Passwords will be automatically upgraded for each user on login.
Usernames not yet upgraded are vulnerable to user enumeration attack due to
difference in password check timing.
No need to add build dependency on python3-argon2 because tests use a different
Django configuration which does not use argon2 hash.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
When a user running tests is root and borg is not installed, several tests fail
due to missing borg. Skip these tests when borg is not installed.
Reviewed-by: Michael Pimmer <info@fonfon.at>
This is a workaround for the problem that when restarting firewalld with
iptables backend, flushing fails and starting with nftables also fails requiring
a restart to recover the problem.
Fixes#1440.
Reviewed-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
This is primary due to changes in the way Cockpit is doing authentication.
- Only admin users are allowed now. Users outside the admin group won't be able
to login.
- All functions are working (if the reuse password for system functions box is
checked during login).
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
- Explicitly setup the list of Django languages. Keep them sorted by language
code.
- Fallback to language name when Django can't provide locale language name.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
This will help with modularizing the code as well as abstracting out CherryPy
for potential later replacement.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Only do the configuration based on version run the remaining setup code
without considering version.
- Don't force upgrade/setup configuration when doing from version 4 and above.
- Force set cleanup=yes values during migration too.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Mention that btrfs filesystems are only supported 'currently'.
- Clarify 'Free Space'. Explain how it actually works.
- Show '%' after the number in free space drop down. Also add 70%.
- Maintain the earlier order of showing timeline snapshots first and then
software snapshots. This is order of importance.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Added a command-line argument called --old-version to the setup command based
on which it can decide whether to do a new setup or a migration.
- Removed the migrate command.
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
The free space limit value is allowed to a maximum of 60%, since setting the
it to a value higher than possible will effectively disable snapshotting.
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org
- Snapper's cleanup algorithms don't apply limits unless they are specified in
the form of ranges. Changed all limit values in the configuration to ranges.
- Also, all MIN_AGE values have been set to 0 to avoid the disk space filling up
in case of a large number of snapshots generated in a very short amount of time.
- FREE_LIMIT has been increased to 30% from the default 20% since backup
archives also take up disk space on the root partition.
Fixes#1435
Signed-off-by: Joseph Nuthalapati <njoseph@thoughtworks.com>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Radicale 1 needs to have /radicale/.well-known/*dav to the URLs where as
Radicale 2 needs to have /radicale to be the URLs. Hence have two separate
apache configuration files.
- Use expr= when setting X-REMOTE-USER header to set the authenticated user name
properly. Without this all users are using a single user '(null)' data.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This is necessary to avoid errors when installing freedombox with older plinth
already installed. Also make plinth depend on latest freedombox to ensure
upgrades go smoothly.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
All the packages that are removed as dependencies in freedombox-setup and are
not essential for the operation of FreedomBox/Plinth have been moved to
Recommends .
The following packages were *moved* from freedombox-setup directly as is:
- bridge-utils
- curl
- devio
- dnsutils
- dosfstools
- haveged
- htop
- iftop
- iputils-ping
- iw
- libnss-gw-name
- libnss-mdns
- libnss-myhostname
- libpam-tmpdir
- libpam-abl
- locales
- locales-all
- lsof
- netcat-openbsd
- psmisc
- resolvconf
- rfkill
- tcpdump
- vim-tiny
- wget
- wireless-tools
- zile
The following packages have been *added* as they are part of standard system
utilities present in a Debian system:
- bzip2
- file
- openssh-client
- pciutils
- whois
The following packages were *dropped* as dependencies from freedombox-setup:
- dialog: no utility to an admin on command line. No scripts are currently using
it. Any script using it should have a dependency on it.
- dnsmasq-base: network-manager is one that uses it and it already recommends
it.
- parted: Added as dependency for the storage module which uses it.
- ssl-cert: apache2 and other packages that use it already recommend it.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
