- When there is an error writing to certificate files, the umask is not reset
properly. Fix this my using umask context manager from action utils. This could
be core reason behind: #2564.
Tests:
- Changing the domain name creates the file /var/lib/quassel/quasselCert.pem
with the proper permissions of 0o600. If in Quassel app's Let's Encrypt component
the certificate file path is changed, then two files are created on domain name
change. Private key is created with 0o600 permissions and certificate file is
created with 0o644 permissions.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Closes: #2564
Tests:
- Changing the domain name in quassel app page set the expected file
permissions. Changing the value in the code results in file getting created with
changed permissions.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Originally aimed to show server info (public key, endpoints) in a table.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
[jvalleroy: Remove trailing spaces]
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- When /var/lib/plinth/.ssh is deleted and add remote repository form is
visited, the directory along with SSH key files are created. The .pub file has
the expected comment freedombox@configured_domain.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Provide incorrect passphrase when adding a remote repository. Should show a
message that passphrase is incorrect and redirect back to add remote repository
form.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- As a safe guard although it should exist because of a prior verification of
SSH key.
- Minor refactor to make the method flatter.
Tests:
- Remove /var/lib/plinth/.ssh and visit add remote repository form. The public
key is displayed in the form. The files in /var/lib/plinth/.ssh are created with
expected permissions.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Integrate SSH error handling into borg error handling.
- Move logic to migrate SSH keys into lower levels (Repository class) so that it
can performed at more instances such as when initializing repository. It also
provides better abstraction keeping the view logic simpler.
- Drop ability to mount repository using password. This is important next step
for mounting using systemd unit files.
- Use exceptions to eliminate return value checking.
- Create a special exception for exceptions raised during SSH operations. Raise
this at lower levels and handle these using the common error handler.
Tests:
- Adding a remote repository with key and password authentication works with and
without encryption. Adding works with SSH host key pre-verified works too.
- Trying to add a remote repository with incorrect passpharse fails with the
simplified error message. Redirect happens to add remote repository page. Error
message with SSH host key pre-verified works too. Repository is removed.
- Trying to provide wrong SSH password fails with a simplified error message.
Redirect happens to add remote repository page. Repository is removed.
- Mounting a repository after unmounting it works.
- Mounting a repository with SSH password in its configuration works. Migration
is performed and SSH password is replaced with SSH key file path.
- A schedule for a repository with SSH password runs successfully. An archive is
created. Migration is performed and SSH password is replaced with SSH key file
path.
- SSH identity files are created with plinth:plinth ownership. Private key file
is created with 0o600 permissions and public key file is created with 0o644
permissions.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Adding a remote repository with key and password authentication works with and
without encryption.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- This makes the functional test focus more on the repository that is added
rather than all remote repositories.
Tests:
- Functional tests for backups app works.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Use bootstrapform templates where possible to reduce code.
- Fix incorrect tag for radio button for password authentication.
- Drop borders and instead:
- Style each group as a section. This includes encryption section and
repository path section.
- Utilize the simplicity as passwords fields are not displayed.
- Retain <label> tag so that clicking on it works and it also easier for
accessibility tools.
Tests:
- The option for password authentication works are expected. The fields for
encryption passphrase, ssh password work as before.
- Clicking on form labels focuses the form element.
- Adding a repository with key and password authentication works with and
without encryption.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
- Unlike the case of network forms, for example, there is nothing the user could
infer from a disabled form element. If they see a disabled DNS field, they would
understand that it is an editable value but has been disabled due to other
option values. It is important to allow users to discover this. However, in case
of password fields, they are not needed to be shown to the user unless the
appropriate option is selected.
Tests:
- In the add remote repository form, selecting the authentication type radio
options shows and hides the password field. Selecting the value for encryption
type shows and hides the encryption password field.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- In remote repository add form, selecting radio options for authentication
types does not throw an error. The password field is shown/hidden as expected.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- On main branch, add a remote repository with SSH password. Unmount
the remote location.
- Switch to branch with this change. Mount the remote location. Logs
show that it is migrated from password to key authentication. Plinth
database no longer contains password for this remote.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
- Use javascript to disable or enable password fields.
- If SSH key auth is selected, then try the connection.
- If SSH password auth is selected, then copy the key.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
- After copying the SSH client public key to the remote host, replace
the SSH password credential with keyfile.
- Also use SSH key when checking that remote directory exists.
Tests:
- Add remote backup location "tester@localhost:~backups". Test various
operations like create backup, download backup, unmount and
mount. Confirm that SSH password is no longer present in plinth
sqlite database.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- In development VM, add a remote backup location of "tester@localhost:~/backups".
Verify the SSH host key. plinth@freedombox key is listed in
/home/tester/.ssh/authorized_keys.
- Remove the remote backup location, and delete /home/tester/.ssh/authorized_keys.
Add the same remote backup location again. plinth@freedombox key is again
listed in /home/tester/.ssh/authorized_keys.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Click on Add Remote Backup Location. Logs show that SSH client key is
generated. The private key is readable only by plinth user.
- Go back, and click on Add Remote Backup Location again. Logs show that SSH
client key already exists.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Through code changes, ensure that dist upgrade notification, updated to new
release notification, privacy notification, and app installed notification show
up. Ensure that they have correct hx- attributes and URL property for dismiss
button. Clicking dismiss button works as expected.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Joseph Nuthalapati <njoseph@riseup.net>
- Delete only the <li> of the notification using HTMX.
- Notifications list stays open. User can dismiss another notification.
- Decrement notification counter using JavaScript after removing
notification from the list.
- Added HTMX to every kind of notification.
- Tested dismissing notifications from the top, middle and bottom of the
list.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
[sunil: Update comment format in .js file]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Display the WireGuard server endpoint (ip_address:listen_port)
alongside the public key on the main WireGuard page,
so users configuring clients can copy both values directly.
Signed-off-by: Frederico Gomes <fredericojfgomes@gmail.com>
[sunil: Keep the docstring]
[sunil: Adjust markup to eliminate <p> inside <p>]
[sunil: Produce a single <pre> tag instead of multiple for multiple domains]
[sunil: Minor refactoring for more concise code]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Install WireGuard and start the server. Uninstall the app and re-install.
Without the patch, the connection remain after uninstall. With the patch, the
connections are removed after uninstall and return to pristine state after
re-install.
- Functional tests succeed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Display the next available IP address that will be
automatically assigned when adding a new client.
Helps admins know what client IP to provide when configuring client
connections back to this server.
Signed-off-by: Frederico Gomes <fredericojfgomes@gmail.com>
[sunil: Turn the IP address styling into a form element]
[sunil: Update the comment style for consistency]
[sunil: Update the label for clarity]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Adds explicit UI flow to generate server keypair and interface.
- New EnableServerView
- Conditional 'Start Server' button on main page when no wg0
- Button switches to 'Add Client' after server setup
Solves circular dependency UX issue when connecting two FBs
EDIT: Following review feedback, I removed the intermediate
confirmation page.
The “Start WireGuard Server” button now sends a POST
directly from the main page.
Signed-off-by: Frederico Gomes <fredericojfgomes@gmail.com>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
[jvalleroy: Change from TemplateView to View]
[jvalleroy: Remove redundant import]
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
GitWeb requires authenticated access if there are no public
repositories left.
1. Create a public repository
2. Delete the repository (i.e. delete the last/only repository)
3. GitWeb app shows as disabled, but is still usable
4. If another repository is created, the app becomes enabled again
Not considering the component GitwebWebserverAuth when determining
whether the app is enabled or disabled.
This commit fixes the status shown in the configuration page, but keeps
the authentication requirement if there are no public repositories.
Signed-off-by: Joseph Nuthalapati <njoseph@riseup.net>
Reviewed-by: Veiko Aasa <veiko17@disroot.org>
Fixes: #2554
- Update permissions on the backups-data directory so that files are only
accessible by root users.
- Ensure that the directory is created by the 'backups' app and not by each of
the apps that take the backup.
Tests:
- Run functional tests for miniflux, dynamicdns, wordpress, zoph, and nextlcoud.
There was an unrelated functional test case failure in nextcloud.
- On a fresh installation, apply patch. Service is restarted. The directory is
created with proper permissions and ownership.
- On a fresh installation, without the patch. Backup the dynamicdns app. The
directory is created with incorrect permissions. Apply the patch. Service is
restarted. Proper permissions are set on the directory.
- On a setup with incorrect permissions, re-run backups app's setup. The
permissions are updated correctly.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes: #2555
- '-' in configuration keys changed to '_'. Write both old and new keys to the
configuration file so that same code works for both versions of transmission.
Extra keys are ignored and removed from the configuration by the transmission
daemon.
- When reading the configuration for download directory account for both old and
new keys.
- Update functional tests for change in ID for delete torrent button.
Tests:
- Run functional tests on trixie and forky VM.
- On trixie and forky VM, after the app is installed, the configuration values
are set as expected in the configuration file. Transmission does not show its
own authentication dialog. FreedomBox SSO works as expected.
- On trixie and forky, updating the download dir in FreedomBox app changes the
values in the web UI.
- On forky, install transmission using old code and sources.list updated to
trixie. Change the download directory. Stop service. Then update the
sources.list to forky, apply patches and start service. Run unattended-upgrades.
Notice that the earlier set download directory persists. Two configuration
values for rpc also are as expected.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Update link in copyright file to the logo.
- Update paths to configuration file. Drop hack to load old configuration path.
Migrate old configuration file to new path.
- Use newer package name instead of transitional package name.
- Use newer systemd unit name instead of aliased one.
- Update backup/restore paths.
- Drop code to handle configuration file update. This upgrade was done during
Bookworm cycle. It is not needed for upgrade from Bookworm to Trixie.
- Fix understanding of default values for keys not present in the configuration
file. These values are picked up from source code as the documentation does not
mention them.
Tests:
- Run unit and minetest functional tests.
- After the app is freshly installed. Max users is 15. PvP is enabled. Create
mode is disabled. Damaged is enabled.
- Changes in configuration are reflected.
- Play a game and make some changes. Update configuration. Backup. Uninstall and
restore. The player data is restored. Configuration is restored.
- Install without the changes. Make configuration changes. Apply changes and
remove obsolete files. Restart service. App is updated. Notice that
configuration file is migrated to new path. Configuration options are retained.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
This is to follow up with the upstream change:
https://blog.luanti.org/2024/10/13/Introducing-Our-New-Name/.
Rename Minetest to Luanti in:
- App name
- App description
- Clients' name
- Docstrings
- Also update the donation and client download links to point to the new
domain.
- Make the app button point to /apps/luanti while continuing to serve
/apps/minetest in case somebody has it bookmarked.
Closes: #2521
Signed-off-by: Benedek Nagy <contact@nbenedek.me>
[sunil: Rename the old URL to index-old to avoid duplicates]
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
Tests:
- Install Transmission, apply the patch and confirm that the 409 conflict error,
that the redirects were originally meant for, is not reproducible anymore.
Fixes: #2502
Signed-off-by: Benedek Nagy <contact@nbenedek.me>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- This simplifies the implementation and gets it ready for dark/light mode.
Tests:
- In the upgrades main view, set is_busy = True and disable setting
refresh_page_sec. Load the upgrades app and notice that the 'Updating...' button
is showing proper styling in light anddark modes.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- pytest runs the expected tests for Home Assistant.
Signed-off-by: James Valleroy <jvalleroy@mailbox.org>
Reviewed-by: Sunil Mohan Adapa <sunil@medhas.org>
- Without the CSP, during loading there are no errors in the console. However,
during chatting, some styling related error show up.
Tests:
- Ensure that there are no CSP related errors in the browser console.
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Fixes: #2547.
- Earlier, FreedomBox itself depended on Bootstrap 4 as needed by the room we
built for JSXC. Since FreedomBox moved to Bootstrap 5 this library is no longer
available for JSXC. libjs-jsxc itself depends on libjs-bootstrap which is of
version 3.
- Also fix the path for jquery-slimscroll. This is was likely updated for Trixie
cycle.
Tests:
- Connect to JSXC with two different browsers. Add contacts. Initiate chat and
send messages.
- Re-run app setup and it succeeds.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- The following messages was seen on the ddns.freedombox.org server:
"Unserviceable IP address from <ipv6_address>: user <username>.fbx.one - IP:
<ipv6_address>". This is due to code that checks for validity of incoming IP
address and fails. The current configuration only handles IPv4 address. Even if
this restriction is lifted, GnuDIP code does not contain code to add/remove AAAA
records.
- Fix this by forcing GnuDIP HTTP update requests to go on IPv4.
Tests:
- Copy the code for _request_get_ipv4() into a python3 console and run
_request_get_ipv4('https://ddns.freedombox.org/ip'). Do this on a dual stack
machine with both public IPv4 and IPv6 addresses. Only IPv4 address returned.
Changing the AF to AF_INET6 returns only the IPv6 address.
- Take a test DDNS account offline. Configure it in FreedomBox stable VM. The IP
address is properly updated.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Bootswatch is a theme library for bootstrap. In Debian, only 3.x version of
the package is available. It is compatible with bootstrap 3.x but not bootstrap
5. Drop the theming altogether and use the basic bootstrap style (which is
already very close to the theme).
- Updated copyright year, mention the video room files in debian/copyright.
- Drop libjs-spin.js which is no longer used by the updated code.
- Change bootstrap version to 5.x from the earlier 4.x. Also add node-popper2
library (needed by bootstrap5 and video room code) as explicit dependency.
- Add missing style for btn-default class dropped in bootstrap 5.
- .simulcast-button CSS style is not longer needed as updated code used flex box
with .d-flex bootstrap class.
Tests:
- Compare the files in janus source code around Mar 2022 with the files in
FreedomBox source code before this patch. Compare latest janus source code with
the files after this patch. Both sets of changes are very similar.
- Connect to video room using two browser windows. Connection is successful and
2 video streams are shown in each of the browser windows.
- Styling looks close to the demo on janus website and is acceptable.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Needed for the new video room code to run without CSP errors in the browser
console. JS error happens immediately after loading the page before Janus
initialization. Styling related errors happen after joining the room despite
eliminating use of'style=' attributes from JS code.
Tests:
- The video room works for a conference without showing any
Content-Security-Policy header related errors in the Firefox developer console.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Janus is currently not installable in Trixie because Janus was temporarily
removed during the release process of Trixie.
- Installing it from unstable, despite the instability is better than keeping
the app unavailable. Users have reported using the app.
Tests:
- Restarting the service after applying the patch leads to setup for upgrades
app to run. Apt preferences for janus packages are set. App is shown as
available. It can be installed.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
Tests:
- Running 'make build install' remove the module loading include file for ttrss.
- TT-RSS is no longer available in apps page.
- Installing Tor works. Onion header is set correctly. Re-running app setup
works.
- RSS Bridge's description is updated as expected. Links work.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
The following message is shown when Matrix Synapse server is started.
"""
This server is configured to use 'matrix.org' as its trusted key server via the
'trusted_key_servers' config option. 'matrix.org' is a good choice for a key
server since it is long-lived, stable and trusted. However, some admins may
wish to use another server for this purpose.
To suppress this warning and continue using 'matrix.org', admins should set
'suppress_key_server_warning' to 'true' in homeserver.yaml.
"""
Explicitly configure the server to use matrix.org as the trusted key server to
avoid the warning. The value can be set to empty list of servers, however, our
users are served best by this default.
Tests:
- On a testing container, when patch is applied after Matrix app installation,
the configuration file is updated.
- After the configuration is updated the warning is removed during Matrix
Synapse startup.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- Create a separate section for federation as it is so important.
Tests:
- Federation description and TLS warning are shown in a separate section on the
app's post-setup page.
- Clicking on the testing tool link takes the user to the testing tool and the
current server's domain is automatically tested.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
- This has already been update in the pre-setup page.
Tests:
- View the post-setup page and notice that the message was updated.
Signed-off-by: Sunil Mohan Adapa <sunil@medhas.org>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>
