Although useradd recommends starting with either a lowercase letter or an
underscore, there is nothing that consistently adheres to this recommendation
across systems. Because some systems do not follow this recommendation and this
recommendation is not a hard requirement, we should not prevent connections at
the validation stage.
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tested that after this change, only admins can see the MiniDLNA
statistics page https://<freedombox>/_minidlna/ over the web.
Everybody can still see the page on local network using
an address http://<freedombox>:8200/
MiniDLNA web page shows how many media files are served and
some information (IP, MAC address) about the connected clients.
Signed-off-by: Veiko Aasa <veiko17@disroot.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
From documentation[1][2], it appears that the proper way to rename the source
package is simply to change the source package name. The binaries will be
treated generated from a new source package name. The old source package will
then not have any binaries associated with it. This will prompt the 'dak
cruft-report' tool to automatically remove the old source package[3]. No further
action will necessary to remove the old source package.
Links:
1) https://wiki.debian.org/RenamingPackages
2) https://www.debian.org/doc/manuals/developers-reference/pkgs.html#moving-removing-renaming-orphaning-adopting-and-reintroducing-packages
3) https://wiki.debian.org/ftpmaster_Removals
Tests:
- Build .deb package. Package is built successfully. Source package name is
'freedombox'.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Interface shows Lato font as usual in apps and system pages.
- Build .deb package. Lintian does not show a warning related override for the
TTF font.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Used a function from the standard library instead.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Tested against ejabberd's failing installation. The entire test suite
gets marked as failed if the application installation fails.
Fixes#1902#1895
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Ignore errors while trying to expand a file path list into its .d components
path list.
- Ignore errors when reading shortcuts fails a file for any reason.
- Errors when reading configuration file already ignored. os.path.isfile() and
configparser.Configparser.read() do not raise an exception under any
circumstances.
Analysis:
Regression in 20.12 reported at
https://discuss.freedombox.org/t/fb-20-12-solved-plinth-fails-to-start-due-to-new-frontpage-py-shortcuts-and-filesystem-permissions/994/4
- freedom-maker creates /var/lib/freedombox/ with mode 755 as root but this only
applies for disk images.
- freedombox.postinst, networks, apache check for the existence of
/var/lib/freedombox/is-freedombox-disk-image .
- Samba creates /var/lib/freedombox with mode 755 as root.
- Backups creates /var/lib/freedombox/borgbackup but not the parent directory?
- Shortcuts are now read from /var/lib/freedombox/.
Tests performed:
- Create directories /var/lib/freedombox and /etc/freedombox with permission set
to 750. In case of configuration, an early warning message is printed and in
case of shortcuts warnings are printed but service starts properly. Changing the
permission to 755 removes the warnings.
- Ensure 755 permission on above two directories. Create non-empty files
custom-shortcuts.json and freedombox.config with permissions 640. In case of
config no warning is printed (silently ignored) and in case of shortcuts,
warning is printed that file could not be read but service starts properly.
Changing the permission to 644, no warnings are printed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Change "overtime" to "over time", also matches the other choice in the
form.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests performed:
- Fonts Lato is properly and displayed.
- No <frame>, <iframe>, <video>, <audio>, <track>, <embed>, <object>, <applet>
tags are used in FreedomBox source code.
- Checked that there are no images referring to external URLs. Most of the
common images such as apps lists, system list, networks and manual show images
properly.
- Styles specified in main.css work as well as page specific styles such as in
networks. Firefox developer console shows inline styles loaded.
- JSXC is able to make XHR requests to ejabberd.
- Able to launch <a> links with _target='blank' such as in /help/support/.
- When visiting external websites, such as in donate page, Referer header is not
sent. When visiting page within FreedomBox interface, Referer header is sent
with path.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
- Implement ability to refresh page at the framework level so that every page
does not need to handle it.
- Refresh after number of seconds specified in context of the view.
Tests performed:
- Trigger the following functions and ensure that page reload after 3 seconds
during the running operation while it does refresh before and after the
operation.
- Diagnostics tests from the module.
- Gitweb repository cloning.
- Monkeysphere publish key to server.
- OpenVPN setup.
- Tor configuration update.
- Manual software update.
- App installation.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Tests performed:
- Submit a form and notice that button has a spinner soon after click.
- Select a from like Gitweb repository creation form and submit it. After submit
go back to previous form using back button. Notice that button has been restored
to proper state.
- Without filling valid information the form, press submit. Notice that the
button does not change to a spinner.
- Check installing an app, snapshots management, network forms, wireguard forms,
etc.
- Test on Firefox and Chromium.
- Test with LibreJS that the script is accepted as valid free software license.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Mention that interface is automatically assigned to external zone.
Test:
- Re-assigned host0 interface to public zone. Disabled firewalld to
still access interface. Firewall zone is shown as "external" with the
note about automatic assignment.
Closes: #1858.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Uses lsb-release which is a dependency of unattended-upgrades.
Closes: #1844.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
[sunil: Minor change to the printed message]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Use the test configuration only when needed. This simplifies having to load
test configuration properly for action tests.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Ensuring that load_cfg fixture is ordered first will ensure that configuration
is properly restored after test and that changes in other fixtures take effect.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- In containers, loopback devices may not be available. Skip tests in this case
by looking at the output of losetup setup utility.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
When deleting connections after editing, sometimes the connection is not found.
Wait until the connection settles down to avoid connection not found errors
during cleanup. Seems to work for now but still not the best way to handle this.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
data/var/log and data/var/run were not being used for a while.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Using ./run --develop ensures that the last list of dependencies are picked up
from current source directory instead of list of dependencies from system
configuration.
- Using sudo -u plinth ensures that even if any temporary files are created,
they belong to the plinth user instead of root user.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Don't run the second phase of web framework initialization. This avoids
writing to the DB file.
- Set log level to ERROR so that no messages get printed even to stderr while
listing dependencies.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This allows --list-dependencies to run without having to write to disk.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
A simple Django configuration does not need to create the database whereas DB
migration requires creating the database.
In some operations such as listing dependencies, we can skip running the second
part and so writing to database will no longer be necessary during such
operations.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Only effects develop mode.
- To primarily avoid writing to the source code directory. Multiple containers
or VMs using the source folder won't fight with the database file (the overlay
file system plan is not working out well for containers #1873).
- In the earlier days, we used to allow running from source code directory
without even doing ./setup.py install. Currently it is not possible anyway. We
pretty much install freedombox package before running from source directory.
- If the build process itself learns not to write to source directory, then
containers/VMs won't have to write to source directory at all.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
The file is not meant for human reading. The comments are already part of the
code.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Read configuration files from three different locations.
/usr/share/freedombox/freedombox.config, /etc/plinth/plinth.config and
/etc/freedombox/freedombox.conf. Later listed has higher priority.
- Provide backward compatibility for /etc/plinth/plinth.config files. With lower
priority than /etc/freedombox but higher priority than /usr/share/.
- Read sorted files from config.d directories with the same suffix as original
configuration file. Parse them by priority. This allows administrator/programs
to drop in configuration bits without worry about editing files.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Avoid a top level source code file.
- Makes it clear that the configuration file is only meant for development
purposes.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>