- Make sure a user might not run Privoxy as an open proxy, potentially giving
unwanted access to local resources. Only private IP classes are allowed to
connect.
Tests:
- Freshly install privoxy app. permit-access directives are set in the
configuration. Proxy works when tested with a private IP address with Firefox.
- Install privoxy app without the changes. Apply the changes, privoxy setup
should run. permit-access directives are set in the configuration. Proxy works
when tested with a private IP address with Firefox.
- Privoxy works when accessed with IPv4 address (such as 10.42.0.x) and IPv6
address (such as fe80:❌y:z%ve-fbx-testing).
[sunil: Use Spacevars augeus lens to edit the configuration file]
[sunil: Update IP ranges with auto-configuration, IPv6 addresses, etc.]
[sunil: Update description to mention that only local IPs are allowed]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Closes: #2089.
Tests:
- Regular startup works without errors. Cockpit is ordered after Apache.
- After creating a fresh container, Cockpit works as expected. Cockpit setup
runs after Apache setup.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This was required in Python 2 but useless in Python 3.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This is recommended by PEP-0597: https://peps.python.org/pep-0597/
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This is a temporary fix until Splinter addresses the breaking changes in Selenium 4.3.0
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
`apt-mark hold PACKAGES` accepts a list of packages. But if one of the
package is missing from the apt repository, then it will fail to hold
any of the listed packages. So it is necessary to try to hold each
package by itself.
Test:
- Run dist-upgrade from bullseye to bookworm. mumble-server package is
currently missing from bookworm, but it should not cause an error in
dist-upgrade.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
[sunil: Make the umount code specific to SSH repositories]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Test I made: Created a few users, then appied the changes
and rebooted FreedomBox. After reboot I created another user
whose home directory could now be listed.
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
This allows the root channel name to be preserved as expected.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This can be improved later by using a IPC mechanism other than stdin/stdout.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Don't use command line argument for sending the join password for security.
- murmurd can switch to mumble-server UID before performing database operations.
Remove code to switch to mumble-server user.
- murmurd seems to return correct response code of 0 upon successfully setting
the password. Simplify code accordingly.
- Use subprocess.run() instead of subprocess.Popen for convenience.
Tests:
- Run functional and unit tests on Debian stable.
- Perform a fresh installation.
- Verify that setting super user password works.
- Verify that setting root channel names works.
- Verify that setting join password works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2230.
- matrix-synapse >= 1.59.1-1 requires python3-unpaddedbase64 >= 2.1.0~
Tests:
- On a stable container, matrixsynapse app is not installable.
- With the changes, start FreedomBox service, setup will run on the upgrades
module and /etc/apt/preferences.d/51freedombox-apps.conf will be changed to
include the two new entries. After this, matrix-synapse app is installable.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Get and set the storage path.
- Functional tests pass.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Any privileged action (a method) can be marked as such with the new decorator. A
call to the method will be serialized into a sudo call (or later into a D-Bus
call). The method arguments are turned to JSON and method is called as
superuser. Arguments are de-serialized and are verified for type before the
actual call as superuser. Return values are serialized and returned where they
are de-serialized. Exceptions are also serialized and de-serialized.
The method must have be strictly typed and should not have keyword-only
arguments. Currently supported types are int, float, str, dict/Dict, list/List
and Optional.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Update the form description for styling]
[sunil: Show the default site name when nothing is set]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Choices includes all of the available domain names in the system, as
well as any domains that are in ejabberd configuration.
Tests:
- Disable a domain. It is removed from ejabberd config.
- Enable a domain. It is added to ejabberd config.
- Enable all name services. Run ejabberd functional tests and observe
that they pass.
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
