- It does not look like matrix-synapse will ever support changing domain name.
- Our only recourse is to uninstall and install the app. Mention this solution
to users and its consequences upfront.
Tests:
- Test that message got updated during setup after installation.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Update the outdated apt preferences file that still refers to
bullseye-backports instead of bookworm-backports.
- Perform matching using n= instead of a= for matching distribution codename.
- Drop preferences for libraries that were only required in bullseye-backports
and not in bookworm-backports.
Tests:
- Install matrix-synapse app in testing container and stable container.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- When running full diagnostics manually, we can use the Operation class. This
allows us to use many of its features.
- Ensure only one task is running at any time. No need to use running_task
global variable and a lock for it.
- Don't run the operation if app install/uninstall or other potentially
contentious tasks are running.
- Since Operation object creates a thread, don't create another one with
glib.schedule(). Don't wait unnecessarily for the operation to finish in the
glib thread (or glib created thread).
- Since the app will show progress of operations when an operation is running,
it would not be possible to show progress of diagnostics running. So, create a
separate page for diagnostics results.
Tests:
- Run diagnostics and see redirection happens to diagnostics results page.
Results page shows ongoing tests. It refreshes automatically. When tests are
completed, 'Re-run diagnostics' button is shown.
- When visiting /diagnostics/full/ URL is visited without running the test. Only
the re-run button is shown. No results are shown. If tests have been run, re-run
button along with results are shown.
- On the app page, if the tests have been run, a button for viewing results is
shown. Otherwise, the button is not shown.
- In development mode, background diagnostics are run after 3 minutes (change
the time to 150 seconds if database locked errors show up). Results are
available in the results page.
- Make a diagnostic test fail by changing code or disabling a daemon. Run
diagnostics and notice that a notification is shown with the button to go to the
results. Clicking on the button shows the results page. Clicking dismiss removes
the notification.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Ensure that each diagnostic test category can be identified by easy prefix
matching on the test ID.
- Give a different unique IDs each different kind of test. More specific tests
of a type get a different kind of ID.
- Make comparison of diagnostic test results in test cases more comprehensive.
- Simplify code that shows the number if issues identified.
- In many languages, there is complex logic to write plural forms. Plurals
can't be handled by assuming singular = 1 item and plural is > 1. Translation of
messages in Notification does not support plurals properly. Avoid this for now
by using sometimes incorrect plural form.
- For i18n we should avoid joining phrases/words. Words don't always maintain
order after translation.
- Notify about the total number of issues in diagnostics and not just the most
severe category. This is likely to draw more attention and avoid i18n
complexity.
- Dismiss the diagnostic notification if the latest run succeeded completely.
Tests:
- Unit tests pass.
- Diagnostics for following apps works: networks (drop-in config),
apache (daemon, listen address, internal firewall, external firewall),
tor (netcat), torproxy (internal only firewall, torproxy url, torproxy using
tor), privoxy (privoxy url, package available, package latest),
- Untested: Is release file available method in upgrades app.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Helps in retrieving an operation that is currently running.
- Prevent starting an operation that is already running.
Tests:
- Unit tests work.
- Installing, uninstalling an app works.
- For upgrading an app works.
- Running background diagnostics works.
- Updating tor configuration works.
- Updating torproxy configuration works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Set unique check_id for each diagnostic check.
- Result is a string-based enumeration. The default value (NOT_DONE) can be
used for diagnostic checks that have not been completed yet.
- Result is StrEnum so that the return value of check_url can still be used
directly as a diagnostic result.
Closes: #2375
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- One notification is shown with a count of the highest severity issues.
- Un-dismiss the notification, so it is shown even if previously dismissed.
- Add link to see the results, which are stored in a global variable.
- Add a lock for running_task.
Tests:
- Notification with 2 warnings shown on stable container due, to packages not
upgraded.
- Change the firewalld default zone to public. After the next run, the
notification changes to an error, and shows 1 failure.
Helps #2366.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
borg throws and warning "Warning: Attempting to access a previously unknown
unencryped repository!\nDo you want to continue?" and then fails while asking
for a manual confirmation. Avoid this by telling borg not to prompt (and confirm
yes).
This commit provides a fix for the issue described here:
https://discuss.freedombox.org/t/how-do-i-restore-freedombox/2022/10
[sunil: Drop the part about handling the error message]
Signed-off-by: Benedek Nagy <contact@nbenedek.me>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
During installation of email app, sievec is run on
/etc/dovecot/freedombox-sieve-after/sort-spam.sieve file to produce a binary
version of the file. However, this file is not available until after the app is
enabled. This is due to the newly introduced drop-in configuration mechanism. To
fix this, during setup, enable the drop-in configuration component responsible
for this file. The component is newly split from the component that deals with
all drop-in components so that not all the drop-in configuration files are
symlinked.
There is no change needed to the app when the drop-in configuration component is
split into multiple components. This is true for all three state of the app;
not-installed, installed-enabled, and installed-disabled.
Tests:
- Install latest code with ./setup.py install. Install the app and it works.
- Uninstall the app and reinstall. It works. There are no warnings that config
file have been replaced with symlinks.
- /etc/dovecot/freedombox-sieve-after has the sort-span.svbin binary sievec
compiled file.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This way, we know what we are overriding and can use type annotations for
libraries where they are available.
- Invocation of mypy tool on command line becomes straight forward.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- mypy does not show any errors.
- Installing ejabberd app works. Privileged actions run fine.
- Unit tests work.
- No additional testing was done as type annotations don't have any effect at
runtime.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Try to mark class variables in component classes.
- Leave typing hints generic, such as 'list' and 'dict' where content is usually
not filled, too complex, or context is unimportant.
- backups: Handle failure for tarfile extraction so that methods are not called
on potentially None valued variables.
- backups: Prevent potentially passing a keyword argument twice.
- dynamicdns: Deal properly with outcome of urlparsing.
- ejabberd: Deal with failed regex match
- email: Fix a mypy compliant when iterating a filtered list.
- tor: Don't reuse variables for different typed values.
- tor: Don't reuse variables for different typed values.
- operation: Return None explicitly.
- operation: Ensure that keyword argument is not repeated.
Tests:
- Where only typing hints were modified and no syntax error came up, additional
testing was not done.
- `mypy --ignore-missing-imports .` run successfully.
- Generate developer documentation.
- Service runs without errors upon start up.
- backups: Listing and restoring specific apps from a backup works.
- backups: Mounting a remote backup repository works.
- NOT TESTED: dynamicdns: Migrating from old style configuration works.
- ejabberd: Verify that setting coturn configuration works.
- email: Test that showing configuration from postfix works.
- tor: Orport value is properly shown.
- transmission: Configuration values are properly set.
- users: Running unit tests as root works.
- operation: Operation status messages are show properly during app install.
- ./setup.py install runs
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This was missed during the split of tor/torproxy apps.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This is the recommended approach. On Debian, php is usually resolved to
/usr/bin/php.
Tests:
- Tests with absolute path in service file were performed as part of testing
done in https://salsa.debian.org/freedombox-team/freedombox/-/issues/2373 . No
separate testing was done.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2102.
- Wiki: Unchanged behavior is to have discussion pages enabled. To post users
must login.
- Blog: Earlier behavior is to allow anonymous users to post comments. They go
into the moderation queue when posted. This could lead to a lot of spam comments
to moderate. New behavior is to allow posting comments only when logged in.
- Blog: discussion => 0 does not effect comments. It is meant for discussion
page on the blog's home page (and possibly other pages). Discussion on those
pages is disabled by default.
- The changes only apply to defaults. Everything can be changed from Setup page.
Testing:
- Test the above described behavior in Debian testing.
- Debian stable testing was not done as the version of ikiwiki is that same as
testing.
[sunil: Drop removal of discussion from wiki pages]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- During database error such as 'database is locked', show a special message
asking users to try again instead of submitting a bug report.
[sunil: Minor formatting, rename the template file name]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
[jvalleroy: Fix missing import]
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Set renewal period to 3 years before expiry so that users not inconvenienced
too much.
- Renew server certificate if possible.
- There are openvpn server setups where the expiry of the server certificate has
been set to 2 years due to a bug in our code. Triggering a setup call will renew
these certificates without effecting any clients. Even during the bug, CA certs
were still be valid for 10 years. So, they are unaffected.
- When downloading profile, if client certificate is renewable, renew
before providing profile for download. Old certificates will still be valid
until their expiry.
Tests:
- Without the patches, install openvpn app. Server certificate will be created
with a validity of 2 years. Download the client profile. Apply patches, setup
will be rerun. OpenVPN will be restarted. Server certificate will be renewed and
show 10 years expiry. Old client profile will continue to connect successfully.
It will have expiry of 2 years. Download the client profile again. It will an
expiry of 10 years and will successfully to the server.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Don't overwrite the entire PKI directory or CA certificates.
- Don't re-enable app during setup.
Tests:
- Install app with patches. Rerun setup. It succeeds. Server certificate is not
changed.
- Disable app. Re-run setup. App is not re-enabled. OpenVPN is not running.
- Enable app. Re-run setup. OpenVPN is restarted.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- A configuration file seems to be the preferred approach for invoke easy-rsa
since version 3.
- Drop unused configuration keys KEY_CONFIG, KEY_DIR and EASYRSA_REQ_NAME. These
are no longer referred to in the easy-rsa script.
- Remove configuration key EASYRSA_OPENSSL as the value 'openssl' is already the
default.
- Use pathlib.Path to simplify some code.
Tests:
- Re-run setup and notice the ca.cert file has not changed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- After moving to easy-rsa 3.x, the expiry configuration key changed and
original intention of setting the expiry to 10 years was not working. Update the
key to set the expiry properly.
Tests:
- Install the app freshly and verify the server and client have 'Valid Not
After' date set 10 years in future.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
