repository listing do not
show this repository anymore. (No errors is shown to the user.)
- Fill disk space:
> head -c 1G </dev/urandom > /var/lib/git/myfile
- Disk is full. Cloning an existing remote repository fails with an error
message (No space left on device)
- Disk is full. Creating a new repository fails with an error message
(No space left on device)
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Handle groups needed by an app.
- Handle reserved usernames for an app.
- Updated documentation
- Updated unit tests
Tests performed:
- Reserved usernames: ez-ipupd, ejabberd, Debian-minetest, mldonkey,
monkeysphere, mumble-server, privoxy, quasselcore, radicale, debian-tor,
debian-transmission
- Reserved usernames checks should work in the following forms:
- Create user
- Update user
- First boot user creation
- Full list of available groups should appear in following cases:
- Create user form
- Update user form
- Full list of groups should get created in Django DB during:
- Update user form display
- First boot form save
- When updating the last admin user, the 'admin' group choice is checked
and disabled.
- Following groups show up (sorted by group name):
- bit-torrent: Download files using BitTorrent applications
- git-access: Read-write access to Git repositories
- i2p: Manage I2P application
- wiki: View and edit wiki applications
- minidlna: Media streaming server
- ed2k: Download files using eDonkey applications
- freedombox-share: Access to the private shares
- web-search: Search the web
- syncthing: Administer Syncthing application
- feed-reader: Read and subscribe to news feeds
- admin: Access to all services and system settings
- Directory validation form checks for write permissions for following apps:
- deluge with debian-deluged user
- transmission with debian-transmission user
- Sharing app should show all the groups in add/edit share forms
- The following apps should get added to share group during setup:
debian-transmission
debian-deluged
- Unit tests pass
- Functional tests for users and groups pass
- Test that an app (example syncthing) provides the necessary
permissions to users in that group (but not in admin group).
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil: Fix i18n of group descriptions]
[sunil: Update developer documentation]
[sunil: Separate out cosmetic changes]
[sunil: Fix component ID for mumble]
[sunil: sharing: Remove unneeded dependency on users app]
[sunil: Implement better API for getting groups in component]
[sunil: Fix incorrect regression change ttrss app]
[sunil: Make iterating over gourps more readable]
[sunil: Improve tests, drop single use fixtures]
[sunil: Simplify test_view.py fixture]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Tested-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes#1429
Test:
- Install latest radicale (2.1.11-8). Downgrade python3-radicale and
radicale to 2.1.11-6. Change access rights setting to something
other than the default. Run `unattended-upgrades -v` and confirm
that there is a conffile prompt. Run `apt update` and check that log
show radicale is upgraded. Confirm that access rights are still set
as selected.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Nektarios Katakis <iam@nektarioskatakis.xyz>
Tests performed:
- Visit monkeysphere page, observe that all the action buttons have similar
width of 9em (as per inspector).
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Introduce new API to mark an app that it can't be disabled.
- Mark jsxc, storage, config, upgrade and firewall apps as can't be disabled.
- Fixed functional tests
- Replaced AppForm with forms.Form in all modules' forms.py.
- Remove app.template.js.
- Remove unused styles.
- Remove app status checks in form_valid of Deluge, Diaspora, Matrix, Ejabberd,
MediaWiki, Storage, Transmission, Quassel
- Purge unused is_enabled context variables (Ikiwiki)
- ejabberd: Minor cleanup in template
- jsxc: Cleanup unneeded overrides
- tahoe: Cleanup unnecessary overrides
Tests performed:
- For all apps affected, test enable/disable button works and submitting
configuration form works: with changes updates message and without changes
'settings unchanged' message.
- avahi
- bind
- cockpit
- SKIP: coquelicot
- datetime
- deluge
- SKIP: diaspora
- ejabberd
- gitweb
- i2p
- infinoted
- ikiwiki
- matrixsynapse
- mediawiki
- minetest
- minidlna
- mldonkey
- mumble
- pagekite
- privoxy
- quassel
- radicale
- roundcube
- SKIP: samba
- searx
- SKIP: shaarli
- shadowsocks
- ssh
- tahoe
- transmission
- FAIL: tt-rss (not installable)
- wireguard
- Deluge test that configuration changes when app is disabled work
- Quassel test that setting the domain works when app is diabled
- Transmission test that setting the domain works when app is diabled
- Ikiwiki create form works properly
- Enable/disable button appears as expected when enabled and when disabled
- Enable/disable button works without Javascript
- Functional tests work for affected apps, Tor and OpenVPN
- AppForm is removed from developer documentation
- Forms reference
- Customizing tutorial
- Test all apps using directory select form
- Transmission
- Deluge
- Visit each template that overrides block configuration and ensure that it is
loaded properly and the display is as expected.
- All apps that use AppView that are not tested above should not have an
enable/disable button. That is JSXC, update, config, firewall, storage, users.
Signed-off-by: Alice Kile <buoyantair@protonmail.com>
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Tests performed:
- Print the calls to _mount_static_directory() before and after the changes.
They should print the same.
- With English as the preferred language, visit the user manual. Images should
be visible. Visit MediaWiki manual page with learn more link in MediaWiki.
Images should be visible.
- Repeat with Spanish as the preferred language.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
When private mode is turned on and off, a setting to allow anonymous editing is
being written. This turns on anonymous editing on the wiki. To fix, drop the
code that adds anonymous editing line and implement migration from older
settings to newer settings.
Closes: #1783.
Tests performed:
- Install mediawiki with current master. Private mode is disabled by default.
Anonymous users can't edit. There is a line for editing set to false in
FreedomBoxSettings.php configuration file. Switch to latest code. The line
should be removed. private mode is still disabled. Anonymous users should not be
able to edit the wiki.
- Install mediawiki with current master. Enable private mode. Anonymous users
can't edit, login is required to view wiki. There is a line for editing set to
false in FreedomBoxSettings.php configuration file. Switch to latest code. The
line should be removed. private mode is still enabled. Anonymous users should
not be able to edit the wiki. Login is required to view the wiki.
- Install mediawiki with current master. Enable private mode and disable it.
Anonymous users can edit the wiki. There is a line for editing set to true in
FreedomBoxSettings.php configuration file. Switch to latest code. The line
should be removed. private mode is still disabled. Anonymous users should not be
able to edit the wiki but they can read the wiki.
- Install mediawiki with the changes in the branch. Line for editing the wiki is
not present in FreedomBoxSettings.php configuration file. Enabling/disabling the
private mode does not introduce the line either. When private mode is enabled,
login is required to read/edit the wiki. When it is disabled, anonymous users
can read the wiki but not edit it.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Commit 50e5608331330b37c0b9cce846e34ccc193d1b0d incorrectly sets the
StateDirectory without setting DynamicUser. Buster's shadowsocks will then
create directory /var/lib/shadowsocks-libev/freedombox/ and refuse to delete it
in later versions when DynamicUser=yes needs it to be a symlink.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Nektarios Katakis <iam@nektarioskatakis.xyz>
- Ensure that /var/lib/private/shadowsocks-libev/freedombox always exists. This
fixes not being able to save configuration after setup on fresh Buster installs.
- Merge migration path from version 1 to 2 into setup process in an idempotent
way.
- Always creating an initial configuration file so that daemon starts soon after
install. Set a default random password. Localhost as default server.
Closes: #1792
Signed-off-by: Nektarios Katakis <iam@nektarioskatakis.xyz>
[sunil: Minor indentation, update commit message]
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- For setting up backports repositories. Using an internal scheduler is easy to
maintain in the long run.
- Run it more frequently when in developer mode.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Don't ship the file preferences file as this is a violation of the Debian
policy. Lintian throws a hard error that can't be overridden. Remove the lintian
override. Remove this file using maintainer scripts when upgrading from all
version below 20.5.
- The preferences file is now renamed to 50freedombox4.pref.
- Instead write the file when the app is getting setup (on each new version).
- Don't run the setup code on daily timer, instead run the code when the app
upgrades. This ensures that as soon as freedombox package is upgraded and run,
the new preferences file is created instead of waiting for the daily timer to
run.
- From now on when the preferences change, we will increment the version number
of the upgrades app. Change the setup() for the app so that it does not
re-enable automatic upgrades every time setup() is run.
Closes: #1673.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- python3-signedjson >= 1.1.0 is needed by matrix-synapse-1.11.
- Force upgrade to version 1.11 is needed.
Closes: #1791.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Nektarios Katakis <iam@nektarioskatakis.xyz>
