- Task of managing an operation's progress is now performed by the new Operation
class. Drop them from setup helper.
- Task of providing install() method is now moved to package module. Instead of
storing operation specific data in setup_helper like objects, store them in
thread specific storage that can retrieved anywhere during the operation without
holding references.
- Progress of an operation show as a progress bar is currently missing. This
will be regression until fixed later.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
module.app property usage is greatly reduced because setup() and force_upgrade()
method are now part of App class instead of at the module level. Remove the
remaining minor cases of usage and drop the property altogether.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
When refresh_page_sec is set to zero (immediate refresh), the template does not
treat that as needing refresh at all. Fix this by distinguishing zero from None.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
When an app does not implement module setup() method, trying to get setup
version automatically results in App being updated to latest version. This
optimization seems hardly used and does not work when setup() is moved to App
from module level. Remove it.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This is needed for the apps to get enabled soon after installation. In case of
'sharing' app, a shortcut will appear on the apps page. This also brings
uniformity to help later refactoring.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Primary purpose is to complete the App API and allow for multiple apps to be
present in a module without a single clashing setup() method. Secondary
objective is to get rid of SetupHelper instance simple use App instance instead.
- This brings us closer to not needing to implement setup() method for some of
the typical apps.
- Remove default value None for old_version parameter.
- A valid integer value is always passed to this call.
- The value of None is undefined.
- Simplifies the App API slightly.
- Drop setting 'pre', 'post' values to indicate the stage of setup for the App.
- Simplifies the setup methods significantly. Eliminates a class of
bugs (some of them seen earlier).
- The UI can show a simple 'installing...' or progress spinner instead of
individual stages.
- There are currently many inconsistencies where many operations are not
wrapped in helper.call() calls.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Show a Django message if desired. Keep the operation after completion so that
the message can be collected later.
- Show notifications for running operations
- Only if show_notification flag is set.
- Use a custom template so that spinner can be shown.
- Log generously for operation creation, scheduling, running and completion.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Important information such as id of the notification should be available when
rendering the body template.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Clicking on the link in the coturn app description takes us to ejabberd app
page.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes an issue where accessing Storage and Samba app pages throws a
HTTP error 500 when there are disk partitions without mount points.
Fixes#1904#2245
Tested when an USB stick with Debian installer image is attached to
Freedombox board - both Storage and Samba apps work.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
- test.dnssec-or-not.net is no longer working.
- If the test fails, it is not clear to the user what to do about it.
Closes#1607, helps #1706.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Verify that issue data is sent in context properly.
- Ensure that an external request is not made during testing.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
This doesn't use the how-can-i-help package, but it is a similar
implementation that fetches the same data from udd.debian.org.
There are sections for the following issues:
- Packages that will be removed from Debian testing
- Packages that are not in Debian testing
- Good first issues for beginners
- Issues for which the package maintainer has requested help
The overall "How can I help?" section is collapsed by default.
Test:
- View the page in stable and testing container.
- Run help functional tests.
Closes: #536
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Minor indentation fix]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Additional plugin and theme installation is done with the 'direct filesystem
method' as opposed to ssh, so this package is not needed.
Signed-off-by: Benedek Nagy <contact@nbenedek.me>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Functional tests pass
- Same tests as previous patch for setting logging to syslog.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Default backend for fail2ban is systemd journal. Roundcube will be configured in
FreedomBox to log to journal (via syslog).
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- On a fresh container, install roundcube. log_driver is set to syslog in
freedombox-config.conf.
- Install roundcube without the changes. Enable local only. Apply the changes
and restart service. roundcube setup is run. log_driver is set to syslog in
freedombox-config.conf. Setting is still local-only.
- Install roundcube without the changes. Disable local only. Apply the changes
and restart service. roundcube setup is run. log_driver is set to syslog in
freedombox-config.conf. Setting is still not local-only.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This reduces the number of writes to the disk improving disk longevity and IO
performance. Note that systemd-journald is already very reasonable with how
often it writes to the disk. It's flush interval is 5 minutes.
Most users of FreedomBox are not expected to see logs. Those that see the logs
do so for debugging purposes. Debugging can still be done if reboot does not
occur. Users can change the logging mode to 'persistent' before debugging issues
that require reboot. This makes debugging harder for non-reproducible bugs, but
is, at present, considered an acceptable compromise.
Tests:
- On a fresh container, with the patch applied, config page shows 'volatile' as
the logging mode.
- On an container with changes not applied, start freedombox service. Then apply
the patch and restart service. config app setup will be run. Config page shows
'volatile' as the logging mode.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- None disables logging altogether. This is useful when we want to prevent
FreedomBox from collecting IP addresses of visitors and other sensitive
information.
- Volatile logs are kept in RAM until the system is rebooted. Only 5% of RAM
will be used at most and only 2 days worth of logs are kept.
- Permanent will store logs into /var/log/journal. systemd-journald defaults
will apply. 10% of disk capacity is used at most, capped at 4GiB. Also logging
will stop if free space is below 15%. Maximum of 100 files are kept. No time
based cleanup is done.
Tests:
- Set the logging mode to disabled. Observe that `journalctl -f` does not show
any logs (say when performing plinth actions).
- Set the logging mode to volatile. Observe that `journalctl` shows that logging
is set to /run/log/journal/ and 5% of available memory is set as maximum.
- Set the logging mode to persistent. Observe that `journalctl` shows that
logging is set to /var/log/journal/ and 10% of disk space is set as maximum.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- It is simpler to keep all the configuration in a single file. Any overrides
are expected to be done by writing additional configuration files with higher
priority.
- /etc/apache2/site-available/ is typically reserved for virtual host
configurations. Redirections and proxying for all virtual hosts rather belongs
in /etc/apache2/conf-available/.
- This looses the option of disabling plinth-ssl.conf when needed. In the
initial days of enabling TLS, there was a need felt to keep the option of easily
disabling redirection to TLS in case there is a need for it. However, TLS
certificate setup is mature and the limitations are well understood. There is no
longer a need for it. It still may be possible to avoid the redirection with an
additional configuration.
Tests:
- In a fresh container, setup succeeds. Redirecting to https:// for /plinth
works. FreedomBox web interface is available.
- Without the patch applied created a container. Run setup and access Plinth
interface. Apply the patches. Apache setup is run. a2query -s plinth and a2query
-s plinth-ssl show that sites are not enabled. Redirecting to https:// for
/plinth works. FreedomBox web interface is available.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This makes it clearer why one would wish to install and use this app.
Closes#2236.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
[sunil: Update description for simplicity, group info]
[sunil: Indentation fixes]
[sunil: End all URLs with a slash]
[sunil: Update frontpage shortcut to be a simple one]
[sunil: Enable single-sign-on for main interface only]
[sunil: In copyright file, merge with public-domain section]
[sunil: Simplify and vectorify the icon]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
I tested additionally that if the root user has already configured
default branch other than main, it is not changed by the gitweb app
setup process.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Login to Cockpit on a freshly setup container.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
When Cockpit is not configured any origins, it uses the host and protocol of the
incoming request to set the allowed origin for WebSocket connections. By
ensuring that the original host/protocol is passed on to Cockpit from the
browser, we can eliminate the need for configuring a pre-determined list of
origins. Passing the host and protocol from the browser is done by setting
ProxyPreserveHost and using https:// for proxying.
For a cross-site request, Origin: and Host: entries won't match and '403
Forbidden' is thrown. So, this approach is still safe.
Tests:
- Without the patch, access Cockpit using IP address and it fails. Apply the
patch. Cockpit setup should run. Origins= directive in the configuration file
/etc/cockpit/cockpit.conf should get removed. Accessing with IP address and
logging in succeeds.
- Freshly setup a container with the patch and access Cockpit using IP address.
This works and login succeeds.
- Test on stable and testing containers.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- App installation works. Proxying works when configured with Firefox.
listen-address and permit-access directives are set as expected in the
configuration file.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
